wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/tls.c@17:a5f916481144, 2020-06-05 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 05 00:11:07 2020 +0000
- Revision:
- 17:a5f916481144
- Parent:
- 16:8e0d178b1d1e
wolfSSL 4.4.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 15:117db924cf7c | 1 | /* tls.c |
wolfSSL | 15:117db924cf7c | 2 | * |
wolfSSL | 16:8e0d178b1d1e | 3 | * Copyright (C) 2006-2020 wolfSSL Inc. |
wolfSSL | 15:117db924cf7c | 4 | * |
wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
wolfSSL | 15:117db924cf7c | 6 | * |
wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
wolfSSL | 15:117db924cf7c | 11 | * |
wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
wolfSSL | 15:117db924cf7c | 16 | * |
wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 15:117db924cf7c | 20 | */ |
wolfSSL | 15:117db924cf7c | 21 | |
wolfSSL | 15:117db924cf7c | 22 | |
wolfSSL | 15:117db924cf7c | 23 | |
wolfSSL | 15:117db924cf7c | 24 | #ifdef HAVE_CONFIG_H |
wolfSSL | 15:117db924cf7c | 25 | #include <config.h> |
wolfSSL | 15:117db924cf7c | 26 | #endif |
wolfSSL | 15:117db924cf7c | 27 | |
wolfSSL | 15:117db924cf7c | 28 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 15:117db924cf7c | 29 | |
wolfSSL | 15:117db924cf7c | 30 | #ifndef WOLFCRYPT_ONLY |
wolfSSL | 15:117db924cf7c | 31 | |
wolfSSL | 15:117db924cf7c | 32 | #include <wolfssl/ssl.h> |
wolfSSL | 15:117db924cf7c | 33 | #include <wolfssl/internal.h> |
wolfSSL | 15:117db924cf7c | 34 | #include <wolfssl/error-ssl.h> |
wolfSSL | 15:117db924cf7c | 35 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 15:117db924cf7c | 36 | #ifdef NO_INLINE |
wolfSSL | 15:117db924cf7c | 37 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 15:117db924cf7c | 38 | #else |
wolfSSL | 15:117db924cf7c | 39 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 15:117db924cf7c | 40 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 15:117db924cf7c | 41 | #endif |
wolfSSL | 15:117db924cf7c | 42 | |
wolfSSL | 15:117db924cf7c | 43 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 44 | #include <wolfssl/wolfcrypt/curve25519.h> |
wolfSSL | 15:117db924cf7c | 45 | #endif |
wolfSSL | 16:8e0d178b1d1e | 46 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 47 | #include <wolfssl/wolfcrypt/curve448.h> |
wolfSSL | 16:8e0d178b1d1e | 48 | #endif |
wolfSSL | 15:117db924cf7c | 49 | #ifdef HAVE_NTRU |
wolfSSL | 15:117db924cf7c | 50 | #include "libntruencrypt/ntru_crypto.h" |
wolfSSL | 15:117db924cf7c | 51 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 15:117db924cf7c | 52 | #endif |
wolfSSL | 15:117db924cf7c | 53 | |
wolfSSL | 15:117db924cf7c | 54 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 55 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key); |
wolfSSL | 15:117db924cf7c | 56 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name); |
wolfSSL | 15:117db924cf7c | 57 | #if defined(HAVE_NTRU) |
wolfSSL | 15:117db924cf7c | 58 | static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type); |
wolfSSL | 15:117db924cf7c | 59 | #endif |
wolfSSL | 15:117db924cf7c | 60 | #endif /* HAVE_QSH */ |
wolfSSL | 15:117db924cf7c | 61 | |
wolfSSL | 15:117db924cf7c | 62 | #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 63 | !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ |
wolfSSL | 15:117db924cf7c | 64 | (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)) |
wolfSSL | 15:117db924cf7c | 65 | static int TLSX_KeyShare_IsSupported(int namedGroup); |
wolfSSL | 15:117db924cf7c | 66 | #endif |
wolfSSL | 15:117db924cf7c | 67 | |
wolfSSL | 16:8e0d178b1d1e | 68 | #if ((!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 69 | !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ |
wolfSSL | 16:8e0d178b1d1e | 70 | (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \ |
wolfSSL | 16:8e0d178b1d1e | 71 | && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \ |
wolfSSL | 16:8e0d178b1d1e | 72 | ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 73 | defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES))) && \ |
wolfSSL | 16:8e0d178b1d1e | 74 | defined(HAVE_TLS_EXTENSIONS) |
wolfSSL | 15:117db924cf7c | 75 | static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); |
wolfSSL | 15:117db924cf7c | 76 | #endif |
wolfSSL | 15:117db924cf7c | 77 | |
wolfSSL | 15:117db924cf7c | 78 | |
wolfSSL | 15:117db924cf7c | 79 | #ifndef NO_TLS |
wolfSSL | 15:117db924cf7c | 80 | |
wolfSSL | 15:117db924cf7c | 81 | /* Digest enable checks */ |
wolfSSL | 15:117db924cf7c | 82 | #ifdef NO_OLD_TLS /* TLS 1.2 only */ |
wolfSSL | 15:117db924cf7c | 83 | #if defined(NO_SHA256) && !defined(WOLFSSL_SHA384) && \ |
wolfSSL | 15:117db924cf7c | 84 | !defined(WOLFSSL_SHA512) |
wolfSSL | 15:117db924cf7c | 85 | #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 |
wolfSSL | 15:117db924cf7c | 86 | #endif |
wolfSSL | 15:117db924cf7c | 87 | #else /* TLS 1.1 or older */ |
wolfSSL | 15:117db924cf7c | 88 | #if defined(NO_MD5) && defined(NO_SHA) |
wolfSSL | 15:117db924cf7c | 89 | #error Must have SHA1 and MD5 enabled for old TLS |
wolfSSL | 15:117db924cf7c | 90 | #endif |
wolfSSL | 15:117db924cf7c | 91 | #endif |
wolfSSL | 15:117db924cf7c | 92 | |
wolfSSL | 15:117db924cf7c | 93 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 94 | #if !defined(NO_DH) && \ |
wolfSSL | 15:117db924cf7c | 95 | !defined(HAVE_FFDHE_2048) && !defined(HAVE_FFDHE_3072) && \ |
wolfSSL | 15:117db924cf7c | 96 | !defined(HAVE_FFDHE_4096) && !defined(HAVE_FFDHE_6144) && \ |
wolfSSL | 15:117db924cf7c | 97 | !defined(HAVE_FFDHE_8192) |
wolfSSL | 15:117db924cf7c | 98 | #error Please configure your TLS 1.3 DH key size using either: HAVE_FFDHE_2048, HAVE_FFDHE_3072, HAVE_FFDHE_4096, HAVE_FFDHE_6144 or HAVE_FFDHE_8192 |
wolfSSL | 15:117db924cf7c | 99 | #endif |
wolfSSL | 15:117db924cf7c | 100 | #if !defined(NO_RSA) && !defined(WC_RSA_PSS) |
wolfSSL | 15:117db924cf7c | 101 | #error The build option WC_RSA_PSS is required for TLS 1.3 with RSA |
wolfSSL | 15:117db924cf7c | 102 | #endif |
wolfSSL | 16:8e0d178b1d1e | 103 | #ifndef HAVE_TLS_EXTENSIONS |
wolfSSL | 16:8e0d178b1d1e | 104 | #ifndef _MSC_VER |
wolfSSL | 16:8e0d178b1d1e | 105 | #error "The build option HAVE_TLS_EXTENSIONS is required for TLS 1.3" |
wolfSSL | 16:8e0d178b1d1e | 106 | #else |
wolfSSL | 16:8e0d178b1d1e | 107 | #pragma message("Error: The build option HAVE_TLS_EXTENSIONS is required for TLS 1.3") |
wolfSSL | 16:8e0d178b1d1e | 108 | #endif |
wolfSSL | 16:8e0d178b1d1e | 109 | #endif |
wolfSSL | 16:8e0d178b1d1e | 110 | #endif |
wolfSSL | 16:8e0d178b1d1e | 111 | |
wolfSSL | 16:8e0d178b1d1e | 112 | /* Warn if secrets logging is enabled */ |
wolfSSL | 16:8e0d178b1d1e | 113 | #if defined(SHOW_SECRETS) || defined(WOLFSSL_SSLKEYLOGFILE) |
wolfSSL | 16:8e0d178b1d1e | 114 | #ifndef _MSC_VER |
wolfSSL | 16:8e0d178b1d1e | 115 | #warning The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment |
wolfSSL | 16:8e0d178b1d1e | 116 | #else |
wolfSSL | 16:8e0d178b1d1e | 117 | #pragma message("Warning: The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment") |
wolfSSL | 16:8e0d178b1d1e | 118 | #endif |
wolfSSL | 16:8e0d178b1d1e | 119 | #endif |
wolfSSL | 16:8e0d178b1d1e | 120 | |
wolfSSL | 16:8e0d178b1d1e | 121 | /* Optional Pre-Master-Secret logging for Wireshark */ |
wolfSSL | 16:8e0d178b1d1e | 122 | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) |
wolfSSL | 16:8e0d178b1d1e | 123 | #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT |
wolfSSL | 16:8e0d178b1d1e | 124 | #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" |
wolfSSL | 16:8e0d178b1d1e | 125 | #endif |
wolfSSL | 16:8e0d178b1d1e | 126 | #endif |
wolfSSL | 15:117db924cf7c | 127 | |
wolfSSL | 15:117db924cf7c | 128 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 15:117db924cf7c | 129 | |
wolfSSL | 15:117db924cf7c | 130 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 131 | #define HSHASH_SZ WC_SHA384_DIGEST_SIZE |
wolfSSL | 15:117db924cf7c | 132 | #else |
wolfSSL | 15:117db924cf7c | 133 | #define HSHASH_SZ FINISHED_SZ |
wolfSSL | 15:117db924cf7c | 134 | #endif |
wolfSSL | 15:117db924cf7c | 135 | |
wolfSSL | 16:8e0d178b1d1e | 136 | #ifdef WOLFSSL_RENESAS_TSIP_TLS |
wolfSSL | 16:8e0d178b1d1e | 137 | int tsip_useable(const WOLFSSL *ssl); |
wolfSSL | 16:8e0d178b1d1e | 138 | int tsip_generateMasterSecret(const byte *pre, |
wolfSSL | 16:8e0d178b1d1e | 139 | const byte *cr,const byte *sr, |
wolfSSL | 16:8e0d178b1d1e | 140 | byte *ms/* out */); |
wolfSSL | 16:8e0d178b1d1e | 141 | int tsip_generateSeesionKey(WOLFSSL *ssl); |
wolfSSL | 16:8e0d178b1d1e | 142 | int tsip_generateVerifyData(const byte *ms, const byte *side, |
wolfSSL | 16:8e0d178b1d1e | 143 | const byte *handshake_hash, |
wolfSSL | 16:8e0d178b1d1e | 144 | byte *hashes /* out */); |
wolfSSL | 16:8e0d178b1d1e | 145 | #endif |
wolfSSL | 15:117db924cf7c | 146 | |
wolfSSL | 15:117db924cf7c | 147 | int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) |
wolfSSL | 15:117db924cf7c | 148 | { |
wolfSSL | 16:8e0d178b1d1e | 149 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 150 | word32 hashSz = FINISHED_SZ; |
wolfSSL | 15:117db924cf7c | 151 | |
wolfSSL | 15:117db924cf7c | 152 | if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ) |
wolfSSL | 15:117db924cf7c | 153 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 154 | |
wolfSSL | 16:8e0d178b1d1e | 155 | /* for constant timing perform these even if error */ |
wolfSSL | 15:117db924cf7c | 156 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 157 | ret |= wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); |
wolfSSL | 16:8e0d178b1d1e | 158 | ret |= wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]); |
wolfSSL | 15:117db924cf7c | 159 | #endif |
wolfSSL | 15:117db924cf7c | 160 | |
wolfSSL | 15:117db924cf7c | 161 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 15:117db924cf7c | 162 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 163 | if (ssl->specs.mac_algorithm <= sha256_mac || |
wolfSSL | 15:117db924cf7c | 164 | ssl->specs.mac_algorithm == blake2b_mac) { |
wolfSSL | 16:8e0d178b1d1e | 165 | ret |= wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); |
wolfSSL | 15:117db924cf7c | 166 | hashSz = WC_SHA256_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 167 | } |
wolfSSL | 15:117db924cf7c | 168 | #endif |
wolfSSL | 15:117db924cf7c | 169 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 170 | if (ssl->specs.mac_algorithm == sha384_mac) { |
wolfSSL | 16:8e0d178b1d1e | 171 | ret |= wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); |
wolfSSL | 15:117db924cf7c | 172 | hashSz = WC_SHA384_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 173 | } |
wolfSSL | 15:117db924cf7c | 174 | #endif |
wolfSSL | 15:117db924cf7c | 175 | } |
wolfSSL | 15:117db924cf7c | 176 | |
wolfSSL | 15:117db924cf7c | 177 | *hashLen = hashSz; |
wolfSSL | 15:117db924cf7c | 178 | |
wolfSSL | 16:8e0d178b1d1e | 179 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 180 | ret = BUILD_MSG_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 181 | |
wolfSSL | 16:8e0d178b1d1e | 182 | return ret; |
wolfSSL | 15:117db924cf7c | 183 | } |
wolfSSL | 15:117db924cf7c | 184 | |
wolfSSL | 15:117db924cf7c | 185 | |
wolfSSL | 15:117db924cf7c | 186 | int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) |
wolfSSL | 15:117db924cf7c | 187 | { |
wolfSSL | 16:8e0d178b1d1e | 188 | int ret; |
wolfSSL | 15:117db924cf7c | 189 | const byte* side; |
wolfSSL | 16:8e0d178b1d1e | 190 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 16:8e0d178b1d1e | 191 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 16:8e0d178b1d1e | 192 | DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap); |
wolfSSL | 15:117db924cf7c | 193 | if (handshake_hash == NULL) |
wolfSSL | 15:117db924cf7c | 194 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 195 | #else |
wolfSSL | 16:8e0d178b1d1e | 196 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 16:8e0d178b1d1e | 197 | #endif |
wolfSSL | 15:117db924cf7c | 198 | |
wolfSSL | 15:117db924cf7c | 199 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 15:117db924cf7c | 200 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 201 | if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) |
wolfSSL | 15:117db924cf7c | 202 | side = tls_client; |
wolfSSL | 15:117db924cf7c | 203 | else |
wolfSSL | 15:117db924cf7c | 204 | side = tls_server; |
wolfSSL | 15:117db924cf7c | 205 | |
wolfSSL | 16:8e0d178b1d1e | 206 | #ifdef WOLFSSL_HAVE_PRF |
wolfSSL | 16:8e0d178b1d1e | 207 | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
wolfSSL | 16:8e0d178b1d1e | 208 | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
wolfSSL | 16:8e0d178b1d1e | 209 | if (tsip_useable(ssl)) { |
wolfSSL | 16:8e0d178b1d1e | 210 | ret = tsip_generateVerifyData(ssl->arrays->tsip_masterSecret, |
wolfSSL | 16:8e0d178b1d1e | 211 | side, handshake_hash, (byte*)hashes /* out */); |
wolfSSL | 16:8e0d178b1d1e | 212 | } else |
wolfSSL | 16:8e0d178b1d1e | 213 | #endif |
wolfSSL | 16:8e0d178b1d1e | 214 | ret = wc_PRF_TLS((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, |
wolfSSL | 15:117db924cf7c | 215 | SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, |
wolfSSL | 15:117db924cf7c | 216 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 217 | ssl->heap, ssl->devId); |
wolfSSL | 16:8e0d178b1d1e | 218 | #else |
wolfSSL | 16:8e0d178b1d1e | 219 | /* Pseudo random function must be enabled in the configuration. */ |
wolfSSL | 16:8e0d178b1d1e | 220 | ret = PRF_MISSING; |
wolfSSL | 16:8e0d178b1d1e | 221 | WOLFSSL_MSG("Pseudo-random function is not enabled"); |
wolfSSL | 16:8e0d178b1d1e | 222 | |
wolfSSL | 16:8e0d178b1d1e | 223 | (void)side; |
wolfSSL | 16:8e0d178b1d1e | 224 | (void)hashes; |
wolfSSL | 16:8e0d178b1d1e | 225 | #endif |
wolfSSL | 16:8e0d178b1d1e | 226 | } |
wolfSSL | 16:8e0d178b1d1e | 227 | |
wolfSSL | 16:8e0d178b1d1e | 228 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 16:8e0d178b1d1e | 229 | FREE_VAR(handshake_hash, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 230 | #endif |
wolfSSL | 15:117db924cf7c | 231 | |
wolfSSL | 15:117db924cf7c | 232 | return ret; |
wolfSSL | 15:117db924cf7c | 233 | } |
wolfSSL | 15:117db924cf7c | 234 | |
wolfSSL | 15:117db924cf7c | 235 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 15:117db924cf7c | 236 | |
wolfSSL | 15:117db924cf7c | 237 | #ifndef NO_OLD_TLS |
wolfSSL | 15:117db924cf7c | 238 | |
wolfSSL | 15:117db924cf7c | 239 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 15:117db924cf7c | 240 | ProtocolVersion MakeTLSv1(void) |
wolfSSL | 15:117db924cf7c | 241 | { |
wolfSSL | 15:117db924cf7c | 242 | ProtocolVersion pv; |
wolfSSL | 15:117db924cf7c | 243 | pv.major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 244 | pv.minor = TLSv1_MINOR; |
wolfSSL | 15:117db924cf7c | 245 | |
wolfSSL | 15:117db924cf7c | 246 | return pv; |
wolfSSL | 15:117db924cf7c | 247 | } |
wolfSSL | 15:117db924cf7c | 248 | #endif /* WOLFSSL_ALLOW_TLSV10 */ |
wolfSSL | 15:117db924cf7c | 249 | |
wolfSSL | 15:117db924cf7c | 250 | |
wolfSSL | 15:117db924cf7c | 251 | ProtocolVersion MakeTLSv1_1(void) |
wolfSSL | 15:117db924cf7c | 252 | { |
wolfSSL | 15:117db924cf7c | 253 | ProtocolVersion pv; |
wolfSSL | 15:117db924cf7c | 254 | pv.major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 255 | pv.minor = TLSv1_1_MINOR; |
wolfSSL | 15:117db924cf7c | 256 | |
wolfSSL | 15:117db924cf7c | 257 | return pv; |
wolfSSL | 15:117db924cf7c | 258 | } |
wolfSSL | 15:117db924cf7c | 259 | |
wolfSSL | 15:117db924cf7c | 260 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 15:117db924cf7c | 261 | |
wolfSSL | 15:117db924cf7c | 262 | |
wolfSSL | 15:117db924cf7c | 263 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 15:117db924cf7c | 264 | |
wolfSSL | 15:117db924cf7c | 265 | ProtocolVersion MakeTLSv1_2(void) |
wolfSSL | 15:117db924cf7c | 266 | { |
wolfSSL | 15:117db924cf7c | 267 | ProtocolVersion pv; |
wolfSSL | 15:117db924cf7c | 268 | pv.major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 269 | pv.minor = TLSv1_2_MINOR; |
wolfSSL | 15:117db924cf7c | 270 | |
wolfSSL | 15:117db924cf7c | 271 | return pv; |
wolfSSL | 15:117db924cf7c | 272 | } |
wolfSSL | 15:117db924cf7c | 273 | |
wolfSSL | 15:117db924cf7c | 274 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 15:117db924cf7c | 275 | |
wolfSSL | 15:117db924cf7c | 276 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 277 | /* The TLS v1.3 protocol version. |
wolfSSL | 15:117db924cf7c | 278 | * |
wolfSSL | 15:117db924cf7c | 279 | * returns the protocol version data for TLS v1.3. |
wolfSSL | 15:117db924cf7c | 280 | */ |
wolfSSL | 15:117db924cf7c | 281 | ProtocolVersion MakeTLSv1_3(void) |
wolfSSL | 15:117db924cf7c | 282 | { |
wolfSSL | 15:117db924cf7c | 283 | ProtocolVersion pv; |
wolfSSL | 15:117db924cf7c | 284 | pv.major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 285 | pv.minor = TLSv1_3_MINOR; |
wolfSSL | 15:117db924cf7c | 286 | |
wolfSSL | 15:117db924cf7c | 287 | return pv; |
wolfSSL | 15:117db924cf7c | 288 | } |
wolfSSL | 15:117db924cf7c | 289 | #endif |
wolfSSL | 15:117db924cf7c | 290 | |
wolfSSL | 15:117db924cf7c | 291 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 15:117db924cf7c | 292 | |
wolfSSL | 15:117db924cf7c | 293 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 294 | static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = |
wolfSSL | 15:117db924cf7c | 295 | "extended master secret"; |
wolfSSL | 15:117db924cf7c | 296 | #endif |
wolfSSL | 15:117db924cf7c | 297 | static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; |
wolfSSL | 15:117db924cf7c | 298 | static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; |
wolfSSL | 15:117db924cf7c | 299 | |
wolfSSL | 15:117db924cf7c | 300 | static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, |
wolfSSL | 15:117db924cf7c | 301 | const byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 302 | const byte* sr, const byte* cr, |
wolfSSL | 15:117db924cf7c | 303 | int tls1_2, int hash_type, |
wolfSSL | 15:117db924cf7c | 304 | void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 305 | { |
wolfSSL | 15:117db924cf7c | 306 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 307 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 15:117db924cf7c | 308 | DECLARE_VAR(seed, byte, SEED_LEN, heap); |
wolfSSL | 16:8e0d178b1d1e | 309 | if (seed == NULL) |
wolfSSL | 16:8e0d178b1d1e | 310 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 311 | #else |
wolfSSL | 16:8e0d178b1d1e | 312 | byte seed[SEED_LEN]; |
wolfSSL | 16:8e0d178b1d1e | 313 | #endif |
wolfSSL | 15:117db924cf7c | 314 | |
wolfSSL | 15:117db924cf7c | 315 | XMEMCPY(seed, sr, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 316 | XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 317 | |
wolfSSL | 16:8e0d178b1d1e | 318 | #ifdef WOLFSSL_HAVE_PRF |
wolfSSL | 16:8e0d178b1d1e | 319 | ret = wc_PRF_TLS(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, |
wolfSSL | 15:117db924cf7c | 320 | seed, SEED_LEN, tls1_2, hash_type, heap, devId); |
wolfSSL | 16:8e0d178b1d1e | 321 | #else |
wolfSSL | 16:8e0d178b1d1e | 322 | /* Pseudo random function must be enabled in the configuration. */ |
wolfSSL | 16:8e0d178b1d1e | 323 | ret = PRF_MISSING; |
wolfSSL | 16:8e0d178b1d1e | 324 | WOLFSSL_MSG("Pseudo-random function is not enabled"); |
wolfSSL | 16:8e0d178b1d1e | 325 | |
wolfSSL | 16:8e0d178b1d1e | 326 | (void)key_dig; |
wolfSSL | 16:8e0d178b1d1e | 327 | (void)key_dig_len; |
wolfSSL | 16:8e0d178b1d1e | 328 | (void)ms; |
wolfSSL | 16:8e0d178b1d1e | 329 | (void)msLen; |
wolfSSL | 16:8e0d178b1d1e | 330 | (void)tls1_2; |
wolfSSL | 16:8e0d178b1d1e | 331 | (void)hash_type; |
wolfSSL | 16:8e0d178b1d1e | 332 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 333 | (void)devId; |
wolfSSL | 16:8e0d178b1d1e | 334 | (void)key_label; |
wolfSSL | 16:8e0d178b1d1e | 335 | (void)master_label; |
wolfSSL | 16:8e0d178b1d1e | 336 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 16:8e0d178b1d1e | 337 | (void)ext_master_label; |
wolfSSL | 16:8e0d178b1d1e | 338 | #endif |
wolfSSL | 16:8e0d178b1d1e | 339 | #endif |
wolfSSL | 16:8e0d178b1d1e | 340 | |
wolfSSL | 16:8e0d178b1d1e | 341 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 15:117db924cf7c | 342 | FREE_VAR(seed, heap); |
wolfSSL | 16:8e0d178b1d1e | 343 | #endif |
wolfSSL | 15:117db924cf7c | 344 | |
wolfSSL | 15:117db924cf7c | 345 | return ret; |
wolfSSL | 15:117db924cf7c | 346 | } |
wolfSSL | 15:117db924cf7c | 347 | |
wolfSSL | 15:117db924cf7c | 348 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 15:117db924cf7c | 349 | int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len, |
wolfSSL | 15:117db924cf7c | 350 | const byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 351 | const byte* sr, const byte* cr, |
wolfSSL | 15:117db924cf7c | 352 | int tls1_2, int hash_type) |
wolfSSL | 15:117db924cf7c | 353 | { |
wolfSSL | 15:117db924cf7c | 354 | return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2, |
wolfSSL | 15:117db924cf7c | 355 | hash_type, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 356 | } |
wolfSSL | 15:117db924cf7c | 357 | |
wolfSSL | 15:117db924cf7c | 358 | |
wolfSSL | 15:117db924cf7c | 359 | int DeriveTlsKeys(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 360 | { |
wolfSSL | 15:117db924cf7c | 361 | int ret; |
wolfSSL | 15:117db924cf7c | 362 | int key_dig_len = 2 * ssl->specs.hash_size + |
wolfSSL | 15:117db924cf7c | 363 | 2 * ssl->specs.key_size + |
wolfSSL | 15:117db924cf7c | 364 | 2 * ssl->specs.iv_size; |
wolfSSL | 15:117db924cf7c | 365 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 366 | byte* key_dig; |
wolfSSL | 15:117db924cf7c | 367 | #else |
wolfSSL | 15:117db924cf7c | 368 | byte key_dig[MAX_PRF_DIG]; |
wolfSSL | 15:117db924cf7c | 369 | #endif |
wolfSSL | 15:117db924cf7c | 370 | |
wolfSSL | 15:117db924cf7c | 371 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 372 | key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST); |
wolfSSL | 15:117db924cf7c | 373 | if (key_dig == NULL) { |
wolfSSL | 15:117db924cf7c | 374 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 375 | } |
wolfSSL | 15:117db924cf7c | 376 | #endif |
wolfSSL | 16:8e0d178b1d1e | 377 | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
wolfSSL | 16:8e0d178b1d1e | 378 | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
wolfSSL | 16:8e0d178b1d1e | 379 | if (tsip_useable(ssl)) |
wolfSSL | 16:8e0d178b1d1e | 380 | ret = tsip_generateSeesionKey(ssl); |
wolfSSL | 16:8e0d178b1d1e | 381 | else { |
wolfSSL | 16:8e0d178b1d1e | 382 | #endif |
wolfSSL | 15:117db924cf7c | 383 | ret = _DeriveTlsKeys(key_dig, key_dig_len, |
wolfSSL | 15:117db924cf7c | 384 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 15:117db924cf7c | 385 | ssl->arrays->serverRandom, ssl->arrays->clientRandom, |
wolfSSL | 15:117db924cf7c | 386 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 387 | ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 388 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 389 | ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER); |
wolfSSL | 16:8e0d178b1d1e | 390 | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
wolfSSL | 16:8e0d178b1d1e | 391 | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
wolfSSL | 16:8e0d178b1d1e | 392 | } |
wolfSSL | 16:8e0d178b1d1e | 393 | #endif |
wolfSSL | 15:117db924cf7c | 394 | |
wolfSSL | 15:117db924cf7c | 395 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 396 | XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST); |
wolfSSL | 15:117db924cf7c | 397 | #endif |
wolfSSL | 15:117db924cf7c | 398 | |
wolfSSL | 15:117db924cf7c | 399 | return ret; |
wolfSSL | 15:117db924cf7c | 400 | } |
wolfSSL | 15:117db924cf7c | 401 | |
wolfSSL | 15:117db924cf7c | 402 | static int _MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 403 | const byte* pms, word32 pmsLen, |
wolfSSL | 15:117db924cf7c | 404 | const byte* cr, const byte* sr, |
wolfSSL | 15:117db924cf7c | 405 | int tls1_2, int hash_type, |
wolfSSL | 15:117db924cf7c | 406 | void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 407 | { |
wolfSSL | 16:8e0d178b1d1e | 408 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 409 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 16:8e0d178b1d1e | 410 | DECLARE_VAR(seed, byte, SEED_LEN, heap); |
wolfSSL | 16:8e0d178b1d1e | 411 | if (seed == NULL) |
wolfSSL | 16:8e0d178b1d1e | 412 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 413 | #else |
wolfSSL | 16:8e0d178b1d1e | 414 | byte seed[SEED_LEN]; |
wolfSSL | 16:8e0d178b1d1e | 415 | #endif |
wolfSSL | 15:117db924cf7c | 416 | |
wolfSSL | 15:117db924cf7c | 417 | XMEMCPY(seed, cr, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 418 | XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 419 | |
wolfSSL | 16:8e0d178b1d1e | 420 | #ifdef WOLFSSL_HAVE_PRF |
wolfSSL | 16:8e0d178b1d1e | 421 | ret = wc_PRF_TLS(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, |
wolfSSL | 15:117db924cf7c | 422 | seed, SEED_LEN, tls1_2, hash_type, heap, devId); |
wolfSSL | 16:8e0d178b1d1e | 423 | #else |
wolfSSL | 16:8e0d178b1d1e | 424 | /* Pseudo random function must be enabled in the configuration. */ |
wolfSSL | 16:8e0d178b1d1e | 425 | ret = PRF_MISSING; |
wolfSSL | 16:8e0d178b1d1e | 426 | WOLFSSL_MSG("Pseudo-random function is not enabled"); |
wolfSSL | 16:8e0d178b1d1e | 427 | |
wolfSSL | 16:8e0d178b1d1e | 428 | (void)ms; |
wolfSSL | 16:8e0d178b1d1e | 429 | (void)msLen; |
wolfSSL | 16:8e0d178b1d1e | 430 | (void)pms; |
wolfSSL | 16:8e0d178b1d1e | 431 | (void)pmsLen; |
wolfSSL | 16:8e0d178b1d1e | 432 | (void)tls1_2; |
wolfSSL | 16:8e0d178b1d1e | 433 | (void)hash_type; |
wolfSSL | 16:8e0d178b1d1e | 434 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 435 | (void)devId; |
wolfSSL | 16:8e0d178b1d1e | 436 | #endif |
wolfSSL | 16:8e0d178b1d1e | 437 | |
wolfSSL | 16:8e0d178b1d1e | 438 | #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) |
wolfSSL | 16:8e0d178b1d1e | 439 | FREE_VAR(seed, heap); |
wolfSSL | 16:8e0d178b1d1e | 440 | #endif |
wolfSSL | 16:8e0d178b1d1e | 441 | |
wolfSSL | 16:8e0d178b1d1e | 442 | return ret; |
wolfSSL | 15:117db924cf7c | 443 | } |
wolfSSL | 15:117db924cf7c | 444 | |
wolfSSL | 15:117db924cf7c | 445 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 15:117db924cf7c | 446 | int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 447 | const byte* pms, word32 pmsLen, |
wolfSSL | 15:117db924cf7c | 448 | const byte* cr, const byte* sr, |
wolfSSL | 15:117db924cf7c | 449 | int tls1_2, int hash_type) |
wolfSSL | 15:117db924cf7c | 450 | { |
wolfSSL | 15:117db924cf7c | 451 | return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2, |
wolfSSL | 15:117db924cf7c | 452 | hash_type, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 453 | } |
wolfSSL | 15:117db924cf7c | 454 | |
wolfSSL | 15:117db924cf7c | 455 | |
wolfSSL | 15:117db924cf7c | 456 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 457 | |
wolfSSL | 15:117db924cf7c | 458 | static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 459 | const byte* pms, word32 pmsLen, |
wolfSSL | 15:117db924cf7c | 460 | const byte* sHash, word32 sHashLen, |
wolfSSL | 15:117db924cf7c | 461 | int tls1_2, int hash_type, |
wolfSSL | 15:117db924cf7c | 462 | void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 463 | { |
wolfSSL | 16:8e0d178b1d1e | 464 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 465 | |
wolfSSL | 16:8e0d178b1d1e | 466 | #ifdef WOLFSSL_HAVE_PRF |
wolfSSL | 16:8e0d178b1d1e | 467 | ret = wc_PRF_TLS(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ, |
wolfSSL | 15:117db924cf7c | 468 | sHash, sHashLen, tls1_2, hash_type, heap, devId); |
wolfSSL | 16:8e0d178b1d1e | 469 | #else |
wolfSSL | 16:8e0d178b1d1e | 470 | /* Pseudo random function must be enabled in the configuration. */ |
wolfSSL | 16:8e0d178b1d1e | 471 | ret = PRF_MISSING; |
wolfSSL | 16:8e0d178b1d1e | 472 | WOLFSSL_MSG("Pseudo-random function is not enabled"); |
wolfSSL | 16:8e0d178b1d1e | 473 | |
wolfSSL | 16:8e0d178b1d1e | 474 | (void)ms; |
wolfSSL | 16:8e0d178b1d1e | 475 | (void)msLen; |
wolfSSL | 16:8e0d178b1d1e | 476 | (void)pms; |
wolfSSL | 16:8e0d178b1d1e | 477 | (void)pmsLen; |
wolfSSL | 16:8e0d178b1d1e | 478 | (void)sHash; |
wolfSSL | 16:8e0d178b1d1e | 479 | (void)sHashLen; |
wolfSSL | 16:8e0d178b1d1e | 480 | (void)tls1_2; |
wolfSSL | 16:8e0d178b1d1e | 481 | (void)hash_type; |
wolfSSL | 16:8e0d178b1d1e | 482 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 483 | (void)devId; |
wolfSSL | 16:8e0d178b1d1e | 484 | #endif |
wolfSSL | 16:8e0d178b1d1e | 485 | return ret; |
wolfSSL | 15:117db924cf7c | 486 | } |
wolfSSL | 15:117db924cf7c | 487 | |
wolfSSL | 15:117db924cf7c | 488 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 15:117db924cf7c | 489 | int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 15:117db924cf7c | 490 | const byte* pms, word32 pmsLen, |
wolfSSL | 15:117db924cf7c | 491 | const byte* sHash, word32 sHashLen, |
wolfSSL | 15:117db924cf7c | 492 | int tls1_2, int hash_type) |
wolfSSL | 15:117db924cf7c | 493 | { |
wolfSSL | 15:117db924cf7c | 494 | return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen, |
wolfSSL | 15:117db924cf7c | 495 | tls1_2, hash_type, NULL, INVALID_DEVID); |
wolfSSL | 15:117db924cf7c | 496 | } |
wolfSSL | 15:117db924cf7c | 497 | |
wolfSSL | 15:117db924cf7c | 498 | #endif /* HAVE_EXTENDED_MASTER */ |
wolfSSL | 15:117db924cf7c | 499 | |
wolfSSL | 15:117db924cf7c | 500 | |
wolfSSL | 15:117db924cf7c | 501 | int MakeTlsMasterSecret(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 502 | { |
wolfSSL | 16:8e0d178b1d1e | 503 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 504 | |
wolfSSL | 15:117db924cf7c | 505 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 506 | if (ssl->options.haveEMS) { |
wolfSSL | 15:117db924cf7c | 507 | word32 hashSz = HSHASH_SZ; |
wolfSSL | 16:8e0d178b1d1e | 508 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 509 | byte* handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 510 | DYNAMIC_TYPE_DIGEST); |
wolfSSL | 15:117db924cf7c | 511 | if (handshake_hash == NULL) |
wolfSSL | 15:117db924cf7c | 512 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 513 | #else |
wolfSSL | 16:8e0d178b1d1e | 514 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 16:8e0d178b1d1e | 515 | #endif |
wolfSSL | 15:117db924cf7c | 516 | |
wolfSSL | 15:117db924cf7c | 517 | ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); |
wolfSSL | 16:8e0d178b1d1e | 518 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 519 | ret = _MakeTlsExtendedMasterSecret( |
wolfSSL | 15:117db924cf7c | 520 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 15:117db924cf7c | 521 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 15:117db924cf7c | 522 | handshake_hash, hashSz, |
wolfSSL | 15:117db924cf7c | 523 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 524 | ssl->heap, ssl->devId); |
wolfSSL | 16:8e0d178b1d1e | 525 | } |
wolfSSL | 16:8e0d178b1d1e | 526 | |
wolfSSL | 16:8e0d178b1d1e | 527 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 528 | XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); |
wolfSSL | 16:8e0d178b1d1e | 529 | #endif |
wolfSSL | 16:8e0d178b1d1e | 530 | } |
wolfSSL | 16:8e0d178b1d1e | 531 | else |
wolfSSL | 16:8e0d178b1d1e | 532 | #endif /* HAVE_EXTENDED_MASTER */ |
wolfSSL | 16:8e0d178b1d1e | 533 | { |
wolfSSL | 16:8e0d178b1d1e | 534 | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
wolfSSL | 16:8e0d178b1d1e | 535 | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
wolfSSL | 16:8e0d178b1d1e | 536 | if (tsip_useable(ssl)) { |
wolfSSL | 16:8e0d178b1d1e | 537 | ret = tsip_generateMasterSecret( |
wolfSSL | 16:8e0d178b1d1e | 538 | &ssl->arrays->preMasterSecret[VERSION_SZ], |
wolfSSL | 16:8e0d178b1d1e | 539 | ssl->arrays->clientRandom, |
wolfSSL | 16:8e0d178b1d1e | 540 | ssl->arrays->serverRandom, |
wolfSSL | 16:8e0d178b1d1e | 541 | ssl->arrays->tsip_masterSecret); |
wolfSSL | 16:8e0d178b1d1e | 542 | } else |
wolfSSL | 16:8e0d178b1d1e | 543 | #endif |
wolfSSL | 16:8e0d178b1d1e | 544 | ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 15:117db924cf7c | 545 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 15:117db924cf7c | 546 | ssl->arrays->clientRandom, ssl->arrays->serverRandom, |
wolfSSL | 15:117db924cf7c | 547 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 548 | ssl->heap, ssl->devId); |
wolfSSL | 16:8e0d178b1d1e | 549 | } |
wolfSSL | 15:117db924cf7c | 550 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 551 | #ifdef SHOW_SECRETS |
wolfSSL | 16:8e0d178b1d1e | 552 | /* Wireshark Pre-Master-Secret Format: |
wolfSSL | 16:8e0d178b1d1e | 553 | * CLIENT_RANDOM <clientrandom> <mastersecret> |
wolfSSL | 16:8e0d178b1d1e | 554 | */ |
wolfSSL | 16:8e0d178b1d1e | 555 | const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM"; |
wolfSSL | 16:8e0d178b1d1e | 556 | int i, pmsPos = 0; |
wolfSSL | 16:8e0d178b1d1e | 557 | char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1]; |
wolfSSL | 16:8e0d178b1d1e | 558 | |
wolfSSL | 16:8e0d178b1d1e | 559 | XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ", |
wolfSSL | 16:8e0d178b1d1e | 560 | CLIENT_RANDOM_LABEL); |
wolfSSL | 16:8e0d178b1d1e | 561 | pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1; |
wolfSSL | 16:8e0d178b1d1e | 562 | for (i = 0; i < RAN_LEN; i++) { |
wolfSSL | 16:8e0d178b1d1e | 563 | XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", |
wolfSSL | 16:8e0d178b1d1e | 564 | ssl->arrays->clientRandom[i]); |
wolfSSL | 16:8e0d178b1d1e | 565 | pmsPos += 2; |
wolfSSL | 16:8e0d178b1d1e | 566 | } |
wolfSSL | 16:8e0d178b1d1e | 567 | XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " "); |
wolfSSL | 16:8e0d178b1d1e | 568 | pmsPos += 1; |
wolfSSL | 16:8e0d178b1d1e | 569 | for (i = 0; i < SECRET_LEN; i++) { |
wolfSSL | 16:8e0d178b1d1e | 570 | XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", |
wolfSSL | 16:8e0d178b1d1e | 571 | ssl->arrays->masterSecret[i]); |
wolfSSL | 16:8e0d178b1d1e | 572 | pmsPos += 2; |
wolfSSL | 16:8e0d178b1d1e | 573 | } |
wolfSSL | 16:8e0d178b1d1e | 574 | XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n"); |
wolfSSL | 16:8e0d178b1d1e | 575 | pmsPos += 1; |
wolfSSL | 16:8e0d178b1d1e | 576 | |
wolfSSL | 16:8e0d178b1d1e | 577 | /* print master secret */ |
wolfSSL | 16:8e0d178b1d1e | 578 | puts(pmsBuf); |
wolfSSL | 16:8e0d178b1d1e | 579 | |
wolfSSL | 16:8e0d178b1d1e | 580 | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) |
wolfSSL | 16:8e0d178b1d1e | 581 | { |
wolfSSL | 16:8e0d178b1d1e | 582 | FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a"); |
wolfSSL | 16:8e0d178b1d1e | 583 | if (f != XBADFILE) { |
wolfSSL | 16:8e0d178b1d1e | 584 | XFWRITE(pmsBuf, 1, pmsPos, f); |
wolfSSL | 16:8e0d178b1d1e | 585 | XFCLOSE(f); |
wolfSSL | 16:8e0d178b1d1e | 586 | } |
wolfSSL | 16:8e0d178b1d1e | 587 | } |
wolfSSL | 16:8e0d178b1d1e | 588 | #endif |
wolfSSL | 16:8e0d178b1d1e | 589 | #endif /* SHOW_SECRETS */ |
wolfSSL | 15:117db924cf7c | 590 | |
wolfSSL | 15:117db924cf7c | 591 | ret = DeriveTlsKeys(ssl); |
wolfSSL | 15:117db924cf7c | 592 | } |
wolfSSL | 15:117db924cf7c | 593 | |
wolfSSL | 15:117db924cf7c | 594 | return ret; |
wolfSSL | 15:117db924cf7c | 595 | } |
wolfSSL | 15:117db924cf7c | 596 | |
wolfSSL | 15:117db924cf7c | 597 | |
wolfSSL | 15:117db924cf7c | 598 | /* Used by EAP-TLS and EAP-TTLS to derive keying material from |
wolfSSL | 15:117db924cf7c | 599 | * the master_secret. */ |
wolfSSL | 15:117db924cf7c | 600 | int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, |
wolfSSL | 15:117db924cf7c | 601 | const char* label) |
wolfSSL | 15:117db924cf7c | 602 | { |
wolfSSL | 15:117db924cf7c | 603 | int ret; |
wolfSSL | 15:117db924cf7c | 604 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 605 | byte* seed; |
wolfSSL | 15:117db924cf7c | 606 | #else |
wolfSSL | 15:117db924cf7c | 607 | byte seed[SEED_LEN]; |
wolfSSL | 15:117db924cf7c | 608 | #endif |
wolfSSL | 15:117db924cf7c | 609 | |
wolfSSL | 15:117db924cf7c | 610 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 611 | seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED); |
wolfSSL | 15:117db924cf7c | 612 | if (seed == NULL) |
wolfSSL | 15:117db924cf7c | 613 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 614 | #endif |
wolfSSL | 15:117db924cf7c | 615 | |
wolfSSL | 15:117db924cf7c | 616 | /* |
wolfSSL | 15:117db924cf7c | 617 | * As per RFC-5281, the order of the client and server randoms is reversed |
wolfSSL | 15:117db924cf7c | 618 | * from that used by the TLS protocol to derive keys. |
wolfSSL | 15:117db924cf7c | 619 | */ |
wolfSSL | 15:117db924cf7c | 620 | XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 621 | XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); |
wolfSSL | 15:117db924cf7c | 622 | |
wolfSSL | 16:8e0d178b1d1e | 623 | #ifdef WOLFSSL_HAVE_PRF |
wolfSSL | 16:8e0d178b1d1e | 624 | ret = wc_PRF_TLS((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 15:117db924cf7c | 625 | (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN, |
wolfSSL | 15:117db924cf7c | 626 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 627 | ssl->heap, ssl->devId); |
wolfSSL | 16:8e0d178b1d1e | 628 | #else |
wolfSSL | 16:8e0d178b1d1e | 629 | /* Pseudo random function must be enabled in the configuration. */ |
wolfSSL | 16:8e0d178b1d1e | 630 | ret = PRF_MISSING; |
wolfSSL | 16:8e0d178b1d1e | 631 | WOLFSSL_MSG("Pseudo-random function is not enabled"); |
wolfSSL | 16:8e0d178b1d1e | 632 | |
wolfSSL | 16:8e0d178b1d1e | 633 | (void)msk; |
wolfSSL | 16:8e0d178b1d1e | 634 | (void)len; |
wolfSSL | 16:8e0d178b1d1e | 635 | (void)label; |
wolfSSL | 16:8e0d178b1d1e | 636 | #endif |
wolfSSL | 15:117db924cf7c | 637 | |
wolfSSL | 15:117db924cf7c | 638 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 639 | XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED); |
wolfSSL | 15:117db924cf7c | 640 | #endif |
wolfSSL | 15:117db924cf7c | 641 | |
wolfSSL | 15:117db924cf7c | 642 | return ret; |
wolfSSL | 15:117db924cf7c | 643 | } |
wolfSSL | 15:117db924cf7c | 644 | |
wolfSSL | 15:117db924cf7c | 645 | |
wolfSSL | 15:117db924cf7c | 646 | static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) |
wolfSSL | 15:117db924cf7c | 647 | { |
wolfSSL | 15:117db924cf7c | 648 | if (verify) { |
wolfSSL | 15:117db924cf7c | 649 | seq[0] = ssl->keys.peer_sequence_number_hi; |
wolfSSL | 15:117db924cf7c | 650 | seq[1] = ssl->keys.peer_sequence_number_lo++; |
wolfSSL | 15:117db924cf7c | 651 | if (seq[1] > ssl->keys.peer_sequence_number_lo) { |
wolfSSL | 15:117db924cf7c | 652 | /* handle rollover */ |
wolfSSL | 15:117db924cf7c | 653 | ssl->keys.peer_sequence_number_hi++; |
wolfSSL | 15:117db924cf7c | 654 | } |
wolfSSL | 15:117db924cf7c | 655 | } |
wolfSSL | 15:117db924cf7c | 656 | else { |
wolfSSL | 15:117db924cf7c | 657 | seq[0] = ssl->keys.sequence_number_hi; |
wolfSSL | 15:117db924cf7c | 658 | seq[1] = ssl->keys.sequence_number_lo++; |
wolfSSL | 15:117db924cf7c | 659 | if (seq[1] > ssl->keys.sequence_number_lo) { |
wolfSSL | 15:117db924cf7c | 660 | /* handle rollover */ |
wolfSSL | 15:117db924cf7c | 661 | ssl->keys.sequence_number_hi++; |
wolfSSL | 15:117db924cf7c | 662 | } |
wolfSSL | 15:117db924cf7c | 663 | } |
wolfSSL | 15:117db924cf7c | 664 | } |
wolfSSL | 15:117db924cf7c | 665 | |
wolfSSL | 15:117db924cf7c | 666 | |
wolfSSL | 15:117db924cf7c | 667 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 668 | static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2]) |
wolfSSL | 15:117db924cf7c | 669 | { |
wolfSSL | 15:117db924cf7c | 670 | if (order == PREV_ORDER) { |
wolfSSL | 15:117db924cf7c | 671 | /* Previous epoch case */ |
wolfSSL | 16:8e0d178b1d1e | 672 | seq[0] = (((word32)ssl->keys.dtls_epoch - 1) << 16) | |
wolfSSL | 15:117db924cf7c | 673 | (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF); |
wolfSSL | 15:117db924cf7c | 674 | seq[1] = ssl->keys.dtls_prev_sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 675 | } |
wolfSSL | 15:117db924cf7c | 676 | else if (order == PEER_ORDER) { |
wolfSSL | 16:8e0d178b1d1e | 677 | seq[0] = ((word32)ssl->keys.curEpoch << 16) | |
wolfSSL | 15:117db924cf7c | 678 | (ssl->keys.curSeq_hi & 0xFFFF); |
wolfSSL | 15:117db924cf7c | 679 | seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */ |
wolfSSL | 15:117db924cf7c | 680 | } |
wolfSSL | 15:117db924cf7c | 681 | else { |
wolfSSL | 16:8e0d178b1d1e | 682 | seq[0] = ((word32)ssl->keys.dtls_epoch << 16) | |
wolfSSL | 15:117db924cf7c | 683 | (ssl->keys.dtls_sequence_number_hi & 0xFFFF); |
wolfSSL | 15:117db924cf7c | 684 | seq[1] = ssl->keys.dtls_sequence_number_lo; |
wolfSSL | 15:117db924cf7c | 685 | } |
wolfSSL | 15:117db924cf7c | 686 | } |
wolfSSL | 15:117db924cf7c | 687 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 15:117db924cf7c | 688 | |
wolfSSL | 15:117db924cf7c | 689 | |
wolfSSL | 15:117db924cf7c | 690 | static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) |
wolfSSL | 15:117db924cf7c | 691 | { |
wolfSSL | 15:117db924cf7c | 692 | word32 seq[2] = {0, 0}; |
wolfSSL | 15:117db924cf7c | 693 | |
wolfSSL | 15:117db924cf7c | 694 | if (!ssl->options.dtls) { |
wolfSSL | 15:117db924cf7c | 695 | GetSEQIncrement(ssl, verifyOrder, seq); |
wolfSSL | 15:117db924cf7c | 696 | } |
wolfSSL | 15:117db924cf7c | 697 | else { |
wolfSSL | 15:117db924cf7c | 698 | #ifdef WOLFSSL_DTLS |
wolfSSL | 15:117db924cf7c | 699 | DtlsGetSEQ(ssl, verifyOrder, seq); |
wolfSSL | 15:117db924cf7c | 700 | #endif |
wolfSSL | 15:117db924cf7c | 701 | } |
wolfSSL | 15:117db924cf7c | 702 | |
wolfSSL | 15:117db924cf7c | 703 | c32toa(seq[0], out); |
wolfSSL | 15:117db924cf7c | 704 | c32toa(seq[1], out + OPAQUE32_LEN); |
wolfSSL | 15:117db924cf7c | 705 | } |
wolfSSL | 15:117db924cf7c | 706 | |
wolfSSL | 15:117db924cf7c | 707 | |
wolfSSL | 15:117db924cf7c | 708 | /*** end copy ***/ |
wolfSSL | 15:117db924cf7c | 709 | |
wolfSSL | 15:117db924cf7c | 710 | |
wolfSSL | 15:117db924cf7c | 711 | /* return HMAC digest type in wolfSSL format */ |
wolfSSL | 15:117db924cf7c | 712 | int wolfSSL_GetHmacType(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 713 | { |
wolfSSL | 15:117db924cf7c | 714 | if (ssl == NULL) |
wolfSSL | 15:117db924cf7c | 715 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 716 | |
wolfSSL | 15:117db924cf7c | 717 | switch (ssl->specs.mac_algorithm) { |
wolfSSL | 15:117db924cf7c | 718 | #ifndef NO_MD5 |
wolfSSL | 15:117db924cf7c | 719 | case md5_mac: |
wolfSSL | 15:117db924cf7c | 720 | { |
wolfSSL | 15:117db924cf7c | 721 | return WC_MD5; |
wolfSSL | 15:117db924cf7c | 722 | } |
wolfSSL | 15:117db924cf7c | 723 | #endif |
wolfSSL | 15:117db924cf7c | 724 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 725 | case sha256_mac: |
wolfSSL | 15:117db924cf7c | 726 | { |
wolfSSL | 15:117db924cf7c | 727 | return WC_SHA256; |
wolfSSL | 15:117db924cf7c | 728 | } |
wolfSSL | 15:117db924cf7c | 729 | #endif |
wolfSSL | 15:117db924cf7c | 730 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 731 | case sha384_mac: |
wolfSSL | 15:117db924cf7c | 732 | { |
wolfSSL | 15:117db924cf7c | 733 | return WC_SHA384; |
wolfSSL | 15:117db924cf7c | 734 | } |
wolfSSL | 15:117db924cf7c | 735 | |
wolfSSL | 15:117db924cf7c | 736 | #endif |
wolfSSL | 15:117db924cf7c | 737 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 738 | case sha_mac: |
wolfSSL | 15:117db924cf7c | 739 | { |
wolfSSL | 15:117db924cf7c | 740 | return WC_SHA; |
wolfSSL | 15:117db924cf7c | 741 | } |
wolfSSL | 15:117db924cf7c | 742 | #endif |
wolfSSL | 15:117db924cf7c | 743 | #ifdef HAVE_BLAKE2 |
wolfSSL | 15:117db924cf7c | 744 | case blake2b_mac: |
wolfSSL | 15:117db924cf7c | 745 | { |
wolfSSL | 15:117db924cf7c | 746 | return BLAKE2B_ID; |
wolfSSL | 15:117db924cf7c | 747 | } |
wolfSSL | 15:117db924cf7c | 748 | #endif |
wolfSSL | 15:117db924cf7c | 749 | default: |
wolfSSL | 15:117db924cf7c | 750 | { |
wolfSSL | 15:117db924cf7c | 751 | return WOLFSSL_FATAL_ERROR; |
wolfSSL | 15:117db924cf7c | 752 | } |
wolfSSL | 15:117db924cf7c | 753 | } |
wolfSSL | 15:117db924cf7c | 754 | } |
wolfSSL | 15:117db924cf7c | 755 | |
wolfSSL | 15:117db924cf7c | 756 | |
wolfSSL | 15:117db924cf7c | 757 | int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, |
wolfSSL | 15:117db924cf7c | 758 | int verify) |
wolfSSL | 15:117db924cf7c | 759 | { |
wolfSSL | 15:117db924cf7c | 760 | if (ssl == NULL || inner == NULL) |
wolfSSL | 15:117db924cf7c | 761 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 762 | |
wolfSSL | 15:117db924cf7c | 763 | XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 15:117db924cf7c | 764 | |
wolfSSL | 15:117db924cf7c | 765 | WriteSEQ(ssl, verify, inner); |
wolfSSL | 15:117db924cf7c | 766 | inner[SEQ_SZ] = (byte)content; |
wolfSSL | 15:117db924cf7c | 767 | inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; |
wolfSSL | 15:117db924cf7c | 768 | inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; |
wolfSSL | 15:117db924cf7c | 769 | c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); |
wolfSSL | 15:117db924cf7c | 770 | |
wolfSSL | 15:117db924cf7c | 771 | return 0; |
wolfSSL | 15:117db924cf7c | 772 | } |
wolfSSL | 15:117db924cf7c | 773 | |
wolfSSL | 15:117db924cf7c | 774 | |
wolfSSL | 16:8e0d178b1d1e | 775 | #ifndef WOLFSSL_AEAD_ONLY |
wolfSSL | 15:117db924cf7c | 776 | #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ |
wolfSSL | 15:117db924cf7c | 777 | !defined(HAVE_SELFTEST) |
wolfSSL | 15:117db924cf7c | 778 | |
wolfSSL | 15:117db924cf7c | 779 | /* Update the hash in the HMAC. |
wolfSSL | 15:117db924cf7c | 780 | * |
wolfSSL | 15:117db924cf7c | 781 | * hmac HMAC object. |
wolfSSL | 15:117db924cf7c | 782 | * data Data to be hashed. |
wolfSSL | 15:117db924cf7c | 783 | * sz Size of data to hash. |
wolfSSL | 15:117db924cf7c | 784 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 785 | */ |
wolfSSL | 15:117db924cf7c | 786 | static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) |
wolfSSL | 15:117db924cf7c | 787 | { |
wolfSSL | 15:117db924cf7c | 788 | int ret = BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 789 | |
wolfSSL | 15:117db924cf7c | 790 | switch (hmac->macType) { |
wolfSSL | 15:117db924cf7c | 791 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 792 | case WC_SHA: |
wolfSSL | 15:117db924cf7c | 793 | ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); |
wolfSSL | 15:117db924cf7c | 794 | break; |
wolfSSL | 15:117db924cf7c | 795 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 796 | |
wolfSSL | 15:117db924cf7c | 797 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 798 | case WC_SHA256: |
wolfSSL | 15:117db924cf7c | 799 | ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); |
wolfSSL | 15:117db924cf7c | 800 | break; |
wolfSSL | 15:117db924cf7c | 801 | #endif /* !NO_SHA256 */ |
wolfSSL | 15:117db924cf7c | 802 | |
wolfSSL | 15:117db924cf7c | 803 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 804 | case WC_SHA384: |
wolfSSL | 15:117db924cf7c | 805 | ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); |
wolfSSL | 15:117db924cf7c | 806 | break; |
wolfSSL | 15:117db924cf7c | 807 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 15:117db924cf7c | 808 | |
wolfSSL | 15:117db924cf7c | 809 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 810 | case WC_SHA512: |
wolfSSL | 15:117db924cf7c | 811 | ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); |
wolfSSL | 15:117db924cf7c | 812 | break; |
wolfSSL | 15:117db924cf7c | 813 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 15:117db924cf7c | 814 | } |
wolfSSL | 15:117db924cf7c | 815 | |
wolfSSL | 15:117db924cf7c | 816 | return ret; |
wolfSSL | 15:117db924cf7c | 817 | } |
wolfSSL | 15:117db924cf7c | 818 | |
wolfSSL | 15:117db924cf7c | 819 | /* Finalize the hash but don't put the EOC, padding or length in. |
wolfSSL | 15:117db924cf7c | 820 | * |
wolfSSL | 15:117db924cf7c | 821 | * hmac HMAC object. |
wolfSSL | 15:117db924cf7c | 822 | * hash Hash result. |
wolfSSL | 15:117db924cf7c | 823 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 824 | */ |
wolfSSL | 15:117db924cf7c | 825 | static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) |
wolfSSL | 15:117db924cf7c | 826 | { |
wolfSSL | 15:117db924cf7c | 827 | int ret = BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 828 | |
wolfSSL | 15:117db924cf7c | 829 | switch (hmac->macType) { |
wolfSSL | 15:117db924cf7c | 830 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 831 | case WC_SHA: |
wolfSSL | 15:117db924cf7c | 832 | ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); |
wolfSSL | 15:117db924cf7c | 833 | break; |
wolfSSL | 15:117db924cf7c | 834 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 835 | |
wolfSSL | 15:117db924cf7c | 836 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 837 | case WC_SHA256: |
wolfSSL | 15:117db924cf7c | 838 | ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); |
wolfSSL | 15:117db924cf7c | 839 | break; |
wolfSSL | 15:117db924cf7c | 840 | #endif /* !NO_SHA256 */ |
wolfSSL | 15:117db924cf7c | 841 | |
wolfSSL | 15:117db924cf7c | 842 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 843 | case WC_SHA384: |
wolfSSL | 15:117db924cf7c | 844 | ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); |
wolfSSL | 15:117db924cf7c | 845 | break; |
wolfSSL | 15:117db924cf7c | 846 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 15:117db924cf7c | 847 | |
wolfSSL | 15:117db924cf7c | 848 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 849 | case WC_SHA512: |
wolfSSL | 15:117db924cf7c | 850 | ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); |
wolfSSL | 15:117db924cf7c | 851 | break; |
wolfSSL | 15:117db924cf7c | 852 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 15:117db924cf7c | 853 | } |
