wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/tls.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* tls.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23
wolfSSL 15:117db924cf7c 24 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 25 #include <config.h>
wolfSSL 15:117db924cf7c 26 #endif
wolfSSL 15:117db924cf7c 27
wolfSSL 15:117db924cf7c 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 29
wolfSSL 15:117db924cf7c 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 15:117db924cf7c 31
wolfSSL 15:117db924cf7c 32 #include <wolfssl/ssl.h>
wolfSSL 15:117db924cf7c 33 #include <wolfssl/internal.h>
wolfSSL 15:117db924cf7c 34 #include <wolfssl/error-ssl.h>
wolfSSL 15:117db924cf7c 35 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 15:117db924cf7c 36 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 38 #else
wolfSSL 15:117db924cf7c 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 40 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 41 #endif
wolfSSL 15:117db924cf7c 42
wolfSSL 15:117db924cf7c 43 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 44 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 15:117db924cf7c 45 #endif
wolfSSL 16:8e0d178b1d1e 46 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 47 #include <wolfssl/wolfcrypt/curve448.h>
wolfSSL 16:8e0d178b1d1e 48 #endif
wolfSSL 15:117db924cf7c 49 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 50 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 15:117db924cf7c 51 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 15:117db924cf7c 52 #endif
wolfSSL 15:117db924cf7c 53
wolfSSL 15:117db924cf7c 54 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 55 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
wolfSSL 15:117db924cf7c 56 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
wolfSSL 15:117db924cf7c 57 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 58 static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
wolfSSL 15:117db924cf7c 59 #endif
wolfSSL 15:117db924cf7c 60 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 61
wolfSSL 15:117db924cf7c 62 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 63 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 15:117db924cf7c 64 (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES))
wolfSSL 15:117db924cf7c 65 static int TLSX_KeyShare_IsSupported(int namedGroup);
wolfSSL 15:117db924cf7c 66 #endif
wolfSSL 15:117db924cf7c 67
wolfSSL 16:8e0d178b1d1e 68 #if ((!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 69 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 16:8e0d178b1d1e 70 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
wolfSSL 16:8e0d178b1d1e 71 && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
wolfSSL 16:8e0d178b1d1e 72 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 73 defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))) && \
wolfSSL 16:8e0d178b1d1e 74 defined(HAVE_TLS_EXTENSIONS)
wolfSSL 15:117db924cf7c 75 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
wolfSSL 15:117db924cf7c 76 #endif
wolfSSL 15:117db924cf7c 77
wolfSSL 15:117db924cf7c 78
wolfSSL 15:117db924cf7c 79 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 80
wolfSSL 15:117db924cf7c 81 /* Digest enable checks */
wolfSSL 15:117db924cf7c 82 #ifdef NO_OLD_TLS /* TLS 1.2 only */
wolfSSL 15:117db924cf7c 83 #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \
wolfSSL 15:117db924cf7c 84 !defined(WOLFSSL_SHA512)
wolfSSL 15:117db924cf7c 85 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 15:117db924cf7c 86 #endif
wolfSSL 15:117db924cf7c 87 #else /* TLS 1.1 or older */
wolfSSL 15:117db924cf7c 88 #if defined(NO_MD5) && defined(NO_SHA)
wolfSSL 15:117db924cf7c 89 #error Must have SHA1 and MD5 enabled for old TLS
wolfSSL 15:117db924cf7c 90 #endif
wolfSSL 15:117db924cf7c 91 #endif
wolfSSL 15:117db924cf7c 92
wolfSSL 15:117db924cf7c 93 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 94 #if !defined(NO_DH) && \
wolfSSL 15:117db924cf7c 95 !defined(HAVE_FFDHE_2048) && !defined(HAVE_FFDHE_3072) && \
wolfSSL 15:117db924cf7c 96 !defined(HAVE_FFDHE_4096) && !defined(HAVE_FFDHE_6144) && \
wolfSSL 15:117db924cf7c 97 !defined(HAVE_FFDHE_8192)
wolfSSL 15:117db924cf7c 98 #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 99 #endif
wolfSSL 15:117db924cf7c 100 #if !defined(NO_RSA) && !defined(WC_RSA_PSS)
wolfSSL 15:117db924cf7c 101 #error The build option WC_RSA_PSS is required for TLS 1.3 with RSA
wolfSSL 15:117db924cf7c 102 #endif
wolfSSL 16:8e0d178b1d1e 103 #ifndef HAVE_TLS_EXTENSIONS
wolfSSL 16:8e0d178b1d1e 104 #ifndef _MSC_VER
wolfSSL 16:8e0d178b1d1e 105 #error "The build option HAVE_TLS_EXTENSIONS is required for TLS 1.3"
wolfSSL 16:8e0d178b1d1e 106 #else
wolfSSL 16:8e0d178b1d1e 107 #pragma message("Error: The build option HAVE_TLS_EXTENSIONS is required for TLS 1.3")
wolfSSL 16:8e0d178b1d1e 108 #endif
wolfSSL 16:8e0d178b1d1e 109 #endif
wolfSSL 16:8e0d178b1d1e 110 #endif
wolfSSL 16:8e0d178b1d1e 111
wolfSSL 16:8e0d178b1d1e 112 /* Warn if secrets logging is enabled */
wolfSSL 16:8e0d178b1d1e 113 #if defined(SHOW_SECRETS) || defined(WOLFSSL_SSLKEYLOGFILE)
wolfSSL 16:8e0d178b1d1e 114 #ifndef _MSC_VER
wolfSSL 16:8e0d178b1d1e 115 #warning The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment
wolfSSL 16:8e0d178b1d1e 116 #else
wolfSSL 16:8e0d178b1d1e 117 #pragma message("Warning: The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment")
wolfSSL 16:8e0d178b1d1e 118 #endif
wolfSSL 16:8e0d178b1d1e 119 #endif
wolfSSL 16:8e0d178b1d1e 120
wolfSSL 16:8e0d178b1d1e 121 /* Optional Pre-Master-Secret logging for Wireshark */
wolfSSL 16:8e0d178b1d1e 122 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
wolfSSL 16:8e0d178b1d1e 123 #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT
wolfSSL 16:8e0d178b1d1e 124 #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log"
wolfSSL 16:8e0d178b1d1e 125 #endif
wolfSSL 16:8e0d178b1d1e 126 #endif
wolfSSL 15:117db924cf7c 127
wolfSSL 15:117db924cf7c 128 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 129
wolfSSL 15:117db924cf7c 130 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 131 #define HSHASH_SZ WC_SHA384_DIGEST_SIZE
wolfSSL 15:117db924cf7c 132 #else
wolfSSL 15:117db924cf7c 133 #define HSHASH_SZ FINISHED_SZ
wolfSSL 15:117db924cf7c 134 #endif
wolfSSL 15:117db924cf7c 135
wolfSSL 16:8e0d178b1d1e 136 #ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL 16:8e0d178b1d1e 137 int tsip_useable(const WOLFSSL *ssl);
wolfSSL 16:8e0d178b1d1e 138 int tsip_generateMasterSecret(const byte *pre,
wolfSSL 16:8e0d178b1d1e 139 const byte *cr,const byte *sr,
wolfSSL 16:8e0d178b1d1e 140 byte *ms/* out */);
wolfSSL 16:8e0d178b1d1e 141 int tsip_generateSeesionKey(WOLFSSL *ssl);
wolfSSL 16:8e0d178b1d1e 142 int tsip_generateVerifyData(const byte *ms, const byte *side,
wolfSSL 16:8e0d178b1d1e 143 const byte *handshake_hash,
wolfSSL 16:8e0d178b1d1e 144 byte *hashes /* out */);
wolfSSL 16:8e0d178b1d1e 145 #endif
wolfSSL 15:117db924cf7c 146
wolfSSL 15:117db924cf7c 147 int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
wolfSSL 15:117db924cf7c 148 {
wolfSSL 16:8e0d178b1d1e 149 int ret = 0;
wolfSSL 15:117db924cf7c 150 word32 hashSz = FINISHED_SZ;
wolfSSL 15:117db924cf7c 151
wolfSSL 15:117db924cf7c 152 if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
wolfSSL 15:117db924cf7c 153 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 154
wolfSSL 16:8e0d178b1d1e 155 /* for constant timing perform these even if error */
wolfSSL 15:117db924cf7c 156 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 157 ret |= wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wolfSSL 16:8e0d178b1d1e 158 ret |= wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]);
wolfSSL 15:117db924cf7c 159 #endif
wolfSSL 15:117db924cf7c 160
wolfSSL 15:117db924cf7c 161 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 15:117db924cf7c 162 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 163 if (ssl->specs.mac_algorithm <= sha256_mac ||
wolfSSL 15:117db924cf7c 164 ssl->specs.mac_algorithm == blake2b_mac) {
wolfSSL 16:8e0d178b1d1e 165 ret |= wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
wolfSSL 15:117db924cf7c 166 hashSz = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 167 }
wolfSSL 15:117db924cf7c 168 #endif
wolfSSL 15:117db924cf7c 169 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 170 if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL 16:8e0d178b1d1e 171 ret |= wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
wolfSSL 15:117db924cf7c 172 hashSz = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 173 }
wolfSSL 15:117db924cf7c 174 #endif
wolfSSL 15:117db924cf7c 175 }
wolfSSL 15:117db924cf7c 176
wolfSSL 15:117db924cf7c 177 *hashLen = hashSz;
wolfSSL 15:117db924cf7c 178
wolfSSL 16:8e0d178b1d1e 179 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 180 ret = BUILD_MSG_ERROR;
wolfSSL 16:8e0d178b1d1e 181
wolfSSL 16:8e0d178b1d1e 182 return ret;
wolfSSL 15:117db924cf7c 183 }
wolfSSL 15:117db924cf7c 184
wolfSSL 15:117db924cf7c 185
wolfSSL 15:117db924cf7c 186 int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 15:117db924cf7c 187 {
wolfSSL 16:8e0d178b1d1e 188 int ret;
wolfSSL 15:117db924cf7c 189 const byte* side;
wolfSSL 16:8e0d178b1d1e 190 word32 hashSz = HSHASH_SZ;
wolfSSL 16:8e0d178b1d1e 191 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 16:8e0d178b1d1e 192 DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap);
wolfSSL 15:117db924cf7c 193 if (handshake_hash == NULL)
wolfSSL 15:117db924cf7c 194 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 195 #else
wolfSSL 16:8e0d178b1d1e 196 byte handshake_hash[HSHASH_SZ];
wolfSSL 16:8e0d178b1d1e 197 #endif
wolfSSL 15:117db924cf7c 198
wolfSSL 15:117db924cf7c 199 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 15:117db924cf7c 200 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 201 if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
wolfSSL 15:117db924cf7c 202 side = tls_client;
wolfSSL 15:117db924cf7c 203 else
wolfSSL 15:117db924cf7c 204 side = tls_server;
wolfSSL 15:117db924cf7c 205
wolfSSL 16:8e0d178b1d1e 206 #ifdef WOLFSSL_HAVE_PRF
wolfSSL 16:8e0d178b1d1e 207 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL 16:8e0d178b1d1e 208 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL 16:8e0d178b1d1e 209 if (tsip_useable(ssl)) {
wolfSSL 16:8e0d178b1d1e 210 ret = tsip_generateVerifyData(ssl->arrays->tsip_masterSecret,
wolfSSL 16:8e0d178b1d1e 211 side, handshake_hash, (byte*)hashes /* out */);
wolfSSL 16:8e0d178b1d1e 212 } else
wolfSSL 16:8e0d178b1d1e 213 #endif
wolfSSL 16:8e0d178b1d1e 214 ret = wc_PRF_TLS((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL 15:117db924cf7c 215 SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL 15:117db924cf7c 216 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 217 ssl->heap, ssl->devId);
wolfSSL 16:8e0d178b1d1e 218 #else
wolfSSL 16:8e0d178b1d1e 219 /* Pseudo random function must be enabled in the configuration. */
wolfSSL 16:8e0d178b1d1e 220 ret = PRF_MISSING;
wolfSSL 16:8e0d178b1d1e 221 WOLFSSL_MSG("Pseudo-random function is not enabled");
wolfSSL 16:8e0d178b1d1e 222
wolfSSL 16:8e0d178b1d1e 223 (void)side;
wolfSSL 16:8e0d178b1d1e 224 (void)hashes;
wolfSSL 16:8e0d178b1d1e 225 #endif
wolfSSL 16:8e0d178b1d1e 226 }
wolfSSL 16:8e0d178b1d1e 227
wolfSSL 16:8e0d178b1d1e 228 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 16:8e0d178b1d1e 229 FREE_VAR(handshake_hash, ssl->heap);
wolfSSL 16:8e0d178b1d1e 230 #endif
wolfSSL 15:117db924cf7c 231
wolfSSL 15:117db924cf7c 232 return ret;
wolfSSL 15:117db924cf7c 233 }
wolfSSL 15:117db924cf7c 234
wolfSSL 15:117db924cf7c 235 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 236
wolfSSL 15:117db924cf7c 237 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 238
wolfSSL 15:117db924cf7c 239 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 240 ProtocolVersion MakeTLSv1(void)
wolfSSL 15:117db924cf7c 241 {
wolfSSL 15:117db924cf7c 242 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 243 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 244 pv.minor = TLSv1_MINOR;
wolfSSL 15:117db924cf7c 245
wolfSSL 15:117db924cf7c 246 return pv;
wolfSSL 15:117db924cf7c 247 }
wolfSSL 15:117db924cf7c 248 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 249
wolfSSL 15:117db924cf7c 250
wolfSSL 15:117db924cf7c 251 ProtocolVersion MakeTLSv1_1(void)
wolfSSL 15:117db924cf7c 252 {
wolfSSL 15:117db924cf7c 253 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 254 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 255 pv.minor = TLSv1_1_MINOR;
wolfSSL 15:117db924cf7c 256
wolfSSL 15:117db924cf7c 257 return pv;
wolfSSL 15:117db924cf7c 258 }
wolfSSL 15:117db924cf7c 259
wolfSSL 15:117db924cf7c 260 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 261
wolfSSL 15:117db924cf7c 262
wolfSSL 15:117db924cf7c 263 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 264
wolfSSL 15:117db924cf7c 265 ProtocolVersion MakeTLSv1_2(void)
wolfSSL 15:117db924cf7c 266 {
wolfSSL 15:117db924cf7c 267 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 268 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 269 pv.minor = TLSv1_2_MINOR;
wolfSSL 15:117db924cf7c 270
wolfSSL 15:117db924cf7c 271 return pv;
wolfSSL 15:117db924cf7c 272 }
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 275
wolfSSL 15:117db924cf7c 276 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 277 /* The TLS v1.3 protocol version.
wolfSSL 15:117db924cf7c 278 *
wolfSSL 15:117db924cf7c 279 * returns the protocol version data for TLS v1.3.
wolfSSL 15:117db924cf7c 280 */
wolfSSL 15:117db924cf7c 281 ProtocolVersion MakeTLSv1_3(void)
wolfSSL 15:117db924cf7c 282 {
wolfSSL 15:117db924cf7c 283 ProtocolVersion pv;
wolfSSL 15:117db924cf7c 284 pv.major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 285 pv.minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 286
wolfSSL 15:117db924cf7c 287 return pv;
wolfSSL 15:117db924cf7c 288 }
wolfSSL 15:117db924cf7c 289 #endif
wolfSSL 15:117db924cf7c 290
wolfSSL 15:117db924cf7c 291 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 292
wolfSSL 15:117db924cf7c 293 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 294 static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
wolfSSL 15:117db924cf7c 295 "extended master secret";
wolfSSL 15:117db924cf7c 296 #endif
wolfSSL 15:117db924cf7c 297 static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL 15:117db924cf7c 298 static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL 15:117db924cf7c 299
wolfSSL 15:117db924cf7c 300 static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
wolfSSL 15:117db924cf7c 301 const byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 302 const byte* sr, const byte* cr,
wolfSSL 15:117db924cf7c 303 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 304 void* heap, int devId)
wolfSSL 15:117db924cf7c 305 {
wolfSSL 15:117db924cf7c 306 int ret;
wolfSSL 16:8e0d178b1d1e 307 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 15:117db924cf7c 308 DECLARE_VAR(seed, byte, SEED_LEN, heap);
wolfSSL 16:8e0d178b1d1e 309 if (seed == NULL)
wolfSSL 16:8e0d178b1d1e 310 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 311 #else
wolfSSL 16:8e0d178b1d1e 312 byte seed[SEED_LEN];
wolfSSL 16:8e0d178b1d1e 313 #endif
wolfSSL 15:117db924cf7c 314
wolfSSL 15:117db924cf7c 315 XMEMCPY(seed, sr, RAN_LEN);
wolfSSL 15:117db924cf7c 316 XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL 15:117db924cf7c 317
wolfSSL 16:8e0d178b1d1e 318 #ifdef WOLFSSL_HAVE_PRF
wolfSSL 16:8e0d178b1d1e 319 ret = wc_PRF_TLS(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL 15:117db924cf7c 320 seed, SEED_LEN, tls1_2, hash_type, heap, devId);
wolfSSL 16:8e0d178b1d1e 321 #else
wolfSSL 16:8e0d178b1d1e 322 /* Pseudo random function must be enabled in the configuration. */
wolfSSL 16:8e0d178b1d1e 323 ret = PRF_MISSING;
wolfSSL 16:8e0d178b1d1e 324 WOLFSSL_MSG("Pseudo-random function is not enabled");
wolfSSL 16:8e0d178b1d1e 325
wolfSSL 16:8e0d178b1d1e 326 (void)key_dig;
wolfSSL 16:8e0d178b1d1e 327 (void)key_dig_len;
wolfSSL 16:8e0d178b1d1e 328 (void)ms;
wolfSSL 16:8e0d178b1d1e 329 (void)msLen;
wolfSSL 16:8e0d178b1d1e 330 (void)tls1_2;
wolfSSL 16:8e0d178b1d1e 331 (void)hash_type;
wolfSSL 16:8e0d178b1d1e 332 (void)heap;
wolfSSL 16:8e0d178b1d1e 333 (void)devId;
wolfSSL 16:8e0d178b1d1e 334 (void)key_label;
wolfSSL 16:8e0d178b1d1e 335 (void)master_label;
wolfSSL 16:8e0d178b1d1e 336 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 16:8e0d178b1d1e 337 (void)ext_master_label;
wolfSSL 16:8e0d178b1d1e 338 #endif
wolfSSL 16:8e0d178b1d1e 339 #endif
wolfSSL 16:8e0d178b1d1e 340
wolfSSL 16:8e0d178b1d1e 341 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 15:117db924cf7c 342 FREE_VAR(seed, heap);
wolfSSL 16:8e0d178b1d1e 343 #endif
wolfSSL 15:117db924cf7c 344
wolfSSL 15:117db924cf7c 345 return ret;
wolfSSL 15:117db924cf7c 346 }
wolfSSL 15:117db924cf7c 347
wolfSSL 15:117db924cf7c 348 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 349 int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
wolfSSL 15:117db924cf7c 350 const byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 351 const byte* sr, const byte* cr,
wolfSSL 15:117db924cf7c 352 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 353 {
wolfSSL 15:117db924cf7c 354 return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2,
wolfSSL 15:117db924cf7c 355 hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 356 }
wolfSSL 15:117db924cf7c 357
wolfSSL 15:117db924cf7c 358
wolfSSL 15:117db924cf7c 359 int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 360 {
wolfSSL 15:117db924cf7c 361 int ret;
wolfSSL 15:117db924cf7c 362 int key_dig_len = 2 * ssl->specs.hash_size +
wolfSSL 15:117db924cf7c 363 2 * ssl->specs.key_size +
wolfSSL 15:117db924cf7c 364 2 * ssl->specs.iv_size;
wolfSSL 15:117db924cf7c 365 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 366 byte* key_dig;
wolfSSL 15:117db924cf7c 367 #else
wolfSSL 15:117db924cf7c 368 byte key_dig[MAX_PRF_DIG];
wolfSSL 15:117db924cf7c 369 #endif
wolfSSL 15:117db924cf7c 370
wolfSSL 15:117db924cf7c 371 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 372 key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 373 if (key_dig == NULL) {
wolfSSL 15:117db924cf7c 374 return MEMORY_E;
wolfSSL 15:117db924cf7c 375 }
wolfSSL 15:117db924cf7c 376 #endif
wolfSSL 16:8e0d178b1d1e 377 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL 16:8e0d178b1d1e 378 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL 16:8e0d178b1d1e 379 if (tsip_useable(ssl))
wolfSSL 16:8e0d178b1d1e 380 ret = tsip_generateSeesionKey(ssl);
wolfSSL 16:8e0d178b1d1e 381 else {
wolfSSL 16:8e0d178b1d1e 382 #endif
wolfSSL 15:117db924cf7c 383 ret = _DeriveTlsKeys(key_dig, key_dig_len,
wolfSSL 15:117db924cf7c 384 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 385 ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL 15:117db924cf7c 386 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 387 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 388 if (ret == 0)
wolfSSL 15:117db924cf7c 389 ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER);
wolfSSL 16:8e0d178b1d1e 390 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL 16:8e0d178b1d1e 391 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL 16:8e0d178b1d1e 392 }
wolfSSL 16:8e0d178b1d1e 393 #endif
wolfSSL 15:117db924cf7c 394
wolfSSL 15:117db924cf7c 395 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 396 XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 397 #endif
wolfSSL 15:117db924cf7c 398
wolfSSL 15:117db924cf7c 399 return ret;
wolfSSL 15:117db924cf7c 400 }
wolfSSL 15:117db924cf7c 401
wolfSSL 15:117db924cf7c 402 static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 403 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 404 const byte* cr, const byte* sr,
wolfSSL 15:117db924cf7c 405 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 406 void* heap, int devId)
wolfSSL 15:117db924cf7c 407 {
wolfSSL 16:8e0d178b1d1e 408 int ret;
wolfSSL 16:8e0d178b1d1e 409 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 16:8e0d178b1d1e 410 DECLARE_VAR(seed, byte, SEED_LEN, heap);
wolfSSL 16:8e0d178b1d1e 411 if (seed == NULL)
wolfSSL 16:8e0d178b1d1e 412 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 413 #else
wolfSSL 16:8e0d178b1d1e 414 byte seed[SEED_LEN];
wolfSSL 16:8e0d178b1d1e 415 #endif
wolfSSL 15:117db924cf7c 416
wolfSSL 15:117db924cf7c 417 XMEMCPY(seed, cr, RAN_LEN);
wolfSSL 15:117db924cf7c 418 XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL 15:117db924cf7c 419
wolfSSL 16:8e0d178b1d1e 420 #ifdef WOLFSSL_HAVE_PRF
wolfSSL 16:8e0d178b1d1e 421 ret = wc_PRF_TLS(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL 15:117db924cf7c 422 seed, SEED_LEN, tls1_2, hash_type, heap, devId);
wolfSSL 16:8e0d178b1d1e 423 #else
wolfSSL 16:8e0d178b1d1e 424 /* Pseudo random function must be enabled in the configuration. */
wolfSSL 16:8e0d178b1d1e 425 ret = PRF_MISSING;
wolfSSL 16:8e0d178b1d1e 426 WOLFSSL_MSG("Pseudo-random function is not enabled");
wolfSSL 16:8e0d178b1d1e 427
wolfSSL 16:8e0d178b1d1e 428 (void)ms;
wolfSSL 16:8e0d178b1d1e 429 (void)msLen;
wolfSSL 16:8e0d178b1d1e 430 (void)pms;
wolfSSL 16:8e0d178b1d1e 431 (void)pmsLen;
wolfSSL 16:8e0d178b1d1e 432 (void)tls1_2;
wolfSSL 16:8e0d178b1d1e 433 (void)hash_type;
wolfSSL 16:8e0d178b1d1e 434 (void)heap;
wolfSSL 16:8e0d178b1d1e 435 (void)devId;
wolfSSL 16:8e0d178b1d1e 436 #endif
wolfSSL 16:8e0d178b1d1e 437
wolfSSL 16:8e0d178b1d1e 438 #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
wolfSSL 16:8e0d178b1d1e 439 FREE_VAR(seed, heap);
wolfSSL 16:8e0d178b1d1e 440 #endif
wolfSSL 16:8e0d178b1d1e 441
wolfSSL 16:8e0d178b1d1e 442 return ret;
wolfSSL 15:117db924cf7c 443 }
wolfSSL 15:117db924cf7c 444
wolfSSL 15:117db924cf7c 445 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 446 int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 447 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 448 const byte* cr, const byte* sr,
wolfSSL 15:117db924cf7c 449 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 450 {
wolfSSL 15:117db924cf7c 451 return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2,
wolfSSL 15:117db924cf7c 452 hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 453 }
wolfSSL 15:117db924cf7c 454
wolfSSL 15:117db924cf7c 455
wolfSSL 15:117db924cf7c 456 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 457
wolfSSL 15:117db924cf7c 458 static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 459 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 460 const byte* sHash, word32 sHashLen,
wolfSSL 15:117db924cf7c 461 int tls1_2, int hash_type,
wolfSSL 15:117db924cf7c 462 void* heap, int devId)
wolfSSL 15:117db924cf7c 463 {
wolfSSL 16:8e0d178b1d1e 464 int ret;
wolfSSL 16:8e0d178b1d1e 465
wolfSSL 16:8e0d178b1d1e 466 #ifdef WOLFSSL_HAVE_PRF
wolfSSL 16:8e0d178b1d1e 467 ret = wc_PRF_TLS(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
wolfSSL 15:117db924cf7c 468 sHash, sHashLen, tls1_2, hash_type, heap, devId);
wolfSSL 16:8e0d178b1d1e 469 #else
wolfSSL 16:8e0d178b1d1e 470 /* Pseudo random function must be enabled in the configuration. */
wolfSSL 16:8e0d178b1d1e 471 ret = PRF_MISSING;
wolfSSL 16:8e0d178b1d1e 472 WOLFSSL_MSG("Pseudo-random function is not enabled");
wolfSSL 16:8e0d178b1d1e 473
wolfSSL 16:8e0d178b1d1e 474 (void)ms;
wolfSSL 16:8e0d178b1d1e 475 (void)msLen;
wolfSSL 16:8e0d178b1d1e 476 (void)pms;
wolfSSL 16:8e0d178b1d1e 477 (void)pmsLen;
wolfSSL 16:8e0d178b1d1e 478 (void)sHash;
wolfSSL 16:8e0d178b1d1e 479 (void)sHashLen;
wolfSSL 16:8e0d178b1d1e 480 (void)tls1_2;
wolfSSL 16:8e0d178b1d1e 481 (void)hash_type;
wolfSSL 16:8e0d178b1d1e 482 (void)heap;
wolfSSL 16:8e0d178b1d1e 483 (void)devId;
wolfSSL 16:8e0d178b1d1e 484 #endif
wolfSSL 16:8e0d178b1d1e 485 return ret;
wolfSSL 15:117db924cf7c 486 }
wolfSSL 15:117db924cf7c 487
wolfSSL 15:117db924cf7c 488 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 15:117db924cf7c 489 int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
wolfSSL 15:117db924cf7c 490 const byte* pms, word32 pmsLen,
wolfSSL 15:117db924cf7c 491 const byte* sHash, word32 sHashLen,
wolfSSL 15:117db924cf7c 492 int tls1_2, int hash_type)
wolfSSL 15:117db924cf7c 493 {
wolfSSL 15:117db924cf7c 494 return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen,
wolfSSL 15:117db924cf7c 495 tls1_2, hash_type, NULL, INVALID_DEVID);
wolfSSL 15:117db924cf7c 496 }
wolfSSL 15:117db924cf7c 497
wolfSSL 15:117db924cf7c 498 #endif /* HAVE_EXTENDED_MASTER */
wolfSSL 15:117db924cf7c 499
wolfSSL 15:117db924cf7c 500
wolfSSL 15:117db924cf7c 501 int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 502 {
wolfSSL 16:8e0d178b1d1e 503 int ret;
wolfSSL 16:8e0d178b1d1e 504
wolfSSL 15:117db924cf7c 505 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 506 if (ssl->options.haveEMS) {
wolfSSL 15:117db924cf7c 507 word32 hashSz = HSHASH_SZ;
wolfSSL 16:8e0d178b1d1e 508 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 509 byte* handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap,
wolfSSL 16:8e0d178b1d1e 510 DYNAMIC_TYPE_DIGEST);
wolfSSL 15:117db924cf7c 511 if (handshake_hash == NULL)
wolfSSL 15:117db924cf7c 512 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 513 #else
wolfSSL 16:8e0d178b1d1e 514 byte handshake_hash[HSHASH_SZ];
wolfSSL 16:8e0d178b1d1e 515 #endif
wolfSSL 15:117db924cf7c 516
wolfSSL 15:117db924cf7c 517 ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
wolfSSL 16:8e0d178b1d1e 518 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 519 ret = _MakeTlsExtendedMasterSecret(
wolfSSL 15:117db924cf7c 520 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 521 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 522 handshake_hash, hashSz,
wolfSSL 15:117db924cf7c 523 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 524 ssl->heap, ssl->devId);
wolfSSL 16:8e0d178b1d1e 525 }
wolfSSL 16:8e0d178b1d1e 526
wolfSSL 16:8e0d178b1d1e 527 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 528 XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 16:8e0d178b1d1e 529 #endif
wolfSSL 16:8e0d178b1d1e 530 }
wolfSSL 16:8e0d178b1d1e 531 else
wolfSSL 16:8e0d178b1d1e 532 #endif /* HAVE_EXTENDED_MASTER */
wolfSSL 16:8e0d178b1d1e 533 {
wolfSSL 16:8e0d178b1d1e 534 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL 16:8e0d178b1d1e 535 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL 16:8e0d178b1d1e 536 if (tsip_useable(ssl)) {
wolfSSL 16:8e0d178b1d1e 537 ret = tsip_generateMasterSecret(
wolfSSL 16:8e0d178b1d1e 538 &ssl->arrays->preMasterSecret[VERSION_SZ],
wolfSSL 16:8e0d178b1d1e 539 ssl->arrays->clientRandom,
wolfSSL 16:8e0d178b1d1e 540 ssl->arrays->serverRandom,
wolfSSL 16:8e0d178b1d1e 541 ssl->arrays->tsip_masterSecret);
wolfSSL 16:8e0d178b1d1e 542 } else
wolfSSL 16:8e0d178b1d1e 543 #endif
wolfSSL 16:8e0d178b1d1e 544 ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 545 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 546 ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL 15:117db924cf7c 547 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 548 ssl->heap, ssl->devId);
wolfSSL 16:8e0d178b1d1e 549 }
wolfSSL 15:117db924cf7c 550 if (ret == 0) {
wolfSSL 15:117db924cf7c 551 #ifdef SHOW_SECRETS
wolfSSL 16:8e0d178b1d1e 552 /* Wireshark Pre-Master-Secret Format:
wolfSSL 16:8e0d178b1d1e 553 * CLIENT_RANDOM <clientrandom> <mastersecret>
wolfSSL 16:8e0d178b1d1e 554 */
wolfSSL 16:8e0d178b1d1e 555 const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM";
wolfSSL 16:8e0d178b1d1e 556 int i, pmsPos = 0;
wolfSSL 16:8e0d178b1d1e 557 char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1];
wolfSSL 16:8e0d178b1d1e 558
wolfSSL 16:8e0d178b1d1e 559 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ",
wolfSSL 16:8e0d178b1d1e 560 CLIENT_RANDOM_LABEL);
wolfSSL 16:8e0d178b1d1e 561 pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1;
wolfSSL 16:8e0d178b1d1e 562 for (i = 0; i < RAN_LEN; i++) {
wolfSSL 16:8e0d178b1d1e 563 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
wolfSSL 16:8e0d178b1d1e 564 ssl->arrays->clientRandom[i]);
wolfSSL 16:8e0d178b1d1e 565 pmsPos += 2;
wolfSSL 16:8e0d178b1d1e 566 }
wolfSSL 16:8e0d178b1d1e 567 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " ");
wolfSSL 16:8e0d178b1d1e 568 pmsPos += 1;
wolfSSL 16:8e0d178b1d1e 569 for (i = 0; i < SECRET_LEN; i++) {
wolfSSL 16:8e0d178b1d1e 570 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x",
wolfSSL 16:8e0d178b1d1e 571 ssl->arrays->masterSecret[i]);
wolfSSL 16:8e0d178b1d1e 572 pmsPos += 2;
wolfSSL 16:8e0d178b1d1e 573 }
wolfSSL 16:8e0d178b1d1e 574 XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n");
wolfSSL 16:8e0d178b1d1e 575 pmsPos += 1;
wolfSSL 16:8e0d178b1d1e 576
wolfSSL 16:8e0d178b1d1e 577 /* print master secret */
wolfSSL 16:8e0d178b1d1e 578 puts(pmsBuf);
wolfSSL 16:8e0d178b1d1e 579
wolfSSL 16:8e0d178b1d1e 580 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
wolfSSL 16:8e0d178b1d1e 581 {
wolfSSL 16:8e0d178b1d1e 582 FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a");
wolfSSL 16:8e0d178b1d1e 583 if (f != XBADFILE) {
wolfSSL 16:8e0d178b1d1e 584 XFWRITE(pmsBuf, 1, pmsPos, f);
wolfSSL 16:8e0d178b1d1e 585 XFCLOSE(f);
wolfSSL 16:8e0d178b1d1e 586 }
wolfSSL 16:8e0d178b1d1e 587 }
wolfSSL 16:8e0d178b1d1e 588 #endif
wolfSSL 16:8e0d178b1d1e 589 #endif /* SHOW_SECRETS */
wolfSSL 15:117db924cf7c 590
wolfSSL 15:117db924cf7c 591 ret = DeriveTlsKeys(ssl);
wolfSSL 15:117db924cf7c 592 }
wolfSSL 15:117db924cf7c 593
wolfSSL 15:117db924cf7c 594 return ret;
wolfSSL 15:117db924cf7c 595 }
wolfSSL 15:117db924cf7c 596
wolfSSL 15:117db924cf7c 597
wolfSSL 15:117db924cf7c 598 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL 15:117db924cf7c 599 * the master_secret. */
wolfSSL 15:117db924cf7c 600 int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL 15:117db924cf7c 601 const char* label)
wolfSSL 15:117db924cf7c 602 {
wolfSSL 15:117db924cf7c 603 int ret;
wolfSSL 15:117db924cf7c 604 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 605 byte* seed;
wolfSSL 15:117db924cf7c 606 #else
wolfSSL 15:117db924cf7c 607 byte seed[SEED_LEN];
wolfSSL 15:117db924cf7c 608 #endif
wolfSSL 15:117db924cf7c 609
wolfSSL 15:117db924cf7c 610 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 611 seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED);
wolfSSL 15:117db924cf7c 612 if (seed == NULL)
wolfSSL 15:117db924cf7c 613 return MEMORY_E;
wolfSSL 15:117db924cf7c 614 #endif
wolfSSL 15:117db924cf7c 615
wolfSSL 15:117db924cf7c 616 /*
wolfSSL 15:117db924cf7c 617 * As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL 15:117db924cf7c 618 * from that used by the TLS protocol to derive keys.
wolfSSL 15:117db924cf7c 619 */
wolfSSL 15:117db924cf7c 620 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 621 XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 622
wolfSSL 16:8e0d178b1d1e 623 #ifdef WOLFSSL_HAVE_PRF
wolfSSL 16:8e0d178b1d1e 624 ret = wc_PRF_TLS((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 15:117db924cf7c 625 (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
wolfSSL 15:117db924cf7c 626 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 627 ssl->heap, ssl->devId);
wolfSSL 16:8e0d178b1d1e 628 #else
wolfSSL 16:8e0d178b1d1e 629 /* Pseudo random function must be enabled in the configuration. */
wolfSSL 16:8e0d178b1d1e 630 ret = PRF_MISSING;
wolfSSL 16:8e0d178b1d1e 631 WOLFSSL_MSG("Pseudo-random function is not enabled");
wolfSSL 16:8e0d178b1d1e 632
wolfSSL 16:8e0d178b1d1e 633 (void)msk;
wolfSSL 16:8e0d178b1d1e 634 (void)len;
wolfSSL 16:8e0d178b1d1e 635 (void)label;
wolfSSL 16:8e0d178b1d1e 636 #endif
wolfSSL 15:117db924cf7c 637
wolfSSL 15:117db924cf7c 638 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 639 XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED);
wolfSSL 15:117db924cf7c 640 #endif
wolfSSL 15:117db924cf7c 641
wolfSSL 15:117db924cf7c 642 return ret;
wolfSSL 15:117db924cf7c 643 }
wolfSSL 15:117db924cf7c 644
wolfSSL 15:117db924cf7c 645
wolfSSL 15:117db924cf7c 646 static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 15:117db924cf7c 647 {
wolfSSL 15:117db924cf7c 648 if (verify) {
wolfSSL 15:117db924cf7c 649 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 15:117db924cf7c 650 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 15:117db924cf7c 651 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 15:117db924cf7c 652 /* handle rollover */
wolfSSL 15:117db924cf7c 653 ssl->keys.peer_sequence_number_hi++;
wolfSSL 15:117db924cf7c 654 }
wolfSSL 15:117db924cf7c 655 }
wolfSSL 15:117db924cf7c 656 else {
wolfSSL 15:117db924cf7c 657 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 15:117db924cf7c 658 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 15:117db924cf7c 659 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 15:117db924cf7c 660 /* handle rollover */
wolfSSL 15:117db924cf7c 661 ssl->keys.sequence_number_hi++;
wolfSSL 15:117db924cf7c 662 }
wolfSSL 15:117db924cf7c 663 }
wolfSSL 15:117db924cf7c 664 }
wolfSSL 15:117db924cf7c 665
wolfSSL 15:117db924cf7c 666
wolfSSL 15:117db924cf7c 667 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 668 static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 15:117db924cf7c 669 {
wolfSSL 15:117db924cf7c 670 if (order == PREV_ORDER) {
wolfSSL 15:117db924cf7c 671 /* Previous epoch case */
wolfSSL 16:8e0d178b1d1e 672 seq[0] = (((word32)ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 15:117db924cf7c 673 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 674 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 15:117db924cf7c 675 }
wolfSSL 15:117db924cf7c 676 else if (order == PEER_ORDER) {
wolfSSL 16:8e0d178b1d1e 677 seq[0] = ((word32)ssl->keys.curEpoch << 16) |
wolfSSL 15:117db924cf7c 678 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 679 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 15:117db924cf7c 680 }
wolfSSL 15:117db924cf7c 681 else {
wolfSSL 16:8e0d178b1d1e 682 seq[0] = ((word32)ssl->keys.dtls_epoch << 16) |
wolfSSL 15:117db924cf7c 683 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 15:117db924cf7c 684 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 15:117db924cf7c 685 }
wolfSSL 15:117db924cf7c 686 }
wolfSSL 15:117db924cf7c 687 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 688
wolfSSL 15:117db924cf7c 689
wolfSSL 15:117db924cf7c 690 static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 15:117db924cf7c 691 {
wolfSSL 15:117db924cf7c 692 word32 seq[2] = {0, 0};
wolfSSL 15:117db924cf7c 693
wolfSSL 15:117db924cf7c 694 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 695 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 15:117db924cf7c 696 }
wolfSSL 15:117db924cf7c 697 else {
wolfSSL 15:117db924cf7c 698 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 699 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 15:117db924cf7c 700 #endif
wolfSSL 15:117db924cf7c 701 }
wolfSSL 15:117db924cf7c 702
wolfSSL 15:117db924cf7c 703 c32toa(seq[0], out);
wolfSSL 15:117db924cf7c 704 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 15:117db924cf7c 705 }
wolfSSL 15:117db924cf7c 706
wolfSSL 15:117db924cf7c 707
wolfSSL 15:117db924cf7c 708 /*** end copy ***/
wolfSSL 15:117db924cf7c 709
wolfSSL 15:117db924cf7c 710
wolfSSL 15:117db924cf7c 711 /* return HMAC digest type in wolfSSL format */
wolfSSL 15:117db924cf7c 712 int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 713 {
wolfSSL 15:117db924cf7c 714 if (ssl == NULL)
wolfSSL 15:117db924cf7c 715 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 716
wolfSSL 15:117db924cf7c 717 switch (ssl->specs.mac_algorithm) {
wolfSSL 15:117db924cf7c 718 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 719 case md5_mac:
wolfSSL 15:117db924cf7c 720 {
wolfSSL 15:117db924cf7c 721 return WC_MD5;
wolfSSL 15:117db924cf7c 722 }
wolfSSL 15:117db924cf7c 723 #endif
wolfSSL 15:117db924cf7c 724 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 725 case sha256_mac:
wolfSSL 15:117db924cf7c 726 {
wolfSSL 15:117db924cf7c 727 return WC_SHA256;
wolfSSL 15:117db924cf7c 728 }
wolfSSL 15:117db924cf7c 729 #endif
wolfSSL 15:117db924cf7c 730 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 731 case sha384_mac:
wolfSSL 15:117db924cf7c 732 {
wolfSSL 15:117db924cf7c 733 return WC_SHA384;
wolfSSL 15:117db924cf7c 734 }
wolfSSL 15:117db924cf7c 735
wolfSSL 15:117db924cf7c 736 #endif
wolfSSL 15:117db924cf7c 737 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 738 case sha_mac:
wolfSSL 15:117db924cf7c 739 {
wolfSSL 15:117db924cf7c 740 return WC_SHA;
wolfSSL 15:117db924cf7c 741 }
wolfSSL 15:117db924cf7c 742 #endif
wolfSSL 15:117db924cf7c 743 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 744 case blake2b_mac:
wolfSSL 15:117db924cf7c 745 {
wolfSSL 15:117db924cf7c 746 return BLAKE2B_ID;
wolfSSL 15:117db924cf7c 747 }
wolfSSL 15:117db924cf7c 748 #endif
wolfSSL 15:117db924cf7c 749 default:
wolfSSL 15:117db924cf7c 750 {
wolfSSL 15:117db924cf7c 751 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 752 }
wolfSSL 15:117db924cf7c 753 }
wolfSSL 15:117db924cf7c 754 }
wolfSSL 15:117db924cf7c 755
wolfSSL 15:117db924cf7c 756
wolfSSL 15:117db924cf7c 757 int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL 15:117db924cf7c 758 int verify)
wolfSSL 15:117db924cf7c 759 {
wolfSSL 15:117db924cf7c 760 if (ssl == NULL || inner == NULL)
wolfSSL 15:117db924cf7c 761 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 762
wolfSSL 15:117db924cf7c 763 XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 764
wolfSSL 15:117db924cf7c 765 WriteSEQ(ssl, verify, inner);
wolfSSL 15:117db924cf7c 766 inner[SEQ_SZ] = (byte)content;
wolfSSL 15:117db924cf7c 767 inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL 15:117db924cf7c 768 inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL 15:117db924cf7c 769 c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL 15:117db924cf7c 770
wolfSSL 15:117db924cf7c 771 return 0;
wolfSSL 15:117db924cf7c 772 }
wolfSSL 15:117db924cf7c 773
wolfSSL 15:117db924cf7c 774
wolfSSL 16:8e0d178b1d1e 775 #ifndef WOLFSSL_AEAD_ONLY
wolfSSL 15:117db924cf7c 776 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 777 !defined(HAVE_SELFTEST)
wolfSSL 15:117db924cf7c 778
wolfSSL 15:117db924cf7c 779 /* Update the hash in the HMAC.
wolfSSL 15:117db924cf7c 780 *
wolfSSL 15:117db924cf7c 781 * hmac HMAC object.
wolfSSL 15:117db924cf7c 782 * data Data to be hashed.
wolfSSL 15:117db924cf7c 783 * sz Size of data to hash.
wolfSSL 15:117db924cf7c 784 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 785 */
wolfSSL 15:117db924cf7c 786 static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz)
wolfSSL 15:117db924cf7c 787 {
wolfSSL 15:117db924cf7c 788 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 789
wolfSSL 15:117db924cf7c 790 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 791 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 792 case WC_SHA:
wolfSSL 15:117db924cf7c 793 ret = wc_ShaUpdate(&hmac->hash.sha, data, sz);
wolfSSL 15:117db924cf7c 794 break;
wolfSSL 15:117db924cf7c 795 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 796
wolfSSL 15:117db924cf7c 797 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 798 case WC_SHA256:
wolfSSL 15:117db924cf7c 799 ret = wc_Sha256Update(&hmac->hash.sha256, data, sz);
wolfSSL 15:117db924cf7c 800 break;
wolfSSL 15:117db924cf7c 801 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 802
wolfSSL 15:117db924cf7c 803 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 804 case WC_SHA384:
wolfSSL 15:117db924cf7c 805 ret = wc_Sha384Update(&hmac->hash.sha384, data, sz);
wolfSSL 15:117db924cf7c 806 break;
wolfSSL 15:117db924cf7c 807 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 808
wolfSSL 15:117db924cf7c 809 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 810 case WC_SHA512:
wolfSSL 15:117db924cf7c 811 ret = wc_Sha512Update(&hmac->hash.sha512, data, sz);
wolfSSL 15:117db924cf7c 812 break;
wolfSSL 15:117db924cf7c 813 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 814 }
wolfSSL 15:117db924cf7c 815
wolfSSL 15:117db924cf7c 816 return ret;
wolfSSL 15:117db924cf7c 817 }
wolfSSL 15:117db924cf7c 818
wolfSSL 15:117db924cf7c 819 /* Finalize the hash but don't put the EOC, padding or length in.
wolfSSL 15:117db924cf7c 820 *
wolfSSL 15:117db924cf7c 821 * hmac HMAC object.
wolfSSL 15:117db924cf7c 822 * hash Hash result.
wolfSSL 15:117db924cf7c 823 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 824 */
wolfSSL 15:117db924cf7c 825 static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash)
wolfSSL 15:117db924cf7c 826 {
wolfSSL 15:117db924cf7c 827 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 828
wolfSSL 15:117db924cf7c 829 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 830 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 831 case WC_SHA:
wolfSSL 15:117db924cf7c 832 ret = wc_ShaFinalRaw(&hmac->hash.sha, hash);
wolfSSL 15:117db924cf7c 833 break;
wolfSSL 15:117db924cf7c 834 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 835
wolfSSL 15:117db924cf7c 836 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 837 case WC_SHA256:
wolfSSL 15:117db924cf7c 838 ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash);
wolfSSL 15:117db924cf7c 839 break;
wolfSSL 15:117db924cf7c 840 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 841
wolfSSL 15:117db924cf7c 842 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 843 case WC_SHA384:
wolfSSL 15:117db924cf7c 844 ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash);
wolfSSL 15:117db924cf7c 845 break;
wolfSSL 15:117db924cf7c 846 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 847
wolfSSL 15:117db924cf7c 848 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 849 case WC_SHA512:
wolfSSL 15:117db924cf7c 850 ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash);
wolfSSL 15:117db924cf7c 851 break;
wolfSSL 15:117db924cf7c 852 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 853 }
wolfSSL 15:117db924cf7c 854
wolfSSL 15:117db924cf7c 855 return ret;
wolfSSL 15:117db924cf7c 856 }
wolfSSL 15:117db924cf7c 857
wolfSSL 15:117db924cf7c 858 /* Finalize the HMAC by performing outer hash.
wolfSSL 15:117db924cf7c 859 *
wolfSSL 15:117db924cf7c 860 * hmac HMAC object.
wolfSSL 15:117db924cf7c 861 * mac MAC result.
wolfSSL 15:117db924cf7c 862 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 863 */
wolfSSL 15:117db924cf7c 864 static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
wolfSSL 15:117db924cf7c 865 {
wolfSSL 15:117db924cf7c 866 int ret = BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 867 wc_HashAlg hash;
wolfSSL 16:8e0d178b1d1e 868 enum wc_HashType hashType = (enum wc_HashType)hmac->macType;
wolfSSL 16:8e0d178b1d1e 869 int digestSz = wc_HashGetDigestSize(hashType);
wolfSSL 16:8e0d178b1d1e 870 int blockSz = wc_HashGetBlockSize(hashType);
wolfSSL 16:8e0d178b1d1e 871
wolfSSL 16:8e0d178b1d1e 872 if ((digestSz >= 0) && (blockSz >= 0)) {
wolfSSL 16:8e0d178b1d1e 873 ret = wc_HashInit(&hash, hashType);
wolfSSL 16:8e0d178b1d1e 874 }
wolfSSL 16:8e0d178b1d1e 875 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 876 ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad,
wolfSSL 16:8e0d178b1d1e 877 blockSz);
wolfSSL 16:8e0d178b1d1e 878 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 879 ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->innerHash,
wolfSSL 16:8e0d178b1d1e 880 digestSz);
wolfSSL 16:8e0d178b1d1e 881 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 882 ret = wc_HashFinal(&hash, hashType, mac);
wolfSSL 16:8e0d178b1d1e 883 wc_HashFree(&hash, hashType);
wolfSSL 15:117db924cf7c 884 }
wolfSSL 15:117db924cf7c 885
wolfSSL 15:117db924cf7c 886 return ret;
wolfSSL 15:117db924cf7c 887 }
wolfSSL 15:117db924cf7c 888
wolfSSL 15:117db924cf7c 889 /* Calculate the HMAC of the header + message data.
wolfSSL 15:117db924cf7c 890 * Constant time implementation using wc_Sha*FinalRaw().
wolfSSL 15:117db924cf7c 891 *
wolfSSL 15:117db924cf7c 892 * hmac HMAC object.
wolfSSL 15:117db924cf7c 893 * digest MAC result.
wolfSSL 15:117db924cf7c 894 * in Message data.
wolfSSL 15:117db924cf7c 895 * sz Size of the message data.
wolfSSL 15:117db924cf7c 896 * header Constructed record header with length of handshake data.
wolfSSL 15:117db924cf7c 897 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 898 */
wolfSSL 15:117db924cf7c 899 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
wolfSSL 15:117db924cf7c 900 word32 sz, byte* header)
wolfSSL 15:117db924cf7c 901 {
wolfSSL 15:117db924cf7c 902 byte lenBytes[8];
wolfSSL 15:117db924cf7c 903 int i, j, k;
wolfSSL 15:117db924cf7c 904 int blockBits, blockMask;
wolfSSL 16:8e0d178b1d1e 905 int lastBlockLen, macLen, extraLen, eocIndex;
wolfSSL 15:117db924cf7c 906 int blocks, safeBlocks, lenBlock, eocBlock;
wolfSSL 15:117db924cf7c 907 int maxLen;
wolfSSL 15:117db924cf7c 908 int blockSz, padSz;
wolfSSL 15:117db924cf7c 909 int ret;
wolfSSL 16:8e0d178b1d1e 910 word32 realLen;
wolfSSL 15:117db924cf7c 911 byte extraBlock;
wolfSSL 15:117db924cf7c 912
wolfSSL 15:117db924cf7c 913 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 914 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 915 case WC_SHA:
wolfSSL 15:117db924cf7c 916 blockSz = WC_SHA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 917 blockBits = 6;
wolfSSL 15:117db924cf7c 918 macLen = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 919 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 920 break;
wolfSSL 15:117db924cf7c 921 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 922
wolfSSL 15:117db924cf7c 923 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 924 case WC_SHA256:
wolfSSL 15:117db924cf7c 925 blockSz = WC_SHA256_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 926 blockBits = 6;
wolfSSL 15:117db924cf7c 927 macLen = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 928 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 929 break;
wolfSSL 15:117db924cf7c 930 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 931
wolfSSL 15:117db924cf7c 932 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 933 case WC_SHA384:
wolfSSL 15:117db924cf7c 934 blockSz = WC_SHA384_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 935 blockBits = 7;
wolfSSL 15:117db924cf7c 936 macLen = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 937 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 938 break;
wolfSSL 15:117db924cf7c 939 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 940
wolfSSL 15:117db924cf7c 941 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 942 case WC_SHA512:
wolfSSL 15:117db924cf7c 943 blockSz = WC_SHA512_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 944 blockBits = 7;
wolfSSL 15:117db924cf7c 945 macLen = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 946 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 947 break;
wolfSSL 15:117db924cf7c 948 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 949
wolfSSL 15:117db924cf7c 950 default:
wolfSSL 15:117db924cf7c 951 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 952 }
wolfSSL 15:117db924cf7c 953 blockMask = blockSz - 1;
wolfSSL 15:117db924cf7c 954
wolfSSL 15:117db924cf7c 955 /* Size of data to HMAC if padding length byte is zero. */
wolfSSL 15:117db924cf7c 956 maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
wolfSSL 15:117db924cf7c 957 /* Complete data (including padding) has block for EOC and/or length. */
wolfSSL 15:117db924cf7c 958 extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
wolfSSL 15:117db924cf7c 959 /* Total number of blocks for data including padding. */
wolfSSL 15:117db924cf7c 960 blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
wolfSSL 15:117db924cf7c 961 /* Up to last 6 blocks can be hashed safely. */
wolfSSL 15:117db924cf7c 962 safeBlocks = blocks - 6;
wolfSSL 15:117db924cf7c 963
wolfSSL 15:117db924cf7c 964 /* Length of message data. */
wolfSSL 15:117db924cf7c 965 realLen = maxLen - in[sz - 1];
wolfSSL 15:117db924cf7c 966 /* Number of message bytes in last block. */
wolfSSL 15:117db924cf7c 967 lastBlockLen = realLen & blockMask;
wolfSSL 15:117db924cf7c 968 /* Number of padding bytes in last block. */
wolfSSL 15:117db924cf7c 969 extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
wolfSSL 15:117db924cf7c 970 /* Number of blocks to create for hash. */
wolfSSL 15:117db924cf7c 971 lenBlock = (realLen + extraLen) >> blockBits;
wolfSSL 15:117db924cf7c 972 /* Block containing EOC byte. */
wolfSSL 15:117db924cf7c 973 eocBlock = realLen >> blockBits;
wolfSSL 15:117db924cf7c 974 /* Index of EOC byte in block. */
wolfSSL 15:117db924cf7c 975 eocIndex = realLen & blockMask;
wolfSSL 15:117db924cf7c 976
wolfSSL 15:117db924cf7c 977 /* Add length of hmac's ipad to total length. */
wolfSSL 15:117db924cf7c 978 realLen += blockSz;
wolfSSL 15:117db924cf7c 979 /* Length as bits - 8 bytes bigendian. */
wolfSSL 15:117db924cf7c 980 c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
wolfSSL 15:117db924cf7c 981 c32toa(realLen << 3, lenBytes + sizeof(word32));
wolfSSL 15:117db924cf7c 982
wolfSSL 15:117db924cf7c 983 ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz);
wolfSSL 15:117db924cf7c 984 if (ret != 0)
wolfSSL 15:117db924cf7c 985 return ret;
wolfSSL 15:117db924cf7c 986
wolfSSL 15:117db924cf7c 987 XMEMSET(hmac->innerHash, 0, macLen);
wolfSSL 15:117db924cf7c 988
wolfSSL 15:117db924cf7c 989 if (safeBlocks > 0) {
wolfSSL 15:117db924cf7c 990 ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 991 if (ret != 0)
wolfSSL 15:117db924cf7c 992 return ret;
wolfSSL 15:117db924cf7c 993 ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
wolfSSL 15:117db924cf7c 994 WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 995 if (ret != 0)
wolfSSL 15:117db924cf7c 996 return ret;
wolfSSL 15:117db924cf7c 997 }
wolfSSL 15:117db924cf7c 998 else
wolfSSL 15:117db924cf7c 999 safeBlocks = 0;
wolfSSL 15:117db924cf7c 1000
wolfSSL 15:117db924cf7c 1001 XMEMSET(digest, 0, macLen);
wolfSSL 15:117db924cf7c 1002 k = safeBlocks * blockSz;
wolfSSL 15:117db924cf7c 1003 for (i = safeBlocks; i < blocks; i++) {
wolfSSL 15:117db924cf7c 1004 unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
wolfSSL 15:117db924cf7c 1005 unsigned char isEocBlock = ctMaskEq(i, eocBlock);
wolfSSL 15:117db924cf7c 1006 unsigned char isOutBlock = ctMaskEq(i, lenBlock);
wolfSSL 15:117db924cf7c 1007
wolfSSL 15:117db924cf7c 1008 for (j = 0; j < blockSz; j++, k++) {
wolfSSL 15:117db924cf7c 1009 unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock;
wolfSSL 15:117db924cf7c 1010 unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
wolfSSL 15:117db924cf7c 1011 unsigned char b = 0;
wolfSSL 15:117db924cf7c 1012
wolfSSL 15:117db924cf7c 1013 if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
wolfSSL 15:117db924cf7c 1014 b = header[k];
wolfSSL 15:117db924cf7c 1015 else if (k < maxLen)
wolfSSL 15:117db924cf7c 1016 b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 15:117db924cf7c 1017
wolfSSL 16:8e0d178b1d1e 1018 b = ctMaskSel(atEoc, 0x80, b);
wolfSSL 15:117db924cf7c 1019 b &= (unsigned char)~(word32)pastEoc;
wolfSSL 15:117db924cf7c 1020 b &= ((unsigned char)~(word32)isOutBlock) | isEocBlock;
wolfSSL 15:117db924cf7c 1021
wolfSSL 15:117db924cf7c 1022 if (j >= blockSz - 8) {
wolfSSL 16:8e0d178b1d1e 1023 b = ctMaskSel(isOutBlock, lenBytes[j - (blockSz - 8)], b);
wolfSSL 15:117db924cf7c 1024 }
wolfSSL 15:117db924cf7c 1025
wolfSSL 15:117db924cf7c 1026 hashBlock[j] = b;
wolfSSL 15:117db924cf7c 1027 }
wolfSSL 15:117db924cf7c 1028
wolfSSL 15:117db924cf7c 1029 ret = Hmac_HashUpdate(hmac, hashBlock, blockSz);
wolfSSL 15:117db924cf7c 1030 if (ret != 0)
wolfSSL 15:117db924cf7c 1031 return ret;
wolfSSL 15:117db924cf7c 1032 ret = Hmac_HashFinalRaw(hmac, hashBlock);
wolfSSL 15:117db924cf7c 1033 if (ret != 0)
wolfSSL 15:117db924cf7c 1034 return ret;
wolfSSL 15:117db924cf7c 1035 for (j = 0; j < macLen; j++)
wolfSSL 15:117db924cf7c 1036 ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock;
wolfSSL 15:117db924cf7c 1037 }
wolfSSL 15:117db924cf7c 1038
wolfSSL 15:117db924cf7c 1039 ret = Hmac_OuterHash(hmac, digest);
wolfSSL 15:117db924cf7c 1040
wolfSSL 15:117db924cf7c 1041 return ret;
wolfSSL 15:117db924cf7c 1042 }
wolfSSL 15:117db924cf7c 1043
wolfSSL 15:117db924cf7c 1044 #endif
wolfSSL 15:117db924cf7c 1045
wolfSSL 15:117db924cf7c 1046 #if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \
wolfSSL 15:117db924cf7c 1047 defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2)
wolfSSL 15:117db924cf7c 1048
wolfSSL 15:117db924cf7c 1049 /* Calculate the HMAC of the header + message data.
wolfSSL 15:117db924cf7c 1050 * Constant time implementation using normal hashing operations.
wolfSSL 15:117db924cf7c 1051 * Update-Final need to be constant time.
wolfSSL 15:117db924cf7c 1052 *
wolfSSL 15:117db924cf7c 1053 * hmac HMAC object.
wolfSSL 15:117db924cf7c 1054 * digest MAC result.
wolfSSL 15:117db924cf7c 1055 * in Message data.
wolfSSL 15:117db924cf7c 1056 * sz Size of the message data.
wolfSSL 15:117db924cf7c 1057 * header Constructed record header with length of handshake data.
wolfSSL 15:117db924cf7c 1058 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 1059 */
wolfSSL 15:117db924cf7c 1060 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
wolfSSL 15:117db924cf7c 1061 word32 sz, byte* header)
wolfSSL 15:117db924cf7c 1062 {
wolfSSL 15:117db924cf7c 1063 byte dummy[WC_MAX_BLOCK_SIZE] = {0};
wolfSSL 15:117db924cf7c 1064 int ret;
wolfSSL 15:117db924cf7c 1065 word32 msgSz, blockSz, macSz, padSz, maxSz, realSz;
wolfSSL 16:8e0d178b1d1e 1066 word32 currSz, offset = 0;
wolfSSL 15:117db924cf7c 1067 int msgBlocks, blocks, blockBits;
wolfSSL 15:117db924cf7c 1068 int i;
wolfSSL 15:117db924cf7c 1069
wolfSSL 15:117db924cf7c 1070 switch (hmac->macType) {
wolfSSL 15:117db924cf7c 1071 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 1072 case WC_SHA:
wolfSSL 15:117db924cf7c 1073 blockSz = WC_SHA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1074 blockBits = 6;
wolfSSL 15:117db924cf7c 1075 macSz = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1076 padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1077 break;
wolfSSL 15:117db924cf7c 1078 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 1079
wolfSSL 15:117db924cf7c 1080 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 1081 case WC_SHA256:
wolfSSL 15:117db924cf7c 1082 blockSz = WC_SHA256_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1083 blockBits = 6;
wolfSSL 15:117db924cf7c 1084 macSz = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1085 padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1086 break;
wolfSSL 15:117db924cf7c 1087 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 1088
wolfSSL 15:117db924cf7c 1089 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 1090 case WC_SHA384:
wolfSSL 15:117db924cf7c 1091 blockSz = WC_SHA384_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1092 blockBits = 7;
wolfSSL 15:117db924cf7c 1093 macSz = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1094 padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1095 break;
wolfSSL 15:117db924cf7c 1096 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 1097
wolfSSL 15:117db924cf7c 1098 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 1099 case WC_SHA512:
wolfSSL 15:117db924cf7c 1100 blockSz = WC_SHA512_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 1101 blockBits = 7;
wolfSSL 15:117db924cf7c 1102 macSz = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 1103 padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1;
wolfSSL 15:117db924cf7c 1104 break;
wolfSSL 15:117db924cf7c 1105 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 1106
wolfSSL 15:117db924cf7c 1107 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 1108 case WC_HASH_TYPE_BLAKE2B:
wolfSSL 15:117db924cf7c 1109 blockSz = BLAKE2B_BLOCKBYTES;
wolfSSL 15:117db924cf7c 1110 blockBits = 7;
wolfSSL 15:117db924cf7c 1111 macSz = BLAKE2B_256;
wolfSSL 15:117db924cf7c 1112 padSz = 0;
wolfSSL 15:117db924cf7c 1113 break;
wolfSSL 15:117db924cf7c 1114 #endif /* HAVE_BLAK2 */
wolfSSL 15:117db924cf7c 1115
wolfSSL 15:117db924cf7c 1116 default:
wolfSSL 15:117db924cf7c 1117 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1118 }
wolfSSL 15:117db924cf7c 1119
wolfSSL 15:117db924cf7c 1120 msgSz = sz - (1 + in[sz - 1] + macSz);
wolfSSL 15:117db924cf7c 1121 /* Make negative result 0 */
wolfSSL 15:117db924cf7c 1122 msgSz &= ~(0 - (msgSz >> 31));
wolfSSL 15:117db924cf7c 1123 realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
wolfSSL 15:117db924cf7c 1124 maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
wolfSSL 15:117db924cf7c 1125
wolfSSL 15:117db924cf7c 1126 /* Calculate #blocks processed in HMAC for max and real data. */
wolfSSL 15:117db924cf7c 1127 blocks = maxSz >> blockBits;
wolfSSL 15:117db924cf7c 1128 blocks += ((maxSz + padSz) % blockSz) < padSz;
wolfSSL 15:117db924cf7c 1129 msgBlocks = realSz >> blockBits;
wolfSSL 15:117db924cf7c 1130 /* #Extra blocks to process. */
wolfSSL 15:117db924cf7c 1131 blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz);
wolfSSL 15:117db924cf7c 1132 /* Calculate whole blocks. */
wolfSSL 15:117db924cf7c 1133 msgBlocks--;
wolfSSL 15:117db924cf7c 1134
wolfSSL 15:117db924cf7c 1135 ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 15:117db924cf7c 1136 if (ret == 0) {
wolfSSL 15:117db924cf7c 1137 /* Fill the rest of the block with any available data. */
wolfSSL 15:117db924cf7c 1138 currSz = ctMaskLT(msgSz, blockSz) & msgSz;
wolfSSL 15:117db924cf7c 1139 currSz |= ctMaskGTE(msgSz, blockSz) & blockSz;
wolfSSL 15:117db924cf7c 1140 currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
wolfSSL 15:117db924cf7c 1141 currSz &= ~(0 - (currSz >> 31));
wolfSSL 15:117db924cf7c 1142 ret = wc_HmacUpdate(hmac, in, currSz);
wolfSSL 15:117db924cf7c 1143 offset = currSz;
wolfSSL 15:117db924cf7c 1144 }
wolfSSL 15:117db924cf7c 1145 if (ret == 0) {
wolfSSL 15:117db924cf7c 1146 /* Do the hash operations on a block basis. */
wolfSSL 15:117db924cf7c 1147 for (i = 0; i < msgBlocks; i++, offset += blockSz) {
wolfSSL 15:117db924cf7c 1148 ret = wc_HmacUpdate(hmac, in + offset, blockSz);
wolfSSL 15:117db924cf7c 1149 if (ret != 0)
wolfSSL 15:117db924cf7c 1150 break;
wolfSSL 15:117db924cf7c 1151 }
wolfSSL 15:117db924cf7c 1152 }
wolfSSL 15:117db924cf7c 1153 if (ret == 0)
wolfSSL 15:117db924cf7c 1154 ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset);
wolfSSL 15:117db924cf7c 1155 if (ret == 0)
wolfSSL 15:117db924cf7c 1156 ret = wc_HmacFinal(hmac, digest);
wolfSSL 15:117db924cf7c 1157 if (ret == 0) {
wolfSSL 15:117db924cf7c 1158 /* Do the dummy hash operations. Do at least one. */
wolfSSL 15:117db924cf7c 1159 for (i = 0; i < blocks + 1; i++) {
wolfSSL 15:117db924cf7c 1160 ret = wc_HmacUpdate(hmac, dummy, blockSz);
wolfSSL 15:117db924cf7c 1161 if (ret != 0)
wolfSSL 15:117db924cf7c 1162 break;
wolfSSL 15:117db924cf7c 1163 }
wolfSSL 15:117db924cf7c 1164 }
wolfSSL 15:117db924cf7c 1165
wolfSSL 15:117db924cf7c 1166 return ret;
wolfSSL 15:117db924cf7c 1167 }
wolfSSL 15:117db924cf7c 1168
wolfSSL 15:117db924cf7c 1169 #endif
wolfSSL 15:117db924cf7c 1170
wolfSSL 15:117db924cf7c 1171 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
wolfSSL 15:117db924cf7c 1172 int content, int verify)
wolfSSL 15:117db924cf7c 1173 {
wolfSSL 15:117db924cf7c 1174 Hmac hmac;
wolfSSL 15:117db924cf7c 1175 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 15:117db924cf7c 1176 int ret = 0;
wolfSSL 16:8e0d178b1d1e 1177 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 16:8e0d178b1d1e 1178 word32 hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 16:8e0d178b1d1e 1179 : ssl->specs.hash_size;
wolfSSL 16:8e0d178b1d1e 1180 #else
wolfSSL 16:8e0d178b1d1e 1181 word32 hashSz = ssl->specs.hash_size;
wolfSSL 16:8e0d178b1d1e 1182 #endif
wolfSSL 15:117db924cf7c 1183
wolfSSL 15:117db924cf7c 1184 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1185 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1186
wolfSSL 15:117db924cf7c 1187 #ifdef HAVE_FUZZER
wolfSSL 15:117db924cf7c 1188 /* Fuzz "in" buffer with sz to be used in HMAC algorithm */
wolfSSL 15:117db924cf7c 1189 if (ssl->fuzzerCb) {
wolfSSL 15:117db924cf7c 1190 if (verify && padSz >= 0) {
wolfSSL 16:8e0d178b1d1e 1191 ssl->fuzzerCb(ssl, in, sz + hashSz + padSz + 1, FUZZ_HMAC,
wolfSSL 16:8e0d178b1d1e 1192 ssl->fuzzerCtx);
wolfSSL 15:117db924cf7c 1193 }
wolfSSL 15:117db924cf7c 1194 else {
wolfSSL 15:117db924cf7c 1195 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 15:117db924cf7c 1196 }
wolfSSL 15:117db924cf7c 1197 }
wolfSSL 15:117db924cf7c 1198 #endif
wolfSSL 15:117db924cf7c 1199
wolfSSL 15:117db924cf7c 1200 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL 16:8e0d178b1d1e 1201 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL 16:8e0d178b1d1e 1202 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL 16:8e0d178b1d1e 1203 if (tsip_useable(ssl)) {
wolfSSL 16:8e0d178b1d1e 1204 if (ssl->specs.hash_size == WC_SHA_DIGEST_SIZE)
wolfSSL 16:8e0d178b1d1e 1205 ret = tsip_Sha1Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ,
wolfSSL 16:8e0d178b1d1e 1206 in, sz, digest, verify);
wolfSSL 16:8e0d178b1d1e 1207 else if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE)
wolfSSL 16:8e0d178b1d1e 1208 ret = tsip_Sha256Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ,
wolfSSL 16:8e0d178b1d1e 1209 in, sz, digest, verify);
wolfSSL 16:8e0d178b1d1e 1210 else
wolfSSL 16:8e0d178b1d1e 1211 ret = TSIP_MAC_DIGSZ_E;
wolfSSL 16:8e0d178b1d1e 1212
wolfSSL 16:8e0d178b1d1e 1213 return ret;
wolfSSL 16:8e0d178b1d1e 1214 }
wolfSSL 16:8e0d178b1d1e 1215 #endif
wolfSSL 15:117db924cf7c 1216 ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 1217 if (ret != 0)
wolfSSL 15:117db924cf7c 1218 return ret;
wolfSSL 15:117db924cf7c 1219
wolfSSL 15:117db924cf7c 1220 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL 15:117db924cf7c 1221 wolfSSL_GetMacSecret(ssl, verify),
wolfSSL 15:117db924cf7c 1222 ssl->specs.hash_size);
wolfSSL 15:117db924cf7c 1223 if (ret == 0) {
wolfSSL 15:117db924cf7c 1224 /* Constant time verification required. */
wolfSSL 15:117db924cf7c 1225 if (verify && padSz >= 0) {
wolfSSL 15:117db924cf7c 1226 #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 1227 !defined(HAVE_SELFTEST)
wolfSSL 15:117db924cf7c 1228 #ifdef HAVE_BLAKE2
wolfSSL 15:117db924cf7c 1229 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
wolfSSL 16:8e0d178b1d1e 1230 ret = Hmac_UpdateFinal(&hmac, digest, in,
wolfSSL 16:8e0d178b1d1e 1231 sz + hashSz + padSz + 1, myInner);
wolfSSL 15:117db924cf7c 1232 }
wolfSSL 15:117db924cf7c 1233 else
wolfSSL 15:117db924cf7c 1234 #endif
wolfSSL 15:117db924cf7c 1235 {
wolfSSL 16:8e0d178b1d1e 1236 ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
wolfSSL 16:8e0d178b1d1e 1237 sz + hashSz + padSz + 1, myInner);
wolfSSL 15:117db924cf7c 1238 }
wolfSSL 15:117db924cf7c 1239 #else
wolfSSL 16:8e0d178b1d1e 1240 ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
wolfSSL 16:8e0d178b1d1e 1241 myInner);
wolfSSL 15:117db924cf7c 1242 #endif
wolfSSL 15:117db924cf7c 1243 }
wolfSSL 15:117db924cf7c 1244 else {
wolfSSL 15:117db924cf7c 1245 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL 15:117db924cf7c 1246 if (ret == 0)
wolfSSL 15:117db924cf7c 1247 ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL 15:117db924cf7c 1248 if (ret == 0)
wolfSSL 15:117db924cf7c 1249 ret = wc_HmacFinal(&hmac, digest);
wolfSSL 15:117db924cf7c 1250 }
wolfSSL 15:117db924cf7c 1251 }
wolfSSL 15:117db924cf7c 1252
wolfSSL 15:117db924cf7c 1253 wc_HmacFree(&hmac);
wolfSSL 15:117db924cf7c 1254
wolfSSL 15:117db924cf7c 1255 return ret;
wolfSSL 15:117db924cf7c 1256 }
wolfSSL 16:8e0d178b1d1e 1257 #endif /* WOLFSSL_AEAD_ONLY */
wolfSSL 15:117db924cf7c 1258
wolfSSL 15:117db924cf7c 1259 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 1260
wolfSSL 15:117db924cf7c 1261 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 15:117db924cf7c 1262
wolfSSL 15:117db924cf7c 1263 /**
wolfSSL 15:117db924cf7c 1264 * The TLSX semaphore is used to calculate the size of the extensions to be sent
wolfSSL 15:117db924cf7c 1265 * from one peer to another.
wolfSSL 15:117db924cf7c 1266 */
wolfSSL 15:117db924cf7c 1267
wolfSSL 15:117db924cf7c 1268 /** Supports up to 64 flags. Increase as needed. */
wolfSSL 15:117db924cf7c 1269 #define SEMAPHORE_SIZE 8
wolfSSL 15:117db924cf7c 1270
wolfSSL 15:117db924cf7c 1271 /**
wolfSSL 15:117db924cf7c 1272 * Converts the extension type (id) to an index in the semaphore.
wolfSSL 15:117db924cf7c 1273 *
wolfSSL 16:8e0d178b1d1e 1274 * Official reference for TLS extension types:
wolfSSL 15:117db924cf7c 1275 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
wolfSSL 15:117db924cf7c 1276 *
wolfSSL 15:117db924cf7c 1277 * Motivation:
wolfSSL 15:117db924cf7c 1278 * Previously, we used the extension type itself as the index of that
wolfSSL 15:117db924cf7c 1279 * extension in the semaphore as the extension types were declared
wolfSSL 15:117db924cf7c 1280 * sequentially, but maintain a semaphore as big as the number of available
wolfSSL 15:117db924cf7c 1281 * extensions is no longer an option since the release of renegotiation_info.
wolfSSL 15:117db924cf7c 1282 *
wolfSSL 15:117db924cf7c 1283 * How to update:
wolfSSL 15:117db924cf7c 1284 * Assign extension types that extrapolate the number of available semaphores
wolfSSL 15:117db924cf7c 1285 * to the first available index going backwards in the semaphore array.
wolfSSL 15:117db924cf7c 1286 * When adding a new extension type that don't extrapolate the number of
wolfSSL 15:117db924cf7c 1287 * available semaphores, check for a possible collision with with a
wolfSSL 15:117db924cf7c 1288 * 'remapped' extension type.
wolfSSL 15:117db924cf7c 1289 */
wolfSSL 15:117db924cf7c 1290 static WC_INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL 15:117db924cf7c 1291 {
wolfSSL 15:117db924cf7c 1292 switch (type) {
wolfSSL 15:117db924cf7c 1293
wolfSSL 15:117db924cf7c 1294 case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */
wolfSSL 15:117db924cf7c 1295 return 63;
wolfSSL 15:117db924cf7c 1296
wolfSSL 15:117db924cf7c 1297 default:
wolfSSL 15:117db924cf7c 1298 if (type > 62) {
wolfSSL 15:117db924cf7c 1299 /* This message SHOULD only happens during the adding of
wolfSSL 15:117db924cf7c 1300 new TLS extensions in which its IANA number overflows
wolfSSL 15:117db924cf7c 1301 the current semaphore's range, or if its number already
wolfSSL 15:117db924cf7c 1302 is assigned to be used by another extension.
wolfSSL 15:117db924cf7c 1303 Use this check value for the new extension and decrement
wolfSSL 15:117db924cf7c 1304 the check value by one. */
wolfSSL 16:8e0d178b1d1e 1305 WOLFSSL_MSG("### TLSX semaphore collision or overflow detected!");
wolfSSL 15:117db924cf7c 1306 }
wolfSSL 15:117db924cf7c 1307 }
wolfSSL 15:117db924cf7c 1308
wolfSSL 15:117db924cf7c 1309 return type;
wolfSSL 15:117db924cf7c 1310 }
wolfSSL 15:117db924cf7c 1311
wolfSSL 15:117db924cf7c 1312 /** Checks if a specific light (tls extension) is not set in the semaphore. */
wolfSSL 15:117db924cf7c 1313 #define IS_OFF(semaphore, light) \
wolfSSL 15:117db924cf7c 1314 (!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8)))))
wolfSSL 15:117db924cf7c 1315
wolfSSL 15:117db924cf7c 1316 /** Turn on a specific light (tls extension) in the semaphore. */
wolfSSL 15:117db924cf7c 1317 /* the semaphore marks the extensions already written to the message */
wolfSSL 15:117db924cf7c 1318 #define TURN_ON(semaphore, light) \
wolfSSL 15:117db924cf7c 1319 ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
wolfSSL 15:117db924cf7c 1320
wolfSSL 15:117db924cf7c 1321 /** Turn off a specific light (tls extension) in the semaphore. */
wolfSSL 15:117db924cf7c 1322 #define TURN_OFF(semaphore, light) \
wolfSSL 15:117db924cf7c 1323 ((semaphore)[(light) / 8] &= (byte) ~(0x01 << ((light) % 8)))
wolfSSL 15:117db924cf7c 1324
wolfSSL 15:117db924cf7c 1325 /** Creates a new extension. */
wolfSSL 15:117db924cf7c 1326 static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap)
wolfSSL 15:117db924cf7c 1327 {
wolfSSL 15:117db924cf7c 1328 TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1329
wolfSSL 15:117db924cf7c 1330 (void)heap;
wolfSSL 15:117db924cf7c 1331
wolfSSL 15:117db924cf7c 1332 if (extension) {
wolfSSL 15:117db924cf7c 1333 extension->type = type;
wolfSSL 15:117db924cf7c 1334 extension->data = data;
wolfSSL 15:117db924cf7c 1335 extension->resp = 0;
wolfSSL 15:117db924cf7c 1336 extension->next = NULL;
wolfSSL 15:117db924cf7c 1337 }
wolfSSL 15:117db924cf7c 1338
wolfSSL 15:117db924cf7c 1339 return extension;
wolfSSL 15:117db924cf7c 1340 }
wolfSSL 15:117db924cf7c 1341
wolfSSL 15:117db924cf7c 1342 /**
wolfSSL 15:117db924cf7c 1343 * Creates a new extension and pushes it to the provided list.
wolfSSL 15:117db924cf7c 1344 * Checks for duplicate extensions, keeps the newest.
wolfSSL 15:117db924cf7c 1345 */
wolfSSL 15:117db924cf7c 1346 static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
wolfSSL 15:117db924cf7c 1347 {
wolfSSL 15:117db924cf7c 1348 TLSX* extension = TLSX_New(type, data, heap);
wolfSSL 15:117db924cf7c 1349
wolfSSL 15:117db924cf7c 1350 if (extension == NULL)
wolfSSL 15:117db924cf7c 1351 return MEMORY_E;
wolfSSL 15:117db924cf7c 1352
wolfSSL 15:117db924cf7c 1353 /* pushes the new extension on the list. */
wolfSSL 15:117db924cf7c 1354 extension->next = *list;
wolfSSL 15:117db924cf7c 1355 *list = extension;
wolfSSL 15:117db924cf7c 1356
wolfSSL 15:117db924cf7c 1357 /* remove duplicate extensions, there should be only one of each type. */
wolfSSL 15:117db924cf7c 1358 do {
wolfSSL 15:117db924cf7c 1359 if (extension->next && extension->next->type == type) {
wolfSSL 15:117db924cf7c 1360 TLSX *next = extension->next;
wolfSSL 15:117db924cf7c 1361
wolfSSL 15:117db924cf7c 1362 extension->next = next->next;
wolfSSL 15:117db924cf7c 1363 next->next = NULL;
wolfSSL 15:117db924cf7c 1364
wolfSSL 15:117db924cf7c 1365 TLSX_FreeAll(next, heap);
wolfSSL 15:117db924cf7c 1366
wolfSSL 15:117db924cf7c 1367 /* there is no way to occur more than
wolfSSL 15:117db924cf7c 1368 * two extensions of the same type.
