wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/tls.c@7:481bce714567, 2017-05-02 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue May 02 08:44:47 2017 +0000
- Revision:
- 7:481bce714567
wolfSSL3.10.2
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 7:481bce714567 | 1 | /* tls.c |
wolfSSL | 7:481bce714567 | 2 | * |
wolfSSL | 7:481bce714567 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 7:481bce714567 | 4 | * |
wolfSSL | 7:481bce714567 | 5 | * This file is part of wolfSSL. |
wolfSSL | 7:481bce714567 | 6 | * |
wolfSSL | 7:481bce714567 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 7:481bce714567 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 7:481bce714567 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 7:481bce714567 | 10 | * (at your option) any later version. |
wolfSSL | 7:481bce714567 | 11 | * |
wolfSSL | 7:481bce714567 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 7:481bce714567 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 7:481bce714567 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 7:481bce714567 | 15 | * GNU General Public License for more details. |
wolfSSL | 7:481bce714567 | 16 | * |
wolfSSL | 7:481bce714567 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 7:481bce714567 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 7:481bce714567 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 7:481bce714567 | 20 | */ |
wolfSSL | 7:481bce714567 | 21 | |
wolfSSL | 7:481bce714567 | 22 | |
wolfSSL | 7:481bce714567 | 23 | |
wolfSSL | 7:481bce714567 | 24 | #ifdef HAVE_CONFIG_H |
wolfSSL | 7:481bce714567 | 25 | #include <config.h> |
wolfSSL | 7:481bce714567 | 26 | #endif |
wolfSSL | 7:481bce714567 | 27 | |
wolfSSL | 7:481bce714567 | 28 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 7:481bce714567 | 29 | |
wolfSSL | 7:481bce714567 | 30 | #ifndef WOLFCRYPT_ONLY |
wolfSSL | 7:481bce714567 | 31 | |
wolfSSL | 7:481bce714567 | 32 | #include <wolfssl/ssl.h> |
wolfSSL | 7:481bce714567 | 33 | #include <wolfssl/internal.h> |
wolfSSL | 7:481bce714567 | 34 | #include <wolfssl/error-ssl.h> |
wolfSSL | 7:481bce714567 | 35 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 7:481bce714567 | 36 | #ifdef NO_INLINE |
wolfSSL | 7:481bce714567 | 37 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 7:481bce714567 | 38 | #else |
wolfSSL | 7:481bce714567 | 39 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 7:481bce714567 | 40 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 7:481bce714567 | 41 | #endif |
wolfSSL | 7:481bce714567 | 42 | |
wolfSSL | 7:481bce714567 | 43 | #ifdef HAVE_NTRU |
wolfSSL | 7:481bce714567 | 44 | #include "libntruencrypt/ntru_crypto.h" |
wolfSSL | 7:481bce714567 | 45 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 7:481bce714567 | 46 | #endif |
wolfSSL | 7:481bce714567 | 47 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 48 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); |
wolfSSL | 7:481bce714567 | 49 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name); |
wolfSSL | 7:481bce714567 | 50 | static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type); |
wolfSSL | 7:481bce714567 | 51 | #endif |
wolfSSL | 7:481bce714567 | 52 | |
wolfSSL | 7:481bce714567 | 53 | |
wolfSSL | 7:481bce714567 | 54 | #ifndef NO_TLS |
wolfSSL | 7:481bce714567 | 55 | |
wolfSSL | 7:481bce714567 | 56 | /* Digest enable checks */ |
wolfSSL | 7:481bce714567 | 57 | #ifdef NO_OLD_TLS /* TLS 1.2 only */ |
wolfSSL | 7:481bce714567 | 58 | #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \ |
wolfSSL | 7:481bce714567 | 59 | !defined(WOLFSSL_SHA512) |
wolfSSL | 7:481bce714567 | 60 | #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 |
wolfSSL | 7:481bce714567 | 61 | #endif |
wolfSSL | 7:481bce714567 | 62 | #else /* TLS 1.1 or older */ |
wolfSSL | 7:481bce714567 | 63 | #if defined(NO_MD5) && defined(NO_SHA) |
wolfSSL | 7:481bce714567 | 64 | #error Must have SHA1 and MD5 enabled for old TLS |
wolfSSL | 7:481bce714567 | 65 | #endif |
wolfSSL | 7:481bce714567 | 66 | #endif |
wolfSSL | 7:481bce714567 | 67 | |
wolfSSL | 7:481bce714567 | 68 | |
wolfSSL | 7:481bce714567 | 69 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 7:481bce714567 | 70 | #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE |
wolfSSL | 7:481bce714567 | 71 | #else |
wolfSSL | 7:481bce714567 | 72 | #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 7:481bce714567 | 73 | #endif |
wolfSSL | 7:481bce714567 | 74 | |
wolfSSL | 7:481bce714567 | 75 | /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ |
wolfSSL | 7:481bce714567 | 76 | static int p_hash(byte* result, word32 resLen, const byte* secret, |
wolfSSL | 7:481bce714567 | 77 | word32 secLen, const byte* seed, word32 seedLen, int hash) |
wolfSSL | 7:481bce714567 | 78 | { |
wolfSSL | 7:481bce714567 | 79 | word32 len = P_HASH_MAX_SIZE; |
wolfSSL | 7:481bce714567 | 80 | word32 times; |
wolfSSL | 7:481bce714567 | 81 | word32 lastLen; |
wolfSSL | 7:481bce714567 | 82 | word32 lastTime; |
wolfSSL | 7:481bce714567 | 83 | word32 i; |
wolfSSL | 7:481bce714567 | 84 | word32 idx = 0; |
wolfSSL | 7:481bce714567 | 85 | int ret = 0; |
wolfSSL | 7:481bce714567 | 86 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 87 | byte* previous; |
wolfSSL | 7:481bce714567 | 88 | byte* current; |
wolfSSL | 7:481bce714567 | 89 | Hmac* hmac; |
wolfSSL | 7:481bce714567 | 90 | #else |
wolfSSL | 7:481bce714567 | 91 | byte previous[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 7:481bce714567 | 92 | byte current[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 7:481bce714567 | 93 | Hmac hmac[1]; |
wolfSSL | 7:481bce714567 | 94 | #endif |
wolfSSL | 7:481bce714567 | 95 | |
wolfSSL | 7:481bce714567 | 96 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 97 | previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 98 | current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 99 | hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 100 | |
wolfSSL | 7:481bce714567 | 101 | if (previous == NULL || current == NULL || hmac == NULL) { |
wolfSSL | 7:481bce714567 | 102 | if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 103 | if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 104 | if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 105 | |
wolfSSL | 7:481bce714567 | 106 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 107 | } |
wolfSSL | 7:481bce714567 | 108 | #endif |
wolfSSL | 7:481bce714567 | 109 | |
wolfSSL | 7:481bce714567 | 110 | switch (hash) { |
wolfSSL | 7:481bce714567 | 111 | #ifndef NO_MD5 |
wolfSSL | 7:481bce714567 | 112 | case md5_mac: |
wolfSSL | 7:481bce714567 | 113 | hash = MD5; |
wolfSSL | 7:481bce714567 | 114 | len = MD5_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 115 | break; |
wolfSSL | 7:481bce714567 | 116 | #endif |
wolfSSL | 7:481bce714567 | 117 | |
wolfSSL | 7:481bce714567 | 118 | #ifndef NO_SHA256 |
wolfSSL | 7:481bce714567 | 119 | case sha256_mac: |
wolfSSL | 7:481bce714567 | 120 | hash = SHA256; |
wolfSSL | 7:481bce714567 | 121 | len = SHA256_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 122 | break; |
wolfSSL | 7:481bce714567 | 123 | #endif |
wolfSSL | 7:481bce714567 | 124 | |
wolfSSL | 7:481bce714567 | 125 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 7:481bce714567 | 126 | case sha384_mac: |
wolfSSL | 7:481bce714567 | 127 | hash = SHA384; |
wolfSSL | 7:481bce714567 | 128 | len = SHA384_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 129 | break; |
wolfSSL | 7:481bce714567 | 130 | #endif |
wolfSSL | 7:481bce714567 | 131 | |
wolfSSL | 7:481bce714567 | 132 | #ifndef NO_SHA |
wolfSSL | 7:481bce714567 | 133 | case sha_mac: |
wolfSSL | 7:481bce714567 | 134 | default: |
wolfSSL | 7:481bce714567 | 135 | hash = SHA; |
wolfSSL | 7:481bce714567 | 136 | len = SHA_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 137 | break; |
wolfSSL | 7:481bce714567 | 138 | #endif |
wolfSSL | 7:481bce714567 | 139 | } |
wolfSSL | 7:481bce714567 | 140 | |
wolfSSL | 7:481bce714567 | 141 | times = resLen / len; |
wolfSSL | 7:481bce714567 | 142 | lastLen = resLen % len; |
wolfSSL | 7:481bce714567 | 143 | |
wolfSSL | 7:481bce714567 | 144 | if (lastLen) |
wolfSSL | 7:481bce714567 | 145 | times += 1; |
wolfSSL | 7:481bce714567 | 146 | |
wolfSSL | 7:481bce714567 | 147 | lastTime = times - 1; |
wolfSSL | 7:481bce714567 | 148 | |
wolfSSL | 7:481bce714567 | 149 | if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) { |
wolfSSL | 7:481bce714567 | 150 | if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */ |
wolfSSL | 7:481bce714567 | 151 | if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */ |
wolfSSL | 7:481bce714567 | 152 | for (i = 0; i < times; i++) { |
wolfSSL | 7:481bce714567 | 153 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 7:481bce714567 | 154 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 155 | break; |
wolfSSL | 7:481bce714567 | 156 | ret = wc_HmacUpdate(hmac, seed, seedLen); |
wolfSSL | 7:481bce714567 | 157 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 158 | break; |
wolfSSL | 7:481bce714567 | 159 | ret = wc_HmacFinal(hmac, current); |
wolfSSL | 7:481bce714567 | 160 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 161 | break; |
wolfSSL | 7:481bce714567 | 162 | |
wolfSSL | 7:481bce714567 | 163 | if ((i == lastTime) && lastLen) |
wolfSSL | 7:481bce714567 | 164 | XMEMCPY(&result[idx], current, |
wolfSSL | 7:481bce714567 | 165 | min(lastLen, P_HASH_MAX_SIZE)); |
wolfSSL | 7:481bce714567 | 166 | else { |
wolfSSL | 7:481bce714567 | 167 | XMEMCPY(&result[idx], current, len); |
wolfSSL | 7:481bce714567 | 168 | idx += len; |
wolfSSL | 7:481bce714567 | 169 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 7:481bce714567 | 170 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 171 | break; |
wolfSSL | 7:481bce714567 | 172 | ret = wc_HmacFinal(hmac, previous); |
wolfSSL | 7:481bce714567 | 173 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 174 | break; |
wolfSSL | 7:481bce714567 | 175 | } |
wolfSSL | 7:481bce714567 | 176 | } |
wolfSSL | 7:481bce714567 | 177 | } |
wolfSSL | 7:481bce714567 | 178 | } |
wolfSSL | 7:481bce714567 | 179 | } |
wolfSSL | 7:481bce714567 | 180 | |
wolfSSL | 7:481bce714567 | 181 | ForceZero(previous, P_HASH_MAX_SIZE); |
wolfSSL | 7:481bce714567 | 182 | ForceZero(current, P_HASH_MAX_SIZE); |
wolfSSL | 7:481bce714567 | 183 | ForceZero(hmac, sizeof(Hmac)); |
wolfSSL | 7:481bce714567 | 184 | |
wolfSSL | 7:481bce714567 | 185 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 186 | XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 187 | XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 188 | XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 189 | #endif |
wolfSSL | 7:481bce714567 | 190 | |
wolfSSL | 7:481bce714567 | 191 | return ret; |
wolfSSL | 7:481bce714567 | 192 | } |
wolfSSL | 7:481bce714567 | 193 | |
wolfSSL | 7:481bce714567 | 194 | #undef P_HASH_MAX_SIZE |
wolfSSL | 7:481bce714567 | 195 | |
wolfSSL | 7:481bce714567 | 196 | |
wolfSSL | 7:481bce714567 | 197 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 198 | |
wolfSSL | 7:481bce714567 | 199 | /* calculate XOR for TLSv1 PRF */ |
wolfSSL | 7:481bce714567 | 200 | static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) |
wolfSSL | 7:481bce714567 | 201 | { |
wolfSSL | 7:481bce714567 | 202 | word32 i; |
wolfSSL | 7:481bce714567 | 203 | |
wolfSSL | 7:481bce714567 | 204 | for (i = 0; i < digLen; i++) |
wolfSSL | 7:481bce714567 | 205 | digest[i] = md5[i] ^ sha[i]; |
wolfSSL | 7:481bce714567 | 206 | } |
wolfSSL | 7:481bce714567 | 207 | |
wolfSSL | 7:481bce714567 | 208 | |
wolfSSL | 7:481bce714567 | 209 | /* compute TLSv1 PRF (pseudo random function using HMAC) */ |
wolfSSL | 7:481bce714567 | 210 | static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, |
wolfSSL | 7:481bce714567 | 211 | const byte* label, word32 labLen, const byte* seed, |
wolfSSL | 7:481bce714567 | 212 | word32 seedLen) |
wolfSSL | 7:481bce714567 | 213 | { |
wolfSSL | 7:481bce714567 | 214 | int ret = 0; |
wolfSSL | 7:481bce714567 | 215 | word32 half = (secLen + 1) / 2; |
wolfSSL | 7:481bce714567 | 216 | |
wolfSSL | 7:481bce714567 | 217 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 218 | byte* md5_half; |
wolfSSL | 7:481bce714567 | 219 | byte* sha_half; |
wolfSSL | 7:481bce714567 | 220 | byte* labelSeed; |
wolfSSL | 7:481bce714567 | 221 | byte* md5_result; |
wolfSSL | 7:481bce714567 | 222 | byte* sha_result; |
wolfSSL | 7:481bce714567 | 223 | #else |
wolfSSL | 7:481bce714567 | 224 | byte md5_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 7:481bce714567 | 225 | byte sha_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 7:481bce714567 | 226 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 7:481bce714567 | 227 | byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 7:481bce714567 | 228 | byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 7:481bce714567 | 229 | #endif |
wolfSSL | 7:481bce714567 | 230 | |
wolfSSL | 7:481bce714567 | 231 | if (half > MAX_PRF_HALF) |
wolfSSL | 7:481bce714567 | 232 | return BUFFER_E; |
wolfSSL | 7:481bce714567 | 233 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 7:481bce714567 | 234 | return BUFFER_E; |
wolfSSL | 7:481bce714567 | 235 | if (digLen > MAX_PRF_DIG) |
wolfSSL | 7:481bce714567 | 236 | return BUFFER_E; |
wolfSSL | 7:481bce714567 | 237 | |
wolfSSL | 7:481bce714567 | 238 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 239 | md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 240 | sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 241 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 242 | md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 243 | sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 244 | |
wolfSSL | 7:481bce714567 | 245 | if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || |
wolfSSL | 7:481bce714567 | 246 | md5_result == NULL || sha_result == NULL) { |
wolfSSL | 7:481bce714567 | 247 | if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 248 | if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 249 | if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 250 | if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 251 | if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 252 | |
wolfSSL | 7:481bce714567 | 253 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 254 | } |
wolfSSL | 7:481bce714567 | 255 | #endif |
wolfSSL | 7:481bce714567 | 256 | |
wolfSSL | 7:481bce714567 | 257 | XMEMSET(md5_result, 0, digLen); |
wolfSSL | 7:481bce714567 | 258 | XMEMSET(sha_result, 0, digLen); |
wolfSSL | 7:481bce714567 | 259 | |
wolfSSL | 7:481bce714567 | 260 | XMEMCPY(md5_half, secret, half); |
wolfSSL | 7:481bce714567 | 261 | XMEMCPY(sha_half, secret + half - secLen % 2, half); |
wolfSSL | 7:481bce714567 | 262 | |
wolfSSL | 7:481bce714567 | 263 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 7:481bce714567 | 264 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 7:481bce714567 | 265 | |
wolfSSL | 7:481bce714567 | 266 | if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, |
wolfSSL | 7:481bce714567 | 267 | labLen + seedLen, md5_mac)) == 0) { |
wolfSSL | 7:481bce714567 | 268 | if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, |
wolfSSL | 7:481bce714567 | 269 | labLen + seedLen, sha_mac)) == 0) { |
wolfSSL | 7:481bce714567 | 270 | get_xor(digest, digLen, md5_result, sha_result); |
wolfSSL | 7:481bce714567 | 271 | } |
wolfSSL | 7:481bce714567 | 272 | } |
wolfSSL | 7:481bce714567 | 273 | |
wolfSSL | 7:481bce714567 | 274 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 275 | XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 276 | XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 277 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 278 | XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 279 | XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 280 | #endif |
wolfSSL | 7:481bce714567 | 281 | |
wolfSSL | 7:481bce714567 | 282 | return ret; |
wolfSSL | 7:481bce714567 | 283 | } |
wolfSSL | 7:481bce714567 | 284 | |
wolfSSL | 7:481bce714567 | 285 | #endif |
wolfSSL | 7:481bce714567 | 286 | |
wolfSSL | 7:481bce714567 | 287 | |
wolfSSL | 7:481bce714567 | 288 | /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack |
wolfSSL | 7:481bce714567 | 289 | use */ |
wolfSSL | 7:481bce714567 | 290 | static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, |
wolfSSL | 7:481bce714567 | 291 | const byte* label, word32 labLen, const byte* seed, word32 seedLen, |
wolfSSL | 7:481bce714567 | 292 | int useAtLeastSha256, int hash_type) |
wolfSSL | 7:481bce714567 | 293 | { |
wolfSSL | 7:481bce714567 | 294 | int ret = 0; |
wolfSSL | 7:481bce714567 | 295 | |
wolfSSL | 7:481bce714567 | 296 | if (useAtLeastSha256) { |
wolfSSL | 7:481bce714567 | 297 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 298 | byte* labelSeed; |
wolfSSL | 7:481bce714567 | 299 | #else |
wolfSSL | 7:481bce714567 | 300 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 7:481bce714567 | 301 | #endif |
wolfSSL | 7:481bce714567 | 302 | |
wolfSSL | 7:481bce714567 | 303 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 7:481bce714567 | 304 | return BUFFER_E; |
wolfSSL | 7:481bce714567 | 305 | |
wolfSSL | 7:481bce714567 | 306 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 307 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, |
wolfSSL | 7:481bce714567 | 308 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 309 | if (labelSeed == NULL) |
wolfSSL | 7:481bce714567 | 310 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 311 | #endif |
wolfSSL | 7:481bce714567 | 312 | |
wolfSSL | 7:481bce714567 | 313 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 7:481bce714567 | 314 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 7:481bce714567 | 315 | |
wolfSSL | 7:481bce714567 | 316 | /* If a cipher suite wants an algorithm better than sha256, it |
wolfSSL | 7:481bce714567 | 317 | * should use better. */ |
wolfSSL | 7:481bce714567 | 318 | if (hash_type < sha256_mac || hash_type == blake2b_mac) |
wolfSSL | 7:481bce714567 | 319 | hash_type = sha256_mac; |
wolfSSL | 7:481bce714567 | 320 | ret = p_hash(digest, digLen, secret, secLen, labelSeed, |
wolfSSL | 7:481bce714567 | 321 | labLen + seedLen, hash_type); |
wolfSSL | 7:481bce714567 | 322 | |
wolfSSL | 7:481bce714567 | 323 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 324 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 325 | #endif |
wolfSSL | 7:481bce714567 | 326 | } |
wolfSSL | 7:481bce714567 | 327 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 328 | else { |
wolfSSL | 7:481bce714567 | 329 | ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, |
wolfSSL | 7:481bce714567 | 330 | seedLen); |
wolfSSL | 7:481bce714567 | 331 | } |
wolfSSL | 7:481bce714567 | 332 | #endif |
wolfSSL | 7:481bce714567 | 333 | |
wolfSSL | 7:481bce714567 | 334 | return ret; |
wolfSSL | 7:481bce714567 | 335 | } |
wolfSSL | 7:481bce714567 | 336 | |
wolfSSL | 7:481bce714567 | 337 | |
wolfSSL | 7:481bce714567 | 338 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 7:481bce714567 | 339 | #define HSHASH_SZ SHA384_DIGEST_SIZE |
wolfSSL | 7:481bce714567 | 340 | #else |
wolfSSL | 7:481bce714567 | 341 | #define HSHASH_SZ FINISHED_SZ |
wolfSSL | 7:481bce714567 | 342 | #endif |
wolfSSL | 7:481bce714567 | 343 | |
wolfSSL | 7:481bce714567 | 344 | |
wolfSSL | 7:481bce714567 | 345 | int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) |
wolfSSL | 7:481bce714567 | 346 | { |
wolfSSL | 7:481bce714567 | 347 | word32 hashSz = FINISHED_SZ; |
wolfSSL | 7:481bce714567 | 348 | |
wolfSSL | 7:481bce714567 | 349 | if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ) |
wolfSSL | 7:481bce714567 | 350 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 351 | |
wolfSSL | 7:481bce714567 | 352 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 353 | wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); |
wolfSSL | 7:481bce714567 | 354 | wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]); |
wolfSSL | 7:481bce714567 | 355 | #endif |
wolfSSL | 7:481bce714567 | 356 | |
wolfSSL | 7:481bce714567 | 357 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 7:481bce714567 | 358 | #ifndef NO_SHA256 |
wolfSSL | 7:481bce714567 | 359 | if (ssl->specs.mac_algorithm <= sha256_mac || |
wolfSSL | 7:481bce714567 | 360 | ssl->specs.mac_algorithm == blake2b_mac) { |
wolfSSL | 7:481bce714567 | 361 | int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); |
wolfSSL | 7:481bce714567 | 362 | |
wolfSSL | 7:481bce714567 | 363 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 364 | return ret; |
wolfSSL | 7:481bce714567 | 365 | |
wolfSSL | 7:481bce714567 | 366 | hashSz = SHA256_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 367 | } |
wolfSSL | 7:481bce714567 | 368 | #endif |
wolfSSL | 7:481bce714567 | 369 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 7:481bce714567 | 370 | if (ssl->specs.mac_algorithm == sha384_mac) { |
wolfSSL | 7:481bce714567 | 371 | int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); |
wolfSSL | 7:481bce714567 | 372 | |
wolfSSL | 7:481bce714567 | 373 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 374 | return ret; |
wolfSSL | 7:481bce714567 | 375 | |
wolfSSL | 7:481bce714567 | 376 | hashSz = SHA384_DIGEST_SIZE; |
wolfSSL | 7:481bce714567 | 377 | } |
wolfSSL | 7:481bce714567 | 378 | #endif |
wolfSSL | 7:481bce714567 | 379 | } |
wolfSSL | 7:481bce714567 | 380 | |
wolfSSL | 7:481bce714567 | 381 | *hashLen = hashSz; |
wolfSSL | 7:481bce714567 | 382 | |
wolfSSL | 7:481bce714567 | 383 | return 0; |
wolfSSL | 7:481bce714567 | 384 | } |
wolfSSL | 7:481bce714567 | 385 | |
wolfSSL | 7:481bce714567 | 386 | |
wolfSSL | 7:481bce714567 | 387 | int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) |
wolfSSL | 7:481bce714567 | 388 | { |
wolfSSL | 7:481bce714567 | 389 | int ret; |
wolfSSL | 7:481bce714567 | 390 | const byte* side; |
wolfSSL | 7:481bce714567 | 391 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 7:481bce714567 | 392 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 7:481bce714567 | 393 | |
wolfSSL | 7:481bce714567 | 394 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 7:481bce714567 | 395 | if (ret < 0) |
wolfSSL | 7:481bce714567 | 396 | return ret; |
wolfSSL | 7:481bce714567 | 397 | |
wolfSSL | 7:481bce714567 | 398 | if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) |
wolfSSL | 7:481bce714567 | 399 | side = tls_client; |
wolfSSL | 7:481bce714567 | 400 | else |
wolfSSL | 7:481bce714567 | 401 | side = tls_server; |
wolfSSL | 7:481bce714567 | 402 | |
wolfSSL | 7:481bce714567 | 403 | return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, |
wolfSSL | 7:481bce714567 | 404 | SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, |
wolfSSL | 7:481bce714567 | 405 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 7:481bce714567 | 406 | } |
wolfSSL | 7:481bce714567 | 407 | |
wolfSSL | 7:481bce714567 | 408 | |
wolfSSL | 7:481bce714567 | 409 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 410 | |
wolfSSL | 7:481bce714567 | 411 | ProtocolVersion MakeTLSv1(void) |
wolfSSL | 7:481bce714567 | 412 | { |
wolfSSL | 7:481bce714567 | 413 | ProtocolVersion pv; |
wolfSSL | 7:481bce714567 | 414 | pv.major = SSLv3_MAJOR; |
wolfSSL | 7:481bce714567 | 415 | pv.minor = TLSv1_MINOR; |
wolfSSL | 7:481bce714567 | 416 | |
wolfSSL | 7:481bce714567 | 417 | return pv; |
wolfSSL | 7:481bce714567 | 418 | } |
wolfSSL | 7:481bce714567 | 419 | |
wolfSSL | 7:481bce714567 | 420 | |
wolfSSL | 7:481bce714567 | 421 | ProtocolVersion MakeTLSv1_1(void) |
wolfSSL | 7:481bce714567 | 422 | { |
wolfSSL | 7:481bce714567 | 423 | ProtocolVersion pv; |
wolfSSL | 7:481bce714567 | 424 | pv.major = SSLv3_MAJOR; |
wolfSSL | 7:481bce714567 | 425 | pv.minor = TLSv1_1_MINOR; |
wolfSSL | 7:481bce714567 | 426 | |
wolfSSL | 7:481bce714567 | 427 | return pv; |
wolfSSL | 7:481bce714567 | 428 | } |
wolfSSL | 7:481bce714567 | 429 | |
wolfSSL | 7:481bce714567 | 430 | #endif |
wolfSSL | 7:481bce714567 | 431 | |
wolfSSL | 7:481bce714567 | 432 | |
wolfSSL | 7:481bce714567 | 433 | ProtocolVersion MakeTLSv1_2(void) |
wolfSSL | 7:481bce714567 | 434 | { |
wolfSSL | 7:481bce714567 | 435 | ProtocolVersion pv; |
wolfSSL | 7:481bce714567 | 436 | pv.major = SSLv3_MAJOR; |
wolfSSL | 7:481bce714567 | 437 | pv.minor = TLSv1_2_MINOR; |
wolfSSL | 7:481bce714567 | 438 | |
wolfSSL | 7:481bce714567 | 439 | return pv; |
wolfSSL | 7:481bce714567 | 440 | } |
wolfSSL | 7:481bce714567 | 441 | |
wolfSSL | 7:481bce714567 | 442 | |
wolfSSL | 7:481bce714567 | 443 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 444 | static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = |
wolfSSL | 7:481bce714567 | 445 | "extended master secret"; |
wolfSSL | 7:481bce714567 | 446 | #endif |
wolfSSL | 7:481bce714567 | 447 | static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; |
wolfSSL | 7:481bce714567 | 448 | static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; |
wolfSSL | 7:481bce714567 | 449 | |
wolfSSL | 7:481bce714567 | 450 | |
wolfSSL | 7:481bce714567 | 451 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 7:481bce714567 | 452 | int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen, |
wolfSSL | 7:481bce714567 | 453 | const byte* ms, word32 msLen, |
wolfSSL | 7:481bce714567 | 454 | const byte* sr, const byte* cr, |
wolfSSL | 7:481bce714567 | 455 | int tls1_2, int hash_type) |
wolfSSL | 7:481bce714567 | 456 | { |
wolfSSL | 7:481bce714567 | 457 | byte seed[SEED_LEN]; |
wolfSSL | 7:481bce714567 | 458 | |
wolfSSL | 7:481bce714567 | 459 | XMEMCPY(seed, sr, RAN_LEN); |
wolfSSL | 7:481bce714567 | 460 | XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); |
wolfSSL | 7:481bce714567 | 461 | |
wolfSSL | 7:481bce714567 | 462 | return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ, |
wolfSSL | 7:481bce714567 | 463 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 7:481bce714567 | 464 | } |
wolfSSL | 7:481bce714567 | 465 | |
wolfSSL | 7:481bce714567 | 466 | |
wolfSSL | 7:481bce714567 | 467 | int DeriveTlsKeys(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 468 | { |
wolfSSL | 7:481bce714567 | 469 | int ret; |
wolfSSL | 7:481bce714567 | 470 | int length = 2 * ssl->specs.hash_size + |
wolfSSL | 7:481bce714567 | 471 | 2 * ssl->specs.key_size + |
wolfSSL | 7:481bce714567 | 472 | 2 * ssl->specs.iv_size; |
wolfSSL | 7:481bce714567 | 473 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 474 | byte* key_data; |
wolfSSL | 7:481bce714567 | 475 | #else |
wolfSSL | 7:481bce714567 | 476 | byte key_data[MAX_PRF_DIG]; |
wolfSSL | 7:481bce714567 | 477 | #endif |
wolfSSL | 7:481bce714567 | 478 | |
wolfSSL | 7:481bce714567 | 479 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 480 | key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 481 | if (key_data == NULL) { |
wolfSSL | 7:481bce714567 | 482 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 483 | } |
wolfSSL | 7:481bce714567 | 484 | #endif |
wolfSSL | 7:481bce714567 | 485 | |
wolfSSL | 7:481bce714567 | 486 | ret = wolfSSL_DeriveTlsKeys(key_data, length, |
wolfSSL | 7:481bce714567 | 487 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 7:481bce714567 | 488 | ssl->arrays->serverRandom, ssl->arrays->clientRandom, |
wolfSSL | 7:481bce714567 | 489 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 7:481bce714567 | 490 | if (ret == 0) |
wolfSSL | 7:481bce714567 | 491 | ret = StoreKeys(ssl, key_data); |
wolfSSL | 7:481bce714567 | 492 | |
wolfSSL | 7:481bce714567 | 493 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 494 | XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 495 | #endif |
wolfSSL | 7:481bce714567 | 496 | |
wolfSSL | 7:481bce714567 | 497 | return ret; |
wolfSSL | 7:481bce714567 | 498 | } |
wolfSSL | 7:481bce714567 | 499 | |
wolfSSL | 7:481bce714567 | 500 | |
wolfSSL | 7:481bce714567 | 501 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 7:481bce714567 | 502 | int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 7:481bce714567 | 503 | const byte* pms, word32 pmsLen, |
wolfSSL | 7:481bce714567 | 504 | const byte* cr, const byte* sr, |
wolfSSL | 7:481bce714567 | 505 | int tls1_2, int hash_type) |
wolfSSL | 7:481bce714567 | 506 | { |
wolfSSL | 7:481bce714567 | 507 | byte seed[SEED_LEN]; |
wolfSSL | 7:481bce714567 | 508 | |
wolfSSL | 7:481bce714567 | 509 | XMEMCPY(seed, cr, RAN_LEN); |
wolfSSL | 7:481bce714567 | 510 | XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); |
wolfSSL | 7:481bce714567 | 511 | |
wolfSSL | 7:481bce714567 | 512 | return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, |
wolfSSL | 7:481bce714567 | 513 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 7:481bce714567 | 514 | } |
wolfSSL | 7:481bce714567 | 515 | |
wolfSSL | 7:481bce714567 | 516 | |
wolfSSL | 7:481bce714567 | 517 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 518 | |
wolfSSL | 7:481bce714567 | 519 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 7:481bce714567 | 520 | int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 7:481bce714567 | 521 | const byte* pms, word32 pmsLen, |
wolfSSL | 7:481bce714567 | 522 | const byte* sHash, word32 sHashLen, |
wolfSSL | 7:481bce714567 | 523 | int tls1_2, int hash_type) |
wolfSSL | 7:481bce714567 | 524 | { |
wolfSSL | 7:481bce714567 | 525 | return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ, |
wolfSSL | 7:481bce714567 | 526 | sHash, sHashLen, tls1_2, hash_type); |
wolfSSL | 7:481bce714567 | 527 | } |
wolfSSL | 7:481bce714567 | 528 | |
wolfSSL | 7:481bce714567 | 529 | #endif /* HAVE_EXTENDED_MASTER */ |
wolfSSL | 7:481bce714567 | 530 | |
wolfSSL | 7:481bce714567 | 531 | |
wolfSSL | 7:481bce714567 | 532 | int MakeTlsMasterSecret(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 533 | { |
wolfSSL | 7:481bce714567 | 534 | int ret; |
wolfSSL | 7:481bce714567 | 535 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 536 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 7:481bce714567 | 537 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 7:481bce714567 | 538 | |
wolfSSL | 7:481bce714567 | 539 | if (ssl->options.haveEMS) { |
wolfSSL | 7:481bce714567 | 540 | |
wolfSSL | 7:481bce714567 | 541 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 7:481bce714567 | 542 | if (ret < 0) |
wolfSSL | 7:481bce714567 | 543 | return ret; |
wolfSSL | 7:481bce714567 | 544 | |
wolfSSL | 7:481bce714567 | 545 | ret = wolfSSL_MakeTlsExtendedMasterSecret( |
wolfSSL | 7:481bce714567 | 546 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 7:481bce714567 | 547 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 7:481bce714567 | 548 | handshake_hash, hashSz, |
wolfSSL | 7:481bce714567 | 549 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 7:481bce714567 | 550 | } else |
wolfSSL | 7:481bce714567 | 551 | #endif |
wolfSSL | 7:481bce714567 | 552 | ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 7:481bce714567 | 553 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 7:481bce714567 | 554 | ssl->arrays->clientRandom, ssl->arrays->serverRandom, |
wolfSSL | 7:481bce714567 | 555 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 7:481bce714567 | 556 | |
wolfSSL | 7:481bce714567 | 557 | if (ret == 0) { |
wolfSSL | 7:481bce714567 | 558 | #ifdef SHOW_SECRETS |
wolfSSL | 7:481bce714567 | 559 | int i; |
wolfSSL | 7:481bce714567 | 560 | |
wolfSSL | 7:481bce714567 | 561 | printf("master secret: "); |
wolfSSL | 7:481bce714567 | 562 | for (i = 0; i < SECRET_LEN; i++) |
wolfSSL | 7:481bce714567 | 563 | printf("%02x", ssl->arrays->masterSecret[i]); |
wolfSSL | 7:481bce714567 | 564 | printf("\n"); |
wolfSSL | 7:481bce714567 | 565 | #endif |
wolfSSL | 7:481bce714567 | 566 | |
wolfSSL | 7:481bce714567 | 567 | ret = DeriveTlsKeys(ssl); |
wolfSSL | 7:481bce714567 | 568 | } |
wolfSSL | 7:481bce714567 | 569 | |
wolfSSL | 7:481bce714567 | 570 | return ret; |
wolfSSL | 7:481bce714567 | 571 | } |
wolfSSL | 7:481bce714567 | 572 | |
wolfSSL | 7:481bce714567 | 573 | |
wolfSSL | 7:481bce714567 | 574 | /* Used by EAP-TLS and EAP-TTLS to derive keying material from |
wolfSSL | 7:481bce714567 | 575 | * the master_secret. */ |
wolfSSL | 7:481bce714567 | 576 | int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, |
wolfSSL | 7:481bce714567 | 577 | const char* label) |
wolfSSL | 7:481bce714567 | 578 | { |
wolfSSL | 7:481bce714567 | 579 | int ret; |
wolfSSL | 7:481bce714567 | 580 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 581 | byte* seed; |
wolfSSL | 7:481bce714567 | 582 | #else |
wolfSSL | 7:481bce714567 | 583 | byte seed[SEED_LEN]; |
wolfSSL | 7:481bce714567 | 584 | #endif |
wolfSSL | 7:481bce714567 | 585 | |
wolfSSL | 7:481bce714567 | 586 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 587 | seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 588 | if (seed == NULL) |
wolfSSL | 7:481bce714567 | 589 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 590 | #endif |
wolfSSL | 7:481bce714567 | 591 | |
wolfSSL | 7:481bce714567 | 592 | /* |
wolfSSL | 7:481bce714567 | 593 | * As per RFC-5281, the order of the client and server randoms is reversed |
wolfSSL | 7:481bce714567 | 594 | * from that used by the TLS protocol to derive keys. |
wolfSSL | 7:481bce714567 | 595 | */ |
wolfSSL | 7:481bce714567 | 596 | XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); |
wolfSSL | 7:481bce714567 | 597 | XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); |
wolfSSL | 7:481bce714567 | 598 | |
wolfSSL | 7:481bce714567 | 599 | ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 7:481bce714567 | 600 | (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN, |
wolfSSL | 7:481bce714567 | 601 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 7:481bce714567 | 602 | |
wolfSSL | 7:481bce714567 | 603 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 7:481bce714567 | 604 | XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 605 | #endif |
wolfSSL | 7:481bce714567 | 606 | |
wolfSSL | 7:481bce714567 | 607 | return ret; |
wolfSSL | 7:481bce714567 | 608 | } |
wolfSSL | 7:481bce714567 | 609 | |
wolfSSL | 7:481bce714567 | 610 | |
wolfSSL | 7:481bce714567 | 611 | /*** next for static INLINE s copied internal.c ***/ |
wolfSSL | 7:481bce714567 | 612 | |
wolfSSL | 7:481bce714567 | 613 | /* convert 16 bit integer to opaque */ |
wolfSSL | 7:481bce714567 | 614 | static INLINE void c16toa(word16 u16, byte* c) |
wolfSSL | 7:481bce714567 | 615 | { |
wolfSSL | 7:481bce714567 | 616 | c[0] = (u16 >> 8) & 0xff; |
wolfSSL | 7:481bce714567 | 617 | c[1] = u16 & 0xff; |
wolfSSL | 7:481bce714567 | 618 | } |
wolfSSL | 7:481bce714567 | 619 | |
wolfSSL | 7:481bce714567 | 620 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 7:481bce714567 | 621 | /* convert opaque to 16 bit integer */ |
wolfSSL | 7:481bce714567 | 622 | static INLINE void ato16(const byte* c, word16* u16) |
wolfSSL | 7:481bce714567 | 623 | { |
wolfSSL | 7:481bce714567 | 624 | *u16 = (c[0] << 8) | (c[1]); |
wolfSSL | 7:481bce714567 | 625 | } |
wolfSSL | 7:481bce714567 | 626 | |
wolfSSL | 7:481bce714567 | 627 | #if defined(HAVE_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 7:481bce714567 | 628 | /* convert a 24 bit integer into a 32 bit one */ |
wolfSSL | 7:481bce714567 | 629 | static INLINE void c24to32(const word24 u24, word32* u32) |
wolfSSL | 7:481bce714567 | 630 | { |
wolfSSL | 7:481bce714567 | 631 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
wolfSSL | 7:481bce714567 | 632 | } |
wolfSSL | 7:481bce714567 | 633 | #endif |
wolfSSL | 7:481bce714567 | 634 | #endif |
wolfSSL | 7:481bce714567 | 635 | |
wolfSSL | 7:481bce714567 | 636 | /* convert 32 bit integer to opaque */ |
wolfSSL | 7:481bce714567 | 637 | static INLINE void c32toa(word32 u32, byte* c) |
wolfSSL | 7:481bce714567 | 638 | { |
wolfSSL | 7:481bce714567 | 639 | c[0] = (u32 >> 24) & 0xff; |
wolfSSL | 7:481bce714567 | 640 | c[1] = (u32 >> 16) & 0xff; |
wolfSSL | 7:481bce714567 | 641 | c[2] = (u32 >> 8) & 0xff; |
wolfSSL | 7:481bce714567 | 642 | c[3] = u32 & 0xff; |
wolfSSL | 7:481bce714567 | 643 | } |
wolfSSL | 7:481bce714567 | 644 | |
wolfSSL | 7:481bce714567 | 645 | |
wolfSSL | 7:481bce714567 | 646 | static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) |
wolfSSL | 7:481bce714567 | 647 | { |
wolfSSL | 7:481bce714567 | 648 | if (verify) { |
wolfSSL | 7:481bce714567 | 649 | seq[0] = ssl->keys.peer_sequence_number_hi; |
wolfSSL | 7:481bce714567 | 650 | seq[1] = ssl->keys.peer_sequence_number_lo++; |