wolfSSL | 15:117db924cf7c | 854 | |
wolfSSL | 15:117db924cf7c | 855 | return ret; |
wolfSSL | 15:117db924cf7c | 856 | } |
wolfSSL | 15:117db924cf7c | 857 | |
wolfSSL | 15:117db924cf7c | 858 | /* Finalize the HMAC by performing outer hash. |
wolfSSL | 15:117db924cf7c | 859 | * |
wolfSSL | 15:117db924cf7c | 860 | * hmac HMAC object. |
wolfSSL | 15:117db924cf7c | 861 | * mac MAC result. |
wolfSSL | 15:117db924cf7c | 862 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 863 | */ |
wolfSSL | 15:117db924cf7c | 864 | static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) |
wolfSSL | 15:117db924cf7c | 865 | { |
wolfSSL | 15:117db924cf7c | 866 | int ret = BAD_FUNC_ARG; |
wolfSSL | 16:8e0d178b1d1e | 867 | wc_HashAlg hash; |
wolfSSL | 16:8e0d178b1d1e | 868 | enum wc_HashType hashType = (enum wc_HashType)hmac->macType; |
wolfSSL | 16:8e0d178b1d1e | 869 | int digestSz = wc_HashGetDigestSize(hashType); |
wolfSSL | 16:8e0d178b1d1e | 870 | int blockSz = wc_HashGetBlockSize(hashType); |
wolfSSL | 16:8e0d178b1d1e | 871 | |
wolfSSL | 16:8e0d178b1d1e | 872 | if ((digestSz >= 0) && (blockSz >= 0)) { |
wolfSSL | 16:8e0d178b1d1e | 873 | ret = wc_HashInit(&hash, hashType); |
wolfSSL | 16:8e0d178b1d1e | 874 | } |
wolfSSL | 16:8e0d178b1d1e | 875 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 876 | ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad, |
wolfSSL | 16:8e0d178b1d1e | 877 | blockSz); |
wolfSSL | 16:8e0d178b1d1e | 878 | if (ret == 0) |
wolfSSL | 16:8e0d178b1d1e | 879 | ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->innerHash, |
wolfSSL | 16:8e0d178b1d1e | 880 | digestSz); |
wolfSSL | 16:8e0d178b1d1e | 881 | if (ret == 0) |
wolfSSL | 16:8e0d178b1d1e | 882 | ret = wc_HashFinal(&hash, hashType, mac); |
wolfSSL | 16:8e0d178b1d1e | 883 | wc_HashFree(&hash, hashType); |
wolfSSL | 15:117db924cf7c | 884 | } |
wolfSSL | 15:117db924cf7c | 885 | |
wolfSSL | 15:117db924cf7c | 886 | return ret; |
wolfSSL | 15:117db924cf7c | 887 | } |
wolfSSL | 15:117db924cf7c | 888 | |
wolfSSL | 15:117db924cf7c | 889 | /* Calculate the HMAC of the header + message data. |
wolfSSL | 15:117db924cf7c | 890 | * Constant time implementation using wc_Sha*FinalRaw(). |
wolfSSL | 15:117db924cf7c | 891 | * |
wolfSSL | 15:117db924cf7c | 892 | * hmac HMAC object. |
wolfSSL | 15:117db924cf7c | 893 | * digest MAC result. |
wolfSSL | 15:117db924cf7c | 894 | * in Message data. |
wolfSSL | 15:117db924cf7c | 895 | * sz Size of the message data. |
wolfSSL | 15:117db924cf7c | 896 | * header Constructed record header with length of handshake data. |
wolfSSL | 15:117db924cf7c | 897 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 898 | */ |
wolfSSL | 15:117db924cf7c | 899 | static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, |
wolfSSL | 15:117db924cf7c | 900 | word32 sz, byte* header) |
wolfSSL | 15:117db924cf7c | 901 | { |
wolfSSL | 15:117db924cf7c | 902 | byte lenBytes[8]; |
wolfSSL | 15:117db924cf7c | 903 | int i, j, k; |
wolfSSL | 15:117db924cf7c | 904 | int blockBits, blockMask; |
wolfSSL | 16:8e0d178b1d1e | 905 | int lastBlockLen, macLen, extraLen, eocIndex; |
wolfSSL | 15:117db924cf7c | 906 | int blocks, safeBlocks, lenBlock, eocBlock; |
wolfSSL | 15:117db924cf7c | 907 | int maxLen; |
wolfSSL | 15:117db924cf7c | 908 | int blockSz, padSz; |
wolfSSL | 15:117db924cf7c | 909 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 910 | word32 realLen; |
wolfSSL | 15:117db924cf7c | 911 | byte extraBlock; |
wolfSSL | 15:117db924cf7c | 912 | |
wolfSSL | 15:117db924cf7c | 913 | switch (hmac->macType) { |
wolfSSL | 15:117db924cf7c | 914 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 915 | case WC_SHA: |
wolfSSL | 15:117db924cf7c | 916 | blockSz = WC_SHA_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 917 | blockBits = 6; |
wolfSSL | 15:117db924cf7c | 918 | macLen = WC_SHA_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 919 | padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 920 | break; |
wolfSSL | 15:117db924cf7c | 921 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 922 | |
wolfSSL | 15:117db924cf7c | 923 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 924 | case WC_SHA256: |
wolfSSL | 15:117db924cf7c | 925 | blockSz = WC_SHA256_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 926 | blockBits = 6; |
wolfSSL | 15:117db924cf7c | 927 | macLen = WC_SHA256_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 928 | padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 929 | break; |
wolfSSL | 15:117db924cf7c | 930 | #endif /* !NO_SHA256 */ |
wolfSSL | 15:117db924cf7c | 931 | |
wolfSSL | 15:117db924cf7c | 932 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 933 | case WC_SHA384: |
wolfSSL | 15:117db924cf7c | 934 | blockSz = WC_SHA384_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 935 | blockBits = 7; |
wolfSSL | 15:117db924cf7c | 936 | macLen = WC_SHA384_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 937 | padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 938 | break; |
wolfSSL | 15:117db924cf7c | 939 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 15:117db924cf7c | 940 | |
wolfSSL | 15:117db924cf7c | 941 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 942 | case WC_SHA512: |
wolfSSL | 15:117db924cf7c | 943 | blockSz = WC_SHA512_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 944 | blockBits = 7; |
wolfSSL | 15:117db924cf7c | 945 | macLen = WC_SHA512_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 946 | padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 947 | break; |
wolfSSL | 15:117db924cf7c | 948 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 15:117db924cf7c | 949 | |
wolfSSL | 15:117db924cf7c | 950 | default: |
wolfSSL | 15:117db924cf7c | 951 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 952 | } |
wolfSSL | 15:117db924cf7c | 953 | blockMask = blockSz - 1; |
wolfSSL | 15:117db924cf7c | 954 | |
wolfSSL | 15:117db924cf7c | 955 | /* Size of data to HMAC if padding length byte is zero. */ |
wolfSSL | 15:117db924cf7c | 956 | maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; |
wolfSSL | 15:117db924cf7c | 957 | /* Complete data (including padding) has block for EOC and/or length. */ |
wolfSSL | 15:117db924cf7c | 958 | extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); |
wolfSSL | 15:117db924cf7c | 959 | /* Total number of blocks for data including padding. */ |
wolfSSL | 15:117db924cf7c | 960 | blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; |
wolfSSL | 15:117db924cf7c | 961 | /* Up to last 6 blocks can be hashed safely. */ |
wolfSSL | 15:117db924cf7c | 962 | safeBlocks = blocks - 6; |
wolfSSL | 15:117db924cf7c | 963 | |
wolfSSL | 15:117db924cf7c | 964 | /* Length of message data. */ |
wolfSSL | 15:117db924cf7c | 965 | realLen = maxLen - in[sz - 1]; |
wolfSSL | 15:117db924cf7c | 966 | /* Number of message bytes in last block. */ |
wolfSSL | 15:117db924cf7c | 967 | lastBlockLen = realLen & blockMask; |
wolfSSL | 15:117db924cf7c | 968 | /* Number of padding bytes in last block. */ |
wolfSSL | 15:117db924cf7c | 969 | extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; |
wolfSSL | 15:117db924cf7c | 970 | /* Number of blocks to create for hash. */ |
wolfSSL | 15:117db924cf7c | 971 | lenBlock = (realLen + extraLen) >> blockBits; |
wolfSSL | 15:117db924cf7c | 972 | /* Block containing EOC byte. */ |
wolfSSL | 15:117db924cf7c | 973 | eocBlock = realLen >> blockBits; |
wolfSSL | 15:117db924cf7c | 974 | /* Index of EOC byte in block. */ |
wolfSSL | 15:117db924cf7c | 975 | eocIndex = realLen & blockMask; |
wolfSSL | 15:117db924cf7c | 976 | |
wolfSSL | 15:117db924cf7c | 977 | /* Add length of hmac's ipad to total length. */ |
wolfSSL | 15:117db924cf7c | 978 | realLen += blockSz; |
wolfSSL | 15:117db924cf7c | 979 | /* Length as bits - 8 bytes bigendian. */ |
wolfSSL | 15:117db924cf7c | 980 | c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); |
wolfSSL | 15:117db924cf7c | 981 | c32toa(realLen << 3, lenBytes + sizeof(word32)); |
wolfSSL | 15:117db924cf7c | 982 | |
wolfSSL | 15:117db924cf7c | 983 | ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); |
wolfSSL | 15:117db924cf7c | 984 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 985 | return ret; |
wolfSSL | 15:117db924cf7c | 986 | |
wolfSSL | 15:117db924cf7c | 987 | XMEMSET(hmac->innerHash, 0, macLen); |
wolfSSL | 15:117db924cf7c | 988 | |
wolfSSL | 15:117db924cf7c | 989 | if (safeBlocks > 0) { |
wolfSSL | 15:117db924cf7c | 990 | ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 15:117db924cf7c | 991 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 992 | return ret; |
wolfSSL | 15:117db924cf7c | 993 | ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - |
wolfSSL | 15:117db924cf7c | 994 | WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 15:117db924cf7c | 995 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 996 | return ret; |
wolfSSL | 15:117db924cf7c | 997 | } |
wolfSSL | 15:117db924cf7c | 998 | else |
wolfSSL | 15:117db924cf7c | 999 | safeBlocks = 0; |
wolfSSL | 15:117db924cf7c | 1000 | |
wolfSSL | 15:117db924cf7c | 1001 | XMEMSET(digest, 0, macLen); |
wolfSSL | 15:117db924cf7c | 1002 | k = safeBlocks * blockSz; |
wolfSSL | 15:117db924cf7c | 1003 | for (i = safeBlocks; i < blocks; i++) { |
wolfSSL | 15:117db924cf7c | 1004 | unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; |
wolfSSL | 15:117db924cf7c | 1005 | unsigned char isEocBlock = ctMaskEq(i, eocBlock); |
wolfSSL | 15:117db924cf7c | 1006 | unsigned char isOutBlock = ctMaskEq(i, lenBlock); |
wolfSSL | 15:117db924cf7c | 1007 | |
wolfSSL | 15:117db924cf7c | 1008 | for (j = 0; j < blockSz; j++, k++) { |
wolfSSL | 15:117db924cf7c | 1009 | unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; |
wolfSSL | 15:117db924cf7c | 1010 | unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; |
wolfSSL | 15:117db924cf7c | 1011 | unsigned char b = 0; |
wolfSSL | 15:117db924cf7c | 1012 | |
wolfSSL | 15:117db924cf7c | 1013 | if (k < WOLFSSL_TLS_HMAC_INNER_SZ) |
wolfSSL | 15:117db924cf7c | 1014 | b = header[k]; |
wolfSSL | 15:117db924cf7c | 1015 | else if (k < maxLen) |
wolfSSL | 15:117db924cf7c | 1016 | b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 15:117db924cf7c | 1017 | |
wolfSSL | 16:8e0d178b1d1e | 1018 | b = ctMaskSel(atEoc, 0x80, b); |
wolfSSL | 15:117db924cf7c | 1019 | b &= (unsigned char)~(word32)pastEoc; |
wolfSSL | 15:117db924cf7c | 1020 | b &= ((unsigned char)~(word32)isOutBlock) | isEocBlock; |
wolfSSL | 15:117db924cf7c | 1021 | |
wolfSSL | 15:117db924cf7c | 1022 | if (j >= blockSz - 8) { |
wolfSSL | 16:8e0d178b1d1e | 1023 | b = ctMaskSel(isOutBlock, lenBytes[j - (blockSz - 8)], b); |
wolfSSL | 15:117db924cf7c | 1024 | } |
wolfSSL | 15:117db924cf7c | 1025 | |
wolfSSL | 15:117db924cf7c | 1026 | hashBlock[j] = b; |
wolfSSL | 15:117db924cf7c | 1027 | } |
wolfSSL | 15:117db924cf7c | 1028 | |
wolfSSL | 15:117db924cf7c | 1029 | ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); |
wolfSSL | 15:117db924cf7c | 1030 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 1031 | return ret; |
wolfSSL | 15:117db924cf7c | 1032 | ret = Hmac_HashFinalRaw(hmac, hashBlock); |
wolfSSL | 15:117db924cf7c | 1033 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 1034 | return ret; |
wolfSSL | 15:117db924cf7c | 1035 | for (j = 0; j < macLen; j++) |
wolfSSL | 15:117db924cf7c | 1036 | ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; |
wolfSSL | 15:117db924cf7c | 1037 | } |
wolfSSL | 15:117db924cf7c | 1038 | |
wolfSSL | 15:117db924cf7c | 1039 | ret = Hmac_OuterHash(hmac, digest); |
wolfSSL | 15:117db924cf7c | 1040 | |
wolfSSL | 15:117db924cf7c | 1041 | return ret; |
wolfSSL | 15:117db924cf7c | 1042 | } |
wolfSSL | 15:117db924cf7c | 1043 | |
wolfSSL | 15:117db924cf7c | 1044 | #endif |
wolfSSL | 15:117db924cf7c | 1045 | |
wolfSSL | 15:117db924cf7c | 1046 | #if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \ |
wolfSSL | 15:117db924cf7c | 1047 | defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2) |
wolfSSL | 15:117db924cf7c | 1048 | |
wolfSSL | 15:117db924cf7c | 1049 | /* Calculate the HMAC of the header + message data. |
wolfSSL | 15:117db924cf7c | 1050 | * Constant time implementation using normal hashing operations. |
wolfSSL | 15:117db924cf7c | 1051 | * Update-Final need to be constant time. |
wolfSSL | 15:117db924cf7c | 1052 | * |
wolfSSL | 15:117db924cf7c | 1053 | * hmac HMAC object. |
wolfSSL | 15:117db924cf7c | 1054 | * digest MAC result. |
wolfSSL | 15:117db924cf7c | 1055 | * in Message data. |
wolfSSL | 15:117db924cf7c | 1056 | * sz Size of the message data. |
wolfSSL | 15:117db924cf7c | 1057 | * header Constructed record header with length of handshake data. |
wolfSSL | 15:117db924cf7c | 1058 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 1059 | */ |
wolfSSL | 15:117db924cf7c | 1060 | static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, |
wolfSSL | 15:117db924cf7c | 1061 | word32 sz, byte* header) |
wolfSSL | 15:117db924cf7c | 1062 | { |
wolfSSL | 15:117db924cf7c | 1063 | byte dummy[WC_MAX_BLOCK_SIZE] = {0}; |
wolfSSL | 15:117db924cf7c | 1064 | int ret; |
wolfSSL | 15:117db924cf7c | 1065 | word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; |
wolfSSL | 16:8e0d178b1d1e | 1066 | word32 currSz, offset = 0; |
wolfSSL | 15:117db924cf7c | 1067 | int msgBlocks, blocks, blockBits; |
wolfSSL | 15:117db924cf7c | 1068 | int i; |
wolfSSL | 15:117db924cf7c | 1069 | |
wolfSSL | 15:117db924cf7c | 1070 | switch (hmac->macType) { |
wolfSSL | 15:117db924cf7c | 1071 | #ifndef NO_SHA |
wolfSSL | 15:117db924cf7c | 1072 | case WC_SHA: |
wolfSSL | 15:117db924cf7c | 1073 | blockSz = WC_SHA_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 1074 | blockBits = 6; |
wolfSSL | 15:117db924cf7c | 1075 | macSz = WC_SHA_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 1076 | padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 1077 | break; |
wolfSSL | 15:117db924cf7c | 1078 | #endif /* !NO_SHA */ |
wolfSSL | 15:117db924cf7c | 1079 | |
wolfSSL | 15:117db924cf7c | 1080 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 1081 | case WC_SHA256: |
wolfSSL | 15:117db924cf7c | 1082 | blockSz = WC_SHA256_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 1083 | blockBits = 6; |
wolfSSL | 15:117db924cf7c | 1084 | macSz = WC_SHA256_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 1085 | padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 1086 | break; |
wolfSSL | 15:117db924cf7c | 1087 | #endif /* !NO_SHA256 */ |
wolfSSL | 15:117db924cf7c | 1088 | |
wolfSSL | 15:117db924cf7c | 1089 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 1090 | case WC_SHA384: |
wolfSSL | 15:117db924cf7c | 1091 | blockSz = WC_SHA384_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 1092 | blockBits = 7; |
wolfSSL | 15:117db924cf7c | 1093 | macSz = WC_SHA384_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 1094 | padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 1095 | break; |
wolfSSL | 15:117db924cf7c | 1096 | #endif /* WOLFSSL_SHA384 */ |
wolfSSL | 15:117db924cf7c | 1097 | |
wolfSSL | 15:117db924cf7c | 1098 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 1099 | case WC_SHA512: |
wolfSSL | 15:117db924cf7c | 1100 | blockSz = WC_SHA512_BLOCK_SIZE; |
wolfSSL | 15:117db924cf7c | 1101 | blockBits = 7; |
wolfSSL | 15:117db924cf7c | 1102 | macSz = WC_SHA512_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 1103 | padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; |
wolfSSL | 15:117db924cf7c | 1104 | break; |
wolfSSL | 15:117db924cf7c | 1105 | #endif /* WOLFSSL_SHA512 */ |
wolfSSL | 15:117db924cf7c | 1106 | |
wolfSSL | 15:117db924cf7c | 1107 | #ifdef HAVE_BLAKE2 |
wolfSSL | 15:117db924cf7c | 1108 | case WC_HASH_TYPE_BLAKE2B: |
wolfSSL | 15:117db924cf7c | 1109 | blockSz = BLAKE2B_BLOCKBYTES; |
wolfSSL | 15:117db924cf7c | 1110 | blockBits = 7; |
wolfSSL | 15:117db924cf7c | 1111 | macSz = BLAKE2B_256; |
wolfSSL | 15:117db924cf7c | 1112 | padSz = 0; |
wolfSSL | 15:117db924cf7c | 1113 | break; |
wolfSSL | 15:117db924cf7c | 1114 | #endif /* HAVE_BLAK2 */ |
wolfSSL | 15:117db924cf7c | 1115 | |
wolfSSL | 15:117db924cf7c | 1116 | default: |
wolfSSL | 15:117db924cf7c | 1117 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 1118 | } |
wolfSSL | 15:117db924cf7c | 1119 | |
wolfSSL | 15:117db924cf7c | 1120 | msgSz = sz - (1 + in[sz - 1] + macSz); |
wolfSSL | 15:117db924cf7c | 1121 | /* Make negative result 0 */ |
wolfSSL | 15:117db924cf7c | 1122 | msgSz &= ~(0 - (msgSz >> 31)); |
wolfSSL | 15:117db924cf7c | 1123 | realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; |
wolfSSL | 15:117db924cf7c | 1124 | maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; |
wolfSSL | 15:117db924cf7c | 1125 | |
wolfSSL | 15:117db924cf7c | 1126 | /* Calculate #blocks processed in HMAC for max and real data. */ |
wolfSSL | 15:117db924cf7c | 1127 | blocks = maxSz >> blockBits; |
wolfSSL | 15:117db924cf7c | 1128 | blocks += ((maxSz + padSz) % blockSz) < padSz; |
wolfSSL | 15:117db924cf7c | 1129 | msgBlocks = realSz >> blockBits; |
wolfSSL | 15:117db924cf7c | 1130 | /* #Extra blocks to process. */ |
wolfSSL | 15:117db924cf7c | 1131 | blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); |
wolfSSL | 15:117db924cf7c | 1132 | /* Calculate whole blocks. */ |
wolfSSL | 15:117db924cf7c | 1133 | msgBlocks--; |
wolfSSL | 15:117db924cf7c | 1134 | |
wolfSSL | 15:117db924cf7c | 1135 | ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 15:117db924cf7c | 1136 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 1137 | /* Fill the rest of the block with any available data. */ |
wolfSSL | 15:117db924cf7c | 1138 | currSz = ctMaskLT(msgSz, blockSz) & msgSz; |
wolfSSL | 15:117db924cf7c | 1139 | currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; |
wolfSSL | 15:117db924cf7c | 1140 | currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; |
wolfSSL | 15:117db924cf7c | 1141 | currSz &= ~(0 - (currSz >> 31)); |
wolfSSL | 15:117db924cf7c | 1142 | ret = wc_HmacUpdate(hmac, in, currSz); |
wolfSSL | 15:117db924cf7c | 1143 | offset = currSz; |
wolfSSL | 15:117db924cf7c | 1144 | } |
wolfSSL | 15:117db924cf7c | 1145 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 1146 | /* Do the hash operations on a block basis. */ |
wolfSSL | 15:117db924cf7c | 1147 | for (i = 0; i < msgBlocks; i++, offset += blockSz) { |
wolfSSL | 15:117db924cf7c | 1148 | ret = wc_HmacUpdate(hmac, in + offset, blockSz); |
wolfSSL | 15:117db924cf7c | 1149 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 1150 | break; |
wolfSSL | 15:117db924cf7c | 1151 | } |
wolfSSL | 15:117db924cf7c | 1152 | } |
wolfSSL | 15:117db924cf7c | 1153 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 1154 | ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); |
wolfSSL | 15:117db924cf7c | 1155 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 1156 | ret = wc_HmacFinal(hmac, digest); |
wolfSSL | 15:117db924cf7c | 1157 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 1158 | /* Do the dummy hash operations. Do at least one. */ |
wolfSSL | 15:117db924cf7c | 1159 | for (i = 0; i < blocks + 1; i++) { |
wolfSSL | 15:117db924cf7c | 1160 | ret = wc_HmacUpdate(hmac, dummy, blockSz); |
wolfSSL | 15:117db924cf7c | 1161 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 1162 | break; |
wolfSSL | 15:117db924cf7c | 1163 | } |
wolfSSL | 15:117db924cf7c | 1164 | } |
wolfSSL | 15:117db924cf7c | 1165 | |
wolfSSL | 15:117db924cf7c | 1166 | return ret; |
wolfSSL | 15:117db924cf7c | 1167 | } |
wolfSSL | 15:117db924cf7c | 1168 | |
wolfSSL | 15:117db924cf7c | 1169 | #endif |
wolfSSL | 15:117db924cf7c | 1170 | |
wolfSSL | 15:117db924cf7c | 1171 | int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, |
wolfSSL | 15:117db924cf7c | 1172 | int content, int verify) |
wolfSSL | 15:117db924cf7c | 1173 | { |
wolfSSL | 15:117db924cf7c | 1174 | Hmac hmac; |
wolfSSL | 15:117db924cf7c | 1175 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 15:117db924cf7c | 1176 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 1177 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 16:8e0d178b1d1e | 1178 | word32 hashSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ |
wolfSSL | 16:8e0d178b1d1e | 1179 | : ssl->specs.hash_size; |
wolfSSL | 16:8e0d178b1d1e | 1180 | #else |
wolfSSL | 16:8e0d178b1d1e | 1181 | word32 hashSz = ssl->specs.hash_size; |
wolfSSL | 16:8e0d178b1d1e | 1182 | #endif |
wolfSSL | 15:117db924cf7c | 1183 | |
wolfSSL | 15:117db924cf7c | 1184 | if (ssl == NULL) |
wolfSSL | 15:117db924cf7c | 1185 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 1186 | |
wolfSSL | 15:117db924cf7c | 1187 | #ifdef HAVE_FUZZER |
wolfSSL | 15:117db924cf7c | 1188 | /* Fuzz "in" buffer with sz to be used in HMAC algorithm */ |
wolfSSL | 15:117db924cf7c | 1189 | if (ssl->fuzzerCb) { |
wolfSSL | 15:117db924cf7c | 1190 | if (verify && padSz >= 0) { |
wolfSSL | 16:8e0d178b1d1e | 1191 | ssl->fuzzerCb(ssl, in, sz + hashSz + padSz + 1, FUZZ_HMAC, |
wolfSSL | 16:8e0d178b1d1e | 1192 | ssl->fuzzerCtx); |
wolfSSL | 15:117db924cf7c | 1193 | } |
wolfSSL | 15:117db924cf7c | 1194 | else { |
wolfSSL | 15:117db924cf7c | 1195 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
wolfSSL | 15:117db924cf7c | 1196 | } |
wolfSSL | 15:117db924cf7c | 1197 | } |
wolfSSL | 15:117db924cf7c | 1198 | #endif |
wolfSSL | 15:117db924cf7c | 1199 | |
wolfSSL | 15:117db924cf7c | 1200 | wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); |
wolfSSL | 16:8e0d178b1d1e | 1201 | #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
wolfSSL | 16:8e0d178b1d1e | 1202 | !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) |
wolfSSL | 16:8e0d178b1d1e | 1203 | if (tsip_useable(ssl)) { |
wolfSSL | 16:8e0d178b1d1e | 1204 | if (ssl->specs.hash_size == WC_SHA_DIGEST_SIZE) |
wolfSSL | 16:8e0d178b1d1e | 1205 | ret = tsip_Sha1Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, |
wolfSSL | 16:8e0d178b1d1e | 1206 | in, sz, digest, verify); |
wolfSSL | 16:8e0d178b1d1e | 1207 | else if (ssl->specs.hash_size == WC_SHA256_DIGEST_SIZE) |
wolfSSL | 16:8e0d178b1d1e | 1208 | ret = tsip_Sha256Hmac(ssl, myInner, WOLFSSL_TLS_HMAC_INNER_SZ, |
wolfSSL | 16:8e0d178b1d1e | 1209 | in, sz, digest, verify); |
wolfSSL | 16:8e0d178b1d1e | 1210 | else |
wolfSSL | 16:8e0d178b1d1e | 1211 | ret = TSIP_MAC_DIGSZ_E; |
wolfSSL | 16:8e0d178b1d1e | 1212 | |
wolfSSL | 16:8e0d178b1d1e | 1213 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 1214 | } |
wolfSSL | 16:8e0d178b1d1e | 1215 | #endif |
wolfSSL | 15:117db924cf7c | 1216 | ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 1217 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 1218 | return ret; |
wolfSSL | 15:117db924cf7c | 1219 | |
wolfSSL | 15:117db924cf7c | 1220 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 15:117db924cf7c | 1221 | wolfSSL_GetMacSecret(ssl, verify), |
wolfSSL | 15:117db924cf7c | 1222 | ssl->specs.hash_size); |
wolfSSL | 15:117db924cf7c | 1223 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 1224 | /* Constant time verification required. */ |
wolfSSL | 15:117db924cf7c | 1225 | if (verify && padSz >= 0) { |
wolfSSL | 15:117db924cf7c | 1226 | #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ |
wolfSSL | 15:117db924cf7c | 1227 | !defined(HAVE_SELFTEST) |
wolfSSL | 15:117db924cf7c | 1228 | #ifdef HAVE_BLAKE2 |
wolfSSL | 15:117db924cf7c | 1229 | if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { |
wolfSSL | 16:8e0d178b1d1e | 1230 | ret = Hmac_UpdateFinal(&hmac, digest, in, |
wolfSSL | 16:8e0d178b1d1e | 1231 | sz + hashSz + padSz + 1, myInner); |
wolfSSL | 15:117db924cf7c | 1232 | } |
wolfSSL | 15:117db924cf7c | 1233 | else |
wolfSSL | 15:117db924cf7c | 1234 | #endif |
wolfSSL | 15:117db924cf7c | 1235 | { |
wolfSSL | 16:8e0d178b1d1e | 1236 | ret = Hmac_UpdateFinal_CT(&hmac, digest, in, |
wolfSSL | 16:8e0d178b1d1e | 1237 | sz + hashSz + padSz + 1, myInner); |
wolfSSL | 15:117db924cf7c | 1238 | } |
wolfSSL | 15:117db924cf7c | 1239 | #else |
wolfSSL | 16:8e0d178b1d1e | 1240 | ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, |
wolfSSL | 16:8e0d178b1d1e | 1241 | myInner); |
wolfSSL | 15:117db924cf7c | 1242 | #endif |
wolfSSL | 15:117db924cf7c | 1243 | } |
wolfSSL | 15:117db924cf7c | 1244 | else { |
wolfSSL | 15:117db924cf7c | 1245 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 15:117db924cf7c | 1246 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 1247 | ret = wc_HmacUpdate(&hmac, in, sz); /* content */ |
wolfSSL | 15:117db924cf7c | 1248 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 1249 | ret = wc_HmacFinal(&hmac, digest); |
wolfSSL | 15:117db924cf7c | 1250 | } |
wolfSSL | 15:117db924cf7c | 1251 | } |
wolfSSL | 15:117db924cf7c | 1252 | |
wolfSSL | 15:117db924cf7c | 1253 | wc_HmacFree(&hmac); |
wolfSSL | 15:117db924cf7c | 1254 | |
wolfSSL | 15:117db924cf7c | 1255 | return ret; |
wolfSSL | 15:117db924cf7c | 1256 | } |
wolfSSL | 16:8e0d178b1d1e | 1257 | #endif /* WOLFSSL_AEAD_ONLY */ |
wolfSSL | 15:117db924cf7c | 1258 | |
wolfSSL | 15:117db924cf7c | 1259 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 15:117db924cf7c | 1260 | |
wolfSSL | 15:117db924cf7c | 1261 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 15:117db924cf7c | 1262 | |
wolfSSL | 15:117db924cf7c | 1263 | /** |
wolfSSL | 15:117db924cf7c | 1264 | * The TLSX semaphore is used to calculate the size of the extensions to be sent |
wolfSSL | 15:117db924cf7c | 1265 | * from one peer to another. |
wolfSSL | 15:117db924cf7c | 1266 | */ |
wolfSSL | 15:117db924cf7c | 1267 | |
wolfSSL | 15:117db924cf7c | 1268 | /** Supports up to 64 flags. Increase as needed. */ |
wolfSSL | 15:117db924cf7c | 1269 | #define SEMAPHORE_SIZE 8 |
wolfSSL | 15:117db924cf7c | 1270 | |
wolfSSL | 15:117db924cf7c | 1271 | /** |
wolfSSL | 15:117db924cf7c | 1272 | * Converts the extension type (id) to an index in the semaphore. |
wolfSSL | 15:117db924cf7c | 1273 | * |
wolfSSL | 16:8e0d178b1d1e | 1274 | * Official reference for TLS extension types: |
wolfSSL | 15:117db924cf7c | 1275 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml |
wolfSSL | 15:117db924cf7c | 1276 | * |
wolfSSL | 15:117db924cf7c | 1277 | * Motivation: |
wolfSSL | 15:117db924cf7c | 1278 | * Previously, we used the extension type itself as the index of that |
wolfSSL | 15:117db924cf7c | 1279 | * extension in the semaphore as the extension types were declared |
wolfSSL | 15:117db924cf7c | 1280 | * sequentially, but maintain a semaphore as big as the number of available |
wolfSSL | 15:117db924cf7c | 1281 | * extensions is no longer an option since the release of renegotiation_info. |
wolfSSL | 15:117db924cf7c | 1282 | * |
wolfSSL | 15:117db924cf7c | 1283 | * How to update: |
wolfSSL | 15:117db924cf7c | 1284 | * Assign extension types that extrapolate the number of available semaphores |
wolfSSL | 15:117db924cf7c | 1285 | * to the first available index going backwards in the semaphore array. |
wolfSSL | 15:117db924cf7c | 1286 | * When adding a new extension type that don't extrapolate the number of |
wolfSSL | 15:117db924cf7c | 1287 | * available semaphores, check for a possible collision with with a |
wolfSSL | 15:117db924cf7c | 1288 | * 'remapped' extension type. |
wolfSSL | 15:117db924cf7c | 1289 | */ |
wolfSSL | 15:117db924cf7c | 1290 | static WC_INLINE word16 TLSX_ToSemaphore(word16 type) |
wolfSSL | 15:117db924cf7c | 1291 | { |
wolfSSL | 15:117db924cf7c | 1292 | switch (type) { |
wolfSSL | 15:117db924cf7c | 1293 | |
wolfSSL | 15:117db924cf7c | 1294 | case TLSX_RENEGOTIATION_INFO: /* 0xFF01 */ |
wolfSSL | 15:117db924cf7c | 1295 | return 63; |
wolfSSL | 15:117db924cf7c | 1296 | |
wolfSSL | 15:117db924cf7c | 1297 | default: |
wolfSSL | 15:117db924cf7c | 1298 | if (type > 62) { |
wolfSSL | 15:117db924cf7c | 1299 | /* This message SHOULD only happens during the adding of |
wolfSSL | 15:117db924cf7c | 1300 | new TLS extensions in which its IANA number overflows |
wolfSSL | 15:117db924cf7c | 1301 | the current semaphore's range, or if its number already |
wolfSSL | 15:117db924cf7c | 1302 | is assigned to be used by another extension. |
wolfSSL | 15:117db924cf7c | 1303 | Use this check value for the new extension and decrement |
wolfSSL | 15:117db924cf7c | 1304 | the check value by one. */ |
wolfSSL | 16:8e0d178b1d1e | 1305 | WOLFSSL_MSG("### TLSX semaphore collision or overflow detected!"); |
wolfSSL | 15:117db924cf7c | 1306 | } |
wolfSSL | 15:117db924cf7c | 1307 | } |
wolfSSL | 15:117db924cf7c | 1308 | |
wolfSSL | 15:117db924cf7c | 1309 | return type; |
wolfSSL | 15:117db924cf7c | 1310 | } |
wolfSSL | 15:117db924cf7c | 1311 | |
wolfSSL | 15:117db924cf7c | 1312 | /** Checks if a specific light (tls extension) is not set in the semaphore. */ |
wolfSSL | 15:117db924cf7c | 1313 | #define IS_OFF(semaphore, light) \ |
wolfSSL | 15:117db924cf7c | 1314 | (!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8))))) |
wolfSSL | 15:117db924cf7c | 1315 | |
wolfSSL | 15:117db924cf7c | 1316 | /** Turn on a specific light (tls extension) in the semaphore. */ |
wolfSSL | 15:117db924cf7c | 1317 | /* the semaphore marks the extensions already written to the message */ |
wolfSSL | 15:117db924cf7c | 1318 | #define TURN_ON(semaphore, light) \ |
wolfSSL | 15:117db924cf7c | 1319 | ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) |
wolfSSL | 15:117db924cf7c | 1320 | |
wolfSSL | 15:117db924cf7c | 1321 | /** Turn off a specific light (tls extension) in the semaphore. */ |
wolfSSL | 15:117db924cf7c | 1322 | #define TURN_OFF(semaphore, light) \ |
wolfSSL | 15:117db924cf7c | 1323 | ((semaphore)[(light) / 8] &= (byte) ~(0x01 << ((light) % 8))) |
wolfSSL | 15:117db924cf7c | 1324 | |
wolfSSL | 15:117db924cf7c | 1325 | /** Creates a new extension. */ |
wolfSSL | 15:117db924cf7c | 1326 | static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap) |
wolfSSL | 15:117db924cf7c | 1327 | { |
wolfSSL | 15:117db924cf7c | 1328 | TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1329 | |
wolfSSL | 15:117db924cf7c | 1330 | (void)heap; |
wolfSSL | 15:117db924cf7c | 1331 | |
wolfSSL | 15:117db924cf7c | 1332 | if (extension) { |
wolfSSL | 15:117db924cf7c | 1333 | extension->type = type; |
wolfSSL | 15:117db924cf7c | 1334 | extension->data = data; |
wolfSSL | 15:117db924cf7c | 1335 | extension->resp = 0; |
wolfSSL | 15:117db924cf7c | 1336 | extension->next = NULL; |
wolfSSL | 15:117db924cf7c | 1337 | } |
wolfSSL | 15:117db924cf7c | 1338 | |
wolfSSL | 15:117db924cf7c | 1339 | return extension; |
wolfSSL | 15:117db924cf7c | 1340 | } |
wolfSSL | 15:117db924cf7c | 1341 | |
wolfSSL | 15:117db924cf7c | 1342 | /** |
wolfSSL | 15:117db924cf7c | 1343 | * Creates a new extension and pushes it to the provided list. |
wolfSSL | 15:117db924cf7c | 1344 | * Checks for duplicate extensions, keeps the newest. |
wolfSSL | 15:117db924cf7c | 1345 | */ |
wolfSSL | 15:117db924cf7c | 1346 | static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap) |
wolfSSL | 15:117db924cf7c | 1347 | { |
wolfSSL | 15:117db924cf7c | 1348 | TLSX* extension = TLSX_New(type, data, heap); |
wolfSSL | 15:117db924cf7c | 1349 | |
wolfSSL | 15:117db924cf7c | 1350 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 1351 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 1352 | |
wolfSSL | 15:117db924cf7c | 1353 | /* pushes the new extension on the list. */ |
wolfSSL | 15:117db924cf7c | 1354 | extension->next = *list; |
wolfSSL | 15:117db924cf7c | 1355 | *list = extension; |
wolfSSL | 15:117db924cf7c | 1356 | |
wolfSSL | 15:117db924cf7c | 1357 | /* remove duplicate extensions, there should be only one of each type. */ |
wolfSSL | 15:117db924cf7c | 1358 | do { |
wolfSSL | 15:117db924cf7c | 1359 | if (extension->next && extension->next->type == type) { |
wolfSSL | 15:117db924cf7c | 1360 | TLSX *next = extension->next; |
wolfSSL | 15:117db924cf7c | 1361 | |
wolfSSL | 15:117db924cf7c | 1362 | extension->next = next->next; |
wolfSSL | 15:117db924cf7c | 1363 | next->next = NULL; |
wolfSSL | 15:117db924cf7c | 1364 | |
wolfSSL | 15:117db924cf7c | 1365 | TLSX_FreeAll(next, heap); |
wolfSSL | 15:117db924cf7c | 1366 | |
wolfSSL | 15:117db924cf7c | 1367 | /* there is no way to occur more than |
wolfSSL | 15:117db924cf7c | 1368 | * two extensions of the same type. |
wolfSSL | 15:117db924cf7c | 1369 | */ |
wolfSSL | 15:117db924cf7c | 1370 | break; |
wolfSSL | 15:117db924cf7c | 1371 | } |
wolfSSL | 15:117db924cf7c | 1372 | } while ((extension = extension->next)); |
wolfSSL | 15:117db924cf7c | 1373 | |
wolfSSL | 15:117db924cf7c | 1374 | return 0; |
wolfSSL | 15:117db924cf7c | 1375 | } |
wolfSSL | 15:117db924cf7c | 1376 | |
wolfSSL | 15:117db924cf7c | 1377 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 1378 | |
wolfSSL | 15:117db924cf7c | 1379 | int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 15:117db924cf7c | 1380 | |
wolfSSL | 15:117db924cf7c | 1381 | int TLSX_CheckUnsupportedExtension(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 15:117db924cf7c | 1382 | { |
wolfSSL | 15:117db924cf7c | 1383 | TLSX *extension = TLSX_Find(ssl->extensions, type); |
wolfSSL | 15:117db924cf7c | 1384 | |
wolfSSL | 15:117db924cf7c | 1385 | if (!extension) |
wolfSSL | 15:117db924cf7c | 1386 | extension = TLSX_Find(ssl->ctx->extensions, type); |
wolfSSL | 15:117db924cf7c | 1387 | |
wolfSSL | 15:117db924cf7c | 1388 | return extension == NULL; |
wolfSSL | 15:117db924cf7c | 1389 | } |
wolfSSL | 15:117db924cf7c | 1390 | |
wolfSSL | 15:117db924cf7c | 1391 | int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl); |
wolfSSL | 15:117db924cf7c | 1392 | |
wolfSSL | 15:117db924cf7c | 1393 | int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 1394 | { |
wolfSSL | 15:117db924cf7c | 1395 | SendAlert(ssl, alert_fatal, unsupported_extension); |
wolfSSL | 15:117db924cf7c | 1396 | return UNSUPPORTED_EXTENSION; |
wolfSSL | 15:117db924cf7c | 1397 | } |
wolfSSL | 15:117db924cf7c | 1398 | |
wolfSSL | 15:117db924cf7c | 1399 | #else |
wolfSSL | 15:117db924cf7c | 1400 | |
wolfSSL | 15:117db924cf7c | 1401 | #define TLSX_CheckUnsupportedExtension(ssl, type) 0 |
wolfSSL | 15:117db924cf7c | 1402 | #define TLSX_HandleUnsupportedExtension(ssl) 0 |
wolfSSL | 15:117db924cf7c | 1403 | |
wolfSSL | 15:117db924cf7c | 1404 | #endif |
wolfSSL | 15:117db924cf7c | 1405 | |
wolfSSL | 15:117db924cf7c | 1406 | /** Mark an extension to be sent back to the client. */ |
wolfSSL | 15:117db924cf7c | 1407 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 15:117db924cf7c | 1408 | |
wolfSSL | 15:117db924cf7c | 1409 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 15:117db924cf7c | 1410 | { |
wolfSSL | 15:117db924cf7c | 1411 | TLSX *extension = TLSX_Find(ssl->extensions, type); |
wolfSSL | 15:117db924cf7c | 1412 | |
wolfSSL | 15:117db924cf7c | 1413 | if (extension) |
wolfSSL | 15:117db924cf7c | 1414 | extension->resp = 1; |
wolfSSL | 15:117db924cf7c | 1415 | } |
wolfSSL | 15:117db924cf7c | 1416 | |
wolfSSL | 15:117db924cf7c | 1417 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 1418 | /* Application-Layer Protocol Negotiation */ |
wolfSSL | 15:117db924cf7c | 1419 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 1420 | |
wolfSSL | 15:117db924cf7c | 1421 | #ifdef HAVE_ALPN |
wolfSSL | 15:117db924cf7c | 1422 | /** Creates a new ALPN object, providing protocol name to use. */ |
wolfSSL | 15:117db924cf7c | 1423 | static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz, |
wolfSSL | 15:117db924cf7c | 1424 | void* heap) |
wolfSSL | 15:117db924cf7c | 1425 | { |
wolfSSL | 15:117db924cf7c | 1426 | ALPN *alpn; |
wolfSSL | 15:117db924cf7c | 1427 | |
wolfSSL | 15:117db924cf7c | 1428 | WOLFSSL_ENTER("TLSX_ALPN_New"); |
wolfSSL | 15:117db924cf7c | 1429 | |
wolfSSL | 15:117db924cf7c | 1430 | if (protocol_name == NULL || |
wolfSSL | 15:117db924cf7c | 1431 | protocol_nameSz > WOLFSSL_MAX_ALPN_PROTO_NAME_LEN) { |
wolfSSL | 15:117db924cf7c | 1432 | WOLFSSL_MSG("Invalid arguments"); |
wolfSSL | 15:117db924cf7c | 1433 | return NULL; |
wolfSSL | 15:117db924cf7c | 1434 | } |
wolfSSL | 15:117db924cf7c | 1435 | |
wolfSSL | 15:117db924cf7c | 1436 | alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1437 | if (alpn == NULL) { |
wolfSSL | 15:117db924cf7c | 1438 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 15:117db924cf7c | 1439 | return NULL; |
wolfSSL | 15:117db924cf7c | 1440 | } |
wolfSSL | 15:117db924cf7c | 1441 | |
wolfSSL | 15:117db924cf7c | 1442 | alpn->next = NULL; |
wolfSSL | 15:117db924cf7c | 1443 | alpn->negotiated = 0; |
wolfSSL | 15:117db924cf7c | 1444 | alpn->options = 0; |
wolfSSL | 15:117db924cf7c | 1445 | |
wolfSSL | 15:117db924cf7c | 1446 | alpn->protocol_name = (char*)XMALLOC(protocol_nameSz + 1, |
wolfSSL | 15:117db924cf7c | 1447 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1448 | if (alpn->protocol_name == NULL) { |
wolfSSL | 15:117db924cf7c | 1449 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 15:117db924cf7c | 1450 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1451 | return NULL; |
wolfSSL | 15:117db924cf7c | 1452 | } |
wolfSSL | 15:117db924cf7c | 1453 | |
wolfSSL | 15:117db924cf7c | 1454 | XMEMCPY(alpn->protocol_name, protocol_name, protocol_nameSz); |
wolfSSL | 15:117db924cf7c | 1455 | alpn->protocol_name[protocol_nameSz] = 0; |
wolfSSL | 15:117db924cf7c | 1456 | |
wolfSSL | 16:8e0d178b1d1e | 1457 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 1458 | |
wolfSSL | 15:117db924cf7c | 1459 | return alpn; |
wolfSSL | 15:117db924cf7c | 1460 | } |
wolfSSL | 15:117db924cf7c | 1461 | |
wolfSSL | 15:117db924cf7c | 1462 | /** Releases an ALPN object. */ |
wolfSSL | 15:117db924cf7c | 1463 | static void TLSX_ALPN_Free(ALPN *alpn, void* heap) |
wolfSSL | 15:117db924cf7c | 1464 | { |
wolfSSL | 15:117db924cf7c | 1465 | (void)heap; |
wolfSSL | 15:117db924cf7c | 1466 | |
wolfSSL | 15:117db924cf7c | 1467 | if (alpn == NULL) |
wolfSSL | 15:117db924cf7c | 1468 | return; |
wolfSSL | 15:117db924cf7c | 1469 | |
wolfSSL | 15:117db924cf7c | 1470 | XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1471 | XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1472 | } |
wolfSSL | 15:117db924cf7c | 1473 | |
wolfSSL | 15:117db924cf7c | 1474 | /** Releases all ALPN objects in the provided list. */ |
wolfSSL | 15:117db924cf7c | 1475 | static void TLSX_ALPN_FreeAll(ALPN *list, void* heap) |
wolfSSL | 15:117db924cf7c | 1476 | { |
wolfSSL | 15:117db924cf7c | 1477 | ALPN* alpn; |
wolfSSL | 15:117db924cf7c | 1478 | |
wolfSSL | 15:117db924cf7c | 1479 | while ((alpn = list)) { |
wolfSSL | 15:117db924cf7c | 1480 | list = alpn->next; |
wolfSSL | 15:117db924cf7c | 1481 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 15:117db924cf7c | 1482 | } |
wolfSSL | 15:117db924cf7c | 1483 | } |
wolfSSL | 15:117db924cf7c | 1484 | |
wolfSSL | 15:117db924cf7c | 1485 | /** Tells the buffered size of the ALPN objects in a list. */ |
wolfSSL | 15:117db924cf7c | 1486 | static word16 TLSX_ALPN_GetSize(ALPN *list) |
wolfSSL | 15:117db924cf7c | 1487 | { |
wolfSSL | 15:117db924cf7c | 1488 | ALPN* alpn; |
wolfSSL | 15:117db924cf7c | 1489 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 15:117db924cf7c | 1490 | |
wolfSSL | 15:117db924cf7c | 1491 | while ((alpn = list)) { |
wolfSSL | 15:117db924cf7c | 1492 | list = alpn->next; |
wolfSSL | 15:117db924cf7c | 1493 | |
wolfSSL | 15:117db924cf7c | 1494 | length++; /* protocol name length is on one byte */ |
wolfSSL | 15:117db924cf7c | 1495 | length += (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 15:117db924cf7c | 1496 | } |
wolfSSL | 15:117db924cf7c | 1497 | |
wolfSSL | 15:117db924cf7c | 1498 | return length; |
wolfSSL | 15:117db924cf7c | 1499 | } |
wolfSSL | 15:117db924cf7c | 1500 | |
wolfSSL | 15:117db924cf7c | 1501 | /** Writes the ALPN objects of a list in a buffer. */ |
wolfSSL | 15:117db924cf7c | 1502 | static word16 TLSX_ALPN_Write(ALPN *list, byte *output) |
wolfSSL | 15:117db924cf7c | 1503 | { |
wolfSSL | 15:117db924cf7c | 1504 | ALPN* alpn; |
wolfSSL | 15:117db924cf7c | 1505 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 1506 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 15:117db924cf7c | 1507 | |
wolfSSL | 15:117db924cf7c | 1508 | while ((alpn = list)) { |
wolfSSL | 15:117db924cf7c | 1509 | list = alpn->next; |
wolfSSL | 15:117db924cf7c | 1510 | |
wolfSSL | 15:117db924cf7c | 1511 | length = (word16)XSTRLEN(alpn->protocol_name); |
wolfSSL | 15:117db924cf7c | 1512 | |
wolfSSL | 15:117db924cf7c | 1513 | /* protocol name length */ |
wolfSSL | 15:117db924cf7c | 1514 | output[offset++] = (byte)length; |
wolfSSL | 15:117db924cf7c | 1515 | |
wolfSSL | 15:117db924cf7c | 1516 | /* protocol name value */ |
wolfSSL | 15:117db924cf7c | 1517 | XMEMCPY(output + offset, alpn->protocol_name, length); |
wolfSSL | 15:117db924cf7c | 1518 | |
wolfSSL | 15:117db924cf7c | 1519 | offset += length; |
wolfSSL | 15:117db924cf7c | 1520 | } |
wolfSSL | 15:117db924cf7c | 1521 | |
wolfSSL | 15:117db924cf7c | 1522 | /* writing list length */ |
wolfSSL | 15:117db924cf7c | 1523 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 15:117db924cf7c | 1524 | |
wolfSSL | 15:117db924cf7c | 1525 | return offset; |
wolfSSL | 15:117db924cf7c | 1526 | } |
wolfSSL | 15:117db924cf7c | 1527 | |
wolfSSL | 15:117db924cf7c | 1528 | /** Finds a protocol name in the provided ALPN list */ |
wolfSSL | 15:117db924cf7c | 1529 | static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size) |
wolfSSL | 15:117db924cf7c | 1530 | { |
wolfSSL | 15:117db924cf7c | 1531 | ALPN *alpn; |
wolfSSL | 15:117db924cf7c | 1532 | |
wolfSSL | 15:117db924cf7c | 1533 | if (list == NULL || protocol_name == NULL) |
wolfSSL | 15:117db924cf7c | 1534 | return NULL; |
wolfSSL | 15:117db924cf7c | 1535 | |
wolfSSL | 15:117db924cf7c | 1536 | alpn = list; |
wolfSSL | 15:117db924cf7c | 1537 | while (alpn != NULL && ( |
wolfSSL | 15:117db924cf7c | 1538 | (word16)XSTRLEN(alpn->protocol_name) != size || |
wolfSSL | 15:117db924cf7c | 1539 | XSTRNCMP(alpn->protocol_name, protocol_name, size))) |
wolfSSL | 15:117db924cf7c | 1540 | alpn = alpn->next; |
wolfSSL | 15:117db924cf7c | 1541 | |
wolfSSL | 15:117db924cf7c | 1542 | return alpn; |
wolfSSL | 15:117db924cf7c | 1543 | } |
wolfSSL | 15:117db924cf7c | 1544 | |
wolfSSL | 15:117db924cf7c | 1545 | /** Set the ALPN matching client and server requirements */ |
wolfSSL | 15:117db924cf7c | 1546 | static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size, |
wolfSSL | 15:117db924cf7c | 1547 | void* heap) |
wolfSSL | 15:117db924cf7c | 1548 | { |
wolfSSL | 15:117db924cf7c | 1549 | ALPN *alpn; |
wolfSSL | 15:117db924cf7c | 1550 | int ret; |
wolfSSL | 15:117db924cf7c | 1551 | |
wolfSSL | 15:117db924cf7c | 1552 | if (extensions == NULL || data == NULL) |
wolfSSL | 15:117db924cf7c | 1553 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 1554 | |
wolfSSL | 15:117db924cf7c | 1555 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 15:117db924cf7c | 1556 | if (alpn == NULL) { |
wolfSSL | 15:117db924cf7c | 1557 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 15:117db924cf7c | 1558 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 1559 | } |
wolfSSL | 15:117db924cf7c | 1560 | |
wolfSSL | 15:117db924cf7c | 1561 | alpn->negotiated = 1; |
wolfSSL | 15:117db924cf7c | 1562 | |
wolfSSL | 15:117db924cf7c | 1563 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn, |
wolfSSL | 15:117db924cf7c | 1564 | heap); |
wolfSSL | 15:117db924cf7c | 1565 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 1566 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 15:117db924cf7c | 1567 | return ret; |
wolfSSL | 15:117db924cf7c | 1568 | } |
wolfSSL | 15:117db924cf7c | 1569 | |
wolfSSL | 15:117db924cf7c | 1570 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 1571 | } |
wolfSSL | 15:117db924cf7c | 1572 | |
wolfSSL | 15:117db924cf7c | 1573 | /** Parses a buffer of ALPN extensions and set the first one matching |
wolfSSL | 15:117db924cf7c | 1574 | * client and server requirements */ |
wolfSSL | 15:117db924cf7c | 1575 | static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, |
wolfSSL | 15:117db924cf7c | 1576 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 1577 | { |
wolfSSL | 15:117db924cf7c | 1578 | word16 size = 0, offset = 0, idx = 0; |
wolfSSL | 15:117db924cf7c | 1579 | int r = BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 1580 | byte match = 0; |
wolfSSL | 15:117db924cf7c | 1581 | TLSX *extension; |
wolfSSL | 15:117db924cf7c | 1582 | ALPN *alpn = NULL, *list; |
wolfSSL | 15:117db924cf7c | 1583 | |
wolfSSL | 15:117db924cf7c | 1584 | if (OPAQUE16_LEN > length) |
wolfSSL | 15:117db924cf7c | 1585 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 1586 | |
wolfSSL | 15:117db924cf7c | 1587 | ato16(input, &size); |
wolfSSL | 15:117db924cf7c | 1588 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 1589 | |
wolfSSL | 16:8e0d178b1d1e | 1590 | if (size == 0) |
wolfSSL | 16:8e0d178b1d1e | 1591 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 1592 | |
wolfSSL | 15:117db924cf7c | 1593 | extension = TLSX_Find(ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1594 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 1595 | extension = TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 15:117db924cf7c | 1596 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1597 | |
wolfSSL | 15:117db924cf7c | 1598 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 15:117db924cf7c | 1599 | if (ssl->alpnSelect != NULL) { |
wolfSSL | 15:117db924cf7c | 1600 | const byte* out; |
wolfSSL | 15:117db924cf7c | 1601 | unsigned char outLen; |
wolfSSL | 15:117db924cf7c | 1602 | |
wolfSSL | 15:117db924cf7c | 1603 | if (ssl->alpnSelect(ssl, &out, &outLen, input + offset, size, |
wolfSSL | 15:117db924cf7c | 1604 | ssl->alpnSelectArg) == 0) { |
wolfSSL | 15:117db924cf7c | 1605 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 15:117db924cf7c | 1606 | if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap) |
wolfSSL | 15:117db924cf7c | 1607 | == WOLFSSL_SUCCESS) { |
wolfSSL | 15:117db924cf7c | 1608 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 1609 | extension = TLSX_Find(ssl->extensions, |
wolfSSL | 15:117db924cf7c | 1610 | TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1611 | } |
wolfSSL | 15:117db924cf7c | 1612 | } |
wolfSSL | 15:117db924cf7c | 1613 | } |
wolfSSL | 15:117db924cf7c | 1614 | } |
wolfSSL | 15:117db924cf7c | 1615 | #endif |
wolfSSL | 15:117db924cf7c | 1616 | |
wolfSSL | 15:117db924cf7c | 1617 | if (extension == NULL || extension->data == NULL) { |
wolfSSL | 15:117db924cf7c | 1618 | return isRequest ? 0 |
wolfSSL | 15:117db924cf7c | 1619 | : TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 1620 | } |
wolfSSL | 15:117db924cf7c | 1621 | |
wolfSSL | 15:117db924cf7c | 1622 | /* validating alpn list length */ |
wolfSSL | 15:117db924cf7c | 1623 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 15:117db924cf7c | 1624 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 1625 | |
wolfSSL | 15:117db924cf7c | 1626 | list = (ALPN*)extension->data; |
wolfSSL | 15:117db924cf7c | 1627 | |
wolfSSL | 15:117db924cf7c | 1628 | /* keep the list sent by client */ |
wolfSSL | 15:117db924cf7c | 1629 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 1630 | if (ssl->alpn_client_list != NULL) |
wolfSSL | 15:117db924cf7c | 1631 | XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN); |
wolfSSL | 15:117db924cf7c | 1632 | |
wolfSSL | 15:117db924cf7c | 1633 | ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap, |
wolfSSL | 15:117db924cf7c | 1634 | DYNAMIC_TYPE_ALPN); |
wolfSSL | 15:117db924cf7c | 1635 | if (ssl->alpn_client_list == NULL) |
wolfSSL | 15:117db924cf7c | 1636 | return MEMORY_ERROR; |
wolfSSL | 15:117db924cf7c | 1637 | } |
wolfSSL | 15:117db924cf7c | 1638 | |
wolfSSL | 15:117db924cf7c | 1639 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 15:117db924cf7c | 1640 | |
wolfSSL | 15:117db924cf7c | 1641 | size = input[offset++]; |
wolfSSL | 16:8e0d178b1d1e | 1642 | if (offset + size > length || size == 0) |
wolfSSL | 15:117db924cf7c | 1643 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 1644 | |
wolfSSL | 15:117db924cf7c | 1645 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 1646 | XMEMCPY(ssl->alpn_client_list+idx, (char*)input + offset, size); |
wolfSSL | 15:117db924cf7c | 1647 | idx += size; |
wolfSSL | 15:117db924cf7c | 1648 | ssl->alpn_client_list[idx++] = ','; |
wolfSSL | 15:117db924cf7c | 1649 | } |
wolfSSL | 15:117db924cf7c | 1650 | |
wolfSSL | 15:117db924cf7c | 1651 | if (!match) { |
wolfSSL | 15:117db924cf7c | 1652 | alpn = TLSX_ALPN_Find(list, (char*)input + offset, size); |
wolfSSL | 15:117db924cf7c | 1653 | if (alpn != NULL) { |
wolfSSL | 15:117db924cf7c | 1654 | WOLFSSL_MSG("ALPN protocol match"); |
wolfSSL | 15:117db924cf7c | 1655 | match = 1; |
wolfSSL | 15:117db924cf7c | 1656 | |
wolfSSL | 15:117db924cf7c | 1657 | /* skip reading other values if not required */ |
wolfSSL | 15:117db924cf7c | 1658 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 1659 | break; |
wolfSSL | 15:117db924cf7c | 1660 | } |
wolfSSL | 15:117db924cf7c | 1661 | } |
wolfSSL | 15:117db924cf7c | 1662 | } |
wolfSSL | 15:117db924cf7c | 1663 | |
wolfSSL | 15:117db924cf7c | 1664 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 1665 | ssl->alpn_client_list[idx-1] = 0; |
wolfSSL | 15:117db924cf7c | 1666 | |
wolfSSL | 15:117db924cf7c | 1667 | if (!match) { |
wolfSSL | 15:117db924cf7c | 1668 | WOLFSSL_MSG("No ALPN protocol match"); |
wolfSSL | 15:117db924cf7c | 1669 | |
wolfSSL | 15:117db924cf7c | 1670 | /* do nothing if no protocol match between client and server and option |
wolfSSL | 15:117db924cf7c | 1671 | is set to continue (like OpenSSL) */ |