wolfSSL 15:117db924cf7c 1369 */
wolfSSL 15:117db924cf7c 1370 break;
wolfSSL 15:117db924cf7c 1371 }
wolfSSL 15:117db924cf7c 1372 } while ((extension = extension->next));
wolfSSL 15:117db924cf7c 1373
wolfSSL 15:117db924cf7c 1374 return 0;
wolfSSL 15:117db924cf7c 1375 }
wolfSSL 15:117db924cf7c 1376
wolfSSL 15:117db924cf7c 1377 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 1378
wolfSSL 15:117db924cf7c 1379 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 15:117db924cf7c 1380
wolfSSL 15:117db924cf7c 1381 int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 15:117db924cf7c 1382 {
wolfSSL 15:117db924cf7c 1383 TLSX *extension = TLSX_Find(ssl->extensions, type);
wolfSSL 15:117db924cf7c 1384
wolfSSL 15:117db924cf7c 1385 if (!extension)
wolfSSL 15:117db924cf7c 1386 extension = TLSX_Find(ssl->ctx->extensions, type);
wolfSSL 15:117db924cf7c 1387
wolfSSL 15:117db924cf7c 1388 return extension == NULL;
wolfSSL 15:117db924cf7c 1389 }
wolfSSL 15:117db924cf7c 1390
wolfSSL 15:117db924cf7c 1391 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl);
wolfSSL 15:117db924cf7c 1392
wolfSSL 15:117db924cf7c 1393 int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1394 {
wolfSSL 15:117db924cf7c 1395 SendAlert(ssl, alert_fatal, unsupported_extension);
wolfSSL 15:117db924cf7c 1396 return UNSUPPORTED_EXTENSION;
wolfSSL 15:117db924cf7c 1397 }
wolfSSL 15:117db924cf7c 1398
wolfSSL 15:117db924cf7c 1399 #else
wolfSSL 15:117db924cf7c 1400
wolfSSL 15:117db924cf7c 1401 #define TLSX_CheckUnsupportedExtension(ssl, type) 0
wolfSSL 15:117db924cf7c 1402 #define TLSX_HandleUnsupportedExtension(ssl) 0
wolfSSL 15:117db924cf7c 1403
wolfSSL 15:117db924cf7c 1404 #endif
wolfSSL 15:117db924cf7c 1405
wolfSSL 15:117db924cf7c 1406 /** Mark an extension to be sent back to the client. */
wolfSSL 15:117db924cf7c 1407 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 15:117db924cf7c 1408
wolfSSL 15:117db924cf7c 1409 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 15:117db924cf7c 1410 {
wolfSSL 15:117db924cf7c 1411 TLSX *extension = TLSX_Find(ssl->extensions, type);
wolfSSL 15:117db924cf7c 1412
wolfSSL 15:117db924cf7c 1413 if (extension)
wolfSSL 15:117db924cf7c 1414 extension->resp = 1;
wolfSSL 15:117db924cf7c 1415 }
wolfSSL 15:117db924cf7c 1416
wolfSSL 15:117db924cf7c 1417 /******************************************************************************/
wolfSSL 15:117db924cf7c 1418 /* Application-Layer Protocol Negotiation */
wolfSSL 15:117db924cf7c 1419 /******************************************************************************/
wolfSSL 15:117db924cf7c 1420
wolfSSL 15:117db924cf7c 1421 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 1422 /** Creates a new ALPN object, providing protocol name to use. */
wolfSSL 15:117db924cf7c 1423 static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
wolfSSL 15:117db924cf7c 1424 void* heap)
wolfSSL 15:117db924cf7c 1425 {
wolfSSL 15:117db924cf7c 1426 ALPN *alpn;
wolfSSL 15:117db924cf7c 1427
wolfSSL 15:117db924cf7c 1428 WOLFSSL_ENTER("TLSX_ALPN_New");
wolfSSL 15:117db924cf7c 1429
wolfSSL 15:117db924cf7c 1430 if (protocol_name == NULL ||
wolfSSL 15:117db924cf7c 1431 protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) {
wolfSSL 15:117db924cf7c 1432 WOLFSSL_MSG("Invalid arguments");
wolfSSL 15:117db924cf7c 1433 return NULL;
wolfSSL 15:117db924cf7c 1434 }
wolfSSL 15:117db924cf7c 1435
wolfSSL 15:117db924cf7c 1436 alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1437 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1438 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1439 return NULL;
wolfSSL 15:117db924cf7c 1440 }
wolfSSL 15:117db924cf7c 1441
wolfSSL 15:117db924cf7c 1442 alpn->next = NULL;
wolfSSL 15:117db924cf7c 1443 alpn->negotiated = 0;
wolfSSL 15:117db924cf7c 1444 alpn->options = 0;
wolfSSL 15:117db924cf7c 1445
wolfSSL 15:117db924cf7c 1446 alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1,
wolfSSL 15:117db924cf7c 1447 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1448 if (alpn->protocol_name == NULL) {
wolfSSL 15:117db924cf7c 1449 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1450 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1451 return NULL;
wolfSSL 15:117db924cf7c 1452 }
wolfSSL 15:117db924cf7c 1453
wolfSSL 15:117db924cf7c 1454 XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz);
wolfSSL 15:117db924cf7c 1455 alpn->protocol_name[protocol_nameSz] = 0;
wolfSSL 15:117db924cf7c 1456
wolfSSL 16:8e0d178b1d1e 1457 (void)heap;
wolfSSL 16:8e0d178b1d1e 1458
wolfSSL 15:117db924cf7c 1459 return alpn;
wolfSSL 15:117db924cf7c 1460 }
wolfSSL 15:117db924cf7c 1461
wolfSSL 15:117db924cf7c 1462 /** Releases an ALPN object. */
wolfSSL 15:117db924cf7c 1463 static void TLSX_ALPN_Free(ALPN *alpn, void* heap)
wolfSSL 15:117db924cf7c 1464 {
wolfSSL 15:117db924cf7c 1465 (void)heap;
wolfSSL 15:117db924cf7c 1466
wolfSSL 15:117db924cf7c 1467 if (alpn == NULL)
wolfSSL 15:117db924cf7c 1468 return;
wolfSSL 15:117db924cf7c 1469
wolfSSL 15:117db924cf7c 1470 XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1471 XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1472 }
wolfSSL 15:117db924cf7c 1473
wolfSSL 15:117db924cf7c 1474 /** Releases all ALPN objects in the provided list. */
wolfSSL 15:117db924cf7c 1475 static void TLSX_ALPN_FreeAll(ALPN *list, void* heap)
wolfSSL 15:117db924cf7c 1476 {
wolfSSL 15:117db924cf7c 1477 ALPN* alpn;
wolfSSL 15:117db924cf7c 1478
wolfSSL 15:117db924cf7c 1479 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1480 list = alpn->next;
wolfSSL 15:117db924cf7c 1481 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1482 }
wolfSSL 15:117db924cf7c 1483 }
wolfSSL 15:117db924cf7c 1484
wolfSSL 15:117db924cf7c 1485 /** Tells the buffered size of the ALPN objects in a list. */
wolfSSL 15:117db924cf7c 1486 static word16 TLSX_ALPN_GetSize(ALPN *list)
wolfSSL 15:117db924cf7c 1487 {
wolfSSL 15:117db924cf7c 1488 ALPN* alpn;
wolfSSL 15:117db924cf7c 1489 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 1490
wolfSSL 15:117db924cf7c 1491 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1492 list = alpn->next;
wolfSSL 15:117db924cf7c 1493
wolfSSL 15:117db924cf7c 1494 length++; /* protocol name length is on one byte */
wolfSSL 15:117db924cf7c 1495 length += (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 15:117db924cf7c 1496 }
wolfSSL 15:117db924cf7c 1497
wolfSSL 15:117db924cf7c 1498 return length;
wolfSSL 15:117db924cf7c 1499 }
wolfSSL 15:117db924cf7c 1500
wolfSSL 15:117db924cf7c 1501 /** Writes the ALPN objects of a list in a buffer. */
wolfSSL 15:117db924cf7c 1502 static word16 TLSX_ALPN_Write(ALPN *list, byte *output)
wolfSSL 15:117db924cf7c 1503 {
wolfSSL 15:117db924cf7c 1504 ALPN* alpn;
wolfSSL 15:117db924cf7c 1505 word16 length = 0;
wolfSSL 15:117db924cf7c 1506 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 15:117db924cf7c 1507
wolfSSL 15:117db924cf7c 1508 while ((alpn = list)) {
wolfSSL 15:117db924cf7c 1509 list = alpn->next;
wolfSSL 15:117db924cf7c 1510
wolfSSL 15:117db924cf7c 1511 length = (word16)XSTRLEN(alpn->protocol_name);
wolfSSL 15:117db924cf7c 1512
wolfSSL 15:117db924cf7c 1513 /* protocol name length */
wolfSSL 15:117db924cf7c 1514 output[offset++] = (byte)length;
wolfSSL 15:117db924cf7c 1515
wolfSSL 15:117db924cf7c 1516 /* protocol name value */
wolfSSL 15:117db924cf7c 1517 XMEMCPY(output + offset, alpn->protocol_name, length);
wolfSSL 15:117db924cf7c 1518
wolfSSL 15:117db924cf7c 1519 offset += length;
wolfSSL 15:117db924cf7c 1520 }
wolfSSL 15:117db924cf7c 1521
wolfSSL 15:117db924cf7c 1522 /* writing list length */
wolfSSL 15:117db924cf7c 1523 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 1524
wolfSSL 15:117db924cf7c 1525 return offset;
wolfSSL 15:117db924cf7c 1526 }
wolfSSL 15:117db924cf7c 1527
wolfSSL 15:117db924cf7c 1528 /** Finds a protocol name in the provided ALPN list */
wolfSSL 15:117db924cf7c 1529 static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size)
wolfSSL 15:117db924cf7c 1530 {
wolfSSL 15:117db924cf7c 1531 ALPN *alpn;
wolfSSL 15:117db924cf7c 1532
wolfSSL 15:117db924cf7c 1533 if (list == NULL || protocol_name == NULL)
wolfSSL 15:117db924cf7c 1534 return NULL;
wolfSSL 15:117db924cf7c 1535
wolfSSL 15:117db924cf7c 1536 alpn = list;
wolfSSL 15:117db924cf7c 1537 while (alpn != NULL && (
wolfSSL 15:117db924cf7c 1538 (word16)XSTRLEN(alpn->protocol_name) != size ||
wolfSSL 15:117db924cf7c 1539 XSTRNCMP(alpn->protocol_name, protocol_name, size)))
wolfSSL 15:117db924cf7c 1540 alpn = alpn->next;
wolfSSL 15:117db924cf7c 1541
wolfSSL 15:117db924cf7c 1542 return alpn;
wolfSSL 15:117db924cf7c 1543 }
wolfSSL 15:117db924cf7c 1544
wolfSSL 15:117db924cf7c 1545 /** Set the ALPN matching client and server requirements */
wolfSSL 15:117db924cf7c 1546 static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size,
wolfSSL 15:117db924cf7c 1547 void* heap)
wolfSSL 15:117db924cf7c 1548 {
wolfSSL 15:117db924cf7c 1549 ALPN *alpn;
wolfSSL 15:117db924cf7c 1550 int ret;
wolfSSL 15:117db924cf7c 1551
wolfSSL 15:117db924cf7c 1552 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 1553 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1554
wolfSSL 15:117db924cf7c 1555 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 15:117db924cf7c 1556 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1557 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1558 return MEMORY_E;
wolfSSL 15:117db924cf7c 1559 }
wolfSSL 15:117db924cf7c 1560
wolfSSL 15:117db924cf7c 1561 alpn->negotiated = 1;
wolfSSL 15:117db924cf7c 1562
wolfSSL 15:117db924cf7c 1563 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn,
wolfSSL 15:117db924cf7c 1564 heap);
wolfSSL 15:117db924cf7c 1565 if (ret != 0) {
wolfSSL 15:117db924cf7c 1566 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1567 return ret;
wolfSSL 15:117db924cf7c 1568 }
wolfSSL 15:117db924cf7c 1569
wolfSSL 15:117db924cf7c 1570 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1571 }
wolfSSL 15:117db924cf7c 1572
wolfSSL 15:117db924cf7c 1573 /** Parses a buffer of ALPN extensions and set the first one matching
wolfSSL 15:117db924cf7c 1574 * client and server requirements */
wolfSSL 15:117db924cf7c 1575 static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
wolfSSL 15:117db924cf7c 1576 byte isRequest)
wolfSSL 15:117db924cf7c 1577 {
wolfSSL 15:117db924cf7c 1578 word16 size = 0, offset = 0, idx = 0;
wolfSSL 15:117db924cf7c 1579 int r = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1580 byte match = 0;
wolfSSL 15:117db924cf7c 1581 TLSX *extension;
wolfSSL 15:117db924cf7c 1582 ALPN *alpn = NULL, *list;
wolfSSL 15:117db924cf7c 1583
wolfSSL 15:117db924cf7c 1584 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 1585 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1586
wolfSSL 15:117db924cf7c 1587 ato16(input, &size);
wolfSSL 15:117db924cf7c 1588 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 1589
wolfSSL 16:8e0d178b1d1e 1590 if (size == 0)
wolfSSL 16:8e0d178b1d1e 1591 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 1592
wolfSSL 15:117db924cf7c 1593 extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1594 if (extension == NULL)
wolfSSL 15:117db924cf7c 1595 extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 1596 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1597
wolfSSL 15:117db924cf7c 1598 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 1599 if (ssl->alpnSelect != NULL) {
wolfSSL 15:117db924cf7c 1600 const byte* out;
wolfSSL 15:117db924cf7c 1601 unsigned char outLen;
wolfSSL 15:117db924cf7c 1602
wolfSSL 15:117db924cf7c 1603 if (ssl->alpnSelect(ssl, &out, &outLen, input + offset, size,
wolfSSL 15:117db924cf7c 1604 ssl->alpnSelectArg) == 0) {
wolfSSL 15:117db924cf7c 1605 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 15:117db924cf7c 1606 if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
wolfSSL 15:117db924cf7c 1607 == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 1608 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1609 extension = TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 1610 TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1611 }
wolfSSL 15:117db924cf7c 1612 }
wolfSSL 15:117db924cf7c 1613 }
wolfSSL 15:117db924cf7c 1614 }
wolfSSL 15:117db924cf7c 1615 #endif
wolfSSL 15:117db924cf7c 1616
wolfSSL 15:117db924cf7c 1617 if (extension == NULL || extension->data == NULL) {
wolfSSL 15:117db924cf7c 1618 return isRequest ? 0
wolfSSL 15:117db924cf7c 1619 : TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 1620 }
wolfSSL 15:117db924cf7c 1621
wolfSSL 15:117db924cf7c 1622 /* validating alpn list length */
wolfSSL 15:117db924cf7c 1623 if (length != OPAQUE16_LEN + size)
wolfSSL 15:117db924cf7c 1624 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1625
wolfSSL 15:117db924cf7c 1626 list = (ALPN*)extension->data;
wolfSSL 15:117db924cf7c 1627
wolfSSL 15:117db924cf7c 1628 /* keep the list sent by client */
wolfSSL 15:117db924cf7c 1629 if (isRequest) {
wolfSSL 15:117db924cf7c 1630 if (ssl->alpn_client_list != NULL)
wolfSSL 15:117db924cf7c 1631 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 1632
wolfSSL 15:117db924cf7c 1633 ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
wolfSSL 15:117db924cf7c 1634 DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 1635 if (ssl->alpn_client_list == NULL)
wolfSSL 15:117db924cf7c 1636 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 1637 }
wolfSSL 15:117db924cf7c 1638
wolfSSL 15:117db924cf7c 1639 for (size = 0; offset < length; offset += size) {
wolfSSL 15:117db924cf7c 1640
wolfSSL 15:117db924cf7c 1641 size = input[offset++];
wolfSSL 16:8e0d178b1d1e 1642 if (offset + size > length || size == 0)
wolfSSL 15:117db924cf7c 1643 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1644
wolfSSL 15:117db924cf7c 1645 if (isRequest) {
wolfSSL 15:117db924cf7c 1646 XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size);
wolfSSL 15:117db924cf7c 1647 idx += size;
wolfSSL 15:117db924cf7c 1648 ssl->alpn_client_list[idx++] = ',';
wolfSSL 15:117db924cf7c 1649 }
wolfSSL 15:117db924cf7c 1650
wolfSSL 15:117db924cf7c 1651 if (!match) {
wolfSSL 15:117db924cf7c 1652 alpn = TLSX_ALPN_Find(list, (char*)input + offset, size);
wolfSSL 15:117db924cf7c 1653 if (alpn != NULL) {
wolfSSL 15:117db924cf7c 1654 WOLFSSL_MSG("ALPN protocol match");
wolfSSL 15:117db924cf7c 1655 match = 1;
wolfSSL 15:117db924cf7c 1656
wolfSSL 15:117db924cf7c 1657 /* skip reading other values if not required */
wolfSSL 15:117db924cf7c 1658 if (!isRequest)
wolfSSL 15:117db924cf7c 1659 break;
wolfSSL 15:117db924cf7c 1660 }
wolfSSL 15:117db924cf7c 1661 }
wolfSSL 15:117db924cf7c 1662 }
wolfSSL 15:117db924cf7c 1663
wolfSSL 15:117db924cf7c 1664 if (isRequest)
wolfSSL 15:117db924cf7c 1665 ssl->alpn_client_list[idx-1] = 0;
wolfSSL 15:117db924cf7c 1666
wolfSSL 15:117db924cf7c 1667 if (!match) {
wolfSSL 15:117db924cf7c 1668 WOLFSSL_MSG("No ALPN protocol match");
wolfSSL 15:117db924cf7c 1669
wolfSSL 15:117db924cf7c 1670 /* do nothing if no protocol match between client and server and option
wolfSSL 15:117db924cf7c 1671 is set to continue (like OpenSSL) */
wolfSSL 15:117db924cf7c 1672 if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) {
wolfSSL 15:117db924cf7c 1673 WOLFSSL_MSG("Continue on mismatch");
wolfSSL 15:117db924cf7c 1674 return 0;
wolfSSL 15:117db924cf7c 1675 }
wolfSSL 15:117db924cf7c 1676
wolfSSL 15:117db924cf7c 1677 SendAlert(ssl, alert_fatal, no_application_protocol);
wolfSSL 15:117db924cf7c 1678 return UNKNOWN_ALPN_PROTOCOL_NAME_E;
wolfSSL 15:117db924cf7c 1679 }
wolfSSL 15:117db924cf7c 1680
wolfSSL 15:117db924cf7c 1681 /* set the matching negotiated protocol */
wolfSSL 15:117db924cf7c 1682 r = TLSX_SetALPN(&ssl->extensions,
wolfSSL 15:117db924cf7c 1683 alpn->protocol_name,
wolfSSL 15:117db924cf7c 1684 (word16)XSTRLEN(alpn->protocol_name),
wolfSSL 15:117db924cf7c 1685 ssl->heap);
wolfSSL 15:117db924cf7c 1686 if (r != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 1687 WOLFSSL_MSG("TLSX_UseALPN failed");
wolfSSL 15:117db924cf7c 1688 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 1689 }
wolfSSL 15:117db924cf7c 1690
wolfSSL 15:117db924cf7c 1691 /* reply to ALPN extension sent from client */
wolfSSL 15:117db924cf7c 1692 if (isRequest) {
wolfSSL 15:117db924cf7c 1693 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1694 TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1695 #endif
wolfSSL 15:117db924cf7c 1696 }
wolfSSL 15:117db924cf7c 1697
wolfSSL 15:117db924cf7c 1698 return 0;
wolfSSL 15:117db924cf7c 1699 }
wolfSSL 15:117db924cf7c 1700
wolfSSL 15:117db924cf7c 1701 /** Add a protocol name to the list of accepted usable ones */
wolfSSL 15:117db924cf7c 1702 int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options,
wolfSSL 15:117db924cf7c 1703 void* heap)
wolfSSL 15:117db924cf7c 1704 {
wolfSSL 15:117db924cf7c 1705 ALPN *alpn;
wolfSSL 15:117db924cf7c 1706 TLSX *extension;
wolfSSL 15:117db924cf7c 1707 int ret;
wolfSSL 15:117db924cf7c 1708
wolfSSL 15:117db924cf7c 1709 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 1710 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1711
wolfSSL 15:117db924cf7c 1712 alpn = TLSX_ALPN_New((char *)data, size, heap);
wolfSSL 15:117db924cf7c 1713 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1714 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 1715 return MEMORY_E;
wolfSSL 15:117db924cf7c 1716 }
wolfSSL 15:117db924cf7c 1717
wolfSSL 15:117db924cf7c 1718 /* Set Options of ALPN */
wolfSSL 15:117db924cf7c 1719 alpn->options = options;
wolfSSL 15:117db924cf7c 1720
wolfSSL 15:117db924cf7c 1721 extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1722 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1723 ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
wolfSSL 15:117db924cf7c 1724 (void*)alpn, heap);
wolfSSL 15:117db924cf7c 1725 if (ret != 0) {
wolfSSL 15:117db924cf7c 1726 TLSX_ALPN_Free(alpn, heap);
wolfSSL 15:117db924cf7c 1727 return ret;
wolfSSL 15:117db924cf7c 1728 }
wolfSSL 15:117db924cf7c 1729 }
wolfSSL 15:117db924cf7c 1730 else {
wolfSSL 15:117db924cf7c 1731 /* push new ALPN object to extension data. */
wolfSSL 15:117db924cf7c 1732 alpn->next = (ALPN*)extension->data;
wolfSSL 15:117db924cf7c 1733 extension->data = (void*)alpn;
wolfSSL 15:117db924cf7c 1734 }
wolfSSL 15:117db924cf7c 1735
wolfSSL 15:117db924cf7c 1736 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1737 }
wolfSSL 15:117db924cf7c 1738
wolfSSL 15:117db924cf7c 1739 /** Get the protocol name set by the server */
wolfSSL 15:117db924cf7c 1740 int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
wolfSSL 15:117db924cf7c 1741 {
wolfSSL 15:117db924cf7c 1742 TLSX *extension;
wolfSSL 15:117db924cf7c 1743 ALPN *alpn;
wolfSSL 15:117db924cf7c 1744
wolfSSL 15:117db924cf7c 1745 if (extensions == NULL || data == NULL || dataSz == NULL)
wolfSSL 15:117db924cf7c 1746 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1747
wolfSSL 15:117db924cf7c 1748 extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
wolfSSL 15:117db924cf7c 1749 if (extension == NULL) {
wolfSSL 15:117db924cf7c 1750 WOLFSSL_MSG("TLS extension not found");
wolfSSL 15:117db924cf7c 1751 return WOLFSSL_ALPN_NOT_FOUND;
wolfSSL 15:117db924cf7c 1752 }
wolfSSL 15:117db924cf7c 1753
wolfSSL 15:117db924cf7c 1754 alpn = (ALPN *)extension->data;
wolfSSL 15:117db924cf7c 1755 if (alpn == NULL) {
wolfSSL 15:117db924cf7c 1756 WOLFSSL_MSG("ALPN extension not found");
wolfSSL 15:117db924cf7c 1757 *data = NULL;
wolfSSL 15:117db924cf7c 1758 *dataSz = 0;
wolfSSL 15:117db924cf7c 1759 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1760 }
wolfSSL 15:117db924cf7c 1761
wolfSSL 15:117db924cf7c 1762 if (alpn->negotiated != 1) {
wolfSSL 15:117db924cf7c 1763
wolfSSL 15:117db924cf7c 1764 /* consider as an error */
wolfSSL 15:117db924cf7c 1765 if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) {
wolfSSL 15:117db924cf7c 1766 WOLFSSL_MSG("No protocol match with peer -> Failed");
wolfSSL 15:117db924cf7c 1767 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1768 }
wolfSSL 15:117db924cf7c 1769
wolfSSL 15:117db924cf7c 1770 /* continue without negotiated protocol */
wolfSSL 15:117db924cf7c 1771 WOLFSSL_MSG("No protocol match with peer -> Continue");
wolfSSL 15:117db924cf7c 1772 return WOLFSSL_ALPN_NOT_FOUND;
wolfSSL 15:117db924cf7c 1773 }
wolfSSL 15:117db924cf7c 1774
wolfSSL 15:117db924cf7c 1775 if (alpn->next != NULL) {
wolfSSL 15:117db924cf7c 1776 WOLFSSL_MSG("Only one protocol name must be accepted");
wolfSSL 15:117db924cf7c 1777 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1778 }
wolfSSL 15:117db924cf7c 1779
wolfSSL 15:117db924cf7c 1780 *data = alpn->protocol_name;
wolfSSL 15:117db924cf7c 1781 *dataSz = (word16)XSTRLEN((char*)*data);
wolfSSL 15:117db924cf7c 1782
wolfSSL 15:117db924cf7c 1783 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1784 }
wolfSSL 15:117db924cf7c 1785
wolfSSL 15:117db924cf7c 1786 #define ALPN_FREE_ALL TLSX_ALPN_FreeAll
wolfSSL 15:117db924cf7c 1787 #define ALPN_GET_SIZE TLSX_ALPN_GetSize
wolfSSL 15:117db924cf7c 1788 #define ALPN_WRITE TLSX_ALPN_Write
wolfSSL 15:117db924cf7c 1789 #define ALPN_PARSE TLSX_ALPN_ParseAndSet
wolfSSL 15:117db924cf7c 1790
wolfSSL 15:117db924cf7c 1791 #else /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 1792
wolfSSL 15:117db924cf7c 1793 #define ALPN_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 1794 #define ALPN_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 1795 #define ALPN_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 1796 #define ALPN_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 1797
wolfSSL 15:117db924cf7c 1798 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 1799
wolfSSL 15:117db924cf7c 1800 /******************************************************************************/
wolfSSL 15:117db924cf7c 1801 /* Server Name Indication */
wolfSSL 15:117db924cf7c 1802 /******************************************************************************/
wolfSSL 15:117db924cf7c 1803
wolfSSL 15:117db924cf7c 1804 #ifdef HAVE_SNI
wolfSSL 15:117db924cf7c 1805
wolfSSL 15:117db924cf7c 1806 /** Creates a new SNI object. */
wolfSSL 15:117db924cf7c 1807 static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
wolfSSL 15:117db924cf7c 1808 {
wolfSSL 15:117db924cf7c 1809 SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1810
wolfSSL 16:8e0d178b1d1e 1811 (void)heap;
wolfSSL 16:8e0d178b1d1e 1812
wolfSSL 15:117db924cf7c 1813 if (sni) {
wolfSSL 15:117db924cf7c 1814 sni->type = type;
wolfSSL 15:117db924cf7c 1815 sni->next = NULL;
wolfSSL 15:117db924cf7c 1816
wolfSSL 15:117db924cf7c 1817 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1818 sni->options = 0;
wolfSSL 15:117db924cf7c 1819 sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL 15:117db924cf7c 1820 #endif
wolfSSL 15:117db924cf7c 1821
wolfSSL 15:117db924cf7c 1822 switch (sni->type) {
wolfSSL 15:117db924cf7c 1823 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1824 sni->data.host_name = (char*)XMALLOC(size + 1, heap,
wolfSSL 15:117db924cf7c 1825 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1826 if (sni->data.host_name) {
wolfSSL 15:117db924cf7c 1827 XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL 15:117db924cf7c 1828 sni->data.host_name[size] = '\0';
wolfSSL 15:117db924cf7c 1829 } else {
wolfSSL 15:117db924cf7c 1830 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1831 sni = NULL;
wolfSSL 15:117db924cf7c 1832 }
wolfSSL 15:117db924cf7c 1833 break;
wolfSSL 15:117db924cf7c 1834
wolfSSL 15:117db924cf7c 1835 default: /* invalid type */
wolfSSL 15:117db924cf7c 1836 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1837 sni = NULL;
wolfSSL 15:117db924cf7c 1838 }
wolfSSL 15:117db924cf7c 1839 }
wolfSSL 15:117db924cf7c 1840
wolfSSL 15:117db924cf7c 1841 return sni;
wolfSSL 15:117db924cf7c 1842 }
wolfSSL 15:117db924cf7c 1843
wolfSSL 15:117db924cf7c 1844 /** Releases a SNI object. */
wolfSSL 15:117db924cf7c 1845 static void TLSX_SNI_Free(SNI* sni, void* heap)
wolfSSL 15:117db924cf7c 1846 {
wolfSSL 15:117db924cf7c 1847 if (sni) {
wolfSSL 15:117db924cf7c 1848 switch (sni->type) {
wolfSSL 15:117db924cf7c 1849 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1850 XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1851 break;
wolfSSL 15:117db924cf7c 1852 }
wolfSSL 15:117db924cf7c 1853
wolfSSL 15:117db924cf7c 1854 XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 1855 }
wolfSSL 15:117db924cf7c 1856 (void)heap;
wolfSSL 15:117db924cf7c 1857 }
wolfSSL 15:117db924cf7c 1858
wolfSSL 15:117db924cf7c 1859 /** Releases all SNI objects in the provided list. */
wolfSSL 15:117db924cf7c 1860 static void TLSX_SNI_FreeAll(SNI* list, void* heap)
wolfSSL 15:117db924cf7c 1861 {
wolfSSL 15:117db924cf7c 1862 SNI* sni;
wolfSSL 15:117db924cf7c 1863
wolfSSL 15:117db924cf7c 1864 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1865 list = sni->next;
wolfSSL 15:117db924cf7c 1866 TLSX_SNI_Free(sni, heap);
wolfSSL 15:117db924cf7c 1867 }
wolfSSL 15:117db924cf7c 1868 }
wolfSSL 15:117db924cf7c 1869
wolfSSL 15:117db924cf7c 1870 /** Tells the buffered size of the SNI objects in a list. */
wolfSSL 15:117db924cf7c 1871 static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL 15:117db924cf7c 1872 {
wolfSSL 15:117db924cf7c 1873 SNI* sni;
wolfSSL 15:117db924cf7c 1874 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 1875
wolfSSL 15:117db924cf7c 1876 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1877 list = sni->next;
wolfSSL 15:117db924cf7c 1878
wolfSSL 15:117db924cf7c 1879 length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL 15:117db924cf7c 1880
wolfSSL 15:117db924cf7c 1881 switch (sni->type) {
wolfSSL 15:117db924cf7c 1882 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1883 length += (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 15:117db924cf7c 1884 break;
wolfSSL 15:117db924cf7c 1885 }
wolfSSL 15:117db924cf7c 1886 }
wolfSSL 15:117db924cf7c 1887
wolfSSL 15:117db924cf7c 1888 return length;
wolfSSL 15:117db924cf7c 1889 }
wolfSSL 15:117db924cf7c 1890
wolfSSL 15:117db924cf7c 1891 /** Writes the SNI objects of a list in a buffer. */
wolfSSL 15:117db924cf7c 1892 static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL 15:117db924cf7c 1893 {
wolfSSL 15:117db924cf7c 1894 SNI* sni;
wolfSSL 15:117db924cf7c 1895 word16 length = 0;
wolfSSL 15:117db924cf7c 1896 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 15:117db924cf7c 1897
wolfSSL 15:117db924cf7c 1898 while ((sni = list)) {
wolfSSL 15:117db924cf7c 1899 list = sni->next;
wolfSSL 15:117db924cf7c 1900
wolfSSL 15:117db924cf7c 1901 output[offset++] = sni->type; /* sni type */
wolfSSL 15:117db924cf7c 1902
wolfSSL 15:117db924cf7c 1903 switch (sni->type) {
wolfSSL 15:117db924cf7c 1904 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 1905 length = (word16)XSTRLEN((char*)sni->data.host_name);
wolfSSL 15:117db924cf7c 1906
wolfSSL 15:117db924cf7c 1907 c16toa(length, output + offset); /* sni length */
wolfSSL 15:117db924cf7c 1908 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 1909
wolfSSL 15:117db924cf7c 1910 XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL 15:117db924cf7c 1911
wolfSSL 15:117db924cf7c 1912 offset += length;
wolfSSL 15:117db924cf7c 1913 break;
wolfSSL 15:117db924cf7c 1914 }
wolfSSL 15:117db924cf7c 1915 }
wolfSSL 15:117db924cf7c 1916
wolfSSL 15:117db924cf7c 1917 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 1918
wolfSSL 15:117db924cf7c 1919 return offset;
wolfSSL 15:117db924cf7c 1920 }
wolfSSL 15:117db924cf7c 1921
wolfSSL 15:117db924cf7c 1922 /** Finds a SNI object in the provided list. */
wolfSSL 15:117db924cf7c 1923 static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL 15:117db924cf7c 1924 {
wolfSSL 15:117db924cf7c 1925 SNI* sni = list;
wolfSSL 15:117db924cf7c 1926
wolfSSL 15:117db924cf7c 1927 while (sni && sni->type != type)
wolfSSL 15:117db924cf7c 1928 sni = sni->next;
wolfSSL 15:117db924cf7c 1929
wolfSSL 15:117db924cf7c 1930 return sni;
wolfSSL 15:117db924cf7c 1931 }
wolfSSL 15:117db924cf7c 1932
wolfSSL 15:117db924cf7c 1933 /** Sets the status of a SNI object. */
wolfSSL 15:117db924cf7c 1934 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL 15:117db924cf7c 1935 {
wolfSSL 15:117db924cf7c 1936 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 1937 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 1938
wolfSSL 15:117db924cf7c 1939 if (sni)
wolfSSL 15:117db924cf7c 1940 sni->status = status;
wolfSSL 15:117db924cf7c 1941 }
wolfSSL 15:117db924cf7c 1942
wolfSSL 15:117db924cf7c 1943 /** Gets the status of a SNI object. */
wolfSSL 15:117db924cf7c 1944 byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL 15:117db924cf7c 1945 {
wolfSSL 15:117db924cf7c 1946 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 1947 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 1948
wolfSSL 15:117db924cf7c 1949 if (sni)
wolfSSL 15:117db924cf7c 1950 return sni->status;
wolfSSL 15:117db924cf7c 1951
wolfSSL 15:117db924cf7c 1952 return 0;
wolfSSL 15:117db924cf7c 1953 }
wolfSSL 15:117db924cf7c 1954
wolfSSL 15:117db924cf7c 1955 /** Parses a buffer of SNI extensions. */
wolfSSL 15:117db924cf7c 1956 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 1957 byte isRequest)
wolfSSL 15:117db924cf7c 1958 {
wolfSSL 15:117db924cf7c 1959 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1960 word16 size = 0;
wolfSSL 15:117db924cf7c 1961 word16 offset = 0;
wolfSSL 15:117db924cf7c 1962 int cacheOnly = 0;
wolfSSL 16:8e0d178b1d1e 1963 SNI *sni = NULL;
wolfSSL 16:8e0d178b1d1e 1964 byte type;
wolfSSL 16:8e0d178b1d1e 1965 int matchStat;
wolfSSL 16:8e0d178b1d1e 1966 byte matched;
wolfSSL 15:117db924cf7c 1967 #endif
wolfSSL 15:117db924cf7c 1968
wolfSSL 15:117db924cf7c 1969 TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 1970
wolfSSL 15:117db924cf7c 1971 if (!extension)
wolfSSL 15:117db924cf7c 1972 extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 1973
wolfSSL 15:117db924cf7c 1974 if (!isRequest) {
wolfSSL 15:117db924cf7c 1975 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 1976 if (!extension || !extension->data)
wolfSSL 15:117db924cf7c 1977 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 1978
wolfSSL 15:117db924cf7c 1979 if (length > 0)
wolfSSL 15:117db924cf7c 1980 return BUFFER_ERROR; /* SNI response MUST be empty. */
wolfSSL 15:117db924cf7c 1981
wolfSSL 15:117db924cf7c 1982 /* This call enables wolfSSL_SNI_GetRequest() to be called in the
wolfSSL 15:117db924cf7c 1983 * client side to fetch the used SNI. It will only work if the SNI
wolfSSL 15:117db924cf7c 1984 * was set at the SSL object level. Right now we only support one
wolfSSL 15:117db924cf7c 1985 * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the
wolfSSL 15:117db924cf7c 1986 * inclusion of other name types will turn this method inaccurate,
wolfSSL 15:117db924cf7c 1987 * as the extension response doesn't contains information of which
wolfSSL 15:117db924cf7c 1988 * name was accepted.
wolfSSL 15:117db924cf7c 1989 */
wolfSSL 15:117db924cf7c 1990 TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME,
wolfSSL 15:117db924cf7c 1991 WOLFSSL_SNI_REAL_MATCH);
wolfSSL 15:117db924cf7c 1992
wolfSSL 15:117db924cf7c 1993 return 0;
wolfSSL 15:117db924cf7c 1994 #endif
wolfSSL 15:117db924cf7c 1995 }
wolfSSL 15:117db924cf7c 1996
wolfSSL 15:117db924cf7c 1997 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1998 if (!extension || !extension->data) {
wolfSSL 15:117db924cf7c 1999 #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2000 /* This will keep SNI even though TLSX_UseSNI has not been called.
wolfSSL 15:117db924cf7c 2001 * Enable it so that the received sni is available to functions
wolfSSL 15:117db924cf7c 2002 * that use a custom callback when SNI is received.
wolfSSL 15:117db924cf7c 2003 */
wolfSSL 15:117db924cf7c 2004
wolfSSL 15:117db924cf7c 2005 cacheOnly = 1;
wolfSSL 15:117db924cf7c 2006 WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
wolfSSL 15:117db924cf7c 2007 #else
wolfSSL 15:117db924cf7c 2008 /* Skipping, SNI not enabled at server side. */
wolfSSL 15:117db924cf7c 2009 return 0;
wolfSSL 15:117db924cf7c 2010 #endif
wolfSSL 15:117db924cf7c 2011 }
wolfSSL 15:117db924cf7c 2012
wolfSSL 15:117db924cf7c 2013 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 2014 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2015
wolfSSL 15:117db924cf7c 2016 ato16(input, &size);
wolfSSL 15:117db924cf7c 2017 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2018
wolfSSL 15:117db924cf7c 2019 /* validating sni list length */
wolfSSL 16:8e0d178b1d1e 2020 if (length != OPAQUE16_LEN + size || size == 0)
wolfSSL 16:8e0d178b1d1e 2021 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2022
wolfSSL 16:8e0d178b1d1e 2023 /* SNI was badly specified and only one type is now recognized and allowed.
wolfSSL 16:8e0d178b1d1e 2024 * Only one SNI value per type (RFC6066), so, no loop. */
wolfSSL 16:8e0d178b1d1e 2025 type = input[offset++];
wolfSSL 16:8e0d178b1d1e 2026 if (type != WOLFSSL_SNI_HOST_NAME)
wolfSSL 15:117db924cf7c 2027 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2028
wolfSSL 16:8e0d178b1d1e 2029 if (offset + OPAQUE16_LEN > length)
wolfSSL 16:8e0d178b1d1e 2030 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2031 ato16(input + offset, &size);
wolfSSL 16:8e0d178b1d1e 2032 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2033
wolfSSL 16:8e0d178b1d1e 2034 if (offset + size != length || size == 0)
wolfSSL 16:8e0d178b1d1e 2035 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2036
wolfSSL 16:8e0d178b1d1e 2037 if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
wolfSSL 16:8e0d178b1d1e 2038 return 0; /* not using this type of SNI. */
wolfSSL 15:117db924cf7c 2039
wolfSSL 15:117db924cf7c 2040 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 2041 /* Don't process the second ClientHello SNI extension if there
wolfSSL 16:8e0d178b1d1e 2042 * was problems with the first.
wolfSSL 16:8e0d178b1d1e 2043 */
wolfSSL 16:8e0d178b1d1e 2044 if (!cacheOnly && sni->status != 0)
wolfSSL 16:8e0d178b1d1e 2045 return 0;
wolfSSL 16:8e0d178b1d1e 2046 #endif
wolfSSL 16:8e0d178b1d1e 2047 matched = cacheOnly || (XSTRLEN(sni->data.host_name) == size &&
wolfSSL 16:8e0d178b1d1e 2048 XSTRNCMP(sni->data.host_name, (const char*)input + offset, size) == 0);
wolfSSL 16:8e0d178b1d1e 2049
wolfSSL 16:8e0d178b1d1e 2050 if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL 16:8e0d178b1d1e 2051 int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size,
wolfSSL 16:8e0d178b1d1e 2052 ssl->heap);
wolfSSL 16:8e0d178b1d1e 2053 if (r != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 2054 return r; /* throws error. */
wolfSSL 16:8e0d178b1d1e 2055
wolfSSL 16:8e0d178b1d1e 2056 if (cacheOnly) {
wolfSSL 16:8e0d178b1d1e 2057 WOLFSSL_MSG("Forcing storage of SNI, Fake match");
wolfSSL 16:8e0d178b1d1e 2058 matchStat = WOLFSSL_SNI_FORCE_KEEP;
wolfSSL 16:8e0d178b1d1e 2059 }
wolfSSL 16:8e0d178b1d1e 2060 else if (matched) {
wolfSSL 16:8e0d178b1d1e 2061 WOLFSSL_MSG("SNI did match!");
wolfSSL 16:8e0d178b1d1e 2062 matchStat = WOLFSSL_SNI_REAL_MATCH;
wolfSSL 16:8e0d178b1d1e 2063 }
wolfSSL 16:8e0d178b1d1e 2064 else {
wolfSSL 16:8e0d178b1d1e 2065 WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH");
wolfSSL 16:8e0d178b1d1e 2066 matchStat = WOLFSSL_SNI_FAKE_MATCH;
wolfSSL 16:8e0d178b1d1e 2067 }
wolfSSL 16:8e0d178b1d1e 2068
wolfSSL 16:8e0d178b1d1e 2069 TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
wolfSSL 16:8e0d178b1d1e 2070
wolfSSL 16:8e0d178b1d1e 2071 if(!cacheOnly)
wolfSSL 16:8e0d178b1d1e 2072 TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
wolfSSL 16:8e0d178b1d1e 2073 }
wolfSSL 16:8e0d178b1d1e 2074 else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL 16:8e0d178b1d1e 2075 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 16:8e0d178b1d1e 2076
wolfSSL 16:8e0d178b1d1e 2077 return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL 15:117db924cf7c 2078 }
wolfSSL 15:117db924cf7c 2079 #else
wolfSSL 15:117db924cf7c 2080 (void)input;
wolfSSL 15:117db924cf7c 2081 #endif
wolfSSL 15:117db924cf7c 2082
wolfSSL 15:117db924cf7c 2083 return 0;
wolfSSL 15:117db924cf7c 2084 }
wolfSSL 15:117db924cf7c 2085
wolfSSL 15:117db924cf7c 2086 static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL 15:117db924cf7c 2087 {
wolfSSL 15:117db924cf7c 2088 (void)ssl;
wolfSSL 15:117db924cf7c 2089
wolfSSL 15:117db924cf7c 2090 if (isRequest) {
wolfSSL 15:117db924cf7c 2091 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2092 TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2093 TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2094 SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL;
wolfSSL 15:117db924cf7c 2095 SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL;
wolfSSL 15:117db924cf7c 2096 SNI* sni = NULL;
wolfSSL 15:117db924cf7c 2097
wolfSSL 15:117db924cf7c 2098 for (; ctx_sni; ctx_sni = ctx_sni->next) {
wolfSSL 15:117db924cf7c 2099 if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 15:117db924cf7c 2100 sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
wolfSSL 15:117db924cf7c 2101
wolfSSL 15:117db924cf7c 2102 if (sni) {
wolfSSL 15:117db924cf7c 2103 if (sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 15:117db924cf7c 2104 continue;
wolfSSL 15:117db924cf7c 2105
wolfSSL 15:117db924cf7c 2106 /* if ssl level overrides ctx level, it is ok. */
wolfSSL 15:117db924cf7c 2107 if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
wolfSSL 15:117db924cf7c 2108 continue;
wolfSSL 15:117db924cf7c 2109 }
wolfSSL 15:117db924cf7c 2110
wolfSSL 15:117db924cf7c 2111 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 2112 return SNI_ABSENT_ERROR;
wolfSSL 15:117db924cf7c 2113 }
wolfSSL 15:117db924cf7c 2114 }
wolfSSL 15:117db924cf7c 2115
wolfSSL 15:117db924cf7c 2116 for (; ssl_sni; ssl_sni = ssl_sni->next) {
wolfSSL 15:117db924cf7c 2117 if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
wolfSSL 15:117db924cf7c 2118 if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
wolfSSL 15:117db924cf7c 2119 continue;
wolfSSL 15:117db924cf7c 2120
wolfSSL 15:117db924cf7c 2121 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 2122 return SNI_ABSENT_ERROR;
wolfSSL 15:117db924cf7c 2123 }
wolfSSL 15:117db924cf7c 2124 }
wolfSSL 15:117db924cf7c 2125 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 2126 }
wolfSSL 15:117db924cf7c 2127
wolfSSL 15:117db924cf7c 2128 return 0;
wolfSSL 15:117db924cf7c 2129 }
wolfSSL 15:117db924cf7c 2130
wolfSSL 15:117db924cf7c 2131 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
wolfSSL 15:117db924cf7c 2132 void* heap)
wolfSSL 15:117db924cf7c 2133 {
wolfSSL 15:117db924cf7c 2134 TLSX* extension;
wolfSSL 15:117db924cf7c 2135 SNI* sni = NULL;
wolfSSL 15:117db924cf7c 2136
wolfSSL 15:117db924cf7c 2137 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 2138 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2139
wolfSSL 15:117db924cf7c 2140 if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
wolfSSL 15:117db924cf7c 2141 return MEMORY_E;
wolfSSL 15:117db924cf7c 2142
wolfSSL 15:117db924cf7c 2143 extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2144 if (!extension) {
wolfSSL 15:117db924cf7c 2145 int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
wolfSSL 15:117db924cf7c 2146
wolfSSL 15:117db924cf7c 2147 if (ret != 0) {
wolfSSL 15:117db924cf7c 2148 TLSX_SNI_Free(sni, heap);
wolfSSL 15:117db924cf7c 2149 return ret;
wolfSSL 15:117db924cf7c 2150 }
wolfSSL 15:117db924cf7c 2151 }
wolfSSL 15:117db924cf7c 2152 else {
wolfSSL 15:117db924cf7c 2153 /* push new SNI object to extension data. */
wolfSSL 15:117db924cf7c 2154 sni->next = (SNI*)extension->data;
wolfSSL 15:117db924cf7c 2155 extension->data = (void*)sni;
wolfSSL 15:117db924cf7c 2156
wolfSSL 15:117db924cf7c 2157 /* remove duplicate SNI, there should be only one of each type. */
wolfSSL 15:117db924cf7c 2158 do {
wolfSSL 15:117db924cf7c 2159 if (sni->next && sni->next->type == type) {
wolfSSL 15:117db924cf7c 2160 SNI* next = sni->next;
wolfSSL 15:117db924cf7c 2161
wolfSSL 15:117db924cf7c 2162 sni->next = next->next;
wolfSSL 15:117db924cf7c 2163 TLSX_SNI_Free(next, heap);
wolfSSL 15:117db924cf7c 2164
wolfSSL 15:117db924cf7c 2165 /* there is no way to occur more than
wolfSSL 15:117db924cf7c 2166 * two SNIs of the same type.
wolfSSL 15:117db924cf7c 2167 */
wolfSSL 15:117db924cf7c 2168 break;
wolfSSL 15:117db924cf7c 2169 }
wolfSSL 15:117db924cf7c 2170 } while ((sni = sni->next));
wolfSSL 15:117db924cf7c 2171 }
wolfSSL 15:117db924cf7c 2172
wolfSSL 15:117db924cf7c 2173 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2174 }
wolfSSL 15:117db924cf7c 2175
wolfSSL 15:117db924cf7c 2176 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2177
wolfSSL 15:117db924cf7c 2178 /** Tells the SNI requested by the client. */
wolfSSL 15:117db924cf7c 2179 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL 15:117db924cf7c 2180 {
wolfSSL 15:117db924cf7c 2181 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2182 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2183
wolfSSL 15:117db924cf7c 2184 if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL 15:117db924cf7c 2185 switch (sni->type) {
wolfSSL 15:117db924cf7c 2186 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 15:117db924cf7c 2187 if (data) {
wolfSSL 15:117db924cf7c 2188 *data = sni->data.host_name;
wolfSSL 15:117db924cf7c 2189 return (word16)XSTRLEN((char*)*data);
wolfSSL 15:117db924cf7c 2190 }
wolfSSL 15:117db924cf7c 2191 }
wolfSSL 15:117db924cf7c 2192 }
wolfSSL 15:117db924cf7c 2193
wolfSSL 15:117db924cf7c 2194 return 0;
wolfSSL 15:117db924cf7c 2195 }
wolfSSL 15:117db924cf7c 2196
wolfSSL 15:117db924cf7c 2197 /** Sets the options for a SNI object. */
wolfSSL 15:117db924cf7c 2198 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL 15:117db924cf7c 2199 {
wolfSSL 15:117db924cf7c 2200 TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME);
wolfSSL 15:117db924cf7c 2201 SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type);
wolfSSL 15:117db924cf7c 2202
wolfSSL 15:117db924cf7c 2203 if (sni)
wolfSSL 15:117db924cf7c 2204 sni->options = options;
wolfSSL 15:117db924cf7c 2205 }
wolfSSL 15:117db924cf7c 2206
wolfSSL 15:117db924cf7c 2207 /** Retrieves a SNI request from a client hello buffer. */
wolfSSL 15:117db924cf7c 2208 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 15:117db924cf7c 2209 byte type, byte* sni, word32* inOutSz)
wolfSSL 15:117db924cf7c 2210 {
wolfSSL 15:117db924cf7c 2211 word32 offset = 0;
wolfSSL 15:117db924cf7c 2212 word32 len32 = 0;
wolfSSL 15:117db924cf7c 2213 word16 len16 = 0;
wolfSSL 15:117db924cf7c 2214
wolfSSL 15:117db924cf7c 2215 if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL 15:117db924cf7c 2216 return INCOMPLETE_DATA;
wolfSSL 15:117db924cf7c 2217
wolfSSL 15:117db924cf7c 2218 /* TLS record header */
wolfSSL 15:117db924cf7c 2219 if ((enum ContentType) clientHello[offset++] != handshake) {
wolfSSL 15:117db924cf7c 2220
wolfSSL 15:117db924cf7c 2221 /* checking for SSLv2.0 client hello according to: */
wolfSSL 15:117db924cf7c 2222 /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
wolfSSL 15:117db924cf7c 2223 if ((enum HandShakeType) clientHello[++offset] == client_hello) {
wolfSSL 15:117db924cf7c 2224 offset += ENUM_LEN + VERSION_SZ; /* skip version */
wolfSSL 15:117db924cf7c 2225
wolfSSL 15:117db924cf7c 2226 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2227 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2228
wolfSSL 15:117db924cf7c 2229 if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
wolfSSL 15:117db924cf7c 2230 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2231
wolfSSL 15:117db924cf7c 2232 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2233 /* Returning SNI_UNSUPPORTED do not increment offset here */
wolfSSL 15:117db924cf7c 2234
wolfSSL 15:117db924cf7c 2235 if (len16 != 0) /* session_id_length must be 0 */
wolfSSL 15:117db924cf7c 2236 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2237
wolfSSL 15:117db924cf7c 2238 return SNI_UNSUPPORTED;
wolfSSL 15:117db924cf7c 2239 }
wolfSSL 15:117db924cf7c 2240
wolfSSL 15:117db924cf7c 2241 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2242 }
wolfSSL 15:117db924cf7c 2243
wolfSSL 15:117db924cf7c 2244 if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL 15:117db924cf7c 2245 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2246
wolfSSL 15:117db924cf7c 2247 if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL 15:117db924cf7c 2248 return SNI_UNSUPPORTED;
wolfSSL 15:117db924cf7c 2249
wolfSSL 15:117db924cf7c 2250 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2251 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2252
wolfSSL 15:117db924cf7c 2253 if (offset + len16 > helloSz)
wolfSSL 15:117db924cf7c 2254 return INCOMPLETE_DATA;
wolfSSL 15:117db924cf7c 2255
wolfSSL 15:117db924cf7c 2256 /* Handshake header */
wolfSSL 15:117db924cf7c 2257 if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL 15:117db924cf7c 2258 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2259
wolfSSL 15:117db924cf7c 2260 c24to32(clientHello + offset + 1, &len32);
wolfSSL 15:117db924cf7c 2261 offset += HANDSHAKE_HEADER_SZ;
wolfSSL 15:117db924cf7c 2262
wolfSSL 15:117db924cf7c 2263 if (offset + len32 > helloSz)
wolfSSL 15:117db924cf7c 2264 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2265
wolfSSL 15:117db924cf7c 2266 /* client hello */
wolfSSL 15:117db924cf7c 2267 offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL 15:117db924cf7c 2268
wolfSSL 15:117db924cf7c 2269 if (helloSz < offset + clientHello[offset])
wolfSSL 15:117db924cf7c 2270 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2271
wolfSSL 15:117db924cf7c 2272 offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL 15:117db924cf7c 2273
wolfSSL 15:117db924cf7c 2274 /* cypher suites */
wolfSSL 15:117db924cf7c 2275 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2276 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2277
wolfSSL 15:117db924cf7c 2278 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2279 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2280
wolfSSL 15:117db924cf7c 2281 if (helloSz < offset + len16)
wolfSSL 15:117db924cf7c 2282 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2283
wolfSSL 15:117db924cf7c 2284 offset += len16; /* skip cypher suites */
wolfSSL 15:117db924cf7c 2285
wolfSSL 15:117db924cf7c 2286 /* compression methods */
wolfSSL 15:117db924cf7c 2287 if (helloSz < offset + 1)
wolfSSL 15:117db924cf7c 2288 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2289
wolfSSL 15:117db924cf7c 2290 if (helloSz < offset + clientHello[offset])
wolfSSL 15:117db924cf7c 2291 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2292
wolfSSL 15:117db924cf7c 2293 offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL 15:117db924cf7c 2294
wolfSSL 15:117db924cf7c 2295 /* extensions */
wolfSSL 15:117db924cf7c 2296 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 2297 return 0; /* no extensions in client hello. */
wolfSSL 15:117db924cf7c 2298
wolfSSL 15:117db924cf7c 2299 ato16(clientHello + offset, &len16);
wolfSSL 15:117db924cf7c 2300 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2301
wolfSSL 15:117db924cf7c 2302 if (helloSz < offset + len16)
wolfSSL 15:117db924cf7c 2303 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2304
wolfSSL 15:117db924cf7c 2305 while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 2306 word16 extType;
wolfSSL 15:117db924cf7c 2307 word16 extLen;
wolfSSL 15:117db924cf7c 2308
wolfSSL 15:117db924cf7c 2309 ato16(clientHello + offset, &extType);
wolfSSL 15:117db924cf7c 2310 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2311
wolfSSL 15:117db924cf7c 2312 ato16(clientHello + offset, &extLen);
wolfSSL 15:117db924cf7c 2313 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2314
wolfSSL 15:117db924cf7c 2315 if (helloSz < offset + extLen)
wolfSSL 15:117db924cf7c 2316 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2317
wolfSSL 15:117db924cf7c 2318 if (extType != TLSX_SERVER_NAME) {
wolfSSL 15:117db924cf7c 2319 offset += extLen; /* skip extension */
wolfSSL 15:117db924cf7c 2320 } else {
wolfSSL 15:117db924cf7c 2321 word16 listLen;
wolfSSL 15:117db924cf7c 2322
wolfSSL 15:117db924cf7c 2323 ato16(clientHello + offset, &listLen);
wolfSSL 15:117db924cf7c 2324 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2325
wolfSSL 15:117db924cf7c 2326 if (helloSz < offset + listLen)
wolfSSL 15:117db924cf7c 2327 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2328
wolfSSL 15:117db924cf7c 2329 while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 2330 byte sniType = clientHello[offset++];
wolfSSL 15:117db924cf7c 2331 word16 sniLen;
wolfSSL 15:117db924cf7c 2332
wolfSSL 15:117db924cf7c 2333 ato16(clientHello + offset, &sniLen);
wolfSSL 15:117db924cf7c 2334 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2335
wolfSSL 15:117db924cf7c 2336 if (helloSz < offset + sniLen)
wolfSSL 15:117db924cf7c 2337 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2338
wolfSSL 15:117db924cf7c 2339 if (sniType != type) {
wolfSSL 15:117db924cf7c 2340 offset += sniLen;
wolfSSL 15:117db924cf7c 2341 listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL 15:117db924cf7c 2342 continue;
wolfSSL 15:117db924cf7c 2343 }
wolfSSL 15:117db924cf7c 2344
wolfSSL 15:117db924cf7c 2345 *inOutSz = min(sniLen, *inOutSz);
wolfSSL 15:117db924cf7c 2346 XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL 15:117db924cf7c 2347
wolfSSL 15:117db924cf7c 2348 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2349 }
wolfSSL 15:117db924cf7c 2350 }
wolfSSL 15:117db924cf7c 2351
wolfSSL 15:117db924cf7c 2352 len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL 15:117db924cf7c 2353 }
wolfSSL 15:117db924cf7c 2354
wolfSSL 15:117db924cf7c 2355 return len16 ? BUFFER_ERROR : 0;
wolfSSL 15:117db924cf7c 2356 }
wolfSSL 15:117db924cf7c 2357
wolfSSL 15:117db924cf7c 2358 #endif
wolfSSL 15:117db924cf7c 2359
wolfSSL 15:117db924cf7c 2360 #define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL 15:117db924cf7c 2361 #define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL 15:117db924cf7c 2362 #define SNI_WRITE TLSX_SNI_Write
wolfSSL 15:117db924cf7c 2363 #define SNI_PARSE TLSX_SNI_Parse
wolfSSL 15:117db924cf7c 2364 #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
wolfSSL 15:117db924cf7c 2365
wolfSSL 15:117db924cf7c 2366 #else
wolfSSL 15:117db924cf7c 2367
wolfSSL 15:117db924cf7c 2368 #define SNI_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 2369 #define SNI_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 2370 #define SNI_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 2371 #define SNI_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2372 #define SNI_VERIFY_PARSE(a, b) 0
wolfSSL 15:117db924cf7c 2373
wolfSSL 15:117db924cf7c 2374 #endif /* HAVE_SNI */
wolfSSL 15:117db924cf7c 2375
wolfSSL 15:117db924cf7c 2376 /******************************************************************************/
wolfSSL 16:8e0d178b1d1e 2377 /* Trusted CA Key Indication */
wolfSSL 16:8e0d178b1d1e 2378 /******************************************************************************/
wolfSSL 16:8e0d178b1d1e 2379
wolfSSL 16:8e0d178b1d1e 2380 #ifdef HAVE_TRUSTED_CA
wolfSSL 16:8e0d178b1d1e 2381
wolfSSL 16:8e0d178b1d1e 2382 /** Creates a new TCA object. */
wolfSSL 16:8e0d178b1d1e 2383 static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap)
wolfSSL 16:8e0d178b1d1e 2384 {
wolfSSL 16:8e0d178b1d1e 2385 TCA* tca = (TCA*)XMALLOC(sizeof(TCA), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2386
wolfSSL 16:8e0d178b1d1e 2387 if (tca) {
wolfSSL 16:8e0d178b1d1e 2388 XMEMSET(tca, 0, sizeof(TCA));
wolfSSL 16:8e0d178b1d1e 2389 tca->type = type;
wolfSSL 16:8e0d178b1d1e 2390
wolfSSL 16:8e0d178b1d1e 2391 switch (type) {
wolfSSL 16:8e0d178b1d1e 2392 case WOLFSSL_TRUSTED_CA_PRE_AGREED:
wolfSSL 16:8e0d178b1d1e 2393 break;
wolfSSL 16:8e0d178b1d1e 2394
wolfSSL 16:8e0d178b1d1e 2395 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 2396 case WOLFSSL_TRUSTED_CA_KEY_SHA1:
wolfSSL 16:8e0d178b1d1e 2397 case WOLFSSL_TRUSTED_CA_CERT_SHA1:
wolfSSL 16:8e0d178b1d1e 2398 if (idSz == WC_SHA_DIGEST_SIZE &&
wolfSSL 16:8e0d178b1d1e 2399 (tca->id =
wolfSSL 16:8e0d178b1d1e 2400 (byte*)XMALLOC(idSz, heap, DYNAMIC_TYPE_TLSX))) {
wolfSSL 16:8e0d178b1d1e 2401 XMEMCPY(tca->id, id, idSz);
wolfSSL 16:8e0d178b1d1e 2402 tca->idSz = idSz;
wolfSSL 16:8e0d178b1d1e 2403 }
wolfSSL 16:8e0d178b1d1e 2404 else {
wolfSSL 16:8e0d178b1d1e 2405 XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2406 tca = NULL;
wolfSSL 16:8e0d178b1d1e 2407 }
wolfSSL 16:8e0d178b1d1e 2408 break;
wolfSSL 16:8e0d178b1d1e 2409 #endif
wolfSSL 16:8e0d178b1d1e 2410
wolfSSL 16:8e0d178b1d1e 2411 case WOLFSSL_TRUSTED_CA_X509_NAME:
wolfSSL 16:8e0d178b1d1e 2412 if (idSz > 0 &&
wolfSSL 16:8e0d178b1d1e 2413 (tca->id =
wolfSSL 16:8e0d178b1d1e 2414 (byte*)XMALLOC(idSz, heap, DYNAMIC_TYPE_TLSX))) {
wolfSSL 16:8e0d178b1d1e 2415 XMEMCPY(tca->id, id, idSz);
wolfSSL 16:8e0d178b1d1e 2416 tca->idSz = idSz;
wolfSSL 16:8e0d178b1d1e 2417 }
wolfSSL 16:8e0d178b1d1e 2418 else {
wolfSSL 16:8e0d178b1d1e 2419 XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2420 tca = NULL;
wolfSSL 16:8e0d178b1d1e 2421 }
wolfSSL 16:8e0d178b1d1e 2422 break;
wolfSSL 16:8e0d178b1d1e 2423
wolfSSL 16:8e0d178b1d1e 2424 default: /* invalid type */
wolfSSL 16:8e0d178b1d1e 2425 XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2426 tca = NULL;
wolfSSL 16:8e0d178b1d1e 2427 }
wolfSSL 16:8e0d178b1d1e 2428 }
wolfSSL 16:8e0d178b1d1e 2429
wolfSSL 16:8e0d178b1d1e 2430 (void)heap;
wolfSSL 16:8e0d178b1d1e 2431
wolfSSL 16:8e0d178b1d1e 2432 return tca;
wolfSSL 16:8e0d178b1d1e 2433 }
wolfSSL 16:8e0d178b1d1e 2434
wolfSSL 16:8e0d178b1d1e 2435 /** Releases a TCA object. */
wolfSSL 16:8e0d178b1d1e 2436 static void TLSX_TCA_Free(TCA* tca, void* heap)
wolfSSL 16:8e0d178b1d1e 2437 {
wolfSSL 16:8e0d178b1d1e 2438 (void)heap;
wolfSSL 16:8e0d178b1d1e 2439
wolfSSL 16:8e0d178b1d1e 2440 if (tca) {
wolfSSL 16:8e0d178b1d1e 2441 if (tca->id)
wolfSSL 16:8e0d178b1d1e 2442 XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2443 XFREE(tca, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 2444 }
wolfSSL 16:8e0d178b1d1e 2445 }
wolfSSL 16:8e0d178b1d1e 2446
wolfSSL 16:8e0d178b1d1e 2447 /** Releases all TCA objects in the provided list. */
wolfSSL 16:8e0d178b1d1e 2448 static void TLSX_TCA_FreeAll(TCA* list, void* heap)
wolfSSL 16:8e0d178b1d1e 2449 {
wolfSSL 16:8e0d178b1d1e 2450 TCA* tca;
wolfSSL 16:8e0d178b1d1e 2451
wolfSSL 16:8e0d178b1d1e 2452 while ((tca = list)) {
wolfSSL 16:8e0d178b1d1e 2453 list = tca->next;
wolfSSL 16:8e0d178b1d1e 2454 TLSX_TCA_Free(tca, heap);
wolfSSL 16:8e0d178b1d1e 2455 }
wolfSSL 16:8e0d178b1d1e 2456 }
wolfSSL 16:8e0d178b1d1e 2457
wolfSSL 16:8e0d178b1d1e 2458 /** Tells the buffered size of the TCA objects in a list. */
wolfSSL 16:8e0d178b1d1e 2459 static word16 TLSX_TCA_GetSize(TCA* list)
wolfSSL 16:8e0d178b1d1e 2460 {
wolfSSL 16:8e0d178b1d1e 2461 TCA* tca;
wolfSSL 16:8e0d178b1d1e 2462 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 16:8e0d178b1d1e 2463
wolfSSL 16:8e0d178b1d1e 2464 while ((tca = list)) {
wolfSSL 16:8e0d178b1d1e 2465 list = tca->next;
wolfSSL 16:8e0d178b1d1e 2466
wolfSSL 16:8e0d178b1d1e 2467 length += ENUM_LEN; /* tca type */
wolfSSL 16:8e0d178b1d1e 2468
wolfSSL 16:8e0d178b1d1e 2469 switch (tca->type) {
wolfSSL 16:8e0d178b1d1e 2470 case WOLFSSL_TRUSTED_CA_PRE_AGREED:
wolfSSL 16:8e0d178b1d1e 2471 break;
wolfSSL 16:8e0d178b1d1e 2472 case WOLFSSL_TRUSTED_CA_KEY_SHA1:
wolfSSL 16:8e0d178b1d1e 2473 case WOLFSSL_TRUSTED_CA_CERT_SHA1:
wolfSSL 16:8e0d178b1d1e 2474 length += tca->idSz;
wolfSSL 16:8e0d178b1d1e 2475 break;
wolfSSL 16:8e0d178b1d1e 2476 case WOLFSSL_TRUSTED_CA_X509_NAME:
wolfSSL 16:8e0d178b1d1e 2477 length += OPAQUE16_LEN + tca->idSz;
wolfSSL 16:8e0d178b1d1e 2478 break;
wolfSSL 16:8e0d178b1d1e 2479 }
wolfSSL 16:8e0d178b1d1e 2480 }
wolfSSL 16:8e0d178b1d1e 2481
wolfSSL 16:8e0d178b1d1e 2482 return length;
wolfSSL 16:8e0d178b1d1e 2483 }
wolfSSL 16:8e0d178b1d1e 2484
wolfSSL 16:8e0d178b1d1e 2485 /** Writes the TCA objects of a list in a buffer. */
wolfSSL 16:8e0d178b1d1e 2486 static word16 TLSX_TCA_Write(TCA* list, byte* output)
wolfSSL 16:8e0d178b1d1e 2487 {
wolfSSL 16:8e0d178b1d1e 2488 TCA* tca;
wolfSSL 16:8e0d178b1d1e 2489 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 16:8e0d178b1d1e 2490
wolfSSL 16:8e0d178b1d1e 2491 while ((tca = list)) {
wolfSSL 16:8e0d178b1d1e 2492 list = tca->next;
wolfSSL 16:8e0d178b1d1e 2493
wolfSSL 16:8e0d178b1d1e 2494 output[offset++] = tca->type; /* tca type */
wolfSSL 16:8e0d178b1d1e 2495
wolfSSL 16:8e0d178b1d1e 2496 switch (tca->type) {
wolfSSL 16:8e0d178b1d1e 2497 case WOLFSSL_TRUSTED_CA_PRE_AGREED:
wolfSSL 16:8e0d178b1d1e 2498 break;
wolfSSL 16:8e0d178b1d1e 2499 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 2500 case WOLFSSL_TRUSTED_CA_KEY_SHA1:
wolfSSL 16:8e0d178b1d1e 2501 case WOLFSSL_TRUSTED_CA_CERT_SHA1:
wolfSSL 16:8e0d178b1d1e 2502 if (tca->id != NULL) {
wolfSSL 16:8e0d178b1d1e 2503 XMEMCPY(output + offset, tca->id, tca->idSz);
wolfSSL 16:8e0d178b1d1e 2504 offset += tca->idSz;
wolfSSL 16:8e0d178b1d1e 2505 }
wolfSSL 16:8e0d178b1d1e 2506 else {
wolfSSL 16:8e0d178b1d1e 2507 /* ID missing. Set to an empty string. */
wolfSSL 16:8e0d178b1d1e 2508 c16toa(0, output + offset);
wolfSSL 16:8e0d178b1d1e 2509 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2510 }
wolfSSL 16:8e0d178b1d1e 2511 break;
wolfSSL 16:8e0d178b1d1e 2512 #endif
wolfSSL 16:8e0d178b1d1e 2513 case WOLFSSL_TRUSTED_CA_X509_NAME:
wolfSSL 16:8e0d178b1d1e 2514 if (tca->id != NULL) {
wolfSSL 16:8e0d178b1d1e 2515 c16toa(tca->idSz, output + offset); /* tca length */
wolfSSL 16:8e0d178b1d1e 2516 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2517 XMEMCPY(output + offset, tca->id, tca->idSz);
wolfSSL 16:8e0d178b1d1e 2518 offset += tca->idSz;
wolfSSL 16:8e0d178b1d1e 2519 }
wolfSSL 16:8e0d178b1d1e 2520 else {
wolfSSL 16:8e0d178b1d1e 2521 /* ID missing. Set to an empty string. */
wolfSSL 16:8e0d178b1d1e 2522 c16toa(0, output + offset);
wolfSSL 16:8e0d178b1d1e 2523 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2524 }
wolfSSL 16:8e0d178b1d1e 2525 break;
wolfSSL 16:8e0d178b1d1e 2526 default:
wolfSSL 16:8e0d178b1d1e 2527 /* ID unknown. Set to an empty string. */
wolfSSL 16:8e0d178b1d1e 2528 c16toa(0, output + offset);
wolfSSL 16:8e0d178b1d1e 2529 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2530 }
wolfSSL 16:8e0d178b1d1e 2531 }
wolfSSL 16:8e0d178b1d1e 2532
wolfSSL 16:8e0d178b1d1e 2533 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 16:8e0d178b1d1e 2534
wolfSSL 16:8e0d178b1d1e 2535 return offset;
wolfSSL 16:8e0d178b1d1e 2536 }
wolfSSL 16:8e0d178b1d1e 2537
wolfSSL 16:8e0d178b1d1e 2538 #ifndef NO_WOLFSSL_SERVER
wolfSSL 16:8e0d178b1d1e 2539 static TCA* TLSX_TCA_Find(TCA *list, byte type, const byte* id, word16 idSz)
wolfSSL 16:8e0d178b1d1e 2540 {
wolfSSL 16:8e0d178b1d1e 2541 TCA* tca = list;
wolfSSL 16:8e0d178b1d1e 2542
wolfSSL 16:8e0d178b1d1e 2543 while (tca && tca->type != type && type != WOLFSSL_TRUSTED_CA_PRE_AGREED &&
wolfSSL 16:8e0d178b1d1e 2544 idSz != tca->idSz && !XMEMCMP(id, tca->id, idSz))
wolfSSL 16:8e0d178b1d1e 2545 tca = tca->next;
wolfSSL 16:8e0d178b1d1e 2546
wolfSSL 16:8e0d178b1d1e 2547 return tca;
wolfSSL 16:8e0d178b1d1e 2548 }
wolfSSL 16:8e0d178b1d1e 2549 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 16:8e0d178b1d1e 2550
wolfSSL 16:8e0d178b1d1e 2551 /** Parses a buffer of TCA extensions. */
wolfSSL 16:8e0d178b1d1e 2552 static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL 16:8e0d178b1d1e 2553 byte isRequest)
wolfSSL 16:8e0d178b1d1e 2554 {
wolfSSL 16:8e0d178b1d1e 2555 #ifndef NO_WOLFSSL_SERVER
wolfSSL 16:8e0d178b1d1e 2556 word16 size = 0;
wolfSSL 16:8e0d178b1d1e 2557 word16 offset = 0;
wolfSSL 16:8e0d178b1d1e 2558 #endif
wolfSSL 16:8e0d178b1d1e 2559
wolfSSL 16:8e0d178b1d1e 2560 TLSX *extension = TLSX_Find(ssl->extensions, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2561
wolfSSL 16:8e0d178b1d1e 2562 if (!extension)
wolfSSL 16:8e0d178b1d1e 2563 extension = TLSX_Find(ssl->ctx->extensions, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2564
wolfSSL 16:8e0d178b1d1e 2565 if (!isRequest) {
wolfSSL 16:8e0d178b1d1e 2566 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 2567 if (!extension || !extension->data)
wolfSSL 16:8e0d178b1d1e 2568 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 16:8e0d178b1d1e 2569
wolfSSL 16:8e0d178b1d1e 2570 if (length > 0)
wolfSSL 16:8e0d178b1d1e 2571 return BUFFER_ERROR; /* TCA response MUST be empty. */
wolfSSL 16:8e0d178b1d1e 2572
wolfSSL 16:8e0d178b1d1e 2573 /* Set the flag that we're good for keys */
wolfSSL 16:8e0d178b1d1e 2574 TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2575
wolfSSL 16:8e0d178b1d1e 2576 return 0;
wolfSSL 16:8e0d178b1d1e 2577 #endif
wolfSSL 16:8e0d178b1d1e 2578 }
wolfSSL 16:8e0d178b1d1e 2579
wolfSSL 16:8e0d178b1d1e 2580 #ifndef NO_WOLFSSL_SERVER
wolfSSL 16:8e0d178b1d1e 2581 if (!extension || !extension->data) {
wolfSSL 16:8e0d178b1d1e 2582 /* Skipping, TCA not enabled at server side. */
wolfSSL 16:8e0d178b1d1e 2583 return 0;
wolfSSL 16:8e0d178b1d1e 2584 }
wolfSSL 16:8e0d178b1d1e 2585
wolfSSL 16:8e0d178b1d1e 2586 if (OPAQUE16_LEN > length)
wolfSSL 16:8e0d178b1d1e 2587 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2588
wolfSSL 16:8e0d178b1d1e 2589 ato16(input, &size);
wolfSSL 16:8e0d178b1d1e 2590 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2591
wolfSSL 16:8e0d178b1d1e 2592 /* validating tca list length */
wolfSSL 16:8e0d178b1d1e 2593 if (length != OPAQUE16_LEN + size)
wolfSSL 16:8e0d178b1d1e 2594 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2595
wolfSSL 16:8e0d178b1d1e 2596 for (size = 0; offset < length; offset += size) {
wolfSSL 16:8e0d178b1d1e 2597 TCA *tca = NULL;
wolfSSL 16:8e0d178b1d1e 2598 byte type;
wolfSSL 16:8e0d178b1d1e 2599 const byte* id = NULL;
wolfSSL 16:8e0d178b1d1e 2600 word16 idSz = 0;
wolfSSL 16:8e0d178b1d1e 2601
wolfSSL 16:8e0d178b1d1e 2602 if (offset + ENUM_LEN > length)
wolfSSL 16:8e0d178b1d1e 2603 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2604
wolfSSL 16:8e0d178b1d1e 2605 type = input[offset++];
wolfSSL 16:8e0d178b1d1e 2606
wolfSSL 16:8e0d178b1d1e 2607 switch (type) {
wolfSSL 16:8e0d178b1d1e 2608 case WOLFSSL_TRUSTED_CA_PRE_AGREED:
wolfSSL 16:8e0d178b1d1e 2609 break;
wolfSSL 16:8e0d178b1d1e 2610 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 2611 case WOLFSSL_TRUSTED_CA_KEY_SHA1:
wolfSSL 16:8e0d178b1d1e 2612 case WOLFSSL_TRUSTED_CA_CERT_SHA1:
wolfSSL 16:8e0d178b1d1e 2613 if (offset + WC_SHA_DIGEST_SIZE > length)
wolfSSL 16:8e0d178b1d1e 2614 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2615 idSz = WC_SHA_DIGEST_SIZE;
wolfSSL 16:8e0d178b1d1e 2616 id = input + offset;
wolfSSL 16:8e0d178b1d1e 2617 offset += idSz;
wolfSSL 16:8e0d178b1d1e 2618 break;
wolfSSL 16:8e0d178b1d1e 2619 #endif
wolfSSL 16:8e0d178b1d1e 2620 case WOLFSSL_TRUSTED_CA_X509_NAME:
wolfSSL 16:8e0d178b1d1e 2621 if (offset + OPAQUE16_LEN > length)
wolfSSL 16:8e0d178b1d1e 2622 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2623 ato16(input + offset, &idSz);
wolfSSL 16:8e0d178b1d1e 2624 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 2625 if ((offset > length) || (idSz > length - offset))
wolfSSL 16:8e0d178b1d1e 2626 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 2627 id = input + offset;
wolfSSL 16:8e0d178b1d1e 2628 offset += idSz;
wolfSSL 16:8e0d178b1d1e 2629 break;
wolfSSL 16:8e0d178b1d1e 2630 default:
wolfSSL 16:8e0d178b1d1e 2631 return TCA_INVALID_ID_TYPE;
wolfSSL 16:8e0d178b1d1e 2632 }
wolfSSL 16:8e0d178b1d1e 2633
wolfSSL 16:8e0d178b1d1e 2634 /* Find the type/ID in the TCA list. */
wolfSSL 16:8e0d178b1d1e 2635 tca = TLSX_TCA_Find((TCA*)extension->data, type, id, idSz);
wolfSSL 16:8e0d178b1d1e 2636 if (tca != NULL) {
wolfSSL 16:8e0d178b1d1e 2637 /* Found it. Set the response flag and break out of the loop. */
wolfSSL 16:8e0d178b1d1e 2638 TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2639 break;
wolfSSL 16:8e0d178b1d1e 2640 }
wolfSSL 16:8e0d178b1d1e 2641 }
wolfSSL 16:8e0d178b1d1e 2642 #else
wolfSSL 16:8e0d178b1d1e 2643 (void)input;
wolfSSL 16:8e0d178b1d1e 2644 #endif
wolfSSL 16:8e0d178b1d1e 2645
wolfSSL 16:8e0d178b1d1e 2646 return 0;
wolfSSL 16:8e0d178b1d1e 2647 }
wolfSSL 16:8e0d178b1d1e 2648
wolfSSL 16:8e0d178b1d1e 2649 /* Checks to see if the server sent a response for the TCA. */
wolfSSL 16:8e0d178b1d1e 2650 static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest)
wolfSSL 16:8e0d178b1d1e 2651 {
wolfSSL 16:8e0d178b1d1e 2652 (void)ssl;
wolfSSL 16:8e0d178b1d1e 2653
wolfSSL 16:8e0d178b1d1e 2654 if (!isRequest) {
wolfSSL 16:8e0d178b1d1e 2655 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 2656 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2657
wolfSSL 16:8e0d178b1d1e 2658 if (extension && !extension->resp) {
wolfSSL 16:8e0d178b1d1e 2659 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 16:8e0d178b1d1e 2660 return TCA_ABSENT_ERROR;
wolfSSL 16:8e0d178b1d1e 2661 }
wolfSSL 16:8e0d178b1d1e 2662 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 16:8e0d178b1d1e 2663 }
wolfSSL 16:8e0d178b1d1e 2664
wolfSSL 16:8e0d178b1d1e 2665 return 0;
wolfSSL 16:8e0d178b1d1e 2666 }
wolfSSL 16:8e0d178b1d1e 2667
wolfSSL 16:8e0d178b1d1e 2668 int TLSX_UseTrustedCA(TLSX** extensions, byte type,
wolfSSL 16:8e0d178b1d1e 2669 const byte* id, word16 idSz, void* heap)
wolfSSL 16:8e0d178b1d1e 2670 {
wolfSSL 16:8e0d178b1d1e 2671 TLSX* extension;
wolfSSL 16:8e0d178b1d1e 2672 TCA* tca = NULL;
wolfSSL 16:8e0d178b1d1e 2673
wolfSSL 16:8e0d178b1d1e 2674 if (extensions == NULL)
wolfSSL 16:8e0d178b1d1e 2675 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2676
wolfSSL 16:8e0d178b1d1e 2677 if ((tca = TLSX_TCA_New(type, id, idSz, heap)) == NULL)
wolfSSL 16:8e0d178b1d1e 2678 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2679
wolfSSL 16:8e0d178b1d1e 2680 extension = TLSX_Find(*extensions, TLSX_TRUSTED_CA_KEYS);
wolfSSL 16:8e0d178b1d1e 2681 if (!extension) {
wolfSSL 16:8e0d178b1d1e 2682 int ret = TLSX_Push(extensions, TLSX_TRUSTED_CA_KEYS, (void*)tca, heap);
wolfSSL 16:8e0d178b1d1e 2683
wolfSSL 16:8e0d178b1d1e 2684 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 2685 TLSX_TCA_Free(tca, heap);
wolfSSL 16:8e0d178b1d1e 2686 return ret;
wolfSSL 16:8e0d178b1d1e 2687 }
wolfSSL 16:8e0d178b1d1e 2688 }
wolfSSL 16:8e0d178b1d1e 2689 else {
wolfSSL 16:8e0d178b1d1e 2690 /* push new TCA object to extension data. */
wolfSSL 16:8e0d178b1d1e 2691 tca->next = (TCA*)extension->data;
wolfSSL 16:8e0d178b1d1e 2692 extension->data = (void*)tca;
wolfSSL 16:8e0d178b1d1e 2693 }
wolfSSL 16:8e0d178b1d1e 2694
wolfSSL 16:8e0d178b1d1e 2695 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 2696 }
wolfSSL 16:8e0d178b1d1e 2697
wolfSSL 16:8e0d178b1d1e 2698 #define TCA_FREE_ALL TLSX_TCA_FreeAll
wolfSSL 16:8e0d178b1d1e 2699 #define TCA_GET_SIZE TLSX_TCA_GetSize
wolfSSL 16:8e0d178b1d1e 2700 #define TCA_WRITE TLSX_TCA_Write
wolfSSL 16:8e0d178b1d1e 2701 #define TCA_PARSE TLSX_TCA_Parse
wolfSSL 16:8e0d178b1d1e 2702 #define TCA_VERIFY_PARSE TLSX_TCA_VerifyParse
wolfSSL 16:8e0d178b1d1e 2703
wolfSSL 16:8e0d178b1d1e 2704 #else /* HAVE_TRUSTED_CA */
wolfSSL 16:8e0d178b1d1e 2705
wolfSSL 16:8e0d178b1d1e 2706 #define TCA_FREE_ALL(list, heap)
wolfSSL 16:8e0d178b1d1e 2707 #define TCA_GET_SIZE(list) 0
wolfSSL 16:8e0d178b1d1e 2708 #define TCA_WRITE(a, b) 0
wolfSSL 16:8e0d178b1d1e 2709 #define TCA_PARSE(a, b, c, d) 0
wolfSSL 16:8e0d178b1d1e 2710 #define TCA_VERIFY_PARSE(a, b) 0
wolfSSL 16:8e0d178b1d1e 2711
wolfSSL 16:8e0d178b1d1e 2712 #endif /* HAVE_TRUSTED_CA */
wolfSSL 16:8e0d178b1d1e 2713
wolfSSL 16:8e0d178b1d1e 2714 /******************************************************************************/
wolfSSL 15:117db924cf7c 2715 /* Max Fragment Length Negotiation */
wolfSSL 15:117db924cf7c 2716 /******************************************************************************/
wolfSSL 15:117db924cf7c 2717
wolfSSL 15:117db924cf7c 2718 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 15:117db924cf7c 2719
wolfSSL 15:117db924cf7c 2720 static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL 15:117db924cf7c 2721 {
wolfSSL 15:117db924cf7c 2722 output[0] = data[0];
wolfSSL 15:117db924cf7c 2723
wolfSSL 15:117db924cf7c 2724 return ENUM_LEN;
wolfSSL 15:117db924cf7c 2725 }
wolfSSL 15:117db924cf7c 2726
wolfSSL 15:117db924cf7c 2727 static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2728 byte isRequest)
wolfSSL 15:117db924cf7c 2729 {
wolfSSL 15:117db924cf7c 2730 if (length != ENUM_LEN)
wolfSSL 15:117db924cf7c 2731 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2732
wolfSSL 15:117db924cf7c 2733 #ifdef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
wolfSSL 15:117db924cf7c 2734 (void) isRequest;
wolfSSL 15:117db924cf7c 2735 #else
wolfSSL 15:117db924cf7c 2736 if (!isRequest)
wolfSSL 15:117db924cf7c 2737 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_MAX_FRAGMENT_LENGTH))
wolfSSL 15:117db924cf7c 2738 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2739 #endif
wolfSSL 15:117db924cf7c 2740
wolfSSL 15:117db924cf7c 2741 switch (*input) {
wolfSSL 16:8e0d178b1d1e 2742 case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break;
wolfSSL 15:117db924cf7c 2743 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 15:117db924cf7c 2744 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 15:117db924cf7c 2745 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 15:117db924cf7c 2746 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 15:117db924cf7c 2747 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 15:117db924cf7c 2748
wolfSSL 15:117db924cf7c 2749 default:
wolfSSL 15:117db924cf7c 2750 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 15:117db924cf7c 2751
wolfSSL 15:117db924cf7c 2752 return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL 15:117db924cf7c 2753 }
wolfSSL 15:117db924cf7c 2754
wolfSSL 15:117db924cf7c 2755 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2756 if (isRequest) {
wolfSSL 15:117db924cf7c 2757 int ret = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
wolfSSL 15:117db924cf7c 2758
wolfSSL 15:117db924cf7c 2759 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2760 return ret; /* throw error */
wolfSSL 15:117db924cf7c 2761
wolfSSL 15:117db924cf7c 2762 TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH);
wolfSSL 15:117db924cf7c 2763 }
wolfSSL 15:117db924cf7c 2764 #endif
wolfSSL 15:117db924cf7c 2765
wolfSSL 15:117db924cf7c 2766 return 0;
wolfSSL 15:117db924cf7c 2767 }
wolfSSL 15:117db924cf7c 2768
wolfSSL 15:117db924cf7c 2769 int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
wolfSSL 15:117db924cf7c 2770 {
wolfSSL 15:117db924cf7c 2771 byte* data = NULL;
wolfSSL 15:117db924cf7c 2772 int ret = 0;
wolfSSL 15:117db924cf7c 2773
wolfSSL 16:8e0d178b1d1e 2774 if (extensions == NULL || mfl < WOLFSSL_MFL_MIN || mfl > WOLFSSL_MFL_MAX)
wolfSSL 15:117db924cf7c 2775 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2776
wolfSSL 15:117db924cf7c 2777 data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2778 if (data == NULL)
wolfSSL 15:117db924cf7c 2779 return MEMORY_E;
wolfSSL 15:117db924cf7c 2780
wolfSSL 15:117db924cf7c 2781 data[0] = mfl;
wolfSSL 15:117db924cf7c 2782
wolfSSL 15:117db924cf7c 2783 ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap);
wolfSSL 15:117db924cf7c 2784 if (ret != 0) {
wolfSSL 15:117db924cf7c 2785 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2786 return ret;
wolfSSL 15:117db924cf7c 2787 }
wolfSSL 15:117db924cf7c 2788
wolfSSL 15:117db924cf7c 2789 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2790 }
wolfSSL 15:117db924cf7c 2791
wolfSSL 15:117db924cf7c 2792
wolfSSL 15:117db924cf7c 2793 #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 15:117db924cf7c 2794 #define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL 15:117db924cf7c 2795 #define MFL_WRITE TLSX_MFL_Write
wolfSSL 15:117db924cf7c 2796 #define MFL_PARSE TLSX_MFL_Parse
wolfSSL 15:117db924cf7c 2797
wolfSSL 15:117db924cf7c 2798 #else
wolfSSL 15:117db924cf7c 2799
wolfSSL 15:117db924cf7c 2800 #define MFL_FREE_ALL(a, b)
wolfSSL 15:117db924cf7c 2801 #define MFL_GET_SIZE(a) 0
wolfSSL 15:117db924cf7c 2802 #define MFL_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 2803 #define MFL_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2804
wolfSSL 15:117db924cf7c 2805 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 15:117db924cf7c 2806
wolfSSL 15:117db924cf7c 2807 /******************************************************************************/
wolfSSL 15:117db924cf7c 2808 /* Truncated HMAC */
wolfSSL 15:117db924cf7c 2809 /******************************************************************************/
wolfSSL 15:117db924cf7c 2810
wolfSSL 15:117db924cf7c 2811 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 2812
wolfSSL 15:117db924cf7c 2813 static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2814 byte isRequest)
wolfSSL 15:117db924cf7c 2815 {
wolfSSL 15:117db924cf7c 2816 if (length != 0 || input == NULL)
wolfSSL 15:117db924cf7c 2817 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2818
wolfSSL 15:117db924cf7c 2819 if (!isRequest) {
wolfSSL 15:117db924cf7c 2820 #ifndef WOLFSSL_OLD_UNSUPPORTED_EXTENSION
wolfSSL 15:117db924cf7c 2821 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_TRUNCATED_HMAC))
wolfSSL 15:117db924cf7c 2822 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2823 #endif
wolfSSL 15:117db924cf7c 2824 }
wolfSSL 15:117db924cf7c 2825 else {
wolfSSL 15:117db924cf7c 2826 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2827 int ret = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 2828
wolfSSL 15:117db924cf7c 2829 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2830 return ret; /* throw error */
wolfSSL 15:117db924cf7c 2831
wolfSSL 15:117db924cf7c 2832 TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC);
wolfSSL 15:117db924cf7c 2833 #endif
wolfSSL 15:117db924cf7c 2834 }
wolfSSL 15:117db924cf7c 2835
wolfSSL 15:117db924cf7c 2836 ssl->truncated_hmac = 1;
wolfSSL 15:117db924cf7c 2837
wolfSSL 15:117db924cf7c 2838 return 0;
wolfSSL 15:117db924cf7c 2839 }
wolfSSL 15:117db924cf7c 2840
wolfSSL 15:117db924cf7c 2841 int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 2842 {
wolfSSL 15:117db924cf7c 2843 int ret = 0;
wolfSSL 15:117db924cf7c 2844
wolfSSL 15:117db924cf7c 2845 if (extensions == NULL)
wolfSSL 15:117db924cf7c 2846 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2847
wolfSSL 15:117db924cf7c 2848 ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap);
wolfSSL 15:117db924cf7c 2849 if (ret != 0)
wolfSSL 15:117db924cf7c 2850 return ret;
wolfSSL 15:117db924cf7c 2851
wolfSSL 15:117db924cf7c 2852 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2853 }
wolfSSL 15:117db924cf7c 2854
wolfSSL 15:117db924cf7c 2855 #define THM_PARSE TLSX_THM_Parse
wolfSSL 15:117db924cf7c 2856
wolfSSL 15:117db924cf7c 2857 #else
wolfSSL 15:117db924cf7c 2858
wolfSSL 15:117db924cf7c 2859 #define THM_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 2860
wolfSSL 15:117db924cf7c 2861 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 15:117db924cf7c 2862
wolfSSL 15:117db924cf7c 2863 /******************************************************************************/
wolfSSL 15:117db924cf7c 2864 /* Certificate Status Request */
wolfSSL 15:117db924cf7c 2865 /******************************************************************************/
wolfSSL 15:117db924cf7c 2866
wolfSSL 15:117db924cf7c 2867 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 2868
wolfSSL 15:117db924cf7c 2869 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
wolfSSL 15:117db924cf7c 2870 {
wolfSSL 15:117db924cf7c 2871 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2872 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2873 FreeOcspRequest(&csr->request.ocsp);
wolfSSL 15:117db924cf7c 2874 break;
wolfSSL 15:117db924cf7c 2875 }
wolfSSL 15:117db924cf7c 2876
wolfSSL 15:117db924cf7c 2877 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2878 (void)heap;
wolfSSL 15:117db924cf7c 2879 }
wolfSSL 15:117db924cf7c 2880
wolfSSL 15:117db924cf7c 2881 static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
wolfSSL 15:117db924cf7c 2882 {
wolfSSL 15:117db924cf7c 2883 word16 size = 0;
wolfSSL 15:117db924cf7c 2884
wolfSSL 15:117db924cf7c 2885 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2886 (void) csr; (void) isRequest;
wolfSSL 15:117db924cf7c 2887
wolfSSL 15:117db924cf7c 2888 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2889 if (isRequest) {
wolfSSL 15:117db924cf7c 2890 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2891 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2892 size += ENUM_LEN + 2 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2893
wolfSSL 15:117db924cf7c 2894 if (csr->request.ocsp.nonceSz)
wolfSSL 15:117db924cf7c 2895 size += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 2896 break;
wolfSSL 15:117db924cf7c 2897 }
wolfSSL 15:117db924cf7c 2898 }
wolfSSL 15:117db924cf7c 2899 #endif
wolfSSL 15:117db924cf7c 2900 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 2901 if (!isRequest && csr->ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 2902 return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length;
wolfSSL 15:117db924cf7c 2903 #endif
wolfSSL 15:117db924cf7c 2904
wolfSSL 15:117db924cf7c 2905 return size;
wolfSSL 15:117db924cf7c 2906 }
wolfSSL 15:117db924cf7c 2907
wolfSSL 15:117db924cf7c 2908 static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
wolfSSL 15:117db924cf7c 2909 byte isRequest)
wolfSSL 15:117db924cf7c 2910 {
wolfSSL 15:117db924cf7c 2911 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2912 (void) csr; (void) output; (void) isRequest;
wolfSSL 15:117db924cf7c 2913
wolfSSL 15:117db924cf7c 2914 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2915 if (isRequest) {
wolfSSL 15:117db924cf7c 2916 word16 offset = 0;
wolfSSL 15:117db924cf7c 2917 word16 length = 0;
wolfSSL 15:117db924cf7c 2918
wolfSSL 15:117db924cf7c 2919 /* type */
wolfSSL 15:117db924cf7c 2920 output[offset++] = csr->status_type;
wolfSSL 15:117db924cf7c 2921
wolfSSL 15:117db924cf7c 2922 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2923 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2924 /* responder id list */
wolfSSL 15:117db924cf7c 2925 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 2926 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 2927
wolfSSL 15:117db924cf7c 2928 /* request extensions */
wolfSSL 15:117db924cf7c 2929 if (csr->request.ocsp.nonceSz)
wolfSSL 15:117db924cf7c 2930 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 15:117db924cf7c 2931 &csr->request.ocsp,
wolfSSL 15:117db924cf7c 2932 output + offset + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 2933 OCSP_NONCE_EXT_SZ);
wolfSSL 15:117db924cf7c 2934
wolfSSL 15:117db924cf7c 2935 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 2936 offset += OPAQUE16_LEN + length;
wolfSSL 15:117db924cf7c 2937
wolfSSL 15:117db924cf7c 2938 break;
wolfSSL 15:117db924cf7c 2939 }
wolfSSL 15:117db924cf7c 2940
wolfSSL 15:117db924cf7c 2941 return offset;
wolfSSL 15:117db924cf7c 2942 }
wolfSSL 15:117db924cf7c 2943 #endif
wolfSSL 15:117db924cf7c 2944 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 2945 if (!isRequest && csr->ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 2946 word16 offset = 0;
wolfSSL 15:117db924cf7c 2947 output[offset++] = csr->status_type;
wolfSSL 15:117db924cf7c 2948 c32to24(csr->response.length, output + offset);
wolfSSL 15:117db924cf7c 2949 offset += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 2950 XMEMCPY(output + offset, csr->response.buffer, csr->response.length);
wolfSSL 15:117db924cf7c 2951 offset += csr->response.length;
wolfSSL 15:117db924cf7c 2952 return offset;
wolfSSL 15:117db924cf7c 2953 }
wolfSSL 15:117db924cf7c 2954 #endif
wolfSSL 15:117db924cf7c 2955
wolfSSL 15:117db924cf7c 2956 return 0;
wolfSSL 15:117db924cf7c 2957 }
wolfSSL 15:117db924cf7c 2958
wolfSSL 15:117db924cf7c 2959 static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 2960 byte isRequest)
wolfSSL 15:117db924cf7c 2961 {
wolfSSL 15:117db924cf7c 2962 int ret;
wolfSSL 15:117db924cf7c 2963
wolfSSL 15:117db924cf7c 2964 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 2965 (void) ssl; (void) input;
wolfSSL 15:117db924cf7c 2966
wolfSSL 15:117db924cf7c 2967 if (!isRequest) {
wolfSSL 15:117db924cf7c 2968 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2969 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2970 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 2971 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2972
wolfSSL 15:117db924cf7c 2973 if (!csr) {
wolfSSL 15:117db924cf7c 2974 /* look at context level */
wolfSSL 15:117db924cf7c 2975 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 2976 csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 2977
wolfSSL 15:117db924cf7c 2978 if (!csr) /* unexpected extension */
wolfSSL 15:117db924cf7c 2979 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 2980
wolfSSL 15:117db924cf7c 2981 /* enable extension at ssl level */
wolfSSL 15:117db924cf7c 2982 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
wolfSSL 15:117db924cf7c 2983 csr->status_type, csr->options, ssl,
wolfSSL 15:117db924cf7c 2984 ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 2985 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 2986 return ret;
wolfSSL 15:117db924cf7c 2987
wolfSSL 15:117db924cf7c 2988 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 2989 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 2990 /* propagate nonce */
wolfSSL 15:117db924cf7c 2991 if (csr->request.ocsp.nonceSz) {
wolfSSL 15:117db924cf7c 2992 OcspRequest* request =
wolfSSL 15:117db924cf7c 2993 (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL 15:117db924cf7c 2994
wolfSSL 15:117db924cf7c 2995 if (request) {
wolfSSL 15:117db924cf7c 2996 XMEMCPY(request->nonce, csr->request.ocsp.nonce,
wolfSSL 15:117db924cf7c 2997 csr->request.ocsp.nonceSz);
wolfSSL 15:117db924cf7c 2998 request->nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 15:117db924cf7c 2999 }
wolfSSL 15:117db924cf7c 3000 }
wolfSSL 15:117db924cf7c 3001 break;
wolfSSL 15:117db924cf7c 3002 }
wolfSSL 15:117db924cf7c 3003 }
wolfSSL 15:117db924cf7c 3004
wolfSSL 15:117db924cf7c 3005 ssl->status_request = 1;
wolfSSL 15:117db924cf7c 3006
wolfSSL 15:117db924cf7c 3007 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3008 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 3009 word32 resp_length;
wolfSSL 15:117db924cf7c 3010 word32 offset = 0;
wolfSSL 16:8e0d178b1d1e 3011
wolfSSL 16:8e0d178b1d1e 3012 /* Get the new extension potentially created above. */
wolfSSL 16:8e0d178b1d1e 3013 extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 16:8e0d178b1d1e 3014 csr = extension ? (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 16:8e0d178b1d1e 3015 if (csr == NULL)
wolfSSL 16:8e0d178b1d1e 3016 return MEMORY_ERROR;
wolfSSL 16:8e0d178b1d1e 3017
wolfSSL 15:117db924cf7c 3018 ret = 0;
wolfSSL 15:117db924cf7c 3019 if (OPAQUE8_LEN + OPAQUE24_LEN > length)
wolfSSL 15:117db924cf7c 3020 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3021 if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP)
wolfSSL 15:117db924cf7c 3022 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 15:117db924cf7c 3023 if (ret == 0) {
wolfSSL 15:117db924cf7c 3024 c24to32(input + offset, &resp_length);
wolfSSL 15:117db924cf7c 3025 offset += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 3026 if (offset + resp_length != length)
wolfSSL 15:117db924cf7c 3027 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3028 }
wolfSSL 16:8e0d178b1d1e 3029 #if !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 3030 if (ret == 0) {
wolfSSL 15:117db924cf7c 3031 csr->response.buffer = input + offset;
wolfSSL 15:117db924cf7c 3032 csr->response.length = resp_length;
wolfSSL 15:117db924cf7c 3033 }
wolfSSL 16:8e0d178b1d1e 3034 #endif
wolfSSL 15:117db924cf7c 3035
wolfSSL 15:117db924cf7c 3036 return ret;
wolfSSL 15:117db924cf7c 3037 }
wolfSSL 15:117db924cf7c 3038 else
wolfSSL 15:117db924cf7c 3039 #endif
wolfSSL 15:117db924cf7c 3040 {
wolfSSL 15:117db924cf7c 3041 /* extension_data MUST be empty. */
wolfSSL 15:117db924cf7c 3042 return length ? BUFFER_ERROR : 0;
wolfSSL 15:117db924cf7c 3043 }
wolfSSL 15:117db924cf7c 3044 #endif
wolfSSL 15:117db924cf7c 3045 }
wolfSSL 15:117db924cf7c 3046 else {
wolfSSL 15:117db924cf7c 3047 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3048 byte status_type;
wolfSSL 15:117db924cf7c 3049 word16 offset = 0;
wolfSSL 15:117db924cf7c 3050 word16 size = 0;
wolfSSL 15:117db924cf7c 3051
wolfSSL 16:8e0d178b1d1e 3052 if (length == 0)
wolfSSL 16:8e0d178b1d1e 3053 return 0;
wolfSSL 15:117db924cf7c 3054 if (length < ENUM_LEN)
wolfSSL 15:117db924cf7c 3055 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3056
wolfSSL 15:117db924cf7c 3057 status_type = input[offset++];
wolfSSL 15:117db924cf7c 3058
wolfSSL 15:117db924cf7c 3059 switch (status_type) {
wolfSSL 15:117db924cf7c 3060 case WOLFSSL_CSR_OCSP: {
wolfSSL 15:117db924cf7c 3061
wolfSSL 15:117db924cf7c 3062 /* skip responder_id_list */
wolfSSL 15:117db924cf7c 3063 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3064 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3065
wolfSSL 15:117db924cf7c 3066 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 3067 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3068
wolfSSL 15:117db924cf7c 3069 /* skip request_extensions */
wolfSSL 15:117db924cf7c 3070 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3071 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3072
wolfSSL 15:117db924cf7c 3073 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 3074 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3075
wolfSSL 15:117db924cf7c 3076 if (offset > length)
wolfSSL 15:117db924cf7c 3077 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3078
wolfSSL 15:117db924cf7c 3079 /* is able to send OCSP response? */
wolfSSL 15:117db924cf7c 3080 if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 15:117db924cf7c 3081 return 0;
wolfSSL 15:117db924cf7c 3082 }
wolfSSL 15:117db924cf7c 3083 break;
wolfSSL 15:117db924cf7c 3084
wolfSSL 15:117db924cf7c 3085 /* unknown status type */
wolfSSL 15:117db924cf7c 3086 default:
wolfSSL 15:117db924cf7c 3087 return 0;
wolfSSL 15:117db924cf7c 3088 }
wolfSSL 15:117db924cf7c 3089
wolfSSL 15:117db924cf7c 3090 /* if using status_request and already sending it, skip this one */
wolfSSL 15:117db924cf7c 3091 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 3092 if (ssl->status_request_v2)
wolfSSL 15:117db924cf7c 3093 return 0;
wolfSSL 15:117db924cf7c 3094 #endif
wolfSSL 15:117db924cf7c 3095
wolfSSL 15:117db924cf7c 3096 /* accept the first good status_type and return */
wolfSSL 15:117db924cf7c 3097 ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 15:117db924cf7c 3098 0, ssl, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 3099 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3100 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3101
wolfSSL 16:8e0d178b1d1e 3102 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 3103 if (ssl->options.tls1_3) {
wolfSSL 16:8e0d178b1d1e 3104 OcspRequest* request;
wolfSSL 16:8e0d178b1d1e 3105 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 16:8e0d178b1d1e 3106 CertificateStatusRequest* csr = extension ?