wolfSSL | 7:481bce714567 | 651 | if (seq[1] > ssl->keys.peer_sequence_number_lo) { |
wolfSSL | 7:481bce714567 | 652 | /* handle rollover */ |
wolfSSL | 7:481bce714567 | 653 | ssl->keys.peer_sequence_number_hi++; |
wolfSSL | 7:481bce714567 | 654 | } |
wolfSSL | 7:481bce714567 | 655 | } |
wolfSSL | 7:481bce714567 | 656 | else { |
wolfSSL | 7:481bce714567 | 657 | seq[0] = ssl->keys.sequence_number_hi; |
wolfSSL | 7:481bce714567 | 658 | seq[1] = ssl->keys.sequence_number_lo++; |
wolfSSL | 7:481bce714567 | 659 | if (seq[1] > ssl->keys.sequence_number_lo) { |
wolfSSL | 7:481bce714567 | 660 | /* handle rollover */ |
wolfSSL | 7:481bce714567 | 661 | ssl->keys.sequence_number_hi++; |
wolfSSL | 7:481bce714567 | 662 | } |
wolfSSL | 7:481bce714567 | 663 | } |
wolfSSL | 7:481bce714567 | 664 | } |
wolfSSL | 7:481bce714567 | 665 | |
wolfSSL | 7:481bce714567 | 666 | |
wolfSSL | 7:481bce714567 | 667 | #ifdef WOLFSSL_DTLS |
wolfSSL | 7:481bce714567 | 668 | static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2]) |
wolfSSL | 7:481bce714567 | 669 | { |
wolfSSL | 7:481bce714567 | 670 | if (order == PREV_ORDER) { |
wolfSSL | 7:481bce714567 | 671 | /* Previous epoch case */ |
wolfSSL | 7:481bce714567 | 672 | seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) | |
wolfSSL | 7:481bce714567 | 673 | (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF); |
wolfSSL | 7:481bce714567 | 674 | seq[1] = ssl->keys.dtls_prev_sequence_number_lo; |
wolfSSL | 7:481bce714567 | 675 | } |
wolfSSL | 7:481bce714567 | 676 | else if (order == PEER_ORDER) { |
wolfSSL | 7:481bce714567 | 677 | seq[0] = (ssl->keys.curEpoch << 16) | |
wolfSSL | 7:481bce714567 | 678 | (ssl->keys.curSeq_hi & 0xFFFF); |
wolfSSL | 7:481bce714567 | 679 | seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */ |
wolfSSL | 7:481bce714567 | 680 | } |
wolfSSL | 7:481bce714567 | 681 | else { |
wolfSSL | 7:481bce714567 | 682 | seq[0] = (ssl->keys.dtls_epoch << 16) | |
wolfSSL | 7:481bce714567 | 683 | (ssl->keys.dtls_sequence_number_hi & 0xFFFF); |
wolfSSL | 7:481bce714567 | 684 | seq[1] = ssl->keys.dtls_sequence_number_lo; |
wolfSSL | 7:481bce714567 | 685 | } |
wolfSSL | 7:481bce714567 | 686 | } |
wolfSSL | 7:481bce714567 | 687 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 7:481bce714567 | 688 | |
wolfSSL | 7:481bce714567 | 689 | |
wolfSSL | 7:481bce714567 | 690 | static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) |
wolfSSL | 7:481bce714567 | 691 | { |
wolfSSL | 7:481bce714567 | 692 | word32 seq[2] = {0, 0}; |
wolfSSL | 7:481bce714567 | 693 | |
wolfSSL | 7:481bce714567 | 694 | if (!ssl->options.dtls) { |
wolfSSL | 7:481bce714567 | 695 | GetSEQIncrement(ssl, verifyOrder, seq); |
wolfSSL | 7:481bce714567 | 696 | } |
wolfSSL | 7:481bce714567 | 697 | else { |
wolfSSL | 7:481bce714567 | 698 | #ifdef WOLFSSL_DTLS |
wolfSSL | 7:481bce714567 | 699 | DtlsGetSEQ(ssl, verifyOrder, seq); |
wolfSSL | 7:481bce714567 | 700 | #endif |
wolfSSL | 7:481bce714567 | 701 | } |
wolfSSL | 7:481bce714567 | 702 | |
wolfSSL | 7:481bce714567 | 703 | c32toa(seq[0], out); |
wolfSSL | 7:481bce714567 | 704 | c32toa(seq[1], out + OPAQUE32_LEN); |
wolfSSL | 7:481bce714567 | 705 | } |
wolfSSL | 7:481bce714567 | 706 | |
wolfSSL | 7:481bce714567 | 707 | |
wolfSSL | 7:481bce714567 | 708 | /*** end copy ***/ |
wolfSSL | 7:481bce714567 | 709 | |
wolfSSL | 7:481bce714567 | 710 | |
wolfSSL | 7:481bce714567 | 711 | /* return HMAC digest type in wolfSSL format */ |
wolfSSL | 7:481bce714567 | 712 | int wolfSSL_GetHmacType(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 713 | { |
wolfSSL | 7:481bce714567 | 714 | if (ssl == NULL) |
wolfSSL | 7:481bce714567 | 715 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 716 | |
wolfSSL | 7:481bce714567 | 717 | switch (ssl->specs.mac_algorithm) { |
wolfSSL | 7:481bce714567 | 718 | #ifndef NO_MD5 |
wolfSSL | 7:481bce714567 | 719 | case md5_mac: |
wolfSSL | 7:481bce714567 | 720 | { |
wolfSSL | 7:481bce714567 | 721 | return MD5; |
wolfSSL | 7:481bce714567 | 722 | } |
wolfSSL | 7:481bce714567 | 723 | #endif |
wolfSSL | 7:481bce714567 | 724 | #ifndef NO_SHA256 |
wolfSSL | 7:481bce714567 | 725 | case sha256_mac: |
wolfSSL | 7:481bce714567 | 726 | { |
wolfSSL | 7:481bce714567 | 727 | return SHA256; |
wolfSSL | 7:481bce714567 | 728 | } |
wolfSSL | 7:481bce714567 | 729 | #endif |
wolfSSL | 7:481bce714567 | 730 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 7:481bce714567 | 731 | case sha384_mac: |
wolfSSL | 7:481bce714567 | 732 | { |
wolfSSL | 7:481bce714567 | 733 | return SHA384; |
wolfSSL | 7:481bce714567 | 734 | } |
wolfSSL | 7:481bce714567 | 735 | |
wolfSSL | 7:481bce714567 | 736 | #endif |
wolfSSL | 7:481bce714567 | 737 | #ifndef NO_SHA |
wolfSSL | 7:481bce714567 | 738 | case sha_mac: |
wolfSSL | 7:481bce714567 | 739 | { |
wolfSSL | 7:481bce714567 | 740 | return SHA; |
wolfSSL | 7:481bce714567 | 741 | } |
wolfSSL | 7:481bce714567 | 742 | #endif |
wolfSSL | 7:481bce714567 | 743 | #ifdef HAVE_BLAKE2 |
wolfSSL | 7:481bce714567 | 744 | case blake2b_mac: |
wolfSSL | 7:481bce714567 | 745 | { |
wolfSSL | 7:481bce714567 | 746 | return BLAKE2B_ID; |
wolfSSL | 7:481bce714567 | 747 | } |
wolfSSL | 7:481bce714567 | 748 | #endif |
wolfSSL | 7:481bce714567 | 749 | default: |
wolfSSL | 7:481bce714567 | 750 | { |
wolfSSL | 7:481bce714567 | 751 | return SSL_FATAL_ERROR; |
wolfSSL | 7:481bce714567 | 752 | } |
wolfSSL | 7:481bce714567 | 753 | } |
wolfSSL | 7:481bce714567 | 754 | } |
wolfSSL | 7:481bce714567 | 755 | |
wolfSSL | 7:481bce714567 | 756 | |
wolfSSL | 7:481bce714567 | 757 | int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, |
wolfSSL | 7:481bce714567 | 758 | int verify) |
wolfSSL | 7:481bce714567 | 759 | { |
wolfSSL | 7:481bce714567 | 760 | if (ssl == NULL || inner == NULL) |
wolfSSL | 7:481bce714567 | 761 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 762 | |
wolfSSL | 7:481bce714567 | 763 | XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 7:481bce714567 | 764 | |
wolfSSL | 7:481bce714567 | 765 | WriteSEQ(ssl, verify, inner); |
wolfSSL | 7:481bce714567 | 766 | inner[SEQ_SZ] = (byte)content; |
wolfSSL | 7:481bce714567 | 767 | inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; |
wolfSSL | 7:481bce714567 | 768 | inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; |
wolfSSL | 7:481bce714567 | 769 | c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); |
wolfSSL | 7:481bce714567 | 770 | |
wolfSSL | 7:481bce714567 | 771 | return 0; |
wolfSSL | 7:481bce714567 | 772 | } |
wolfSSL | 7:481bce714567 | 773 | |
wolfSSL | 7:481bce714567 | 774 | |
wolfSSL | 7:481bce714567 | 775 | /* TLS type HMAC */ |
wolfSSL | 7:481bce714567 | 776 | int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, |
wolfSSL | 7:481bce714567 | 777 | int content, int verify) |
wolfSSL | 7:481bce714567 | 778 | { |
wolfSSL | 7:481bce714567 | 779 | Hmac hmac; |
wolfSSL | 7:481bce714567 | 780 | int ret; |
wolfSSL | 7:481bce714567 | 781 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 7:481bce714567 | 782 | |
wolfSSL | 7:481bce714567 | 783 | if (ssl == NULL) |
wolfSSL | 7:481bce714567 | 784 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 785 | |
wolfSSL | 7:481bce714567 | 786 | #ifdef HAVE_FUZZER |
wolfSSL | 7:481bce714567 | 787 | if (ssl->fuzzerCb) |
wolfSSL | 7:481bce714567 | 788 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
wolfSSL | 7:481bce714567 | 789 | #endif |
wolfSSL | 7:481bce714567 | 790 | |
wolfSSL | 7:481bce714567 | 791 | wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); |
wolfSSL | 7:481bce714567 | 792 | |
wolfSSL | 7:481bce714567 | 793 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 7:481bce714567 | 794 | wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); |
wolfSSL | 7:481bce714567 | 795 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 796 | return ret; |
wolfSSL | 7:481bce714567 | 797 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 7:481bce714567 | 798 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 799 | return ret; |
wolfSSL | 7:481bce714567 | 800 | ret = wc_HmacUpdate(&hmac, in, sz); /* content */ |
wolfSSL | 7:481bce714567 | 801 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 802 | return ret; |
wolfSSL | 7:481bce714567 | 803 | ret = wc_HmacFinal(&hmac, digest); |
wolfSSL | 7:481bce714567 | 804 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 805 | return ret; |
wolfSSL | 7:481bce714567 | 806 | |
wolfSSL | 7:481bce714567 | 807 | return 0; |
wolfSSL | 7:481bce714567 | 808 | } |
wolfSSL | 7:481bce714567 | 809 | |
wolfSSL | 7:481bce714567 | 810 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 7:481bce714567 | 811 | |
wolfSSL | 7:481bce714567 | 812 | /** |
wolfSSL | 7:481bce714567 | 813 | * The TLSX semaphore is used to calculate the size of the extensions to be sent |
wolfSSL | 7:481bce714567 | 814 | * from one peer to another. |
wolfSSL | 7:481bce714567 | 815 | */ |
wolfSSL | 7:481bce714567 | 816 | |
wolfSSL | 7:481bce714567 | 817 | /** Supports up to 64 flags. Increase as needed. */ |
wolfSSL | 7:481bce714567 | 818 | #define SEMAPHORE_SIZE 8 |
wolfSSL | 7:481bce714567 | 819 | |
wolfSSL | 7:481bce714567 | 820 | /** |
wolfSSL | 7:481bce714567 | 821 | * Converts the extension type (id) to an index in the semaphore. |
wolfSSL | 7:481bce714567 | 822 | * |
wolfSSL | 7:481bce714567 | 823 | * Oficial reference for TLS extension types: |
wolfSSL | 7:481bce714567 | 824 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml |
wolfSSL | 7:481bce714567 | 825 | * |
wolfSSL | 7:481bce714567 | 826 | * Motivation: |
wolfSSL | 7:481bce714567 | 827 | * Previously, we used the extension type itself as the index of that |
wolfSSL | 7:481bce714567 | 828 | * extension in the semaphore as the extension types were declared |
wolfSSL | 7:481bce714567 | 829 | * sequentially, but maintain a semaphore as big as the number of available |
wolfSSL | 7:481bce714567 | 830 | * extensions is no longer an option since the release of renegotiation_info. |
wolfSSL | 7:481bce714567 | 831 | * |
wolfSSL | 7:481bce714567 | 832 | * How to update: |
wolfSSL | 7:481bce714567 | 833 | * Assign extension types that extrapolate the number of available semaphores |
wolfSSL | 7:481bce714567 | 834 | * to the first available index going backwards in the semaphore array. |
wolfSSL | 7:481bce714567 | 835 | * When adding a new extension type that don't extrapolate the number of |
wolfSSL | 7:481bce714567 | 836 | * available semaphores, check for a possible collision with with a |
wolfSSL | 7:481bce714567 | 837 | * 'remapped' extension type. |
wolfSSL | 7:481bce714567 | 838 | */ |
wolfSSL | 7:481bce714567 | 839 | static INLINE word16 TLSX_ToSemaphore(word16 type) |
wolfSSL | 7:481bce714567 | 840 | { |
wolfSSL | 7:481bce714567 | 841 | switch (type) { |
wolfSSL | 7:481bce714567 | 842 | |
wolfSSL | 7:481bce714567 | 843 | case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */ |
wolfSSL | 7:481bce714567 | 844 | return 63; |
wolfSSL | 7:481bce714567 | 845 | |
wolfSSL | 7:481bce714567 | 846 | default: |
wolfSSL | 7:481bce714567 | 847 | if (type > 62) { |
wolfSSL | 7:481bce714567 | 848 | /* This message SHOULD only happens during the adding of |
wolfSSL | 7:481bce714567 | 849 | new TLS extensions in which its IANA number overflows |
wolfSSL | 7:481bce714567 | 850 | the current semaphore's range, or if its number already |
wolfSSL | 7:481bce714567 | 851 | is assigned to be used by another extension. |
wolfSSL | 7:481bce714567 | 852 | Use this check value for the new extension and decrement |
wolfSSL | 7:481bce714567 | 853 | the check value by one. */ |
wolfSSL | 7:481bce714567 | 854 | WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!"); |
wolfSSL | 7:481bce714567 | 855 | } |
wolfSSL | 7:481bce714567 | 856 | } |
wolfSSL | 7:481bce714567 | 857 | |
wolfSSL | 7:481bce714567 | 858 | return type; |
wolfSSL | 7:481bce714567 | 859 | } |
wolfSSL | 7:481bce714567 | 860 | |
wolfSSL | 7:481bce714567 | 861 | /** Checks if a specific light (tls extension) is not set in the semaphore. */ |
wolfSSL | 7:481bce714567 | 862 | #define IS_OFF(semaphore, light) \ |
wolfSSL | 7:481bce714567 | 863 | ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) |
wolfSSL | 7:481bce714567 | 864 | |
wolfSSL | 7:481bce714567 | 865 | /** Turn on a specific light (tls extension) in the semaphore. */ |
wolfSSL | 7:481bce714567 | 866 | #define TURN_ON(semaphore, light) \ |
wolfSSL | 7:481bce714567 | 867 | ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) |
wolfSSL | 7:481bce714567 | 868 | |
wolfSSL | 7:481bce714567 | 869 | /** Creates a new extension. */ |
wolfSSL | 7:481bce714567 | 870 | static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap) |
wolfSSL | 7:481bce714567 | 871 | { |
wolfSSL | 7:481bce714567 | 872 | TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 873 | |
wolfSSL | 7:481bce714567 | 874 | if (extension) { |
wolfSSL | 7:481bce714567 | 875 | extension->type = type; |
wolfSSL | 7:481bce714567 | 876 | extension->data = data; |
wolfSSL | 7:481bce714567 | 877 | extension->resp = 0; |
wolfSSL | 7:481bce714567 | 878 | extension->next = NULL; |
wolfSSL | 7:481bce714567 | 879 | } |
wolfSSL | 7:481bce714567 | 880 | |
wolfSSL | 7:481bce714567 | 881 | return extension; |
wolfSSL | 7:481bce714567 | 882 | } |
wolfSSL | 7:481bce714567 | 883 | |
wolfSSL | 7:481bce714567 | 884 | /** |
wolfSSL | 7:481bce714567 | 885 | * Creates a new extension and pushes it to the provided list. |
wolfSSL | 7:481bce714567 | 886 | * Checks for duplicate extensions, keeps the newest. |
wolfSSL | 7:481bce714567 | 887 | */ |
wolfSSL | 7:481bce714567 | 888 | static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap) |
wolfSSL | 7:481bce714567 | 889 | { |
wolfSSL | 7:481bce714567 | 890 | TLSX* extension = TLSX_New(type, data, heap); |
wolfSSL | 7:481bce714567 | 891 | |
wolfSSL | 7:481bce714567 | 892 | if (extension == NULL) |
wolfSSL | 7:481bce714567 | 893 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 894 | |
wolfSSL | 7:481bce714567 | 895 | /* pushes the new extension on the list. */ |
wolfSSL | 7:481bce714567 | 896 | extension->next = *list; |
wolfSSL | 7:481bce714567 | 897 | *list = extension; |
wolfSSL | 7:481bce714567 | 898 | |
wolfSSL | 7:481bce714567 | 899 | /* remove duplicate extensions, there should be only one of each type. */ |
wolfSSL | 7:481bce714567 | 900 | do { |
wolfSSL | 7:481bce714567 | 901 | if (extension->next && extension->next->type == type) { |
wolfSSL | 7:481bce714567 | 902 | TLSX *next = extension->next; |
wolfSSL | 7:481bce714567 | 903 | |
wolfSSL | 7:481bce714567 | 904 | extension->next = next->next; |
wolfSSL | 7:481bce714567 | 905 | next->next = NULL; |
wolfSSL | 7:481bce714567 | 906 | |
wolfSSL | 7:481bce714567 | 907 | TLSX_FreeAll(next, heap); |
wolfSSL | 7:481bce714567 | 908 | |
wolfSSL | 7:481bce714567 | 909 | /* there is no way to occur more than */ |
wolfSSL | 7:481bce714567 | 910 | /* two extensions of the same type. */ |
wolfSSL | 7:481bce714567 | 911 | break; |
wolfSSL | 7:481bce714567 | 912 | } |
wolfSSL | 7:481bce714567 | 913 | } while ((extension = extension->next)); |
wolfSSL | 7:481bce714567 | 914 | |
wolfSSL | 7:481bce714567 | 915 | return 0; |
wolfSSL | 7:481bce714567 | 916 | } |
wolfSSL | 7:481bce714567 | 917 | |
wolfSSL | 7:481bce714567 | 918 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 919 | |
wolfSSL | 7:481bce714567 | 920 | /** Mark an extension to be sent back to the client. */ |
wolfSSL | 7:481bce714567 | 921 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 7:481bce714567 | 922 | |
wolfSSL | 7:481bce714567 | 923 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 7:481bce714567 | 924 | { |
wolfSSL | 7:481bce714567 | 925 | TLSX *ext = TLSX_Find(ssl->extensions, type); |
wolfSSL | 7:481bce714567 | 926 | |
wolfSSL | 7:481bce714567 | 927 | if (ext) |
wolfSSL | 7:481bce714567 | 928 | ext->resp = 1; |
wolfSSL | 7:481bce714567 | 929 | } |
wolfSSL | 7:481bce714567 | 930 | |
wolfSSL | 7:481bce714567 | 931 | #endif |
wolfSSL | 7:481bce714567 | 932 | |
wolfSSL | 7:481bce714567 | 933 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 934 | /* Application-Layer Protocol Negotiation */ |
wolfSSL | 7:481bce714567 | 935 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 936 | |
wolfSSL | 7:481bce714567 | 937 | #ifdef HAVE_ALPN |
wolfSSL | 7:481bce714567 | 938 | /** Creates a new ALPN object, providing protocol name to use. */ |
wolfSSL | 7:481bce714567 | 939 | static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz, |
wolfSSL | 7:481bce714567 | 940 | void* heap) |
wolfSSL | 7:481bce714567 | 941 | { |
wolfSSL | 7:481bce714567 | 942 | ALPN *alpn; |
wolfSSL | 7:481bce714567 | 943 | |
wolfSSL | 7:481bce714567 | 944 | WOLFSSL_ENTER("TLSX_ALPN_New"); |
wolfSSL | 7:481bce714567 | 945 | |
wolfSSL | 7:481bce714567 | 946 | if (protocol_name == NULL || |
wolfSSL | 7:481bce714567 | 947 | protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) { |
wolfSSL | 7:481bce714567 | 948 | WOLFSSL_MSG("Invalid arguments"); |
wolfSSL | 7:481bce714567 | 949 | return NULL; |
wolfSSL | 7:481bce714567 | 950 | } |
wolfSSL | 7:481bce714567 | 951 | |
wolfSSL | 7:481bce714567 | 952 | alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 953 | if (alpn == NULL) { |
wolfSSL | 7:481bce714567 | 954 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 7:481bce714567 | 955 | return NULL; |
wolfSSL | 7:481bce714567 | 956 | } |
wolfSSL | 7:481bce714567 | 957 | |
wolfSSL | 7:481bce714567 | 958 | alpn->next = NULL; |
wolfSSL | 7:481bce714567 | 959 | alpn->negotiated = 0; |
wolfSSL | 7:481bce714567 | 960 | alpn->options = 0; |
wolfSSL | 7:481bce714567 | 961 | |
wolfSSL | 7:481bce714567 | 962 | alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1, |
wolfSSL | 7:481bce714567 | 963 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 964 | if (alpn->protocol_name == NULL) { |
wolfSSL | 7:481bce714567 | 965 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 7:481bce714567 | 966 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 967 | return NULL; |
wolfSSL | 7:481bce714567 | 968 | } |
wolfSSL | 7:481bce714567 | 969 | |
wolfSSL | 7:481bce714567 | 970 | XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz); |
wolfSSL | 7:481bce714567 | 971 | alpn->protocol_name[protocol_nameSz] = 0; |
wolfSSL | 7:481bce714567 | 972 | |
wolfSSL | 7:481bce714567 | 973 | return alpn; |
wolfSSL | 7:481bce714567 | 974 | } |
wolfSSL | 7:481bce714567 | 975 | |
wolfSSL | 7:481bce714567 | 976 | /** Releases an ALPN object. */ |
wolfSSL | 7:481bce714567 | 977 | static void TLSX_ALPN_Free(ALPN *alpn, void* heap) |
wolfSSL | 7:481bce714567 | 978 | { |
wolfSSL | 7:481bce714567 | 979 | (void)heap; |
wolfSSL | 7:481bce714567 | 980 | |
wolfSSL | 7:481bce714567 | 981 | if (alpn == NULL) |
wolfSSL | 7:481bce714567 | 982 | return; |
wolfSSL | 7:481bce714567 | 983 | |
wolfSSL | 7:481bce714567 | 984 | XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 985 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 986 | } |
wolfSSL | 7:481bce714567 | 987 | |
wolfSSL | 7:481bce714567 | 988 | /** Releases all ALPN objects in the provided list. */ |
wolfSSL | 7:481bce714567 | 989 | static void TLSX_ALPN_FreeAll(ALPN *list, void* heap) |
wolfSSL | 7:481bce714567 | 990 | { |
wolfSSL | 7:481bce714567 | 991 | ALPN* alpn; |
wolfSSL | 7:481bce714567 | 992 | |
wolfSSL | 7:481bce714567 | 993 | while ((alpn = list)) { |
wolfSSL | 7:481bce714567 | 994 | list = alpn->next; |
wolfSSL | 7:481bce714567 | 995 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 7:481bce714567 | 996 | } |
wolfSSL | 7:481bce714567 | 997 | } |
wolfSSL | 7:481bce714567 | 998 | |
wolfSSL | 7:481bce714567 | 999 | /** Tells the buffered size of the ALPN objects in a list. */ |
wolfSSL | 7:481bce714567 | 1000 | static word16 TLSX_ALPN_GetSize(ALPN *list) |
wolfSSL | 7:481bce714567 | 1001 | { |
wolfSSL | 7:481bce714567 | 1002 | ALPN* alpn; |
wolfSSL | 7:481bce714567 | 1003 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 7:481bce714567 | 1004 | |
wolfSSL | 7:481bce714567 | 1005 | while ((alpn = list)) { |
wolfSSL | 7:481bce714567 | 1006 | list = alpn->next; |
wolfSSL | 7:481bce714567 | 1007 | |
wolfSSL | 7:481bce714567 | 1008 | length++; /* protocol name length is on one byte */ |
wolfSSL | 7:481bce714567 | 1009 | length += (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 7:481bce714567 | 1010 | } |
wolfSSL | 7:481bce714567 | 1011 | |
wolfSSL | 7:481bce714567 | 1012 | return length; |
wolfSSL | 7:481bce714567 | 1013 | } |
wolfSSL | 7:481bce714567 | 1014 | |
wolfSSL | 7:481bce714567 | 1015 | /** Writes the ALPN objects of a list in a buffer. */ |
wolfSSL | 7:481bce714567 | 1016 | static word16 TLSX_ALPN_Write(ALPN *list, byte *output) |
wolfSSL | 7:481bce714567 | 1017 | { |
wolfSSL | 7:481bce714567 | 1018 | ALPN* alpn; |
wolfSSL | 7:481bce714567 | 1019 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 1020 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 7:481bce714567 | 1021 | |
wolfSSL | 7:481bce714567 | 1022 | while ((alpn = list)) { |
wolfSSL | 7:481bce714567 | 1023 | list = alpn->next; |
wolfSSL | 7:481bce714567 | 1024 | |
wolfSSL | 7:481bce714567 | 1025 | length = (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 7:481bce714567 | 1026 | |
wolfSSL | 7:481bce714567 | 1027 | /* protocol name length */ |
wolfSSL | 7:481bce714567 | 1028 | output[offset++] = (byte)length; |
wolfSSL | 7:481bce714567 | 1029 | |
wolfSSL | 7:481bce714567 | 1030 | /* protocol name value */ |
wolfSSL | 7:481bce714567 | 1031 | XMEMCPY(output + offset, alpn->protocol_name, length); |
wolfSSL | 7:481bce714567 | 1032 | |
wolfSSL | 7:481bce714567 | 1033 | offset += length; |
wolfSSL | 7:481bce714567 | 1034 | } |
wolfSSL | 7:481bce714567 | 1035 | |
wolfSSL | 7:481bce714567 | 1036 | /* writing list length */ |
wolfSSL | 7:481bce714567 | 1037 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 7:481bce714567 | 1038 | |
wolfSSL | 7:481bce714567 | 1039 | return offset; |
wolfSSL | 7:481bce714567 | 1040 | } |
wolfSSL | 7:481bce714567 | 1041 | |
wolfSSL | 7:481bce714567 | 1042 | /** Finds a protocol name in the provided ALPN list */ |
wolfSSL | 7:481bce714567 | 1043 | static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size) |
wolfSSL | 7:481bce714567 | 1044 | { |
wolfSSL | 7:481bce714567 | 1045 | ALPN *alpn; |
wolfSSL | 7:481bce714567 | 1046 | |
wolfSSL | 7:481bce714567 | 1047 | if (list == NULL || protocol_name == NULL) |
wolfSSL | 7:481bce714567 | 1048 | return NULL; |
wolfSSL | 7:481bce714567 | 1049 | |
wolfSSL | 7:481bce714567 | 1050 | alpn = list; |
wolfSSL | 7:481bce714567 | 1051 | while (alpn != NULL && ( |
wolfSSL | 7:481bce714567 | 1052 | (word16)XSTRLEN(alpn->protocol_name) != size || |
wolfSSL | 7:481bce714567 | 1053 | XSTRNCMP(alpn->protocol_name, protocol_name, size))) |
wolfSSL | 7:481bce714567 | 1054 | alpn = alpn->next; |
wolfSSL | 7:481bce714567 | 1055 | |
wolfSSL | 7:481bce714567 | 1056 | return alpn; |
wolfSSL | 7:481bce714567 | 1057 | } |
wolfSSL | 7:481bce714567 | 1058 | |
wolfSSL | 7:481bce714567 | 1059 | /** Set the ALPN matching client and server requirements */ |
wolfSSL | 7:481bce714567 | 1060 | static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size, |
wolfSSL | 7:481bce714567 | 1061 | void* heap) |
wolfSSL | 7:481bce714567 | 1062 | { |
wolfSSL | 7:481bce714567 | 1063 | ALPN *alpn; |
wolfSSL | 7:481bce714567 | 1064 | int ret; |
wolfSSL | 7:481bce714567 | 1065 | |
wolfSSL | 7:481bce714567 | 1066 | if (extensions == NULL || data == NULL) |
wolfSSL | 7:481bce714567 | 1067 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1068 | |
wolfSSL | 7:481bce714567 | 1069 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 7:481bce714567 | 1070 | if (alpn == NULL) { |
wolfSSL | 7:481bce714567 | 1071 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 7:481bce714567 | 1072 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 1073 | } |
wolfSSL | 7:481bce714567 | 1074 | |
wolfSSL | 7:481bce714567 | 1075 | alpn->negotiated = 1; |
wolfSSL | 7:481bce714567 | 1076 | |
wolfSSL | 7:481bce714567 | 1077 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn, |
wolfSSL | 7:481bce714567 | 1078 | heap); |
wolfSSL | 7:481bce714567 | 1079 | if (ret != 0) { |
wolfSSL | 7:481bce714567 | 1080 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 7:481bce714567 | 1081 | return ret; |
wolfSSL | 7:481bce714567 | 1082 | } |
wolfSSL | 7:481bce714567 | 1083 | |
wolfSSL | 7:481bce714567 | 1084 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1085 | } |
wolfSSL | 7:481bce714567 | 1086 | |
wolfSSL | 7:481bce714567 | 1087 | /** Parses a buffer of ALPN extensions and set the first one matching |
wolfSSL | 7:481bce714567 | 1088 | * client and server requirements */ |
wolfSSL | 7:481bce714567 | 1089 | static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, |
wolfSSL | 7:481bce714567 | 1090 | byte isRequest) |
wolfSSL | 7:481bce714567 | 1091 | { |
wolfSSL | 7:481bce714567 | 1092 | word16 size = 0, offset = 0, idx = 0; |
wolfSSL | 7:481bce714567 | 1093 | int r = BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1094 | byte match = 0; |
wolfSSL | 7:481bce714567 | 1095 | TLSX *extension; |
wolfSSL | 7:481bce714567 | 1096 | ALPN *alpn = NULL, *list; |
wolfSSL | 7:481bce714567 | 1097 | |
wolfSSL | 7:481bce714567 | 1098 | extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 7:481bce714567 | 1099 | if (extension == NULL) |
wolfSSL | 7:481bce714567 | 1100 | extension = TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 7:481bce714567 | 1101 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 7:481bce714567 | 1102 | |
wolfSSL | 7:481bce714567 | 1103 | if (extension == NULL || extension->data == NULL) { |
wolfSSL | 7:481bce714567 | 1104 | WOLFSSL_MSG("No ALPN extensions not used or bad"); |
wolfSSL | 7:481bce714567 | 1105 | return isRequest ? 0 /* not using ALPN */ |
wolfSSL | 7:481bce714567 | 1106 | : BUFFER_ERROR; /* unexpected ALPN response */ |
wolfSSL | 7:481bce714567 | 1107 | } |
wolfSSL | 7:481bce714567 | 1108 | |
wolfSSL | 7:481bce714567 | 1109 | if (OPAQUE16_LEN > length) |
wolfSSL | 7:481bce714567 | 1110 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1111 | |
wolfSSL | 7:481bce714567 | 1112 | ato16(input, &size); |
wolfSSL | 7:481bce714567 | 1113 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1114 | |
wolfSSL | 7:481bce714567 | 1115 | /* validating alpn list length */ |
wolfSSL | 7:481bce714567 | 1116 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 7:481bce714567 | 1117 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1118 | |
wolfSSL | 7:481bce714567 | 1119 | list = (ALPN*)extension->data; |
wolfSSL | 7:481bce714567 | 1120 | |
wolfSSL | 7:481bce714567 | 1121 | /* keep the list sent by client */ |
wolfSSL | 7:481bce714567 | 1122 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1123 | if (ssl->alpn_client_list != NULL) |
wolfSSL | 7:481bce714567 | 1124 | XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 1125 | |
wolfSSL | 7:481bce714567 | 1126 | ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap, |
wolfSSL | 7:481bce714567 | 1127 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 1128 | if (ssl->alpn_client_list == NULL) |
wolfSSL | 7:481bce714567 | 1129 | return MEMORY_ERROR; |
wolfSSL | 7:481bce714567 | 1130 | } |
wolfSSL | 7:481bce714567 | 1131 | |
wolfSSL | 7:481bce714567 | 1132 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 7:481bce714567 | 1133 | |
wolfSSL | 7:481bce714567 | 1134 | size = input[offset++]; |
wolfSSL | 7:481bce714567 | 1135 | if (offset + size > length) |
wolfSSL | 7:481bce714567 | 1136 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1137 | |
wolfSSL | 7:481bce714567 | 1138 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1139 | XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size); |
wolfSSL | 7:481bce714567 | 1140 | idx += size; |
wolfSSL | 7:481bce714567 | 1141 | ssl->alpn_client_list[idx++] = ','; |
wolfSSL | 7:481bce714567 | 1142 | } |
wolfSSL | 7:481bce714567 | 1143 | |
wolfSSL | 7:481bce714567 | 1144 | if (!match) { |
wolfSSL | 7:481bce714567 | 1145 | alpn = TLSX_ALPN_Find(list, (char*)input + offset, size); |
wolfSSL | 7:481bce714567 | 1146 | if (alpn != NULL) { |
wolfSSL | 7:481bce714567 | 1147 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 7:481bce714567 | 1148 | match = 1; |
wolfSSL | 7:481bce714567 | 1149 | |
wolfSSL | 7:481bce714567 | 1150 | /* skip reading other values if not required */ |
wolfSSL | 7:481bce714567 | 1151 | if (!isRequest) |
wolfSSL | 7:481bce714567 | 1152 | break; |
wolfSSL | 7:481bce714567 | 1153 | } |
wolfSSL | 7:481bce714567 | 1154 | } |
wolfSSL | 7:481bce714567 | 1155 | } |
wolfSSL | 7:481bce714567 | 1156 | |
wolfSSL | 7:481bce714567 | 1157 | if (isRequest) |
wolfSSL | 7:481bce714567 | 1158 | ssl->alpn_client_list[idx-1] = 0; |
wolfSSL | 7:481bce714567 | 1159 | |
wolfSSL | 7:481bce714567 | 1160 | if (!match) { |
wolfSSL | 7:481bce714567 | 1161 | WOLFSSL_MSG("No ALPN protocol match"); |
wolfSSL | 7:481bce714567 | 1162 | |
wolfSSL | 7:481bce714567 | 1163 | /* do nothing if no protocol match between client and server and option |
wolfSSL | 7:481bce714567 | 1164 | is set to continue (like OpenSSL) */ |
wolfSSL | 7:481bce714567 | 1165 | if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) { |
wolfSSL | 7:481bce714567 | 1166 | WOLFSSL_MSG("Continue on mismatch"); |
wolfSSL | 7:481bce714567 | 1167 | return 0; |
wolfSSL | 7:481bce714567 | 1168 | } |
wolfSSL | 7:481bce714567 | 1169 | |
wolfSSL | 7:481bce714567 | 1170 | SendAlert(ssl, alert_fatal, no_application_protocol); |
wolfSSL | 7:481bce714567 | 1171 | return UNKNOWN_ALPN_PROTOCOL_NAME_E; |
wolfSSL | 7:481bce714567 | 1172 | } |
wolfSSL | 7:481bce714567 | 1173 | |
wolfSSL | 7:481bce714567 | 1174 | /* set the matching negotiated protocol */ |
wolfSSL | 7:481bce714567 | 1175 | r = TLSX_SetALPN(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 1176 | alpn->protocol_name, |
wolfSSL | 7:481bce714567 | 1177 | (word16)XSTRLEN(alpn->protocol_name), |
wolfSSL | 7:481bce714567 | 1178 | ssl->heap); |
wolfSSL | 7:481bce714567 | 1179 | if (r != SSL_SUCCESS) { |
wolfSSL | 7:481bce714567 | 1180 | WOLFSSL_MSG("TLSX_UseALPN failed"); |
wolfSSL | 7:481bce714567 | 1181 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1182 | } |
wolfSSL | 7:481bce714567 | 1183 | |
wolfSSL | 7:481bce714567 | 1184 | /* reply to ALPN extension sent from client */ |
wolfSSL | 7:481bce714567 | 1185 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1186 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1187 | TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 7:481bce714567 | 1188 | #endif |
wolfSSL | 7:481bce714567 | 1189 | } |
wolfSSL | 7:481bce714567 | 1190 | |
wolfSSL | 7:481bce714567 | 1191 | return 0; |
wolfSSL | 7:481bce714567 | 1192 | } |
wolfSSL | 7:481bce714567 | 1193 | |
wolfSSL | 7:481bce714567 | 1194 | /** Add a protocol name to the list of accepted usable ones */ |
wolfSSL | 7:481bce714567 | 1195 | int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options, |
wolfSSL | 7:481bce714567 | 1196 | void* heap) |
wolfSSL | 7:481bce714567 | 1197 | { |
wolfSSL | 7:481bce714567 | 1198 | ALPN *alpn; |
wolfSSL | 7:481bce714567 | 1199 | TLSX *extension; |
wolfSSL | 7:481bce714567 | 1200 | int ret; |
wolfSSL | 7:481bce714567 | 1201 | |
wolfSSL | 7:481bce714567 | 1202 | if (extensions == NULL || data == NULL) |
wolfSSL | 7:481bce714567 | 1203 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1204 | |
wolfSSL | 7:481bce714567 | 1205 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 7:481bce714567 | 1206 | if (alpn == NULL) { |
wolfSSL | 7:481bce714567 | 1207 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 7:481bce714567 | 1208 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 1209 | } |
wolfSSL | 7:481bce714567 | 1210 | |
wolfSSL | 7:481bce714567 | 1211 | /* Set Options of ALPN */ |
wolfSSL | 7:481bce714567 | 1212 | alpn->options = options; |
wolfSSL | 7:481bce714567 | 1213 | |
wolfSSL | 7:481bce714567 | 1214 | extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 7:481bce714567 | 1215 | if (extension == NULL) { |
wolfSSL | 7:481bce714567 | 1216 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, |
wolfSSL | 7:481bce714567 | 1217 | (void*)alpn, heap); |
wolfSSL | 7:481bce714567 | 1218 | if (ret != 0) { |
wolfSSL | 7:481bce714567 | 1219 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 7:481bce714567 | 1220 | return ret; |
wolfSSL | 7:481bce714567 | 1221 | } |
wolfSSL | 7:481bce714567 | 1222 | } |
wolfSSL | 7:481bce714567 | 1223 | else { |
wolfSSL | 7:481bce714567 | 1224 | /* push new ALPN object to extension data. */ |
wolfSSL | 7:481bce714567 | 1225 | alpn->next = (ALPN*)extension->data; |
wolfSSL | 7:481bce714567 | 1226 | extension->data = (void*)alpn; |
wolfSSL | 7:481bce714567 | 1227 | } |
wolfSSL | 7:481bce714567 | 1228 | |
wolfSSL | 7:481bce714567 | 1229 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1230 | } |
wolfSSL | 7:481bce714567 | 1231 | |
wolfSSL | 7:481bce714567 | 1232 | /** Get the protocol name set by the server */ |
wolfSSL | 7:481bce714567 | 1233 | int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) |
wolfSSL | 7:481bce714567 | 1234 | { |
wolfSSL | 7:481bce714567 | 1235 | TLSX *extension; |
wolfSSL | 7:481bce714567 | 1236 | ALPN *alpn; |
wolfSSL | 7:481bce714567 | 1237 | |
wolfSSL | 7:481bce714567 | 1238 | if (extensions == NULL || data == NULL || dataSz == NULL) |
wolfSSL | 7:481bce714567 | 1239 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1240 | |
wolfSSL | 7:481bce714567 | 1241 | extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 7:481bce714567 | 1242 | if (extension == NULL) { |
wolfSSL | 7:481bce714567 | 1243 | WOLFSSL_MSG("TLS extension not found"); |
wolfSSL | 7:481bce714567 | 1244 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 7:481bce714567 | 1245 | } |
wolfSSL | 7:481bce714567 | 1246 | |
wolfSSL | 7:481bce714567 | 1247 | alpn = (ALPN *)extension->data; |
wolfSSL | 7:481bce714567 | 1248 | if (alpn == NULL) { |
wolfSSL | 7:481bce714567 | 1249 | WOLFSSL_MSG("ALPN extension not found"); |
wolfSSL | 7:481bce714567 | 1250 | *data = NULL; |
wolfSSL | 7:481bce714567 | 1251 | *dataSz = 0; |
wolfSSL | 7:481bce714567 | 1252 | return SSL_FATAL_ERROR; |
wolfSSL | 7:481bce714567 | 1253 | } |
wolfSSL | 7:481bce714567 | 1254 | |
wolfSSL | 7:481bce714567 | 1255 | if (alpn->negotiated != 1) { |
wolfSSL | 7:481bce714567 | 1256 | |
wolfSSL | 7:481bce714567 | 1257 | /* consider as an error */ |
wolfSSL | 7:481bce714567 | 1258 | if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) { |
wolfSSL | 7:481bce714567 | 1259 | WOLFSSL_MSG("No protocol match with peer -> Failed"); |
wolfSSL | 7:481bce714567 | 1260 | return SSL_FATAL_ERROR; |
wolfSSL | 7:481bce714567 | 1261 | } |
wolfSSL | 7:481bce714567 | 1262 | |
wolfSSL | 7:481bce714567 | 1263 | /* continue without negotiated protocol */ |
wolfSSL | 7:481bce714567 | 1264 | WOLFSSL_MSG("No protocol match with peer -> Continue"); |
wolfSSL | 7:481bce714567 | 1265 | return SSL_ALPN_NOT_FOUND; |
wolfSSL | 7:481bce714567 | 1266 | } |
wolfSSL | 7:481bce714567 | 1267 | |
wolfSSL | 7:481bce714567 | 1268 | if (alpn->next != NULL) { |
wolfSSL | 7:481bce714567 | 1269 | WOLFSSL_MSG("Only one protocol name must be accepted"); |
wolfSSL | 7:481bce714567 | 1270 | return SSL_FATAL_ERROR; |
wolfSSL | 7:481bce714567 | 1271 | } |
wolfSSL | 7:481bce714567 | 1272 | |
wolfSSL | 7:481bce714567 | 1273 | *data = alpn->protocol_name; |
wolfSSL | 7:481bce714567 | 1274 | *dataSz = (word16)XSTRLEN((char*)*data); |
wolfSSL | 7:481bce714567 | 1275 | |
wolfSSL | 7:481bce714567 | 1276 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1277 | } |
wolfSSL | 7:481bce714567 | 1278 | |
wolfSSL | 7:481bce714567 | 1279 | #define ALPN_FREE_ALL TLSX_ALPN_FreeAll |
wolfSSL | 7:481bce714567 | 1280 | #define ALPN_GET_SIZE TLSX_ALPN_GetSize |
wolfSSL | 7:481bce714567 | 1281 | #define ALPN_WRITE TLSX_ALPN_Write |
wolfSSL | 7:481bce714567 | 1282 | #define ALPN_PARSE TLSX_ALPN_ParseAndSet |
wolfSSL | 7:481bce714567 | 1283 | |
wolfSSL | 7:481bce714567 | 1284 | #else /* HAVE_ALPN */ |
wolfSSL | 7:481bce714567 | 1285 | |
wolfSSL | 7:481bce714567 | 1286 | #define ALPN_FREE_ALL(list, heap) |
wolfSSL | 7:481bce714567 | 1287 | #define ALPN_GET_SIZE(list) 0 |
wolfSSL | 7:481bce714567 | 1288 | #define ALPN_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 1289 | #define ALPN_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 1290 | |