wolfSSL | 15:117db924cf7c | 1672 | if (list->options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) { |
wolfSSL | 15:117db924cf7c | 1673 | WOLFSSL_MSG("Continue on mismatch"); |
wolfSSL | 15:117db924cf7c | 1674 | return 0; |
wolfSSL | 15:117db924cf7c | 1675 | } |
wolfSSL | 15:117db924cf7c | 1676 | |
wolfSSL | 15:117db924cf7c | 1677 | SendAlert(ssl, alert_fatal, no_application_protocol); |
wolfSSL | 15:117db924cf7c | 1678 | return UNKNOWN_ALPN_PROTOCOL_NAME_E; |
wolfSSL | 15:117db924cf7c | 1679 | } |
wolfSSL | 15:117db924cf7c | 1680 | |
wolfSSL | 15:117db924cf7c | 1681 | /* set the matching negotiated protocol */ |
wolfSSL | 15:117db924cf7c | 1682 | r = TLSX_SetALPN(&ssl->extensions, |
wolfSSL | 15:117db924cf7c | 1683 | alpn->protocol_name, |
wolfSSL | 15:117db924cf7c | 1684 | (word16)XSTRLEN(alpn->protocol_name), |
wolfSSL | 15:117db924cf7c | 1685 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 1686 | if (r != WOLFSSL_SUCCESS) { |
wolfSSL | 15:117db924cf7c | 1687 | WOLFSSL_MSG("TLSX_UseALPN failed"); |
wolfSSL | 15:117db924cf7c | 1688 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 1689 | } |
wolfSSL | 15:117db924cf7c | 1690 | |
wolfSSL | 15:117db924cf7c | 1691 | /* reply to ALPN extension sent from client */ |
wolfSSL | 15:117db924cf7c | 1692 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 1693 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 1694 | TLSX_SetResponse(ssl, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1695 | #endif |
wolfSSL | 15:117db924cf7c | 1696 | } |
wolfSSL | 15:117db924cf7c | 1697 | |
wolfSSL | 15:117db924cf7c | 1698 | return 0; |
wolfSSL | 15:117db924cf7c | 1699 | } |
wolfSSL | 15:117db924cf7c | 1700 | |
wolfSSL | 15:117db924cf7c | 1701 | /** Add a protocol name to the list of accepted usable ones */ |
wolfSSL | 15:117db924cf7c | 1702 | int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options, |
wolfSSL | 15:117db924cf7c | 1703 | void* heap) |
wolfSSL | 15:117db924cf7c | 1704 | { |
wolfSSL | 15:117db924cf7c | 1705 | ALPN *alpn; |
wolfSSL | 15:117db924cf7c | 1706 | TLSX *extension; |
wolfSSL | 15:117db924cf7c | 1707 | int ret; |
wolfSSL | 15:117db924cf7c | 1708 | |
wolfSSL | 15:117db924cf7c | 1709 | if (extensions == NULL || data == NULL) |
wolfSSL | 15:117db924cf7c | 1710 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 1711 | |
wolfSSL | 15:117db924cf7c | 1712 | alpn = TLSX_ALPN_New((char *)data, size, heap); |
wolfSSL | 15:117db924cf7c | 1713 | if (alpn == NULL) { |
wolfSSL | 15:117db924cf7c | 1714 | WOLFSSL_MSG("Memory failure"); |
wolfSSL | 15:117db924cf7c | 1715 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 1716 | } |
wolfSSL | 15:117db924cf7c | 1717 | |
wolfSSL | 15:117db924cf7c | 1718 | /* Set Options of ALPN */ |
wolfSSL | 15:117db924cf7c | 1719 | alpn->options = options; |
wolfSSL | 15:117db924cf7c | 1720 | |
wolfSSL | 15:117db924cf7c | 1721 | extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1722 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 1723 | ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, |
wolfSSL | 15:117db924cf7c | 1724 | (void*)alpn, heap); |
wolfSSL | 15:117db924cf7c | 1725 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 1726 | TLSX_ALPN_Free(alpn, heap); |
wolfSSL | 15:117db924cf7c | 1727 | return ret; |
wolfSSL | 15:117db924cf7c | 1728 | } |
wolfSSL | 15:117db924cf7c | 1729 | } |
wolfSSL | 15:117db924cf7c | 1730 | else { |
wolfSSL | 15:117db924cf7c | 1731 | /* push new ALPN object to extension data. */ |
wolfSSL | 15:117db924cf7c | 1732 | alpn->next = (ALPN*)extension->data; |
wolfSSL | 15:117db924cf7c | 1733 | extension->data = (void*)alpn; |
wolfSSL | 15:117db924cf7c | 1734 | } |
wolfSSL | 15:117db924cf7c | 1735 | |
wolfSSL | 15:117db924cf7c | 1736 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 1737 | } |
wolfSSL | 15:117db924cf7c | 1738 | |
wolfSSL | 15:117db924cf7c | 1739 | /** Get the protocol name set by the server */ |
wolfSSL | 15:117db924cf7c | 1740 | int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) |
wolfSSL | 15:117db924cf7c | 1741 | { |
wolfSSL | 15:117db924cf7c | 1742 | TLSX *extension; |
wolfSSL | 15:117db924cf7c | 1743 | ALPN *alpn; |
wolfSSL | 15:117db924cf7c | 1744 | |
wolfSSL | 15:117db924cf7c | 1745 | if (extensions == NULL || data == NULL || dataSz == NULL) |
wolfSSL | 15:117db924cf7c | 1746 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 1747 | |
wolfSSL | 15:117db924cf7c | 1748 | extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL); |
wolfSSL | 15:117db924cf7c | 1749 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 1750 | WOLFSSL_MSG("TLS extension not found"); |
wolfSSL | 15:117db924cf7c | 1751 | return WOLFSSL_ALPN_NOT_FOUND; |
wolfSSL | 15:117db924cf7c | 1752 | } |
wolfSSL | 15:117db924cf7c | 1753 | |
wolfSSL | 15:117db924cf7c | 1754 | alpn = (ALPN *)extension->data; |
wolfSSL | 15:117db924cf7c | 1755 | if (alpn == NULL) { |
wolfSSL | 15:117db924cf7c | 1756 | WOLFSSL_MSG("ALPN extension not found"); |
wolfSSL | 15:117db924cf7c | 1757 | *data = NULL; |
wolfSSL | 15:117db924cf7c | 1758 | *dataSz = 0; |
wolfSSL | 15:117db924cf7c | 1759 | return WOLFSSL_FATAL_ERROR; |
wolfSSL | 15:117db924cf7c | 1760 | } |
wolfSSL | 15:117db924cf7c | 1761 | |
wolfSSL | 15:117db924cf7c | 1762 | if (alpn->negotiated != 1) { |
wolfSSL | 15:117db924cf7c | 1763 | |
wolfSSL | 15:117db924cf7c | 1764 | /* consider as an error */ |
wolfSSL | 15:117db924cf7c | 1765 | if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) { |
wolfSSL | 15:117db924cf7c | 1766 | WOLFSSL_MSG("No protocol match with peer -> Failed"); |
wolfSSL | 15:117db924cf7c | 1767 | return WOLFSSL_FATAL_ERROR; |
wolfSSL | 15:117db924cf7c | 1768 | } |
wolfSSL | 15:117db924cf7c | 1769 | |
wolfSSL | 15:117db924cf7c | 1770 | /* continue without negotiated protocol */ |
wolfSSL | 15:117db924cf7c | 1771 | WOLFSSL_MSG("No protocol match with peer -> Continue"); |
wolfSSL | 15:117db924cf7c | 1772 | return WOLFSSL_ALPN_NOT_FOUND; |
wolfSSL | 15:117db924cf7c | 1773 | } |
wolfSSL | 15:117db924cf7c | 1774 | |
wolfSSL | 15:117db924cf7c | 1775 | if (alpn->next != NULL) { |
wolfSSL | 15:117db924cf7c | 1776 | WOLFSSL_MSG("Only one protocol name must be accepted"); |
wolfSSL | 15:117db924cf7c | 1777 | return WOLFSSL_FATAL_ERROR; |
wolfSSL | 15:117db924cf7c | 1778 | } |
wolfSSL | 15:117db924cf7c | 1779 | |
wolfSSL | 15:117db924cf7c | 1780 | *data = alpn->protocol_name; |
wolfSSL | 15:117db924cf7c | 1781 | *dataSz = (word16)XSTRLEN((char*)*data); |
wolfSSL | 15:117db924cf7c | 1782 | |
wolfSSL | 15:117db924cf7c | 1783 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 1784 | } |
wolfSSL | 15:117db924cf7c | 1785 | |
wolfSSL | 15:117db924cf7c | 1786 | #define ALPN_FREE_ALL TLSX_ALPN_FreeAll |
wolfSSL | 15:117db924cf7c | 1787 | #define ALPN_GET_SIZE TLSX_ALPN_GetSize |
wolfSSL | 15:117db924cf7c | 1788 | #define ALPN_WRITE TLSX_ALPN_Write |
wolfSSL | 15:117db924cf7c | 1789 | #define ALPN_PARSE TLSX_ALPN_ParseAndSet |
wolfSSL | 15:117db924cf7c | 1790 | |
wolfSSL | 15:117db924cf7c | 1791 | #else /* HAVE_ALPN */ |
wolfSSL | 15:117db924cf7c | 1792 | |
wolfSSL | 15:117db924cf7c | 1793 | #define ALPN_FREE_ALL(list, heap) |
wolfSSL | 15:117db924cf7c | 1794 | #define ALPN_GET_SIZE(list) 0 |
wolfSSL | 15:117db924cf7c | 1795 | #define ALPN_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 1796 | #define ALPN_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 1797 | |
wolfSSL | 15:117db924cf7c | 1798 | #endif /* HAVE_ALPN */ |
wolfSSL | 15:117db924cf7c | 1799 | |
wolfSSL | 15:117db924cf7c | 1800 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 1801 | /* Server Name Indication */ |
wolfSSL | 15:117db924cf7c | 1802 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 1803 | |
wolfSSL | 15:117db924cf7c | 1804 | #ifdef HAVE_SNI |
wolfSSL | 15:117db924cf7c | 1805 | |
wolfSSL | 15:117db924cf7c | 1806 | /** Creates a new SNI object. */ |
wolfSSL | 15:117db924cf7c | 1807 | static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap) |
wolfSSL | 15:117db924cf7c | 1808 | { |
wolfSSL | 15:117db924cf7c | 1809 | SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1810 | |
wolfSSL | 16:8e0d178b1d1e | 1811 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 1812 | |
wolfSSL | 15:117db924cf7c | 1813 | if (sni) { |
wolfSSL | 15:117db924cf7c | 1814 | sni->type = type; |
wolfSSL | 15:117db924cf7c | 1815 | sni->next = NULL; |
wolfSSL | 15:117db924cf7c | 1816 | |
wolfSSL | 15:117db924cf7c | 1817 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 1818 | sni->options = 0; |
wolfSSL | 15:117db924cf7c | 1819 | sni->status = WOLFSSL_SNI_NO_MATCH; |
wolfSSL | 15:117db924cf7c | 1820 | #endif |
wolfSSL | 15:117db924cf7c | 1821 | |
wolfSSL | 15:117db924cf7c | 1822 | switch (sni->type) { |
wolfSSL | 15:117db924cf7c | 1823 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 15:117db924cf7c | 1824 | sni->data.host_name = (char*)XMALLOC(size + 1, heap, |
wolfSSL | 15:117db924cf7c | 1825 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1826 | if (sni->data.host_name) { |
wolfSSL | 15:117db924cf7c | 1827 | XSTRNCPY(sni->data.host_name, (const char*)data, size); |
wolfSSL | 15:117db924cf7c | 1828 | sni->data.host_name[size] = '\0'; |
wolfSSL | 15:117db924cf7c | 1829 | } else { |
wolfSSL | 15:117db924cf7c | 1830 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1831 | sni = NULL; |
wolfSSL | 15:117db924cf7c | 1832 | } |
wolfSSL | 15:117db924cf7c | 1833 | break; |
wolfSSL | 15:117db924cf7c | 1834 | |
wolfSSL | 15:117db924cf7c | 1835 | default: /* invalid type */ |
wolfSSL | 15:117db924cf7c | 1836 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1837 | sni = NULL; |
wolfSSL | 15:117db924cf7c | 1838 | } |
wolfSSL | 15:117db924cf7c | 1839 | } |
wolfSSL | 15:117db924cf7c | 1840 | |
wolfSSL | 15:117db924cf7c | 1841 | return sni; |
wolfSSL | 15:117db924cf7c | 1842 | } |
wolfSSL | 15:117db924cf7c | 1843 | |
wolfSSL | 15:117db924cf7c | 1844 | /** Releases a SNI object. */ |
wolfSSL | 15:117db924cf7c | 1845 | static void TLSX_SNI_Free(SNI* sni, void* heap) |
wolfSSL | 15:117db924cf7c | 1846 | { |
wolfSSL | 15:117db924cf7c | 1847 | if (sni) { |
wolfSSL | 15:117db924cf7c | 1848 | switch (sni->type) { |
wolfSSL | 15:117db924cf7c | 1849 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 15:117db924cf7c | 1850 | XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1851 | break; |
wolfSSL | 15:117db924cf7c | 1852 | } |
wolfSSL | 15:117db924cf7c | 1853 | |
wolfSSL | 15:117db924cf7c | 1854 | XFREE(sni, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 1855 | } |
wolfSSL | 15:117db924cf7c | 1856 | (void)heap; |
wolfSSL | 15:117db924cf7c | 1857 | } |
wolfSSL | 15:117db924cf7c | 1858 | |
wolfSSL | 15:117db924cf7c | 1859 | /** Releases all SNI objects in the provided list. */ |
wolfSSL | 15:117db924cf7c | 1860 | static void TLSX_SNI_FreeAll(SNI* list, void* heap) |
wolfSSL | 15:117db924cf7c | 1861 | { |
wolfSSL | 15:117db924cf7c | 1862 | SNI* sni; |
wolfSSL | 15:117db924cf7c | 1863 | |
wolfSSL | 15:117db924cf7c | 1864 | while ((sni = list)) { |
wolfSSL | 15:117db924cf7c | 1865 | list = sni->next; |
wolfSSL | 15:117db924cf7c | 1866 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 15:117db924cf7c | 1867 | } |
wolfSSL | 15:117db924cf7c | 1868 | } |
wolfSSL | 15:117db924cf7c | 1869 | |
wolfSSL | 15:117db924cf7c | 1870 | /** Tells the buffered size of the SNI objects in a list. */ |
wolfSSL | 15:117db924cf7c | 1871 | static word16 TLSX_SNI_GetSize(SNI* list) |
wolfSSL | 15:117db924cf7c | 1872 | { |
wolfSSL | 15:117db924cf7c | 1873 | SNI* sni; |
wolfSSL | 15:117db924cf7c | 1874 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 15:117db924cf7c | 1875 | |
wolfSSL | 15:117db924cf7c | 1876 | while ((sni = list)) { |
wolfSSL | 15:117db924cf7c | 1877 | list = sni->next; |
wolfSSL | 15:117db924cf7c | 1878 | |
wolfSSL | 15:117db924cf7c | 1879 | length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ |
wolfSSL | 15:117db924cf7c | 1880 | |
wolfSSL | 15:117db924cf7c | 1881 | switch (sni->type) { |
wolfSSL | 15:117db924cf7c | 1882 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 15:117db924cf7c | 1883 | length += (word16)XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 15:117db924cf7c | 1884 | break; |
wolfSSL | 15:117db924cf7c | 1885 | } |
wolfSSL | 15:117db924cf7c | 1886 | } |
wolfSSL | 15:117db924cf7c | 1887 | |
wolfSSL | 15:117db924cf7c | 1888 | return length; |
wolfSSL | 15:117db924cf7c | 1889 | } |
wolfSSL | 15:117db924cf7c | 1890 | |
wolfSSL | 15:117db924cf7c | 1891 | /** Writes the SNI objects of a list in a buffer. */ |
wolfSSL | 15:117db924cf7c | 1892 | static word16 TLSX_SNI_Write(SNI* list, byte* output) |
wolfSSL | 15:117db924cf7c | 1893 | { |
wolfSSL | 15:117db924cf7c | 1894 | SNI* sni; |
wolfSSL | 15:117db924cf7c | 1895 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 1896 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 15:117db924cf7c | 1897 | |
wolfSSL | 15:117db924cf7c | 1898 | while ((sni = list)) { |
wolfSSL | 15:117db924cf7c | 1899 | list = sni->next; |
wolfSSL | 15:117db924cf7c | 1900 | |
wolfSSL | 15:117db924cf7c | 1901 | output[offset++] = sni->type; /* sni type */ |
wolfSSL | 15:117db924cf7c | 1902 | |
wolfSSL | 15:117db924cf7c | 1903 | switch (sni->type) { |
wolfSSL | 15:117db924cf7c | 1904 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 15:117db924cf7c | 1905 | length = (word16)XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 15:117db924cf7c | 1906 | |
wolfSSL | 15:117db924cf7c | 1907 | c16toa(length, output + offset); /* sni length */ |
wolfSSL | 15:117db924cf7c | 1908 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 1909 | |
wolfSSL | 15:117db924cf7c | 1910 | XMEMCPY(output + offset, sni->data.host_name, length); |
wolfSSL | 15:117db924cf7c | 1911 | |
wolfSSL | 15:117db924cf7c | 1912 | offset += length; |
wolfSSL | 15:117db924cf7c | 1913 | break; |
wolfSSL | 15:117db924cf7c | 1914 | } |
wolfSSL | 15:117db924cf7c | 1915 | } |
wolfSSL | 15:117db924cf7c | 1916 | |
wolfSSL | 15:117db924cf7c | 1917 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 15:117db924cf7c | 1918 | |
wolfSSL | 15:117db924cf7c | 1919 | return offset; |
wolfSSL | 15:117db924cf7c | 1920 | } |
wolfSSL | 15:117db924cf7c | 1921 | |
wolfSSL | 15:117db924cf7c | 1922 | /** Finds a SNI object in the provided list. */ |
wolfSSL | 15:117db924cf7c | 1923 | static SNI* TLSX_SNI_Find(SNI *list, byte type) |
wolfSSL | 15:117db924cf7c | 1924 | { |
wolfSSL | 15:117db924cf7c | 1925 | SNI* sni = list; |
wolfSSL | 15:117db924cf7c | 1926 | |
wolfSSL | 15:117db924cf7c | 1927 | while (sni && sni->type != type) |
wolfSSL | 15:117db924cf7c | 1928 | sni = sni->next; |
wolfSSL | 15:117db924cf7c | 1929 | |
wolfSSL | 15:117db924cf7c | 1930 | return sni; |
wolfSSL | 15:117db924cf7c | 1931 | } |
wolfSSL | 15:117db924cf7c | 1932 | |
wolfSSL | 15:117db924cf7c | 1933 | /** Sets the status of a SNI object. */ |
wolfSSL | 15:117db924cf7c | 1934 | static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) |
wolfSSL | 15:117db924cf7c | 1935 | { |
wolfSSL | 15:117db924cf7c | 1936 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 1937 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 15:117db924cf7c | 1938 | |
wolfSSL | 15:117db924cf7c | 1939 | if (sni) |
wolfSSL | 15:117db924cf7c | 1940 | sni->status = status; |
wolfSSL | 15:117db924cf7c | 1941 | } |
wolfSSL | 15:117db924cf7c | 1942 | |
wolfSSL | 15:117db924cf7c | 1943 | /** Gets the status of a SNI object. */ |
wolfSSL | 15:117db924cf7c | 1944 | byte TLSX_SNI_Status(TLSX* extensions, byte type) |
wolfSSL | 15:117db924cf7c | 1945 | { |
wolfSSL | 15:117db924cf7c | 1946 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 1947 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 15:117db924cf7c | 1948 | |
wolfSSL | 15:117db924cf7c | 1949 | if (sni) |
wolfSSL | 15:117db924cf7c | 1950 | return sni->status; |
wolfSSL | 15:117db924cf7c | 1951 | |
wolfSSL | 15:117db924cf7c | 1952 | return 0; |
wolfSSL | 15:117db924cf7c | 1953 | } |
wolfSSL | 15:117db924cf7c | 1954 | |
wolfSSL | 15:117db924cf7c | 1955 | /** Parses a buffer of SNI extensions. */ |
wolfSSL | 15:117db924cf7c | 1956 | static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 1957 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 1958 | { |
wolfSSL | 15:117db924cf7c | 1959 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 1960 | word16 size = 0; |
wolfSSL | 15:117db924cf7c | 1961 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 1962 | int cacheOnly = 0; |
wolfSSL | 16:8e0d178b1d1e | 1963 | SNI *sni = NULL; |
wolfSSL | 16:8e0d178b1d1e | 1964 | byte type; |
wolfSSL | 16:8e0d178b1d1e | 1965 | int matchStat; |
wolfSSL | 16:8e0d178b1d1e | 1966 | byte matched; |
wolfSSL | 15:117db924cf7c | 1967 | #endif |
wolfSSL | 15:117db924cf7c | 1968 | |
wolfSSL | 15:117db924cf7c | 1969 | TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 1970 | |
wolfSSL | 15:117db924cf7c | 1971 | if (!extension) |
wolfSSL | 15:117db924cf7c | 1972 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 1973 | |
wolfSSL | 15:117db924cf7c | 1974 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 1975 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 1976 | if (!extension || !extension->data) |
wolfSSL | 15:117db924cf7c | 1977 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 1978 | |
wolfSSL | 15:117db924cf7c | 1979 | if (length > 0) |
wolfSSL | 15:117db924cf7c | 1980 | return BUFFER_ERROR; /* SNI response MUST be empty. */ |
wolfSSL | 15:117db924cf7c | 1981 | |
wolfSSL | 15:117db924cf7c | 1982 | /* This call enables wolfSSL_SNI_GetRequest() to be called in the |
wolfSSL | 15:117db924cf7c | 1983 | * client side to fetch the used SNI. It will only work if the SNI |
wolfSSL | 15:117db924cf7c | 1984 | * was set at the SSL object level. Right now we only support one |
wolfSSL | 15:117db924cf7c | 1985 | * name type, WOLFSSL_SNI_HOST_NAME, but in the future, the |
wolfSSL | 15:117db924cf7c | 1986 | * inclusion of other name types will turn this method inaccurate, |
wolfSSL | 15:117db924cf7c | 1987 | * as the extension response doesn't contains information of which |
wolfSSL | 15:117db924cf7c | 1988 | * name was accepted. |
wolfSSL | 15:117db924cf7c | 1989 | */ |
wolfSSL | 15:117db924cf7c | 1990 | TLSX_SNI_SetStatus(ssl->extensions, WOLFSSL_SNI_HOST_NAME, |
wolfSSL | 15:117db924cf7c | 1991 | WOLFSSL_SNI_REAL_MATCH); |
wolfSSL | 15:117db924cf7c | 1992 | |
wolfSSL | 15:117db924cf7c | 1993 | return 0; |
wolfSSL | 15:117db924cf7c | 1994 | #endif |
wolfSSL | 15:117db924cf7c | 1995 | } |
wolfSSL | 15:117db924cf7c | 1996 | |
wolfSSL | 15:117db924cf7c | 1997 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 1998 | if (!extension || !extension->data) { |
wolfSSL | 15:117db924cf7c | 1999 | #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 2000 | /* This will keep SNI even though TLSX_UseSNI has not been called. |
wolfSSL | 15:117db924cf7c | 2001 | * Enable it so that the received sni is available to functions |
wolfSSL | 15:117db924cf7c | 2002 | * that use a custom callback when SNI is received. |
wolfSSL | 15:117db924cf7c | 2003 | */ |
wolfSSL | 15:117db924cf7c | 2004 | |
wolfSSL | 15:117db924cf7c | 2005 | cacheOnly = 1; |
wolfSSL | 15:117db924cf7c | 2006 | WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); |
wolfSSL | 15:117db924cf7c | 2007 | #else |
wolfSSL | 15:117db924cf7c | 2008 | /* Skipping, SNI not enabled at server side. */ |
wolfSSL | 15:117db924cf7c | 2009 | return 0; |
wolfSSL | 15:117db924cf7c | 2010 | #endif |
wolfSSL | 15:117db924cf7c | 2011 | } |
wolfSSL | 15:117db924cf7c | 2012 | |
wolfSSL | 15:117db924cf7c | 2013 | if (OPAQUE16_LEN > length) |
wolfSSL | 15:117db924cf7c | 2014 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2015 | |
wolfSSL | 15:117db924cf7c | 2016 | ato16(input, &size); |
wolfSSL | 15:117db924cf7c | 2017 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2018 | |
wolfSSL | 15:117db924cf7c | 2019 | /* validating sni list length */ |
wolfSSL | 16:8e0d178b1d1e | 2020 | if (length != OPAQUE16_LEN + size || size == 0) |
wolfSSL | 16:8e0d178b1d1e | 2021 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2022 | |
wolfSSL | 16:8e0d178b1d1e | 2023 | /* SNI was badly specified and only one type is now recognized and allowed. |
wolfSSL | 16:8e0d178b1d1e | 2024 | * Only one SNI value per type (RFC6066), so, no loop. */ |
wolfSSL | 16:8e0d178b1d1e | 2025 | type = input[offset++]; |
wolfSSL | 16:8e0d178b1d1e | 2026 | if (type != WOLFSSL_SNI_HOST_NAME) |
wolfSSL | 15:117db924cf7c | 2027 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2028 | |
wolfSSL | 16:8e0d178b1d1e | 2029 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 16:8e0d178b1d1e | 2030 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2031 | ato16(input + offset, &size); |
wolfSSL | 16:8e0d178b1d1e | 2032 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2033 | |
wolfSSL | 16:8e0d178b1d1e | 2034 | if (offset + size != length || size == 0) |
wolfSSL | 16:8e0d178b1d1e | 2035 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2036 | |
wolfSSL | 16:8e0d178b1d1e | 2037 | if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type))) |
wolfSSL | 16:8e0d178b1d1e | 2038 | return 0; /* not using this type of SNI. */ |
wolfSSL | 15:117db924cf7c | 2039 | |
wolfSSL | 15:117db924cf7c | 2040 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 2041 | /* Don't process the second ClientHello SNI extension if there |
wolfSSL | 16:8e0d178b1d1e | 2042 | * was problems with the first. |
wolfSSL | 16:8e0d178b1d1e | 2043 | */ |
wolfSSL | 16:8e0d178b1d1e | 2044 | if (!cacheOnly && sni->status != 0) |
wolfSSL | 16:8e0d178b1d1e | 2045 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 2046 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2047 | matched = cacheOnly || (XSTRLEN(sni->data.host_name) == size && |
wolfSSL | 16:8e0d178b1d1e | 2048 | XSTRNCMP(sni->data.host_name, (const char*)input + offset, size) == 0); |
wolfSSL | 16:8e0d178b1d1e | 2049 | |
wolfSSL | 16:8e0d178b1d1e | 2050 | if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { |
wolfSSL | 16:8e0d178b1d1e | 2051 | int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size, |
wolfSSL | 16:8e0d178b1d1e | 2052 | ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 2053 | if (r != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 2054 | return r; /* throws error. */ |
wolfSSL | 16:8e0d178b1d1e | 2055 | |
wolfSSL | 16:8e0d178b1d1e | 2056 | if (cacheOnly) { |
wolfSSL | 16:8e0d178b1d1e | 2057 | WOLFSSL_MSG("Forcing storage of SNI, Fake match"); |
wolfSSL | 16:8e0d178b1d1e | 2058 | matchStat = WOLFSSL_SNI_FORCE_KEEP; |
wolfSSL | 16:8e0d178b1d1e | 2059 | } |
wolfSSL | 16:8e0d178b1d1e | 2060 | else if (matched) { |
wolfSSL | 16:8e0d178b1d1e | 2061 | WOLFSSL_MSG("SNI did match!"); |
wolfSSL | 16:8e0d178b1d1e | 2062 | matchStat = WOLFSSL_SNI_REAL_MATCH; |
wolfSSL | 16:8e0d178b1d1e | 2063 | } |
wolfSSL | 16:8e0d178b1d1e | 2064 | else { |
wolfSSL | 16:8e0d178b1d1e | 2065 | WOLFSSL_MSG("fake SNI match from ANSWER_ON_MISMATCH"); |
wolfSSL | 16:8e0d178b1d1e | 2066 | matchStat = WOLFSSL_SNI_FAKE_MATCH; |
wolfSSL | 16:8e0d178b1d1e | 2067 | } |
wolfSSL | 16:8e0d178b1d1e | 2068 | |
wolfSSL | 16:8e0d178b1d1e | 2069 | TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat); |
wolfSSL | 16:8e0d178b1d1e | 2070 | |
wolfSSL | 16:8e0d178b1d1e | 2071 | if(!cacheOnly) |
wolfSSL | 16:8e0d178b1d1e | 2072 | TLSX_SetResponse(ssl, TLSX_SERVER_NAME); |
wolfSSL | 16:8e0d178b1d1e | 2073 | } |
wolfSSL | 16:8e0d178b1d1e | 2074 | else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { |
wolfSSL | 16:8e0d178b1d1e | 2075 | SendAlert(ssl, alert_fatal, unrecognized_name); |
wolfSSL | 16:8e0d178b1d1e | 2076 | |
wolfSSL | 16:8e0d178b1d1e | 2077 | return UNKNOWN_SNI_HOST_NAME_E; |
wolfSSL | 15:117db924cf7c | 2078 | } |
wolfSSL | 15:117db924cf7c | 2079 | #else |
wolfSSL | 15:117db924cf7c | 2080 | (void)input; |
wolfSSL | 15:117db924cf7c | 2081 | #endif |
wolfSSL | 15:117db924cf7c | 2082 | |
wolfSSL | 15:117db924cf7c | 2083 | return 0; |
wolfSSL | 15:117db924cf7c | 2084 | } |
wolfSSL | 15:117db924cf7c | 2085 | |
wolfSSL | 15:117db924cf7c | 2086 | static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) |
wolfSSL | 15:117db924cf7c | 2087 | { |
wolfSSL | 15:117db924cf7c | 2088 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 2089 | |
wolfSSL | 15:117db924cf7c | 2090 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 2091 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2092 | TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 2093 | TLSX* ssl_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 2094 | SNI* ctx_sni = ctx_ext ? (SNI*)ctx_ext->data : NULL; |
wolfSSL | 15:117db924cf7c | 2095 | SNI* ssl_sni = ssl_ext ? (SNI*)ssl_ext->data : NULL; |
wolfSSL | 15:117db924cf7c | 2096 | SNI* sni = NULL; |
wolfSSL | 15:117db924cf7c | 2097 | |
wolfSSL | 15:117db924cf7c | 2098 | for (; ctx_sni; ctx_sni = ctx_sni->next) { |
wolfSSL | 15:117db924cf7c | 2099 | if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 15:117db924cf7c | 2100 | sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type); |
wolfSSL | 15:117db924cf7c | 2101 | |
wolfSSL | 15:117db924cf7c | 2102 | if (sni) { |
wolfSSL | 15:117db924cf7c | 2103 | if (sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 15:117db924cf7c | 2104 | continue; |
wolfSSL | 15:117db924cf7c | 2105 | |
wolfSSL | 15:117db924cf7c | 2106 | /* if ssl level overrides ctx level, it is ok. */ |
wolfSSL | 15:117db924cf7c | 2107 | if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0) |
wolfSSL | 15:117db924cf7c | 2108 | continue; |
wolfSSL | 15:117db924cf7c | 2109 | } |
wolfSSL | 15:117db924cf7c | 2110 | |
wolfSSL | 15:117db924cf7c | 2111 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 15:117db924cf7c | 2112 | return SNI_ABSENT_ERROR; |
wolfSSL | 15:117db924cf7c | 2113 | } |
wolfSSL | 15:117db924cf7c | 2114 | } |
wolfSSL | 15:117db924cf7c | 2115 | |
wolfSSL | 15:117db924cf7c | 2116 | for (; ssl_sni; ssl_sni = ssl_sni->next) { |
wolfSSL | 15:117db924cf7c | 2117 | if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) { |
wolfSSL | 15:117db924cf7c | 2118 | if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH) |
wolfSSL | 15:117db924cf7c | 2119 | continue; |
wolfSSL | 15:117db924cf7c | 2120 | |
wolfSSL | 15:117db924cf7c | 2121 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 15:117db924cf7c | 2122 | return SNI_ABSENT_ERROR; |
wolfSSL | 15:117db924cf7c | 2123 | } |
wolfSSL | 15:117db924cf7c | 2124 | } |
wolfSSL | 15:117db924cf7c | 2125 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 2126 | } |
wolfSSL | 15:117db924cf7c | 2127 | |
wolfSSL | 15:117db924cf7c | 2128 | return 0; |
wolfSSL | 15:117db924cf7c | 2129 | } |
wolfSSL | 15:117db924cf7c | 2130 | |
wolfSSL | 15:117db924cf7c | 2131 | int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, |
wolfSSL | 15:117db924cf7c | 2132 | void* heap) |
wolfSSL | 15:117db924cf7c | 2133 | { |
wolfSSL | 15:117db924cf7c | 2134 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 2135 | SNI* sni = NULL; |
wolfSSL | 15:117db924cf7c | 2136 | |
wolfSSL | 15:117db924cf7c | 2137 | if (extensions == NULL || data == NULL) |
wolfSSL | 15:117db924cf7c | 2138 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 2139 | |
wolfSSL | 15:117db924cf7c | 2140 | if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL) |
wolfSSL | 15:117db924cf7c | 2141 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 2142 | |
wolfSSL | 15:117db924cf7c | 2143 | extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 2144 | if (!extension) { |
wolfSSL | 15:117db924cf7c | 2145 | int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); |
wolfSSL | 15:117db924cf7c | 2146 | |
wolfSSL | 15:117db924cf7c | 2147 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 2148 | TLSX_SNI_Free(sni, heap); |
wolfSSL | 15:117db924cf7c | 2149 | return ret; |
wolfSSL | 15:117db924cf7c | 2150 | } |
wolfSSL | 15:117db924cf7c | 2151 | } |
wolfSSL | 15:117db924cf7c | 2152 | else { |
wolfSSL | 15:117db924cf7c | 2153 | /* push new SNI object to extension data. */ |
wolfSSL | 15:117db924cf7c | 2154 | sni->next = (SNI*)extension->data; |
wolfSSL | 15:117db924cf7c | 2155 | extension->data = (void*)sni; |
wolfSSL | 15:117db924cf7c | 2156 | |
wolfSSL | 15:117db924cf7c | 2157 | /* remove duplicate SNI, there should be only one of each type. */ |
wolfSSL | 15:117db924cf7c | 2158 | do { |
wolfSSL | 15:117db924cf7c | 2159 | if (sni->next && sni->next->type == type) { |
wolfSSL | 15:117db924cf7c | 2160 | SNI* next = sni->next; |
wolfSSL | 15:117db924cf7c | 2161 | |
wolfSSL | 15:117db924cf7c | 2162 | sni->next = next->next; |
wolfSSL | 15:117db924cf7c | 2163 | TLSX_SNI_Free(next, heap); |
wolfSSL | 15:117db924cf7c | 2164 | |
wolfSSL | 15:117db924cf7c | 2165 | /* there is no way to occur more than |
wolfSSL | 15:117db924cf7c | 2166 | * two SNIs of the same type. |
wolfSSL | 15:117db924cf7c | 2167 | */ |
wolfSSL | 15:117db924cf7c | 2168 | break; |
wolfSSL | 15:117db924cf7c | 2169 | } |
wolfSSL | 15:117db924cf7c | 2170 | } while ((sni = sni->next)); |
wolfSSL | 15:117db924cf7c | 2171 | } |
wolfSSL | 15:117db924cf7c | 2172 | |
wolfSSL | 15:117db924cf7c | 2173 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 2174 | } |
wolfSSL | 15:117db924cf7c | 2175 | |
wolfSSL | 15:117db924cf7c | 2176 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2177 | |
wolfSSL | 15:117db924cf7c | 2178 | /** Tells the SNI requested by the client. */ |
wolfSSL | 15:117db924cf7c | 2179 | word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) |
wolfSSL | 15:117db924cf7c | 2180 | { |
wolfSSL | 15:117db924cf7c | 2181 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 2182 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 15:117db924cf7c | 2183 | |
wolfSSL | 15:117db924cf7c | 2184 | if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { |
wolfSSL | 15:117db924cf7c | 2185 | switch (sni->type) { |
wolfSSL | 15:117db924cf7c | 2186 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 15:117db924cf7c | 2187 | if (data) { |
wolfSSL | 15:117db924cf7c | 2188 | *data = sni->data.host_name; |
wolfSSL | 15:117db924cf7c | 2189 | return (word16)XSTRLEN((char*)*data); |
wolfSSL | 15:117db924cf7c | 2190 | } |
wolfSSL | 15:117db924cf7c | 2191 | } |
wolfSSL | 15:117db924cf7c | 2192 | } |
wolfSSL | 15:117db924cf7c | 2193 | |
wolfSSL | 15:117db924cf7c | 2194 | return 0; |
wolfSSL | 15:117db924cf7c | 2195 | } |
wolfSSL | 15:117db924cf7c | 2196 | |
wolfSSL | 15:117db924cf7c | 2197 | /** Sets the options for a SNI object. */ |
wolfSSL | 15:117db924cf7c | 2198 | void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) |
wolfSSL | 15:117db924cf7c | 2199 | { |
wolfSSL | 15:117db924cf7c | 2200 | TLSX* extension = TLSX_Find(extensions, TLSX_SERVER_NAME); |
wolfSSL | 15:117db924cf7c | 2201 | SNI* sni = TLSX_SNI_Find(extension ? (SNI*)extension->data : NULL, type); |
wolfSSL | 15:117db924cf7c | 2202 | |
wolfSSL | 15:117db924cf7c | 2203 | if (sni) |
wolfSSL | 15:117db924cf7c | 2204 | sni->options = options; |
wolfSSL | 15:117db924cf7c | 2205 | } |
wolfSSL | 15:117db924cf7c | 2206 | |
wolfSSL | 15:117db924cf7c | 2207 | /** Retrieves a SNI request from a client hello buffer. */ |
wolfSSL | 15:117db924cf7c | 2208 | int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, |
wolfSSL | 15:117db924cf7c | 2209 | byte type, byte* sni, word32* inOutSz) |
wolfSSL | 15:117db924cf7c | 2210 | { |
wolfSSL | 15:117db924cf7c | 2211 | word32 offset = 0; |
wolfSSL | 15:117db924cf7c | 2212 | word32 len32 = 0; |
wolfSSL | 15:117db924cf7c | 2213 | word16 len16 = 0; |
wolfSSL | 15:117db924cf7c | 2214 | |
wolfSSL | 15:117db924cf7c | 2215 | if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST) |
wolfSSL | 15:117db924cf7c | 2216 | return INCOMPLETE_DATA; |
wolfSSL | 15:117db924cf7c | 2217 | |
wolfSSL | 15:117db924cf7c | 2218 | /* TLS record header */ |
wolfSSL | 15:117db924cf7c | 2219 | if ((enum ContentType) clientHello[offset++] != handshake) { |
wolfSSL | 15:117db924cf7c | 2220 | |
wolfSSL | 15:117db924cf7c | 2221 | /* checking for SSLv2.0 client hello according to: */ |
wolfSSL | 15:117db924cf7c | 2222 | /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */ |
wolfSSL | 15:117db924cf7c | 2223 | if ((enum HandShakeType) clientHello[++offset] == client_hello) { |
wolfSSL | 15:117db924cf7c | 2224 | offset += ENUM_LEN + VERSION_SZ; /* skip version */ |
wolfSSL | 15:117db924cf7c | 2225 | |
wolfSSL | 15:117db924cf7c | 2226 | ato16(clientHello + offset, &len16); |
wolfSSL | 15:117db924cf7c | 2227 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2228 | |
wolfSSL | 15:117db924cf7c | 2229 | if (len16 % 3) /* cipher_spec_length must be multiple of 3 */ |
wolfSSL | 15:117db924cf7c | 2230 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2231 | |
wolfSSL | 15:117db924cf7c | 2232 | ato16(clientHello + offset, &len16); |
wolfSSL | 15:117db924cf7c | 2233 | /* Returning SNI_UNSUPPORTED do not increment offset here */ |
wolfSSL | 15:117db924cf7c | 2234 | |
wolfSSL | 15:117db924cf7c | 2235 | if (len16 != 0) /* session_id_length must be 0 */ |
wolfSSL | 15:117db924cf7c | 2236 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2237 | |
wolfSSL | 15:117db924cf7c | 2238 | return SNI_UNSUPPORTED; |
wolfSSL | 15:117db924cf7c | 2239 | } |
wolfSSL | 15:117db924cf7c | 2240 | |
wolfSSL | 15:117db924cf7c | 2241 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2242 | } |
wolfSSL | 15:117db924cf7c | 2243 | |
wolfSSL | 15:117db924cf7c | 2244 | if (clientHello[offset++] != SSLv3_MAJOR) |
wolfSSL | 15:117db924cf7c | 2245 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2246 | |
wolfSSL | 15:117db924cf7c | 2247 | if (clientHello[offset++] < TLSv1_MINOR) |
wolfSSL | 15:117db924cf7c | 2248 | return SNI_UNSUPPORTED; |
wolfSSL | 15:117db924cf7c | 2249 | |
wolfSSL | 15:117db924cf7c | 2250 | ato16(clientHello + offset, &len16); |
wolfSSL | 15:117db924cf7c | 2251 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2252 | |
wolfSSL | 15:117db924cf7c | 2253 | if (offset + len16 > helloSz) |
wolfSSL | 15:117db924cf7c | 2254 | return INCOMPLETE_DATA; |
wolfSSL | 15:117db924cf7c | 2255 | |
wolfSSL | 15:117db924cf7c | 2256 | /* Handshake header */ |
wolfSSL | 15:117db924cf7c | 2257 | if ((enum HandShakeType) clientHello[offset] != client_hello) |
wolfSSL | 15:117db924cf7c | 2258 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2259 | |
wolfSSL | 15:117db924cf7c | 2260 | c24to32(clientHello + offset + 1, &len32); |
wolfSSL | 15:117db924cf7c | 2261 | offset += HANDSHAKE_HEADER_SZ; |
wolfSSL | 15:117db924cf7c | 2262 | |
wolfSSL | 15:117db924cf7c | 2263 | if (offset + len32 > helloSz) |
wolfSSL | 15:117db924cf7c | 2264 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2265 | |
wolfSSL | 15:117db924cf7c | 2266 | /* client hello */ |
wolfSSL | 15:117db924cf7c | 2267 | offset += VERSION_SZ + RAN_LEN; /* version, random */ |
wolfSSL | 15:117db924cf7c | 2268 | |
wolfSSL | 15:117db924cf7c | 2269 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 15:117db924cf7c | 2270 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2271 | |
wolfSSL | 15:117db924cf7c | 2272 | offset += ENUM_LEN + clientHello[offset]; /* skip session id */ |
wolfSSL | 15:117db924cf7c | 2273 | |
wolfSSL | 15:117db924cf7c | 2274 | /* cypher suites */ |
wolfSSL | 15:117db924cf7c | 2275 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 2276 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2277 | |
wolfSSL | 15:117db924cf7c | 2278 | ato16(clientHello + offset, &len16); |
wolfSSL | 15:117db924cf7c | 2279 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2280 | |
wolfSSL | 15:117db924cf7c | 2281 | if (helloSz < offset + len16) |
wolfSSL | 15:117db924cf7c | 2282 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2283 | |
wolfSSL | 15:117db924cf7c | 2284 | offset += len16; /* skip cypher suites */ |
wolfSSL | 15:117db924cf7c | 2285 | |
wolfSSL | 15:117db924cf7c | 2286 | /* compression methods */ |
wolfSSL | 15:117db924cf7c | 2287 | if (helloSz < offset + 1) |
wolfSSL | 15:117db924cf7c | 2288 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2289 | |
wolfSSL | 15:117db924cf7c | 2290 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 15:117db924cf7c | 2291 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2292 | |
wolfSSL | 15:117db924cf7c | 2293 | offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ |
wolfSSL | 15:117db924cf7c | 2294 | |
wolfSSL | 15:117db924cf7c | 2295 | /* extensions */ |
wolfSSL | 15:117db924cf7c | 2296 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 2297 | return 0; /* no extensions in client hello. */ |
wolfSSL | 15:117db924cf7c | 2298 | |
wolfSSL | 15:117db924cf7c | 2299 | ato16(clientHello + offset, &len16); |
wolfSSL | 15:117db924cf7c | 2300 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2301 | |
wolfSSL | 15:117db924cf7c | 2302 | if (helloSz < offset + len16) |
wolfSSL | 15:117db924cf7c | 2303 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2304 | |
wolfSSL | 15:117db924cf7c | 2305 | while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { |
wolfSSL | 15:117db924cf7c | 2306 | word16 extType; |
wolfSSL | 15:117db924cf7c | 2307 | word16 extLen; |
wolfSSL | 15:117db924cf7c | 2308 | |
wolfSSL | 15:117db924cf7c | 2309 | ato16(clientHello + offset, &extType); |
wolfSSL | 15:117db924cf7c | 2310 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2311 | |
wolfSSL | 15:117db924cf7c | 2312 | ato16(clientHello + offset, &extLen); |
wolfSSL | 15:117db924cf7c | 2313 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2314 | |
wolfSSL | 15:117db924cf7c | 2315 | if (helloSz < offset + extLen) |
wolfSSL | 15:117db924cf7c | 2316 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2317 | |
wolfSSL | 15:117db924cf7c | 2318 | if (extType != TLSX_SERVER_NAME) { |
wolfSSL | 15:117db924cf7c | 2319 | offset += extLen; /* skip extension */ |
wolfSSL | 15:117db924cf7c | 2320 | } else { |
wolfSSL | 15:117db924cf7c | 2321 | word16 listLen; |
wolfSSL | 15:117db924cf7c | 2322 | |
wolfSSL | 15:117db924cf7c | 2323 | ato16(clientHello + offset, &listLen); |
wolfSSL | 15:117db924cf7c | 2324 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2325 | |
wolfSSL | 15:117db924cf7c | 2326 | if (helloSz < offset + listLen) |
wolfSSL | 15:117db924cf7c | 2327 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2328 | |
wolfSSL | 15:117db924cf7c | 2329 | while (listLen > ENUM_LEN + OPAQUE16_LEN) { |
wolfSSL | 15:117db924cf7c | 2330 | byte sniType = clientHello[offset++]; |
wolfSSL | 15:117db924cf7c | 2331 | word16 sniLen; |
wolfSSL | 15:117db924cf7c | 2332 | |
wolfSSL | 15:117db924cf7c | 2333 | ato16(clientHello + offset, &sniLen); |
wolfSSL | 15:117db924cf7c | 2334 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2335 | |
wolfSSL | 15:117db924cf7c | 2336 | if (helloSz < offset + sniLen) |
wolfSSL | 15:117db924cf7c | 2337 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2338 | |
wolfSSL | 15:117db924cf7c | 2339 | if (sniType != type) { |
wolfSSL | 15:117db924cf7c | 2340 | offset += sniLen; |
wolfSSL | 15:117db924cf7c | 2341 | listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen); |
wolfSSL | 15:117db924cf7c | 2342 | continue; |
wolfSSL | 15:117db924cf7c | 2343 | } |
wolfSSL | 15:117db924cf7c | 2344 | |
wolfSSL | 15:117db924cf7c | 2345 | *inOutSz = min(sniLen, *inOutSz); |
wolfSSL | 15:117db924cf7c | 2346 | XMEMCPY(sni, clientHello + offset, *inOutSz); |
wolfSSL | 15:117db924cf7c | 2347 | |
wolfSSL | 15:117db924cf7c | 2348 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 2349 | } |
wolfSSL | 15:117db924cf7c | 2350 | } |
wolfSSL | 15:117db924cf7c | 2351 | |
wolfSSL | 15:117db924cf7c | 2352 | len16 -= min(2 * OPAQUE16_LEN + extLen, len16); |
wolfSSL | 15:117db924cf7c | 2353 | } |
wolfSSL | 15:117db924cf7c | 2354 | |
wolfSSL | 15:117db924cf7c | 2355 | return len16 ? BUFFER_ERROR : 0; |
wolfSSL | 15:117db924cf7c | 2356 | } |
wolfSSL | 15:117db924cf7c | 2357 | |
wolfSSL | 15:117db924cf7c | 2358 | #endif |
wolfSSL | 15:117db924cf7c | 2359 | |
wolfSSL | 15:117db924cf7c | 2360 | #define SNI_FREE_ALL TLSX_SNI_FreeAll |
wolfSSL | 15:117db924cf7c | 2361 | #define SNI_GET_SIZE TLSX_SNI_GetSize |
wolfSSL | 15:117db924cf7c | 2362 | #define SNI_WRITE TLSX_SNI_Write |
wolfSSL | 15:117db924cf7c | 2363 | #define SNI_PARSE TLSX_SNI_Parse |
wolfSSL | 15:117db924cf7c | 2364 | #define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse |
wolfSSL | 15:117db924cf7c | 2365 | |
wolfSSL | 15:117db924cf7c | 2366 | #else |
wolfSSL | 15:117db924cf7c | 2367 | |
wolfSSL | 15:117db924cf7c | 2368 | #define SNI_FREE_ALL(list, heap) |
wolfSSL | 15:117db924cf7c | 2369 | #define SNI_GET_SIZE(list) 0 |
wolfSSL | 15:117db924cf7c | 2370 | #define SNI_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 2371 | #define SNI_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 2372 | #define SNI_VERIFY_PARSE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 2373 | |
wolfSSL | 15:117db924cf7c | 2374 | #endif /* HAVE_SNI */ |
wolfSSL | 15:117db924cf7c | 2375 | |
wolfSSL | 15:117db924cf7c | 2376 | /******************************************************************************/ |
wolfSSL | 16:8e0d178b1d1e | 2377 | /* Trusted CA Key Indication */ |
wolfSSL | 16:8e0d178b1d1e | 2378 | /******************************************************************************/ |
wolfSSL | 16:8e0d178b1d1e | 2379 | |
wolfSSL | 16:8e0d178b1d1e | 2380 | #ifdef HAVE_TRUSTED_CA |
wolfSSL | 16:8e0d178b1d1e | 2381 | |
wolfSSL | 16:8e0d178b1d1e | 2382 | /** Creates a new TCA object. */ |
wolfSSL | 16:8e0d178b1d1e | 2383 | static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap) |
wolfSSL | 16:8e0d178b1d1e | 2384 | { |
wolfSSL | 16:8e0d178b1d1e | 2385 | TCA* tca = (TCA*)XMALLOC(sizeof(TCA), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2386 | |
wolfSSL | 16:8e0d178b1d1e | 2387 | if (tca) { |
wolfSSL | 16:8e0d178b1d1e | 2388 | XMEMSET(tca, 0, sizeof(TCA)); |
wolfSSL | 16:8e0d178b1d1e | 2389 | tca->type = type; |
wolfSSL | 16:8e0d178b1d1e | 2390 | |
wolfSSL | 16:8e0d178b1d1e | 2391 | switch (type) { |
wolfSSL | 16:8e0d178b1d1e | 2392 | case WOLFSSL_TRUSTED_CA_PRE_AGREED: |
wolfSSL | 16:8e0d178b1d1e | 2393 | break; |
wolfSSL | 16:8e0d178b1d1e | 2394 | |
wolfSSL | 16:8e0d178b1d1e | 2395 | #ifndef NO_SHA |
wolfSSL | 16:8e0d178b1d1e | 2396 | case WOLFSSL_TRUSTED_CA_KEY_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2397 | case WOLFSSL_TRUSTED_CA_CERT_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2398 | if (idSz == WC_SHA_DIGEST_SIZE && |
wolfSSL | 16:8e0d178b1d1e | 2399 | (tca->id = |
wolfSSL | 16:8e0d178b1d1e | 2400 | (byte*)XMALLOC(idSz, heap, DYNAMIC_TYPE_TLSX))) { |
wolfSSL | 16:8e0d178b1d1e | 2401 | XMEMCPY(tca->id, id, idSz); |
wolfSSL | 16:8e0d178b1d1e | 2402 | tca->idSz = idSz; |
wolfSSL | 16:8e0d178b1d1e | 2403 | } |
wolfSSL | 16:8e0d178b1d1e | 2404 | else { |
wolfSSL | 16:8e0d178b1d1e | 2405 | XFREE(tca, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2406 | tca = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2407 | } |
wolfSSL | 16:8e0d178b1d1e | 2408 | break; |
wolfSSL | 16:8e0d178b1d1e | 2409 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2410 | |
wolfSSL | 16:8e0d178b1d1e | 2411 | case WOLFSSL_TRUSTED_CA_X509_NAME: |
wolfSSL | 16:8e0d178b1d1e | 2412 | if (idSz > 0 && |
wolfSSL | 16:8e0d178b1d1e | 2413 | (tca->id = |
wolfSSL | 16:8e0d178b1d1e | 2414 | (byte*)XMALLOC(idSz, heap, DYNAMIC_TYPE_TLSX))) { |
wolfSSL | 16:8e0d178b1d1e | 2415 | XMEMCPY(tca->id, id, idSz); |
wolfSSL | 16:8e0d178b1d1e | 2416 | tca->idSz = idSz; |
wolfSSL | 16:8e0d178b1d1e | 2417 | } |
wolfSSL | 16:8e0d178b1d1e | 2418 | else { |
wolfSSL | 16:8e0d178b1d1e | 2419 | XFREE(tca, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2420 | tca = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2421 | } |
wolfSSL | 16:8e0d178b1d1e | 2422 | break; |
wolfSSL | 16:8e0d178b1d1e | 2423 | |
wolfSSL | 16:8e0d178b1d1e | 2424 | default: /* invalid type */ |
wolfSSL | 16:8e0d178b1d1e | 2425 | XFREE(tca, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2426 | tca = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2427 | } |
wolfSSL | 16:8e0d178b1d1e | 2428 | } |
wolfSSL | 16:8e0d178b1d1e | 2429 | |
wolfSSL | 16:8e0d178b1d1e | 2430 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 2431 | |
wolfSSL | 16:8e0d178b1d1e | 2432 | return tca; |
wolfSSL | 16:8e0d178b1d1e | 2433 | } |
wolfSSL | 16:8e0d178b1d1e | 2434 | |
wolfSSL | 16:8e0d178b1d1e | 2435 | /** Releases a TCA object. */ |
wolfSSL | 16:8e0d178b1d1e | 2436 | static void TLSX_TCA_Free(TCA* tca, void* heap) |
wolfSSL | 16:8e0d178b1d1e | 2437 | { |
wolfSSL | 16:8e0d178b1d1e | 2438 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 2439 | |
wolfSSL | 16:8e0d178b1d1e | 2440 | if (tca) { |
wolfSSL | 16:8e0d178b1d1e | 2441 | if (tca->id) |
wolfSSL | 16:8e0d178b1d1e | 2442 | XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2443 | XFREE(tca, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 2444 | } |
wolfSSL | 16:8e0d178b1d1e | 2445 | } |
wolfSSL | 16:8e0d178b1d1e | 2446 | |
wolfSSL | 16:8e0d178b1d1e | 2447 | /** Releases all TCA objects in the provided list. */ |
wolfSSL | 16:8e0d178b1d1e | 2448 | static void TLSX_TCA_FreeAll(TCA* list, void* heap) |
wolfSSL | 16:8e0d178b1d1e | 2449 | { |
wolfSSL | 16:8e0d178b1d1e | 2450 | TCA* tca; |
wolfSSL | 16:8e0d178b1d1e | 2451 | |
wolfSSL | 16:8e0d178b1d1e | 2452 | while ((tca = list)) { |
wolfSSL | 16:8e0d178b1d1e | 2453 | list = tca->next; |
wolfSSL | 16:8e0d178b1d1e | 2454 | TLSX_TCA_Free(tca, heap); |
wolfSSL | 16:8e0d178b1d1e | 2455 | } |
wolfSSL | 16:8e0d178b1d1e | 2456 | } |
wolfSSL | 16:8e0d178b1d1e | 2457 | |
wolfSSL | 16:8e0d178b1d1e | 2458 | /** Tells the buffered size of the TCA objects in a list. */ |
wolfSSL | 16:8e0d178b1d1e | 2459 | static word16 TLSX_TCA_GetSize(TCA* list) |
wolfSSL | 16:8e0d178b1d1e | 2460 | { |
wolfSSL | 16:8e0d178b1d1e | 2461 | TCA* tca; |
wolfSSL | 16:8e0d178b1d1e | 2462 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 16:8e0d178b1d1e | 2463 | |
wolfSSL | 16:8e0d178b1d1e | 2464 | while ((tca = list)) { |
wolfSSL | 16:8e0d178b1d1e | 2465 | list = tca->next; |
wolfSSL | 16:8e0d178b1d1e | 2466 | |
wolfSSL | 16:8e0d178b1d1e | 2467 | length += ENUM_LEN; /* tca type */ |
wolfSSL | 16:8e0d178b1d1e | 2468 | |
wolfSSL | 16:8e0d178b1d1e | 2469 | switch (tca->type) { |
wolfSSL | 16:8e0d178b1d1e | 2470 | case WOLFSSL_TRUSTED_CA_PRE_AGREED: |
wolfSSL | 16:8e0d178b1d1e | 2471 | break; |
wolfSSL | 16:8e0d178b1d1e | 2472 | case WOLFSSL_TRUSTED_CA_KEY_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2473 | case WOLFSSL_TRUSTED_CA_CERT_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2474 | length += tca->idSz; |
wolfSSL | 16:8e0d178b1d1e | 2475 | break; |
wolfSSL | 16:8e0d178b1d1e | 2476 | case WOLFSSL_TRUSTED_CA_X509_NAME: |
wolfSSL | 16:8e0d178b1d1e | 2477 | length += OPAQUE16_LEN + tca->idSz; |
wolfSSL | 16:8e0d178b1d1e | 2478 | break; |
wolfSSL | 16:8e0d178b1d1e | 2479 | } |
wolfSSL | 16:8e0d178b1d1e | 2480 | } |
wolfSSL | 16:8e0d178b1d1e | 2481 | |
wolfSSL | 16:8e0d178b1d1e | 2482 | return length; |
wolfSSL | 16:8e0d178b1d1e | 2483 | } |
wolfSSL | 16:8e0d178b1d1e | 2484 | |
wolfSSL | 16:8e0d178b1d1e | 2485 | /** Writes the TCA objects of a list in a buffer. */ |
wolfSSL | 16:8e0d178b1d1e | 2486 | static word16 TLSX_TCA_Write(TCA* list, byte* output) |
wolfSSL | 16:8e0d178b1d1e | 2487 | { |
wolfSSL | 16:8e0d178b1d1e | 2488 | TCA* tca; |
wolfSSL | 16:8e0d178b1d1e | 2489 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 16:8e0d178b1d1e | 2490 | |
wolfSSL | 16:8e0d178b1d1e | 2491 | while ((tca = list)) { |
wolfSSL | 16:8e0d178b1d1e | 2492 | list = tca->next; |
wolfSSL | 16:8e0d178b1d1e | 2493 | |
wolfSSL | 16:8e0d178b1d1e | 2494 | output[offset++] = tca->type; /* tca type */ |
wolfSSL | 16:8e0d178b1d1e | 2495 | |
wolfSSL | 16:8e0d178b1d1e | 2496 | switch (tca->type) { |
wolfSSL | 16:8e0d178b1d1e | 2497 | case WOLFSSL_TRUSTED_CA_PRE_AGREED: |
wolfSSL | 16:8e0d178b1d1e | 2498 | break; |
wolfSSL | 16:8e0d178b1d1e | 2499 | #ifndef NO_SHA |
wolfSSL | 16:8e0d178b1d1e | 2500 | case WOLFSSL_TRUSTED_CA_KEY_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2501 | case WOLFSSL_TRUSTED_CA_CERT_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2502 | if (tca->id != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2503 | XMEMCPY(output + offset, tca->id, tca->idSz); |
wolfSSL | 16:8e0d178b1d1e | 2504 | offset += tca->idSz; |
wolfSSL | 16:8e0d178b1d1e | 2505 | } |
wolfSSL | 16:8e0d178b1d1e | 2506 | else { |
wolfSSL | 16:8e0d178b1d1e | 2507 | /* ID missing. Set to an empty string. */ |
wolfSSL | 16:8e0d178b1d1e | 2508 | c16toa(0, output + offset); |
wolfSSL | 16:8e0d178b1d1e | 2509 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2510 | } |
wolfSSL | 16:8e0d178b1d1e | 2511 | break; |
wolfSSL | 16:8e0d178b1d1e | 2512 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2513 | case WOLFSSL_TRUSTED_CA_X509_NAME: |
wolfSSL | 16:8e0d178b1d1e | 2514 | if (tca->id != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2515 | c16toa(tca->idSz, output + offset); /* tca length */ |
wolfSSL | 16:8e0d178b1d1e | 2516 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2517 | XMEMCPY(output + offset, tca->id, tca->idSz); |
wolfSSL | 16:8e0d178b1d1e | 2518 | offset += tca->idSz; |
wolfSSL | 16:8e0d178b1d1e | 2519 | } |
wolfSSL | 16:8e0d178b1d1e | 2520 | else { |
wolfSSL | 16:8e0d178b1d1e | 2521 | /* ID missing. Set to an empty string. */ |
wolfSSL | 16:8e0d178b1d1e | 2522 | c16toa(0, output + offset); |