wolfSSL 16:8e0d178b1d1e 3107 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 16:8e0d178b1d1e 3108 if (csr == NULL)
wolfSSL 16:8e0d178b1d1e 3109 return MEMORY_ERROR;
wolfSSL 16:8e0d178b1d1e 3110
wolfSSL 16:8e0d178b1d1e 3111 request = &csr->request.ocsp;
wolfSSL 16:8e0d178b1d1e 3112 ret = CreateOcspResponse(ssl, &request, &csr->response);
wolfSSL 16:8e0d178b1d1e 3113 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 3114 return ret;
wolfSSL 16:8e0d178b1d1e 3115 if (csr->response.buffer)
wolfSSL 16:8e0d178b1d1e 3116 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL 16:8e0d178b1d1e 3117 }
wolfSSL 16:8e0d178b1d1e 3118 else
wolfSSL 16:8e0d178b1d1e 3119 #endif
wolfSSL 16:8e0d178b1d1e 3120 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 3121 ssl->status_request = status_type;
wolfSSL 15:117db924cf7c 3122 #endif
wolfSSL 15:117db924cf7c 3123 }
wolfSSL 15:117db924cf7c 3124
wolfSSL 15:117db924cf7c 3125 return 0;
wolfSSL 15:117db924cf7c 3126 }
wolfSSL 15:117db924cf7c 3127
wolfSSL 15:117db924cf7c 3128 int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
wolfSSL 15:117db924cf7c 3129 {
wolfSSL 15:117db924cf7c 3130 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 3131 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 3132 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3133 int ret = 0;
wolfSSL 15:117db924cf7c 3134
wolfSSL 15:117db924cf7c 3135 if (csr) {
wolfSSL 15:117db924cf7c 3136 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 3137 case WOLFSSL_CSR_OCSP: {
wolfSSL 15:117db924cf7c 3138 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 15:117db924cf7c 3139 int nonceSz = csr->request.ocsp.nonceSz;
wolfSSL 15:117db924cf7c 3140
wolfSSL 15:117db924cf7c 3141 /* preserve nonce */
wolfSSL 15:117db924cf7c 3142 XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
wolfSSL 15:117db924cf7c 3143
wolfSSL 15:117db924cf7c 3144 if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
wolfSSL 15:117db924cf7c 3145 != 0)
wolfSSL 15:117db924cf7c 3146 return ret;
wolfSSL 15:117db924cf7c 3147
wolfSSL 15:117db924cf7c 3148 /* restore nonce */
wolfSSL 15:117db924cf7c 3149 XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
wolfSSL 15:117db924cf7c 3150 csr->request.ocsp.nonceSz = nonceSz;
wolfSSL 15:117db924cf7c 3151 }
wolfSSL 15:117db924cf7c 3152 break;
wolfSSL 15:117db924cf7c 3153 }
wolfSSL 15:117db924cf7c 3154 }
wolfSSL 15:117db924cf7c 3155
wolfSSL 15:117db924cf7c 3156 return ret;
wolfSSL 15:117db924cf7c 3157 }
wolfSSL 15:117db924cf7c 3158
wolfSSL 15:117db924cf7c 3159 void* TLSX_CSR_GetRequest(TLSX* extensions)
wolfSSL 15:117db924cf7c 3160 {
wolfSSL 15:117db924cf7c 3161 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 3162 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 3163 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3164
wolfSSL 15:117db924cf7c 3165 if (csr) {
wolfSSL 15:117db924cf7c 3166 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 3167 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 3168 return &csr->request.ocsp;
wolfSSL 15:117db924cf7c 3169 break;
wolfSSL 15:117db924cf7c 3170 }
wolfSSL 15:117db924cf7c 3171 }
wolfSSL 15:117db924cf7c 3172
wolfSSL 15:117db924cf7c 3173 return NULL;
wolfSSL 15:117db924cf7c 3174 }
wolfSSL 15:117db924cf7c 3175
wolfSSL 15:117db924cf7c 3176 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3177 {
wolfSSL 15:117db924cf7c 3178 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
wolfSSL 15:117db924cf7c 3179 CertificateStatusRequest* csr = extension ?
wolfSSL 15:117db924cf7c 3180 (CertificateStatusRequest*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3181
wolfSSL 15:117db924cf7c 3182 if (csr) {
wolfSSL 15:117db924cf7c 3183 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 3184 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 3185 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 15:117db924cf7c 3186 csr->request.ocsp.ssl = ssl;
wolfSSL 15:117db924cf7c 3187 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 15:117db924cf7c 3188 &csr->request.ocsp, NULL);
wolfSSL 15:117db924cf7c 3189 }
wolfSSL 15:117db924cf7c 3190 else
wolfSSL 15:117db924cf7c 3191 return OCSP_LOOKUP_FAIL;
wolfSSL 15:117db924cf7c 3192 }
wolfSSL 15:117db924cf7c 3193 }
wolfSSL 15:117db924cf7c 3194
wolfSSL 15:117db924cf7c 3195 return 0;
wolfSSL 15:117db924cf7c 3196 }
wolfSSL 15:117db924cf7c 3197
wolfSSL 15:117db924cf7c 3198 int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
wolfSSL 15:117db924cf7c 3199 byte options, WOLFSSL* ssl, void* heap,
wolfSSL 15:117db924cf7c 3200 int devId)
wolfSSL 15:117db924cf7c 3201 {
wolfSSL 15:117db924cf7c 3202 CertificateStatusRequest* csr = NULL;
wolfSSL 15:117db924cf7c 3203 int ret = 0;
wolfSSL 15:117db924cf7c 3204
wolfSSL 15:117db924cf7c 3205 if (!extensions || status_type != WOLFSSL_CSR_OCSP)
wolfSSL 15:117db924cf7c 3206 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3207
wolfSSL 15:117db924cf7c 3208 csr = (CertificateStatusRequest*)
wolfSSL 15:117db924cf7c 3209 XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3210 if (!csr)
wolfSSL 15:117db924cf7c 3211 return MEMORY_E;
wolfSSL 15:117db924cf7c 3212
wolfSSL 15:117db924cf7c 3213 ForceZero(csr, sizeof(CertificateStatusRequest));
wolfSSL 15:117db924cf7c 3214
wolfSSL 15:117db924cf7c 3215 csr->status_type = status_type;
wolfSSL 15:117db924cf7c 3216 csr->options = options;
wolfSSL 15:117db924cf7c 3217 csr->ssl = ssl;
wolfSSL 15:117db924cf7c 3218
wolfSSL 15:117db924cf7c 3219 switch (csr->status_type) {
wolfSSL 15:117db924cf7c 3220 case WOLFSSL_CSR_OCSP:
wolfSSL 15:117db924cf7c 3221 if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
wolfSSL 15:117db924cf7c 3222 WC_RNG rng;
wolfSSL 15:117db924cf7c 3223
wolfSSL 15:117db924cf7c 3224 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 3225 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 15:117db924cf7c 3226 #else
wolfSSL 15:117db924cf7c 3227 ret = wc_InitRng(&rng);
wolfSSL 15:117db924cf7c 3228 (void)devId;
wolfSSL 15:117db924cf7c 3229 #endif
wolfSSL 15:117db924cf7c 3230 if (ret == 0) {
wolfSSL 15:117db924cf7c 3231 if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
wolfSSL 15:117db924cf7c 3232 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 15:117db924cf7c 3233 csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 15:117db924cf7c 3234
wolfSSL 15:117db924cf7c 3235 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 3236 }
wolfSSL 15:117db924cf7c 3237 }
wolfSSL 15:117db924cf7c 3238 break;
wolfSSL 15:117db924cf7c 3239 }
wolfSSL 15:117db924cf7c 3240
wolfSSL 15:117db924cf7c 3241 if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) {
wolfSSL 15:117db924cf7c 3242 XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3243 return ret;
wolfSSL 15:117db924cf7c 3244 }
wolfSSL 15:117db924cf7c 3245
wolfSSL 15:117db924cf7c 3246 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3247 }
wolfSSL 15:117db924cf7c 3248
wolfSSL 15:117db924cf7c 3249 #define CSR_FREE_ALL TLSX_CSR_Free
wolfSSL 15:117db924cf7c 3250 #define CSR_GET_SIZE TLSX_CSR_GetSize
wolfSSL 15:117db924cf7c 3251 #define CSR_WRITE TLSX_CSR_Write
wolfSSL 15:117db924cf7c 3252 #define CSR_PARSE TLSX_CSR_Parse
wolfSSL 15:117db924cf7c 3253
wolfSSL 15:117db924cf7c 3254 #else
wolfSSL 15:117db924cf7c 3255
wolfSSL 15:117db924cf7c 3256 #define CSR_FREE_ALL(data, heap)
wolfSSL 15:117db924cf7c 3257 #define CSR_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 3258 #define CSR_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 3259 #define CSR_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 3260
wolfSSL 15:117db924cf7c 3261 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 15:117db924cf7c 3262
wolfSSL 15:117db924cf7c 3263 /******************************************************************************/
wolfSSL 15:117db924cf7c 3264 /* Certificate Status Request v2 */
wolfSSL 15:117db924cf7c 3265 /******************************************************************************/
wolfSSL 15:117db924cf7c 3266
wolfSSL 15:117db924cf7c 3267 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 3268
wolfSSL 15:117db924cf7c 3269 static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
wolfSSL 15:117db924cf7c 3270 {
wolfSSL 15:117db924cf7c 3271 CertificateStatusRequestItemV2* next;
wolfSSL 15:117db924cf7c 3272
wolfSSL 15:117db924cf7c 3273 for (; csr2; csr2 = next) {
wolfSSL 15:117db924cf7c 3274 next = csr2->next;
wolfSSL 15:117db924cf7c 3275
wolfSSL 15:117db924cf7c 3276 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3277 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3278 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3279 while(csr2->requests--)
wolfSSL 15:117db924cf7c 3280 FreeOcspRequest(&csr2->request.ocsp[csr2->requests]);
wolfSSL 15:117db924cf7c 3281 break;
wolfSSL 15:117db924cf7c 3282 }
wolfSSL 15:117db924cf7c 3283
wolfSSL 15:117db924cf7c 3284 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3285 }
wolfSSL 15:117db924cf7c 3286 (void)heap;
wolfSSL 15:117db924cf7c 3287 }
wolfSSL 15:117db924cf7c 3288
wolfSSL 15:117db924cf7c 3289 static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
wolfSSL 15:117db924cf7c 3290 byte isRequest)
wolfSSL 15:117db924cf7c 3291 {
wolfSSL 15:117db924cf7c 3292 word16 size = 0;
wolfSSL 15:117db924cf7c 3293
wolfSSL 15:117db924cf7c 3294 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3295 (void) csr2; (void) isRequest;
wolfSSL 15:117db924cf7c 3296
wolfSSL 15:117db924cf7c 3297 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3298 if (isRequest) {
wolfSSL 15:117db924cf7c 3299 CertificateStatusRequestItemV2* next;
wolfSSL 15:117db924cf7c 3300
wolfSSL 15:117db924cf7c 3301 for (size = OPAQUE16_LEN; csr2; csr2 = next) {
wolfSSL 15:117db924cf7c 3302 next = csr2->next;
wolfSSL 15:117db924cf7c 3303
wolfSSL 15:117db924cf7c 3304 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3305 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3306 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3307 size += ENUM_LEN + 3 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3308
wolfSSL 15:117db924cf7c 3309 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3310 size += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 3311 break;
wolfSSL 15:117db924cf7c 3312 }
wolfSSL 15:117db924cf7c 3313 }
wolfSSL 15:117db924cf7c 3314 }
wolfSSL 15:117db924cf7c 3315 #endif
wolfSSL 15:117db924cf7c 3316
wolfSSL 15:117db924cf7c 3317 return size;
wolfSSL 15:117db924cf7c 3318 }
wolfSSL 15:117db924cf7c 3319
wolfSSL 15:117db924cf7c 3320 static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
wolfSSL 15:117db924cf7c 3321 byte* output, byte isRequest)
wolfSSL 15:117db924cf7c 3322 {
wolfSSL 15:117db924cf7c 3323 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3324 (void) csr2; (void) output; (void) isRequest;
wolfSSL 15:117db924cf7c 3325
wolfSSL 15:117db924cf7c 3326 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3327 if (isRequest) {
wolfSSL 15:117db924cf7c 3328 word16 offset;
wolfSSL 15:117db924cf7c 3329 word16 length;
wolfSSL 15:117db924cf7c 3330
wolfSSL 15:117db924cf7c 3331 for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3332 /* status_type */
wolfSSL 15:117db924cf7c 3333 output[offset++] = csr2->status_type;
wolfSSL 15:117db924cf7c 3334
wolfSSL 15:117db924cf7c 3335 /* request */
wolfSSL 15:117db924cf7c 3336 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3337 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3338 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3339 /* request_length */
wolfSSL 15:117db924cf7c 3340 length = 2 * OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3341
wolfSSL 15:117db924cf7c 3342 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3343 length += OCSP_NONCE_EXT_SZ;
wolfSSL 15:117db924cf7c 3344
wolfSSL 15:117db924cf7c 3345 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 3346 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3347
wolfSSL 15:117db924cf7c 3348 /* responder id list */
wolfSSL 15:117db924cf7c 3349 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 3350 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3351
wolfSSL 15:117db924cf7c 3352 /* request extensions */
wolfSSL 15:117db924cf7c 3353 length = 0;
wolfSSL 15:117db924cf7c 3354
wolfSSL 15:117db924cf7c 3355 if (csr2->request.ocsp[0].nonceSz)
wolfSSL 15:117db924cf7c 3356 length = (word16)EncodeOcspRequestExtensions(
wolfSSL 15:117db924cf7c 3357 &csr2->request.ocsp[0],
wolfSSL 15:117db924cf7c 3358 output + offset + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 3359 OCSP_NONCE_EXT_SZ);
wolfSSL 15:117db924cf7c 3360
wolfSSL 15:117db924cf7c 3361 c16toa(length, output + offset);
wolfSSL 15:117db924cf7c 3362 offset += OPAQUE16_LEN + length;
wolfSSL 15:117db924cf7c 3363 break;
wolfSSL 15:117db924cf7c 3364 }
wolfSSL 15:117db924cf7c 3365 }
wolfSSL 15:117db924cf7c 3366
wolfSSL 15:117db924cf7c 3367 /* list size */
wolfSSL 15:117db924cf7c 3368 c16toa(offset - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 3369
wolfSSL 15:117db924cf7c 3370 return offset;
wolfSSL 15:117db924cf7c 3371 }
wolfSSL 15:117db924cf7c 3372 #endif
wolfSSL 15:117db924cf7c 3373
wolfSSL 15:117db924cf7c 3374 return 0;
wolfSSL 15:117db924cf7c 3375 }
wolfSSL 15:117db924cf7c 3376
wolfSSL 15:117db924cf7c 3377 static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 3378 byte isRequest)
wolfSSL 15:117db924cf7c 3379 {
wolfSSL 15:117db924cf7c 3380 int ret;
wolfSSL 15:117db924cf7c 3381
wolfSSL 15:117db924cf7c 3382 /* shut up compiler warnings */
wolfSSL 15:117db924cf7c 3383 (void) ssl; (void) input;
wolfSSL 15:117db924cf7c 3384
wolfSSL 15:117db924cf7c 3385 if (!isRequest) {
wolfSSL 15:117db924cf7c 3386 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3387 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3388 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3389 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3390
wolfSSL 15:117db924cf7c 3391 if (!csr2) {
wolfSSL 15:117db924cf7c 3392 /* look at context level */
wolfSSL 15:117db924cf7c 3393 extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3394 csr2 = extension ?
wolfSSL 15:117db924cf7c 3395 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3396
wolfSSL 15:117db924cf7c 3397 if (!csr2) /* unexpected extension */
wolfSSL 15:117db924cf7c 3398 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 3399
wolfSSL 15:117db924cf7c 3400 /* enable extension at ssl level */
wolfSSL 15:117db924cf7c 3401 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3402 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 15:117db924cf7c 3403 csr2->status_type, csr2->options, ssl->heap,
wolfSSL 15:117db924cf7c 3404 ssl->devId);
wolfSSL 15:117db924cf7c 3405 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3406 return ret;
wolfSSL 15:117db924cf7c 3407
wolfSSL 15:117db924cf7c 3408 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3409 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3410 /* followed by */
wolfSSL 15:117db924cf7c 3411 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3412 /* propagate nonce */
wolfSSL 15:117db924cf7c 3413 if (csr2->request.ocsp[0].nonceSz) {
wolfSSL 15:117db924cf7c 3414 OcspRequest* request =
wolfSSL 15:117db924cf7c 3415 (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL 15:117db924cf7c 3416 csr2->status_type, 0);
wolfSSL 15:117db924cf7c 3417
wolfSSL 15:117db924cf7c 3418 if (request) {
wolfSSL 15:117db924cf7c 3419 XMEMCPY(request->nonce,
wolfSSL 15:117db924cf7c 3420 csr2->request.ocsp[0].nonce,
wolfSSL 15:117db924cf7c 3421 csr2->request.ocsp[0].nonceSz);
wolfSSL 15:117db924cf7c 3422
wolfSSL 15:117db924cf7c 3423 request->nonceSz =
wolfSSL 15:117db924cf7c 3424 csr2->request.ocsp[0].nonceSz;
wolfSSL 15:117db924cf7c 3425 }
wolfSSL 15:117db924cf7c 3426 }
wolfSSL 15:117db924cf7c 3427 break;
wolfSSL 15:117db924cf7c 3428 }
wolfSSL 15:117db924cf7c 3429 }
wolfSSL 15:117db924cf7c 3430 }
wolfSSL 15:117db924cf7c 3431
wolfSSL 15:117db924cf7c 3432 ssl->status_request_v2 = 1;
wolfSSL 15:117db924cf7c 3433
wolfSSL 15:117db924cf7c 3434 return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */
wolfSSL 15:117db924cf7c 3435 #endif
wolfSSL 15:117db924cf7c 3436 }
wolfSSL 15:117db924cf7c 3437 else {
wolfSSL 15:117db924cf7c 3438 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3439 byte status_type;
wolfSSL 15:117db924cf7c 3440 word16 request_length;
wolfSSL 15:117db924cf7c 3441 word16 offset = 0;
wolfSSL 15:117db924cf7c 3442 word16 size = 0;
wolfSSL 15:117db924cf7c 3443
wolfSSL 15:117db924cf7c 3444 /* list size */
wolfSSL 15:117db924cf7c 3445 if (offset + OPAQUE16_LEN >= length) {
wolfSSL 15:117db924cf7c 3446 return BUFFER_E;
wolfSSL 15:117db924cf7c 3447 }
wolfSSL 15:117db924cf7c 3448
wolfSSL 15:117db924cf7c 3449 ato16(input + offset, &request_length);
wolfSSL 15:117db924cf7c 3450 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3451
wolfSSL 15:117db924cf7c 3452 if (length - OPAQUE16_LEN != request_length)
wolfSSL 15:117db924cf7c 3453 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3454
wolfSSL 15:117db924cf7c 3455 while (length > offset) {
wolfSSL 15:117db924cf7c 3456 if (length - offset < ENUM_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3457 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3458
wolfSSL 15:117db924cf7c 3459 status_type = input[offset++];
wolfSSL 15:117db924cf7c 3460
wolfSSL 15:117db924cf7c 3461 ato16(input + offset, &request_length);
wolfSSL 15:117db924cf7c 3462 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3463
wolfSSL 15:117db924cf7c 3464 if (length - offset < request_length)
wolfSSL 15:117db924cf7c 3465 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3466
wolfSSL 15:117db924cf7c 3467 switch (status_type) {
wolfSSL 15:117db924cf7c 3468 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3469 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3470 /* skip responder_id_list */
wolfSSL 15:117db924cf7c 3471 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3472 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3473
wolfSSL 15:117db924cf7c 3474 ato16(input + offset, &size);
wolfSSL 16:8e0d178b1d1e 3475 if (length - offset < size)
wolfSSL 16:8e0d178b1d1e 3476 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 3477
wolfSSL 15:117db924cf7c 3478 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3479 /* skip request_extensions */
wolfSSL 15:117db924cf7c 3480 if (length - offset < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3481 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3482
wolfSSL 15:117db924cf7c 3483 ato16(input + offset, &size);
wolfSSL 16:8e0d178b1d1e 3484 if (length - offset < size)
wolfSSL 16:8e0d178b1d1e 3485 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 3486
wolfSSL 15:117db924cf7c 3487 offset += OPAQUE16_LEN + size;
wolfSSL 15:117db924cf7c 3488 if (offset > length)
wolfSSL 15:117db924cf7c 3489 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3490
wolfSSL 15:117db924cf7c 3491 /* is able to send OCSP response? */
wolfSSL 15:117db924cf7c 3492 if (ssl->ctx->cm == NULL
wolfSSL 15:117db924cf7c 3493 || !ssl->ctx->cm->ocspStaplingEnabled)
wolfSSL 15:117db924cf7c 3494 continue;
wolfSSL 15:117db924cf7c 3495 break;
wolfSSL 15:117db924cf7c 3496
wolfSSL 15:117db924cf7c 3497 default:
wolfSSL 15:117db924cf7c 3498 /* unknown status type, skipping! */
wolfSSL 15:117db924cf7c 3499 offset += request_length;
wolfSSL 15:117db924cf7c 3500 continue;
wolfSSL 15:117db924cf7c 3501 }
wolfSSL 15:117db924cf7c 3502
wolfSSL 15:117db924cf7c 3503 /* if using status_request and already sending it, skip this one */
wolfSSL 15:117db924cf7c 3504 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 3505 if (ssl->status_request)
wolfSSL 15:117db924cf7c 3506 return 0;
wolfSSL 15:117db924cf7c 3507 #endif
wolfSSL 15:117db924cf7c 3508
wolfSSL 15:117db924cf7c 3509 /* accept the first good status_type and return */
wolfSSL 15:117db924cf7c 3510 ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
wolfSSL 15:117db924cf7c 3511 status_type, 0, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 3512 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 3513 return ret; /* throw error */
wolfSSL 15:117db924cf7c 3514
wolfSSL 15:117db924cf7c 3515 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3516 ssl->status_request_v2 = status_type;
wolfSSL 15:117db924cf7c 3517
wolfSSL 15:117db924cf7c 3518 return 0;
wolfSSL 15:117db924cf7c 3519 }
wolfSSL 15:117db924cf7c 3520 #endif
wolfSSL 15:117db924cf7c 3521 }
wolfSSL 15:117db924cf7c 3522
wolfSSL 15:117db924cf7c 3523 return 0;
wolfSSL 15:117db924cf7c 3524 }
wolfSSL 15:117db924cf7c 3525
wolfSSL 15:117db924cf7c 3526 int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
wolfSSL 15:117db924cf7c 3527 void* heap)
wolfSSL 15:117db924cf7c 3528 {
wolfSSL 15:117db924cf7c 3529 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3530 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3531 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3532 int ret = 0;
wolfSSL 15:117db924cf7c 3533
wolfSSL 15:117db924cf7c 3534 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3535 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3536 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3537 if (!isPeer || csr2->requests != 0)
wolfSSL 15:117db924cf7c 3538 break;
wolfSSL 15:117db924cf7c 3539
wolfSSL 15:117db924cf7c 3540 FALL_THROUGH; /* followed by */
wolfSSL 15:117db924cf7c 3541
wolfSSL 15:117db924cf7c 3542 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 15:117db924cf7c 3543 if (csr2->requests < 1 + MAX_CHAIN_DEPTH) {
wolfSSL 15:117db924cf7c 3544 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 15:117db924cf7c 3545 int nonceSz = csr2->request.ocsp[0].nonceSz;
wolfSSL 15:117db924cf7c 3546
wolfSSL 15:117db924cf7c 3547 /* preserve nonce, replicating nonce of ocsp[0] */
wolfSSL 15:117db924cf7c 3548 XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
wolfSSL 15:117db924cf7c 3549
wolfSSL 15:117db924cf7c 3550 if ((ret = InitOcspRequest(
wolfSSL 15:117db924cf7c 3551 &csr2->request.ocsp[csr2->requests], cert,
wolfSSL 15:117db924cf7c 3552 0, heap)) != 0)
wolfSSL 15:117db924cf7c 3553 return ret;
wolfSSL 15:117db924cf7c 3554
wolfSSL 15:117db924cf7c 3555 /* restore nonce */
wolfSSL 15:117db924cf7c 3556 XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
wolfSSL 15:117db924cf7c 3557 nonce, nonceSz);
wolfSSL 15:117db924cf7c 3558 csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
wolfSSL 15:117db924cf7c 3559 csr2->requests++;
wolfSSL 15:117db924cf7c 3560 }
wolfSSL 15:117db924cf7c 3561 }
wolfSSL 15:117db924cf7c 3562 break;
wolfSSL 15:117db924cf7c 3563 }
wolfSSL 15:117db924cf7c 3564 }
wolfSSL 15:117db924cf7c 3565
wolfSSL 15:117db924cf7c 3566 (void)cert;
wolfSSL 15:117db924cf7c 3567 return ret;
wolfSSL 15:117db924cf7c 3568 }
wolfSSL 15:117db924cf7c 3569
wolfSSL 15:117db924cf7c 3570 void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx)
wolfSSL 15:117db924cf7c 3571 {
wolfSSL 15:117db924cf7c 3572 TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3573 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3574 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3575
wolfSSL 15:117db924cf7c 3576 for (; csr2; csr2 = csr2->next) {
wolfSSL 15:117db924cf7c 3577 if (csr2->status_type == status_type) {
wolfSSL 15:117db924cf7c 3578 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3579 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3580 /* followed by */
wolfSSL 15:117db924cf7c 3581
wolfSSL 15:117db924cf7c 3582 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3583 /* requests are initialized in the reverse order */
wolfSSL 15:117db924cf7c 3584 return idx < csr2->requests
wolfSSL 15:117db924cf7c 3585 ? &csr2->request.ocsp[csr2->requests - idx - 1]
wolfSSL 15:117db924cf7c 3586 : NULL;
wolfSSL 15:117db924cf7c 3587 break;
wolfSSL 15:117db924cf7c 3588 }
wolfSSL 15:117db924cf7c 3589 }
wolfSSL 15:117db924cf7c 3590 }
wolfSSL 15:117db924cf7c 3591
wolfSSL 15:117db924cf7c 3592 return NULL;
wolfSSL 15:117db924cf7c 3593 }
wolfSSL 15:117db924cf7c 3594
wolfSSL 15:117db924cf7c 3595 int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3596 {
wolfSSL 15:117db924cf7c 3597 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2);
wolfSSL 15:117db924cf7c 3598 CertificateStatusRequestItemV2* csr2 = extension ?
wolfSSL 15:117db924cf7c 3599 (CertificateStatusRequestItemV2*)extension->data : NULL;
wolfSSL 15:117db924cf7c 3600
wolfSSL 15:117db924cf7c 3601 /* forces only the first one */
wolfSSL 15:117db924cf7c 3602 if (csr2) {
wolfSSL 15:117db924cf7c 3603 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3604 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3605 /* followed by */
wolfSSL 15:117db924cf7c 3606
wolfSSL 15:117db924cf7c 3607 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3608 if (ssl->ctx->cm->ocspEnabled) {
wolfSSL 15:117db924cf7c 3609 csr2->request.ocsp[0].ssl = ssl;
wolfSSL 15:117db924cf7c 3610 return CheckOcspRequest(ssl->ctx->cm->ocsp,
wolfSSL 15:117db924cf7c 3611 &csr2->request.ocsp[0], NULL);
wolfSSL 15:117db924cf7c 3612 }
wolfSSL 15:117db924cf7c 3613 else
wolfSSL 15:117db924cf7c 3614 return OCSP_LOOKUP_FAIL;
wolfSSL 15:117db924cf7c 3615 }
wolfSSL 15:117db924cf7c 3616 }
wolfSSL 15:117db924cf7c 3617
wolfSSL 15:117db924cf7c 3618 return 0;
wolfSSL 15:117db924cf7c 3619 }
wolfSSL 15:117db924cf7c 3620
wolfSSL 15:117db924cf7c 3621 int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
wolfSSL 15:117db924cf7c 3622 byte options, void* heap, int devId)
wolfSSL 15:117db924cf7c 3623 {
wolfSSL 15:117db924cf7c 3624 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 3625 CertificateStatusRequestItemV2* csr2 = NULL;
wolfSSL 15:117db924cf7c 3626 int ret = 0;
wolfSSL 15:117db924cf7c 3627
wolfSSL 15:117db924cf7c 3628 if (!extensions)
wolfSSL 15:117db924cf7c 3629 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3630
wolfSSL 15:117db924cf7c 3631 if (status_type != WOLFSSL_CSR2_OCSP
wolfSSL 15:117db924cf7c 3632 && status_type != WOLFSSL_CSR2_OCSP_MULTI)
wolfSSL 15:117db924cf7c 3633 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3634
wolfSSL 15:117db924cf7c 3635 csr2 = (CertificateStatusRequestItemV2*)
wolfSSL 15:117db924cf7c 3636 XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3637 if (!csr2)
wolfSSL 15:117db924cf7c 3638 return MEMORY_E;
wolfSSL 15:117db924cf7c 3639
wolfSSL 15:117db924cf7c 3640 ForceZero(csr2, sizeof(CertificateStatusRequestItemV2));
wolfSSL 15:117db924cf7c 3641
wolfSSL 15:117db924cf7c 3642 csr2->status_type = status_type;
wolfSSL 15:117db924cf7c 3643 csr2->options = options;
wolfSSL 15:117db924cf7c 3644 csr2->next = NULL;
wolfSSL 15:117db924cf7c 3645
wolfSSL 15:117db924cf7c 3646 switch (csr2->status_type) {
wolfSSL 15:117db924cf7c 3647 case WOLFSSL_CSR2_OCSP:
wolfSSL 15:117db924cf7c 3648 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 15:117db924cf7c 3649 if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
wolfSSL 15:117db924cf7c 3650 WC_RNG rng;
wolfSSL 15:117db924cf7c 3651
wolfSSL 15:117db924cf7c 3652 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 3653 ret = wc_InitRng_ex(&rng, heap, devId);
wolfSSL 15:117db924cf7c 3654 #else
wolfSSL 15:117db924cf7c 3655 ret = wc_InitRng(&rng);
wolfSSL 15:117db924cf7c 3656 (void)devId;
wolfSSL 15:117db924cf7c 3657 #endif
wolfSSL 15:117db924cf7c 3658 if (ret == 0) {
wolfSSL 15:117db924cf7c 3659 if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
wolfSSL 15:117db924cf7c 3660 MAX_OCSP_NONCE_SZ) == 0)
wolfSSL 15:117db924cf7c 3661 csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
wolfSSL 15:117db924cf7c 3662
wolfSSL 15:117db924cf7c 3663 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 3664 }
wolfSSL 15:117db924cf7c 3665 }
wolfSSL 15:117db924cf7c 3666 break;
wolfSSL 15:117db924cf7c 3667 }
wolfSSL 15:117db924cf7c 3668
wolfSSL 15:117db924cf7c 3669 /* append new item */
wolfSSL 15:117db924cf7c 3670 if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) {
wolfSSL 15:117db924cf7c 3671 CertificateStatusRequestItemV2* last =
wolfSSL 15:117db924cf7c 3672 (CertificateStatusRequestItemV2*)extension->data;
wolfSSL 15:117db924cf7c 3673
wolfSSL 15:117db924cf7c 3674 for (; last->next; last = last->next);
wolfSSL 15:117db924cf7c 3675
wolfSSL 15:117db924cf7c 3676 last->next = csr2;
wolfSSL 15:117db924cf7c 3677 }
wolfSSL 15:117db924cf7c 3678 else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) {
wolfSSL 15:117db924cf7c 3679 XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3680 return ret;
wolfSSL 15:117db924cf7c 3681 }
wolfSSL 15:117db924cf7c 3682
wolfSSL 15:117db924cf7c 3683 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3684 }
wolfSSL 15:117db924cf7c 3685
wolfSSL 15:117db924cf7c 3686 #define CSR2_FREE_ALL TLSX_CSR2_FreeAll
wolfSSL 15:117db924cf7c 3687 #define CSR2_GET_SIZE TLSX_CSR2_GetSize
wolfSSL 15:117db924cf7c 3688 #define CSR2_WRITE TLSX_CSR2_Write
wolfSSL 15:117db924cf7c 3689 #define CSR2_PARSE TLSX_CSR2_Parse
wolfSSL 15:117db924cf7c 3690
wolfSSL 15:117db924cf7c 3691 #else
wolfSSL 15:117db924cf7c 3692
wolfSSL 15:117db924cf7c 3693 #define CSR2_FREE_ALL(data, heap)
wolfSSL 15:117db924cf7c 3694 #define CSR2_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 3695 #define CSR2_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 3696 #define CSR2_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 3697
wolfSSL 15:117db924cf7c 3698 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 15:117db924cf7c 3699
wolfSSL 15:117db924cf7c 3700 /******************************************************************************/
wolfSSL 15:117db924cf7c 3701 /* Supported Elliptic Curves */
wolfSSL 15:117db924cf7c 3702 /******************************************************************************/
wolfSSL 15:117db924cf7c 3703
wolfSSL 15:117db924cf7c 3704 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 3705
wolfSSL 16:8e0d178b1d1e 3706 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \
wolfSSL 16:8e0d178b1d1e 3707 && !defined(HAVE_FFDHE)
wolfSSL 15:117db924cf7c 3708 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL 16:8e0d178b1d1e 3709 Use --enable-ecc in the configure script or define HAVE_ECC. \
wolfSSL 16:8e0d178b1d1e 3710 Alternatively use FFDHE for DH ciperhsuites.
wolfSSL 15:117db924cf7c 3711 #endif
wolfSSL 15:117db924cf7c 3712
wolfSSL 15:117db924cf7c 3713 static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name,
wolfSSL 15:117db924cf7c 3714 void* heap)
wolfSSL 15:117db924cf7c 3715 {
wolfSSL 15:117db924cf7c 3716 if (curve == NULL)
wolfSSL 15:117db924cf7c 3717 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3718
wolfSSL 15:117db924cf7c 3719 (void)heap;
wolfSSL 15:117db924cf7c 3720
wolfSSL 15:117db924cf7c 3721 *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap,
wolfSSL 15:117db924cf7c 3722 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3723 if (*curve == NULL)
wolfSSL 15:117db924cf7c 3724 return MEMORY_E;
wolfSSL 15:117db924cf7c 3725
wolfSSL 15:117db924cf7c 3726 (*curve)->name = name;
wolfSSL 15:117db924cf7c 3727 (*curve)->next = NULL;
wolfSSL 15:117db924cf7c 3728
wolfSSL 15:117db924cf7c 3729 return 0;
wolfSSL 15:117db924cf7c 3730 }
wolfSSL 15:117db924cf7c 3731
wolfSSL 15:117db924cf7c 3732 static int TLSX_PointFormat_New(PointFormat** point, byte format, void* heap)
wolfSSL 15:117db924cf7c 3733 {
wolfSSL 15:117db924cf7c 3734 if (point == NULL)
wolfSSL 15:117db924cf7c 3735 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3736
wolfSSL 15:117db924cf7c 3737 (void)heap;
wolfSSL 15:117db924cf7c 3738
wolfSSL 15:117db924cf7c 3739 *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap,
wolfSSL 15:117db924cf7c 3740 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3741 if (*point == NULL)
wolfSSL 15:117db924cf7c 3742 return MEMORY_E;
wolfSSL 15:117db924cf7c 3743
wolfSSL 15:117db924cf7c 3744 (*point)->format = format;
wolfSSL 15:117db924cf7c 3745 (*point)->next = NULL;
wolfSSL 15:117db924cf7c 3746
wolfSSL 15:117db924cf7c 3747 return 0;
wolfSSL 15:117db924cf7c 3748 }
wolfSSL 15:117db924cf7c 3749
wolfSSL 15:117db924cf7c 3750 static void TLSX_SupportedCurve_FreeAll(SupportedCurve* list, void* heap)
wolfSSL 15:117db924cf7c 3751 {
wolfSSL 15:117db924cf7c 3752 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3753
wolfSSL 15:117db924cf7c 3754 while ((curve = list)) {
wolfSSL 15:117db924cf7c 3755 list = curve->next;
wolfSSL 15:117db924cf7c 3756 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3757 }
wolfSSL 15:117db924cf7c 3758 (void)heap;
wolfSSL 15:117db924cf7c 3759 }
wolfSSL 15:117db924cf7c 3760
wolfSSL 15:117db924cf7c 3761 static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap)
wolfSSL 15:117db924cf7c 3762 {
wolfSSL 15:117db924cf7c 3763 PointFormat* point;
wolfSSL 15:117db924cf7c 3764
wolfSSL 15:117db924cf7c 3765 while ((point = list)) {
wolfSSL 15:117db924cf7c 3766 list = point->next;
wolfSSL 15:117db924cf7c 3767 XFREE(point, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 3768 }
wolfSSL 15:117db924cf7c 3769 (void)heap;
wolfSSL 15:117db924cf7c 3770 }
wolfSSL 15:117db924cf7c 3771
wolfSSL 15:117db924cf7c 3772 static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name,
wolfSSL 15:117db924cf7c 3773 void* heap)
wolfSSL 15:117db924cf7c 3774 {
wolfSSL 15:117db924cf7c 3775 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3776
wolfSSL 15:117db924cf7c 3777 while (list) {
wolfSSL 15:117db924cf7c 3778 if (list->name == name) {
wolfSSL 16:8e0d178b1d1e 3779 ret = 0; /* curve already in use */
wolfSSL 15:117db924cf7c 3780 break;
wolfSSL 15:117db924cf7c 3781 }
wolfSSL 15:117db924cf7c 3782
wolfSSL 15:117db924cf7c 3783 if (list->next == NULL) {
wolfSSL 15:117db924cf7c 3784 ret = TLSX_SupportedCurve_New(&list->next, name, heap);
wolfSSL 15:117db924cf7c 3785 break;
wolfSSL 15:117db924cf7c 3786 }
wolfSSL 15:117db924cf7c 3787
wolfSSL 15:117db924cf7c 3788 list = list->next;
wolfSSL 15:117db924cf7c 3789 }
wolfSSL 15:117db924cf7c 3790
wolfSSL 15:117db924cf7c 3791 return ret;
wolfSSL 15:117db924cf7c 3792 }
wolfSSL 15:117db924cf7c 3793
wolfSSL 15:117db924cf7c 3794 static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap)
wolfSSL 15:117db924cf7c 3795 {
wolfSSL 15:117db924cf7c 3796 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3797
wolfSSL 15:117db924cf7c 3798 while (list) {
wolfSSL 15:117db924cf7c 3799 if (list->format == format) {
wolfSSL 15:117db924cf7c 3800 ret = 0; /* format already in use */
wolfSSL 15:117db924cf7c 3801 break;
wolfSSL 15:117db924cf7c 3802 }
wolfSSL 15:117db924cf7c 3803
wolfSSL 15:117db924cf7c 3804 if (list->next == NULL) {
wolfSSL 15:117db924cf7c 3805 ret = TLSX_PointFormat_New(&list->next, format, heap);
wolfSSL 15:117db924cf7c 3806 break;
wolfSSL 15:117db924cf7c 3807 }
wolfSSL 15:117db924cf7c 3808
wolfSSL 15:117db924cf7c 3809 list = list->next;
wolfSSL 15:117db924cf7c 3810 }
wolfSSL 15:117db924cf7c 3811
wolfSSL 15:117db924cf7c 3812 return ret;
wolfSSL 15:117db924cf7c 3813 }
wolfSSL 15:117db924cf7c 3814
wolfSSL 15:117db924cf7c 3815 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 3816
wolfSSL 15:117db924cf7c 3817 static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3818 {
wolfSSL 16:8e0d178b1d1e 3819 word16 i;
wolfSSL 16:8e0d178b1d1e 3820
wolfSSL 16:8e0d178b1d1e 3821 for (i = 0; i < ssl->suites->suiteSz; i+= 2) {
wolfSSL 16:8e0d178b1d1e 3822 if (ssl->suites->suites[i] == TLS13_BYTE)
wolfSSL 16:8e0d178b1d1e 3823 return;
wolfSSL 15:117db924cf7c 3824 if (ssl->suites->suites[i] == ECC_BYTE ||
wolfSSL 16:8e0d178b1d1e 3825 ssl->suites->suites[i] == CHACHA_BYTE) {
wolfSSL 16:8e0d178b1d1e 3826 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 3827 defined(HAVE_CURVE448)
wolfSSL 15:117db924cf7c 3828 return;
wolfSSL 16:8e0d178b1d1e 3829 #endif
wolfSSL 16:8e0d178b1d1e 3830 }
wolfSSL 16:8e0d178b1d1e 3831 else {
wolfSSL 16:8e0d178b1d1e 3832 #ifdef HAVE_FFDHE
wolfSSL 16:8e0d178b1d1e 3833 return;
wolfSSL 16:8e0d178b1d1e 3834 #endif
wolfSSL 16:8e0d178b1d1e 3835 }
wolfSSL 16:8e0d178b1d1e 3836 }
wolfSSL 15:117db924cf7c 3837
wolfSSL 15:117db924cf7c 3838 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3839 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
wolfSSL 15:117db924cf7c 3840 }
wolfSSL 15:117db924cf7c 3841
wolfSSL 15:117db924cf7c 3842 static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3843 {
wolfSSL 16:8e0d178b1d1e 3844 word16 i;
wolfSSL 16:8e0d178b1d1e 3845
wolfSSL 16:8e0d178b1d1e 3846 for (i = 0; i < ssl->suites->suiteSz; i+= 2) {
wolfSSL 16:8e0d178b1d1e 3847 if (ssl->suites->suites[i] == TLS13_BYTE)
wolfSSL 16:8e0d178b1d1e 3848 return;
wolfSSL 15:117db924cf7c 3849 if (ssl->suites->suites[i] == ECC_BYTE ||
wolfSSL 16:8e0d178b1d1e 3850 ssl->suites->suites[i] == CHACHA_BYTE) {
wolfSSL 16:8e0d178b1d1e 3851 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 3852 defined(HAVE_CURVE448)
wolfSSL 15:117db924cf7c 3853 return;
wolfSSL 16:8e0d178b1d1e 3854 #endif
wolfSSL 16:8e0d178b1d1e 3855 }
wolfSSL 16:8e0d178b1d1e 3856 else {
wolfSSL 16:8e0d178b1d1e 3857 #ifdef HAVE_FFDHE
wolfSSL 16:8e0d178b1d1e 3858 return;
wolfSSL 16:8e0d178b1d1e 3859 #endif
wolfSSL 16:8e0d178b1d1e 3860 }
wolfSSL 16:8e0d178b1d1e 3861 }
wolfSSL 15:117db924cf7c 3862
wolfSSL 15:117db924cf7c 3863 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3864 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 3865 }
wolfSSL 15:117db924cf7c 3866
wolfSSL 15:117db924cf7c 3867 #endif
wolfSSL 15:117db924cf7c 3868
wolfSSL 15:117db924cf7c 3869 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 3870
wolfSSL 15:117db924cf7c 3871 static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 3872 {
wolfSSL 16:8e0d178b1d1e 3873 #if defined(HAVE_FFDHE) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 3874 defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 3875 (void)semaphore;
wolfSSL 16:8e0d178b1d1e 3876 #endif
wolfSSL 16:8e0d178b1d1e 3877
wolfSSL 16:8e0d178b1d1e 3878 if (ssl->options.cipherSuite0 == TLS13_BYTE)
wolfSSL 16:8e0d178b1d1e 3879 return;
wolfSSL 15:117db924cf7c 3880 if (ssl->options.cipherSuite0 == ECC_BYTE ||
wolfSSL 16:8e0d178b1d1e 3881 ssl->options.cipherSuite0 == CHACHA_BYTE) {
wolfSSL 16:8e0d178b1d1e 3882 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
wolfSSL 15:117db924cf7c 3883 return;
wolfSSL 16:8e0d178b1d1e 3884 #endif
wolfSSL 16:8e0d178b1d1e 3885 }
wolfSSL 16:8e0d178b1d1e 3886 else {
wolfSSL 16:8e0d178b1d1e 3887 #ifdef HAVE_FFDHE
wolfSSL 16:8e0d178b1d1e 3888 return;
wolfSSL 16:8e0d178b1d1e 3889 #endif
wolfSSL 16:8e0d178b1d1e 3890 }
wolfSSL 16:8e0d178b1d1e 3891
wolfSSL 16:8e0d178b1d1e 3892 #if !defined(HAVE_FFDHE) || (!defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
wolfSSL 16:8e0d178b1d1e 3893 && !defined(HAVE_CURVE448))
wolfSSL 15:117db924cf7c 3894 /* turns semaphore on to avoid sending this extension. */
wolfSSL 15:117db924cf7c 3895 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 16:8e0d178b1d1e 3896 #endif
wolfSSL 15:117db924cf7c 3897 }
wolfSSL 15:117db924cf7c 3898
wolfSSL 15:117db924cf7c 3899 #endif
wolfSSL 15:117db924cf7c 3900 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3901
wolfSSL 15:117db924cf7c 3902 static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list)
wolfSSL 15:117db924cf7c 3903 {
wolfSSL 15:117db924cf7c 3904 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3905 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 15:117db924cf7c 3906
wolfSSL 15:117db924cf7c 3907 while ((curve = list)) {
wolfSSL 15:117db924cf7c 3908 list = curve->next;
wolfSSL 15:117db924cf7c 3909 length += OPAQUE16_LEN; /* curve length */
wolfSSL 15:117db924cf7c 3910 }
wolfSSL 15:117db924cf7c 3911
wolfSSL 15:117db924cf7c 3912 return length;
wolfSSL 15:117db924cf7c 3913 }
wolfSSL 15:117db924cf7c 3914
wolfSSL 15:117db924cf7c 3915 #endif
wolfSSL 15:117db924cf7c 3916
wolfSSL 15:117db924cf7c 3917 static word16 TLSX_PointFormat_GetSize(PointFormat* list)
wolfSSL 15:117db924cf7c 3918 {
wolfSSL 15:117db924cf7c 3919 PointFormat* point;
wolfSSL 15:117db924cf7c 3920 word16 length = ENUM_LEN; /* list length */
wolfSSL 15:117db924cf7c 3921
wolfSSL 15:117db924cf7c 3922 while ((point = list)) {
wolfSSL 15:117db924cf7c 3923 list = point->next;
wolfSSL 15:117db924cf7c 3924 length += ENUM_LEN; /* format length */
wolfSSL 15:117db924cf7c 3925 }
wolfSSL 15:117db924cf7c 3926
wolfSSL 15:117db924cf7c 3927 return length;
wolfSSL 15:117db924cf7c 3928 }
wolfSSL 15:117db924cf7c 3929
wolfSSL 15:117db924cf7c 3930 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3931
wolfSSL 15:117db924cf7c 3932 static word16 TLSX_SupportedCurve_Write(SupportedCurve* list, byte* output)
wolfSSL 15:117db924cf7c 3933 {
wolfSSL 15:117db924cf7c 3934 word16 offset = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3935
wolfSSL 15:117db924cf7c 3936 while (list) {
wolfSSL 15:117db924cf7c 3937 c16toa(list->name, output + offset);
wolfSSL 15:117db924cf7c 3938 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3939 list = list->next;
wolfSSL 15:117db924cf7c 3940 }
wolfSSL 15:117db924cf7c 3941
wolfSSL 15:117db924cf7c 3942 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 3943
wolfSSL 15:117db924cf7c 3944 return offset;
wolfSSL 15:117db924cf7c 3945 }
wolfSSL 15:117db924cf7c 3946
wolfSSL 15:117db924cf7c 3947 #endif
wolfSSL 15:117db924cf7c 3948
wolfSSL 15:117db924cf7c 3949 static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output)
wolfSSL 15:117db924cf7c 3950 {
wolfSSL 15:117db924cf7c 3951 word16 offset = ENUM_LEN;
wolfSSL 15:117db924cf7c 3952
wolfSSL 15:117db924cf7c 3953 while (list) {
wolfSSL 15:117db924cf7c 3954 output[offset++] = list->format;
wolfSSL 15:117db924cf7c 3955 list = list->next;
wolfSSL 15:117db924cf7c 3956 }
wolfSSL 15:117db924cf7c 3957
wolfSSL 15:117db924cf7c 3958 output[0] = (byte)(offset - ENUM_LEN);
wolfSSL 15:117db924cf7c 3959
wolfSSL 15:117db924cf7c 3960 return offset;
wolfSSL 15:117db924cf7c 3961 }
wolfSSL 15:117db924cf7c 3962
wolfSSL 15:117db924cf7c 3963 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 3964 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT))
wolfSSL 15:117db924cf7c 3965
wolfSSL 15:117db924cf7c 3966 static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 3967 byte isRequest)
wolfSSL 15:117db924cf7c 3968 {
wolfSSL 15:117db924cf7c 3969 word16 offset;
wolfSSL 15:117db924cf7c 3970 word16 name;
wolfSSL 15:117db924cf7c 3971 int ret;
wolfSSL 15:117db924cf7c 3972
wolfSSL 16:8e0d178b1d1e 3973 if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 16:8e0d178b1d1e 3974 #ifdef WOLFSSL_ALLOW_SERVER_SC_EXT
wolfSSL 16:8e0d178b1d1e 3975 return 0;
wolfSSL 16:8e0d178b1d1e 3976 #else
wolfSSL 15:117db924cf7c 3977 return BUFFER_ERROR; /* servers doesn't send this extension. */
wolfSSL 16:8e0d178b1d1e 3978 #endif
wolfSSL 16:8e0d178b1d1e 3979 }
wolfSSL 15:117db924cf7c 3980
wolfSSL 15:117db924cf7c 3981 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 3982 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3983
wolfSSL 15:117db924cf7c 3984 ato16(input, &offset);
wolfSSL 15:117db924cf7c 3985
wolfSSL 15:117db924cf7c 3986 /* validating curve list length */
wolfSSL 15:117db924cf7c 3987 if (length != OPAQUE16_LEN + offset)
wolfSSL 15:117db924cf7c 3988 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 3989
wolfSSL 15:117db924cf7c 3990 offset = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 3991 if (offset == length)
wolfSSL 15:117db924cf7c 3992 return 0;
wolfSSL 15:117db924cf7c 3993
wolfSSL 15:117db924cf7c 3994 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 3995 if (!isRequest) {
wolfSSL 15:117db924cf7c 3996 TLSX* extension;
wolfSSL 15:117db924cf7c 3997 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 3998
wolfSSL 15:117db924cf7c 3999 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4000 if (extension != NULL) {
wolfSSL 15:117db924cf7c 4001 /* Replace client list with server list of supported groups. */
wolfSSL 15:117db924cf7c 4002 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 4003 extension->data = NULL;
wolfSSL 15:117db924cf7c 4004 TLSX_SupportedCurve_FreeAll(curve, ssl->heap);
wolfSSL 15:117db924cf7c 4005
wolfSSL 15:117db924cf7c 4006 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 4007 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 4008
wolfSSL 15:117db924cf7c 4009 ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap);
wolfSSL 15:117db924cf7c 4010 if (ret != 0)
wolfSSL 15:117db924cf7c 4011 return ret; /* throw error */
wolfSSL 15:117db924cf7c 4012 extension->data = (void*)curve;
wolfSSL 15:117db924cf7c 4013 }
wolfSSL 15:117db924cf7c 4014 }
wolfSSL 15:117db924cf7c 4015 #endif
wolfSSL 15:117db924cf7c 4016
wolfSSL 15:117db924cf7c 4017 for (; offset < length; offset += OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 4018 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 4019
wolfSSL 15:117db924cf7c 4020 ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 15:117db924cf7c 4021 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 4022 return ret; /* throw error */
wolfSSL 15:117db924cf7c 4023 }
wolfSSL 15:117db924cf7c 4024
wolfSSL 15:117db924cf7c 4025 return 0;
wolfSSL 15:117db924cf7c 4026 }
wolfSSL 15:117db924cf7c 4027
wolfSSL 15:117db924cf7c 4028 #endif
wolfSSL 15:117db924cf7c 4029
wolfSSL 16:8e0d178b1d1e 4030 #if !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 4031
wolfSSL 16:8e0d178b1d1e 4032 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 4033
wolfSSL 15:117db924cf7c 4034 /* Checks the priority of the groups on the server and set the supported groups
wolfSSL 15:117db924cf7c 4035 * response if there is a group not advertised by the client that is preferred.
wolfSSL 15:117db924cf7c 4036 *
wolfSSL 15:117db924cf7c 4037 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 4038 * returns 0 on success, otherwise an error.
wolfSSL 15:117db924cf7c 4039 */
wolfSSL 15:117db924cf7c 4040 int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 4041 {
wolfSSL 15:117db924cf7c 4042 int ret;
wolfSSL 15:117db924cf7c 4043 TLSX* extension;
wolfSSL 15:117db924cf7c 4044 TLSX* priority = NULL;
wolfSSL 15:117db924cf7c 4045 TLSX* ext = NULL;
wolfSSL 15:117db924cf7c 4046 word16 name;
wolfSSL 15:117db924cf7c 4047 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 4048
wolfSSL 15:117db924cf7c 4049 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4050 /* May be doing PSK with no key exchange. */
wolfSSL 15:117db924cf7c 4051 if (extension == NULL)
wolfSSL 15:117db924cf7c 4052 return 0;
wolfSSL 15:117db924cf7c 4053
wolfSSL 15:117db924cf7c 4054 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 4055 return ret;
wolfSSL 15:117db924cf7c 4056
wolfSSL 15:117db924cf7c 4057 ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4058 curve = (SupportedCurve*)ext->data;
wolfSSL 15:117db924cf7c 4059 name = curve->name;
wolfSSL 15:117db924cf7c 4060
wolfSSL 15:117db924cf7c 4061 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 4062 while (curve != NULL) {
wolfSSL 15:117db924cf7c 4063 if (curve->name == name)
wolfSSL 15:117db924cf7c 4064 break;
wolfSSL 15:117db924cf7c 4065 curve = curve->next;
wolfSSL 15:117db924cf7c 4066 }
wolfSSL 15:117db924cf7c 4067
wolfSSL 15:117db924cf7c 4068 if (curve == NULL) {
wolfSSL 15:117db924cf7c 4069 /* Couldn't find the preferred group in client list. */
wolfSSL 15:117db924cf7c 4070 extension->resp = 1;
wolfSSL 15:117db924cf7c 4071
wolfSSL 15:117db924cf7c 4072 /* Send server list back and free client list. */
wolfSSL 15:117db924cf7c 4073 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 4074 extension->data = ext->data;
wolfSSL 15:117db924cf7c 4075 ext->data = curve;
wolfSSL 15:117db924cf7c 4076 }
wolfSSL 15:117db924cf7c 4077
wolfSSL 15:117db924cf7c 4078 TLSX_FreeAll(priority, ssl->heap);
wolfSSL 15:117db924cf7c 4079
wolfSSL 15:117db924cf7c 4080 return 0;
wolfSSL 15:117db924cf7c 4081 }
wolfSSL 15:117db924cf7c 4082
wolfSSL 15:117db924cf7c 4083 #endif
wolfSSL 15:117db924cf7c 4084
wolfSSL 16:8e0d178b1d1e 4085 #if defined(HAVE_FFDHE) && !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 4086 /* Set the highest priority common FFDHE group on the server as compared to
wolfSSL 16:8e0d178b1d1e 4087 * client extensions.
wolfSSL 16:8e0d178b1d1e 4088 *
wolfSSL 16:8e0d178b1d1e 4089 * ssl SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 4090 * returns 0 on success, otherwise an error.
wolfSSL 16:8e0d178b1d1e 4091 */
wolfSSL 16:8e0d178b1d1e 4092 int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 4093 {
wolfSSL 16:8e0d178b1d1e 4094 int ret = 0;
wolfSSL 16:8e0d178b1d1e 4095 TLSX* extension;
wolfSSL 16:8e0d178b1d1e 4096 TLSX* priority = NULL;
wolfSSL 16:8e0d178b1d1e 4097 TLSX* ext = NULL;
wolfSSL 16:8e0d178b1d1e 4098 SupportedCurve* serverGroup;
wolfSSL 16:8e0d178b1d1e 4099 SupportedCurve* clientGroup;
wolfSSL 16:8e0d178b1d1e 4100 SupportedCurve* group;
wolfSSL 16:8e0d178b1d1e 4101 const DhParams* params = NULL;
wolfSSL 16:8e0d178b1d1e 4102 int found = 0;
wolfSSL 16:8e0d178b1d1e 4103
wolfSSL 16:8e0d178b1d1e 4104 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 16:8e0d178b1d1e 4105 /* May be doing PSK with no key exchange. */
wolfSSL 16:8e0d178b1d1e 4106 if (extension == NULL)
wolfSSL 16:8e0d178b1d1e 4107 return 0;
wolfSSL 16:8e0d178b1d1e 4108 clientGroup = (SupportedCurve*)extension->data;
wolfSSL 16:8e0d178b1d1e 4109 for (group = clientGroup; group != NULL; group = group->next) {
wolfSSL 16:8e0d178b1d1e 4110 if (group->name >= MIN_FFHDE_GROUP && group->name <= MAX_FFHDE_GROUP) {
wolfSSL 16:8e0d178b1d1e 4111 found = 1;
wolfSSL 16:8e0d178b1d1e 4112 break;
wolfSSL 16:8e0d178b1d1e 4113 }
wolfSSL 16:8e0d178b1d1e 4114 }
wolfSSL 16:8e0d178b1d1e 4115 if (!found)
wolfSSL 16:8e0d178b1d1e 4116 return 0;
wolfSSL 16:8e0d178b1d1e 4117
wolfSSL 16:8e0d178b1d1e 4118 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
wolfSSL 16:8e0d178b1d1e 4119 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
wolfSSL 16:8e0d178b1d1e 4120 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 4121 }
wolfSSL 16:8e0d178b1d1e 4122 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
wolfSSL 16:8e0d178b1d1e 4123 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
wolfSSL 16:8e0d178b1d1e 4124 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 4125 }
wolfSSL 16:8e0d178b1d1e 4126 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 16:8e0d178b1d1e 4127 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 16:8e0d178b1d1e 4128 ssl->buffers.weOwnDH = 0;
wolfSSL 16:8e0d178b1d1e 4129 ssl->options.haveDH = 0;
wolfSSL 16:8e0d178b1d1e 4130
wolfSSL 16:8e0d178b1d1e 4131
wolfSSL 16:8e0d178b1d1e 4132 if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 4133 return ret;
wolfSSL 16:8e0d178b1d1e 4134 ret = 0;
wolfSSL 16:8e0d178b1d1e 4135
wolfSSL 16:8e0d178b1d1e 4136 ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
wolfSSL 16:8e0d178b1d1e 4137 serverGroup = (SupportedCurve*)ext->data;
wolfSSL 16:8e0d178b1d1e 4138
wolfSSL 16:8e0d178b1d1e 4139 for (; serverGroup != NULL; serverGroup = serverGroup->next) {
wolfSSL 16:8e0d178b1d1e 4140 if ((serverGroup->name & NAMED_DH_MASK) != NAMED_DH_MASK)
wolfSSL 16:8e0d178b1d1e 4141 continue;
wolfSSL 16:8e0d178b1d1e 4142
wolfSSL 16:8e0d178b1d1e 4143 for (group = clientGroup; group != NULL; group = group->next) {
wolfSSL 16:8e0d178b1d1e 4144 if (serverGroup->name != group->name)
wolfSSL 16:8e0d178b1d1e 4145 continue;
wolfSSL 16:8e0d178b1d1e 4146
wolfSSL 16:8e0d178b1d1e 4147 switch (serverGroup->name) {
wolfSSL 16:8e0d178b1d1e 4148 #ifdef HAVE_FFDHE_2048
wolfSSL 16:8e0d178b1d1e 4149 case WOLFSSL_FFDHE_2048:
wolfSSL 16:8e0d178b1d1e 4150 params = wc_Dh_ffdhe2048_Get();
wolfSSL 16:8e0d178b1d1e 4151 break;
wolfSSL 16:8e0d178b1d1e 4152 #endif
wolfSSL 16:8e0d178b1d1e 4153 #ifdef HAVE_FFDHE_3072
wolfSSL 16:8e0d178b1d1e 4154 case WOLFSSL_FFDHE_3072:
wolfSSL 16:8e0d178b1d1e 4155 params = wc_Dh_ffdhe3072_Get();
wolfSSL 16:8e0d178b1d1e 4156 break;
wolfSSL 16:8e0d178b1d1e 4157 #endif
wolfSSL 16:8e0d178b1d1e 4158 #ifdef HAVE_FFDHE_4096
wolfSSL 16:8e0d178b1d1e 4159 case WOLFSSL_FFDHE_4096:
wolfSSL 16:8e0d178b1d1e 4160 params = wc_Dh_ffdhe4096_Get();
wolfSSL 16:8e0d178b1d1e 4161 break;
wolfSSL 16:8e0d178b1d1e 4162 #endif
wolfSSL 16:8e0d178b1d1e 4163 #ifdef HAVE_FFDHE_6144
wolfSSL 16:8e0d178b1d1e 4164 case WOLFSSL_FFDHE_6144:
wolfSSL 16:8e0d178b1d1e 4165 params = wc_Dh_ffdhe6144_Get();
wolfSSL 16:8e0d178b1d1e 4166 break;
wolfSSL 16:8e0d178b1d1e 4167 #endif
wolfSSL 16:8e0d178b1d1e 4168 #ifdef HAVE_FFDHE_8192
wolfSSL 16:8e0d178b1d1e 4169 case WOLFSSL_FFDHE_8192:
wolfSSL 16:8e0d178b1d1e 4170 params = wc_Dh_ffdhe8192_Get();
wolfSSL 16:8e0d178b1d1e 4171 break;
wolfSSL 16:8e0d178b1d1e 4172 #endif
wolfSSL 16:8e0d178b1d1e 4173 }
wolfSSL 16:8e0d178b1d1e 4174 if (params == NULL)
wolfSSL 16:8e0d178b1d1e 4175 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 4176 if (params->p_len >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 4177 params->p_len <= ssl->options.maxDhKeySz) {
wolfSSL 16:8e0d178b1d1e 4178 break;
wolfSSL 16:8e0d178b1d1e 4179 }
wolfSSL 16:8e0d178b1d1e 4180 }
wolfSSL 16:8e0d178b1d1e 4181
wolfSSL 16:8e0d178b1d1e 4182 if (group != NULL && serverGroup->name == group->name)
wolfSSL 16:8e0d178b1d1e 4183 break;
wolfSSL 16:8e0d178b1d1e 4184 }
wolfSSL 16:8e0d178b1d1e 4185
wolfSSL 16:8e0d178b1d1e 4186 if (serverGroup) {
wolfSSL 16:8e0d178b1d1e 4187 ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p;
wolfSSL 16:8e0d178b1d1e 4188 ssl->buffers.serverDH_P.length = params->p_len;
wolfSSL 16:8e0d178b1d1e 4189 ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g;
wolfSSL 16:8e0d178b1d1e 4190 ssl->buffers.serverDH_G.length = params->g_len;
wolfSSL 16:8e0d178b1d1e 4191 ssl->namedGroup = serverGroup->name;
wolfSSL 16:8e0d178b1d1e 4192 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
wolfSSL 16:8e0d178b1d1e 4193 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 4194 ssl->options.dhDoKeyTest = 0;
wolfSSL 16:8e0d178b1d1e 4195 #endif
wolfSSL 16:8e0d178b1d1e 4196 ssl->options.haveDH = 1;
wolfSSL 16:8e0d178b1d1e 4197 }
wolfSSL 16:8e0d178b1d1e 4198
wolfSSL 16:8e0d178b1d1e 4199 TLSX_FreeAll(priority, ssl->heap);
wolfSSL 16:8e0d178b1d1e 4200
wolfSSL 16:8e0d178b1d1e 4201 return ret;
wolfSSL 16:8e0d178b1d1e 4202 }
wolfSSL 16:8e0d178b1d1e 4203 #endif /* HAVE_FFDHE && !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 4204
wolfSSL 16:8e0d178b1d1e 4205 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 16:8e0d178b1d1e 4206
wolfSSL 15:117db924cf7c 4207 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)
wolfSSL 15:117db924cf7c 4208 /* Return the preferred group.
wolfSSL 15:117db924cf7c 4209 *
wolfSSL 15:117db924cf7c 4210 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 4211 * checkSupported Whether to check for the first supported group.
wolfSSL 15:117db924cf7c 4212 * returns BAD_FUNC_ARG if no group found, otherwise the group.