wolfSSL | 7:481bce714567 | 1291 | #endif /* HAVE_ALPN */ |
wolfSSL | 7:481bce714567 | 1292 | |
wolfSSL | 7:481bce714567 | 1293 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1294 | /* Server Name Indication */ |
wolfSSL | 7:481bce714567 | 1295 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1296 | |
wolfSSL | 7:481bce714567 | 1297 | #ifdef HAVE_SNI |
wolfSSL | 7:481bce714567 | 1298 | |
wolfSSL | 7:481bce714567 | 1299 | /** Creates a new SNI object. */ |
wolfSSL | 7:481bce714567 | 1300 | static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap) |
wolfSSL | 7:481bce714567 | 1301 | { |
wolfSSL | 7:481bce714567 | 1302 | SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1303 | |
wolfSSL | 7:481bce714567 | 1304 | if (sni) { |
wolfSSL | 7:481bce714567 | 1305 | sni->type = type; |
wolfSSL | 7:481bce714567 | 1306 | sni->next = NULL; |
wolfSSL | 7:481bce714567 | 1307 | |
wolfSSL | 7:481bce714567 | 1308 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1309 | sni->options = 0; |
wolfSSL | 7:481bce714567 | 1310 | sni->status = WOLFSSL_SNI_NO_MATCH; |
wolfSSL | 7:481bce714567 | 1311 | #endif |
wolfSSL | 7:481bce714567 | 1312 | |
wolfSSL | 7:481bce714567 | 1313 | switch (sni->type) { |
wolfSSL | 7:481bce714567 | 1314 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 7:481bce714567 | 1315 | sni->data.host_name = (char*)XMALLOC(size + 1, heap, |
wolfSSL | 7:481bce714567 | 1316 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1317 | if (sni->data.host_name) { |
wolfSSL | 7:481bce714567 | 1318 | XSTRNCPY(sni->data.host_name, (const char*)data, size); |
wolfSSL | 7:481bce714567 | 1319 | sni->data.host_name[size] = 0; |
wolfSSL | 7:481bce714567 | 1320 | } else { |
wolfSSL | 7:481bce714567 | 1321 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1322 | sni = NULL; |
wolfSSL | 7:481bce714567 | 1323 | } |
wolfSSL | 7:481bce714567 | 1324 | break; |
wolfSSL | 7:481bce714567 | 1325 | |
wolfSSL | 7:481bce714567 | 1326 | default: /* invalid type */ |
wolfSSL | 7:481bce714567 | 1327 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1328 | sni = NULL; |
wolfSSL | 7:481bce714567 | 1329 | } |
wolfSSL | 7:481bce714567 | 1330 | } |
wolfSSL | 7:481bce714567 | 1331 | |
wolfSSL | 7:481bce714567 | 1332 | return sni; |
wolfSSL | 7:481bce714567 | 1333 | } |
wolfSSL | 7:481bce714567 | 1334 | |
wolfSSL | 7:481bce714567 | 1335 | /** Releases a SNI object. */ |
wolfSSL | 7:481bce714567 | 1336 | static void TLSX_SNI_Free(SNI* sni, void* heap) |
wolfSSL | 7:481bce714567 | 1337 | { |
wolfSSL | 7:481bce714567 | 1338 | if (sni) { |
wolfSSL | 7:481bce714567 | 1339 | switch (sni->type) { |
wolfSSL | 7:481bce714567 | 1340 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 7:481bce714567 | 1341 | XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1342 | break; |
wolfSSL | 7:481bce714567 | 1343 | } |
wolfSSL | 7:481bce714567 | 1344 | |
wolfSSL | 7:481bce714567 | 1345 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1346 | } |
wolfSSL | 7:481bce714567 | 1347 | (void)heap; |
wolfSSL | 7:481bce714567 | 1348 | } |
wolfSSL | 7:481bce714567 | 1349 | |
wolfSSL | 7:481bce714567 | 1350 | /** Releases all SNI objects in the provided list. */ |
wolfSSL | 7:481bce714567 | 1351 | static void TLSX_SNI_FreeAll(SNI* list, void* heap) |
wolfSSL | 7:481bce714567 | 1352 | { |
wolfSSL | 7:481bce714567 | 1353 | SNI* sni; |
wolfSSL | 7:481bce714567 | 1354 | |
wolfSSL | 7:481bce714567 | 1355 | while ((sni = list)) { |
wolfSSL | 7:481bce714567 | 1356 | list = sni->next; |
wolfSSL | 7:481bce714567 | 1357 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 7:481bce714567 | 1358 | } |
wolfSSL | 7:481bce714567 | 1359 | } |
wolfSSL | 7:481bce714567 | 1360 | |
wolfSSL | 7:481bce714567 | 1361 | /** Tells the buffered size of the SNI objects in a list. */ |
wolfSSL | 7:481bce714567 | 1362 | static word16 TLSX_SNI_GetSize(SNI* list) |
wolfSSL | 7:481bce714567 | 1363 | { |
wolfSSL | 7:481bce714567 | 1364 | SNI* sni; |
wolfSSL | 7:481bce714567 | 1365 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 7:481bce714567 | 1366 | |
wolfSSL | 7:481bce714567 | 1367 | while ((sni = list)) { |
wolfSSL | 7:481bce714567 | 1368 | list = sni->next; |
wolfSSL | 7:481bce714567 | 1369 | |
wolfSSL | 7:481bce714567 | 1370 | length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ |
wolfSSL | 7:481bce714567 | 1371 | |
wolfSSL | 7:481bce714567 | 1372 | switch (sni->type) { |
wolfSSL | 7:481bce714567 | 1373 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 7:481bce714567 | 1374 | length += XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 7:481bce714567 | 1375 | break; |
wolfSSL | 7:481bce714567 | 1376 | } |
wolfSSL | 7:481bce714567 | 1377 | } |
wolfSSL | 7:481bce714567 | 1378 | |
wolfSSL | 7:481bce714567 | 1379 | return length; |
wolfSSL | 7:481bce714567 | 1380 | } |
wolfSSL | 7:481bce714567 | 1381 | |
wolfSSL | 7:481bce714567 | 1382 | /** Writes the SNI objects of a list in a buffer. */ |
wolfSSL | 7:481bce714567 | 1383 | static word16 TLSX_SNI_Write(SNI* list, byte* output) |
wolfSSL | 7:481bce714567 | 1384 | { |
wolfSSL | 7:481bce714567 | 1385 | SNI* sni; |
wolfSSL | 7:481bce714567 | 1386 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 1387 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 7:481bce714567 | 1388 | |
wolfSSL | 7:481bce714567 | 1389 | while ((sni = list)) { |
wolfSSL | 7:481bce714567 | 1390 | list = sni->next; |
wolfSSL | 7:481bce714567 | 1391 | |
wolfSSL | 7:481bce714567 | 1392 | output[offset++] = sni->type; /* sni type */ |
wolfSSL | 7:481bce714567 | 1393 | |
wolfSSL | 7:481bce714567 | 1394 | switch (sni->type) { |
wolfSSL | 7:481bce714567 | 1395 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 7:481bce714567 | 1396 | length = XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 7:481bce714567 | 1397 | |
wolfSSL | 7:481bce714567 | 1398 | c16toa(length, output + offset); /* sni length */ |
wolfSSL | 7:481bce714567 | 1399 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1400 | |
wolfSSL | 7:481bce714567 | 1401 | XMEMCPY(output + offset, sni->data.host_name, length); |
wolfSSL | 7:481bce714567 | 1402 | |
wolfSSL | 7:481bce714567 | 1403 | offset += length; |
wolfSSL | 7:481bce714567 | 1404 | break; |
wolfSSL | 7:481bce714567 | 1405 | } |
wolfSSL | 7:481bce714567 | 1406 | } |
wolfSSL | 7:481bce714567 | 1407 | |
wolfSSL | 7:481bce714567 | 1408 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 7:481bce714567 | 1409 | |
wolfSSL | 7:481bce714567 | 1410 | return offset; |
wolfSSL | 7:481bce714567 | 1411 | } |
wolfSSL | 7:481bce714567 | 1412 | |
wolfSSL | 7:481bce714567 | 1413 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1414 | |
wolfSSL | 7:481bce714567 | 1415 | /** Finds a SNI object in the provided list. */ |
wolfSSL | 7:481bce714567 | 1416 | static SNI* TLSX_SNI_Find(SNI *list, byte type) |
wolfSSL | 7:481bce714567 | 1417 | { |
wolfSSL | 7:481bce714567 | 1418 | SNI *sni = list; |
wolfSSL | 7:481bce714567 | 1419 | |
wolfSSL | 7:481bce714567 | 1420 | while (sni && sni->type != type) |
wolfSSL | 7:481bce714567 | 1421 | sni = sni->next; |
wolfSSL | 7:481bce714567 | 1422 | |
wolfSSL | 7:481bce714567 | 1423 | return sni; |
wolfSSL | 7:481bce714567 | 1424 | } |
wolfSSL | 7:481bce714567 | 1425 | |
wolfSSL | 7:481bce714567 | 1426 | |
wolfSSL | 7:481bce714567 | 1427 | /** Sets the status of a SNI object. */ |
wolfSSL | 7:481bce714567 | 1428 | static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) |
wolfSSL | 7:481bce714567 | 1429 | { |
wolfSSL | 7:481bce714567 | 1430 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1431 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 7:481bce714567 | 1432 | |
wolfSSL | 7:481bce714567 | 1433 | if (sni) |
wolfSSL | 7:481bce714567 | 1434 | sni->status = status; |
wolfSSL | 7:481bce714567 | 1435 | } |
wolfSSL | 7:481bce714567 | 1436 | |
wolfSSL | 7:481bce714567 | 1437 | /** Gets the status of a SNI object. */ |
wolfSSL | 7:481bce714567 | 1438 | byte TLSX_SNI_Status(TLSX* extensions, byte type) |
wolfSSL | 7:481bce714567 | 1439 | { |
wolfSSL | 7:481bce714567 | 1440 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1441 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 7:481bce714567 | 1442 | |
wolfSSL | 7:481bce714567 | 1443 | if (sni) |
wolfSSL | 7:481bce714567 | 1444 | return sni->status; |
wolfSSL | 7:481bce714567 | 1445 | |
wolfSSL | 7:481bce714567 | 1446 | return 0; |
wolfSSL | 7:481bce714567 | 1447 | } |
wolfSSL | 7:481bce714567 | 1448 | |
wolfSSL | 7:481bce714567 | 1449 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 1450 | |
wolfSSL | 7:481bce714567 | 1451 | /** Parses a buffer of SNI extensions. */ |
wolfSSL | 7:481bce714567 | 1452 | static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 1453 | byte isRequest) |
wolfSSL | 7:481bce714567 | 1454 | { |
wolfSSL | 7:481bce714567 | 1455 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1456 | word16 size = 0; |
wolfSSL | 7:481bce714567 | 1457 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 1458 | int cacheOnly = 0; |
wolfSSL | 7:481bce714567 | 1459 | #endif |
wolfSSL | 7:481bce714567 | 1460 | |
wolfSSL | 7:481bce714567 | 1461 | TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1462 | |
wolfSSL | 7:481bce714567 | 1463 | if (!extension) |
wolfSSL | 7:481bce714567 | 1464 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1465 | |
wolfSSL | 7:481bce714567 | 1466 | (void)isRequest; |
wolfSSL | 7:481bce714567 | 1467 | (void)input; |
wolfSSL | 7:481bce714567 | 1468 | |
wolfSSL | 7:481bce714567 | 1469 | if (!extension || !extension->data) { |
wolfSSL | 7:481bce714567 | 1470 | #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 7:481bce714567 | 1471 | /* This will keep SNI even though TLSX_UseSNI has not been called. |
wolfSSL | 7:481bce714567 | 1472 | * Enable it so that the received sni is available to functions |
wolfSSL | 7:481bce714567 | 1473 | * that use a custom callback when SNI is received */ |
wolfSSL | 7:481bce714567 | 1474 | cacheOnly = 1; |
wolfSSL | 7:481bce714567 | 1475 | WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); |
wolfSSL | 7:481bce714567 | 1476 | #else |
wolfSSL | 7:481bce714567 | 1477 | return isRequest ? 0 /* not using SNI. */ |
wolfSSL | 7:481bce714567 | 1478 | : BUFFER_ERROR; /* unexpected SNI response. */ |
wolfSSL | 7:481bce714567 | 1479 | #endif |
wolfSSL | 7:481bce714567 | 1480 | } |
wolfSSL | 7:481bce714567 | 1481 | |
wolfSSL | 7:481bce714567 | 1482 | if (!isRequest) |
wolfSSL | 7:481bce714567 | 1483 | return length ? BUFFER_ERROR /* SNI response MUST be empty. */ |
wolfSSL | 7:481bce714567 | 1484 | : 0; /* nothing else to do. */ |
wolfSSL | 7:481bce714567 | 1485 | |
wolfSSL | 7:481bce714567 | 1486 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1487 | |
wolfSSL | 7:481bce714567 | 1488 | if (OPAQUE16_LEN > length) |
wolfSSL | 7:481bce714567 | 1489 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1490 | |
wolfSSL | 7:481bce714567 | 1491 | ato16(input, &size); |
wolfSSL | 7:481bce714567 | 1492 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1493 | |
wolfSSL | 7:481bce714567 | 1494 | /* validating sni list length */ |
wolfSSL | 7:481bce714567 | 1495 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 7:481bce714567 | 1496 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1497 | |
wolfSSL | 7:481bce714567 | 1498 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 7:481bce714567 | 1499 | SNI *sni = NULL; |
wolfSSL | 7:481bce714567 | 1500 | byte type = input[offset++]; |
wolfSSL | 7:481bce714567 | 1501 | |
wolfSSL | 7:481bce714567 | 1502 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 7:481bce714567 | 1503 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1504 | |
wolfSSL | 7:481bce714567 | 1505 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 1506 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1507 | |
wolfSSL | 7:481bce714567 | 1508 | if (offset + size > length) |
wolfSSL | 7:481bce714567 | 1509 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1510 | |
wolfSSL | 7:481bce714567 | 1511 | if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type))) |
wolfSSL | 7:481bce714567 | 1512 | continue; /* not using this type of SNI. */ |
wolfSSL | 7:481bce714567 | 1513 | |
wolfSSL | 7:481bce714567 | 1514 | switch(type) { |
wolfSSL | 7:481bce714567 | 1515 | case WOLFSSL_SNI_HOST_NAME: { |
wolfSSL | 7:481bce714567 | 1516 | int matchStat; |
wolfSSL | 7:481bce714567 | 1517 | byte matched = cacheOnly || |
wolfSSL | 7:481bce714567 | 1518 | ((XSTRLEN(sni->data.host_name) == size) |
wolfSSL | 7:481bce714567 | 1519 | && (XSTRNCMP(sni->data.host_name, |
wolfSSL | 7:481bce714567 | 1520 | (const char*)input + offset, size) == 0)); |
wolfSSL | 7:481bce714567 | 1521 | |
wolfSSL | 7:481bce714567 | 1522 | if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { |
wolfSSL | 7:481bce714567 | 1523 | int r = TLSX_UseSNI(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 1524 | type, input + offset, size, ssl->heap); |
wolfSSL | 7:481bce714567 | 1525 | |
wolfSSL | 7:481bce714567 | 1526 | if (r != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 1527 | return r; /* throws error. */ |
wolfSSL | 7:481bce714567 | 1528 | |
wolfSSL | 7:481bce714567 | 1529 | if(cacheOnly) { |
wolfSSL | 7:481bce714567 | 1530 | WOLFSSL_MSG("Forcing storage of SNI, Fake match"); |
wolfSSL | 7:481bce714567 | 1531 | matchStat = WOLFSSL_SNI_FORCE_KEEP; |
wolfSSL | 7:481bce714567 | 1532 | } else if(matched) { |
wolfSSL | 7:481bce714567 | 1533 | WOLFSSL_MSG("SNI did match!"); |
wolfSSL | 7:481bce714567 | 1534 | matchStat = WOLFSSL_SNI_REAL_MATCH; |
wolfSSL | 7:481bce714567 | 1535 | } else { |
wolfSSL | 7:481bce714567 | 1536 | WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH"); |
wolfSSL | 7:481bce714567 | 1537 | matchStat = WOLFSSL_SNI_FAKE_MATCH; |
wolfSSL | 7:481bce714567 | 1538 | } |
wolfSSL | 7:481bce714567 | 1539 | |
wolfSSL | 7:481bce714567 | 1540 | TLSX_SNI_SetStatus(ssl->extensions, type, matchStat); |
wolfSSL | 7:481bce714567 | 1541 | |
wolfSSL | 7:481bce714567 | 1542 | if(!cacheOnly) |
wolfSSL | 7:481bce714567 | 1543 | TLSX_SetResponse(ssl, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1544 | |
wolfSSL | 7:481bce714567 | 1545 | } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { |
wolfSSL | 7:481bce714567 | 1546 | SendAlert(ssl, alert_fatal, unrecognized_name); |
wolfSSL | 7:481bce714567 | 1547 | |
wolfSSL | 7:481bce714567 | 1548 | return UNKNOWN_SNI_HOST_NAME_E; |
wolfSSL | 7:481bce714567 | 1549 | } |
wolfSSL | 7:481bce714567 | 1550 | break; |
wolfSSL | 7:481bce714567 | 1551 | } |
wolfSSL | 7:481bce714567 | 1552 | } |
wolfSSL | 7:481bce714567 | 1553 | } |
wolfSSL | 7:481bce714567 | 1554 | |
wolfSSL | 7:481bce714567 | 1555 | #endif |
wolfSSL | 7:481bce714567 | 1556 | |
wolfSSL | 7:481bce714567 | 1557 | return 0; |
wolfSSL | 7:481bce714567 | 1558 | } |
wolfSSL | 7:481bce714567 | 1559 | |
wolfSSL | 7:481bce714567 | 1560 | static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) |
wolfSSL | 7:481bce714567 | 1561 | { |
wolfSSL | 7:481bce714567 | 1562 | (void)ssl; |
wolfSSL | 7:481bce714567 | 1563 | |
wolfSSL | 7:481bce714567 | 1564 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1565 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1566 | TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1567 | TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1568 | SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL; |
wolfSSL | 7:481bce714567 | 1569 | SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL; |
wolfSSL | 7:481bce714567 | 1570 | SNI* sni = NULL; |
wolfSSL | 7:481bce714567 | 1571 | |
wolfSSL | 7:481bce714567 | 1572 | for (; ctx_sni; ctx_sni = ctx_sni->next) { |
wolfSSL | 7:481bce714567 | 1573 | if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 7:481bce714567 | 1574 | sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type); |
wolfSSL | 7:481bce714567 | 1575 | |
wolfSSL | 7:481bce714567 | 1576 | if (sni) { |
wolfSSL | 7:481bce714567 | 1577 | if (sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 7:481bce714567 | 1578 | continue; |
wolfSSL | 7:481bce714567 | 1579 | |
wolfSSL | 7:481bce714567 | 1580 | /* if ssl level overrides ctx level, it is ok. */ |
wolfSSL | 7:481bce714567 | 1581 | if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0) |
wolfSSL | 7:481bce714567 | 1582 | continue; |
wolfSSL | 7:481bce714567 | 1583 | } |
wolfSSL | 7:481bce714567 | 1584 | |
wolfSSL | 7:481bce714567 | 1585 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 7:481bce714567 | 1586 | return SNI_ABSENT_ERROR; |
wolfSSL | 7:481bce714567 | 1587 | } |
wolfSSL | 7:481bce714567 | 1588 | } |
wolfSSL | 7:481bce714567 | 1589 | |
wolfSSL | 7:481bce714567 | 1590 | for (; ssl_sni; ssl_sni = ssl_sni->next) { |
wolfSSL | 7:481bce714567 | 1591 | if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 7:481bce714567 | 1592 | if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 7:481bce714567 | 1593 | continue; |
wolfSSL | 7:481bce714567 | 1594 | |
wolfSSL | 7:481bce714567 | 1595 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 7:481bce714567 | 1596 | return SNI_ABSENT_ERROR; |
wolfSSL | 7:481bce714567 | 1597 | } |
wolfSSL | 7:481bce714567 | 1598 | } |
wolfSSL | 7:481bce714567 | 1599 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 1600 | } |
wolfSSL | 7:481bce714567 | 1601 | |
wolfSSL | 7:481bce714567 | 1602 | return 0; |
wolfSSL | 7:481bce714567 | 1603 | } |
wolfSSL | 7:481bce714567 | 1604 | |
wolfSSL | 7:481bce714567 | 1605 | int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, |
wolfSSL | 7:481bce714567 | 1606 | void* heap) |
wolfSSL | 7:481bce714567 | 1607 | { |
wolfSSL | 7:481bce714567 | 1608 | TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1609 | SNI* sni = NULL; |
wolfSSL | 7:481bce714567 | 1610 | |
wolfSSL | 7:481bce714567 | 1611 | if (extensions == NULL || data == NULL) |
wolfSSL | 7:481bce714567 | 1612 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1613 | |
wolfSSL | 7:481bce714567 | 1614 | if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL) |
wolfSSL | 7:481bce714567 | 1615 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 1616 | |
wolfSSL | 7:481bce714567 | 1617 | if (!extension) { |
wolfSSL | 7:481bce714567 | 1618 | int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); |
wolfSSL | 7:481bce714567 | 1619 | if (ret != 0) { |
wolfSSL | 7:481bce714567 | 1620 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 7:481bce714567 | 1621 | return ret; |
wolfSSL | 7:481bce714567 | 1622 | } |
wolfSSL | 7:481bce714567 | 1623 | } |
wolfSSL | 7:481bce714567 | 1624 | else { |
wolfSSL | 7:481bce714567 | 1625 | /* push new SNI object to extension data. */ |
wolfSSL | 7:481bce714567 | 1626 | sni->next = (SNI*)extension->data; |
wolfSSL | 7:481bce714567 | 1627 | extension->data = (void*)sni; |
wolfSSL | 7:481bce714567 | 1628 | |
wolfSSL | 7:481bce714567 | 1629 | /* remove duplicate SNI, there should be only one of each type. */ |
wolfSSL | 7:481bce714567 | 1630 | do { |
wolfSSL | 7:481bce714567 | 1631 | if (sni->next && sni->next->type == type) { |
wolfSSL | 7:481bce714567 | 1632 | SNI *next = sni->next; |
wolfSSL | 7:481bce714567 | 1633 | |
wolfSSL | 7:481bce714567 | 1634 | sni->next = next->next; |
wolfSSL | 7:481bce714567 | 1635 | TLSX_SNI_Free(next, heap); |
wolfSSL | 7:481bce714567 | 1636 | |
wolfSSL | 7:481bce714567 | 1637 | /* there is no way to occur more than */ |
wolfSSL | 7:481bce714567 | 1638 | /* two SNIs of the same type. */ |
wolfSSL | 7:481bce714567 | 1639 | break; |
wolfSSL | 7:481bce714567 | 1640 | } |
wolfSSL | 7:481bce714567 | 1641 | } while ((sni = sni->next)); |
wolfSSL | 7:481bce714567 | 1642 | } |
wolfSSL | 7:481bce714567 | 1643 | |
wolfSSL | 7:481bce714567 | 1644 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1645 | } |
wolfSSL | 7:481bce714567 | 1646 | |
wolfSSL | 7:481bce714567 | 1647 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1648 | |
wolfSSL | 7:481bce714567 | 1649 | /** Tells the SNI requested by the client. */ |
wolfSSL | 7:481bce714567 | 1650 | word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) |
wolfSSL | 7:481bce714567 | 1651 | { |
wolfSSL | 7:481bce714567 | 1652 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1653 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 7:481bce714567 | 1654 | |
wolfSSL | 7:481bce714567 | 1655 | if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { |
wolfSSL | 7:481bce714567 | 1656 | switch (sni->type) { |
wolfSSL | 7:481bce714567 | 1657 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 7:481bce714567 | 1658 | *data = sni->data.host_name; |
wolfSSL | 7:481bce714567 | 1659 | return XSTRLEN((char*)*data); |
wolfSSL | 7:481bce714567 | 1660 | } |
wolfSSL | 7:481bce714567 | 1661 | } |
wolfSSL | 7:481bce714567 | 1662 | |
wolfSSL | 7:481bce714567 | 1663 | return 0; |
wolfSSL | 7:481bce714567 | 1664 | } |
wolfSSL | 7:481bce714567 | 1665 | |
wolfSSL | 7:481bce714567 | 1666 | /** Sets the options for a SNI object. */ |
wolfSSL | 7:481bce714567 | 1667 | void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) |
wolfSSL | 7:481bce714567 | 1668 | { |
wolfSSL | 7:481bce714567 | 1669 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 7:481bce714567 | 1670 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 7:481bce714567 | 1671 | |
wolfSSL | 7:481bce714567 | 1672 | if (sni) |
wolfSSL | 7:481bce714567 | 1673 | sni->options = options; |
wolfSSL | 7:481bce714567 | 1674 | } |
wolfSSL | 7:481bce714567 | 1675 | |
wolfSSL | 7:481bce714567 | 1676 | /** Retrieves a SNI request from a client hello buffer. */ |
wolfSSL | 7:481bce714567 | 1677 | int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, |
wolfSSL | 7:481bce714567 | 1678 | byte type, byte* sni, word32* inOutSz) |
wolfSSL | 7:481bce714567 | 1679 | { |
wolfSSL | 7:481bce714567 | 1680 | word32 offset = 0; |
wolfSSL | 7:481bce714567 | 1681 | word32 len32 = 0; |
wolfSSL | 7:481bce714567 | 1682 | word16 len16 = 0; |
wolfSSL | 7:481bce714567 | 1683 | |
wolfSSL | 7:481bce714567 | 1684 | if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST) |
wolfSSL | 7:481bce714567 | 1685 | return INCOMPLETE_DATA; |
wolfSSL | 7:481bce714567 | 1686 | |
wolfSSL | 7:481bce714567 | 1687 | /* TLS record header */ |
wolfSSL | 7:481bce714567 | 1688 | if ((enum ContentType) clientHello[offset++] != handshake) { |
wolfSSL | 7:481bce714567 | 1689 | |
wolfSSL | 7:481bce714567 | 1690 | /* checking for SSLv2.0 client hello according to: */ |
wolfSSL | 7:481bce714567 | 1691 | /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */ |
wolfSSL | 7:481bce714567 | 1692 | if ((enum HandShakeType) clientHello[++offset] == client_hello) { |
wolfSSL | 7:481bce714567 | 1693 | offset += ENUM_LEN + VERSION_SZ; /* skip version */ |
wolfSSL | 7:481bce714567 | 1694 | |
wolfSSL | 7:481bce714567 | 1695 | ato16(clientHello + offset, &len16); |
wolfSSL | 7:481bce714567 | 1696 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1697 | |
wolfSSL | 7:481bce714567 | 1698 | if (len16 % 3) /* cipher_spec_length must be multiple of 3 */ |
wolfSSL | 7:481bce714567 | 1699 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1700 | |
wolfSSL | 7:481bce714567 | 1701 | ato16(clientHello + offset, &len16); |
wolfSSL | 7:481bce714567 | 1702 | /* Returning SNI_UNSUPPORTED do not increment offset here */ |
wolfSSL | 7:481bce714567 | 1703 | |
wolfSSL | 7:481bce714567 | 1704 | if (len16 != 0) /* session_id_length must be 0 */ |
wolfSSL | 7:481bce714567 | 1705 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1706 | |
wolfSSL | 7:481bce714567 | 1707 | return SNI_UNSUPPORTED; |
wolfSSL | 7:481bce714567 | 1708 | } |
wolfSSL | 7:481bce714567 | 1709 | |
wolfSSL | 7:481bce714567 | 1710 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1711 | } |
wolfSSL | 7:481bce714567 | 1712 | |
wolfSSL | 7:481bce714567 | 1713 | if (clientHello[offset++] != SSLv3_MAJOR) |
wolfSSL | 7:481bce714567 | 1714 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1715 | |
wolfSSL | 7:481bce714567 | 1716 | if (clientHello[offset++] < TLSv1_MINOR) |
wolfSSL | 7:481bce714567 | 1717 | return SNI_UNSUPPORTED; |
wolfSSL | 7:481bce714567 | 1718 | |
wolfSSL | 7:481bce714567 | 1719 | ato16(clientHello + offset, &len16); |
wolfSSL | 7:481bce714567 | 1720 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1721 | |
wolfSSL | 7:481bce714567 | 1722 | if (offset + len16 > helloSz) |
wolfSSL | 7:481bce714567 | 1723 | return INCOMPLETE_DATA; |
wolfSSL | 7:481bce714567 | 1724 | |
wolfSSL | 7:481bce714567 | 1725 | /* Handshake header */ |
wolfSSL | 7:481bce714567 | 1726 | if ((enum HandShakeType) clientHello[offset] != client_hello) |
wolfSSL | 7:481bce714567 | 1727 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1728 | |
wolfSSL | 7:481bce714567 | 1729 | c24to32(clientHello + offset + 1, &len32); |
wolfSSL | 7:481bce714567 | 1730 | offset += HANDSHAKE_HEADER_SZ; |
wolfSSL | 7:481bce714567 | 1731 | |
wolfSSL | 7:481bce714567 | 1732 | if (offset + len32 > helloSz) |
wolfSSL | 7:481bce714567 | 1733 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1734 | |
wolfSSL | 7:481bce714567 | 1735 | /* client hello */ |
wolfSSL | 7:481bce714567 | 1736 | offset += VERSION_SZ + RAN_LEN; /* version, random */ |
wolfSSL | 7:481bce714567 | 1737 | |
wolfSSL | 7:481bce714567 | 1738 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 7:481bce714567 | 1739 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1740 | |
wolfSSL | 7:481bce714567 | 1741 | offset += ENUM_LEN + clientHello[offset]; /* skip session id */ |
wolfSSL | 7:481bce714567 | 1742 | |
wolfSSL | 7:481bce714567 | 1743 | /* cypher suites */ |
wolfSSL | 7:481bce714567 | 1744 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 1745 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1746 | |
wolfSSL | 7:481bce714567 | 1747 | ato16(clientHello + offset, &len16); |
wolfSSL | 7:481bce714567 | 1748 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1749 | |
wolfSSL | 7:481bce714567 | 1750 | if (helloSz < offset + len16) |
wolfSSL | 7:481bce714567 | 1751 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1752 | |
wolfSSL | 7:481bce714567 | 1753 | offset += len16; /* skip cypher suites */ |
wolfSSL | 7:481bce714567 | 1754 | |
wolfSSL | 7:481bce714567 | 1755 | /* compression methods */ |
wolfSSL | 7:481bce714567 | 1756 | if (helloSz < offset + 1) |
wolfSSL | 7:481bce714567 | 1757 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1758 | |
wolfSSL | 7:481bce714567 | 1759 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 7:481bce714567 | 1760 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1761 | |
wolfSSL | 7:481bce714567 | 1762 | offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ |
wolfSSL | 7:481bce714567 | 1763 | |
wolfSSL | 7:481bce714567 | 1764 | /* extensions */ |
wolfSSL | 7:481bce714567 | 1765 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 1766 | return 0; /* no extensions in client hello. */ |
wolfSSL | 7:481bce714567 | 1767 | |
wolfSSL | 7:481bce714567 | 1768 | ato16(clientHello + offset, &len16); |
wolfSSL | 7:481bce714567 | 1769 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1770 | |
wolfSSL | 7:481bce714567 | 1771 | if (helloSz < offset + len16) |
wolfSSL | 7:481bce714567 | 1772 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1773 | |
wolfSSL | 7:481bce714567 | 1774 | while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { |
wolfSSL | 7:481bce714567 | 1775 | word16 extType; |
wolfSSL | 7:481bce714567 | 1776 | word16 extLen; |
wolfSSL | 7:481bce714567 | 1777 | |
wolfSSL | 7:481bce714567 | 1778 | ato16(clientHello + offset, &extType); |
wolfSSL | 7:481bce714567 | 1779 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1780 | |
wolfSSL | 7:481bce714567 | 1781 | ato16(clientHello + offset, &extLen); |
wolfSSL | 7:481bce714567 | 1782 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1783 | |
wolfSSL | 7:481bce714567 | 1784 | if (helloSz < offset + extLen) |
wolfSSL | 7:481bce714567 | 1785 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1786 | |
wolfSSL | 7:481bce714567 | 1787 | if (extType != TLSX_SERVER_NAME) { |
wolfSSL | 7:481bce714567 | 1788 | offset += extLen; /* skip extension */ |
wolfSSL | 7:481bce714567 | 1789 | } else { |
wolfSSL | 7:481bce714567 | 1790 | word16 listLen; |
wolfSSL | 7:481bce714567 | 1791 | |
wolfSSL | 7:481bce714567 | 1792 | ato16(clientHello + offset, &listLen); |
wolfSSL | 7:481bce714567 | 1793 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1794 | |
wolfSSL | 7:481bce714567 | 1795 | if (helloSz < offset + listLen) |
wolfSSL | 7:481bce714567 | 1796 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1797 | |
wolfSSL | 7:481bce714567 | 1798 | while (listLen > ENUM_LEN + OPAQUE16_LEN) { |
wolfSSL | 7:481bce714567 | 1799 | byte sniType = clientHello[offset++]; |
wolfSSL | 7:481bce714567 | 1800 | word16 sniLen; |
wolfSSL | 7:481bce714567 | 1801 | |
wolfSSL | 7:481bce714567 | 1802 | ato16(clientHello + offset, &sniLen); |
wolfSSL | 7:481bce714567 | 1803 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 1804 | |
wolfSSL | 7:481bce714567 | 1805 | if (helloSz < offset + sniLen) |
wolfSSL | 7:481bce714567 | 1806 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1807 | |
wolfSSL | 7:481bce714567 | 1808 | if (sniType != type) { |
wolfSSL | 7:481bce714567 | 1809 | offset += sniLen; |
wolfSSL | 7:481bce714567 | 1810 | listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen); |
wolfSSL | 7:481bce714567 | 1811 | continue; |
wolfSSL | 7:481bce714567 | 1812 | } |
wolfSSL | 7:481bce714567 | 1813 | |
wolfSSL | 7:481bce714567 | 1814 | *inOutSz = min(sniLen, *inOutSz); |
wolfSSL | 7:481bce714567 | 1815 | XMEMCPY(sni, clientHello + offset, *inOutSz); |
wolfSSL | 7:481bce714567 | 1816 | |
wolfSSL | 7:481bce714567 | 1817 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1818 | } |
wolfSSL | 7:481bce714567 | 1819 | } |
wolfSSL | 7:481bce714567 | 1820 | |
wolfSSL | 7:481bce714567 | 1821 | len16 -= min(2 * OPAQUE16_LEN + extLen, len16); |
wolfSSL | 7:481bce714567 | 1822 | } |
wolfSSL | 7:481bce714567 | 1823 | |
wolfSSL | 7:481bce714567 | 1824 | return len16 ? BUFFER_ERROR : 0; |
wolfSSL | 7:481bce714567 | 1825 | } |
wolfSSL | 7:481bce714567 | 1826 | |
wolfSSL | 7:481bce714567 | 1827 | #endif |
wolfSSL | 7:481bce714567 | 1828 | |
wolfSSL | 7:481bce714567 | 1829 | #define SNI_FREE_ALL TLSX_SNI_FreeAll |
wolfSSL | 7:481bce714567 | 1830 | #define SNI_GET_SIZE TLSX_SNI_GetSize |
wolfSSL | 7:481bce714567 | 1831 | #define SNI_WRITE TLSX_SNI_Write |
wolfSSL | 7:481bce714567 | 1832 | #define SNI_PARSE TLSX_SNI_Parse |
wolfSSL | 7:481bce714567 | 1833 | #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse |
wolfSSL | 7:481bce714567 | 1834 | |
wolfSSL | 7:481bce714567 | 1835 | #else |
wolfSSL | 7:481bce714567 | 1836 | |
wolfSSL | 7:481bce714567 | 1837 | #define SNI_FREE_ALL(list, heap) |
wolfSSL | 7:481bce714567 | 1838 | #define SNI_GET_SIZE(list) 0 |
wolfSSL | 7:481bce714567 | 1839 | #define SNI_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 1840 | #define SNI_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 1841 | #define SNI_VERIFY_PARSE(a, b) 0 |
wolfSSL | 7:481bce714567 | 1842 | |
wolfSSL | 7:481bce714567 | 1843 | #endif /* HAVE_SNI */ |
wolfSSL | 7:481bce714567 | 1844 | |
wolfSSL | 7:481bce714567 | 1845 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1846 | /* Max Fragment Length Negotiation */ |
wolfSSL | 7:481bce714567 | 1847 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1848 | |
wolfSSL | 7:481bce714567 | 1849 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 7:481bce714567 | 1850 | |
wolfSSL | 7:481bce714567 | 1851 | static word16 TLSX_MFL_Write(byte* data, byte* output) |
wolfSSL | 7:481bce714567 | 1852 | { |
wolfSSL | 7:481bce714567 | 1853 | output[0] = data[0]; |
wolfSSL | 7:481bce714567 | 1854 | |
wolfSSL | 7:481bce714567 | 1855 | return ENUM_LEN; |
wolfSSL | 7:481bce714567 | 1856 | } |
wolfSSL | 7:481bce714567 | 1857 | |
wolfSSL | 7:481bce714567 | 1858 | static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 1859 | byte isRequest) |
wolfSSL | 7:481bce714567 | 1860 | { |
wolfSSL | 7:481bce714567 | 1861 | (void)isRequest; |
wolfSSL | 7:481bce714567 | 1862 | |
wolfSSL | 7:481bce714567 | 1863 | if (length != ENUM_LEN) |
wolfSSL | 7:481bce714567 | 1864 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1865 | |
wolfSSL | 7:481bce714567 | 1866 | switch (*input) { |
wolfSSL | 7:481bce714567 | 1867 | case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; |
wolfSSL | 7:481bce714567 | 1868 | case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; |
wolfSSL | 7:481bce714567 | 1869 | case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; |
wolfSSL | 7:481bce714567 | 1870 | case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; |
wolfSSL | 7:481bce714567 | 1871 | case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; |
wolfSSL | 7:481bce714567 | 1872 | |
wolfSSL | 7:481bce714567 | 1873 | default: |
wolfSSL | 7:481bce714567 | 1874 | SendAlert(ssl, alert_fatal, illegal_parameter); |
wolfSSL | 7:481bce714567 | 1875 | |
wolfSSL | 7:481bce714567 | 1876 | return UNKNOWN_MAX_FRAG_LEN_E; |
wolfSSL | 7:481bce714567 | 1877 | } |
wolfSSL | 7:481bce714567 | 1878 | |
wolfSSL | 7:481bce714567 | 1879 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1880 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1881 | int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); |
wolfSSL | 7:481bce714567 | 1882 | |
wolfSSL | 7:481bce714567 | 1883 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 7:481bce714567 | 1884 | |
wolfSSL | 7:481bce714567 | 1885 | TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH); |
wolfSSL | 7:481bce714567 | 1886 | } |
wolfSSL | 7:481bce714567 | 1887 | #endif |
wolfSSL | 7:481bce714567 | 1888 | |
wolfSSL | 7:481bce714567 | 1889 | return 0; |
wolfSSL | 7:481bce714567 | 1890 | } |
wolfSSL | 7:481bce714567 | 1891 | |
wolfSSL | 7:481bce714567 | 1892 | int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap) |
wolfSSL | 7:481bce714567 | 1893 | { |
wolfSSL | 7:481bce714567 | 1894 | byte* data = NULL; |
wolfSSL | 7:481bce714567 | 1895 | int ret = 0; |
wolfSSL | 7:481bce714567 | 1896 | |
wolfSSL | 7:481bce714567 | 1897 | if (extensions == NULL) |
wolfSSL | 7:481bce714567 | 1898 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1899 | |
wolfSSL | 7:481bce714567 | 1900 | if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) |
wolfSSL | 7:481bce714567 | 1901 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1902 | |
wolfSSL | 7:481bce714567 | 1903 | if ((data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 1904 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 1905 | |
wolfSSL | 7:481bce714567 | 1906 | data[0] = mfl; |
wolfSSL | 7:481bce714567 | 1907 | |
wolfSSL | 7:481bce714567 | 1908 | /* push new MFL extension. */ |
wolfSSL | 7:481bce714567 | 1909 | if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap)) |
wolfSSL | 7:481bce714567 | 1910 | != 0) { |
wolfSSL | 7:481bce714567 | 1911 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1912 | return ret; |
wolfSSL | 7:481bce714567 | 1913 | } |
wolfSSL | 7:481bce714567 | 1914 | |
wolfSSL | 7:481bce714567 | 1915 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1916 | } |
wolfSSL | 7:481bce714567 | 1917 | |
wolfSSL | 7:481bce714567 | 1918 | |
wolfSSL | 7:481bce714567 | 1919 | #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 7:481bce714567 | 1920 | #define MFL_GET_SIZE(data) ENUM_LEN |
wolfSSL | 7:481bce714567 | 1921 | #define MFL_WRITE TLSX_MFL_Write |
wolfSSL | 7:481bce714567 | 1922 | #define MFL_PARSE TLSX_MFL_Parse |
wolfSSL | 7:481bce714567 | 1923 | |
wolfSSL | 7:481bce714567 | 1924 | #else |
wolfSSL | 7:481bce714567 | 1925 | |
wolfSSL | 7:481bce714567 | 1926 | #define MFL_FREE_ALL(a, b) |
wolfSSL | 7:481bce714567 | 1927 | #define MFL_GET_SIZE(a) 0 |
wolfSSL | 7:481bce714567 | 1928 | #define MFL_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 1929 | #define MFL_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 1930 | |
wolfSSL | 7:481bce714567 | 1931 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 7:481bce714567 | 1932 | |
wolfSSL | 7:481bce714567 | 1933 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1934 | /* Truncated HMAC */ |
wolfSSL | 7:481bce714567 | 1935 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1936 | |
wolfSSL | 7:481bce714567 | 1937 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 7:481bce714567 | 1938 | |