wolfSSL | 16:8e0d178b1d1e | 2523 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2524 | } |
wolfSSL | 16:8e0d178b1d1e | 2525 | break; |
wolfSSL | 16:8e0d178b1d1e | 2526 | default: |
wolfSSL | 16:8e0d178b1d1e | 2527 | /* ID unknown. Set to an empty string. */ |
wolfSSL | 16:8e0d178b1d1e | 2528 | c16toa(0, output + offset); |
wolfSSL | 16:8e0d178b1d1e | 2529 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2530 | } |
wolfSSL | 16:8e0d178b1d1e | 2531 | } |
wolfSSL | 16:8e0d178b1d1e | 2532 | |
wolfSSL | 16:8e0d178b1d1e | 2533 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 16:8e0d178b1d1e | 2534 | |
wolfSSL | 16:8e0d178b1d1e | 2535 | return offset; |
wolfSSL | 16:8e0d178b1d1e | 2536 | } |
wolfSSL | 16:8e0d178b1d1e | 2537 | |
wolfSSL | 16:8e0d178b1d1e | 2538 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 16:8e0d178b1d1e | 2539 | static TCA* TLSX_TCA_Find(TCA *list, byte type, const byte* id, word16 idSz) |
wolfSSL | 16:8e0d178b1d1e | 2540 | { |
wolfSSL | 16:8e0d178b1d1e | 2541 | TCA* tca = list; |
wolfSSL | 16:8e0d178b1d1e | 2542 | |
wolfSSL | 16:8e0d178b1d1e | 2543 | while (tca && tca->type != type && type != WOLFSSL_TRUSTED_CA_PRE_AGREED && |
wolfSSL | 16:8e0d178b1d1e | 2544 | idSz != tca->idSz && !XMEMCMP(id, tca->id, idSz)) |
wolfSSL | 16:8e0d178b1d1e | 2545 | tca = tca->next; |
wolfSSL | 16:8e0d178b1d1e | 2546 | |
wolfSSL | 16:8e0d178b1d1e | 2547 | return tca; |
wolfSSL | 16:8e0d178b1d1e | 2548 | } |
wolfSSL | 16:8e0d178b1d1e | 2549 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 16:8e0d178b1d1e | 2550 | |
wolfSSL | 16:8e0d178b1d1e | 2551 | /** Parses a buffer of TCA extensions. */ |
wolfSSL | 16:8e0d178b1d1e | 2552 | static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
wolfSSL | 16:8e0d178b1d1e | 2553 | byte isRequest) |
wolfSSL | 16:8e0d178b1d1e | 2554 | { |
wolfSSL | 16:8e0d178b1d1e | 2555 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 16:8e0d178b1d1e | 2556 | word16 size = 0; |
wolfSSL | 16:8e0d178b1d1e | 2557 | word16 offset = 0; |
wolfSSL | 16:8e0d178b1d1e | 2558 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2559 | |
wolfSSL | 16:8e0d178b1d1e | 2560 | TLSX *extension = TLSX_Find(ssl->extensions, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2561 | |
wolfSSL | 16:8e0d178b1d1e | 2562 | if (!extension) |
wolfSSL | 16:8e0d178b1d1e | 2563 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2564 | |
wolfSSL | 16:8e0d178b1d1e | 2565 | if (!isRequest) { |
wolfSSL | 16:8e0d178b1d1e | 2566 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 2567 | if (!extension || !extension->data) |
wolfSSL | 16:8e0d178b1d1e | 2568 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 16:8e0d178b1d1e | 2569 | |
wolfSSL | 16:8e0d178b1d1e | 2570 | if (length > 0) |
wolfSSL | 16:8e0d178b1d1e | 2571 | return BUFFER_ERROR; /* TCA response MUST be empty. */ |
wolfSSL | 16:8e0d178b1d1e | 2572 | |
wolfSSL | 16:8e0d178b1d1e | 2573 | /* Set the flag that we're good for keys */ |
wolfSSL | 16:8e0d178b1d1e | 2574 | TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2575 | |
wolfSSL | 16:8e0d178b1d1e | 2576 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 2577 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2578 | } |
wolfSSL | 16:8e0d178b1d1e | 2579 | |
wolfSSL | 16:8e0d178b1d1e | 2580 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 16:8e0d178b1d1e | 2581 | if (!extension || !extension->data) { |
wolfSSL | 16:8e0d178b1d1e | 2582 | /* Skipping, TCA not enabled at server side. */ |
wolfSSL | 16:8e0d178b1d1e | 2583 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 2584 | } |
wolfSSL | 16:8e0d178b1d1e | 2585 | |
wolfSSL | 16:8e0d178b1d1e | 2586 | if (OPAQUE16_LEN > length) |
wolfSSL | 16:8e0d178b1d1e | 2587 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2588 | |
wolfSSL | 16:8e0d178b1d1e | 2589 | ato16(input, &size); |
wolfSSL | 16:8e0d178b1d1e | 2590 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2591 | |
wolfSSL | 16:8e0d178b1d1e | 2592 | /* validating tca list length */ |
wolfSSL | 16:8e0d178b1d1e | 2593 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 16:8e0d178b1d1e | 2594 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2595 | |
wolfSSL | 16:8e0d178b1d1e | 2596 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 16:8e0d178b1d1e | 2597 | TCA *tca = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2598 | byte type; |
wolfSSL | 16:8e0d178b1d1e | 2599 | const byte* id = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2600 | word16 idSz = 0; |
wolfSSL | 16:8e0d178b1d1e | 2601 | |
wolfSSL | 16:8e0d178b1d1e | 2602 | if (offset + ENUM_LEN > length) |
wolfSSL | 16:8e0d178b1d1e | 2603 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2604 | |
wolfSSL | 16:8e0d178b1d1e | 2605 | type = input[offset++]; |
wolfSSL | 16:8e0d178b1d1e | 2606 | |
wolfSSL | 16:8e0d178b1d1e | 2607 | switch (type) { |
wolfSSL | 16:8e0d178b1d1e | 2608 | case WOLFSSL_TRUSTED_CA_PRE_AGREED: |
wolfSSL | 16:8e0d178b1d1e | 2609 | break; |
wolfSSL | 16:8e0d178b1d1e | 2610 | #ifndef NO_SHA |
wolfSSL | 16:8e0d178b1d1e | 2611 | case WOLFSSL_TRUSTED_CA_KEY_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2612 | case WOLFSSL_TRUSTED_CA_CERT_SHA1: |
wolfSSL | 16:8e0d178b1d1e | 2613 | if (offset + WC_SHA_DIGEST_SIZE > length) |
wolfSSL | 16:8e0d178b1d1e | 2614 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2615 | idSz = WC_SHA_DIGEST_SIZE; |
wolfSSL | 16:8e0d178b1d1e | 2616 | id = input + offset; |
wolfSSL | 16:8e0d178b1d1e | 2617 | offset += idSz; |
wolfSSL | 16:8e0d178b1d1e | 2618 | break; |
wolfSSL | 16:8e0d178b1d1e | 2619 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2620 | case WOLFSSL_TRUSTED_CA_X509_NAME: |
wolfSSL | 16:8e0d178b1d1e | 2621 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 16:8e0d178b1d1e | 2622 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2623 | ato16(input + offset, &idSz); |
wolfSSL | 16:8e0d178b1d1e | 2624 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 2625 | if ((offset > length) || (idSz > length - offset)) |
wolfSSL | 16:8e0d178b1d1e | 2626 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2627 | id = input + offset; |
wolfSSL | 16:8e0d178b1d1e | 2628 | offset += idSz; |
wolfSSL | 16:8e0d178b1d1e | 2629 | break; |
wolfSSL | 16:8e0d178b1d1e | 2630 | default: |
wolfSSL | 16:8e0d178b1d1e | 2631 | return TCA_INVALID_ID_TYPE; |
wolfSSL | 16:8e0d178b1d1e | 2632 | } |
wolfSSL | 16:8e0d178b1d1e | 2633 | |
wolfSSL | 16:8e0d178b1d1e | 2634 | /* Find the type/ID in the TCA list. */ |
wolfSSL | 16:8e0d178b1d1e | 2635 | tca = TLSX_TCA_Find((TCA*)extension->data, type, id, idSz); |
wolfSSL | 16:8e0d178b1d1e | 2636 | if (tca != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2637 | /* Found it. Set the response flag and break out of the loop. */ |
wolfSSL | 16:8e0d178b1d1e | 2638 | TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2639 | break; |
wolfSSL | 16:8e0d178b1d1e | 2640 | } |
wolfSSL | 16:8e0d178b1d1e | 2641 | } |
wolfSSL | 16:8e0d178b1d1e | 2642 | #else |
wolfSSL | 16:8e0d178b1d1e | 2643 | (void)input; |
wolfSSL | 16:8e0d178b1d1e | 2644 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2645 | |
wolfSSL | 16:8e0d178b1d1e | 2646 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 2647 | } |
wolfSSL | 16:8e0d178b1d1e | 2648 | |
wolfSSL | 16:8e0d178b1d1e | 2649 | /* Checks to see if the server sent a response for the TCA. */ |
wolfSSL | 16:8e0d178b1d1e | 2650 | static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest) |
wolfSSL | 16:8e0d178b1d1e | 2651 | { |
wolfSSL | 16:8e0d178b1d1e | 2652 | (void)ssl; |
wolfSSL | 16:8e0d178b1d1e | 2653 | |
wolfSSL | 16:8e0d178b1d1e | 2654 | if (!isRequest) { |
wolfSSL | 16:8e0d178b1d1e | 2655 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 2656 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2657 | |
wolfSSL | 16:8e0d178b1d1e | 2658 | if (extension && !extension->resp) { |
wolfSSL | 16:8e0d178b1d1e | 2659 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 16:8e0d178b1d1e | 2660 | return TCA_ABSENT_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 2661 | } |
wolfSSL | 16:8e0d178b1d1e | 2662 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 16:8e0d178b1d1e | 2663 | } |
wolfSSL | 16:8e0d178b1d1e | 2664 | |
wolfSSL | 16:8e0d178b1d1e | 2665 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 2666 | } |
wolfSSL | 16:8e0d178b1d1e | 2667 | |
wolfSSL | 16:8e0d178b1d1e | 2668 | int TLSX_UseTrustedCA(TLSX** extensions, byte type, |
wolfSSL | 16:8e0d178b1d1e | 2669 | const byte* id, word16 idSz, void* heap) |
wolfSSL | 16:8e0d178b1d1e | 2670 | { |
wolfSSL | 16:8e0d178b1d1e | 2671 | TLSX* extension; |
wolfSSL | 16:8e0d178b1d1e | 2672 | TCA* tca = NULL; |
wolfSSL | 16:8e0d178b1d1e | 2673 | |
wolfSSL | 16:8e0d178b1d1e | 2674 | if (extensions == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2675 | return BAD_FUNC_ARG; |
wolfSSL | 16:8e0d178b1d1e | 2676 | |
wolfSSL | 16:8e0d178b1d1e | 2677 | if ((tca = TLSX_TCA_New(type, id, idSz, heap)) == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2678 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 2679 | |
wolfSSL | 16:8e0d178b1d1e | 2680 | extension = TLSX_Find(*extensions, TLSX_TRUSTED_CA_KEYS); |
wolfSSL | 16:8e0d178b1d1e | 2681 | if (!extension) { |
wolfSSL | 16:8e0d178b1d1e | 2682 | int ret = TLSX_Push(extensions, TLSX_TRUSTED_CA_KEYS, (void*)tca, heap); |
wolfSSL | 16:8e0d178b1d1e | 2683 | |
wolfSSL | 16:8e0d178b1d1e | 2684 | if (ret != 0) { |
wolfSSL | 16:8e0d178b1d1e | 2685 | TLSX_TCA_Free(tca, heap); |
wolfSSL | 16:8e0d178b1d1e | 2686 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 2687 | } |
wolfSSL | 16:8e0d178b1d1e | 2688 | } |
wolfSSL | 16:8e0d178b1d1e | 2689 | else { |
wolfSSL | 16:8e0d178b1d1e | 2690 | /* push new TCA object to extension data. */ |
wolfSSL | 16:8e0d178b1d1e | 2691 | tca->next = (TCA*)extension->data; |
wolfSSL | 16:8e0d178b1d1e | 2692 | extension->data = (void*)tca; |
wolfSSL | 16:8e0d178b1d1e | 2693 | } |
wolfSSL | 16:8e0d178b1d1e | 2694 | |
wolfSSL | 16:8e0d178b1d1e | 2695 | return WOLFSSL_SUCCESS; |
wolfSSL | 16:8e0d178b1d1e | 2696 | } |
wolfSSL | 16:8e0d178b1d1e | 2697 | |
wolfSSL | 16:8e0d178b1d1e | 2698 | #define TCA_FREE_ALL TLSX_TCA_FreeAll |
wolfSSL | 16:8e0d178b1d1e | 2699 | #define TCA_GET_SIZE TLSX_TCA_GetSize |
wolfSSL | 16:8e0d178b1d1e | 2700 | #define TCA_WRITE TLSX_TCA_Write |
wolfSSL | 16:8e0d178b1d1e | 2701 | #define TCA_PARSE TLSX_TCA_Parse |
wolfSSL | 16:8e0d178b1d1e | 2702 | #define TCA_VERIFY_PARSE TLSX_TCA_VerifyParse |
wolfSSL | 16:8e0d178b1d1e | 2703 | |
wolfSSL | 16:8e0d178b1d1e | 2704 | #else /* HAVE_TRUSTED_CA */ |
wolfSSL | 16:8e0d178b1d1e | 2705 | |
wolfSSL | 16:8e0d178b1d1e | 2706 | #define TCA_FREE_ALL(list, heap) |
wolfSSL | 16:8e0d178b1d1e | 2707 | #define TCA_GET_SIZE(list) 0 |
wolfSSL | 16:8e0d178b1d1e | 2708 | #define TCA_WRITE(a, b) 0 |
wolfSSL | 16:8e0d178b1d1e | 2709 | #define TCA_PARSE(a, b, c, d) 0 |
wolfSSL | 16:8e0d178b1d1e | 2710 | #define TCA_VERIFY_PARSE(a, b) 0 |
wolfSSL | 16:8e0d178b1d1e | 2711 | |
wolfSSL | 16:8e0d178b1d1e | 2712 | #endif /* HAVE_TRUSTED_CA */ |
wolfSSL | 16:8e0d178b1d1e | 2713 | |
wolfSSL | 16:8e0d178b1d1e | 2714 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2715 | /* Max Fragment Length Negotiation */ |
wolfSSL | 15:117db924cf7c | 2716 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2717 | |
wolfSSL | 15:117db924cf7c | 2718 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 15:117db924cf7c | 2719 | |
wolfSSL | 15:117db924cf7c | 2720 | static word16 TLSX_MFL_Write(byte* data, byte* output) |
wolfSSL | 15:117db924cf7c | 2721 | { |
wolfSSL | 15:117db924cf7c | 2722 | output[0] = data[0]; |
wolfSSL | 15:117db924cf7c | 2723 | |
wolfSSL | 15:117db924cf7c | 2724 | return ENUM_LEN; |
wolfSSL | 15:117db924cf7c | 2725 | } |
wolfSSL | 15:117db924cf7c | 2726 | |
wolfSSL | 15:117db924cf7c | 2727 | static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 2728 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 2729 | { |
wolfSSL | 15:117db924cf7c | 2730 | if (length != ENUM_LEN) |
wolfSSL | 15:117db924cf7c | 2731 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2732 | |
wolfSSL | 15:117db924cf7c | 2733 | #ifdef WOLFSSL_OLD_UNSUPPORTED_EXTENSION |
wolfSSL | 15:117db924cf7c | 2734 | (void) isRequest; |
wolfSSL | 15:117db924cf7c | 2735 | #else |
wolfSSL | 15:117db924cf7c | 2736 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 2737 | if (TLSX_CheckUnsupportedExtension(ssl, TLSX_MAX_FRAGMENT_LENGTH)) |
wolfSSL | 15:117db924cf7c | 2738 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 2739 | #endif |
wolfSSL | 15:117db924cf7c | 2740 | |
wolfSSL | 15:117db924cf7c | 2741 | switch (*input) { |
wolfSSL | 16:8e0d178b1d1e | 2742 | case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break; |
wolfSSL | 15:117db924cf7c | 2743 | case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; |
wolfSSL | 15:117db924cf7c | 2744 | case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; |
wolfSSL | 15:117db924cf7c | 2745 | case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; |
wolfSSL | 15:117db924cf7c | 2746 | case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; |
wolfSSL | 15:117db924cf7c | 2747 | case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; |
wolfSSL | 15:117db924cf7c | 2748 | |
wolfSSL | 15:117db924cf7c | 2749 | default: |
wolfSSL | 15:117db924cf7c | 2750 | SendAlert(ssl, alert_fatal, illegal_parameter); |
wolfSSL | 15:117db924cf7c | 2751 | |
wolfSSL | 15:117db924cf7c | 2752 | return UNKNOWN_MAX_FRAG_LEN_E; |
wolfSSL | 15:117db924cf7c | 2753 | } |
wolfSSL | 15:117db924cf7c | 2754 | |
wolfSSL | 15:117db924cf7c | 2755 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2756 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 2757 | int ret = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); |
wolfSSL | 15:117db924cf7c | 2758 | |
wolfSSL | 15:117db924cf7c | 2759 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 2760 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 2761 | |
wolfSSL | 15:117db924cf7c | 2762 | TLSX_SetResponse(ssl, TLSX_MAX_FRAGMENT_LENGTH); |
wolfSSL | 15:117db924cf7c | 2763 | } |
wolfSSL | 15:117db924cf7c | 2764 | #endif |
wolfSSL | 15:117db924cf7c | 2765 | |
wolfSSL | 15:117db924cf7c | 2766 | return 0; |
wolfSSL | 15:117db924cf7c | 2767 | } |
wolfSSL | 15:117db924cf7c | 2768 | |
wolfSSL | 15:117db924cf7c | 2769 | int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap) |
wolfSSL | 15:117db924cf7c | 2770 | { |
wolfSSL | 15:117db924cf7c | 2771 | byte* data = NULL; |
wolfSSL | 15:117db924cf7c | 2772 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 2773 | |
wolfSSL | 16:8e0d178b1d1e | 2774 | if (extensions == NULL || mfl < WOLFSSL_MFL_MIN || mfl > WOLFSSL_MFL_MAX) |
wolfSSL | 15:117db924cf7c | 2775 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 2776 | |
wolfSSL | 15:117db924cf7c | 2777 | data = (byte*)XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 2778 | if (data == NULL) |
wolfSSL | 15:117db924cf7c | 2779 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 2780 | |
wolfSSL | 15:117db924cf7c | 2781 | data[0] = mfl; |
wolfSSL | 15:117db924cf7c | 2782 | |
wolfSSL | 15:117db924cf7c | 2783 | ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap); |
wolfSSL | 15:117db924cf7c | 2784 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 2785 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 2786 | return ret; |
wolfSSL | 15:117db924cf7c | 2787 | } |
wolfSSL | 15:117db924cf7c | 2788 | |
wolfSSL | 15:117db924cf7c | 2789 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 2790 | } |
wolfSSL | 15:117db924cf7c | 2791 | |
wolfSSL | 15:117db924cf7c | 2792 | |
wolfSSL | 15:117db924cf7c | 2793 | #define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 15:117db924cf7c | 2794 | #define MFL_GET_SIZE(data) ENUM_LEN |
wolfSSL | 15:117db924cf7c | 2795 | #define MFL_WRITE TLSX_MFL_Write |
wolfSSL | 15:117db924cf7c | 2796 | #define MFL_PARSE TLSX_MFL_Parse |
wolfSSL | 15:117db924cf7c | 2797 | |
wolfSSL | 15:117db924cf7c | 2798 | #else |
wolfSSL | 15:117db924cf7c | 2799 | |
wolfSSL | 15:117db924cf7c | 2800 | #define MFL_FREE_ALL(a, b) |
wolfSSL | 15:117db924cf7c | 2801 | #define MFL_GET_SIZE(a) 0 |
wolfSSL | 15:117db924cf7c | 2802 | #define MFL_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 2803 | #define MFL_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 2804 | |
wolfSSL | 15:117db924cf7c | 2805 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 15:117db924cf7c | 2806 | |
wolfSSL | 15:117db924cf7c | 2807 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2808 | /* Truncated HMAC */ |
wolfSSL | 15:117db924cf7c | 2809 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2810 | |
wolfSSL | 15:117db924cf7c | 2811 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 15:117db924cf7c | 2812 | |
wolfSSL | 15:117db924cf7c | 2813 | static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 2814 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 2815 | { |
wolfSSL | 15:117db924cf7c | 2816 | if (length != 0 || input == NULL) |
wolfSSL | 15:117db924cf7c | 2817 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 2818 | |
wolfSSL | 15:117db924cf7c | 2819 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 2820 | #ifndef WOLFSSL_OLD_UNSUPPORTED_EXTENSION |
wolfSSL | 15:117db924cf7c | 2821 | if (TLSX_CheckUnsupportedExtension(ssl, TLSX_TRUNCATED_HMAC)) |
wolfSSL | 15:117db924cf7c | 2822 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 2823 | #endif |
wolfSSL | 15:117db924cf7c | 2824 | } |
wolfSSL | 15:117db924cf7c | 2825 | else { |
wolfSSL | 15:117db924cf7c | 2826 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 2827 | int ret = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); |
wolfSSL | 15:117db924cf7c | 2828 | |
wolfSSL | 15:117db924cf7c | 2829 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 2830 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 2831 | |
wolfSSL | 15:117db924cf7c | 2832 | TLSX_SetResponse(ssl, TLSX_TRUNCATED_HMAC); |
wolfSSL | 15:117db924cf7c | 2833 | #endif |
wolfSSL | 15:117db924cf7c | 2834 | } |
wolfSSL | 15:117db924cf7c | 2835 | |
wolfSSL | 15:117db924cf7c | 2836 | ssl->truncated_hmac = 1; |
wolfSSL | 15:117db924cf7c | 2837 | |
wolfSSL | 15:117db924cf7c | 2838 | return 0; |
wolfSSL | 15:117db924cf7c | 2839 | } |
wolfSSL | 15:117db924cf7c | 2840 | |
wolfSSL | 15:117db924cf7c | 2841 | int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) |
wolfSSL | 15:117db924cf7c | 2842 | { |
wolfSSL | 15:117db924cf7c | 2843 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 2844 | |
wolfSSL | 15:117db924cf7c | 2845 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 2846 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 2847 | |
wolfSSL | 15:117db924cf7c | 2848 | ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap); |
wolfSSL | 15:117db924cf7c | 2849 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 2850 | return ret; |
wolfSSL | 15:117db924cf7c | 2851 | |
wolfSSL | 15:117db924cf7c | 2852 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 2853 | } |
wolfSSL | 15:117db924cf7c | 2854 | |
wolfSSL | 15:117db924cf7c | 2855 | #define THM_PARSE TLSX_THM_Parse |
wolfSSL | 15:117db924cf7c | 2856 | |
wolfSSL | 15:117db924cf7c | 2857 | #else |
wolfSSL | 15:117db924cf7c | 2858 | |
wolfSSL | 15:117db924cf7c | 2859 | #define THM_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 2860 | |
wolfSSL | 15:117db924cf7c | 2861 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 15:117db924cf7c | 2862 | |
wolfSSL | 15:117db924cf7c | 2863 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2864 | /* Certificate Status Request */ |
wolfSSL | 15:117db924cf7c | 2865 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 2866 | |
wolfSSL | 15:117db924cf7c | 2867 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 2868 | |
wolfSSL | 15:117db924cf7c | 2869 | static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) |
wolfSSL | 15:117db924cf7c | 2870 | { |
wolfSSL | 15:117db924cf7c | 2871 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 2872 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 2873 | FreeOcspRequest(&csr->request.ocsp); |
wolfSSL | 15:117db924cf7c | 2874 | break; |
wolfSSL | 15:117db924cf7c | 2875 | } |
wolfSSL | 15:117db924cf7c | 2876 | |
wolfSSL | 15:117db924cf7c | 2877 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 2878 | (void)heap; |
wolfSSL | 15:117db924cf7c | 2879 | } |
wolfSSL | 15:117db924cf7c | 2880 | |
wolfSSL | 15:117db924cf7c | 2881 | static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) |
wolfSSL | 15:117db924cf7c | 2882 | { |
wolfSSL | 15:117db924cf7c | 2883 | word16 size = 0; |
wolfSSL | 15:117db924cf7c | 2884 | |
wolfSSL | 15:117db924cf7c | 2885 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 2886 | (void) csr; (void) isRequest; |
wolfSSL | 15:117db924cf7c | 2887 | |
wolfSSL | 15:117db924cf7c | 2888 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 2889 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 2890 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 2891 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 2892 | size += ENUM_LEN + 2 * OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2893 | |
wolfSSL | 15:117db924cf7c | 2894 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 15:117db924cf7c | 2895 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 15:117db924cf7c | 2896 | break; |
wolfSSL | 15:117db924cf7c | 2897 | } |
wolfSSL | 15:117db924cf7c | 2898 | } |
wolfSSL | 15:117db924cf7c | 2899 | #endif |
wolfSSL | 15:117db924cf7c | 2900 | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 16:8e0d178b1d1e | 2901 | if (!isRequest && csr->ssl->options.tls1_3) |
wolfSSL | 15:117db924cf7c | 2902 | return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length; |
wolfSSL | 15:117db924cf7c | 2903 | #endif |
wolfSSL | 15:117db924cf7c | 2904 | |
wolfSSL | 15:117db924cf7c | 2905 | return size; |
wolfSSL | 15:117db924cf7c | 2906 | } |
wolfSSL | 15:117db924cf7c | 2907 | |
wolfSSL | 15:117db924cf7c | 2908 | static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, |
wolfSSL | 15:117db924cf7c | 2909 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 2910 | { |
wolfSSL | 15:117db924cf7c | 2911 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 2912 | (void) csr; (void) output; (void) isRequest; |
wolfSSL | 15:117db924cf7c | 2913 | |
wolfSSL | 15:117db924cf7c | 2914 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 2915 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 2916 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 2917 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 2918 | |
wolfSSL | 15:117db924cf7c | 2919 | /* type */ |
wolfSSL | 15:117db924cf7c | 2920 | output[offset++] = csr->status_type; |
wolfSSL | 15:117db924cf7c | 2921 | |
wolfSSL | 15:117db924cf7c | 2922 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 2923 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 2924 | /* responder id list */ |
wolfSSL | 15:117db924cf7c | 2925 | c16toa(0, output + offset); |
wolfSSL | 15:117db924cf7c | 2926 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 2927 | |
wolfSSL | 15:117db924cf7c | 2928 | /* request extensions */ |
wolfSSL | 15:117db924cf7c | 2929 | if (csr->request.ocsp.nonceSz) |
wolfSSL | 15:117db924cf7c | 2930 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 15:117db924cf7c | 2931 | &csr->request.ocsp, |
wolfSSL | 15:117db924cf7c | 2932 | output + offset + OPAQUE16_LEN, |
wolfSSL | 15:117db924cf7c | 2933 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 15:117db924cf7c | 2934 | |
wolfSSL | 15:117db924cf7c | 2935 | c16toa(length, output + offset); |
wolfSSL | 15:117db924cf7c | 2936 | offset += OPAQUE16_LEN + length; |
wolfSSL | 15:117db924cf7c | 2937 | |
wolfSSL | 15:117db924cf7c | 2938 | break; |
wolfSSL | 15:117db924cf7c | 2939 | } |
wolfSSL | 15:117db924cf7c | 2940 | |
wolfSSL | 15:117db924cf7c | 2941 | return offset; |
wolfSSL | 15:117db924cf7c | 2942 | } |
wolfSSL | 15:117db924cf7c | 2943 | #endif |
wolfSSL | 15:117db924cf7c | 2944 | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 2945 | if (!isRequest && csr->ssl->options.tls1_3) { |
wolfSSL | 15:117db924cf7c | 2946 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 2947 | output[offset++] = csr->status_type; |
wolfSSL | 15:117db924cf7c | 2948 | c32to24(csr->response.length, output + offset); |
wolfSSL | 15:117db924cf7c | 2949 | offset += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 2950 | XMEMCPY(output + offset, csr->response.buffer, csr->response.length); |
wolfSSL | 15:117db924cf7c | 2951 | offset += csr->response.length; |
wolfSSL | 15:117db924cf7c | 2952 | return offset; |
wolfSSL | 15:117db924cf7c | 2953 | } |
wolfSSL | 15:117db924cf7c | 2954 | #endif |
wolfSSL | 15:117db924cf7c | 2955 | |
wolfSSL | 15:117db924cf7c | 2956 | return 0; |
wolfSSL | 15:117db924cf7c | 2957 | } |
wolfSSL | 15:117db924cf7c | 2958 | |
wolfSSL | 15:117db924cf7c | 2959 | static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 2960 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 2961 | { |
wolfSSL | 15:117db924cf7c | 2962 | int ret; |
wolfSSL | 15:117db924cf7c | 2963 | |
wolfSSL | 15:117db924cf7c | 2964 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 2965 | (void) ssl; (void) input; |
wolfSSL | 15:117db924cf7c | 2966 | |
wolfSSL | 15:117db924cf7c | 2967 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 2968 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 2969 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 2970 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 15:117db924cf7c | 2971 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 2972 | |
wolfSSL | 15:117db924cf7c | 2973 | if (!csr) { |
wolfSSL | 15:117db924cf7c | 2974 | /* look at context level */ |
wolfSSL | 15:117db924cf7c | 2975 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 2976 | csr = extension ? (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 2977 | |
wolfSSL | 15:117db924cf7c | 2978 | if (!csr) /* unexpected extension */ |
wolfSSL | 15:117db924cf7c | 2979 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 2980 | |
wolfSSL | 15:117db924cf7c | 2981 | /* enable extension at ssl level */ |
wolfSSL | 15:117db924cf7c | 2982 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, |
wolfSSL | 15:117db924cf7c | 2983 | csr->status_type, csr->options, ssl, |
wolfSSL | 15:117db924cf7c | 2984 | ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 2985 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 2986 | return ret; |
wolfSSL | 15:117db924cf7c | 2987 | |
wolfSSL | 15:117db924cf7c | 2988 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 2989 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 2990 | /* propagate nonce */ |
wolfSSL | 15:117db924cf7c | 2991 | if (csr->request.ocsp.nonceSz) { |
wolfSSL | 15:117db924cf7c | 2992 | OcspRequest* request = |
wolfSSL | 15:117db924cf7c | 2993 | (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); |
wolfSSL | 15:117db924cf7c | 2994 | |
wolfSSL | 15:117db924cf7c | 2995 | if (request) { |
wolfSSL | 15:117db924cf7c | 2996 | XMEMCPY(request->nonce, csr->request.ocsp.nonce, |
wolfSSL | 15:117db924cf7c | 2997 | csr->request.ocsp.nonceSz); |
wolfSSL | 15:117db924cf7c | 2998 | request->nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 15:117db924cf7c | 2999 | } |
wolfSSL | 15:117db924cf7c | 3000 | } |
wolfSSL | 15:117db924cf7c | 3001 | break; |
wolfSSL | 15:117db924cf7c | 3002 | } |
wolfSSL | 15:117db924cf7c | 3003 | } |
wolfSSL | 15:117db924cf7c | 3004 | |
wolfSSL | 15:117db924cf7c | 3005 | ssl->status_request = 1; |
wolfSSL | 15:117db924cf7c | 3006 | |
wolfSSL | 15:117db924cf7c | 3007 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 3008 | if (ssl->options.tls1_3) { |
wolfSSL | 15:117db924cf7c | 3009 | word32 resp_length; |
wolfSSL | 15:117db924cf7c | 3010 | word32 offset = 0; |
wolfSSL | 16:8e0d178b1d1e | 3011 | |
wolfSSL | 16:8e0d178b1d1e | 3012 | /* Get the new extension potentially created above. */ |
wolfSSL | 16:8e0d178b1d1e | 3013 | extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 16:8e0d178b1d1e | 3014 | csr = extension ? (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 16:8e0d178b1d1e | 3015 | if (csr == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3016 | return MEMORY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 3017 | |
wolfSSL | 15:117db924cf7c | 3018 | ret = 0; |
wolfSSL | 15:117db924cf7c | 3019 | if (OPAQUE8_LEN + OPAQUE24_LEN > length) |
wolfSSL | 15:117db924cf7c | 3020 | ret = BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3021 | if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP) |
wolfSSL | 15:117db924cf7c | 3022 | ret = BAD_CERTIFICATE_STATUS_ERROR; |
wolfSSL | 15:117db924cf7c | 3023 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 3024 | c24to32(input + offset, &resp_length); |
wolfSSL | 15:117db924cf7c | 3025 | offset += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 3026 | if (offset + resp_length != length) |
wolfSSL | 15:117db924cf7c | 3027 | ret = BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3028 | } |
wolfSSL | 16:8e0d178b1d1e | 3029 | #if !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 3030 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 3031 | csr->response.buffer = input + offset; |
wolfSSL | 15:117db924cf7c | 3032 | csr->response.length = resp_length; |
wolfSSL | 15:117db924cf7c | 3033 | } |
wolfSSL | 16:8e0d178b1d1e | 3034 | #endif |
wolfSSL | 15:117db924cf7c | 3035 | |
wolfSSL | 15:117db924cf7c | 3036 | return ret; |
wolfSSL | 15:117db924cf7c | 3037 | } |
wolfSSL | 15:117db924cf7c | 3038 | else |
wolfSSL | 15:117db924cf7c | 3039 | #endif |
wolfSSL | 15:117db924cf7c | 3040 | { |
wolfSSL | 15:117db924cf7c | 3041 | /* extension_data MUST be empty. */ |
wolfSSL | 15:117db924cf7c | 3042 | return length ? BUFFER_ERROR : 0; |
wolfSSL | 15:117db924cf7c | 3043 | } |
wolfSSL | 15:117db924cf7c | 3044 | #endif |
wolfSSL | 15:117db924cf7c | 3045 | } |
wolfSSL | 15:117db924cf7c | 3046 | else { |
wolfSSL | 15:117db924cf7c | 3047 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 3048 | byte status_type; |
wolfSSL | 15:117db924cf7c | 3049 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 3050 | word16 size = 0; |
wolfSSL | 15:117db924cf7c | 3051 | |
wolfSSL | 16:8e0d178b1d1e | 3052 | if (length == 0) |
wolfSSL | 16:8e0d178b1d1e | 3053 | return 0; |
wolfSSL | 15:117db924cf7c | 3054 | if (length < ENUM_LEN) |
wolfSSL | 15:117db924cf7c | 3055 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3056 | |
wolfSSL | 15:117db924cf7c | 3057 | status_type = input[offset++]; |
wolfSSL | 15:117db924cf7c | 3058 | |
wolfSSL | 15:117db924cf7c | 3059 | switch (status_type) { |
wolfSSL | 15:117db924cf7c | 3060 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 15:117db924cf7c | 3061 | |
wolfSSL | 15:117db924cf7c | 3062 | /* skip responder_id_list */ |
wolfSSL | 15:117db924cf7c | 3063 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3064 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3065 | |
wolfSSL | 15:117db924cf7c | 3066 | ato16(input + offset, &size); |
wolfSSL | 15:117db924cf7c | 3067 | offset += OPAQUE16_LEN + size; |
wolfSSL | 15:117db924cf7c | 3068 | |
wolfSSL | 15:117db924cf7c | 3069 | /* skip request_extensions */ |
wolfSSL | 15:117db924cf7c | 3070 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3071 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3072 | |
wolfSSL | 15:117db924cf7c | 3073 | ato16(input + offset, &size); |
wolfSSL | 15:117db924cf7c | 3074 | offset += OPAQUE16_LEN + size; |
wolfSSL | 15:117db924cf7c | 3075 | |
wolfSSL | 15:117db924cf7c | 3076 | if (offset > length) |
wolfSSL | 15:117db924cf7c | 3077 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3078 | |
wolfSSL | 15:117db924cf7c | 3079 | /* is able to send OCSP response? */ |
wolfSSL | 15:117db924cf7c | 3080 | if (ssl->ctx->cm == NULL || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 15:117db924cf7c | 3081 | return 0; |
wolfSSL | 15:117db924cf7c | 3082 | } |
wolfSSL | 15:117db924cf7c | 3083 | break; |
wolfSSL | 15:117db924cf7c | 3084 | |
wolfSSL | 15:117db924cf7c | 3085 | /* unknown status type */ |
wolfSSL | 15:117db924cf7c | 3086 | default: |
wolfSSL | 15:117db924cf7c | 3087 | return 0; |
wolfSSL | 15:117db924cf7c | 3088 | } |
wolfSSL | 15:117db924cf7c | 3089 | |
wolfSSL | 15:117db924cf7c | 3090 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 15:117db924cf7c | 3091 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 15:117db924cf7c | 3092 | if (ssl->status_request_v2) |
wolfSSL | 15:117db924cf7c | 3093 | return 0; |
wolfSSL | 15:117db924cf7c | 3094 | #endif |
wolfSSL | 15:117db924cf7c | 3095 | |
wolfSSL | 15:117db924cf7c | 3096 | /* accept the first good status_type and return */ |
wolfSSL | 15:117db924cf7c | 3097 | ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, |
wolfSSL | 15:117db924cf7c | 3098 | 0, ssl, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 3099 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 3100 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 3101 | |
wolfSSL | 16:8e0d178b1d1e | 3102 | #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 16:8e0d178b1d1e | 3103 | if (ssl->options.tls1_3) { |
wolfSSL | 16:8e0d178b1d1e | 3104 | OcspRequest* request; |
wolfSSL | 16:8e0d178b1d1e | 3105 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 16:8e0d178b1d1e | 3106 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 16:8e0d178b1d1e | 3107 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 16:8e0d178b1d1e | 3108 | if (csr == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3109 | return MEMORY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 3110 | |
wolfSSL | 16:8e0d178b1d1e | 3111 | request = &csr->request.ocsp; |
wolfSSL | 16:8e0d178b1d1e | 3112 | ret = CreateOcspResponse(ssl, &request, &csr->response); |
wolfSSL | 16:8e0d178b1d1e | 3113 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 3114 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 3115 | if (csr->response.buffer) |
wolfSSL | 16:8e0d178b1d1e | 3116 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); |
wolfSSL | 16:8e0d178b1d1e | 3117 | } |
wolfSSL | 16:8e0d178b1d1e | 3118 | else |
wolfSSL | 16:8e0d178b1d1e | 3119 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3120 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 3121 | ssl->status_request = status_type; |
wolfSSL | 15:117db924cf7c | 3122 | #endif |
wolfSSL | 15:117db924cf7c | 3123 | } |
wolfSSL | 15:117db924cf7c | 3124 | |
wolfSSL | 15:117db924cf7c | 3125 | return 0; |
wolfSSL | 15:117db924cf7c | 3126 | } |
wolfSSL | 15:117db924cf7c | 3127 | |
wolfSSL | 15:117db924cf7c | 3128 | int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) |
wolfSSL | 15:117db924cf7c | 3129 | { |
wolfSSL | 15:117db924cf7c | 3130 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 3131 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 15:117db924cf7c | 3132 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3133 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 3134 | |
wolfSSL | 15:117db924cf7c | 3135 | if (csr) { |
wolfSSL | 15:117db924cf7c | 3136 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 3137 | case WOLFSSL_CSR_OCSP: { |
wolfSSL | 15:117db924cf7c | 3138 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 15:117db924cf7c | 3139 | int nonceSz = csr->request.ocsp.nonceSz; |
wolfSSL | 15:117db924cf7c | 3140 | |
wolfSSL | 15:117db924cf7c | 3141 | /* preserve nonce */ |
wolfSSL | 15:117db924cf7c | 3142 | XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); |
wolfSSL | 15:117db924cf7c | 3143 | |
wolfSSL | 15:117db924cf7c | 3144 | if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) |
wolfSSL | 15:117db924cf7c | 3145 | != 0) |
wolfSSL | 15:117db924cf7c | 3146 | return ret; |
wolfSSL | 15:117db924cf7c | 3147 | |
wolfSSL | 15:117db924cf7c | 3148 | /* restore nonce */ |
wolfSSL | 15:117db924cf7c | 3149 | XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); |
wolfSSL | 15:117db924cf7c | 3150 | csr->request.ocsp.nonceSz = nonceSz; |
wolfSSL | 15:117db924cf7c | 3151 | } |
wolfSSL | 15:117db924cf7c | 3152 | break; |
wolfSSL | 15:117db924cf7c | 3153 | } |
wolfSSL | 15:117db924cf7c | 3154 | } |
wolfSSL | 15:117db924cf7c | 3155 | |
wolfSSL | 15:117db924cf7c | 3156 | return ret; |
wolfSSL | 15:117db924cf7c | 3157 | } |
wolfSSL | 15:117db924cf7c | 3158 | |
wolfSSL | 15:117db924cf7c | 3159 | void* TLSX_CSR_GetRequest(TLSX* extensions) |
wolfSSL | 15:117db924cf7c | 3160 | { |
wolfSSL | 15:117db924cf7c | 3161 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 3162 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 15:117db924cf7c | 3163 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3164 | |
wolfSSL | 15:117db924cf7c | 3165 | if (csr) { |
wolfSSL | 15:117db924cf7c | 3166 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 3167 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 3168 | return &csr->request.ocsp; |
wolfSSL | 15:117db924cf7c | 3169 | break; |
wolfSSL | 15:117db924cf7c | 3170 | } |
wolfSSL | 15:117db924cf7c | 3171 | } |
wolfSSL | 15:117db924cf7c | 3172 | |
wolfSSL | 15:117db924cf7c | 3173 | return NULL; |
wolfSSL | 15:117db924cf7c | 3174 | } |
wolfSSL | 15:117db924cf7c | 3175 | |
wolfSSL | 15:117db924cf7c | 3176 | int TLSX_CSR_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 3177 | { |
wolfSSL | 15:117db924cf7c | 3178 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); |
wolfSSL | 15:117db924cf7c | 3179 | CertificateStatusRequest* csr = extension ? |
wolfSSL | 15:117db924cf7c | 3180 | (CertificateStatusRequest*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3181 | |
wolfSSL | 15:117db924cf7c | 3182 | if (csr) { |
wolfSSL | 15:117db924cf7c | 3183 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 3184 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 3185 | if (ssl->ctx->cm->ocspEnabled) { |
wolfSSL | 15:117db924cf7c | 3186 | csr->request.ocsp.ssl = ssl; |
wolfSSL | 15:117db924cf7c | 3187 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 15:117db924cf7c | 3188 | &csr->request.ocsp, NULL); |
wolfSSL | 15:117db924cf7c | 3189 | } |
wolfSSL | 15:117db924cf7c | 3190 | else |
wolfSSL | 15:117db924cf7c | 3191 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 15:117db924cf7c | 3192 | } |
wolfSSL | 15:117db924cf7c | 3193 | } |
wolfSSL | 15:117db924cf7c | 3194 | |
wolfSSL | 15:117db924cf7c | 3195 | return 0; |
wolfSSL | 15:117db924cf7c | 3196 | } |
wolfSSL | 15:117db924cf7c | 3197 | |
wolfSSL | 15:117db924cf7c | 3198 | int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, |
wolfSSL | 15:117db924cf7c | 3199 | byte options, WOLFSSL* ssl, void* heap, |
wolfSSL | 15:117db924cf7c | 3200 | int devId) |
wolfSSL | 15:117db924cf7c | 3201 | { |
wolfSSL | 15:117db924cf7c | 3202 | CertificateStatusRequest* csr = NULL; |
wolfSSL | 15:117db924cf7c | 3203 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 3204 | |
wolfSSL | 15:117db924cf7c | 3205 | if (!extensions || status_type != WOLFSSL_CSR_OCSP) |
wolfSSL | 15:117db924cf7c | 3206 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3207 | |
wolfSSL | 15:117db924cf7c | 3208 | csr = (CertificateStatusRequest*) |
wolfSSL | 15:117db924cf7c | 3209 | XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3210 | if (!csr) |
wolfSSL | 15:117db924cf7c | 3211 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 3212 | |
wolfSSL | 15:117db924cf7c | 3213 | ForceZero(csr, sizeof(CertificateStatusRequest)); |
wolfSSL | 15:117db924cf7c | 3214 | |
wolfSSL | 15:117db924cf7c | 3215 | csr->status_type = status_type; |
wolfSSL | 15:117db924cf7c | 3216 | csr->options = options; |
wolfSSL | 15:117db924cf7c | 3217 | csr->ssl = ssl; |
wolfSSL | 15:117db924cf7c | 3218 | |
wolfSSL | 15:117db924cf7c | 3219 | switch (csr->status_type) { |
wolfSSL | 15:117db924cf7c | 3220 | case WOLFSSL_CSR_OCSP: |
wolfSSL | 15:117db924cf7c | 3221 | if (options & WOLFSSL_CSR_OCSP_USE_NONCE) { |
wolfSSL | 15:117db924cf7c | 3222 | WC_RNG rng; |
wolfSSL | 15:117db924cf7c | 3223 | |
wolfSSL | 15:117db924cf7c | 3224 | #ifndef HAVE_FIPS |
wolfSSL | 15:117db924cf7c | 3225 | ret = wc_InitRng_ex(&rng, heap, devId); |
wolfSSL | 15:117db924cf7c | 3226 | #else |
wolfSSL | 15:117db924cf7c | 3227 | ret = wc_InitRng(&rng); |
wolfSSL | 15:117db924cf7c | 3228 | (void)devId; |
wolfSSL | 15:117db924cf7c | 3229 | #endif |
wolfSSL | 15:117db924cf7c | 3230 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 3231 | if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, |
wolfSSL | 15:117db924cf7c | 3232 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 15:117db924cf7c | 3233 | csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 15:117db924cf7c | 3234 | |
wolfSSL | 15:117db924cf7c | 3235 | wc_FreeRng(&rng); |
wolfSSL | 15:117db924cf7c | 3236 | } |
wolfSSL | 15:117db924cf7c | 3237 | } |
wolfSSL | 15:117db924cf7c | 3238 | break; |
wolfSSL | 15:117db924cf7c | 3239 | } |
wolfSSL | 15:117db924cf7c | 3240 | |
wolfSSL | 15:117db924cf7c | 3241 | if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) { |
wolfSSL | 15:117db924cf7c | 3242 | XFREE(csr, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3243 | return ret; |
wolfSSL | 15:117db924cf7c | 3244 | } |
wolfSSL | 15:117db924cf7c | 3245 | |
wolfSSL | 15:117db924cf7c | 3246 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 3247 | } |
wolfSSL | 15:117db924cf7c | 3248 | |
wolfSSL | 15:117db924cf7c | 3249 | #define CSR_FREE_ALL TLSX_CSR_Free |
wolfSSL | 15:117db924cf7c | 3250 | #define CSR_GET_SIZE TLSX_CSR_GetSize |
wolfSSL | 15:117db924cf7c | 3251 | #define CSR_WRITE TLSX_CSR_Write |
wolfSSL | 15:117db924cf7c | 3252 | #define CSR_PARSE TLSX_CSR_Parse |
wolfSSL | 15:117db924cf7c | 3253 | |
wolfSSL | 15:117db924cf7c | 3254 | #else |
wolfSSL | 15:117db924cf7c | 3255 | |
wolfSSL | 15:117db924cf7c | 3256 | #define CSR_FREE_ALL(data, heap) |
wolfSSL | 15:117db924cf7c | 3257 | #define CSR_GET_SIZE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 3258 | #define CSR_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 3259 | #define CSR_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 3260 | |
wolfSSL | 15:117db924cf7c | 3261 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ |
wolfSSL | 15:117db924cf7c | 3262 | |
wolfSSL | 15:117db924cf7c | 3263 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 3264 | /* Certificate Status Request v2 */ |
wolfSSL | 15:117db924cf7c | 3265 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 3266 | |
wolfSSL | 15:117db924cf7c | 3267 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 |
wolfSSL | 15:117db924cf7c | 3268 | |
wolfSSL | 15:117db924cf7c | 3269 | static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap) |
wolfSSL | 15:117db924cf7c | 3270 | { |
wolfSSL | 15:117db924cf7c | 3271 | CertificateStatusRequestItemV2* next; |
wolfSSL | 15:117db924cf7c | 3272 | |
wolfSSL | 15:117db924cf7c | 3273 | for (; csr2; csr2 = next) { |
wolfSSL | 15:117db924cf7c | 3274 | next = csr2->next; |
wolfSSL | 15:117db924cf7c | 3275 | |
wolfSSL | 15:117db924cf7c | 3276 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3277 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3278 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3279 | while(csr2->requests--) |
wolfSSL | 15:117db924cf7c | 3280 | FreeOcspRequest(&csr2->request.ocsp[csr2->requests]); |
wolfSSL | 15:117db924cf7c | 3281 | break; |
wolfSSL | 15:117db924cf7c | 3282 | } |
wolfSSL | 15:117db924cf7c | 3283 | |
wolfSSL | 15:117db924cf7c | 3284 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3285 | } |
wolfSSL | 15:117db924cf7c | 3286 | (void)heap; |
wolfSSL | 15:117db924cf7c | 3287 | } |
wolfSSL | 15:117db924cf7c | 3288 | |
wolfSSL | 15:117db924cf7c | 3289 | static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 15:117db924cf7c | 3290 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 3291 | { |
wolfSSL | 15:117db924cf7c | 3292 | word16 size = 0; |
wolfSSL | 15:117db924cf7c | 3293 | |
wolfSSL | 15:117db924cf7c | 3294 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 3295 | (void) csr2; (void) isRequest; |
wolfSSL | 15:117db924cf7c | 3296 | |
wolfSSL | 15:117db924cf7c | 3297 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 3298 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 3299 | CertificateStatusRequestItemV2* next; |
wolfSSL | 15:117db924cf7c | 3300 | |
wolfSSL | 15:117db924cf7c | 3301 | for (size = OPAQUE16_LEN; csr2; csr2 = next) { |
wolfSSL | 15:117db924cf7c | 3302 | next = csr2->next; |
wolfSSL | 15:117db924cf7c | 3303 | |
wolfSSL | 15:117db924cf7c | 3304 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3305 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3306 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3307 | size += ENUM_LEN + 3 * OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3308 | |
wolfSSL | 15:117db924cf7c | 3309 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 15:117db924cf7c | 3310 | size += OCSP_NONCE_EXT_SZ; |
wolfSSL | 15:117db924cf7c | 3311 | break; |
wolfSSL | 15:117db924cf7c | 3312 | } |
wolfSSL | 15:117db924cf7c | 3313 | } |
wolfSSL | 15:117db924cf7c | 3314 | } |
wolfSSL | 15:117db924cf7c | 3315 | #endif |
wolfSSL | 15:117db924cf7c | 3316 | |
wolfSSL | 15:117db924cf7c | 3317 | return size; |
wolfSSL | 15:117db924cf7c | 3318 | } |
wolfSSL | 15:117db924cf7c | 3319 | |
wolfSSL | 15:117db924cf7c | 3320 | static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, |
wolfSSL | 15:117db924cf7c | 3321 | byte* output, byte isRequest) |
wolfSSL | 15:117db924cf7c | 3322 | { |
wolfSSL | 15:117db924cf7c | 3323 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 3324 | (void) csr2; (void) output; (void) isRequest; |
wolfSSL | 15:117db924cf7c | 3325 | |
wolfSSL | 15:117db924cf7c | 3326 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 3327 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 3328 | word16 offset; |
wolfSSL | 15:117db924cf7c | 3329 | word16 length; |
wolfSSL | 15:117db924cf7c | 3330 | |
wolfSSL | 15:117db924cf7c | 3331 | for (offset = OPAQUE16_LEN; csr2 != NULL; csr2 = csr2->next) { |
wolfSSL | 15:117db924cf7c | 3332 | /* status_type */ |
wolfSSL | 15:117db924cf7c | 3333 | output[offset++] = csr2->status_type; |
wolfSSL | 15:117db924cf7c | 3334 | |
wolfSSL | 15:117db924cf7c | 3335 | /* request */ |
wolfSSL | 15:117db924cf7c | 3336 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3337 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3338 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3339 | /* request_length */ |
wolfSSL | 15:117db924cf7c | 3340 | length = 2 * OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3341 | |
wolfSSL | 15:117db924cf7c | 3342 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 15:117db924cf7c | 3343 | length += OCSP_NONCE_EXT_SZ; |
wolfSSL | 15:117db924cf7c | 3344 | |
wolfSSL | 15:117db924cf7c | 3345 | c16toa(length, output + offset); |
wolfSSL | 15:117db924cf7c | 3346 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3347 | |
wolfSSL | 15:117db924cf7c | 3348 | /* responder id list */ |
wolfSSL | 15:117db924cf7c | 3349 | c16toa(0, output + offset); |
wolfSSL | 15:117db924cf7c | 3350 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3351 | |
wolfSSL | 15:117db924cf7c | 3352 | /* request extensions */ |
wolfSSL | 15:117db924cf7c | 3353 | length = 0; |
wolfSSL | 15:117db924cf7c | 3354 | |
wolfSSL | 15:117db924cf7c | 3355 | if (csr2->request.ocsp[0].nonceSz) |
wolfSSL | 15:117db924cf7c | 3356 | length = (word16)EncodeOcspRequestExtensions( |
wolfSSL | 15:117db924cf7c | 3357 | &csr2->request.ocsp[0], |
wolfSSL | 15:117db924cf7c | 3358 | output + offset + OPAQUE16_LEN, |
wolfSSL | 15:117db924cf7c | 3359 | OCSP_NONCE_EXT_SZ); |
wolfSSL | 15:117db924cf7c | 3360 | |
wolfSSL | 15:117db924cf7c | 3361 | c16toa(length, output + offset); |
wolfSSL | 15:117db924cf7c | 3362 | offset += OPAQUE16_LEN + length; |
wolfSSL | 15:117db924cf7c | 3363 | break; |
wolfSSL | 15:117db924cf7c | 3364 | } |
wolfSSL | 15:117db924cf7c | 3365 | } |
wolfSSL | 15:117db924cf7c | 3366 | |
wolfSSL | 15:117db924cf7c | 3367 | /* list size */ |
wolfSSL | 15:117db924cf7c | 3368 | c16toa(offset - OPAQUE16_LEN, output); |
wolfSSL | 15:117db924cf7c | 3369 | |
wolfSSL | 15:117db924cf7c | 3370 | return offset; |
wolfSSL | 15:117db924cf7c | 3371 | } |
wolfSSL | 15:117db924cf7c | 3372 | #endif |
wolfSSL | 15:117db924cf7c | 3373 | |
wolfSSL | 15:117db924cf7c | 3374 | return 0; |
wolfSSL | 15:117db924cf7c | 3375 | } |
wolfSSL | 15:117db924cf7c | 3376 | |
wolfSSL | 15:117db924cf7c | 3377 | static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 3378 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 3379 | { |
wolfSSL | 15:117db924cf7c | 3380 | int ret; |
wolfSSL | 15:117db924cf7c | 3381 | |
wolfSSL | 15:117db924cf7c | 3382 | /* shut up compiler warnings */ |
wolfSSL | 15:117db924cf7c | 3383 | (void) ssl; (void) input; |
wolfSSL | 15:117db924cf7c | 3384 | |
wolfSSL | 15:117db924cf7c | 3385 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 3386 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 3387 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3388 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 15:117db924cf7c | 3389 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3390 | |
wolfSSL | 15:117db924cf7c | 3391 | if (!csr2) { |
wolfSSL | 15:117db924cf7c | 3392 | /* look at context level */ |
wolfSSL | 15:117db924cf7c | 3393 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3394 | csr2 = extension ? |
wolfSSL | 15:117db924cf7c | 3395 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3396 | |