wolfSSL 15:117db924cf7c 4213 */
wolfSSL 15:117db924cf7c 4214 int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported)
wolfSSL 15:117db924cf7c 4215 {
wolfSSL 15:117db924cf7c 4216 TLSX* extension;
wolfSSL 15:117db924cf7c 4217 SupportedCurve* curve;
wolfSSL 15:117db924cf7c 4218
wolfSSL 15:117db924cf7c 4219 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4220 if (extension == NULL)
wolfSSL 15:117db924cf7c 4221 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4222
wolfSSL 15:117db924cf7c 4223 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 4224 while (curve != NULL) {
wolfSSL 15:117db924cf7c 4225 if (!checkSupported || TLSX_KeyShare_IsSupported(curve->name))
wolfSSL 15:117db924cf7c 4226 return curve->name;
wolfSSL 15:117db924cf7c 4227 curve = curve->next;
wolfSSL 15:117db924cf7c 4228 }
wolfSSL 15:117db924cf7c 4229
wolfSSL 15:117db924cf7c 4230 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4231 }
wolfSSL 15:117db924cf7c 4232
wolfSSL 15:117db924cf7c 4233 #endif
wolfSSL 15:117db924cf7c 4234
wolfSSL 15:117db924cf7c 4235 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4236
wolfSSL 15:117db924cf7c 4237 static int TLSX_PointFormat_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 4238 byte isRequest)
wolfSSL 15:117db924cf7c 4239 {
wolfSSL 15:117db924cf7c 4240 int ret;
wolfSSL 15:117db924cf7c 4241
wolfSSL 15:117db924cf7c 4242 /* validating formats list length */
wolfSSL 16:8e0d178b1d1e 4243 if (ENUM_LEN > length || length != (word16)ENUM_LEN + input[0])
wolfSSL 15:117db924cf7c 4244 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4245
wolfSSL 15:117db924cf7c 4246 if (isRequest) {
wolfSSL 15:117db924cf7c 4247 /* adding uncompressed point format to response */
wolfSSL 15:117db924cf7c 4248 ret = TLSX_UsePointFormat(&ssl->extensions, WOLFSSL_EC_PF_UNCOMPRESSED,
wolfSSL 15:117db924cf7c 4249 ssl->heap);
wolfSSL 15:117db924cf7c 4250 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 4251 return ret; /* throw error */
wolfSSL 15:117db924cf7c 4252
wolfSSL 15:117db924cf7c 4253 TLSX_SetResponse(ssl, TLSX_EC_POINT_FORMATS);
wolfSSL 15:117db924cf7c 4254 }
wolfSSL 15:117db924cf7c 4255
wolfSSL 15:117db924cf7c 4256 return 0;
wolfSSL 15:117db924cf7c 4257 }
wolfSSL 15:117db924cf7c 4258
wolfSSL 16:8e0d178b1d1e 4259 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
wolfSSL 15:117db924cf7c 4260 int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL 16:8e0d178b1d1e 4261 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 4262 SupportedCurve* curve = NULL;
wolfSSL 16:8e0d178b1d1e 4263 word32 oid = 0;
wolfSSL 16:8e0d178b1d1e 4264 word32 pkOid = 0;
wolfSSL 16:8e0d178b1d1e 4265 word32 defOid = 0;
wolfSSL 16:8e0d178b1d1e 4266 word32 defSz = 80; /* Maximum known curve size is 66. */
wolfSSL 16:8e0d178b1d1e 4267 word32 nextOid = 0;
wolfSSL 16:8e0d178b1d1e 4268 word32 nextSz = 80; /* Maximum known curve size is 66. */
wolfSSL 16:8e0d178b1d1e 4269 word32 currOid = ssl->ecdhCurveOID;
wolfSSL 16:8e0d178b1d1e 4270 int ephmSuite = 0;
wolfSSL 16:8e0d178b1d1e 4271 word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
wolfSSL 16:8e0d178b1d1e 4272 int sig = 0; /* validate signature */
wolfSSL 16:8e0d178b1d1e 4273 int key = 0; /* validate key */
wolfSSL 15:117db924cf7c 4274
wolfSSL 15:117db924cf7c 4275 (void)oid;
wolfSSL 15:117db924cf7c 4276
wolfSSL 16:8e0d178b1d1e 4277 if (first == ECC_BYTE || first == CHACHA_BYTE)
wolfSSL 16:8e0d178b1d1e 4278 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4279 if (!extension)
wolfSSL 15:117db924cf7c 4280 return 1; /* no suite restriction */
wolfSSL 15:117db924cf7c 4281
wolfSSL 15:117db924cf7c 4282 for (curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 4283 curve && !(sig && key);
wolfSSL 15:117db924cf7c 4284 curve = curve->next) {
wolfSSL 15:117db924cf7c 4285
wolfSSL 15:117db924cf7c 4286 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 4287 /* skip if name is not in supported ECC range */
wolfSSL 16:8e0d178b1d1e 4288 if (curve->name > WOLFSSL_ECC_X448)
wolfSSL 16:8e0d178b1d1e 4289 continue;
wolfSSL 16:8e0d178b1d1e 4290 /* skip if curve is disabled by user */
wolfSSL 15:117db924cf7c 4291 if (ssl->ctx->disabledCurves & (1 << curve->name))
wolfSSL 15:117db924cf7c 4292 continue;
wolfSSL 15:117db924cf7c 4293 #endif
wolfSSL 15:117db924cf7c 4294
wolfSSL 15:117db924cf7c 4295 /* find supported curve */
wolfSSL 15:117db924cf7c 4296 switch (curve->name) {
wolfSSL 15:117db924cf7c 4297 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4298 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4299 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4300 case WOLFSSL_ECC_SECP160R1:
wolfSSL 15:117db924cf7c 4301 pkOid = oid = ECC_SECP160R1_OID;
wolfSSL 15:117db924cf7c 4302 octets = 20;
wolfSSL 15:117db924cf7c 4303 break;
wolfSSL 15:117db924cf7c 4304 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4305 #ifdef HAVE_ECC_SECPR2
wolfSSL 15:117db924cf7c 4306 case WOLFSSL_ECC_SECP160R2:
wolfSSL 15:117db924cf7c 4307 pkOid = oid = ECC_SECP160R2_OID;
wolfSSL 15:117db924cf7c 4308 octets = 20;
wolfSSL 15:117db924cf7c 4309 break;
wolfSSL 15:117db924cf7c 4310 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 15:117db924cf7c 4311 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 4312 case WOLFSSL_ECC_SECP160K1:
wolfSSL 15:117db924cf7c 4313 pkOid = oid = ECC_SECP160K1_OID;
wolfSSL 15:117db924cf7c 4314 octets = 20;
wolfSSL 15:117db924cf7c 4315 break;
wolfSSL 15:117db924cf7c 4316 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 4317 #endif
wolfSSL 15:117db924cf7c 4318 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4319 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4320 case WOLFSSL_ECC_SECP192R1:
wolfSSL 15:117db924cf7c 4321 pkOid = oid = ECC_SECP192R1_OID;
wolfSSL 15:117db924cf7c 4322 octets = 24;
wolfSSL 15:117db924cf7c 4323 break;
wolfSSL 15:117db924cf7c 4324 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4325 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 4326 case WOLFSSL_ECC_SECP192K1:
wolfSSL 15:117db924cf7c 4327 pkOid = oid = ECC_SECP192K1_OID;
wolfSSL 15:117db924cf7c 4328 octets = 24;
wolfSSL 15:117db924cf7c 4329 break;
wolfSSL 15:117db924cf7c 4330 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 4331 #endif
wolfSSL 15:117db924cf7c 4332 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4333 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4334 case WOLFSSL_ECC_SECP224R1:
wolfSSL 15:117db924cf7c 4335 pkOid = oid = ECC_SECP224R1_OID;
wolfSSL 15:117db924cf7c 4336 octets = 28;
wolfSSL 15:117db924cf7c 4337 break;
wolfSSL 15:117db924cf7c 4338 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4339 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 4340 case WOLFSSL_ECC_SECP224K1:
wolfSSL 15:117db924cf7c 4341 pkOid = oid = ECC_SECP224K1_OID;
wolfSSL 15:117db924cf7c 4342 octets = 28;
wolfSSL 15:117db924cf7c 4343 break;
wolfSSL 15:117db924cf7c 4344 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 4345 #endif
wolfSSL 15:117db924cf7c 4346 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4347 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4348 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 4349 pkOid = oid = ECC_SECP256R1_OID;
wolfSSL 15:117db924cf7c 4350 octets = 32;
wolfSSL 15:117db924cf7c 4351 break;
wolfSSL 15:117db924cf7c 4352 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4353 #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
wolfSSL 15:117db924cf7c 4354 #endif
wolfSSL 15:117db924cf7c 4355 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 4356 case WOLFSSL_ECC_X25519:
wolfSSL 15:117db924cf7c 4357 oid = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 4358 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 4359 pkOid = ECC_ED25519_OID;
wolfSSL 15:117db924cf7c 4360 #else
wolfSSL 15:117db924cf7c 4361 pkOid = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 4362 #endif
wolfSSL 15:117db924cf7c 4363 octets = 32;
wolfSSL 15:117db924cf7c 4364 break;
wolfSSL 15:117db924cf7c 4365 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 4366 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4367 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4368 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 4369 case WOLFSSL_ECC_SECP256K1:
wolfSSL 15:117db924cf7c 4370 pkOid = oid = ECC_SECP256K1_OID;
wolfSSL 15:117db924cf7c 4371 octets = 32;
wolfSSL 15:117db924cf7c 4372 break;
wolfSSL 15:117db924cf7c 4373 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 15:117db924cf7c 4374 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 4375 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 15:117db924cf7c 4376 pkOid = oid = ECC_BRAINPOOLP256R1_OID;
wolfSSL 15:117db924cf7c 4377 octets = 32;
wolfSSL 15:117db924cf7c 4378 break;
wolfSSL 15:117db924cf7c 4379 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 4380 #endif
wolfSSL 16:8e0d178b1d1e 4381 #endif
wolfSSL 16:8e0d178b1d1e 4382 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 4383 case WOLFSSL_ECC_X448:
wolfSSL 16:8e0d178b1d1e 4384 oid = ECC_X448_OID;
wolfSSL 16:8e0d178b1d1e 4385 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 4386 pkOid = ECC_ED448_OID;
wolfSSL 16:8e0d178b1d1e 4387 #else
wolfSSL 16:8e0d178b1d1e 4388 pkOid = ECC_X448_OID;
wolfSSL 16:8e0d178b1d1e 4389 #endif
wolfSSL 16:8e0d178b1d1e 4390 octets = 57;
wolfSSL 16:8e0d178b1d1e 4391 break;
wolfSSL 16:8e0d178b1d1e 4392 #endif /* HAVE_CURVE448 */
wolfSSL 16:8e0d178b1d1e 4393 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4394 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4395 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4396 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 4397 pkOid = oid = ECC_SECP384R1_OID;
wolfSSL 15:117db924cf7c 4398 octets = 48;
wolfSSL 15:117db924cf7c 4399 break;
wolfSSL 15:117db924cf7c 4400 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4401 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 4402 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 15:117db924cf7c 4403 pkOid = oid = ECC_BRAINPOOLP384R1_OID;
wolfSSL 15:117db924cf7c 4404 octets = 48;
wolfSSL 15:117db924cf7c 4405 break;
wolfSSL 15:117db924cf7c 4406 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 4407 #endif
wolfSSL 15:117db924cf7c 4408 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4409 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 15:117db924cf7c 4410 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 15:117db924cf7c 4411 pkOid = oid = ECC_BRAINPOOLP512R1_OID;
wolfSSL 15:117db924cf7c 4412 octets = 64;
wolfSSL 15:117db924cf7c 4413 break;
wolfSSL 15:117db924cf7c 4414 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 15:117db924cf7c 4415 #endif
wolfSSL 15:117db924cf7c 4416 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 4417 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 4418 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 4419 pkOid = oid = ECC_SECP521R1_OID;
wolfSSL 15:117db924cf7c 4420 octets = 66;
wolfSSL 15:117db924cf7c 4421 break;
wolfSSL 15:117db924cf7c 4422 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 4423 #endif
wolfSSL 15:117db924cf7c 4424 #endif
wolfSSL 15:117db924cf7c 4425 default: continue; /* unsupported curve */
wolfSSL 15:117db924cf7c 4426 }
wolfSSL 15:117db924cf7c 4427
wolfSSL 15:117db924cf7c 4428 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4429 /* Set default Oid */
wolfSSL 15:117db924cf7c 4430 if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) {
wolfSSL 15:117db924cf7c 4431 defOid = oid;
wolfSSL 15:117db924cf7c 4432 defSz = octets;
wolfSSL 15:117db924cf7c 4433 }
wolfSSL 15:117db924cf7c 4434
wolfSSL 16:8e0d178b1d1e 4435 /* The eccTempKeySz is the preferred ephemeral key size */
wolfSSL 15:117db924cf7c 4436 if (currOid == 0 && ssl->eccTempKeySz == octets)
wolfSSL 15:117db924cf7c 4437 currOid = oid;
wolfSSL 15:117db924cf7c 4438 if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) {
wolfSSL 15:117db924cf7c 4439 nextOid = oid;
wolfSSL 15:117db924cf7c 4440 nextSz = octets;
wolfSSL 15:117db924cf7c 4441 }
wolfSSL 15:117db924cf7c 4442 #else
wolfSSL 15:117db924cf7c 4443 if (defOid == 0 && defSz > octets) {
wolfSSL 15:117db924cf7c 4444 defOid = oid;
wolfSSL 15:117db924cf7c 4445 defSz = octets;
wolfSSL 15:117db924cf7c 4446 }
wolfSSL 15:117db924cf7c 4447
wolfSSL 15:117db924cf7c 4448 if (currOid == 0)
wolfSSL 15:117db924cf7c 4449 currOid = oid;
wolfSSL 15:117db924cf7c 4450 if (nextOid == 0 || nextSz > octets) {
wolfSSL 15:117db924cf7c 4451 nextOid = oid;
wolfSSL 15:117db924cf7c 4452 nextSz = octets;
wolfSSL 15:117db924cf7c 4453 }
wolfSSL 15:117db924cf7c 4454 #endif
wolfSSL 15:117db924cf7c 4455
wolfSSL 15:117db924cf7c 4456 if (first == ECC_BYTE) {
wolfSSL 15:117db924cf7c 4457 switch (second) {
wolfSSL 15:117db924cf7c 4458 /* ECDHE_ECDSA */
wolfSSL 15:117db924cf7c 4459 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4460 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4461 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4462 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4463 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4464 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4465 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4466 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4467 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 15:117db924cf7c 4468 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL 15:117db924cf7c 4469 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4470 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4471 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4472 break;
wolfSSL 15:117db924cf7c 4473
wolfSSL 15:117db924cf7c 4474 #ifdef WOLFSSL_STATIC_DH
wolfSSL 15:117db924cf7c 4475 /* ECDH_ECDSA */
wolfSSL 15:117db924cf7c 4476 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4477 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4478 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4479 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4480 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4481 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4482 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4483 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4484 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4485 defOid = 0;
wolfSSL 15:117db924cf7c 4486 defSz = 80;
wolfSSL 15:117db924cf7c 4487 }
wolfSSL 16:8e0d178b1d1e 4488 if (oid == ECC_X448_OID && defOid == oid) {
wolfSSL 16:8e0d178b1d1e 4489 defOid = 0;
wolfSSL 16:8e0d178b1d1e 4490 defSz = 80;
wolfSSL 16:8e0d178b1d1e 4491 }
wolfSSL 15:117db924cf7c 4492 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4493 key |= ssl->pkCurveOID == oid;
wolfSSL 15:117db924cf7c 4494 break;
wolfSSL 15:117db924cf7c 4495 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 15:117db924cf7c 4496 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 4497 /* ECDHE_RSA */
wolfSSL 15:117db924cf7c 4498 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4499 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4500 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4501 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4502 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4503 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4504 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4505 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4506 sig = 1;
wolfSSL 15:117db924cf7c 4507 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4508 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4509 break;
wolfSSL 15:117db924cf7c 4510
wolfSSL 15:117db924cf7c 4511 #ifdef WOLFSSL_STATIC_DH
wolfSSL 15:117db924cf7c 4512 /* ECDH_RSA */
wolfSSL 15:117db924cf7c 4513 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 15:117db924cf7c 4514 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 15:117db924cf7c 4515 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL 15:117db924cf7c 4516 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 15:117db924cf7c 4517 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 15:117db924cf7c 4518 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 15:117db924cf7c 4519 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 15:117db924cf7c 4520 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 15:117db924cf7c 4521 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4522 defOid = 0;
wolfSSL 15:117db924cf7c 4523 defSz = 80;
wolfSSL 15:117db924cf7c 4524 }
wolfSSL 16:8e0d178b1d1e 4525 if (oid == ECC_X448_OID && defOid == oid) {
wolfSSL 16:8e0d178b1d1e 4526 defOid = 0;
wolfSSL 16:8e0d178b1d1e 4527 defSz = 80;
wolfSSL 16:8e0d178b1d1e 4528 }
wolfSSL 15:117db924cf7c 4529 sig = 1;
wolfSSL 15:117db924cf7c 4530 key |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4531 break;
wolfSSL 15:117db924cf7c 4532 #endif /* WOLFSSL_STATIC_DH */
wolfSSL 15:117db924cf7c 4533 #endif
wolfSSL 15:117db924cf7c 4534 default:
wolfSSL 15:117db924cf7c 4535 if (oid == ECC_X25519_OID && defOid == oid) {
wolfSSL 15:117db924cf7c 4536 defOid = 0;
wolfSSL 15:117db924cf7c 4537 defSz = 80;
wolfSSL 15:117db924cf7c 4538 }
wolfSSL 16:8e0d178b1d1e 4539 if (oid == ECC_X448_OID && defOid == oid) {
wolfSSL 16:8e0d178b1d1e 4540 defOid = 0;
wolfSSL 16:8e0d178b1d1e 4541 defSz = 80;
wolfSSL 16:8e0d178b1d1e 4542 }
wolfSSL 16:8e0d178b1d1e 4543 if (oid != ECC_X25519_OID && oid != ECC_X448_OID) {
wolfSSL 15:117db924cf7c 4544 sig = 1;
wolfSSL 16:8e0d178b1d1e 4545 }
wolfSSL 15:117db924cf7c 4546 key = 1;
wolfSSL 15:117db924cf7c 4547 break;
wolfSSL 15:117db924cf7c 4548 }
wolfSSL 15:117db924cf7c 4549 }
wolfSSL 15:117db924cf7c 4550
wolfSSL 15:117db924cf7c 4551 /* ChaCha20-Poly1305 ECC cipher suites */
wolfSSL 15:117db924cf7c 4552 if (first == CHACHA_BYTE) {
wolfSSL 15:117db924cf7c 4553 switch (second) {
wolfSSL 15:117db924cf7c 4554 /* ECDHE_ECDSA */
wolfSSL 15:117db924cf7c 4555 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4556 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4557 sig |= ssl->pkCurveOID == pkOid;
wolfSSL 15:117db924cf7c 4558 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4559 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4560 break;
wolfSSL 15:117db924cf7c 4561 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 4562 /* ECDHE_RSA */
wolfSSL 15:117db924cf7c 4563 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4564 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 15:117db924cf7c 4565 sig = 1;
wolfSSL 15:117db924cf7c 4566 key |= ssl->ecdhCurveOID == oid;
wolfSSL 15:117db924cf7c 4567 ephmSuite = 1;
wolfSSL 15:117db924cf7c 4568 break;
wolfSSL 15:117db924cf7c 4569 #endif
wolfSSL 15:117db924cf7c 4570 default:
wolfSSL 15:117db924cf7c 4571 sig = 1;
wolfSSL 15:117db924cf7c 4572 key = 1;
wolfSSL 15:117db924cf7c 4573 break;
wolfSSL 15:117db924cf7c 4574 }
wolfSSL 15:117db924cf7c 4575 }
wolfSSL 15:117db924cf7c 4576 }
wolfSSL 15:117db924cf7c 4577
wolfSSL 15:117db924cf7c 4578 /* Choose the default if it is at the required strength. */
wolfSSL 15:117db924cf7c 4579 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4580 if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz)
wolfSSL 15:117db924cf7c 4581 #else
wolfSSL 15:117db924cf7c 4582 if (ssl->ecdhCurveOID == 0)
wolfSSL 15:117db924cf7c 4583 #endif
wolfSSL 15:117db924cf7c 4584 {
wolfSSL 15:117db924cf7c 4585 key = 1;
wolfSSL 15:117db924cf7c 4586 ssl->ecdhCurveOID = defOid;
wolfSSL 15:117db924cf7c 4587 }
wolfSSL 15:117db924cf7c 4588 /* Choose any curve at the required strength. */
wolfSSL 15:117db924cf7c 4589 if (ssl->ecdhCurveOID == 0) {
wolfSSL 15:117db924cf7c 4590 key = 1;
wolfSSL 15:117db924cf7c 4591 ssl->ecdhCurveOID = currOid;
wolfSSL 15:117db924cf7c 4592 }
wolfSSL 15:117db924cf7c 4593 /* Choose the default if it is at the next highest strength. */
wolfSSL 15:117db924cf7c 4594 if (ssl->ecdhCurveOID == 0 && defSz == nextSz)
wolfSSL 15:117db924cf7c 4595 ssl->ecdhCurveOID = defOid;
wolfSSL 15:117db924cf7c 4596 /* Choose any curve at the next highest strength. */
wolfSSL 15:117db924cf7c 4597 if (ssl->ecdhCurveOID == 0)
wolfSSL 15:117db924cf7c 4598 ssl->ecdhCurveOID = nextOid;
wolfSSL 15:117db924cf7c 4599 /* No curve and ephemeral ECC suite requires a matching curve. */
wolfSSL 15:117db924cf7c 4600 if (ssl->ecdhCurveOID == 0 && ephmSuite)
wolfSSL 15:117db924cf7c 4601 key = 0;
wolfSSL 15:117db924cf7c 4602
wolfSSL 15:117db924cf7c 4603 return sig && key;
wolfSSL 15:117db924cf7c 4604 }
wolfSSL 15:117db924cf7c 4605 #endif
wolfSSL 15:117db924cf7c 4606
wolfSSL 15:117db924cf7c 4607 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 4608
wolfSSL 15:117db924cf7c 4609 int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
wolfSSL 15:117db924cf7c 4610 {
wolfSSL 15:117db924cf7c 4611 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 4612 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 4613 int ret;
wolfSSL 15:117db924cf7c 4614
wolfSSL 15:117db924cf7c 4615 if (extensions == NULL)
wolfSSL 15:117db924cf7c 4616 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4617
wolfSSL 15:117db924cf7c 4618 extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 4619
wolfSSL 15:117db924cf7c 4620 if (!extension) {
wolfSSL 15:117db924cf7c 4621 ret = TLSX_SupportedCurve_New(&curve, name, heap);
wolfSSL 15:117db924cf7c 4622 if (ret != 0)
wolfSSL 15:117db924cf7c 4623 return ret;
wolfSSL 15:117db924cf7c 4624
wolfSSL 15:117db924cf7c 4625 ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap);
wolfSSL 15:117db924cf7c 4626 if (ret != 0) {
wolfSSL 15:117db924cf7c 4627 XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4628 return ret;
wolfSSL 15:117db924cf7c 4629 }
wolfSSL 15:117db924cf7c 4630 }
wolfSSL 15:117db924cf7c 4631 else {
wolfSSL 15:117db924cf7c 4632 ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, name,
wolfSSL 15:117db924cf7c 4633 heap);
wolfSSL 15:117db924cf7c 4634 if (ret != 0)
wolfSSL 15:117db924cf7c 4635 return ret;
wolfSSL 15:117db924cf7c 4636 }
wolfSSL 15:117db924cf7c 4637
wolfSSL 15:117db924cf7c 4638 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4639 }
wolfSSL 15:117db924cf7c 4640
wolfSSL 15:117db924cf7c 4641 int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap)
wolfSSL 15:117db924cf7c 4642 {
wolfSSL 15:117db924cf7c 4643 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 4644 PointFormat* point = NULL;
wolfSSL 15:117db924cf7c 4645 int ret = 0;
wolfSSL 15:117db924cf7c 4646
wolfSSL 15:117db924cf7c 4647 if (extensions == NULL)
wolfSSL 15:117db924cf7c 4648 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4649
wolfSSL 15:117db924cf7c 4650 extension = TLSX_Find(*extensions, TLSX_EC_POINT_FORMATS);
wolfSSL 15:117db924cf7c 4651
wolfSSL 15:117db924cf7c 4652 if (!extension) {
wolfSSL 15:117db924cf7c 4653 ret = TLSX_PointFormat_New(&point, format, heap);
wolfSSL 15:117db924cf7c 4654 if (ret != 0)
wolfSSL 15:117db924cf7c 4655 return ret;
wolfSSL 15:117db924cf7c 4656
wolfSSL 15:117db924cf7c 4657 ret = TLSX_Push(extensions, TLSX_EC_POINT_FORMATS, point, heap);
wolfSSL 15:117db924cf7c 4658 if (ret != 0) {
wolfSSL 15:117db924cf7c 4659 XFREE(point, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4660 return ret;
wolfSSL 15:117db924cf7c 4661 }
wolfSSL 15:117db924cf7c 4662 }
wolfSSL 15:117db924cf7c 4663 else {
wolfSSL 15:117db924cf7c 4664 ret = TLSX_PointFormat_Append((PointFormat*)extension->data, format,
wolfSSL 15:117db924cf7c 4665 heap);
wolfSSL 15:117db924cf7c 4666 if (ret != 0)
wolfSSL 15:117db924cf7c 4667 return ret;
wolfSSL 15:117db924cf7c 4668 }
wolfSSL 15:117db924cf7c 4669
wolfSSL 15:117db924cf7c 4670 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4671 }
wolfSSL 15:117db924cf7c 4672
wolfSSL 15:117db924cf7c 4673 #define EC_FREE_ALL TLSX_SupportedCurve_FreeAll
wolfSSL 15:117db924cf7c 4674 #define EC_VALIDATE_REQUEST TLSX_SupportedCurve_ValidateRequest
wolfSSL 15:117db924cf7c 4675
wolfSSL 15:117db924cf7c 4676 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4677 #define EC_GET_SIZE TLSX_SupportedCurve_GetSize
wolfSSL 15:117db924cf7c 4678 #define EC_WRITE TLSX_SupportedCurve_Write
wolfSSL 15:117db924cf7c 4679 #else
wolfSSL 15:117db924cf7c 4680 #define EC_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4681 #define EC_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4682 #endif
wolfSSL 15:117db924cf7c 4683
wolfSSL 15:117db924cf7c 4684 #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 4685 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT))
wolfSSL 15:117db924cf7c 4686 #define EC_PARSE TLSX_SupportedCurve_Parse
wolfSSL 15:117db924cf7c 4687 #else
wolfSSL 15:117db924cf7c 4688 #define EC_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4689 #endif
wolfSSL 15:117db924cf7c 4690
wolfSSL 15:117db924cf7c 4691 #define PF_FREE_ALL TLSX_PointFormat_FreeAll
wolfSSL 15:117db924cf7c 4692 #define PF_VALIDATE_REQUEST TLSX_PointFormat_ValidateRequest
wolfSSL 15:117db924cf7c 4693 #define PF_VALIDATE_RESPONSE TLSX_PointFormat_ValidateResponse
wolfSSL 15:117db924cf7c 4694
wolfSSL 15:117db924cf7c 4695 #define PF_GET_SIZE TLSX_PointFormat_GetSize
wolfSSL 15:117db924cf7c 4696 #define PF_WRITE TLSX_PointFormat_Write
wolfSSL 15:117db924cf7c 4697
wolfSSL 15:117db924cf7c 4698 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4699 #define PF_PARSE TLSX_PointFormat_Parse
wolfSSL 15:117db924cf7c 4700 #else
wolfSSL 15:117db924cf7c 4701 #define PF_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4702 #endif
wolfSSL 15:117db924cf7c 4703
wolfSSL 15:117db924cf7c 4704 #else
wolfSSL 15:117db924cf7c 4705
wolfSSL 15:117db924cf7c 4706 #define EC_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 4707 #define EC_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4708 #define EC_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4709 #define EC_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4710 #define EC_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 4711
wolfSSL 15:117db924cf7c 4712 #define PF_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 4713 #define PF_GET_SIZE(list) 0
wolfSSL 15:117db924cf7c 4714 #define PF_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 4715 #define PF_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4716 #define PF_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 4717 #define PF_VALIDATE_RESPONSE(a, b)
wolfSSL 15:117db924cf7c 4718
wolfSSL 15:117db924cf7c 4719 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 4720
wolfSSL 15:117db924cf7c 4721 /******************************************************************************/
wolfSSL 15:117db924cf7c 4722 /* Renegotiation Indication */
wolfSSL 15:117db924cf7c 4723 /******************************************************************************/
wolfSSL 15:117db924cf7c 4724
wolfSSL 15:117db924cf7c 4725 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 15:117db924cf7c 4726 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 15:117db924cf7c 4727
wolfSSL 15:117db924cf7c 4728 static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL 15:117db924cf7c 4729 int isRequest)
wolfSSL 15:117db924cf7c 4730 {
wolfSSL 15:117db924cf7c 4731 byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL 15:117db924cf7c 4732
wolfSSL 15:117db924cf7c 4733 /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */
wolfSSL 16:8e0d178b1d1e 4734 if (data && data->enabled && data->verifySet) {
wolfSSL 15:117db924cf7c 4735 /* client sends client_verify_data only */
wolfSSL 15:117db924cf7c 4736 length += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4737
wolfSSL 15:117db924cf7c 4738 /* server also sends server_verify_data */
wolfSSL 15:117db924cf7c 4739 if (!isRequest)
wolfSSL 15:117db924cf7c 4740 length += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4741 }
wolfSSL 15:117db924cf7c 4742
wolfSSL 15:117db924cf7c 4743 return length;
wolfSSL 15:117db924cf7c 4744 }
wolfSSL 15:117db924cf7c 4745
wolfSSL 15:117db924cf7c 4746 static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL 15:117db924cf7c 4747 byte* output, int isRequest)
wolfSSL 15:117db924cf7c 4748 {
wolfSSL 15:117db924cf7c 4749 word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL 16:8e0d178b1d1e 4750 if (data && data->enabled && data->verifySet) {
wolfSSL 15:117db924cf7c 4751 /* client sends client_verify_data only */
wolfSSL 15:117db924cf7c 4752 XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL 15:117db924cf7c 4753 offset += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4754
wolfSSL 15:117db924cf7c 4755 /* server also sends server_verify_data */
wolfSSL 15:117db924cf7c 4756 if (!isRequest) {
wolfSSL 15:117db924cf7c 4757 XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL 15:117db924cf7c 4758 offset += TLS_FINISHED_SZ;
wolfSSL 15:117db924cf7c 4759 }
wolfSSL 15:117db924cf7c 4760 }
wolfSSL 15:117db924cf7c 4761
wolfSSL 15:117db924cf7c 4762 output[0] = (byte)(offset - 1); /* info length - self */
wolfSSL 15:117db924cf7c 4763
wolfSSL 15:117db924cf7c 4764 return offset;
wolfSSL 15:117db924cf7c 4765 }
wolfSSL 15:117db924cf7c 4766
wolfSSL 15:117db924cf7c 4767 static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 4768 word16 length, byte isRequest)
wolfSSL 15:117db924cf7c 4769 {
wolfSSL 15:117db924cf7c 4770 int ret = SECURE_RENEGOTIATION_E;
wolfSSL 15:117db924cf7c 4771
wolfSSL 15:117db924cf7c 4772 if (length >= OPAQUE8_LEN) {
wolfSSL 16:8e0d178b1d1e 4773 if (isRequest) {
wolfSSL 15:117db924cf7c 4774 #ifndef NO_WOLFSSL_SERVER
wolfSSL 16:8e0d178b1d1e 4775 if (ssl->secure_renegotiation == NULL) {
wolfSSL 16:8e0d178b1d1e 4776 ret = wolfSSL_UseSecureRenegotiation(ssl);
wolfSSL 16:8e0d178b1d1e 4777 if (ret == WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 4778 ret = 0;
wolfSSL 16:8e0d178b1d1e 4779 }
wolfSSL 16:8e0d178b1d1e 4780 if (ret != 0 && ret != SECURE_RENEGOTIATION_E) {
wolfSSL 16:8e0d178b1d1e 4781 }
wolfSSL 16:8e0d178b1d1e 4782 else if (!ssl->secure_renegotiation->enabled) {
wolfSSL 16:8e0d178b1d1e 4783 if (*input == 0) {
wolfSSL 16:8e0d178b1d1e 4784 input++; /* get past size */
wolfSSL 16:8e0d178b1d1e 4785
wolfSSL 16:8e0d178b1d1e 4786 ssl->secure_renegotiation->enabled = 1;
wolfSSL 16:8e0d178b1d1e 4787 TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO);
wolfSSL 16:8e0d178b1d1e 4788 ret = 0;
wolfSSL 16:8e0d178b1d1e 4789 }
wolfSSL 16:8e0d178b1d1e 4790 else {
wolfSSL 16:8e0d178b1d1e 4791 /* already in error state */
wolfSSL 16:8e0d178b1d1e 4792 WOLFSSL_MSG("SCR client verify data present");
wolfSSL 16:8e0d178b1d1e 4793 }
wolfSSL 16:8e0d178b1d1e 4794 }
wolfSSL 16:8e0d178b1d1e 4795 else if (*input == TLS_FINISHED_SZ) {
wolfSSL 16:8e0d178b1d1e 4796 if (length < TLS_FINISHED_SZ + 1) {
wolfSSL 16:8e0d178b1d1e 4797 WOLFSSL_MSG("SCR malformed buffer");
wolfSSL 16:8e0d178b1d1e 4798 ret = BUFFER_E;
wolfSSL 16:8e0d178b1d1e 4799 }
wolfSSL 16:8e0d178b1d1e 4800 else {
wolfSSL 16:8e0d178b1d1e 4801 input++; /* get past size */
wolfSSL 16:8e0d178b1d1e 4802
wolfSSL 16:8e0d178b1d1e 4803 /* validate client verify data */
wolfSSL 16:8e0d178b1d1e 4804 if (XMEMCMP(input,
wolfSSL 16:8e0d178b1d1e 4805 ssl->secure_renegotiation->client_verify_data,
wolfSSL 16:8e0d178b1d1e 4806 TLS_FINISHED_SZ) == 0) {
wolfSSL 16:8e0d178b1d1e 4807 WOLFSSL_MSG("SCR client verify data match");
wolfSSL 16:8e0d178b1d1e 4808 TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO);
wolfSSL 16:8e0d178b1d1e 4809 ret = 0; /* verified */
wolfSSL 15:117db924cf7c 4810 } else {
wolfSSL 16:8e0d178b1d1e 4811 /* already in error state */
wolfSSL 16:8e0d178b1d1e 4812 WOLFSSL_MSG("SCR client verify data Failure");
wolfSSL 15:117db924cf7c 4813 }
wolfSSL 15:117db924cf7c 4814 }
wolfSSL 15:117db924cf7c 4815 }
wolfSSL 15:117db924cf7c 4816 #endif
wolfSSL 15:117db924cf7c 4817 }
wolfSSL 15:117db924cf7c 4818 else {
wolfSSL 15:117db924cf7c 4819 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4820 if (!ssl->secure_renegotiation->enabled) {
wolfSSL 15:117db924cf7c 4821 if (*input == 0) {
wolfSSL 15:117db924cf7c 4822 ssl->secure_renegotiation->enabled = 1;
wolfSSL 15:117db924cf7c 4823 ret = 0;
wolfSSL 15:117db924cf7c 4824 }
wolfSSL 15:117db924cf7c 4825 }
wolfSSL 15:117db924cf7c 4826 else if (*input == 2 * TLS_FINISHED_SZ &&
wolfSSL 15:117db924cf7c 4827 length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 4828 input++; /* get past size */
wolfSSL 15:117db924cf7c 4829
wolfSSL 15:117db924cf7c 4830 /* validate client and server verify data */
wolfSSL 15:117db924cf7c 4831 if (XMEMCMP(input,
wolfSSL 15:117db924cf7c 4832 ssl->secure_renegotiation->client_verify_data,
wolfSSL 15:117db924cf7c 4833 TLS_FINISHED_SZ) == 0 &&
wolfSSL 15:117db924cf7c 4834 XMEMCMP(input + TLS_FINISHED_SZ,
wolfSSL 15:117db924cf7c 4835 ssl->secure_renegotiation->server_verify_data,
wolfSSL 15:117db924cf7c 4836 TLS_FINISHED_SZ) == 0) {
wolfSSL 15:117db924cf7c 4837 WOLFSSL_MSG("SCR client and server verify data match");
wolfSSL 15:117db924cf7c 4838 ret = 0; /* verified */
wolfSSL 15:117db924cf7c 4839 } else {
wolfSSL 15:117db924cf7c 4840 /* already in error state */
wolfSSL 15:117db924cf7c 4841 WOLFSSL_MSG("SCR client and server verify data Failure");
wolfSSL 15:117db924cf7c 4842 }
wolfSSL 15:117db924cf7c 4843 }
wolfSSL 15:117db924cf7c 4844 #endif
wolfSSL 15:117db924cf7c 4845 }
wolfSSL 15:117db924cf7c 4846 }
wolfSSL 15:117db924cf7c 4847
wolfSSL 15:117db924cf7c 4848 if (ret != 0) {
wolfSSL 15:117db924cf7c 4849 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 15:117db924cf7c 4850 }
wolfSSL 15:117db924cf7c 4851
wolfSSL 15:117db924cf7c 4852 return ret;
wolfSSL 15:117db924cf7c 4853 }
wolfSSL 15:117db924cf7c 4854
wolfSSL 15:117db924cf7c 4855 int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 4856 {
wolfSSL 15:117db924cf7c 4857 int ret = 0;
wolfSSL 16:8e0d178b1d1e 4858 SecureRenegotiation* data;
wolfSSL 15:117db924cf7c 4859
wolfSSL 15:117db924cf7c 4860 data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
wolfSSL 15:117db924cf7c 4861 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4862 if (data == NULL)
wolfSSL 15:117db924cf7c 4863 return MEMORY_E;
wolfSSL 15:117db924cf7c 4864
wolfSSL 15:117db924cf7c 4865 XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL 15:117db924cf7c 4866
wolfSSL 15:117db924cf7c 4867 ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap);
wolfSSL 15:117db924cf7c 4868 if (ret != 0) {
wolfSSL 15:117db924cf7c 4869 XFREE(data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 4870 return ret;
wolfSSL 15:117db924cf7c 4871 }
wolfSSL 15:117db924cf7c 4872
wolfSSL 15:117db924cf7c 4873 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4874 }
wolfSSL 15:117db924cf7c 4875
wolfSSL 15:117db924cf7c 4876 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 15:117db924cf7c 4877
wolfSSL 15:117db924cf7c 4878 int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 4879 {
wolfSSL 15:117db924cf7c 4880 int ret;
wolfSSL 15:117db924cf7c 4881
wolfSSL 15:117db924cf7c 4882 /* send empty renegotiation_info extension */
wolfSSL 15:117db924cf7c 4883 TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 16:8e0d178b1d1e 4884 if (ext == NULL) {
wolfSSL 16:8e0d178b1d1e 4885 ret = TLSX_UseSecureRenegotiation(extensions, heap);
wolfSSL 16:8e0d178b1d1e 4886 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 4887 return ret;
wolfSSL 16:8e0d178b1d1e 4888
wolfSSL 16:8e0d178b1d1e 4889 ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 16:8e0d178b1d1e 4890 }
wolfSSL 15:117db924cf7c 4891 if (ext)
wolfSSL 15:117db924cf7c 4892 ext->resp = 1;
wolfSSL 15:117db924cf7c 4893
wolfSSL 15:117db924cf7c 4894 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4895 }
wolfSSL 15:117db924cf7c 4896
wolfSSL 15:117db924cf7c 4897 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 15:117db924cf7c 4898
wolfSSL 15:117db924cf7c 4899
wolfSSL 15:117db924cf7c 4900 #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
wolfSSL 15:117db924cf7c 4901 #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL 15:117db924cf7c 4902 #define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL 15:117db924cf7c 4903 #define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL 15:117db924cf7c 4904
wolfSSL 15:117db924cf7c 4905 #else
wolfSSL 15:117db924cf7c 4906
wolfSSL 15:117db924cf7c 4907 #define SCR_FREE_ALL(a, heap)
wolfSSL 15:117db924cf7c 4908 #define SCR_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 4909 #define SCR_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 4910 #define SCR_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 4911
wolfSSL 15:117db924cf7c 4912 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 15:117db924cf7c 4913
wolfSSL 15:117db924cf7c 4914 /******************************************************************************/
wolfSSL 15:117db924cf7c 4915 /* Session Tickets */
wolfSSL 15:117db924cf7c 4916 /******************************************************************************/
wolfSSL 15:117db924cf7c 4917
wolfSSL 15:117db924cf7c 4918 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 4919
wolfSSL 15:117db924cf7c 4920 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 4921 static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 4922 {
wolfSSL 15:117db924cf7c 4923 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET);
wolfSSL 15:117db924cf7c 4924 SessionTicket* ticket = extension ?
wolfSSL 15:117db924cf7c 4925 (SessionTicket*)extension->data : NULL;
wolfSSL 15:117db924cf7c 4926
wolfSSL 15:117db924cf7c 4927 if (ticket) {
wolfSSL 15:117db924cf7c 4928 /* TODO validate ticket timeout here! */
wolfSSL 15:117db924cf7c 4929 if (ticket->lifetime == 0xfffffff) {
wolfSSL 15:117db924cf7c 4930 /* send empty ticket on timeout */
wolfSSL 15:117db924cf7c 4931 TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 4932 }
wolfSSL 15:117db924cf7c 4933 }
wolfSSL 15:117db924cf7c 4934 }
wolfSSL 15:117db924cf7c 4935 #endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 4936
wolfSSL 15:117db924cf7c 4937
wolfSSL 15:117db924cf7c 4938 static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL 15:117db924cf7c 4939 {
wolfSSL 15:117db924cf7c 4940 (void)isRequest;
wolfSSL 15:117db924cf7c 4941 return ticket ? ticket->size : 0;
wolfSSL 15:117db924cf7c 4942 }
wolfSSL 15:117db924cf7c 4943
wolfSSL 15:117db924cf7c 4944 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL 15:117db924cf7c 4945 int isRequest)
wolfSSL 15:117db924cf7c 4946 {
wolfSSL 15:117db924cf7c 4947 word16 offset = 0; /* empty ticket */
wolfSSL 15:117db924cf7c 4948
wolfSSL 15:117db924cf7c 4949 if (isRequest && ticket) {
wolfSSL 15:117db924cf7c 4950 XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL 15:117db924cf7c 4951 offset += ticket->size;
wolfSSL 15:117db924cf7c 4952 }
wolfSSL 15:117db924cf7c 4953
wolfSSL 15:117db924cf7c 4954 return offset;
wolfSSL 15:117db924cf7c 4955 }
wolfSSL 15:117db924cf7c 4956
wolfSSL 15:117db924cf7c 4957
wolfSSL 15:117db924cf7c 4958 static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 4959 byte isRequest)
wolfSSL 15:117db924cf7c 4960 {
wolfSSL 15:117db924cf7c 4961 int ret = 0;
wolfSSL 15:117db924cf7c 4962
wolfSSL 15:117db924cf7c 4963 (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */
wolfSSL 15:117db924cf7c 4964
wolfSSL 15:117db924cf7c 4965 if (!isRequest) {
wolfSSL 15:117db924cf7c 4966 if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET))
wolfSSL 15:117db924cf7c 4967 return TLSX_HandleUnsupportedExtension(ssl);
wolfSSL 15:117db924cf7c 4968
wolfSSL 15:117db924cf7c 4969 if (length != 0)
wolfSSL 15:117db924cf7c 4970 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 4971
wolfSSL 15:117db924cf7c 4972 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 4973 ssl->expect_session_ticket = 1;
wolfSSL 15:117db924cf7c 4974 #endif
wolfSSL 15:117db924cf7c 4975 }
wolfSSL 15:117db924cf7c 4976 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 4977 else {
wolfSSL 15:117db924cf7c 4978 /* server side */
wolfSSL 15:117db924cf7c 4979 if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL 15:117db924cf7c 4980 WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL 15:117db924cf7c 4981 return 0;
wolfSSL 15:117db924cf7c 4982 }
wolfSSL 15:117db924cf7c 4983
wolfSSL 15:117db924cf7c 4984 if (length == 0) {
wolfSSL 15:117db924cf7c 4985 /* blank ticket */
wolfSSL 15:117db924cf7c 4986 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 4987 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 4988 ret = 0;
wolfSSL 15:117db924cf7c 4989 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
wolfSSL 15:117db924cf7c 4990 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 15:117db924cf7c 4991 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 4992 ssl->options.resuming = 0; /* no standard resumption */
wolfSSL 15:117db924cf7c 4993 ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */
wolfSSL 15:117db924cf7c 4994 }
wolfSSL 15:117db924cf7c 4995 } else {
wolfSSL 15:117db924cf7c 4996 /* got actual ticket from client */
wolfSSL 15:117db924cf7c 4997 ret = DoClientTicket(ssl, input, length);
wolfSSL 15:117db924cf7c 4998 if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL 16:8e0d178b1d1e 4999 WOLFSSL_MSG("Using existing client ticket");
wolfSSL 15:117db924cf7c 5000 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 5001 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 5002 } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 15:117db924cf7c 5003 WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL 15:117db924cf7c 5004 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 5005 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 5006 ret = 0;
wolfSSL 15:117db924cf7c 5007 TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
wolfSSL 15:117db924cf7c 5008 /* send blank ticket */
wolfSSL 15:117db924cf7c 5009 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 15:117db924cf7c 5010 ssl->options.useTicket = 1;
wolfSSL 15:117db924cf7c 5011 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 5012 }
wolfSSL 15:117db924cf7c 5013 } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL 15:117db924cf7c 5014 WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL 15:117db924cf7c 5015 ssl->options.rejectTicket = 1;
wolfSSL 15:117db924cf7c 5016 ret = 0; /* not fatal */
wolfSSL 15:117db924cf7c 5017 } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
wolfSSL 15:117db924cf7c 5018 WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL 15:117db924cf7c 5019 }
wolfSSL 15:117db924cf7c 5020 }
wolfSSL 15:117db924cf7c 5021 }
wolfSSL 15:117db924cf7c 5022 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 5023
wolfSSL 15:117db924cf7c 5024 return ret;
wolfSSL 15:117db924cf7c 5025 }
wolfSSL 15:117db924cf7c 5026
wolfSSL 15:117db924cf7c 5027 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL 15:117db924cf7c 5028 byte* data, word16 size, void* heap)
wolfSSL 15:117db924cf7c 5029 {
wolfSSL 15:117db924cf7c 5030 SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL 15:117db924cf7c 5031 heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5032 if (ticket) {
wolfSSL 15:117db924cf7c 5033 ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5034 if (ticket->data == NULL) {
wolfSSL 15:117db924cf7c 5035 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5036 return NULL;
wolfSSL 15:117db924cf7c 5037 }
wolfSSL 15:117db924cf7c 5038
wolfSSL 15:117db924cf7c 5039 XMEMCPY(ticket->data, data, size);
wolfSSL 15:117db924cf7c 5040 ticket->size = size;
wolfSSL 15:117db924cf7c 5041 ticket->lifetime = lifetime;
wolfSSL 15:117db924cf7c 5042 }
wolfSSL 15:117db924cf7c 5043
wolfSSL 16:8e0d178b1d1e 5044 (void)heap;
wolfSSL 16:8e0d178b1d1e 5045
wolfSSL 15:117db924cf7c 5046 return ticket;
wolfSSL 15:117db924cf7c 5047 }
wolfSSL 15:117db924cf7c 5048 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap)
wolfSSL 15:117db924cf7c 5049 {
wolfSSL 15:117db924cf7c 5050 if (ticket) {
wolfSSL 15:117db924cf7c 5051 XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5052 XFREE(ticket, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5053 }
wolfSSL 15:117db924cf7c 5054
wolfSSL 15:117db924cf7c 5055 (void)heap;
wolfSSL 15:117db924cf7c 5056 }
wolfSSL 15:117db924cf7c 5057
wolfSSL 15:117db924cf7c 5058 int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
wolfSSL 15:117db924cf7c 5059 {
wolfSSL 15:117db924cf7c 5060 int ret = 0;
wolfSSL 15:117db924cf7c 5061
wolfSSL 15:117db924cf7c 5062 if (extensions == NULL)
wolfSSL 15:117db924cf7c 5063 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5064
wolfSSL 15:117db924cf7c 5065 /* If the ticket is NULL, the client will request a new ticket from the
wolfSSL 15:117db924cf7c 5066 server. Otherwise, the client will use it in the next client hello. */
wolfSSL 15:117db924cf7c 5067 if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap))
wolfSSL 15:117db924cf7c 5068 != 0)
wolfSSL 15:117db924cf7c 5069 return ret;
wolfSSL 15:117db924cf7c 5070
wolfSSL 15:117db924cf7c 5071 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5072 }
wolfSSL 15:117db924cf7c 5073
wolfSSL 15:117db924cf7c 5074 #define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL 15:117db924cf7c 5075 #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL 15:117db924cf7c 5076 #define WOLF_STK_WRITE TLSX_SessionTicket_Write
wolfSSL 15:117db924cf7c 5077 #define WOLF_STK_PARSE TLSX_SessionTicket_Parse
wolfSSL 15:117db924cf7c 5078 #define WOLF_STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap))
wolfSSL 15:117db924cf7c 5079
wolfSSL 15:117db924cf7c 5080 #else
wolfSSL 15:117db924cf7c 5081
wolfSSL 15:117db924cf7c 5082 #define WOLF_STK_FREE(a, b)
wolfSSL 15:117db924cf7c 5083 #define WOLF_STK_VALIDATE_REQUEST(a)
wolfSSL 15:117db924cf7c 5084 #define WOLF_STK_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 5085 #define WOLF_STK_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 5086 #define WOLF_STK_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5087
wolfSSL 15:117db924cf7c 5088 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 5089
wolfSSL 15:117db924cf7c 5090 /******************************************************************************/
wolfSSL 15:117db924cf7c 5091 /* Quantum-Safe-Hybrid */
wolfSSL 15:117db924cf7c 5092 /******************************************************************************/
wolfSSL 15:117db924cf7c 5093
wolfSSL 15:117db924cf7c 5094 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 5095 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 5096 static WC_RNG* gRng;
wolfSSL 15:117db924cf7c 5097 static wolfSSL_Mutex* gRngMutex;
wolfSSL 15:117db924cf7c 5098 #endif
wolfSSL 15:117db924cf7c 5099
wolfSSL 15:117db924cf7c 5100 static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap)
wolfSSL 15:117db924cf7c 5101 {
wolfSSL 15:117db924cf7c 5102 QSHScheme* current;
wolfSSL 15:117db924cf7c 5103
wolfSSL 15:117db924cf7c 5104 while ((current = list)) {
wolfSSL 15:117db924cf7c 5105 list = current->next;
wolfSSL 15:117db924cf7c 5106 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5107 }
wolfSSL 15:117db924cf7c 5108
wolfSSL 15:117db924cf7c 5109 (void)heap;
wolfSSL 15:117db924cf7c 5110 }
wolfSSL 15:117db924cf7c 5111
wolfSSL 15:117db924cf7c 5112 static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
wolfSSL 15:117db924cf7c 5113 word16 pubLen)
wolfSSL 15:117db924cf7c 5114 {
wolfSSL 15:117db924cf7c 5115 QSHScheme* temp;
wolfSSL 15:117db924cf7c 5116
wolfSSL 15:117db924cf7c 5117 if (list == NULL)
wolfSSL 15:117db924cf7c 5118 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5119
wolfSSL 15:117db924cf7c 5120 if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL 15:117db924cf7c 5121 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 5122 return MEMORY_E;
wolfSSL 15:117db924cf7c 5123
wolfSSL 15:117db924cf7c 5124 temp->name = name;
wolfSSL 15:117db924cf7c 5125 temp->PK = pub;
wolfSSL 15:117db924cf7c 5126 temp->PKLen = pubLen;
wolfSSL 15:117db924cf7c 5127 temp->next = *list;
wolfSSL 15:117db924cf7c 5128
wolfSSL 15:117db924cf7c 5129 *list = temp;
wolfSSL 15:117db924cf7c 5130
wolfSSL 15:117db924cf7c 5131 return 0;
wolfSSL 15:117db924cf7c 5132 }
wolfSSL 15:117db924cf7c 5133
wolfSSL 15:117db924cf7c 5134
wolfSSL 15:117db924cf7c 5135 /* request for server's public key : 02 indicates 0-2 requested */
wolfSSL 15:117db924cf7c 5136 static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
wolfSSL 15:117db924cf7c 5137 {
wolfSSL 15:117db924cf7c 5138 if (isRequest) {
wolfSSL 15:117db924cf7c 5139 /* only request one public key from the server */
wolfSSL 15:117db924cf7c 5140 output[0] = 0x01;
wolfSSL 15:117db924cf7c 5141
wolfSSL 15:117db924cf7c 5142 return OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 5143 }
wolfSSL 15:117db924cf7c 5144 else {
wolfSSL 15:117db924cf7c 5145 return 0;
wolfSSL 15:117db924cf7c 5146 }
wolfSSL 15:117db924cf7c 5147 }
wolfSSL 15:117db924cf7c 5148
wolfSSL 15:117db924cf7c 5149 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 5150
wolfSSL 15:117db924cf7c 5151 /* check for TLS_QSH suite */
wolfSSL 15:117db924cf7c 5152 static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 15:117db924cf7c 5153 {
wolfSSL 15:117db924cf7c 5154 int i;
wolfSSL 15:117db924cf7c 5155
wolfSSL 15:117db924cf7c 5156 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 15:117db924cf7c 5157 if (ssl->suites->suites[i] == QSH_BYTE)
wolfSSL 15:117db924cf7c 5158 return;
wolfSSL 15:117db924cf7c 5159
wolfSSL 15:117db924cf7c 5160 /* No QSH suite found */
wolfSSL 15:117db924cf7c 5161 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID));
wolfSSL 15:117db924cf7c 5162 }
wolfSSL 15:117db924cf7c 5163
wolfSSL 15:117db924cf7c 5164
wolfSSL 15:117db924cf7c 5165 /* return the size of the QSH hello extension
wolfSSL 15:117db924cf7c 5166 list the list of QSHScheme structs containing id and key
wolfSSL 15:117db924cf7c 5167 isRequest if 1 then is being sent to the server
wolfSSL 15:117db924cf7c 5168 */
wolfSSL 15:117db924cf7c 5169 word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
wolfSSL 15:117db924cf7c 5170 {
wolfSSL 15:117db924cf7c 5171 QSHScheme* temp = list;
wolfSSL 15:117db924cf7c 5172 word16 length = 0;
wolfSSL 15:117db924cf7c 5173
wolfSSL 15:117db924cf7c 5174 /* account for size of scheme list and public key list */
wolfSSL 15:117db924cf7c 5175 if (isRequest)
wolfSSL 15:117db924cf7c 5176 length = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5177 length += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 5178
wolfSSL 15:117db924cf7c 5179 /* for each non null element in list add size */
wolfSSL 15:117db924cf7c 5180 while ((temp)) {
wolfSSL 15:117db924cf7c 5181 /* add public key info Scheme | Key Length | Key */
wolfSSL 15:117db924cf7c 5182 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5183 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5184 length += temp->PKLen;
wolfSSL 15:117db924cf7c 5185
wolfSSL 15:117db924cf7c 5186 /* if client add name size for scheme list
wolfSSL 15:117db924cf7c 5187 advance to next QSHScheme struct in list */
wolfSSL 15:117db924cf7c 5188 if (isRequest)
wolfSSL 15:117db924cf7c 5189 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5190 temp = temp->next;
wolfSSL 15:117db924cf7c 5191 }
wolfSSL 15:117db924cf7c 5192
wolfSSL 15:117db924cf7c 5193 /* add length for request server public keys */
wolfSSL 15:117db924cf7c 5194 if (isRequest)
wolfSSL 15:117db924cf7c 5195 length += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 5196
wolfSSL 15:117db924cf7c 5197 return length;
wolfSSL 15:117db924cf7c 5198 }
wolfSSL 15:117db924cf7c 5199
wolfSSL 15:117db924cf7c 5200
wolfSSL 15:117db924cf7c 5201 /* write out a list of QSHScheme IDs */
wolfSSL 15:117db924cf7c 5202 static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
wolfSSL 15:117db924cf7c 5203 {
wolfSSL 15:117db924cf7c 5204 QSHScheme* current = list;
wolfSSL 15:117db924cf7c 5205 word16 length = 0;
wolfSSL 15:117db924cf7c 5206
wolfSSL 15:117db924cf7c 5207 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5208
wolfSSL 15:117db924cf7c 5209 while (current) {
wolfSSL 15:117db924cf7c 5210 c16toa(current->name, output + length);
wolfSSL 15:117db924cf7c 5211 length += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5212 current = (QSHScheme*)current->next;
wolfSSL 15:117db924cf7c 5213 }
wolfSSL 15:117db924cf7c 5214
wolfSSL 15:117db924cf7c 5215 c16toa(length - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 15:117db924cf7c 5216
wolfSSL 15:117db924cf7c 5217 return length;
wolfSSL 15:117db924cf7c 5218 }
wolfSSL 15:117db924cf7c 5219
wolfSSL 15:117db924cf7c 5220
wolfSSL 15:117db924cf7c 5221 /* write public key list in extension */
wolfSSL 15:117db924cf7c 5222 static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
wolfSSL 15:117db924cf7c 5223 {
wolfSSL 15:117db924cf7c 5224 word32 offset = 0;
wolfSSL 15:117db924cf7c 5225 word16 public_len = 0;
wolfSSL 15:117db924cf7c 5226
wolfSSL 15:117db924cf7c 5227 if (!format)
wolfSSL 15:117db924cf7c 5228 return offset;
wolfSSL 15:117db924cf7c 5229
wolfSSL 15:117db924cf7c 5230 /* write scheme ID */
wolfSSL 15:117db924cf7c 5231 c16toa(format->name, output + offset);
wolfSSL 15:117db924cf7c 5232 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5233
wolfSSL 15:117db924cf7c 5234 /* write public key matching scheme */
wolfSSL 15:117db924cf7c 5235 public_len = format->PKLen;
wolfSSL 15:117db924cf7c 5236 c16toa(public_len, output + offset);
wolfSSL 15:117db924cf7c 5237 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5238 if (format->PK) {
wolfSSL 15:117db924cf7c 5239 XMEMCPY(output+offset, format->PK, public_len);
wolfSSL 15:117db924cf7c 5240 }
wolfSSL 15:117db924cf7c 5241
wolfSSL 15:117db924cf7c 5242 return public_len + offset;
wolfSSL 15:117db924cf7c 5243 }
wolfSSL 15:117db924cf7c 5244
wolfSSL 15:117db924cf7c 5245 word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
wolfSSL 15:117db924cf7c 5246 {
wolfSSL 15:117db924cf7c 5247 QSHScheme* current = list;
wolfSSL 15:117db924cf7c 5248 word32 length = 0;
wolfSSL 15:117db924cf7c 5249 word24 toWire;
wolfSSL 15:117db924cf7c 5250
wolfSSL 15:117db924cf7c 5251 length += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 5252
wolfSSL 15:117db924cf7c 5253 while (current) {
wolfSSL 15:117db924cf7c 5254 length += TLSX_QSHPK_WriteR(current, output + length);
wolfSSL 15:117db924cf7c 5255 current = (QSHScheme*)current->next;
wolfSSL 15:117db924cf7c 5256 }
wolfSSL 15:117db924cf7c 5257 /* length of public keys sent */
wolfSSL 15:117db924cf7c 5258 c32to24(length - OPAQUE24_LEN, toWire);
wolfSSL 15:117db924cf7c 5259 output[0] = toWire[0];
wolfSSL 15:117db924cf7c 5260 output[1] = toWire[1];
wolfSSL 15:117db924cf7c 5261 output[2] = toWire[2];
wolfSSL 15:117db924cf7c 5262
wolfSSL 15:117db924cf7c 5263 return length;
wolfSSL 15:117db924cf7c 5264 }
wolfSSL 15:117db924cf7c 5265
wolfSSL 15:117db924cf7c 5266 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 5267 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 5268
wolfSSL 15:117db924cf7c 5269 static void TLSX_QSHAgreement(TLSX** extensions, void* heap)
wolfSSL 15:117db924cf7c 5270 {
wolfSSL 15:117db924cf7c 5271 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5272 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 5273 QSHScheme* del = NULL;
wolfSSL 15:117db924cf7c 5274 QSHScheme* prev = NULL;
wolfSSL 15:117db924cf7c 5275
wolfSSL 15:117db924cf7c 5276 if (extension == NULL)
wolfSSL 15:117db924cf7c 5277 return;
wolfSSL 15:117db924cf7c 5278
wolfSSL 15:117db924cf7c 5279 format = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 5280 while (format) {
wolfSSL 15:117db924cf7c 5281 if (format->PKLen == 0) {
wolfSSL 15:117db924cf7c 5282 /* case of head */
wolfSSL 15:117db924cf7c 5283 if (format == extension->data) {
wolfSSL 15:117db924cf7c 5284 extension->data = format->next;
wolfSSL 15:117db924cf7c 5285 }
wolfSSL 15:117db924cf7c 5286 if (prev)
wolfSSL 15:117db924cf7c 5287 prev->next = format->next;
wolfSSL 15:117db924cf7c 5288 del = format;
wolfSSL 15:117db924cf7c 5289 format = format->next;
wolfSSL 15:117db924cf7c 5290 XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 5291 del = NULL;
wolfSSL 15:117db924cf7c 5292 } else {
wolfSSL 15:117db924cf7c 5293 prev = format;
wolfSSL 15:117db924cf7c 5294 format = format->next;
wolfSSL 15:117db924cf7c 5295 }
wolfSSL 15:117db924cf7c 5296 }
wolfSSL 15:117db924cf7c 5297
wolfSSL 15:117db924cf7c 5298 (void)heap;
wolfSSL 15:117db924cf7c 5299 }
wolfSSL 15:117db924cf7c 5300
wolfSSL 15:117db924cf7c 5301
wolfSSL 15:117db924cf7c 5302 /* Parse in hello extension
wolfSSL 15:117db924cf7c 5303 input the byte stream to process
wolfSSL 15:117db924cf7c 5304 length length of total extension found
wolfSSL 15:117db924cf7c 5305 isRequest set to 1 if being sent to the server
wolfSSL 15:117db924cf7c 5306 */
wolfSSL 15:117db924cf7c 5307 static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 5308 byte isRequest)
wolfSSL 15:117db924cf7c 5309 {
wolfSSL 15:117db924cf7c 5310 byte numKeys = 0;
wolfSSL 15:117db924cf7c 5311 word16 offset = 0;
wolfSSL 15:117db924cf7c 5312 word16 schemSz = 0;
wolfSSL 15:117db924cf7c 5313 word16 offset_len = 0;
wolfSSL 15:117db924cf7c 5314 word32 offset_pk = 0;
wolfSSL 15:117db924cf7c 5315 word16 name = 0;
wolfSSL 15:117db924cf7c 5316 word16 PKLen = 0;
wolfSSL 15:117db924cf7c 5317 byte* PK = NULL;
wolfSSL 15:117db924cf7c 5318 int r;
wolfSSL 15:117db924cf7c 5319
wolfSSL 15:117db924cf7c 5320
wolfSSL 15:117db924cf7c 5321 if (OPAQUE16_LEN > length)
wolfSSL 15:117db924cf7c 5322 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5323
wolfSSL 15:117db924cf7c 5324 if (isRequest) {
wolfSSL 15:117db924cf7c 5325 ato16(input, &schemSz);
wolfSSL 15:117db924cf7c 5326
wolfSSL 15:117db924cf7c 5327 /* list of public keys available for QSH schemes */
wolfSSL 15:117db924cf7c 5328 offset_len = schemSz + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5329 }
wolfSSL 15:117db924cf7c 5330
wolfSSL 15:117db924cf7c 5331 offset_pk = ((input[offset_len] << 16) & 0xFF00000) |
wolfSSL 15:117db924cf7c 5332 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 15:117db924cf7c 5333 (input[offset_len + 2] & 0xFF);
wolfSSL 15:117db924cf7c 5334 offset_len += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 5335
wolfSSL 15:117db924cf7c 5336 /* check buffer size */
wolfSSL 15:117db924cf7c 5337 if (offset_pk > length)
wolfSSL 15:117db924cf7c 5338 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5339
wolfSSL 15:117db924cf7c 5340 /* set maximum number of keys the client will accept */
wolfSSL 15:117db924cf7c 5341 if (!isRequest)
wolfSSL 15:117db924cf7c 5342 numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
wolfSSL 15:117db924cf7c 5343
wolfSSL 15:117db924cf7c 5344 /* hello extension read list of scheme ids */
wolfSSL 15:117db924cf7c 5345 if (isRequest) {
wolfSSL 15:117db924cf7c 5346
wolfSSL 15:117db924cf7c 5347 /* read in request for public keys */
wolfSSL 15:117db924cf7c 5348 ssl->minRequest = (input[length -1] >> 4) & 0xFF;
wolfSSL 15:117db924cf7c 5349 ssl->maxRequest = input[length -1] & 0x0F;
wolfSSL 15:117db924cf7c 5350
wolfSSL 15:117db924cf7c 5351 /* choose the min between min requested by client and 1 */
wolfSSL 15:117db924cf7c 5352 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 15:117db924cf7c 5353
wolfSSL 15:117db924cf7c 5354 if (ssl->minRequest > ssl->maxRequest)
wolfSSL 15:117db924cf7c 5355 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5356
wolfSSL 15:117db924cf7c 5357 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5358 schemSz += offset;
wolfSSL 15:117db924cf7c 5359
wolfSSL 15:117db924cf7c 5360 /* check buffer size */
wolfSSL 15:117db924cf7c 5361 if (schemSz > length)
wolfSSL 15:117db924cf7c 5362 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5363
wolfSSL 15:117db924cf7c 5364 while ((offset < schemSz) && numKeys) {
wolfSSL 15:117db924cf7c 5365 /* Scheme ID list */
wolfSSL 15:117db924cf7c 5366 ato16(input + offset, &name);
wolfSSL 15:117db924cf7c 5367 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5368
wolfSSL 15:117db924cf7c 5369 /* validate we have scheme id */
wolfSSL 15:117db924cf7c 5370 if (ssl->user_set_QSHSchemes &&
wolfSSL 15:117db924cf7c 5371 !TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
wolfSSL 15:117db924cf7c 5372 continue;
wolfSSL 15:117db924cf7c 5373 }
wolfSSL 15:117db924cf7c 5374
wolfSSL 15:117db924cf7c 5375 /* server create keys on demand */
wolfSSL 15:117db924cf7c 5376 if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
wolfSSL 15:117db924cf7c 5377 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 5378 return r;
wolfSSL 15:117db924cf7c 5379 }
wolfSSL 15:117db924cf7c 5380
wolfSSL 15:117db924cf7c 5381 /* peer sent an agreed upon scheme */
wolfSSL 15:117db924cf7c 5382 r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 15:117db924cf7c 5383
wolfSSL 15:117db924cf7c 5384 if (r != WOLFSSL_SUCCESS) return r; /* throw error */
wolfSSL 15:117db924cf7c 5385
wolfSSL 15:117db924cf7c 5386 numKeys--;
wolfSSL 15:117db924cf7c 5387 }
wolfSSL 15:117db924cf7c 5388
wolfSSL 15:117db924cf7c 5389 /* choose the min between min requested by client and 1 */
wolfSSL 15:117db924cf7c 5390 numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
wolfSSL 15:117db924cf7c 5391 }
wolfSSL 15:117db924cf7c 5392
wolfSSL 15:117db924cf7c 5393 /* QSHPK struct */
wolfSSL 15:117db924cf7c 5394 offset_pk += offset_len;
wolfSSL 15:117db924cf7c 5395 while ((offset_len < offset_pk) && numKeys) {
wolfSSL 15:117db924cf7c 5396 QSHKey * temp;
wolfSSL 15:117db924cf7c 5397
wolfSSL 15:117db924cf7c 5398 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 15:117db924cf7c 5399 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 5400 return MEMORY_E;
wolfSSL 15:117db924cf7c 5401
wolfSSL 15:117db924cf7c 5402 /* initialize */
wolfSSL 15:117db924cf7c 5403 temp->next = NULL;
wolfSSL 15:117db924cf7c 5404 temp->pub.buffer = NULL;
wolfSSL 15:117db924cf7c 5405 temp->pub.length = 0;
wolfSSL 15:117db924cf7c 5406 temp->pri.buffer = NULL;
wolfSSL 15:117db924cf7c 5407 temp->pri.length = 0;
wolfSSL 15:117db924cf7c 5408
wolfSSL 15:117db924cf7c 5409 /* scheme id */
wolfSSL 15:117db924cf7c 5410 ato16(input + offset_len, &(temp->name));
wolfSSL 15:117db924cf7c 5411 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5412
wolfSSL 15:117db924cf7c 5413 /* public key length */
wolfSSL 15:117db924cf7c 5414 ato16(input + offset_len, &PKLen);
wolfSSL 15:117db924cf7c 5415 temp->pub.length = PKLen;
wolfSSL 15:117db924cf7c 5416 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5417
wolfSSL 15:117db924cf7c 5418
wolfSSL 15:117db924cf7c 5419 if (isRequest) {
wolfSSL 15:117db924cf7c 5420 /* validate we have scheme id */
wolfSSL 15:117db924cf7c 5421 if (ssl->user_set_QSHSchemes &&
wolfSSL 15:117db924cf7c 5422 (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
wolfSSL 15:117db924cf7c 5423 offset_len += PKLen;
wolfSSL 15:117db924cf7c 5424 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5425 continue;
wolfSSL 15:117db924cf7c 5426 }
wolfSSL 15:117db924cf7c 5427 }
wolfSSL 15:117db924cf7c 5428
wolfSSL 15:117db924cf7c 5429 /* read in public key */
wolfSSL 15:117db924cf7c 5430 if (PKLen > 0) {
wolfSSL 15:117db924cf7c 5431 temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
wolfSSL 15:117db924cf7c 5432 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 5433 XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
wolfSSL 15:117db924cf7c 5434 offset_len += PKLen;
wolfSSL 15:117db924cf7c 5435 }
wolfSSL 15:117db924cf7c 5436 else {
wolfSSL 15:117db924cf7c 5437 PK = NULL;
wolfSSL 15:117db924cf7c 5438 }
wolfSSL 15:117db924cf7c 5439
wolfSSL 15:117db924cf7c 5440 /* use own key when adding to extensions list for sending reply */
wolfSSL 15:117db924cf7c 5441 PKLen = 0;
wolfSSL 15:117db924cf7c 5442 PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
wolfSSL 15:117db924cf7c 5443 r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen,
wolfSSL 15:117db924cf7c 5444 ssl->heap);
wolfSSL 15:117db924cf7c 5445
wolfSSL 15:117db924cf7c 5446 /* store peers key */
wolfSSL 15:117db924cf7c 5447 ssl->peerQSHKeyPresent = 1;
wolfSSL 15:117db924cf7c 5448 if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
wolfSSL 15:117db924cf7c 5449 return MEMORY_E;
wolfSSL 15:117db924cf7c 5450
wolfSSL 15:117db924cf7c 5451 if (temp->pub.length == 0) {
wolfSSL 15:117db924cf7c 5452 XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5453 }
wolfSSL 15:117db924cf7c 5454
wolfSSL 15:117db924cf7c 5455 if (r != WOLFSSL_SUCCESS) {return r;} /* throw error */
wolfSSL 15:117db924cf7c 5456
wolfSSL 15:117db924cf7c 5457 numKeys--;
wolfSSL 15:117db924cf7c 5458 }
wolfSSL 15:117db924cf7c 5459
wolfSSL 15:117db924cf7c 5460 /* reply to a QSH extension sent from client */
wolfSSL 15:117db924cf7c 5461 if (isRequest) {
wolfSSL 15:117db924cf7c 5462 TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5463 /* only use schemes we have key generated for -- free the rest */
wolfSSL 15:117db924cf7c 5464 TLSX_QSHAgreement(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 5465 }
wolfSSL 15:117db924cf7c 5466
wolfSSL 15:117db924cf7c 5467 return 0;
wolfSSL 15:117db924cf7c 5468 }
wolfSSL 15:117db924cf7c 5469
wolfSSL 15:117db924cf7c 5470
wolfSSL 15:117db924cf7c 5471 /* Used for parsing in QSHCipher structs on Key Exchange */
wolfSSL 15:117db924cf7c 5472 int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
wolfSSL 15:117db924cf7c 5473 byte isServer)
wolfSSL 15:117db924cf7c 5474 {
wolfSSL 15:117db924cf7c 5475 QSHKey* key;
wolfSSL 15:117db924cf7c 5476 word16 Max_Secret_Len = 48;
wolfSSL 15:117db924cf7c 5477 word16 offset = 0;
wolfSSL 15:117db924cf7c 5478 word16 offset_len = 0;
wolfSSL 15:117db924cf7c 5479 word32 offset_pk = 0;
wolfSSL 15:117db924cf7c 5480 word16 name = 0;
wolfSSL 15:117db924cf7c 5481 word16 secretLen = 0;
wolfSSL 15:117db924cf7c 5482 byte* secret = NULL;
wolfSSL 15:117db924cf7c 5483 word16 buffLen = 0;
wolfSSL 15:117db924cf7c 5484 byte buff[145]; /* size enough for 3 secrets */
wolfSSL 15:117db924cf7c 5485 buffer* buf;
wolfSSL 15:117db924cf7c 5486
wolfSSL 15:117db924cf7c 5487 /* pointer to location where secret should be stored */
wolfSSL 15:117db924cf7c 5488 if (isServer) {
wolfSSL 15:117db924cf7c 5489 buf = ssl->QSH_secret->CliSi;
wolfSSL 15:117db924cf7c 5490 }
wolfSSL 15:117db924cf7c 5491 else {
wolfSSL 15:117db924cf7c 5492 buf = ssl->QSH_secret->SerSi;
wolfSSL 15:117db924cf7c 5493 }
wolfSSL 15:117db924cf7c 5494
wolfSSL 15:117db924cf7c 5495 offset_pk = ((input[offset_len] << 16) & 0xFF0000) |
wolfSSL 15:117db924cf7c 5496 (((input[offset_len + 1]) << 8) & 0xFF00) |
wolfSSL 15:117db924cf7c 5497 (input[offset_len + 2] & 0xFF);
wolfSSL 15:117db924cf7c 5498 offset_len += OPAQUE24_LEN;
wolfSSL 15:117db924cf7c 5499
wolfSSL 15:117db924cf7c 5500 /* validating extension list length -- check if trying to read over edge
wolfSSL 15:117db924cf7c 5501 of buffer */
wolfSSL 15:117db924cf7c 5502 if (length < (offset_pk + OPAQUE24_LEN)) {
wolfSSL 15:117db924cf7c 5503 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 5504 }
wolfSSL 15:117db924cf7c 5505
wolfSSL 15:117db924cf7c 5506 /* QSHCipherList struct */
wolfSSL 15:117db924cf7c 5507 offset_pk += offset_len;
wolfSSL 15:117db924cf7c 5508 while (offset_len < offset_pk) {
wolfSSL 15:117db924cf7c 5509
wolfSSL 15:117db924cf7c 5510 /* scheme id */
wolfSSL 15:117db924cf7c 5511 ato16(input + offset_len, &name);
wolfSSL 15:117db924cf7c 5512 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5513
wolfSSL 15:117db924cf7c 5514 /* public key length */
wolfSSL 15:117db924cf7c 5515 ato16(input + offset_len, &secretLen);
wolfSSL 15:117db924cf7c 5516 offset_len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5517
wolfSSL 15:117db924cf7c 5518 /* read in public key */
wolfSSL 15:117db924cf7c 5519 if (secretLen > 0) {
wolfSSL 15:117db924cf7c 5520 secret = (byte*)(input + offset_len);
wolfSSL 15:117db924cf7c 5521 offset_len += secretLen;
wolfSSL 15:117db924cf7c 5522 }
wolfSSL 15:117db924cf7c 5523 else {
wolfSSL 15:117db924cf7c 5524 secret = NULL;
wolfSSL 15:117db924cf7c 5525 }
wolfSSL 15:117db924cf7c 5526
wolfSSL 15:117db924cf7c 5527 /* no secret sent */
wolfSSL 15:117db924cf7c 5528 if (secret == NULL)
wolfSSL 15:117db924cf7c 5529 continue;
wolfSSL 15:117db924cf7c 5530
wolfSSL 15:117db924cf7c 5531 /* find corresponding key */
wolfSSL 15:117db924cf7c 5532 key = ssl->QSH_Key;
wolfSSL 15:117db924cf7c 5533 while (key) {
wolfSSL 15:117db924cf7c 5534 if (key->name == name)
wolfSSL 15:117db924cf7c 5535 break;
wolfSSL 15:117db924cf7c 5536 else
wolfSSL 15:117db924cf7c 5537 key = (QSHKey*)key->next;
wolfSSL 15:117db924cf7c 5538 }
wolfSSL 15:117db924cf7c 5539
wolfSSL 15:117db924cf7c 5540 /* if we do not have the key than there was a big issue negotiation */
wolfSSL 15:117db924cf7c 5541 if (key == NULL) {
wolfSSL 15:117db924cf7c 5542 WOLFSSL_MSG("key was null for decryption!!!\n");
wolfSSL 15:117db924cf7c 5543 return MEMORY_E;
wolfSSL 15:117db924cf7c 5544 }
wolfSSL 15:117db924cf7c 5545
wolfSSL 15:117db924cf7c 5546 /* Decrypt sent secret */
wolfSSL 15:117db924cf7c 5547 buffLen = Max_Secret_Len;
wolfSSL 15:117db924cf7c 5548 QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
wolfSSL 15:117db924cf7c 5549 offset += buffLen;
wolfSSL 15:117db924cf7c 5550 }
wolfSSL 15:117db924cf7c 5551
wolfSSL 15:117db924cf7c 5552 /* allocate memory for buffer */
wolfSSL 15:117db924cf7c 5553 buf->length = offset;
wolfSSL 15:117db924cf7c 5554 buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 5555 if (buf->buffer == NULL)
wolfSSL 15:117db924cf7c 5556 return MEMORY_E;
wolfSSL 15:117db924cf7c 5557
wolfSSL 15:117db924cf7c 5558 /* store secrets */
wolfSSL 15:117db924cf7c 5559 XMEMCPY(buf->buffer, buff, offset);
wolfSSL 15:117db924cf7c 5560 ForceZero(buff, offset);
wolfSSL 15:117db924cf7c 5561
wolfSSL 15:117db924cf7c 5562 return offset_len;
wolfSSL 15:117db924cf7c 5563 }
wolfSSL 15:117db924cf7c 5564
wolfSSL 15:117db924cf7c 5565
wolfSSL 15:117db924cf7c 5566 /* return 1 on success */
wolfSSL 15:117db924cf7c 5567 int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
wolfSSL 15:117db924cf7c 5568 TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5569 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 5570
wolfSSL 15:117db924cf7c 5571 /* if no extension is sent then do not use QSH */
wolfSSL 15:117db924cf7c 5572 if (!extension) {
wolfSSL 15:117db924cf7c 5573 WOLFSSL_MSG("No QSH Extension");
wolfSSL 15:117db924cf7c 5574 return 0;
wolfSSL 15:117db924cf7c 5575 }
wolfSSL 15:117db924cf7c 5576
wolfSSL 15:117db924cf7c 5577 for (format = (QSHScheme*)extension->data; format; format = format->next) {
wolfSSL 15:117db924cf7c 5578 if (format->name == theirs) {
wolfSSL 15:117db924cf7c 5579 WOLFSSL_MSG("Found Matching QSH Scheme");
wolfSSL 15:117db924cf7c 5580 return 1; /* have QSH */
wolfSSL 15:117db924cf7c 5581 }
wolfSSL 15:117db924cf7c 5582 }
wolfSSL 15:117db924cf7c 5583
wolfSSL 15:117db924cf7c 5584 return 0;
wolfSSL 15:117db924cf7c 5585 }
wolfSSL 15:117db924cf7c 5586 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 5587
wolfSSL 15:117db924cf7c 5588 /* test if the QSH Scheme is implemented
wolfSSL 15:117db924cf7c 5589 return 1 if yes 0 if no */
wolfSSL 15:117db924cf7c 5590 static int TLSX_HaveQSHScheme(word16 name)
wolfSSL 15:117db924cf7c 5591 {
wolfSSL 15:117db924cf7c 5592 switch(name) {
wolfSSL 15:117db924cf7c 5593 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 5594 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 5595 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 5596 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 5597 return 1;
wolfSSL 15:117db924cf7c 5598 #endif
wolfSSL 15:117db924cf7c 5599 case WOLFSSL_LWE_XXX:
wolfSSL 15:117db924cf7c 5600 case WOLFSSL_HFE_XXX:
wolfSSL 15:117db924cf7c 5601 return 0; /* not supported yet */
wolfSSL 15:117db924cf7c 5602
wolfSSL 15:117db924cf7c 5603 default:
wolfSSL 15:117db924cf7c 5604 return 0;
wolfSSL 15:117db924cf7c 5605 }
wolfSSL 15:117db924cf7c 5606 }
wolfSSL 15:117db924cf7c 5607
wolfSSL 15:117db924cf7c 5608
wolfSSL 15:117db924cf7c 5609 /* Add a QSHScheme struct to list of usable ones */
wolfSSL 15:117db924cf7c 5610 int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
wolfSSL 15:117db924cf7c 5611 void* heap)
wolfSSL 15:117db924cf7c 5612 {
wolfSSL 16:8e0d178b1d1e 5613 TLSX* extension = NULL;
wolfSSL 15:117db924cf7c 5614 QSHScheme* format = NULL;
wolfSSL 15:117db924cf7c 5615 int ret = 0;
wolfSSL 15:117db924cf7c 5616
wolfSSL 15:117db924cf7c 5617 /* sanity check */
wolfSSL 15:117db924cf7c 5618 if (extensions == NULL || (pKey == NULL && pkeySz != 0))
wolfSSL 15:117db924cf7c 5619 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5620
wolfSSL 16:8e0d178b1d1e 5621 extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 16:8e0d178b1d1e 5622
wolfSSL 15:117db924cf7c 5623 /* if scheme is implemented than add */
wolfSSL 15:117db924cf7c 5624 if (TLSX_HaveQSHScheme(name)) {
wolfSSL 15:117db924cf7c 5625 if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
wolfSSL 15:117db924cf7c 5626 return ret;
wolfSSL 15:117db924cf7c 5627
wolfSSL 16:8e0d178b1d1e 5628 extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 5629 if (!extension) {
wolfSSL 15:117db924cf7c 5630 if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
wolfSSL 15:117db924cf7c 5631 heap)) != 0) {
wolfSSL 15:117db924cf7c 5632 XFREE(format, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5633 return ret;
wolfSSL 15:117db924cf7c 5634 }
wolfSSL 15:117db924cf7c 5635 }
wolfSSL 15:117db924cf7c 5636 else {
wolfSSL 15:117db924cf7c 5637 /* push new QSH object to extension data. */
wolfSSL 15:117db924cf7c 5638 format->next = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 5639 extension->data = (void*)format;
wolfSSL 15:117db924cf7c 5640
wolfSSL 15:117db924cf7c 5641 /* look for another format of the same name to remove (replacement) */
wolfSSL 15:117db924cf7c 5642 do {
wolfSSL 15:117db924cf7c 5643 if (format->next && (format->next->name == name)) {
wolfSSL 15:117db924cf7c 5644 QSHScheme* next = format->next;
wolfSSL 15:117db924cf7c 5645
wolfSSL 15:117db924cf7c 5646 format->next = next->next;
wolfSSL 15:117db924cf7c 5647 XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 5648
wolfSSL 15:117db924cf7c 5649 break;
wolfSSL 15:117db924cf7c 5650 }
wolfSSL 15:117db924cf7c 5651 } while ((format = format->next));
wolfSSL 15:117db924cf7c 5652 }
wolfSSL 15:117db924cf7c 5653 }
wolfSSL 15:117db924cf7c 5654 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5655 }
wolfSSL 15:117db924cf7c 5656
wolfSSL 15:117db924cf7c 5657 #define QSH_FREE_ALL TLSX_QSH_FreeAll
wolfSSL 15:117db924cf7c 5658 #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
wolfSSL 15:117db924cf7c 5659
wolfSSL 15:117db924cf7c 5660 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 5661 #define QSH_GET_SIZE TLSX_QSH_GetSize
wolfSSL 15:117db924cf7c 5662 #define QSH_WRITE TLSX_QSH_Write
wolfSSL 15:117db924cf7c 5663 #else
wolfSSL 16:8e0d178b1d1e 5664 #define QSH_GET_SIZE(list, a) 0
wolfSSL 15:117db924cf7c 5665 #define QSH_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5666 #endif
wolfSSL 15:117db924cf7c 5667
wolfSSL 15:117db924cf7c 5668 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 5669 #define QSH_PARSE TLSX_QSH_Parse
wolfSSL 15:117db924cf7c 5670 #else
wolfSSL 15:117db924cf7c 5671 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5672 #endif
wolfSSL 15:117db924cf7c 5673
wolfSSL 15:117db924cf7c 5674 #define QSHPK_WRITE TLSX_QSHPK_Write
wolfSSL 15:117db924cf7c 5675 #define QSH_SERREQ TLSX_QSH_SerPKReq
wolfSSL 15:117db924cf7c 5676 #else
wolfSSL 15:117db924cf7c 5677
wolfSSL 15:117db924cf7c 5678 #define QSH_FREE_ALL(list, heap)
wolfSSL 15:117db924cf7c 5679 #define QSH_GET_SIZE(list, a) 0
wolfSSL 15:117db924cf7c 5680 #define QSH_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5681 #define QSH_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 5682 #define QSHPK_WRITE(a, b) 0
wolfSSL 15:117db924cf7c 5683 #define QSH_SERREQ(a, b) 0
wolfSSL 15:117db924cf7c 5684 #define QSH_VALIDATE_REQUEST(a, b)
wolfSSL 15:117db924cf7c 5685
wolfSSL 15:117db924cf7c 5686 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 5687
wolfSSL 16:8e0d178b1d1e 5688 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 5689 /******************************************************************************/
wolfSSL 16:8e0d178b1d1e 5690 /* Encrypt-then-MAC */
wolfSSL 16:8e0d178b1d1e 5691 /******************************************************************************/
wolfSSL 16:8e0d178b1d1e 5692
wolfSSL 16:8e0d178b1d1e 5693 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 5694 static int TLSX_EncryptThenMac_Use(WOLFSSL* ssl);
wolfSSL 16:8e0d178b1d1e 5695
wolfSSL 16:8e0d178b1d1e 5696 /**
wolfSSL 16:8e0d178b1d1e 5697 * Get the size of the Encrypt-Then-MAC extension.
wolfSSL 16:8e0d178b1d1e 5698 *
wolfSSL 16:8e0d178b1d1e 5699 * msgType Type of message to put extension into.
wolfSSL 16:8e0d178b1d1e 5700 * pSz Size of extension data.
wolfSSL 16:8e0d178b1d1e 5701 * return SANITY_MSG_E when the message is not allowed to have extension and
wolfSSL 16:8e0d178b1d1e 5702 * 0 otherwise.
wolfSSL 16:8e0d178b1d1e 5703 */
wolfSSL 16:8e0d178b1d1e 5704 static int TLSX_EncryptThenMac_GetSize(byte msgType, word16* pSz)
wolfSSL 16:8e0d178b1d1e 5705 {
wolfSSL 16:8e0d178b1d1e 5706 (void)pSz;
wolfSSL 16:8e0d178b1d1e 5707
wolfSSL 16:8e0d178b1d1e 5708 if (msgType != client_hello && msgType != server_hello) {
wolfSSL 16:8e0d178b1d1e 5709 return SANITY_MSG_E;
wolfSSL 16:8e0d178b1d1e 5710 }
wolfSSL 16:8e0d178b1d1e 5711
wolfSSL 16:8e0d178b1d1e 5712 /* Empty extension */
wolfSSL 16:8e0d178b1d1e 5713
wolfSSL 16:8e0d178b1d1e 5714 return 0;
wolfSSL 16:8e0d178b1d1e 5715 }
wolfSSL 16:8e0d178b1d1e 5716
wolfSSL 16:8e0d178b1d1e 5717 /**
wolfSSL 16:8e0d178b1d1e 5718 * Write the Encrypt-Then-MAC extension.
wolfSSL 16:8e0d178b1d1e 5719 *
wolfSSL 16:8e0d178b1d1e 5720 * data Unused
wolfSSL 16:8e0d178b1d1e 5721 * output Extension data buffer. Unused.
wolfSSL 16:8e0d178b1d1e 5722 * msgType Type of message to put extension into.
wolfSSL 16:8e0d178b1d1e 5723 * pSz Size of extension data.
wolfSSL 16:8e0d178b1d1e 5724 * return SANITY_MSG_E when the message is not allowed to have extension and
wolfSSL 16:8e0d178b1d1e 5725 * 0 otherwise.
wolfSSL 16:8e0d178b1d1e 5726 */
wolfSSL 16:8e0d178b1d1e 5727 static int TLSX_EncryptThenMac_Write(void* data, byte* output, byte msgType,
wolfSSL 16:8e0d178b1d1e 5728 word16* pSz)
wolfSSL 16:8e0d178b1d1e 5729 {
wolfSSL 16:8e0d178b1d1e 5730 (void)data;
wolfSSL 16:8e0d178b1d1e 5731 (void)output;
wolfSSL 16:8e0d178b1d1e 5732 (void)pSz;
wolfSSL 16:8e0d178b1d1e 5733
wolfSSL 16:8e0d178b1d1e 5734 if (msgType != client_hello && msgType != server_hello) {
wolfSSL 16:8e0d178b1d1e 5735 return SANITY_MSG_E;
wolfSSL 16:8e0d178b1d1e 5736 }
wolfSSL 16:8e0d178b1d1e 5737
wolfSSL 16:8e0d178b1d1e 5738 /* Empty extension */
wolfSSL 16:8e0d178b1d1e 5739
wolfSSL 16:8e0d178b1d1e 5740 return 0;
wolfSSL 16:8e0d178b1d1e 5741 }
wolfSSL 16:8e0d178b1d1e 5742
wolfSSL 16:8e0d178b1d1e 5743 /**
wolfSSL 16:8e0d178b1d1e 5744 * Parse the Encrypt-Then-MAC extension.
wolfSSL 16:8e0d178b1d1e 5745 *
wolfSSL 16:8e0d178b1d1e 5746 * ssl SSL object
wolfSSL 16:8e0d178b1d1e 5747 * input Extension data buffer.
wolfSSL 16:8e0d178b1d1e 5748 * length Length of this extension's data.
wolfSSL 16:8e0d178b1d1e 5749 * msgType Type of message to extension appeared in.
wolfSSL 16:8e0d178b1d1e 5750 * return SANITY_MSG_E when the message is not allowed to have extension,
wolfSSL 16:8e0d178b1d1e 5751 * BUFFER_ERROR when the extension's data is invalid,
wolfSSL 16:8e0d178b1d1e 5752 * MEMORY_E when unable to allocate memory and
wolfSSL 16:8e0d178b1d1e 5753 * 0 otherwise.
wolfSSL 16:8e0d178b1d1e 5754 */
wolfSSL 16:8e0d178b1d1e 5755 static int TLSX_EncryptThenMac_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 16:8e0d178b1d1e 5756 byte msgType)
wolfSSL 16:8e0d178b1d1e 5757 {
wolfSSL 16:8e0d178b1d1e 5758 int ret;
wolfSSL 16:8e0d178b1d1e 5759
wolfSSL 16:8e0d178b1d1e 5760 (void)input;
wolfSSL 16:8e0d178b1d1e 5761
wolfSSL 16:8e0d178b1d1e 5762 if (msgType != client_hello && msgType != server_hello) {
wolfSSL 16:8e0d178b1d1e 5763 return SANITY_MSG_E;
wolfSSL 16:8e0d178b1d1e 5764 }
wolfSSL 16:8e0d178b1d1e 5765
wolfSSL 16:8e0d178b1d1e 5766 /* Empty extension */
wolfSSL 16:8e0d178b1d1e 5767 if (length != 0)
wolfSSL 16:8e0d178b1d1e 5768 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 5769
wolfSSL 16:8e0d178b1d1e 5770 if (msgType == client_hello) {
wolfSSL 16:8e0d178b1d1e 5771 /* Check the user hasn't disallowed use of Encrypt-Then-Mac. */
wolfSSL 16:8e0d178b1d1e 5772 if (!ssl->options.disallowEncThenMac) {
wolfSSL 16:8e0d178b1d1e 5773 ssl->options.encThenMac = 1;
wolfSSL 16:8e0d178b1d1e 5774 /* Set the extension reply. */
wolfSSL 16:8e0d178b1d1e 5775 ret = TLSX_EncryptThenMac_Use(ssl);
wolfSSL 16:8e0d178b1d1e 5776 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 5777 return ret;
wolfSSL 16:8e0d178b1d1e 5778 TLSX_SetResponse(ssl, TLSX_ENCRYPT_THEN_MAC);
wolfSSL 16:8e0d178b1d1e 5779 }
wolfSSL 16:8e0d178b1d1e 5780 return 0;
wolfSSL 16:8e0d178b1d1e 5781 }
wolfSSL 16:8e0d178b1d1e 5782
wolfSSL 16:8e0d178b1d1e 5783 /* Server Hello */
wolfSSL 16:8e0d178b1d1e 5784 if (ssl->options.disallowEncThenMac)
wolfSSL 16:8e0d178b1d1e 5785 return SANITY_MSG_E;
wolfSSL 16:8e0d178b1d1e 5786
wolfSSL 16:8e0d178b1d1e 5787 ssl->options.encThenMac = 1;
wolfSSL 16:8e0d178b1d1e 5788 return 0;
wolfSSL 16:8e0d178b1d1e 5789
wolfSSL 16:8e0d178b1d1e 5790 }
wolfSSL 16:8e0d178b1d1e 5791
wolfSSL 16:8e0d178b1d1e 5792 /**
wolfSSL 16:8e0d178b1d1e 5793 * Add the Encrypt-Then-MAC extension to list.
wolfSSL 16:8e0d178b1d1e 5794 *
wolfSSL 16:8e0d178b1d1e 5795 * ssl SSL object
wolfSSL 16:8e0d178b1d1e 5796 * return MEMORY_E when unable to allocate memory and 0 otherwise.