wolfSSL | 7:481bce714567 | 1939 | static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 1940 | byte isRequest) |
wolfSSL | 7:481bce714567 | 1941 | { |
wolfSSL | 7:481bce714567 | 1942 | (void)isRequest; |
wolfSSL | 7:481bce714567 | 1943 | |
wolfSSL | 7:481bce714567 | 1944 | if (length != 0 || input == NULL) |
wolfSSL | 7:481bce714567 | 1945 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 1946 | |
wolfSSL | 7:481bce714567 | 1947 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 1948 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 1949 | int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); |
wolfSSL | 7:481bce714567 | 1950 | |
wolfSSL | 7:481bce714567 | 1951 | if (r != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 1952 | return r; /* throw error */ |
wolfSSL | 7:481bce714567 | 1953 | |
wolfSSL | 7:481bce714567 | 1954 | TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC); |
wolfSSL | 7:481bce714567 | 1955 | } |
wolfSSL | 7:481bce714567 | 1956 | #endif |
wolfSSL | 7:481bce714567 | 1957 | |
wolfSSL | 7:481bce714567 | 1958 | ssl->truncated_hmac = 1; |
wolfSSL | 7:481bce714567 | 1959 | |
wolfSSL | 7:481bce714567 | 1960 | return 0; |
wolfSSL | 7:481bce714567 | 1961 | } |
wolfSSL | 7:481bce714567 | 1962 | |
wolfSSL | 7:481bce714567 | 1963 | int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) |
wolfSSL | 7:481bce714567 | 1964 | { |
wolfSSL | 7:481bce714567 | 1965 | int ret = 0; |
wolfSSL | 7:481bce714567 | 1966 | |
wolfSSL | 7:481bce714567 | 1967 | if (extensions == NULL) |
wolfSSL | 7:481bce714567 | 1968 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 1969 | |
wolfSSL | 7:481bce714567 | 1970 | if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0) |
wolfSSL | 7:481bce714567 | 1971 | return ret; |
wolfSSL | 7:481bce714567 | 1972 | |
wolfSSL | 7:481bce714567 | 1973 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 1974 | } |
wolfSSL | 7:481bce714567 | 1975 | |
wolfSSL | 7:481bce714567 | 1976 | #define THM_PARSE TLSX_THM_Parse |
wolfSSL | 7:481bce714567 | 1977 | |
wolfSSL | 7:481bce714567 | 1978 | #else |
wolfSSL | 7:481bce714567 | 1979 | |
wolfSSL | 7:481bce714567 | 1980 | #define THM_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 1981 | |
wolfSSL | 7:481bce714567 | 1982 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 7:481bce714567 | 1983 | |
wolfSSL | 7:481bce714567 | 1984 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1985 | /* Certificate Status Request */ |
wolfSSL | 7:481bce714567 | 1986 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 1987 | |
wolfSSL | 7:481bce714567 | 1988 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 7:481bce714567 | 1989 | |
wolfSSL | 7:481bce714567 | 1990 | static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) |
wolfSSL | 7:481bce714567 | 1991 | { |
wolfSSL | 7:481bce714567 | 1992 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 1993 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 1994 | FreeOcspRequest(&csr->request.ocsp); |
wolfSSL | 7:481bce714567 | 1995 | break; |
wolfSSL | 7:481bce714567 | 1996 | } |
wolfSSL | 7:481bce714567 | 1997 | |
wolfSSL | 7:481bce714567 | 1998 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 1999 | (void)heap; |
wolfSSL | 7:481bce714567 | 2000 | } |
wolfSSL | 7:481bce714567 | 2001 | |
wolfSSL | 7:481bce714567 | 2002 | static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) |
wolfSSL | 7:481bce714567 | 2003 | { |
wolfSSL | 7:481bce714567 | 2004 | word16 size = 0; |
wolfSSL | 7:481bce714567 | 2005 | |
wolfSSL | 7:481bce714567 | 2006 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2007 | (void) csr; (void) isRequest; |
wolfSSL | 7:481bce714567 | 2008 | |
wolfSSL | 7:481bce714567 | 2009 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2010 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 2011 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2012 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2013 | size += ENUM_LEN + 2 * OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2014 | |
wolfSSL | 7:481bce714567 | 2015 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 7:481bce714567 | 2016 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 7:481bce714567 | 2017 | break; |
wolfSSL | 7:481bce714567 | 2018 | } |
wolfSSL | 7:481bce714567 | 2019 | } |
wolfSSL | 7:481bce714567 | 2020 | #endif |
wolfSSL | 7:481bce714567 | 2021 | |
wolfSSL | 7:481bce714567 | 2022 | return size; |
wolfSSL | 7:481bce714567 | 2023 | } |
wolfSSL | 7:481bce714567 | 2024 | |
wolfSSL | 7:481bce714567 | 2025 | static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, |
wolfSSL | 7:481bce714567 | 2026 | byte isRequest) |
wolfSSL | 7:481bce714567 | 2027 | { |
wolfSSL | 7:481bce714567 | 2028 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2029 | (void) csr; (void) output; (void) isRequest; |
wolfSSL | 7:481bce714567 | 2030 | |
wolfSSL | 7:481bce714567 | 2031 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2032 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 2033 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 2034 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 2035 | |
wolfSSL | 7:481bce714567 | 2036 | /* type */ |
wolfSSL | 7:481bce714567 | 2037 | output[offset++] = csr->status_type; |
wolfSSL | 7:481bce714567 | 2038 | |
wolfSSL | 7:481bce714567 | 2039 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2040 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2041 | /* responder id list */ |
wolfSSL | 7:481bce714567 | 2042 | c16toa(0, output + offset); |
wolfSSL | 7:481bce714567 | 2043 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2044 | |
wolfSSL | 7:481bce714567 | 2045 | /* request extensions */ |
wolfSSL | 7:481bce714567 | 2046 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 7:481bce714567 | 2047 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 7:481bce714567 | 2048 | &csr->request.ocsp, |
wolfSSL | 7:481bce714567 | 2049 | output + offset + OPAQUE16_LEN, |
wolfSSL | 7:481bce714567 | 2050 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 7:481bce714567 | 2051 | |
wolfSSL | 7:481bce714567 | 2052 | c16toa(length, output + offset); |
wolfSSL | 7:481bce714567 | 2053 | offset += OPAQUE16_LEN + length; |
wolfSSL | 7:481bce714567 | 2054 | |
wolfSSL | 7:481bce714567 | 2055 | break; |
wolfSSL | 7:481bce714567 | 2056 | } |
wolfSSL | 7:481bce714567 | 2057 | |
wolfSSL | 7:481bce714567 | 2058 | return offset; |
wolfSSL | 7:481bce714567 | 2059 | } |
wolfSSL | 7:481bce714567 | 2060 | #endif |
wolfSSL | 7:481bce714567 | 2061 | |
wolfSSL | 7:481bce714567 | 2062 | return 0; |
wolfSSL | 7:481bce714567 | 2063 | } |
wolfSSL | 7:481bce714567 | 2064 | |
wolfSSL | 7:481bce714567 | 2065 | static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 2066 | byte isRequest) |
wolfSSL | 7:481bce714567 | 2067 | { |
wolfSSL | 7:481bce714567 | 2068 | int ret; |
wolfSSL | 7:481bce714567 | 2069 | |
wolfSSL | 7:481bce714567 | 2070 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2071 | (void) ssl; (void) input; |
wolfSSL | 7:481bce714567 | 2072 | |
wolfSSL | 7:481bce714567 | 2073 | if (!isRequest) { |
wolfSSL | 7:481bce714567 | 2074 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2075 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2076 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 7:481bce714567 | 2077 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2078 | |
wolfSSL | 7:481bce714567 | 2079 | if (!csr) { |
wolfSSL | 7:481bce714567 | 2080 | /* look at context level */ |
wolfSSL | 7:481bce714567 | 2081 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2082 | csr = extension ? (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2083 | |
wolfSSL | 7:481bce714567 | 2084 | if (!csr) |
wolfSSL | 7:481bce714567 | 2085 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 7:481bce714567 | 2086 | |
wolfSSL | 7:481bce714567 | 2087 | /* enable extension at ssl level */ |
wolfSSL | 7:481bce714567 | 2088 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 2089 | csr->status_type, csr->options, ssl->heap); |
wolfSSL | 7:481bce714567 | 2090 | if (ret != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 2091 | return ret; |
wolfSSL | 7:481bce714567 | 2092 | |
wolfSSL | 7:481bce714567 | 2093 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2094 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2095 | /* propagate nonce */ |
wolfSSL | 7:481bce714567 | 2096 | if (csr->request.ocsp.nonceSz) { |
wolfSSL | 7:481bce714567 | 2097 | OcspRequest* request = |
wolfSSL | 7:481bce714567 | 2098 | (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); |
wolfSSL | 7:481bce714567 | 2099 | |
wolfSSL | 7:481bce714567 | 2100 | if (request) { |
wolfSSL | 7:481bce714567 | 2101 | XMEMCPY(request->nonce, csr->request.ocsp.nonce, |
wolfSSL | 7:481bce714567 | 2102 | csr->request.ocsp.nonceSz); |
wolfSSL | 7:481bce714567 | 2103 | request->nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 7:481bce714567 | 2104 | } |
wolfSSL | 7:481bce714567 | 2105 | } |
wolfSSL | 7:481bce714567 | 2106 | break; |
wolfSSL | 7:481bce714567 | 2107 | } |
wolfSSL | 7:481bce714567 | 2108 | } |
wolfSSL | 7:481bce714567 | 2109 | |
wolfSSL | 7:481bce714567 | 2110 | ssl->status_request = 1; |
wolfSSL | 7:481bce714567 | 2111 | |
wolfSSL | 7:481bce714567 | 2112 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 7:481bce714567 | 2113 | #endif |
wolfSSL | 7:481bce714567 | 2114 | } |
wolfSSL | 7:481bce714567 | 2115 | else { |
wolfSSL | 7:481bce714567 | 2116 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 2117 | byte status_type; |
wolfSSL | 7:481bce714567 | 2118 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 2119 | word16 size = 0; |
wolfSSL | 7:481bce714567 | 2120 | |
wolfSSL | 7:481bce714567 | 2121 | if (length < ENUM_LEN) |
wolfSSL | 7:481bce714567 | 2122 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2123 | |
wolfSSL | 7:481bce714567 | 2124 | status_type = input[offset++]; |
wolfSSL | 7:481bce714567 | 2125 | |
wolfSSL | 7:481bce714567 | 2126 | switch (status_type) { |
wolfSSL | 7:481bce714567 | 2127 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 7:481bce714567 | 2128 | |
wolfSSL | 7:481bce714567 | 2129 | /* skip responder_id_list */ |
wolfSSL | 7:481bce714567 | 2130 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2131 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2132 | |
wolfSSL | 7:481bce714567 | 2133 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 2134 | offset += OPAQUE16_LEN + size; |
wolfSSL | 7:481bce714567 | 2135 | |
wolfSSL | 7:481bce714567 | 2136 | /* skip request_extensions */ |
wolfSSL | 7:481bce714567 | 2137 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2138 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2139 | |
wolfSSL | 7:481bce714567 | 2140 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 2141 | offset += OPAQUE16_LEN + size; |
wolfSSL | 7:481bce714567 | 2142 | |
wolfSSL | 7:481bce714567 | 2143 | if (offset > length) |
wolfSSL | 7:481bce714567 | 2144 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2145 | |
wolfSSL | 7:481bce714567 | 2146 | /* is able to send OCSP response? */ |
wolfSSL | 7:481bce714567 | 2147 | if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 7:481bce714567 | 2148 | return 0; |
wolfSSL | 7:481bce714567 | 2149 | } |
wolfSSL | 7:481bce714567 | 2150 | break; |
wolfSSL | 7:481bce714567 | 2151 | |
wolfSSL | 7:481bce714567 | 2152 | /* unknown status type */ |
wolfSSL | 7:481bce714567 | 2153 | default: |
wolfSSL | 7:481bce714567 | 2154 | return 0; |
wolfSSL | 7:481bce714567 | 2155 | } |
wolfSSL | 7:481bce714567 | 2156 | |
wolfSSL | 7:481bce714567 | 2157 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 7:481bce714567 | 2158 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 7:481bce714567 | 2159 | if (ssl->status_request_v2) |
wolfSSL | 7:481bce714567 | 2160 | return 0; |
wolfSSL | 7:481bce714567 | 2161 | #endif |
wolfSSL | 7:481bce714567 | 2162 | |
wolfSSL | 7:481bce714567 | 2163 | /* accept the first good status_type and return */ |
wolfSSL | 7:481bce714567 | 2164 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, |
wolfSSL | 7:481bce714567 | 2165 | 0, ssl->heap); |
wolfSSL | 7:481bce714567 | 2166 | if (ret != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 2167 | return ret; /* throw error */ |
wolfSSL | 7:481bce714567 | 2168 | |
wolfSSL | 7:481bce714567 | 2169 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2170 | ssl->status_request = status_type; |
wolfSSL | 7:481bce714567 | 2171 | |
wolfSSL | 7:481bce714567 | 2172 | #endif |
wolfSSL | 7:481bce714567 | 2173 | } |
wolfSSL | 7:481bce714567 | 2174 | |
wolfSSL | 7:481bce714567 | 2175 | return 0; |
wolfSSL | 7:481bce714567 | 2176 | } |
wolfSSL | 7:481bce714567 | 2177 | |
wolfSSL | 7:481bce714567 | 2178 | int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) |
wolfSSL | 7:481bce714567 | 2179 | { |
wolfSSL | 7:481bce714567 | 2180 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2181 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 7:481bce714567 | 2182 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2183 | int ret = 0; |
wolfSSL | 7:481bce714567 | 2184 | |
wolfSSL | 7:481bce714567 | 2185 | if (csr) { |
wolfSSL | 7:481bce714567 | 2186 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2187 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 7:481bce714567 | 2188 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 7:481bce714567 | 2189 | int nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 7:481bce714567 | 2190 | |
wolfSSL | 7:481bce714567 | 2191 | /* preserve nonce */ |
wolfSSL | 7:481bce714567 | 2192 | XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); |
wolfSSL | 7:481bce714567 | 2193 | |
wolfSSL | 7:481bce714567 | 2194 | if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) |
wolfSSL | 7:481bce714567 | 2195 | != 0) |
wolfSSL | 7:481bce714567 | 2196 | return ret; |
wolfSSL | 7:481bce714567 | 2197 | |
wolfSSL | 7:481bce714567 | 2198 | /* restore nonce */ |
wolfSSL | 7:481bce714567 | 2199 | XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); |
wolfSSL | 7:481bce714567 | 2200 | csr->request.ocsp.nonceSz = nonceSz; |
wolfSSL | 7:481bce714567 | 2201 | } |
wolfSSL | 7:481bce714567 | 2202 | break; |
wolfSSL | 7:481bce714567 | 2203 | } |
wolfSSL | 7:481bce714567 | 2204 | } |
wolfSSL | 7:481bce714567 | 2205 | |
wolfSSL | 7:481bce714567 | 2206 | return ret; |
wolfSSL | 7:481bce714567 | 2207 | } |
wolfSSL | 7:481bce714567 | 2208 | |
wolfSSL | 7:481bce714567 | 2209 | void* TLSX_CSR_GetRequest(TLSX* extensions) |
wolfSSL | 7:481bce714567 | 2210 | { |
wolfSSL | 7:481bce714567 | 2211 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2212 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 7:481bce714567 | 2213 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2214 | |
wolfSSL | 7:481bce714567 | 2215 | if (csr) { |
wolfSSL | 7:481bce714567 | 2216 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2217 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2218 | return &csr->request.ocsp; |
wolfSSL | 7:481bce714567 | 2219 | break; |
wolfSSL | 7:481bce714567 | 2220 | } |
wolfSSL | 7:481bce714567 | 2221 | } |
wolfSSL | 7:481bce714567 | 2222 | |
wolfSSL | 7:481bce714567 | 2223 | return NULL; |
wolfSSL | 7:481bce714567 | 2224 | } |
wolfSSL | 7:481bce714567 | 2225 | |
wolfSSL | 7:481bce714567 | 2226 | int TLSX_CSR_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 2227 | { |
wolfSSL | 7:481bce714567 | 2228 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 7:481bce714567 | 2229 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 7:481bce714567 | 2230 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2231 | |
wolfSSL | 7:481bce714567 | 2232 | if (csr) { |
wolfSSL | 7:481bce714567 | 2233 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2234 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2235 | if (ssl->ctx->cm->ocspEnabled) |
wolfSSL | 7:481bce714567 | 2236 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 7:481bce714567 | 2237 | &csr->request.ocsp, NULL); |
wolfSSL | 7:481bce714567 | 2238 | else |
wolfSSL | 7:481bce714567 | 2239 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 7:481bce714567 | 2240 | } |
wolfSSL | 7:481bce714567 | 2241 | } |
wolfSSL | 7:481bce714567 | 2242 | |
wolfSSL | 7:481bce714567 | 2243 | return 0; |
wolfSSL | 7:481bce714567 | 2244 | } |
wolfSSL | 7:481bce714567 | 2245 | |
wolfSSL | 7:481bce714567 | 2246 | int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, |
wolfSSL | 7:481bce714567 | 2247 | byte options, void* heap) |
wolfSSL | 7:481bce714567 | 2248 | { |
wolfSSL | 7:481bce714567 | 2249 | CertificateStatusRequest* csr = NULL; |
wolfSSL | 7:481bce714567 | 2250 | int ret = 0; |
wolfSSL | 7:481bce714567 | 2251 | |
wolfSSL | 7:481bce714567 | 2252 | if (!extensions || status_type != WOLFSSL_CSR_OCSP) |
wolfSSL | 7:481bce714567 | 2253 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 2254 | |
wolfSSL | 7:481bce714567 | 2255 | csr = (CertificateStatusRequest*) |
wolfSSL | 7:481bce714567 | 2256 | XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2257 | if (!csr) |
wolfSSL | 7:481bce714567 | 2258 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 2259 | |
wolfSSL | 7:481bce714567 | 2260 | ForceZero(csr, sizeof(CertificateStatusRequest)); |
wolfSSL | 7:481bce714567 | 2261 | |
wolfSSL | 7:481bce714567 | 2262 | csr->status_type = status_type; |
wolfSSL | 7:481bce714567 | 2263 | csr->options = options; |
wolfSSL | 7:481bce714567 | 2264 | |
wolfSSL | 7:481bce714567 | 2265 | switch (csr->status_type) { |
wolfSSL | 7:481bce714567 | 2266 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 7:481bce714567 | 2267 | if (options & WOLFSSL_CSR_OCSP_USE_NONCE) { |
wolfSSL | 7:481bce714567 | 2268 | WC_RNG rng; |
wolfSSL | 7:481bce714567 | 2269 | |
wolfSSL | 7:481bce714567 | 2270 | #ifdef WOLFSSL_STATIC_MEMORY |
wolfSSL | 7:481bce714567 | 2271 | if (wc_InitRng_ex(&rng, heap) == 0) { |
wolfSSL | 7:481bce714567 | 2272 | #else |
wolfSSL | 7:481bce714567 | 2273 | if (wc_InitRng(&rng) == 0) { |
wolfSSL | 7:481bce714567 | 2274 | #endif |
wolfSSL | 7:481bce714567 | 2275 | if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, |
wolfSSL | 7:481bce714567 | 2276 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 7:481bce714567 | 2277 | csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 7:481bce714567 | 2278 | |
wolfSSL | 7:481bce714567 | 2279 | wc_FreeRng(&rng); |
wolfSSL | 7:481bce714567 | 2280 | } |
wolfSSL | 7:481bce714567 | 2281 | } |
wolfSSL | 7:481bce714567 | 2282 | break; |
wolfSSL | 7:481bce714567 | 2283 | } |
wolfSSL | 7:481bce714567 | 2284 | |
wolfSSL | 7:481bce714567 | 2285 | if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) { |
wolfSSL | 7:481bce714567 | 2286 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2287 | return ret; |
wolfSSL | 7:481bce714567 | 2288 | } |
wolfSSL | 7:481bce714567 | 2289 | |
wolfSSL | 7:481bce714567 | 2290 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 2291 | } |
wolfSSL | 7:481bce714567 | 2292 | |
wolfSSL | 7:481bce714567 | 2293 | #define CSR_FREE_ALL TLSX_CSR_Free |
wolfSSL | 7:481bce714567 | 2294 | #define CSR_GET_SIZE TLSX_CSR_GetSize |
wolfSSL | 7:481bce714567 | 2295 | #define CSR_WRITE TLSX_CSR_Write |
wolfSSL | 7:481bce714567 | 2296 | #define CSR_PARSE TLSX_CSR_Parse |
wolfSSL | 7:481bce714567 | 2297 | |
wolfSSL | 7:481bce714567 | 2298 | #else |
wolfSSL | 7:481bce714567 | 2299 | |
wolfSSL | 7:481bce714567 | 2300 | #define CSR_FREE_ALL(data, heap) |
wolfSSL | 7:481bce714567 | 2301 | #define CSR_GET_SIZE(a, b) 0 |
wolfSSL | 7:481bce714567 | 2302 | #define CSR_WRITE(a, b, c) 0 |
wolfSSL | 7:481bce714567 | 2303 | #define CSR_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 2304 | |
wolfSSL | 7:481bce714567 | 2305 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ |
wolfSSL | 7:481bce714567 | 2306 | |
wolfSSL | 7:481bce714567 | 2307 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 2308 | /* Certificate Status Request v2 */ |
wolfSSL | 7:481bce714567 | 2309 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 2310 | |
wolfSSL | 7:481bce714567 | 2311 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 7:481bce714567 | 2312 | |
wolfSSL | 7:481bce714567 | 2313 | static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap) |
wolfSSL | 7:481bce714567 | 2314 | { |
wolfSSL | 7:481bce714567 | 2315 | CertificateStatusRequestItemV2* next; |
wolfSSL | 7:481bce714567 | 2316 | |
wolfSSL | 7:481bce714567 | 2317 | for (; csr2; csr2 = next) { |
wolfSSL | 7:481bce714567 | 2318 | next = csr2->next; |
wolfSSL | 7:481bce714567 | 2319 | |
wolfSSL | 7:481bce714567 | 2320 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2321 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2322 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2323 | while(csr2->requests--) |
wolfSSL | 7:481bce714567 | 2324 | FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); |
wolfSSL | 7:481bce714567 | 2325 | break; |
wolfSSL | 7:481bce714567 | 2326 | } |
wolfSSL | 7:481bce714567 | 2327 | |
wolfSSL | 7:481bce714567 | 2328 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2329 | } |
wolfSSL | 7:481bce714567 | 2330 | (void)heap; |
wolfSSL | 7:481bce714567 | 2331 | } |
wolfSSL | 7:481bce714567 | 2332 | |
wolfSSL | 7:481bce714567 | 2333 | static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 7:481bce714567 | 2334 | byte isRequest) |
wolfSSL | 7:481bce714567 | 2335 | { |
wolfSSL | 7:481bce714567 | 2336 | word16 size = 0; |
wolfSSL | 7:481bce714567 | 2337 | |
wolfSSL | 7:481bce714567 | 2338 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2339 | (void) csr2; (void) isRequest; |
wolfSSL | 7:481bce714567 | 2340 | |
wolfSSL | 7:481bce714567 | 2341 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2342 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 2343 | CertificateStatusRequestItemV2* next; |
wolfSSL | 7:481bce714567 | 2344 | |
wolfSSL | 7:481bce714567 | 2345 | for (size = OPAQUE16_LEN; csr2; csr2 = next) { |
wolfSSL | 7:481bce714567 | 2346 | next = csr2->next; |
wolfSSL | 7:481bce714567 | 2347 | |
wolfSSL | 7:481bce714567 | 2348 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2349 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2350 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2351 | size += ENUM_LEN + 3 * OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2352 | |
wolfSSL | 7:481bce714567 | 2353 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 7:481bce714567 | 2354 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 7:481bce714567 | 2355 | break; |
wolfSSL | 7:481bce714567 | 2356 | } |
wolfSSL | 7:481bce714567 | 2357 | } |
wolfSSL | 7:481bce714567 | 2358 | } |
wolfSSL | 7:481bce714567 | 2359 | #endif |
wolfSSL | 7:481bce714567 | 2360 | |
wolfSSL | 7:481bce714567 | 2361 | return size; |
wolfSSL | 7:481bce714567 | 2362 | } |
wolfSSL | 7:481bce714567 | 2363 | |
wolfSSL | 7:481bce714567 | 2364 | static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 7:481bce714567 | 2365 | byte* output, byte isRequest) |
wolfSSL | 7:481bce714567 | 2366 | { |
wolfSSL | 7:481bce714567 | 2367 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2368 | (void) csr2; (void) output; (void) isRequest; |
wolfSSL | 7:481bce714567 | 2369 | |
wolfSSL | 7:481bce714567 | 2370 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2371 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 2372 | word16 offset; |
wolfSSL | 7:481bce714567 | 2373 | word16 length; |
wolfSSL | 7:481bce714567 | 2374 | |
wolfSSL | 7:481bce714567 | 2375 | for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { |
wolfSSL | 7:481bce714567 | 2376 | /* status_type */ |
wolfSSL | 7:481bce714567 | 2377 | output[offset++] = csr2->status_type; |
wolfSSL | 7:481bce714567 | 2378 | |
wolfSSL | 7:481bce714567 | 2379 | /* request */ |
wolfSSL | 7:481bce714567 | 2380 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2381 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2382 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2383 | /* request_length */ |
wolfSSL | 7:481bce714567 | 2384 | length = 2 * OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2385 | |
wolfSSL | 7:481bce714567 | 2386 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 7:481bce714567 | 2387 | length += OCSP_NONCE_EXT_SZ; |
wolfSSL | 7:481bce714567 | 2388 | |
wolfSSL | 7:481bce714567 | 2389 | c16toa(length, output + offset); |
wolfSSL | 7:481bce714567 | 2390 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2391 | |
wolfSSL | 7:481bce714567 | 2392 | /* responder id list */ |
wolfSSL | 7:481bce714567 | 2393 | c16toa(0, output + offset); |
wolfSSL | 7:481bce714567 | 2394 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2395 | |
wolfSSL | 7:481bce714567 | 2396 | /* request extensions */ |
wolfSSL | 7:481bce714567 | 2397 | length = 0; |
wolfSSL | 7:481bce714567 | 2398 | |
wolfSSL | 7:481bce714567 | 2399 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 7:481bce714567 | 2400 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 7:481bce714567 | 2401 | &csr2->request.ocsp[0], |
wolfSSL | 7:481bce714567 | 2402 | output + offset + OPAQUE16_LEN, |
wolfSSL | 7:481bce714567 | 2403 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 7:481bce714567 | 2404 | |
wolfSSL | 7:481bce714567 | 2405 | c16toa(length, output + offset); |
wolfSSL | 7:481bce714567 | 2406 | offset += OPAQUE16_LEN + length; |
wolfSSL | 7:481bce714567 | 2407 | break; |
wolfSSL | 7:481bce714567 | 2408 | } |
wolfSSL | 7:481bce714567 | 2409 | } |
wolfSSL | 7:481bce714567 | 2410 | |
wolfSSL | 7:481bce714567 | 2411 | /* list size */ |
wolfSSL | 7:481bce714567 | 2412 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 7:481bce714567 | 2413 | |
wolfSSL | 7:481bce714567 | 2414 | return offset; |
wolfSSL | 7:481bce714567 | 2415 | } |
wolfSSL | 7:481bce714567 | 2416 | #endif |
wolfSSL | 7:481bce714567 | 2417 | |
wolfSSL | 7:481bce714567 | 2418 | return 0; |
wolfSSL | 7:481bce714567 | 2419 | } |
wolfSSL | 7:481bce714567 | 2420 | |
wolfSSL | 7:481bce714567 | 2421 | static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 2422 | byte isRequest) |
wolfSSL | 7:481bce714567 | 2423 | { |
wolfSSL | 7:481bce714567 | 2424 | int ret; |
wolfSSL | 7:481bce714567 | 2425 | |
wolfSSL | 7:481bce714567 | 2426 | /* shut up compiler warnings */ |
wolfSSL | 7:481bce714567 | 2427 | (void) ssl; (void) input; |
wolfSSL | 7:481bce714567 | 2428 | |
wolfSSL | 7:481bce714567 | 2429 | if (!isRequest) { |
wolfSSL | 7:481bce714567 | 2430 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2431 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2432 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 7:481bce714567 | 2433 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2434 | |
wolfSSL | 7:481bce714567 | 2435 | if (!csr2) { |
wolfSSL | 7:481bce714567 | 2436 | /* look at context level */ |
wolfSSL | 7:481bce714567 | 2437 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2438 | csr2 = extension ? |
wolfSSL | 7:481bce714567 | 2439 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2440 | |
wolfSSL | 7:481bce714567 | 2441 | if (!csr2) |
wolfSSL | 7:481bce714567 | 2442 | return BUFFER_ERROR; /* unexpected extension */ |
wolfSSL | 7:481bce714567 | 2443 | |
wolfSSL | 7:481bce714567 | 2444 | /* enable extension at ssl level */ |
wolfSSL | 7:481bce714567 | 2445 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 7:481bce714567 | 2446 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 2447 | csr2->status_type, csr2->options, ssl->heap); |
wolfSSL | 7:481bce714567 | 2448 | if (ret != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 2449 | return ret; |
wolfSSL | 7:481bce714567 | 2450 | |
wolfSSL | 7:481bce714567 | 2451 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2452 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2453 | /* followed by */ |
wolfSSL | 7:481bce714567 | 2454 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2455 | /* propagate nonce */ |
wolfSSL | 7:481bce714567 | 2456 | if (csr2->request.ocsp[0].nonceSz) { |
wolfSSL | 7:481bce714567 | 2457 | OcspRequest* request = |
wolfSSL | 7:481bce714567 | 2458 | (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions, |
wolfSSL | 7:481bce714567 | 2459 | csr2->status_type, 0); |
wolfSSL | 7:481bce714567 | 2460 | |
wolfSSL | 7:481bce714567 | 2461 | if (request) { |
wolfSSL | 7:481bce714567 | 2462 | XMEMCPY(request->nonce, |
wolfSSL | 7:481bce714567 | 2463 | csr2->request.ocsp[0].nonce, |
wolfSSL | 7:481bce714567 | 2464 | csr2->request.ocsp[0].nonceSz); |
wolfSSL | 7:481bce714567 | 2465 | |
wolfSSL | 7:481bce714567 | 2466 | request->nonceSz = |
wolfSSL | 7:481bce714567 | 2467 | csr2->request.ocsp[0].nonceSz; |
wolfSSL | 7:481bce714567 | 2468 | } |
wolfSSL | 7:481bce714567 | 2469 | } |
wolfSSL | 7:481bce714567 | 2470 | break; |
wolfSSL | 7:481bce714567 | 2471 | } |
wolfSSL | 7:481bce714567 | 2472 | } |
wolfSSL | 7:481bce714567 | 2473 | } |
wolfSSL | 7:481bce714567 | 2474 | |
wolfSSL | 7:481bce714567 | 2475 | ssl->status_request_v2 = 1; |
wolfSSL | 7:481bce714567 | 2476 | |
wolfSSL | 7:481bce714567 | 2477 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 7:481bce714567 | 2478 | #endif |
wolfSSL | 7:481bce714567 | 2479 | } |
wolfSSL | 7:481bce714567 | 2480 | else { |
wolfSSL | 7:481bce714567 | 2481 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 2482 | byte status_type; |
wolfSSL | 7:481bce714567 | 2483 | word16 request_length; |
wolfSSL | 7:481bce714567 | 2484 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 2485 | word16 size = 0; |
wolfSSL | 7:481bce714567 | 2486 | |
wolfSSL | 7:481bce714567 | 2487 | /* list size */ |
wolfSSL | 7:481bce714567 | 2488 | ato16(input + offset, &request_length); |
wolfSSL | 7:481bce714567 | 2489 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2490 | |
wolfSSL | 7:481bce714567 | 2491 | if (length - OPAQUE16_LEN != request_length) |
wolfSSL | 7:481bce714567 | 2492 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2493 | |
wolfSSL | 7:481bce714567 | 2494 | while (length > offset) { |
wolfSSL | 7:481bce714567 | 2495 | if (length - offset < ENUM_LEN + OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2496 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2497 | |
wolfSSL | 7:481bce714567 | 2498 | status_type = input[offset++]; |
wolfSSL | 7:481bce714567 | 2499 | |
wolfSSL | 7:481bce714567 | 2500 | ato16(input + offset, &request_length); |
wolfSSL | 7:481bce714567 | 2501 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2502 | |
wolfSSL | 7:481bce714567 | 2503 | if (length - offset < request_length) |
wolfSSL | 7:481bce714567 | 2504 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2505 | |
wolfSSL | 7:481bce714567 | 2506 | switch (status_type) { |
wolfSSL | 7:481bce714567 | 2507 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2508 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2509 | /* skip responder_id_list */ |
wolfSSL | 7:481bce714567 | 2510 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2511 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2512 | |
wolfSSL | 7:481bce714567 | 2513 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 2514 | offset += OPAQUE16_LEN + size; |
wolfSSL | 7:481bce714567 | 2515 | |
wolfSSL | 7:481bce714567 | 2516 | /* skip request_extensions */ |
wolfSSL | 7:481bce714567 | 2517 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2518 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2519 | |
wolfSSL | 7:481bce714567 | 2520 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 2521 | offset += OPAQUE16_LEN + size; |
wolfSSL | 7:481bce714567 | 2522 | |
wolfSSL | 7:481bce714567 | 2523 | if (offset > length) |
wolfSSL | 7:481bce714567 | 2524 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2525 | |
wolfSSL | 7:481bce714567 | 2526 | /* is able to send OCSP response? */ |
wolfSSL | 7:481bce714567 | 2527 | if (ssl->ctx->cm == NULL |
wolfSSL | 7:481bce714567 | 2528 | || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 7:481bce714567 | 2529 | continue; |
wolfSSL | 7:481bce714567 | 2530 | break; |
wolfSSL | 7:481bce714567 | 2531 | |
wolfSSL | 7:481bce714567 | 2532 | default: |
wolfSSL | 7:481bce714567 | 2533 | /* unknown status type, skipping! */ |
wolfSSL | 7:481bce714567 | 2534 | offset += request_length; |
wolfSSL | 7:481bce714567 | 2535 | continue; |
wolfSSL | 7:481bce714567 | 2536 | } |
wolfSSL | 7:481bce714567 | 2537 | |
wolfSSL | 7:481bce714567 | 2538 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 7:481bce714567 | 2539 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 7:481bce714567 | 2540 | if (ssl->status_request) |
wolfSSL | 7:481bce714567 | 2541 | return 0; |
wolfSSL | 7:481bce714567 | 2542 | #endif |
wolfSSL | 7:481bce714567 | 2543 | |
wolfSSL | 7:481bce714567 | 2544 | /* accept the first good status_type and return */ |
wolfSSL | 7:481bce714567 | 2545 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 2546 | status_type, 0, ssl->heap); |
wolfSSL | 7:481bce714567 | 2547 | if (ret != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 2548 | return ret; /* throw error */ |
wolfSSL | 7:481bce714567 | 2549 | |
wolfSSL | 7:481bce714567 | 2550 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2551 | ssl->status_request_v2 = status_type; |
wolfSSL | 7:481bce714567 | 2552 | |
wolfSSL | 7:481bce714567 | 2553 | return 0; |
wolfSSL | 7:481bce714567 | 2554 | } |
wolfSSL | 7:481bce714567 | 2555 | #endif |
wolfSSL | 7:481bce714567 | 2556 | } |
wolfSSL | 7:481bce714567 | 2557 | |
wolfSSL | 7:481bce714567 | 2558 | return 0; |
wolfSSL | 7:481bce714567 | 2559 | } |
wolfSSL | 7:481bce714567 | 2560 | |
wolfSSL | 7:481bce714567 | 2561 | int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, |
wolfSSL | 7:481bce714567 | 2562 | void* heap) |
wolfSSL | 7:481bce714567 | 2563 | { |
wolfSSL | 7:481bce714567 | 2564 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2565 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 7:481bce714567 | 2566 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2567 | int ret = 0; |
wolfSSL | 7:481bce714567 | 2568 | |
wolfSSL | 7:481bce714567 | 2569 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 7:481bce714567 | 2570 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2571 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2572 | if (!isPeer || csr2->requests != 0) |
wolfSSL | 7:481bce714567 | 2573 | break; |
wolfSSL | 7:481bce714567 | 2574 | |
wolfSSL | 7:481bce714567 | 2575 | /* followed by */ |
wolfSSL | 7:481bce714567 | 2576 | |
wolfSSL | 7:481bce714567 | 2577 | case WOLFSSL_CSR2_OCSP_MULTI: { |
wolfSSL | 7:481bce714567 | 2578 | if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { |
wolfSSL | 7:481bce714567 | 2579 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 7:481bce714567 | 2580 | int nonceSz = csr2->request.ocsp[0].nonceSz; |
wolfSSL | 7:481bce714567 | 2581 | |
wolfSSL | 7:481bce714567 | 2582 | /* preserve nonce, replicating nonce of ocsp[0] */ |
wolfSSL | 7:481bce714567 | 2583 | XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); |
wolfSSL | 7:481bce714567 | 2584 | |
wolfSSL | 7:481bce714567 | 2585 | if ((ret = InitOcspRequest( |
wolfSSL | 7:481bce714567 | 2586 | &csr2->request.ocsp[csr2->requests], cert, |
wolfSSL | 7:481bce714567 | 2587 | 0, heap)) != 0) |
wolfSSL | 7:481bce714567 | 2588 | return ret; |
wolfSSL | 7:481bce714567 | 2589 | |
wolfSSL | 7:481bce714567 | 2590 | /* restore nonce */ |
wolfSSL | 7:481bce714567 | 2591 | XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, |
wolfSSL | 7:481bce714567 | 2592 | nonce, nonceSz); |
wolfSSL | 7:481bce714567 | 2593 | csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; |
wolfSSL | 7:481bce714567 | 2594 | csr2->requests++; |
wolfSSL | 7:481bce714567 | 2595 | } |
wolfSSL | 7:481bce714567 | 2596 | } |
wolfSSL | 7:481bce714567 | 2597 | break; |
wolfSSL | 7:481bce714567 | 2598 | } |
wolfSSL | 7:481bce714567 | 2599 | } |
wolfSSL | 7:481bce714567 | 2600 | |
wolfSSL | 7:481bce714567 | 2601 | (void)cert; |
wolfSSL | 7:481bce714567 | 2602 | return ret; |
wolfSSL | 7:481bce714567 | 2603 | } |
wolfSSL | 7:481bce714567 | 2604 | |
wolfSSL | 7:481bce714567 | 2605 | void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index) |
wolfSSL | 7:481bce714567 | 2606 | { |
wolfSSL | 7:481bce714567 | 2607 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2608 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 7:481bce714567 | 2609 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2610 | |