wolfSSL | 15:117db924cf7c | 3397 | if (!csr2) /* unexpected extension */ |
wolfSSL | 15:117db924cf7c | 3398 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 3399 | |
wolfSSL | 15:117db924cf7c | 3400 | /* enable extension at ssl level */ |
wolfSSL | 15:117db924cf7c | 3401 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 15:117db924cf7c | 3402 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 15:117db924cf7c | 3403 | csr2->status_type, csr2->options, ssl->heap, |
wolfSSL | 15:117db924cf7c | 3404 | ssl->devId); |
wolfSSL | 15:117db924cf7c | 3405 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 3406 | return ret; |
wolfSSL | 15:117db924cf7c | 3407 | |
wolfSSL | 15:117db924cf7c | 3408 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3409 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3410 | /* followed by */ |
wolfSSL | 15:117db924cf7c | 3411 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3412 | /* propagate nonce */ |
wolfSSL | 15:117db924cf7c | 3413 | if (csr2->request.ocsp[0].nonceSz) { |
wolfSSL | 15:117db924cf7c | 3414 | OcspRequest* request = |
wolfSSL | 15:117db924cf7c | 3415 | (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions, |
wolfSSL | 15:117db924cf7c | 3416 | csr2->status_type, 0); |
wolfSSL | 15:117db924cf7c | 3417 | |
wolfSSL | 15:117db924cf7c | 3418 | if (request) { |
wolfSSL | 15:117db924cf7c | 3419 | XMEMCPY(request->nonce, |
wolfSSL | 15:117db924cf7c | 3420 | csr2->request.ocsp[0].nonce, |
wolfSSL | 15:117db924cf7c | 3421 | csr2->request.ocsp[0].nonceSz); |
wolfSSL | 15:117db924cf7c | 3422 | |
wolfSSL | 15:117db924cf7c | 3423 | request->nonceSz = |
wolfSSL | 15:117db924cf7c | 3424 | csr2->request.ocsp[0].nonceSz; |
wolfSSL | 15:117db924cf7c | 3425 | } |
wolfSSL | 15:117db924cf7c | 3426 | } |
wolfSSL | 15:117db924cf7c | 3427 | break; |
wolfSSL | 15:117db924cf7c | 3428 | } |
wolfSSL | 15:117db924cf7c | 3429 | } |
wolfSSL | 15:117db924cf7c | 3430 | } |
wolfSSL | 15:117db924cf7c | 3431 | |
wolfSSL | 15:117db924cf7c | 3432 | ssl->status_request_v2 = 1; |
wolfSSL | 15:117db924cf7c | 3433 | |
wolfSSL | 15:117db924cf7c | 3434 | return length ? BUFFER_ERROR : 0; /* extension_data MUST be empty. */ |
wolfSSL | 15:117db924cf7c | 3435 | #endif |
wolfSSL | 15:117db924cf7c | 3436 | } |
wolfSSL | 15:117db924cf7c | 3437 | else { |
wolfSSL | 15:117db924cf7c | 3438 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 3439 | byte status_type; |
wolfSSL | 15:117db924cf7c | 3440 | word16 request_length; |
wolfSSL | 15:117db924cf7c | 3441 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 3442 | word16 size = 0; |
wolfSSL | 15:117db924cf7c | 3443 | |
wolfSSL | 15:117db924cf7c | 3444 | /* list size */ |
wolfSSL | 15:117db924cf7c | 3445 | if (offset + OPAQUE16_LEN >= length) { |
wolfSSL | 15:117db924cf7c | 3446 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 3447 | } |
wolfSSL | 15:117db924cf7c | 3448 | |
wolfSSL | 15:117db924cf7c | 3449 | ato16(input + offset, &request_length); |
wolfSSL | 15:117db924cf7c | 3450 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3451 | |
wolfSSL | 15:117db924cf7c | 3452 | if (length - OPAQUE16_LEN != request_length) |
wolfSSL | 15:117db924cf7c | 3453 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3454 | |
wolfSSL | 15:117db924cf7c | 3455 | while (length > offset) { |
wolfSSL | 15:117db924cf7c | 3456 | if (length - offset < ENUM_LEN + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3457 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3458 | |
wolfSSL | 15:117db924cf7c | 3459 | status_type = input[offset++]; |
wolfSSL | 15:117db924cf7c | 3460 | |
wolfSSL | 15:117db924cf7c | 3461 | ato16(input + offset, &request_length); |
wolfSSL | 15:117db924cf7c | 3462 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3463 | |
wolfSSL | 15:117db924cf7c | 3464 | if (length - offset < request_length) |
wolfSSL | 15:117db924cf7c | 3465 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3466 | |
wolfSSL | 15:117db924cf7c | 3467 | switch (status_type) { |
wolfSSL | 15:117db924cf7c | 3468 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3469 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3470 | /* skip responder_id_list */ |
wolfSSL | 15:117db924cf7c | 3471 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3472 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3473 | |
wolfSSL | 15:117db924cf7c | 3474 | ato16(input + offset, &size); |
wolfSSL | 16:8e0d178b1d1e | 3475 | if (length - offset < size) |
wolfSSL | 16:8e0d178b1d1e | 3476 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 3477 | |
wolfSSL | 15:117db924cf7c | 3478 | offset += OPAQUE16_LEN + size; |
wolfSSL | 15:117db924cf7c | 3479 | /* skip request_extensions */ |
wolfSSL | 15:117db924cf7c | 3480 | if (length - offset < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3481 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3482 | |
wolfSSL | 15:117db924cf7c | 3483 | ato16(input + offset, &size); |
wolfSSL | 16:8e0d178b1d1e | 3484 | if (length - offset < size) |
wolfSSL | 16:8e0d178b1d1e | 3485 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 3486 | |
wolfSSL | 15:117db924cf7c | 3487 | offset += OPAQUE16_LEN + size; |
wolfSSL | 15:117db924cf7c | 3488 | if (offset > length) |
wolfSSL | 15:117db924cf7c | 3489 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3490 | |
wolfSSL | 15:117db924cf7c | 3491 | /* is able to send OCSP response? */ |
wolfSSL | 15:117db924cf7c | 3492 | if (ssl->ctx->cm == NULL |
wolfSSL | 15:117db924cf7c | 3493 | || !ssl->ctx->cm->ocspStaplingEnabled) |
wolfSSL | 15:117db924cf7c | 3494 | continue; |
wolfSSL | 15:117db924cf7c | 3495 | break; |
wolfSSL | 15:117db924cf7c | 3496 | |
wolfSSL | 15:117db924cf7c | 3497 | default: |
wolfSSL | 15:117db924cf7c | 3498 | /* unknown status type, skipping! */ |
wolfSSL | 15:117db924cf7c | 3499 | offset += request_length; |
wolfSSL | 15:117db924cf7c | 3500 | continue; |
wolfSSL | 15:117db924cf7c | 3501 | } |
wolfSSL | 15:117db924cf7c | 3502 | |
wolfSSL | 15:117db924cf7c | 3503 | /* if using status_request and already sending it, skip this one */ |
wolfSSL | 15:117db924cf7c | 3504 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 3505 | if (ssl->status_request) |
wolfSSL | 15:117db924cf7c | 3506 | return 0; |
wolfSSL | 15:117db924cf7c | 3507 | #endif |
wolfSSL | 15:117db924cf7c | 3508 | |
wolfSSL | 15:117db924cf7c | 3509 | /* accept the first good status_type and return */ |
wolfSSL | 15:117db924cf7c | 3510 | ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, |
wolfSSL | 15:117db924cf7c | 3511 | status_type, 0, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 3512 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 3513 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 3514 | |
wolfSSL | 15:117db924cf7c | 3515 | TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3516 | ssl->status_request_v2 = status_type; |
wolfSSL | 15:117db924cf7c | 3517 | |
wolfSSL | 15:117db924cf7c | 3518 | return 0; |
wolfSSL | 15:117db924cf7c | 3519 | } |
wolfSSL | 15:117db924cf7c | 3520 | #endif |
wolfSSL | 15:117db924cf7c | 3521 | } |
wolfSSL | 15:117db924cf7c | 3522 | |
wolfSSL | 15:117db924cf7c | 3523 | return 0; |
wolfSSL | 15:117db924cf7c | 3524 | } |
wolfSSL | 15:117db924cf7c | 3525 | |
wolfSSL | 15:117db924cf7c | 3526 | int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, |
wolfSSL | 15:117db924cf7c | 3527 | void* heap) |
wolfSSL | 15:117db924cf7c | 3528 | { |
wolfSSL | 15:117db924cf7c | 3529 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3530 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 15:117db924cf7c | 3531 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3532 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 3533 | |
wolfSSL | 15:117db924cf7c | 3534 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 15:117db924cf7c | 3535 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3536 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3537 | if (!isPeer || csr2->requests != 0) |
wolfSSL | 15:117db924cf7c | 3538 | break; |
wolfSSL | 15:117db924cf7c | 3539 | |
wolfSSL | 15:117db924cf7c | 3540 | FALL_THROUGH; /* followed by */ |
wolfSSL | 15:117db924cf7c | 3541 | |
wolfSSL | 15:117db924cf7c | 3542 | case WOLFSSL_CSR2_OCSP_MULTI: { |
wolfSSL | 15:117db924cf7c | 3543 | if (csr2->requests < 1 + MAX_CHAIN_DEPTH) { |
wolfSSL | 15:117db924cf7c | 3544 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 15:117db924cf7c | 3545 | int nonceSz = csr2->request.ocsp[0].nonceSz; |
wolfSSL | 15:117db924cf7c | 3546 | |
wolfSSL | 15:117db924cf7c | 3547 | /* preserve nonce, replicating nonce of ocsp[0] */ |
wolfSSL | 15:117db924cf7c | 3548 | XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); |
wolfSSL | 15:117db924cf7c | 3549 | |
wolfSSL | 15:117db924cf7c | 3550 | if ((ret = InitOcspRequest( |
wolfSSL | 15:117db924cf7c | 3551 | &csr2->request.ocsp[csr2->requests], cert, |
wolfSSL | 15:117db924cf7c | 3552 | 0, heap)) != 0) |
wolfSSL | 15:117db924cf7c | 3553 | return ret; |
wolfSSL | 15:117db924cf7c | 3554 | |
wolfSSL | 15:117db924cf7c | 3555 | /* restore nonce */ |
wolfSSL | 15:117db924cf7c | 3556 | XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, |
wolfSSL | 15:117db924cf7c | 3557 | nonce, nonceSz); |
wolfSSL | 15:117db924cf7c | 3558 | csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; |
wolfSSL | 15:117db924cf7c | 3559 | csr2->requests++; |
wolfSSL | 15:117db924cf7c | 3560 | } |
wolfSSL | 15:117db924cf7c | 3561 | } |
wolfSSL | 15:117db924cf7c | 3562 | break; |
wolfSSL | 15:117db924cf7c | 3563 | } |
wolfSSL | 15:117db924cf7c | 3564 | } |
wolfSSL | 15:117db924cf7c | 3565 | |
wolfSSL | 15:117db924cf7c | 3566 | (void)cert; |
wolfSSL | 15:117db924cf7c | 3567 | return ret; |
wolfSSL | 15:117db924cf7c | 3568 | } |
wolfSSL | 15:117db924cf7c | 3569 | |
wolfSSL | 15:117db924cf7c | 3570 | void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte idx) |
wolfSSL | 15:117db924cf7c | 3571 | { |
wolfSSL | 15:117db924cf7c | 3572 | TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3573 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 15:117db924cf7c | 3574 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3575 | |
wolfSSL | 15:117db924cf7c | 3576 | for (; csr2; csr2 = csr2->next) { |
wolfSSL | 15:117db924cf7c | 3577 | if (csr2->status_type == status_type) { |
wolfSSL | 15:117db924cf7c | 3578 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3579 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3580 | /* followed by */ |
wolfSSL | 15:117db924cf7c | 3581 | |
wolfSSL | 15:117db924cf7c | 3582 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3583 | /* requests are initialized in the reverse order */ |
wolfSSL | 15:117db924cf7c | 3584 | return idx < csr2->requests |
wolfSSL | 15:117db924cf7c | 3585 | ? &csr2->request.ocsp[csr2->requests - idx - 1] |
wolfSSL | 15:117db924cf7c | 3586 | : NULL; |
wolfSSL | 15:117db924cf7c | 3587 | break; |
wolfSSL | 15:117db924cf7c | 3588 | } |
wolfSSL | 15:117db924cf7c | 3589 | } |
wolfSSL | 15:117db924cf7c | 3590 | } |
wolfSSL | 15:117db924cf7c | 3591 | |
wolfSSL | 15:117db924cf7c | 3592 | return NULL; |
wolfSSL | 15:117db924cf7c | 3593 | } |
wolfSSL | 15:117db924cf7c | 3594 | |
wolfSSL | 15:117db924cf7c | 3595 | int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 3596 | { |
wolfSSL | 15:117db924cf7c | 3597 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST_V2); |
wolfSSL | 15:117db924cf7c | 3598 | CertificateStatusRequestItemV2* csr2 = extension ? |
wolfSSL | 15:117db924cf7c | 3599 | (CertificateStatusRequestItemV2*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 3600 | |
wolfSSL | 15:117db924cf7c | 3601 | /* forces only the first one */ |
wolfSSL | 15:117db924cf7c | 3602 | if (csr2) { |
wolfSSL | 15:117db924cf7c | 3603 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3604 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3605 | /* followed by */ |
wolfSSL | 15:117db924cf7c | 3606 | |
wolfSSL | 15:117db924cf7c | 3607 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3608 | if (ssl->ctx->cm->ocspEnabled) { |
wolfSSL | 15:117db924cf7c | 3609 | csr2->request.ocsp[0].ssl = ssl; |
wolfSSL | 15:117db924cf7c | 3610 | return CheckOcspRequest(ssl->ctx->cm->ocsp, |
wolfSSL | 15:117db924cf7c | 3611 | &csr2->request.ocsp[0], NULL); |
wolfSSL | 15:117db924cf7c | 3612 | } |
wolfSSL | 15:117db924cf7c | 3613 | else |
wolfSSL | 15:117db924cf7c | 3614 | return OCSP_LOOKUP_FAIL; |
wolfSSL | 15:117db924cf7c | 3615 | } |
wolfSSL | 15:117db924cf7c | 3616 | } |
wolfSSL | 15:117db924cf7c | 3617 | |
wolfSSL | 15:117db924cf7c | 3618 | return 0; |
wolfSSL | 15:117db924cf7c | 3619 | } |
wolfSSL | 15:117db924cf7c | 3620 | |
wolfSSL | 15:117db924cf7c | 3621 | int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, |
wolfSSL | 15:117db924cf7c | 3622 | byte options, void* heap, int devId) |
wolfSSL | 15:117db924cf7c | 3623 | { |
wolfSSL | 15:117db924cf7c | 3624 | TLSX* extension = NULL; |
wolfSSL | 15:117db924cf7c | 3625 | CertificateStatusRequestItemV2* csr2 = NULL; |
wolfSSL | 15:117db924cf7c | 3626 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 3627 | |
wolfSSL | 15:117db924cf7c | 3628 | if (!extensions) |
wolfSSL | 15:117db924cf7c | 3629 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3630 | |
wolfSSL | 15:117db924cf7c | 3631 | if (status_type != WOLFSSL_CSR2_OCSP |
wolfSSL | 15:117db924cf7c | 3632 | && status_type != WOLFSSL_CSR2_OCSP_MULTI) |
wolfSSL | 15:117db924cf7c | 3633 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3634 | |
wolfSSL | 15:117db924cf7c | 3635 | csr2 = (CertificateStatusRequestItemV2*) |
wolfSSL | 15:117db924cf7c | 3636 | XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3637 | if (!csr2) |
wolfSSL | 15:117db924cf7c | 3638 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 3639 | |
wolfSSL | 15:117db924cf7c | 3640 | ForceZero(csr2, sizeof(CertificateStatusRequestItemV2)); |
wolfSSL | 15:117db924cf7c | 3641 | |
wolfSSL | 15:117db924cf7c | 3642 | csr2->status_type = status_type; |
wolfSSL | 15:117db924cf7c | 3643 | csr2->options = options; |
wolfSSL | 15:117db924cf7c | 3644 | csr2->next = NULL; |
wolfSSL | 15:117db924cf7c | 3645 | |
wolfSSL | 15:117db924cf7c | 3646 | switch (csr2->status_type) { |
wolfSSL | 15:117db924cf7c | 3647 | case WOLFSSL_CSR2_OCSP: |
wolfSSL | 15:117db924cf7c | 3648 | case WOLFSSL_CSR2_OCSP_MULTI: |
wolfSSL | 15:117db924cf7c | 3649 | if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { |
wolfSSL | 15:117db924cf7c | 3650 | WC_RNG rng; |
wolfSSL | 15:117db924cf7c | 3651 | |
wolfSSL | 15:117db924cf7c | 3652 | #ifndef HAVE_FIPS |
wolfSSL | 15:117db924cf7c | 3653 | ret = wc_InitRng_ex(&rng, heap, devId); |
wolfSSL | 15:117db924cf7c | 3654 | #else |
wolfSSL | 15:117db924cf7c | 3655 | ret = wc_InitRng(&rng); |
wolfSSL | 15:117db924cf7c | 3656 | (void)devId; |
wolfSSL | 15:117db924cf7c | 3657 | #endif |
wolfSSL | 15:117db924cf7c | 3658 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 3659 | if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, |
wolfSSL | 15:117db924cf7c | 3660 | MAX_OCSP_NONCE_SZ) == 0) |
wolfSSL | 15:117db924cf7c | 3661 | csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; |
wolfSSL | 15:117db924cf7c | 3662 | |
wolfSSL | 15:117db924cf7c | 3663 | wc_FreeRng(&rng); |
wolfSSL | 15:117db924cf7c | 3664 | } |
wolfSSL | 15:117db924cf7c | 3665 | } |
wolfSSL | 15:117db924cf7c | 3666 | break; |
wolfSSL | 15:117db924cf7c | 3667 | } |
wolfSSL | 15:117db924cf7c | 3668 | |
wolfSSL | 15:117db924cf7c | 3669 | /* append new item */ |
wolfSSL | 15:117db924cf7c | 3670 | if ((extension = TLSX_Find(*extensions, TLSX_STATUS_REQUEST_V2))) { |
wolfSSL | 15:117db924cf7c | 3671 | CertificateStatusRequestItemV2* last = |
wolfSSL | 15:117db924cf7c | 3672 | (CertificateStatusRequestItemV2*)extension->data; |
wolfSSL | 15:117db924cf7c | 3673 | |
wolfSSL | 15:117db924cf7c | 3674 | for (; last->next; last = last->next); |
wolfSSL | 15:117db924cf7c | 3675 | |
wolfSSL | 15:117db924cf7c | 3676 | last->next = csr2; |
wolfSSL | 15:117db924cf7c | 3677 | } |
wolfSSL | 15:117db924cf7c | 3678 | else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) { |
wolfSSL | 15:117db924cf7c | 3679 | XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3680 | return ret; |
wolfSSL | 15:117db924cf7c | 3681 | } |
wolfSSL | 15:117db924cf7c | 3682 | |
wolfSSL | 15:117db924cf7c | 3683 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 3684 | } |
wolfSSL | 15:117db924cf7c | 3685 | |
wolfSSL | 15:117db924cf7c | 3686 | #define CSR2_FREE_ALL TLSX_CSR2_FreeAll |
wolfSSL | 15:117db924cf7c | 3687 | #define CSR2_GET_SIZE TLSX_CSR2_GetSize |
wolfSSL | 15:117db924cf7c | 3688 | #define CSR2_WRITE TLSX_CSR2_Write |
wolfSSL | 15:117db924cf7c | 3689 | #define CSR2_PARSE TLSX_CSR2_Parse |
wolfSSL | 15:117db924cf7c | 3690 | |
wolfSSL | 15:117db924cf7c | 3691 | #else |
wolfSSL | 15:117db924cf7c | 3692 | |
wolfSSL | 15:117db924cf7c | 3693 | #define CSR2_FREE_ALL(data, heap) |
wolfSSL | 15:117db924cf7c | 3694 | #define CSR2_GET_SIZE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 3695 | #define CSR2_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 3696 | #define CSR2_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 3697 | |
wolfSSL | 15:117db924cf7c | 3698 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ |
wolfSSL | 15:117db924cf7c | 3699 | |
wolfSSL | 15:117db924cf7c | 3700 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 3701 | /* Supported Elliptic Curves */ |
wolfSSL | 15:117db924cf7c | 3702 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 3703 | |
wolfSSL | 15:117db924cf7c | 3704 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 15:117db924cf7c | 3705 | |
wolfSSL | 16:8e0d178b1d1e | 3706 | #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \ |
wolfSSL | 16:8e0d178b1d1e | 3707 | && !defined(HAVE_FFDHE) |
wolfSSL | 15:117db924cf7c | 3708 | #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ |
wolfSSL | 16:8e0d178b1d1e | 3709 | Use --enable-ecc in the configure script or define HAVE_ECC. \ |
wolfSSL | 16:8e0d178b1d1e | 3710 | Alternatively use FFDHE for DH ciperhsuites. |
wolfSSL | 15:117db924cf7c | 3711 | #endif |
wolfSSL | 15:117db924cf7c | 3712 | |
wolfSSL | 15:117db924cf7c | 3713 | static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name, |
wolfSSL | 15:117db924cf7c | 3714 | void* heap) |
wolfSSL | 15:117db924cf7c | 3715 | { |
wolfSSL | 15:117db924cf7c | 3716 | if (curve == NULL) |
wolfSSL | 15:117db924cf7c | 3717 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3718 | |
wolfSSL | 15:117db924cf7c | 3719 | (void)heap; |
wolfSSL | 15:117db924cf7c | 3720 | |
wolfSSL | 15:117db924cf7c | 3721 | *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap, |
wolfSSL | 15:117db924cf7c | 3722 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3723 | if (*curve == NULL) |
wolfSSL | 15:117db924cf7c | 3724 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 3725 | |
wolfSSL | 15:117db924cf7c | 3726 | (*curve)->name = name; |
wolfSSL | 15:117db924cf7c | 3727 | (*curve)->next = NULL; |
wolfSSL | 15:117db924cf7c | 3728 | |
wolfSSL | 15:117db924cf7c | 3729 | return 0; |
wolfSSL | 15:117db924cf7c | 3730 | } |
wolfSSL | 15:117db924cf7c | 3731 | |
wolfSSL | 15:117db924cf7c | 3732 | static int TLSX_PointFormat_New(PointFormat** point, byte format, void* heap) |
wolfSSL | 15:117db924cf7c | 3733 | { |
wolfSSL | 15:117db924cf7c | 3734 | if (point == NULL) |
wolfSSL | 15:117db924cf7c | 3735 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3736 | |
wolfSSL | 15:117db924cf7c | 3737 | (void)heap; |
wolfSSL | 15:117db924cf7c | 3738 | |
wolfSSL | 15:117db924cf7c | 3739 | *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap, |
wolfSSL | 15:117db924cf7c | 3740 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3741 | if (*point == NULL) |
wolfSSL | 15:117db924cf7c | 3742 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 3743 | |
wolfSSL | 15:117db924cf7c | 3744 | (*point)->format = format; |
wolfSSL | 15:117db924cf7c | 3745 | (*point)->next = NULL; |
wolfSSL | 15:117db924cf7c | 3746 | |
wolfSSL | 15:117db924cf7c | 3747 | return 0; |
wolfSSL | 15:117db924cf7c | 3748 | } |
wolfSSL | 15:117db924cf7c | 3749 | |
wolfSSL | 15:117db924cf7c | 3750 | static void TLSX_SupportedCurve_FreeAll(SupportedCurve* list, void* heap) |
wolfSSL | 15:117db924cf7c | 3751 | { |
wolfSSL | 15:117db924cf7c | 3752 | SupportedCurve* curve; |
wolfSSL | 15:117db924cf7c | 3753 | |
wolfSSL | 15:117db924cf7c | 3754 | while ((curve = list)) { |
wolfSSL | 15:117db924cf7c | 3755 | list = curve->next; |
wolfSSL | 15:117db924cf7c | 3756 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3757 | } |
wolfSSL | 15:117db924cf7c | 3758 | (void)heap; |
wolfSSL | 15:117db924cf7c | 3759 | } |
wolfSSL | 15:117db924cf7c | 3760 | |
wolfSSL | 15:117db924cf7c | 3761 | static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap) |
wolfSSL | 15:117db924cf7c | 3762 | { |
wolfSSL | 15:117db924cf7c | 3763 | PointFormat* point; |
wolfSSL | 15:117db924cf7c | 3764 | |
wolfSSL | 15:117db924cf7c | 3765 | while ((point = list)) { |
wolfSSL | 15:117db924cf7c | 3766 | list = point->next; |
wolfSSL | 15:117db924cf7c | 3767 | XFREE(point, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 3768 | } |
wolfSSL | 15:117db924cf7c | 3769 | (void)heap; |
wolfSSL | 15:117db924cf7c | 3770 | } |
wolfSSL | 15:117db924cf7c | 3771 | |
wolfSSL | 15:117db924cf7c | 3772 | static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name, |
wolfSSL | 15:117db924cf7c | 3773 | void* heap) |
wolfSSL | 15:117db924cf7c | 3774 | { |
wolfSSL | 15:117db924cf7c | 3775 | int ret = BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3776 | |
wolfSSL | 15:117db924cf7c | 3777 | while (list) { |
wolfSSL | 15:117db924cf7c | 3778 | if (list->name == name) { |
wolfSSL | 16:8e0d178b1d1e | 3779 | ret = 0; /* curve already in use */ |
wolfSSL | 15:117db924cf7c | 3780 | break; |
wolfSSL | 15:117db924cf7c | 3781 | } |
wolfSSL | 15:117db924cf7c | 3782 | |
wolfSSL | 15:117db924cf7c | 3783 | if (list->next == NULL) { |
wolfSSL | 15:117db924cf7c | 3784 | ret = TLSX_SupportedCurve_New(&list->next, name, heap); |
wolfSSL | 15:117db924cf7c | 3785 | break; |
wolfSSL | 15:117db924cf7c | 3786 | } |
wolfSSL | 15:117db924cf7c | 3787 | |
wolfSSL | 15:117db924cf7c | 3788 | list = list->next; |
wolfSSL | 15:117db924cf7c | 3789 | } |
wolfSSL | 15:117db924cf7c | 3790 | |
wolfSSL | 15:117db924cf7c | 3791 | return ret; |
wolfSSL | 15:117db924cf7c | 3792 | } |
wolfSSL | 15:117db924cf7c | 3793 | |
wolfSSL | 15:117db924cf7c | 3794 | static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) |
wolfSSL | 15:117db924cf7c | 3795 | { |
wolfSSL | 15:117db924cf7c | 3796 | int ret = BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 3797 | |
wolfSSL | 15:117db924cf7c | 3798 | while (list) { |
wolfSSL | 15:117db924cf7c | 3799 | if (list->format == format) { |
wolfSSL | 15:117db924cf7c | 3800 | ret = 0; /* format already in use */ |
wolfSSL | 15:117db924cf7c | 3801 | break; |
wolfSSL | 15:117db924cf7c | 3802 | } |
wolfSSL | 15:117db924cf7c | 3803 | |
wolfSSL | 15:117db924cf7c | 3804 | if (list->next == NULL) { |
wolfSSL | 15:117db924cf7c | 3805 | ret = TLSX_PointFormat_New(&list->next, format, heap); |
wolfSSL | 15:117db924cf7c | 3806 | break; |
wolfSSL | 15:117db924cf7c | 3807 | } |
wolfSSL | 15:117db924cf7c | 3808 | |
wolfSSL | 15:117db924cf7c | 3809 | list = list->next; |
wolfSSL | 15:117db924cf7c | 3810 | } |
wolfSSL | 15:117db924cf7c | 3811 | |
wolfSSL | 15:117db924cf7c | 3812 | return ret; |
wolfSSL | 15:117db924cf7c | 3813 | } |
wolfSSL | 15:117db924cf7c | 3814 | |
wolfSSL | 15:117db924cf7c | 3815 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) |
wolfSSL | 15:117db924cf7c | 3816 | |
wolfSSL | 15:117db924cf7c | 3817 | static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 15:117db924cf7c | 3818 | { |
wolfSSL | 16:8e0d178b1d1e | 3819 | word16 i; |
wolfSSL | 16:8e0d178b1d1e | 3820 | |
wolfSSL | 16:8e0d178b1d1e | 3821 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) { |
wolfSSL | 16:8e0d178b1d1e | 3822 | if (ssl->suites->suites[i] == TLS13_BYTE) |
wolfSSL | 16:8e0d178b1d1e | 3823 | return; |
wolfSSL | 15:117db924cf7c | 3824 | if (ssl->suites->suites[i] == ECC_BYTE || |
wolfSSL | 16:8e0d178b1d1e | 3825 | ssl->suites->suites[i] == CHACHA_BYTE) { |
wolfSSL | 16:8e0d178b1d1e | 3826 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 3827 | defined(HAVE_CURVE448) |
wolfSSL | 15:117db924cf7c | 3828 | return; |
wolfSSL | 16:8e0d178b1d1e | 3829 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3830 | } |
wolfSSL | 16:8e0d178b1d1e | 3831 | else { |
wolfSSL | 16:8e0d178b1d1e | 3832 | #ifdef HAVE_FFDHE |
wolfSSL | 16:8e0d178b1d1e | 3833 | return; |
wolfSSL | 16:8e0d178b1d1e | 3834 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3835 | } |
wolfSSL | 16:8e0d178b1d1e | 3836 | } |
wolfSSL | 15:117db924cf7c | 3837 | |
wolfSSL | 15:117db924cf7c | 3838 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 15:117db924cf7c | 3839 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); |
wolfSSL | 15:117db924cf7c | 3840 | } |
wolfSSL | 15:117db924cf7c | 3841 | |
wolfSSL | 15:117db924cf7c | 3842 | static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 15:117db924cf7c | 3843 | { |
wolfSSL | 16:8e0d178b1d1e | 3844 | word16 i; |
wolfSSL | 16:8e0d178b1d1e | 3845 | |
wolfSSL | 16:8e0d178b1d1e | 3846 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) { |
wolfSSL | 16:8e0d178b1d1e | 3847 | if (ssl->suites->suites[i] == TLS13_BYTE) |
wolfSSL | 16:8e0d178b1d1e | 3848 | return; |
wolfSSL | 15:117db924cf7c | 3849 | if (ssl->suites->suites[i] == ECC_BYTE || |
wolfSSL | 16:8e0d178b1d1e | 3850 | ssl->suites->suites[i] == CHACHA_BYTE) { |
wolfSSL | 16:8e0d178b1d1e | 3851 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 3852 | defined(HAVE_CURVE448) |
wolfSSL | 15:117db924cf7c | 3853 | return; |
wolfSSL | 16:8e0d178b1d1e | 3854 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3855 | } |
wolfSSL | 16:8e0d178b1d1e | 3856 | else { |
wolfSSL | 16:8e0d178b1d1e | 3857 | #ifdef HAVE_FFDHE |
wolfSSL | 16:8e0d178b1d1e | 3858 | return; |
wolfSSL | 16:8e0d178b1d1e | 3859 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3860 | } |
wolfSSL | 16:8e0d178b1d1e | 3861 | } |
wolfSSL | 15:117db924cf7c | 3862 | |
wolfSSL | 15:117db924cf7c | 3863 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 15:117db924cf7c | 3864 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); |
wolfSSL | 15:117db924cf7c | 3865 | } |
wolfSSL | 15:117db924cf7c | 3866 | |
wolfSSL | 15:117db924cf7c | 3867 | #endif |
wolfSSL | 15:117db924cf7c | 3868 | |
wolfSSL | 15:117db924cf7c | 3869 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 3870 | |
wolfSSL | 15:117db924cf7c | 3871 | static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 15:117db924cf7c | 3872 | { |
wolfSSL | 16:8e0d178b1d1e | 3873 | #if defined(HAVE_FFDHE) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 3874 | defined(HAVE_CURVE448) |
wolfSSL | 16:8e0d178b1d1e | 3875 | (void)semaphore; |
wolfSSL | 16:8e0d178b1d1e | 3876 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3877 | |
wolfSSL | 16:8e0d178b1d1e | 3878 | if (ssl->options.cipherSuite0 == TLS13_BYTE) |
wolfSSL | 16:8e0d178b1d1e | 3879 | return; |
wolfSSL | 15:117db924cf7c | 3880 | if (ssl->options.cipherSuite0 == ECC_BYTE || |
wolfSSL | 16:8e0d178b1d1e | 3881 | ssl->options.cipherSuite0 == CHACHA_BYTE) { |
wolfSSL | 16:8e0d178b1d1e | 3882 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) |
wolfSSL | 15:117db924cf7c | 3883 | return; |
wolfSSL | 16:8e0d178b1d1e | 3884 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3885 | } |
wolfSSL | 16:8e0d178b1d1e | 3886 | else { |
wolfSSL | 16:8e0d178b1d1e | 3887 | #ifdef HAVE_FFDHE |
wolfSSL | 16:8e0d178b1d1e | 3888 | return; |
wolfSSL | 16:8e0d178b1d1e | 3889 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3890 | } |
wolfSSL | 16:8e0d178b1d1e | 3891 | |
wolfSSL | 16:8e0d178b1d1e | 3892 | #if !defined(HAVE_FFDHE) || (!defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \ |
wolfSSL | 16:8e0d178b1d1e | 3893 | && !defined(HAVE_CURVE448)) |
wolfSSL | 15:117db924cf7c | 3894 | /* turns semaphore on to avoid sending this extension. */ |
wolfSSL | 15:117db924cf7c | 3895 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); |
wolfSSL | 16:8e0d178b1d1e | 3896 | #endif |
wolfSSL | 15:117db924cf7c | 3897 | } |
wolfSSL | 15:117db924cf7c | 3898 | |
wolfSSL | 15:117db924cf7c | 3899 | #endif |
wolfSSL | 15:117db924cf7c | 3900 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 3901 | |
wolfSSL | 15:117db924cf7c | 3902 | static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list) |
wolfSSL | 15:117db924cf7c | 3903 | { |
wolfSSL | 15:117db924cf7c | 3904 | SupportedCurve* curve; |
wolfSSL | 15:117db924cf7c | 3905 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 15:117db924cf7c | 3906 | |
wolfSSL | 15:117db924cf7c | 3907 | while ((curve = list)) { |
wolfSSL | 15:117db924cf7c | 3908 | list = curve->next; |
wolfSSL | 15:117db924cf7c | 3909 | length += OPAQUE16_LEN; /* curve length */ |
wolfSSL | 15:117db924cf7c | 3910 | } |
wolfSSL | 15:117db924cf7c | 3911 | |
wolfSSL | 15:117db924cf7c | 3912 | return length; |
wolfSSL | 15:117db924cf7c | 3913 | } |
wolfSSL | 15:117db924cf7c | 3914 | |
wolfSSL | 15:117db924cf7c | 3915 | #endif |
wolfSSL | 15:117db924cf7c | 3916 | |
wolfSSL | 15:117db924cf7c | 3917 | static word16 TLSX_PointFormat_GetSize(PointFormat* list) |
wolfSSL | 15:117db924cf7c | 3918 | { |
wolfSSL | 15:117db924cf7c | 3919 | PointFormat* point; |
wolfSSL | 15:117db924cf7c | 3920 | word16 length = ENUM_LEN; /* list length */ |
wolfSSL | 15:117db924cf7c | 3921 | |
wolfSSL | 15:117db924cf7c | 3922 | while ((point = list)) { |
wolfSSL | 15:117db924cf7c | 3923 | list = point->next; |
wolfSSL | 15:117db924cf7c | 3924 | length += ENUM_LEN; /* format length */ |
wolfSSL | 15:117db924cf7c | 3925 | } |
wolfSSL | 15:117db924cf7c | 3926 | |
wolfSSL | 15:117db924cf7c | 3927 | return length; |
wolfSSL | 15:117db924cf7c | 3928 | } |
wolfSSL | 15:117db924cf7c | 3929 | |
wolfSSL | 15:117db924cf7c | 3930 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 3931 | |
wolfSSL | 15:117db924cf7c | 3932 | static word16 TLSX_SupportedCurve_Write(SupportedCurve* list, byte* output) |
wolfSSL | 15:117db924cf7c | 3933 | { |
wolfSSL | 15:117db924cf7c | 3934 | word16 offset = OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3935 | |
wolfSSL | 15:117db924cf7c | 3936 | while (list) { |
wolfSSL | 15:117db924cf7c | 3937 | c16toa(list->name, output + offset); |
wolfSSL | 15:117db924cf7c | 3938 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3939 | list = list->next; |
wolfSSL | 15:117db924cf7c | 3940 | } |
wolfSSL | 15:117db924cf7c | 3941 | |
wolfSSL | 15:117db924cf7c | 3942 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 15:117db924cf7c | 3943 | |
wolfSSL | 15:117db924cf7c | 3944 | return offset; |
wolfSSL | 15:117db924cf7c | 3945 | } |
wolfSSL | 15:117db924cf7c | 3946 | |
wolfSSL | 15:117db924cf7c | 3947 | #endif |
wolfSSL | 15:117db924cf7c | 3948 | |
wolfSSL | 15:117db924cf7c | 3949 | static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output) |
wolfSSL | 15:117db924cf7c | 3950 | { |
wolfSSL | 15:117db924cf7c | 3951 | word16 offset = ENUM_LEN; |
wolfSSL | 15:117db924cf7c | 3952 | |
wolfSSL | 15:117db924cf7c | 3953 | while (list) { |
wolfSSL | 15:117db924cf7c | 3954 | output[offset++] = list->format; |
wolfSSL | 15:117db924cf7c | 3955 | list = list->next; |
wolfSSL | 15:117db924cf7c | 3956 | } |
wolfSSL | 15:117db924cf7c | 3957 | |
wolfSSL | 15:117db924cf7c | 3958 | output[0] = (byte)(offset - ENUM_LEN); |
wolfSSL | 15:117db924cf7c | 3959 | |
wolfSSL | 15:117db924cf7c | 3960 | return offset; |
wolfSSL | 15:117db924cf7c | 3961 | } |
wolfSSL | 15:117db924cf7c | 3962 | |
wolfSSL | 15:117db924cf7c | 3963 | #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 3964 | !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) |
wolfSSL | 15:117db924cf7c | 3965 | |
wolfSSL | 15:117db924cf7c | 3966 | static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 3967 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 3968 | { |
wolfSSL | 15:117db924cf7c | 3969 | word16 offset; |
wolfSSL | 15:117db924cf7c | 3970 | word16 name; |
wolfSSL | 15:117db924cf7c | 3971 | int ret; |
wolfSSL | 15:117db924cf7c | 3972 | |
wolfSSL | 16:8e0d178b1d1e | 3973 | if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 16:8e0d178b1d1e | 3974 | #ifdef WOLFSSL_ALLOW_SERVER_SC_EXT |
wolfSSL | 16:8e0d178b1d1e | 3975 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 3976 | #else |
wolfSSL | 15:117db924cf7c | 3977 | return BUFFER_ERROR; /* servers doesn't send this extension. */ |
wolfSSL | 16:8e0d178b1d1e | 3978 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3979 | } |
wolfSSL | 15:117db924cf7c | 3980 | |
wolfSSL | 15:117db924cf7c | 3981 | if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 3982 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3983 | |
wolfSSL | 15:117db924cf7c | 3984 | ato16(input, &offset); |
wolfSSL | 15:117db924cf7c | 3985 | |
wolfSSL | 15:117db924cf7c | 3986 | /* validating curve list length */ |
wolfSSL | 15:117db924cf7c | 3987 | if (length != OPAQUE16_LEN + offset) |
wolfSSL | 15:117db924cf7c | 3988 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 3989 | |
wolfSSL | 15:117db924cf7c | 3990 | offset = OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 3991 | if (offset == length) |
wolfSSL | 15:117db924cf7c | 3992 | return 0; |
wolfSSL | 15:117db924cf7c | 3993 | |
wolfSSL | 15:117db924cf7c | 3994 | #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) |
wolfSSL | 15:117db924cf7c | 3995 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 3996 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 3997 | SupportedCurve* curve; |
wolfSSL | 15:117db924cf7c | 3998 | |
wolfSSL | 15:117db924cf7c | 3999 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4000 | if (extension != NULL) { |
wolfSSL | 15:117db924cf7c | 4001 | /* Replace client list with server list of supported groups. */ |
wolfSSL | 15:117db924cf7c | 4002 | curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 4003 | extension->data = NULL; |
wolfSSL | 15:117db924cf7c | 4004 | TLSX_SupportedCurve_FreeAll(curve, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4005 | |
wolfSSL | 15:117db924cf7c | 4006 | ato16(input + offset, &name); |
wolfSSL | 15:117db924cf7c | 4007 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 4008 | |
wolfSSL | 15:117db924cf7c | 4009 | ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4010 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 4011 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 4012 | extension->data = (void*)curve; |
wolfSSL | 15:117db924cf7c | 4013 | } |
wolfSSL | 15:117db924cf7c | 4014 | } |
wolfSSL | 15:117db924cf7c | 4015 | #endif |
wolfSSL | 15:117db924cf7c | 4016 | |
wolfSSL | 15:117db924cf7c | 4017 | for (; offset < length; offset += OPAQUE16_LEN) { |
wolfSSL | 15:117db924cf7c | 4018 | ato16(input + offset, &name); |
wolfSSL | 15:117db924cf7c | 4019 | |
wolfSSL | 15:117db924cf7c | 4020 | ret = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4021 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 4022 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 4023 | } |
wolfSSL | 15:117db924cf7c | 4024 | |
wolfSSL | 15:117db924cf7c | 4025 | return 0; |
wolfSSL | 15:117db924cf7c | 4026 | } |
wolfSSL | 15:117db924cf7c | 4027 | |
wolfSSL | 15:117db924cf7c | 4028 | #endif |
wolfSSL | 15:117db924cf7c | 4029 | |
wolfSSL | 16:8e0d178b1d1e | 4030 | #if !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 16:8e0d178b1d1e | 4031 | |
wolfSSL | 16:8e0d178b1d1e | 4032 | #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) |
wolfSSL | 15:117db924cf7c | 4033 | |
wolfSSL | 15:117db924cf7c | 4034 | /* Checks the priority of the groups on the server and set the supported groups |
wolfSSL | 15:117db924cf7c | 4035 | * response if there is a group not advertised by the client that is preferred. |
wolfSSL | 15:117db924cf7c | 4036 | * |
wolfSSL | 15:117db924cf7c | 4037 | * ssl SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 4038 | * returns 0 on success, otherwise an error. |
wolfSSL | 15:117db924cf7c | 4039 | */ |
wolfSSL | 15:117db924cf7c | 4040 | int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 4041 | { |
wolfSSL | 15:117db924cf7c | 4042 | int ret; |
wolfSSL | 15:117db924cf7c | 4043 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 4044 | TLSX* priority = NULL; |
wolfSSL | 15:117db924cf7c | 4045 | TLSX* ext = NULL; |
wolfSSL | 15:117db924cf7c | 4046 | word16 name; |
wolfSSL | 15:117db924cf7c | 4047 | SupportedCurve* curve; |
wolfSSL | 15:117db924cf7c | 4048 | |
wolfSSL | 15:117db924cf7c | 4049 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4050 | /* May be doing PSK with no key exchange. */ |
wolfSSL | 15:117db924cf7c | 4051 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 4052 | return 0; |
wolfSSL | 15:117db924cf7c | 4053 | |
wolfSSL | 15:117db924cf7c | 4054 | if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 4055 | return ret; |
wolfSSL | 15:117db924cf7c | 4056 | |
wolfSSL | 15:117db924cf7c | 4057 | ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4058 | curve = (SupportedCurve*)ext->data; |
wolfSSL | 15:117db924cf7c | 4059 | name = curve->name; |
wolfSSL | 15:117db924cf7c | 4060 | |
wolfSSL | 15:117db924cf7c | 4061 | curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 4062 | while (curve != NULL) { |
wolfSSL | 15:117db924cf7c | 4063 | if (curve->name == name) |
wolfSSL | 15:117db924cf7c | 4064 | break; |
wolfSSL | 15:117db924cf7c | 4065 | curve = curve->next; |
wolfSSL | 15:117db924cf7c | 4066 | } |
wolfSSL | 15:117db924cf7c | 4067 | |
wolfSSL | 15:117db924cf7c | 4068 | if (curve == NULL) { |
wolfSSL | 15:117db924cf7c | 4069 | /* Couldn't find the preferred group in client list. */ |
wolfSSL | 15:117db924cf7c | 4070 | extension->resp = 1; |
wolfSSL | 15:117db924cf7c | 4071 | |
wolfSSL | 15:117db924cf7c | 4072 | /* Send server list back and free client list. */ |
wolfSSL | 15:117db924cf7c | 4073 | curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 4074 | extension->data = ext->data; |
wolfSSL | 15:117db924cf7c | 4075 | ext->data = curve; |
wolfSSL | 15:117db924cf7c | 4076 | } |
wolfSSL | 15:117db924cf7c | 4077 | |
wolfSSL | 15:117db924cf7c | 4078 | TLSX_FreeAll(priority, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4079 | |
wolfSSL | 15:117db924cf7c | 4080 | return 0; |
wolfSSL | 15:117db924cf7c | 4081 | } |
wolfSSL | 15:117db924cf7c | 4082 | |
wolfSSL | 15:117db924cf7c | 4083 | #endif |
wolfSSL | 15:117db924cf7c | 4084 | |
wolfSSL | 16:8e0d178b1d1e | 4085 | #if defined(HAVE_FFDHE) && !defined(WOLFSSL_NO_TLS12) |
wolfSSL | 16:8e0d178b1d1e | 4086 | /* Set the highest priority common FFDHE group on the server as compared to |
wolfSSL | 16:8e0d178b1d1e | 4087 | * client extensions. |
wolfSSL | 16:8e0d178b1d1e | 4088 | * |
wolfSSL | 16:8e0d178b1d1e | 4089 | * ssl SSL/TLS object. |
wolfSSL | 16:8e0d178b1d1e | 4090 | * returns 0 on success, otherwise an error. |
wolfSSL | 16:8e0d178b1d1e | 4091 | */ |
wolfSSL | 16:8e0d178b1d1e | 4092 | int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) |
wolfSSL | 16:8e0d178b1d1e | 4093 | { |
wolfSSL | 16:8e0d178b1d1e | 4094 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 4095 | TLSX* extension; |
wolfSSL | 16:8e0d178b1d1e | 4096 | TLSX* priority = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4097 | TLSX* ext = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4098 | SupportedCurve* serverGroup; |
wolfSSL | 16:8e0d178b1d1e | 4099 | SupportedCurve* clientGroup; |
wolfSSL | 16:8e0d178b1d1e | 4100 | SupportedCurve* group; |
wolfSSL | 16:8e0d178b1d1e | 4101 | const DhParams* params = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4102 | int found = 0; |
wolfSSL | 16:8e0d178b1d1e | 4103 | |
wolfSSL | 16:8e0d178b1d1e | 4104 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 16:8e0d178b1d1e | 4105 | /* May be doing PSK with no key exchange. */ |
wolfSSL | 16:8e0d178b1d1e | 4106 | if (extension == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4107 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 4108 | clientGroup = (SupportedCurve*)extension->data; |
wolfSSL | 16:8e0d178b1d1e | 4109 | for (group = clientGroup; group != NULL; group = group->next) { |
wolfSSL | 16:8e0d178b1d1e | 4110 | if (group->name >= MIN_FFHDE_GROUP && group->name <= MAX_FFHDE_GROUP) { |
wolfSSL | 16:8e0d178b1d1e | 4111 | found = 1; |
wolfSSL | 16:8e0d178b1d1e | 4112 | break; |
wolfSSL | 16:8e0d178b1d1e | 4113 | } |
wolfSSL | 16:8e0d178b1d1e | 4114 | } |
wolfSSL | 16:8e0d178b1d1e | 4115 | if (!found) |
wolfSSL | 16:8e0d178b1d1e | 4116 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 4117 | |
wolfSSL | 16:8e0d178b1d1e | 4118 | if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { |
wolfSSL | 16:8e0d178b1d1e | 4119 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 4120 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 4121 | } |
wolfSSL | 16:8e0d178b1d1e | 4122 | if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { |
wolfSSL | 16:8e0d178b1d1e | 4123 | XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 4124 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 4125 | } |
wolfSSL | 16:8e0d178b1d1e | 4126 | ssl->buffers.serverDH_P.buffer = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4127 | ssl->buffers.serverDH_G.buffer = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4128 | ssl->buffers.weOwnDH = 0; |
wolfSSL | 16:8e0d178b1d1e | 4129 | ssl->options.haveDH = 0; |
wolfSSL | 16:8e0d178b1d1e | 4130 | |
wolfSSL | 16:8e0d178b1d1e | 4131 | |
wolfSSL | 16:8e0d178b1d1e | 4132 | if ((ret = TLSX_PopulateSupportedGroups(ssl, &priority)) != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 4133 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 4134 | ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 4135 | |
wolfSSL | 16:8e0d178b1d1e | 4136 | ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 16:8e0d178b1d1e | 4137 | serverGroup = (SupportedCurve*)ext->data; |
wolfSSL | 16:8e0d178b1d1e | 4138 | |
wolfSSL | 16:8e0d178b1d1e | 4139 | for (; serverGroup != NULL; serverGroup = serverGroup->next) { |
wolfSSL | 16:8e0d178b1d1e | 4140 | if ((serverGroup->name & NAMED_DH_MASK) != NAMED_DH_MASK) |
wolfSSL | 16:8e0d178b1d1e | 4141 | continue; |
wolfSSL | 16:8e0d178b1d1e | 4142 | |
wolfSSL | 16:8e0d178b1d1e | 4143 | for (group = clientGroup; group != NULL; group = group->next) { |
wolfSSL | 16:8e0d178b1d1e | 4144 | if (serverGroup->name != group->name) |
wolfSSL | 16:8e0d178b1d1e | 4145 | continue; |
wolfSSL | 16:8e0d178b1d1e | 4146 | |
wolfSSL | 16:8e0d178b1d1e | 4147 | switch (serverGroup->name) { |
wolfSSL | 16:8e0d178b1d1e | 4148 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 16:8e0d178b1d1e | 4149 | case WOLFSSL_FFDHE_2048: |
wolfSSL | 16:8e0d178b1d1e | 4150 | params = wc_Dh_ffdhe2048_Get(); |
wolfSSL | 16:8e0d178b1d1e | 4151 | break; |
wolfSSL | 16:8e0d178b1d1e | 4152 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4153 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 16:8e0d178b1d1e | 4154 | case WOLFSSL_FFDHE_3072: |
wolfSSL | 16:8e0d178b1d1e | 4155 | params = wc_Dh_ffdhe3072_Get(); |
wolfSSL | 16:8e0d178b1d1e | 4156 | break; |
wolfSSL | 16:8e0d178b1d1e | 4157 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4158 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 16:8e0d178b1d1e | 4159 | case WOLFSSL_FFDHE_4096: |
wolfSSL | 16:8e0d178b1d1e | 4160 | params = wc_Dh_ffdhe4096_Get(); |
wolfSSL | 16:8e0d178b1d1e | 4161 | break; |
wolfSSL | 16:8e0d178b1d1e | 4162 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4163 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 16:8e0d178b1d1e | 4164 | case WOLFSSL_FFDHE_6144: |
wolfSSL | 16:8e0d178b1d1e | 4165 | params = wc_Dh_ffdhe6144_Get(); |
wolfSSL | 16:8e0d178b1d1e | 4166 | break; |
wolfSSL | 16:8e0d178b1d1e | 4167 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4168 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 16:8e0d178b1d1e | 4169 | case WOLFSSL_FFDHE_8192: |
wolfSSL | 16:8e0d178b1d1e | 4170 | params = wc_Dh_ffdhe8192_Get(); |
wolfSSL | 16:8e0d178b1d1e | 4171 | break; |
wolfSSL | 16:8e0d178b1d1e | 4172 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4173 | } |
wolfSSL | 16:8e0d178b1d1e | 4174 | if (params == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4175 | return BAD_FUNC_ARG; |
wolfSSL | 16:8e0d178b1d1e | 4176 | if (params->p_len >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 4177 | params->p_len <= ssl->options.maxDhKeySz) { |
wolfSSL | 16:8e0d178b1d1e | 4178 | break; |
wolfSSL | 16:8e0d178b1d1e | 4179 | } |
wolfSSL | 16:8e0d178b1d1e | 4180 | } |
wolfSSL | 16:8e0d178b1d1e | 4181 | |
wolfSSL | 16:8e0d178b1d1e | 4182 | if (group != NULL && serverGroup->name == group->name) |
wolfSSL | 16:8e0d178b1d1e | 4183 | break; |
wolfSSL | 16:8e0d178b1d1e | 4184 | } |
wolfSSL | 16:8e0d178b1d1e | 4185 | |
wolfSSL | 16:8e0d178b1d1e | 4186 | if (serverGroup) { |
wolfSSL | 16:8e0d178b1d1e | 4187 | ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p; |
wolfSSL | 16:8e0d178b1d1e | 4188 | ssl->buffers.serverDH_P.length = params->p_len; |
wolfSSL | 16:8e0d178b1d1e | 4189 | ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g; |
wolfSSL | 16:8e0d178b1d1e | 4190 | ssl->buffers.serverDH_G.length = params->g_len; |
wolfSSL | 16:8e0d178b1d1e | 4191 | ssl->namedGroup = serverGroup->name; |
wolfSSL | 16:8e0d178b1d1e | 4192 | #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ |
wolfSSL | 16:8e0d178b1d1e | 4193 | !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
wolfSSL | 16:8e0d178b1d1e | 4194 | ssl->options.dhDoKeyTest = 0; |
wolfSSL | 16:8e0d178b1d1e | 4195 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4196 | ssl->options.haveDH = 1; |
wolfSSL | 16:8e0d178b1d1e | 4197 | } |
wolfSSL | 16:8e0d178b1d1e | 4198 | |
wolfSSL | 16:8e0d178b1d1e | 4199 | TLSX_FreeAll(priority, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 4200 | |
wolfSSL | 16:8e0d178b1d1e | 4201 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 4202 | } |
wolfSSL | 16:8e0d178b1d1e | 4203 | #endif /* HAVE_FFDHE && !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 4204 | |
wolfSSL | 16:8e0d178b1d1e | 4205 | #endif /* !NO_WOLFSSL_SERVER */ |
wolfSSL | 16:8e0d178b1d1e | 4206 | |
wolfSSL | 15:117db924cf7c | 4207 | #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) |
wolfSSL | 15:117db924cf7c | 4208 | /* Return the preferred group. |
wolfSSL | 15:117db924cf7c | 4209 | * |
wolfSSL | 15:117db924cf7c | 4210 | * ssl SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 4211 | * checkSupported Whether to check for the first supported group. |
wolfSSL | 15:117db924cf7c | 4212 | * returns BAD_FUNC_ARG if no group found, otherwise the group. |
wolfSSL | 15:117db924cf7c | 4213 | */ |
wolfSSL | 15:117db924cf7c | 4214 | int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported) |
wolfSSL | 15:117db924cf7c | 4215 | { |
wolfSSL | 15:117db924cf7c | 4216 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 4217 | SupportedCurve* curve; |
wolfSSL | 15:117db924cf7c | 4218 | |
wolfSSL | 15:117db924cf7c | 4219 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4220 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 4221 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 4222 | |
wolfSSL | 15:117db924cf7c | 4223 | curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 4224 | while (curve != NULL) { |
wolfSSL | 15:117db924cf7c | 4225 | if (!checkSupported || TLSX_KeyShare_IsSupported(curve->name)) |
wolfSSL | 15:117db924cf7c | 4226 | return curve->name; |
wolfSSL | 15:117db924cf7c | 4227 | curve = curve->next; |
wolfSSL | 15:117db924cf7c | 4228 | } |
wolfSSL | 15:117db924cf7c | 4229 | |
wolfSSL | 15:117db924cf7c | 4230 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 4231 | } |
wolfSSL | 15:117db924cf7c | 4232 | |
wolfSSL | 15:117db924cf7c | 4233 | #endif |
wolfSSL | 15:117db924cf7c | 4234 | |
wolfSSL | 15:117db924cf7c | 4235 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 4236 | |
wolfSSL | 15:117db924cf7c | 4237 | static int TLSX_PointFormat_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 4238 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 4239 | { |
wolfSSL | 15:117db924cf7c | 4240 | int ret; |
wolfSSL | 15:117db924cf7c | 4241 | |
wolfSSL | 15:117db924cf7c | 4242 | /* validating formats list length */ |
wolfSSL | 16:8e0d178b1d1e | 4243 | if (ENUM_LEN > length || length != (word16)ENUM_LEN + input[0]) |
wolfSSL | 15:117db924cf7c | 4244 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 4245 | |
wolfSSL | 15:117db924cf7c | 4246 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 4247 | /* adding uncompressed point format to response */ |
wolfSSL | 15:117db924cf7c | 4248 | ret = TLSX_UsePointFormat(&ssl->extensions, WOLFSSL_EC_PF_UNCOMPRESSED, |
wolfSSL | 15:117db924cf7c | 4249 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 4250 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 4251 | return ret; /* throw error */ |
wolfSSL | 15:117db924cf7c | 4252 | |
wolfSSL | 15:117db924cf7c | 4253 | TLSX_SetResponse(ssl, TLSX_EC_POINT_FORMATS); |
wolfSSL | 15:117db924cf7c | 4254 | } |
wolfSSL | 15:117db924cf7c | 4255 | |
wolfSSL | 15:117db924cf7c | 4256 | return 0; |
wolfSSL | 15:117db924cf7c | 4257 | } |
wolfSSL | 15:117db924cf7c | 4258 | |
wolfSSL | 16:8e0d178b1d1e | 4259 | #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) |