wolfSSL 16:8e0d178b1d1e 5797 */
wolfSSL 16:8e0d178b1d1e 5798 static int TLSX_EncryptThenMac_Use(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 5799 {
wolfSSL 16:8e0d178b1d1e 5800 int ret = 0;
wolfSSL 16:8e0d178b1d1e 5801 TLSX* extension;
wolfSSL 16:8e0d178b1d1e 5802
wolfSSL 16:8e0d178b1d1e 5803 /* Find the Encrypt-Then-Mac extension if it exists. */
wolfSSL 16:8e0d178b1d1e 5804 extension = TLSX_Find(ssl->extensions, TLSX_ENCRYPT_THEN_MAC);
wolfSSL 16:8e0d178b1d1e 5805 if (extension == NULL) {
wolfSSL 16:8e0d178b1d1e 5806 /* Push new Encrypt-Then-Mac extension. */
wolfSSL 16:8e0d178b1d1e 5807 ret = TLSX_Push(&ssl->extensions, TLSX_ENCRYPT_THEN_MAC, NULL,
wolfSSL 16:8e0d178b1d1e 5808 ssl->heap);
wolfSSL 16:8e0d178b1d1e 5809 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 5810 return ret;
wolfSSL 16:8e0d178b1d1e 5811 }
wolfSSL 16:8e0d178b1d1e 5812
wolfSSL 16:8e0d178b1d1e 5813 return 0;
wolfSSL 16:8e0d178b1d1e 5814 }
wolfSSL 16:8e0d178b1d1e 5815
wolfSSL 16:8e0d178b1d1e 5816 #define ETM_GET_SIZE TLSX_EncryptThenMac_GetSize
wolfSSL 16:8e0d178b1d1e 5817 #define ETM_WRITE TLSX_EncryptThenMac_Write
wolfSSL 16:8e0d178b1d1e 5818 #define ETM_PARSE TLSX_EncryptThenMac_Parse
wolfSSL 16:8e0d178b1d1e 5819
wolfSSL 16:8e0d178b1d1e 5820 #else
wolfSSL 16:8e0d178b1d1e 5821
wolfSSL 16:8e0d178b1d1e 5822 #define ETM_GET_SIZE(a, b) 0
wolfSSL 16:8e0d178b1d1e 5823 #define ETM_WRITE(a, b, c, d) 0
wolfSSL 16:8e0d178b1d1e 5824 #define ETM_PARSE(a, b, c, d) 0
wolfSSL 16:8e0d178b1d1e 5825
wolfSSL 16:8e0d178b1d1e 5826 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 5827
wolfSSL 16:8e0d178b1d1e 5828 #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
wolfSSL 16:8e0d178b1d1e 5829
wolfSSL 15:117db924cf7c 5830 /******************************************************************************/
wolfSSL 15:117db924cf7c 5831 /* Supported Versions */
wolfSSL 15:117db924cf7c 5832 /******************************************************************************/
wolfSSL 15:117db924cf7c 5833
wolfSSL 15:117db924cf7c 5834 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 5835 /* Return the size of the SupportedVersions extension's data.
wolfSSL 15:117db924cf7c 5836 *
wolfSSL 15:117db924cf7c 5837 * data The SSL/TLS object.
wolfSSL 15:117db924cf7c 5838 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5839 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 5840 */
wolfSSL 15:117db924cf7c 5841 static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5842 {
wolfSSL 15:117db924cf7c 5843 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 5844
wolfSSL 15:117db924cf7c 5845 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 5846 /* TLS v1.2 and TLS v1.3 */
wolfSSL 16:8e0d178b1d1e 5847 int cnt = 0;
wolfSSL 16:8e0d178b1d1e 5848
wolfSSL 16:8e0d178b1d1e 5849 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5850 if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0)
wolfSSL 16:8e0d178b1d1e 5851 #endif
wolfSSL 16:8e0d178b1d1e 5852 cnt++;
wolfSSL 16:8e0d178b1d1e 5853
wolfSSL 16:8e0d178b1d1e 5854 if (ssl->options.downgrade) {
wolfSSL 16:8e0d178b1d1e 5855 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 5856 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5857 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0)
wolfSSL 16:8e0d178b1d1e 5858 #endif
wolfSSL 16:8e0d178b1d1e 5859 cnt++;
wolfSSL 16:8e0d178b1d1e 5860 #endif
wolfSSL 15:117db924cf7c 5861
wolfSSL 15:117db924cf7c 5862 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 5863 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5864 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0)
wolfSSL 16:8e0d178b1d1e 5865 #endif
wolfSSL 16:8e0d178b1d1e 5866 cnt++;
wolfSSL 15:117db924cf7c 5867 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 16:8e0d178b1d1e 5868 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5869 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == 0)
wolfSSL 16:8e0d178b1d1e 5870 #endif
wolfSSL 16:8e0d178b1d1e 5871 cnt++;
wolfSSL 16:8e0d178b1d1e 5872 #endif
wolfSSL 16:8e0d178b1d1e 5873 #endif
wolfSSL 16:8e0d178b1d1e 5874 }
wolfSSL 15:117db924cf7c 5875
wolfSSL 15:117db924cf7c 5876 *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 5877 }
wolfSSL 15:117db924cf7c 5878 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5879 else if (msgType == server_hello || msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 5880 *pSz += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5881 #endif
wolfSSL 15:117db924cf7c 5882 else
wolfSSL 15:117db924cf7c 5883 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5884
wolfSSL 15:117db924cf7c 5885 return 0;
wolfSSL 15:117db924cf7c 5886 }
wolfSSL 15:117db924cf7c 5887
wolfSSL 15:117db924cf7c 5888 /* Writes the SupportedVersions extension into the buffer.
wolfSSL 15:117db924cf7c 5889 *
wolfSSL 15:117db924cf7c 5890 * data The SSL/TLS object.
wolfSSL 15:117db924cf7c 5891 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 5892 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 5893 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 5894 */
wolfSSL 15:117db924cf7c 5895 static int TLSX_SupportedVersions_Write(void* data, byte* output,
wolfSSL 16:8e0d178b1d1e 5896 byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 5897 {
wolfSSL 15:117db924cf7c 5898 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 16:8e0d178b1d1e 5899 byte major;
wolfSSL 16:8e0d178b1d1e 5900 byte* cnt;
wolfSSL 15:117db924cf7c 5901
wolfSSL 15:117db924cf7c 5902 if (msgType == client_hello) {
wolfSSL 16:8e0d178b1d1e 5903 major = ssl->ctx->method->version.major;
wolfSSL 16:8e0d178b1d1e 5904
wolfSSL 16:8e0d178b1d1e 5905
wolfSSL 16:8e0d178b1d1e 5906 cnt = output++;
wolfSSL 16:8e0d178b1d1e 5907 *cnt = 0;
wolfSSL 16:8e0d178b1d1e 5908 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5909 if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0)
wolfSSL 16:8e0d178b1d1e 5910 #endif
wolfSSL 16:8e0d178b1d1e 5911 {
wolfSSL 16:8e0d178b1d1e 5912 *cnt += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 5913 #ifdef WOLFSSL_TLS13_DRAFT
wolfSSL 15:117db924cf7c 5914 /* The TLS draft major number. */
wolfSSL 15:117db924cf7c 5915 *(output++) = TLS_DRAFT_MAJOR;
wolfSSL 15:117db924cf7c 5916 /* Version of draft supported. */
wolfSSL 15:117db924cf7c 5917 *(output++) = TLS_DRAFT_MINOR;
wolfSSL 16:8e0d178b1d1e 5918 #else
wolfSSL 16:8e0d178b1d1e 5919 *(output++) = major;
wolfSSL 16:8e0d178b1d1e 5920 *(output++) = (byte)TLSv1_3_MINOR;
wolfSSL 16:8e0d178b1d1e 5921 #endif
wolfSSL 16:8e0d178b1d1e 5922 }
wolfSSL 16:8e0d178b1d1e 5923 if (ssl->options.downgrade) {
wolfSSL 16:8e0d178b1d1e 5924 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 5925 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5926 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0)
wolfSSL 16:8e0d178b1d1e 5927 #endif
wolfSSL 16:8e0d178b1d1e 5928 {
wolfSSL 16:8e0d178b1d1e 5929 *cnt += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 5930 *(output++) = major;
wolfSSL 16:8e0d178b1d1e 5931 *(output++) = (byte)TLSv1_2_MINOR;
wolfSSL 15:117db924cf7c 5932 }
wolfSSL 15:117db924cf7c 5933 #endif
wolfSSL 15:117db924cf7c 5934
wolfSSL 16:8e0d178b1d1e 5935 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 5936 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5937 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0)
wolfSSL 16:8e0d178b1d1e 5938 #endif
wolfSSL 16:8e0d178b1d1e 5939 {
wolfSSL 16:8e0d178b1d1e 5940 *cnt += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 5941 *(output++) = major;
wolfSSL 16:8e0d178b1d1e 5942 *(output++) = (byte)TLSv1_1_MINOR;
wolfSSL 16:8e0d178b1d1e 5943 }
wolfSSL 16:8e0d178b1d1e 5944 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 16:8e0d178b1d1e 5945 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 5946 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == 0)
wolfSSL 16:8e0d178b1d1e 5947 #endif
wolfSSL 16:8e0d178b1d1e 5948 {
wolfSSL 16:8e0d178b1d1e 5949 *cnt += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 5950 *(output++) = major;
wolfSSL 16:8e0d178b1d1e 5951 *(output++) = (byte)TLSv1_MINOR;
wolfSSL 16:8e0d178b1d1e 5952 }
wolfSSL 16:8e0d178b1d1e 5953 #endif
wolfSSL 16:8e0d178b1d1e 5954 #endif
wolfSSL 16:8e0d178b1d1e 5955 }
wolfSSL 16:8e0d178b1d1e 5956
wolfSSL 16:8e0d178b1d1e 5957 *pSz += (word16)(OPAQUE8_LEN + *cnt);
wolfSSL 15:117db924cf7c 5958 }
wolfSSL 15:117db924cf7c 5959 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 5960 else if (msgType == server_hello || msgType == hello_retry_request) {
wolfSSL 16:8e0d178b1d1e 5961 #ifdef WOLFSSL_TLS13_DRAFT
wolfSSL 15:117db924cf7c 5962 if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL 15:117db924cf7c 5963 ssl->version.minor == TLSv1_3_MINOR) {
wolfSSL 15:117db924cf7c 5964 output[0] = TLS_DRAFT_MAJOR;
wolfSSL 15:117db924cf7c 5965 output[1] = TLS_DRAFT_MINOR;
wolfSSL 15:117db924cf7c 5966 }
wolfSSL 15:117db924cf7c 5967 else
wolfSSL 15:117db924cf7c 5968 #endif
wolfSSL 15:117db924cf7c 5969 {
wolfSSL 15:117db924cf7c 5970 output[0] = ssl->version.major;
wolfSSL 15:117db924cf7c 5971 output[1] = ssl->version.minor;
wolfSSL 15:117db924cf7c 5972 }
wolfSSL 15:117db924cf7c 5973
wolfSSL 15:117db924cf7c 5974 *pSz += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 5975 }
wolfSSL 15:117db924cf7c 5976 #endif
wolfSSL 15:117db924cf7c 5977 else
wolfSSL 15:117db924cf7c 5978 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 5979
wolfSSL 15:117db924cf7c 5980 return 0;
wolfSSL 15:117db924cf7c 5981 }
wolfSSL 15:117db924cf7c 5982
wolfSSL 15:117db924cf7c 5983 /* Parse the SupportedVersions extension.
wolfSSL 15:117db924cf7c 5984 *
wolfSSL 15:117db924cf7c 5985 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 5986 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 5987 * length The length of the extension data.
wolfSSL 15:117db924cf7c 5988 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 5989 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 5990 */
wolfSSL 15:117db924cf7c 5991 static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 15:117db924cf7c 5992 word16 length, byte msgType)
wolfSSL 15:117db924cf7c 5993 {
wolfSSL 15:117db924cf7c 5994 ProtocolVersion pv = ssl->ctx->method->version;
wolfSSL 15:117db924cf7c 5995 int i;
wolfSSL 15:117db924cf7c 5996 int len;
wolfSSL 15:117db924cf7c 5997 byte major, minor;
wolfSSL 15:117db924cf7c 5998 int newMinor = 0;
wolfSSL 16:8e0d178b1d1e 5999 int set = 0;
wolfSSL 15:117db924cf7c 6000
wolfSSL 15:117db924cf7c 6001 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 6002 /* Must contain a length and at least one version. */
wolfSSL 15:117db924cf7c 6003 if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1)
wolfSSL 15:117db924cf7c 6004 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6005
wolfSSL 15:117db924cf7c 6006 len = *input;
wolfSSL 15:117db924cf7c 6007
wolfSSL 15:117db924cf7c 6008 /* Protocol version array must fill rest of data. */
wolfSSL 16:8e0d178b1d1e 6009 if (length != (word16)OPAQUE8_LEN + len)
wolfSSL 15:117db924cf7c 6010 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6011
wolfSSL 15:117db924cf7c 6012 input++;
wolfSSL 15:117db924cf7c 6013
wolfSSL 15:117db924cf7c 6014 /* Find first match. */
wolfSSL 15:117db924cf7c 6015 for (i = 0; i < len; i += OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 6016 major = input[i];
wolfSSL 15:117db924cf7c 6017 minor = input[i + OPAQUE8_LEN];
wolfSSL 15:117db924cf7c 6018
wolfSSL 16:8e0d178b1d1e 6019 #ifdef WOLFSSL_TLS13_DRAFT
wolfSSL 15:117db924cf7c 6020 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
wolfSSL 15:117db924cf7c 6021 major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 6022 minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 6023 }
wolfSSL 16:8e0d178b1d1e 6024 #else
wolfSSL 16:8e0d178b1d1e 6025 if (major == TLS_DRAFT_MAJOR)
wolfSSL 16:8e0d178b1d1e 6026 continue;
wolfSSL 15:117db924cf7c 6027 #endif
wolfSSL 15:117db924cf7c 6028
wolfSSL 15:117db924cf7c 6029 if (major != pv.major)
wolfSSL 15:117db924cf7c 6030 continue;
wolfSSL 15:117db924cf7c 6031
wolfSSL 15:117db924cf7c 6032 /* No upgrade allowed. */
wolfSSL 15:117db924cf7c 6033 if (minor > ssl->version.minor)
wolfSSL 15:117db924cf7c 6034 continue;
wolfSSL 15:117db924cf7c 6035 /* Check downgrade. */
wolfSSL 15:117db924cf7c 6036 if (minor < ssl->version.minor) {
wolfSSL 15:117db924cf7c 6037 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 6038 continue;
wolfSSL 15:117db924cf7c 6039
wolfSSL 15:117db924cf7c 6040 if (minor < ssl->options.minDowngrade)
wolfSSL 15:117db924cf7c 6041 continue;
wolfSSL 15:117db924cf7c 6042
wolfSSL 15:117db924cf7c 6043 if (newMinor == 0 && minor > ssl->options.oldMinor) {
wolfSSL 15:117db924cf7c 6044 /* Downgrade the version. */
wolfSSL 15:117db924cf7c 6045 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 6046 }
wolfSSL 15:117db924cf7c 6047 }
wolfSSL 15:117db924cf7c 6048
wolfSSL 15:117db924cf7c 6049 if (minor >= TLSv1_3_MINOR) {
wolfSSL 15:117db924cf7c 6050 if (!ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 6051 ssl->options.tls1_3 = 1;
wolfSSL 15:117db924cf7c 6052 TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl,
wolfSSL 15:117db924cf7c 6053 ssl->heap);
wolfSSL 15:117db924cf7c 6054 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 6055 TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS);
wolfSSL 15:117db924cf7c 6056 #endif
wolfSSL 15:117db924cf7c 6057 }
wolfSSL 15:117db924cf7c 6058 if (minor > newMinor) {
wolfSSL 15:117db924cf7c 6059 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 6060 newMinor = minor;
wolfSSL 15:117db924cf7c 6061 }
wolfSSL 15:117db924cf7c 6062 }
wolfSSL 15:117db924cf7c 6063 else if (minor > ssl->options.oldMinor)
wolfSSL 15:117db924cf7c 6064 ssl->options.oldMinor = minor;
wolfSSL 16:8e0d178b1d1e 6065
wolfSSL 16:8e0d178b1d1e 6066 set = 1;
wolfSSL 16:8e0d178b1d1e 6067 }
wolfSSL 16:8e0d178b1d1e 6068 if (!set) {
wolfSSL 16:8e0d178b1d1e 6069 #ifdef WOLFSSL_MYSQL_COMPATIBLE
wolfSSL 16:8e0d178b1d1e 6070 SendAlert(ssl, alert_fatal, wc_protocol_version);
wolfSSL 16:8e0d178b1d1e 6071 #else
wolfSSL 16:8e0d178b1d1e 6072 SendAlert(ssl, alert_fatal, protocol_version);
wolfSSL 16:8e0d178b1d1e 6073 #endif
wolfSSL 16:8e0d178b1d1e 6074 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6075 }
wolfSSL 15:117db924cf7c 6076 }
wolfSSL 15:117db924cf7c 6077 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 6078 else if (msgType == server_hello || msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 6079 /* Must contain one version. */
wolfSSL 15:117db924cf7c 6080 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 6081 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6082
wolfSSL 15:117db924cf7c 6083 major = input[0];
wolfSSL 15:117db924cf7c 6084 minor = input[OPAQUE8_LEN];
wolfSSL 15:117db924cf7c 6085
wolfSSL 16:8e0d178b1d1e 6086 #ifdef WOLFSSL_TLS13_DRAFT
wolfSSL 15:117db924cf7c 6087 if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
wolfSSL 15:117db924cf7c 6088 major = SSLv3_MAJOR;
wolfSSL 15:117db924cf7c 6089 minor = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 6090 }
wolfSSL 15:117db924cf7c 6091 #endif
wolfSSL 15:117db924cf7c 6092
wolfSSL 15:117db924cf7c 6093 if (major != pv.major)
wolfSSL 15:117db924cf7c 6094 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6095
wolfSSL 15:117db924cf7c 6096 /* Can't downgrade with this extension below TLS v1.3. */
wolfSSL 15:117db924cf7c 6097 if (minor < TLSv1_3_MINOR)
wolfSSL 15:117db924cf7c 6098 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6099
wolfSSL 15:117db924cf7c 6100 /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */
wolfSSL 15:117db924cf7c 6101 if (ssl->options.downgrade && ssl->version.minor == TLSv1_2_MINOR) {
wolfSSL 15:117db924cf7c 6102 /* Set minor version back to TLS v1.3+ */
wolfSSL 15:117db924cf7c 6103 ssl->version.minor = ssl->ctx->method->version.minor;
wolfSSL 15:117db924cf7c 6104 }
wolfSSL 15:117db924cf7c 6105
wolfSSL 15:117db924cf7c 6106 /* No upgrade allowed. */
wolfSSL 15:117db924cf7c 6107 if (ssl->version.minor < minor)
wolfSSL 15:117db924cf7c 6108 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6109
wolfSSL 15:117db924cf7c 6110 /* Check downgrade. */
wolfSSL 15:117db924cf7c 6111 if (ssl->version.minor > minor) {
wolfSSL 15:117db924cf7c 6112 if (!ssl->options.downgrade)
wolfSSL 15:117db924cf7c 6113 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6114
wolfSSL 15:117db924cf7c 6115 if (minor < ssl->options.minDowngrade)
wolfSSL 15:117db924cf7c 6116 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 6117
wolfSSL 15:117db924cf7c 6118 /* Downgrade the version. */
wolfSSL 15:117db924cf7c 6119 ssl->version.minor = minor;
wolfSSL 15:117db924cf7c 6120 }
wolfSSL 15:117db924cf7c 6121 }
wolfSSL 15:117db924cf7c 6122 #endif
wolfSSL 15:117db924cf7c 6123 else
wolfSSL 15:117db924cf7c 6124 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 6125
wolfSSL 15:117db924cf7c 6126 return 0;
wolfSSL 15:117db924cf7c 6127 }
wolfSSL 15:117db924cf7c 6128
wolfSSL 15:117db924cf7c 6129 /* Sets a new SupportedVersions extension into the extension list.
wolfSSL 15:117db924cf7c 6130 *
wolfSSL 15:117db924cf7c 6131 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 6132 * data The extensions specific data.
wolfSSL 15:117db924cf7c 6133 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6134 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6135 */
wolfSSL 15:117db924cf7c 6136 static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 6137 void* heap)
wolfSSL 15:117db924cf7c 6138 {
wolfSSL 15:117db924cf7c 6139 if (extensions == NULL || data == NULL)
wolfSSL 15:117db924cf7c 6140 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6141
wolfSSL 15:117db924cf7c 6142 return TLSX_Push(extensions, TLSX_SUPPORTED_VERSIONS, (void *)data, heap);
wolfSSL 15:117db924cf7c 6143 }
wolfSSL 15:117db924cf7c 6144
wolfSSL 15:117db924cf7c 6145 #define SV_GET_SIZE TLSX_SupportedVersions_GetSize
wolfSSL 15:117db924cf7c 6146 #define SV_WRITE TLSX_SupportedVersions_Write
wolfSSL 15:117db924cf7c 6147 #define SV_PARSE TLSX_SupportedVersions_Parse
wolfSSL 15:117db924cf7c 6148
wolfSSL 15:117db924cf7c 6149 #else
wolfSSL 15:117db924cf7c 6150
wolfSSL 15:117db924cf7c 6151 #define SV_GET_SIZE(a, b, c) 0
wolfSSL 15:117db924cf7c 6152 #define SV_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 6153 #define SV_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 6154
wolfSSL 15:117db924cf7c 6155 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 6156
wolfSSL 15:117db924cf7c 6157 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 6158
wolfSSL 15:117db924cf7c 6159 /******************************************************************************/
wolfSSL 15:117db924cf7c 6160 /* Cookie */
wolfSSL 15:117db924cf7c 6161 /******************************************************************************/
wolfSSL 15:117db924cf7c 6162
wolfSSL 15:117db924cf7c 6163 /* Free the cookie data.
wolfSSL 15:117db924cf7c 6164 *
wolfSSL 15:117db924cf7c 6165 * cookie Cookie data.
wolfSSL 15:117db924cf7c 6166 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6167 */
wolfSSL 15:117db924cf7c 6168 static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap)
wolfSSL 15:117db924cf7c 6169 {
wolfSSL 15:117db924cf7c 6170 (void)heap;
wolfSSL 15:117db924cf7c 6171
wolfSSL 15:117db924cf7c 6172 if (cookie != NULL)
wolfSSL 15:117db924cf7c 6173 XFREE(cookie, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6174 }
wolfSSL 15:117db924cf7c 6175
wolfSSL 15:117db924cf7c 6176 /* Get the size of the encoded Cookie extension.
wolfSSL 15:117db924cf7c 6177 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 6178 *
wolfSSL 15:117db924cf7c 6179 * cookie The cookie to write.
wolfSSL 15:117db924cf7c 6180 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 6181 * returns the number of bytes of the encoded Cookie extension.
wolfSSL 15:117db924cf7c 6182 */
wolfSSL 15:117db924cf7c 6183 static int TLSX_Cookie_GetSize(Cookie* cookie, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 6184 {
wolfSSL 15:117db924cf7c 6185 if (msgType == client_hello || msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 6186 *pSz += OPAQUE16_LEN + cookie->len;
wolfSSL 15:117db924cf7c 6187 else
wolfSSL 15:117db924cf7c 6188 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 6189 return 0;
wolfSSL 15:117db924cf7c 6190 }
wolfSSL 15:117db924cf7c 6191
wolfSSL 15:117db924cf7c 6192 /* Writes the Cookie extension into the output buffer.
wolfSSL 15:117db924cf7c 6193 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 6194 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 6195 *
wolfSSL 15:117db924cf7c 6196 * cookie The cookie to write.
wolfSSL 15:117db924cf7c 6197 * output The buffer to write into.
wolfSSL 15:117db924cf7c 6198 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 6199 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 6200 */
wolfSSL 16:8e0d178b1d1e 6201 static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType,
wolfSSL 16:8e0d178b1d1e 6202 word16* pSz)
wolfSSL 15:117db924cf7c 6203 {
wolfSSL 15:117db924cf7c 6204 if (msgType == client_hello || msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 6205 c16toa(cookie->len, output);
wolfSSL 15:117db924cf7c 6206 output += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6207 XMEMCPY(output, &cookie->data, cookie->len);
wolfSSL 15:117db924cf7c 6208 *pSz += OPAQUE16_LEN + cookie->len;
wolfSSL 15:117db924cf7c 6209 }
wolfSSL 15:117db924cf7c 6210 else
wolfSSL 15:117db924cf7c 6211 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 6212 return 0;
wolfSSL 15:117db924cf7c 6213 }
wolfSSL 15:117db924cf7c 6214
wolfSSL 15:117db924cf7c 6215 /* Parse the Cookie extension.
wolfSSL 15:117db924cf7c 6216 * In messages: ClientHello and HelloRetryRequest.
wolfSSL 15:117db924cf7c 6217 *
wolfSSL 15:117db924cf7c 6218 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6219 * input The extension data.
wolfSSL 15:117db924cf7c 6220 * length The length of the extension data.
wolfSSL 15:117db924cf7c 6221 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 6222 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6223 */
wolfSSL 15:117db924cf7c 6224 static int TLSX_Cookie_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 6225 byte msgType)
wolfSSL 15:117db924cf7c 6226 {
wolfSSL 15:117db924cf7c 6227 word16 len;
wolfSSL 15:117db924cf7c 6228 word16 idx = 0;
wolfSSL 15:117db924cf7c 6229 TLSX* extension;
wolfSSL 15:117db924cf7c 6230 Cookie* cookie;
wolfSSL 15:117db924cf7c 6231
wolfSSL 15:117db924cf7c 6232 if (msgType != client_hello && msgType != hello_retry_request)
wolfSSL 15:117db924cf7c 6233 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 6234
wolfSSL 15:117db924cf7c 6235 /* Message contains length and Cookie which must be at least one byte
wolfSSL 15:117db924cf7c 6236 * in length.
wolfSSL 15:117db924cf7c 6237 */
wolfSSL 15:117db924cf7c 6238 if (length < OPAQUE16_LEN + 1)
wolfSSL 15:117db924cf7c 6239 return BUFFER_E;
wolfSSL 15:117db924cf7c 6240 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 6241 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6242 if (length - idx != len)
wolfSSL 15:117db924cf7c 6243 return BUFFER_E;
wolfSSL 15:117db924cf7c 6244
wolfSSL 15:117db924cf7c 6245 if (msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 6246 return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0);
wolfSSL 15:117db924cf7c 6247
wolfSSL 15:117db924cf7c 6248 /* client_hello */
wolfSSL 15:117db924cf7c 6249 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 6250 if (extension == NULL)
wolfSSL 15:117db924cf7c 6251 return HRR_COOKIE_ERROR;
wolfSSL 15:117db924cf7c 6252
wolfSSL 15:117db924cf7c 6253 cookie = (Cookie*)extension->data;
wolfSSL 15:117db924cf7c 6254 if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0)
wolfSSL 15:117db924cf7c 6255 return HRR_COOKIE_ERROR;
wolfSSL 15:117db924cf7c 6256
wolfSSL 15:117db924cf7c 6257 /* Request seen. */
wolfSSL 15:117db924cf7c 6258 extension->resp = 0;
wolfSSL 15:117db924cf7c 6259
wolfSSL 15:117db924cf7c 6260 return 0;
wolfSSL 15:117db924cf7c 6261 }
wolfSSL 15:117db924cf7c 6262
wolfSSL 15:117db924cf7c 6263 /* Use the data to create a new Cookie object in the extensions.
wolfSSL 15:117db924cf7c 6264 *
wolfSSL 15:117db924cf7c 6265 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 6266 * data Cookie data.
wolfSSL 15:117db924cf7c 6267 * len Length of cookie data in bytes.
wolfSSL 15:117db924cf7c 6268 * mac MAC data.
wolfSSL 15:117db924cf7c 6269 * macSz Length of MAC data in bytes.
wolfSSL 15:117db924cf7c 6270 * resp Indicates the extension will go into a response (HelloRetryRequest).
wolfSSL 15:117db924cf7c 6271 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 6272 */
wolfSSL 15:117db924cf7c 6273 int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac,
wolfSSL 15:117db924cf7c 6274 byte macSz, int resp)
wolfSSL 15:117db924cf7c 6275 {
wolfSSL 15:117db924cf7c 6276 int ret = 0;
wolfSSL 15:117db924cf7c 6277 TLSX* extension;
wolfSSL 15:117db924cf7c 6278 Cookie* cookie;
wolfSSL 15:117db924cf7c 6279
wolfSSL 15:117db924cf7c 6280 /* Find the cookie extension if it exists. */
wolfSSL 15:117db924cf7c 6281 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 6282 if (extension == NULL) {
wolfSSL 15:117db924cf7c 6283 /* Push new cookie extension. */
wolfSSL 15:117db924cf7c 6284 ret = TLSX_Push(&ssl->extensions, TLSX_COOKIE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 6285 if (ret != 0)
wolfSSL 15:117db924cf7c 6286 return ret;
wolfSSL 15:117db924cf7c 6287
wolfSSL 15:117db924cf7c 6288 extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
wolfSSL 15:117db924cf7c 6289 if (extension == NULL)
wolfSSL 15:117db924cf7c 6290 return MEMORY_E;
wolfSSL 15:117db924cf7c 6291 }
wolfSSL 15:117db924cf7c 6292
wolfSSL 15:117db924cf7c 6293 /* The Cookie structure has one byte for cookie data already. */
wolfSSL 15:117db924cf7c 6294 cookie = (Cookie*)XMALLOC(sizeof(Cookie) + len + macSz - 1, ssl->heap,
wolfSSL 15:117db924cf7c 6295 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 6296 if (cookie == NULL)
wolfSSL 15:117db924cf7c 6297 return MEMORY_E;
wolfSSL 15:117db924cf7c 6298
wolfSSL 15:117db924cf7c 6299 cookie->len = len + macSz;
wolfSSL 15:117db924cf7c 6300 XMEMCPY(&cookie->data, data, len);
wolfSSL 15:117db924cf7c 6301 if (mac != NULL)
wolfSSL 15:117db924cf7c 6302 XMEMCPY(&cookie->data + len, mac, macSz);
wolfSSL 15:117db924cf7c 6303
wolfSSL 15:117db924cf7c 6304 extension->data = (void*)cookie;
wolfSSL 15:117db924cf7c 6305 extension->resp = (byte)resp;
wolfSSL 15:117db924cf7c 6306
wolfSSL 15:117db924cf7c 6307 return 0;
wolfSSL 15:117db924cf7c 6308 }
wolfSSL 15:117db924cf7c 6309
wolfSSL 15:117db924cf7c 6310 #define CKE_FREE_ALL TLSX_Cookie_FreeAll
wolfSSL 15:117db924cf7c 6311 #define CKE_GET_SIZE TLSX_Cookie_GetSize
wolfSSL 15:117db924cf7c 6312 #define CKE_WRITE TLSX_Cookie_Write
wolfSSL 15:117db924cf7c 6313 #define CKE_PARSE TLSX_Cookie_Parse
wolfSSL 15:117db924cf7c 6314
wolfSSL 15:117db924cf7c 6315 #else
wolfSSL 15:117db924cf7c 6316
wolfSSL 15:117db924cf7c 6317 #define CKE_FREE_ALL(a, b) 0
wolfSSL 15:117db924cf7c 6318 #define CKE_GET_SIZE(a, b, c) 0
wolfSSL 15:117db924cf7c 6319 #define CKE_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 6320 #define CKE_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 6321
wolfSSL 15:117db924cf7c 6322 #endif
wolfSSL 16:8e0d178b1d1e 6323 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 6324 /******************************************************************************/
wolfSSL 15:117db924cf7c 6325 /* Signature Algorithms */
wolfSSL 15:117db924cf7c 6326 /******************************************************************************/
wolfSSL 15:117db924cf7c 6327
wolfSSL 15:117db924cf7c 6328 /* Return the size of the SignatureAlgorithms extension's data.
wolfSSL 15:117db924cf7c 6329 *
wolfSSL 15:117db924cf7c 6330 * data Unused
wolfSSL 15:117db924cf7c 6331 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 6332 */
wolfSSL 16:8e0d178b1d1e 6333
wolfSSL 15:117db924cf7c 6334 static word16 TLSX_SignatureAlgorithms_GetSize(void* data)
wolfSSL 15:117db924cf7c 6335 {
wolfSSL 15:117db924cf7c 6336 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 6337
wolfSSL 15:117db924cf7c 6338 return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
wolfSSL 15:117db924cf7c 6339 }
wolfSSL 15:117db924cf7c 6340
wolfSSL 15:117db924cf7c 6341 /* Creates a bit string of supported hash algorithms with RSA PSS.
wolfSSL 15:117db924cf7c 6342 * The bit string is used when determining which signature algorithm to use
wolfSSL 15:117db924cf7c 6343 * when creating the CertificateVerify message.
wolfSSL 15:117db924cf7c 6344 * Note: Valid data has an even length as each signature algorithm is two bytes.
wolfSSL 15:117db924cf7c 6345 *
wolfSSL 15:117db924cf7c 6346 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6347 * input The buffer with the list of supported signature algorithms.
wolfSSL 15:117db924cf7c 6348 * length The length of the list in bytes.
wolfSSL 15:117db924cf7c 6349 * returns 0 on success, BUFFER_ERROR when the length is not even.
wolfSSL 15:117db924cf7c 6350 */
wolfSSL 15:117db924cf7c 6351 static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 6352 word16 length)
wolfSSL 15:117db924cf7c 6353 {
wolfSSL 15:117db924cf7c 6354 word16 i;
wolfSSL 15:117db924cf7c 6355
wolfSSL 15:117db924cf7c 6356 if ((length & 1) == 1)
wolfSSL 15:117db924cf7c 6357 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6358
wolfSSL 15:117db924cf7c 6359 ssl->pssAlgo = 0;
wolfSSL 15:117db924cf7c 6360 for (i = 0; i < length; i += 2) {
wolfSSL 15:117db924cf7c 6361 if (input[i] == rsa_pss_sa_algo && input[i + 1] <= sha512_mac)
wolfSSL 15:117db924cf7c 6362 ssl->pssAlgo |= 1 << input[i + 1];
wolfSSL 16:8e0d178b1d1e 6363 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 6364 if (input[i] == rsa_pss_sa_algo && input[i + 1] >= pss_sha256 &&
wolfSSL 16:8e0d178b1d1e 6365 input[i + 1] <= pss_sha512) {
wolfSSL 16:8e0d178b1d1e 6366 ssl->pssAlgo |= 1 << input[i + 1];
wolfSSL 16:8e0d178b1d1e 6367 }
wolfSSL 16:8e0d178b1d1e 6368 #endif
wolfSSL 15:117db924cf7c 6369 }
wolfSSL 15:117db924cf7c 6370
wolfSSL 15:117db924cf7c 6371 return 0;
wolfSSL 15:117db924cf7c 6372 }
wolfSSL 15:117db924cf7c 6373
wolfSSL 15:117db924cf7c 6374 /* Writes the SignatureAlgorithms extension into the buffer.
wolfSSL 15:117db924cf7c 6375 *
wolfSSL 15:117db924cf7c 6376 * data Unused
wolfSSL 15:117db924cf7c 6377 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 6378 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 6379 */
wolfSSL 15:117db924cf7c 6380 static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output)
wolfSSL 15:117db924cf7c 6381 {
wolfSSL 15:117db924cf7c 6382 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 6383
wolfSSL 15:117db924cf7c 6384 c16toa(ssl->suites->hashSigAlgoSz, output);
wolfSSL 15:117db924cf7c 6385 XMEMCPY(output + OPAQUE16_LEN, ssl->suites->hashSigAlgo,
wolfSSL 15:117db924cf7c 6386 ssl->suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 6387
wolfSSL 15:117db924cf7c 6388 TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN,
wolfSSL 15:117db924cf7c 6389 ssl->suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 6390
wolfSSL 15:117db924cf7c 6391 return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz;
wolfSSL 15:117db924cf7c 6392 }
wolfSSL 15:117db924cf7c 6393
wolfSSL 15:117db924cf7c 6394 /* Parse the SignatureAlgorithms extension.
wolfSSL 15:117db924cf7c 6395 *
wolfSSL 15:117db924cf7c 6396 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6397 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 6398 * length The length of the extension data.
wolfSSL 15:117db924cf7c 6399 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6400 */
wolfSSL 15:117db924cf7c 6401 static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 6402 word16 length, byte isRequest, Suites* suites)
wolfSSL 15:117db924cf7c 6403 {
wolfSSL 15:117db924cf7c 6404 word16 len;
wolfSSL 15:117db924cf7c 6405
wolfSSL 15:117db924cf7c 6406 if (!isRequest)
wolfSSL 15:117db924cf7c 6407 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6408
wolfSSL 15:117db924cf7c 6409 /* Must contain a length and at least algorithm. */
wolfSSL 15:117db924cf7c 6410 if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
wolfSSL 15:117db924cf7c 6411 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6412
wolfSSL 15:117db924cf7c 6413 ato16(input, &len);
wolfSSL 15:117db924cf7c 6414 input += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6415
wolfSSL 15:117db924cf7c 6416 /* Algorithm array must fill rest of data. */
wolfSSL 15:117db924cf7c 6417 if (length != OPAQUE16_LEN + len)
wolfSSL 15:117db924cf7c 6418 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6419
wolfSSL 15:117db924cf7c 6420 /* truncate hashSigAlgo list if too long */
wolfSSL 15:117db924cf7c 6421 suites->hashSigAlgoSz = len;
wolfSSL 15:117db924cf7c 6422 if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
wolfSSL 15:117db924cf7c 6423 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
wolfSSL 15:117db924cf7c 6424 suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
wolfSSL 15:117db924cf7c 6425 }
wolfSSL 15:117db924cf7c 6426 XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz);
wolfSSL 15:117db924cf7c 6427
wolfSSL 15:117db924cf7c 6428 return TLSX_SignatureAlgorithms_MapPss(ssl, input, len);
wolfSSL 15:117db924cf7c 6429 }
wolfSSL 15:117db924cf7c 6430
wolfSSL 15:117db924cf7c 6431 /* Sets a new SignatureAlgorithms extension into the extension list.
wolfSSL 15:117db924cf7c 6432 *
wolfSSL 15:117db924cf7c 6433 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 6434 * data The extensions specific data.
wolfSSL 15:117db924cf7c 6435 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6436 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6437 */
wolfSSL 15:117db924cf7c 6438 static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 6439 void* heap)
wolfSSL 15:117db924cf7c 6440 {
wolfSSL 15:117db924cf7c 6441 if (extensions == NULL)
wolfSSL 15:117db924cf7c 6442 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6443
wolfSSL 15:117db924cf7c 6444 return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, (void *)data, heap);
wolfSSL 15:117db924cf7c 6445 }
wolfSSL 15:117db924cf7c 6446
wolfSSL 15:117db924cf7c 6447 #define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize
wolfSSL 15:117db924cf7c 6448 #define SA_WRITE TLSX_SignatureAlgorithms_Write
wolfSSL 15:117db924cf7c 6449 #define SA_PARSE TLSX_SignatureAlgorithms_Parse
wolfSSL 16:8e0d178b1d1e 6450 #endif
wolfSSL 15:117db924cf7c 6451 /******************************************************************************/
wolfSSL 15:117db924cf7c 6452 /* Signature Algorithms Certificate */
wolfSSL 15:117db924cf7c 6453 /******************************************************************************/
wolfSSL 15:117db924cf7c 6454
wolfSSL 15:117db924cf7c 6455 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 6456 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 6457 /* Return the size of the SignatureAlgorithms extension's data.
wolfSSL 15:117db924cf7c 6458 *
wolfSSL 15:117db924cf7c 6459 * data Unused
wolfSSL 15:117db924cf7c 6460 * returns the length of data that will be in the extension.
wolfSSL 15:117db924cf7c 6461 */
wolfSSL 15:117db924cf7c 6462 static word16 TLSX_SignatureAlgorithmsCert_GetSize(void* data)
wolfSSL 15:117db924cf7c 6463 {
wolfSSL 15:117db924cf7c 6464 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 6465
wolfSSL 15:117db924cf7c 6466 return OPAQUE16_LEN + ssl->certHashSigAlgoSz;
wolfSSL 15:117db924cf7c 6467 }
wolfSSL 15:117db924cf7c 6468
wolfSSL 15:117db924cf7c 6469 /* Writes the SignatureAlgorithmsCert extension into the buffer.
wolfSSL 15:117db924cf7c 6470 *
wolfSSL 15:117db924cf7c 6471 * data Unused
wolfSSL 15:117db924cf7c 6472 * output The buffer to write the extension into.
wolfSSL 15:117db924cf7c 6473 * returns the length of data that was written.
wolfSSL 15:117db924cf7c 6474 */
wolfSSL 15:117db924cf7c 6475 static word16 TLSX_SignatureAlgorithmsCert_Write(void* data, byte* output)
wolfSSL 15:117db924cf7c 6476 {
wolfSSL 15:117db924cf7c 6477 WOLFSSL* ssl = (WOLFSSL*)data;
wolfSSL 15:117db924cf7c 6478
wolfSSL 15:117db924cf7c 6479 c16toa(ssl->certHashSigAlgoSz, output);
wolfSSL 15:117db924cf7c 6480 XMEMCPY(output + OPAQUE16_LEN, ssl->certHashSigAlgo,
wolfSSL 15:117db924cf7c 6481 ssl->certHashSigAlgoSz);
wolfSSL 15:117db924cf7c 6482
wolfSSL 15:117db924cf7c 6483 return OPAQUE16_LEN + ssl->certHashSigAlgoSz;
wolfSSL 15:117db924cf7c 6484 }
wolfSSL 15:117db924cf7c 6485
wolfSSL 15:117db924cf7c 6486 /* Parse the SignatureAlgorithmsCert extension.
wolfSSL 15:117db924cf7c 6487 *
wolfSSL 15:117db924cf7c 6488 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6489 * input The buffer with the extension data.
wolfSSL 15:117db924cf7c 6490 * length The length of the extension data.
wolfSSL 15:117db924cf7c 6491 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6492 */
wolfSSL 15:117db924cf7c 6493 static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, byte* input,
wolfSSL 15:117db924cf7c 6494 word16 length, byte isRequest)
wolfSSL 15:117db924cf7c 6495 {
wolfSSL 15:117db924cf7c 6496 word16 len;
wolfSSL 15:117db924cf7c 6497
wolfSSL 15:117db924cf7c 6498 if (!isRequest)
wolfSSL 15:117db924cf7c 6499 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6500
wolfSSL 15:117db924cf7c 6501 /* Must contain a length and at least algorithm. */
wolfSSL 15:117db924cf7c 6502 if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0)
wolfSSL 15:117db924cf7c 6503 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6504
wolfSSL 15:117db924cf7c 6505 ato16(input, &len);
wolfSSL 15:117db924cf7c 6506 input += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 6507
wolfSSL 15:117db924cf7c 6508 /* Algorithm array must fill rest of data. */
wolfSSL 15:117db924cf7c 6509 if (length != OPAQUE16_LEN + len)
wolfSSL 15:117db924cf7c 6510 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 6511
wolfSSL 15:117db924cf7c 6512 /* truncate hashSigAlgo list if too long */
wolfSSL 15:117db924cf7c 6513 ssl->certHashSigAlgoSz = len;
wolfSSL 15:117db924cf7c 6514 if (ssl->certHashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
wolfSSL 15:117db924cf7c 6515 WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
wolfSSL 15:117db924cf7c 6516 ssl->certHashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
wolfSSL 15:117db924cf7c 6517 }
wolfSSL 15:117db924cf7c 6518 XMEMCPY(ssl->certHashSigAlgo, input, ssl->certHashSigAlgoSz);
wolfSSL 15:117db924cf7c 6519
wolfSSL 15:117db924cf7c 6520 return 0;
wolfSSL 15:117db924cf7c 6521 }
wolfSSL 15:117db924cf7c 6522
wolfSSL 15:117db924cf7c 6523 /* Sets a new SignatureAlgorithmsCert extension into the extension list.
wolfSSL 15:117db924cf7c 6524 *
wolfSSL 15:117db924cf7c 6525 * extensions The list of extensions.
wolfSSL 15:117db924cf7c 6526 * data The extensions specific data.
wolfSSL 15:117db924cf7c 6527 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6528 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6529 */
wolfSSL 15:117db924cf7c 6530 static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data,
wolfSSL 15:117db924cf7c 6531 void* heap)
wolfSSL 15:117db924cf7c 6532 {
wolfSSL 15:117db924cf7c 6533 if (extensions == NULL)
wolfSSL 15:117db924cf7c 6534 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6535
wolfSSL 15:117db924cf7c 6536 return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS_CERT, (void *)data,
wolfSSL 15:117db924cf7c 6537 heap);
wolfSSL 15:117db924cf7c 6538 }
wolfSSL 15:117db924cf7c 6539
wolfSSL 15:117db924cf7c 6540 #define SAC_GET_SIZE TLSX_SignatureAlgorithmsCert_GetSize
wolfSSL 15:117db924cf7c 6541 #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write
wolfSSL 15:117db924cf7c 6542 #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse
wolfSSL 15:117db924cf7c 6543 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL 15:117db924cf7c 6544 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 6545
wolfSSL 15:117db924cf7c 6546
wolfSSL 15:117db924cf7c 6547 /******************************************************************************/
wolfSSL 15:117db924cf7c 6548 /* Key Share */
wolfSSL 15:117db924cf7c 6549 /******************************************************************************/
wolfSSL 15:117db924cf7c 6550
wolfSSL 15:117db924cf7c 6551 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 6552 /* Create a key share entry using named Diffie-Hellman parameters group.
wolfSSL 15:117db924cf7c 6553 * Generates a key pair.
wolfSSL 15:117db924cf7c 6554 *
wolfSSL 15:117db924cf7c 6555 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6556 * kse The key share entry object.
wolfSSL 15:117db924cf7c 6557 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6558 */
wolfSSL 15:117db924cf7c 6559 static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 6560 {
wolfSSL 15:117db924cf7c 6561 int ret;
wolfSSL 15:117db924cf7c 6562 #ifndef NO_DH
wolfSSL 15:117db924cf7c 6563 byte* keyData;
wolfSSL 15:117db924cf7c 6564 void* key = NULL;
wolfSSL 15:117db924cf7c 6565 word32 keySz;
wolfSSL 15:117db924cf7c 6566 word32 dataSz;
wolfSSL 15:117db924cf7c 6567 const DhParams* params;
wolfSSL 15:117db924cf7c 6568 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6569 DhKey* dhKey = NULL;
wolfSSL 15:117db924cf7c 6570 #else
wolfSSL 15:117db924cf7c 6571 DhKey dhKey[1];
wolfSSL 15:117db924cf7c 6572 #endif
wolfSSL 15:117db924cf7c 6573
wolfSSL 15:117db924cf7c 6574 /* TODO: [TLS13] The key size should come from wolfcrypt. */
wolfSSL 15:117db924cf7c 6575 /* Pick the parameters from the named group. */
wolfSSL 15:117db924cf7c 6576 switch (kse->group) {
wolfSSL 15:117db924cf7c 6577 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 6578 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 6579 params = wc_Dh_ffdhe2048_Get();
wolfSSL 15:117db924cf7c 6580 keySz = 29;
wolfSSL 15:117db924cf7c 6581 break;
wolfSSL 15:117db924cf7c 6582 #endif
wolfSSL 15:117db924cf7c 6583 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 6584 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 6585 params = wc_Dh_ffdhe3072_Get();
wolfSSL 15:117db924cf7c 6586 keySz = 34;
wolfSSL 15:117db924cf7c 6587 break;
wolfSSL 15:117db924cf7c 6588 #endif
wolfSSL 15:117db924cf7c 6589 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 6590 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 6591 params = wc_Dh_ffdhe4096_Get();
wolfSSL 15:117db924cf7c 6592 keySz = 39;
wolfSSL 15:117db924cf7c 6593 break;
wolfSSL 15:117db924cf7c 6594 #endif
wolfSSL 15:117db924cf7c 6595 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 6596 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 6597 params = wc_Dh_ffdhe6144_Get();
wolfSSL 15:117db924cf7c 6598 keySz = 46;
wolfSSL 15:117db924cf7c 6599 break;
wolfSSL 15:117db924cf7c 6600 #endif
wolfSSL 15:117db924cf7c 6601 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 6602 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 6603 params = wc_Dh_ffdhe8192_Get();
wolfSSL 15:117db924cf7c 6604 keySz = 52;
wolfSSL 15:117db924cf7c 6605 break;
wolfSSL 15:117db924cf7c 6606 #endif
wolfSSL 15:117db924cf7c 6607 default:
wolfSSL 15:117db924cf7c 6608 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6609 }
wolfSSL 15:117db924cf7c 6610
wolfSSL 15:117db924cf7c 6611 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6612 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6613 if (dhKey == NULL)
wolfSSL 15:117db924cf7c 6614 return MEMORY_E;
wolfSSL 15:117db924cf7c 6615 #endif
wolfSSL 15:117db924cf7c 6616
wolfSSL 15:117db924cf7c 6617 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 6618 if (ret != 0) {
wolfSSL 15:117db924cf7c 6619 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6620 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6621 #endif
wolfSSL 15:117db924cf7c 6622 return ret;
wolfSSL 15:117db924cf7c 6623 }
wolfSSL 15:117db924cf7c 6624
wolfSSL 15:117db924cf7c 6625 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 6626 dataSz = params->p_len;
wolfSSL 15:117db924cf7c 6627 keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6628 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 6629 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6630 goto end;
wolfSSL 15:117db924cf7c 6631 }
wolfSSL 15:117db924cf7c 6632 /* Allocate space for the private key. */
wolfSSL 15:117db924cf7c 6633 key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6634 if (key == NULL) {
wolfSSL 15:117db924cf7c 6635 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6636 goto end;
wolfSSL 15:117db924cf7c 6637 }
wolfSSL 15:117db924cf7c 6638
wolfSSL 15:117db924cf7c 6639 /* Set key */
wolfSSL 15:117db924cf7c 6640 ret = wc_DhSetKey(dhKey,
wolfSSL 15:117db924cf7c 6641 (byte*)params->p, params->p_len,
wolfSSL 15:117db924cf7c 6642 (byte*)params->g, params->g_len);
wolfSSL 15:117db924cf7c 6643 if (ret != 0)
wolfSSL 15:117db924cf7c 6644 goto end;
wolfSSL 15:117db924cf7c 6645
wolfSSL 15:117db924cf7c 6646 /* Generate a new key pair. */
wolfSSL 15:117db924cf7c 6647 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData,
wolfSSL 15:117db924cf7c 6648 &dataSz);
wolfSSL 15:117db924cf7c 6649 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 6650 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 6651 if (ret == WC_PENDING_E) {
wolfSSL 15:117db924cf7c 6652 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 15:117db924cf7c 6653 }
wolfSSL 15:117db924cf7c 6654 #endif
wolfSSL 15:117db924cf7c 6655 if (ret != 0)
wolfSSL 15:117db924cf7c 6656 goto end;
wolfSSL 15:117db924cf7c 6657
wolfSSL 15:117db924cf7c 6658 if (params->p_len != dataSz) {
wolfSSL 15:117db924cf7c 6659 /* Pad the front of the key data with zeros. */
wolfSSL 15:117db924cf7c 6660 XMEMMOVE(keyData + params->p_len - dataSz, keyData, dataSz);
wolfSSL 15:117db924cf7c 6661 XMEMSET(keyData, 0, params->p_len - dataSz);
wolfSSL 15:117db924cf7c 6662 }
wolfSSL 15:117db924cf7c 6663
wolfSSL 15:117db924cf7c 6664 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 6665 kse->pubKeyLen = params->p_len;
wolfSSL 15:117db924cf7c 6666 kse->key = key;
wolfSSL 15:117db924cf7c 6667 kse->keyLen = keySz;
wolfSSL 15:117db924cf7c 6668
wolfSSL 15:117db924cf7c 6669 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6670 WOLFSSL_MSG("Public DH Key");
wolfSSL 15:117db924cf7c 6671 WOLFSSL_BUFFER(keyData, params->p_len);
wolfSSL 15:117db924cf7c 6672 #endif
wolfSSL 15:117db924cf7c 6673
wolfSSL 15:117db924cf7c 6674 end:
wolfSSL 15:117db924cf7c 6675
wolfSSL 15:117db924cf7c 6676 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 6677 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6678 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 6679 #endif
wolfSSL 15:117db924cf7c 6680
wolfSSL 15:117db924cf7c 6681 if (ret != 0) {
wolfSSL 15:117db924cf7c 6682 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6683 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6684 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6685 if (key != NULL)
wolfSSL 15:117db924cf7c 6686 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6687 }
wolfSSL 15:117db924cf7c 6688 #else
wolfSSL 15:117db924cf7c 6689 (void)ssl;
wolfSSL 15:117db924cf7c 6690 (void)kse;
wolfSSL 15:117db924cf7c 6691
wolfSSL 15:117db924cf7c 6692 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6693 #endif
wolfSSL 15:117db924cf7c 6694
wolfSSL 15:117db924cf7c 6695 return ret;
wolfSSL 15:117db924cf7c 6696 }
wolfSSL 15:117db924cf7c 6697
wolfSSL 15:117db924cf7c 6698 /* Create a key share entry using X25519 parameters group.
wolfSSL 15:117db924cf7c 6699 * Generates a key pair.
wolfSSL 15:117db924cf7c 6700 *
wolfSSL 15:117db924cf7c 6701 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6702 * kse The key share entry object.
wolfSSL 15:117db924cf7c 6703 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6704 */
wolfSSL 15:117db924cf7c 6705 static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 6706 {
wolfSSL 15:117db924cf7c 6707 int ret;
wolfSSL 15:117db924cf7c 6708 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 6709 byte* keyData = NULL;
wolfSSL 15:117db924cf7c 6710 word32 dataSize = CURVE25519_KEYSIZE;
wolfSSL 15:117db924cf7c 6711 curve25519_key* key;
wolfSSL 15:117db924cf7c 6712
wolfSSL 15:117db924cf7c 6713 /* Allocate an ECC key to hold private key. */
wolfSSL 16:8e0d178b1d1e 6714 key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap,
wolfSSL 16:8e0d178b1d1e 6715 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6716 if (key == NULL) {
wolfSSL 15:117db924cf7c 6717 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 15:117db924cf7c 6718 return MEMORY_E;
wolfSSL 15:117db924cf7c 6719 }
wolfSSL 15:117db924cf7c 6720
wolfSSL 15:117db924cf7c 6721 /* Make an ECC key. */
wolfSSL 15:117db924cf7c 6722 ret = wc_curve25519_init(key);
wolfSSL 15:117db924cf7c 6723 if (ret != 0)
wolfSSL 15:117db924cf7c 6724 goto end;
wolfSSL 15:117db924cf7c 6725 ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key);
wolfSSL 15:117db924cf7c 6726 if (ret != 0)
wolfSSL 15:117db924cf7c 6727 goto end;
wolfSSL 15:117db924cf7c 6728
wolfSSL 15:117db924cf7c 6729 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 6730 keyData = (byte*)XMALLOC(CURVE25519_KEYSIZE, ssl->heap,
wolfSSL 15:117db924cf7c 6731 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6732 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 6733 WOLFSSL_MSG("Key data Memory error");
wolfSSL 15:117db924cf7c 6734 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6735 goto end;
wolfSSL 15:117db924cf7c 6736 }
wolfSSL 15:117db924cf7c 6737
wolfSSL 15:117db924cf7c 6738 /* Export public key. */
wolfSSL 15:117db924cf7c 6739 if (wc_curve25519_export_public_ex(key, keyData, &dataSize,
wolfSSL 15:117db924cf7c 6740 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 15:117db924cf7c 6741 ret = ECC_EXPORT_ERROR;
wolfSSL 15:117db924cf7c 6742 goto end;
wolfSSL 15:117db924cf7c 6743 }
wolfSSL 15:117db924cf7c 6744
wolfSSL 15:117db924cf7c 6745 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 6746 kse->pubKeyLen = CURVE25519_KEYSIZE;
wolfSSL 15:117db924cf7c 6747 kse->key = key;
wolfSSL 15:117db924cf7c 6748
wolfSSL 15:117db924cf7c 6749 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6750 WOLFSSL_MSG("Public Curve25519 Key");
wolfSSL 15:117db924cf7c 6751 WOLFSSL_BUFFER(keyData, dataSize);
wolfSSL 15:117db924cf7c 6752 #endif
wolfSSL 15:117db924cf7c 6753
wolfSSL 15:117db924cf7c 6754 end:
wolfSSL 15:117db924cf7c 6755 if (ret != 0) {
wolfSSL 15:117db924cf7c 6756 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6757 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6758 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6759 wc_curve25519_free(key);
wolfSSL 15:117db924cf7c 6760 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6761 }
wolfSSL 15:117db924cf7c 6762 #else
wolfSSL 15:117db924cf7c 6763 (void)ssl;
wolfSSL 15:117db924cf7c 6764 (void)kse;
wolfSSL 15:117db924cf7c 6765
wolfSSL 15:117db924cf7c 6766 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6767 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 6768
wolfSSL 15:117db924cf7c 6769 return ret;
wolfSSL 15:117db924cf7c 6770 }
wolfSSL 15:117db924cf7c 6771
wolfSSL 16:8e0d178b1d1e 6772 /* Create a key share entry using X448 parameters group.
wolfSSL 16:8e0d178b1d1e 6773 * Generates a key pair.
wolfSSL 16:8e0d178b1d1e 6774 *
wolfSSL 16:8e0d178b1d1e 6775 * ssl The SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 6776 * kse The key share entry object.
wolfSSL 16:8e0d178b1d1e 6777 * returns 0 on success, otherwise failure.
wolfSSL 16:8e0d178b1d1e 6778 */
wolfSSL 16:8e0d178b1d1e 6779 static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 16:8e0d178b1d1e 6780 {
wolfSSL 16:8e0d178b1d1e 6781 int ret;
wolfSSL 16:8e0d178b1d1e 6782 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 6783 byte* keyData = NULL;
wolfSSL 16:8e0d178b1d1e 6784 word32 dataSize = CURVE448_KEY_SIZE;
wolfSSL 16:8e0d178b1d1e 6785 curve448_key* key;
wolfSSL 16:8e0d178b1d1e 6786
wolfSSL 16:8e0d178b1d1e 6787 /* Allocate an ECC key to hold private key. */
wolfSSL 16:8e0d178b1d1e 6788 key = (curve448_key*)XMALLOC(sizeof(curve448_key), ssl->heap,
wolfSSL 16:8e0d178b1d1e 6789 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 6790 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 6791 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 16:8e0d178b1d1e 6792 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 6793 }
wolfSSL 16:8e0d178b1d1e 6794
wolfSSL 16:8e0d178b1d1e 6795 /* Make an ECC key. */
wolfSSL 16:8e0d178b1d1e 6796 ret = wc_curve448_init(key);
wolfSSL 16:8e0d178b1d1e 6797 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 6798 goto end;
wolfSSL 16:8e0d178b1d1e 6799 ret = wc_curve448_make_key(ssl->rng, CURVE448_KEY_SIZE, key);
wolfSSL 16:8e0d178b1d1e 6800 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 6801 goto end;
wolfSSL 16:8e0d178b1d1e 6802
wolfSSL 16:8e0d178b1d1e 6803 /* Allocate space for the public key. */
wolfSSL 16:8e0d178b1d1e 6804 keyData = (byte*)XMALLOC(CURVE448_KEY_SIZE, ssl->heap,
wolfSSL 16:8e0d178b1d1e 6805 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 6806 if (keyData == NULL) {
wolfSSL 16:8e0d178b1d1e 6807 WOLFSSL_MSG("Key data Memory error");
wolfSSL 16:8e0d178b1d1e 6808 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 6809 goto end;
wolfSSL 16:8e0d178b1d1e 6810 }
wolfSSL 16:8e0d178b1d1e 6811
wolfSSL 16:8e0d178b1d1e 6812 /* Export public key. */
wolfSSL 16:8e0d178b1d1e 6813 if (wc_curve448_export_public_ex(key, keyData, &dataSize,
wolfSSL 16:8e0d178b1d1e 6814 EC448_LITTLE_ENDIAN) != 0) {
wolfSSL 16:8e0d178b1d1e 6815 ret = ECC_EXPORT_ERROR;
wolfSSL 16:8e0d178b1d1e 6816 goto end;
wolfSSL 16:8e0d178b1d1e 6817 }
wolfSSL 16:8e0d178b1d1e 6818
wolfSSL 16:8e0d178b1d1e 6819 kse->pubKey = keyData;
wolfSSL 16:8e0d178b1d1e 6820 kse->pubKeyLen = CURVE448_KEY_SIZE;
wolfSSL 16:8e0d178b1d1e 6821 kse->key = key;
wolfSSL 16:8e0d178b1d1e 6822
wolfSSL 16:8e0d178b1d1e 6823 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 6824 WOLFSSL_MSG("Public Curve448 Key");
wolfSSL 16:8e0d178b1d1e 6825 WOLFSSL_BUFFER(keyData, dataSize);
wolfSSL 16:8e0d178b1d1e 6826 #endif
wolfSSL 16:8e0d178b1d1e 6827
wolfSSL 16:8e0d178b1d1e 6828 end:
wolfSSL 16:8e0d178b1d1e 6829 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 6830 /* Data owned by key share entry otherwise. */
wolfSSL 16:8e0d178b1d1e 6831 if (keyData != NULL)
wolfSSL 16:8e0d178b1d1e 6832 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 6833 wc_curve448_free(key);
wolfSSL 16:8e0d178b1d1e 6834 XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 6835 }
wolfSSL 16:8e0d178b1d1e 6836 #else
wolfSSL 16:8e0d178b1d1e 6837 (void)ssl;
wolfSSL 16:8e0d178b1d1e 6838 (void)kse;
wolfSSL 16:8e0d178b1d1e 6839
wolfSSL 16:8e0d178b1d1e 6840 ret = NOT_COMPILED_IN;
wolfSSL 16:8e0d178b1d1e 6841 #endif /* HAVE_CURVE448 */
wolfSSL 16:8e0d178b1d1e 6842
wolfSSL 16:8e0d178b1d1e 6843 return ret;
wolfSSL 16:8e0d178b1d1e 6844 }
wolfSSL 16:8e0d178b1d1e 6845
wolfSSL 15:117db924cf7c 6846 /* Create a key share entry using named elliptic curve parameters group.
wolfSSL 15:117db924cf7c 6847 * Generates a key pair.
wolfSSL 15:117db924cf7c 6848 *
wolfSSL 15:117db924cf7c 6849 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6850 * kse The key share entry object.
wolfSSL 15:117db924cf7c 6851 * returns 0 on success, otherwise failure.
wolfSSL 15:117db924cf7c 6852 */
wolfSSL 15:117db924cf7c 6853 static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
wolfSSL 15:117db924cf7c 6854 {
wolfSSL 15:117db924cf7c 6855 int ret;
wolfSSL 15:117db924cf7c 6856 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 6857 byte* keyData = NULL;
wolfSSL 15:117db924cf7c 6858 word32 dataSize;
wolfSSL 15:117db924cf7c 6859 byte* keyPtr = NULL;
wolfSSL 15:117db924cf7c 6860 word32 keySize;
wolfSSL 15:117db924cf7c 6861 ecc_key* eccKey;
wolfSSL 15:117db924cf7c 6862 word16 curveId;
wolfSSL 15:117db924cf7c 6863
wolfSSL 15:117db924cf7c 6864 /* TODO: [TLS13] The key sizes should come from wolfcrypt. */
wolfSSL 15:117db924cf7c 6865 /* Translate named group to a curve id. */
wolfSSL 15:117db924cf7c 6866 switch (kse->group) {
wolfSSL 15:117db924cf7c 6867 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6868 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6869 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 6870 curveId = ECC_SECP256R1;
wolfSSL 15:117db924cf7c 6871 keySize = 32;
wolfSSL 15:117db924cf7c 6872 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6873 break;
wolfSSL 15:117db924cf7c 6874 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6875 #endif
wolfSSL 15:117db924cf7c 6876 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6877 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6878 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 6879 curveId = ECC_SECP384R1;
wolfSSL 15:117db924cf7c 6880 keySize = 48;
wolfSSL 15:117db924cf7c 6881 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6882 break;
wolfSSL 15:117db924cf7c 6883 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6884 #endif
wolfSSL 15:117db924cf7c 6885 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 6886 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 6887 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 6888 curveId = ECC_SECP521R1;
wolfSSL 15:117db924cf7c 6889 keySize = 66;
wolfSSL 15:117db924cf7c 6890 dataSize = keySize * 2 + 1;
wolfSSL 15:117db924cf7c 6891 break;
wolfSSL 15:117db924cf7c 6892 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 6893 #endif
wolfSSL 15:117db924cf7c 6894 #ifdef HAVE_X448
wolfSSL 15:117db924cf7c 6895 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 6896 curveId = ECC_X448;
wolfSSL 15:117db924cf7c 6897 dataSize = keySize = 56;
wolfSSL 15:117db924cf7c 6898 break;
wolfSSL 15:117db924cf7c 6899 #endif
wolfSSL 15:117db924cf7c 6900 default:
wolfSSL 15:117db924cf7c 6901 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6902 }
wolfSSL 15:117db924cf7c 6903
wolfSSL 15:117db924cf7c 6904 /* Allocate an ECC key to hold private key. */
wolfSSL 15:117db924cf7c 6905 keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 15:117db924cf7c 6906 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6907 if (keyPtr == NULL) {
wolfSSL 15:117db924cf7c 6908 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 15:117db924cf7c 6909 return MEMORY_E;
wolfSSL 15:117db924cf7c 6910 }
wolfSSL 15:117db924cf7c 6911 eccKey = (ecc_key*)keyPtr;
wolfSSL 15:117db924cf7c 6912
wolfSSL 15:117db924cf7c 6913 /* Make an ECC key. */
wolfSSL 15:117db924cf7c 6914 ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 6915 if (ret != 0)
wolfSSL 15:117db924cf7c 6916 goto end;
wolfSSL 15:117db924cf7c 6917 ret = wc_ecc_make_key_ex(ssl->rng, keySize, eccKey, curveId);
wolfSSL 15:117db924cf7c 6918 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 6919 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 6920 if (ret == WC_PENDING_E) {
wolfSSL 15:117db924cf7c 6921 ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 15:117db924cf7c 6922 }
wolfSSL 15:117db924cf7c 6923 #endif
wolfSSL 15:117db924cf7c 6924 if (ret != 0)
wolfSSL 15:117db924cf7c 6925 goto end;
wolfSSL 15:117db924cf7c 6926
wolfSSL 15:117db924cf7c 6927 /* Allocate space for the public key. */
wolfSSL 15:117db924cf7c 6928 keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6929 if (keyData == NULL) {
wolfSSL 15:117db924cf7c 6930 WOLFSSL_MSG("Key data Memory error");
wolfSSL 15:117db924cf7c 6931 ret = MEMORY_E;
wolfSSL 15:117db924cf7c 6932 goto end;
wolfSSL 15:117db924cf7c 6933 }
wolfSSL 15:117db924cf7c 6934
wolfSSL 15:117db924cf7c 6935 /* Export public key. */
wolfSSL 15:117db924cf7c 6936 if (wc_ecc_export_x963(eccKey, keyData, &dataSize) != 0) {
wolfSSL 15:117db924cf7c 6937 ret = ECC_EXPORT_ERROR;
wolfSSL 15:117db924cf7c 6938 goto end;
wolfSSL 15:117db924cf7c 6939 }
wolfSSL 15:117db924cf7c 6940
wolfSSL 15:117db924cf7c 6941 kse->pubKey = keyData;
wolfSSL 15:117db924cf7c 6942 kse->pubKeyLen = dataSize;
wolfSSL 15:117db924cf7c 6943 kse->key = keyPtr;
wolfSSL 15:117db924cf7c 6944
wolfSSL 15:117db924cf7c 6945 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 6946 WOLFSSL_MSG("Public ECC Key");
wolfSSL 15:117db924cf7c 6947 WOLFSSL_BUFFER(keyData, dataSize);
wolfSSL 15:117db924cf7c 6948 #endif
wolfSSL 15:117db924cf7c 6949
wolfSSL 15:117db924cf7c 6950 end:
wolfSSL 15:117db924cf7c 6951 if (ret != 0) {
wolfSSL 15:117db924cf7c 6952 /* Data owned by key share entry otherwise. */
wolfSSL 15:117db924cf7c 6953 if (keyPtr != NULL)
wolfSSL 15:117db924cf7c 6954 XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 6955 if (keyData != NULL)
wolfSSL 15:117db924cf7c 6956 XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 6957 }
wolfSSL 15:117db924cf7c 6958 #else
wolfSSL 15:117db924cf7c 6959 (void)ssl;
wolfSSL 15:117db924cf7c 6960 (void)kse;
wolfSSL 15:117db924cf7c 6961
wolfSSL 15:117db924cf7c 6962 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6963 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 6964
wolfSSL 15:117db924cf7c 6965 return ret;
wolfSSL 15:117db924cf7c 6966 }
wolfSSL 15:117db924cf7c 6967
wolfSSL 15:117db924cf7c 6968 /* Generate a secret/key using the key share entry.
wolfSSL 15:117db924cf7c 6969 *
wolfSSL 15:117db924cf7c 6970 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 6971 * kse The key share entry holding peer data.
wolfSSL 15:117db924cf7c 6972 */
wolfSSL 15:117db924cf7c 6973 static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
wolfSSL 15:117db924cf7c 6974 {
wolfSSL 15:117db924cf7c 6975 /* Named FFHE groups have a bit set to identify them. */
wolfSSL 15:117db924cf7c 6976 if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK)
wolfSSL 15:117db924cf7c 6977 return TLSX_KeyShare_GenDhKey(ssl, kse);
wolfSSL 15:117db924cf7c 6978 if (kse->group == WOLFSSL_ECC_X25519)
wolfSSL 15:117db924cf7c 6979 return TLSX_KeyShare_GenX25519Key(ssl, kse);
wolfSSL 16:8e0d178b1d1e 6980 if (kse->group == WOLFSSL_ECC_X448)
wolfSSL 16:8e0d178b1d1e 6981 return TLSX_KeyShare_GenX448Key(ssl, kse);
wolfSSL 15:117db924cf7c 6982 return TLSX_KeyShare_GenEccKey(ssl, kse);
wolfSSL 15:117db924cf7c 6983 }
wolfSSL 15:117db924cf7c 6984
wolfSSL 15:117db924cf7c 6985 /* Free the key share dynamic data.
wolfSSL 15:117db924cf7c 6986 *
wolfSSL 15:117db924cf7c 6987 * list The linked list of key share entry objects.
wolfSSL 15:117db924cf7c 6988 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 6989 */
wolfSSL 15:117db924cf7c 6990 static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
wolfSSL 15:117db924cf7c 6991 {
wolfSSL 15:117db924cf7c 6992 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 6993
wolfSSL 15:117db924cf7c 6994 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 6995 list = current->next;
wolfSSL 15:117db924cf7c 6996 if ((current->group & NAMED_DH_MASK) == 0) {
wolfSSL 15:117db924cf7c 6997 if (current->group == WOLFSSL_ECC_X25519) {
wolfSSL 15:117db924cf7c 6998 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 6999 wc_curve25519_free((curve25519_key*)current->key);
wolfSSL 15:117db924cf7c 7000 #endif
wolfSSL 15:117db924cf7c 7001 }
wolfSSL 16:8e0d178b1d1e 7002 else if (current->group == WOLFSSL_ECC_X448) {
wolfSSL 16:8e0d178b1d1e 7003 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 7004 wc_curve448_free((curve448_key*)current->key);
wolfSSL 16:8e0d178b1d1e 7005 #endif
wolfSSL 16:8e0d178b1d1e 7006 }
wolfSSL 15:117db924cf7c 7007 else {
wolfSSL 15:117db924cf7c 7008 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 7009 wc_ecc_free((ecc_key*)(current->key));
wolfSSL 15:117db924cf7c 7010 #endif
wolfSSL 15:117db924cf7c 7011 }
wolfSSL 15:117db924cf7c 7012 }
wolfSSL 16:8e0d178b1d1e 7013 if (current->key != NULL)
wolfSSL 16:8e0d178b1d1e 7014 XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 7015 XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7016 XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7017 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7018 }
wolfSSL 15:117db924cf7c 7019
wolfSSL 15:117db924cf7c 7020 (void)heap;
wolfSSL 15:117db924cf7c 7021 }
wolfSSL 15:117db924cf7c 7022
wolfSSL 15:117db924cf7c 7023 /* Get the size of the encoded key share extension.
wolfSSL 15:117db924cf7c 7024 *
wolfSSL 15:117db924cf7c 7025 * list The linked list of key share extensions.
wolfSSL 15:117db924cf7c 7026 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7027 * returns the number of bytes of the encoded key share extension.
wolfSSL 15:117db924cf7c 7028 */
wolfSSL 15:117db924cf7c 7029 static word16 TLSX_KeyShare_GetSize(KeyShareEntry* list, byte msgType)
wolfSSL 15:117db924cf7c 7030 {
wolfSSL 16:8e0d178b1d1e 7031 word16 len = 0;
wolfSSL 15:117db924cf7c 7032 byte isRequest = (msgType == client_hello);
wolfSSL 15:117db924cf7c 7033 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 7034
wolfSSL 15:117db924cf7c 7035 /* The named group the server wants to use. */
wolfSSL 15:117db924cf7c 7036 if (msgType == hello_retry_request)
wolfSSL 15:117db924cf7c 7037 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7038
wolfSSL 15:117db924cf7c 7039 /* List of key exchange groups. */
wolfSSL 15:117db924cf7c 7040 if (isRequest)
wolfSSL 15:117db924cf7c 7041 len += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7042 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 7043 list = current->next;
wolfSSL 15:117db924cf7c 7044
wolfSSL 15:117db924cf7c 7045 if (!isRequest && current->key == NULL)
wolfSSL 15:117db924cf7c 7046 continue;
wolfSSL 15:117db924cf7c 7047
wolfSSL 16:8e0d178b1d1e 7048 len += KE_GROUP_LEN + OPAQUE16_LEN + current->pubKeyLen;
wolfSSL 16:8e0d178b1d1e 7049 }
wolfSSL 16:8e0d178b1d1e 7050
wolfSSL 16:8e0d178b1d1e 7051 return len;
wolfSSL 15:117db924cf7c 7052 }
wolfSSL 15:117db924cf7c 7053
wolfSSL 15:117db924cf7c 7054 /* Writes the key share extension into the output buffer.
wolfSSL 15:117db924cf7c 7055 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 7056 *
wolfSSL 15:117db924cf7c 7057 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 7058 * output The buffer to write into.
wolfSSL 15:117db924cf7c 7059 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 7060 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 7061 */
wolfSSL 15:117db924cf7c 7062 static word16 TLSX_KeyShare_Write(KeyShareEntry* list, byte* output,
wolfSSL 15:117db924cf7c 7063 byte msgType)
wolfSSL 15:117db924cf7c 7064 {
wolfSSL 15:117db924cf7c 7065 word16 i = 0;
wolfSSL 15:117db924cf7c 7066 byte isRequest = (msgType == client_hello);
wolfSSL 15:117db924cf7c 7067 KeyShareEntry* current;
wolfSSL 15:117db924cf7c 7068
wolfSSL 15:117db924cf7c 7069 if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 7070 c16toa(list->group, output);
wolfSSL 15:117db924cf7c 7071 return OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7072 }
wolfSSL 15:117db924cf7c 7073
wolfSSL 15:117db924cf7c 7074 /* ClientHello has a list but ServerHello is only the chosen. */
wolfSSL 15:117db924cf7c 7075 if (isRequest)
wolfSSL 15:117db924cf7c 7076 i += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7077
wolfSSL 15:117db924cf7c 7078 /* Write out all in the list. */
wolfSSL 15:117db924cf7c 7079 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 7080 list = current->next;
wolfSSL 15:117db924cf7c 7081
wolfSSL 15:117db924cf7c 7082 if (!isRequest && current->key == NULL)
wolfSSL 15:117db924cf7c 7083 continue;
wolfSSL 15:117db924cf7c 7084
wolfSSL 15:117db924cf7c 7085 c16toa(current->group, &output[i]);
wolfSSL 15:117db924cf7c 7086 i += KE_GROUP_LEN;
wolfSSL 15:117db924cf7c 7087 c16toa((word16)(current->pubKeyLen), &output[i]);
wolfSSL 15:117db924cf7c 7088 i += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7089 XMEMCPY(&output[i], current->pubKey, current->pubKeyLen);
wolfSSL 15:117db924cf7c 7090 i += (word16)current->pubKeyLen;
wolfSSL 15:117db924cf7c 7091 }
wolfSSL 15:117db924cf7c 7092 /* Write the length of the list if required. */
wolfSSL 15:117db924cf7c 7093 if (isRequest)
wolfSSL 15:117db924cf7c 7094 c16toa(i - OPAQUE16_LEN, output);
wolfSSL 15:117db924cf7c 7095
wolfSSL 15:117db924cf7c 7096 return i;
wolfSSL 15:117db924cf7c 7097 }
wolfSSL 15:117db924cf7c 7098
wolfSSL 15:117db924cf7c 7099 /* Process the DH key share extension on the client side.
wolfSSL 15:117db924cf7c 7100 *
wolfSSL 15:117db924cf7c 7101 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7102 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 7103 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7104 */
wolfSSL 15:117db924cf7c 7105 static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 7106 {
wolfSSL 15:117db924cf7c 7107 #ifndef NO_DH
wolfSSL 15:117db924cf7c 7108 int ret;
wolfSSL 15:117db924cf7c 7109 const DhParams* params;
wolfSSL 15:117db924cf7c 7110 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7111 DhKey* dhKey = NULL;
wolfSSL 15:117db924cf7c 7112 #else
wolfSSL 15:117db924cf7c 7113 DhKey dhKey[1];
wolfSSL 15:117db924cf7c 7114 #endif
wolfSSL 15:117db924cf7c 7115
wolfSSL 15:117db924cf7c 7116 switch (keyShareEntry->group) {
wolfSSL 15:117db924cf7c 7117 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 7118 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 7119 params = wc_Dh_ffdhe2048_Get();
wolfSSL 15:117db924cf7c 7120 break;
wolfSSL 15:117db924cf7c 7121 #endif
wolfSSL 15:117db924cf7c 7122 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 7123 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 7124 params = wc_Dh_ffdhe3072_Get();
wolfSSL 15:117db924cf7c 7125 break;
wolfSSL 15:117db924cf7c 7126 #endif
wolfSSL 15:117db924cf7c 7127 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 7128 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 7129 params = wc_Dh_ffdhe4096_Get();
wolfSSL 15:117db924cf7c 7130 break;
wolfSSL 15:117db924cf7c 7131 #endif
wolfSSL 15:117db924cf7c 7132 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 7133 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 7134 params = wc_Dh_ffdhe6144_Get();
wolfSSL 15:117db924cf7c 7135 break;
wolfSSL 15:117db924cf7c 7136 #endif
wolfSSL 15:117db924cf7c 7137 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 7138 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 7139 params = wc_Dh_ffdhe8192_Get();
wolfSSL 15:117db924cf7c 7140 break;
wolfSSL 15:117db924cf7c 7141 #endif
wolfSSL 15:117db924cf7c 7142 default:
wolfSSL 15:117db924cf7c 7143 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 7144 }
wolfSSL 15:117db924cf7c 7145
wolfSSL 15:117db924cf7c 7146 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 7147 WOLFSSL_MSG("Peer DH Key");
wolfSSL 15:117db924cf7c 7148 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 7149 #endif
wolfSSL 15:117db924cf7c 7150
wolfSSL 15:117db924cf7c 7151 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7152 dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 7153 if (dhKey == NULL)
wolfSSL 15:117db924cf7c 7154 return MEMORY_E;
wolfSSL 15:117db924cf7c 7155 #endif
wolfSSL 15:117db924cf7c 7156
wolfSSL 15:117db924cf7c 7157 ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 7158 if (ret != 0) {
wolfSSL 15:117db924cf7c 7159 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7160 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 7161 #endif
wolfSSL 15:117db924cf7c 7162 return ret;
wolfSSL 15:117db924cf7c 7163 }
wolfSSL 15:117db924cf7c 7164
wolfSSL 15:117db924cf7c 7165 /* Set key */
wolfSSL 15:117db924cf7c 7166 ret = wc_DhSetKey(dhKey, (byte*)params->p, params->p_len, (byte*)params->g,
wolfSSL 15:117db924cf7c 7167 params->g_len);
wolfSSL 15:117db924cf7c 7168 if (ret != 0) {
wolfSSL 15:117db924cf7c 7169 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 7170 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7171 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 7172 #endif
wolfSSL 15:117db924cf7c 7173 return ret;
wolfSSL 15:117db924cf7c 7174 }
wolfSSL 15:117db924cf7c 7175
wolfSSL 15:117db924cf7c 7176 ret = wc_DhCheckPubKey(dhKey, keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 7177 if (ret != 0) {
wolfSSL 15:117db924cf7c 7178 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 7179 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7180 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 7181 #endif
wolfSSL 15:117db924cf7c 7182 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 7183 }
wolfSSL 15:117db924cf7c 7184
wolfSSL 15:117db924cf7c 7185 /* Derive secret from private key and peer's public key. */
wolfSSL 15:117db924cf7c 7186 ret = wc_DhAgree(dhKey,
wolfSSL 15:117db924cf7c 7187 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 7188 (const byte*)keyShareEntry->key, keyShareEntry->keyLen,
wolfSSL 15:117db924cf7c 7189 keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 7190 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 7191 /* TODO: Make this function non-blocking */
wolfSSL 15:117db924cf7c 7192 if (ret == WC_PENDING_E) {
wolfSSL 16:8e0d178b1d1e 7193 ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 16:8e0d178b1d1e 7194 }
wolfSSL 16:8e0d178b1d1e 7195 #endif
wolfSSL 16:8e0d178b1d1e 7196 /* RFC 8446 Section 7.4.1:
wolfSSL 16:8e0d178b1d1e 7197 * ... left-padded with zeros up to the size of the prime. ...
wolfSSL 16:8e0d178b1d1e 7198 */
wolfSSL 16:8e0d178b1d1e 7199 if (params->p_len > ssl->arrays->preMasterSz) {
wolfSSL 16:8e0d178b1d1e 7200 word32 diff = params->p_len - ssl->arrays->preMasterSz;
wolfSSL 16:8e0d178b1d1e 7201 XMEMMOVE(ssl->arrays->preMasterSecret + diff,
wolfSSL 16:8e0d178b1d1e 7202 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 16:8e0d178b1d1e 7203 XMEMSET(ssl->arrays->preMasterSecret, 0, diff);
wolfSSL 16:8e0d178b1d1e 7204 ssl->arrays->preMasterSz = params->p_len;
wolfSSL 16:8e0d178b1d1e 7205 }
wolfSSL 16:8e0d178b1d1e 7206
wolfSSL 16:8e0d178b1d1e 7207 ssl->options.dhKeySz = params->p_len;
wolfSSL 15:117db924cf7c 7208
wolfSSL 15:117db924cf7c 7209 wc_FreeDhKey(dhKey);
wolfSSL 15:117db924cf7c 7210 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7211 XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 7212 #endif
wolfSSL 16:8e0d178b1d1e 7213 if (keyShareEntry->key != NULL) {
wolfSSL 16:8e0d178b1d1e 7214 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 7215 keyShareEntry->key = NULL;
wolfSSL 16:8e0d178b1d1e 7216 }
wolfSSL 16:8e0d178b1d1e 7217 XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 7218 keyShareEntry->pubKey = NULL;
wolfSSL 16:8e0d178b1d1e 7219 XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 7220 keyShareEntry->ke = NULL;
wolfSSL 15:117db924cf7c 7221
wolfSSL 15:117db924cf7c 7222 return ret;
wolfSSL 15:117db924cf7c 7223 #else
wolfSSL 15:117db924cf7c 7224 (void)ssl;
wolfSSL 15:117db924cf7c 7225 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 7226 return PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 7227 #endif
wolfSSL 15:117db924cf7c 7228 }
wolfSSL 15:117db924cf7c 7229
wolfSSL 15:117db924cf7c 7230 /* Process the X25519 key share extension on the client side.