wolfSSL | 7:481bce714567 | 2611 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 7:481bce714567 | 2612 | if (csr2->status_type == status_type) { |
wolfSSL | 7:481bce714567 | 2613 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2614 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2615 | /* followed by */ |
wolfSSL | 7:481bce714567 | 2616 | |
wolfSSL | 7:481bce714567 | 2617 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2618 | /* requests are initialized in the reverse order */ |
wolfSSL | 7:481bce714567 | 2619 | return index < csr2->requests |
wolfSSL | 7:481bce714567 | 2620 | ? &csr2->request.ocsp[csr2->requests - index - 1] |
wolfSSL | 7:481bce714567 | 2621 | : NULL; |
wolfSSL | 7:481bce714567 | 2622 | break; |
wolfSSL | 7:481bce714567 | 2623 | } |
wolfSSL | 7:481bce714567 | 2624 | } |
wolfSSL | 7:481bce714567 | 2625 | } |
wolfSSL | 7:481bce714567 | 2626 | |
wolfSSL | 7:481bce714567 | 2627 | return NULL; |
wolfSSL | 7:481bce714567 | 2628 | } |
wolfSSL | 7:481bce714567 | 2629 | |
wolfSSL | 7:481bce714567 | 2630 | int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 2631 | { |
wolfSSL | 7:481bce714567 | 2632 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 7:481bce714567 | 2633 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 7:481bce714567 | 2634 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 2635 | |
wolfSSL | 7:481bce714567 | 2636 | /* forces only the first one */ |
wolfSSL | 7:481bce714567 | 2637 | if (csr2) { |
wolfSSL | 7:481bce714567 | 2638 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2639 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2640 | /* followed by */ |
wolfSSL | 7:481bce714567 | 2641 | |
wolfSSL | 7:481bce714567 | 2642 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2643 | if (ssl->ctx->cm->ocspEnabled) |
wolfSSL | 7:481bce714567 | 2644 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 7:481bce714567 | 2645 | &csr2->request.ocsp[0], NULL); |
wolfSSL | 7:481bce714567 | 2646 | else |
wolfSSL | 7:481bce714567 | 2647 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 7:481bce714567 | 2648 | } |
wolfSSL | 7:481bce714567 | 2649 | } |
wolfSSL | 7:481bce714567 | 2650 | |
wolfSSL | 7:481bce714567 | 2651 | return 0; |
wolfSSL | 7:481bce714567 | 2652 | } |
wolfSSL | 7:481bce714567 | 2653 | |
wolfSSL | 7:481bce714567 | 2654 | int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, |
wolfSSL | 7:481bce714567 | 2655 | byte options, void* heap) |
wolfSSL | 7:481bce714567 | 2656 | { |
wolfSSL | 7:481bce714567 | 2657 | TLSX* extension = NULL; |
wolfSSL | 7:481bce714567 | 2658 | CertificateStatusRequestItemV2* csr2 = NULL; |
wolfSSL | 7:481bce714567 | 2659 | int ret = 0; |
wolfSSL | 7:481bce714567 | 2660 | |
wolfSSL | 7:481bce714567 | 2661 | if (!extensions) |
wolfSSL | 7:481bce714567 | 2662 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 2663 | |
wolfSSL | 7:481bce714567 | 2664 | if (status_type != WOLFSSL_CSR2_OCSP |
wolfSSL | 7:481bce714567 | 2665 | && status_type != WOLFSSL_CSR2_OCSP_MULTI) |
wolfSSL | 7:481bce714567 | 2666 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 2667 | |
wolfSSL | 7:481bce714567 | 2668 | csr2 = (CertificateStatusRequestItemV2*) |
wolfSSL | 7:481bce714567 | 2669 | XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2670 | if (!csr2) |
wolfSSL | 7:481bce714567 | 2671 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 2672 | |
wolfSSL | 7:481bce714567 | 2673 | ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); |
wolfSSL | 7:481bce714567 | 2674 | |
wolfSSL | 7:481bce714567 | 2675 | csr2->status_type = status_type; |
wolfSSL | 7:481bce714567 | 2676 | csr2->options = options; |
wolfSSL | 7:481bce714567 | 2677 | csr2->next = NULL; |
wolfSSL | 7:481bce714567 | 2678 | |
wolfSSL | 7:481bce714567 | 2679 | switch (csr2->status_type) { |
wolfSSL | 7:481bce714567 | 2680 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 7:481bce714567 | 2681 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 7:481bce714567 | 2682 | if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { |
wolfSSL | 7:481bce714567 | 2683 | WC_RNG rng; |
wolfSSL | 7:481bce714567 | 2684 | |
wolfSSL | 7:481bce714567 | 2685 | #ifdef WOLFSSL_STATIC_MEMORY |
wolfSSL | 7:481bce714567 | 2686 | if (wc_InitRng_ex(&rng, heap) == 0) { |
wolfSSL | 7:481bce714567 | 2687 | #else |
wolfSSL | 7:481bce714567 | 2688 | if (wc_InitRng(&rng) == 0) { |
wolfSSL | 7:481bce714567 | 2689 | #endif |
wolfSSL | 7:481bce714567 | 2690 | if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, |
wolfSSL | 7:481bce714567 | 2691 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 7:481bce714567 | 2692 | csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 7:481bce714567 | 2693 | |
wolfSSL | 7:481bce714567 | 2694 | wc_FreeRng(&rng); |
wolfSSL | 7:481bce714567 | 2695 | } |
wolfSSL | 7:481bce714567 | 2696 | } |
wolfSSL | 7:481bce714567 | 2697 | break; |
wolfSSL | 7:481bce714567 | 2698 | } |
wolfSSL | 7:481bce714567 | 2699 | |
wolfSSL | 7:481bce714567 | 2700 | /* append new item */ |
wolfSSL | 7:481bce714567 | 2701 | if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { |
wolfSSL | 7:481bce714567 | 2702 | CertificateStatusRequestItemV2* last = |
wolfSSL | 7:481bce714567 | 2703 | (CertificateStatusRequestItemV2*)extension->data; |
wolfSSL | 7:481bce714567 | 2704 | |
wolfSSL | 7:481bce714567 | 2705 | for (; last->next; last = last->next); |
wolfSSL | 7:481bce714567 | 2706 | |
wolfSSL | 7:481bce714567 | 2707 | last->next = csr2; |
wolfSSL | 7:481bce714567 | 2708 | } |
wolfSSL | 7:481bce714567 | 2709 | else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) { |
wolfSSL | 7:481bce714567 | 2710 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2711 | return ret; |
wolfSSL | 7:481bce714567 | 2712 | } |
wolfSSL | 7:481bce714567 | 2713 | |
wolfSSL | 7:481bce714567 | 2714 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 2715 | } |
wolfSSL | 7:481bce714567 | 2716 | |
wolfSSL | 7:481bce714567 | 2717 | #define CSR2_FREE_ALL TLSX_CSR2_FreeAll |
wolfSSL | 7:481bce714567 | 2718 | #define CSR2_GET_SIZE TLSX_CSR2_GetSize |
wolfSSL | 7:481bce714567 | 2719 | #define CSR2_WRITE TLSX_CSR2_Write |
wolfSSL | 7:481bce714567 | 2720 | #define CSR2_PARSE TLSX_CSR2_Parse |
wolfSSL | 7:481bce714567 | 2721 | |
wolfSSL | 7:481bce714567 | 2722 | #else |
wolfSSL | 7:481bce714567 | 2723 | |
wolfSSL | 7:481bce714567 | 2724 | #define CSR2_FREE_ALL(data, heap) |
wolfSSL | 7:481bce714567 | 2725 | #define CSR2_GET_SIZE(a, b) 0 |
wolfSSL | 7:481bce714567 | 2726 | #define CSR2_WRITE(a, b, c) 0 |
wolfSSL | 7:481bce714567 | 2727 | #define CSR2_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 2728 | |
wolfSSL | 7:481bce714567 | 2729 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ |
wolfSSL | 7:481bce714567 | 2730 | |
wolfSSL | 7:481bce714567 | 2731 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 2732 | /* Supported Elliptic Curves */ |
wolfSSL | 7:481bce714567 | 2733 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 2734 | |
wolfSSL | 7:481bce714567 | 2735 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 7:481bce714567 | 2736 | |
wolfSSL | 7:481bce714567 | 2737 | #ifndef HAVE_ECC |
wolfSSL | 7:481bce714567 | 2738 | #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ |
wolfSSL | 7:481bce714567 | 2739 | Use --enable-ecc in the configure script or define HAVE_ECC. |
wolfSSL | 7:481bce714567 | 2740 | #endif |
wolfSSL | 7:481bce714567 | 2741 | |
wolfSSL | 7:481bce714567 | 2742 | static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap) |
wolfSSL | 7:481bce714567 | 2743 | { |
wolfSSL | 7:481bce714567 | 2744 | EllipticCurve* curve; |
wolfSSL | 7:481bce714567 | 2745 | |
wolfSSL | 7:481bce714567 | 2746 | while ((curve = list)) { |
wolfSSL | 7:481bce714567 | 2747 | list = curve->next; |
wolfSSL | 7:481bce714567 | 2748 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2749 | } |
wolfSSL | 7:481bce714567 | 2750 | (void)heap; |
wolfSSL | 7:481bce714567 | 2751 | } |
wolfSSL | 7:481bce714567 | 2752 | |
wolfSSL | 7:481bce714567 | 2753 | static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name, |
wolfSSL | 7:481bce714567 | 2754 | void* heap) |
wolfSSL | 7:481bce714567 | 2755 | { |
wolfSSL | 7:481bce714567 | 2756 | EllipticCurve* curve = NULL; |
wolfSSL | 7:481bce714567 | 2757 | |
wolfSSL | 7:481bce714567 | 2758 | if (list == NULL) |
wolfSSL | 7:481bce714567 | 2759 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 2760 | |
wolfSSL | 7:481bce714567 | 2761 | curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap, |
wolfSSL | 7:481bce714567 | 2762 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 2763 | if (curve == NULL) |
wolfSSL | 7:481bce714567 | 2764 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 2765 | |
wolfSSL | 7:481bce714567 | 2766 | curve->name = name; |
wolfSSL | 7:481bce714567 | 2767 | curve->next = *list; |
wolfSSL | 7:481bce714567 | 2768 | |
wolfSSL | 7:481bce714567 | 2769 | *list = curve; |
wolfSSL | 7:481bce714567 | 2770 | |
wolfSSL | 7:481bce714567 | 2771 | return 0; |
wolfSSL | 7:481bce714567 | 2772 | } |
wolfSSL | 7:481bce714567 | 2773 | |
wolfSSL | 7:481bce714567 | 2774 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 2775 | |
wolfSSL | 7:481bce714567 | 2776 | static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 7:481bce714567 | 2777 | { |
wolfSSL | 7:481bce714567 | 2778 | int i; |
wolfSSL | 7:481bce714567 | 2779 | |
wolfSSL | 7:481bce714567 | 2780 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 7:481bce714567 | 2781 | if (ssl->suites->suites[i] == ECC_BYTE || |
wolfSSL | 7:481bce714567 | 2782 | ssl->suites->suites[i] == CHACHA_BYTE) |
wolfSSL | 7:481bce714567 | 2783 | return; |
wolfSSL | 7:481bce714567 | 2784 | |
wolfSSL | 7:481bce714567 | 2785 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 7:481bce714567 | 2786 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); |
wolfSSL | 7:481bce714567 | 2787 | } |
wolfSSL | 7:481bce714567 | 2788 | |
wolfSSL | 7:481bce714567 | 2789 | static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) |
wolfSSL | 7:481bce714567 | 2790 | { |
wolfSSL | 7:481bce714567 | 2791 | EllipticCurve* curve; |
wolfSSL | 7:481bce714567 | 2792 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 7:481bce714567 | 2793 | |
wolfSSL | 7:481bce714567 | 2794 | while ((curve = list)) { |
wolfSSL | 7:481bce714567 | 2795 | list = curve->next; |
wolfSSL | 7:481bce714567 | 2796 | length += OPAQUE16_LEN; /* curve length */ |
wolfSSL | 7:481bce714567 | 2797 | } |
wolfSSL | 7:481bce714567 | 2798 | |
wolfSSL | 7:481bce714567 | 2799 | return length; |
wolfSSL | 7:481bce714567 | 2800 | } |
wolfSSL | 7:481bce714567 | 2801 | |
wolfSSL | 7:481bce714567 | 2802 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output); |
wolfSSL | 7:481bce714567 | 2803 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output) |
wolfSSL | 7:481bce714567 | 2804 | { |
wolfSSL | 7:481bce714567 | 2805 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 2806 | |
wolfSSL | 7:481bce714567 | 2807 | if (!curve) |
wolfSSL | 7:481bce714567 | 2808 | return offset; |
wolfSSL | 7:481bce714567 | 2809 | |
wolfSSL | 7:481bce714567 | 2810 | offset = TLSX_EllipticCurve_WriteR(curve->next, output); |
wolfSSL | 7:481bce714567 | 2811 | c16toa(curve->name, output + offset); |
wolfSSL | 7:481bce714567 | 2812 | |
wolfSSL | 7:481bce714567 | 2813 | return OPAQUE16_LEN + offset; |
wolfSSL | 7:481bce714567 | 2814 | } |
wolfSSL | 7:481bce714567 | 2815 | |
wolfSSL | 7:481bce714567 | 2816 | static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output) |
wolfSSL | 7:481bce714567 | 2817 | { |
wolfSSL | 7:481bce714567 | 2818 | word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN); |
wolfSSL | 7:481bce714567 | 2819 | |
wolfSSL | 7:481bce714567 | 2820 | c16toa(length, output); /* writing list length */ |
wolfSSL | 7:481bce714567 | 2821 | |
wolfSSL | 7:481bce714567 | 2822 | return OPAQUE16_LEN + length; |
wolfSSL | 7:481bce714567 | 2823 | } |
wolfSSL | 7:481bce714567 | 2824 | |
wolfSSL | 7:481bce714567 | 2825 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 7:481bce714567 | 2826 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 2827 | |
wolfSSL | 7:481bce714567 | 2828 | static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 2829 | byte isRequest) |
wolfSSL | 7:481bce714567 | 2830 | { |
wolfSSL | 7:481bce714567 | 2831 | word16 offset; |
wolfSSL | 7:481bce714567 | 2832 | word16 name; |
wolfSSL | 7:481bce714567 | 2833 | int r; |
wolfSSL | 7:481bce714567 | 2834 | |
wolfSSL | 7:481bce714567 | 2835 | (void) isRequest; /* shut up compiler! */ |
wolfSSL | 7:481bce714567 | 2836 | |
wolfSSL | 7:481bce714567 | 2837 | if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 2838 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2839 | |
wolfSSL | 7:481bce714567 | 2840 | ato16(input, &offset); |
wolfSSL | 7:481bce714567 | 2841 | |
wolfSSL | 7:481bce714567 | 2842 | /* validating curve list length */ |
wolfSSL | 7:481bce714567 | 2843 | if (length != OPAQUE16_LEN + offset) |
wolfSSL | 7:481bce714567 | 2844 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 2845 | |
wolfSSL | 7:481bce714567 | 2846 | while (offset) { |
wolfSSL | 7:481bce714567 | 2847 | ato16(input + offset, &name); |
wolfSSL | 7:481bce714567 | 2848 | offset -= OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 2849 | |
wolfSSL | 7:481bce714567 | 2850 | r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); |
wolfSSL | 7:481bce714567 | 2851 | |
wolfSSL | 7:481bce714567 | 2852 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 7:481bce714567 | 2853 | } |
wolfSSL | 7:481bce714567 | 2854 | |
wolfSSL | 7:481bce714567 | 2855 | return 0; |
wolfSSL | 7:481bce714567 | 2856 | } |
wolfSSL | 7:481bce714567 | 2857 | |
wolfSSL | 7:481bce714567 | 2858 | int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { |
wolfSSL | 7:481bce714567 | 2859 | TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE) |
wolfSSL | 7:481bce714567 | 2860 | ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) |
wolfSSL | 7:481bce714567 | 2861 | : NULL; |
wolfSSL | 7:481bce714567 | 2862 | EllipticCurve* curve = NULL; |
wolfSSL | 7:481bce714567 | 2863 | word32 oid = 0; |
wolfSSL | 7:481bce714567 | 2864 | word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ |
wolfSSL | 7:481bce714567 | 2865 | int sig = 0; /* validate signature */ |
wolfSSL | 7:481bce714567 | 2866 | int key = 0; /* validate key */ |
wolfSSL | 7:481bce714567 | 2867 | |
wolfSSL | 7:481bce714567 | 2868 | (void)oid; |
wolfSSL | 7:481bce714567 | 2869 | (void)octets; |
wolfSSL | 7:481bce714567 | 2870 | |
wolfSSL | 7:481bce714567 | 2871 | if (!extension) |
wolfSSL | 7:481bce714567 | 2872 | return 1; /* no suite restriction */ |
wolfSSL | 7:481bce714567 | 2873 | |
wolfSSL | 7:481bce714567 | 2874 | for (curve = (EllipticCurve*)extension->data; |
wolfSSL | 7:481bce714567 | 2875 | curve && !(sig && key); |
wolfSSL | 7:481bce714567 | 2876 | curve = curve->next) { |
wolfSSL | 7:481bce714567 | 2877 | |
wolfSSL | 7:481bce714567 | 2878 | /* find supported curve */ |
wolfSSL | 7:481bce714567 | 2879 | switch (curve->name) { |
wolfSSL | 7:481bce714567 | 2880 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2881 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2882 | case WOLFSSL_ECC_SECP160R1: oid = ECC_SECP160R1_OID; octets = 20; break; |
wolfSSL | 7:481bce714567 | 2883 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2884 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 7:481bce714567 | 2885 | case WOLFSSL_ECC_SECP160R2: oid = ECC_SECP160R2_OID; octets = 20; break; |
wolfSSL | 7:481bce714567 | 2886 | #endif /* HAVE_ECC_SECPR2 */ |
wolfSSL | 7:481bce714567 | 2887 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 2888 | case WOLFSSL_ECC_SECP160K1: oid = ECC_SECP160K1_OID; octets = 20; break; |
wolfSSL | 7:481bce714567 | 2889 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 7:481bce714567 | 2890 | #endif |
wolfSSL | 7:481bce714567 | 2891 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2892 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2893 | case WOLFSSL_ECC_SECP192R1: oid = ECC_SECP192R1_OID; octets = 24; break; |
wolfSSL | 7:481bce714567 | 2894 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2895 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 2896 | case WOLFSSL_ECC_SECP192K1: oid = ECC_SECP192K1_OID; octets = 24; break; |
wolfSSL | 7:481bce714567 | 2897 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 7:481bce714567 | 2898 | #endif |
wolfSSL | 7:481bce714567 | 2899 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2900 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2901 | case WOLFSSL_ECC_SECP224R1: oid = ECC_SECP224R1_OID; octets = 28; break; |
wolfSSL | 7:481bce714567 | 2902 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2903 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 2904 | case WOLFSSL_ECC_SECP224K1: oid = ECC_SECP224K1_OID; octets = 28; break; |
wolfSSL | 7:481bce714567 | 2905 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 7:481bce714567 | 2906 | #endif |
wolfSSL | 7:481bce714567 | 2907 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2908 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2909 | case WOLFSSL_ECC_SECP256R1: oid = ECC_SECP256R1_OID; octets = 32; break; |
wolfSSL | 7:481bce714567 | 2910 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2911 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 2912 | case WOLFSSL_ECC_SECP256K1: oid = ECC_SECP256K1_OID; octets = 32; break; |
wolfSSL | 7:481bce714567 | 2913 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 7:481bce714567 | 2914 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 2915 | case WOLFSSL_ECC_BRAINPOOLP256R1: oid = ECC_BRAINPOOLP256R1_OID; octets = 32; break; |
wolfSSL | 7:481bce714567 | 2916 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 7:481bce714567 | 2917 | #endif |
wolfSSL | 7:481bce714567 | 2918 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2919 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2920 | case WOLFSSL_ECC_SECP384R1: oid = ECC_SECP384R1_OID; octets = 48; break; |
wolfSSL | 7:481bce714567 | 2921 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2922 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 2923 | case WOLFSSL_ECC_BRAINPOOLP384R1: oid = ECC_BRAINPOOLP384R1_OID; octets = 48; break; |
wolfSSL | 7:481bce714567 | 2924 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 7:481bce714567 | 2925 | #endif |
wolfSSL | 7:481bce714567 | 2926 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2927 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 2928 | case WOLFSSL_ECC_BRAINPOOLP512R1: oid = ECC_BRAINPOOLP512R1_OID; octets = 64; break; |
wolfSSL | 7:481bce714567 | 2929 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 7:481bce714567 | 2930 | #endif |
wolfSSL | 7:481bce714567 | 2931 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 2932 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 2933 | case WOLFSSL_ECC_SECP521R1: oid = ECC_SECP521R1_OID; octets = 66; break; |
wolfSSL | 7:481bce714567 | 2934 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 7:481bce714567 | 2935 | #endif |
wolfSSL | 7:481bce714567 | 2936 | default: continue; /* unsupported curve */ |
wolfSSL | 7:481bce714567 | 2937 | } |
wolfSSL | 7:481bce714567 | 2938 | |
wolfSSL | 7:481bce714567 | 2939 | if (first == ECC_BYTE) { |
wolfSSL | 7:481bce714567 | 2940 | switch (second) { |
wolfSSL | 7:481bce714567 | 2941 | /* ECDHE_ECDSA */ |
wolfSSL | 7:481bce714567 | 2942 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2943 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2944 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 7:481bce714567 | 2945 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2946 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 7:481bce714567 | 2947 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 7:481bce714567 | 2948 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 7:481bce714567 | 2949 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 7:481bce714567 | 2950 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
wolfSSL | 7:481bce714567 | 2951 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: |
wolfSSL | 7:481bce714567 | 2952 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 7:481bce714567 | 2953 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 7:481bce714567 | 2954 | break; |
wolfSSL | 7:481bce714567 | 2955 | |
wolfSSL | 7:481bce714567 | 2956 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 7:481bce714567 | 2957 | /* ECDH_ECDSA */ |
wolfSSL | 7:481bce714567 | 2958 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2959 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2960 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 7:481bce714567 | 2961 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2962 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 7:481bce714567 | 2963 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 7:481bce714567 | 2964 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 7:481bce714567 | 2965 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 7:481bce714567 | 2966 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 7:481bce714567 | 2967 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 7:481bce714567 | 2968 | break; |
wolfSSL | 7:481bce714567 | 2969 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 7:481bce714567 | 2970 | #ifndef NO_RSA |
wolfSSL | 7:481bce714567 | 2971 | /* ECDHE_RSA */ |
wolfSSL | 7:481bce714567 | 2972 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2973 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2974 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
wolfSSL | 7:481bce714567 | 2975 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2976 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 7:481bce714567 | 2977 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 7:481bce714567 | 2978 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 7:481bce714567 | 2979 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 7:481bce714567 | 2980 | sig = 1; |
wolfSSL | 7:481bce714567 | 2981 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 7:481bce714567 | 2982 | break; |
wolfSSL | 7:481bce714567 | 2983 | |
wolfSSL | 7:481bce714567 | 2984 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 7:481bce714567 | 2985 | /* ECDH_RSA */ |
wolfSSL | 7:481bce714567 | 2986 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2987 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2988 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
wolfSSL | 7:481bce714567 | 2989 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 7:481bce714567 | 2990 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 7:481bce714567 | 2991 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 7:481bce714567 | 2992 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 7:481bce714567 | 2993 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 7:481bce714567 | 2994 | sig = 1; |
wolfSSL | 7:481bce714567 | 2995 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 7:481bce714567 | 2996 | break; |
wolfSSL | 7:481bce714567 | 2997 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 7:481bce714567 | 2998 | #endif |
wolfSSL | 7:481bce714567 | 2999 | default: |
wolfSSL | 7:481bce714567 | 3000 | sig = 1; |
wolfSSL | 7:481bce714567 | 3001 | key = 1; |
wolfSSL | 7:481bce714567 | 3002 | break; |
wolfSSL | 7:481bce714567 | 3003 | } |
wolfSSL | 7:481bce714567 | 3004 | } |
wolfSSL | 7:481bce714567 | 3005 | |
wolfSSL | 7:481bce714567 | 3006 | /* ChaCha20-Poly1305 ECC cipher suites */ |
wolfSSL | 7:481bce714567 | 3007 | if (first == CHACHA_BYTE) { |
wolfSSL | 7:481bce714567 | 3008 | switch (second) { |
wolfSSL | 7:481bce714567 | 3009 | /* ECDHE_ECDSA */ |
wolfSSL | 7:481bce714567 | 3010 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 7:481bce714567 | 3011 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 7:481bce714567 | 3012 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 7:481bce714567 | 3013 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 7:481bce714567 | 3014 | break; |
wolfSSL | 7:481bce714567 | 3015 | #ifndef NO_RSA |
wolfSSL | 7:481bce714567 | 3016 | /* ECDHE_RSA */ |
wolfSSL | 7:481bce714567 | 3017 | case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 7:481bce714567 | 3018 | case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 7:481bce714567 | 3019 | sig = 1; |
wolfSSL | 7:481bce714567 | 3020 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 7:481bce714567 | 3021 | break; |
wolfSSL | 7:481bce714567 | 3022 | #endif |
wolfSSL | 7:481bce714567 | 3023 | default: |
wolfSSL | 7:481bce714567 | 3024 | sig = 1; |
wolfSSL | 7:481bce714567 | 3025 | key = 1; |
wolfSSL | 7:481bce714567 | 3026 | break; |
wolfSSL | 7:481bce714567 | 3027 | } |
wolfSSL | 7:481bce714567 | 3028 | } |
wolfSSL | 7:481bce714567 | 3029 | } |
wolfSSL | 7:481bce714567 | 3030 | |
wolfSSL | 7:481bce714567 | 3031 | return sig && key; |
wolfSSL | 7:481bce714567 | 3032 | } |
wolfSSL | 7:481bce714567 | 3033 | |
wolfSSL | 7:481bce714567 | 3034 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 3035 | |
wolfSSL | 7:481bce714567 | 3036 | int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) |
wolfSSL | 7:481bce714567 | 3037 | { |
wolfSSL | 7:481bce714567 | 3038 | TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 7:481bce714567 | 3039 | EllipticCurve* curve = NULL; |
wolfSSL | 7:481bce714567 | 3040 | int ret = 0; |
wolfSSL | 7:481bce714567 | 3041 | |
wolfSSL | 7:481bce714567 | 3042 | if (extensions == NULL) |
wolfSSL | 7:481bce714567 | 3043 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 3044 | |
wolfSSL | 7:481bce714567 | 3045 | if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0) |
wolfSSL | 7:481bce714567 | 3046 | return ret; |
wolfSSL | 7:481bce714567 | 3047 | |
wolfSSL | 7:481bce714567 | 3048 | if (!extension) { |
wolfSSL | 7:481bce714567 | 3049 | if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap)) |
wolfSSL | 7:481bce714567 | 3050 | != 0) { |
wolfSSL | 7:481bce714567 | 3051 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3052 | return ret; |
wolfSSL | 7:481bce714567 | 3053 | } |
wolfSSL | 7:481bce714567 | 3054 | } |
wolfSSL | 7:481bce714567 | 3055 | else { |
wolfSSL | 7:481bce714567 | 3056 | /* push new EllipticCurve object to extension data. */ |
wolfSSL | 7:481bce714567 | 3057 | curve->next = (EllipticCurve*)extension->data; |
wolfSSL | 7:481bce714567 | 3058 | extension->data = (void*)curve; |
wolfSSL | 7:481bce714567 | 3059 | |
wolfSSL | 7:481bce714567 | 3060 | /* look for another curve of the same name to remove (replacement) */ |
wolfSSL | 7:481bce714567 | 3061 | do { |
wolfSSL | 7:481bce714567 | 3062 | if (curve->next && curve->next->name == name) { |
wolfSSL | 7:481bce714567 | 3063 | EllipticCurve *next = curve->next; |
wolfSSL | 7:481bce714567 | 3064 | |
wolfSSL | 7:481bce714567 | 3065 | curve->next = next->next; |
wolfSSL | 7:481bce714567 | 3066 | XFREE(next, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3067 | |
wolfSSL | 7:481bce714567 | 3068 | break; |
wolfSSL | 7:481bce714567 | 3069 | } |
wolfSSL | 7:481bce714567 | 3070 | } while ((curve = curve->next)); |
wolfSSL | 7:481bce714567 | 3071 | } |
wolfSSL | 7:481bce714567 | 3072 | |
wolfSSL | 7:481bce714567 | 3073 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 3074 | } |
wolfSSL | 7:481bce714567 | 3075 | |
wolfSSL | 7:481bce714567 | 3076 | #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll |
wolfSSL | 7:481bce714567 | 3077 | #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest |
wolfSSL | 7:481bce714567 | 3078 | |
wolfSSL | 7:481bce714567 | 3079 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 3080 | #define EC_GET_SIZE TLSX_EllipticCurve_GetSize |
wolfSSL | 7:481bce714567 | 3081 | #define EC_WRITE TLSX_EllipticCurve_Write |
wolfSSL | 7:481bce714567 | 3082 | #else |
wolfSSL | 7:481bce714567 | 3083 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 7:481bce714567 | 3084 | #define EC_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 3085 | #endif |
wolfSSL | 7:481bce714567 | 3086 | |
wolfSSL | 7:481bce714567 | 3087 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 3088 | #define EC_PARSE TLSX_EllipticCurve_Parse |
wolfSSL | 7:481bce714567 | 3089 | #else |
wolfSSL | 7:481bce714567 | 3090 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 3091 | #endif |
wolfSSL | 7:481bce714567 | 3092 | |
wolfSSL | 7:481bce714567 | 3093 | #else |
wolfSSL | 7:481bce714567 | 3094 | |
wolfSSL | 7:481bce714567 | 3095 | #define EC_FREE_ALL(list, heap) |
wolfSSL | 7:481bce714567 | 3096 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 7:481bce714567 | 3097 | #define EC_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 3098 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 3099 | #define EC_VALIDATE_REQUEST(a, b) |
wolfSSL | 7:481bce714567 | 3100 | |
wolfSSL | 7:481bce714567 | 3101 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 7:481bce714567 | 3102 | |
wolfSSL | 7:481bce714567 | 3103 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3104 | /* Renegotiation Indication */ |
wolfSSL | 7:481bce714567 | 3105 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3106 | |
wolfSSL | 7:481bce714567 | 3107 | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 7:481bce714567 | 3108 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 7:481bce714567 | 3109 | |
wolfSSL | 7:481bce714567 | 3110 | static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, |
wolfSSL | 7:481bce714567 | 3111 | int isRequest) |
wolfSSL | 7:481bce714567 | 3112 | { |
wolfSSL | 7:481bce714567 | 3113 | byte length = OPAQUE8_LEN; /* empty info length */ |
wolfSSL | 7:481bce714567 | 3114 | |
wolfSSL | 7:481bce714567 | 3115 | /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */ |
wolfSSL | 7:481bce714567 | 3116 | if (data && data->enabled) { |
wolfSSL | 7:481bce714567 | 3117 | /* client sends client_verify_data only */ |
wolfSSL | 7:481bce714567 | 3118 | length += TLS_FINISHED_SZ; |
wolfSSL | 7:481bce714567 | 3119 | |
wolfSSL | 7:481bce714567 | 3120 | /* server also sends server_verify_data */ |
wolfSSL | 7:481bce714567 | 3121 | if (!isRequest) |
wolfSSL | 7:481bce714567 | 3122 | length += TLS_FINISHED_SZ; |
wolfSSL | 7:481bce714567 | 3123 | } |
wolfSSL | 7:481bce714567 | 3124 | |
wolfSSL | 7:481bce714567 | 3125 | return length; |
wolfSSL | 7:481bce714567 | 3126 | } |
wolfSSL | 7:481bce714567 | 3127 | |
wolfSSL | 7:481bce714567 | 3128 | static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, |
wolfSSL | 7:481bce714567 | 3129 | byte* output, int isRequest) |
wolfSSL | 7:481bce714567 | 3130 | { |
wolfSSL | 7:481bce714567 | 3131 | word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ |
wolfSSL | 7:481bce714567 | 3132 | |
wolfSSL | 7:481bce714567 | 3133 | if (data && data->enabled) { |
wolfSSL | 7:481bce714567 | 3134 | /* client sends client_verify_data only */ |
wolfSSL | 7:481bce714567 | 3135 | XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 7:481bce714567 | 3136 | offset += TLS_FINISHED_SZ; |
wolfSSL | 7:481bce714567 | 3137 | |
wolfSSL | 7:481bce714567 | 3138 | /* server also sends server_verify_data */ |
wolfSSL | 7:481bce714567 | 3139 | if (!isRequest) { |
wolfSSL | 7:481bce714567 | 3140 | XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 7:481bce714567 | 3141 | offset += TLS_FINISHED_SZ; |
wolfSSL | 7:481bce714567 | 3142 | } |
wolfSSL | 7:481bce714567 | 3143 | } |
wolfSSL | 7:481bce714567 | 3144 | |
wolfSSL | 7:481bce714567 | 3145 | output[0] = (byte)(offset - 1); /* info length - self */ |
wolfSSL | 7:481bce714567 | 3146 | |
wolfSSL | 7:481bce714567 | 3147 | return offset; |
wolfSSL | 7:481bce714567 | 3148 | } |
wolfSSL | 7:481bce714567 | 3149 | |
wolfSSL | 7:481bce714567 | 3150 | static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 7:481bce714567 | 3151 | word16 length, byte isRequest) |
wolfSSL | 7:481bce714567 | 3152 | { |
wolfSSL | 7:481bce714567 | 3153 | int ret = SECURE_RENEGOTIATION_E; |
wolfSSL | 7:481bce714567 | 3154 | |
wolfSSL | 7:481bce714567 | 3155 | if (length >= OPAQUE8_LEN) { |
wolfSSL | 7:481bce714567 | 3156 | if (ssl->secure_renegotiation == NULL) { |
wolfSSL | 7:481bce714567 | 3157 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 3158 | if (isRequest && *input == 0) { |
wolfSSL | 7:481bce714567 | 3159 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 7:481bce714567 | 3160 | if (length == OPAQUE8_LEN) { |
wolfSSL | 7:481bce714567 | 3161 | if (TLSX_Find(ssl->extensions, |
wolfSSL | 7:481bce714567 | 3162 | TLSX_RENEGOTIATION_INFO) == NULL) { |
wolfSSL | 7:481bce714567 | 3163 | ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, |
wolfSSL | 7:481bce714567 | 3164 | ssl->heap); |
wolfSSL | 7:481bce714567 | 3165 | if (ret == SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 3166 | ret = 0; |
wolfSSL | 7:481bce714567 | 3167 | |
wolfSSL | 7:481bce714567 | 3168 | } else { |
wolfSSL | 7:481bce714567 | 3169 | ret = 0; |
wolfSSL | 7:481bce714567 | 3170 | } |
wolfSSL | 7:481bce714567 | 3171 | } |
wolfSSL | 7:481bce714567 | 3172 | #else |
wolfSSL | 7:481bce714567 | 3173 | ret = 0; /* don't reply, user didn't enable */ |
wolfSSL | 7:481bce714567 | 3174 | #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ |
wolfSSL | 7:481bce714567 | 3175 | } |
wolfSSL | 7:481bce714567 | 3176 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 7:481bce714567 | 3177 | else if (!isRequest) { |
wolfSSL | 7:481bce714567 | 3178 | /* don't do anything on client side */ |
wolfSSL | 7:481bce714567 | 3179 | ret = 0; |
wolfSSL | 7:481bce714567 | 3180 | } |
wolfSSL | 7:481bce714567 | 3181 | #endif |
wolfSSL | 7:481bce714567 | 3182 | #endif |
wolfSSL | 7:481bce714567 | 3183 | } |
wolfSSL | 7:481bce714567 | 3184 | else if (isRequest) { |
wolfSSL | 7:481bce714567 | 3185 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 3186 | if (*input == TLS_FINISHED_SZ) { |
wolfSSL | 7:481bce714567 | 3187 | /* TODO compare client_verify_data */ |
wolfSSL | 7:481bce714567 | 3188 | ret = 0; |
wolfSSL | 7:481bce714567 | 3189 | } |
wolfSSL | 7:481bce714567 | 3190 | #endif |
wolfSSL | 7:481bce714567 | 3191 | } |
wolfSSL | 7:481bce714567 | 3192 | else { |
wolfSSL | 7:481bce714567 | 3193 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 3194 | if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 7:481bce714567 | 3195 | if (*input == 0) { |
wolfSSL | 7:481bce714567 | 3196 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 7:481bce714567 | 3197 | ret = 0; |
wolfSSL | 7:481bce714567 | 3198 | } |
wolfSSL | 7:481bce714567 | 3199 | } |
wolfSSL | 7:481bce714567 | 3200 | else if (*input == 2 * TLS_FINISHED_SZ && |
wolfSSL | 7:481bce714567 | 3201 | length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) { |
wolfSSL | 7:481bce714567 | 3202 | input++; /* get past size */ |
wolfSSL | 7:481bce714567 | 3203 | |
wolfSSL | 7:481bce714567 | 3204 | /* validate client and server verify data */ |
wolfSSL | 7:481bce714567 | 3205 | if (XMEMCMP(input, |
wolfSSL | 7:481bce714567 | 3206 | ssl->secure_renegotiation->client_verify_data, |
wolfSSL | 7:481bce714567 | 3207 | TLS_FINISHED_SZ) == 0 && |
wolfSSL | 7:481bce714567 | 3208 | XMEMCMP(input + TLS_FINISHED_SZ, |
wolfSSL | 7:481bce714567 | 3209 | ssl->secure_renegotiation->server_verify_data, |
wolfSSL | 7:481bce714567 | 3210 | TLS_FINISHED_SZ) == 0) { |
wolfSSL | 7:481bce714567 | 3211 | WOLFSSL_MSG("SCR client and server verify data match"); |
wolfSSL | 7:481bce714567 | 3212 | ret = 0; /* verified */ |
wolfSSL | 7:481bce714567 | 3213 | } else { |
wolfSSL | 7:481bce714567 | 3214 | /* already in error state */ |
wolfSSL | 7:481bce714567 | 3215 | WOLFSSL_MSG("SCR client and server verify data Failure"); |
wolfSSL | 7:481bce714567 | 3216 | } |
wolfSSL | 7:481bce714567 | 3217 | } |
wolfSSL | 7:481bce714567 | 3218 | #endif |
wolfSSL | 7:481bce714567 | 3219 | } |
wolfSSL | 7:481bce714567 | 3220 | } |
wolfSSL | 7:481bce714567 | 3221 | |
wolfSSL | 7:481bce714567 | 3222 | if (ret != 0) { |
wolfSSL | 7:481bce714567 | 3223 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 7:481bce714567 | 3224 | } |
wolfSSL | 7:481bce714567 | 3225 | |
wolfSSL | 7:481bce714567 | 3226 | return ret; |
wolfSSL | 7:481bce714567 | 3227 | } |
wolfSSL | 7:481bce714567 | 3228 | |
wolfSSL | 7:481bce714567 | 3229 | int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap) |