wolfSSL | 15:117db924cf7c | 4260 | int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { |
wolfSSL | 16:8e0d178b1d1e | 4261 | TLSX* extension = NULL; |
wolfSSL | 15:117db924cf7c | 4262 | SupportedCurve* curve = NULL; |
wolfSSL | 16:8e0d178b1d1e | 4263 | word32 oid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4264 | word32 pkOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4265 | word32 defOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4266 | word32 defSz = 80; /* Maximum known curve size is 66. */ |
wolfSSL | 16:8e0d178b1d1e | 4267 | word32 nextOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4268 | word32 nextSz = 80; /* Maximum known curve size is 66. */ |
wolfSSL | 16:8e0d178b1d1e | 4269 | word32 currOid = ssl->ecdhCurveOID; |
wolfSSL | 16:8e0d178b1d1e | 4270 | int ephmSuite = 0; |
wolfSSL | 16:8e0d178b1d1e | 4271 | word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */ |
wolfSSL | 16:8e0d178b1d1e | 4272 | int sig = 0; /* validate signature */ |
wolfSSL | 16:8e0d178b1d1e | 4273 | int key = 0; /* validate key */ |
wolfSSL | 15:117db924cf7c | 4274 | |
wolfSSL | 15:117db924cf7c | 4275 | (void)oid; |
wolfSSL | 15:117db924cf7c | 4276 | |
wolfSSL | 16:8e0d178b1d1e | 4277 | if (first == ECC_BYTE || first == CHACHA_BYTE) |
wolfSSL | 16:8e0d178b1d1e | 4278 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4279 | if (!extension) |
wolfSSL | 15:117db924cf7c | 4280 | return 1; /* no suite restriction */ |
wolfSSL | 15:117db924cf7c | 4281 | |
wolfSSL | 15:117db924cf7c | 4282 | for (curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 4283 | curve && !(sig && key); |
wolfSSL | 15:117db924cf7c | 4284 | curve = curve->next) { |
wolfSSL | 15:117db924cf7c | 4285 | |
wolfSSL | 15:117db924cf7c | 4286 | #ifdef OPENSSL_EXTRA |
wolfSSL | 16:8e0d178b1d1e | 4287 | /* skip if name is not in supported ECC range */ |
wolfSSL | 16:8e0d178b1d1e | 4288 | if (curve->name > WOLFSSL_ECC_X448) |
wolfSSL | 16:8e0d178b1d1e | 4289 | continue; |
wolfSSL | 16:8e0d178b1d1e | 4290 | /* skip if curve is disabled by user */ |
wolfSSL | 15:117db924cf7c | 4291 | if (ssl->ctx->disabledCurves & (1 << curve->name)) |
wolfSSL | 15:117db924cf7c | 4292 | continue; |
wolfSSL | 15:117db924cf7c | 4293 | #endif |
wolfSSL | 15:117db924cf7c | 4294 | |
wolfSSL | 15:117db924cf7c | 4295 | /* find supported curve */ |
wolfSSL | 15:117db924cf7c | 4296 | switch (curve->name) { |
wolfSSL | 15:117db924cf7c | 4297 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4298 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4299 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4300 | case WOLFSSL_ECC_SECP160R1: |
wolfSSL | 15:117db924cf7c | 4301 | pkOid = oid = ECC_SECP160R1_OID; |
wolfSSL | 15:117db924cf7c | 4302 | octets = 20; |
wolfSSL | 15:117db924cf7c | 4303 | break; |
wolfSSL | 15:117db924cf7c | 4304 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4305 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 15:117db924cf7c | 4306 | case WOLFSSL_ECC_SECP160R2: |
wolfSSL | 15:117db924cf7c | 4307 | pkOid = oid = ECC_SECP160R2_OID; |
wolfSSL | 15:117db924cf7c | 4308 | octets = 20; |
wolfSSL | 15:117db924cf7c | 4309 | break; |
wolfSSL | 15:117db924cf7c | 4310 | #endif /* HAVE_ECC_SECPR2 */ |
wolfSSL | 15:117db924cf7c | 4311 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 15:117db924cf7c | 4312 | case WOLFSSL_ECC_SECP160K1: |
wolfSSL | 15:117db924cf7c | 4313 | pkOid = oid = ECC_SECP160K1_OID; |
wolfSSL | 15:117db924cf7c | 4314 | octets = 20; |
wolfSSL | 15:117db924cf7c | 4315 | break; |
wolfSSL | 15:117db924cf7c | 4316 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 15:117db924cf7c | 4317 | #endif |
wolfSSL | 15:117db924cf7c | 4318 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4319 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4320 | case WOLFSSL_ECC_SECP192R1: |
wolfSSL | 15:117db924cf7c | 4321 | pkOid = oid = ECC_SECP192R1_OID; |
wolfSSL | 15:117db924cf7c | 4322 | octets = 24; |
wolfSSL | 15:117db924cf7c | 4323 | break; |
wolfSSL | 15:117db924cf7c | 4324 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4325 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 15:117db924cf7c | 4326 | case WOLFSSL_ECC_SECP192K1: |
wolfSSL | 15:117db924cf7c | 4327 | pkOid = oid = ECC_SECP192K1_OID; |
wolfSSL | 15:117db924cf7c | 4328 | octets = 24; |
wolfSSL | 15:117db924cf7c | 4329 | break; |
wolfSSL | 15:117db924cf7c | 4330 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 15:117db924cf7c | 4331 | #endif |
wolfSSL | 15:117db924cf7c | 4332 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4333 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4334 | case WOLFSSL_ECC_SECP224R1: |
wolfSSL | 15:117db924cf7c | 4335 | pkOid = oid = ECC_SECP224R1_OID; |
wolfSSL | 15:117db924cf7c | 4336 | octets = 28; |
wolfSSL | 15:117db924cf7c | 4337 | break; |
wolfSSL | 15:117db924cf7c | 4338 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4339 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 15:117db924cf7c | 4340 | case WOLFSSL_ECC_SECP224K1: |
wolfSSL | 15:117db924cf7c | 4341 | pkOid = oid = ECC_SECP224K1_OID; |
wolfSSL | 15:117db924cf7c | 4342 | octets = 28; |
wolfSSL | 15:117db924cf7c | 4343 | break; |
wolfSSL | 15:117db924cf7c | 4344 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 15:117db924cf7c | 4345 | #endif |
wolfSSL | 15:117db924cf7c | 4346 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4347 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4348 | case WOLFSSL_ECC_SECP256R1: |
wolfSSL | 15:117db924cf7c | 4349 | pkOid = oid = ECC_SECP256R1_OID; |
wolfSSL | 15:117db924cf7c | 4350 | octets = 32; |
wolfSSL | 15:117db924cf7c | 4351 | break; |
wolfSSL | 15:117db924cf7c | 4352 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4353 | #endif /* !NO_ECC256 || HAVE_ALL_CURVES */ |
wolfSSL | 15:117db924cf7c | 4354 | #endif |
wolfSSL | 15:117db924cf7c | 4355 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 4356 | case WOLFSSL_ECC_X25519: |
wolfSSL | 15:117db924cf7c | 4357 | oid = ECC_X25519_OID; |
wolfSSL | 15:117db924cf7c | 4358 | #ifdef HAVE_ED25519 |
wolfSSL | 15:117db924cf7c | 4359 | pkOid = ECC_ED25519_OID; |
wolfSSL | 15:117db924cf7c | 4360 | #else |
wolfSSL | 15:117db924cf7c | 4361 | pkOid = ECC_X25519_OID; |
wolfSSL | 15:117db924cf7c | 4362 | #endif |
wolfSSL | 15:117db924cf7c | 4363 | octets = 32; |
wolfSSL | 15:117db924cf7c | 4364 | break; |
wolfSSL | 15:117db924cf7c | 4365 | #endif /* HAVE_CURVE25519 */ |
wolfSSL | 15:117db924cf7c | 4366 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4367 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4368 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 15:117db924cf7c | 4369 | case WOLFSSL_ECC_SECP256K1: |
wolfSSL | 15:117db924cf7c | 4370 | pkOid = oid = ECC_SECP256K1_OID; |
wolfSSL | 15:117db924cf7c | 4371 | octets = 32; |
wolfSSL | 15:117db924cf7c | 4372 | break; |
wolfSSL | 15:117db924cf7c | 4373 | #endif /* HAVE_ECC_KOBLITZ */ |
wolfSSL | 15:117db924cf7c | 4374 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 15:117db924cf7c | 4375 | case WOLFSSL_ECC_BRAINPOOLP256R1: |
wolfSSL | 15:117db924cf7c | 4376 | pkOid = oid = ECC_BRAINPOOLP256R1_OID; |
wolfSSL | 15:117db924cf7c | 4377 | octets = 32; |
wolfSSL | 15:117db924cf7c | 4378 | break; |
wolfSSL | 15:117db924cf7c | 4379 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 15:117db924cf7c | 4380 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4381 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4382 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 4383 | case WOLFSSL_ECC_X448: |
wolfSSL | 16:8e0d178b1d1e | 4384 | oid = ECC_X448_OID; |
wolfSSL | 16:8e0d178b1d1e | 4385 | #ifdef HAVE_ED448 |
wolfSSL | 16:8e0d178b1d1e | 4386 | pkOid = ECC_ED448_OID; |
wolfSSL | 16:8e0d178b1d1e | 4387 | #else |
wolfSSL | 16:8e0d178b1d1e | 4388 | pkOid = ECC_X448_OID; |
wolfSSL | 16:8e0d178b1d1e | 4389 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4390 | octets = 57; |
wolfSSL | 16:8e0d178b1d1e | 4391 | break; |
wolfSSL | 16:8e0d178b1d1e | 4392 | #endif /* HAVE_CURVE448 */ |
wolfSSL | 16:8e0d178b1d1e | 4393 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4394 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4395 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4396 | case WOLFSSL_ECC_SECP384R1: |
wolfSSL | 15:117db924cf7c | 4397 | pkOid = oid = ECC_SECP384R1_OID; |
wolfSSL | 15:117db924cf7c | 4398 | octets = 48; |
wolfSSL | 15:117db924cf7c | 4399 | break; |
wolfSSL | 15:117db924cf7c | 4400 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4401 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 15:117db924cf7c | 4402 | case WOLFSSL_ECC_BRAINPOOLP384R1: |
wolfSSL | 15:117db924cf7c | 4403 | pkOid = oid = ECC_BRAINPOOLP384R1_OID; |
wolfSSL | 15:117db924cf7c | 4404 | octets = 48; |
wolfSSL | 15:117db924cf7c | 4405 | break; |
wolfSSL | 15:117db924cf7c | 4406 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 15:117db924cf7c | 4407 | #endif |
wolfSSL | 15:117db924cf7c | 4408 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4409 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 15:117db924cf7c | 4410 | case WOLFSSL_ECC_BRAINPOOLP512R1: |
wolfSSL | 15:117db924cf7c | 4411 | pkOid = oid = ECC_BRAINPOOLP512R1_OID; |
wolfSSL | 15:117db924cf7c | 4412 | octets = 64; |
wolfSSL | 15:117db924cf7c | 4413 | break; |
wolfSSL | 15:117db924cf7c | 4414 | #endif /* HAVE_ECC_BRAINPOOL */ |
wolfSSL | 15:117db924cf7c | 4415 | #endif |
wolfSSL | 15:117db924cf7c | 4416 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 4417 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 4418 | case WOLFSSL_ECC_SECP521R1: |
wolfSSL | 15:117db924cf7c | 4419 | pkOid = oid = ECC_SECP521R1_OID; |
wolfSSL | 15:117db924cf7c | 4420 | octets = 66; |
wolfSSL | 15:117db924cf7c | 4421 | break; |
wolfSSL | 15:117db924cf7c | 4422 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 4423 | #endif |
wolfSSL | 15:117db924cf7c | 4424 | #endif |
wolfSSL | 15:117db924cf7c | 4425 | default: continue; /* unsupported curve */ |
wolfSSL | 15:117db924cf7c | 4426 | } |
wolfSSL | 15:117db924cf7c | 4427 | |
wolfSSL | 15:117db924cf7c | 4428 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4429 | /* Set default Oid */ |
wolfSSL | 15:117db924cf7c | 4430 | if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) { |
wolfSSL | 15:117db924cf7c | 4431 | defOid = oid; |
wolfSSL | 15:117db924cf7c | 4432 | defSz = octets; |
wolfSSL | 15:117db924cf7c | 4433 | } |
wolfSSL | 15:117db924cf7c | 4434 | |
wolfSSL | 16:8e0d178b1d1e | 4435 | /* The eccTempKeySz is the preferred ephemeral key size */ |
wolfSSL | 15:117db924cf7c | 4436 | if (currOid == 0 && ssl->eccTempKeySz == octets) |
wolfSSL | 15:117db924cf7c | 4437 | currOid = oid; |
wolfSSL | 15:117db924cf7c | 4438 | if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) { |
wolfSSL | 15:117db924cf7c | 4439 | nextOid = oid; |
wolfSSL | 15:117db924cf7c | 4440 | nextSz = octets; |
wolfSSL | 15:117db924cf7c | 4441 | } |
wolfSSL | 15:117db924cf7c | 4442 | #else |
wolfSSL | 15:117db924cf7c | 4443 | if (defOid == 0 && defSz > octets) { |
wolfSSL | 15:117db924cf7c | 4444 | defOid = oid; |
wolfSSL | 15:117db924cf7c | 4445 | defSz = octets; |
wolfSSL | 15:117db924cf7c | 4446 | } |
wolfSSL | 15:117db924cf7c | 4447 | |
wolfSSL | 15:117db924cf7c | 4448 | if (currOid == 0) |
wolfSSL | 15:117db924cf7c | 4449 | currOid = oid; |
wolfSSL | 15:117db924cf7c | 4450 | if (nextOid == 0 || nextSz > octets) { |
wolfSSL | 15:117db924cf7c | 4451 | nextOid = oid; |
wolfSSL | 15:117db924cf7c | 4452 | nextSz = octets; |
wolfSSL | 15:117db924cf7c | 4453 | } |
wolfSSL | 15:117db924cf7c | 4454 | #endif |
wolfSSL | 15:117db924cf7c | 4455 | |
wolfSSL | 15:117db924cf7c | 4456 | if (first == ECC_BYTE) { |
wolfSSL | 15:117db924cf7c | 4457 | switch (second) { |
wolfSSL | 15:117db924cf7c | 4458 | /* ECDHE_ECDSA */ |
wolfSSL | 15:117db924cf7c | 4459 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4460 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4461 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 15:117db924cf7c | 4462 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4463 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 15:117db924cf7c | 4464 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 15:117db924cf7c | 4465 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 15:117db924cf7c | 4466 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 15:117db924cf7c | 4467 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
wolfSSL | 15:117db924cf7c | 4468 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: |
wolfSSL | 15:117db924cf7c | 4469 | sig |= ssl->pkCurveOID == pkOid; |
wolfSSL | 15:117db924cf7c | 4470 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 15:117db924cf7c | 4471 | ephmSuite = 1; |
wolfSSL | 15:117db924cf7c | 4472 | break; |
wolfSSL | 15:117db924cf7c | 4473 | |
wolfSSL | 15:117db924cf7c | 4474 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 15:117db924cf7c | 4475 | /* ECDH_ECDSA */ |
wolfSSL | 15:117db924cf7c | 4476 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4477 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4478 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 15:117db924cf7c | 4479 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4480 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 15:117db924cf7c | 4481 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 15:117db924cf7c | 4482 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 15:117db924cf7c | 4483 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 15:117db924cf7c | 4484 | if (oid == ECC_X25519_OID && defOid == oid) { |
wolfSSL | 15:117db924cf7c | 4485 | defOid = 0; |
wolfSSL | 15:117db924cf7c | 4486 | defSz = 80; |
wolfSSL | 15:117db924cf7c | 4487 | } |
wolfSSL | 16:8e0d178b1d1e | 4488 | if (oid == ECC_X448_OID && defOid == oid) { |
wolfSSL | 16:8e0d178b1d1e | 4489 | defOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4490 | defSz = 80; |
wolfSSL | 16:8e0d178b1d1e | 4491 | } |
wolfSSL | 15:117db924cf7c | 4492 | sig |= ssl->pkCurveOID == pkOid; |
wolfSSL | 15:117db924cf7c | 4493 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 15:117db924cf7c | 4494 | break; |
wolfSSL | 15:117db924cf7c | 4495 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 15:117db924cf7c | 4496 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 4497 | /* ECDHE_RSA */ |
wolfSSL | 15:117db924cf7c | 4498 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4499 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4500 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
wolfSSL | 15:117db924cf7c | 4501 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4502 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 15:117db924cf7c | 4503 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 15:117db924cf7c | 4504 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 15:117db924cf7c | 4505 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 15:117db924cf7c | 4506 | sig = 1; |
wolfSSL | 15:117db924cf7c | 4507 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 15:117db924cf7c | 4508 | ephmSuite = 1; |
wolfSSL | 15:117db924cf7c | 4509 | break; |
wolfSSL | 15:117db924cf7c | 4510 | |
wolfSSL | 15:117db924cf7c | 4511 | #ifdef WOLFSSL_STATIC_DH |
wolfSSL | 15:117db924cf7c | 4512 | /* ECDH_RSA */ |
wolfSSL | 15:117db924cf7c | 4513 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4514 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4515 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
wolfSSL | 15:117db924cf7c | 4516 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 15:117db924cf7c | 4517 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 15:117db924cf7c | 4518 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 15:117db924cf7c | 4519 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 15:117db924cf7c | 4520 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 15:117db924cf7c | 4521 | if (oid == ECC_X25519_OID && defOid == oid) { |
wolfSSL | 15:117db924cf7c | 4522 | defOid = 0; |
wolfSSL | 15:117db924cf7c | 4523 | defSz = 80; |
wolfSSL | 15:117db924cf7c | 4524 | } |
wolfSSL | 16:8e0d178b1d1e | 4525 | if (oid == ECC_X448_OID && defOid == oid) { |
wolfSSL | 16:8e0d178b1d1e | 4526 | defOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4527 | defSz = 80; |
wolfSSL | 16:8e0d178b1d1e | 4528 | } |
wolfSSL | 15:117db924cf7c | 4529 | sig = 1; |
wolfSSL | 15:117db924cf7c | 4530 | key |= ssl->pkCurveOID == pkOid; |
wolfSSL | 15:117db924cf7c | 4531 | break; |
wolfSSL | 15:117db924cf7c | 4532 | #endif /* WOLFSSL_STATIC_DH */ |
wolfSSL | 15:117db924cf7c | 4533 | #endif |
wolfSSL | 15:117db924cf7c | 4534 | default: |
wolfSSL | 15:117db924cf7c | 4535 | if (oid == ECC_X25519_OID && defOid == oid) { |
wolfSSL | 15:117db924cf7c | 4536 | defOid = 0; |
wolfSSL | 15:117db924cf7c | 4537 | defSz = 80; |
wolfSSL | 15:117db924cf7c | 4538 | } |
wolfSSL | 16:8e0d178b1d1e | 4539 | if (oid == ECC_X448_OID && defOid == oid) { |
wolfSSL | 16:8e0d178b1d1e | 4540 | defOid = 0; |
wolfSSL | 16:8e0d178b1d1e | 4541 | defSz = 80; |
wolfSSL | 16:8e0d178b1d1e | 4542 | } |
wolfSSL | 16:8e0d178b1d1e | 4543 | if (oid != ECC_X25519_OID && oid != ECC_X448_OID) { |
wolfSSL | 15:117db924cf7c | 4544 | sig = 1; |
wolfSSL | 16:8e0d178b1d1e | 4545 | } |
wolfSSL | 15:117db924cf7c | 4546 | key = 1; |
wolfSSL | 15:117db924cf7c | 4547 | break; |
wolfSSL | 15:117db924cf7c | 4548 | } |
wolfSSL | 15:117db924cf7c | 4549 | } |
wolfSSL | 15:117db924cf7c | 4550 | |
wolfSSL | 15:117db924cf7c | 4551 | /* ChaCha20-Poly1305 ECC cipher suites */ |
wolfSSL | 15:117db924cf7c | 4552 | if (first == CHACHA_BYTE) { |
wolfSSL | 15:117db924cf7c | 4553 | switch (second) { |
wolfSSL | 15:117db924cf7c | 4554 | /* ECDHE_ECDSA */ |
wolfSSL | 15:117db924cf7c | 4555 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 15:117db924cf7c | 4556 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 15:117db924cf7c | 4557 | sig |= ssl->pkCurveOID == pkOid; |
wolfSSL | 15:117db924cf7c | 4558 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 15:117db924cf7c | 4559 | ephmSuite = 1; |
wolfSSL | 15:117db924cf7c | 4560 | break; |
wolfSSL | 15:117db924cf7c | 4561 | #ifndef NO_RSA |
wolfSSL | 15:117db924cf7c | 4562 | /* ECDHE_RSA */ |
wolfSSL | 15:117db924cf7c | 4563 | case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
wolfSSL | 15:117db924cf7c | 4564 | case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : |
wolfSSL | 15:117db924cf7c | 4565 | sig = 1; |
wolfSSL | 15:117db924cf7c | 4566 | key |= ssl->ecdhCurveOID == oid; |
wolfSSL | 15:117db924cf7c | 4567 | ephmSuite = 1; |
wolfSSL | 15:117db924cf7c | 4568 | break; |
wolfSSL | 15:117db924cf7c | 4569 | #endif |
wolfSSL | 15:117db924cf7c | 4570 | default: |
wolfSSL | 15:117db924cf7c | 4571 | sig = 1; |
wolfSSL | 15:117db924cf7c | 4572 | key = 1; |
wolfSSL | 15:117db924cf7c | 4573 | break; |
wolfSSL | 15:117db924cf7c | 4574 | } |
wolfSSL | 15:117db924cf7c | 4575 | } |
wolfSSL | 15:117db924cf7c | 4576 | } |
wolfSSL | 15:117db924cf7c | 4577 | |
wolfSSL | 15:117db924cf7c | 4578 | /* Choose the default if it is at the required strength. */ |
wolfSSL | 15:117db924cf7c | 4579 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4580 | if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) |
wolfSSL | 15:117db924cf7c | 4581 | #else |
wolfSSL | 15:117db924cf7c | 4582 | if (ssl->ecdhCurveOID == 0) |
wolfSSL | 15:117db924cf7c | 4583 | #endif |
wolfSSL | 15:117db924cf7c | 4584 | { |
wolfSSL | 15:117db924cf7c | 4585 | key = 1; |
wolfSSL | 15:117db924cf7c | 4586 | ssl->ecdhCurveOID = defOid; |
wolfSSL | 15:117db924cf7c | 4587 | } |
wolfSSL | 15:117db924cf7c | 4588 | /* Choose any curve at the required strength. */ |
wolfSSL | 15:117db924cf7c | 4589 | if (ssl->ecdhCurveOID == 0) { |
wolfSSL | 15:117db924cf7c | 4590 | key = 1; |
wolfSSL | 15:117db924cf7c | 4591 | ssl->ecdhCurveOID = currOid; |
wolfSSL | 15:117db924cf7c | 4592 | } |
wolfSSL | 15:117db924cf7c | 4593 | /* Choose the default if it is at the next highest strength. */ |
wolfSSL | 15:117db924cf7c | 4594 | if (ssl->ecdhCurveOID == 0 && defSz == nextSz) |
wolfSSL | 15:117db924cf7c | 4595 | ssl->ecdhCurveOID = defOid; |
wolfSSL | 15:117db924cf7c | 4596 | /* Choose any curve at the next highest strength. */ |
wolfSSL | 15:117db924cf7c | 4597 | if (ssl->ecdhCurveOID == 0) |
wolfSSL | 15:117db924cf7c | 4598 | ssl->ecdhCurveOID = nextOid; |
wolfSSL | 15:117db924cf7c | 4599 | /* No curve and ephemeral ECC suite requires a matching curve. */ |
wolfSSL | 15:117db924cf7c | 4600 | if (ssl->ecdhCurveOID == 0 && ephmSuite) |
wolfSSL | 15:117db924cf7c | 4601 | key = 0; |
wolfSSL | 15:117db924cf7c | 4602 | |
wolfSSL | 15:117db924cf7c | 4603 | return sig && key; |
wolfSSL | 15:117db924cf7c | 4604 | } |
wolfSSL | 15:117db924cf7c | 4605 | #endif |
wolfSSL | 15:117db924cf7c | 4606 | |
wolfSSL | 15:117db924cf7c | 4607 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 4608 | |
wolfSSL | 15:117db924cf7c | 4609 | int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) |
wolfSSL | 15:117db924cf7c | 4610 | { |
wolfSSL | 15:117db924cf7c | 4611 | TLSX* extension = NULL; |
wolfSSL | 15:117db924cf7c | 4612 | SupportedCurve* curve = NULL; |
wolfSSL | 15:117db924cf7c | 4613 | int ret; |
wolfSSL | 15:117db924cf7c | 4614 | |
wolfSSL | 15:117db924cf7c | 4615 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 4616 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 4617 | |
wolfSSL | 15:117db924cf7c | 4618 | extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 4619 | |
wolfSSL | 15:117db924cf7c | 4620 | if (!extension) { |
wolfSSL | 15:117db924cf7c | 4621 | ret = TLSX_SupportedCurve_New(&curve, name, heap); |
wolfSSL | 15:117db924cf7c | 4622 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 4623 | return ret; |
wolfSSL | 15:117db924cf7c | 4624 | |
wolfSSL | 15:117db924cf7c | 4625 | ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap); |
wolfSSL | 15:117db924cf7c | 4626 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 4627 | XFREE(curve, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 4628 | return ret; |
wolfSSL | 15:117db924cf7c | 4629 | } |
wolfSSL | 15:117db924cf7c | 4630 | } |
wolfSSL | 15:117db924cf7c | 4631 | else { |
wolfSSL | 15:117db924cf7c | 4632 | ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, name, |
wolfSSL | 15:117db924cf7c | 4633 | heap); |
wolfSSL | 15:117db924cf7c | 4634 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 4635 | return ret; |
wolfSSL | 15:117db924cf7c | 4636 | } |
wolfSSL | 15:117db924cf7c | 4637 | |
wolfSSL | 15:117db924cf7c | 4638 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 4639 | } |
wolfSSL | 15:117db924cf7c | 4640 | |
wolfSSL | 15:117db924cf7c | 4641 | int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap) |
wolfSSL | 15:117db924cf7c | 4642 | { |
wolfSSL | 15:117db924cf7c | 4643 | TLSX* extension = NULL; |
wolfSSL | 15:117db924cf7c | 4644 | PointFormat* point = NULL; |
wolfSSL | 15:117db924cf7c | 4645 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 4646 | |
wolfSSL | 15:117db924cf7c | 4647 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 4648 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 4649 | |
wolfSSL | 15:117db924cf7c | 4650 | extension = TLSX_Find(*extensions, TLSX_EC_POINT_FORMATS); |
wolfSSL | 15:117db924cf7c | 4651 | |
wolfSSL | 15:117db924cf7c | 4652 | if (!extension) { |
wolfSSL | 15:117db924cf7c | 4653 | ret = TLSX_PointFormat_New(&point, format, heap); |
wolfSSL | 15:117db924cf7c | 4654 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 4655 | return ret; |
wolfSSL | 15:117db924cf7c | 4656 | |
wolfSSL | 15:117db924cf7c | 4657 | ret = TLSX_Push(extensions, TLSX_EC_POINT_FORMATS, point, heap); |
wolfSSL | 15:117db924cf7c | 4658 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 4659 | XFREE(point, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 4660 | return ret; |
wolfSSL | 15:117db924cf7c | 4661 | } |
wolfSSL | 15:117db924cf7c | 4662 | } |
wolfSSL | 15:117db924cf7c | 4663 | else { |
wolfSSL | 15:117db924cf7c | 4664 | ret = TLSX_PointFormat_Append((PointFormat*)extension->data, format, |
wolfSSL | 15:117db924cf7c | 4665 | heap); |
wolfSSL | 15:117db924cf7c | 4666 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 4667 | return ret; |
wolfSSL | 15:117db924cf7c | 4668 | } |
wolfSSL | 15:117db924cf7c | 4669 | |
wolfSSL | 15:117db924cf7c | 4670 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 4671 | } |
wolfSSL | 15:117db924cf7c | 4672 | |
wolfSSL | 15:117db924cf7c | 4673 | #define EC_FREE_ALL TLSX_SupportedCurve_FreeAll |
wolfSSL | 15:117db924cf7c | 4674 | #define EC_VALIDATE_REQUEST TLSX_SupportedCurve_ValidateRequest |
wolfSSL | 15:117db924cf7c | 4675 | |
wolfSSL | 15:117db924cf7c | 4676 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 4677 | #define EC_GET_SIZE TLSX_SupportedCurve_GetSize |
wolfSSL | 15:117db924cf7c | 4678 | #define EC_WRITE TLSX_SupportedCurve_Write |
wolfSSL | 15:117db924cf7c | 4679 | #else |
wolfSSL | 15:117db924cf7c | 4680 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 15:117db924cf7c | 4681 | #define EC_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 4682 | #endif |
wolfSSL | 15:117db924cf7c | 4683 | |
wolfSSL | 15:117db924cf7c | 4684 | #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 4685 | !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) |
wolfSSL | 15:117db924cf7c | 4686 | #define EC_PARSE TLSX_SupportedCurve_Parse |
wolfSSL | 15:117db924cf7c | 4687 | #else |
wolfSSL | 15:117db924cf7c | 4688 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 4689 | #endif |
wolfSSL | 15:117db924cf7c | 4690 | |
wolfSSL | 15:117db924cf7c | 4691 | #define PF_FREE_ALL TLSX_PointFormat_FreeAll |
wolfSSL | 15:117db924cf7c | 4692 | #define PF_VALIDATE_REQUEST TLSX_PointFormat_ValidateRequest |
wolfSSL | 15:117db924cf7c | 4693 | #define PF_VALIDATE_RESPONSE TLSX_PointFormat_ValidateResponse |
wolfSSL | 15:117db924cf7c | 4694 | |
wolfSSL | 15:117db924cf7c | 4695 | #define PF_GET_SIZE TLSX_PointFormat_GetSize |
wolfSSL | 15:117db924cf7c | 4696 | #define PF_WRITE TLSX_PointFormat_Write |
wolfSSL | 15:117db924cf7c | 4697 | |
wolfSSL | 15:117db924cf7c | 4698 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 4699 | #define PF_PARSE TLSX_PointFormat_Parse |
wolfSSL | 15:117db924cf7c | 4700 | #else |
wolfSSL | 15:117db924cf7c | 4701 | #define PF_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 4702 | #endif |
wolfSSL | 15:117db924cf7c | 4703 | |
wolfSSL | 15:117db924cf7c | 4704 | #else |
wolfSSL | 15:117db924cf7c | 4705 | |
wolfSSL | 15:117db924cf7c | 4706 | #define EC_FREE_ALL(list, heap) |
wolfSSL | 15:117db924cf7c | 4707 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 15:117db924cf7c | 4708 | #define EC_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 4709 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 4710 | #define EC_VALIDATE_REQUEST(a, b) |
wolfSSL | 15:117db924cf7c | 4711 | |
wolfSSL | 15:117db924cf7c | 4712 | #define PF_FREE_ALL(list, heap) |
wolfSSL | 15:117db924cf7c | 4713 | #define PF_GET_SIZE(list) 0 |
wolfSSL | 15:117db924cf7c | 4714 | #define PF_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 4715 | #define PF_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 4716 | #define PF_VALIDATE_REQUEST(a, b) |
wolfSSL | 15:117db924cf7c | 4717 | #define PF_VALIDATE_RESPONSE(a, b) |
wolfSSL | 15:117db924cf7c | 4718 | |
wolfSSL | 15:117db924cf7c | 4719 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 15:117db924cf7c | 4720 | |
wolfSSL | 15:117db924cf7c | 4721 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 4722 | /* Renegotiation Indication */ |
wolfSSL | 15:117db924cf7c | 4723 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 4724 | |
wolfSSL | 15:117db924cf7c | 4725 | #if defined(HAVE_SECURE_RENEGOTIATION) \ |
wolfSSL | 15:117db924cf7c | 4726 | || defined(HAVE_SERVER_RENEGOTIATION_INFO) |
wolfSSL | 15:117db924cf7c | 4727 | |
wolfSSL | 15:117db924cf7c | 4728 | static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, |
wolfSSL | 15:117db924cf7c | 4729 | int isRequest) |
wolfSSL | 15:117db924cf7c | 4730 | { |
wolfSSL | 15:117db924cf7c | 4731 | byte length = OPAQUE8_LEN; /* empty info length */ |
wolfSSL | 15:117db924cf7c | 4732 | |
wolfSSL | 15:117db924cf7c | 4733 | /* data will be NULL for HAVE_SERVER_RENEGOTIATION_INFO only */ |
wolfSSL | 16:8e0d178b1d1e | 4734 | if (data && data->enabled && data->verifySet) { |
wolfSSL | 15:117db924cf7c | 4735 | /* client sends client_verify_data only */ |
wolfSSL | 15:117db924cf7c | 4736 | length += TLS_FINISHED_SZ; |
wolfSSL | 15:117db924cf7c | 4737 | |
wolfSSL | 15:117db924cf7c | 4738 | /* server also sends server_verify_data */ |
wolfSSL | 15:117db924cf7c | 4739 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 4740 | length += TLS_FINISHED_SZ; |
wolfSSL | 15:117db924cf7c | 4741 | } |
wolfSSL | 15:117db924cf7c | 4742 | |
wolfSSL | 15:117db924cf7c | 4743 | return length; |
wolfSSL | 15:117db924cf7c | 4744 | } |
wolfSSL | 15:117db924cf7c | 4745 | |
wolfSSL | 15:117db924cf7c | 4746 | static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, |
wolfSSL | 15:117db924cf7c | 4747 | byte* output, int isRequest) |
wolfSSL | 15:117db924cf7c | 4748 | { |
wolfSSL | 15:117db924cf7c | 4749 | word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ |
wolfSSL | 16:8e0d178b1d1e | 4750 | if (data && data->enabled && data->verifySet) { |
wolfSSL | 15:117db924cf7c | 4751 | /* client sends client_verify_data only */ |
wolfSSL | 15:117db924cf7c | 4752 | XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 15:117db924cf7c | 4753 | offset += TLS_FINISHED_SZ; |
wolfSSL | 15:117db924cf7c | 4754 | |
wolfSSL | 15:117db924cf7c | 4755 | /* server also sends server_verify_data */ |
wolfSSL | 15:117db924cf7c | 4756 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 4757 | XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 15:117db924cf7c | 4758 | offset += TLS_FINISHED_SZ; |
wolfSSL | 15:117db924cf7c | 4759 | } |
wolfSSL | 15:117db924cf7c | 4760 | } |
wolfSSL | 15:117db924cf7c | 4761 | |
wolfSSL | 15:117db924cf7c | 4762 | output[0] = (byte)(offset - 1); /* info length - self */ |
wolfSSL | 15:117db924cf7c | 4763 | |
wolfSSL | 15:117db924cf7c | 4764 | return offset; |
wolfSSL | 15:117db924cf7c | 4765 | } |
wolfSSL | 15:117db924cf7c | 4766 | |
wolfSSL | 15:117db924cf7c | 4767 | static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 4768 | word16 length, byte isRequest) |
wolfSSL | 15:117db924cf7c | 4769 | { |
wolfSSL | 15:117db924cf7c | 4770 | int ret = SECURE_RENEGOTIATION_E; |
wolfSSL | 15:117db924cf7c | 4771 | |
wolfSSL | 15:117db924cf7c | 4772 | if (length >= OPAQUE8_LEN) { |
wolfSSL | 16:8e0d178b1d1e | 4773 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 4774 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 16:8e0d178b1d1e | 4775 | if (ssl->secure_renegotiation == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4776 | ret = wolfSSL_UseSecureRenegotiation(ssl); |
wolfSSL | 16:8e0d178b1d1e | 4777 | if (ret == WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 4778 | ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 4779 | } |
wolfSSL | 16:8e0d178b1d1e | 4780 | if (ret != 0 && ret != SECURE_RENEGOTIATION_E) { |
wolfSSL | 16:8e0d178b1d1e | 4781 | } |
wolfSSL | 16:8e0d178b1d1e | 4782 | else if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 16:8e0d178b1d1e | 4783 | if (*input == 0) { |
wolfSSL | 16:8e0d178b1d1e | 4784 | input++; /* get past size */ |
wolfSSL | 16:8e0d178b1d1e | 4785 | |
wolfSSL | 16:8e0d178b1d1e | 4786 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 16:8e0d178b1d1e | 4787 | TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 16:8e0d178b1d1e | 4788 | ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 4789 | } |
wolfSSL | 16:8e0d178b1d1e | 4790 | else { |
wolfSSL | 16:8e0d178b1d1e | 4791 | /* already in error state */ |
wolfSSL | 16:8e0d178b1d1e | 4792 | WOLFSSL_MSG("SCR client verify data present"); |
wolfSSL | 16:8e0d178b1d1e | 4793 | } |
wolfSSL | 16:8e0d178b1d1e | 4794 | } |
wolfSSL | 16:8e0d178b1d1e | 4795 | else if (*input == TLS_FINISHED_SZ) { |
wolfSSL | 16:8e0d178b1d1e | 4796 | if (length < TLS_FINISHED_SZ + 1) { |
wolfSSL | 16:8e0d178b1d1e | 4797 | WOLFSSL_MSG("SCR malformed buffer"); |
wolfSSL | 16:8e0d178b1d1e | 4798 | ret = BUFFER_E; |
wolfSSL | 16:8e0d178b1d1e | 4799 | } |
wolfSSL | 16:8e0d178b1d1e | 4800 | else { |
wolfSSL | 16:8e0d178b1d1e | 4801 | input++; /* get past size */ |
wolfSSL | 16:8e0d178b1d1e | 4802 | |
wolfSSL | 16:8e0d178b1d1e | 4803 | /* validate client verify data */ |
wolfSSL | 16:8e0d178b1d1e | 4804 | if (XMEMCMP(input, |
wolfSSL | 16:8e0d178b1d1e | 4805 | ssl->secure_renegotiation->client_verify_data, |
wolfSSL | 16:8e0d178b1d1e | 4806 | TLS_FINISHED_SZ) == 0) { |
wolfSSL | 16:8e0d178b1d1e | 4807 | WOLFSSL_MSG("SCR client verify data match"); |
wolfSSL | 16:8e0d178b1d1e | 4808 | TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 16:8e0d178b1d1e | 4809 | ret = 0; /* verified */ |
wolfSSL | 15:117db924cf7c | 4810 | } else { |
wolfSSL | 16:8e0d178b1d1e | 4811 | /* already in error state */ |
wolfSSL | 16:8e0d178b1d1e | 4812 | WOLFSSL_MSG("SCR client verify data Failure"); |
wolfSSL | 15:117db924cf7c | 4813 | } |
wolfSSL | 15:117db924cf7c | 4814 | } |
wolfSSL | 15:117db924cf7c | 4815 | } |
wolfSSL | 15:117db924cf7c | 4816 | #endif |
wolfSSL | 15:117db924cf7c | 4817 | } |
wolfSSL | 15:117db924cf7c | 4818 | else { |
wolfSSL | 15:117db924cf7c | 4819 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 4820 | if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 15:117db924cf7c | 4821 | if (*input == 0) { |
wolfSSL | 15:117db924cf7c | 4822 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 15:117db924cf7c | 4823 | ret = 0; |
wolfSSL | 15:117db924cf7c | 4824 | } |
wolfSSL | 15:117db924cf7c | 4825 | } |
wolfSSL | 15:117db924cf7c | 4826 | else if (*input == 2 * TLS_FINISHED_SZ && |
wolfSSL | 15:117db924cf7c | 4827 | length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) { |
wolfSSL | 15:117db924cf7c | 4828 | input++; /* get past size */ |
wolfSSL | 15:117db924cf7c | 4829 | |
wolfSSL | 15:117db924cf7c | 4830 | /* validate client and server verify data */ |
wolfSSL | 15:117db924cf7c | 4831 | if (XMEMCMP(input, |
wolfSSL | 15:117db924cf7c | 4832 | ssl->secure_renegotiation->client_verify_data, |
wolfSSL | 15:117db924cf7c | 4833 | TLS_FINISHED_SZ) == 0 && |
wolfSSL | 15:117db924cf7c | 4834 | XMEMCMP(input + TLS_FINISHED_SZ, |
wolfSSL | 15:117db924cf7c | 4835 | ssl->secure_renegotiation->server_verify_data, |
wolfSSL | 15:117db924cf7c | 4836 | TLS_FINISHED_SZ) == 0) { |
wolfSSL | 15:117db924cf7c | 4837 | WOLFSSL_MSG("SCR client and server verify data match"); |
wolfSSL | 15:117db924cf7c | 4838 | ret = 0; /* verified */ |
wolfSSL | 15:117db924cf7c | 4839 | } else { |
wolfSSL | 15:117db924cf7c | 4840 | /* already in error state */ |
wolfSSL | 15:117db924cf7c | 4841 | WOLFSSL_MSG("SCR client and server verify data Failure"); |
wolfSSL | 15:117db924cf7c | 4842 | } |
wolfSSL | 15:117db924cf7c | 4843 | } |
wolfSSL | 15:117db924cf7c | 4844 | #endif |
wolfSSL | 15:117db924cf7c | 4845 | } |
wolfSSL | 15:117db924cf7c | 4846 | } |
wolfSSL | 15:117db924cf7c | 4847 | |
wolfSSL | 15:117db924cf7c | 4848 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 4849 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 15:117db924cf7c | 4850 | } |
wolfSSL | 15:117db924cf7c | 4851 | |
wolfSSL | 15:117db924cf7c | 4852 | return ret; |
wolfSSL | 15:117db924cf7c | 4853 | } |
wolfSSL | 15:117db924cf7c | 4854 | |
wolfSSL | 15:117db924cf7c | 4855 | int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap) |
wolfSSL | 15:117db924cf7c | 4856 | { |
wolfSSL | 15:117db924cf7c | 4857 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 4858 | SecureRenegotiation* data; |
wolfSSL | 15:117db924cf7c | 4859 | |
wolfSSL | 15:117db924cf7c | 4860 | data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap, |
wolfSSL | 15:117db924cf7c | 4861 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 4862 | if (data == NULL) |
wolfSSL | 15:117db924cf7c | 4863 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 4864 | |
wolfSSL | 15:117db924cf7c | 4865 | XMEMSET(data, 0, sizeof(SecureRenegotiation)); |
wolfSSL | 15:117db924cf7c | 4866 | |
wolfSSL | 15:117db924cf7c | 4867 | ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap); |
wolfSSL | 15:117db924cf7c | 4868 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 4869 | XFREE(data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 4870 | return ret; |
wolfSSL | 15:117db924cf7c | 4871 | } |
wolfSSL | 15:117db924cf7c | 4872 | |
wolfSSL | 15:117db924cf7c | 4873 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 4874 | } |
wolfSSL | 15:117db924cf7c | 4875 | |
wolfSSL | 15:117db924cf7c | 4876 | #ifdef HAVE_SERVER_RENEGOTIATION_INFO |
wolfSSL | 15:117db924cf7c | 4877 | |
wolfSSL | 15:117db924cf7c | 4878 | int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) |
wolfSSL | 15:117db924cf7c | 4879 | { |
wolfSSL | 15:117db924cf7c | 4880 | int ret; |
wolfSSL | 15:117db924cf7c | 4881 | |
wolfSSL | 15:117db924cf7c | 4882 | /* send empty renegotiation_info extension */ |
wolfSSL | 15:117db924cf7c | 4883 | TLSX* ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 16:8e0d178b1d1e | 4884 | if (ext == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4885 | ret = TLSX_UseSecureRenegotiation(extensions, heap); |
wolfSSL | 16:8e0d178b1d1e | 4886 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 4887 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 4888 | |
wolfSSL | 16:8e0d178b1d1e | 4889 | ext = TLSX_Find(*extensions, TLSX_RENEGOTIATION_INFO); |
wolfSSL | 16:8e0d178b1d1e | 4890 | } |
wolfSSL | 15:117db924cf7c | 4891 | if (ext) |
wolfSSL | 15:117db924cf7c | 4892 | ext->resp = 1; |
wolfSSL | 15:117db924cf7c | 4893 | |
wolfSSL | 15:117db924cf7c | 4894 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 4895 | } |
wolfSSL | 15:117db924cf7c | 4896 | |
wolfSSL | 15:117db924cf7c | 4897 | #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ |
wolfSSL | 15:117db924cf7c | 4898 | |
wolfSSL | 15:117db924cf7c | 4899 | |
wolfSSL | 15:117db924cf7c | 4900 | #define SCR_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) |
wolfSSL | 15:117db924cf7c | 4901 | #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize |
wolfSSL | 15:117db924cf7c | 4902 | #define SCR_WRITE TLSX_SecureRenegotiation_Write |
wolfSSL | 15:117db924cf7c | 4903 | #define SCR_PARSE TLSX_SecureRenegotiation_Parse |
wolfSSL | 15:117db924cf7c | 4904 | |
wolfSSL | 15:117db924cf7c | 4905 | #else |
wolfSSL | 15:117db924cf7c | 4906 | |
wolfSSL | 15:117db924cf7c | 4907 | #define SCR_FREE_ALL(a, heap) |
wolfSSL | 15:117db924cf7c | 4908 | #define SCR_GET_SIZE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 4909 | #define SCR_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 4910 | #define SCR_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 4911 | |
wolfSSL | 15:117db924cf7c | 4912 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 15:117db924cf7c | 4913 | |
wolfSSL | 15:117db924cf7c | 4914 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 4915 | /* Session Tickets */ |
wolfSSL | 15:117db924cf7c | 4916 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 4917 | |
wolfSSL | 15:117db924cf7c | 4918 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 15:117db924cf7c | 4919 | |
wolfSSL | 15:117db924cf7c | 4920 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) |
wolfSSL | 15:117db924cf7c | 4921 | static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 4922 | { |
wolfSSL | 15:117db924cf7c | 4923 | TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); |
wolfSSL | 15:117db924cf7c | 4924 | SessionTicket* ticket = extension ? |
wolfSSL | 15:117db924cf7c | 4925 | (SessionTicket*)extension->data : NULL; |
wolfSSL | 15:117db924cf7c | 4926 | |
wolfSSL | 15:117db924cf7c | 4927 | if (ticket) { |
wolfSSL | 15:117db924cf7c | 4928 | /* TODO validate ticket timeout here! */ |
wolfSSL | 15:117db924cf7c | 4929 | if (ticket->lifetime == 0xfffffff) { |
wolfSSL | 15:117db924cf7c | 4930 | /* send empty ticket on timeout */ |
wolfSSL | 15:117db924cf7c | 4931 | TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4932 | } |
wolfSSL | 15:117db924cf7c | 4933 | } |
wolfSSL | 15:117db924cf7c | 4934 | } |
wolfSSL | 15:117db924cf7c | 4935 | #endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ |
wolfSSL | 15:117db924cf7c | 4936 | |
wolfSSL | 15:117db924cf7c | 4937 | |
wolfSSL | 15:117db924cf7c | 4938 | static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) |
wolfSSL | 15:117db924cf7c | 4939 | { |
wolfSSL | 15:117db924cf7c | 4940 | (void)isRequest; |
wolfSSL | 15:117db924cf7c | 4941 | return ticket ? ticket->size : 0; |
wolfSSL | 15:117db924cf7c | 4942 | } |
wolfSSL | 15:117db924cf7c | 4943 | |
wolfSSL | 15:117db924cf7c | 4944 | static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output, |
wolfSSL | 15:117db924cf7c | 4945 | int isRequest) |
wolfSSL | 15:117db924cf7c | 4946 | { |
wolfSSL | 15:117db924cf7c | 4947 | word16 offset = 0; /* empty ticket */ |
wolfSSL | 15:117db924cf7c | 4948 | |
wolfSSL | 15:117db924cf7c | 4949 | if (isRequest && ticket) { |
wolfSSL | 15:117db924cf7c | 4950 | XMEMCPY(output + offset, ticket->data, ticket->size); |
wolfSSL | 15:117db924cf7c | 4951 | offset += ticket->size; |
wolfSSL | 15:117db924cf7c | 4952 | } |
wolfSSL | 15:117db924cf7c | 4953 | |
wolfSSL | 15:117db924cf7c | 4954 | return offset; |
wolfSSL | 15:117db924cf7c | 4955 | } |
wolfSSL | 15:117db924cf7c | 4956 | |
wolfSSL | 15:117db924cf7c | 4957 | |
wolfSSL | 15:117db924cf7c | 4958 | static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 4959 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 4960 | { |
wolfSSL | 15:117db924cf7c | 4961 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 4962 | |
wolfSSL | 15:117db924cf7c | 4963 | (void) input; /* avoid unused parameter if NO_WOLFSSL_SERVER defined */ |
wolfSSL | 15:117db924cf7c | 4964 | |
wolfSSL | 15:117db924cf7c | 4965 | if (!isRequest) { |
wolfSSL | 15:117db924cf7c | 4966 | if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) |
wolfSSL | 15:117db924cf7c | 4967 | return TLSX_HandleUnsupportedExtension(ssl); |
wolfSSL | 15:117db924cf7c | 4968 | |
wolfSSL | 15:117db924cf7c | 4969 | if (length != 0) |
wolfSSL | 15:117db924cf7c | 4970 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 4971 | |
wolfSSL | 15:117db924cf7c | 4972 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 4973 | ssl->expect_session_ticket = 1; |
wolfSSL | 15:117db924cf7c | 4974 | #endif |
wolfSSL | 15:117db924cf7c | 4975 | } |
wolfSSL | 15:117db924cf7c | 4976 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 4977 | else { |
wolfSSL | 15:117db924cf7c | 4978 | /* server side */ |
wolfSSL | 15:117db924cf7c | 4979 | if (ssl->ctx->ticketEncCb == NULL) { |
wolfSSL | 15:117db924cf7c | 4980 | WOLFSSL_MSG("Client sent session ticket, server has no callback"); |
wolfSSL | 15:117db924cf7c | 4981 | return 0; |
wolfSSL | 15:117db924cf7c | 4982 | } |
wolfSSL | 15:117db924cf7c | 4983 | |
wolfSSL | 15:117db924cf7c | 4984 | if (length == 0) { |
wolfSSL | 15:117db924cf7c | 4985 | /* blank ticket */ |
wolfSSL | 15:117db924cf7c | 4986 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 4987 | if (ret == WOLFSSL_SUCCESS) { |
wolfSSL | 15:117db924cf7c | 4988 | ret = 0; |
wolfSSL | 15:117db924cf7c | 4989 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ |
wolfSSL | 15:117db924cf7c | 4990 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 15:117db924cf7c | 4991 | ssl->options.useTicket = 1; |
wolfSSL | 15:117db924cf7c | 4992 | ssl->options.resuming = 0; /* no standard resumption */ |
wolfSSL | 15:117db924cf7c | 4993 | ssl->arrays->sessionIDSz = 0; /* no echo on blank ticket */ |
wolfSSL | 15:117db924cf7c | 4994 | } |
wolfSSL | 15:117db924cf7c | 4995 | } else { |
wolfSSL | 15:117db924cf7c | 4996 | /* got actual ticket from client */ |
wolfSSL | 15:117db924cf7c | 4997 | ret = DoClientTicket(ssl, input, length); |
wolfSSL | 15:117db924cf7c | 4998 | if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */ |
wolfSSL | 16:8e0d178b1d1e | 4999 | WOLFSSL_MSG("Using existing client ticket"); |
wolfSSL | 15:117db924cf7c | 5000 | ssl->options.useTicket = 1; |
wolfSSL | 15:117db924cf7c | 5001 | ssl->options.resuming = 1; |
wolfSSL | 15:117db924cf7c | 5002 | } else if (ret == WOLFSSL_TICKET_RET_CREATE) { |
wolfSSL | 15:117db924cf7c | 5003 | WOLFSSL_MSG("Using existing client ticket, creating new one"); |
wolfSSL | 15:117db924cf7c | 5004 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 5005 | if (ret == WOLFSSL_SUCCESS) { |
wolfSSL | 15:117db924cf7c | 5006 | ret = 0; |
wolfSSL | 15:117db924cf7c | 5007 | TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); |
wolfSSL | 15:117db924cf7c | 5008 | /* send blank ticket */ |
wolfSSL | 15:117db924cf7c | 5009 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 15:117db924cf7c | 5010 | ssl->options.useTicket = 1; |
wolfSSL | 15:117db924cf7c | 5011 | ssl->options.resuming = 1; |
wolfSSL | 15:117db924cf7c | 5012 | } |
wolfSSL | 15:117db924cf7c | 5013 | } else if (ret == WOLFSSL_TICKET_RET_REJECT) { |
wolfSSL | 15:117db924cf7c | 5014 | WOLFSSL_MSG("Process client ticket rejected, not using"); |
wolfSSL | 15:117db924cf7c | 5015 | ssl->options.rejectTicket = 1; |
wolfSSL | 15:117db924cf7c | 5016 | ret = 0; /* not fatal */ |
wolfSSL | 15:117db924cf7c | 5017 | } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { |
wolfSSL | 15:117db924cf7c | 5018 | WOLFSSL_MSG("Process client ticket fatal error, not using"); |
wolfSSL | 15:117db924cf7c | 5019 | } |
wolfSSL | 15:117db924cf7c | 5020 | } |
wolfSSL | 15:117db924cf7c | 5021 | } |
wolfSSL | 15:117db924cf7c | 5022 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 5023 | |
wolfSSL | 15:117db924cf7c | 5024 | return ret; |
wolfSSL | 15:117db924cf7c | 5025 | } |
wolfSSL | 15:117db924cf7c | 5026 | |
wolfSSL | 15:117db924cf7c | 5027 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 15:117db924cf7c | 5028 | byte* data, word16 size, void* heap) |
wolfSSL | 15:117db924cf7c | 5029 | { |
wolfSSL | 15:117db924cf7c | 5030 | SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket), |
wolfSSL | 15:117db924cf7c | 5031 | heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5032 | if (ticket) { |
wolfSSL | 15:117db924cf7c | 5033 | ticket->data = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5034 | if (ticket->data == NULL) { |
wolfSSL | 15:117db924cf7c | 5035 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5036 | return NULL; |
wolfSSL | 15:117db924cf7c | 5037 | } |
wolfSSL | 15:117db924cf7c | 5038 | |
wolfSSL | 15:117db924cf7c | 5039 | XMEMCPY(ticket->data, data, size); |
wolfSSL | 15:117db924cf7c | 5040 | ticket->size = size; |
wolfSSL | 15:117db924cf7c | 5041 | ticket->lifetime = lifetime; |
wolfSSL | 15:117db924cf7c | 5042 | } |
wolfSSL | 15:117db924cf7c | 5043 | |
wolfSSL | 16:8e0d178b1d1e | 5044 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 5045 | |
wolfSSL | 15:117db924cf7c | 5046 | return ticket; |
wolfSSL | 15:117db924cf7c | 5047 | } |
wolfSSL | 15:117db924cf7c | 5048 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap) |
wolfSSL | 15:117db924cf7c | 5049 | { |
wolfSSL | 15:117db924cf7c | 5050 | if (ticket) { |
wolfSSL | 15:117db924cf7c | 5051 | XFREE(ticket->data, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5052 | XFREE(ticket, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5053 | } |
wolfSSL | 15:117db924cf7c | 5054 | |
wolfSSL | 15:117db924cf7c | 5055 | (void)heap; |
wolfSSL | 15:117db924cf7c | 5056 | } |
wolfSSL | 15:117db924cf7c | 5057 | |
wolfSSL | 15:117db924cf7c | 5058 | int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap) |
wolfSSL | 15:117db924cf7c | 5059 | { |
wolfSSL | 15:117db924cf7c | 5060 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 5061 | |
wolfSSL | 15:117db924cf7c | 5062 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 5063 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 5064 | |
wolfSSL | 15:117db924cf7c | 5065 | /* If the ticket is NULL, the client will request a new ticket from the |
wolfSSL | 15:117db924cf7c | 5066 | server. Otherwise, the client will use it in the next client hello. */ |
wolfSSL | 15:117db924cf7c | 5067 | if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap)) |
wolfSSL | 15:117db924cf7c | 5068 | != 0) |
wolfSSL | 15:117db924cf7c | 5069 | return ret; |
wolfSSL | 15:117db924cf7c | 5070 | |
wolfSSL | 15:117db924cf7c | 5071 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 5072 | } |
wolfSSL | 15:117db924cf7c | 5073 | |
wolfSSL | 15:117db924cf7c | 5074 | #define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest |
wolfSSL | 15:117db924cf7c | 5075 | #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize |
wolfSSL | 15:117db924cf7c | 5076 | #define WOLF_STK_WRITE TLSX_SessionTicket_Write |
wolfSSL | 15:117db924cf7c | 5077 | #define WOLF_STK_PARSE TLSX_SessionTicket_Parse |
wolfSSL | 15:117db924cf7c | 5078 | #define WOLF_STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap)) |
wolfSSL | 15:117db924cf7c | 5079 | |
wolfSSL | 15:117db924cf7c | 5080 | #else |
wolfSSL | 15:117db924cf7c | 5081 | |
wolfSSL | 15:117db924cf7c | 5082 | #define WOLF_STK_FREE(a, b) |
wolfSSL | 15:117db924cf7c | 5083 | #define WOLF_STK_VALIDATE_REQUEST(a) |