wolfSSL 15:117db924cf7c 7231 *
wolfSSL 15:117db924cf7c 7232 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7233 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 7234 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7235 */
wolfSSL 15:117db924cf7c 7236 static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 7237 KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 7238 {
wolfSSL 15:117db924cf7c 7239 int ret;
wolfSSL 15:117db924cf7c 7240
wolfSSL 15:117db924cf7c 7241 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 7242 curve25519_key* key = (curve25519_key*)keyShareEntry->key;
wolfSSL 15:117db924cf7c 7243 curve25519_key* peerX25519Key;
wolfSSL 15:117db924cf7c 7244
wolfSSL 15:117db924cf7c 7245 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 7246 if (ssl->peerEccKey != NULL) {
wolfSSL 15:117db924cf7c 7247 wc_ecc_free(ssl->peerEccKey);
wolfSSL 15:117db924cf7c 7248 ssl->peerEccKey = NULL;
wolfSSL 15:117db924cf7c 7249 }
wolfSSL 15:117db924cf7c 7250 #endif
wolfSSL 15:117db924cf7c 7251
wolfSSL 15:117db924cf7c 7252 peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap,
wolfSSL 15:117db924cf7c 7253 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7254 if (peerX25519Key == NULL) {
wolfSSL 15:117db924cf7c 7255 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 15:117db924cf7c 7256 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 7257 }
wolfSSL 15:117db924cf7c 7258 ret = wc_curve25519_init(peerX25519Key);
wolfSSL 15:117db924cf7c 7259 if (ret != 0) {
wolfSSL 15:117db924cf7c 7260 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7261 return ret;
wolfSSL 15:117db924cf7c 7262 }
wolfSSL 15:117db924cf7c 7263 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 7264 WOLFSSL_MSG("Peer Curve25519 Key");
wolfSSL 15:117db924cf7c 7265 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 7266 #endif
wolfSSL 15:117db924cf7c 7267
wolfSSL 16:8e0d178b1d1e 7268 if (wc_curve25519_check_public(keyShareEntry->ke, keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 7269 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 15:117db924cf7c 7270 ret = ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 7271 }
wolfSSL 15:117db924cf7c 7272
wolfSSL 15:117db924cf7c 7273 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 7274 if (wc_curve25519_import_public_ex(keyShareEntry->ke,
wolfSSL 16:8e0d178b1d1e 7275 keyShareEntry->keLen, peerX25519Key,
wolfSSL 16:8e0d178b1d1e 7276 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 16:8e0d178b1d1e 7277 ret = ECC_PEERKEY_ERROR;
wolfSSL 16:8e0d178b1d1e 7278 }
wolfSSL 16:8e0d178b1d1e 7279 }
wolfSSL 16:8e0d178b1d1e 7280
wolfSSL 16:8e0d178b1d1e 7281 if (ret == 0) {
wolfSSL 15:117db924cf7c 7282 ssl->ecdhCurveOID = ECC_X25519_OID;
wolfSSL 15:117db924cf7c 7283
wolfSSL 15:117db924cf7c 7284 ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
wolfSSL 15:117db924cf7c 7285 ssl->arrays->preMasterSecret,
wolfSSL 15:117db924cf7c 7286 &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 7287 EC25519_LITTLE_ENDIAN);
wolfSSL 15:117db924cf7c 7288 }
wolfSSL 16:8e0d178b1d1e 7289
wolfSSL 15:117db924cf7c 7290 wc_curve25519_free(peerX25519Key);
wolfSSL 15:117db924cf7c 7291 XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 7292 wc_curve25519_free((curve25519_key*)keyShareEntry->key);
wolfSSL 16:8e0d178b1d1e 7293 if (keyShareEntry->key != NULL) {
wolfSSL 16:8e0d178b1d1e 7294 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 7295 keyShareEntry->key = NULL;
wolfSSL 16:8e0d178b1d1e 7296 }
wolfSSL 15:117db924cf7c 7297 #else
wolfSSL 15:117db924cf7c 7298 (void)ssl;
wolfSSL 15:117db924cf7c 7299 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 7300
wolfSSL 15:117db924cf7c 7301 ret = PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 7302 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 7303
wolfSSL 15:117db924cf7c 7304 return ret;
wolfSSL 15:117db924cf7c 7305 }
wolfSSL 15:117db924cf7c 7306
wolfSSL 16:8e0d178b1d1e 7307 /* Process the X448 key share extension on the client side.
wolfSSL 16:8e0d178b1d1e 7308 *
wolfSSL 16:8e0d178b1d1e 7309 * ssl The SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 7310 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 16:8e0d178b1d1e 7311 * returns 0 on success and other values indicate failure.
wolfSSL 16:8e0d178b1d1e 7312 */
wolfSSL 16:8e0d178b1d1e 7313 static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 16:8e0d178b1d1e 7314 {
wolfSSL 16:8e0d178b1d1e 7315 int ret;
wolfSSL 16:8e0d178b1d1e 7316
wolfSSL 16:8e0d178b1d1e 7317 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 7318 curve448_key* key = (curve448_key*)keyShareEntry->key;
wolfSSL 16:8e0d178b1d1e 7319 curve448_key* peerX448Key;
wolfSSL 16:8e0d178b1d1e 7320
wolfSSL 16:8e0d178b1d1e 7321 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 7322 if (ssl->peerEccKey != NULL) {
wolfSSL 16:8e0d178b1d1e 7323 wc_ecc_free(ssl->peerEccKey);
wolfSSL 16:8e0d178b1d1e 7324 ssl->peerEccKey = NULL;
wolfSSL 16:8e0d178b1d1e 7325 }
wolfSSL 16:8e0d178b1d1e 7326 #endif
wolfSSL 16:8e0d178b1d1e 7327
wolfSSL 16:8e0d178b1d1e 7328 peerX448Key = (curve448_key*)XMALLOC(sizeof(curve448_key), ssl->heap,
wolfSSL 16:8e0d178b1d1e 7329 DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 7330 if (peerX448Key == NULL) {
wolfSSL 16:8e0d178b1d1e 7331 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 16:8e0d178b1d1e 7332 return MEMORY_ERROR;
wolfSSL 16:8e0d178b1d1e 7333 }
wolfSSL 16:8e0d178b1d1e 7334 ret = wc_curve448_init(peerX448Key);
wolfSSL 16:8e0d178b1d1e 7335 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 7336 XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 7337 return ret;
wolfSSL 16:8e0d178b1d1e 7338 }
wolfSSL 16:8e0d178b1d1e 7339 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 7340 WOLFSSL_MSG("Peer Curve448 Key");
wolfSSL 16:8e0d178b1d1e 7341 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 16:8e0d178b1d1e 7342 #endif
wolfSSL 16:8e0d178b1d1e 7343
wolfSSL 16:8e0d178b1d1e 7344 if (wc_curve448_check_public(keyShareEntry->ke, keyShareEntry->keLen,
wolfSSL 16:8e0d178b1d1e 7345 EC448_LITTLE_ENDIAN) != 0) {
wolfSSL 16:8e0d178b1d1e 7346 ret = ECC_PEERKEY_ERROR;
wolfSSL 16:8e0d178b1d1e 7347 }
wolfSSL 16:8e0d178b1d1e 7348
wolfSSL 16:8e0d178b1d1e 7349 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 7350 if (wc_curve448_import_public_ex(keyShareEntry->ke,
wolfSSL 16:8e0d178b1d1e 7351 keyShareEntry->keLen, peerX448Key,
wolfSSL 16:8e0d178b1d1e 7352 EC448_LITTLE_ENDIAN) != 0) {
wolfSSL 16:8e0d178b1d1e 7353 ret = ECC_PEERKEY_ERROR;
wolfSSL 16:8e0d178b1d1e 7354 }
wolfSSL 16:8e0d178b1d1e 7355 }
wolfSSL 16:8e0d178b1d1e 7356
wolfSSL 16:8e0d178b1d1e 7357 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 7358 ssl->ecdhCurveOID = ECC_X448_OID;
wolfSSL 16:8e0d178b1d1e 7359
wolfSSL 16:8e0d178b1d1e 7360 ret = wc_curve448_shared_secret_ex(key, peerX448Key,
wolfSSL 16:8e0d178b1d1e 7361 ssl->arrays->preMasterSecret,
wolfSSL 16:8e0d178b1d1e 7362 &ssl->arrays->preMasterSz,
wolfSSL 16:8e0d178b1d1e 7363 EC448_LITTLE_ENDIAN);
wolfSSL 16:8e0d178b1d1e 7364 }
wolfSSL 16:8e0d178b1d1e 7365
wolfSSL 16:8e0d178b1d1e 7366 wc_curve448_free(peerX448Key);
wolfSSL 16:8e0d178b1d1e 7367 XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 16:8e0d178b1d1e 7368 wc_curve448_free((curve448_key*)keyShareEntry->key);
wolfSSL 16:8e0d178b1d1e 7369 if (keyShareEntry->key != NULL) {
wolfSSL 16:8e0d178b1d1e 7370 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 7371 keyShareEntry->key = NULL;
wolfSSL 16:8e0d178b1d1e 7372 }
wolfSSL 16:8e0d178b1d1e 7373 #else
wolfSSL 16:8e0d178b1d1e 7374 (void)ssl;
wolfSSL 16:8e0d178b1d1e 7375 (void)keyShareEntry;
wolfSSL 16:8e0d178b1d1e 7376
wolfSSL 16:8e0d178b1d1e 7377 ret = PEER_KEY_ERROR;
wolfSSL 16:8e0d178b1d1e 7378 #endif /* HAVE_CURVE448 */
wolfSSL 16:8e0d178b1d1e 7379
wolfSSL 16:8e0d178b1d1e 7380 return ret;
wolfSSL 16:8e0d178b1d1e 7381 }
wolfSSL 16:8e0d178b1d1e 7382
wolfSSL 15:117db924cf7c 7383 /* Process the ECC key share extension on the client side.
wolfSSL 15:117db924cf7c 7384 *
wolfSSL 15:117db924cf7c 7385 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7386 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 7387 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7388 */
wolfSSL 15:117db924cf7c 7389 static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 7390 {
wolfSSL 15:117db924cf7c 7391 int ret;
wolfSSL 15:117db924cf7c 7392
wolfSSL 15:117db924cf7c 7393 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 7394 int curveId;
wolfSSL 15:117db924cf7c 7395 ecc_key* keyShareKey = (ecc_key*)keyShareEntry->key;
wolfSSL 15:117db924cf7c 7396
wolfSSL 15:117db924cf7c 7397 if (ssl->peerEccKey != NULL)
wolfSSL 15:117db924cf7c 7398 wc_ecc_free(ssl->peerEccKey);
wolfSSL 15:117db924cf7c 7399
wolfSSL 15:117db924cf7c 7400 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 15:117db924cf7c 7401 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 7402 if (ssl->peerEccKey == NULL) {
wolfSSL 15:117db924cf7c 7403 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 15:117db924cf7c 7404 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 7405 }
wolfSSL 15:117db924cf7c 7406 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 7407 if (ret != 0)
wolfSSL 15:117db924cf7c 7408 return ret;
wolfSSL 15:117db924cf7c 7409
wolfSSL 15:117db924cf7c 7410 /* find supported curve */
wolfSSL 15:117db924cf7c 7411 switch (keyShareEntry->group) {
wolfSSL 15:117db924cf7c 7412 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7413 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7414 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 7415 curveId = ECC_SECP256R1;
wolfSSL 15:117db924cf7c 7416 break;
wolfSSL 15:117db924cf7c 7417 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7418 #endif
wolfSSL 15:117db924cf7c 7419 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7420 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7421 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 7422 curveId = ECC_SECP384R1;
wolfSSL 15:117db924cf7c 7423 break;
wolfSSL 15:117db924cf7c 7424 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7425 #endif
wolfSSL 15:117db924cf7c 7426 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7427 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7428 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 7429 curveId = ECC_SECP521R1;
wolfSSL 15:117db924cf7c 7430 break;
wolfSSL 15:117db924cf7c 7431 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7432 #endif
wolfSSL 15:117db924cf7c 7433 #ifdef HAVE_X448
wolfSSL 15:117db924cf7c 7434 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 7435 curveId = ECC_X448;
wolfSSL 15:117db924cf7c 7436 break;
wolfSSL 15:117db924cf7c 7437 #endif
wolfSSL 15:117db924cf7c 7438 default:
wolfSSL 15:117db924cf7c 7439 /* unsupported curve */
wolfSSL 15:117db924cf7c 7440 return ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 7441 }
wolfSSL 15:117db924cf7c 7442
wolfSSL 15:117db924cf7c 7443 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 7444 WOLFSSL_MSG("Peer ECC Key");
wolfSSL 15:117db924cf7c 7445 WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
wolfSSL 15:117db924cf7c 7446 #endif
wolfSSL 15:117db924cf7c 7447
wolfSSL 15:117db924cf7c 7448 /* Point is validated by import function. */
wolfSSL 15:117db924cf7c 7449 if (wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 7450 ssl->peerEccKey, curveId) != 0) {
wolfSSL 15:117db924cf7c 7451 return ECC_PEERKEY_ERROR;
wolfSSL 15:117db924cf7c 7452 }
wolfSSL 15:117db924cf7c 7453 ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;
wolfSSL 15:117db924cf7c 7454
wolfSSL 15:117db924cf7c 7455 do {
wolfSSL 15:117db924cf7c 7456 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 15:117db924cf7c 7457 ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 15:117db924cf7c 7458 #endif
wolfSSL 15:117db924cf7c 7459 if (ret >= 0)
wolfSSL 15:117db924cf7c 7460 ret = wc_ecc_shared_secret(keyShareKey, ssl->peerEccKey,
wolfSSL 15:117db924cf7c 7461 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
wolfSSL 15:117db924cf7c 7462 } while (ret == WC_PENDING_E);
wolfSSL 15:117db924cf7c 7463
wolfSSL 15:117db924cf7c 7464 #if 0
wolfSSL 15:117db924cf7c 7465 /* TODO: Switch to support async here and use: */
wolfSSL 15:117db924cf7c 7466 ret = EccSharedSecret(ssl, keyShareEntry->key, ssl->peerEccKey,
wolfSSL 15:117db924cf7c 7467 keyShareEntry->ke, &keyShareEntry->keLen,
wolfSSL 15:117db924cf7c 7468 ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
wolfSSL 15:117db924cf7c 7469 ssl->options.side
wolfSSL 15:117db924cf7c 7470 );
wolfSSL 15:117db924cf7c 7471 #endif
wolfSSL 15:117db924cf7c 7472
wolfSSL 16:8e0d178b1d1e 7473 wc_ecc_free(ssl->peerEccKey);
wolfSSL 16:8e0d178b1d1e 7474 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 7475 ssl->peerEccKey = NULL;
wolfSSL 16:8e0d178b1d1e 7476 wc_ecc_free((ecc_key*)(keyShareEntry->key));
wolfSSL 16:8e0d178b1d1e 7477 if (keyShareEntry->key != NULL) {
wolfSSL 16:8e0d178b1d1e 7478 XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 7479 keyShareEntry->key = NULL;
wolfSSL 16:8e0d178b1d1e 7480 }
wolfSSL 15:117db924cf7c 7481
wolfSSL 15:117db924cf7c 7482 #else
wolfSSL 15:117db924cf7c 7483 (void)ssl;
wolfSSL 15:117db924cf7c 7484 (void)keyShareEntry;
wolfSSL 15:117db924cf7c 7485
wolfSSL 15:117db924cf7c 7486 ret = PEER_KEY_ERROR;
wolfSSL 15:117db924cf7c 7487 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 7488
wolfSSL 15:117db924cf7c 7489 return ret;
wolfSSL 15:117db924cf7c 7490 }
wolfSSL 15:117db924cf7c 7491
wolfSSL 15:117db924cf7c 7492 /* Process the key share extension on the client side.
wolfSSL 15:117db924cf7c 7493 *
wolfSSL 15:117db924cf7c 7494 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7495 * keyShareEntry The key share entry object to use to calculate shared secret.
wolfSSL 15:117db924cf7c 7496 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7497 */
wolfSSL 15:117db924cf7c 7498 static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wolfSSL 15:117db924cf7c 7499 {
wolfSSL 15:117db924cf7c 7500 int ret;
wolfSSL 15:117db924cf7c 7501
wolfSSL 15:117db924cf7c 7502 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 7503 ssl->session.namedGroup = (byte)keyShareEntry->group;
wolfSSL 15:117db924cf7c 7504 #endif
wolfSSL 15:117db924cf7c 7505 /* Use Key Share Data from server. */
wolfSSL 15:117db924cf7c 7506 if (keyShareEntry->group & NAMED_DH_MASK)
wolfSSL 15:117db924cf7c 7507 ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 7508 else if (keyShareEntry->group == WOLFSSL_ECC_X25519)
wolfSSL 15:117db924cf7c 7509 ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
wolfSSL 16:8e0d178b1d1e 7510 else if (keyShareEntry->group == WOLFSSL_ECC_X448)
wolfSSL 16:8e0d178b1d1e 7511 ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 7512 else
wolfSSL 15:117db924cf7c 7513 ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 7514
wolfSSL 15:117db924cf7c 7515 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 15:117db924cf7c 7516 WOLFSSL_MSG("KE Secret");
wolfSSL 15:117db924cf7c 7517 WOLFSSL_BUFFER(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 15:117db924cf7c 7518 #endif
wolfSSL 15:117db924cf7c 7519
wolfSSL 15:117db924cf7c 7520 return ret;
wolfSSL 15:117db924cf7c 7521 }
wolfSSL 15:117db924cf7c 7522
wolfSSL 15:117db924cf7c 7523 /* Parse an entry of the KeyShare extension.
wolfSSL 15:117db924cf7c 7524 *
wolfSSL 15:117db924cf7c 7525 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7526 * input The extension data.
wolfSSL 15:117db924cf7c 7527 * length The length of the extension data.
wolfSSL 15:117db924cf7c 7528 * kse The new key share entry object.
wolfSSL 15:117db924cf7c 7529 * returns a positive number to indicate amount of data parsed and a negative
wolfSSL 15:117db924cf7c 7530 * number on error.
wolfSSL 15:117db924cf7c 7531 */
wolfSSL 15:117db924cf7c 7532 static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 7533 KeyShareEntry **kse)
wolfSSL 15:117db924cf7c 7534 {
wolfSSL 15:117db924cf7c 7535 int ret;
wolfSSL 15:117db924cf7c 7536 word16 group;
wolfSSL 15:117db924cf7c 7537 word16 keLen;
wolfSSL 15:117db924cf7c 7538 int offset = 0;
wolfSSL 15:117db924cf7c 7539 byte* ke;
wolfSSL 15:117db924cf7c 7540
wolfSSL 15:117db924cf7c 7541 if (length < OPAQUE16_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7542 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7543 /* Named group */
wolfSSL 15:117db924cf7c 7544 ato16(&input[offset], &group);
wolfSSL 15:117db924cf7c 7545 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7546 /* Key exchange data - public key. */
wolfSSL 15:117db924cf7c 7547 ato16(&input[offset], &keLen);
wolfSSL 15:117db924cf7c 7548 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 7549 if (keLen == 0)
wolfSSL 16:8e0d178b1d1e 7550 return INVALID_PARAMETER;
wolfSSL 16:8e0d178b1d1e 7551 if (keLen > length - offset)
wolfSSL 15:117db924cf7c 7552 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7553
wolfSSL 15:117db924cf7c 7554 /* Store a copy in the key share object. */
wolfSSL 15:117db924cf7c 7555 ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7556 if (ke == NULL)
wolfSSL 15:117db924cf7c 7557 return MEMORY_E;
wolfSSL 15:117db924cf7c 7558 XMEMCPY(ke, &input[offset], keLen);
wolfSSL 15:117db924cf7c 7559
wolfSSL 15:117db924cf7c 7560 /* Populate a key share object in the extension. */
wolfSSL 15:117db924cf7c 7561 ret = TLSX_KeyShare_Use(ssl, group, keLen, ke, kse);
wolfSSL 15:117db924cf7c 7562 if (ret != 0) {
wolfSSL 15:117db924cf7c 7563 XFREE(ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7564 return ret;
wolfSSL 15:117db924cf7c 7565 }
wolfSSL 15:117db924cf7c 7566
wolfSSL 15:117db924cf7c 7567 /* Total length of the parsed data. */
wolfSSL 15:117db924cf7c 7568 return offset + keLen;
wolfSSL 15:117db924cf7c 7569 }
wolfSSL 15:117db924cf7c 7570
wolfSSL 15:117db924cf7c 7571 /* Searches the groups sent for the specified named group.
wolfSSL 15:117db924cf7c 7572 *
wolfSSL 15:117db924cf7c 7573 * ssl SSL/TLS object.
wolfSSL 15:117db924cf7c 7574 * name Group name to match.
wolfSSL 15:117db924cf7c 7575 * returns 1 when the extension has the group name and 0 otherwise.
wolfSSL 15:117db924cf7c 7576 */
wolfSSL 15:117db924cf7c 7577 static int TLSX_KeyShare_Find(WOLFSSL* ssl, word16 group)
wolfSSL 15:117db924cf7c 7578 {
wolfSSL 15:117db924cf7c 7579 TLSX* extension;
wolfSSL 15:117db924cf7c 7580 KeyShareEntry* list;
wolfSSL 15:117db924cf7c 7581
wolfSSL 15:117db924cf7c 7582 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7583 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7584 extension = TLSX_Find(ssl->ctx->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7585 if (extension == NULL)
wolfSSL 15:117db924cf7c 7586 return 0;
wolfSSL 15:117db924cf7c 7587 }
wolfSSL 15:117db924cf7c 7588
wolfSSL 15:117db924cf7c 7589 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 7590 while (list != NULL) {
wolfSSL 15:117db924cf7c 7591 if (list->group == group)
wolfSSL 15:117db924cf7c 7592 return 1;
wolfSSL 15:117db924cf7c 7593 list = list->next;
wolfSSL 15:117db924cf7c 7594 }
wolfSSL 15:117db924cf7c 7595
wolfSSL 15:117db924cf7c 7596 return 0;
wolfSSL 15:117db924cf7c 7597 }
wolfSSL 15:117db924cf7c 7598
wolfSSL 15:117db924cf7c 7599
wolfSSL 15:117db924cf7c 7600 /* Searches the supported groups extension for the specified named group.
wolfSSL 15:117db924cf7c 7601 *
wolfSSL 15:117db924cf7c 7602 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7603 * name The group name to match.
wolfSSL 15:117db924cf7c 7604 * returns 1 when the extension has the group name and 0 otherwise.
wolfSSL 15:117db924cf7c 7605 */
wolfSSL 15:117db924cf7c 7606 static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name)
wolfSSL 15:117db924cf7c 7607 {
wolfSSL 15:117db924cf7c 7608 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 7609 TLSX* extension;
wolfSSL 15:117db924cf7c 7610 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 7611
wolfSSL 15:117db924cf7c 7612 if ((extension = TLSX_Find(ssl->extensions,
wolfSSL 15:117db924cf7c 7613 TLSX_SUPPORTED_GROUPS)) == NULL) {
wolfSSL 15:117db924cf7c 7614 if ((extension = TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 7615 TLSX_SUPPORTED_GROUPS)) == NULL) {
wolfSSL 15:117db924cf7c 7616 return 0;
wolfSSL 15:117db924cf7c 7617 }
wolfSSL 15:117db924cf7c 7618 }
wolfSSL 15:117db924cf7c 7619
wolfSSL 15:117db924cf7c 7620 for (curve = (SupportedCurve*)extension->data; curve; curve = curve->next) {
wolfSSL 15:117db924cf7c 7621 if (curve->name == name)
wolfSSL 15:117db924cf7c 7622 return 1;
wolfSSL 15:117db924cf7c 7623 }
wolfSSL 15:117db924cf7c 7624 #endif
wolfSSL 15:117db924cf7c 7625
wolfSSL 15:117db924cf7c 7626 (void)ssl;
wolfSSL 15:117db924cf7c 7627 (void)name;
wolfSSL 15:117db924cf7c 7628
wolfSSL 15:117db924cf7c 7629 return 0;
wolfSSL 15:117db924cf7c 7630 }
wolfSSL 15:117db924cf7c 7631
wolfSSL 15:117db924cf7c 7632
wolfSSL 15:117db924cf7c 7633 /* Parse the KeyShare extension.
wolfSSL 15:117db924cf7c 7634 * Different formats in different messages.
wolfSSL 15:117db924cf7c 7635 *
wolfSSL 15:117db924cf7c 7636 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7637 * input The extension data.
wolfSSL 15:117db924cf7c 7638 * length The length of the extension data.
wolfSSL 15:117db924cf7c 7639 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 7640 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7641 */
wolfSSL 15:117db924cf7c 7642 static int TLSX_KeyShare_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 7643 byte msgType)
wolfSSL 15:117db924cf7c 7644 {
wolfSSL 15:117db924cf7c 7645 int ret;
wolfSSL 16:8e0d178b1d1e 7646 KeyShareEntry *keyShareEntry = NULL;
wolfSSL 15:117db924cf7c 7647 word16 group;
wolfSSL 15:117db924cf7c 7648
wolfSSL 15:117db924cf7c 7649 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 7650 int offset = 0;
wolfSSL 15:117db924cf7c 7651 word16 len;
wolfSSL 15:117db924cf7c 7652 TLSX* extension;
wolfSSL 15:117db924cf7c 7653
wolfSSL 15:117db924cf7c 7654 /* Add a KeyShare extension if it doesn't exist. */
wolfSSL 15:117db924cf7c 7655 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7656 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7657 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 7658 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 7659 if (ret != 0)
wolfSSL 15:117db924cf7c 7660 return ret;
wolfSSL 15:117db924cf7c 7661 }
wolfSSL 15:117db924cf7c 7662
wolfSSL 15:117db924cf7c 7663 if (length < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7664 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7665
wolfSSL 15:117db924cf7c 7666 /* ClientHello contains zero or more key share entries. */
wolfSSL 15:117db924cf7c 7667 ato16(input, &len);
wolfSSL 15:117db924cf7c 7668 if (len != length - OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7669 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7670 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 7671
wolfSSL 16:8e0d178b1d1e 7672 while (offset < (int)length) {
wolfSSL 16:8e0d178b1d1e 7673 ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset], length - offset,
wolfSSL 15:117db924cf7c 7674 &keyShareEntry);
wolfSSL 15:117db924cf7c 7675 if (ret < 0)
wolfSSL 15:117db924cf7c 7676 return ret;
wolfSSL 15:117db924cf7c 7677
wolfSSL 15:117db924cf7c 7678 offset += ret;
wolfSSL 15:117db924cf7c 7679 }
wolfSSL 15:117db924cf7c 7680
wolfSSL 15:117db924cf7c 7681 ret = 0;
wolfSSL 15:117db924cf7c 7682 }
wolfSSL 15:117db924cf7c 7683 else if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 7684 int len;
wolfSSL 15:117db924cf7c 7685
wolfSSL 15:117db924cf7c 7686 if (length < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7687 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7688
wolfSSL 15:117db924cf7c 7689 /* The data is the named group the server wants to use. */
wolfSSL 15:117db924cf7c 7690 ato16(input, &group);
wolfSSL 15:117db924cf7c 7691
wolfSSL 15:117db924cf7c 7692 /* Check the selected group was supported by ClientHello extensions. */
wolfSSL 15:117db924cf7c 7693 if (!TLSX_SupportedGroups_Find(ssl, group))
wolfSSL 15:117db924cf7c 7694 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7695
wolfSSL 15:117db924cf7c 7696 /* Check if the group was sent. */
wolfSSL 15:117db924cf7c 7697 if (!TLSX_KeyShare_Find(ssl, group))
wolfSSL 15:117db924cf7c 7698 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7699
wolfSSL 15:117db924cf7c 7700 /* ServerHello contains one key share entry. */
wolfSSL 15:117db924cf7c 7701 len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry);
wolfSSL 16:8e0d178b1d1e 7702 if (len != (int)length)
wolfSSL 15:117db924cf7c 7703 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7704
wolfSSL 15:117db924cf7c 7705 /* Not in list sent if there isn't a private key. */
wolfSSL 16:8e0d178b1d1e 7706 if (keyShareEntry == NULL || keyShareEntry->key == NULL)
wolfSSL 15:117db924cf7c 7707 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7708
wolfSSL 15:117db924cf7c 7709 /* Process the entry to calculate the secret. */
wolfSSL 15:117db924cf7c 7710 ret = TLSX_KeyShare_Process(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 7711 if (ret == 0)
wolfSSL 15:117db924cf7c 7712 ssl->session.namedGroup = ssl->namedGroup = group;
wolfSSL 15:117db924cf7c 7713 }
wolfSSL 15:117db924cf7c 7714 else if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 7715 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 7716 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 7717
wolfSSL 15:117db924cf7c 7718 /* The data is the named group the server wants to use. */
wolfSSL 15:117db924cf7c 7719 ato16(input, &group);
wolfSSL 15:117db924cf7c 7720
wolfSSL 15:117db924cf7c 7721 /* Check the selected group was supported by ClientHello extensions. */
wolfSSL 15:117db924cf7c 7722 if (!TLSX_SupportedGroups_Find(ssl, group))
wolfSSL 15:117db924cf7c 7723 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7724
wolfSSL 15:117db924cf7c 7725 /* Check if the group was sent. */
wolfSSL 15:117db924cf7c 7726 if (TLSX_KeyShare_Find(ssl, group))
wolfSSL 15:117db924cf7c 7727 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 7728
wolfSSL 15:117db924cf7c 7729 /* Clear out unusable key shares. */
wolfSSL 15:117db924cf7c 7730 ret = TLSX_KeyShare_Empty(ssl);
wolfSSL 15:117db924cf7c 7731 if (ret != 0)
wolfSSL 15:117db924cf7c 7732 return ret;
wolfSSL 15:117db924cf7c 7733
wolfSSL 15:117db924cf7c 7734 /* Try to use the server's group. */
wolfSSL 15:117db924cf7c 7735 ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 7736 }
wolfSSL 15:117db924cf7c 7737 else {
wolfSSL 15:117db924cf7c 7738 /* Not a message type that is allowed to have this extension. */
wolfSSL 15:117db924cf7c 7739 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 7740 }
wolfSSL 15:117db924cf7c 7741
wolfSSL 15:117db924cf7c 7742 return ret;
wolfSSL 15:117db924cf7c 7743 }
wolfSSL 15:117db924cf7c 7744
wolfSSL 15:117db924cf7c 7745 /* Create a new key share entry and put it into the list.
wolfSSL 15:117db924cf7c 7746 *
wolfSSL 15:117db924cf7c 7747 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 7748 * group The named group.
wolfSSL 15:117db924cf7c 7749 * heap The memory to allocate with.
wolfSSL 15:117db924cf7c 7750 * keyShareEntry The new key share entry object.
wolfSSL 15:117db924cf7c 7751 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7752 */
wolfSSL 15:117db924cf7c 7753 static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
wolfSSL 15:117db924cf7c 7754 KeyShareEntry** keyShareEntry)
wolfSSL 15:117db924cf7c 7755 {
wolfSSL 15:117db924cf7c 7756 KeyShareEntry* kse;
wolfSSL 16:8e0d178b1d1e 7757 KeyShareEntry** next;
wolfSSL 15:117db924cf7c 7758
wolfSSL 15:117db924cf7c 7759 kse = (KeyShareEntry*)XMALLOC(sizeof(KeyShareEntry), heap,
wolfSSL 15:117db924cf7c 7760 DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 7761 if (kse == NULL)
wolfSSL 15:117db924cf7c 7762 return MEMORY_E;
wolfSSL 15:117db924cf7c 7763
wolfSSL 15:117db924cf7c 7764 XMEMSET(kse, 0, sizeof(*kse));
wolfSSL 15:117db924cf7c 7765 kse->group = (word16)group;
wolfSSL 15:117db924cf7c 7766
wolfSSL 15:117db924cf7c 7767 /* Add it to the back and maintain the links. */
wolfSSL 16:8e0d178b1d1e 7768 while (*list != NULL) {
wolfSSL 16:8e0d178b1d1e 7769 /* Assign to temporary to work around compiler bug found by customer. */
wolfSSL 16:8e0d178b1d1e 7770 next = &((*list)->next);
wolfSSL 16:8e0d178b1d1e 7771 list = next;
wolfSSL 16:8e0d178b1d1e 7772 }
wolfSSL 15:117db924cf7c 7773 *list = kse;
wolfSSL 15:117db924cf7c 7774 *keyShareEntry = kse;
wolfSSL 15:117db924cf7c 7775
wolfSSL 15:117db924cf7c 7776 (void)heap;
wolfSSL 15:117db924cf7c 7777
wolfSSL 15:117db924cf7c 7778 return 0;
wolfSSL 15:117db924cf7c 7779 }
wolfSSL 15:117db924cf7c 7780
wolfSSL 15:117db924cf7c 7781 /* Use the data to create a new key share object in the extensions.
wolfSSL 15:117db924cf7c 7782 *
wolfSSL 15:117db924cf7c 7783 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7784 * group The named group.
wolfSSL 15:117db924cf7c 7785 * len The length of the public key data.
wolfSSL 15:117db924cf7c 7786 * data The public key data.
wolfSSL 15:117db924cf7c 7787 * kse The new key share entry object.
wolfSSL 15:117db924cf7c 7788 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7789 */
wolfSSL 15:117db924cf7c 7790 int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
wolfSSL 15:117db924cf7c 7791 KeyShareEntry **kse)
wolfSSL 15:117db924cf7c 7792 {
wolfSSL 15:117db924cf7c 7793 int ret = 0;
wolfSSL 15:117db924cf7c 7794 TLSX* extension;
wolfSSL 15:117db924cf7c 7795 KeyShareEntry* keyShareEntry = NULL;
wolfSSL 15:117db924cf7c 7796
wolfSSL 15:117db924cf7c 7797 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 7798 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7799 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7800 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 7801 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 7802 if (ret != 0)
wolfSSL 15:117db924cf7c 7803 return ret;
wolfSSL 15:117db924cf7c 7804
wolfSSL 15:117db924cf7c 7805 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7806 if (extension == NULL)
wolfSSL 15:117db924cf7c 7807 return MEMORY_E;
wolfSSL 15:117db924cf7c 7808 }
wolfSSL 15:117db924cf7c 7809 extension->resp = 0;
wolfSSL 15:117db924cf7c 7810
wolfSSL 15:117db924cf7c 7811 /* Try to find the key share entry with this group. */
wolfSSL 15:117db924cf7c 7812 keyShareEntry = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 7813 while (keyShareEntry != NULL) {
wolfSSL 15:117db924cf7c 7814 if (keyShareEntry->group == group)
wolfSSL 15:117db924cf7c 7815 break;
wolfSSL 15:117db924cf7c 7816 keyShareEntry = keyShareEntry->next;
wolfSSL 15:117db924cf7c 7817 }
wolfSSL 15:117db924cf7c 7818
wolfSSL 15:117db924cf7c 7819 /* Create a new key share entry if not found. */
wolfSSL 15:117db924cf7c 7820 if (keyShareEntry == NULL) {
wolfSSL 15:117db924cf7c 7821 ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, group,
wolfSSL 15:117db924cf7c 7822 ssl->heap, &keyShareEntry);
wolfSSL 15:117db924cf7c 7823 if (ret != 0)
wolfSSL 15:117db924cf7c 7824 return ret;
wolfSSL 15:117db924cf7c 7825 }
wolfSSL 15:117db924cf7c 7826
wolfSSL 15:117db924cf7c 7827 if (data != NULL) {
wolfSSL 16:8e0d178b1d1e 7828 if (keyShareEntry->ke != NULL) {
wolfSSL 16:8e0d178b1d1e 7829 XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 7830 }
wolfSSL 15:117db924cf7c 7831 keyShareEntry->ke = data;
wolfSSL 15:117db924cf7c 7832 keyShareEntry->keLen = len;
wolfSSL 15:117db924cf7c 7833 }
wolfSSL 15:117db924cf7c 7834 else {
wolfSSL 15:117db924cf7c 7835 /* Generate a key pair. */
wolfSSL 15:117db924cf7c 7836 ret = TLSX_KeyShare_GenKey(ssl, keyShareEntry);
wolfSSL 15:117db924cf7c 7837 if (ret != 0)
wolfSSL 15:117db924cf7c 7838 return ret;
wolfSSL 15:117db924cf7c 7839 }
wolfSSL 15:117db924cf7c 7840
wolfSSL 15:117db924cf7c 7841 if (kse != NULL)
wolfSSL 15:117db924cf7c 7842 *kse = keyShareEntry;
wolfSSL 15:117db924cf7c 7843
wolfSSL 15:117db924cf7c 7844 return 0;
wolfSSL 15:117db924cf7c 7845 }
wolfSSL 15:117db924cf7c 7846
wolfSSL 15:117db924cf7c 7847 /* Set an empty Key Share extension.
wolfSSL 15:117db924cf7c 7848 *
wolfSSL 15:117db924cf7c 7849 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7850 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 7851 */
wolfSSL 15:117db924cf7c 7852 int TLSX_KeyShare_Empty(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 7853 {
wolfSSL 15:117db924cf7c 7854 int ret = 0;
wolfSSL 15:117db924cf7c 7855 TLSX* extension;
wolfSSL 15:117db924cf7c 7856
wolfSSL 15:117db924cf7c 7857 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 7858 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 7859 if (extension == NULL) {
wolfSSL 15:117db924cf7c 7860 /* Push new KeyShare extension. */
wolfSSL 15:117db924cf7c 7861 ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 7862 }
wolfSSL 15:117db924cf7c 7863 else if (extension->data != NULL) {
wolfSSL 15:117db924cf7c 7864 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 7865 extension->data = NULL;
wolfSSL 15:117db924cf7c 7866 }
wolfSSL 15:117db924cf7c 7867
wolfSSL 15:117db924cf7c 7868 return ret;
wolfSSL 15:117db924cf7c 7869 }
wolfSSL 15:117db924cf7c 7870
wolfSSL 15:117db924cf7c 7871 /* Returns whether this group is supported.
wolfSSL 15:117db924cf7c 7872 *
wolfSSL 15:117db924cf7c 7873 * namedGroup The named group to check.
wolfSSL 15:117db924cf7c 7874 * returns 1 when supported or 0 otherwise.
wolfSSL 15:117db924cf7c 7875 */
wolfSSL 15:117db924cf7c 7876 static int TLSX_KeyShare_IsSupported(int namedGroup)
wolfSSL 15:117db924cf7c 7877 {
wolfSSL 15:117db924cf7c 7878 switch (namedGroup) {
wolfSSL 15:117db924cf7c 7879 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 7880 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 7881 break;
wolfSSL 15:117db924cf7c 7882 #endif
wolfSSL 15:117db924cf7c 7883 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 7884 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 7885 break;
wolfSSL 15:117db924cf7c 7886 #endif
wolfSSL 15:117db924cf7c 7887 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 7888 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 7889 break;
wolfSSL 15:117db924cf7c 7890 #endif
wolfSSL 15:117db924cf7c 7891 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 7892 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 7893 break;
wolfSSL 15:117db924cf7c 7894 #endif
wolfSSL 15:117db924cf7c 7895 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 7896 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 7897 break;
wolfSSL 15:117db924cf7c 7898 #endif
wolfSSL 15:117db924cf7c 7899 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7900 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7901 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 7902 break;
wolfSSL 15:117db924cf7c 7903 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7904 #endif
wolfSSL 15:117db924cf7c 7905 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 7906 case WOLFSSL_ECC_X25519:
wolfSSL 15:117db924cf7c 7907 break;
wolfSSL 15:117db924cf7c 7908 #endif
wolfSSL 16:8e0d178b1d1e 7909 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 7910 case WOLFSSL_ECC_X448:
wolfSSL 16:8e0d178b1d1e 7911 break;
wolfSSL 16:8e0d178b1d1e 7912 #endif
wolfSSL 15:117db924cf7c 7913 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7914 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7915 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 7916 break;
wolfSSL 15:117db924cf7c 7917 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7918 #endif
wolfSSL 15:117db924cf7c 7919 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7920 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7921 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 7922 break;
wolfSSL 15:117db924cf7c 7923 #endif /* !NO_ECC_SECP */
wolfSSL 15:117db924cf7c 7924 #endif
wolfSSL 15:117db924cf7c 7925 default:
wolfSSL 15:117db924cf7c 7926 return 0;
wolfSSL 15:117db924cf7c 7927 }
wolfSSL 15:117db924cf7c 7928
wolfSSL 15:117db924cf7c 7929 return 1;
wolfSSL 15:117db924cf7c 7930 }
wolfSSL 15:117db924cf7c 7931
wolfSSL 15:117db924cf7c 7932 /* Examines the application specified group ranking and returns the rank of the
wolfSSL 15:117db924cf7c 7933 * group.
wolfSSL 15:117db924cf7c 7934 * If no group ranking set then all groups are rank 0 (highest).
wolfSSL 15:117db924cf7c 7935 *
wolfSSL 15:117db924cf7c 7936 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 7937 * group The group to check ranking for.
wolfSSL 15:117db924cf7c 7938 * returns ranking from 0 to MAX_GROUP_COUNT-1 or -1 when group not in list.
wolfSSL 15:117db924cf7c 7939 */
wolfSSL 15:117db924cf7c 7940 static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
wolfSSL 15:117db924cf7c 7941 {
wolfSSL 15:117db924cf7c 7942 byte i;
wolfSSL 15:117db924cf7c 7943
wolfSSL 15:117db924cf7c 7944 if (ssl->numGroups == 0) {
wolfSSL 15:117db924cf7c 7945 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 7946 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7947 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7948 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1;
wolfSSL 15:117db924cf7c 7949 #endif
wolfSSL 15:117db924cf7c 7950 #endif
wolfSSL 15:117db924cf7c 7951 #endif
wolfSSL 15:117db924cf7c 7952 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 7953 #if defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 7954 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519;
wolfSSL 15:117db924cf7c 7955 #endif
wolfSSL 15:117db924cf7c 7956 #endif
wolfSSL 16:8e0d178b1d1e 7957 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 7958 #if defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 7959 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X448;
wolfSSL 16:8e0d178b1d1e 7960 #endif
wolfSSL 16:8e0d178b1d1e 7961 #endif
wolfSSL 15:117db924cf7c 7962 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 7963 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7964 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7965 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1;
wolfSSL 15:117db924cf7c 7966 #endif
wolfSSL 15:117db924cf7c 7967 #endif
wolfSSL 15:117db924cf7c 7968 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 7969 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 7970 ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1;
wolfSSL 15:117db924cf7c 7971 #endif
wolfSSL 15:117db924cf7c 7972 #endif
wolfSSL 15:117db924cf7c 7973 #endif
wolfSSL 15:117db924cf7c 7974 /* Add FFDHE supported groups. */
wolfSSL 15:117db924cf7c 7975 #ifdef HAVE_FFDHE_2048
wolfSSL 15:117db924cf7c 7976 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_2048;
wolfSSL 15:117db924cf7c 7977 #endif
wolfSSL 15:117db924cf7c 7978 #ifdef HAVE_FFDHE_3072
wolfSSL 15:117db924cf7c 7979 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_3072;
wolfSSL 15:117db924cf7c 7980 #endif
wolfSSL 15:117db924cf7c 7981 #ifdef HAVE_FFDHE_4096
wolfSSL 15:117db924cf7c 7982 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_4096;
wolfSSL 15:117db924cf7c 7983 #endif
wolfSSL 15:117db924cf7c 7984 #ifdef HAVE_FFDHE_6144
wolfSSL 15:117db924cf7c 7985 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_6144;
wolfSSL 15:117db924cf7c 7986 #endif
wolfSSL 15:117db924cf7c 7987 #ifdef HAVE_FFDHE_8192
wolfSSL 15:117db924cf7c 7988 ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192;
wolfSSL 15:117db924cf7c 7989 #endif
wolfSSL 15:117db924cf7c 7990 }
wolfSSL 15:117db924cf7c 7991
wolfSSL 15:117db924cf7c 7992 for (i = 0; i < ssl->numGroups; i++)
wolfSSL 16:8e0d178b1d1e 7993 if (ssl->group[i] == (word16)group)
wolfSSL 15:117db924cf7c 7994 return i;
wolfSSL 15:117db924cf7c 7995
wolfSSL 15:117db924cf7c 7996 return -1;
wolfSSL 15:117db924cf7c 7997 }
wolfSSL 15:117db924cf7c 7998
wolfSSL 15:117db924cf7c 7999 /* Set a key share that is supported by the client into extensions.
wolfSSL 15:117db924cf7c 8000 *
wolfSSL 15:117db924cf7c 8001 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8002 * returns BAD_KEY_SHARE_DATA if no supported group has a key share,
wolfSSL 15:117db924cf7c 8003 * 0 if a supported group has a key share and other values indicate an error.
wolfSSL 15:117db924cf7c 8004 */
wolfSSL 15:117db924cf7c 8005 static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 8006 {
wolfSSL 15:117db924cf7c 8007 int ret;
wolfSSL 15:117db924cf7c 8008 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 15:117db924cf7c 8009 TLSX* extension;
wolfSSL 15:117db924cf7c 8010 SupportedCurve* curve = NULL;
wolfSSL 15:117db924cf7c 8011 SupportedCurve* preferredCurve = NULL;
wolfSSL 15:117db924cf7c 8012 int preferredRank = WOLFSSL_MAX_GROUP_COUNT;
wolfSSL 15:117db924cf7c 8013 int rank;
wolfSSL 15:117db924cf7c 8014
wolfSSL 15:117db924cf7c 8015 extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
wolfSSL 15:117db924cf7c 8016 if (extension != NULL)
wolfSSL 15:117db924cf7c 8017 curve = (SupportedCurve*)extension->data;
wolfSSL 15:117db924cf7c 8018 /* Use server's preference order. */
wolfSSL 15:117db924cf7c 8019 for (; curve != NULL; curve = curve->next) {
wolfSSL 15:117db924cf7c 8020 if (!TLSX_KeyShare_IsSupported(curve->name))
wolfSSL 15:117db924cf7c 8021 continue;
wolfSSL 15:117db924cf7c 8022
wolfSSL 15:117db924cf7c 8023 rank = TLSX_KeyShare_GroupRank(ssl, curve->name);
wolfSSL 15:117db924cf7c 8024 if (rank == -1)
wolfSSL 15:117db924cf7c 8025 continue;
wolfSSL 15:117db924cf7c 8026 if (rank < preferredRank) {
wolfSSL 15:117db924cf7c 8027 preferredCurve = curve;
wolfSSL 15:117db924cf7c 8028 preferredRank = rank;
wolfSSL 15:117db924cf7c 8029 }
wolfSSL 15:117db924cf7c 8030 }
wolfSSL 15:117db924cf7c 8031 curve = preferredCurve;
wolfSSL 15:117db924cf7c 8032
wolfSSL 15:117db924cf7c 8033 if (curve == NULL)
wolfSSL 15:117db924cf7c 8034 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 8035
wolfSSL 15:117db924cf7c 8036 /* Delete the old key share data list. */
wolfSSL 15:117db924cf7c 8037 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 8038 if (extension != NULL) {
wolfSSL 15:117db924cf7c 8039 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 8040 extension->data = NULL;
wolfSSL 15:117db924cf7c 8041 }
wolfSSL 15:117db924cf7c 8042
wolfSSL 15:117db924cf7c 8043 /* Add in the chosen group. */
wolfSSL 15:117db924cf7c 8044 ret = TLSX_KeyShare_Use(ssl, curve->name, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 8045 if (ret != 0)
wolfSSL 15:117db924cf7c 8046 return ret;
wolfSSL 15:117db924cf7c 8047
wolfSSL 16:8e0d178b1d1e 8048 /* Set extension to be in response. */
wolfSSL 15:117db924cf7c 8049 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 8050 extension->resp = 1;
wolfSSL 15:117db924cf7c 8051 #else
wolfSSL 15:117db924cf7c 8052
wolfSSL 15:117db924cf7c 8053 (void)ssl;
wolfSSL 15:117db924cf7c 8054 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 8055 #endif
wolfSSL 15:117db924cf7c 8056
wolfSSL 15:117db924cf7c 8057 return ret;
wolfSSL 15:117db924cf7c 8058 }
wolfSSL 15:117db924cf7c 8059
wolfSSL 15:117db924cf7c 8060 /* Ensure there is a key pair that can be used for key exchange.
wolfSSL 15:117db924cf7c 8061 *
wolfSSL 15:117db924cf7c 8062 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8063 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8064 */
wolfSSL 15:117db924cf7c 8065 int TLSX_KeyShare_Establish(WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 8066 {
wolfSSL 15:117db924cf7c 8067 int ret;
wolfSSL 15:117db924cf7c 8068 TLSX* extension;
wolfSSL 15:117db924cf7c 8069 KeyShareEntry* clientKSE = NULL;
wolfSSL 15:117db924cf7c 8070 KeyShareEntry* serverKSE;
wolfSSL 15:117db924cf7c 8071 KeyShareEntry* list = NULL;
wolfSSL 15:117db924cf7c 8072 KeyShareEntry* preferredKSE = NULL;
wolfSSL 15:117db924cf7c 8073 int preferredRank = WOLFSSL_MAX_GROUP_COUNT;
wolfSSL 15:117db924cf7c 8074 int rank;
wolfSSL 15:117db924cf7c 8075
wolfSSL 15:117db924cf7c 8076 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 8077 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 8078 if (extension != NULL)
wolfSSL 15:117db924cf7c 8079 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 8080
wolfSSL 15:117db924cf7c 8081 if (extension && extension->resp == 1)
wolfSSL 15:117db924cf7c 8082 return 0;
wolfSSL 15:117db924cf7c 8083
wolfSSL 15:117db924cf7c 8084 /* Use server's preference order. */
wolfSSL 15:117db924cf7c 8085 for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
wolfSSL 15:117db924cf7c 8086 if (clientKSE->ke == NULL)
wolfSSL 15:117db924cf7c 8087 continue;
wolfSSL 15:117db924cf7c 8088
wolfSSL 15:117db924cf7c 8089 /* Check consistency now - extensions in any order. */
wolfSSL 15:117db924cf7c 8090 if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group))
wolfSSL 15:117db924cf7c 8091 return BAD_KEY_SHARE_DATA;
wolfSSL 15:117db924cf7c 8092
wolfSSL 15:117db924cf7c 8093 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 8094 if ((clientKSE->group & NAMED_DH_MASK) == 0) {
wolfSSL 15:117db924cf7c 8095 /* Check if server supports group. */
wolfSSL 15:117db924cf7c 8096 if (ssl->ctx->disabledCurves & (1 << clientKSE->group))
wolfSSL 15:117db924cf7c 8097 continue;
wolfSSL 15:117db924cf7c 8098 }
wolfSSL 15:117db924cf7c 8099 #endif
wolfSSL 15:117db924cf7c 8100 if (!TLSX_KeyShare_IsSupported(clientKSE->group))
wolfSSL 15:117db924cf7c 8101 continue;
wolfSSL 15:117db924cf7c 8102
wolfSSL 15:117db924cf7c 8103 rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group);
wolfSSL 15:117db924cf7c 8104 if (rank == -1)
wolfSSL 15:117db924cf7c 8105 continue;
wolfSSL 15:117db924cf7c 8106 if (rank < preferredRank) {
wolfSSL 15:117db924cf7c 8107 preferredKSE = clientKSE;
wolfSSL 15:117db924cf7c 8108 preferredRank = rank;
wolfSSL 15:117db924cf7c 8109 }
wolfSSL 15:117db924cf7c 8110 }
wolfSSL 15:117db924cf7c 8111 clientKSE = preferredKSE;
wolfSSL 15:117db924cf7c 8112
wolfSSL 15:117db924cf7c 8113 /* No supported group found - send HelloRetryRequest. */
wolfSSL 15:117db924cf7c 8114 if (clientKSE == NULL) {
wolfSSL 15:117db924cf7c 8115 ret = TLSX_KeyShare_SetSupported(ssl);
wolfSSL 15:117db924cf7c 8116 /* Return KEY_SHARE_ERROR to indicate HelloRetryRequest required. */
wolfSSL 15:117db924cf7c 8117 if (ret == 0)
wolfSSL 15:117db924cf7c 8118 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 8119 return ret;
wolfSSL 15:117db924cf7c 8120 }
wolfSSL 15:117db924cf7c 8121
wolfSSL 15:117db924cf7c 8122 list = NULL;
wolfSSL 15:117db924cf7c 8123 /* Generate a new key pair. */
wolfSSL 15:117db924cf7c 8124 ret = TLSX_KeyShare_New(&list, clientKSE->group, ssl->heap, &serverKSE);
wolfSSL 15:117db924cf7c 8125 if (ret != 0)
wolfSSL 15:117db924cf7c 8126 return ret;
wolfSSL 15:117db924cf7c 8127
wolfSSL 15:117db924cf7c 8128 if (clientKSE->key == NULL) {
wolfSSL 15:117db924cf7c 8129 ret = TLSX_KeyShare_GenKey(ssl, serverKSE);
wolfSSL 15:117db924cf7c 8130 if (ret != 0)
wolfSSL 15:117db924cf7c 8131 return ret;
wolfSSL 15:117db924cf7c 8132 }
wolfSSL 15:117db924cf7c 8133 else {
wolfSSL 15:117db924cf7c 8134 serverKSE->key = clientKSE->key;
wolfSSL 15:117db924cf7c 8135 serverKSE->keyLen = clientKSE->keyLen;
wolfSSL 15:117db924cf7c 8136 serverKSE->pubKey = clientKSE->pubKey;
wolfSSL 15:117db924cf7c 8137 serverKSE->pubKeyLen = clientKSE->pubKeyLen;
wolfSSL 15:117db924cf7c 8138 clientKSE->key = NULL;
wolfSSL 15:117db924cf7c 8139 clientKSE->pubKey = NULL;
wolfSSL 15:117db924cf7c 8140 }
wolfSSL 15:117db924cf7c 8141 serverKSE->ke = clientKSE->ke;
wolfSSL 15:117db924cf7c 8142 serverKSE->keLen = clientKSE->keLen;
wolfSSL 15:117db924cf7c 8143 clientKSE->ke = NULL;
wolfSSL 15:117db924cf7c 8144 clientKSE->keLen = 0;
wolfSSL 15:117db924cf7c 8145
wolfSSL 15:117db924cf7c 8146 TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap);
wolfSSL 15:117db924cf7c 8147 extension->data = (void *)serverKSE;
wolfSSL 15:117db924cf7c 8148
wolfSSL 15:117db924cf7c 8149 extension->resp = 1;
wolfSSL 15:117db924cf7c 8150
wolfSSL 15:117db924cf7c 8151 return 0;
wolfSSL 15:117db924cf7c 8152 }
wolfSSL 15:117db924cf7c 8153
wolfSSL 15:117db924cf7c 8154 /* Derive the shared secret of the key exchange.
wolfSSL 15:117db924cf7c 8155 *
wolfSSL 15:117db924cf7c 8156 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8157 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8158 */
wolfSSL 15:117db924cf7c 8159 int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 8160 {
wolfSSL 15:117db924cf7c 8161 int ret;
wolfSSL 15:117db924cf7c 8162 TLSX* extension;
wolfSSL 15:117db924cf7c 8163 KeyShareEntry* list = NULL;
wolfSSL 15:117db924cf7c 8164
wolfSSL 15:117db924cf7c 8165 /* Find the KeyShare extension if it exists. */
wolfSSL 15:117db924cf7c 8166 extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
wolfSSL 15:117db924cf7c 8167 if (extension != NULL)
wolfSSL 15:117db924cf7c 8168 list = (KeyShareEntry*)extension->data;
wolfSSL 15:117db924cf7c 8169
wolfSSL 15:117db924cf7c 8170 if (list == NULL)
wolfSSL 15:117db924cf7c 8171 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 8172
wolfSSL 15:117db924cf7c 8173 /* Calculate secret. */
wolfSSL 15:117db924cf7c 8174 ret = TLSX_KeyShare_Process(ssl, list);
wolfSSL 15:117db924cf7c 8175 if (ret != 0)
wolfSSL 15:117db924cf7c 8176 return ret;
wolfSSL 15:117db924cf7c 8177
wolfSSL 15:117db924cf7c 8178 return ret;
wolfSSL 15:117db924cf7c 8179 }
wolfSSL 15:117db924cf7c 8180
wolfSSL 15:117db924cf7c 8181 #define KS_FREE_ALL TLSX_KeyShare_FreeAll
wolfSSL 15:117db924cf7c 8182 #define KS_GET_SIZE TLSX_KeyShare_GetSize
wolfSSL 15:117db924cf7c 8183 #define KS_WRITE TLSX_KeyShare_Write
wolfSSL 15:117db924cf7c 8184 #define KS_PARSE TLSX_KeyShare_Parse
wolfSSL 15:117db924cf7c 8185
wolfSSL 15:117db924cf7c 8186 #else
wolfSSL 15:117db924cf7c 8187
wolfSSL 15:117db924cf7c 8188 #define KS_FREE_ALL(a, b)
wolfSSL 15:117db924cf7c 8189 #define KS_GET_SIZE(a, b) 0
wolfSSL 15:117db924cf7c 8190 #define KS_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 8191 #define KS_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8192
wolfSSL 15:117db924cf7c 8193 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 8194
wolfSSL 15:117db924cf7c 8195 /******************************************************************************/
wolfSSL 15:117db924cf7c 8196 /* Pre-Shared Key */
wolfSSL 15:117db924cf7c 8197 /******************************************************************************/
wolfSSL 15:117db924cf7c 8198
wolfSSL 15:117db924cf7c 8199 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 8200 /* Free the pre-shared key dynamic data.
wolfSSL 15:117db924cf7c 8201 *
wolfSSL 15:117db924cf7c 8202 * list The linked list of key share entry objects.
wolfSSL 15:117db924cf7c 8203 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 8204 */
wolfSSL 15:117db924cf7c 8205 static void TLSX_PreSharedKey_FreeAll(PreSharedKey* list, void* heap)
wolfSSL 15:117db924cf7c 8206 {
wolfSSL 15:117db924cf7c 8207 PreSharedKey* current;
wolfSSL 15:117db924cf7c 8208
wolfSSL 15:117db924cf7c 8209 while ((current = list) != NULL) {
wolfSSL 15:117db924cf7c 8210 list = current->next;
wolfSSL 15:117db924cf7c 8211 XFREE(current->identity, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8212 XFREE(current, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8213 }
wolfSSL 15:117db924cf7c 8214
wolfSSL 15:117db924cf7c 8215 (void)heap;
wolfSSL 15:117db924cf7c 8216 }
wolfSSL 15:117db924cf7c 8217
wolfSSL 15:117db924cf7c 8218 /* Get the size of the encoded pre shared key extension.
wolfSSL 15:117db924cf7c 8219 *
wolfSSL 15:117db924cf7c 8220 * list The linked list of pre-shared key extensions.
wolfSSL 15:117db924cf7c 8221 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8222 * returns the number of bytes of the encoded pre-shared key extension or
wolfSSL 15:117db924cf7c 8223 * SANITY_MSG_E to indicate invalid message type.
wolfSSL 15:117db924cf7c 8224 */
wolfSSL 16:8e0d178b1d1e 8225 static int TLSX_PreSharedKey_GetSize(PreSharedKey* list, byte msgType,
wolfSSL 16:8e0d178b1d1e 8226 word16* pSz)
wolfSSL 15:117db924cf7c 8227 {
wolfSSL 15:117db924cf7c 8228 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8229 /* Length of identities + Length of binders. */
wolfSSL 15:117db924cf7c 8230 word16 len = OPAQUE16_LEN + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8231 while (list != NULL) {
wolfSSL 15:117db924cf7c 8232 /* Each entry has: identity, ticket age and binder. */
wolfSSL 15:117db924cf7c 8233 len += OPAQUE16_LEN + list->identityLen + OPAQUE32_LEN +
wolfSSL 15:117db924cf7c 8234 OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 8235 list = list->next;
wolfSSL 15:117db924cf7c 8236 }
wolfSSL 16:8e0d178b1d1e 8237 *pSz += len;
wolfSSL 16:8e0d178b1d1e 8238 return 0;
wolfSSL 15:117db924cf7c 8239 }
wolfSSL 15:117db924cf7c 8240
wolfSSL 15:117db924cf7c 8241 if (msgType == server_hello) {
wolfSSL 16:8e0d178b1d1e 8242 *pSz += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 8243 return 0;
wolfSSL 16:8e0d178b1d1e 8244 }
wolfSSL 16:8e0d178b1d1e 8245
wolfSSL 16:8e0d178b1d1e 8246 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8247 }
wolfSSL 15:117db924cf7c 8248
wolfSSL 15:117db924cf7c 8249 /* The number of bytes to be written for the binders.
wolfSSL 15:117db924cf7c 8250 *
wolfSSL 15:117db924cf7c 8251 * list The linked list of pre-shared key extensions.
wolfSSL 15:117db924cf7c 8252 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8253 * returns the number of bytes of the encoded pre-shared key extension or
wolfSSL 15:117db924cf7c 8254 * SANITY_MSG_E to indicate invalid message type.
wolfSSL 15:117db924cf7c 8255 */
wolfSSL 16:8e0d178b1d1e 8256 int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, byte msgType,
wolfSSL 16:8e0d178b1d1e 8257 word16* pSz)
wolfSSL 15:117db924cf7c 8258 {
wolfSSL 15:117db924cf7c 8259 word16 len;
wolfSSL 15:117db924cf7c 8260
wolfSSL 15:117db924cf7c 8261 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 8262 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8263
wolfSSL 15:117db924cf7c 8264 /* Length of all binders. */
wolfSSL 15:117db924cf7c 8265 len = OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8266 while (list != NULL) {
wolfSSL 15:117db924cf7c 8267 len += OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 8268 list = list->next;
wolfSSL 15:117db924cf7c 8269 }
wolfSSL 15:117db924cf7c 8270
wolfSSL 16:8e0d178b1d1e 8271 *pSz = len;
wolfSSL 16:8e0d178b1d1e 8272 return 0;
wolfSSL 15:117db924cf7c 8273 }
wolfSSL 15:117db924cf7c 8274
wolfSSL 15:117db924cf7c 8275 /* Writes the pre-shared key extension into the output buffer - binders only.
wolfSSL 15:117db924cf7c 8276 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8277 *
wolfSSL 15:117db924cf7c 8278 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 8279 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8280 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8281 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8282 */
wolfSSL 16:8e0d178b1d1e 8283 int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, byte* output,
wolfSSL 16:8e0d178b1d1e 8284 byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 8285 {
wolfSSL 15:117db924cf7c 8286 PreSharedKey* current = list;
wolfSSL 15:117db924cf7c 8287 word16 idx = 0;
wolfSSL 15:117db924cf7c 8288 word16 lenIdx;
wolfSSL 15:117db924cf7c 8289 word16 len;
wolfSSL 15:117db924cf7c 8290
wolfSSL 15:117db924cf7c 8291 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 8292 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8293
wolfSSL 15:117db924cf7c 8294 /* Skip length of all binders. */
wolfSSL 15:117db924cf7c 8295 lenIdx = idx;
wolfSSL 15:117db924cf7c 8296 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8297 while (current != NULL) {
wolfSSL 15:117db924cf7c 8298 /* Binder data length. */
wolfSSL 15:117db924cf7c 8299 output[idx++] = current->binderLen;
wolfSSL 15:117db924cf7c 8300 /* Binder data. */
wolfSSL 15:117db924cf7c 8301 XMEMCPY(output + idx, current->binder, current->binderLen);
wolfSSL 15:117db924cf7c 8302 idx += current->binderLen;
wolfSSL 15:117db924cf7c 8303
wolfSSL 15:117db924cf7c 8304 current = current->next;
wolfSSL 15:117db924cf7c 8305 }
wolfSSL 15:117db924cf7c 8306 /* Length of the binders. */
wolfSSL 15:117db924cf7c 8307 len = idx - lenIdx - OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8308 c16toa(len, output + lenIdx);
wolfSSL 15:117db924cf7c 8309
wolfSSL 16:8e0d178b1d1e 8310 *pSz = idx;
wolfSSL 16:8e0d178b1d1e 8311 return 0;
wolfSSL 15:117db924cf7c 8312 }
wolfSSL 15:117db924cf7c 8313
wolfSSL 15:117db924cf7c 8314
wolfSSL 15:117db924cf7c 8315 /* Writes the pre-shared key extension into the output buffer.
wolfSSL 15:117db924cf7c 8316 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8317 *
wolfSSL 15:117db924cf7c 8318 * list The linked list of key share entries.
wolfSSL 15:117db924cf7c 8319 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8320 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8321 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8322 */
wolfSSL 16:8e0d178b1d1e 8323 static int TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output,
wolfSSL 16:8e0d178b1d1e 8324 byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 8325 {
wolfSSL 15:117db924cf7c 8326 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8327 PreSharedKey* current = list;
wolfSSL 15:117db924cf7c 8328 word16 idx = 0;
wolfSSL 15:117db924cf7c 8329 word16 lenIdx;
wolfSSL 15:117db924cf7c 8330 word16 len;
wolfSSL 16:8e0d178b1d1e 8331 int ret;
wolfSSL 15:117db924cf7c 8332
wolfSSL 15:117db924cf7c 8333 /* Write identites only. Binders after HMACing over this. */
wolfSSL 15:117db924cf7c 8334 lenIdx = idx;
wolfSSL 15:117db924cf7c 8335 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8336 while (current != NULL) {
wolfSSL 15:117db924cf7c 8337 /* Identity length */
wolfSSL 15:117db924cf7c 8338 c16toa(current->identityLen, output + idx);
wolfSSL 15:117db924cf7c 8339 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8340 /* Identity data */
wolfSSL 15:117db924cf7c 8341 XMEMCPY(output + idx, current->identity, current->identityLen);
wolfSSL 15:117db924cf7c 8342 idx += current->identityLen;
wolfSSL 15:117db924cf7c 8343
wolfSSL 15:117db924cf7c 8344 /* Obfuscated ticket age. */
wolfSSL 15:117db924cf7c 8345 c32toa(current->ticketAge, output + idx);
wolfSSL 15:117db924cf7c 8346 idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 8347
wolfSSL 15:117db924cf7c 8348 current = current->next;
wolfSSL 15:117db924cf7c 8349 }
wolfSSL 15:117db924cf7c 8350 /* Length of the identites. */
wolfSSL 15:117db924cf7c 8351 len = idx - lenIdx - OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8352 c16toa(len, output + lenIdx);
wolfSSL 15:117db924cf7c 8353
wolfSSL 15:117db924cf7c 8354 /* Don't include binders here.
wolfSSL 15:117db924cf7c 8355 * The binders are based on the hash of all the ClientHello data up to
wolfSSL 15:117db924cf7c 8356 * and include the identities written above.
wolfSSL 15:117db924cf7c 8357 */
wolfSSL 16:8e0d178b1d1e 8358 ret = TLSX_PreSharedKey_GetSizeBinders(list, msgType, &len);
wolfSSL 16:8e0d178b1d1e 8359 if (ret < 0)
wolfSSL 16:8e0d178b1d1e 8360 return ret;
wolfSSL 16:8e0d178b1d1e 8361 *pSz += idx + len;
wolfSSL 16:8e0d178b1d1e 8362 }
wolfSSL 16:8e0d178b1d1e 8363 else if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 8364 word16 i;
wolfSSL 15:117db924cf7c 8365
wolfSSL 15:117db924cf7c 8366 /* Find the index of the chosen identity. */
wolfSSL 15:117db924cf7c 8367 for (i=0; list != NULL && !list->chosen; i++)
wolfSSL 15:117db924cf7c 8368 list = list->next;
wolfSSL 15:117db924cf7c 8369 if (list == NULL)
wolfSSL 15:117db924cf7c 8370 return BUILD_MSG_ERROR;
wolfSSL 15:117db924cf7c 8371
wolfSSL 15:117db924cf7c 8372 /* The index of the identity chosen by the server from the list supplied
wolfSSL 15:117db924cf7c 8373 * by the client.
wolfSSL 15:117db924cf7c 8374 */
wolfSSL 15:117db924cf7c 8375 c16toa(i, output);
wolfSSL 16:8e0d178b1d1e 8376 *pSz += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 8377 }
wolfSSL 16:8e0d178b1d1e 8378 else
wolfSSL 16:8e0d178b1d1e 8379 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8380
wolfSSL 15:117db924cf7c 8381 return 0;
wolfSSL 15:117db924cf7c 8382 }
wolfSSL 15:117db924cf7c 8383
wolfSSL 15:117db924cf7c 8384 /* Parse the pre-shared key extension.
wolfSSL 15:117db924cf7c 8385 * Different formats in different messages.
wolfSSL 15:117db924cf7c 8386 *
wolfSSL 15:117db924cf7c 8387 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8388 * input The extension data.
wolfSSL 15:117db924cf7c 8389 * length The length of the extension data.
wolfSSL 15:117db924cf7c 8390 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 8391 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8392 */
wolfSSL 15:117db924cf7c 8393 static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 8394 byte msgType)
wolfSSL 15:117db924cf7c 8395 {
wolfSSL 15:117db924cf7c 8396 TLSX* extension;
wolfSSL 15:117db924cf7c 8397 PreSharedKey* list;
wolfSSL 15:117db924cf7c 8398
wolfSSL 15:117db924cf7c 8399 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8400 int ret;
wolfSSL 15:117db924cf7c 8401 word16 len;
wolfSSL 15:117db924cf7c 8402 word16 idx = 0;
wolfSSL 15:117db924cf7c 8403
wolfSSL 15:117db924cf7c 8404 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
wolfSSL 15:117db924cf7c 8405
wolfSSL 15:117db924cf7c 8406 /* Length of identities and of binders. */
wolfSSL 15:117db924cf7c 8407 if (length - idx < OPAQUE16_LEN + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 8408 return BUFFER_E;
wolfSSL 15:117db924cf7c 8409
wolfSSL 15:117db924cf7c 8410 /* Length of identities. */
wolfSSL 15:117db924cf7c 8411 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 8412 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8413 if (len < MIN_PSK_ID_LEN || length - idx < len)
wolfSSL 15:117db924cf7c 8414 return BUFFER_E;
wolfSSL 15:117db924cf7c 8415
wolfSSL 15:117db924cf7c 8416 /* Create a pre-shared key object for each identity. */
wolfSSL 15:117db924cf7c 8417 while (len > 0) {
wolfSSL 15:117db924cf7c 8418 byte* identity;
wolfSSL 15:117db924cf7c 8419 word16 identityLen;
wolfSSL 15:117db924cf7c 8420 word32 age;
wolfSSL 15:117db924cf7c 8421
wolfSSL 15:117db924cf7c 8422 if (len < OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 8423 return BUFFER_E;
wolfSSL 15:117db924cf7c 8424
wolfSSL 15:117db924cf7c 8425 /* Length of identity. */
wolfSSL 15:117db924cf7c 8426 ato16(input + idx, &identityLen);
wolfSSL 15:117db924cf7c 8427 idx += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 8428 if (len < OPAQUE16_LEN + identityLen + OPAQUE32_LEN ||
wolfSSL 16:8e0d178b1d1e 8429 identityLen > MAX_PSK_ID_LEN)
wolfSSL 15:117db924cf7c 8430 return BUFFER_E;
wolfSSL 15:117db924cf7c 8431 /* Cache identity pointer. */
wolfSSL 15:117db924cf7c 8432 identity = input + idx;
wolfSSL 15:117db924cf7c 8433 idx += identityLen;
wolfSSL 15:117db924cf7c 8434 /* Ticket age. */
wolfSSL 15:117db924cf7c 8435 ato32(input + idx, &age);
wolfSSL 15:117db924cf7c 8436 idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 8437
wolfSSL 15:117db924cf7c 8438 ret = TLSX_PreSharedKey_Use(ssl, identity, identityLen, age, no_mac,
wolfSSL 15:117db924cf7c 8439 0, 0, 1, NULL);
wolfSSL 15:117db924cf7c 8440 if (ret != 0)
wolfSSL 15:117db924cf7c 8441 return ret;
wolfSSL 15:117db924cf7c 8442
wolfSSL 15:117db924cf7c 8443 /* Done with this identity. */
wolfSSL 15:117db924cf7c 8444 len -= OPAQUE16_LEN + identityLen + OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 8445 }
wolfSSL 15:117db924cf7c 8446
wolfSSL 15:117db924cf7c 8447 /* Find the list of identities sent to server. */
wolfSSL 15:117db924cf7c 8448 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 8449 if (extension == NULL)
wolfSSL 15:117db924cf7c 8450 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 8451 list = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 8452
wolfSSL 15:117db924cf7c 8453 /* Length of binders. */
wolfSSL 16:8e0d178b1d1e 8454 if (idx + OPAQUE16_LEN > length)
wolfSSL 16:8e0d178b1d1e 8455 return BUFFER_E;
wolfSSL 15:117db924cf7c 8456 ato16(input + idx, &len);
wolfSSL 15:117db924cf7c 8457 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 8458 if (len < MIN_PSK_BINDERS_LEN || length - idx < len)
wolfSSL 15:117db924cf7c 8459 return BUFFER_E;
wolfSSL 15:117db924cf7c 8460
wolfSSL 15:117db924cf7c 8461 /* Set binder for each identity. */
wolfSSL 15:117db924cf7c 8462 while (list != NULL && len > 0) {
wolfSSL 15:117db924cf7c 8463 /* Length of binder */
wolfSSL 15:117db924cf7c 8464 list->binderLen = input[idx++];
wolfSSL 15:117db924cf7c 8465 if (list->binderLen < WC_SHA256_DIGEST_SIZE ||
wolfSSL 15:117db924cf7c 8466 list->binderLen > WC_MAX_DIGEST_SIZE)
wolfSSL 15:117db924cf7c 8467 return BUFFER_E;
wolfSSL 15:117db924cf7c 8468 if (len < OPAQUE8_LEN + list->binderLen)
wolfSSL 15:117db924cf7c 8469 return BUFFER_E;
wolfSSL 15:117db924cf7c 8470
wolfSSL 15:117db924cf7c 8471 /* Copy binder into static buffer. */
wolfSSL 15:117db924cf7c 8472 XMEMCPY(list->binder, input + idx, list->binderLen);
wolfSSL 15:117db924cf7c 8473 idx += list->binderLen;
wolfSSL 15:117db924cf7c 8474
wolfSSL 15:117db924cf7c 8475 /* Done with binder entry. */
wolfSSL 15:117db924cf7c 8476 len -= OPAQUE8_LEN + list->binderLen;
wolfSSL 15:117db924cf7c 8477
wolfSSL 15:117db924cf7c 8478 /* Next identity. */
wolfSSL 15:117db924cf7c 8479 list = list->next;
wolfSSL 15:117db924cf7c 8480 }
wolfSSL 15:117db924cf7c 8481 if (list != NULL || len != 0)
wolfSSL 15:117db924cf7c 8482 return BUFFER_E;
wolfSSL 15:117db924cf7c 8483
wolfSSL 15:117db924cf7c 8484 return 0;
wolfSSL 15:117db924cf7c 8485 }
wolfSSL 15:117db924cf7c 8486
wolfSSL 15:117db924cf7c 8487 if (msgType == server_hello) {
wolfSSL 15:117db924cf7c 8488 word16 idx;
wolfSSL 15:117db924cf7c 8489
wolfSSL 15:117db924cf7c 8490 /* Index of identity chosen by server. */
wolfSSL 15:117db924cf7c 8491 if (length != OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 8492 return BUFFER_E;
wolfSSL 15:117db924cf7c 8493 ato16(input, &idx);
wolfSSL 15:117db924cf7c 8494
wolfSSL 15:117db924cf7c 8495 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8496 ssl->options.pskIdIndex = idx + 1;
wolfSSL 15:117db924cf7c 8497 #endif
wolfSSL 15:117db924cf7c 8498
wolfSSL 15:117db924cf7c 8499 /* Find the list of identities sent to server. */
wolfSSL 15:117db924cf7c 8500 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 8501 if (extension == NULL)
wolfSSL 15:117db924cf7c 8502 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 8503 list = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 8504
wolfSSL 15:117db924cf7c 8505 /* Mark the identity as chosen. */
wolfSSL 15:117db924cf7c 8506 for (; list != NULL && idx > 0; idx--)
wolfSSL 15:117db924cf7c 8507 list = list->next;
wolfSSL 15:117db924cf7c 8508 if (list == NULL)
wolfSSL 15:117db924cf7c 8509 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 8510 list->chosen = 1;
wolfSSL 15:117db924cf7c 8511
wolfSSL 15:117db924cf7c 8512 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 8513 if (list->resumption) {
wolfSSL 15:117db924cf7c 8514 /* Check that the session's details are the same as the server's. */
wolfSSL 15:117db924cf7c 8515 if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 ||
wolfSSL 15:117db924cf7c 8516 ssl->options.cipherSuite != ssl->session.cipherSuite ||
wolfSSL 15:117db924cf7c 8517 ssl->session.version.major != ssl->ctx->method->version.major ||
wolfSSL 15:117db924cf7c 8518 ssl->session.version.minor != ssl->ctx->method->version.minor) {
wolfSSL 15:117db924cf7c 8519 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 8520 }
wolfSSL 15:117db924cf7c 8521 }
wolfSSL 15:117db924cf7c 8522 #endif
wolfSSL 15:117db924cf7c 8523
wolfSSL 15:117db924cf7c 8524 return 0;
wolfSSL 15:117db924cf7c 8525 }
wolfSSL 15:117db924cf7c 8526
wolfSSL 15:117db924cf7c 8527 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8528 }
wolfSSL 15:117db924cf7c 8529
wolfSSL 15:117db924cf7c 8530 /* Create a new pre-shared key and put it into the list.
wolfSSL 15:117db924cf7c 8531 *
wolfSSL 15:117db924cf7c 8532 * list The linked list of pre-shared key.
wolfSSL 15:117db924cf7c 8533 * identity The identity.
wolfSSL 15:117db924cf7c 8534 * len The length of the identity data.
wolfSSL 15:117db924cf7c 8535 * heap The memory to allocate with.
wolfSSL 15:117db924cf7c 8536 * preSharedKey The new pre-shared key object.
wolfSSL 15:117db924cf7c 8537 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8538 */
wolfSSL 15:117db924cf7c 8539 static int TLSX_PreSharedKey_New(PreSharedKey** list, byte* identity,
wolfSSL 15:117db924cf7c 8540 word16 len, void *heap,
wolfSSL 15:117db924cf7c 8541 PreSharedKey** preSharedKey)
wolfSSL 15:117db924cf7c 8542 {
wolfSSL 15:117db924cf7c 8543 PreSharedKey* psk;
wolfSSL 16:8e0d178b1d1e 8544 PreSharedKey** next;
wolfSSL 15:117db924cf7c 8545
wolfSSL 15:117db924cf7c 8546 psk = (PreSharedKey*)XMALLOC(sizeof(PreSharedKey), heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8547 if (psk == NULL)
wolfSSL 15:117db924cf7c 8548 return MEMORY_E;
wolfSSL 15:117db924cf7c 8549 XMEMSET(psk, 0, sizeof(*psk));
wolfSSL 15:117db924cf7c 8550
wolfSSL 15:117db924cf7c 8551 /* Make a copy of the identity data. */
wolfSSL 15:117db924cf7c 8552 psk->identity = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8553 if (psk->identity == NULL) {
wolfSSL 15:117db924cf7c 8554 XFREE(psk, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 8555 return MEMORY_E;
wolfSSL 15:117db924cf7c 8556 }
wolfSSL 15:117db924cf7c 8557 XMEMCPY(psk->identity, identity, len);
wolfSSL 15:117db924cf7c 8558 psk->identityLen = len;
wolfSSL 15:117db924cf7c 8559
wolfSSL 15:117db924cf7c 8560 /* Add it to the end and maintain the links. */
wolfSSL 16:8e0d178b1d1e 8561 while (*list != NULL) {
wolfSSL 16:8e0d178b1d1e 8562 /* Assign to temporary to work around compiler bug found by customer. */
wolfSSL 16:8e0d178b1d1e 8563 next = &((*list)->next);
wolfSSL 16:8e0d178b1d1e 8564 list = next;
wolfSSL 16:8e0d178b1d1e 8565 }
wolfSSL 15:117db924cf7c 8566 *list = psk;
wolfSSL 15:117db924cf7c 8567 *preSharedKey = psk;
wolfSSL 15:117db924cf7c 8568
wolfSSL 16:8e0d178b1d1e 8569 (void)heap;
wolfSSL 16:8e0d178b1d1e 8570
wolfSSL 15:117db924cf7c 8571 return 0;
wolfSSL 15:117db924cf7c 8572 }
wolfSSL 15:117db924cf7c 8573
wolfSSL 15:117db924cf7c 8574 static WC_INLINE byte GetHmacLength(int hmac)
wolfSSL 15:117db924cf7c 8575 {
wolfSSL 15:117db924cf7c 8576 switch (hmac) {
wolfSSL 15:117db924cf7c 8577 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 8578 case sha256_mac:
wolfSSL 15:117db924cf7c 8579 return WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 8580 #endif
wolfSSL 15:117db924cf7c 8581 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 8582 case sha384_mac:
wolfSSL 15:117db924cf7c 8583 return WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 8584 #endif
wolfSSL 15:117db924cf7c 8585 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 8586 case sha512_mac:
wolfSSL 15:117db924cf7c 8587 return WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 8588 #endif
wolfSSL 15:117db924cf7c 8589 }
wolfSSL 15:117db924cf7c 8590 return 0;
wolfSSL 15:117db924cf7c 8591 }
wolfSSL 15:117db924cf7c 8592
wolfSSL 15:117db924cf7c 8593 /* Use the data to create a new pre-shared key object in the extensions.
wolfSSL 15:117db924cf7c 8594 *
wolfSSL 15:117db924cf7c 8595 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8596 * identity The identity.
wolfSSL 15:117db924cf7c 8597 * len The length of the identity data.
wolfSSL 15:117db924cf7c 8598 * age The age of the identity.
wolfSSL 15:117db924cf7c 8599 * hmac The HMAC algorithm.
wolfSSL 15:117db924cf7c 8600 * ciphersuite0 The first byte of the ciphersuite to use.
wolfSSL 15:117db924cf7c 8601 * ciphersuite The second byte of the ciphersuite to use.
wolfSSL 15:117db924cf7c 8602 * resumption The PSK is for resumption of a session.
wolfSSL 15:117db924cf7c 8603 * preSharedKey The new pre-shared key object.
wolfSSL 15:117db924cf7c 8604 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8605 */
wolfSSL 15:117db924cf7c 8606 int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, word16 len, word32 age,
wolfSSL 15:117db924cf7c 8607 byte hmac, byte cipherSuite0,
wolfSSL 15:117db924cf7c 8608 byte cipherSuite, byte resumption,
wolfSSL 15:117db924cf7c 8609 PreSharedKey **preSharedKey)
wolfSSL 15:117db924cf7c 8610 {
wolfSSL 15:117db924cf7c 8611 int ret = 0;
wolfSSL 15:117db924cf7c 8612 TLSX* extension;
wolfSSL 15:117db924cf7c 8613 PreSharedKey* psk = NULL;
wolfSSL 15:117db924cf7c 8614
wolfSSL 15:117db924cf7c 8615 /* Find the pre-shared key extension if it exists. */
wolfSSL 15:117db924cf7c 8616 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 8617 if (extension == NULL) {
wolfSSL 15:117db924cf7c 8618 /* Push new pre-shared key extension. */
wolfSSL 15:117db924cf7c 8619 ret = TLSX_Push(&ssl->extensions, TLSX_PRE_SHARED_KEY, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 8620 if (ret != 0)
wolfSSL 15:117db924cf7c 8621 return ret;
wolfSSL 15:117db924cf7c 8622
wolfSSL 15:117db924cf7c 8623 extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
wolfSSL 15:117db924cf7c 8624 if (extension == NULL)
wolfSSL 15:117db924cf7c 8625 return MEMORY_E;
wolfSSL 15:117db924cf7c 8626 }
wolfSSL 15:117db924cf7c 8627
wolfSSL 15:117db924cf7c 8628 /* Try to find the pre-shared key with this identity. */
wolfSSL 15:117db924cf7c 8629 psk = (PreSharedKey*)extension->data;
wolfSSL 15:117db924cf7c 8630 while (psk != NULL) {
wolfSSL 15:117db924cf7c 8631 if ((psk->identityLen == len) &&
wolfSSL 15:117db924cf7c 8632 (XMEMCMP(psk->identity, identity, len) == 0)) {
wolfSSL 15:117db924cf7c 8633 break;
wolfSSL 15:117db924cf7c 8634 }
wolfSSL 15:117db924cf7c 8635 psk = psk->next;
wolfSSL 15:117db924cf7c 8636 }
wolfSSL 15:117db924cf7c 8637
wolfSSL 15:117db924cf7c 8638 /* Create a new pre-shared key object if not found. */
wolfSSL 15:117db924cf7c 8639 if (psk == NULL) {
wolfSSL 15:117db924cf7c 8640 ret = TLSX_PreSharedKey_New((PreSharedKey**)&extension->data, identity,
wolfSSL 15:117db924cf7c 8641 len, ssl->heap, &psk);
wolfSSL 15:117db924cf7c 8642 if (ret != 0)
wolfSSL 15:117db924cf7c 8643 return ret;
wolfSSL 15:117db924cf7c 8644 }
wolfSSL 15:117db924cf7c 8645
wolfSSL 15:117db924cf7c 8646 /* Update/set age and HMAC algorithm. */
wolfSSL 15:117db924cf7c 8647 psk->ticketAge = age;
wolfSSL 15:117db924cf7c 8648 psk->hmac = hmac;
wolfSSL 15:117db924cf7c 8649 psk->cipherSuite0 = cipherSuite0;
wolfSSL 15:117db924cf7c 8650 psk->cipherSuite = cipherSuite;
wolfSSL 15:117db924cf7c 8651 psk->resumption = resumption;
wolfSSL 15:117db924cf7c 8652 psk->binderLen = GetHmacLength(psk->hmac);
wolfSSL 15:117db924cf7c 8653
wolfSSL 15:117db924cf7c 8654 if (preSharedKey != NULL)
wolfSSL 15:117db924cf7c 8655 *preSharedKey = psk;
wolfSSL 15:117db924cf7c 8656
wolfSSL 15:117db924cf7c 8657 return 0;
wolfSSL 15:117db924cf7c 8658 }
wolfSSL 15:117db924cf7c 8659
wolfSSL 15:117db924cf7c 8660 #define PSK_FREE_ALL TLSX_PreSharedKey_FreeAll
wolfSSL 15:117db924cf7c 8661 #define PSK_GET_SIZE TLSX_PreSharedKey_GetSize
wolfSSL 15:117db924cf7c 8662 #define PSK_WRITE TLSX_PreSharedKey_Write
wolfSSL 15:117db924cf7c 8663 #define PSK_PARSE TLSX_PreSharedKey_Parse
wolfSSL 15:117db924cf7c 8664
wolfSSL 15:117db924cf7c 8665 #else
wolfSSL 15:117db924cf7c 8666
wolfSSL 15:117db924cf7c 8667 #define PSK_FREE_ALL(a, b)
wolfSSL 16:8e0d178b1d1e 8668 #define PSK_GET_SIZE(a, b, c) 0
wolfSSL 16:8e0d178b1d1e 8669 #define PSK_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8670 #define PSK_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8671
wolfSSL 15:117db924cf7c 8672 #endif
wolfSSL 15:117db924cf7c 8673
wolfSSL 15:117db924cf7c 8674 /******************************************************************************/
wolfSSL 15:117db924cf7c 8675 /* PSK Key Exchange Modes */
wolfSSL 15:117db924cf7c 8676 /******************************************************************************/
wolfSSL 15:117db924cf7c 8677
wolfSSL 15:117db924cf7c 8678 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 8679 /* Get the size of the encoded PSK KE modes extension.