wolfSSL | 7:481bce714567 | 3230 | { |
wolfSSL | 7:481bce714567 | 3231 | int ret = 0; |
wolfSSL | 7:481bce714567 | 3232 | SecureRenegotiation* data = NULL; |
wolfSSL | 7:481bce714567 | 3233 | |
wolfSSL | 7:481bce714567 | 3234 | data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap, |
wolfSSL | 7:481bce714567 | 3235 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3236 | if (data == NULL) |
wolfSSL | 7:481bce714567 | 3237 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3238 | |
wolfSSL | 7:481bce714567 | 3239 | XMEMSET(data, 0, sizeof(SecureRenegotiation)); |
wolfSSL | 7:481bce714567 | 3240 | |
wolfSSL | 7:481bce714567 | 3241 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap); |
wolfSSL | 7:481bce714567 | 3242 | if (ret != 0) { |
wolfSSL | 7:481bce714567 | 3243 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3244 | return ret; |
wolfSSL | 7:481bce714567 | 3245 | } |
wolfSSL | 7:481bce714567 | 3246 | |
wolfSSL | 7:481bce714567 | 3247 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 3248 | } |
wolfSSL | 7:481bce714567 | 3249 | |
wolfSSL | 7:481bce714567 | 3250 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 7:481bce714567 | 3251 | |
wolfSSL | 7:481bce714567 | 3252 | int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) |
wolfSSL | 7:481bce714567 | 3253 | { |
wolfSSL | 7:481bce714567 | 3254 | int ret; |
wolfSSL | 7:481bce714567 | 3255 | |
wolfSSL | 7:481bce714567 | 3256 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, NULL, heap); |
wolfSSL | 7:481bce714567 | 3257 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 3258 | return ret; |
wolfSSL | 7:481bce714567 | 3259 | |
wolfSSL | 7:481bce714567 | 3260 | /* send empty renegotiation_info extension */ |
wolfSSL | 7:481bce714567 | 3261 | TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 7:481bce714567 | 3262 | if (ext) |
wolfSSL | 7:481bce714567 | 3263 | ext->resp = 1; |
wolfSSL | 7:481bce714567 | 3264 | |
wolfSSL | 7:481bce714567 | 3265 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 3266 | } |
wolfSSL | 7:481bce714567 | 3267 | |
wolfSSL | 7:481bce714567 | 3268 | #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ |
wolfSSL | 7:481bce714567 | 3269 | |
wolfSSL | 7:481bce714567 | 3270 | |
wolfSSL | 7:481bce714567 | 3271 | #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 7:481bce714567 | 3272 | #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize |
wolfSSL | 7:481bce714567 | 3273 | #define SCR_WRITE TLSX_SecureRenegotiation_Write |
wolfSSL | 7:481bce714567 | 3274 | #define SCR_PARSE TLSX_SecureRenegotiation_Parse |
wolfSSL | 7:481bce714567 | 3275 | |
wolfSSL | 7:481bce714567 | 3276 | #else |
wolfSSL | 7:481bce714567 | 3277 | |
wolfSSL | 7:481bce714567 | 3278 | #define SCR_FREE_ALL(a, heap) |
wolfSSL | 7:481bce714567 | 3279 | #define SCR_GET_SIZE(a, b) 0 |
wolfSSL | 7:481bce714567 | 3280 | #define SCR_WRITE(a, b, c) 0 |
wolfSSL | 7:481bce714567 | 3281 | #define SCR_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 3282 | |
wolfSSL | 7:481bce714567 | 3283 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 7:481bce714567 | 3284 | |
wolfSSL | 7:481bce714567 | 3285 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3286 | /* Session Tickets */ |
wolfSSL | 7:481bce714567 | 3287 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3288 | |
wolfSSL | 7:481bce714567 | 3289 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 7:481bce714567 | 3290 | |
wolfSSL | 7:481bce714567 | 3291 | static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 3292 | { |
wolfSSL | 7:481bce714567 | 3293 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); |
wolfSSL | 7:481bce714567 | 3294 | SessionTicket* ticket = extension ? |
wolfSSL | 7:481bce714567 | 3295 | (SessionTicket*)extension->data : NULL; |
wolfSSL | 7:481bce714567 | 3296 | |
wolfSSL | 7:481bce714567 | 3297 | if (ticket) { |
wolfSSL | 7:481bce714567 | 3298 | /* TODO validate ticket timeout here! */ |
wolfSSL | 7:481bce714567 | 3299 | if (ticket->lifetime == 0xfffffff) { |
wolfSSL | 7:481bce714567 | 3300 | /* send empty ticket on timeout */ |
wolfSSL | 7:481bce714567 | 3301 | TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 7:481bce714567 | 3302 | } |
wolfSSL | 7:481bce714567 | 3303 | } |
wolfSSL | 7:481bce714567 | 3304 | } |
wolfSSL | 7:481bce714567 | 3305 | |
wolfSSL | 7:481bce714567 | 3306 | |
wolfSSL | 7:481bce714567 | 3307 | static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) |
wolfSSL | 7:481bce714567 | 3308 | { |
wolfSSL | 7:481bce714567 | 3309 | (void)isRequest; |
wolfSSL | 7:481bce714567 | 3310 | return ticket ? ticket->size : 0; |
wolfSSL | 7:481bce714567 | 3311 | } |
wolfSSL | 7:481bce714567 | 3312 | |
wolfSSL | 7:481bce714567 | 3313 | static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output, |
wolfSSL | 7:481bce714567 | 3314 | int isRequest) |
wolfSSL | 7:481bce714567 | 3315 | { |
wolfSSL | 7:481bce714567 | 3316 | word16 offset = 0; /* empty ticket */ |
wolfSSL | 7:481bce714567 | 3317 | |
wolfSSL | 7:481bce714567 | 3318 | if (isRequest && ticket) { |
wolfSSL | 7:481bce714567 | 3319 | XMEMCPY(output + offset, ticket->data, ticket->size); |
wolfSSL | 7:481bce714567 | 3320 | offset += ticket->size; |
wolfSSL | 7:481bce714567 | 3321 | } |
wolfSSL | 7:481bce714567 | 3322 | |
wolfSSL | 7:481bce714567 | 3323 | return offset; |
wolfSSL | 7:481bce714567 | 3324 | } |
wolfSSL | 7:481bce714567 | 3325 | |
wolfSSL | 7:481bce714567 | 3326 | |
wolfSSL | 7:481bce714567 | 3327 | static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 3328 | byte isRequest) |
wolfSSL | 7:481bce714567 | 3329 | { |
wolfSSL | 7:481bce714567 | 3330 | int ret = 0; |
wolfSSL | 7:481bce714567 | 3331 | |
wolfSSL | 7:481bce714567 | 3332 | (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */ |
wolfSSL | 7:481bce714567 | 3333 | |
wolfSSL | 7:481bce714567 | 3334 | if (!isRequest) { |
wolfSSL | 7:481bce714567 | 3335 | /* client side */ |
wolfSSL | 7:481bce714567 | 3336 | if (length != 0) |
wolfSSL | 7:481bce714567 | 3337 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 3338 | |
wolfSSL | 7:481bce714567 | 3339 | ssl->expect_session_ticket = 1; |
wolfSSL | 7:481bce714567 | 3340 | } |
wolfSSL | 7:481bce714567 | 3341 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 3342 | else { |
wolfSSL | 7:481bce714567 | 3343 | /* server side */ |
wolfSSL | 7:481bce714567 | 3344 | if (ssl->ctx->ticketEncCb == NULL) { |
wolfSSL | 7:481bce714567 | 3345 | WOLFSSL_MSG("Client sent session ticket, server has no callback"); |
wolfSSL | 7:481bce714567 | 3346 | return 0; |
wolfSSL | 7:481bce714567 | 3347 | } |
wolfSSL | 7:481bce714567 | 3348 | |
wolfSSL | 7:481bce714567 | 3349 | if (length == 0) { |
wolfSSL | 7:481bce714567 | 3350 | /* blank ticket */ |
wolfSSL | 7:481bce714567 | 3351 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 7:481bce714567 | 3352 | if (ret == SSL_SUCCESS) { |
wolfSSL | 7:481bce714567 | 3353 | ret = 0; |
wolfSSL | 7:481bce714567 | 3354 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ |
wolfSSL | 7:481bce714567 | 3355 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 7:481bce714567 | 3356 | ssl->options.useTicket = 1; |
wolfSSL | 7:481bce714567 | 3357 | ssl->options.resuming = 0; /* no standard resumption */ |
wolfSSL | 7:481bce714567 | 3358 | ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */ |
wolfSSL | 7:481bce714567 | 3359 | } |
wolfSSL | 7:481bce714567 | 3360 | } else { |
wolfSSL | 7:481bce714567 | 3361 | /* got actual ticket from client */ |
wolfSSL | 7:481bce714567 | 3362 | ret = DoClientTicket(ssl, input, length); |
wolfSSL | 7:481bce714567 | 3363 | if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */ |
wolfSSL | 7:481bce714567 | 3364 | WOLFSSL_MSG("Using exisitng client ticket"); |
wolfSSL | 7:481bce714567 | 3365 | ssl->options.useTicket = 1; |
wolfSSL | 7:481bce714567 | 3366 | ssl->options.resuming = 1; |
wolfSSL | 7:481bce714567 | 3367 | } else if (ret == WOLFSSL_TICKET_RET_CREATE) { |
wolfSSL | 7:481bce714567 | 3368 | WOLFSSL_MSG("Using existing client ticket, creating new one"); |
wolfSSL | 7:481bce714567 | 3369 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 7:481bce714567 | 3370 | if (ret == SSL_SUCCESS) { |
wolfSSL | 7:481bce714567 | 3371 | ret = 0; |
wolfSSL | 7:481bce714567 | 3372 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); |
wolfSSL | 7:481bce714567 | 3373 | /* send blank ticket */ |
wolfSSL | 7:481bce714567 | 3374 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 7:481bce714567 | 3375 | ssl->options.useTicket = 1; |
wolfSSL | 7:481bce714567 | 3376 | ssl->options.resuming = 1; |
wolfSSL | 7:481bce714567 | 3377 | } |
wolfSSL | 7:481bce714567 | 3378 | } else if (ret == WOLFSSL_TICKET_RET_REJECT) { |
wolfSSL | 7:481bce714567 | 3379 | WOLFSSL_MSG("Process client ticket rejected, not using"); |
wolfSSL | 7:481bce714567 | 3380 | ssl->options.rejectTicket = 1; |
wolfSSL | 7:481bce714567 | 3381 | ret = 0; /* not fatal */ |
wolfSSL | 7:481bce714567 | 3382 | } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { |
wolfSSL | 7:481bce714567 | 3383 | WOLFSSL_MSG("Process client ticket fatal error, not using"); |
wolfSSL | 7:481bce714567 | 3384 | } |
wolfSSL | 7:481bce714567 | 3385 | } |
wolfSSL | 7:481bce714567 | 3386 | } |
wolfSSL | 7:481bce714567 | 3387 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 3388 | |
wolfSSL | 7:481bce714567 | 3389 | return ret; |
wolfSSL | 7:481bce714567 | 3390 | } |
wolfSSL | 7:481bce714567 | 3391 | |
wolfSSL | 7:481bce714567 | 3392 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 7:481bce714567 | 3393 | byte* data, word16 size, void* heap) |
wolfSSL | 7:481bce714567 | 3394 | { |
wolfSSL | 7:481bce714567 | 3395 | SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket), |
wolfSSL | 7:481bce714567 | 3396 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3397 | if (ticket) { |
wolfSSL | 7:481bce714567 | 3398 | ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3399 | if (ticket->data == NULL) { |
wolfSSL | 7:481bce714567 | 3400 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3401 | return NULL; |
wolfSSL | 7:481bce714567 | 3402 | } |
wolfSSL | 7:481bce714567 | 3403 | |
wolfSSL | 7:481bce714567 | 3404 | XMEMCPY(ticket->data, data, size); |
wolfSSL | 7:481bce714567 | 3405 | ticket->size = size; |
wolfSSL | 7:481bce714567 | 3406 | ticket->lifetime = lifetime; |
wolfSSL | 7:481bce714567 | 3407 | } |
wolfSSL | 7:481bce714567 | 3408 | |
wolfSSL | 7:481bce714567 | 3409 | return ticket; |
wolfSSL | 7:481bce714567 | 3410 | } |
wolfSSL | 7:481bce714567 | 3411 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap) |
wolfSSL | 7:481bce714567 | 3412 | { |
wolfSSL | 7:481bce714567 | 3413 | if (ticket) { |
wolfSSL | 7:481bce714567 | 3414 | XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3415 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3416 | } |
wolfSSL | 7:481bce714567 | 3417 | |
wolfSSL | 7:481bce714567 | 3418 | (void)heap; |
wolfSSL | 7:481bce714567 | 3419 | } |
wolfSSL | 7:481bce714567 | 3420 | |
wolfSSL | 7:481bce714567 | 3421 | int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap) |
wolfSSL | 7:481bce714567 | 3422 | { |
wolfSSL | 7:481bce714567 | 3423 | int ret = 0; |
wolfSSL | 7:481bce714567 | 3424 | |
wolfSSL | 7:481bce714567 | 3425 | if (extensions == NULL) |
wolfSSL | 7:481bce714567 | 3426 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 3427 | |
wolfSSL | 7:481bce714567 | 3428 | /* If the ticket is NULL, the client will request a new ticket from the |
wolfSSL | 7:481bce714567 | 3429 | server. Otherwise, the client will use it in the next client hello. */ |
wolfSSL | 7:481bce714567 | 3430 | if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap)) |
wolfSSL | 7:481bce714567 | 3431 | != 0) |
wolfSSL | 7:481bce714567 | 3432 | return ret; |
wolfSSL | 7:481bce714567 | 3433 | |
wolfSSL | 7:481bce714567 | 3434 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 3435 | } |
wolfSSL | 7:481bce714567 | 3436 | |
wolfSSL | 7:481bce714567 | 3437 | #define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest |
wolfSSL | 7:481bce714567 | 3438 | #define STK_GET_SIZE TLSX_SessionTicket_GetSize |
wolfSSL | 7:481bce714567 | 3439 | #define STK_WRITE TLSX_SessionTicket_Write |
wolfSSL | 7:481bce714567 | 3440 | #define STK_PARSE TLSX_SessionTicket_Parse |
wolfSSL | 7:481bce714567 | 3441 | #define STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap)) |
wolfSSL | 7:481bce714567 | 3442 | |
wolfSSL | 7:481bce714567 | 3443 | #else |
wolfSSL | 7:481bce714567 | 3444 | |
wolfSSL | 7:481bce714567 | 3445 | #define STK_FREE(a, b) |
wolfSSL | 7:481bce714567 | 3446 | #define STK_VALIDATE_REQUEST(a) |
wolfSSL | 7:481bce714567 | 3447 | #define STK_GET_SIZE(a, b) 0 |
wolfSSL | 7:481bce714567 | 3448 | #define STK_WRITE(a, b, c) 0 |
wolfSSL | 7:481bce714567 | 3449 | #define STK_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 3450 | |
wolfSSL | 7:481bce714567 | 3451 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 7:481bce714567 | 3452 | |
wolfSSL | 7:481bce714567 | 3453 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3454 | /* Quantum-Safe-Hybrid */ |
wolfSSL | 7:481bce714567 | 3455 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 3456 | |
wolfSSL | 7:481bce714567 | 3457 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 3458 | static WC_RNG* rng; |
wolfSSL | 7:481bce714567 | 3459 | static wolfSSL_Mutex* rngMutex; |
wolfSSL | 7:481bce714567 | 3460 | |
wolfSSL | 7:481bce714567 | 3461 | static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap) |
wolfSSL | 7:481bce714567 | 3462 | { |
wolfSSL | 7:481bce714567 | 3463 | QSHScheme* current; |
wolfSSL | 7:481bce714567 | 3464 | |
wolfSSL | 7:481bce714567 | 3465 | while ((current = list)) { |
wolfSSL | 7:481bce714567 | 3466 | list = current->next; |
wolfSSL | 7:481bce714567 | 3467 | XFREE(current, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3468 | } |
wolfSSL | 7:481bce714567 | 3469 | |
wolfSSL | 7:481bce714567 | 3470 | (void)heap; |
wolfSSL | 7:481bce714567 | 3471 | } |
wolfSSL | 7:481bce714567 | 3472 | |
wolfSSL | 7:481bce714567 | 3473 | static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub, |
wolfSSL | 7:481bce714567 | 3474 | word16 pubLen) |
wolfSSL | 7:481bce714567 | 3475 | { |
wolfSSL | 7:481bce714567 | 3476 | QSHScheme* temp; |
wolfSSL | 7:481bce714567 | 3477 | |
wolfSSL | 7:481bce714567 | 3478 | if (list == NULL) |
wolfSSL | 7:481bce714567 | 3479 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 3480 | |
wolfSSL | 7:481bce714567 | 3481 | if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL, |
wolfSSL | 7:481bce714567 | 3482 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 3483 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3484 | |
wolfSSL | 7:481bce714567 | 3485 | temp->name = name; |
wolfSSL | 7:481bce714567 | 3486 | temp->PK = pub; |
wolfSSL | 7:481bce714567 | 3487 | temp->PKLen = pubLen; |
wolfSSL | 7:481bce714567 | 3488 | temp->next = *list; |
wolfSSL | 7:481bce714567 | 3489 | |
wolfSSL | 7:481bce714567 | 3490 | *list = temp; |
wolfSSL | 7:481bce714567 | 3491 | |
wolfSSL | 7:481bce714567 | 3492 | return 0; |
wolfSSL | 7:481bce714567 | 3493 | } |
wolfSSL | 7:481bce714567 | 3494 | |
wolfSSL | 7:481bce714567 | 3495 | |
wolfSSL | 7:481bce714567 | 3496 | /* request for server's public key : 02 indicates 0-2 requested */ |
wolfSSL | 7:481bce714567 | 3497 | static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest) |
wolfSSL | 7:481bce714567 | 3498 | { |
wolfSSL | 7:481bce714567 | 3499 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 3500 | /* only request one public key from the server */ |
wolfSSL | 7:481bce714567 | 3501 | output[0] = 0x01; |
wolfSSL | 7:481bce714567 | 3502 | |
wolfSSL | 7:481bce714567 | 3503 | return OPAQUE8_LEN; |
wolfSSL | 7:481bce714567 | 3504 | } |
wolfSSL | 7:481bce714567 | 3505 | else { |
wolfSSL | 7:481bce714567 | 3506 | return 0; |
wolfSSL | 7:481bce714567 | 3507 | } |
wolfSSL | 7:481bce714567 | 3508 | } |
wolfSSL | 7:481bce714567 | 3509 | |
wolfSSL | 7:481bce714567 | 3510 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 3511 | |
wolfSSL | 7:481bce714567 | 3512 | /* check for TLS_QSH suite */ |
wolfSSL | 7:481bce714567 | 3513 | static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 7:481bce714567 | 3514 | { |
wolfSSL | 7:481bce714567 | 3515 | int i; |
wolfSSL | 7:481bce714567 | 3516 | |
wolfSSL | 7:481bce714567 | 3517 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 7:481bce714567 | 3518 | if (ssl->suites->suites[i] == QSH_BYTE) |
wolfSSL | 7:481bce714567 | 3519 | return; |
wolfSSL | 7:481bce714567 | 3520 | |
wolfSSL | 7:481bce714567 | 3521 | /* No QSH suite found */ |
wolfSSL | 7:481bce714567 | 3522 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID)); |
wolfSSL | 7:481bce714567 | 3523 | } |
wolfSSL | 7:481bce714567 | 3524 | |
wolfSSL | 7:481bce714567 | 3525 | |
wolfSSL | 7:481bce714567 | 3526 | /* return the size of the QSH hello extension |
wolfSSL | 7:481bce714567 | 3527 | list the list of QSHScheme structs containing id and key |
wolfSSL | 7:481bce714567 | 3528 | isRequest if 1 then is being sent to the server |
wolfSSL | 7:481bce714567 | 3529 | */ |
wolfSSL | 7:481bce714567 | 3530 | word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest) |
wolfSSL | 7:481bce714567 | 3531 | { |
wolfSSL | 7:481bce714567 | 3532 | QSHScheme* temp = list; |
wolfSSL | 7:481bce714567 | 3533 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 3534 | |
wolfSSL | 7:481bce714567 | 3535 | /* account for size of scheme list and public key list */ |
wolfSSL | 7:481bce714567 | 3536 | if (isRequest) |
wolfSSL | 7:481bce714567 | 3537 | length = OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3538 | length += OPAQUE24_LEN; |
wolfSSL | 7:481bce714567 | 3539 | |
wolfSSL | 7:481bce714567 | 3540 | /* for each non null element in list add size */ |
wolfSSL | 7:481bce714567 | 3541 | while ((temp)) { |
wolfSSL | 7:481bce714567 | 3542 | /* add public key info Scheme | Key Length | Key */ |
wolfSSL | 7:481bce714567 | 3543 | length += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3544 | length += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3545 | length += temp->PKLen; |
wolfSSL | 7:481bce714567 | 3546 | |
wolfSSL | 7:481bce714567 | 3547 | /* if client add name size for scheme list |
wolfSSL | 7:481bce714567 | 3548 | advance to next QSHScheme struct in list */ |
wolfSSL | 7:481bce714567 | 3549 | if (isRequest) |
wolfSSL | 7:481bce714567 | 3550 | length += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3551 | temp = temp->next; |
wolfSSL | 7:481bce714567 | 3552 | } |
wolfSSL | 7:481bce714567 | 3553 | |
wolfSSL | 7:481bce714567 | 3554 | /* add length for request server public keys */ |
wolfSSL | 7:481bce714567 | 3555 | if (isRequest) |
wolfSSL | 7:481bce714567 | 3556 | length += OPAQUE8_LEN; |
wolfSSL | 7:481bce714567 | 3557 | |
wolfSSL | 7:481bce714567 | 3558 | return length; |
wolfSSL | 7:481bce714567 | 3559 | } |
wolfSSL | 7:481bce714567 | 3560 | |
wolfSSL | 7:481bce714567 | 3561 | |
wolfSSL | 7:481bce714567 | 3562 | /* write out a list of QSHScheme IDs */ |
wolfSSL | 7:481bce714567 | 3563 | static word16 TLSX_QSH_Write(QSHScheme* list, byte* output) |
wolfSSL | 7:481bce714567 | 3564 | { |
wolfSSL | 7:481bce714567 | 3565 | QSHScheme* current = list; |
wolfSSL | 7:481bce714567 | 3566 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 3567 | |
wolfSSL | 7:481bce714567 | 3568 | length += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3569 | |
wolfSSL | 7:481bce714567 | 3570 | while (current) { |
wolfSSL | 7:481bce714567 | 3571 | c16toa(current->name, output + length); |
wolfSSL | 7:481bce714567 | 3572 | length += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3573 | current = (QSHScheme*)current->next; |
wolfSSL | 7:481bce714567 | 3574 | } |
wolfSSL | 7:481bce714567 | 3575 | |
wolfSSL | 7:481bce714567 | 3576 | c16toa(length - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 7:481bce714567 | 3577 | |
wolfSSL | 7:481bce714567 | 3578 | return length; |
wolfSSL | 7:481bce714567 | 3579 | } |
wolfSSL | 7:481bce714567 | 3580 | |
wolfSSL | 7:481bce714567 | 3581 | |
wolfSSL | 7:481bce714567 | 3582 | /* write public key list in extension */ |
wolfSSL | 7:481bce714567 | 3583 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output); |
wolfSSL | 7:481bce714567 | 3584 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output) |
wolfSSL | 7:481bce714567 | 3585 | { |
wolfSSL | 7:481bce714567 | 3586 | word32 offset = 0; |
wolfSSL | 7:481bce714567 | 3587 | word16 public_len = 0; |
wolfSSL | 7:481bce714567 | 3588 | |
wolfSSL | 7:481bce714567 | 3589 | if (!format) |
wolfSSL | 7:481bce714567 | 3590 | return offset; |
wolfSSL | 7:481bce714567 | 3591 | |
wolfSSL | 7:481bce714567 | 3592 | /* write scheme ID */ |
wolfSSL | 7:481bce714567 | 3593 | c16toa(format->name, output + offset); |
wolfSSL | 7:481bce714567 | 3594 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3595 | |
wolfSSL | 7:481bce714567 | 3596 | /* write public key matching scheme */ |
wolfSSL | 7:481bce714567 | 3597 | public_len = format->PKLen; |
wolfSSL | 7:481bce714567 | 3598 | c16toa(public_len, output + offset); |
wolfSSL | 7:481bce714567 | 3599 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3600 | if (format->PK) { |
wolfSSL | 7:481bce714567 | 3601 | XMEMCPY(output+offset, format->PK, public_len); |
wolfSSL | 7:481bce714567 | 3602 | } |
wolfSSL | 7:481bce714567 | 3603 | |
wolfSSL | 7:481bce714567 | 3604 | return public_len + offset; |
wolfSSL | 7:481bce714567 | 3605 | } |
wolfSSL | 7:481bce714567 | 3606 | |
wolfSSL | 7:481bce714567 | 3607 | word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output) |
wolfSSL | 7:481bce714567 | 3608 | { |
wolfSSL | 7:481bce714567 | 3609 | QSHScheme* current = list; |
wolfSSL | 7:481bce714567 | 3610 | word32 length = 0; |
wolfSSL | 7:481bce714567 | 3611 | word24 toWire; |
wolfSSL | 7:481bce714567 | 3612 | |
wolfSSL | 7:481bce714567 | 3613 | length += OPAQUE24_LEN; |
wolfSSL | 7:481bce714567 | 3614 | |
wolfSSL | 7:481bce714567 | 3615 | while (current) { |
wolfSSL | 7:481bce714567 | 3616 | length += TLSX_QSHPK_WriteR(current, output + length); |
wolfSSL | 7:481bce714567 | 3617 | current = (QSHScheme*)current->next; |
wolfSSL | 7:481bce714567 | 3618 | } |
wolfSSL | 7:481bce714567 | 3619 | /* length of public keys sent */ |
wolfSSL | 7:481bce714567 | 3620 | c32to24(length - OPAQUE24_LEN, toWire); |
wolfSSL | 7:481bce714567 | 3621 | output[0] = toWire[0]; |
wolfSSL | 7:481bce714567 | 3622 | output[1] = toWire[1]; |
wolfSSL | 7:481bce714567 | 3623 | output[2] = toWire[2]; |
wolfSSL | 7:481bce714567 | 3624 | |
wolfSSL | 7:481bce714567 | 3625 | return length; |
wolfSSL | 7:481bce714567 | 3626 | } |
wolfSSL | 7:481bce714567 | 3627 | |
wolfSSL | 7:481bce714567 | 3628 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 7:481bce714567 | 3629 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 3630 | |
wolfSSL | 7:481bce714567 | 3631 | static void TLSX_QSHAgreement(TLSX** extensions, void* heap) |
wolfSSL | 7:481bce714567 | 3632 | { |
wolfSSL | 7:481bce714567 | 3633 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 3634 | QSHScheme* format = NULL; |
wolfSSL | 7:481bce714567 | 3635 | QSHScheme* del = NULL; |
wolfSSL | 7:481bce714567 | 3636 | QSHScheme* prev = NULL; |
wolfSSL | 7:481bce714567 | 3637 | |
wolfSSL | 7:481bce714567 | 3638 | if (extension == NULL) |
wolfSSL | 7:481bce714567 | 3639 | return; |
wolfSSL | 7:481bce714567 | 3640 | |
wolfSSL | 7:481bce714567 | 3641 | format = (QSHScheme*)extension->data; |
wolfSSL | 7:481bce714567 | 3642 | while (format) { |
wolfSSL | 7:481bce714567 | 3643 | if (format->PKLen == 0) { |
wolfSSL | 7:481bce714567 | 3644 | /* case of head */ |
wolfSSL | 7:481bce714567 | 3645 | if (format == extension->data) { |
wolfSSL | 7:481bce714567 | 3646 | extension->data = format->next; |
wolfSSL | 7:481bce714567 | 3647 | } |
wolfSSL | 7:481bce714567 | 3648 | if (prev) |
wolfSSL | 7:481bce714567 | 3649 | prev->next = format->next; |
wolfSSL | 7:481bce714567 | 3650 | del = format; |
wolfSSL | 7:481bce714567 | 3651 | format = format->next; |
wolfSSL | 7:481bce714567 | 3652 | XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 3653 | del = NULL; |
wolfSSL | 7:481bce714567 | 3654 | } else { |
wolfSSL | 7:481bce714567 | 3655 | prev = format; |
wolfSSL | 7:481bce714567 | 3656 | format = format->next; |
wolfSSL | 7:481bce714567 | 3657 | } |
wolfSSL | 7:481bce714567 | 3658 | } |
wolfSSL | 7:481bce714567 | 3659 | |
wolfSSL | 7:481bce714567 | 3660 | (void)heap; |
wolfSSL | 7:481bce714567 | 3661 | } |
wolfSSL | 7:481bce714567 | 3662 | |
wolfSSL | 7:481bce714567 | 3663 | |
wolfSSL | 7:481bce714567 | 3664 | /* Parse in hello extension |
wolfSSL | 7:481bce714567 | 3665 | input the byte stream to process |
wolfSSL | 7:481bce714567 | 3666 | length length of total extension found |
wolfSSL | 7:481bce714567 | 3667 | isRequest set to 1 if being sent to the server |
wolfSSL | 7:481bce714567 | 3668 | */ |
wolfSSL | 7:481bce714567 | 3669 | static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 3670 | byte isRequest) |
wolfSSL | 7:481bce714567 | 3671 | { |
wolfSSL | 7:481bce714567 | 3672 | byte numKeys = 0; |
wolfSSL | 7:481bce714567 | 3673 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 3674 | word16 schemSz = 0; |
wolfSSL | 7:481bce714567 | 3675 | word16 offset_len = 0; |
wolfSSL | 7:481bce714567 | 3676 | word32 offset_pk = 0; |
wolfSSL | 7:481bce714567 | 3677 | word16 name = 0; |
wolfSSL | 7:481bce714567 | 3678 | word16 PKLen = 0; |
wolfSSL | 7:481bce714567 | 3679 | byte* PK = NULL; |
wolfSSL | 7:481bce714567 | 3680 | int r; |
wolfSSL | 7:481bce714567 | 3681 | |
wolfSSL | 7:481bce714567 | 3682 | |
wolfSSL | 7:481bce714567 | 3683 | if (OPAQUE16_LEN > length) |
wolfSSL | 7:481bce714567 | 3684 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 3685 | |
wolfSSL | 7:481bce714567 | 3686 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 3687 | ato16(input, &schemSz); |
wolfSSL | 7:481bce714567 | 3688 | |
wolfSSL | 7:481bce714567 | 3689 | /* list of public keys available for QSH schemes */ |
wolfSSL | 7:481bce714567 | 3690 | offset_len = schemSz + OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3691 | } |
wolfSSL | 7:481bce714567 | 3692 | |
wolfSSL | 7:481bce714567 | 3693 | offset_pk = ((input[offset_len] << 16) & 0xFF00000) | |
wolfSSL | 7:481bce714567 | 3694 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 7:481bce714567 | 3695 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 7:481bce714567 | 3696 | offset_len += OPAQUE24_LEN; |
wolfSSL | 7:481bce714567 | 3697 | |
wolfSSL | 7:481bce714567 | 3698 | /* check buffer size */ |
wolfSSL | 7:481bce714567 | 3699 | if (offset_pk > length) |
wolfSSL | 7:481bce714567 | 3700 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 3701 | |
wolfSSL | 7:481bce714567 | 3702 | /* set maximum number of keys the client will accept */ |
wolfSSL | 7:481bce714567 | 3703 | if (!isRequest) |
wolfSSL | 7:481bce714567 | 3704 | numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest; |
wolfSSL | 7:481bce714567 | 3705 | |
wolfSSL | 7:481bce714567 | 3706 | /* hello extension read list of scheme ids */ |
wolfSSL | 7:481bce714567 | 3707 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 3708 | |
wolfSSL | 7:481bce714567 | 3709 | /* read in request for public keys */ |
wolfSSL | 7:481bce714567 | 3710 | ssl->minRequest = (input[length -1] >> 4) & 0xFF; |
wolfSSL | 7:481bce714567 | 3711 | ssl->maxRequest = input[length -1] & 0x0F; |
wolfSSL | 7:481bce714567 | 3712 | |
wolfSSL | 7:481bce714567 | 3713 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 7:481bce714567 | 3714 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 7:481bce714567 | 3715 | |
wolfSSL | 7:481bce714567 | 3716 | if (ssl->minRequest > ssl->maxRequest) |
wolfSSL | 7:481bce714567 | 3717 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 3718 | |
wolfSSL | 7:481bce714567 | 3719 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3720 | schemSz += offset; |
wolfSSL | 7:481bce714567 | 3721 | |
wolfSSL | 7:481bce714567 | 3722 | /* check buffer size */ |
wolfSSL | 7:481bce714567 | 3723 | if (schemSz > length) |
wolfSSL | 7:481bce714567 | 3724 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 3725 | |
wolfSSL | 7:481bce714567 | 3726 | while ((offset < schemSz) && numKeys) { |
wolfSSL | 7:481bce714567 | 3727 | /* Scheme ID list */ |
wolfSSL | 7:481bce714567 | 3728 | ato16(input + offset, &name); |
wolfSSL | 7:481bce714567 | 3729 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3730 | |
wolfSSL | 7:481bce714567 | 3731 | /* validate we have scheme id */ |
wolfSSL | 7:481bce714567 | 3732 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 7:481bce714567 | 3733 | !TLSX_ValidateQSHScheme(&ssl->extensions, name)) { |
wolfSSL | 7:481bce714567 | 3734 | continue; |
wolfSSL | 7:481bce714567 | 3735 | } |
wolfSSL | 7:481bce714567 | 3736 | |
wolfSSL | 7:481bce714567 | 3737 | /* server create keys on demand */ |
wolfSSL | 7:481bce714567 | 3738 | if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) { |
wolfSSL | 7:481bce714567 | 3739 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 7:481bce714567 | 3740 | return r; |
wolfSSL | 7:481bce714567 | 3741 | } |
wolfSSL | 7:481bce714567 | 3742 | |
wolfSSL | 7:481bce714567 | 3743 | /* peer sent an agreed upon scheme */ |
wolfSSL | 7:481bce714567 | 3744 | r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap); |
wolfSSL | 7:481bce714567 | 3745 | |
wolfSSL | 7:481bce714567 | 3746 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 7:481bce714567 | 3747 | |
wolfSSL | 7:481bce714567 | 3748 | numKeys--; |
wolfSSL | 7:481bce714567 | 3749 | } |
wolfSSL | 7:481bce714567 | 3750 | |
wolfSSL | 7:481bce714567 | 3751 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 7:481bce714567 | 3752 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 7:481bce714567 | 3753 | } |
wolfSSL | 7:481bce714567 | 3754 | |
wolfSSL | 7:481bce714567 | 3755 | /* QSHPK struct */ |
wolfSSL | 7:481bce714567 | 3756 | offset_pk += offset_len; |
wolfSSL | 7:481bce714567 | 3757 | while ((offset_len < offset_pk) && numKeys) { |
wolfSSL | 7:481bce714567 | 3758 | QSHKey * temp; |
wolfSSL | 7:481bce714567 | 3759 | |
wolfSSL | 7:481bce714567 | 3760 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 7:481bce714567 | 3761 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 3762 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3763 | |
wolfSSL | 7:481bce714567 | 3764 | /* initialize */ |
wolfSSL | 7:481bce714567 | 3765 | temp->next = NULL; |
wolfSSL | 7:481bce714567 | 3766 | temp->pub.buffer = NULL; |
wolfSSL | 7:481bce714567 | 3767 | temp->pub.length = 0; |
wolfSSL | 7:481bce714567 | 3768 | temp->pri.buffer = NULL; |
wolfSSL | 7:481bce714567 | 3769 | temp->pri.length = 0; |
wolfSSL | 7:481bce714567 | 3770 | |
wolfSSL | 7:481bce714567 | 3771 | /* scheme id */ |
wolfSSL | 7:481bce714567 | 3772 | ato16(input + offset_len, &(temp->name)); |
wolfSSL | 7:481bce714567 | 3773 | offset_len += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3774 | |
wolfSSL | 7:481bce714567 | 3775 | /* public key length */ |
wolfSSL | 7:481bce714567 | 3776 | ato16(input + offset_len, &PKLen); |
wolfSSL | 7:481bce714567 | 3777 | temp->pub.length = PKLen; |
wolfSSL | 7:481bce714567 | 3778 | offset_len += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3779 | |
wolfSSL | 7:481bce714567 | 3780 | |
wolfSSL | 7:481bce714567 | 3781 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 3782 | /* validate we have scheme id */ |
wolfSSL | 7:481bce714567 | 3783 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 7:481bce714567 | 3784 | (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) { |
wolfSSL | 7:481bce714567 | 3785 | offset_len += PKLen; |
wolfSSL | 7:481bce714567 | 3786 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3787 | continue; |
wolfSSL | 7:481bce714567 | 3788 | } |
wolfSSL | 7:481bce714567 | 3789 | } |
wolfSSL | 7:481bce714567 | 3790 | |
wolfSSL | 7:481bce714567 | 3791 | /* read in public key */ |
wolfSSL | 7:481bce714567 | 3792 | if (PKLen > 0) { |
wolfSSL | 7:481bce714567 | 3793 | temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, |
wolfSSL | 7:481bce714567 | 3794 | ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 7:481bce714567 | 3795 | XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); |
wolfSSL | 7:481bce714567 | 3796 | offset_len += PKLen; |
wolfSSL | 7:481bce714567 | 3797 | } |
wolfSSL | 7:481bce714567 | 3798 | else { |
wolfSSL | 7:481bce714567 | 3799 | PK = NULL; |
wolfSSL | 7:481bce714567 | 3800 | } |
wolfSSL | 7:481bce714567 | 3801 | |
wolfSSL | 7:481bce714567 | 3802 | /* use own key when adding to extensions list for sending reply */ |
wolfSSL | 7:481bce714567 | 3803 | PKLen = 0; |
wolfSSL | 7:481bce714567 | 3804 | PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name); |
wolfSSL | 7:481bce714567 | 3805 | r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen, |
wolfSSL | 7:481bce714567 | 3806 | ssl->heap); |
wolfSSL | 7:481bce714567 | 3807 | |
wolfSSL | 7:481bce714567 | 3808 | /* store peers key */ |
wolfSSL | 7:481bce714567 | 3809 | ssl->peerQSHKeyPresent = 1; |
wolfSSL | 7:481bce714567 | 3810 | if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0) |
wolfSSL | 7:481bce714567 | 3811 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3812 | |
wolfSSL | 7:481bce714567 | 3813 | if (temp->pub.length == 0) { |
wolfSSL | 7:481bce714567 | 3814 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3815 | } |
wolfSSL | 7:481bce714567 | 3816 | |
wolfSSL | 7:481bce714567 | 3817 | if (r != SSL_SUCCESS) {return r;} /* throw error */ |
wolfSSL | 7:481bce714567 | 3818 | |
wolfSSL | 7:481bce714567 | 3819 | numKeys--; |
wolfSSL | 7:481bce714567 | 3820 | } |
wolfSSL | 7:481bce714567 | 3821 | |
wolfSSL | 7:481bce714567 | 3822 | /* reply to a QSH extension sent from client */ |
wolfSSL | 7:481bce714567 | 3823 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 3824 | TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 3825 | /* only use schemes we have key generated for -- free the rest */ |
wolfSSL | 7:481bce714567 | 3826 | TLSX_QSHAgreement(&ssl->extensions, ssl->heap); |
wolfSSL | 7:481bce714567 | 3827 | } |
wolfSSL | 7:481bce714567 | 3828 | |
wolfSSL | 7:481bce714567 | 3829 | return 0; |
wolfSSL | 7:481bce714567 | 3830 | } |
wolfSSL | 7:481bce714567 | 3831 | |
wolfSSL | 7:481bce714567 | 3832 | |
wolfSSL | 7:481bce714567 | 3833 | /* Used for parsing in QSHCipher structs on Key Exchange */ |
wolfSSL | 7:481bce714567 | 3834 | int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
wolfSSL | 7:481bce714567 | 3835 | byte isServer) |
wolfSSL | 7:481bce714567 | 3836 | { |
wolfSSL | 7:481bce714567 | 3837 | QSHKey* key; |
wolfSSL | 7:481bce714567 | 3838 | word16 Max_Secret_Len = 48; |
wolfSSL | 7:481bce714567 | 3839 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 3840 | word16 offset_len = 0; |
wolfSSL | 7:481bce714567 | 3841 | word32 offset_pk = 0; |
wolfSSL | 7:481bce714567 | 3842 | word16 name = 0; |
wolfSSL | 7:481bce714567 | 3843 | word16 secretLen = 0; |
wolfSSL | 7:481bce714567 | 3844 | byte* secret = NULL; |
wolfSSL | 7:481bce714567 | 3845 | word16 buffLen = 0; |
wolfSSL | 7:481bce714567 | 3846 | byte buff[145]; /* size enough for 3 secrets */ |
wolfSSL | 7:481bce714567 | 3847 | buffer* buf; |
wolfSSL | 7:481bce714567 | 3848 | |
wolfSSL | 7:481bce714567 | 3849 | /* pointer to location where secret should be stored */ |
wolfSSL | 7:481bce714567 | 3850 | if (isServer) { |
wolfSSL | 7:481bce714567 | 3851 | buf = ssl->QSH_secret->CliSi; |
wolfSSL | 7:481bce714567 | 3852 | } |
wolfSSL | 7:481bce714567 | 3853 | else { |
wolfSSL | 7:481bce714567 | 3854 | buf = ssl->QSH_secret->SerSi; |
wolfSSL | 7:481bce714567 | 3855 | } |
wolfSSL | 7:481bce714567 | 3856 | |
wolfSSL | 7:481bce714567 | 3857 | offset_pk = ((input[offset_len] << 16) & 0xFF0000) | |
wolfSSL | 7:481bce714567 | 3858 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 7:481bce714567 | 3859 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 7:481bce714567 | 3860 | offset_len += OPAQUE24_LEN; |
wolfSSL | 7:481bce714567 | 3861 | |
wolfSSL | 7:481bce714567 | 3862 | /* validating extension list length -- check if trying to read over edge |
wolfSSL | 7:481bce714567 | 3863 | of buffer */ |
wolfSSL | 7:481bce714567 | 3864 | if (length < (offset_pk + OPAQUE24_LEN)) { |
wolfSSL | 7:481bce714567 | 3865 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 3866 | } |