wolfSSL | 15:117db924cf7c | 5084 | #define WOLF_STK_GET_SIZE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 5085 | #define WOLF_STK_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 5086 | #define WOLF_STK_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 5087 | |
wolfSSL | 15:117db924cf7c | 5088 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 15:117db924cf7c | 5089 | |
wolfSSL | 15:117db924cf7c | 5090 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 5091 | /* Quantum-Safe-Hybrid */ |
wolfSSL | 15:117db924cf7c | 5092 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 5093 | |
wolfSSL | 15:117db924cf7c | 5094 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 5095 | #if defined(HAVE_NTRU) |
wolfSSL | 15:117db924cf7c | 5096 | static WC_RNG* gRng; |
wolfSSL | 15:117db924cf7c | 5097 | static wolfSSL_Mutex* gRngMutex; |
wolfSSL | 15:117db924cf7c | 5098 | #endif |
wolfSSL | 15:117db924cf7c | 5099 | |
wolfSSL | 15:117db924cf7c | 5100 | static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap) |
wolfSSL | 15:117db924cf7c | 5101 | { |
wolfSSL | 15:117db924cf7c | 5102 | QSHScheme* current; |
wolfSSL | 15:117db924cf7c | 5103 | |
wolfSSL | 15:117db924cf7c | 5104 | while ((current = list)) { |
wolfSSL | 15:117db924cf7c | 5105 | list = current->next; |
wolfSSL | 15:117db924cf7c | 5106 | XFREE(current, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5107 | } |
wolfSSL | 15:117db924cf7c | 5108 | |
wolfSSL | 15:117db924cf7c | 5109 | (void)heap; |
wolfSSL | 15:117db924cf7c | 5110 | } |
wolfSSL | 15:117db924cf7c | 5111 | |
wolfSSL | 15:117db924cf7c | 5112 | static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub, |
wolfSSL | 15:117db924cf7c | 5113 | word16 pubLen) |
wolfSSL | 15:117db924cf7c | 5114 | { |
wolfSSL | 15:117db924cf7c | 5115 | QSHScheme* temp; |
wolfSSL | 15:117db924cf7c | 5116 | |
wolfSSL | 15:117db924cf7c | 5117 | if (list == NULL) |
wolfSSL | 15:117db924cf7c | 5118 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 5119 | |
wolfSSL | 15:117db924cf7c | 5120 | if ((temp = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL, |
wolfSSL | 15:117db924cf7c | 5121 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 15:117db924cf7c | 5122 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 5123 | |
wolfSSL | 15:117db924cf7c | 5124 | temp->name = name; |
wolfSSL | 15:117db924cf7c | 5125 | temp->PK = pub; |
wolfSSL | 15:117db924cf7c | 5126 | temp->PKLen = pubLen; |
wolfSSL | 15:117db924cf7c | 5127 | temp->next = *list; |
wolfSSL | 15:117db924cf7c | 5128 | |
wolfSSL | 15:117db924cf7c | 5129 | *list = temp; |
wolfSSL | 15:117db924cf7c | 5130 | |
wolfSSL | 15:117db924cf7c | 5131 | return 0; |
wolfSSL | 15:117db924cf7c | 5132 | } |
wolfSSL | 15:117db924cf7c | 5133 | |
wolfSSL | 15:117db924cf7c | 5134 | |
wolfSSL | 15:117db924cf7c | 5135 | /* request for server's public key : 02 indicates 0-2 requested */ |
wolfSSL | 15:117db924cf7c | 5136 | static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest) |
wolfSSL | 15:117db924cf7c | 5137 | { |
wolfSSL | 15:117db924cf7c | 5138 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 5139 | /* only request one public key from the server */ |
wolfSSL | 15:117db924cf7c | 5140 | output[0] = 0x01; |
wolfSSL | 15:117db924cf7c | 5141 | |
wolfSSL | 15:117db924cf7c | 5142 | return OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 5143 | } |
wolfSSL | 15:117db924cf7c | 5144 | else { |
wolfSSL | 15:117db924cf7c | 5145 | return 0; |
wolfSSL | 15:117db924cf7c | 5146 | } |
wolfSSL | 15:117db924cf7c | 5147 | } |
wolfSSL | 15:117db924cf7c | 5148 | |
wolfSSL | 15:117db924cf7c | 5149 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 5150 | |
wolfSSL | 15:117db924cf7c | 5151 | /* check for TLS_QSH suite */ |
wolfSSL | 15:117db924cf7c | 5152 | static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 15:117db924cf7c | 5153 | { |
wolfSSL | 15:117db924cf7c | 5154 | int i; |
wolfSSL | 15:117db924cf7c | 5155 | |
wolfSSL | 15:117db924cf7c | 5156 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 15:117db924cf7c | 5157 | if (ssl->suites->suites[i] == QSH_BYTE) |
wolfSSL | 15:117db924cf7c | 5158 | return; |
wolfSSL | 15:117db924cf7c | 5159 | |
wolfSSL | 15:117db924cf7c | 5160 | /* No QSH suite found */ |
wolfSSL | 15:117db924cf7c | 5161 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_QUANTUM_SAFE_HYBRID)); |
wolfSSL | 15:117db924cf7c | 5162 | } |
wolfSSL | 15:117db924cf7c | 5163 | |
wolfSSL | 15:117db924cf7c | 5164 | |
wolfSSL | 15:117db924cf7c | 5165 | /* return the size of the QSH hello extension |
wolfSSL | 15:117db924cf7c | 5166 | list the list of QSHScheme structs containing id and key |
wolfSSL | 15:117db924cf7c | 5167 | isRequest if 1 then is being sent to the server |
wolfSSL | 15:117db924cf7c | 5168 | */ |
wolfSSL | 15:117db924cf7c | 5169 | word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest) |
wolfSSL | 15:117db924cf7c | 5170 | { |
wolfSSL | 15:117db924cf7c | 5171 | QSHScheme* temp = list; |
wolfSSL | 15:117db924cf7c | 5172 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 5173 | |
wolfSSL | 15:117db924cf7c | 5174 | /* account for size of scheme list and public key list */ |
wolfSSL | 15:117db924cf7c | 5175 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 5176 | length = OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5177 | length += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 5178 | |
wolfSSL | 15:117db924cf7c | 5179 | /* for each non null element in list add size */ |
wolfSSL | 15:117db924cf7c | 5180 | while ((temp)) { |
wolfSSL | 15:117db924cf7c | 5181 | /* add public key info Scheme | Key Length | Key */ |
wolfSSL | 15:117db924cf7c | 5182 | length += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5183 | length += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5184 | length += temp->PKLen; |
wolfSSL | 15:117db924cf7c | 5185 | |
wolfSSL | 15:117db924cf7c | 5186 | /* if client add name size for scheme list |
wolfSSL | 15:117db924cf7c | 5187 | advance to next QSHScheme struct in list */ |
wolfSSL | 15:117db924cf7c | 5188 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 5189 | length += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5190 | temp = temp->next; |
wolfSSL | 15:117db924cf7c | 5191 | } |
wolfSSL | 15:117db924cf7c | 5192 | |
wolfSSL | 15:117db924cf7c | 5193 | /* add length for request server public keys */ |
wolfSSL | 15:117db924cf7c | 5194 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 5195 | length += OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 5196 | |
wolfSSL | 15:117db924cf7c | 5197 | return length; |
wolfSSL | 15:117db924cf7c | 5198 | } |
wolfSSL | 15:117db924cf7c | 5199 | |
wolfSSL | 15:117db924cf7c | 5200 | |
wolfSSL | 15:117db924cf7c | 5201 | /* write out a list of QSHScheme IDs */ |
wolfSSL | 15:117db924cf7c | 5202 | static word16 TLSX_QSH_Write(QSHScheme* list, byte* output) |
wolfSSL | 15:117db924cf7c | 5203 | { |
wolfSSL | 15:117db924cf7c | 5204 | QSHScheme* current = list; |
wolfSSL | 15:117db924cf7c | 5205 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 5206 | |
wolfSSL | 15:117db924cf7c | 5207 | length += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5208 | |
wolfSSL | 15:117db924cf7c | 5209 | while (current) { |
wolfSSL | 15:117db924cf7c | 5210 | c16toa(current->name, output + length); |
wolfSSL | 15:117db924cf7c | 5211 | length += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5212 | current = (QSHScheme*)current->next; |
wolfSSL | 15:117db924cf7c | 5213 | } |
wolfSSL | 15:117db924cf7c | 5214 | |
wolfSSL | 15:117db924cf7c | 5215 | c16toa(length - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 15:117db924cf7c | 5216 | |
wolfSSL | 15:117db924cf7c | 5217 | return length; |
wolfSSL | 15:117db924cf7c | 5218 | } |
wolfSSL | 15:117db924cf7c | 5219 | |
wolfSSL | 15:117db924cf7c | 5220 | |
wolfSSL | 15:117db924cf7c | 5221 | /* write public key list in extension */ |
wolfSSL | 15:117db924cf7c | 5222 | static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output) |
wolfSSL | 15:117db924cf7c | 5223 | { |
wolfSSL | 15:117db924cf7c | 5224 | word32 offset = 0; |
wolfSSL | 15:117db924cf7c | 5225 | word16 public_len = 0; |
wolfSSL | 15:117db924cf7c | 5226 | |
wolfSSL | 15:117db924cf7c | 5227 | if (!format) |
wolfSSL | 15:117db924cf7c | 5228 | return offset; |
wolfSSL | 15:117db924cf7c | 5229 | |
wolfSSL | 15:117db924cf7c | 5230 | /* write scheme ID */ |
wolfSSL | 15:117db924cf7c | 5231 | c16toa(format->name, output + offset); |
wolfSSL | 15:117db924cf7c | 5232 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5233 | |
wolfSSL | 15:117db924cf7c | 5234 | /* write public key matching scheme */ |
wolfSSL | 15:117db924cf7c | 5235 | public_len = format->PKLen; |
wolfSSL | 15:117db924cf7c | 5236 | c16toa(public_len, output + offset); |
wolfSSL | 15:117db924cf7c | 5237 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5238 | if (format->PK) { |
wolfSSL | 15:117db924cf7c | 5239 | XMEMCPY(output+offset, format->PK, public_len); |
wolfSSL | 15:117db924cf7c | 5240 | } |
wolfSSL | 15:117db924cf7c | 5241 | |
wolfSSL | 15:117db924cf7c | 5242 | return public_len + offset; |
wolfSSL | 15:117db924cf7c | 5243 | } |
wolfSSL | 15:117db924cf7c | 5244 | |
wolfSSL | 15:117db924cf7c | 5245 | word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output) |
wolfSSL | 15:117db924cf7c | 5246 | { |
wolfSSL | 15:117db924cf7c | 5247 | QSHScheme* current = list; |
wolfSSL | 15:117db924cf7c | 5248 | word32 length = 0; |
wolfSSL | 15:117db924cf7c | 5249 | word24 toWire; |
wolfSSL | 15:117db924cf7c | 5250 | |
wolfSSL | 15:117db924cf7c | 5251 | length += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 5252 | |
wolfSSL | 15:117db924cf7c | 5253 | while (current) { |
wolfSSL | 15:117db924cf7c | 5254 | length += TLSX_QSHPK_WriteR(current, output + length); |
wolfSSL | 15:117db924cf7c | 5255 | current = (QSHScheme*)current->next; |
wolfSSL | 15:117db924cf7c | 5256 | } |
wolfSSL | 15:117db924cf7c | 5257 | /* length of public keys sent */ |
wolfSSL | 15:117db924cf7c | 5258 | c32to24(length - OPAQUE24_LEN, toWire); |
wolfSSL | 15:117db924cf7c | 5259 | output[0] = toWire[0]; |
wolfSSL | 15:117db924cf7c | 5260 | output[1] = toWire[1]; |
wolfSSL | 15:117db924cf7c | 5261 | output[2] = toWire[2]; |
wolfSSL | 15:117db924cf7c | 5262 | |
wolfSSL | 15:117db924cf7c | 5263 | return length; |
wolfSSL | 15:117db924cf7c | 5264 | } |
wolfSSL | 15:117db924cf7c | 5265 | |
wolfSSL | 15:117db924cf7c | 5266 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 15:117db924cf7c | 5267 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 5268 | |
wolfSSL | 15:117db924cf7c | 5269 | static void TLSX_QSHAgreement(TLSX** extensions, void* heap) |
wolfSSL | 15:117db924cf7c | 5270 | { |
wolfSSL | 15:117db924cf7c | 5271 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 5272 | QSHScheme* format = NULL; |
wolfSSL | 15:117db924cf7c | 5273 | QSHScheme* del = NULL; |
wolfSSL | 15:117db924cf7c | 5274 | QSHScheme* prev = NULL; |
wolfSSL | 15:117db924cf7c | 5275 | |
wolfSSL | 15:117db924cf7c | 5276 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 5277 | return; |
wolfSSL | 15:117db924cf7c | 5278 | |
wolfSSL | 15:117db924cf7c | 5279 | format = (QSHScheme*)extension->data; |
wolfSSL | 15:117db924cf7c | 5280 | while (format) { |
wolfSSL | 15:117db924cf7c | 5281 | if (format->PKLen == 0) { |
wolfSSL | 15:117db924cf7c | 5282 | /* case of head */ |
wolfSSL | 15:117db924cf7c | 5283 | if (format == extension->data) { |
wolfSSL | 15:117db924cf7c | 5284 | extension->data = format->next; |
wolfSSL | 15:117db924cf7c | 5285 | } |
wolfSSL | 15:117db924cf7c | 5286 | if (prev) |
wolfSSL | 15:117db924cf7c | 5287 | prev->next = format->next; |
wolfSSL | 15:117db924cf7c | 5288 | del = format; |
wolfSSL | 15:117db924cf7c | 5289 | format = format->next; |
wolfSSL | 15:117db924cf7c | 5290 | XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 5291 | del = NULL; |
wolfSSL | 15:117db924cf7c | 5292 | } else { |
wolfSSL | 15:117db924cf7c | 5293 | prev = format; |
wolfSSL | 15:117db924cf7c | 5294 | format = format->next; |
wolfSSL | 15:117db924cf7c | 5295 | } |
wolfSSL | 15:117db924cf7c | 5296 | } |
wolfSSL | 15:117db924cf7c | 5297 | |
wolfSSL | 15:117db924cf7c | 5298 | (void)heap; |
wolfSSL | 15:117db924cf7c | 5299 | } |
wolfSSL | 15:117db924cf7c | 5300 | |
wolfSSL | 15:117db924cf7c | 5301 | |
wolfSSL | 15:117db924cf7c | 5302 | /* Parse in hello extension |
wolfSSL | 15:117db924cf7c | 5303 | input the byte stream to process |
wolfSSL | 15:117db924cf7c | 5304 | length length of total extension found |
wolfSSL | 15:117db924cf7c | 5305 | isRequest set to 1 if being sent to the server |
wolfSSL | 15:117db924cf7c | 5306 | */ |
wolfSSL | 15:117db924cf7c | 5307 | static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 5308 | byte isRequest) |
wolfSSL | 15:117db924cf7c | 5309 | { |
wolfSSL | 15:117db924cf7c | 5310 | byte numKeys = 0; |
wolfSSL | 15:117db924cf7c | 5311 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 5312 | word16 schemSz = 0; |
wolfSSL | 15:117db924cf7c | 5313 | word16 offset_len = 0; |
wolfSSL | 15:117db924cf7c | 5314 | word32 offset_pk = 0; |
wolfSSL | 15:117db924cf7c | 5315 | word16 name = 0; |
wolfSSL | 15:117db924cf7c | 5316 | word16 PKLen = 0; |
wolfSSL | 15:117db924cf7c | 5317 | byte* PK = NULL; |
wolfSSL | 15:117db924cf7c | 5318 | int r; |
wolfSSL | 15:117db924cf7c | 5319 | |
wolfSSL | 15:117db924cf7c | 5320 | |
wolfSSL | 15:117db924cf7c | 5321 | if (OPAQUE16_LEN > length) |
wolfSSL | 15:117db924cf7c | 5322 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 5323 | |
wolfSSL | 15:117db924cf7c | 5324 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 5325 | ato16(input, &schemSz); |
wolfSSL | 15:117db924cf7c | 5326 | |
wolfSSL | 15:117db924cf7c | 5327 | /* list of public keys available for QSH schemes */ |
wolfSSL | 15:117db924cf7c | 5328 | offset_len = schemSz + OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5329 | } |
wolfSSL | 15:117db924cf7c | 5330 | |
wolfSSL | 15:117db924cf7c | 5331 | offset_pk = ((input[offset_len] << 16) & 0xFF00000) | |
wolfSSL | 15:117db924cf7c | 5332 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 15:117db924cf7c | 5333 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 15:117db924cf7c | 5334 | offset_len += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 5335 | |
wolfSSL | 15:117db924cf7c | 5336 | /* check buffer size */ |
wolfSSL | 15:117db924cf7c | 5337 | if (offset_pk > length) |
wolfSSL | 15:117db924cf7c | 5338 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 5339 | |
wolfSSL | 15:117db924cf7c | 5340 | /* set maximum number of keys the client will accept */ |
wolfSSL | 15:117db924cf7c | 5341 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 5342 | numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest; |
wolfSSL | 15:117db924cf7c | 5343 | |
wolfSSL | 15:117db924cf7c | 5344 | /* hello extension read list of scheme ids */ |
wolfSSL | 15:117db924cf7c | 5345 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 5346 | |
wolfSSL | 15:117db924cf7c | 5347 | /* read in request for public keys */ |
wolfSSL | 15:117db924cf7c | 5348 | ssl->minRequest = (input[length -1] >> 4) & 0xFF; |
wolfSSL | 15:117db924cf7c | 5349 | ssl->maxRequest = input[length -1] & 0x0F; |
wolfSSL | 15:117db924cf7c | 5350 | |
wolfSSL | 15:117db924cf7c | 5351 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 15:117db924cf7c | 5352 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 15:117db924cf7c | 5353 | |
wolfSSL | 15:117db924cf7c | 5354 | if (ssl->minRequest > ssl->maxRequest) |
wolfSSL | 15:117db924cf7c | 5355 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 5356 | |
wolfSSL | 15:117db924cf7c | 5357 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5358 | schemSz += offset; |
wolfSSL | 15:117db924cf7c | 5359 | |
wolfSSL | 15:117db924cf7c | 5360 | /* check buffer size */ |
wolfSSL | 15:117db924cf7c | 5361 | if (schemSz > length) |
wolfSSL | 15:117db924cf7c | 5362 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 5363 | |
wolfSSL | 15:117db924cf7c | 5364 | while ((offset < schemSz) && numKeys) { |
wolfSSL | 15:117db924cf7c | 5365 | /* Scheme ID list */ |
wolfSSL | 15:117db924cf7c | 5366 | ato16(input + offset, &name); |
wolfSSL | 15:117db924cf7c | 5367 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5368 | |
wolfSSL | 15:117db924cf7c | 5369 | /* validate we have scheme id */ |
wolfSSL | 15:117db924cf7c | 5370 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 15:117db924cf7c | 5371 | !TLSX_ValidateQSHScheme(&ssl->extensions, name)) { |
wolfSSL | 15:117db924cf7c | 5372 | continue; |
wolfSSL | 15:117db924cf7c | 5373 | } |
wolfSSL | 15:117db924cf7c | 5374 | |
wolfSSL | 15:117db924cf7c | 5375 | /* server create keys on demand */ |
wolfSSL | 15:117db924cf7c | 5376 | if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) { |
wolfSSL | 15:117db924cf7c | 5377 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 15:117db924cf7c | 5378 | return r; |
wolfSSL | 15:117db924cf7c | 5379 | } |
wolfSSL | 15:117db924cf7c | 5380 | |
wolfSSL | 15:117db924cf7c | 5381 | /* peer sent an agreed upon scheme */ |
wolfSSL | 15:117db924cf7c | 5382 | r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap); |
wolfSSL | 15:117db924cf7c | 5383 | |
wolfSSL | 15:117db924cf7c | 5384 | if (r != WOLFSSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 15:117db924cf7c | 5385 | |
wolfSSL | 15:117db924cf7c | 5386 | numKeys--; |
wolfSSL | 15:117db924cf7c | 5387 | } |
wolfSSL | 15:117db924cf7c | 5388 | |
wolfSSL | 15:117db924cf7c | 5389 | /* choose the min between min requested by client and 1 */ |
wolfSSL | 15:117db924cf7c | 5390 | numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1; |
wolfSSL | 15:117db924cf7c | 5391 | } |
wolfSSL | 15:117db924cf7c | 5392 | |
wolfSSL | 15:117db924cf7c | 5393 | /* QSHPK struct */ |
wolfSSL | 15:117db924cf7c | 5394 | offset_pk += offset_len; |
wolfSSL | 15:117db924cf7c | 5395 | while ((offset_len < offset_pk) && numKeys) { |
wolfSSL | 15:117db924cf7c | 5396 | QSHKey * temp; |
wolfSSL | 15:117db924cf7c | 5397 | |
wolfSSL | 15:117db924cf7c | 5398 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 15:117db924cf7c | 5399 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 15:117db924cf7c | 5400 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 5401 | |
wolfSSL | 15:117db924cf7c | 5402 | /* initialize */ |
wolfSSL | 15:117db924cf7c | 5403 | temp->next = NULL; |
wolfSSL | 15:117db924cf7c | 5404 | temp->pub.buffer = NULL; |
wolfSSL | 15:117db924cf7c | 5405 | temp->pub.length = 0; |
wolfSSL | 15:117db924cf7c | 5406 | temp->pri.buffer = NULL; |
wolfSSL | 15:117db924cf7c | 5407 | temp->pri.length = 0; |
wolfSSL | 15:117db924cf7c | 5408 | |
wolfSSL | 15:117db924cf7c | 5409 | /* scheme id */ |
wolfSSL | 15:117db924cf7c | 5410 | ato16(input + offset_len, &(temp->name)); |
wolfSSL | 15:117db924cf7c | 5411 | offset_len += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5412 | |
wolfSSL | 15:117db924cf7c | 5413 | /* public key length */ |
wolfSSL | 15:117db924cf7c | 5414 | ato16(input + offset_len, &PKLen); |
wolfSSL | 15:117db924cf7c | 5415 | temp->pub.length = PKLen; |
wolfSSL | 15:117db924cf7c | 5416 | offset_len += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5417 | |
wolfSSL | 15:117db924cf7c | 5418 | |
wolfSSL | 15:117db924cf7c | 5419 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 5420 | /* validate we have scheme id */ |
wolfSSL | 15:117db924cf7c | 5421 | if (ssl->user_set_QSHSchemes && |
wolfSSL | 15:117db924cf7c | 5422 | (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) { |
wolfSSL | 15:117db924cf7c | 5423 | offset_len += PKLen; |
wolfSSL | 15:117db924cf7c | 5424 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5425 | continue; |
wolfSSL | 15:117db924cf7c | 5426 | } |
wolfSSL | 15:117db924cf7c | 5427 | } |
wolfSSL | 15:117db924cf7c | 5428 | |
wolfSSL | 15:117db924cf7c | 5429 | /* read in public key */ |
wolfSSL | 15:117db924cf7c | 5430 | if (PKLen > 0) { |
wolfSSL | 15:117db924cf7c | 5431 | temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, |
wolfSSL | 15:117db924cf7c | 5432 | ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 5433 | XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); |
wolfSSL | 15:117db924cf7c | 5434 | offset_len += PKLen; |
wolfSSL | 15:117db924cf7c | 5435 | } |
wolfSSL | 15:117db924cf7c | 5436 | else { |
wolfSSL | 15:117db924cf7c | 5437 | PK = NULL; |
wolfSSL | 15:117db924cf7c | 5438 | } |
wolfSSL | 15:117db924cf7c | 5439 | |
wolfSSL | 15:117db924cf7c | 5440 | /* use own key when adding to extensions list for sending reply */ |
wolfSSL | 15:117db924cf7c | 5441 | PKLen = 0; |
wolfSSL | 15:117db924cf7c | 5442 | PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name); |
wolfSSL | 15:117db924cf7c | 5443 | r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen, |
wolfSSL | 15:117db924cf7c | 5444 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 5445 | |
wolfSSL | 15:117db924cf7c | 5446 | /* store peers key */ |
wolfSSL | 15:117db924cf7c | 5447 | ssl->peerQSHKeyPresent = 1; |
wolfSSL | 15:117db924cf7c | 5448 | if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0) |
wolfSSL | 15:117db924cf7c | 5449 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 5450 | |
wolfSSL | 15:117db924cf7c | 5451 | if (temp->pub.length == 0) { |
wolfSSL | 15:117db924cf7c | 5452 | XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5453 | } |
wolfSSL | 15:117db924cf7c | 5454 | |
wolfSSL | 15:117db924cf7c | 5455 | if (r != WOLFSSL_SUCCESS) {return r;} /* throw error */ |
wolfSSL | 15:117db924cf7c | 5456 | |
wolfSSL | 15:117db924cf7c | 5457 | numKeys--; |
wolfSSL | 15:117db924cf7c | 5458 | } |
wolfSSL | 15:117db924cf7c | 5459 | |
wolfSSL | 15:117db924cf7c | 5460 | /* reply to a QSH extension sent from client */ |
wolfSSL | 15:117db924cf7c | 5461 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 5462 | TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 5463 | /* only use schemes we have key generated for -- free the rest */ |
wolfSSL | 15:117db924cf7c | 5464 | TLSX_QSHAgreement(&ssl->extensions, ssl->heap); |
wolfSSL | 15:117db924cf7c | 5465 | } |
wolfSSL | 15:117db924cf7c | 5466 | |
wolfSSL | 15:117db924cf7c | 5467 | return 0; |
wolfSSL | 15:117db924cf7c | 5468 | } |
wolfSSL | 15:117db924cf7c | 5469 | |
wolfSSL | 15:117db924cf7c | 5470 | |
wolfSSL | 15:117db924cf7c | 5471 | /* Used for parsing in QSHCipher structs on Key Exchange */ |
wolfSSL | 15:117db924cf7c | 5472 | int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 5473 | byte isServer) |
wolfSSL | 15:117db924cf7c | 5474 | { |
wolfSSL | 15:117db924cf7c | 5475 | QSHKey* key; |
wolfSSL | 15:117db924cf7c | 5476 | word16 Max_Secret_Len = 48; |
wolfSSL | 15:117db924cf7c | 5477 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 5478 | word16 offset_len = 0; |
wolfSSL | 15:117db924cf7c | 5479 | word32 offset_pk = 0; |
wolfSSL | 15:117db924cf7c | 5480 | word16 name = 0; |
wolfSSL | 15:117db924cf7c | 5481 | word16 secretLen = 0; |
wolfSSL | 15:117db924cf7c | 5482 | byte* secret = NULL; |
wolfSSL | 15:117db924cf7c | 5483 | word16 buffLen = 0; |
wolfSSL | 15:117db924cf7c | 5484 | byte buff[145]; /* size enough for 3 secrets */ |
wolfSSL | 15:117db924cf7c | 5485 | buffer* buf; |
wolfSSL | 15:117db924cf7c | 5486 | |
wolfSSL | 15:117db924cf7c | 5487 | /* pointer to location where secret should be stored */ |
wolfSSL | 15:117db924cf7c | 5488 | if (isServer) { |
wolfSSL | 15:117db924cf7c | 5489 | buf = ssl->QSH_secret->CliSi; |
wolfSSL | 15:117db924cf7c | 5490 | } |
wolfSSL | 15:117db924cf7c | 5491 | else { |
wolfSSL | 15:117db924cf7c | 5492 | buf = ssl->QSH_secret->SerSi; |
wolfSSL | 15:117db924cf7c | 5493 | } |
wolfSSL | 15:117db924cf7c | 5494 | |
wolfSSL | 15:117db924cf7c | 5495 | offset_pk = ((input[offset_len] << 16) & 0xFF0000) | |
wolfSSL | 15:117db924cf7c | 5496 | (((input[offset_len + 1]) << 8) & 0xFF00) | |
wolfSSL | 15:117db924cf7c | 5497 | (input[offset_len + 2] & 0xFF); |
wolfSSL | 15:117db924cf7c | 5498 | offset_len += OPAQUE24_LEN; |
wolfSSL | 15:117db924cf7c | 5499 | |
wolfSSL | 15:117db924cf7c | 5500 | /* validating extension list length -- check if trying to read over edge |
wolfSSL | 15:117db924cf7c | 5501 | of buffer */ |
wolfSSL | 15:117db924cf7c | 5502 | if (length < (offset_pk + OPAQUE24_LEN)) { |
wolfSSL | 15:117db924cf7c | 5503 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 5504 | } |
wolfSSL | 15:117db924cf7c | 5505 | |
wolfSSL | 15:117db924cf7c | 5506 | /* QSHCipherList struct */ |
wolfSSL | 15:117db924cf7c | 5507 | offset_pk += offset_len; |
wolfSSL | 15:117db924cf7c | 5508 | while (offset_len < offset_pk) { |
wolfSSL | 15:117db924cf7c | 5509 | |
wolfSSL | 15:117db924cf7c | 5510 | /* scheme id */ |
wolfSSL | 15:117db924cf7c | 5511 | ato16(input + offset_len, &name); |
wolfSSL | 15:117db924cf7c | 5512 | offset_len += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5513 | |
wolfSSL | 15:117db924cf7c | 5514 | /* public key length */ |
wolfSSL | 15:117db924cf7c | 5515 | ato16(input + offset_len, &secretLen); |
wolfSSL | 15:117db924cf7c | 5516 | offset_len += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5517 | |
wolfSSL | 15:117db924cf7c | 5518 | /* read in public key */ |
wolfSSL | 15:117db924cf7c | 5519 | if (secretLen > 0) { |
wolfSSL | 15:117db924cf7c | 5520 | secret = (byte*)(input + offset_len); |
wolfSSL | 15:117db924cf7c | 5521 | offset_len += secretLen; |
wolfSSL | 15:117db924cf7c | 5522 | } |
wolfSSL | 15:117db924cf7c | 5523 | else { |
wolfSSL | 15:117db924cf7c | 5524 | secret = NULL; |
wolfSSL | 15:117db924cf7c | 5525 | } |
wolfSSL | 15:117db924cf7c | 5526 | |
wolfSSL | 15:117db924cf7c | 5527 | /* no secret sent */ |
wolfSSL | 15:117db924cf7c | 5528 | if (secret == NULL) |
wolfSSL | 15:117db924cf7c | 5529 | continue; |
wolfSSL | 15:117db924cf7c | 5530 | |
wolfSSL | 15:117db924cf7c | 5531 | /* find corresponding key */ |
wolfSSL | 15:117db924cf7c | 5532 | key = ssl->QSH_Key; |
wolfSSL | 15:117db924cf7c | 5533 | while (key) { |
wolfSSL | 15:117db924cf7c | 5534 | if (key->name == name) |
wolfSSL | 15:117db924cf7c | 5535 | break; |
wolfSSL | 15:117db924cf7c | 5536 | else |
wolfSSL | 15:117db924cf7c | 5537 | key = (QSHKey*)key->next; |
wolfSSL | 15:117db924cf7c | 5538 | } |
wolfSSL | 15:117db924cf7c | 5539 | |
wolfSSL | 15:117db924cf7c | 5540 | /* if we do not have the key than there was a big issue negotiation */ |
wolfSSL | 15:117db924cf7c | 5541 | if (key == NULL) { |
wolfSSL | 15:117db924cf7c | 5542 | WOLFSSL_MSG("key was null for decryption!!!\n"); |
wolfSSL | 15:117db924cf7c | 5543 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 5544 | } |
wolfSSL | 15:117db924cf7c | 5545 | |
wolfSSL | 15:117db924cf7c | 5546 | /* Decrypt sent secret */ |
wolfSSL | 15:117db924cf7c | 5547 | buffLen = Max_Secret_Len; |
wolfSSL | 15:117db924cf7c | 5548 | QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen); |
wolfSSL | 15:117db924cf7c | 5549 | offset += buffLen; |
wolfSSL | 15:117db924cf7c | 5550 | } |
wolfSSL | 15:117db924cf7c | 5551 | |
wolfSSL | 15:117db924cf7c | 5552 | /* allocate memory for buffer */ |
wolfSSL | 15:117db924cf7c | 5553 | buf->length = offset; |
wolfSSL | 15:117db924cf7c | 5554 | buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 5555 | if (buf->buffer == NULL) |
wolfSSL | 15:117db924cf7c | 5556 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 5557 | |
wolfSSL | 15:117db924cf7c | 5558 | /* store secrets */ |
wolfSSL | 15:117db924cf7c | 5559 | XMEMCPY(buf->buffer, buff, offset); |
wolfSSL | 15:117db924cf7c | 5560 | ForceZero(buff, offset); |
wolfSSL | 15:117db924cf7c | 5561 | |
wolfSSL | 15:117db924cf7c | 5562 | return offset_len; |
wolfSSL | 15:117db924cf7c | 5563 | } |
wolfSSL | 15:117db924cf7c | 5564 | |
wolfSSL | 15:117db924cf7c | 5565 | |
wolfSSL | 15:117db924cf7c | 5566 | /* return 1 on success */ |
wolfSSL | 15:117db924cf7c | 5567 | int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) { |
wolfSSL | 15:117db924cf7c | 5568 | TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 5569 | QSHScheme* format = NULL; |
wolfSSL | 15:117db924cf7c | 5570 | |
wolfSSL | 15:117db924cf7c | 5571 | /* if no extension is sent then do not use QSH */ |
wolfSSL | 15:117db924cf7c | 5572 | if (!extension) { |
wolfSSL | 15:117db924cf7c | 5573 | WOLFSSL_MSG("No QSH Extension"); |
wolfSSL | 15:117db924cf7c | 5574 | return 0; |
wolfSSL | 15:117db924cf7c | 5575 | } |
wolfSSL | 15:117db924cf7c | 5576 | |
wolfSSL | 15:117db924cf7c | 5577 | for (format = (QSHScheme*)extension->data; format; format = format->next) { |
wolfSSL | 15:117db924cf7c | 5578 | if (format->name == theirs) { |
wolfSSL | 15:117db924cf7c | 5579 | WOLFSSL_MSG("Found Matching QSH Scheme"); |
wolfSSL | 15:117db924cf7c | 5580 | return 1; /* have QSH */ |
wolfSSL | 15:117db924cf7c | 5581 | } |
wolfSSL | 15:117db924cf7c | 5582 | } |
wolfSSL | 15:117db924cf7c | 5583 | |
wolfSSL | 15:117db924cf7c | 5584 | return 0; |
wolfSSL | 15:117db924cf7c | 5585 | } |
wolfSSL | 15:117db924cf7c | 5586 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 5587 | |
wolfSSL | 15:117db924cf7c | 5588 | /* test if the QSH Scheme is implemented |
wolfSSL | 15:117db924cf7c | 5589 | return 1 if yes 0 if no */ |
wolfSSL | 15:117db924cf7c | 5590 | static int TLSX_HaveQSHScheme(word16 name) |
wolfSSL | 15:117db924cf7c | 5591 | { |
wolfSSL | 15:117db924cf7c | 5592 | switch(name) { |
wolfSSL | 15:117db924cf7c | 5593 | #ifdef HAVE_NTRU |
wolfSSL | 15:117db924cf7c | 5594 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 15:117db924cf7c | 5595 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 15:117db924cf7c | 5596 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 15:117db924cf7c | 5597 | return 1; |
wolfSSL | 15:117db924cf7c | 5598 | #endif |
wolfSSL | 15:117db924cf7c | 5599 | case WOLFSSL_LWE_XXX: |
wolfSSL | 15:117db924cf7c | 5600 | case WOLFSSL_HFE_XXX: |
wolfSSL | 15:117db924cf7c | 5601 | return 0; /* not supported yet */ |
wolfSSL | 15:117db924cf7c | 5602 | |
wolfSSL | 15:117db924cf7c | 5603 | default: |
wolfSSL | 15:117db924cf7c | 5604 | return 0; |
wolfSSL | 15:117db924cf7c | 5605 | } |
wolfSSL | 15:117db924cf7c | 5606 | } |
wolfSSL | 15:117db924cf7c | 5607 | |
wolfSSL | 15:117db924cf7c | 5608 | |
wolfSSL | 15:117db924cf7c | 5609 | /* Add a QSHScheme struct to list of usable ones */ |
wolfSSL | 15:117db924cf7c | 5610 | int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz, |
wolfSSL | 15:117db924cf7c | 5611 | void* heap) |
wolfSSL | 15:117db924cf7c | 5612 | { |
wolfSSL | 16:8e0d178b1d1e | 5613 | TLSX* extension = NULL; |
wolfSSL | 15:117db924cf7c | 5614 | QSHScheme* format = NULL; |
wolfSSL | 15:117db924cf7c | 5615 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 5616 | |
wolfSSL | 15:117db924cf7c | 5617 | /* sanity check */ |
wolfSSL | 15:117db924cf7c | 5618 | if (extensions == NULL || (pKey == NULL && pkeySz != 0)) |
wolfSSL | 15:117db924cf7c | 5619 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 5620 | |
wolfSSL | 16:8e0d178b1d1e | 5621 | extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 16:8e0d178b1d1e | 5622 | |
wolfSSL | 15:117db924cf7c | 5623 | /* if scheme is implemented than add */ |
wolfSSL | 15:117db924cf7c | 5624 | if (TLSX_HaveQSHScheme(name)) { |
wolfSSL | 15:117db924cf7c | 5625 | if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0) |
wolfSSL | 15:117db924cf7c | 5626 | return ret; |
wolfSSL | 15:117db924cf7c | 5627 | |
wolfSSL | 16:8e0d178b1d1e | 5628 | extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 5629 | if (!extension) { |
wolfSSL | 15:117db924cf7c | 5630 | if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format, |
wolfSSL | 15:117db924cf7c | 5631 | heap)) != 0) { |
wolfSSL | 15:117db924cf7c | 5632 | XFREE(format, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5633 | return ret; |
wolfSSL | 15:117db924cf7c | 5634 | } |
wolfSSL | 15:117db924cf7c | 5635 | } |
wolfSSL | 15:117db924cf7c | 5636 | else { |
wolfSSL | 15:117db924cf7c | 5637 | /* push new QSH object to extension data. */ |
wolfSSL | 15:117db924cf7c | 5638 | format->next = (QSHScheme*)extension->data; |
wolfSSL | 15:117db924cf7c | 5639 | extension->data = (void*)format; |
wolfSSL | 15:117db924cf7c | 5640 | |
wolfSSL | 15:117db924cf7c | 5641 | /* look for another format of the same name to remove (replacement) */ |
wolfSSL | 15:117db924cf7c | 5642 | do { |
wolfSSL | 15:117db924cf7c | 5643 | if (format->next && (format->next->name == name)) { |
wolfSSL | 15:117db924cf7c | 5644 | QSHScheme* next = format->next; |
wolfSSL | 15:117db924cf7c | 5645 | |
wolfSSL | 15:117db924cf7c | 5646 | format->next = next->next; |
wolfSSL | 15:117db924cf7c | 5647 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 5648 | |
wolfSSL | 15:117db924cf7c | 5649 | break; |
wolfSSL | 15:117db924cf7c | 5650 | } |
wolfSSL | 15:117db924cf7c | 5651 | } while ((format = format->next)); |
wolfSSL | 15:117db924cf7c | 5652 | } |
wolfSSL | 15:117db924cf7c | 5653 | } |
wolfSSL | 15:117db924cf7c | 5654 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 5655 | } |
wolfSSL | 15:117db924cf7c | 5656 | |
wolfSSL | 15:117db924cf7c | 5657 | #define QSH_FREE_ALL TLSX_QSH_FreeAll |
wolfSSL | 15:117db924cf7c | 5658 | #define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest |
wolfSSL | 15:117db924cf7c | 5659 | |
wolfSSL | 15:117db924cf7c | 5660 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 5661 | #define QSH_GET_SIZE TLSX_QSH_GetSize |
wolfSSL | 15:117db924cf7c | 5662 | #define QSH_WRITE TLSX_QSH_Write |
wolfSSL | 15:117db924cf7c | 5663 | #else |
wolfSSL | 16:8e0d178b1d1e | 5664 | #define QSH_GET_SIZE(list, a) 0 |
wolfSSL | 15:117db924cf7c | 5665 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 5666 | #endif |
wolfSSL | 15:117db924cf7c | 5667 | |
wolfSSL | 15:117db924cf7c | 5668 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 5669 | #define QSH_PARSE TLSX_QSH_Parse |
wolfSSL | 15:117db924cf7c | 5670 | #else |
wolfSSL | 15:117db924cf7c | 5671 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 5672 | #endif |
wolfSSL | 15:117db924cf7c | 5673 | |
wolfSSL | 15:117db924cf7c | 5674 | #define QSHPK_WRITE TLSX_QSHPK_Write |
wolfSSL | 15:117db924cf7c | 5675 | #define QSH_SERREQ TLSX_QSH_SerPKReq |
wolfSSL | 15:117db924cf7c | 5676 | #else |
wolfSSL | 15:117db924cf7c | 5677 | |
wolfSSL | 15:117db924cf7c | 5678 | #define QSH_FREE_ALL(list, heap) |
wolfSSL | 15:117db924cf7c | 5679 | #define QSH_GET_SIZE(list, a) 0 |
wolfSSL | 15:117db924cf7c | 5680 | #define QSH_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 5681 | #define QSH_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 5682 | #define QSHPK_WRITE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 5683 | #define QSH_SERREQ(a, b) 0 |
wolfSSL | 15:117db924cf7c | 5684 | #define QSH_VALIDATE_REQUEST(a, b) |
wolfSSL | 15:117db924cf7c | 5685 | |
wolfSSL | 15:117db924cf7c | 5686 | #endif /* HAVE_QSH */ |
wolfSSL | 15:117db924cf7c | 5687 | |
wolfSSL | 16:8e0d178b1d1e | 5688 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 5689 | /******************************************************************************/ |
wolfSSL | 16:8e0d178b1d1e | 5690 | /* Encrypt-then-MAC */ |
wolfSSL | 16:8e0d178b1d1e | 5691 | /******************************************************************************/ |
wolfSSL | 16:8e0d178b1d1e | 5692 | |
wolfSSL | 16:8e0d178b1d1e | 5693 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 5694 | static int TLSX_EncryptThenMac_Use(WOLFSSL* ssl); |
wolfSSL | 16:8e0d178b1d1e | 5695 | |
wolfSSL | 16:8e0d178b1d1e | 5696 | /** |
wolfSSL | 16:8e0d178b1d1e | 5697 | * Get the size of the Encrypt-Then-MAC extension. |
wolfSSL | 16:8e0d178b1d1e | 5698 | * |
wolfSSL | 16:8e0d178b1d1e | 5699 | * msgType Type of message to put extension into. |
wolfSSL | 16:8e0d178b1d1e | 5700 | * pSz Size of extension data. |
wolfSSL | 16:8e0d178b1d1e | 5701 | * return SANITY_MSG_E when the message is not allowed to have extension and |
wolfSSL | 16:8e0d178b1d1e | 5702 | * 0 otherwise. |
wolfSSL | 16:8e0d178b1d1e | 5703 | */ |
wolfSSL | 16:8e0d178b1d1e | 5704 | static int TLSX_EncryptThenMac_GetSize(byte msgType, word16* pSz) |
wolfSSL | 16:8e0d178b1d1e | 5705 | { |
wolfSSL | 16:8e0d178b1d1e | 5706 | (void)pSz; |
wolfSSL | 16:8e0d178b1d1e | 5707 | |
wolfSSL | 16:8e0d178b1d1e | 5708 | if (msgType != client_hello && msgType != server_hello) { |
wolfSSL | 16:8e0d178b1d1e | 5709 | return SANITY_MSG_E; |
wolfSSL | 16:8e0d178b1d1e | 5710 | } |
wolfSSL | 16:8e0d178b1d1e | 5711 | |
wolfSSL | 16:8e0d178b1d1e | 5712 | /* Empty extension */ |
wolfSSL | 16:8e0d178b1d1e | 5713 | |
wolfSSL | 16:8e0d178b1d1e | 5714 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 5715 | } |
wolfSSL | 16:8e0d178b1d1e | 5716 | |
wolfSSL | 16:8e0d178b1d1e | 5717 | /** |
wolfSSL | 16:8e0d178b1d1e | 5718 | * Write the Encrypt-Then-MAC extension. |
wolfSSL | 16:8e0d178b1d1e | 5719 | * |
wolfSSL | 16:8e0d178b1d1e | 5720 | * data Unused |
wolfSSL | 16:8e0d178b1d1e | 5721 | * output Extension data buffer. Unused. |
wolfSSL | 16:8e0d178b1d1e | 5722 | * msgType Type of message to put extension into. |
wolfSSL | 16:8e0d178b1d1e | 5723 | * pSz Size of extension data. |
wolfSSL | 16:8e0d178b1d1e | 5724 | * return SANITY_MSG_E when the message is not allowed to have extension and |
wolfSSL | 16:8e0d178b1d1e | 5725 | * 0 otherwise. |
wolfSSL | 16:8e0d178b1d1e | 5726 | */ |
wolfSSL | 16:8e0d178b1d1e | 5727 | static int TLSX_EncryptThenMac_Write(void* data, byte* output, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 5728 | word16* pSz) |
wolfSSL | 16:8e0d178b1d1e | 5729 | { |
wolfSSL | 16:8e0d178b1d1e | 5730 | (void)data; |
wolfSSL | 16:8e0d178b1d1e | 5731 | (void)output; |
wolfSSL | 16:8e0d178b1d1e | 5732 | (void)pSz; |
wolfSSL | 16:8e0d178b1d1e | 5733 | |
wolfSSL | 16:8e0d178b1d1e | 5734 | if (msgType != client_hello && msgType != server_hello) { |
wolfSSL | 16:8e0d178b1d1e | 5735 | return SANITY_MSG_E; |
wolfSSL | 16:8e0d178b1d1e | 5736 | } |
wolfSSL | 16:8e0d178b1d1e | 5737 | |
wolfSSL | 16:8e0d178b1d1e | 5738 | /* Empty extension */ |
wolfSSL | 16:8e0d178b1d1e | 5739 | |
wolfSSL | 16:8e0d178b1d1e | 5740 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 5741 | } |
wolfSSL | 16:8e0d178b1d1e | 5742 | |
wolfSSL | 16:8e0d178b1d1e | 5743 | /** |
wolfSSL | 16:8e0d178b1d1e | 5744 | * Parse the Encrypt-Then-MAC extension. |
wolfSSL | 16:8e0d178b1d1e | 5745 | * |
wolfSSL | 16:8e0d178b1d1e | 5746 | * ssl SSL object |
wolfSSL | 16:8e0d178b1d1e | 5747 | * input Extension data buffer. |
wolfSSL | 16:8e0d178b1d1e | 5748 | * length Length of this extension's data. |
wolfSSL | 16:8e0d178b1d1e | 5749 | * msgType Type of message to extension appeared in. |
wolfSSL | 16:8e0d178b1d1e | 5750 | * return SANITY_MSG_E when the message is not allowed to have extension, |
wolfSSL | 16:8e0d178b1d1e | 5751 | * BUFFER_ERROR when the extension's data is invalid, |
wolfSSL | 16:8e0d178b1d1e | 5752 | * MEMORY_E when unable to allocate memory and |
wolfSSL | 16:8e0d178b1d1e | 5753 | * 0 otherwise. |
wolfSSL | 16:8e0d178b1d1e | 5754 | */ |
wolfSSL | 16:8e0d178b1d1e | 5755 | static int TLSX_EncryptThenMac_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 16:8e0d178b1d1e | 5756 | byte msgType) |
wolfSSL | 16:8e0d178b1d1e | 5757 | { |
wolfSSL | 16:8e0d178b1d1e | 5758 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 5759 | |
wolfSSL | 16:8e0d178b1d1e | 5760 | (void)input; |
wolfSSL | 16:8e0d178b1d1e | 5761 | |
wolfSSL | 16:8e0d178b1d1e | 5762 | if (msgType != client_hello && msgType != server_hello) { |
wolfSSL | 16:8e0d178b1d1e | 5763 | return SANITY_MSG_E; |
wolfSSL | 16:8e0d178b1d1e | 5764 | } |
wolfSSL | 16:8e0d178b1d1e | 5765 | |
wolfSSL | 16:8e0d178b1d1e | 5766 | /* Empty extension */ |
wolfSSL | 16:8e0d178b1d1e | 5767 | if (length != 0) |
wolfSSL | 16:8e0d178b1d1e | 5768 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 5769 | |
wolfSSL | 16:8e0d178b1d1e | 5770 | if (msgType == client_hello) { |
wolfSSL | 16:8e0d178b1d1e | 5771 | /* Check the user hasn't disallowed use of Encrypt-Then-Mac. */ |
wolfSSL | 16:8e0d178b1d1e | 5772 | if (!ssl->options.disallowEncThenMac) { |
wolfSSL | 16:8e0d178b1d1e | 5773 | ssl->options.encThenMac = 1; |
wolfSSL | 16:8e0d178b1d1e | 5774 | /* Set the extension reply. */ |
wolfSSL | 16:8e0d178b1d1e | 5775 | ret = TLSX_EncryptThenMac_Use(ssl); |
wolfSSL | 16:8e0d178b1d1e | 5776 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 5777 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 5778 | TLSX_SetResponse(ssl, TLSX_ENCRYPT_THEN_MAC); |
wolfSSL | 16:8e0d178b1d1e | 5779 | } |
wolfSSL | 16:8e0d178b1d1e | 5780 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 5781 | } |
wolfSSL | 16:8e0d178b1d1e | 5782 | |
wolfSSL | 16:8e0d178b1d1e | 5783 | /* Server Hello */ |
wolfSSL | 16:8e0d178b1d1e | 5784 | if (ssl->options.disallowEncThenMac) |
wolfSSL | 16:8e0d178b1d1e | 5785 | return SANITY_MSG_E; |
wolfSSL | 16:8e0d178b1d1e | 5786 | |
wolfSSL | 16:8e0d178b1d1e | 5787 | ssl->options.encThenMac = 1; |
wolfSSL | 16:8e0d178b1d1e | 5788 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 5789 | |
wolfSSL | 16:8e0d178b1d1e | 5790 | } |
wolfSSL | 16:8e0d178b1d1e | 5791 | |
wolfSSL | 16:8e0d178b1d1e | 5792 | /** |
wolfSSL | 16:8e0d178b1d1e | 5793 | * Add the Encrypt-Then-MAC extension to list. |
wolfSSL | 16:8e0d178b1d1e | 5794 | * |
wolfSSL | 16:8e0d178b1d1e | 5795 | * ssl SSL object |
wolfSSL | 16:8e0d178b1d1e | 5796 | * return MEMORY_E when unable to allocate memory and 0 otherwise. |
wolfSSL | 16:8e0d178b1d1e | 5797 | */ |
wolfSSL | 16:8e0d178b1d1e | 5798 | static int TLSX_EncryptThenMac_Use(WOLFSSL* ssl) |
wolfSSL | 16:8e0d178b1d1e | 5799 | { |
wolfSSL | 16:8e0d178b1d1e | 5800 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 5801 | TLSX* extension; |
wolfSSL | 16:8e0d178b1d1e | 5802 | |
wolfSSL | 16:8e0d178b1d1e | 5803 | /* Find the Encrypt-Then-Mac extension if it exists. */ |
wolfSSL | 16:8e0d178b1d1e | 5804 | extension = TLSX_Find(ssl->extensions, TLSX_ENCRYPT_THEN_MAC); |
wolfSSL | 16:8e0d178b1d1e | 5805 | if (extension == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 5806 | /* Push new Encrypt-Then-Mac extension. */ |
wolfSSL | 16:8e0d178b1d1e | 5807 | ret = TLSX_Push(&ssl->extensions, TLSX_ENCRYPT_THEN_MAC, NULL, |
wolfSSL | 16:8e0d178b1d1e | 5808 | ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 5809 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 5810 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 5811 | } |
wolfSSL | 16:8e0d178b1d1e | 5812 | |
wolfSSL | 16:8e0d178b1d1e | 5813 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 5814 | } |
wolfSSL | 16:8e0d178b1d1e | 5815 | |
wolfSSL | 16:8e0d178b1d1e | 5816 | #define ETM_GET_SIZE TLSX_EncryptThenMac_GetSize |
wolfSSL | 16:8e0d178b1d1e | 5817 | #define ETM_WRITE TLSX_EncryptThenMac_Write |
wolfSSL | 16:8e0d178b1d1e | 5818 | #define ETM_PARSE TLSX_EncryptThenMac_Parse |
wolfSSL | 16:8e0d178b1d1e | 5819 | |
wolfSSL | 16:8e0d178b1d1e | 5820 | #else |
wolfSSL | 16:8e0d178b1d1e | 5821 | |
wolfSSL | 16:8e0d178b1d1e | 5822 | #define ETM_GET_SIZE(a, b) 0 |
wolfSSL | 16:8e0d178b1d1e | 5823 | #define ETM_WRITE(a, b, c, d) 0 |
wolfSSL | 16:8e0d178b1d1e | 5824 | #define ETM_PARSE(a, b, c, d) 0 |
wolfSSL | 16:8e0d178b1d1e | 5825 | |
wolfSSL | 16:8e0d178b1d1e | 5826 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 5827 | |
wolfSSL | 16:8e0d178b1d1e | 5828 | #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */ |
wolfSSL | 16:8e0d178b1d1e | 5829 | |
wolfSSL | 15:117db924cf7c | 5830 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 5831 | /* Supported Versions */ |
wolfSSL | 15:117db924cf7c | 5832 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 5833 | |
wolfSSL | 15:117db924cf7c | 5834 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 5835 | /* Return the size of the SupportedVersions extension's data. |
wolfSSL | 15:117db924cf7c | 5836 | * |
wolfSSL | 15:117db924cf7c | 5837 | * data The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 5838 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 5839 | * returns the length of data that will be in the extension. |
wolfSSL | 15:117db924cf7c | 5840 | */ |
wolfSSL | 15:117db924cf7c | 5841 | static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 5842 | { |
wolfSSL | 15:117db924cf7c | 5843 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 15:117db924cf7c | 5844 | |
wolfSSL | 15:117db924cf7c | 5845 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 5846 | /* TLS v1.2 and TLS v1.3 */ |
wolfSSL | 16:8e0d178b1d1e | 5847 | int cnt = 0; |
wolfSSL | 16:8e0d178b1d1e | 5848 | |
wolfSSL | 16:8e0d178b1d1e | 5849 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5850 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5851 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5852 | cnt++; |
wolfSSL | 16:8e0d178b1d1e | 5853 | |
wolfSSL | 16:8e0d178b1d1e | 5854 | if (ssl->options.downgrade) { |
wolfSSL | 16:8e0d178b1d1e | 5855 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 5856 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5857 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5858 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5859 | cnt++; |
wolfSSL | 16:8e0d178b1d1e | 5860 | #endif |
wolfSSL | 15:117db924cf7c | 5861 | |
wolfSSL | 15:117db924cf7c | 5862 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 5863 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5864 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5865 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5866 | cnt++; |
wolfSSL | 15:117db924cf7c | 5867 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 16:8e0d178b1d1e | 5868 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5869 | if ((ssl->options.mask & SSL_OP_NO_TLSv1) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5870 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5871 | cnt++; |
wolfSSL | 16:8e0d178b1d1e | 5872 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5873 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5874 | } |
wolfSSL | 15:117db924cf7c | 5875 | |
wolfSSL | 15:117db924cf7c | 5876 | *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); |
wolfSSL | 15:117db924cf7c | 5877 | } |
wolfSSL | 15:117db924cf7c | 5878 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 5879 | else if (msgType == server_hello || msgType == hello_retry_request) |
wolfSSL | 15:117db924cf7c | 5880 | *pSz += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5881 | #endif |
wolfSSL | 15:117db924cf7c | 5882 | else |
wolfSSL | 15:117db924cf7c | 5883 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 5884 | |
wolfSSL | 15:117db924cf7c | 5885 | return 0; |
wolfSSL | 15:117db924cf7c | 5886 | } |
wolfSSL | 15:117db924cf7c | 5887 | |
wolfSSL | 15:117db924cf7c | 5888 | /* Writes the SupportedVersions extension into the buffer. |
wolfSSL | 15:117db924cf7c | 5889 | * |
wolfSSL | 15:117db924cf7c | 5890 | * data The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 5891 | * output The buffer to write the extension into. |
wolfSSL | 15:117db924cf7c | 5892 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 5893 | * returns the length of data that was written. |
wolfSSL | 15:117db924cf7c | 5894 | */ |
wolfSSL | 15:117db924cf7c | 5895 | static int TLSX_SupportedVersions_Write(void* data, byte* output, |
wolfSSL | 16:8e0d178b1d1e | 5896 | byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 5897 | { |
wolfSSL | 15:117db924cf7c | 5898 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 16:8e0d178b1d1e | 5899 | byte major; |
wolfSSL | 16:8e0d178b1d1e | 5900 | byte* cnt; |
wolfSSL | 15:117db924cf7c | 5901 | |
wolfSSL | 15:117db924cf7c | 5902 | if (msgType == client_hello) { |
wolfSSL | 16:8e0d178b1d1e | 5903 | major = ssl->ctx->method->version.major; |
wolfSSL | 16:8e0d178b1d1e | 5904 | |
wolfSSL | 16:8e0d178b1d1e | 5905 | |
wolfSSL | 16:8e0d178b1d1e | 5906 | cnt = output++; |
wolfSSL | 16:8e0d178b1d1e | 5907 | *cnt = 0; |
wolfSSL | 16:8e0d178b1d1e | 5908 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5909 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5910 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5911 | { |
wolfSSL | 16:8e0d178b1d1e | 5912 | *cnt += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 5913 | #ifdef WOLFSSL_TLS13_DRAFT |
wolfSSL | 15:117db924cf7c | 5914 | /* The TLS draft major number. */ |
wolfSSL | 15:117db924cf7c | 5915 | *(output++) = TLS_DRAFT_MAJOR; |
wolfSSL | 15:117db924cf7c | 5916 | /* Version of draft supported. */ |
wolfSSL | 15:117db924cf7c | 5917 | *(output++) = TLS_DRAFT_MINOR; |
wolfSSL | 16:8e0d178b1d1e | 5918 | #else |
wolfSSL | 16:8e0d178b1d1e | 5919 | *(output++) = major; |
wolfSSL | 16:8e0d178b1d1e | 5920 | *(output++) = (byte)TLSv1_3_MINOR; |
wolfSSL | 16:8e0d178b1d1e | 5921 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5922 | } |
wolfSSL | 16:8e0d178b1d1e | 5923 | if (ssl->options.downgrade) { |
wolfSSL | 16:8e0d178b1d1e | 5924 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 5925 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5926 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5927 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5928 | { |
wolfSSL | 16:8e0d178b1d1e | 5929 | *cnt += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 5930 | *(output++) = major; |
wolfSSL | 16:8e0d178b1d1e | 5931 | *(output++) = (byte)TLSv1_2_MINOR; |
wolfSSL | 15:117db924cf7c | 5932 | } |
wolfSSL | 15:117db924cf7c | 5933 | #endif |
wolfSSL | 15:117db924cf7c | 5934 | |
wolfSSL | 16:8e0d178b1d1e | 5935 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 5936 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5937 | if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5938 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5939 | { |