wolfSSL 15:117db924cf7c 8680 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8681 *
wolfSSL 15:117db924cf7c 8682 * modes The PSK KE mode bit string.
wolfSSL 15:117db924cf7c 8683 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8684 * returns the number of bytes of the encoded PSK KE mode extension.
wolfSSL 15:117db924cf7c 8685 */
wolfSSL 16:8e0d178b1d1e 8686 static int TLSX_PskKeModes_GetSize(byte modes, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 8687 {
wolfSSL 15:117db924cf7c 8688 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8689 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 8690 word16 len = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 8691 /* Check whether each possible mode is to be written. */
wolfSSL 15:117db924cf7c 8692 if (modes & (1 << PSK_KE))
wolfSSL 15:117db924cf7c 8693 len += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 8694 if (modes & (1 << PSK_DHE_KE))
wolfSSL 15:117db924cf7c 8695 len += OPAQUE8_LEN;
wolfSSL 16:8e0d178b1d1e 8696 *pSz += len;
wolfSSL 16:8e0d178b1d1e 8697 return 0;
wolfSSL 15:117db924cf7c 8698 }
wolfSSL 15:117db924cf7c 8699
wolfSSL 15:117db924cf7c 8700 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8701 }
wolfSSL 15:117db924cf7c 8702
wolfSSL 15:117db924cf7c 8703 /* Writes the PSK KE modes extension into the output buffer.
wolfSSL 15:117db924cf7c 8704 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8705 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8706 *
wolfSSL 15:117db924cf7c 8707 * modes The PSK KE mode bit string.
wolfSSL 15:117db924cf7c 8708 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8709 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8710 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8711 */
wolfSSL 16:8e0d178b1d1e 8712 static int TLSX_PskKeModes_Write(byte modes, byte* output, byte msgType,
wolfSSL 16:8e0d178b1d1e 8713 word16* pSz)
wolfSSL 15:117db924cf7c 8714 {
wolfSSL 15:117db924cf7c 8715 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8716 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 8717 int idx = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 8718
wolfSSL 15:117db924cf7c 8719 /* Write out each possible mode. */
wolfSSL 15:117db924cf7c 8720 if (modes & (1 << PSK_KE))
wolfSSL 15:117db924cf7c 8721 output[idx++] = PSK_KE;
wolfSSL 15:117db924cf7c 8722 if (modes & (1 << PSK_DHE_KE))
wolfSSL 15:117db924cf7c 8723 output[idx++] = PSK_DHE_KE;
wolfSSL 15:117db924cf7c 8724 /* Write out length of mode list. */
wolfSSL 15:117db924cf7c 8725 output[0] = idx - OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 8726
wolfSSL 16:8e0d178b1d1e 8727 *pSz += idx;
wolfSSL 16:8e0d178b1d1e 8728 return 0;
wolfSSL 15:117db924cf7c 8729 }
wolfSSL 15:117db924cf7c 8730
wolfSSL 15:117db924cf7c 8731 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8732 }
wolfSSL 15:117db924cf7c 8733
wolfSSL 15:117db924cf7c 8734 /* Parse the PSK KE modes extension.
wolfSSL 15:117db924cf7c 8735 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8736 *
wolfSSL 15:117db924cf7c 8737 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8738 * input The extension data.
wolfSSL 15:117db924cf7c 8739 * length The length of the extension data.
wolfSSL 15:117db924cf7c 8740 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 8741 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8742 */
wolfSSL 15:117db924cf7c 8743 static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 8744 byte msgType)
wolfSSL 15:117db924cf7c 8745 {
wolfSSL 15:117db924cf7c 8746 int ret;
wolfSSL 15:117db924cf7c 8747
wolfSSL 15:117db924cf7c 8748 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8749 /* Format: Len | Modes* */
wolfSSL 15:117db924cf7c 8750 int idx = 0;
wolfSSL 16:8e0d178b1d1e 8751 word16 len;
wolfSSL 15:117db924cf7c 8752 byte modes = 0;
wolfSSL 15:117db924cf7c 8753
wolfSSL 15:117db924cf7c 8754 /* Ensure length byte exists. */
wolfSSL 15:117db924cf7c 8755 if (length < OPAQUE8_LEN)
wolfSSL 15:117db924cf7c 8756 return BUFFER_E;
wolfSSL 15:117db924cf7c 8757
wolfSSL 15:117db924cf7c 8758 /* Get length of mode list and ensure that is the only data. */
wolfSSL 15:117db924cf7c 8759 len = input[0];
wolfSSL 15:117db924cf7c 8760 if (length - OPAQUE8_LEN != len)
wolfSSL 15:117db924cf7c 8761 return BUFFER_E;
wolfSSL 15:117db924cf7c 8762
wolfSSL 15:117db924cf7c 8763 idx = OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 8764 /* Set a bit for each recognized modes. */
wolfSSL 15:117db924cf7c 8765 while (len > 0) {
wolfSSL 15:117db924cf7c 8766 /* Ignore unrecognized modes. */
wolfSSL 15:117db924cf7c 8767 if (input[idx] <= PSK_DHE_KE)
wolfSSL 15:117db924cf7c 8768 modes |= 1 << input[idx];
wolfSSL 15:117db924cf7c 8769 idx++;
wolfSSL 15:117db924cf7c 8770 len--;
wolfSSL 15:117db924cf7c 8771 }
wolfSSL 15:117db924cf7c 8772
wolfSSL 15:117db924cf7c 8773 ret = TLSX_PskKeModes_Use(ssl, modes);
wolfSSL 15:117db924cf7c 8774 if (ret != 0)
wolfSSL 15:117db924cf7c 8775 return ret;
wolfSSL 15:117db924cf7c 8776
wolfSSL 15:117db924cf7c 8777 return 0;
wolfSSL 15:117db924cf7c 8778 }
wolfSSL 15:117db924cf7c 8779
wolfSSL 15:117db924cf7c 8780 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8781 }
wolfSSL 15:117db924cf7c 8782
wolfSSL 15:117db924cf7c 8783 /* Use the data to create a new PSK Key Exchange Modes object in the extensions.
wolfSSL 15:117db924cf7c 8784 *
wolfSSL 15:117db924cf7c 8785 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8786 * modes The PSK key exchange modes.
wolfSSL 15:117db924cf7c 8787 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8788 */
wolfSSL 15:117db924cf7c 8789 int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes)
wolfSSL 15:117db924cf7c 8790 {
wolfSSL 15:117db924cf7c 8791 int ret = 0;
wolfSSL 15:117db924cf7c 8792 TLSX* extension;
wolfSSL 15:117db924cf7c 8793
wolfSSL 15:117db924cf7c 8794 /* Find the PSK key exchange modes extension if it exists. */
wolfSSL 15:117db924cf7c 8795 extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES);
wolfSSL 15:117db924cf7c 8796 if (extension == NULL) {
wolfSSL 15:117db924cf7c 8797 /* Push new PSK key exchange modes extension. */
wolfSSL 15:117db924cf7c 8798 ret = TLSX_Push(&ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES, NULL,
wolfSSL 15:117db924cf7c 8799 ssl->heap);
wolfSSL 15:117db924cf7c 8800 if (ret != 0)
wolfSSL 15:117db924cf7c 8801 return ret;
wolfSSL 15:117db924cf7c 8802
wolfSSL 15:117db924cf7c 8803 extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES);
wolfSSL 15:117db924cf7c 8804 if (extension == NULL)
wolfSSL 15:117db924cf7c 8805 return MEMORY_E;
wolfSSL 15:117db924cf7c 8806 }
wolfSSL 15:117db924cf7c 8807
wolfSSL 15:117db924cf7c 8808 extension->val = modes;
wolfSSL 15:117db924cf7c 8809
wolfSSL 15:117db924cf7c 8810 return 0;
wolfSSL 15:117db924cf7c 8811 }
wolfSSL 15:117db924cf7c 8812
wolfSSL 15:117db924cf7c 8813 #define PKM_GET_SIZE TLSX_PskKeModes_GetSize
wolfSSL 15:117db924cf7c 8814 #define PKM_WRITE TLSX_PskKeModes_Write
wolfSSL 15:117db924cf7c 8815 #define PKM_PARSE TLSX_PskKeModes_Parse
wolfSSL 15:117db924cf7c 8816
wolfSSL 15:117db924cf7c 8817 #else
wolfSSL 15:117db924cf7c 8818
wolfSSL 16:8e0d178b1d1e 8819 #define PKM_GET_SIZE(a, b, c) 0
wolfSSL 16:8e0d178b1d1e 8820 #define PKM_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8821 #define PKM_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8822
wolfSSL 15:117db924cf7c 8823 #endif
wolfSSL 15:117db924cf7c 8824
wolfSSL 15:117db924cf7c 8825 /******************************************************************************/
wolfSSL 15:117db924cf7c 8826 /* Post-Handshake Authentication */
wolfSSL 15:117db924cf7c 8827 /******************************************************************************/
wolfSSL 15:117db924cf7c 8828
wolfSSL 15:117db924cf7c 8829 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 16:8e0d178b1d1e 8830 /* Get the size of the encoded Post-Handshake Authentication extension.
wolfSSL 15:117db924cf7c 8831 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8832 *
wolfSSL 15:117db924cf7c 8833 * msgType The type of the message this extension is being written into.
wolfSSL 16:8e0d178b1d1e 8834 * returns the number of bytes of the encoded Post-Handshake Authentication
wolfSSL 15:117db924cf7c 8835 * extension.
wolfSSL 15:117db924cf7c 8836 */
wolfSSL 16:8e0d178b1d1e 8837 static int TLSX_PostHandAuth_GetSize(byte msgType, word16* pSz)
wolfSSL 16:8e0d178b1d1e 8838 {
wolfSSL 16:8e0d178b1d1e 8839 if (msgType == client_hello) {
wolfSSL 16:8e0d178b1d1e 8840 *pSz += 0;
wolfSSL 15:117db924cf7c 8841 return 0;
wolfSSL 16:8e0d178b1d1e 8842 }
wolfSSL 15:117db924cf7c 8843
wolfSSL 15:117db924cf7c 8844 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8845 }
wolfSSL 15:117db924cf7c 8846
wolfSSL 15:117db924cf7c 8847 /* Writes the Post-Handshake Authentication extension into the output buffer.
wolfSSL 15:117db924cf7c 8848 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8849 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8850 *
wolfSSL 15:117db924cf7c 8851 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8852 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8853 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8854 */
wolfSSL 16:8e0d178b1d1e 8855 static int TLSX_PostHandAuth_Write(byte* output, byte msgType, word16* pSz)
wolfSSL 15:117db924cf7c 8856 {
wolfSSL 15:117db924cf7c 8857 (void)output;
wolfSSL 15:117db924cf7c 8858
wolfSSL 16:8e0d178b1d1e 8859 if (msgType == client_hello) {
wolfSSL 16:8e0d178b1d1e 8860 *pSz += 0;
wolfSSL 15:117db924cf7c 8861 return 0;
wolfSSL 16:8e0d178b1d1e 8862 }
wolfSSL 15:117db924cf7c 8863
wolfSSL 15:117db924cf7c 8864 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8865 }
wolfSSL 15:117db924cf7c 8866
wolfSSL 15:117db924cf7c 8867 /* Parse the Post-Handshake Authentication extension.
wolfSSL 15:117db924cf7c 8868 * Only in ClientHello.
wolfSSL 15:117db924cf7c 8869 *
wolfSSL 15:117db924cf7c 8870 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8871 * input The extension data.
wolfSSL 15:117db924cf7c 8872 * length The length of the extension data.
wolfSSL 15:117db924cf7c 8873 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 8874 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8875 */
wolfSSL 15:117db924cf7c 8876 static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 8877 byte msgType)
wolfSSL 15:117db924cf7c 8878 {
wolfSSL 15:117db924cf7c 8879 (void)input;
wolfSSL 15:117db924cf7c 8880
wolfSSL 15:117db924cf7c 8881 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8882 /* Ensure extension is empty. */
wolfSSL 15:117db924cf7c 8883 if (length != 0)
wolfSSL 15:117db924cf7c 8884 return BUFFER_E;
wolfSSL 15:117db924cf7c 8885
wolfSSL 15:117db924cf7c 8886 ssl->options.postHandshakeAuth = 1;
wolfSSL 15:117db924cf7c 8887 return 0;
wolfSSL 15:117db924cf7c 8888 }
wolfSSL 15:117db924cf7c 8889
wolfSSL 15:117db924cf7c 8890 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8891 }
wolfSSL 15:117db924cf7c 8892
wolfSSL 15:117db924cf7c 8893 /* Create a new Post-handshake authentication object in the extensions.
wolfSSL 15:117db924cf7c 8894 *
wolfSSL 15:117db924cf7c 8895 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8896 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8897 */
wolfSSL 15:117db924cf7c 8898 static int TLSX_PostHandAuth_Use(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 8899 {
wolfSSL 15:117db924cf7c 8900 int ret = 0;
wolfSSL 15:117db924cf7c 8901 TLSX* extension;
wolfSSL 15:117db924cf7c 8902
wolfSSL 15:117db924cf7c 8903 /* Find the PSK key exchange modes extension if it exists. */
wolfSSL 15:117db924cf7c 8904 extension = TLSX_Find(ssl->extensions, TLSX_POST_HANDSHAKE_AUTH);
wolfSSL 15:117db924cf7c 8905 if (extension == NULL) {
wolfSSL 15:117db924cf7c 8906 /* Push new Post-handshake Authentication extension. */
wolfSSL 15:117db924cf7c 8907 ret = TLSX_Push(&ssl->extensions, TLSX_POST_HANDSHAKE_AUTH, NULL,
wolfSSL 15:117db924cf7c 8908 ssl->heap);
wolfSSL 15:117db924cf7c 8909 if (ret != 0)
wolfSSL 15:117db924cf7c 8910 return ret;
wolfSSL 15:117db924cf7c 8911 }
wolfSSL 15:117db924cf7c 8912
wolfSSL 15:117db924cf7c 8913 return 0;
wolfSSL 15:117db924cf7c 8914 }
wolfSSL 15:117db924cf7c 8915
wolfSSL 15:117db924cf7c 8916 #define PHA_GET_SIZE TLSX_PostHandAuth_GetSize
wolfSSL 15:117db924cf7c 8917 #define PHA_WRITE TLSX_PostHandAuth_Write
wolfSSL 15:117db924cf7c 8918 #define PHA_PARSE TLSX_PostHandAuth_Parse
wolfSSL 15:117db924cf7c 8919
wolfSSL 15:117db924cf7c 8920 #else
wolfSSL 15:117db924cf7c 8921
wolfSSL 16:8e0d178b1d1e 8922 #define PHA_GET_SIZE(a, b) 0
wolfSSL 16:8e0d178b1d1e 8923 #define PHA_WRITE(a, b, c) 0
wolfSSL 15:117db924cf7c 8924 #define PHA_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 8925
wolfSSL 15:117db924cf7c 8926 #endif
wolfSSL 15:117db924cf7c 8927
wolfSSL 15:117db924cf7c 8928 /******************************************************************************/
wolfSSL 15:117db924cf7c 8929 /* Early Data Indication */
wolfSSL 15:117db924cf7c 8930 /******************************************************************************/
wolfSSL 15:117db924cf7c 8931
wolfSSL 15:117db924cf7c 8932 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 8933 /* Get the size of the encoded Early Data Indication extension.
wolfSSL 15:117db924cf7c 8934 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8935 *
wolfSSL 15:117db924cf7c 8936 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8937 * returns the number of bytes of the encoded Early Data Indication extension.
wolfSSL 15:117db924cf7c 8938 */
wolfSSL 16:8e0d178b1d1e 8939 static int TLSX_EarlyData_GetSize(byte msgType, word16* pSz)
wolfSSL 16:8e0d178b1d1e 8940 {
wolfSSL 16:8e0d178b1d1e 8941 int ret = 0;
wolfSSL 16:8e0d178b1d1e 8942
wolfSSL 15:117db924cf7c 8943 if (msgType == client_hello || msgType == encrypted_extensions)
wolfSSL 16:8e0d178b1d1e 8944 *pSz += 0;
wolfSSL 16:8e0d178b1d1e 8945 else if (msgType == session_ticket)
wolfSSL 16:8e0d178b1d1e 8946 *pSz += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 8947 else
wolfSSL 16:8e0d178b1d1e 8948 ret = SANITY_MSG_E;
wolfSSL 16:8e0d178b1d1e 8949
wolfSSL 16:8e0d178b1d1e 8950 return ret;
wolfSSL 15:117db924cf7c 8951 }
wolfSSL 15:117db924cf7c 8952
wolfSSL 15:117db924cf7c 8953 /* Writes the Early Data Indicator extension into the output buffer.
wolfSSL 15:117db924cf7c 8954 * Assumes that the the output buffer is big enough to hold data.
wolfSSL 15:117db924cf7c 8955 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8956 *
wolfSSL 15:117db924cf7c 8957 * max The maximum early data size.
wolfSSL 15:117db924cf7c 8958 * output The buffer to write into.
wolfSSL 15:117db924cf7c 8959 * msgType The type of the message this extension is being written into.
wolfSSL 15:117db924cf7c 8960 * returns the number of bytes written into the buffer.
wolfSSL 15:117db924cf7c 8961 */
wolfSSL 16:8e0d178b1d1e 8962 static int TLSX_EarlyData_Write(word32 max, byte* output, byte msgType,
wolfSSL 16:8e0d178b1d1e 8963 word16* pSz)
wolfSSL 16:8e0d178b1d1e 8964 {
wolfSSL 16:8e0d178b1d1e 8965 if (msgType == client_hello || msgType == encrypted_extensions)
wolfSSL 15:117db924cf7c 8966 return 0;
wolfSSL 16:8e0d178b1d1e 8967 else if (msgType == session_ticket) {
wolfSSL 15:117db924cf7c 8968 c32toa(max, output);
wolfSSL 16:8e0d178b1d1e 8969 *pSz += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 8970 return 0;
wolfSSL 15:117db924cf7c 8971 }
wolfSSL 15:117db924cf7c 8972
wolfSSL 15:117db924cf7c 8973 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 8974 }
wolfSSL 15:117db924cf7c 8975
wolfSSL 15:117db924cf7c 8976 /* Parse the Early Data Indicator extension.
wolfSSL 15:117db924cf7c 8977 * In messages: ClientHello, EncryptedExtensions and NewSessionTicket.
wolfSSL 15:117db924cf7c 8978 *
wolfSSL 15:117db924cf7c 8979 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 8980 * input The extension data.
wolfSSL 15:117db924cf7c 8981 * length The length of the extension data.
wolfSSL 15:117db924cf7c 8982 * msgType The type of the message this extension is being parsed from.
wolfSSL 15:117db924cf7c 8983 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 8984 */
wolfSSL 15:117db924cf7c 8985 static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 15:117db924cf7c 8986 byte msgType)
wolfSSL 15:117db924cf7c 8987 {
wolfSSL 15:117db924cf7c 8988 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 8989 if (length != 0)
wolfSSL 15:117db924cf7c 8990 return BUFFER_E;
wolfSSL 15:117db924cf7c 8991
wolfSSL 16:8e0d178b1d1e 8992 if (ssl->earlyData == expecting_early_data)
wolfSSL 16:8e0d178b1d1e 8993 return TLSX_EarlyData_Use(ssl, 0);
wolfSSL 16:8e0d178b1d1e 8994 ssl->earlyData = early_data_ext;
wolfSSL 16:8e0d178b1d1e 8995 return 0;
wolfSSL 15:117db924cf7c 8996 }
wolfSSL 15:117db924cf7c 8997 if (msgType == encrypted_extensions) {
wolfSSL 15:117db924cf7c 8998 if (length != 0)
wolfSSL 15:117db924cf7c 8999 return BUFFER_E;
wolfSSL 15:117db924cf7c 9000
wolfSSL 15:117db924cf7c 9001 /* Ensure the index of PSK identity chosen by server is 0.
wolfSSL 15:117db924cf7c 9002 * Index is plus one to handle 'not set' value of 0.
wolfSSL 15:117db924cf7c 9003 */
wolfSSL 15:117db924cf7c 9004 if (ssl->options.pskIdIndex != 1)
wolfSSL 15:117db924cf7c 9005 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 9006
wolfSSL 15:117db924cf7c 9007 return TLSX_EarlyData_Use(ssl, 1);
wolfSSL 15:117db924cf7c 9008 }
wolfSSL 15:117db924cf7c 9009 if (msgType == session_ticket) {
wolfSSL 16:8e0d178b1d1e 9010 word32 maxSz;
wolfSSL 15:117db924cf7c 9011
wolfSSL 15:117db924cf7c 9012 if (length != OPAQUE32_LEN)
wolfSSL 15:117db924cf7c 9013 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 9014 ato32(input, &maxSz);
wolfSSL 16:8e0d178b1d1e 9015
wolfSSL 16:8e0d178b1d1e 9016 ssl->session.maxEarlyDataSz = maxSz;
wolfSSL 15:117db924cf7c 9017 return 0;
wolfSSL 15:117db924cf7c 9018 }
wolfSSL 15:117db924cf7c 9019
wolfSSL 15:117db924cf7c 9020 return SANITY_MSG_E;
wolfSSL 15:117db924cf7c 9021 }
wolfSSL 15:117db924cf7c 9022
wolfSSL 15:117db924cf7c 9023 /* Use the data to create a new Early Data object in the extensions.
wolfSSL 15:117db924cf7c 9024 *
wolfSSL 15:117db924cf7c 9025 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 9026 * max The maximum early data size.
wolfSSL 15:117db924cf7c 9027 * returns 0 on success and other values indicate failure.
wolfSSL 15:117db924cf7c 9028 */
wolfSSL 15:117db924cf7c 9029 int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max)
wolfSSL 15:117db924cf7c 9030 {
wolfSSL 15:117db924cf7c 9031 int ret = 0;
wolfSSL 15:117db924cf7c 9032 TLSX* extension;
wolfSSL 15:117db924cf7c 9033
wolfSSL 15:117db924cf7c 9034 /* Find the early data extension if it exists. */
wolfSSL 15:117db924cf7c 9035 extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA);
wolfSSL 15:117db924cf7c 9036 if (extension == NULL) {
wolfSSL 15:117db924cf7c 9037 /* Push new early data extension. */
wolfSSL 15:117db924cf7c 9038 ret = TLSX_Push(&ssl->extensions, TLSX_EARLY_DATA, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 9039 if (ret != 0)
wolfSSL 15:117db924cf7c 9040 return ret;
wolfSSL 15:117db924cf7c 9041
wolfSSL 15:117db924cf7c 9042 extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA);
wolfSSL 15:117db924cf7c 9043 if (extension == NULL)
wolfSSL 15:117db924cf7c 9044 return MEMORY_E;
wolfSSL 15:117db924cf7c 9045 }
wolfSSL 15:117db924cf7c 9046
wolfSSL 15:117db924cf7c 9047 extension->resp = 1;
wolfSSL 15:117db924cf7c 9048 extension->val = max;
wolfSSL 15:117db924cf7c 9049
wolfSSL 15:117db924cf7c 9050 return 0;
wolfSSL 15:117db924cf7c 9051 }
wolfSSL 15:117db924cf7c 9052
wolfSSL 15:117db924cf7c 9053 #define EDI_GET_SIZE TLSX_EarlyData_GetSize
wolfSSL 15:117db924cf7c 9054 #define EDI_WRITE TLSX_EarlyData_Write
wolfSSL 15:117db924cf7c 9055 #define EDI_PARSE TLSX_EarlyData_Parse
wolfSSL 15:117db924cf7c 9056
wolfSSL 15:117db924cf7c 9057 #else
wolfSSL 15:117db924cf7c 9058
wolfSSL 16:8e0d178b1d1e 9059 #define EDI_GET_SIZE(a, b) 0
wolfSSL 16:8e0d178b1d1e 9060 #define EDI_WRITE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 9061 #define EDI_PARSE(a, b, c, d) 0
wolfSSL 15:117db924cf7c 9062
wolfSSL 15:117db924cf7c 9063 #endif
wolfSSL 15:117db924cf7c 9064
wolfSSL 15:117db924cf7c 9065 /******************************************************************************/
wolfSSL 15:117db924cf7c 9066 /* TLS Extensions Framework */
wolfSSL 15:117db924cf7c 9067 /******************************************************************************/
wolfSSL 15:117db924cf7c 9068
wolfSSL 15:117db924cf7c 9069 /** Finds an extension in the provided list. */
wolfSSL 15:117db924cf7c 9070 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL 15:117db924cf7c 9071 {
wolfSSL 15:117db924cf7c 9072 TLSX* extension = list;
wolfSSL 15:117db924cf7c 9073
wolfSSL 15:117db924cf7c 9074 while (extension && extension->type != type)
wolfSSL 15:117db924cf7c 9075 extension = extension->next;
wolfSSL 15:117db924cf7c 9076
wolfSSL 15:117db924cf7c 9077 return extension;
wolfSSL 15:117db924cf7c 9078 }
wolfSSL 15:117db924cf7c 9079
wolfSSL 15:117db924cf7c 9080 /** Remove an extension. */
wolfSSL 15:117db924cf7c 9081 void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap)
wolfSSL 15:117db924cf7c 9082 {
wolfSSL 15:117db924cf7c 9083 TLSX* extension = *list;
wolfSSL 15:117db924cf7c 9084 TLSX** next = list;
wolfSSL 15:117db924cf7c 9085
wolfSSL 15:117db924cf7c 9086 while (extension && extension->type != type) {
wolfSSL 15:117db924cf7c 9087 next = &extension->next;
wolfSSL 15:117db924cf7c 9088 extension = extension->next;
wolfSSL 15:117db924cf7c 9089 }
wolfSSL 15:117db924cf7c 9090
wolfSSL 15:117db924cf7c 9091 if (extension) {
wolfSSL 15:117db924cf7c 9092 *next = extension->next;
wolfSSL 15:117db924cf7c 9093 extension->next = NULL;
wolfSSL 15:117db924cf7c 9094 TLSX_FreeAll(extension, heap);
wolfSSL 15:117db924cf7c 9095 }
wolfSSL 15:117db924cf7c 9096 }
wolfSSL 15:117db924cf7c 9097
wolfSSL 15:117db924cf7c 9098 /** Releases all extensions in the provided list. */
wolfSSL 15:117db924cf7c 9099 void TLSX_FreeAll(TLSX* list, void* heap)
wolfSSL 15:117db924cf7c 9100 {
wolfSSL 15:117db924cf7c 9101 TLSX* extension;
wolfSSL 15:117db924cf7c 9102
wolfSSL 15:117db924cf7c 9103 while ((extension = list)) {
wolfSSL 15:117db924cf7c 9104 list = extension->next;
wolfSSL 15:117db924cf7c 9105
wolfSSL 15:117db924cf7c 9106 switch (extension->type) {
wolfSSL 15:117db924cf7c 9107
wolfSSL 15:117db924cf7c 9108 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 9109 SNI_FREE_ALL((SNI*)extension->data, heap);
wolfSSL 15:117db924cf7c 9110 break;
wolfSSL 15:117db924cf7c 9111
wolfSSL 16:8e0d178b1d1e 9112 case TLSX_TRUSTED_CA_KEYS:
wolfSSL 16:8e0d178b1d1e 9113 TCA_FREE_ALL((TCA*)extension->data, heap);
wolfSSL 16:8e0d178b1d1e 9114 break;
wolfSSL 16:8e0d178b1d1e 9115
wolfSSL 15:117db924cf7c 9116 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 9117 MFL_FREE_ALL(extension->data, heap);
wolfSSL 15:117db924cf7c 9118 break;
wolfSSL 15:117db924cf7c 9119
wolfSSL 15:117db924cf7c 9120 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 9121 /* Nothing to do. */
wolfSSL 15:117db924cf7c 9122 break;
wolfSSL 15:117db924cf7c 9123
wolfSSL 15:117db924cf7c 9124 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 9125 EC_FREE_ALL((SupportedCurve*)extension->data, heap);
wolfSSL 15:117db924cf7c 9126 break;
wolfSSL 15:117db924cf7c 9127
wolfSSL 15:117db924cf7c 9128 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 9129 PF_FREE_ALL((PointFormat*)extension->data, heap);
wolfSSL 15:117db924cf7c 9130 break;
wolfSSL 15:117db924cf7c 9131
wolfSSL 15:117db924cf7c 9132 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 9133 CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
wolfSSL 15:117db924cf7c 9134 break;
wolfSSL 15:117db924cf7c 9135
wolfSSL 15:117db924cf7c 9136 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 9137 CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 9138 heap);
wolfSSL 15:117db924cf7c 9139 break;
wolfSSL 15:117db924cf7c 9140
wolfSSL 15:117db924cf7c 9141 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 9142 SCR_FREE_ALL(extension->data, heap);
wolfSSL 15:117db924cf7c 9143 break;
wolfSSL 15:117db924cf7c 9144
wolfSSL 15:117db924cf7c 9145 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 9146 WOLF_STK_FREE(extension->data, heap);
wolfSSL 15:117db924cf7c 9147 break;
wolfSSL 15:117db924cf7c 9148
wolfSSL 15:117db924cf7c 9149 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 9150 QSH_FREE_ALL((QSHScheme*)extension->data, heap);
wolfSSL 15:117db924cf7c 9151 break;
wolfSSL 15:117db924cf7c 9152
wolfSSL 15:117db924cf7c 9153 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 9154 ALPN_FREE_ALL((ALPN*)extension->data, heap);
wolfSSL 15:117db924cf7c 9155 break;
wolfSSL 16:8e0d178b1d1e 9156 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 9157 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 9158 break;
wolfSSL 16:8e0d178b1d1e 9159 #endif
wolfSSL 16:8e0d178b1d1e 9160 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 9161 case TLSX_ENCRYPT_THEN_MAC:
wolfSSL 16:8e0d178b1d1e 9162 break;
wolfSSL 16:8e0d178b1d1e 9163 #endif
wolfSSL 15:117db924cf7c 9164 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9165 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 9166 break;
wolfSSL 15:117db924cf7c 9167
wolfSSL 15:117db924cf7c 9168 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 9169 CKE_FREE_ALL((Cookie*)extension->data, heap);
wolfSSL 15:117db924cf7c 9170 break;
wolfSSL 15:117db924cf7c 9171
wolfSSL 15:117db924cf7c 9172 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9173 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 9174 PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
wolfSSL 15:117db924cf7c 9175 break;
wolfSSL 15:117db924cf7c 9176
wolfSSL 15:117db924cf7c 9177 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 9178 break;
wolfSSL 15:117db924cf7c 9179 #endif
wolfSSL 15:117db924cf7c 9180
wolfSSL 15:117db924cf7c 9181 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9182 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 9183 break;
wolfSSL 15:117db924cf7c 9184 #endif
wolfSSL 15:117db924cf7c 9185
wolfSSL 15:117db924cf7c 9186 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9187 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 9188 break;
wolfSSL 15:117db924cf7c 9189 #endif
wolfSSL 15:117db924cf7c 9190
wolfSSL 15:117db924cf7c 9191 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 9192 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 9193 break;
wolfSSL 15:117db924cf7c 9194 #endif
wolfSSL 15:117db924cf7c 9195
wolfSSL 15:117db924cf7c 9196 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 9197 KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
wolfSSL 15:117db924cf7c 9198 break;
wolfSSL 15:117db924cf7c 9199 #endif
wolfSSL 15:117db924cf7c 9200 }
wolfSSL 15:117db924cf7c 9201
wolfSSL 15:117db924cf7c 9202 XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 9203 }
wolfSSL 15:117db924cf7c 9204
wolfSSL 15:117db924cf7c 9205 (void)heap;
wolfSSL 15:117db924cf7c 9206 }
wolfSSL 15:117db924cf7c 9207
wolfSSL 15:117db924cf7c 9208 /** Checks if the tls extensions are supported based on the protocol version. */
wolfSSL 15:117db924cf7c 9209 int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL 15:117db924cf7c 9210 return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
wolfSSL 15:117db924cf7c 9211 }
wolfSSL 15:117db924cf7c 9212
wolfSSL 15:117db924cf7c 9213 /** Tells the buffered size of the extensions in a list. */
wolfSSL 16:8e0d178b1d1e 9214 static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
wolfSSL 16:8e0d178b1d1e 9215 word16* pLength)
wolfSSL 15:117db924cf7c 9216 {
wolfSSL 15:117db924cf7c 9217 int ret = 0;
wolfSSL 15:117db924cf7c 9218 TLSX* extension;
wolfSSL 15:117db924cf7c 9219 word16 length = 0;
wolfSSL 15:117db924cf7c 9220 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 9221 msgType == certificate_request);
wolfSSL 15:117db924cf7c 9222
wolfSSL 15:117db924cf7c 9223 while ((extension = list)) {
wolfSSL 15:117db924cf7c 9224 list = extension->next;
wolfSSL 15:117db924cf7c 9225
wolfSSL 15:117db924cf7c 9226 /* only extensions marked as response are sent back to the client. */
wolfSSL 15:117db924cf7c 9227 if (!isRequest && !extension->resp)
wolfSSL 15:117db924cf7c 9228 continue; /* skip! */
wolfSSL 15:117db924cf7c 9229
wolfSSL 15:117db924cf7c 9230 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 15:117db924cf7c 9231 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 15:117db924cf7c 9232 continue; /* skip! */
wolfSSL 15:117db924cf7c 9233
wolfSSL 15:117db924cf7c 9234 /* extension type + extension data length. */
wolfSSL 15:117db924cf7c 9235 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 9236
wolfSSL 15:117db924cf7c 9237
wolfSSL 15:117db924cf7c 9238 switch (extension->type) {
wolfSSL 15:117db924cf7c 9239
wolfSSL 15:117db924cf7c 9240 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 9241 /* SNI only sends the name on the request. */
wolfSSL 15:117db924cf7c 9242 if (isRequest)
wolfSSL 15:117db924cf7c 9243 length += SNI_GET_SIZE((SNI*)extension->data);
wolfSSL 15:117db924cf7c 9244 break;
wolfSSL 15:117db924cf7c 9245
wolfSSL 16:8e0d178b1d1e 9246 case TLSX_TRUSTED_CA_KEYS:
wolfSSL 16:8e0d178b1d1e 9247 /* TCA only sends the list on the request. */
wolfSSL 16:8e0d178b1d1e 9248 if (isRequest)
wolfSSL 16:8e0d178b1d1e 9249 length += TCA_GET_SIZE((TCA*)extension->data);
wolfSSL 16:8e0d178b1d1e 9250 break;
wolfSSL 16:8e0d178b1d1e 9251
wolfSSL 15:117db924cf7c 9252 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 9253 length += MFL_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 9254 break;
wolfSSL 15:117db924cf7c 9255
wolfSSL 15:117db924cf7c 9256 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 9257 /* always empty. */
wolfSSL 15:117db924cf7c 9258 break;
wolfSSL 15:117db924cf7c 9259
wolfSSL 15:117db924cf7c 9260 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 9261 length += EC_GET_SIZE((SupportedCurve*)extension->data);
wolfSSL 15:117db924cf7c 9262 break;
wolfSSL 15:117db924cf7c 9263
wolfSSL 15:117db924cf7c 9264 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 9265 length += PF_GET_SIZE((PointFormat*)extension->data);
wolfSSL 15:117db924cf7c 9266 break;
wolfSSL 15:117db924cf7c 9267
wolfSSL 15:117db924cf7c 9268 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 9269 length += CSR_GET_SIZE(
wolfSSL 15:117db924cf7c 9270 (CertificateStatusRequest*)extension->data, isRequest);
wolfSSL 15:117db924cf7c 9271 break;
wolfSSL 15:117db924cf7c 9272
wolfSSL 15:117db924cf7c 9273 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 9274 length += CSR2_GET_SIZE(
wolfSSL 15:117db924cf7c 9275 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 9276 isRequest);
wolfSSL 15:117db924cf7c 9277 break;
wolfSSL 15:117db924cf7c 9278
wolfSSL 15:117db924cf7c 9279 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 9280 length += SCR_GET_SIZE((SecureRenegotiation*)extension->data,
wolfSSL 15:117db924cf7c 9281 isRequest);
wolfSSL 15:117db924cf7c 9282 break;
wolfSSL 15:117db924cf7c 9283
wolfSSL 15:117db924cf7c 9284 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 9285 length += WOLF_STK_GET_SIZE((SessionTicket*)extension->data,
wolfSSL 15:117db924cf7c 9286 isRequest);
wolfSSL 15:117db924cf7c 9287 break;
wolfSSL 15:117db924cf7c 9288
wolfSSL 15:117db924cf7c 9289 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 9290 length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest);
wolfSSL 15:117db924cf7c 9291 break;
wolfSSL 15:117db924cf7c 9292
wolfSSL 15:117db924cf7c 9293 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 9294 length += ALPN_GET_SIZE((ALPN*)extension->data);
wolfSSL 15:117db924cf7c 9295 break;
wolfSSL 16:8e0d178b1d1e 9296 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 9297 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 9298 length += SA_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 9299 break;
wolfSSL 16:8e0d178b1d1e 9300 #endif
wolfSSL 16:8e0d178b1d1e 9301 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 9302 case TLSX_ENCRYPT_THEN_MAC:
wolfSSL 16:8e0d178b1d1e 9303 ret = ETM_GET_SIZE(msgType, &length);
wolfSSL 16:8e0d178b1d1e 9304 break;
wolfSSL 16:8e0d178b1d1e 9305 #endif /* HAVE_ENCRYPT_THEN_MAC */
wolfSSL 15:117db924cf7c 9306 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9307 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 9308 ret = SV_GET_SIZE(extension->data, msgType, &length);
wolfSSL 15:117db924cf7c 9309 break;
wolfSSL 15:117db924cf7c 9310
wolfSSL 15:117db924cf7c 9311 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 9312 ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length);
wolfSSL 15:117db924cf7c 9313 break;
wolfSSL 15:117db924cf7c 9314
wolfSSL 15:117db924cf7c 9315 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9316 case TLSX_PRE_SHARED_KEY:
wolfSSL 16:8e0d178b1d1e 9317 ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
wolfSSL 16:8e0d178b1d1e 9318 &length);
wolfSSL 15:117db924cf7c 9319 break;
wolfSSL 15:117db924cf7c 9320
wolfSSL 15:117db924cf7c 9321 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 16:8e0d178b1d1e 9322 ret = PKM_GET_SIZE(extension->val, msgType, &length);
wolfSSL 15:117db924cf7c 9323 break;
wolfSSL 15:117db924cf7c 9324 #endif
wolfSSL 15:117db924cf7c 9325
wolfSSL 15:117db924cf7c 9326 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9327 case TLSX_EARLY_DATA:
wolfSSL 16:8e0d178b1d1e 9328 ret = EDI_GET_SIZE(msgType, &length);
wolfSSL 15:117db924cf7c 9329 break;
wolfSSL 15:117db924cf7c 9330 #endif
wolfSSL 15:117db924cf7c 9331
wolfSSL 15:117db924cf7c 9332 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9333 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 16:8e0d178b1d1e 9334 ret = PHA_GET_SIZE(msgType, &length);
wolfSSL 15:117db924cf7c 9335 break;
wolfSSL 15:117db924cf7c 9336 #endif
wolfSSL 15:117db924cf7c 9337
wolfSSL 15:117db924cf7c 9338 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 9339 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 9340 length += SAC_GET_SIZE(extension->data);
wolfSSL 15:117db924cf7c 9341 break;
wolfSSL 15:117db924cf7c 9342 #endif
wolfSSL 15:117db924cf7c 9343
wolfSSL 15:117db924cf7c 9344 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 9345 length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
wolfSSL 15:117db924cf7c 9346 break;
wolfSSL 15:117db924cf7c 9347 #endif
wolfSSL 15:117db924cf7c 9348 }
wolfSSL 15:117db924cf7c 9349
wolfSSL 15:117db924cf7c 9350 /* marks the extension as processed so ctx level */
wolfSSL 15:117db924cf7c 9351 /* extensions don't overlap with ssl level ones. */
wolfSSL 15:117db924cf7c 9352 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 15:117db924cf7c 9353 }
wolfSSL 15:117db924cf7c 9354
wolfSSL 15:117db924cf7c 9355 *pLength += length;
wolfSSL 15:117db924cf7c 9356
wolfSSL 15:117db924cf7c 9357 return ret;
wolfSSL 15:117db924cf7c 9358 }
wolfSSL 15:117db924cf7c 9359
wolfSSL 15:117db924cf7c 9360 /** Writes the extensions of a list in a buffer. */
wolfSSL 15:117db924cf7c 9361 static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL 15:117db924cf7c 9362 byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 9363 {
wolfSSL 15:117db924cf7c 9364 int ret = 0;
wolfSSL 15:117db924cf7c 9365 TLSX* extension;
wolfSSL 15:117db924cf7c 9366 word16 offset = 0;
wolfSSL 15:117db924cf7c 9367 word16 length_offset = 0;
wolfSSL 15:117db924cf7c 9368 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 9369 msgType == certificate_request);
wolfSSL 15:117db924cf7c 9370
wolfSSL 15:117db924cf7c 9371 while ((extension = list)) {
wolfSSL 15:117db924cf7c 9372 list = extension->next;
wolfSSL 15:117db924cf7c 9373
wolfSSL 15:117db924cf7c 9374 /* only extensions marked as response are written in a response. */
wolfSSL 15:117db924cf7c 9375 if (!isRequest && !extension->resp)
wolfSSL 15:117db924cf7c 9376 continue; /* skip! */
wolfSSL 15:117db924cf7c 9377
wolfSSL 15:117db924cf7c 9378 /* ssl level extensions are expected to override ctx level ones. */
wolfSSL 15:117db924cf7c 9379 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 15:117db924cf7c 9380 continue; /* skip! */
wolfSSL 15:117db924cf7c 9381
wolfSSL 15:117db924cf7c 9382 /* writes extension type. */
wolfSSL 15:117db924cf7c 9383 c16toa(extension->type, output + offset);
wolfSSL 15:117db924cf7c 9384 offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 9385 length_offset = offset;
wolfSSL 15:117db924cf7c 9386
wolfSSL 15:117db924cf7c 9387 /* extension data should be written internally. */
wolfSSL 15:117db924cf7c 9388 switch (extension->type) {
wolfSSL 15:117db924cf7c 9389 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 9390 if (isRequest) {
wolfSSL 15:117db924cf7c 9391 WOLFSSL_MSG("SNI extension to write");
wolfSSL 15:117db924cf7c 9392 offset += SNI_WRITE((SNI*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 9393 }
wolfSSL 15:117db924cf7c 9394 break;
wolfSSL 15:117db924cf7c 9395
wolfSSL 16:8e0d178b1d1e 9396 case TLSX_TRUSTED_CA_KEYS:
wolfSSL 16:8e0d178b1d1e 9397 WOLFSSL_MSG("Trusted CA Indication extension to write");
wolfSSL 16:8e0d178b1d1e 9398 if (isRequest) {
wolfSSL 16:8e0d178b1d1e 9399 offset += TCA_WRITE((TCA*)extension->data, output + offset);
wolfSSL 16:8e0d178b1d1e 9400 }
wolfSSL 16:8e0d178b1d1e 9401 break;
wolfSSL 16:8e0d178b1d1e 9402
wolfSSL 15:117db924cf7c 9403 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 9404 WOLFSSL_MSG("Max Fragment Length extension to write");
wolfSSL 15:117db924cf7c 9405 offset += MFL_WRITE((byte*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 9406 break;
wolfSSL 15:117db924cf7c 9407
wolfSSL 15:117db924cf7c 9408 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 9409 WOLFSSL_MSG("Truncated HMAC extension to write");
wolfSSL 15:117db924cf7c 9410 /* always empty. */
wolfSSL 15:117db924cf7c 9411 break;
wolfSSL 15:117db924cf7c 9412
wolfSSL 15:117db924cf7c 9413 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 9414 WOLFSSL_MSG("Supported Groups extension to write");
wolfSSL 15:117db924cf7c 9415 offset += EC_WRITE((SupportedCurve*)extension->data,
wolfSSL 15:117db924cf7c 9416 output + offset);
wolfSSL 15:117db924cf7c 9417 break;
wolfSSL 15:117db924cf7c 9418
wolfSSL 15:117db924cf7c 9419 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 9420 WOLFSSL_MSG("Point Formats extension to write");
wolfSSL 15:117db924cf7c 9421 offset += PF_WRITE((PointFormat*)extension->data,
wolfSSL 15:117db924cf7c 9422 output + offset);
wolfSSL 15:117db924cf7c 9423 break;
wolfSSL 15:117db924cf7c 9424
wolfSSL 15:117db924cf7c 9425 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 9426 WOLFSSL_MSG("Certificate Status Request extension to write");
wolfSSL 15:117db924cf7c 9427 offset += CSR_WRITE((CertificateStatusRequest*)extension->data,
wolfSSL 15:117db924cf7c 9428 output + offset, isRequest);
wolfSSL 15:117db924cf7c 9429 break;
wolfSSL 15:117db924cf7c 9430
wolfSSL 15:117db924cf7c 9431 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 9432 WOLFSSL_MSG("Certificate Status Request v2 extension to write");
wolfSSL 15:117db924cf7c 9433 offset += CSR2_WRITE(
wolfSSL 15:117db924cf7c 9434 (CertificateStatusRequestItemV2*)extension->data,
wolfSSL 15:117db924cf7c 9435 output + offset, isRequest);
wolfSSL 15:117db924cf7c 9436 break;
wolfSSL 15:117db924cf7c 9437
wolfSSL 15:117db924cf7c 9438 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 9439 WOLFSSL_MSG("Secure Renegotiation extension to write");
wolfSSL 15:117db924cf7c 9440 offset += SCR_WRITE((SecureRenegotiation*)extension->data,
wolfSSL 15:117db924cf7c 9441 output + offset, isRequest);
wolfSSL 15:117db924cf7c 9442 break;
wolfSSL 15:117db924cf7c 9443
wolfSSL 15:117db924cf7c 9444 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 9445 WOLFSSL_MSG("Session Ticket extension to write");
wolfSSL 15:117db924cf7c 9446 offset += WOLF_STK_WRITE((SessionTicket*)extension->data,
wolfSSL 15:117db924cf7c 9447 output + offset, isRequest);
wolfSSL 15:117db924cf7c 9448 break;
wolfSSL 15:117db924cf7c 9449
wolfSSL 15:117db924cf7c 9450 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 9451 WOLFSSL_MSG("Quantum-Safe-Hybrid extension to write");
wolfSSL 15:117db924cf7c 9452 if (isRequest) {
wolfSSL 15:117db924cf7c 9453 offset += QSH_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 9454 }
wolfSSL 15:117db924cf7c 9455 offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 9456 offset += QSH_SERREQ(output + offset, isRequest);
wolfSSL 15:117db924cf7c 9457 break;
wolfSSL 15:117db924cf7c 9458
wolfSSL 15:117db924cf7c 9459 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 9460 WOLFSSL_MSG("ALPN extension to write");
wolfSSL 15:117db924cf7c 9461 offset += ALPN_WRITE((ALPN*)extension->data, output + offset);
wolfSSL 15:117db924cf7c 9462 break;
wolfSSL 16:8e0d178b1d1e 9463 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 9464 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 9465 WOLFSSL_MSG("Signature Algorithms extension to write");
wolfSSL 15:117db924cf7c 9466 offset += SA_WRITE(extension->data, output + offset);
wolfSSL 15:117db924cf7c 9467 break;
wolfSSL 16:8e0d178b1d1e 9468 #endif
wolfSSL 16:8e0d178b1d1e 9469 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 9470 case TLSX_ENCRYPT_THEN_MAC:
wolfSSL 16:8e0d178b1d1e 9471 WOLFSSL_MSG("Encrypt-Then-Mac extension to write");
wolfSSL 16:8e0d178b1d1e 9472 ret = ETM_WRITE(extension->data, output, msgType, &offset);
wolfSSL 16:8e0d178b1d1e 9473 break;
wolfSSL 16:8e0d178b1d1e 9474 #endif /* HAVE_ENCRYPT_THEN_MAC */
wolfSSL 15:117db924cf7c 9475 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9476 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 15:117db924cf7c 9477 WOLFSSL_MSG("Supported Versions extension to write");
wolfSSL 15:117db924cf7c 9478 ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
wolfSSL 15:117db924cf7c 9479 break;
wolfSSL 15:117db924cf7c 9480
wolfSSL 15:117db924cf7c 9481 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 9482 WOLFSSL_MSG("Cookie extension to write");
wolfSSL 15:117db924cf7c 9483 ret = CKE_WRITE((Cookie*)extension->data, output + offset,
wolfSSL 15:117db924cf7c 9484 msgType, &offset);
wolfSSL 15:117db924cf7c 9485 break;
wolfSSL 15:117db924cf7c 9486
wolfSSL 15:117db924cf7c 9487 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9488 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 9489 WOLFSSL_MSG("Pre-Shared Key extension to write");
wolfSSL 16:8e0d178b1d1e 9490 ret = PSK_WRITE((PreSharedKey*)extension->data, output + offset,
wolfSSL 16:8e0d178b1d1e 9491 msgType, &offset);
wolfSSL 15:117db924cf7c 9492 break;
wolfSSL 15:117db924cf7c 9493
wolfSSL 15:117db924cf7c 9494 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 9495 WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
wolfSSL 16:8e0d178b1d1e 9496 ret = PKM_WRITE(extension->val, output + offset, msgType,
wolfSSL 16:8e0d178b1d1e 9497 &offset);
wolfSSL 15:117db924cf7c 9498 break;
wolfSSL 15:117db924cf7c 9499 #endif
wolfSSL 15:117db924cf7c 9500
wolfSSL 15:117db924cf7c 9501 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 9502 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 9503 WOLFSSL_MSG("Early Data extension to write");
wolfSSL 16:8e0d178b1d1e 9504 ret = EDI_WRITE(extension->val, output + offset, msgType,
wolfSSL 16:8e0d178b1d1e 9505 &offset);
wolfSSL 15:117db924cf7c 9506 break;
wolfSSL 15:117db924cf7c 9507 #endif
wolfSSL 15:117db924cf7c 9508
wolfSSL 15:117db924cf7c 9509 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 9510 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 9511 WOLFSSL_MSG("Post-Handshake Authentication extension to write");
wolfSSL 16:8e0d178b1d1e 9512 ret = PHA_WRITE(output + offset, msgType, &offset);
wolfSSL 15:117db924cf7c 9513 break;
wolfSSL 15:117db924cf7c 9514 #endif
wolfSSL 15:117db924cf7c 9515
wolfSSL 15:117db924cf7c 9516 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 9517 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 9518 WOLFSSL_MSG("Signature Algorithms extension to write");
wolfSSL 15:117db924cf7c 9519 offset += SAC_WRITE(extension->data, output + offset);
wolfSSL 15:117db924cf7c 9520 break;
wolfSSL 15:117db924cf7c 9521 #endif
wolfSSL 15:117db924cf7c 9522
wolfSSL 15:117db924cf7c 9523 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 9524 WOLFSSL_MSG("Key Share extension to write");
wolfSSL 15:117db924cf7c 9525 offset += KS_WRITE((KeyShareEntry*)extension->data,
wolfSSL 16:8e0d178b1d1e 9526 output + offset, msgType);
wolfSSL 15:117db924cf7c 9527 break;
wolfSSL 15:117db924cf7c 9528 #endif
wolfSSL 15:117db924cf7c 9529 }
wolfSSL 15:117db924cf7c 9530
wolfSSL 15:117db924cf7c 9531 /* writes extension data length. */
wolfSSL 15:117db924cf7c 9532 c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL 15:117db924cf7c 9533
wolfSSL 15:117db924cf7c 9534 /* marks the extension as processed so ctx level */
wolfSSL 15:117db924cf7c 9535 /* extensions don't overlap with ssl level ones. */
wolfSSL 15:117db924cf7c 9536 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 15:117db924cf7c 9537 }
wolfSSL 15:117db924cf7c 9538
wolfSSL 15:117db924cf7c 9539 *pOffset += offset;
wolfSSL 15:117db924cf7c 9540
wolfSSL 15:117db924cf7c 9541 return ret;
wolfSSL 15:117db924cf7c 9542 }
wolfSSL 15:117db924cf7c 9543
wolfSSL 15:117db924cf7c 9544
wolfSSL 15:117db924cf7c 9545 #if defined(HAVE_NTRU) && defined(HAVE_QSH)
wolfSSL 15:117db924cf7c 9546
wolfSSL 15:117db924cf7c 9547 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 15:117db924cf7c 9548 {
wolfSSL 15:117db924cf7c 9549 int ret = 0;
wolfSSL 15:117db924cf7c 9550
wolfSSL 15:117db924cf7c 9551 if (gRng == NULL) {
wolfSSL 15:117db924cf7c 9552 if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
wolfSSL 15:117db924cf7c 9553 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 9554 return DRBG_OUT_OF_MEMORY;
wolfSSL 15:117db924cf7c 9555 wc_InitRng(gRng);
wolfSSL 15:117db924cf7c 9556 }
wolfSSL 15:117db924cf7c 9557
wolfSSL 15:117db924cf7c 9558 if (gRngMutex == NULL) {
wolfSSL 15:117db924cf7c 9559 if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
wolfSSL 15:117db924cf7c 9560 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 9561 return DRBG_OUT_OF_MEMORY;
wolfSSL 15:117db924cf7c 9562 wc_InitMutex(gRngMutex);
wolfSSL 15:117db924cf7c 9563 }
wolfSSL 15:117db924cf7c 9564
wolfSSL 15:117db924cf7c 9565 ret |= wc_LockMutex(gRngMutex);
wolfSSL 15:117db924cf7c 9566 ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes);
wolfSSL 15:117db924cf7c 9567 ret |= wc_UnLockMutex(gRngMutex);
wolfSSL 15:117db924cf7c 9568
wolfSSL 15:117db924cf7c 9569 if (ret != 0)
wolfSSL 15:117db924cf7c 9570 return DRBG_ENTROPY_FAIL;
wolfSSL 15:117db924cf7c 9571
wolfSSL 15:117db924cf7c 9572 return DRBG_OK;
wolfSSL 15:117db924cf7c 9573 }
wolfSSL 15:117db924cf7c 9574 #endif
wolfSSL 15:117db924cf7c 9575
wolfSSL 15:117db924cf7c 9576
wolfSSL 15:117db924cf7c 9577 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 9578 static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
wolfSSL 15:117db924cf7c 9579 {
wolfSSL 16:8e0d178b1d1e 9580 int ret = -1;
wolfSSL 15:117db924cf7c 9581
wolfSSL 15:117db924cf7c 9582 (void)ssl;
wolfSSL 15:117db924cf7c 9583
wolfSSL 15:117db924cf7c 9584 switch (type) {
wolfSSL 15:117db924cf7c 9585 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 9586 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 9587 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 9588 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 9589 ret = TLSX_CreateNtruKey(ssl, type);
wolfSSL 15:117db924cf7c 9590 break;
wolfSSL 15:117db924cf7c 9591 #endif
wolfSSL 15:117db924cf7c 9592 default:
wolfSSL 15:117db924cf7c 9593 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 16:8e0d178b1d1e 9594 break;
wolfSSL 15:117db924cf7c 9595 }
wolfSSL 15:117db924cf7c 9596
wolfSSL 15:117db924cf7c 9597 return ret;
wolfSSL 15:117db924cf7c 9598 }
wolfSSL 15:117db924cf7c 9599
wolfSSL 15:117db924cf7c 9600
wolfSSL 15:117db924cf7c 9601 static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
wolfSSL 15:117db924cf7c 9602 {
wolfSSL 15:117db924cf7c 9603 QSHKey* current;
wolfSSL 15:117db924cf7c 9604
wolfSSL 15:117db924cf7c 9605 if (key == NULL)
wolfSSL 15:117db924cf7c 9606 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9607
wolfSSL 15:117db924cf7c 9608 /* if no public key stored in key then do not add */
wolfSSL 15:117db924cf7c 9609 if (key->pub.length == 0 || key->pub.buffer == NULL)
wolfSSL 15:117db924cf7c 9610 return 0;
wolfSSL 15:117db924cf7c 9611
wolfSSL 15:117db924cf7c 9612 /* first element to be added to the list */
wolfSSL 15:117db924cf7c 9613 current = *list;
wolfSSL 15:117db924cf7c 9614 if (current == NULL) {
wolfSSL 15:117db924cf7c 9615 *list = key;
wolfSSL 15:117db924cf7c 9616 return 0;
wolfSSL 15:117db924cf7c 9617 }
wolfSSL 15:117db924cf7c 9618
wolfSSL 15:117db924cf7c 9619 while (current->next) {
wolfSSL 15:117db924cf7c 9620 /* can only have one of the key in the list */
wolfSSL 15:117db924cf7c 9621 if (current->name == key->name)
wolfSSL 15:117db924cf7c 9622 return -1;
wolfSSL 15:117db924cf7c 9623 current = (QSHKey*)current->next;
wolfSSL 15:117db924cf7c 9624 }
wolfSSL 15:117db924cf7c 9625
wolfSSL 15:117db924cf7c 9626 current->next = (struct QSHKey*)key;
wolfSSL 15:117db924cf7c 9627
wolfSSL 15:117db924cf7c 9628 return 0;
wolfSSL 15:117db924cf7c 9629 }
wolfSSL 15:117db924cf7c 9630
wolfSSL 15:117db924cf7c 9631
wolfSSL 15:117db924cf7c 9632 #if defined(HAVE_NTRU)
wolfSSL 15:117db924cf7c 9633 int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
wolfSSL 15:117db924cf7c 9634 {
wolfSSL 15:117db924cf7c 9635 int ret = -1;
wolfSSL 15:117db924cf7c 9636 int ntruType;
wolfSSL 15:117db924cf7c 9637
wolfSSL 15:117db924cf7c 9638 /* variable declarations for NTRU*/
wolfSSL 15:117db924cf7c 9639 QSHKey* temp = NULL;
wolfSSL 15:117db924cf7c 9640 byte public_key[1027];
wolfSSL 15:117db924cf7c 9641 word16 public_key_len = sizeof(public_key);
wolfSSL 15:117db924cf7c 9642 byte private_key[1120];
wolfSSL 15:117db924cf7c 9643 word16 private_key_len = sizeof(private_key);
wolfSSL 15:117db924cf7c 9644 DRBG_HANDLE drbg;
wolfSSL 15:117db924cf7c 9645
wolfSSL 15:117db924cf7c 9646 if (ssl == NULL)
wolfSSL 15:117db924cf7c 9647 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9648
wolfSSL 15:117db924cf7c 9649 switch (type) {
wolfSSL 15:117db924cf7c 9650 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 9651 ntruType = NTRU_EES439EP1;
wolfSSL 15:117db924cf7c 9652 break;
wolfSSL 15:117db924cf7c 9653 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 9654 ntruType = NTRU_EES593EP1;
wolfSSL 15:117db924cf7c 9655 break;
wolfSSL 15:117db924cf7c 9656 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 9657 ntruType = NTRU_EES743EP1;
wolfSSL 15:117db924cf7c 9658 break;
wolfSSL 15:117db924cf7c 9659 default:
wolfSSL 15:117db924cf7c 9660 WOLFSSL_MSG("Unknown type for creating NTRU key");
wolfSSL 15:117db924cf7c 9661 return -1;
wolfSSL 15:117db924cf7c 9662 }
wolfSSL 15:117db924cf7c 9663 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 15:117db924cf7c 9664 if (ret != DRBG_OK) {
wolfSSL 15:117db924cf7c 9665 WOLFSSL_MSG("NTRU drbg instantiate failed\n");
wolfSSL 15:117db924cf7c 9666 return ret;
wolfSSL 15:117db924cf7c 9667 }
wolfSSL 15:117db924cf7c 9668
wolfSSL 15:117db924cf7c 9669 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 15:117db924cf7c 9670 &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
wolfSSL 15:117db924cf7c 9671 return ret;
wolfSSL 15:117db924cf7c 9672
wolfSSL 15:117db924cf7c 9673 if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
wolfSSL 15:117db924cf7c 9674 &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
wolfSSL 15:117db924cf7c 9675 return ret;
wolfSSL 15:117db924cf7c 9676
wolfSSL 15:117db924cf7c 9677 ret = ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 15:117db924cf7c 9678 if (ret != NTRU_OK) {
wolfSSL 15:117db924cf7c 9679 WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
wolfSSL 15:117db924cf7c 9680 return ret;
wolfSSL 15:117db924cf7c 9681 }
wolfSSL 15:117db924cf7c 9682
wolfSSL 15:117db924cf7c 9683 if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
wolfSSL 15:117db924cf7c 9684 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 15:117db924cf7c 9685 return MEMORY_E;
wolfSSL 15:117db924cf7c 9686 temp->name = type;
wolfSSL 15:117db924cf7c 9687 temp->pub.length = public_key_len;
wolfSSL 15:117db924cf7c 9688 temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap,
wolfSSL 15:117db924cf7c 9689 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 9690 XMEMCPY(temp->pub.buffer, public_key, public_key_len);
wolfSSL 15:117db924cf7c 9691 temp->pri.length = private_key_len;
wolfSSL 15:117db924cf7c 9692 temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap,
wolfSSL 15:117db924cf7c 9693 DYNAMIC_TYPE_ARRAYS);
wolfSSL 15:117db924cf7c 9694 XMEMCPY(temp->pri.buffer, private_key, private_key_len);
wolfSSL 15:117db924cf7c 9695 temp->next = NULL;
wolfSSL 15:117db924cf7c 9696
wolfSSL 15:117db924cf7c 9697 TLSX_AddQSHKey(&ssl->QSH_Key, temp);
wolfSSL 15:117db924cf7c 9698
wolfSSL 15:117db924cf7c 9699 (void)ssl;
wolfSSL 15:117db924cf7c 9700 (void)type;
wolfSSL 15:117db924cf7c 9701
wolfSSL 15:117db924cf7c 9702 return ret;
wolfSSL 15:117db924cf7c 9703 }
wolfSSL 15:117db924cf7c 9704 #endif
wolfSSL 15:117db924cf7c 9705
wolfSSL 15:117db924cf7c 9706
wolfSSL 15:117db924cf7c 9707 /*
wolfSSL 15:117db924cf7c 9708 Used to find a public key from the list of keys
wolfSSL 15:117db924cf7c 9709 pubLen length of array
wolfSSL 15:117db924cf7c 9710 name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
wolfSSL 15:117db924cf7c 9711
wolfSSL 15:117db924cf7c 9712 returns a pointer to public key byte* or NULL if not found
wolfSSL 15:117db924cf7c 9713 */
wolfSSL 15:117db924cf7c 9714 static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
wolfSSL 15:117db924cf7c 9715 {
wolfSSL 15:117db924cf7c 9716 QSHKey* current = qsh;
wolfSSL 15:117db924cf7c 9717
wolfSSL 15:117db924cf7c 9718 if (qsh == NULL || pubLen == NULL)
wolfSSL 15:117db924cf7c 9719 return NULL;
wolfSSL 15:117db924cf7c 9720
wolfSSL 15:117db924cf7c 9721 *pubLen = 0;
wolfSSL 15:117db924cf7c 9722
wolfSSL 15:117db924cf7c 9723 while(current) {
wolfSSL 15:117db924cf7c 9724 if (current->name == name) {
wolfSSL 15:117db924cf7c 9725 *pubLen = current->pub.length;
wolfSSL 15:117db924cf7c 9726 return current->pub.buffer;
wolfSSL 15:117db924cf7c 9727 }
wolfSSL 15:117db924cf7c 9728 current = (QSHKey*)current->next;
wolfSSL 15:117db924cf7c 9729 }
wolfSSL 15:117db924cf7c 9730
wolfSSL 15:117db924cf7c 9731 return NULL;
wolfSSL 15:117db924cf7c 9732 }
wolfSSL 15:117db924cf7c 9733 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 9734
wolfSSL 15:117db924cf7c 9735 #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 9736 !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \
wolfSSL 16:8e0d178b1d1e 9737 (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \
wolfSSL 16:8e0d178b1d1e 9738 && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \
wolfSSL 16:8e0d178b1d1e 9739 ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 9740 defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))
wolfSSL 16:8e0d178b1d1e 9741
wolfSSL 16:8e0d178b1d1e 9742 /* Populates the default supported groups / curves */
wolfSSL 15:117db924cf7c 9743 static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
wolfSSL 15:117db924cf7c 9744 {
wolfSSL 15:117db924cf7c 9745 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 9746 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 9747 int i;
wolfSSL 15:117db924cf7c 9748
wolfSSL 15:117db924cf7c 9749 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 9750 if (ssl->options.resuming && ssl->session.namedGroup != 0) {
wolfSSL 15:117db924cf7c 9751 return TLSX_UseSupportedCurve(extensions, ssl->session.namedGroup,
wolfSSL 15:117db924cf7c 9752 ssl->heap);
wolfSSL 15:117db924cf7c 9753 }
wolfSSL 15:117db924cf7c 9754 #endif
wolfSSL 15:117db924cf7c 9755
wolfSSL 15:117db924cf7c 9756 if (ssl->numGroups != 0) {
wolfSSL 15:117db924cf7c 9757 for (i = 0; i < ssl->numGroups; i++) {
wolfSSL 15:117db924cf7c 9758 ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap);
wolfSSL 15:117db924cf7c 9759 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9760 return ret;
wolfSSL 15:117db924cf7c 9761 }
wolfSSL 15:117db924cf7c 9762 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 9763 }
wolfSSL 15:117db924cf7c 9764 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 9765
wolfSSL 15:117db924cf7c 9766 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 16:8e0d178b1d1e 9767 /* list in order by strength, since not all servers choose by strength */
wolfSSL 16:8e0d178b1d1e 9768 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9769 #ifndef NO_ECC_SECP
wolfSSL 16:8e0d178b1d1e 9770 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9771 WOLFSSL_ECC_SECP521R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9772 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9773 #endif
wolfSSL 16:8e0d178b1d1e 9774 #endif
wolfSSL 16:8e0d178b1d1e 9775 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9776 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 16:8e0d178b1d1e 9777 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9778 WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9779 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9780 #endif
wolfSSL 16:8e0d178b1d1e 9781 #endif
wolfSSL 16:8e0d178b1d1e 9782 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9783 #ifndef NO_ECC_SECP
wolfSSL 16:8e0d178b1d1e 9784 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9785 WOLFSSL_ECC_SECP384R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9786 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9787 #endif
wolfSSL 16:8e0d178b1d1e 9788 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 16:8e0d178b1d1e 9789 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9790 WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9791 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9792 #endif
wolfSSL 16:8e0d178b1d1e 9793 #endif
wolfSSL 16:8e0d178b1d1e 9794 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 16:8e0d178b1d1e 9795
wolfSSL 16:8e0d178b1d1e 9796 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 9797 #if defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 9798 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9799 WOLFSSL_ECC_X448, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9800 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9801 #endif
wolfSSL 16:8e0d178b1d1e 9802 #endif /* HAVE_FIPS */
wolfSSL 16:8e0d178b1d1e 9803
wolfSSL 16:8e0d178b1d1e 9804 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 16:8e0d178b1d1e 9805 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9806 #ifndef NO_ECC_SECP
wolfSSL 16:8e0d178b1d1e 9807 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9808 WOLFSSL_ECC_SECP256R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9809 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9810 #endif
wolfSSL 16:8e0d178b1d1e 9811 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 16:8e0d178b1d1e 9812 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9813 WOLFSSL_ECC_SECP256K1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9814 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9815 #endif
wolfSSL 16:8e0d178b1d1e 9816 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 16:8e0d178b1d1e 9817 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9818 WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9819 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9820 #endif
wolfSSL 16:8e0d178b1d1e 9821 #endif
wolfSSL 16:8e0d178b1d1e 9822 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 16:8e0d178b1d1e 9823
wolfSSL 16:8e0d178b1d1e 9824 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 9825 #if defined(HAVE_CURVE25519)
wolfSSL 16:8e0d178b1d1e 9826 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9827 WOLFSSL_ECC_X25519, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9828 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9829 #endif
wolfSSL 16:8e0d178b1d1e 9830 #endif /* HAVE_FIPS */
wolfSSL 16:8e0d178b1d1e 9831
wolfSSL 16:8e0d178b1d1e 9832 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 16:8e0d178b1d1e 9833 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9834 #ifndef NO_ECC_SECP
wolfSSL 16:8e0d178b1d1e 9835 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9836 WOLFSSL_ECC_SECP224R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9837 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9838 #endif
wolfSSL 16:8e0d178b1d1e 9839 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 16:8e0d178b1d1e 9840 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9841 WOLFSSL_ECC_SECP224K1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9842 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9843 #endif
wolfSSL 16:8e0d178b1d1e 9844 #endif
wolfSSL 16:8e0d178b1d1e 9845
wolfSSL 15:117db924cf7c 9846 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 9847 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 16:8e0d178b1d1e 9848 #ifndef NO_ECC_SECP
wolfSSL 16:8e0d178b1d1e 9849 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9850 WOLFSSL_ECC_SECP192R1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9851 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9852 #endif
wolfSSL 16:8e0d178b1d1e 9853 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 16:8e0d178b1d1e 9854 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9855 WOLFSSL_ECC_SECP192K1, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9856 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 16:8e0d178b1d1e 9857 #endif
wolfSSL 16:8e0d178b1d1e 9858 #endif
wolfSSL 15:117db924cf7c 9859 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 15:117db924cf7c 9860 #ifndef NO_ECC_SECP
wolfSSL 15:117db924cf7c 9861 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 9862 WOLFSSL_ECC_SECP160R1, ssl->heap);
wolfSSL 15:117db924cf7c 9863 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 9864 #endif
wolfSSL 15:117db924cf7c 9865 #ifdef HAVE_ECC_SECPR2
wolfSSL 15:117db924cf7c 9866 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 9867 WOLFSSL_ECC_SECP160R2, ssl->heap);
wolfSSL 15:117db924cf7c 9868 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 9869 #endif
wolfSSL 15:117db924cf7c 9870 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 15:117db924cf7c 9871 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 9872 WOLFSSL_ECC_SECP160K1, ssl->heap);
wolfSSL 15:117db924cf7c 9873 if (ret != WOLFSSL_SUCCESS) return ret;
wolfSSL 15:117db924cf7c 9874 #endif
wolfSSL 15:117db924cf7c 9875 #endif
wolfSSL 16:8e0d178b1d1e 9876 #endif /* HAVE_FIPS */
wolfSSL 16:8e0d178b1d1e 9877 #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */
wolfSSL 16:8e0d178b1d1e 9878
wolfSSL 16:8e0d178b1d1e 9879 /* Add FFDHE supported groups. */
wolfSSL 16:8e0d178b1d1e 9880 #ifdef HAVE_FFDHE_8192
wolfSSL 16:8e0d178b1d1e 9881 if (8192/8 >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 9882 8192/8 <= ssl->options.maxDhKeySz) {
wolfSSL 15:117db924cf7c 9883 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9884 WOLFSSL_FFDHE_8192, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9885 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 9886 return ret;
wolfSSL 16:8e0d178b1d1e 9887 }
wolfSSL 15:117db924cf7c 9888 #endif
wolfSSL 16:8e0d178b1d1e 9889 #ifdef HAVE_FFDHE_6144
wolfSSL 16:8e0d178b1d1e 9890 if (6144/8 >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 9891 6144/8 <= ssl->options.maxDhKeySz) {
wolfSSL 15:117db924cf7c 9892 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9893 WOLFSSL_FFDHE_6144, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9894 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 9895 return ret;
wolfSSL 16:8e0d178b1d1e 9896 }
wolfSSL 15:117db924cf7c 9897 #endif
wolfSSL 16:8e0d178b1d1e 9898 #ifdef HAVE_FFDHE_4096
wolfSSL 16:8e0d178b1d1e 9899 if (4096/8 >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 9900 4096/8 <= ssl->options.maxDhKeySz) {
wolfSSL 15:117db924cf7c 9901 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9902 WOLFSSL_FFDHE_4096, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9903 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 9904 return ret;
wolfSSL 16:8e0d178b1d1e 9905 }
wolfSSL 15:117db924cf7c 9906 #endif
wolfSSL 16:8e0d178b1d1e 9907 #ifdef HAVE_FFDHE_3072
wolfSSL 16:8e0d178b1d1e 9908 if (3072/8 >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 9909 3072/8 <= ssl->options.maxDhKeySz) {
wolfSSL 15:117db924cf7c 9910 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 16:8e0d178b1d1e 9911 WOLFSSL_FFDHE_3072, ssl->heap);
wolfSSL 16:8e0d178b1d1e 9912 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 9913 return ret;
wolfSSL 16:8e0d178b1d1e 9914 }
wolfSSL 15:117db924cf7c 9915 #endif
wolfSSL 15:117db924cf7c 9916 #ifdef HAVE_FFDHE_2048
wolfSSL 16:8e0d178b1d1e 9917 if (2048/8 >= ssl->options.minDhKeySz &&
wolfSSL 16:8e0d178b1d1e 9918 2048/8 <= ssl->options.maxDhKeySz) {
wolfSSL 15:117db924cf7c 9919 ret = TLSX_UseSupportedCurve(extensions,
wolfSSL 15:117db924cf7c 9920 WOLFSSL_FFDHE_2048, ssl->heap);
wolfSSL 15:117db924cf7c 9921 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9922 return ret;
wolfSSL 16:8e0d178b1d1e 9923 }
wolfSSL 15:117db924cf7c 9924 #endif
wolfSSL 15:117db924cf7c 9925
wolfSSL 15:117db924cf7c 9926 (void)ssl;
wolfSSL 15:117db924cf7c 9927 (void)extensions;
wolfSSL 15:117db924cf7c 9928
wolfSSL 15:117db924cf7c 9929 return ret;
wolfSSL 15:117db924cf7c 9930 }
wolfSSL 15:117db924cf7c 9931
wolfSSL 15:117db924cf7c 9932 #endif
wolfSSL 15:117db924cf7c 9933
wolfSSL 15:117db924cf7c 9934 int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
wolfSSL 15:117db924cf7c 9935 {
wolfSSL 15:117db924cf7c 9936 int ret = 0;
wolfSSL 15:117db924cf7c 9937 byte* public_key = NULL;
wolfSSL 15:117db924cf7c 9938 word16 public_key_len = 0;
wolfSSL 15:117db924cf7c 9939 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 9940 int usingPSK = 0;
wolfSSL 15:117db924cf7c 9941 #endif
wolfSSL 15:117db924cf7c 9942 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 9943 TLSX* extension;
wolfSSL 15:117db924cf7c 9944 QSHScheme* qsh;
wolfSSL 15:117db924cf7c 9945 QSHScheme* next;
wolfSSL 15:117db924cf7c 9946
wolfSSL 15:117db924cf7c 9947 /* add supported QSHSchemes */
wolfSSL 15:117db924cf7c 9948 WOLFSSL_MSG("Adding supported QSH Schemes");
wolfSSL 15:117db924cf7c 9949 #endif
wolfSSL 15:117db924cf7c 9950
wolfSSL 16:8e0d178b1d1e 9951 /* server will add extension depending on what is parsed from client */
wolfSSL 15:117db924cf7c 9952 if (!isServer) {
wolfSSL 15:117db924cf7c 9953 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 9954 /* test if user has set a specific scheme already */
wolfSSL 15:117db924cf7c 9955 if (!ssl->user_set_QSHSchemes) {
wolfSSL 15:117db924cf7c 9956 if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 15:117db924cf7c 9957 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
wolfSSL 15:117db924cf7c 9958 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 9959 return ret;
wolfSSL 15:117db924cf7c 9960 }
wolfSSL 15:117db924cf7c 9961 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
wolfSSL 15:117db924cf7c 9962 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 9963 return ret;
wolfSSL 15:117db924cf7c 9964 }
wolfSSL 15:117db924cf7c 9965 if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
wolfSSL 15:117db924cf7c 9966 WOLFSSL_MSG("Error creating ntru keys");
wolfSSL 15:117db924cf7c 9967 return ret;
wolfSSL 15:117db924cf7c 9968 }
wolfSSL 15:117db924cf7c 9969
wolfSSL 15:117db924cf7c 9970 /* add NTRU 256 */
wolfSSL 15:117db924cf7c 9971 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 9972 &public_key_len, WOLFSSL_NTRU_EESS743);
wolfSSL 15:117db924cf7c 9973 }
wolfSSL 15:117db924cf7c 9974 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
wolfSSL 15:117db924cf7c 9975 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 9976 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9977 ret = -1;
wolfSSL 15:117db924cf7c 9978
wolfSSL 15:117db924cf7c 9979 /* add NTRU 196 */
wolfSSL 15:117db924cf7c 9980 if (ssl->sendQSHKeys) {
wolfSSL 15:117db924cf7c 9981 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 9982 &public_key_len, WOLFSSL_NTRU_EESS593);
wolfSSL 15:117db924cf7c 9983 }
wolfSSL 15:117db924cf7c 9984 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
wolfSSL 15:117db924cf7c 9985 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 9986 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9987 ret = -1;
wolfSSL 15:117db924cf7c 9988
wolfSSL 15:117db924cf7c 9989 /* add NTRU 128 */
wolfSSL 15:117db924cf7c 9990 if (ssl->sendQSHKeys) {
wolfSSL 15:117db924cf7c 9991 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 9992 &public_key_len, WOLFSSL_NTRU_EESS439);
wolfSSL 15:117db924cf7c 9993 }
wolfSSL 15:117db924cf7c 9994 if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
wolfSSL 15:117db924cf7c 9995 public_key, public_key_len, ssl->heap)
wolfSSL 15:117db924cf7c 9996 != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 9997 ret = -1;
wolfSSL 15:117db924cf7c 9998 }
wolfSSL 15:117db924cf7c 9999 else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
wolfSSL 15:117db924cf7c 10000 /* for each scheme make a client key */
wolfSSL 15:117db924cf7c 10001 extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 10002 if (extension) {
wolfSSL 15:117db924cf7c 10003 qsh = (QSHScheme*)extension->data;
wolfSSL 15:117db924cf7c 10004
wolfSSL 15:117db924cf7c 10005 while (qsh) {
wolfSSL 15:117db924cf7c 10006 if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
wolfSSL 15:117db924cf7c 10007 return ret;
wolfSSL 15:117db924cf7c 10008
wolfSSL 15:117db924cf7c 10009 /* get next now because qsh could be freed */
wolfSSL 15:117db924cf7c 10010 next = qsh->next;
wolfSSL 15:117db924cf7c 10011
wolfSSL 15:117db924cf7c 10012 /* find the public key created and add to extension*/
wolfSSL 15:117db924cf7c 10013 public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
wolfSSL 15:117db924cf7c 10014 &public_key_len, qsh->name);
wolfSSL 15:117db924cf7c 10015 if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
wolfSSL 15:117db924cf7c 10016 public_key, public_key_len,
wolfSSL 15:117db924cf7c 10017 ssl->heap) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 10018 ret = -1;
wolfSSL 15:117db924cf7c 10019 qsh = next;
wolfSSL 15:117db924cf7c 10020 }
wolfSSL 15:117db924cf7c 10021 }
wolfSSL 15:117db924cf7c 10022 }
wolfSSL 15:117db924cf7c 10023 #endif
wolfSSL 15:117db924cf7c 10024
wolfSSL 16:8e0d178b1d1e 10025 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 10026 if (!ssl->options.disallowEncThenMac) {
wolfSSL 16:8e0d178b1d1e 10027 ret = TLSX_EncryptThenMac_Use(ssl);
wolfSSL 16:8e0d178b1d1e 10028 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10029 return ret;
wolfSSL 16:8e0d178b1d1e 10030 }
wolfSSL 16:8e0d178b1d1e 10031 #endif
wolfSSL 16:8e0d178b1d1e 10032
wolfSSL 16:8e0d178b1d1e 10033 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
wolfSSL 16:8e0d178b1d1e 10034 defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 10035 if (!ssl->options.userCurves && !ssl->ctx->userCurves) {
wolfSSL 15:117db924cf7c 10036 if (TLSX_Find(ssl->ctx->extensions,
wolfSSL 15:117db924cf7c 10037 TLSX_SUPPORTED_GROUPS) == NULL) {
wolfSSL 15:117db924cf7c 10038 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
wolfSSL 15:117db924cf7c 10039 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 10040 return ret;
wolfSSL 15:117db924cf7c 10041 }
wolfSSL 16:8e0d178b1d1e 10042 }
wolfSSL 16:8e0d178b1d1e 10043 if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) &&
wolfSSL 16:8e0d178b1d1e 10044 TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL &&
wolfSSL 16:8e0d178b1d1e 10045 TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) {
wolfSSL 16:8e0d178b1d1e 10046 ret = TLSX_UsePointFormat(&ssl->extensions,
wolfSSL 16:8e0d178b1d1e 10047 WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap);
wolfSSL 16:8e0d178b1d1e 10048 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 10049 return ret;
wolfSSL 16:8e0d178b1d1e 10050 }
wolfSSL 16:8e0d178b1d1e 10051 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 10052 } /* is not server */
wolfSSL 15:117db924cf7c 10053
wolfSSL 16:8e0d178b1d1e 10054 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 10055 WOLFSSL_MSG("Adding signature algorithms extension");
wolfSSL 15:117db924cf7c 10056 if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap))
wolfSSL 15:117db924cf7c 10057 != 0) {
wolfSSL 15:117db924cf7c 10058 return ret;
wolfSSL 15:117db924cf7c 10059 }
wolfSSL 16:8e0d178b1d1e 10060 #else
wolfSSL 16:8e0d178b1d1e 10061 ret = 0;
wolfSSL 16:8e0d178b1d1e 10062 #endif
wolfSSL 15:117db924cf7c 10063 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10064 if (!isServer && IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10065 /* Add mandatory TLS v1.3 extension: supported version */
wolfSSL 15:117db924cf7c 10066 WOLFSSL_MSG("Adding supported versions extension");
wolfSSL 15:117db924cf7c 10067 if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl,
wolfSSL 15:117db924cf7c 10068 ssl->heap)) != 0) {
wolfSSL 15:117db924cf7c 10069 return ret;
wolfSSL 15:117db924cf7c 10070 }
wolfSSL 15:117db924cf7c 10071
wolfSSL 15:117db924cf7c 10072 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \
wolfSSL 16:8e0d178b1d1e 10073 !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL 15:117db924cf7c 10074 if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) {
wolfSSL 15:117db924cf7c 10075 /* Put in DH groups for TLS 1.3 only. */
wolfSSL 15:117db924cf7c 10076 ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
wolfSSL 15:117db924cf7c 10077 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 10078 return ret;
wolfSSL 15:117db924cf7c 10079 ret = 0;
wolfSSL 15:117db924cf7c 10080 }
wolfSSL 16:8e0d178b1d1e 10081 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */
wolfSSL 15:117db924cf7c 10082
wolfSSL 15:117db924cf7c 10083 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 10084 if (ssl->certHashSigAlgoSz > 0) {
wolfSSL 15:117db924cf7c 10085 WOLFSSL_MSG("Adding signature algorithms cert extension");
wolfSSL 15:117db924cf7c 10086 if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions,
wolfSSL 15:117db924cf7c 10087 ssl, ssl->heap)) != 0) {
wolfSSL 15:117db924cf7c 10088 return ret;
wolfSSL 15:117db924cf7c 10089 }
wolfSSL 15:117db924cf7c 10090 }
wolfSSL 15:117db924cf7c 10091 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
wolfSSL 15:117db924cf7c 10092
wolfSSL 15:117db924cf7c 10093 if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
wolfSSL 15:117db924cf7c 10094 word16 namedGroup;
wolfSSL 15:117db924cf7c 10095
wolfSSL 15:117db924cf7c 10096 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10097 if (ssl->options.resuming && ssl->session.namedGroup != 0)
wolfSSL 15:117db924cf7c 10098 namedGroup = ssl->session.namedGroup;
wolfSSL 15:117db924cf7c 10099 else
wolfSSL 15:117db924cf7c 10100 #endif
wolfSSL 15:117db924cf7c 10101 {
wolfSSL 15:117db924cf7c 10102 #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \
wolfSSL 15:117db924cf7c 10103 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 10104 namedGroup = WOLFSSL_ECC_SECP256R1;
wolfSSL 15:117db924cf7c 10105 #elif defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 10106 namedGroup = WOLFSSL_ECC_X25519;
wolfSSL 16:8e0d178b1d1e 10107 #elif defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 10108 namedGroup = WOLFSSL_ECC_X448;
wolfSSL 15:117db924cf7c 10109 #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \
wolfSSL 15:117db924cf7c 10110 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 10111 namedGroup = WOLFSSL_ECC_SECP384R1;
wolfSSL 15:117db924cf7c 10112 #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \
wolfSSL 15:117db924cf7c 10113 defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP)
wolfSSL 15:117db924cf7c 10114 namedGroup = WOLFSSL_ECC_SECP521R1;
wolfSSL 15:117db924cf7c 10115 #elif defined(HAVE_FFDHE_2048)
wolfSSL 15:117db924cf7c 10116 namedGroup = WOLFSSL_FFDHE_2048;
wolfSSL 15:117db924cf7c 10117 #elif defined(HAVE_FFDHE_3072)
wolfSSL 15:117db924cf7c 10118 namedGroup = WOLFSSL_FFDHE_3072;
wolfSSL 15:117db924cf7c 10119 #elif defined(HAVE_FFDHE_4096)
wolfSSL 15:117db924cf7c 10120 namedGroup = WOLFSSL_FFDHE_4096;
wolfSSL 15:117db924cf7c 10121 #elif defined(HAVE_FFDHE_6144)
wolfSSL 15:117db924cf7c 10122 namedGroup = WOLFSSL_FFDHE_6144;
wolfSSL 15:117db924cf7c 10123 #elif defined(HAVE_FFDHE_8192)
wolfSSL 15:117db924cf7c 10124 namedGroup = WOLFSSL_FFDHE_8192;
wolfSSL 15:117db924cf7c 10125 #else
wolfSSL 15:117db924cf7c 10126 return KEY_SHARE_ERROR;
wolfSSL 15:117db924cf7c 10127 #endif
wolfSSL 15:117db924cf7c 10128 }
wolfSSL 15:117db924cf7c 10129 ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL);
wolfSSL 15:117db924cf7c 10130 if (ret != 0)
wolfSSL 15:117db924cf7c 10131 return ret;
wolfSSL 15:117db924cf7c 10132 }
wolfSSL 15:117db924cf7c 10133
wolfSSL 15:117db924cf7c 10134 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10135 TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap);
wolfSSL 15:117db924cf7c 10136 #endif
wolfSSL 15:117db924cf7c 10137 #if defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 10138 if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL 15:117db924cf7c 10139 WOLFSSL_SESSION* sess = &ssl->session;
wolfSSL 15:117db924cf7c 10140 word32 milli;
wolfSSL 15:117db924cf7c 10141
wolfSSL 16:8e0d178b1d1e 10142 if (sess->ticketLen > MAX_PSK_ID_LEN) {
wolfSSL 16:8e0d178b1d1e 10143 WOLFSSL_MSG("Session ticket length for PSK ext is too large");
wolfSSL 16:8e0d178b1d1e 10144 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 10145 }
wolfSSL 16:8e0d178b1d1e 10146
wolfSSL 15:117db924cf7c 10147 /* Determine the MAC algorithm for the cipher suite used. */
wolfSSL 15:117db924cf7c 10148 ssl->options.cipherSuite0 = sess->cipherSuite0;
wolfSSL 15:117db924cf7c 10149 ssl->options.cipherSuite = sess->cipherSuite;
wolfSSL 15:117db924cf7c 10150 ret = SetCipherSpecs(ssl);
wolfSSL 15:117db924cf7c 10151 if (ret != 0)
wolfSSL 15:117db924cf7c 10152 return ret;
wolfSSL 15:117db924cf7c 10153 milli = TimeNowInMilliseconds() - sess->ticketSeen +
wolfSSL 15:117db924cf7c 10154 sess->ticketAdd;
wolfSSL 15:117db924cf7c 10155 /* Pre-shared key is mandatory extension for resumption. */
wolfSSL 15:117db924cf7c 10156 ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
wolfSSL 15:117db924cf7c 10157 milli, ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 10158 ssl->options.cipherSuite0,
wolfSSL 15:117db924cf7c 10159 ssl->options.cipherSuite, 1,
wolfSSL 15:117db924cf7c 10160 NULL);
wolfSSL 15:117db924cf7c 10161 if (ret != 0)
wolfSSL 15:117db924cf7c 10162 return ret;
wolfSSL 15:117db924cf7c 10163
wolfSSL 15:117db924cf7c 10164 usingPSK = 1;
wolfSSL 15:117db924cf7c 10165 }
wolfSSL 15:117db924cf7c 10166 #endif
wolfSSL 15:117db924cf7c 10167 #ifndef NO_PSK
wolfSSL 16:8e0d178b1d1e 10168 if (ssl->options.client_psk_cb != NULL ||
wolfSSL 16:8e0d178b1d1e 10169 ssl->options.client_psk_tls13_cb != NULL) {
wolfSSL 15:117db924cf7c 10170 /* Default ciphersuite. */
wolfSSL 15:117db924cf7c 10171 byte cipherSuite0 = TLS13_BYTE;
wolfSSL 15:117db924cf7c 10172 byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
wolfSSL 16:8e0d178b1d1e 10173 const char* cipherName = NULL;
wolfSSL 16:8e0d178b1d1e 10174
wolfSSL 16:8e0d178b1d1e 10175 if (ssl->options.client_psk_tls13_cb != NULL) {
wolfSSL 16:8e0d178b1d1e 10176 ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(
wolfSSL 16:8e0d178b1d1e 10177 ssl, ssl->arrays->server_hint,
wolfSSL 16:8e0d178b1d1e 10178 ssl->arrays->client_identity, MAX_PSK_ID_LEN,
wolfSSL 16:8e0d178b1d1e 10179 ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
wolfSSL 16:8e0d178b1d1e 10180 if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
wolfSSL 16:8e0d178b1d1e 10181 &cipherSuite) != 0) {
wolfSSL 16:8e0d178b1d1e 10182 return PSK_KEY_ERROR;
wolfSSL 16:8e0d178b1d1e 10183 }
wolfSSL 16:8e0d178b1d1e 10184 }
wolfSSL 16:8e0d178b1d1e 10185 else {
wolfSSL 16:8e0d178b1d1e 10186 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 15:117db924cf7c 10187 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 15:117db924cf7c 10188 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 16:8e0d178b1d1e 10189 }
wolfSSL 15:117db924cf7c 10190 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 15:117db924cf7c 10191 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 15:117db924cf7c 10192 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 10193 }
wolfSSL 15:117db924cf7c 10194 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
wolfSSL 15:117db924cf7c 10195 /* TODO: Callback should be able to change ciphersuite. */
wolfSSL 15:117db924cf7c 10196 ssl->options.cipherSuite0 = cipherSuite0;
wolfSSL 15:117db924cf7c 10197 ssl->options.cipherSuite = cipherSuite;
wolfSSL 15:117db924cf7c 10198 ret = SetCipherSpecs(ssl);
wolfSSL 15:117db924cf7c 10199 if (ret != 0)
wolfSSL 15:117db924cf7c 10200 return ret;
wolfSSL 15:117db924cf7c 10201
wolfSSL 15:117db924cf7c 10202 ret = TLSX_PreSharedKey_Use(ssl,
wolfSSL 15:117db924cf7c 10203 (byte*)ssl->arrays->client_identity,
wolfSSL 15:117db924cf7c 10204 (word16)XSTRLEN(ssl->arrays->client_identity),
wolfSSL 15:117db924cf7c 10205 0, ssl->specs.mac_algorithm,
wolfSSL 15:117db924cf7c 10206 cipherSuite0, cipherSuite, 0,
wolfSSL 15:117db924cf7c 10207 NULL);
wolfSSL 15:117db924cf7c 10208 if (ret != 0)
wolfSSL 15:117db924cf7c 10209 return ret;
wolfSSL 15:117db924cf7c 10210
wolfSSL 15:117db924cf7c 10211 usingPSK = 1;
wolfSSL 15:117db924cf7c 10212 }
wolfSSL 15:117db924cf7c 10213 #endif
wolfSSL 15:117db924cf7c 10214 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10215 if (usingPSK) {
wolfSSL 15:117db924cf7c 10216 byte modes;
wolfSSL 15:117db924cf7c 10217
wolfSSL 15:117db924cf7c 10218 /* Pre-shared key modes: mandatory extension for resumption. */
wolfSSL 15:117db924cf7c 10219 modes = 1 << PSK_KE;
wolfSSL 16:8e0d178b1d1e 10220 #if !defined(NO_DH) || defined(HAVE_ECC) || \
wolfSSL 16:8e0d178b1d1e 10221 defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
wolfSSL 15:117db924cf7c 10222 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 10223 modes |= 1 << PSK_DHE_KE;
wolfSSL 15:117db924cf7c 10224 #endif
wolfSSL 15:117db924cf7c 10225 ret = TLSX_PskKeModes_Use(ssl, modes);
wolfSSL 15:117db924cf7c 10226 if (ret != 0)
wolfSSL 15:117db924cf7c 10227 return ret;
wolfSSL 15:117db924cf7c 10228 }
wolfSSL 15:117db924cf7c 10229 #endif
wolfSSL 15:117db924cf7c 10230 #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 15:117db924cf7c 10231 if (!isServer && ssl->options.postHandshakeAuth) {
wolfSSL 15:117db924cf7c 10232 ret = TLSX_PostHandAuth_Use(ssl);
wolfSSL 15:117db924cf7c 10233 if (ret != 0)
wolfSSL 15:117db924cf7c 10234 return ret;
wolfSSL 15:117db924cf7c 10235 }
wolfSSL 15:117db924cf7c 10236 #endif
wolfSSL 15:117db924cf7c 10237 }
wolfSSL 15:117db924cf7c 10238
wolfSSL 15:117db924cf7c 10239 #endif
wolfSSL 15:117db924cf7c 10240
wolfSSL 15:117db924cf7c 10241 (void)isServer;
wolfSSL 15:117db924cf7c 10242 (void)public_key;
wolfSSL 15:117db924cf7c 10243 (void)public_key_len;
wolfSSL 15:117db924cf7c 10244 (void)ssl;
wolfSSL 15:117db924cf7c 10245
wolfSSL 15:117db924cf7c 10246 return ret;
wolfSSL 15:117db924cf7c 10247 }
wolfSSL 15:117db924cf7c 10248
wolfSSL 15:117db924cf7c 10249
wolfSSL 15:117db924cf7c 10250 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 10251
wolfSSL 15:117db924cf7c 10252 /** Tells the buffered size of extensions to be sent into the client hello. */
wolfSSL 15:117db924cf7c 10253 int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
wolfSSL 15:117db924cf7c 10254 {
wolfSSL 15:117db924cf7c 10255 int ret = 0;
wolfSSL 15:117db924cf7c 10256 word16 length = 0;
wolfSSL 15:117db924cf7c 10257 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 10258
wolfSSL 15:117db924cf7c 10259 if (!TLSX_SupportExtensions(ssl))
wolfSSL 15:117db924cf7c 10260 return 0;
wolfSSL 15:117db924cf7c 10261 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 10262 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 10263 PF_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 10264 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 10265 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 16:8e0d178b1d1e 10266 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 10267 if (ssl->suites->hashSigAlgoSz == 0)
wolfSSL 15:117db924cf7c 10268 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 16:8e0d178b1d1e 10269 #endif
wolfSSL 15:117db924cf7c 10270 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 10271 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 10272 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10273 if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10274 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10275 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10276 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10277 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
wolfSSL 15:117db924cf7c 10278 #endif
wolfSSL 15:117db924cf7c 10279 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 10280 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 10281 #endif
wolfSSL 15:117db924cf7c 10282 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 10283 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 10284 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
wolfSSL 15:117db924cf7c 10285 #endif
wolfSSL 15:117db924cf7c 10286 }
wolfSSL 15:117db924cf7c 10287 #endif
wolfSSL 15:117db924cf7c 10288 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 10289 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 10290 if (!ssl->ctx->cm->ocspStaplingEnabled) {
wolfSSL 15:117db924cf7c 10291 /* mark already sent, so it won't send it */
wolfSSL 15:117db924cf7c 10292 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10293 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
wolfSSL 15:117db924cf7c 10294 }
wolfSSL 15:117db924cf7c 10295 #endif
wolfSSL 15:117db924cf7c 10296 }
wolfSSL 16:8e0d178b1d1e 10297
wolfSSL 15:117db924cf7c 10298 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10299 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 10300 else if (msgType == certificate_request) {
wolfSSL 15:117db924cf7c 10301 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 16:8e0d178b1d1e 10302 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 10303 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 16:8e0d178b1d1e 10304 #endif
wolfSSL 15:117db924cf7c 10305 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 10306 * TLSX_CERTIFICATE_AUTHORITIES, OID_FILTERS
wolfSSL 15:117db924cf7c 10307 * TLSX_STATUS_REQUEST
wolfSSL 15:117db924cf7c 10308 */
wolfSSL 15:117db924cf7c 10309 }
wolfSSL 15:117db924cf7c 10310 #endif
wolfSSL 15:117db924cf7c 10311 #endif
wolfSSL 16:8e0d178b1d1e 10312 if (ssl->extensions) {
wolfSSL 15:117db924cf7c 10313 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
wolfSSL 16:8e0d178b1d1e 10314 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10315 return ret;
wolfSSL 16:8e0d178b1d1e 10316 }
wolfSSL 16:8e0d178b1d1e 10317 if (ssl->ctx && ssl->ctx->extensions) {
wolfSSL 15:117db924cf7c 10318 ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length);
wolfSSL 16:8e0d178b1d1e 10319 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10320 return ret;
wolfSSL 16:8e0d178b1d1e 10321 }
wolfSSL 15:117db924cf7c 10322
wolfSSL 15:117db924cf7c 10323 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 10324 if (msgType == client_hello && ssl->options.haveEMS &&
wolfSSL 16:8e0d178b1d1e 10325 (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) {
wolfSSL 15:117db924cf7c 10326 length += HELLO_EXT_SZ;
wolfSSL 15:117db924cf7c 10327 }
wolfSSL 15:117db924cf7c 10328 #endif
wolfSSL 15:117db924cf7c 10329
wolfSSL 15:117db924cf7c 10330 if (length)
wolfSSL 15:117db924cf7c 10331 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 15:117db924cf7c 10332
wolfSSL 15:117db924cf7c 10333 *pLength += length;
wolfSSL 15:117db924cf7c 10334
wolfSSL 15:117db924cf7c 10335 return ret;
wolfSSL 15:117db924cf7c 10336 }
wolfSSL 15:117db924cf7c 10337
wolfSSL 15:117db924cf7c 10338 /** Writes the extensions to be sent into the client hello. */
wolfSSL 15:117db924cf7c 10339 int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 10340 {
wolfSSL 15:117db924cf7c 10341 int ret = 0;
wolfSSL 15:117db924cf7c 10342 word16 offset = 0;
wolfSSL 15:117db924cf7c 10343 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 10344
wolfSSL 15:117db924cf7c 10345 if (!TLSX_SupportExtensions(ssl) || output == NULL)
wolfSSL 15:117db924cf7c 10346 return 0;
wolfSSL 15:117db924cf7c 10347
wolfSSL 15:117db924cf7c 10348 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 15:117db924cf7c 10349
wolfSSL 15:117db924cf7c 10350 if (msgType == client_hello) {
wolfSSL 15:117db924cf7c 10351 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 10352 PF_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 15:117db924cf7c 10353 WOLF_STK_VALIDATE_REQUEST(ssl);
wolfSSL 15:117db924cf7c 10354 QSH_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 16:8e0d178b1d1e 10355 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 10356 if (ssl->suites->hashSigAlgoSz == 0)
wolfSSL 15:117db924cf7c 10357 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 16:8e0d178b1d1e 10358 #endif
wolfSSL 15:117db924cf7c 10359 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10360 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 10361 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10362 if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10363 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10364 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10365 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
wolfSSL 15:117db924cf7c 10366 #endif
wolfSSL 15:117db924cf7c 10367 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 10368 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 10369 #endif
wolfSSL 15:117db924cf7c 10370 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 10371 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 10372 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
wolfSSL 15:117db924cf7c 10373 #endif
wolfSSL 15:117db924cf7c 10374 }
wolfSSL 15:117db924cf7c 10375 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10376 /* Must write Pre-shared Key extension at the end in TLS v1.3.