wolfSSL | 7:481bce714567 | 3867 | |
wolfSSL | 7:481bce714567 | 3868 | /* QSHCipherList struct */ |
wolfSSL | 7:481bce714567 | 3869 | offset_pk += offset_len; |
wolfSSL | 7:481bce714567 | 3870 | while (offset_len < offset_pk) { |
wolfSSL | 7:481bce714567 | 3871 | |
wolfSSL | 7:481bce714567 | 3872 | /* scheme id */ |
wolfSSL | 7:481bce714567 | 3873 | ato16(input + offset_len, &name); |
wolfSSL | 7:481bce714567 | 3874 | offset_len += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3875 | |
wolfSSL | 7:481bce714567 | 3876 | /* public key length */ |
wolfSSL | 7:481bce714567 | 3877 | ato16(input + offset_len, &secretLen); |
wolfSSL | 7:481bce714567 | 3878 | offset_len += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 3879 | |
wolfSSL | 7:481bce714567 | 3880 | /* read in public key */ |
wolfSSL | 7:481bce714567 | 3881 | if (secretLen > 0) { |
wolfSSL | 7:481bce714567 | 3882 | secret = (byte*)(input + offset_len); |
wolfSSL | 7:481bce714567 | 3883 | offset_len += secretLen; |
wolfSSL | 7:481bce714567 | 3884 | } |
wolfSSL | 7:481bce714567 | 3885 | else { |
wolfSSL | 7:481bce714567 | 3886 | secret = NULL; |
wolfSSL | 7:481bce714567 | 3887 | } |
wolfSSL | 7:481bce714567 | 3888 | |
wolfSSL | 7:481bce714567 | 3889 | /* no secret sent */ |
wolfSSL | 7:481bce714567 | 3890 | if (secret == NULL) |
wolfSSL | 7:481bce714567 | 3891 | continue; |
wolfSSL | 7:481bce714567 | 3892 | |
wolfSSL | 7:481bce714567 | 3893 | /* find corresponding key */ |
wolfSSL | 7:481bce714567 | 3894 | key = ssl->QSH_Key; |
wolfSSL | 7:481bce714567 | 3895 | while (key) { |
wolfSSL | 7:481bce714567 | 3896 | if (key->name == name) |
wolfSSL | 7:481bce714567 | 3897 | break; |
wolfSSL | 7:481bce714567 | 3898 | else |
wolfSSL | 7:481bce714567 | 3899 | key = (QSHKey*)key->next; |
wolfSSL | 7:481bce714567 | 3900 | } |
wolfSSL | 7:481bce714567 | 3901 | |
wolfSSL | 7:481bce714567 | 3902 | /* if we do not have the key than there was a big issue negotiation */ |
wolfSSL | 7:481bce714567 | 3903 | if (key == NULL) { |
wolfSSL | 7:481bce714567 | 3904 | WOLFSSL_MSG("key was null for decryption!!!\n"); |
wolfSSL | 7:481bce714567 | 3905 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3906 | } |
wolfSSL | 7:481bce714567 | 3907 | |
wolfSSL | 7:481bce714567 | 3908 | /* Decrypt sent secret */ |
wolfSSL | 7:481bce714567 | 3909 | buffLen = Max_Secret_Len; |
wolfSSL | 7:481bce714567 | 3910 | QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen); |
wolfSSL | 7:481bce714567 | 3911 | offset += buffLen; |
wolfSSL | 7:481bce714567 | 3912 | } |
wolfSSL | 7:481bce714567 | 3913 | |
wolfSSL | 7:481bce714567 | 3914 | /* allocate memory for buffer */ |
wolfSSL | 7:481bce714567 | 3915 | buf->length = offset; |
wolfSSL | 7:481bce714567 | 3916 | buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 7:481bce714567 | 3917 | if (buf->buffer == NULL) |
wolfSSL | 7:481bce714567 | 3918 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 3919 | |
wolfSSL | 7:481bce714567 | 3920 | /* store secrets */ |
wolfSSL | 7:481bce714567 | 3921 | XMEMCPY(buf->buffer, buff, offset); |
wolfSSL | 7:481bce714567 | 3922 | ForceZero(buff, offset); |
wolfSSL | 7:481bce714567 | 3923 | |
wolfSSL | 7:481bce714567 | 3924 | return offset_len; |
wolfSSL | 7:481bce714567 | 3925 | } |
wolfSSL | 7:481bce714567 | 3926 | |
wolfSSL | 7:481bce714567 | 3927 | |
wolfSSL | 7:481bce714567 | 3928 | /* return 1 on success */ |
wolfSSL | 7:481bce714567 | 3929 | int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) { |
wolfSSL | 7:481bce714567 | 3930 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 3931 | QSHScheme* format = NULL; |
wolfSSL | 7:481bce714567 | 3932 | |
wolfSSL | 7:481bce714567 | 3933 | /* if no extension is sent then do not use QSH */ |
wolfSSL | 7:481bce714567 | 3934 | if (!extension) { |
wolfSSL | 7:481bce714567 | 3935 | WOLFSSL_MSG("No QSH Extension"); |
wolfSSL | 7:481bce714567 | 3936 | return 0; |
wolfSSL | 7:481bce714567 | 3937 | } |
wolfSSL | 7:481bce714567 | 3938 | |
wolfSSL | 7:481bce714567 | 3939 | for (format = (QSHScheme*)extension->data; format; format = format->next) { |
wolfSSL | 7:481bce714567 | 3940 | if (format->name == theirs) { |
wolfSSL | 7:481bce714567 | 3941 | WOLFSSL_MSG("Found Matching QSH Scheme"); |
wolfSSL | 7:481bce714567 | 3942 | return 1; /* have QSH */ |
wolfSSL | 7:481bce714567 | 3943 | } |
wolfSSL | 7:481bce714567 | 3944 | } |
wolfSSL | 7:481bce714567 | 3945 | |
wolfSSL | 7:481bce714567 | 3946 | return 0; |
wolfSSL | 7:481bce714567 | 3947 | } |
wolfSSL | 7:481bce714567 | 3948 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 3949 | |
wolfSSL | 7:481bce714567 | 3950 | /* test if the QSH Scheme is implemented |
wolfSSL | 7:481bce714567 | 3951 | return 1 if yes 0 if no */ |
wolfSSL | 7:481bce714567 | 3952 | static int TLSX_HaveQSHScheme(word16 name) |
wolfSSL | 7:481bce714567 | 3953 | { |
wolfSSL | 7:481bce714567 | 3954 | switch(name) { |
wolfSSL | 7:481bce714567 | 3955 | #ifdef HAVE_NTRU |
wolfSSL | 7:481bce714567 | 3956 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 7:481bce714567 | 3957 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 7:481bce714567 | 3958 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 7:481bce714567 | 3959 | return 1; |
wolfSSL | 7:481bce714567 | 3960 | #endif |
wolfSSL | 7:481bce714567 | 3961 | case WOLFSSL_LWE_XXX: |
wolfSSL | 7:481bce714567 | 3962 | case WOLFSSL_HFE_XXX: |
wolfSSL | 7:481bce714567 | 3963 | return 0; /* not supported yet */ |
wolfSSL | 7:481bce714567 | 3964 | |
wolfSSL | 7:481bce714567 | 3965 | default: |
wolfSSL | 7:481bce714567 | 3966 | return 0; |
wolfSSL | 7:481bce714567 | 3967 | } |
wolfSSL | 7:481bce714567 | 3968 | } |
wolfSSL | 7:481bce714567 | 3969 | |
wolfSSL | 7:481bce714567 | 3970 | |
wolfSSL | 7:481bce714567 | 3971 | /* Add a QSHScheme struct to list of usable ones */ |
wolfSSL | 7:481bce714567 | 3972 | int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz, |
wolfSSL | 7:481bce714567 | 3973 | void* heap) |
wolfSSL | 7:481bce714567 | 3974 | { |
wolfSSL | 7:481bce714567 | 3975 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 3976 | QSHScheme* format = NULL; |
wolfSSL | 7:481bce714567 | 3977 | int ret = 0; |
wolfSSL | 7:481bce714567 | 3978 | |
wolfSSL | 7:481bce714567 | 3979 | /* sanity check */ |
wolfSSL | 7:481bce714567 | 3980 | if (extensions == NULL || (pKey == NULL && pkeySz != 0)) |
wolfSSL | 7:481bce714567 | 3981 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 3982 | |
wolfSSL | 7:481bce714567 | 3983 | /* if scheme is implemented than add */ |
wolfSSL | 7:481bce714567 | 3984 | if (TLSX_HaveQSHScheme(name)) { |
wolfSSL | 7:481bce714567 | 3985 | if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0) |
wolfSSL | 7:481bce714567 | 3986 | return ret; |
wolfSSL | 7:481bce714567 | 3987 | |
wolfSSL | 7:481bce714567 | 3988 | if (!extension) { |
wolfSSL | 7:481bce714567 | 3989 | if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format, |
wolfSSL | 7:481bce714567 | 3990 | heap)) != 0) { |
wolfSSL | 7:481bce714567 | 3991 | XFREE(format, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 3992 | return ret; |
wolfSSL | 7:481bce714567 | 3993 | } |
wolfSSL | 7:481bce714567 | 3994 | } |
wolfSSL | 7:481bce714567 | 3995 | else { |
wolfSSL | 7:481bce714567 | 3996 | /* push new QSH object to extension data. */ |
wolfSSL | 7:481bce714567 | 3997 | format->next = (QSHScheme*)extension->data; |
wolfSSL | 7:481bce714567 | 3998 | extension->data = (void*)format; |
wolfSSL | 7:481bce714567 | 3999 | |
wolfSSL | 7:481bce714567 | 4000 | /* look for another format of the same name to remove (replacement) */ |
wolfSSL | 7:481bce714567 | 4001 | do { |
wolfSSL | 7:481bce714567 | 4002 | if (format->next && (format->next->name == name)) { |
wolfSSL | 7:481bce714567 | 4003 | QSHScheme* next = format->next; |
wolfSSL | 7:481bce714567 | 4004 | |
wolfSSL | 7:481bce714567 | 4005 | format->next = next->next; |
wolfSSL | 7:481bce714567 | 4006 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 4007 | |
wolfSSL | 7:481bce714567 | 4008 | break; |
wolfSSL | 7:481bce714567 | 4009 | } |
wolfSSL | 7:481bce714567 | 4010 | } while ((format = format->next)); |
wolfSSL | 7:481bce714567 | 4011 | } |
wolfSSL | 7:481bce714567 | 4012 | } |
wolfSSL | 7:481bce714567 | 4013 | return SSL_SUCCESS; |
wolfSSL | 7:481bce714567 | 4014 | } |
wolfSSL | 7:481bce714567 | 4015 | |
wolfSSL | 7:481bce714567 | 4016 | #define QSH_FREE_ALL TLSX_QSH_FreeAll |
wolfSSL | 7:481bce714567 | 4017 | #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest |
wolfSSL | 7:481bce714567 | 4018 | |
wolfSSL | 7:481bce714567 | 4019 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 4020 | #define QSH_GET_SIZE TLSX_QSH_GetSize |
wolfSSL | 7:481bce714567 | 4021 | #define QSH_WRITE TLSX_QSH_Write |
wolfSSL | 7:481bce714567 | 4022 | #else |
wolfSSL | 7:481bce714567 | 4023 | #define QSH_GET_SIZE(list) 0 |
wolfSSL | 7:481bce714567 | 4024 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 4025 | #endif |
wolfSSL | 7:481bce714567 | 4026 | |
wolfSSL | 7:481bce714567 | 4027 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 4028 | #define QSH_PARSE TLSX_QSH_Parse |
wolfSSL | 7:481bce714567 | 4029 | #else |
wolfSSL | 7:481bce714567 | 4030 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 4031 | #endif |
wolfSSL | 7:481bce714567 | 4032 | |
wolfSSL | 7:481bce714567 | 4033 | #define QSHPK_WRITE TLSX_QSHPK_Write |
wolfSSL | 7:481bce714567 | 4034 | #define QSH_SERREQ TLSX_QSH_SerPKReq |
wolfSSL | 7:481bce714567 | 4035 | #else |
wolfSSL | 7:481bce714567 | 4036 | |
wolfSSL | 7:481bce714567 | 4037 | #define QSH_FREE_ALL(list, heap) |
wolfSSL | 7:481bce714567 | 4038 | #define QSH_GET_SIZE(list, a) 0 |
wolfSSL | 7:481bce714567 | 4039 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 4040 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 7:481bce714567 | 4041 | #define QSHPK_WRITE(a, b) 0 |
wolfSSL | 7:481bce714567 | 4042 | #define QSH_SERREQ(a, b) 0 |
wolfSSL | 7:481bce714567 | 4043 | #define QSH_VALIDATE_REQUEST(a, b) |
wolfSSL | 7:481bce714567 | 4044 | |
wolfSSL | 7:481bce714567 | 4045 | #endif /* HAVE_QSH */ |
wolfSSL | 7:481bce714567 | 4046 | |
wolfSSL | 7:481bce714567 | 4047 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 4048 | /* TLS Extensions Framework */ |
wolfSSL | 7:481bce714567 | 4049 | /******************************************************************************/ |
wolfSSL | 7:481bce714567 | 4050 | |
wolfSSL | 7:481bce714567 | 4051 | /** Finds an extension in the provided list. */ |
wolfSSL | 7:481bce714567 | 4052 | TLSX* TLSX_Find(TLSX* list, TLSX_Type type) |
wolfSSL | 7:481bce714567 | 4053 | { |
wolfSSL | 7:481bce714567 | 4054 | TLSX* extension = list; |
wolfSSL | 7:481bce714567 | 4055 | |
wolfSSL | 7:481bce714567 | 4056 | while (extension && extension->type != type) |
wolfSSL | 7:481bce714567 | 4057 | extension = extension->next; |
wolfSSL | 7:481bce714567 | 4058 | |
wolfSSL | 7:481bce714567 | 4059 | return extension; |
wolfSSL | 7:481bce714567 | 4060 | } |
wolfSSL | 7:481bce714567 | 4061 | |
wolfSSL | 7:481bce714567 | 4062 | /** Releases all extensions in the provided list. */ |
wolfSSL | 7:481bce714567 | 4063 | void TLSX_FreeAll(TLSX* list, void* heap) |
wolfSSL | 7:481bce714567 | 4064 | { |
wolfSSL | 7:481bce714567 | 4065 | TLSX* extension; |
wolfSSL | 7:481bce714567 | 4066 | |
wolfSSL | 7:481bce714567 | 4067 | while ((extension = list)) { |
wolfSSL | 7:481bce714567 | 4068 | list = extension->next; |
wolfSSL | 7:481bce714567 | 4069 | |
wolfSSL | 7:481bce714567 | 4070 | switch (extension->type) { |
wolfSSL | 7:481bce714567 | 4071 | |
wolfSSL | 7:481bce714567 | 4072 | case TLSX_SERVER_NAME: |
wolfSSL | 7:481bce714567 | 4073 | SNI_FREE_ALL((SNI*)extension->data, heap); |
wolfSSL | 7:481bce714567 | 4074 | break; |
wolfSSL | 7:481bce714567 | 4075 | |
wolfSSL | 7:481bce714567 | 4076 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 7:481bce714567 | 4077 | MFL_FREE_ALL(extension->data, heap); |
wolfSSL | 7:481bce714567 | 4078 | break; |
wolfSSL | 7:481bce714567 | 4079 | |
wolfSSL | 7:481bce714567 | 4080 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 7:481bce714567 | 4081 | /* Nothing to do. */ |
wolfSSL | 7:481bce714567 | 4082 | break; |
wolfSSL | 7:481bce714567 | 4083 | |
wolfSSL | 7:481bce714567 | 4084 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 7:481bce714567 | 4085 | EC_FREE_ALL((EllipticCurve*)extension->data, heap); |
wolfSSL | 7:481bce714567 | 4086 | break; |
wolfSSL | 7:481bce714567 | 4087 | |
wolfSSL | 7:481bce714567 | 4088 | case TLSX_STATUS_REQUEST: |
wolfSSL | 7:481bce714567 | 4089 | CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap); |
wolfSSL | 7:481bce714567 | 4090 | break; |
wolfSSL | 7:481bce714567 | 4091 | |
wolfSSL | 7:481bce714567 | 4092 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 7:481bce714567 | 4093 | CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 7:481bce714567 | 4094 | heap); |
wolfSSL | 7:481bce714567 | 4095 | break; |
wolfSSL | 7:481bce714567 | 4096 | |
wolfSSL | 7:481bce714567 | 4097 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 7:481bce714567 | 4098 | SCR_FREE_ALL(extension->data, heap); |
wolfSSL | 7:481bce714567 | 4099 | break; |
wolfSSL | 7:481bce714567 | 4100 | |
wolfSSL | 7:481bce714567 | 4101 | case TLSX_SESSION_TICKET: |
wolfSSL | 7:481bce714567 | 4102 | STK_FREE(extension->data, heap); |
wolfSSL | 7:481bce714567 | 4103 | break; |
wolfSSL | 7:481bce714567 | 4104 | |
wolfSSL | 7:481bce714567 | 4105 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 7:481bce714567 | 4106 | QSH_FREE_ALL((QSHScheme*)extension->data, heap); |
wolfSSL | 7:481bce714567 | 4107 | break; |
wolfSSL | 7:481bce714567 | 4108 | |
wolfSSL | 7:481bce714567 | 4109 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 7:481bce714567 | 4110 | ALPN_FREE_ALL((ALPN*)extension->data, heap); |
wolfSSL | 7:481bce714567 | 4111 | break; |
wolfSSL | 7:481bce714567 | 4112 | } |
wolfSSL | 7:481bce714567 | 4113 | |
wolfSSL | 7:481bce714567 | 4114 | XFREE(extension, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 7:481bce714567 | 4115 | } |
wolfSSL | 7:481bce714567 | 4116 | |
wolfSSL | 7:481bce714567 | 4117 | (void)heap; |
wolfSSL | 7:481bce714567 | 4118 | } |
wolfSSL | 7:481bce714567 | 4119 | |
wolfSSL | 7:481bce714567 | 4120 | /** Checks if the tls extensions are supported based on the protocol version. */ |
wolfSSL | 7:481bce714567 | 4121 | int TLSX_SupportExtensions(WOLFSSL* ssl) { |
wolfSSL | 7:481bce714567 | 4122 | return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); |
wolfSSL | 7:481bce714567 | 4123 | } |
wolfSSL | 7:481bce714567 | 4124 | |
wolfSSL | 7:481bce714567 | 4125 | /** Tells the buffered size of the extensions in a list. */ |
wolfSSL | 7:481bce714567 | 4126 | static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) |
wolfSSL | 7:481bce714567 | 4127 | { |
wolfSSL | 7:481bce714567 | 4128 | TLSX* extension; |
wolfSSL | 7:481bce714567 | 4129 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 4130 | |
wolfSSL | 7:481bce714567 | 4131 | while ((extension = list)) { |
wolfSSL | 7:481bce714567 | 4132 | list = extension->next; |
wolfSSL | 7:481bce714567 | 4133 | |
wolfSSL | 7:481bce714567 | 4134 | /* only extensions marked as response are sent back to the client. */ |
wolfSSL | 7:481bce714567 | 4135 | if (!isRequest && !extension->resp) |
wolfSSL | 7:481bce714567 | 4136 | continue; /* skip! */ |
wolfSSL | 7:481bce714567 | 4137 | |
wolfSSL | 7:481bce714567 | 4138 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 7:481bce714567 | 4139 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 7:481bce714567 | 4140 | continue; /* skip! */ |
wolfSSL | 7:481bce714567 | 4141 | |
wolfSSL | 7:481bce714567 | 4142 | /* extension type + extension data length. */ |
wolfSSL | 7:481bce714567 | 4143 | length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 4144 | |
wolfSSL | 7:481bce714567 | 4145 | |
wolfSSL | 7:481bce714567 | 4146 | switch (extension->type) { |
wolfSSL | 7:481bce714567 | 4147 | |
wolfSSL | 7:481bce714567 | 4148 | case TLSX_SERVER_NAME: |
wolfSSL | 7:481bce714567 | 4149 | /* SNI only sends the name on the request. */ |
wolfSSL | 7:481bce714567 | 4150 | if (isRequest) |
wolfSSL | 7:481bce714567 | 4151 | length += SNI_GET_SIZE((SNI*)extension->data); |
wolfSSL | 7:481bce714567 | 4152 | break; |
wolfSSL | 7:481bce714567 | 4153 | |
wolfSSL | 7:481bce714567 | 4154 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 7:481bce714567 | 4155 | length += MFL_GET_SIZE(extension->data); |
wolfSSL | 7:481bce714567 | 4156 | break; |
wolfSSL | 7:481bce714567 | 4157 | |
wolfSSL | 7:481bce714567 | 4158 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 7:481bce714567 | 4159 | /* always empty. */ |
wolfSSL | 7:481bce714567 | 4160 | break; |
wolfSSL | 7:481bce714567 | 4161 | |
wolfSSL | 7:481bce714567 | 4162 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 7:481bce714567 | 4163 | length += EC_GET_SIZE((EllipticCurve*)extension->data); |
wolfSSL | 7:481bce714567 | 4164 | break; |
wolfSSL | 7:481bce714567 | 4165 | |
wolfSSL | 7:481bce714567 | 4166 | case TLSX_STATUS_REQUEST: |
wolfSSL | 7:481bce714567 | 4167 | length += CSR_GET_SIZE( |
wolfSSL | 7:481bce714567 | 4168 | (CertificateStatusRequest*)extension->data, isRequest); |
wolfSSL | 7:481bce714567 | 4169 | break; |
wolfSSL | 7:481bce714567 | 4170 | |
wolfSSL | 7:481bce714567 | 4171 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 7:481bce714567 | 4172 | length += CSR2_GET_SIZE( |
wolfSSL | 7:481bce714567 | 4173 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 7:481bce714567 | 4174 | isRequest); |
wolfSSL | 7:481bce714567 | 4175 | break; |
wolfSSL | 7:481bce714567 | 4176 | |
wolfSSL | 7:481bce714567 | 4177 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 7:481bce714567 | 4178 | length += SCR_GET_SIZE((SecureRenegotiation*)extension->data, |
wolfSSL | 7:481bce714567 | 4179 | isRequest); |
wolfSSL | 7:481bce714567 | 4180 | break; |
wolfSSL | 7:481bce714567 | 4181 | |
wolfSSL | 7:481bce714567 | 4182 | case TLSX_SESSION_TICKET: |
wolfSSL | 7:481bce714567 | 4183 | length += STK_GET_SIZE((SessionTicket*)extension->data, |
wolfSSL | 7:481bce714567 | 4184 | isRequest); |
wolfSSL | 7:481bce714567 | 4185 | break; |
wolfSSL | 7:481bce714567 | 4186 | |
wolfSSL | 7:481bce714567 | 4187 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 7:481bce714567 | 4188 | length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest); |
wolfSSL | 7:481bce714567 | 4189 | break; |
wolfSSL | 7:481bce714567 | 4190 | |
wolfSSL | 7:481bce714567 | 4191 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 7:481bce714567 | 4192 | length += ALPN_GET_SIZE((ALPN*)extension->data); |
wolfSSL | 7:481bce714567 | 4193 | break; |
wolfSSL | 7:481bce714567 | 4194 | |
wolfSSL | 7:481bce714567 | 4195 | } |
wolfSSL | 7:481bce714567 | 4196 | |
wolfSSL | 7:481bce714567 | 4197 | /* marks the extension as processed so ctx level */ |
wolfSSL | 7:481bce714567 | 4198 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 7:481bce714567 | 4199 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 7:481bce714567 | 4200 | } |
wolfSSL | 7:481bce714567 | 4201 | |
wolfSSL | 7:481bce714567 | 4202 | return length; |
wolfSSL | 7:481bce714567 | 4203 | } |
wolfSSL | 7:481bce714567 | 4204 | |
wolfSSL | 7:481bce714567 | 4205 | /** Writes the extensions of a list in a buffer. */ |
wolfSSL | 7:481bce714567 | 4206 | static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, |
wolfSSL | 7:481bce714567 | 4207 | byte isRequest) |
wolfSSL | 7:481bce714567 | 4208 | { |
wolfSSL | 7:481bce714567 | 4209 | TLSX* extension; |
wolfSSL | 7:481bce714567 | 4210 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 4211 | word16 length_offset = 0; |
wolfSSL | 7:481bce714567 | 4212 | |
wolfSSL | 7:481bce714567 | 4213 | while ((extension = list)) { |
wolfSSL | 7:481bce714567 | 4214 | list = extension->next; |
wolfSSL | 7:481bce714567 | 4215 | |
wolfSSL | 7:481bce714567 | 4216 | /* only extensions marked as response are written in a response. */ |
wolfSSL | 7:481bce714567 | 4217 | if (!isRequest && !extension->resp) |
wolfSSL | 7:481bce714567 | 4218 | continue; /* skip! */ |
wolfSSL | 7:481bce714567 | 4219 | |
wolfSSL | 7:481bce714567 | 4220 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 7:481bce714567 | 4221 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 7:481bce714567 | 4222 | continue; /* skip! */ |
wolfSSL | 7:481bce714567 | 4223 | |
wolfSSL | 7:481bce714567 | 4224 | /* writes extension type. */ |
wolfSSL | 7:481bce714567 | 4225 | c16toa(extension->type, output + offset); |
wolfSSL | 7:481bce714567 | 4226 | offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 4227 | length_offset = offset; |
wolfSSL | 7:481bce714567 | 4228 | |
wolfSSL | 7:481bce714567 | 4229 | /* extension data should be written internally. */ |
wolfSSL | 7:481bce714567 | 4230 | switch (extension->type) { |
wolfSSL | 7:481bce714567 | 4231 | case TLSX_SERVER_NAME: |
wolfSSL | 7:481bce714567 | 4232 | if (isRequest) |
wolfSSL | 7:481bce714567 | 4233 | offset += SNI_WRITE((SNI*)extension->data, output + offset); |
wolfSSL | 7:481bce714567 | 4234 | break; |
wolfSSL | 7:481bce714567 | 4235 | |
wolfSSL | 7:481bce714567 | 4236 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 7:481bce714567 | 4237 | offset += MFL_WRITE((byte*)extension->data, output + offset); |
wolfSSL | 7:481bce714567 | 4238 | break; |
wolfSSL | 7:481bce714567 | 4239 | |
wolfSSL | 7:481bce714567 | 4240 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 7:481bce714567 | 4241 | /* always empty. */ |
wolfSSL | 7:481bce714567 | 4242 | break; |
wolfSSL | 7:481bce714567 | 4243 | |
wolfSSL | 7:481bce714567 | 4244 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 7:481bce714567 | 4245 | offset += EC_WRITE((EllipticCurve*)extension->data, |
wolfSSL | 7:481bce714567 | 4246 | output + offset); |
wolfSSL | 7:481bce714567 | 4247 | break; |
wolfSSL | 7:481bce714567 | 4248 | |
wolfSSL | 7:481bce714567 | 4249 | case TLSX_STATUS_REQUEST: |
wolfSSL | 7:481bce714567 | 4250 | offset += CSR_WRITE((CertificateStatusRequest*)extension->data, |
wolfSSL | 7:481bce714567 | 4251 | output + offset, isRequest); |
wolfSSL | 7:481bce714567 | 4252 | break; |
wolfSSL | 7:481bce714567 | 4253 | |
wolfSSL | 7:481bce714567 | 4254 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 7:481bce714567 | 4255 | offset += CSR2_WRITE( |
wolfSSL | 7:481bce714567 | 4256 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 7:481bce714567 | 4257 | output + offset, isRequest); |
wolfSSL | 7:481bce714567 | 4258 | break; |
wolfSSL | 7:481bce714567 | 4259 | |
wolfSSL | 7:481bce714567 | 4260 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 7:481bce714567 | 4261 | offset += SCR_WRITE((SecureRenegotiation*)extension->data, |
wolfSSL | 7:481bce714567 | 4262 | output + offset, isRequest); |
wolfSSL | 7:481bce714567 | 4263 | break; |
wolfSSL | 7:481bce714567 | 4264 | |
wolfSSL | 7:481bce714567 | 4265 | case TLSX_SESSION_TICKET: |
wolfSSL | 7:481bce714567 | 4266 | offset += STK_WRITE((SessionTicket*)extension->data, |
wolfSSL | 7:481bce714567 | 4267 | output + offset, isRequest); |
wolfSSL | 7:481bce714567 | 4268 | break; |
wolfSSL | 7:481bce714567 | 4269 | |
wolfSSL | 7:481bce714567 | 4270 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 7:481bce714567 | 4271 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 4272 | offset += QSH_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 7:481bce714567 | 4273 | } |
wolfSSL | 7:481bce714567 | 4274 | offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 7:481bce714567 | 4275 | offset += QSH_SERREQ(output + offset, isRequest); |
wolfSSL | 7:481bce714567 | 4276 | break; |
wolfSSL | 7:481bce714567 | 4277 | |
wolfSSL | 7:481bce714567 | 4278 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 7:481bce714567 | 4279 | offset += ALPN_WRITE((ALPN*)extension->data, output + offset); |
wolfSSL | 7:481bce714567 | 4280 | break; |
wolfSSL | 7:481bce714567 | 4281 | } |
wolfSSL | 7:481bce714567 | 4282 | |
wolfSSL | 7:481bce714567 | 4283 | /* writes extension data length. */ |
wolfSSL | 7:481bce714567 | 4284 | c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN); |
wolfSSL | 7:481bce714567 | 4285 | |
wolfSSL | 7:481bce714567 | 4286 | /* marks the extension as processed so ctx level */ |
wolfSSL | 7:481bce714567 | 4287 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 7:481bce714567 | 4288 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 7:481bce714567 | 4289 | } |
wolfSSL | 7:481bce714567 | 4290 | |
wolfSSL | 7:481bce714567 | 4291 | return offset; |
wolfSSL | 7:481bce714567 | 4292 | } |
wolfSSL | 7:481bce714567 | 4293 | |
wolfSSL | 7:481bce714567 | 4294 | |
wolfSSL | 7:481bce714567 | 4295 | #ifdef HAVE_NTRU |
wolfSSL | 7:481bce714567 | 4296 | |
wolfSSL | 7:481bce714567 | 4297 | static word32 GetEntropy(unsigned char* out, word32 num_bytes) |
wolfSSL | 7:481bce714567 | 4298 | { |
wolfSSL | 7:481bce714567 | 4299 | int ret = 0; |
wolfSSL | 7:481bce714567 | 4300 | |
wolfSSL | 7:481bce714567 | 4301 | if (rng == NULL) { |
wolfSSL | 7:481bce714567 | 4302 | if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, |
wolfSSL | 7:481bce714567 | 4303 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 4304 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 7:481bce714567 | 4305 | wc_InitRng(rng); |
wolfSSL | 7:481bce714567 | 4306 | } |
wolfSSL | 7:481bce714567 | 4307 | |
wolfSSL | 7:481bce714567 | 4308 | if (rngMutex == NULL) { |
wolfSSL | 7:481bce714567 | 4309 | if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, |
wolfSSL | 7:481bce714567 | 4310 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 4311 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 7:481bce714567 | 4312 | wc_InitMutex(rngMutex); |
wolfSSL | 7:481bce714567 | 4313 | } |
wolfSSL | 7:481bce714567 | 4314 | |
wolfSSL | 7:481bce714567 | 4315 | ret |= wc_LockMutex(rngMutex); |
wolfSSL | 7:481bce714567 | 4316 | ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); |
wolfSSL | 7:481bce714567 | 4317 | ret |= wc_UnLockMutex(rngMutex); |
wolfSSL | 7:481bce714567 | 4318 | |
wolfSSL | 7:481bce714567 | 4319 | if (ret != 0) |
wolfSSL | 7:481bce714567 | 4320 | return DRBG_ENTROPY_FAIL; |
wolfSSL | 7:481bce714567 | 4321 | |
wolfSSL | 7:481bce714567 | 4322 | return DRBG_OK; |
wolfSSL | 7:481bce714567 | 4323 | } |
wolfSSL | 7:481bce714567 | 4324 | #endif |
wolfSSL | 7:481bce714567 | 4325 | |
wolfSSL | 7:481bce714567 | 4326 | |
wolfSSL | 7:481bce714567 | 4327 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 4328 | static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type) |
wolfSSL | 7:481bce714567 | 4329 | { |
wolfSSL | 7:481bce714567 | 4330 | int ret; |
wolfSSL | 7:481bce714567 | 4331 | |
wolfSSL | 7:481bce714567 | 4332 | switch (type) { |
wolfSSL | 7:481bce714567 | 4333 | #ifdef HAVE_NTRU |
wolfSSL | 7:481bce714567 | 4334 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 7:481bce714567 | 4335 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 7:481bce714567 | 4336 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 7:481bce714567 | 4337 | ret = TLSX_CreateNtruKey(ssl, type); |
wolfSSL | 7:481bce714567 | 4338 | break; |
wolfSSL | 7:481bce714567 | 4339 | #endif |
wolfSSL | 7:481bce714567 | 4340 | default: |
wolfSSL | 7:481bce714567 | 4341 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 7:481bce714567 | 4342 | return -1; |
wolfSSL | 7:481bce714567 | 4343 | } |
wolfSSL | 7:481bce714567 | 4344 | |
wolfSSL | 7:481bce714567 | 4345 | return ret; |
wolfSSL | 7:481bce714567 | 4346 | } |
wolfSSL | 7:481bce714567 | 4347 | |
wolfSSL | 7:481bce714567 | 4348 | |
wolfSSL | 7:481bce714567 | 4349 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) |
wolfSSL | 7:481bce714567 | 4350 | { |
wolfSSL | 7:481bce714567 | 4351 | QSHKey* current; |
wolfSSL | 7:481bce714567 | 4352 | |
wolfSSL | 7:481bce714567 | 4353 | if (key == NULL) |
wolfSSL | 7:481bce714567 | 4354 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 4355 | |
wolfSSL | 7:481bce714567 | 4356 | /* if no public key stored in key then do not add */ |
wolfSSL | 7:481bce714567 | 4357 | if (key->pub.length == 0 || key->pub.buffer == NULL) |
wolfSSL | 7:481bce714567 | 4358 | return 0; |
wolfSSL | 7:481bce714567 | 4359 | |
wolfSSL | 7:481bce714567 | 4360 | /* first element to be added to the list */ |
wolfSSL | 7:481bce714567 | 4361 | current = *list; |
wolfSSL | 7:481bce714567 | 4362 | if (current == NULL) { |
wolfSSL | 7:481bce714567 | 4363 | *list = key; |
wolfSSL | 7:481bce714567 | 4364 | return 0; |
wolfSSL | 7:481bce714567 | 4365 | } |
wolfSSL | 7:481bce714567 | 4366 | |
wolfSSL | 7:481bce714567 | 4367 | while (current->next) { |
wolfSSL | 7:481bce714567 | 4368 | /* can only have one of the key in the list */ |
wolfSSL | 7:481bce714567 | 4369 | if (current->name == key->name) |
wolfSSL | 7:481bce714567 | 4370 | return -1; |
wolfSSL | 7:481bce714567 | 4371 | current = (QSHKey*)current->next; |
wolfSSL | 7:481bce714567 | 4372 | } |
wolfSSL | 7:481bce714567 | 4373 | |
wolfSSL | 7:481bce714567 | 4374 | current->next = (struct QSHKey*)key; |
wolfSSL | 7:481bce714567 | 4375 | |
wolfSSL | 7:481bce714567 | 4376 | return 0; |
wolfSSL | 7:481bce714567 | 4377 | } |
wolfSSL | 7:481bce714567 | 4378 | |
wolfSSL | 7:481bce714567 | 4379 | |
wolfSSL | 7:481bce714567 | 4380 | #ifdef HAVE_NTRU |
wolfSSL | 7:481bce714567 | 4381 | int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) |
wolfSSL | 7:481bce714567 | 4382 | { |
wolfSSL | 7:481bce714567 | 4383 | int ret; |
wolfSSL | 7:481bce714567 | 4384 | int ntruType; |
wolfSSL | 7:481bce714567 | 4385 | |
wolfSSL | 7:481bce714567 | 4386 | /* variable declarations for NTRU*/ |
wolfSSL | 7:481bce714567 | 4387 | QSHKey* temp = NULL; |
wolfSSL | 7:481bce714567 | 4388 | byte public_key[1027]; |
wolfSSL | 7:481bce714567 | 4389 | word16 public_key_len = sizeof(public_key); |
wolfSSL | 7:481bce714567 | 4390 | byte private_key[1120]; |
wolfSSL | 7:481bce714567 | 4391 | word16 private_key_len = sizeof(private_key); |
wolfSSL | 7:481bce714567 | 4392 | DRBG_HANDLE drbg; |
wolfSSL | 7:481bce714567 | 4393 | |
wolfSSL | 7:481bce714567 | 4394 | if (ssl == NULL) |
wolfSSL | 7:481bce714567 | 4395 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 4396 | |
wolfSSL | 7:481bce714567 | 4397 | switch (type) { |
wolfSSL | 7:481bce714567 | 4398 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 7:481bce714567 | 4399 | ntruType = NTRU_EES439EP1; |
wolfSSL | 7:481bce714567 | 4400 | break; |
wolfSSL | 7:481bce714567 | 4401 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 7:481bce714567 | 4402 | ntruType = NTRU_EES593EP1; |
wolfSSL | 7:481bce714567 | 4403 | break; |
wolfSSL | 7:481bce714567 | 4404 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 7:481bce714567 | 4405 | ntruType = NTRU_EES743EP1; |
wolfSSL | 7:481bce714567 | 4406 | break; |
wolfSSL | 7:481bce714567 | 4407 | default: |
wolfSSL | 7:481bce714567 | 4408 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 7:481bce714567 | 4409 | return -1; |
wolfSSL | 7:481bce714567 | 4410 | } |
wolfSSL | 7:481bce714567 | 4411 | ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); |
wolfSSL | 7:481bce714567 | 4412 | if (ret != DRBG_OK) { |
wolfSSL | 7:481bce714567 | 4413 | WOLFSSL_MSG("NTRU drbg instantiate failed\n"); |
wolfSSL | 7:481bce714567 | 4414 | return ret; |
wolfSSL | 7:481bce714567 | 4415 | } |
wolfSSL | 7:481bce714567 | 4416 | |
wolfSSL | 7:481bce714567 | 4417 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 7:481bce714567 | 4418 | &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK) |
wolfSSL | 7:481bce714567 | 4419 | return ret; |
wolfSSL | 7:481bce714567 | 4420 | |
wolfSSL | 7:481bce714567 | 4421 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 7:481bce714567 | 4422 | &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK) |
wolfSSL | 7:481bce714567 | 4423 | return ret; |
wolfSSL | 7:481bce714567 | 4424 | |
wolfSSL | 7:481bce714567 | 4425 | ret = ntru_crypto_drbg_uninstantiate(drbg); |
wolfSSL | 7:481bce714567 | 4426 | if (ret != NTRU_OK) { |
wolfSSL | 7:481bce714567 | 4427 | WOLFSSL_MSG("NTRU drbg uninstantiate failed\n"); |
wolfSSL | 7:481bce714567 | 4428 | return ret; |
wolfSSL | 7:481bce714567 | 4429 | } |
wolfSSL | 7:481bce714567 | 4430 | |
wolfSSL | 7:481bce714567 | 4431 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 7:481bce714567 | 4432 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 7:481bce714567 | 4433 | return MEMORY_E; |
wolfSSL | 7:481bce714567 | 4434 | temp->name = type; |
wolfSSL | 7:481bce714567 | 4435 | temp->pub.length = public_key_len; |
wolfSSL | 7:481bce714567 | 4436 | temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap, |
wolfSSL | 7:481bce714567 | 4437 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 7:481bce714567 | 4438 | XMEMCPY(temp->pub.buffer, public_key, public_key_len); |
wolfSSL | 7:481bce714567 | 4439 | temp->pri.length = private_key_len; |
wolfSSL | 7:481bce714567 | 4440 | temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap, |
wolfSSL | 7:481bce714567 | 4441 | DYNAMIC_TYPE_ARRAYS); |
wolfSSL | 7:481bce714567 | 4442 | XMEMCPY(temp->pri.buffer, private_key, private_key_len); |
wolfSSL | 7:481bce714567 | 4443 | temp->next = NULL; |
wolfSSL | 7:481bce714567 | 4444 | |
wolfSSL | 7:481bce714567 | 4445 | TLSX_AddQSHKey(&ssl->QSH_Key, temp); |
wolfSSL | 7:481bce714567 | 4446 | |
wolfSSL | 7:481bce714567 | 4447 | return ret; |
wolfSSL | 7:481bce714567 | 4448 | } |
wolfSSL | 7:481bce714567 | 4449 | #endif |
wolfSSL | 7:481bce714567 | 4450 | |
wolfSSL | 7:481bce714567 | 4451 | |
wolfSSL | 7:481bce714567 | 4452 | /* |
wolfSSL | 7:481bce714567 | 4453 | Used to find a public key from the list of keys |
wolfSSL | 7:481bce714567 | 4454 | pubLen length of array |
wolfSSL | 7:481bce714567 | 4455 | name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX |
wolfSSL | 7:481bce714567 | 4456 | |
wolfSSL | 7:481bce714567 | 4457 | returns a pointer to public key byte* or NULL if not found |
wolfSSL | 7:481bce714567 | 4458 | */ |
wolfSSL | 7:481bce714567 | 4459 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name) |
wolfSSL | 7:481bce714567 | 4460 | { |
wolfSSL | 7:481bce714567 | 4461 | QSHKey* current = qsh; |
wolfSSL | 7:481bce714567 | 4462 | |
wolfSSL | 7:481bce714567 | 4463 | if (qsh == NULL || pubLen == NULL) |
wolfSSL | 7:481bce714567 | 4464 | return NULL; |
wolfSSL | 7:481bce714567 | 4465 | |
wolfSSL | 7:481bce714567 | 4466 | *pubLen = 0; |
wolfSSL | 7:481bce714567 | 4467 | |
wolfSSL | 7:481bce714567 | 4468 | while(current) { |
wolfSSL | 7:481bce714567 | 4469 | if (current->name == name) { |
wolfSSL | 7:481bce714567 | 4470 | *pubLen = current->pub.length; |
wolfSSL | 7:481bce714567 | 4471 | return current->pub.buffer; |
wolfSSL | 7:481bce714567 | 4472 | } |
wolfSSL | 7:481bce714567 | 4473 | current = (QSHKey*)current->next; |
wolfSSL | 7:481bce714567 | 4474 | } |
wolfSSL | 7:481bce714567 | 4475 | |
wolfSSL | 7:481bce714567 | 4476 | return NULL; |
wolfSSL | 7:481bce714567 | 4477 | } |
wolfSSL | 7:481bce714567 | 4478 | #endif /* HAVE_QSH */ |
wolfSSL | 7:481bce714567 | 4479 | |
wolfSSL | 7:481bce714567 | 4480 | |
wolfSSL | 7:481bce714567 | 4481 | int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) |
wolfSSL | 7:481bce714567 | 4482 | { |
wolfSSL | 7:481bce714567 | 4483 | int ret = 0; |
wolfSSL | 7:481bce714567 | 4484 | byte* public_key = NULL; |
wolfSSL | 7:481bce714567 | 4485 | word16 public_key_len = 0; |
wolfSSL | 7:481bce714567 | 4486 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 4487 | TLSX* extension; |
wolfSSL | 7:481bce714567 | 4488 | QSHScheme* qsh; |
wolfSSL | 7:481bce714567 | 4489 | QSHScheme* next; |
wolfSSL | 7:481bce714567 | 4490 | |
wolfSSL | 7:481bce714567 | 4491 | /* add supported QSHSchemes */ |
wolfSSL | 7:481bce714567 | 4492 | WOLFSSL_MSG("Adding supported QSH Schemes"); |
wolfSSL | 7:481bce714567 | 4493 | #endif |
wolfSSL | 7:481bce714567 | 4494 | |
wolfSSL | 7:481bce714567 | 4495 | /* server will add extension depending on whats parsed from client */ |
wolfSSL | 7:481bce714567 | 4496 | if (!isServer) { |
wolfSSL | 7:481bce714567 | 4497 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 4498 | /* test if user has set a specific scheme already */ |
wolfSSL | 7:481bce714567 | 4499 | if (!ssl->user_set_QSHSchemes) { |
wolfSSL | 7:481bce714567 | 4500 | if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 7:481bce714567 | 4501 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) { |