wolfSSL 15:117db924cf7c 10377 * Must not write out Pre-shared Key extension in earlier versions of
wolfSSL 15:117db924cf7c 10378 * protocol.
wolfSSL 15:117db924cf7c 10379 */
wolfSSL 15:117db924cf7c 10380 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10381 #endif
wolfSSL 15:117db924cf7c 10382 #endif
wolfSSL 15:117db924cf7c 10383 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 10384 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 10385 /* mark already sent, so it won't send it */
wolfSSL 15:117db924cf7c 10386 if (!ssl->ctx->cm->ocspStaplingEnabled) {
wolfSSL 15:117db924cf7c 10387 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10388 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
wolfSSL 15:117db924cf7c 10389 }
wolfSSL 15:117db924cf7c 10390 #endif
wolfSSL 15:117db924cf7c 10391 }
wolfSSL 15:117db924cf7c 10392 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10393 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 10394 else if (msgType == certificate_request) {
wolfSSL 15:117db924cf7c 10395 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 16:8e0d178b1d1e 10396 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 10397 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
wolfSSL 16:8e0d178b1d1e 10398 #endif
wolfSSL 15:117db924cf7c 10399 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 10400 * TLSX_CERTIFICATE_AUTHORITIES, TLSX_OID_FILTERS
wolfSSL 15:117db924cf7c 10401 * TLSX_STATUS_REQUEST
wolfSSL 15:117db924cf7c 10402 */
wolfSSL 15:117db924cf7c 10403 }
wolfSSL 15:117db924cf7c 10404 #endif
wolfSSL 15:117db924cf7c 10405 #endif
wolfSSL 15:117db924cf7c 10406 if (ssl->extensions) {
wolfSSL 15:117db924cf7c 10407 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 10408 msgType, &offset);
wolfSSL 16:8e0d178b1d1e 10409 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10410 return ret;
wolfSSL 15:117db924cf7c 10411 }
wolfSSL 15:117db924cf7c 10412 if (ssl->ctx && ssl->ctx->extensions) {
wolfSSL 15:117db924cf7c 10413 ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 10414 msgType, &offset);
wolfSSL 16:8e0d178b1d1e 10415 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10416 return ret;
wolfSSL 15:117db924cf7c 10417 }
wolfSSL 15:117db924cf7c 10418
wolfSSL 15:117db924cf7c 10419 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 10420 if (msgType == client_hello && ssl->options.haveEMS &&
wolfSSL 16:8e0d178b1d1e 10421 (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) {
wolfSSL 16:8e0d178b1d1e 10422 WOLFSSL_MSG("EMS extension to write");
wolfSSL 15:117db924cf7c 10423 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 15:117db924cf7c 10424 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 10425 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 10426 offset += HELLO_EXT_SZ_SZ;
wolfSSL 15:117db924cf7c 10427 }
wolfSSL 15:117db924cf7c 10428 #endif
wolfSSL 15:117db924cf7c 10429
wolfSSL 15:117db924cf7c 10430 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10431 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10432 if (msgType == client_hello && IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10433 /* Write out what we can of Pre-shared key extension. */
wolfSSL 15:117db924cf7c 10434 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10435 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 10436 client_hello, &offset);
wolfSSL 16:8e0d178b1d1e 10437 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10438 return ret;
wolfSSL 15:117db924cf7c 10439 }
wolfSSL 15:117db924cf7c 10440 #endif
wolfSSL 15:117db924cf7c 10441 #endif
wolfSSL 15:117db924cf7c 10442
wolfSSL 15:117db924cf7c 10443 if (offset > OPAQUE16_LEN || msgType != client_hello)
wolfSSL 15:117db924cf7c 10444 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 15:117db924cf7c 10445
wolfSSL 15:117db924cf7c 10446 *pOffset += offset;
wolfSSL 15:117db924cf7c 10447
wolfSSL 15:117db924cf7c 10448 return ret;
wolfSSL 15:117db924cf7c 10449 }
wolfSSL 15:117db924cf7c 10450
wolfSSL 15:117db924cf7c 10451 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 10452
wolfSSL 15:117db924cf7c 10453 #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 10454
wolfSSL 15:117db924cf7c 10455 /** Tells the buffered size of extensions to be sent into the server hello. */
wolfSSL 15:117db924cf7c 10456 int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
wolfSSL 15:117db924cf7c 10457 {
wolfSSL 15:117db924cf7c 10458 int ret = 0;
wolfSSL 15:117db924cf7c 10459 word16 length = 0;
wolfSSL 15:117db924cf7c 10460 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 10461
wolfSSL 15:117db924cf7c 10462 switch (msgType) {
wolfSSL 15:117db924cf7c 10463 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 10464 case server_hello:
wolfSSL 15:117db924cf7c 10465 PF_VALIDATE_RESPONSE(ssl, semaphore);
wolfSSL 15:117db924cf7c 10466 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10467 if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10468 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10469 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 10470 TURN_OFF(semaphore,
wolfSSL 15:117db924cf7c 10471 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10472 #endif
wolfSSL 15:117db924cf7c 10473 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 10474 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10475 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10476 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10477 #endif
wolfSSL 15:117db924cf7c 10478 }
wolfSSL 15:117db924cf7c 10479 else {
wolfSSL 15:117db924cf7c 10480 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10481 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10482 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10483 #endif
wolfSSL 15:117db924cf7c 10484 }
wolfSSL 15:117db924cf7c 10485 #endif
wolfSSL 15:117db924cf7c 10486 break;
wolfSSL 15:117db924cf7c 10487
wolfSSL 15:117db924cf7c 10488 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10489 case hello_retry_request:
wolfSSL 15:117db924cf7c 10490 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10491 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 10492 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10493 #endif
wolfSSL 15:117db924cf7c 10494 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 10495 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10496 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 10497 break;
wolfSSL 15:117db924cf7c 10498 #endif
wolfSSL 15:117db924cf7c 10499
wolfSSL 15:117db924cf7c 10500 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10501 case encrypted_extensions:
wolfSSL 15:117db924cf7c 10502 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 10503 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10504 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
wolfSSL 15:117db924cf7c 10505 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10506 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10507 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10508 #endif
wolfSSL 15:117db924cf7c 10509 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 10510 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10511 #endif
wolfSSL 16:8e0d178b1d1e 10512 #if defined(HAVE_SECURE_RENEGOTIATION)
wolfSSL 16:8e0d178b1d1e 10513 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
wolfSSL 16:8e0d178b1d1e 10514 #endif
wolfSSL 15:117db924cf7c 10515 break;
wolfSSL 15:117db924cf7c 10516
wolfSSL 15:117db924cf7c 10517 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 10518 case session_ticket:
wolfSSL 15:117db924cf7c 10519 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 10520 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10521 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 10522 }
wolfSSL 15:117db924cf7c 10523 break;
wolfSSL 15:117db924cf7c 10524 #endif
wolfSSL 15:117db924cf7c 10525 #endif
wolfSSL 15:117db924cf7c 10526 #endif
wolfSSL 15:117db924cf7c 10527
wolfSSL 15:117db924cf7c 10528 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10529 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 10530 case certificate:
wolfSSL 15:117db924cf7c 10531 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10532 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10533 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 10534 * TLSX_SERVER_CERTIFICATE_TYPE
wolfSSL 15:117db924cf7c 10535 */
wolfSSL 15:117db924cf7c 10536 break;
wolfSSL 15:117db924cf7c 10537 #endif
wolfSSL 15:117db924cf7c 10538 #endif
wolfSSL 15:117db924cf7c 10539 }
wolfSSL 15:117db924cf7c 10540
wolfSSL 15:117db924cf7c 10541 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 10542 /* change response if not using TLS_QSH */
wolfSSL 15:117db924cf7c 10543 if (!ssl->options.haveQSH) {
wolfSSL 15:117db924cf7c 10544 TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID);
wolfSSL 15:117db924cf7c 10545 if (ext)
wolfSSL 15:117db924cf7c 10546 ext->resp = 0;
wolfSSL 15:117db924cf7c 10547 }
wolfSSL 15:117db924cf7c 10548 #endif
wolfSSL 15:117db924cf7c 10549
wolfSSL 15:117db924cf7c 10550 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 16:8e0d178b1d1e 10551 if (ssl->options.haveEMS && msgType == server_hello &&
wolfSSL 16:8e0d178b1d1e 10552 !IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10553 length += HELLO_EXT_SZ;
wolfSSL 16:8e0d178b1d1e 10554 }
wolfSSL 16:8e0d178b1d1e 10555 #endif
wolfSSL 16:8e0d178b1d1e 10556
wolfSSL 16:8e0d178b1d1e 10557 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 15:117db924cf7c 10558 ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length);
wolfSSL 16:8e0d178b1d1e 10559 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10560 return ret;
wolfSSL 16:8e0d178b1d1e 10561 }
wolfSSL 15:117db924cf7c 10562
wolfSSL 15:117db924cf7c 10563 /* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL 15:117db924cf7c 10564
wolfSSL 15:117db924cf7c 10565 if (length || msgType != server_hello)
wolfSSL 15:117db924cf7c 10566 length += OPAQUE16_LEN; /* for total length storage. */
wolfSSL 15:117db924cf7c 10567
wolfSSL 15:117db924cf7c 10568 *pLength += length;
wolfSSL 15:117db924cf7c 10569
wolfSSL 15:117db924cf7c 10570 return ret;
wolfSSL 15:117db924cf7c 10571 }
wolfSSL 15:117db924cf7c 10572
wolfSSL 15:117db924cf7c 10573 /** Writes the server hello extensions into a buffer. */
wolfSSL 15:117db924cf7c 10574 int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset)
wolfSSL 15:117db924cf7c 10575 {
wolfSSL 15:117db924cf7c 10576 int ret = 0;
wolfSSL 15:117db924cf7c 10577 word16 offset = 0;
wolfSSL 15:117db924cf7c 10578
wolfSSL 15:117db924cf7c 10579 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 15:117db924cf7c 10580 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 15:117db924cf7c 10581
wolfSSL 15:117db924cf7c 10582 switch (msgType) {
wolfSSL 15:117db924cf7c 10583 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 10584 case server_hello:
wolfSSL 15:117db924cf7c 10585 PF_VALIDATE_RESPONSE(ssl, semaphore);
wolfSSL 15:117db924cf7c 10586 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10587 if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 15:117db924cf7c 10588 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10589 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 10590 TURN_OFF(semaphore,
wolfSSL 15:117db924cf7c 10591 TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10592 #endif
wolfSSL 15:117db924cf7c 10593 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 10594 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10595 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10596 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10597 #endif
wolfSSL 15:117db924cf7c 10598 }
wolfSSL 15:117db924cf7c 10599 else {
wolfSSL 15:117db924cf7c 10600 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10601 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10602 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10603 #endif
wolfSSL 15:117db924cf7c 10604 }
wolfSSL 15:117db924cf7c 10605 #endif
wolfSSL 15:117db924cf7c 10606 break;
wolfSSL 15:117db924cf7c 10607
wolfSSL 15:117db924cf7c 10608 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10609 case hello_retry_request:
wolfSSL 15:117db924cf7c 10610 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10611 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 10612 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10613 #endif
wolfSSL 15:117db924cf7c 10614 if (!ssl->options.noPskDheKe)
wolfSSL 15:117db924cf7c 10615 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10616 /* Cookie is written below as last extension. */
wolfSSL 15:117db924cf7c 10617 break;
wolfSSL 15:117db924cf7c 10618 #endif
wolfSSL 15:117db924cf7c 10619
wolfSSL 15:117db924cf7c 10620 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10621 case encrypted_extensions:
wolfSSL 15:117db924cf7c 10622 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
wolfSSL 15:117db924cf7c 10623 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
wolfSSL 15:117db924cf7c 10624 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
wolfSSL 15:117db924cf7c 10625 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
wolfSSL 15:117db924cf7c 10626 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 10627 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
wolfSSL 15:117db924cf7c 10628 #endif
wolfSSL 15:117db924cf7c 10629 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 10630 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10631 #endif
wolfSSL 16:8e0d178b1d1e 10632 #if defined(HAVE_SECURE_RENEGOTIATION)
wolfSSL 16:8e0d178b1d1e 10633 TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
wolfSSL 16:8e0d178b1d1e 10634 #endif
wolfSSL 15:117db924cf7c 10635 break;
wolfSSL 15:117db924cf7c 10636
wolfSSL 15:117db924cf7c 10637 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 10638 case session_ticket:
wolfSSL 15:117db924cf7c 10639 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 10640 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10641 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA));
wolfSSL 15:117db924cf7c 10642 }
wolfSSL 15:117db924cf7c 10643 break;
wolfSSL 15:117db924cf7c 10644 #endif
wolfSSL 15:117db924cf7c 10645 #endif
wolfSSL 15:117db924cf7c 10646 #endif
wolfSSL 15:117db924cf7c 10647
wolfSSL 15:117db924cf7c 10648 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10649 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 10650 case certificate:
wolfSSL 15:117db924cf7c 10651 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10652 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
wolfSSL 15:117db924cf7c 10653 /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP,
wolfSSL 15:117db924cf7c 10654 * TLSX_SERVER_CERTIFICATE_TYPE
wolfSSL 15:117db924cf7c 10655 */
wolfSSL 15:117db924cf7c 10656 break;
wolfSSL 15:117db924cf7c 10657 #endif
wolfSSL 15:117db924cf7c 10658 #endif
wolfSSL 15:117db924cf7c 10659 }
wolfSSL 15:117db924cf7c 10660
wolfSSL 15:117db924cf7c 10661 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 15:117db924cf7c 10662
wolfSSL 15:117db924cf7c 10663 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 10664 msgType, &offset);
wolfSSL 16:8e0d178b1d1e 10665 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10666 return ret;
wolfSSL 15:117db924cf7c 10667
wolfSSL 15:117db924cf7c 10668 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10669 if (msgType == hello_retry_request) {
wolfSSL 15:117db924cf7c 10670 XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
wolfSSL 15:117db924cf7c 10671 TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
wolfSSL 15:117db924cf7c 10672 ret = TLSX_Write(ssl->extensions, output + offset, semaphore,
wolfSSL 15:117db924cf7c 10673 msgType, &offset);
wolfSSL 16:8e0d178b1d1e 10674 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 10675 return ret;
wolfSSL 15:117db924cf7c 10676 }
wolfSSL 15:117db924cf7c 10677 #endif
wolfSSL 15:117db924cf7c 10678
wolfSSL 15:117db924cf7c 10679 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 16:8e0d178b1d1e 10680 if (ssl->options.haveEMS && msgType == server_hello &&
wolfSSL 16:8e0d178b1d1e 10681 !IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 16:8e0d178b1d1e 10682 WOLFSSL_MSG("EMS extension to write");
wolfSSL 15:117db924cf7c 10683 c16toa(HELLO_EXT_EXTMS, output + offset);
wolfSSL 15:117db924cf7c 10684 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 10685 c16toa(0, output + offset);
wolfSSL 15:117db924cf7c 10686 offset += HELLO_EXT_SZ_SZ;
wolfSSL 15:117db924cf7c 10687 }
wolfSSL 15:117db924cf7c 10688 #endif
wolfSSL 15:117db924cf7c 10689
wolfSSL 15:117db924cf7c 10690 if (offset > OPAQUE16_LEN || msgType != server_hello)
wolfSSL 15:117db924cf7c 10691 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 15:117db924cf7c 10692 }
wolfSSL 15:117db924cf7c 10693
wolfSSL 15:117db924cf7c 10694 if (pOffset)
wolfSSL 15:117db924cf7c 10695 *pOffset += offset;
wolfSSL 15:117db924cf7c 10696
wolfSSL 15:117db924cf7c 10697 return ret;
wolfSSL 15:117db924cf7c 10698 }
wolfSSL 15:117db924cf7c 10699
wolfSSL 15:117db924cf7c 10700 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 10701
wolfSSL 16:8e0d178b1d1e 10702 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10703 int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
wolfSSL 16:8e0d178b1d1e 10704 int* found)
wolfSSL 16:8e0d178b1d1e 10705 {
wolfSSL 16:8e0d178b1d1e 10706 int ret = 0;
wolfSSL 16:8e0d178b1d1e 10707 int offset = 0;
wolfSSL 16:8e0d178b1d1e 10708
wolfSSL 16:8e0d178b1d1e 10709 *found = 0;
wolfSSL 16:8e0d178b1d1e 10710 while (offset < (int)length) {
wolfSSL 16:8e0d178b1d1e 10711 word16 type;
wolfSSL 16:8e0d178b1d1e 10712 word16 size;
wolfSSL 16:8e0d178b1d1e 10713
wolfSSL 16:8e0d178b1d1e 10714 if (offset + (2 * OPAQUE16_LEN) > length) {
wolfSSL 16:8e0d178b1d1e 10715 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 10716 break;
wolfSSL 16:8e0d178b1d1e 10717 }
wolfSSL 16:8e0d178b1d1e 10718
wolfSSL 16:8e0d178b1d1e 10719 ato16(input + offset, &type);
wolfSSL 16:8e0d178b1d1e 10720 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 16:8e0d178b1d1e 10721
wolfSSL 16:8e0d178b1d1e 10722 ato16(input + offset, &size);
wolfSSL 16:8e0d178b1d1e 10723 offset += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 10724
wolfSSL 16:8e0d178b1d1e 10725 if (offset + size > length) {
wolfSSL 16:8e0d178b1d1e 10726 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 10727 break;
wolfSSL 16:8e0d178b1d1e 10728 }
wolfSSL 16:8e0d178b1d1e 10729
wolfSSL 16:8e0d178b1d1e 10730 if (type == TLSX_SUPPORTED_VERSIONS) {
wolfSSL 16:8e0d178b1d1e 10731 *found = 1;
wolfSSL 16:8e0d178b1d1e 10732
wolfSSL 16:8e0d178b1d1e 10733 WOLFSSL_MSG("Supported Versions extension received");
wolfSSL 16:8e0d178b1d1e 10734
wolfSSL 16:8e0d178b1d1e 10735 ret = SV_PARSE(ssl, input + offset, size, msgType);
wolfSSL 16:8e0d178b1d1e 10736 break;
wolfSSL 16:8e0d178b1d1e 10737 }
wolfSSL 16:8e0d178b1d1e 10738
wolfSSL 16:8e0d178b1d1e 10739 offset += size;
wolfSSL 16:8e0d178b1d1e 10740 }
wolfSSL 16:8e0d178b1d1e 10741
wolfSSL 16:8e0d178b1d1e 10742 return ret;
wolfSSL 16:8e0d178b1d1e 10743 }
wolfSSL 16:8e0d178b1d1e 10744 #endif
wolfSSL 16:8e0d178b1d1e 10745
wolfSSL 15:117db924cf7c 10746 /** Parses a buffer of TLS extensions. */
wolfSSL 15:117db924cf7c 10747 int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
wolfSSL 15:117db924cf7c 10748 Suites *suites)
wolfSSL 15:117db924cf7c 10749 {
wolfSSL 15:117db924cf7c 10750 int ret = 0;
wolfSSL 15:117db924cf7c 10751 word16 offset = 0;
wolfSSL 15:117db924cf7c 10752 byte isRequest = (msgType == client_hello ||
wolfSSL 15:117db924cf7c 10753 msgType == certificate_request);
wolfSSL 15:117db924cf7c 10754
wolfSSL 15:117db924cf7c 10755 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 10756 byte pendingEMS = 0;
wolfSSL 15:117db924cf7c 10757 #endif
wolfSSL 15:117db924cf7c 10758 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 10759 int pskDone = 0;
wolfSSL 15:117db924cf7c 10760 #endif
wolfSSL 15:117db924cf7c 10761
wolfSSL 15:117db924cf7c 10762 if (!ssl || !input || (isRequest && !suites))
wolfSSL 15:117db924cf7c 10763 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10764
wolfSSL 15:117db924cf7c 10765 while (ret == 0 && offset < length) {
wolfSSL 15:117db924cf7c 10766 word16 type;
wolfSSL 15:117db924cf7c 10767 word16 size;
wolfSSL 15:117db924cf7c 10768
wolfSSL 15:117db924cf7c 10769 #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
wolfSSL 15:117db924cf7c 10770 if (msgType == client_hello && pskDone)
wolfSSL 15:117db924cf7c 10771 return PSK_KEY_ERROR;
wolfSSL 15:117db924cf7c 10772 #endif
wolfSSL 15:117db924cf7c 10773
wolfSSL 15:117db924cf7c 10774 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL 15:117db924cf7c 10775 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 10776
wolfSSL 15:117db924cf7c 10777 ato16(input + offset, &type);
wolfSSL 15:117db924cf7c 10778 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 15:117db924cf7c 10779
wolfSSL 15:117db924cf7c 10780 ato16(input + offset, &size);
wolfSSL 15:117db924cf7c 10781 offset += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 10782
wolfSSL 15:117db924cf7c 10783 if (offset + size > length)
wolfSSL 15:117db924cf7c 10784 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 10785
wolfSSL 15:117db924cf7c 10786 switch (type) {
wolfSSL 15:117db924cf7c 10787 case TLSX_SERVER_NAME:
wolfSSL 15:117db924cf7c 10788 WOLFSSL_MSG("SNI extension received");
wolfSSL 16:8e0d178b1d1e 10789 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10790 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10791 #endif
wolfSSL 16:8e0d178b1d1e 10792
wolfSSL 16:8e0d178b1d1e 10793 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10794 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 10795 msgType != client_hello &&
wolfSSL 16:8e0d178b1d1e 10796 msgType != server_hello &&
wolfSSL 16:8e0d178b1d1e 10797 msgType != encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 10798 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 10799 }
wolfSSL 16:8e0d178b1d1e 10800 else if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 10801 msgType == encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 10802 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 10803 }
wolfSSL 16:8e0d178b1d1e 10804 #endif
wolfSSL 16:8e0d178b1d1e 10805 ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 16:8e0d178b1d1e 10806 break;
wolfSSL 16:8e0d178b1d1e 10807
wolfSSL 16:8e0d178b1d1e 10808 case TLSX_TRUSTED_CA_KEYS:
wolfSSL 16:8e0d178b1d1e 10809 WOLFSSL_MSG("Trusted CA extension received");
wolfSSL 16:8e0d178b1d1e 10810 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10811 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10812 #endif
wolfSSL 15:117db924cf7c 10813
wolfSSL 15:117db924cf7c 10814 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10815 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10816 msgType != client_hello &&
wolfSSL 15:117db924cf7c 10817 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 10818 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10819 }
wolfSSL 15:117db924cf7c 10820 #endif
wolfSSL 16:8e0d178b1d1e 10821 ret = TCA_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10822 break;
wolfSSL 15:117db924cf7c 10823
wolfSSL 15:117db924cf7c 10824 case TLSX_MAX_FRAGMENT_LENGTH:
wolfSSL 15:117db924cf7c 10825 WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL 16:8e0d178b1d1e 10826 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10827 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10828 #endif
wolfSSL 15:117db924cf7c 10829
wolfSSL 15:117db924cf7c 10830 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10831 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10832 msgType != client_hello &&
wolfSSL 15:117db924cf7c 10833 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 10834 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10835 }
wolfSSL 16:8e0d178b1d1e 10836 else if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 10837 msgType == encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 10838 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 10839 }
wolfSSL 15:117db924cf7c 10840 #endif
wolfSSL 15:117db924cf7c 10841 ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10842 break;
wolfSSL 15:117db924cf7c 10843
wolfSSL 15:117db924cf7c 10844 case TLSX_TRUNCATED_HMAC:
wolfSSL 15:117db924cf7c 10845 WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL 16:8e0d178b1d1e 10846 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10847 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10848 #endif
wolfSSL 15:117db924cf7c 10849
wolfSSL 15:117db924cf7c 10850 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10851 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 10852 break;
wolfSSL 15:117db924cf7c 10853 #endif
wolfSSL 15:117db924cf7c 10854 ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10855 break;
wolfSSL 15:117db924cf7c 10856
wolfSSL 15:117db924cf7c 10857 case TLSX_SUPPORTED_GROUPS:
wolfSSL 15:117db924cf7c 10858 WOLFSSL_MSG("Supported Groups extension received");
wolfSSL 16:8e0d178b1d1e 10859 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10860 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10861 #endif
wolfSSL 15:117db924cf7c 10862
wolfSSL 15:117db924cf7c 10863 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10864 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10865 msgType != client_hello &&
wolfSSL 16:8e0d178b1d1e 10866 msgType != server_hello &&
wolfSSL 15:117db924cf7c 10867 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 10868 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10869 }
wolfSSL 16:8e0d178b1d1e 10870 else if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 10871 msgType == encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 10872 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 10873 }
wolfSSL 15:117db924cf7c 10874 #endif
wolfSSL 15:117db924cf7c 10875 ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10876 break;
wolfSSL 15:117db924cf7c 10877
wolfSSL 15:117db924cf7c 10878 case TLSX_EC_POINT_FORMATS:
wolfSSL 15:117db924cf7c 10879 WOLFSSL_MSG("Point Formats extension received");
wolfSSL 16:8e0d178b1d1e 10880 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10881 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10882 #endif
wolfSSL 15:117db924cf7c 10883
wolfSSL 15:117db924cf7c 10884 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10885 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 10886 break;
wolfSSL 15:117db924cf7c 10887 #endif
wolfSSL 15:117db924cf7c 10888 ret = PF_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10889 break;
wolfSSL 15:117db924cf7c 10890
wolfSSL 15:117db924cf7c 10891 case TLSX_STATUS_REQUEST:
wolfSSL 15:117db924cf7c 10892 WOLFSSL_MSG("Certificate Status Request extension received");
wolfSSL 16:8e0d178b1d1e 10893 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10894 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10895 #endif
wolfSSL 16:8e0d178b1d1e 10896
wolfSSL 16:8e0d178b1d1e 10897 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10898 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 10899 msgType != client_hello &&
wolfSSL 16:8e0d178b1d1e 10900 msgType != certificate_request &&
wolfSSL 16:8e0d178b1d1e 10901 msgType != certificate) {
wolfSSL 16:8e0d178b1d1e 10902 break;
wolfSSL 16:8e0d178b1d1e 10903 }
wolfSSL 16:8e0d178b1d1e 10904 #endif
wolfSSL 15:117db924cf7c 10905 ret = CSR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10906 break;
wolfSSL 15:117db924cf7c 10907
wolfSSL 15:117db924cf7c 10908 case TLSX_STATUS_REQUEST_V2:
wolfSSL 15:117db924cf7c 10909 WOLFSSL_MSG("Certificate Status Request v2 extension received");
wolfSSL 16:8e0d178b1d1e 10910 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10911 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10912 #endif
wolfSSL 15:117db924cf7c 10913
wolfSSL 15:117db924cf7c 10914 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10915 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10916 msgType != client_hello &&
wolfSSL 15:117db924cf7c 10917 msgType != certificate_request &&
wolfSSL 15:117db924cf7c 10918 msgType != certificate) {
wolfSSL 15:117db924cf7c 10919 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10920 }
wolfSSL 15:117db924cf7c 10921 #endif
wolfSSL 15:117db924cf7c 10922 ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10923 break;
wolfSSL 15:117db924cf7c 10924
wolfSSL 15:117db924cf7c 10925 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 10926 case HELLO_EXT_EXTMS:
wolfSSL 15:117db924cf7c 10927 WOLFSSL_MSG("Extended Master Secret extension received");
wolfSSL 16:8e0d178b1d1e 10928 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10929 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10930 #endif
wolfSSL 15:117db924cf7c 10931
wolfSSL 15:117db924cf7c 10932 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10933 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 10934 break;
wolfSSL 15:117db924cf7c 10935 #endif
wolfSSL 16:8e0d178b1d1e 10936 if (size != 0)
wolfSSL 16:8e0d178b1d1e 10937 return BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 10938
wolfSSL 15:117db924cf7c 10939 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 10940 if (isRequest)
wolfSSL 15:117db924cf7c 10941 ssl->options.haveEMS = 1;
wolfSSL 15:117db924cf7c 10942 #endif
wolfSSL 15:117db924cf7c 10943 pendingEMS = 1;
wolfSSL 15:117db924cf7c 10944 break;
wolfSSL 15:117db924cf7c 10945 #endif
wolfSSL 15:117db924cf7c 10946
wolfSSL 15:117db924cf7c 10947 case TLSX_RENEGOTIATION_INFO:
wolfSSL 15:117db924cf7c 10948 WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL 16:8e0d178b1d1e 10949 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10950 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10951 #endif
wolfSSL 15:117db924cf7c 10952
wolfSSL 15:117db924cf7c 10953 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10954 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 10955 break;
wolfSSL 15:117db924cf7c 10956 #endif
wolfSSL 15:117db924cf7c 10957 ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10958 break;
wolfSSL 15:117db924cf7c 10959
wolfSSL 15:117db924cf7c 10960 case TLSX_SESSION_TICKET:
wolfSSL 15:117db924cf7c 10961 WOLFSSL_MSG("Session Ticket extension received");
wolfSSL 16:8e0d178b1d1e 10962 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10963 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10964 #endif
wolfSSL 15:117db924cf7c 10965
wolfSSL 15:117db924cf7c 10966 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10967 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10968 msgType != client_hello) {
wolfSSL 15:117db924cf7c 10969 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 10970 }
wolfSSL 15:117db924cf7c 10971 #endif
wolfSSL 15:117db924cf7c 10972 ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10973 break;
wolfSSL 15:117db924cf7c 10974
wolfSSL 15:117db924cf7c 10975 case TLSX_QUANTUM_SAFE_HYBRID:
wolfSSL 15:117db924cf7c 10976 WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
wolfSSL 16:8e0d178b1d1e 10977 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10978 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10979 #endif
wolfSSL 15:117db924cf7c 10980
wolfSSL 15:117db924cf7c 10981 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 10982 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 10983 break;
wolfSSL 15:117db924cf7c 10984 #endif
wolfSSL 15:117db924cf7c 10985 ret = QSH_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 10986 break;
wolfSSL 15:117db924cf7c 10987
wolfSSL 15:117db924cf7c 10988 case TLSX_APPLICATION_LAYER_PROTOCOL:
wolfSSL 15:117db924cf7c 10989 WOLFSSL_MSG("ALPN extension received");
wolfSSL 15:117db924cf7c 10990
wolfSSL 16:8e0d178b1d1e 10991 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 10992 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 10993 #endif
wolfSSL 16:8e0d178b1d1e 10994
wolfSSL 15:117db924cf7c 10995 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 10996 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 10997 msgType != client_hello &&
wolfSSL 16:8e0d178b1d1e 10998 msgType != server_hello &&
wolfSSL 15:117db924cf7c 10999 msgType != encrypted_extensions) {
wolfSSL 15:117db924cf7c 11000 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11001 }
wolfSSL 16:8e0d178b1d1e 11002 else if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 11003 msgType == encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 11004 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11005 }
wolfSSL 15:117db924cf7c 11006 #endif
wolfSSL 15:117db924cf7c 11007 ret = ALPN_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 11008 break;
wolfSSL 16:8e0d178b1d1e 11009 #if !defined(WOLFSSL_NO_SIGALG)
wolfSSL 15:117db924cf7c 11010 case TLSX_SIGNATURE_ALGORITHMS:
wolfSSL 15:117db924cf7c 11011 WOLFSSL_MSG("Signature Algorithms extension received");
wolfSSL 16:8e0d178b1d1e 11012 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11013 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11014 #endif
wolfSSL 15:117db924cf7c 11015
wolfSSL 15:117db924cf7c 11016 if (!IsAtLeastTLSv1_2(ssl))
wolfSSL 15:117db924cf7c 11017 break;
wolfSSL 15:117db924cf7c 11018 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11019 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 15:117db924cf7c 11020 msgType != client_hello &&
wolfSSL 15:117db924cf7c 11021 msgType != certificate_request) {
wolfSSL 15:117db924cf7c 11022 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11023 }
wolfSSL 15:117db924cf7c 11024 #endif
wolfSSL 15:117db924cf7c 11025 ret = SA_PARSE(ssl, input + offset, size, isRequest, suites);
wolfSSL 15:117db924cf7c 11026 break;
wolfSSL 16:8e0d178b1d1e 11027 #endif
wolfSSL 16:8e0d178b1d1e 11028
wolfSSL 16:8e0d178b1d1e 11029 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 11030 case TLSX_ENCRYPT_THEN_MAC:
wolfSSL 16:8e0d178b1d1e 11031 WOLFSSL_MSG("Encrypt-Then-Mac extension received");
wolfSSL 16:8e0d178b1d1e 11032
wolfSSL 16:8e0d178b1d1e 11033 /* Ignore for TLS 1.3+ */
wolfSSL 16:8e0d178b1d1e 11034 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 16:8e0d178b1d1e 11035 break;
wolfSSL 16:8e0d178b1d1e 11036
wolfSSL 16:8e0d178b1d1e 11037 ret = ETM_PARSE(ssl, input + offset, size, msgType);
wolfSSL 16:8e0d178b1d1e 11038 break;
wolfSSL 16:8e0d178b1d1e 11039 #endif /* HAVE_ENCRYPT_THEN_MAC */
wolfSSL 15:117db924cf7c 11040
wolfSSL 15:117db924cf7c 11041 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11042 case TLSX_SUPPORTED_VERSIONS:
wolfSSL 16:8e0d178b1d1e 11043 WOLFSSL_MSG("Skipping Supported Versions - already processed");
wolfSSL 16:8e0d178b1d1e 11044 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11045 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11046 #endif
wolfSSL 16:8e0d178b1d1e 11047
wolfSSL 15:117db924cf7c 11048 break;
wolfSSL 15:117db924cf7c 11049
wolfSSL 15:117db924cf7c 11050 case TLSX_COOKIE:
wolfSSL 15:117db924cf7c 11051 WOLFSSL_MSG("Cookie extension received");
wolfSSL 16:8e0d178b1d1e 11052 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11053 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11054 #endif
wolfSSL 15:117db924cf7c 11055
wolfSSL 15:117db924cf7c 11056 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11057 break;
wolfSSL 15:117db924cf7c 11058
wolfSSL 16:8e0d178b1d1e 11059 if (msgType != client_hello &&
wolfSSL 15:117db924cf7c 11060 msgType != hello_retry_request) {
wolfSSL 15:117db924cf7c 11061 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11062 }
wolfSSL 16:8e0d178b1d1e 11063
wolfSSL 15:117db924cf7c 11064 ret = CKE_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11065 break;
wolfSSL 15:117db924cf7c 11066
wolfSSL 15:117db924cf7c 11067 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 15:117db924cf7c 11068 case TLSX_PRE_SHARED_KEY:
wolfSSL 15:117db924cf7c 11069 WOLFSSL_MSG("Pre-Shared Key extension received");
wolfSSL 16:8e0d178b1d1e 11070 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11071 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11072 #endif
wolfSSL 16:8e0d178b1d1e 11073
wolfSSL 16:8e0d178b1d1e 11074 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11075 break;
wolfSSL 15:117db924cf7c 11076
wolfSSL 16:8e0d178b1d1e 11077 if (msgType != client_hello && msgType != server_hello)
wolfSSL 15:117db924cf7c 11078 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11079
wolfSSL 15:117db924cf7c 11080 ret = PSK_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11081 pskDone = 1;
wolfSSL 15:117db924cf7c 11082 break;
wolfSSL 15:117db924cf7c 11083
wolfSSL 15:117db924cf7c 11084 case TLSX_PSK_KEY_EXCHANGE_MODES:
wolfSSL 15:117db924cf7c 11085 WOLFSSL_MSG("PSK Key Exchange Modes extension received");
wolfSSL 16:8e0d178b1d1e 11086 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11087 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11088 #endif
wolfSSL 15:117db924cf7c 11089
wolfSSL 15:117db924cf7c 11090 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11091 break;
wolfSSL 15:117db924cf7c 11092
wolfSSL 16:8e0d178b1d1e 11093 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 11094 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11095
wolfSSL 15:117db924cf7c 11096 ret = PKM_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11097 break;
wolfSSL 15:117db924cf7c 11098 #endif
wolfSSL 15:117db924cf7c 11099
wolfSSL 15:117db924cf7c 11100 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 11101 case TLSX_EARLY_DATA:
wolfSSL 15:117db924cf7c 11102 WOLFSSL_MSG("Early Data extension received");
wolfSSL 16:8e0d178b1d1e 11103 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11104 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11105 #endif
wolfSSL 15:117db924cf7c 11106
wolfSSL 15:117db924cf7c 11107 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11108 break;
wolfSSL 15:117db924cf7c 11109
wolfSSL 16:8e0d178b1d1e 11110 if (msgType != client_hello && msgType != session_ticket &&
wolfSSL 16:8e0d178b1d1e 11111 msgType != encrypted_extensions) {
wolfSSL 16:8e0d178b1d1e 11112 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11113 }
wolfSSL 16:8e0d178b1d1e 11114 if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 11115 (msgType == session_ticket ||
wolfSSL 16:8e0d178b1d1e 11116 msgType == encrypted_extensions)) {
wolfSSL 15:117db924cf7c 11117 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11118 }
wolfSSL 15:117db924cf7c 11119 ret = EDI_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11120 break;
wolfSSL 15:117db924cf7c 11121 #endif
wolfSSL 15:117db924cf7c 11122
wolfSSL 15:117db924cf7c 11123 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 15:117db924cf7c 11124 case TLSX_POST_HANDSHAKE_AUTH:
wolfSSL 15:117db924cf7c 11125 WOLFSSL_MSG("Post Handshake Authentication extension received");
wolfSSL 16:8e0d178b1d1e 11126 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11127 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11128 #endif
wolfSSL 15:117db924cf7c 11129
wolfSSL 15:117db924cf7c 11130 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11131 break;
wolfSSL 15:117db924cf7c 11132
wolfSSL 16:8e0d178b1d1e 11133 if (msgType != client_hello)
wolfSSL 15:117db924cf7c 11134 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11135
wolfSSL 15:117db924cf7c 11136 ret = PHA_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11137 break;
wolfSSL 15:117db924cf7c 11138 #endif
wolfSSL 15:117db924cf7c 11139
wolfSSL 15:117db924cf7c 11140 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 11141 case TLSX_SIGNATURE_ALGORITHMS_CERT:
wolfSSL 15:117db924cf7c 11142 WOLFSSL_MSG("Signature Algorithms extension received");
wolfSSL 16:8e0d178b1d1e 11143 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11144 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11145 #endif
wolfSSL 15:117db924cf7c 11146
wolfSSL 15:117db924cf7c 11147 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11148 break;
wolfSSL 15:117db924cf7c 11149
wolfSSL 16:8e0d178b1d1e 11150 if (msgType != client_hello &&
wolfSSL 15:117db924cf7c 11151 msgType != certificate_request) {
wolfSSL 15:117db924cf7c 11152 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11153 }
wolfSSL 16:8e0d178b1d1e 11154 if (!IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 16:8e0d178b1d1e 11155 msgType == certificate_request) {
wolfSSL 16:8e0d178b1d1e 11156 return EXT_NOT_ALLOWED;
wolfSSL 16:8e0d178b1d1e 11157 }
wolfSSL 15:117db924cf7c 11158
wolfSSL 15:117db924cf7c 11159 ret = SAC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 15:117db924cf7c 11160 break;
wolfSSL 15:117db924cf7c 11161 #endif
wolfSSL 15:117db924cf7c 11162
wolfSSL 15:117db924cf7c 11163 case TLSX_KEY_SHARE:
wolfSSL 15:117db924cf7c 11164 WOLFSSL_MSG("Key Share extension received");
wolfSSL 16:8e0d178b1d1e 11165 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 16:8e0d178b1d1e 11166 WOLFSSL_BUFFER(input + offset, size);
wolfSSL 16:8e0d178b1d1e 11167 #endif
wolfSSL 16:8e0d178b1d1e 11168
wolfSSL 16:8e0d178b1d1e 11169 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 11170 break;
wolfSSL 15:117db924cf7c 11171
wolfSSL 16:8e0d178b1d1e 11172 if (msgType != client_hello && msgType != server_hello &&
wolfSSL 15:117db924cf7c 11173 msgType != hello_retry_request) {
wolfSSL 15:117db924cf7c 11174 return EXT_NOT_ALLOWED;
wolfSSL 15:117db924cf7c 11175 }
wolfSSL 15:117db924cf7c 11176 ret = KS_PARSE(ssl, input + offset, size, msgType);
wolfSSL 15:117db924cf7c 11177 break;
wolfSSL 15:117db924cf7c 11178 #endif
wolfSSL 16:8e0d178b1d1e 11179 default:
wolfSSL 16:8e0d178b1d1e 11180 WOLFSSL_MSG("Unknown TLS extension type");
wolfSSL 15:117db924cf7c 11181 }
wolfSSL 15:117db924cf7c 11182
wolfSSL 15:117db924cf7c 11183 /* offset should be updated here! */
wolfSSL 15:117db924cf7c 11184 offset += size;
wolfSSL 15:117db924cf7c 11185 }
wolfSSL 15:117db924cf7c 11186
wolfSSL 15:117db924cf7c 11187 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 11188 if (!isRequest && ssl->options.haveEMS && !pendingEMS)
wolfSSL 15:117db924cf7c 11189 ssl->options.haveEMS = 0;
wolfSSL 15:117db924cf7c 11190 #endif
wolfSSL 15:117db924cf7c 11191
wolfSSL 15:117db924cf7c 11192 if (ret == 0)
wolfSSL 15:117db924cf7c 11193 ret = SNI_VERIFY_PARSE(ssl, isRequest);
wolfSSL 16:8e0d178b1d1e 11194 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 11195 ret = TCA_VERIFY_PARSE(ssl, isRequest);
wolfSSL 15:117db924cf7c 11196
wolfSSL 15:117db924cf7c 11197 return ret;
wolfSSL 15:117db924cf7c 11198 }
wolfSSL 15:117db924cf7c 11199
wolfSSL 15:117db924cf7c 11200 /* undefining semaphore macros */
wolfSSL 15:117db924cf7c 11201 #undef IS_OFF
wolfSSL 15:117db924cf7c 11202 #undef TURN_ON
wolfSSL 15:117db924cf7c 11203 #undef SEMAPHORE_SIZE
wolfSSL 15:117db924cf7c 11204
wolfSSL 15:117db924cf7c 11205 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 15:117db924cf7c 11206
wolfSSL 15:117db924cf7c 11207 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 11208
wolfSSL 16:8e0d178b1d1e 11209 WOLFSSL_METHOD* wolfTLS_client_method(void)
wolfSSL 16:8e0d178b1d1e 11210 {
wolfSSL 16:8e0d178b1d1e 11211 return wolfTLS_client_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11212 }
wolfSSL 16:8e0d178b1d1e 11213 WOLFSSL_METHOD* wolfTLS_client_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11214 {
wolfSSL 16:8e0d178b1d1e 11215 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11216 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11217 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11218 (void)heap;
wolfSSL 16:8e0d178b1d1e 11219 WOLFSSL_ENTER("TLS_client_method_ex");
wolfSSL 16:8e0d178b1d1e 11220 if (method) {
wolfSSL 16:8e0d178b1d1e 11221 #if defined(WOLFSSL_TLS13)
wolfSSL 16:8e0d178b1d1e 11222 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 16:8e0d178b1d1e 11223 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11224 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11225 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11226 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11227 #elif defined(WOLFSSL_ALLOW_TLSV10)
wolfSSL 16:8e0d178b1d1e 11228 InitSSL_Method(method, MakeTLSv1());
wolfSSL 16:8e0d178b1d1e 11229 #else
wolfSSL 16:8e0d178b1d1e 11230 #error No TLS version enabled!
wolfSSL 16:8e0d178b1d1e 11231 #endif
wolfSSL 16:8e0d178b1d1e 11232
wolfSSL 16:8e0d178b1d1e 11233 method->downgrade = 1;
wolfSSL 16:8e0d178b1d1e 11234 method->side = WOLFSSL_CLIENT_END;
wolfSSL 16:8e0d178b1d1e 11235 }
wolfSSL 16:8e0d178b1d1e 11236 return method;
wolfSSL 16:8e0d178b1d1e 11237 }
wolfSSL 16:8e0d178b1d1e 11238
wolfSSL 15:117db924cf7c 11239 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 11240 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 11241 WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL 15:117db924cf7c 11242 {
wolfSSL 15:117db924cf7c 11243 return wolfTLSv1_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 11244 }
wolfSSL 15:117db924cf7c 11245 WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11246 {
wolfSSL 15:117db924cf7c 11247 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11248 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11249 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11250 (void)heap;
wolfSSL 16:8e0d178b1d1e 11251 WOLFSSL_ENTER("TLSv1_client_method_ex");
wolfSSL 15:117db924cf7c 11252 if (method)
wolfSSL 15:117db924cf7c 11253 InitSSL_Method(method, MakeTLSv1());
wolfSSL 15:117db924cf7c 11254 return method;
wolfSSL 15:117db924cf7c 11255 }
wolfSSL 15:117db924cf7c 11256 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 11257
wolfSSL 15:117db924cf7c 11258 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL 15:117db924cf7c 11259 {
wolfSSL 15:117db924cf7c 11260 return wolfTLSv1_1_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 11261 }
wolfSSL 15:117db924cf7c 11262 WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11263 {
wolfSSL 15:117db924cf7c 11264 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11265 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11266 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11267 (void)heap;
wolfSSL 16:8e0d178b1d1e 11268 WOLFSSL_ENTER("TLSv1_1_client_method_ex");
wolfSSL 15:117db924cf7c 11269 if (method)
wolfSSL 15:117db924cf7c 11270 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 11271 return method;
wolfSSL 15:117db924cf7c 11272 }
wolfSSL 15:117db924cf7c 11273 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 11274
wolfSSL 15:117db924cf7c 11275 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 11276 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 11277 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL 15:117db924cf7c 11278 {
wolfSSL 15:117db924cf7c 11279 return wolfTLSv1_2_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 11280 }
wolfSSL 15:117db924cf7c 11281 WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11282 {
wolfSSL 15:117db924cf7c 11283 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11284 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11285 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11286 (void)heap;
wolfSSL 16:8e0d178b1d1e 11287 WOLFSSL_ENTER("TLSv1_2_client_method_ex");
wolfSSL 15:117db924cf7c 11288 if (method)
wolfSSL 15:117db924cf7c 11289 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 11290 return method;
wolfSSL 15:117db924cf7c 11291 }
wolfSSL 15:117db924cf7c 11292 #endif /* WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 11293
wolfSSL 15:117db924cf7c 11294 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11295 /* The TLS v1.3 client method data.
wolfSSL 15:117db924cf7c 11296 *
wolfSSL 15:117db924cf7c 11297 * returns the method data for a TLS v1.3 client.
wolfSSL 15:117db924cf7c 11298 */
wolfSSL 16:8e0d178b1d1e 11299 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 11300 WOLFSSL_METHOD* wolfTLSv1_3_client_method(void)
wolfSSL 15:117db924cf7c 11301 {
wolfSSL 15:117db924cf7c 11302 return wolfTLSv1_3_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 11303 }
wolfSSL 15:117db924cf7c 11304
wolfSSL 15:117db924cf7c 11305 /* The TLS v1.3 client method data.
wolfSSL 15:117db924cf7c 11306 *
wolfSSL 15:117db924cf7c 11307 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 11308 * returns the method data for a TLS v1.3 client.
wolfSSL 15:117db924cf7c 11309 */
wolfSSL 15:117db924cf7c 11310 WOLFSSL_METHOD* wolfTLSv1_3_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11311 {
wolfSSL 15:117db924cf7c 11312 WOLFSSL_METHOD* method = (WOLFSSL_METHOD*)
wolfSSL 15:117db924cf7c 11313 XMALLOC(sizeof(WOLFSSL_METHOD), heap,
wolfSSL 15:117db924cf7c 11314 DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11315 (void)heap;
wolfSSL 16:8e0d178b1d1e 11316 WOLFSSL_ENTER("TLSv1_3_client_method_ex");
wolfSSL 15:117db924cf7c 11317 if (method)
wolfSSL 15:117db924cf7c 11318 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 11319 return method;
wolfSSL 15:117db924cf7c 11320 }
wolfSSL 15:117db924cf7c 11321 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 11322
wolfSSL 16:8e0d178b1d1e 11323 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 11324
wolfSSL 16:8e0d178b1d1e 11325 WOLFSSL_METHOD* wolfDTLS_client_method(void)
wolfSSL 15:117db924cf7c 11326 {
wolfSSL 16:8e0d178b1d1e 11327 return wolfDTLS_client_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11328 }
wolfSSL 16:8e0d178b1d1e 11329 WOLFSSL_METHOD* wolfDTLS_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11330 {
wolfSSL 15:117db924cf7c 11331 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11332 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11333 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11334 (void)heap;
wolfSSL 16:8e0d178b1d1e 11335 WOLFSSL_ENTER("DTLS_client_method_ex");
wolfSSL 15:117db924cf7c 11336 if (method) {
wolfSSL 16:8e0d178b1d1e 11337 #if !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11338 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11339 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11340 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 16:8e0d178b1d1e 11341 #else
wolfSSL 16:8e0d178b1d1e 11342 #error No DTLS version enabled!
wolfSSL 16:8e0d178b1d1e 11343 #endif
wolfSSL 16:8e0d178b1d1e 11344
wolfSSL 15:117db924cf7c 11345 method->downgrade = 1;
wolfSSL 16:8e0d178b1d1e 11346 method->side = WOLFSSL_CLIENT_END;
wolfSSL 15:117db924cf7c 11347 }
wolfSSL 15:117db924cf7c 11348 return method;
wolfSSL 15:117db924cf7c 11349 }
wolfSSL 15:117db924cf7c 11350
wolfSSL 16:8e0d178b1d1e 11351 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11352 WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
wolfSSL 16:8e0d178b1d1e 11353 {
wolfSSL 16:8e0d178b1d1e 11354 return wolfDTLSv1_client_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11355 }
wolfSSL 16:8e0d178b1d1e 11356 WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11357 {
wolfSSL 16:8e0d178b1d1e 11358 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11359 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11360 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11361 (void)heap;
wolfSSL 16:8e0d178b1d1e 11362 WOLFSSL_ENTER("DTLSv1_client_method_ex");
wolfSSL 16:8e0d178b1d1e 11363 if (method)
wolfSSL 16:8e0d178b1d1e 11364 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 16:8e0d178b1d1e 11365 return method;
wolfSSL 16:8e0d178b1d1e 11366 }
wolfSSL 16:8e0d178b1d1e 11367 #endif /* NO_OLD_TLS */
wolfSSL 16:8e0d178b1d1e 11368
wolfSSL 16:8e0d178b1d1e 11369 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 11370 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
wolfSSL 16:8e0d178b1d1e 11371 {
wolfSSL 16:8e0d178b1d1e 11372 return wolfDTLSv1_2_client_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11373 }
wolfSSL 16:8e0d178b1d1e 11374 WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11375 {
wolfSSL 16:8e0d178b1d1e 11376 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11377 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11378 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11379 (void)heap;
wolfSSL 16:8e0d178b1d1e 11380 WOLFSSL_ENTER("DTLSv1_2_client_method_ex");
wolfSSL 16:8e0d178b1d1e 11381 if (method)
wolfSSL 16:8e0d178b1d1e 11382 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11383 (void)heap;
wolfSSL 16:8e0d178b1d1e 11384 return method;
wolfSSL 16:8e0d178b1d1e 11385 }
wolfSSL 16:8e0d178b1d1e 11386 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 11387 #endif /* WOLFSSL_DTLS */
wolfSSL 16:8e0d178b1d1e 11388
wolfSSL 15:117db924cf7c 11389 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 11390
wolfSSL 15:117db924cf7c 11391
wolfSSL 16:8e0d178b1d1e 11392 /* EITHER SIDE METHODS */
wolfSSL 16:8e0d178b1d1e 11393 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
wolfSSL 16:8e0d178b1d1e 11394 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11395 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 16:8e0d178b1d1e 11396 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 16:8e0d178b1d1e 11397 *
wolfSSL 16:8e0d178b1d1e 11398 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 16:8e0d178b1d1e 11399 */
wolfSSL 16:8e0d178b1d1e 11400 WOLFSSL_METHOD* wolfTLSv1_method(void)
wolfSSL 16:8e0d178b1d1e 11401 {
wolfSSL 16:8e0d178b1d1e 11402 return wolfTLSv1_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11403 }
wolfSSL 16:8e0d178b1d1e 11404 WOLFSSL_METHOD* wolfTLSv1_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11405 {
wolfSSL 16:8e0d178b1d1e 11406 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11407 WOLFSSL_ENTER("TLSv1_method");
wolfSSL 16:8e0d178b1d1e 11408 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11409 m = wolfTLSv1_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11410 #else
wolfSSL 16:8e0d178b1d1e 11411 m = wolfTLSv1_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11412 #endif
wolfSSL 16:8e0d178b1d1e 11413 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11414 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11415 }
wolfSSL 16:8e0d178b1d1e 11416
wolfSSL 16:8e0d178b1d1e 11417 return m;
wolfSSL 16:8e0d178b1d1e 11418 }
wolfSSL 16:8e0d178b1d1e 11419 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 16:8e0d178b1d1e 11420
wolfSSL 16:8e0d178b1d1e 11421 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 16:8e0d178b1d1e 11422 *
wolfSSL 16:8e0d178b1d1e 11423 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 16:8e0d178b1d1e 11424 */
wolfSSL 16:8e0d178b1d1e 11425 WOLFSSL_METHOD* wolfTLSv1_1_method(void)
wolfSSL 16:8e0d178b1d1e 11426 {
wolfSSL 16:8e0d178b1d1e 11427 return wolfTLSv1_1_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11428 }
wolfSSL 16:8e0d178b1d1e 11429 WOLFSSL_METHOD* wolfTLSv1_1_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11430 {
wolfSSL 16:8e0d178b1d1e 11431 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11432 WOLFSSL_ENTER("TLSv1_1_method");
wolfSSL 16:8e0d178b1d1e 11433 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11434 m = wolfTLSv1_1_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11435 #else
wolfSSL 16:8e0d178b1d1e 11436 m = wolfTLSv1_1_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11437 #endif
wolfSSL 16:8e0d178b1d1e 11438 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11439 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11440 }
wolfSSL 16:8e0d178b1d1e 11441 return m;
wolfSSL 16:8e0d178b1d1e 11442 }
wolfSSL 16:8e0d178b1d1e 11443 #endif /* !NO_OLD_TLS */
wolfSSL 16:8e0d178b1d1e 11444
wolfSSL 16:8e0d178b1d1e 11445 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 11446 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 16:8e0d178b1d1e 11447 *
wolfSSL 16:8e0d178b1d1e 11448 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 16:8e0d178b1d1e 11449 */
wolfSSL 16:8e0d178b1d1e 11450 WOLFSSL_METHOD* wolfTLSv1_2_method(void)
wolfSSL 16:8e0d178b1d1e 11451 {
wolfSSL 16:8e0d178b1d1e 11452 return wolfTLSv1_2_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11453 }
wolfSSL 16:8e0d178b1d1e 11454 WOLFSSL_METHOD* wolfTLSv1_2_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11455 {
wolfSSL 16:8e0d178b1d1e 11456 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11457 WOLFSSL_ENTER("TLSv1_2_method");
wolfSSL 16:8e0d178b1d1e 11458 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11459 m = wolfTLSv1_2_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11460 #else
wolfSSL 16:8e0d178b1d1e 11461 m = wolfTLSv1_2_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11462 #endif
wolfSSL 16:8e0d178b1d1e 11463 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11464 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11465 }
wolfSSL 16:8e0d178b1d1e 11466 return m;
wolfSSL 16:8e0d178b1d1e 11467 }
wolfSSL 16:8e0d178b1d1e 11468 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 11469
wolfSSL 16:8e0d178b1d1e 11470 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 11471 /* Gets a WOLFSL_METHOD type that is not set as client or server
wolfSSL 16:8e0d178b1d1e 11472 *
wolfSSL 16:8e0d178b1d1e 11473 * Returns a pointer to a WOLFSSL_METHOD struct
wolfSSL 16:8e0d178b1d1e 11474 */
wolfSSL 16:8e0d178b1d1e 11475 WOLFSSL_METHOD* wolfTLSv1_3_method(void)
wolfSSL 16:8e0d178b1d1e 11476 {
wolfSSL 16:8e0d178b1d1e 11477 return wolfTLSv1_3_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11478 }
wolfSSL 16:8e0d178b1d1e 11479 WOLFSSL_METHOD* wolfTLSv1_3_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11480 {
wolfSSL 16:8e0d178b1d1e 11481 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11482 WOLFSSL_ENTER("TLSv1_3_method");
wolfSSL 16:8e0d178b1d1e 11483 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11484 m = wolfTLSv1_3_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11485 #else
wolfSSL 16:8e0d178b1d1e 11486 m = wolfTLSv1_3_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11487 #endif
wolfSSL 16:8e0d178b1d1e 11488 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11489 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11490 }
wolfSSL 16:8e0d178b1d1e 11491 return m;
wolfSSL 16:8e0d178b1d1e 11492 }
wolfSSL 16:8e0d178b1d1e 11493 #endif /* WOLFSSL_TLS13 */
wolfSSL 16:8e0d178b1d1e 11494
wolfSSL 16:8e0d178b1d1e 11495 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 11496 WOLFSSL_METHOD* wolfDTLS_method(void)
wolfSSL 16:8e0d178b1d1e 11497 {
wolfSSL 16:8e0d178b1d1e 11498 return wolfDTLS_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11499 }
wolfSSL 16:8e0d178b1d1e 11500 WOLFSSL_METHOD* wolfDTLS_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11501 {
wolfSSL 16:8e0d178b1d1e 11502 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11503 WOLFSSL_ENTER("DTLS_method_ex");
wolfSSL 16:8e0d178b1d1e 11504 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11505 m = wolfDTLS_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11506 #else
wolfSSL 16:8e0d178b1d1e 11507 m = wolfDTLS_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11508 #endif
wolfSSL 16:8e0d178b1d1e 11509 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11510 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11511 }
wolfSSL 16:8e0d178b1d1e 11512 return m;
wolfSSL 16:8e0d178b1d1e 11513 }
wolfSSL 16:8e0d178b1d1e 11514
wolfSSL 16:8e0d178b1d1e 11515 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11516 WOLFSSL_METHOD* wolfDTLSv1_method(void)
wolfSSL 16:8e0d178b1d1e 11517 {
wolfSSL 16:8e0d178b1d1e 11518 return wolfDTLSv1_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11519 }
wolfSSL 16:8e0d178b1d1e 11520 WOLFSSL_METHOD* wolfDTLSv1_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11521 {
wolfSSL 16:8e0d178b1d1e 11522 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11523 WOLFSSL_ENTER("DTLSv1_method_ex");
wolfSSL 16:8e0d178b1d1e 11524 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11525 m = wolfDTLSv1_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11526 #else
wolfSSL 16:8e0d178b1d1e 11527 m = wolfDTLSv1_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11528 #endif
wolfSSL 16:8e0d178b1d1e 11529 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11530 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11531 }
wolfSSL 16:8e0d178b1d1e 11532 return m;
wolfSSL 16:8e0d178b1d1e 11533 }
wolfSSL 16:8e0d178b1d1e 11534 #endif /* !NO_OLD_TLS */
wolfSSL 16:8e0d178b1d1e 11535 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 11536 WOLFSSL_METHOD* wolfDTLSv1_2_method(void)
wolfSSL 16:8e0d178b1d1e 11537 {
wolfSSL 16:8e0d178b1d1e 11538 return wolfDTLSv1_2_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11539 }
wolfSSL 16:8e0d178b1d1e 11540 WOLFSSL_METHOD* wolfDTLSv1_2_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11541 {
wolfSSL 16:8e0d178b1d1e 11542 WOLFSSL_METHOD* m;
wolfSSL 16:8e0d178b1d1e 11543 WOLFSSL_ENTER("DTLSv1_2_method");
wolfSSL 16:8e0d178b1d1e 11544 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 11545 m = wolfDTLSv1_2_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11546 #else
wolfSSL 16:8e0d178b1d1e 11547 m = wolfDTLSv1_2_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11548 #endif
wolfSSL 16:8e0d178b1d1e 11549 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11550 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11551 }
wolfSSL 16:8e0d178b1d1e 11552 return m;
wolfSSL 16:8e0d178b1d1e 11553 }
wolfSSL 16:8e0d178b1d1e 11554 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 11555 #endif /* WOLFSSL_DTLS */
wolfSSL 16:8e0d178b1d1e 11556 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
wolfSSL 16:8e0d178b1d1e 11557
wolfSSL 15:117db924cf7c 11558
wolfSSL 15:117db924cf7c 11559 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 11560
wolfSSL 16:8e0d178b1d1e 11561 WOLFSSL_METHOD* wolfTLS_server_method(void)
wolfSSL 16:8e0d178b1d1e 11562 {
wolfSSL 16:8e0d178b1d1e 11563 return wolfTLS_server_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11564 }
wolfSSL 16:8e0d178b1d1e 11565
wolfSSL 16:8e0d178b1d1e 11566 WOLFSSL_METHOD* wolfTLS_server_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11567 {
wolfSSL 16:8e0d178b1d1e 11568 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11569 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11570 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11571 (void)heap;
wolfSSL 16:8e0d178b1d1e 11572 WOLFSSL_ENTER("TLS_server_method_ex");
wolfSSL 16:8e0d178b1d1e 11573 if (method) {
wolfSSL 16:8e0d178b1d1e 11574 #if defined(WOLFSSL_TLS13)
wolfSSL 16:8e0d178b1d1e 11575 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 16:8e0d178b1d1e 11576 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11577 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11578 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11579 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11580 #elif defined(WOLFSSL_ALLOW_TLSV10)
wolfSSL 16:8e0d178b1d1e 11581 InitSSL_Method(method, MakeTLSv1());
wolfSSL 16:8e0d178b1d1e 11582 #else
wolfSSL 16:8e0d178b1d1e 11583 #error No TLS version enabled!
wolfSSL 16:8e0d178b1d1e 11584 #endif
wolfSSL 16:8e0d178b1d1e 11585
wolfSSL 16:8e0d178b1d1e 11586 method->downgrade = 1;
wolfSSL 16:8e0d178b1d1e 11587 method->side = WOLFSSL_SERVER_END;
wolfSSL 16:8e0d178b1d1e 11588 }
wolfSSL 16:8e0d178b1d1e 11589 return method;
wolfSSL 16:8e0d178b1d1e 11590 }
wolfSSL 16:8e0d178b1d1e 11591
wolfSSL 15:117db924cf7c 11592 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 11593 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 11594 WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL 15:117db924cf7c 11595 {
wolfSSL 15:117db924cf7c 11596 return wolfTLSv1_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 11597 }
wolfSSL 15:117db924cf7c 11598 WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11599 {
wolfSSL 15:117db924cf7c 11600 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11601 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11602 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11603 (void)heap;
wolfSSL 16:8e0d178b1d1e 11604 WOLFSSL_ENTER("TLSv1_server_method_ex");
wolfSSL 15:117db924cf7c 11605 if (method) {
wolfSSL 15:117db924cf7c 11606 InitSSL_Method(method, MakeTLSv1());
wolfSSL 15:117db924cf7c 11607 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11608 }
wolfSSL 15:117db924cf7c 11609 return method;
wolfSSL 15:117db924cf7c 11610 }
wolfSSL 15:117db924cf7c 11611 #endif /* WOLFSSL_ALLOW_TLSV10 */
wolfSSL 15:117db924cf7c 11612
wolfSSL 15:117db924cf7c 11613 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL 15:117db924cf7c 11614 {
wolfSSL 15:117db924cf7c 11615 return wolfTLSv1_1_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 11616 }
wolfSSL 15:117db924cf7c 11617 WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11618 {
wolfSSL 15:117db924cf7c 11619 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11620 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11621 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11622 (void)heap;
wolfSSL 16:8e0d178b1d1e 11623 WOLFSSL_ENTER("TLSv1_1_server_method_ex");
wolfSSL 15:117db924cf7c 11624 if (method) {
wolfSSL 15:117db924cf7c 11625 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 15:117db924cf7c 11626 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11627 }
wolfSSL 15:117db924cf7c 11628 return method;
wolfSSL 15:117db924cf7c 11629 }
wolfSSL 15:117db924cf7c 11630 #endif /* !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 11631
wolfSSL 16:8e0d178b1d1e 11632
wolfSSL 15:117db924cf7c 11633 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 11634 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL 15:117db924cf7c 11635 {
wolfSSL 15:117db924cf7c 11636 return wolfTLSv1_2_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 11637 }
wolfSSL 15:117db924cf7c 11638 WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11639 {
wolfSSL 15:117db924cf7c 11640 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11641 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11642 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11643 (void)heap;
wolfSSL 16:8e0d178b1d1e 11644 WOLFSSL_ENTER("TLSv1_2_server_method_ex");
wolfSSL 15:117db924cf7c 11645 if (method) {
wolfSSL 15:117db924cf7c 11646 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 15:117db924cf7c 11647 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11648 }
wolfSSL 15:117db924cf7c 11649 return method;
wolfSSL 15:117db924cf7c 11650 }
wolfSSL 15:117db924cf7c 11651 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 11652
wolfSSL 15:117db924cf7c 11653 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11654 /* The TLS v1.3 server method data.
wolfSSL 15:117db924cf7c 11655 *
wolfSSL 15:117db924cf7c 11656 * returns the method data for a TLS v1.3 server.
wolfSSL 15:117db924cf7c 11657 */
wolfSSL 15:117db924cf7c 11658 WOLFSSL_METHOD* wolfTLSv1_3_server_method(void)
wolfSSL 15:117db924cf7c 11659 {
wolfSSL 15:117db924cf7c 11660 return wolfTLSv1_3_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 11661 }
wolfSSL 15:117db924cf7c 11662
wolfSSL 15:117db924cf7c 11663 /* The TLS v1.3 server method data.
wolfSSL 15:117db924cf7c 11664 *
wolfSSL 15:117db924cf7c 11665 * heap The heap used for allocation.
wolfSSL 15:117db924cf7c 11666 * returns the method data for a TLS v1.3 server.
wolfSSL 15:117db924cf7c 11667 */
wolfSSL 15:117db924cf7c 11668 WOLFSSL_METHOD* wolfTLSv1_3_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11669 {
wolfSSL 15:117db924cf7c 11670 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11671 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11672 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11673 (void)heap;
wolfSSL 16:8e0d178b1d1e 11674 WOLFSSL_ENTER("TLSv1_3_server_method_ex");
wolfSSL 15:117db924cf7c 11675 if (method) {
wolfSSL 15:117db924cf7c 11676 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 15:117db924cf7c 11677 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11678 }
wolfSSL 15:117db924cf7c 11679 return method;
wolfSSL 15:117db924cf7c 11680 }
wolfSSL 15:117db924cf7c 11681 #endif /* WOLFSSL_TLS13 */
wolfSSL 15:117db924cf7c 11682
wolfSSL 16:8e0d178b1d1e 11683 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 11684 WOLFSSL_METHOD* wolfDTLS_server_method(void)
wolfSSL 15:117db924cf7c 11685 {
wolfSSL 16:8e0d178b1d1e 11686 return wolfDTLS_server_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11687 }
wolfSSL 16:8e0d178b1d1e 11688 WOLFSSL_METHOD* wolfDTLS_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11689 {
wolfSSL 15:117db924cf7c 11690 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11691 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11692 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 11693 (void)heap;
wolfSSL 16:8e0d178b1d1e 11694 WOLFSSL_ENTER("DTLS_server_method_ex");
wolfSSL 15:117db924cf7c 11695 if (method) {
wolfSSL 16:8e0d178b1d1e 11696 #if !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11697 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11698 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11699 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 16:8e0d178b1d1e 11700 #else
wolfSSL 16:8e0d178b1d1e 11701 #error No DTLS version enabled!
wolfSSL 16:8e0d178b1d1e 11702 #endif
wolfSSL 16:8e0d178b1d1e 11703
wolfSSL 15:117db924cf7c 11704 method->downgrade = 1;
wolfSSL 15:117db924cf7c 11705 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11706 }
wolfSSL 15:117db924cf7c 11707 return method;
wolfSSL 15:117db924cf7c 11708 }
wolfSSL 15:117db924cf7c 11709
wolfSSL 16:8e0d178b1d1e 11710 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11711 WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
wolfSSL 16:8e0d178b1d1e 11712 {
wolfSSL 16:8e0d178b1d1e 11713 return wolfDTLSv1_server_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11714 }
wolfSSL 16:8e0d178b1d1e 11715 WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11716 {
wolfSSL 16:8e0d178b1d1e 11717 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11718 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11719 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11720 (void)heap;
wolfSSL 16:8e0d178b1d1e 11721 WOLFSSL_ENTER("DTLSv1_server_method_ex");
wolfSSL 16:8e0d178b1d1e 11722 if (method) {
wolfSSL 16:8e0d178b1d1e 11723 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 16:8e0d178b1d1e 11724 method->side = WOLFSSL_SERVER_END;
wolfSSL 16:8e0d178b1d1e 11725 }
wolfSSL 16:8e0d178b1d1e 11726 return method;
wolfSSL 16:8e0d178b1d1e 11727 }
wolfSSL 16:8e0d178b1d1e 11728 #endif /* !NO_OLD_TLS */
wolfSSL 16:8e0d178b1d1e 11729
wolfSSL 16:8e0d178b1d1e 11730 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 11731 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
wolfSSL 16:8e0d178b1d1e 11732 {
wolfSSL 16:8e0d178b1d1e 11733 return wolfDTLSv1_2_server_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11734 }
wolfSSL 16:8e0d178b1d1e 11735 WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11736 {
wolfSSL 16:8e0d178b1d1e 11737 WOLFSSL_METHOD* method =
wolfSSL 16:8e0d178b1d1e 11738 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 16:8e0d178b1d1e 11739 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11740 WOLFSSL_ENTER("DTLSv1_2_server_method_ex");
wolfSSL 16:8e0d178b1d1e 11741 (void)heap;
wolfSSL 16:8e0d178b1d1e 11742 if (method) {
wolfSSL 16:8e0d178b1d1e 11743 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11744 method->side = WOLFSSL_SERVER_END;
wolfSSL 16:8e0d178b1d1e 11745 }
wolfSSL 16:8e0d178b1d1e 11746 (void)heap;
wolfSSL 16:8e0d178b1d1e 11747 return method;
wolfSSL 16:8e0d178b1d1e 11748 }
wolfSSL 16:8e0d178b1d1e 11749 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 16:8e0d178b1d1e 11750 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 11751
wolfSSL 15:117db924cf7c 11752 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 16:8e0d178b1d1e 11753
wolfSSL 15:117db924cf7c 11754 #endif /* NO_TLS */
wolfSSL 15:117db924cf7c 11755 #endif /* WOLFCRYPT_ONLY */
wolfSSL 15:117db924cf7c 11756