wolfSSL | 7:481bce714567 | 4502 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 7:481bce714567 | 4503 | return ret; |
wolfSSL | 7:481bce714567 | 4504 | } |
wolfSSL | 7:481bce714567 | 4505 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) { |
wolfSSL | 7:481bce714567 | 4506 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 7:481bce714567 | 4507 | return ret; |
wolfSSL | 7:481bce714567 | 4508 | } |
wolfSSL | 7:481bce714567 | 4509 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) { |
wolfSSL | 7:481bce714567 | 4510 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 7:481bce714567 | 4511 | return ret; |
wolfSSL | 7:481bce714567 | 4512 | } |
wolfSSL | 7:481bce714567 | 4513 | |
wolfSSL | 7:481bce714567 | 4514 | /* add NTRU 256 */ |
wolfSSL | 7:481bce714567 | 4515 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 7:481bce714567 | 4516 | &public_key_len, WOLFSSL_NTRU_EESS743); |
wolfSSL | 7:481bce714567 | 4517 | } |
wolfSSL | 7:481bce714567 | 4518 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743, |
wolfSSL | 7:481bce714567 | 4519 | public_key, public_key_len, ssl->heap) |
wolfSSL | 7:481bce714567 | 4520 | != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 4521 | ret = -1; |
wolfSSL | 7:481bce714567 | 4522 | |
wolfSSL | 7:481bce714567 | 4523 | /* add NTRU 196 */ |
wolfSSL | 7:481bce714567 | 4524 | if (ssl->sendQSHKeys) { |
wolfSSL | 7:481bce714567 | 4525 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 7:481bce714567 | 4526 | &public_key_len, WOLFSSL_NTRU_EESS593); |
wolfSSL | 7:481bce714567 | 4527 | } |
wolfSSL | 7:481bce714567 | 4528 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593, |
wolfSSL | 7:481bce714567 | 4529 | public_key, public_key_len, ssl->heap) |
wolfSSL | 7:481bce714567 | 4530 | != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 4531 | ret = -1; |
wolfSSL | 7:481bce714567 | 4532 | |
wolfSSL | 7:481bce714567 | 4533 | /* add NTRU 128 */ |
wolfSSL | 7:481bce714567 | 4534 | if (ssl->sendQSHKeys) { |
wolfSSL | 7:481bce714567 | 4535 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 7:481bce714567 | 4536 | &public_key_len, WOLFSSL_NTRU_EESS439); |
wolfSSL | 7:481bce714567 | 4537 | } |
wolfSSL | 7:481bce714567 | 4538 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439, |
wolfSSL | 7:481bce714567 | 4539 | public_key, public_key_len, ssl->heap) |
wolfSSL | 7:481bce714567 | 4540 | != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 4541 | ret = -1; |
wolfSSL | 7:481bce714567 | 4542 | } |
wolfSSL | 7:481bce714567 | 4543 | else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 7:481bce714567 | 4544 | /* for each scheme make a client key */ |
wolfSSL | 7:481bce714567 | 4545 | extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 4546 | if (extension) { |
wolfSSL | 7:481bce714567 | 4547 | qsh = (QSHScheme*)extension->data; |
wolfSSL | 7:481bce714567 | 4548 | |
wolfSSL | 7:481bce714567 | 4549 | while (qsh) { |
wolfSSL | 7:481bce714567 | 4550 | if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0) |
wolfSSL | 7:481bce714567 | 4551 | return ret; |
wolfSSL | 7:481bce714567 | 4552 | |
wolfSSL | 7:481bce714567 | 4553 | /* get next now because qsh could be freed */ |
wolfSSL | 7:481bce714567 | 4554 | next = qsh->next; |
wolfSSL | 7:481bce714567 | 4555 | |
wolfSSL | 7:481bce714567 | 4556 | /* find the public key created and add to extension*/ |
wolfSSL | 7:481bce714567 | 4557 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 7:481bce714567 | 4558 | &public_key_len, qsh->name); |
wolfSSL | 7:481bce714567 | 4559 | if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name, |
wolfSSL | 7:481bce714567 | 4560 | public_key, public_key_len, |
wolfSSL | 7:481bce714567 | 4561 | ssl->heap) != SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 4562 | ret = -1; |
wolfSSL | 7:481bce714567 | 4563 | qsh = next; |
wolfSSL | 7:481bce714567 | 4564 | } |
wolfSSL | 7:481bce714567 | 4565 | } |
wolfSSL | 7:481bce714567 | 4566 | } |
wolfSSL | 7:481bce714567 | 4567 | #endif |
wolfSSL | 7:481bce714567 | 4568 | |
wolfSSL | 7:481bce714567 | 4569 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 7:481bce714567 | 4570 | if (!ssl->options.userCurves && !ssl->ctx->userCurves) { |
wolfSSL | 7:481bce714567 | 4571 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4572 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4573 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4574 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4575 | #endif |
wolfSSL | 7:481bce714567 | 4576 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 7:481bce714567 | 4577 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160R2, ssl->heap); |
wolfSSL | 7:481bce714567 | 4578 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4579 | #endif |
wolfSSL | 7:481bce714567 | 4580 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 4581 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP160K1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4582 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4583 | #endif |
wolfSSL | 7:481bce714567 | 4584 | #endif |
wolfSSL | 7:481bce714567 | 4585 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4586 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4587 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4588 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4589 | #endif |
wolfSSL | 7:481bce714567 | 4590 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 4591 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP192K1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4592 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4593 | #endif |
wolfSSL | 7:481bce714567 | 4594 | #endif |
wolfSSL | 7:481bce714567 | 4595 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4596 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4597 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4598 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4599 | #endif |
wolfSSL | 7:481bce714567 | 4600 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 4601 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP224K1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4602 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4603 | #endif |
wolfSSL | 7:481bce714567 | 4604 | #endif |
wolfSSL | 7:481bce714567 | 4605 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4606 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4607 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4608 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4609 | #endif |
wolfSSL | 7:481bce714567 | 4610 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 7:481bce714567 | 4611 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256K1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4612 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4613 | #endif |
wolfSSL | 7:481bce714567 | 4614 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 4615 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4616 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4617 | #endif |
wolfSSL | 7:481bce714567 | 4618 | #endif |
wolfSSL | 7:481bce714567 | 4619 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4620 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4621 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP384R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4622 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4623 | #endif |
wolfSSL | 7:481bce714567 | 4624 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 4625 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4626 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4627 | #endif |
wolfSSL | 7:481bce714567 | 4628 | #endif |
wolfSSL | 7:481bce714567 | 4629 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4630 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 7:481bce714567 | 4631 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4632 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4633 | #endif |
wolfSSL | 7:481bce714567 | 4634 | #endif |
wolfSSL | 7:481bce714567 | 4635 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 7:481bce714567 | 4636 | #ifndef NO_ECC_SECP |
wolfSSL | 7:481bce714567 | 4637 | ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP521R1, ssl->heap); |
wolfSSL | 7:481bce714567 | 4638 | if (ret != SSL_SUCCESS) return ret; |
wolfSSL | 7:481bce714567 | 4639 | #endif |
wolfSSL | 7:481bce714567 | 4640 | #endif |
wolfSSL | 7:481bce714567 | 4641 | } |
wolfSSL | 7:481bce714567 | 4642 | #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 7:481bce714567 | 4643 | } /* is not server */ |
wolfSSL | 7:481bce714567 | 4644 | |
wolfSSL | 7:481bce714567 | 4645 | (void)public_key; |
wolfSSL | 7:481bce714567 | 4646 | (void)public_key_len; |
wolfSSL | 7:481bce714567 | 4647 | (void)ssl; |
wolfSSL | 7:481bce714567 | 4648 | |
wolfSSL | 7:481bce714567 | 4649 | if (ret == SSL_SUCCESS) |
wolfSSL | 7:481bce714567 | 4650 | ret = 0; |
wolfSSL | 7:481bce714567 | 4651 | |
wolfSSL | 7:481bce714567 | 4652 | return ret; |
wolfSSL | 7:481bce714567 | 4653 | } |
wolfSSL | 7:481bce714567 | 4654 | |
wolfSSL | 7:481bce714567 | 4655 | |
wolfSSL | 7:481bce714567 | 4656 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 4657 | |
wolfSSL | 7:481bce714567 | 4658 | /** Tells the buffered size of extensions to be sent into the client hello. */ |
wolfSSL | 7:481bce714567 | 4659 | word16 TLSX_GetRequestSize(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 4660 | { |
wolfSSL | 7:481bce714567 | 4661 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 4662 | |
wolfSSL | 7:481bce714567 | 4663 | if (TLSX_SupportExtensions(ssl)) { |
wolfSSL | 7:481bce714567 | 4664 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 7:481bce714567 | 4665 | |
wolfSSL | 7:481bce714567 | 4666 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 7:481bce714567 | 4667 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 7:481bce714567 | 4668 | STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 7:481bce714567 | 4669 | |
wolfSSL | 7:481bce714567 | 4670 | if (ssl->extensions) |
wolfSSL | 7:481bce714567 | 4671 | length += TLSX_GetSize(ssl->extensions, semaphore, 1); |
wolfSSL | 7:481bce714567 | 4672 | |
wolfSSL | 7:481bce714567 | 4673 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 7:481bce714567 | 4674 | length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1); |
wolfSSL | 7:481bce714567 | 4675 | |
wolfSSL | 7:481bce714567 | 4676 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 7:481bce714567 | 4677 | length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ |
wolfSSL | 7:481bce714567 | 4678 | + ssl->suites->hashSigAlgoSz; |
wolfSSL | 7:481bce714567 | 4679 | |
wolfSSL | 7:481bce714567 | 4680 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4681 | if (ssl->options.haveEMS) |
wolfSSL | 7:481bce714567 | 4682 | length += HELLO_EXT_SZ; |
wolfSSL | 7:481bce714567 | 4683 | #endif |
wolfSSL | 7:481bce714567 | 4684 | } |
wolfSSL | 7:481bce714567 | 4685 | |
wolfSSL | 7:481bce714567 | 4686 | if (length) |
wolfSSL | 7:481bce714567 | 4687 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 7:481bce714567 | 4688 | |
wolfSSL | 7:481bce714567 | 4689 | return length; |
wolfSSL | 7:481bce714567 | 4690 | } |
wolfSSL | 7:481bce714567 | 4691 | |
wolfSSL | 7:481bce714567 | 4692 | /** Writes the extensions to be sent into the client hello. */ |
wolfSSL | 7:481bce714567 | 4693 | word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output) |
wolfSSL | 7:481bce714567 | 4694 | { |
wolfSSL | 7:481bce714567 | 4695 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 4696 | |
wolfSSL | 7:481bce714567 | 4697 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 7:481bce714567 | 4698 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 7:481bce714567 | 4699 | |
wolfSSL | 7:481bce714567 | 4700 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 7:481bce714567 | 4701 | |
wolfSSL | 7:481bce714567 | 4702 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 7:481bce714567 | 4703 | STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 7:481bce714567 | 4704 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 7:481bce714567 | 4705 | |
wolfSSL | 7:481bce714567 | 4706 | if (ssl->extensions) |
wolfSSL | 7:481bce714567 | 4707 | offset += TLSX_Write(ssl->extensions, output + offset, |
wolfSSL | 7:481bce714567 | 4708 | semaphore, 1); |
wolfSSL | 7:481bce714567 | 4709 | |
wolfSSL | 7:481bce714567 | 4710 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 7:481bce714567 | 4711 | offset += TLSX_Write(ssl->ctx->extensions, output + offset, |
wolfSSL | 7:481bce714567 | 4712 | semaphore, 1); |
wolfSSL | 7:481bce714567 | 4713 | |
wolfSSL | 7:481bce714567 | 4714 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { |
wolfSSL | 7:481bce714567 | 4715 | int i; |
wolfSSL | 7:481bce714567 | 4716 | /* extension type */ |
wolfSSL | 7:481bce714567 | 4717 | c16toa(HELLO_EXT_SIG_ALGO, output + offset); |
wolfSSL | 7:481bce714567 | 4718 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 7:481bce714567 | 4719 | |
wolfSSL | 7:481bce714567 | 4720 | /* extension data length */ |
wolfSSL | 7:481bce714567 | 4721 | c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, |
wolfSSL | 7:481bce714567 | 4722 | output + offset); |
wolfSSL | 7:481bce714567 | 4723 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 4724 | |
wolfSSL | 7:481bce714567 | 4725 | /* sig algos length */ |
wolfSSL | 7:481bce714567 | 4726 | c16toa(ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 7:481bce714567 | 4727 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 4728 | |
wolfSSL | 7:481bce714567 | 4729 | /* sig algos */ |
wolfSSL | 7:481bce714567 | 4730 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++) |
wolfSSL | 7:481bce714567 | 4731 | output[offset] = ssl->suites->hashSigAlgo[i]; |
wolfSSL | 7:481bce714567 | 4732 | } |
wolfSSL | 7:481bce714567 | 4733 | |
wolfSSL | 7:481bce714567 | 4734 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4735 | if (ssl->options.haveEMS) { |
wolfSSL | 7:481bce714567 | 4736 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 7:481bce714567 | 4737 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 7:481bce714567 | 4738 | c16toa(0, output + offset); |
wolfSSL | 7:481bce714567 | 4739 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 7:481bce714567 | 4740 | } |
wolfSSL | 7:481bce714567 | 4741 | #endif |
wolfSSL | 7:481bce714567 | 4742 | |
wolfSSL | 7:481bce714567 | 4743 | if (offset > OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 4744 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 7:481bce714567 | 4745 | } |
wolfSSL | 7:481bce714567 | 4746 | |
wolfSSL | 7:481bce714567 | 4747 | return offset; |
wolfSSL | 7:481bce714567 | 4748 | } |
wolfSSL | 7:481bce714567 | 4749 | |
wolfSSL | 7:481bce714567 | 4750 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 7:481bce714567 | 4751 | |
wolfSSL | 7:481bce714567 | 4752 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 4753 | |
wolfSSL | 7:481bce714567 | 4754 | /** Tells the buffered size of extensions to be sent into the server hello. */ |
wolfSSL | 7:481bce714567 | 4755 | word16 TLSX_GetResponseSize(WOLFSSL* ssl) |
wolfSSL | 7:481bce714567 | 4756 | { |
wolfSSL | 7:481bce714567 | 4757 | word16 length = 0; |
wolfSSL | 7:481bce714567 | 4758 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 7:481bce714567 | 4759 | |
wolfSSL | 7:481bce714567 | 4760 | #ifdef HAVE_QSH |
wolfSSL | 7:481bce714567 | 4761 | /* change response if not using TLS_QSH */ |
wolfSSL | 7:481bce714567 | 4762 | if (!ssl->options.haveQSH) { |
wolfSSL | 7:481bce714567 | 4763 | TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 7:481bce714567 | 4764 | if (ext) |
wolfSSL | 7:481bce714567 | 4765 | ext->resp = 0; |
wolfSSL | 7:481bce714567 | 4766 | } |
wolfSSL | 7:481bce714567 | 4767 | #endif |
wolfSSL | 7:481bce714567 | 4768 | |
wolfSSL | 7:481bce714567 | 4769 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4770 | if (ssl->options.haveEMS) |
wolfSSL | 7:481bce714567 | 4771 | length += HELLO_EXT_SZ; |
wolfSSL | 7:481bce714567 | 4772 | #endif |
wolfSSL | 7:481bce714567 | 4773 | |
wolfSSL | 7:481bce714567 | 4774 | if (TLSX_SupportExtensions(ssl)) |
wolfSSL | 7:481bce714567 | 4775 | length += TLSX_GetSize(ssl->extensions, semaphore, 0); |
wolfSSL | 7:481bce714567 | 4776 | |
wolfSSL | 7:481bce714567 | 4777 | /* All the response data is set at the ssl object only, so no ctx here. */ |
wolfSSL | 7:481bce714567 | 4778 | |
wolfSSL | 7:481bce714567 | 4779 | if (length) |
wolfSSL | 7:481bce714567 | 4780 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 7:481bce714567 | 4781 | |
wolfSSL | 7:481bce714567 | 4782 | return length; |
wolfSSL | 7:481bce714567 | 4783 | } |
wolfSSL | 7:481bce714567 | 4784 | |
wolfSSL | 7:481bce714567 | 4785 | /** Writes the server hello extensions into a buffer. */ |
wolfSSL | 7:481bce714567 | 4786 | word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output) |
wolfSSL | 7:481bce714567 | 4787 | { |
wolfSSL | 7:481bce714567 | 4788 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 4789 | |
wolfSSL | 7:481bce714567 | 4790 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 7:481bce714567 | 4791 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 7:481bce714567 | 4792 | |
wolfSSL | 7:481bce714567 | 4793 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 7:481bce714567 | 4794 | |
wolfSSL | 7:481bce714567 | 4795 | offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0); |
wolfSSL | 7:481bce714567 | 4796 | |
wolfSSL | 7:481bce714567 | 4797 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4798 | if (ssl->options.haveEMS) { |
wolfSSL | 7:481bce714567 | 4799 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 7:481bce714567 | 4800 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 7:481bce714567 | 4801 | c16toa(0, output + offset); |
wolfSSL | 7:481bce714567 | 4802 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 7:481bce714567 | 4803 | } |
wolfSSL | 7:481bce714567 | 4804 | #endif |
wolfSSL | 7:481bce714567 | 4805 | |
wolfSSL | 7:481bce714567 | 4806 | if (offset > OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 4807 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 7:481bce714567 | 4808 | } |
wolfSSL | 7:481bce714567 | 4809 | |
wolfSSL | 7:481bce714567 | 4810 | return offset; |
wolfSSL | 7:481bce714567 | 4811 | } |
wolfSSL | 7:481bce714567 | 4812 | |
wolfSSL | 7:481bce714567 | 4813 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 4814 | |
wolfSSL | 7:481bce714567 | 4815 | /** Parses a buffer of TLS extensions. */ |
wolfSSL | 7:481bce714567 | 4816 | int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, |
wolfSSL | 7:481bce714567 | 4817 | Suites *suites) |
wolfSSL | 7:481bce714567 | 4818 | { |
wolfSSL | 7:481bce714567 | 4819 | int ret = 0; |
wolfSSL | 7:481bce714567 | 4820 | word16 offset = 0; |
wolfSSL | 7:481bce714567 | 4821 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4822 | byte pendingEMS = 0; |
wolfSSL | 7:481bce714567 | 4823 | #endif |
wolfSSL | 7:481bce714567 | 4824 | |
wolfSSL | 7:481bce714567 | 4825 | if (!ssl || !input || (isRequest && !suites)) |
wolfSSL | 7:481bce714567 | 4826 | return BAD_FUNC_ARG; |
wolfSSL | 7:481bce714567 | 4827 | |
wolfSSL | 7:481bce714567 | 4828 | while (ret == 0 && offset < length) { |
wolfSSL | 7:481bce714567 | 4829 | word16 type; |
wolfSSL | 7:481bce714567 | 4830 | word16 size; |
wolfSSL | 7:481bce714567 | 4831 | |
wolfSSL | 7:481bce714567 | 4832 | if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 4833 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 4834 | |
wolfSSL | 7:481bce714567 | 4835 | ato16(input + offset, &type); |
wolfSSL | 7:481bce714567 | 4836 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 7:481bce714567 | 4837 | |
wolfSSL | 7:481bce714567 | 4838 | ato16(input + offset, &size); |
wolfSSL | 7:481bce714567 | 4839 | offset += OPAQUE16_LEN; |
wolfSSL | 7:481bce714567 | 4840 | |
wolfSSL | 7:481bce714567 | 4841 | if (offset + size > length) |
wolfSSL | 7:481bce714567 | 4842 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 4843 | |
wolfSSL | 7:481bce714567 | 4844 | switch (type) { |
wolfSSL | 7:481bce714567 | 4845 | case TLSX_SERVER_NAME: |
wolfSSL | 7:481bce714567 | 4846 | WOLFSSL_MSG("SNI extension received"); |
wolfSSL | 7:481bce714567 | 4847 | |
wolfSSL | 7:481bce714567 | 4848 | ret = SNI_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4849 | break; |
wolfSSL | 7:481bce714567 | 4850 | |
wolfSSL | 7:481bce714567 | 4851 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 7:481bce714567 | 4852 | WOLFSSL_MSG("Max Fragment Length extension received"); |
wolfSSL | 7:481bce714567 | 4853 | |
wolfSSL | 7:481bce714567 | 4854 | ret = MFL_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4855 | break; |
wolfSSL | 7:481bce714567 | 4856 | |
wolfSSL | 7:481bce714567 | 4857 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 7:481bce714567 | 4858 | WOLFSSL_MSG("Truncated HMAC extension received"); |
wolfSSL | 7:481bce714567 | 4859 | |
wolfSSL | 7:481bce714567 | 4860 | ret = THM_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4861 | break; |
wolfSSL | 7:481bce714567 | 4862 | |
wolfSSL | 7:481bce714567 | 4863 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 7:481bce714567 | 4864 | WOLFSSL_MSG("Elliptic Curves extension received"); |
wolfSSL | 7:481bce714567 | 4865 | |
wolfSSL | 7:481bce714567 | 4866 | ret = EC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4867 | break; |
wolfSSL | 7:481bce714567 | 4868 | |
wolfSSL | 7:481bce714567 | 4869 | case TLSX_STATUS_REQUEST: |
wolfSSL | 7:481bce714567 | 4870 | WOLFSSL_MSG("Certificate Status Request extension received"); |
wolfSSL | 7:481bce714567 | 4871 | |
wolfSSL | 7:481bce714567 | 4872 | ret = CSR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4873 | break; |
wolfSSL | 7:481bce714567 | 4874 | |
wolfSSL | 7:481bce714567 | 4875 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 7:481bce714567 | 4876 | WOLFSSL_MSG("Certificate Status Request v2 extension received"); |
wolfSSL | 7:481bce714567 | 4877 | |
wolfSSL | 7:481bce714567 | 4878 | ret = CSR2_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4879 | break; |
wolfSSL | 7:481bce714567 | 4880 | |
wolfSSL | 7:481bce714567 | 4881 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4882 | case HELLO_EXT_EXTMS: |
wolfSSL | 7:481bce714567 | 4883 | WOLFSSL_MSG("Extended Master Secret extension received"); |
wolfSSL | 7:481bce714567 | 4884 | |
wolfSSL | 7:481bce714567 | 4885 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 4886 | if (isRequest) |
wolfSSL | 7:481bce714567 | 4887 | ssl->options.haveEMS = 1; |
wolfSSL | 7:481bce714567 | 4888 | #endif |
wolfSSL | 7:481bce714567 | 4889 | pendingEMS = 1; |
wolfSSL | 7:481bce714567 | 4890 | break; |
wolfSSL | 7:481bce714567 | 4891 | #endif |
wolfSSL | 7:481bce714567 | 4892 | |
wolfSSL | 7:481bce714567 | 4893 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 7:481bce714567 | 4894 | WOLFSSL_MSG("Secure Renegotiation extension received"); |
wolfSSL | 7:481bce714567 | 4895 | |
wolfSSL | 7:481bce714567 | 4896 | ret = SCR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4897 | break; |
wolfSSL | 7:481bce714567 | 4898 | |
wolfSSL | 7:481bce714567 | 4899 | case TLSX_SESSION_TICKET: |
wolfSSL | 7:481bce714567 | 4900 | WOLFSSL_MSG("Session Ticket extension received"); |
wolfSSL | 7:481bce714567 | 4901 | |
wolfSSL | 7:481bce714567 | 4902 | ret = STK_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4903 | break; |
wolfSSL | 7:481bce714567 | 4904 | |
wolfSSL | 7:481bce714567 | 4905 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 7:481bce714567 | 4906 | WOLFSSL_MSG("Quantum-Safe-Hybrid extension received"); |
wolfSSL | 7:481bce714567 | 4907 | |
wolfSSL | 7:481bce714567 | 4908 | ret = QSH_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4909 | break; |
wolfSSL | 7:481bce714567 | 4910 | |
wolfSSL | 7:481bce714567 | 4911 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 7:481bce714567 | 4912 | WOLFSSL_MSG("ALPN extension received"); |
wolfSSL | 7:481bce714567 | 4913 | |
wolfSSL | 7:481bce714567 | 4914 | ret = ALPN_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 7:481bce714567 | 4915 | break; |
wolfSSL | 7:481bce714567 | 4916 | |
wolfSSL | 7:481bce714567 | 4917 | case HELLO_EXT_SIG_ALGO: |
wolfSSL | 7:481bce714567 | 4918 | if (isRequest) { |
wolfSSL | 7:481bce714567 | 4919 | /* do not mess with offset inside the switch! */ |
wolfSSL | 7:481bce714567 | 4920 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 7:481bce714567 | 4921 | ato16(input + offset, &suites->hashSigAlgoSz); |
wolfSSL | 7:481bce714567 | 4922 | |
wolfSSL | 7:481bce714567 | 4923 | if (suites->hashSigAlgoSz > size - OPAQUE16_LEN) |
wolfSSL | 7:481bce714567 | 4924 | return BUFFER_ERROR; |
wolfSSL | 7:481bce714567 | 4925 | |
wolfSSL | 7:481bce714567 | 4926 | XMEMCPY(suites->hashSigAlgo, |
wolfSSL | 7:481bce714567 | 4927 | input + offset + OPAQUE16_LEN, |
wolfSSL | 7:481bce714567 | 4928 | min(suites->hashSigAlgoSz, |
wolfSSL | 7:481bce714567 | 4929 | HELLO_EXT_SIGALGO_MAX)); |
wolfSSL | 7:481bce714567 | 4930 | } |
wolfSSL | 7:481bce714567 | 4931 | } else { |
wolfSSL | 7:481bce714567 | 4932 | WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension."); |
wolfSSL | 7:481bce714567 | 4933 | } |
wolfSSL | 7:481bce714567 | 4934 | |
wolfSSL | 7:481bce714567 | 4935 | break; |
wolfSSL | 7:481bce714567 | 4936 | } |
wolfSSL | 7:481bce714567 | 4937 | |
wolfSSL | 7:481bce714567 | 4938 | /* offset should be updated here! */ |
wolfSSL | 7:481bce714567 | 4939 | offset += size; |
wolfSSL | 7:481bce714567 | 4940 | } |
wolfSSL | 7:481bce714567 | 4941 | |
wolfSSL | 7:481bce714567 | 4942 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 7:481bce714567 | 4943 | if (!isRequest && ssl->options.haveEMS && !pendingEMS) |
wolfSSL | 7:481bce714567 | 4944 | ssl->options.haveEMS = 0; |
wolfSSL | 7:481bce714567 | 4945 | #endif |
wolfSSL | 7:481bce714567 | 4946 | |
wolfSSL | 7:481bce714567 | 4947 | if (ret == 0) |
wolfSSL | 7:481bce714567 | 4948 | ret = SNI_VERIFY_PARSE(ssl, isRequest); |
wolfSSL | 7:481bce714567 | 4949 | |
wolfSSL | 7:481bce714567 | 4950 | return ret; |
wolfSSL | 7:481bce714567 | 4951 | } |
wolfSSL | 7:481bce714567 | 4952 | |
wolfSSL | 7:481bce714567 | 4953 | /* undefining semaphore macros */ |
wolfSSL | 7:481bce714567 | 4954 | #undef IS_OFF |
wolfSSL | 7:481bce714567 | 4955 | #undef TURN_ON |
wolfSSL | 7:481bce714567 | 4956 | #undef SEMAPHORE_SIZE |
wolfSSL | 7:481bce714567 | 4957 | |
wolfSSL | 7:481bce714567 | 4958 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 7:481bce714567 | 4959 | |
wolfSSL | 7:481bce714567 | 4960 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 7:481bce714567 | 4961 | |
wolfSSL | 7:481bce714567 | 4962 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 4963 | |
wolfSSL | 7:481bce714567 | 4964 | WOLFSSL_METHOD* wolfTLSv1_client_method(void) |
wolfSSL | 7:481bce714567 | 4965 | { |
wolfSSL | 7:481bce714567 | 4966 | return wolfTLSv1_client_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 4967 | } |
wolfSSL | 7:481bce714567 | 4968 | |
wolfSSL | 7:481bce714567 | 4969 | |
wolfSSL | 7:481bce714567 | 4970 | WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) |
wolfSSL | 7:481bce714567 | 4971 | { |
wolfSSL | 7:481bce714567 | 4972 | return wolfTLSv1_1_client_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 4973 | } |
wolfSSL | 7:481bce714567 | 4974 | |
wolfSSL | 7:481bce714567 | 4975 | WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 4976 | { |
wolfSSL | 7:481bce714567 | 4977 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 4978 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 4979 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 4980 | if (method) |
wolfSSL | 7:481bce714567 | 4981 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 7:481bce714567 | 4982 | return method; |
wolfSSL | 7:481bce714567 | 4983 | } |
wolfSSL | 7:481bce714567 | 4984 | |
wolfSSL | 7:481bce714567 | 4985 | |
wolfSSL | 7:481bce714567 | 4986 | WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 4987 | { |
wolfSSL | 7:481bce714567 | 4988 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 4989 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 4990 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 4991 | if (method) |
wolfSSL | 7:481bce714567 | 4992 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 7:481bce714567 | 4993 | return method; |
wolfSSL | 7:481bce714567 | 4994 | } |
wolfSSL | 7:481bce714567 | 4995 | |
wolfSSL | 7:481bce714567 | 4996 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 7:481bce714567 | 4997 | |
wolfSSL | 7:481bce714567 | 4998 | |
wolfSSL | 7:481bce714567 | 4999 | WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) |
wolfSSL | 7:481bce714567 | 5000 | { |
wolfSSL | 7:481bce714567 | 5001 | return wolfTLSv1_2_client_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5002 | } |
wolfSSL | 7:481bce714567 | 5003 | |
wolfSSL | 7:481bce714567 | 5004 | WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5005 | { |
wolfSSL | 7:481bce714567 | 5006 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5007 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5008 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5009 | (void)heap; |
wolfSSL | 7:481bce714567 | 5010 | if (method) |
wolfSSL | 7:481bce714567 | 5011 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 7:481bce714567 | 5012 | return method; |
wolfSSL | 7:481bce714567 | 5013 | } |
wolfSSL | 7:481bce714567 | 5014 | |
wolfSSL | 7:481bce714567 | 5015 | |
wolfSSL | 7:481bce714567 | 5016 | WOLFSSL_METHOD* wolfSSLv23_client_method(void) |
wolfSSL | 7:481bce714567 | 5017 | { |
wolfSSL | 7:481bce714567 | 5018 | return wolfSSLv23_client_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5019 | } |
wolfSSL | 7:481bce714567 | 5020 | |
wolfSSL | 7:481bce714567 | 5021 | |
wolfSSL | 7:481bce714567 | 5022 | WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5023 | { |
wolfSSL | 7:481bce714567 | 5024 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5025 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5026 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5027 | (void)heap; |
wolfSSL | 7:481bce714567 | 5028 | if (method) { |
wolfSSL | 7:481bce714567 | 5029 | #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) |
wolfSSL | 7:481bce714567 | 5030 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 7:481bce714567 | 5031 | #else |
wolfSSL | 7:481bce714567 | 5032 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 5033 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 7:481bce714567 | 5034 | #endif |
wolfSSL | 7:481bce714567 | 5035 | #endif |
wolfSSL | 7:481bce714567 | 5036 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 5037 | method->downgrade = 1; |
wolfSSL | 7:481bce714567 | 5038 | #endif |
wolfSSL | 7:481bce714567 | 5039 | } |
wolfSSL | 7:481bce714567 | 5040 | return method; |
wolfSSL | 7:481bce714567 | 5041 | } |
wolfSSL | 7:481bce714567 | 5042 | |
wolfSSL | 7:481bce714567 | 5043 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 7:481bce714567 | 5044 | |
wolfSSL | 7:481bce714567 | 5045 | |
wolfSSL | 7:481bce714567 | 5046 | |
wolfSSL | 7:481bce714567 | 5047 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 7:481bce714567 | 5048 | |
wolfSSL | 7:481bce714567 | 5049 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 5050 | |
wolfSSL | 7:481bce714567 | 5051 | WOLFSSL_METHOD* wolfTLSv1_server_method(void) |
wolfSSL | 7:481bce714567 | 5052 | { |
wolfSSL | 7:481bce714567 | 5053 | return wolfTLSv1_server_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5054 | } |
wolfSSL | 7:481bce714567 | 5055 | |
wolfSSL | 7:481bce714567 | 5056 | |
wolfSSL | 7:481bce714567 | 5057 | WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) |
wolfSSL | 7:481bce714567 | 5058 | { |
wolfSSL | 7:481bce714567 | 5059 | return wolfTLSv1_1_server_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5060 | } |
wolfSSL | 7:481bce714567 | 5061 | |
wolfSSL | 7:481bce714567 | 5062 | WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5063 | { |
wolfSSL | 7:481bce714567 | 5064 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5065 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5066 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5067 | if (method) { |
wolfSSL | 7:481bce714567 | 5068 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 7:481bce714567 | 5069 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 7:481bce714567 | 5070 | } |
wolfSSL | 7:481bce714567 | 5071 | return method; |
wolfSSL | 7:481bce714567 | 5072 | } |
wolfSSL | 7:481bce714567 | 5073 | |
wolfSSL | 7:481bce714567 | 5074 | |
wolfSSL | 7:481bce714567 | 5075 | WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5076 | { |
wolfSSL | 7:481bce714567 | 5077 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5078 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5079 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5080 | if (method) { |
wolfSSL | 7:481bce714567 | 5081 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 7:481bce714567 | 5082 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 7:481bce714567 | 5083 | } |
wolfSSL | 7:481bce714567 | 5084 | return method; |
wolfSSL | 7:481bce714567 | 5085 | } |
wolfSSL | 7:481bce714567 | 5086 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 7:481bce714567 | 5087 | |
wolfSSL | 7:481bce714567 | 5088 | |
wolfSSL | 7:481bce714567 | 5089 | WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) |
wolfSSL | 7:481bce714567 | 5090 | { |
wolfSSL | 7:481bce714567 | 5091 | return wolfTLSv1_2_server_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5092 | } |
wolfSSL | 7:481bce714567 | 5093 | |
wolfSSL | 7:481bce714567 | 5094 | WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5095 | { |
wolfSSL | 7:481bce714567 | 5096 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5097 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5098 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5099 | (void)heap; |
wolfSSL | 7:481bce714567 | 5100 | if (method) { |
wolfSSL | 7:481bce714567 | 5101 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 7:481bce714567 | 5102 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 7:481bce714567 | 5103 | } |
wolfSSL | 7:481bce714567 | 5104 | return method; |
wolfSSL | 7:481bce714567 | 5105 | } |
wolfSSL | 7:481bce714567 | 5106 | |
wolfSSL | 7:481bce714567 | 5107 | |
wolfSSL | 7:481bce714567 | 5108 | WOLFSSL_METHOD* wolfSSLv23_server_method(void) |
wolfSSL | 7:481bce714567 | 5109 | { |
wolfSSL | 7:481bce714567 | 5110 | return wolfSSLv23_server_method_ex(NULL); |
wolfSSL | 7:481bce714567 | 5111 | } |
wolfSSL | 7:481bce714567 | 5112 | |
wolfSSL | 7:481bce714567 | 5113 | WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) |
wolfSSL | 7:481bce714567 | 5114 | { |
wolfSSL | 7:481bce714567 | 5115 | WOLFSSL_METHOD* method = |
wolfSSL | 7:481bce714567 | 5116 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 7:481bce714567 | 5117 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 7:481bce714567 | 5118 | (void)heap; |
wolfSSL | 7:481bce714567 | 5119 | if (method) { |
wolfSSL | 7:481bce714567 | 5120 | #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) |
wolfSSL | 7:481bce714567 | 5121 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 7:481bce714567 | 5122 | #else |
wolfSSL | 7:481bce714567 | 5123 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 5124 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 7:481bce714567 | 5125 | #else |
wolfSSL | 7:481bce714567 | 5126 | #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 |
wolfSSL | 7:481bce714567 | 5127 | #endif |
wolfSSL | 7:481bce714567 | 5128 | #endif |
wolfSSL | 7:481bce714567 | 5129 | #ifndef NO_OLD_TLS |
wolfSSL | 7:481bce714567 | 5130 | method->downgrade = 1; |
wolfSSL | 7:481bce714567 | 5131 | #endif |
wolfSSL | 7:481bce714567 | 5132 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 7:481bce714567 | 5133 | } |
wolfSSL | 7:481bce714567 | 5134 | return method; |
wolfSSL | 7:481bce714567 | 5135 | } |
wolfSSL | 7:481bce714567 | 5136 | |
wolfSSL | 7:481bce714567 | 5137 | |
wolfSSL | 7:481bce714567 | 5138 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 7:481bce714567 | 5139 | #endif /* NO_TLS */ |
wolfSSL | 7:481bce714567 | 5140 | #endif /* WOLFCRYPT_ONLY */ |
wolfSSL | 7:481bce714567 | 5141 |