wolfSSL | 16:8e0d178b1d1e | 5940 | *cnt += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 5941 | *(output++) = major; |
wolfSSL | 16:8e0d178b1d1e | 5942 | *(output++) = (byte)TLSv1_1_MINOR; |
wolfSSL | 16:8e0d178b1d1e | 5943 | } |
wolfSSL | 16:8e0d178b1d1e | 5944 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 16:8e0d178b1d1e | 5945 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 16:8e0d178b1d1e | 5946 | if ((ssl->options.mask & SSL_OP_NO_TLSv1) == 0) |
wolfSSL | 16:8e0d178b1d1e | 5947 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5948 | { |
wolfSSL | 16:8e0d178b1d1e | 5949 | *cnt += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 5950 | *(output++) = major; |
wolfSSL | 16:8e0d178b1d1e | 5951 | *(output++) = (byte)TLSv1_MINOR; |
wolfSSL | 16:8e0d178b1d1e | 5952 | } |
wolfSSL | 16:8e0d178b1d1e | 5953 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5954 | #endif |
wolfSSL | 16:8e0d178b1d1e | 5955 | } |
wolfSSL | 16:8e0d178b1d1e | 5956 | |
wolfSSL | 16:8e0d178b1d1e | 5957 | *pSz += (word16)(OPAQUE8_LEN + *cnt); |
wolfSSL | 15:117db924cf7c | 5958 | } |
wolfSSL | 15:117db924cf7c | 5959 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 5960 | else if (msgType == server_hello || msgType == hello_retry_request) { |
wolfSSL | 16:8e0d178b1d1e | 5961 | #ifdef WOLFSSL_TLS13_DRAFT |
wolfSSL | 15:117db924cf7c | 5962 | if (ssl->version.major == SSLv3_MAJOR && |
wolfSSL | 15:117db924cf7c | 5963 | ssl->version.minor == TLSv1_3_MINOR) { |
wolfSSL | 15:117db924cf7c | 5964 | output[0] = TLS_DRAFT_MAJOR; |
wolfSSL | 15:117db924cf7c | 5965 | output[1] = TLS_DRAFT_MINOR; |
wolfSSL | 15:117db924cf7c | 5966 | } |
wolfSSL | 15:117db924cf7c | 5967 | else |
wolfSSL | 15:117db924cf7c | 5968 | #endif |
wolfSSL | 15:117db924cf7c | 5969 | { |
wolfSSL | 15:117db924cf7c | 5970 | output[0] = ssl->version.major; |
wolfSSL | 15:117db924cf7c | 5971 | output[1] = ssl->version.minor; |
wolfSSL | 15:117db924cf7c | 5972 | } |
wolfSSL | 15:117db924cf7c | 5973 | |
wolfSSL | 15:117db924cf7c | 5974 | *pSz += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 5975 | } |
wolfSSL | 15:117db924cf7c | 5976 | #endif |
wolfSSL | 15:117db924cf7c | 5977 | else |
wolfSSL | 15:117db924cf7c | 5978 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 5979 | |
wolfSSL | 15:117db924cf7c | 5980 | return 0; |
wolfSSL | 15:117db924cf7c | 5981 | } |
wolfSSL | 15:117db924cf7c | 5982 | |
wolfSSL | 15:117db924cf7c | 5983 | /* Parse the SupportedVersions extension. |
wolfSSL | 15:117db924cf7c | 5984 | * |
wolfSSL | 15:117db924cf7c | 5985 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 5986 | * input The buffer with the extension data. |
wolfSSL | 15:117db924cf7c | 5987 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 5988 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 5989 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 5990 | */ |
wolfSSL | 15:117db924cf7c | 5991 | static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 5992 | word16 length, byte msgType) |
wolfSSL | 15:117db924cf7c | 5993 | { |
wolfSSL | 15:117db924cf7c | 5994 | ProtocolVersion pv = ssl->ctx->method->version; |
wolfSSL | 15:117db924cf7c | 5995 | int i; |
wolfSSL | 15:117db924cf7c | 5996 | int len; |
wolfSSL | 15:117db924cf7c | 5997 | byte major, minor; |
wolfSSL | 15:117db924cf7c | 5998 | int newMinor = 0; |
wolfSSL | 16:8e0d178b1d1e | 5999 | int set = 0; |
wolfSSL | 15:117db924cf7c | 6000 | |
wolfSSL | 15:117db924cf7c | 6001 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 6002 | /* Must contain a length and at least one version. */ |
wolfSSL | 15:117db924cf7c | 6003 | if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1) |
wolfSSL | 15:117db924cf7c | 6004 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6005 | |
wolfSSL | 15:117db924cf7c | 6006 | len = *input; |
wolfSSL | 15:117db924cf7c | 6007 | |
wolfSSL | 15:117db924cf7c | 6008 | /* Protocol version array must fill rest of data. */ |
wolfSSL | 16:8e0d178b1d1e | 6009 | if (length != (word16)OPAQUE8_LEN + len) |
wolfSSL | 15:117db924cf7c | 6010 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6011 | |
wolfSSL | 15:117db924cf7c | 6012 | input++; |
wolfSSL | 15:117db924cf7c | 6013 | |
wolfSSL | 15:117db924cf7c | 6014 | /* Find first match. */ |
wolfSSL | 15:117db924cf7c | 6015 | for (i = 0; i < len; i += OPAQUE16_LEN) { |
wolfSSL | 15:117db924cf7c | 6016 | major = input[i]; |
wolfSSL | 15:117db924cf7c | 6017 | minor = input[i + OPAQUE8_LEN]; |
wolfSSL | 15:117db924cf7c | 6018 | |
wolfSSL | 16:8e0d178b1d1e | 6019 | #ifdef WOLFSSL_TLS13_DRAFT |
wolfSSL | 15:117db924cf7c | 6020 | if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { |
wolfSSL | 15:117db924cf7c | 6021 | major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 6022 | minor = TLSv1_3_MINOR; |
wolfSSL | 15:117db924cf7c | 6023 | } |
wolfSSL | 16:8e0d178b1d1e | 6024 | #else |
wolfSSL | 16:8e0d178b1d1e | 6025 | if (major == TLS_DRAFT_MAJOR) |
wolfSSL | 16:8e0d178b1d1e | 6026 | continue; |
wolfSSL | 15:117db924cf7c | 6027 | #endif |
wolfSSL | 15:117db924cf7c | 6028 | |
wolfSSL | 15:117db924cf7c | 6029 | if (major != pv.major) |
wolfSSL | 15:117db924cf7c | 6030 | continue; |
wolfSSL | 15:117db924cf7c | 6031 | |
wolfSSL | 15:117db924cf7c | 6032 | /* No upgrade allowed. */ |
wolfSSL | 15:117db924cf7c | 6033 | if (minor > ssl->version.minor) |
wolfSSL | 15:117db924cf7c | 6034 | continue; |
wolfSSL | 15:117db924cf7c | 6035 | /* Check downgrade. */ |
wolfSSL | 15:117db924cf7c | 6036 | if (minor < ssl->version.minor) { |
wolfSSL | 15:117db924cf7c | 6037 | if (!ssl->options.downgrade) |
wolfSSL | 15:117db924cf7c | 6038 | continue; |
wolfSSL | 15:117db924cf7c | 6039 | |
wolfSSL | 15:117db924cf7c | 6040 | if (minor < ssl->options.minDowngrade) |
wolfSSL | 15:117db924cf7c | 6041 | continue; |
wolfSSL | 15:117db924cf7c | 6042 | |
wolfSSL | 15:117db924cf7c | 6043 | if (newMinor == 0 && minor > ssl->options.oldMinor) { |
wolfSSL | 15:117db924cf7c | 6044 | /* Downgrade the version. */ |
wolfSSL | 15:117db924cf7c | 6045 | ssl->version.minor = minor; |
wolfSSL | 15:117db924cf7c | 6046 | } |
wolfSSL | 15:117db924cf7c | 6047 | } |
wolfSSL | 15:117db924cf7c | 6048 | |
wolfSSL | 15:117db924cf7c | 6049 | if (minor >= TLSv1_3_MINOR) { |
wolfSSL | 15:117db924cf7c | 6050 | if (!ssl->options.tls1_3) { |
wolfSSL | 15:117db924cf7c | 6051 | ssl->options.tls1_3 = 1; |
wolfSSL | 15:117db924cf7c | 6052 | TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, |
wolfSSL | 15:117db924cf7c | 6053 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 6054 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 6055 | TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); |
wolfSSL | 15:117db924cf7c | 6056 | #endif |
wolfSSL | 15:117db924cf7c | 6057 | } |
wolfSSL | 15:117db924cf7c | 6058 | if (minor > newMinor) { |
wolfSSL | 15:117db924cf7c | 6059 | ssl->version.minor = minor; |
wolfSSL | 15:117db924cf7c | 6060 | newMinor = minor; |
wolfSSL | 15:117db924cf7c | 6061 | } |
wolfSSL | 15:117db924cf7c | 6062 | } |
wolfSSL | 15:117db924cf7c | 6063 | else if (minor > ssl->options.oldMinor) |
wolfSSL | 15:117db924cf7c | 6064 | ssl->options.oldMinor = minor; |
wolfSSL | 16:8e0d178b1d1e | 6065 | |
wolfSSL | 16:8e0d178b1d1e | 6066 | set = 1; |
wolfSSL | 16:8e0d178b1d1e | 6067 | } |
wolfSSL | 16:8e0d178b1d1e | 6068 | if (!set) { |
wolfSSL | 16:8e0d178b1d1e | 6069 | #ifdef WOLFSSL_MYSQL_COMPATIBLE |
wolfSSL | 16:8e0d178b1d1e | 6070 | SendAlert(ssl, alert_fatal, wc_protocol_version); |
wolfSSL | 16:8e0d178b1d1e | 6071 | #else |
wolfSSL | 16:8e0d178b1d1e | 6072 | SendAlert(ssl, alert_fatal, protocol_version); |
wolfSSL | 16:8e0d178b1d1e | 6073 | #endif |
wolfSSL | 16:8e0d178b1d1e | 6074 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6075 | } |
wolfSSL | 15:117db924cf7c | 6076 | } |
wolfSSL | 15:117db924cf7c | 6077 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 6078 | else if (msgType == server_hello || msgType == hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 6079 | /* Must contain one version. */ |
wolfSSL | 15:117db924cf7c | 6080 | if (length != OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 6081 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6082 | |
wolfSSL | 15:117db924cf7c | 6083 | major = input[0]; |
wolfSSL | 15:117db924cf7c | 6084 | minor = input[OPAQUE8_LEN]; |
wolfSSL | 15:117db924cf7c | 6085 | |
wolfSSL | 16:8e0d178b1d1e | 6086 | #ifdef WOLFSSL_TLS13_DRAFT |
wolfSSL | 15:117db924cf7c | 6087 | if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { |
wolfSSL | 15:117db924cf7c | 6088 | major = SSLv3_MAJOR; |
wolfSSL | 15:117db924cf7c | 6089 | minor = TLSv1_3_MINOR; |
wolfSSL | 15:117db924cf7c | 6090 | } |
wolfSSL | 15:117db924cf7c | 6091 | #endif |
wolfSSL | 15:117db924cf7c | 6092 | |
wolfSSL | 15:117db924cf7c | 6093 | if (major != pv.major) |
wolfSSL | 15:117db924cf7c | 6094 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6095 | |
wolfSSL | 15:117db924cf7c | 6096 | /* Can't downgrade with this extension below TLS v1.3. */ |
wolfSSL | 15:117db924cf7c | 6097 | if (minor < TLSv1_3_MINOR) |
wolfSSL | 15:117db924cf7c | 6098 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6099 | |
wolfSSL | 15:117db924cf7c | 6100 | /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */ |
wolfSSL | 15:117db924cf7c | 6101 | if (ssl->options.downgrade && ssl->version.minor == TLSv1_2_MINOR) { |
wolfSSL | 15:117db924cf7c | 6102 | /* Set minor version back to TLS v1.3+ */ |
wolfSSL | 15:117db924cf7c | 6103 | ssl->version.minor = ssl->ctx->method->version.minor; |
wolfSSL | 15:117db924cf7c | 6104 | } |
wolfSSL | 15:117db924cf7c | 6105 | |
wolfSSL | 15:117db924cf7c | 6106 | /* No upgrade allowed. */ |
wolfSSL | 15:117db924cf7c | 6107 | if (ssl->version.minor < minor) |
wolfSSL | 15:117db924cf7c | 6108 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6109 | |
wolfSSL | 15:117db924cf7c | 6110 | /* Check downgrade. */ |
wolfSSL | 15:117db924cf7c | 6111 | if (ssl->version.minor > minor) { |
wolfSSL | 15:117db924cf7c | 6112 | if (!ssl->options.downgrade) |
wolfSSL | 15:117db924cf7c | 6113 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6114 | |
wolfSSL | 15:117db924cf7c | 6115 | if (minor < ssl->options.minDowngrade) |
wolfSSL | 15:117db924cf7c | 6116 | return VERSION_ERROR; |
wolfSSL | 15:117db924cf7c | 6117 | |
wolfSSL | 15:117db924cf7c | 6118 | /* Downgrade the version. */ |
wolfSSL | 15:117db924cf7c | 6119 | ssl->version.minor = minor; |
wolfSSL | 15:117db924cf7c | 6120 | } |
wolfSSL | 15:117db924cf7c | 6121 | } |
wolfSSL | 15:117db924cf7c | 6122 | #endif |
wolfSSL | 15:117db924cf7c | 6123 | else |
wolfSSL | 15:117db924cf7c | 6124 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 6125 | |
wolfSSL | 15:117db924cf7c | 6126 | return 0; |
wolfSSL | 15:117db924cf7c | 6127 | } |
wolfSSL | 15:117db924cf7c | 6128 | |
wolfSSL | 15:117db924cf7c | 6129 | /* Sets a new SupportedVersions extension into the extension list. |
wolfSSL | 15:117db924cf7c | 6130 | * |
wolfSSL | 15:117db924cf7c | 6131 | * extensions The list of extensions. |
wolfSSL | 15:117db924cf7c | 6132 | * data The extensions specific data. |
wolfSSL | 15:117db924cf7c | 6133 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 6134 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6135 | */ |
wolfSSL | 15:117db924cf7c | 6136 | static int TLSX_SetSupportedVersions(TLSX** extensions, const void* data, |
wolfSSL | 15:117db924cf7c | 6137 | void* heap) |
wolfSSL | 15:117db924cf7c | 6138 | { |
wolfSSL | 15:117db924cf7c | 6139 | if (extensions == NULL || data == NULL) |
wolfSSL | 15:117db924cf7c | 6140 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 6141 | |
wolfSSL | 15:117db924cf7c | 6142 | return TLSX_Push(extensions, TLSX_SUPPORTED_VERSIONS, (void *)data, heap); |
wolfSSL | 15:117db924cf7c | 6143 | } |
wolfSSL | 15:117db924cf7c | 6144 | |
wolfSSL | 15:117db924cf7c | 6145 | #define SV_GET_SIZE TLSX_SupportedVersions_GetSize |
wolfSSL | 15:117db924cf7c | 6146 | #define SV_WRITE TLSX_SupportedVersions_Write |
wolfSSL | 15:117db924cf7c | 6147 | #define SV_PARSE TLSX_SupportedVersions_Parse |
wolfSSL | 15:117db924cf7c | 6148 | |
wolfSSL | 15:117db924cf7c | 6149 | #else |
wolfSSL | 15:117db924cf7c | 6150 | |
wolfSSL | 15:117db924cf7c | 6151 | #define SV_GET_SIZE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 6152 | #define SV_WRITE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 6153 | #define SV_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 6154 | |
wolfSSL | 15:117db924cf7c | 6155 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 6156 | |
wolfSSL | 15:117db924cf7c | 6157 | #if defined(WOLFSSL_TLS13) |
wolfSSL | 15:117db924cf7c | 6158 | |
wolfSSL | 15:117db924cf7c | 6159 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6160 | /* Cookie */ |
wolfSSL | 15:117db924cf7c | 6161 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6162 | |
wolfSSL | 15:117db924cf7c | 6163 | /* Free the cookie data. |
wolfSSL | 15:117db924cf7c | 6164 | * |
wolfSSL | 15:117db924cf7c | 6165 | * cookie Cookie data. |
wolfSSL | 15:117db924cf7c | 6166 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 6167 | */ |
wolfSSL | 15:117db924cf7c | 6168 | static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap) |
wolfSSL | 15:117db924cf7c | 6169 | { |
wolfSSL | 15:117db924cf7c | 6170 | (void)heap; |
wolfSSL | 15:117db924cf7c | 6171 | |
wolfSSL | 15:117db924cf7c | 6172 | if (cookie != NULL) |
wolfSSL | 15:117db924cf7c | 6173 | XFREE(cookie, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 6174 | } |
wolfSSL | 15:117db924cf7c | 6175 | |
wolfSSL | 15:117db924cf7c | 6176 | /* Get the size of the encoded Cookie extension. |
wolfSSL | 15:117db924cf7c | 6177 | * In messages: ClientHello and HelloRetryRequest. |
wolfSSL | 15:117db924cf7c | 6178 | * |
wolfSSL | 15:117db924cf7c | 6179 | * cookie The cookie to write. |
wolfSSL | 15:117db924cf7c | 6180 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 6181 | * returns the number of bytes of the encoded Cookie extension. |
wolfSSL | 15:117db924cf7c | 6182 | */ |
wolfSSL | 15:117db924cf7c | 6183 | static int TLSX_Cookie_GetSize(Cookie* cookie, byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 6184 | { |
wolfSSL | 15:117db924cf7c | 6185 | if (msgType == client_hello || msgType == hello_retry_request) |
wolfSSL | 15:117db924cf7c | 6186 | *pSz += OPAQUE16_LEN + cookie->len; |
wolfSSL | 15:117db924cf7c | 6187 | else |
wolfSSL | 15:117db924cf7c | 6188 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 6189 | return 0; |
wolfSSL | 15:117db924cf7c | 6190 | } |
wolfSSL | 15:117db924cf7c | 6191 | |
wolfSSL | 15:117db924cf7c | 6192 | /* Writes the Cookie extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 6193 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 6194 | * In messages: ClientHello and HelloRetryRequest. |
wolfSSL | 15:117db924cf7c | 6195 | * |
wolfSSL | 15:117db924cf7c | 6196 | * cookie The cookie to write. |
wolfSSL | 15:117db924cf7c | 6197 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 6198 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 6199 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 6200 | */ |
wolfSSL | 16:8e0d178b1d1e | 6201 | static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 6202 | word16* pSz) |
wolfSSL | 15:117db924cf7c | 6203 | { |
wolfSSL | 15:117db924cf7c | 6204 | if (msgType == client_hello || msgType == hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 6205 | c16toa(cookie->len, output); |
wolfSSL | 15:117db924cf7c | 6206 | output += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 6207 | XMEMCPY(output, &cookie->data, cookie->len); |
wolfSSL | 15:117db924cf7c | 6208 | *pSz += OPAQUE16_LEN + cookie->len; |
wolfSSL | 15:117db924cf7c | 6209 | } |
wolfSSL | 15:117db924cf7c | 6210 | else |
wolfSSL | 15:117db924cf7c | 6211 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 6212 | return 0; |
wolfSSL | 15:117db924cf7c | 6213 | } |
wolfSSL | 15:117db924cf7c | 6214 | |
wolfSSL | 15:117db924cf7c | 6215 | /* Parse the Cookie extension. |
wolfSSL | 15:117db924cf7c | 6216 | * In messages: ClientHello and HelloRetryRequest. |
wolfSSL | 15:117db924cf7c | 6217 | * |
wolfSSL | 15:117db924cf7c | 6218 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6219 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 6220 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 6221 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 6222 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 6223 | */ |
wolfSSL | 15:117db924cf7c | 6224 | static int TLSX_Cookie_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 6225 | byte msgType) |
wolfSSL | 15:117db924cf7c | 6226 | { |
wolfSSL | 15:117db924cf7c | 6227 | word16 len; |
wolfSSL | 15:117db924cf7c | 6228 | word16 idx = 0; |
wolfSSL | 15:117db924cf7c | 6229 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 6230 | Cookie* cookie; |
wolfSSL | 15:117db924cf7c | 6231 | |
wolfSSL | 15:117db924cf7c | 6232 | if (msgType != client_hello && msgType != hello_retry_request) |
wolfSSL | 15:117db924cf7c | 6233 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 6234 | |
wolfSSL | 15:117db924cf7c | 6235 | /* Message contains length and Cookie which must be at least one byte |
wolfSSL | 15:117db924cf7c | 6236 | * in length. |
wolfSSL | 15:117db924cf7c | 6237 | */ |
wolfSSL | 15:117db924cf7c | 6238 | if (length < OPAQUE16_LEN + 1) |
wolfSSL | 15:117db924cf7c | 6239 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 6240 | ato16(input + idx, &len); |
wolfSSL | 15:117db924cf7c | 6241 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 6242 | if (length - idx != len) |
wolfSSL | 15:117db924cf7c | 6243 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 6244 | |
wolfSSL | 15:117db924cf7c | 6245 | if (msgType == hello_retry_request) |
wolfSSL | 15:117db924cf7c | 6246 | return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0); |
wolfSSL | 15:117db924cf7c | 6247 | |
wolfSSL | 15:117db924cf7c | 6248 | /* client_hello */ |
wolfSSL | 15:117db924cf7c | 6249 | extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); |
wolfSSL | 15:117db924cf7c | 6250 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 6251 | return HRR_COOKIE_ERROR; |
wolfSSL | 15:117db924cf7c | 6252 | |
wolfSSL | 15:117db924cf7c | 6253 | cookie = (Cookie*)extension->data; |
wolfSSL | 15:117db924cf7c | 6254 | if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0) |
wolfSSL | 15:117db924cf7c | 6255 | return HRR_COOKIE_ERROR; |
wolfSSL | 15:117db924cf7c | 6256 | |
wolfSSL | 15:117db924cf7c | 6257 | /* Request seen. */ |
wolfSSL | 15:117db924cf7c | 6258 | extension->resp = 0; |
wolfSSL | 15:117db924cf7c | 6259 | |
wolfSSL | 15:117db924cf7c | 6260 | return 0; |
wolfSSL | 15:117db924cf7c | 6261 | } |
wolfSSL | 15:117db924cf7c | 6262 | |
wolfSSL | 15:117db924cf7c | 6263 | /* Use the data to create a new Cookie object in the extensions. |
wolfSSL | 15:117db924cf7c | 6264 | * |
wolfSSL | 15:117db924cf7c | 6265 | * ssl SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6266 | * data Cookie data. |
wolfSSL | 15:117db924cf7c | 6267 | * len Length of cookie data in bytes. |
wolfSSL | 15:117db924cf7c | 6268 | * mac MAC data. |
wolfSSL | 15:117db924cf7c | 6269 | * macSz Length of MAC data in bytes. |
wolfSSL | 15:117db924cf7c | 6270 | * resp Indicates the extension will go into a response (HelloRetryRequest). |
wolfSSL | 15:117db924cf7c | 6271 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 6272 | */ |
wolfSSL | 15:117db924cf7c | 6273 | int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac, |
wolfSSL | 15:117db924cf7c | 6274 | byte macSz, int resp) |
wolfSSL | 15:117db924cf7c | 6275 | { |
wolfSSL | 15:117db924cf7c | 6276 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 6277 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 6278 | Cookie* cookie; |
wolfSSL | 15:117db924cf7c | 6279 | |
wolfSSL | 15:117db924cf7c | 6280 | /* Find the cookie extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 6281 | extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); |
wolfSSL | 15:117db924cf7c | 6282 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 6283 | /* Push new cookie extension. */ |
wolfSSL | 15:117db924cf7c | 6284 | ret = TLSX_Push(&ssl->extensions, TLSX_COOKIE, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 6285 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6286 | return ret; |
wolfSSL | 15:117db924cf7c | 6287 | |
wolfSSL | 15:117db924cf7c | 6288 | extension = TLSX_Find(ssl->extensions, TLSX_COOKIE); |
wolfSSL | 15:117db924cf7c | 6289 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 6290 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6291 | } |
wolfSSL | 15:117db924cf7c | 6292 | |
wolfSSL | 15:117db924cf7c | 6293 | /* The Cookie structure has one byte for cookie data already. */ |
wolfSSL | 15:117db924cf7c | 6294 | cookie = (Cookie*)XMALLOC(sizeof(Cookie) + len + macSz - 1, ssl->heap, |
wolfSSL | 15:117db924cf7c | 6295 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 6296 | if (cookie == NULL) |
wolfSSL | 15:117db924cf7c | 6297 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6298 | |
wolfSSL | 15:117db924cf7c | 6299 | cookie->len = len + macSz; |
wolfSSL | 15:117db924cf7c | 6300 | XMEMCPY(&cookie->data, data, len); |
wolfSSL | 15:117db924cf7c | 6301 | if (mac != NULL) |
wolfSSL | 15:117db924cf7c | 6302 | XMEMCPY(&cookie->data + len, mac, macSz); |
wolfSSL | 15:117db924cf7c | 6303 | |
wolfSSL | 15:117db924cf7c | 6304 | extension->data = (void*)cookie; |
wolfSSL | 15:117db924cf7c | 6305 | extension->resp = (byte)resp; |
wolfSSL | 15:117db924cf7c | 6306 | |
wolfSSL | 15:117db924cf7c | 6307 | return 0; |
wolfSSL | 15:117db924cf7c | 6308 | } |
wolfSSL | 15:117db924cf7c | 6309 | |
wolfSSL | 15:117db924cf7c | 6310 | #define CKE_FREE_ALL TLSX_Cookie_FreeAll |
wolfSSL | 15:117db924cf7c | 6311 | #define CKE_GET_SIZE TLSX_Cookie_GetSize |
wolfSSL | 15:117db924cf7c | 6312 | #define CKE_WRITE TLSX_Cookie_Write |
wolfSSL | 15:117db924cf7c | 6313 | #define CKE_PARSE TLSX_Cookie_Parse |
wolfSSL | 15:117db924cf7c | 6314 | |
wolfSSL | 15:117db924cf7c | 6315 | #else |
wolfSSL | 15:117db924cf7c | 6316 | |
wolfSSL | 15:117db924cf7c | 6317 | #define CKE_FREE_ALL(a, b) 0 |
wolfSSL | 15:117db924cf7c | 6318 | #define CKE_GET_SIZE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 6319 | #define CKE_WRITE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 6320 | #define CKE_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 6321 | |
wolfSSL | 15:117db924cf7c | 6322 | #endif |
wolfSSL | 16:8e0d178b1d1e | 6323 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 6324 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6325 | /* Signature Algorithms */ |
wolfSSL | 15:117db924cf7c | 6326 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6327 | |
wolfSSL | 15:117db924cf7c | 6328 | /* Return the size of the SignatureAlgorithms extension's data. |
wolfSSL | 15:117db924cf7c | 6329 | * |
wolfSSL | 15:117db924cf7c | 6330 | * data Unused |
wolfSSL | 15:117db924cf7c | 6331 | * returns the length of data that will be in the extension. |
wolfSSL | 15:117db924cf7c | 6332 | */ |
wolfSSL | 16:8e0d178b1d1e | 6333 | |
wolfSSL | 15:117db924cf7c | 6334 | static word16 TLSX_SignatureAlgorithms_GetSize(void* data) |
wolfSSL | 15:117db924cf7c | 6335 | { |
wolfSSL | 15:117db924cf7c | 6336 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 15:117db924cf7c | 6337 | |
wolfSSL | 15:117db924cf7c | 6338 | return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz; |
wolfSSL | 15:117db924cf7c | 6339 | } |
wolfSSL | 15:117db924cf7c | 6340 | |
wolfSSL | 15:117db924cf7c | 6341 | /* Creates a bit string of supported hash algorithms with RSA PSS. |
wolfSSL | 15:117db924cf7c | 6342 | * The bit string is used when determining which signature algorithm to use |
wolfSSL | 15:117db924cf7c | 6343 | * when creating the CertificateVerify message. |
wolfSSL | 15:117db924cf7c | 6344 | * Note: Valid data has an even length as each signature algorithm is two bytes. |
wolfSSL | 15:117db924cf7c | 6345 | * |
wolfSSL | 15:117db924cf7c | 6346 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6347 | * input The buffer with the list of supported signature algorithms. |
wolfSSL | 15:117db924cf7c | 6348 | * length The length of the list in bytes. |
wolfSSL | 15:117db924cf7c | 6349 | * returns 0 on success, BUFFER_ERROR when the length is not even. |
wolfSSL | 15:117db924cf7c | 6350 | */ |
wolfSSL | 15:117db924cf7c | 6351 | static int TLSX_SignatureAlgorithms_MapPss(WOLFSSL *ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 6352 | word16 length) |
wolfSSL | 15:117db924cf7c | 6353 | { |
wolfSSL | 15:117db924cf7c | 6354 | word16 i; |
wolfSSL | 15:117db924cf7c | 6355 | |
wolfSSL | 15:117db924cf7c | 6356 | if ((length & 1) == 1) |
wolfSSL | 15:117db924cf7c | 6357 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6358 | |
wolfSSL | 15:117db924cf7c | 6359 | ssl->pssAlgo = 0; |
wolfSSL | 15:117db924cf7c | 6360 | for (i = 0; i < length; i += 2) { |
wolfSSL | 15:117db924cf7c | 6361 | if (input[i] == rsa_pss_sa_algo && input[i + 1] <= sha512_mac) |
wolfSSL | 15:117db924cf7c | 6362 | ssl->pssAlgo |= 1 << input[i + 1]; |
wolfSSL | 16:8e0d178b1d1e | 6363 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 6364 | if (input[i] == rsa_pss_sa_algo && input[i + 1] >= pss_sha256 && |
wolfSSL | 16:8e0d178b1d1e | 6365 | input[i + 1] <= pss_sha512) { |
wolfSSL | 16:8e0d178b1d1e | 6366 | ssl->pssAlgo |= 1 << input[i + 1]; |
wolfSSL | 16:8e0d178b1d1e | 6367 | } |
wolfSSL | 16:8e0d178b1d1e | 6368 | #endif |
wolfSSL | 15:117db924cf7c | 6369 | } |
wolfSSL | 15:117db924cf7c | 6370 | |
wolfSSL | 15:117db924cf7c | 6371 | return 0; |
wolfSSL | 15:117db924cf7c | 6372 | } |
wolfSSL | 15:117db924cf7c | 6373 | |
wolfSSL | 15:117db924cf7c | 6374 | /* Writes the SignatureAlgorithms extension into the buffer. |
wolfSSL | 15:117db924cf7c | 6375 | * |
wolfSSL | 15:117db924cf7c | 6376 | * data Unused |
wolfSSL | 15:117db924cf7c | 6377 | * output The buffer to write the extension into. |
wolfSSL | 15:117db924cf7c | 6378 | * returns the length of data that was written. |
wolfSSL | 15:117db924cf7c | 6379 | */ |
wolfSSL | 15:117db924cf7c | 6380 | static word16 TLSX_SignatureAlgorithms_Write(void* data, byte* output) |
wolfSSL | 15:117db924cf7c | 6381 | { |
wolfSSL | 15:117db924cf7c | 6382 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 15:117db924cf7c | 6383 | |
wolfSSL | 15:117db924cf7c | 6384 | c16toa(ssl->suites->hashSigAlgoSz, output); |
wolfSSL | 15:117db924cf7c | 6385 | XMEMCPY(output + OPAQUE16_LEN, ssl->suites->hashSigAlgo, |
wolfSSL | 15:117db924cf7c | 6386 | ssl->suites->hashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 6387 | |
wolfSSL | 15:117db924cf7c | 6388 | TLSX_SignatureAlgorithms_MapPss(ssl, output + OPAQUE16_LEN, |
wolfSSL | 15:117db924cf7c | 6389 | ssl->suites->hashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 6390 | |
wolfSSL | 15:117db924cf7c | 6391 | return OPAQUE16_LEN + ssl->suites->hashSigAlgoSz; |
wolfSSL | 15:117db924cf7c | 6392 | } |
wolfSSL | 15:117db924cf7c | 6393 | |
wolfSSL | 15:117db924cf7c | 6394 | /* Parse the SignatureAlgorithms extension. |
wolfSSL | 15:117db924cf7c | 6395 | * |
wolfSSL | 15:117db924cf7c | 6396 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6397 | * input The buffer with the extension data. |
wolfSSL | 15:117db924cf7c | 6398 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 6399 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6400 | */ |
wolfSSL | 15:117db924cf7c | 6401 | static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 6402 | word16 length, byte isRequest, Suites* suites) |
wolfSSL | 15:117db924cf7c | 6403 | { |
wolfSSL | 15:117db924cf7c | 6404 | word16 len; |
wolfSSL | 15:117db924cf7c | 6405 | |
wolfSSL | 15:117db924cf7c | 6406 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 6407 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6408 | |
wolfSSL | 15:117db924cf7c | 6409 | /* Must contain a length and at least algorithm. */ |
wolfSSL | 15:117db924cf7c | 6410 | if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0) |
wolfSSL | 15:117db924cf7c | 6411 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6412 | |
wolfSSL | 15:117db924cf7c | 6413 | ato16(input, &len); |
wolfSSL | 15:117db924cf7c | 6414 | input += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 6415 | |
wolfSSL | 15:117db924cf7c | 6416 | /* Algorithm array must fill rest of data. */ |
wolfSSL | 15:117db924cf7c | 6417 | if (length != OPAQUE16_LEN + len) |
wolfSSL | 15:117db924cf7c | 6418 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6419 | |
wolfSSL | 15:117db924cf7c | 6420 | /* truncate hashSigAlgo list if too long */ |
wolfSSL | 15:117db924cf7c | 6421 | suites->hashSigAlgoSz = len; |
wolfSSL | 15:117db924cf7c | 6422 | if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { |
wolfSSL | 15:117db924cf7c | 6423 | WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating"); |
wolfSSL | 15:117db924cf7c | 6424 | suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; |
wolfSSL | 15:117db924cf7c | 6425 | } |
wolfSSL | 15:117db924cf7c | 6426 | XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 6427 | |
wolfSSL | 15:117db924cf7c | 6428 | return TLSX_SignatureAlgorithms_MapPss(ssl, input, len); |
wolfSSL | 15:117db924cf7c | 6429 | } |
wolfSSL | 15:117db924cf7c | 6430 | |
wolfSSL | 15:117db924cf7c | 6431 | /* Sets a new SignatureAlgorithms extension into the extension list. |
wolfSSL | 15:117db924cf7c | 6432 | * |
wolfSSL | 15:117db924cf7c | 6433 | * extensions The list of extensions. |
wolfSSL | 15:117db924cf7c | 6434 | * data The extensions specific data. |
wolfSSL | 15:117db924cf7c | 6435 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 6436 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6437 | */ |
wolfSSL | 15:117db924cf7c | 6438 | static int TLSX_SetSignatureAlgorithms(TLSX** extensions, const void* data, |
wolfSSL | 15:117db924cf7c | 6439 | void* heap) |
wolfSSL | 15:117db924cf7c | 6440 | { |
wolfSSL | 15:117db924cf7c | 6441 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 6442 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 6443 | |
wolfSSL | 15:117db924cf7c | 6444 | return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS, (void *)data, heap); |
wolfSSL | 15:117db924cf7c | 6445 | } |
wolfSSL | 15:117db924cf7c | 6446 | |
wolfSSL | 15:117db924cf7c | 6447 | #define SA_GET_SIZE TLSX_SignatureAlgorithms_GetSize |
wolfSSL | 15:117db924cf7c | 6448 | #define SA_WRITE TLSX_SignatureAlgorithms_Write |
wolfSSL | 15:117db924cf7c | 6449 | #define SA_PARSE TLSX_SignatureAlgorithms_Parse |
wolfSSL | 16:8e0d178b1d1e | 6450 | #endif |
wolfSSL | 15:117db924cf7c | 6451 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6452 | /* Signature Algorithms Certificate */ |
wolfSSL | 15:117db924cf7c | 6453 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6454 | |
wolfSSL | 15:117db924cf7c | 6455 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 6456 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 6457 | /* Return the size of the SignatureAlgorithms extension's data. |
wolfSSL | 15:117db924cf7c | 6458 | * |
wolfSSL | 15:117db924cf7c | 6459 | * data Unused |
wolfSSL | 15:117db924cf7c | 6460 | * returns the length of data that will be in the extension. |
wolfSSL | 15:117db924cf7c | 6461 | */ |
wolfSSL | 15:117db924cf7c | 6462 | static word16 TLSX_SignatureAlgorithmsCert_GetSize(void* data) |
wolfSSL | 15:117db924cf7c | 6463 | { |
wolfSSL | 15:117db924cf7c | 6464 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 15:117db924cf7c | 6465 | |
wolfSSL | 15:117db924cf7c | 6466 | return OPAQUE16_LEN + ssl->certHashSigAlgoSz; |
wolfSSL | 15:117db924cf7c | 6467 | } |
wolfSSL | 15:117db924cf7c | 6468 | |
wolfSSL | 15:117db924cf7c | 6469 | /* Writes the SignatureAlgorithmsCert extension into the buffer. |
wolfSSL | 15:117db924cf7c | 6470 | * |
wolfSSL | 15:117db924cf7c | 6471 | * data Unused |
wolfSSL | 15:117db924cf7c | 6472 | * output The buffer to write the extension into. |
wolfSSL | 15:117db924cf7c | 6473 | * returns the length of data that was written. |
wolfSSL | 15:117db924cf7c | 6474 | */ |
wolfSSL | 15:117db924cf7c | 6475 | static word16 TLSX_SignatureAlgorithmsCert_Write(void* data, byte* output) |
wolfSSL | 15:117db924cf7c | 6476 | { |
wolfSSL | 15:117db924cf7c | 6477 | WOLFSSL* ssl = (WOLFSSL*)data; |
wolfSSL | 15:117db924cf7c | 6478 | |
wolfSSL | 15:117db924cf7c | 6479 | c16toa(ssl->certHashSigAlgoSz, output); |
wolfSSL | 15:117db924cf7c | 6480 | XMEMCPY(output + OPAQUE16_LEN, ssl->certHashSigAlgo, |
wolfSSL | 15:117db924cf7c | 6481 | ssl->certHashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 6482 | |
wolfSSL | 15:117db924cf7c | 6483 | return OPAQUE16_LEN + ssl->certHashSigAlgoSz; |
wolfSSL | 15:117db924cf7c | 6484 | } |
wolfSSL | 15:117db924cf7c | 6485 | |
wolfSSL | 15:117db924cf7c | 6486 | /* Parse the SignatureAlgorithmsCert extension. |
wolfSSL | 15:117db924cf7c | 6487 | * |
wolfSSL | 15:117db924cf7c | 6488 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6489 | * input The buffer with the extension data. |
wolfSSL | 15:117db924cf7c | 6490 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 6491 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6492 | */ |
wolfSSL | 15:117db924cf7c | 6493 | static int TLSX_SignatureAlgorithmsCert_Parse(WOLFSSL *ssl, byte* input, |
wolfSSL | 15:117db924cf7c | 6494 | word16 length, byte isRequest) |
wolfSSL | 15:117db924cf7c | 6495 | { |
wolfSSL | 15:117db924cf7c | 6496 | word16 len; |
wolfSSL | 15:117db924cf7c | 6497 | |
wolfSSL | 15:117db924cf7c | 6498 | if (!isRequest) |
wolfSSL | 15:117db924cf7c | 6499 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6500 | |
wolfSSL | 15:117db924cf7c | 6501 | /* Must contain a length and at least algorithm. */ |
wolfSSL | 15:117db924cf7c | 6502 | if (length < OPAQUE16_LEN + OPAQUE16_LEN || (length & 1) != 0) |
wolfSSL | 15:117db924cf7c | 6503 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6504 | |
wolfSSL | 15:117db924cf7c | 6505 | ato16(input, &len); |
wolfSSL | 15:117db924cf7c | 6506 | input += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 6507 | |
wolfSSL | 15:117db924cf7c | 6508 | /* Algorithm array must fill rest of data. */ |
wolfSSL | 15:117db924cf7c | 6509 | if (length != OPAQUE16_LEN + len) |
wolfSSL | 15:117db924cf7c | 6510 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 6511 | |
wolfSSL | 15:117db924cf7c | 6512 | /* truncate hashSigAlgo list if too long */ |
wolfSSL | 15:117db924cf7c | 6513 | ssl->certHashSigAlgoSz = len; |
wolfSSL | 15:117db924cf7c | 6514 | if (ssl->certHashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { |
wolfSSL | 15:117db924cf7c | 6515 | WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating"); |
wolfSSL | 15:117db924cf7c | 6516 | ssl->certHashSigAlgoSz = WOLFSSL_MAX_SIGALGO; |
wolfSSL | 15:117db924cf7c | 6517 | } |
wolfSSL | 15:117db924cf7c | 6518 | XMEMCPY(ssl->certHashSigAlgo, input, ssl->certHashSigAlgoSz); |
wolfSSL | 15:117db924cf7c | 6519 | |
wolfSSL | 15:117db924cf7c | 6520 | return 0; |
wolfSSL | 15:117db924cf7c | 6521 | } |
wolfSSL | 15:117db924cf7c | 6522 | |
wolfSSL | 15:117db924cf7c | 6523 | /* Sets a new SignatureAlgorithmsCert extension into the extension list. |
wolfSSL | 15:117db924cf7c | 6524 | * |
wolfSSL | 15:117db924cf7c | 6525 | * extensions The list of extensions. |
wolfSSL | 15:117db924cf7c | 6526 | * data The extensions specific data. |
wolfSSL | 15:117db924cf7c | 6527 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 6528 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6529 | */ |
wolfSSL | 15:117db924cf7c | 6530 | static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, const void* data, |
wolfSSL | 15:117db924cf7c | 6531 | void* heap) |
wolfSSL | 15:117db924cf7c | 6532 | { |
wolfSSL | 15:117db924cf7c | 6533 | if (extensions == NULL) |
wolfSSL | 15:117db924cf7c | 6534 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 6535 | |
wolfSSL | 15:117db924cf7c | 6536 | return TLSX_Push(extensions, TLSX_SIGNATURE_ALGORITHMS_CERT, (void *)data, |
wolfSSL | 15:117db924cf7c | 6537 | heap); |
wolfSSL | 15:117db924cf7c | 6538 | } |
wolfSSL | 15:117db924cf7c | 6539 | |
wolfSSL | 15:117db924cf7c | 6540 | #define SAC_GET_SIZE TLSX_SignatureAlgorithmsCert_GetSize |
wolfSSL | 15:117db924cf7c | 6541 | #define SAC_WRITE TLSX_SignatureAlgorithmsCert_Write |
wolfSSL | 15:117db924cf7c | 6542 | #define SAC_PARSE TLSX_SignatureAlgorithmsCert_Parse |
wolfSSL | 15:117db924cf7c | 6543 | #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ |
wolfSSL | 15:117db924cf7c | 6544 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 6545 | |
wolfSSL | 15:117db924cf7c | 6546 | |
wolfSSL | 15:117db924cf7c | 6547 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6548 | /* Key Share */ |
wolfSSL | 15:117db924cf7c | 6549 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 6550 | |
wolfSSL | 15:117db924cf7c | 6551 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 6552 | /* Create a key share entry using named Diffie-Hellman parameters group. |
wolfSSL | 15:117db924cf7c | 6553 | * Generates a key pair. |
wolfSSL | 15:117db924cf7c | 6554 | * |
wolfSSL | 15:117db924cf7c | 6555 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6556 | * kse The key share entry object. |
wolfSSL | 15:117db924cf7c | 6557 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6558 | */ |
wolfSSL | 15:117db924cf7c | 6559 | static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) |
wolfSSL | 15:117db924cf7c | 6560 | { |
wolfSSL | 15:117db924cf7c | 6561 | int ret; |
wolfSSL | 15:117db924cf7c | 6562 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 6563 | byte* keyData; |
wolfSSL | 15:117db924cf7c | 6564 | void* key = NULL; |
wolfSSL | 15:117db924cf7c | 6565 | word32 keySz; |
wolfSSL | 15:117db924cf7c | 6566 | word32 dataSz; |
wolfSSL | 15:117db924cf7c | 6567 | const DhParams* params; |
wolfSSL | 15:117db924cf7c | 6568 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 6569 | DhKey* dhKey = NULL; |
wolfSSL | 15:117db924cf7c | 6570 | #else |
wolfSSL | 15:117db924cf7c | 6571 | DhKey dhKey[1]; |
wolfSSL | 15:117db924cf7c | 6572 | #endif |
wolfSSL | 15:117db924cf7c | 6573 | |
wolfSSL | 15:117db924cf7c | 6574 | /* TODO: [TLS13] The key size should come from wolfcrypt. */ |
wolfSSL | 15:117db924cf7c | 6575 | /* Pick the parameters from the named group. */ |
wolfSSL | 15:117db924cf7c | 6576 | switch (kse->group) { |
wolfSSL | 15:117db924cf7c | 6577 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 15:117db924cf7c | 6578 | case WOLFSSL_FFDHE_2048: |
wolfSSL | 15:117db924cf7c | 6579 | params = wc_Dh_ffdhe2048_Get(); |
wolfSSL | 15:117db924cf7c | 6580 | keySz = 29; |
wolfSSL | 15:117db924cf7c | 6581 | break; |
wolfSSL | 15:117db924cf7c | 6582 | #endif |
wolfSSL | 15:117db924cf7c | 6583 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 15:117db924cf7c | 6584 | case WOLFSSL_FFDHE_3072: |
wolfSSL | 15:117db924cf7c | 6585 | params = wc_Dh_ffdhe3072_Get(); |
wolfSSL | 15:117db924cf7c | 6586 | keySz = 34; |
wolfSSL | 15:117db924cf7c | 6587 | break; |
wolfSSL | 15:117db924cf7c | 6588 | #endif |
wolfSSL | 15:117db924cf7c | 6589 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 15:117db924cf7c | 6590 | case WOLFSSL_FFDHE_4096: |
wolfSSL | 15:117db924cf7c | 6591 | params = wc_Dh_ffdhe4096_Get(); |
wolfSSL | 15:117db924cf7c | 6592 | keySz = 39; |
wolfSSL | 15:117db924cf7c | 6593 | break; |
wolfSSL | 15:117db924cf7c | 6594 | #endif |
wolfSSL | 15:117db924cf7c | 6595 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 15:117db924cf7c | 6596 | case WOLFSSL_FFDHE_6144: |
wolfSSL | 15:117db924cf7c | 6597 | params = wc_Dh_ffdhe6144_Get(); |
wolfSSL | 15:117db924cf7c | 6598 | keySz = 46; |
wolfSSL | 15:117db924cf7c | 6599 | break; |
wolfSSL | 15:117db924cf7c | 6600 | #endif |
wolfSSL | 15:117db924cf7c | 6601 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 15:117db924cf7c | 6602 | case WOLFSSL_FFDHE_8192: |
wolfSSL | 15:117db924cf7c | 6603 | params = wc_Dh_ffdhe8192_Get(); |
wolfSSL | 15:117db924cf7c | 6604 | keySz = 52; |
wolfSSL | 15:117db924cf7c | 6605 | break; |
wolfSSL | 15:117db924cf7c | 6606 | #endif |
wolfSSL | 15:117db924cf7c | 6607 | default: |
wolfSSL | 15:117db924cf7c | 6608 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 6609 | } |
wolfSSL | 15:117db924cf7c | 6610 | |
wolfSSL | 15:117db924cf7c | 6611 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 6612 | dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 6613 | if (dhKey == NULL) |
wolfSSL | 15:117db924cf7c | 6614 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6615 | #endif |
wolfSSL | 15:117db924cf7c | 6616 | |
wolfSSL | 15:117db924cf7c | 6617 | ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 6618 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 6619 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 6620 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 6621 | #endif |
wolfSSL | 15:117db924cf7c | 6622 | return ret; |
wolfSSL | 15:117db924cf7c | 6623 | } |
wolfSSL | 15:117db924cf7c | 6624 | |
wolfSSL | 15:117db924cf7c | 6625 | /* Allocate space for the public key. */ |
wolfSSL | 15:117db924cf7c | 6626 | dataSz = params->p_len; |
wolfSSL | 15:117db924cf7c | 6627 | keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6628 | if (keyData == NULL) { |
wolfSSL | 15:117db924cf7c | 6629 | ret = MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6630 | goto end; |
wolfSSL | 15:117db924cf7c | 6631 | } |
wolfSSL | 15:117db924cf7c | 6632 | /* Allocate space for the private key. */ |
wolfSSL | 15:117db924cf7c | 6633 | key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6634 | if (key == NULL) { |
wolfSSL | 15:117db924cf7c | 6635 | ret = MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6636 | goto end; |
wolfSSL | 15:117db924cf7c | 6637 | } |
wolfSSL | 15:117db924cf7c | 6638 | |
wolfSSL | 15:117db924cf7c | 6639 | /* Set key */ |
wolfSSL | 15:117db924cf7c | 6640 | ret = wc_DhSetKey(dhKey, |
wolfSSL | 15:117db924cf7c | 6641 | (byte*)params->p, params->p_len, |
wolfSSL | 15:117db924cf7c | 6642 | (byte*)params->g, params->g_len); |
wolfSSL | 15:117db924cf7c | 6643 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6644 | goto end; |
wolfSSL | 15:117db924cf7c | 6645 | |
wolfSSL | 15:117db924cf7c | 6646 | /* Generate a new key pair. */ |
wolfSSL | 15:117db924cf7c | 6647 | ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, (byte*)key, &keySz, keyData, |
wolfSSL | 15:117db924cf7c | 6648 | &dataSz); |
wolfSSL | 15:117db924cf7c | 6649 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 6650 | /* TODO: Make this function non-blocking */ |
wolfSSL | 15:117db924cf7c | 6651 | if (ret == WC_PENDING_E) { |
wolfSSL | 15:117db924cf7c | 6652 | ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); |
wolfSSL | 15:117db924cf7c | 6653 | } |
wolfSSL | 15:117db924cf7c | 6654 | #endif |
wolfSSL | 15:117db924cf7c | 6655 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6656 | goto end; |
wolfSSL | 15:117db924cf7c | 6657 | |
wolfSSL | 15:117db924cf7c | 6658 | if (params->p_len != dataSz) { |
wolfSSL | 15:117db924cf7c | 6659 | /* Pad the front of the key data with zeros. */ |
wolfSSL | 15:117db924cf7c | 6660 | XMEMMOVE(keyData + params->p_len - dataSz, keyData, dataSz); |
wolfSSL | 15:117db924cf7c | 6661 | XMEMSET(keyData, 0, params->p_len - dataSz); |
wolfSSL | 15:117db924cf7c | 6662 | } |
wolfSSL | 15:117db924cf7c | 6663 | |
wolfSSL | 15:117db924cf7c | 6664 | kse->pubKey = keyData; |
wolfSSL | 15:117db924cf7c | 6665 | kse->pubKeyLen = params->p_len; |
wolfSSL | 15:117db924cf7c | 6666 | kse->key = key; |
wolfSSL | 15:117db924cf7c | 6667 | kse->keyLen = keySz; |
wolfSSL | 15:117db924cf7c | 6668 | |
wolfSSL | 15:117db924cf7c | 6669 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 6670 | WOLFSSL_MSG("Public DH Key"); |
wolfSSL | 15:117db924cf7c | 6671 | WOLFSSL_BUFFER(keyData, params->p_len); |
wolfSSL | 15:117db924cf7c | 6672 | #endif |
wolfSSL | 15:117db924cf7c | 6673 | |
wolfSSL | 15:117db924cf7c | 6674 | end: |
wolfSSL | 15:117db924cf7c | 6675 | |
wolfSSL | 15:117db924cf7c | 6676 | wc_FreeDhKey(dhKey); |
wolfSSL | 15:117db924cf7c | 6677 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 6678 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 6679 | #endif |
wolfSSL | 15:117db924cf7c | 6680 | |
wolfSSL | 15:117db924cf7c | 6681 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 6682 | /* Data owned by key share entry otherwise. */ |
wolfSSL | 15:117db924cf7c | 6683 | if (keyData != NULL) |
wolfSSL | 15:117db924cf7c | 6684 | XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6685 | if (key != NULL) |
wolfSSL | 15:117db924cf7c | 6686 | XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6687 | } |
wolfSSL | 15:117db924cf7c | 6688 | #else |
wolfSSL | 15:117db924cf7c | 6689 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 6690 | (void)kse; |
wolfSSL | 15:117db924cf7c | 6691 | |
wolfSSL | 15:117db924cf7c | 6692 | ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 6693 | #endif |
wolfSSL | 15:117db924cf7c | 6694 | |
wolfSSL | 15:117db924cf7c | 6695 | return ret; |
wolfSSL | 15:117db924cf7c | 6696 | } |
wolfSSL | 15:117db924cf7c | 6697 | |
wolfSSL | 15:117db924cf7c | 6698 | /* Create a key share entry using X25519 parameters group. |
wolfSSL | 15:117db924cf7c | 6699 | * Generates a key pair. |
wolfSSL | 15:117db924cf7c | 6700 | * |
wolfSSL | 15:117db924cf7c | 6701 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6702 | * kse The key share entry object. |
wolfSSL | 15:117db924cf7c | 6703 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6704 | */ |
wolfSSL | 15:117db924cf7c | 6705 | static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) |
wolfSSL | 15:117db924cf7c | 6706 | { |
wolfSSL | 15:117db924cf7c | 6707 | int ret; |
wolfSSL | 15:117db924cf7c | 6708 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 6709 | byte* keyData = NULL; |
wolfSSL | 15:117db924cf7c | 6710 | word32 dataSize = CURVE25519_KEYSIZE; |
wolfSSL | 15:117db924cf7c | 6711 | curve25519_key* key; |
wolfSSL | 15:117db924cf7c | 6712 | |
wolfSSL | 15:117db924cf7c | 6713 | /* Allocate an ECC key to hold private key. */ |
wolfSSL | 16:8e0d178b1d1e | 6714 | key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 6715 | DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6716 | if (key == NULL) { |
wolfSSL | 15:117db924cf7c | 6717 | WOLFSSL_MSG("EccTempKey Memory error"); |
wolfSSL | 15:117db924cf7c | 6718 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6719 | } |
wolfSSL | 15:117db924cf7c | 6720 | |
wolfSSL | 15:117db924cf7c | 6721 | /* Make an ECC key. */ |
wolfSSL | 15:117db924cf7c | 6722 | ret = wc_curve25519_init(key); |
wolfSSL | 15:117db924cf7c | 6723 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6724 | goto end; |
wolfSSL | 15:117db924cf7c | 6725 | ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key); |
wolfSSL | 15:117db924cf7c | 6726 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6727 | goto end; |
wolfSSL | 15:117db924cf7c | 6728 | |
wolfSSL | 15:117db924cf7c | 6729 | /* Allocate space for the public key. */ |
wolfSSL | 15:117db924cf7c | 6730 | keyData = (byte*)XMALLOC(CURVE25519_KEYSIZE, ssl->heap, |
wolfSSL | 15:117db924cf7c | 6731 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6732 | if (keyData == NULL) { |
wolfSSL | 15:117db924cf7c | 6733 | WOLFSSL_MSG("Key data Memory error"); |
wolfSSL | 15:117db924cf7c | 6734 | ret = MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6735 | goto end; |
wolfSSL | 15:117db924cf7c | 6736 | } |
wolfSSL | 15:117db924cf7c | 6737 | |
wolfSSL | 15:117db924cf7c | 6738 | /* Export public key. */ |
wolfSSL | 15:117db924cf7c | 6739 | if (wc_curve25519_export_public_ex(key, keyData, &dataSize, |
wolfSSL | 15:117db924cf7c | 6740 | EC25519_LITTLE_ENDIAN) != 0) { |
wolfSSL | 15:117db924cf7c | 6741 | ret = ECC_EXPORT_ERROR; |
wolfSSL | 15:117db924cf7c | 6742 | goto end; |
wolfSSL | 15:117db924cf7c | 6743 | } |
wolfSSL | 15:117db924cf7c | 6744 | |
wolfSSL | 15:117db924cf7c | 6745 | kse->pubKey = keyData; |
wolfSSL | 15:117db924cf7c | 6746 | kse->pubKeyLen = CURVE25519_KEYSIZE; |
wolfSSL | 15:117db924cf7c | 6747 | kse->key = key; |
wolfSSL | 15:117db924cf7c | 6748 | |
wolfSSL | 15:117db924cf7c | 6749 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 6750 | WOLFSSL_MSG("Public Curve25519 Key"); |
wolfSSL | 15:117db924cf7c | 6751 | WOLFSSL_BUFFER(keyData, dataSize); |
wolfSSL | 15:117db924cf7c | 6752 | #endif |
wolfSSL | 15:117db924cf7c | 6753 | |
wolfSSL | 15:117db924cf7c | 6754 | end: |
wolfSSL | 15:117db924cf7c | 6755 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 6756 | /* Data owned by key share entry otherwise. */ |
wolfSSL | 15:117db924cf7c | 6757 | if (keyData != NULL) |
wolfSSL | 15:117db924cf7c | 6758 | XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6759 | wc_curve25519_free(key); |
wolfSSL | 15:117db924cf7c | 6760 | XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6761 | } |
wolfSSL | 15:117db924cf7c | 6762 | #else |
wolfSSL | 15:117db924cf7c | 6763 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 6764 | (void)kse; |
wolfSSL | 15:117db924cf7c | 6765 | |
wolfSSL | 15:117db924cf7c | 6766 | ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 6767 | #endif /* HAVE_CURVE25519 */ |
wolfSSL | 15:117db924cf7c | 6768 | |
wolfSSL | 15:117db924cf7c | 6769 | return ret; |
wolfSSL | 15:117db924cf7c | 6770 | } |
wolfSSL | 15:117db924cf7c | 6771 | |
wolfSSL | 16:8e0d178b1d1e | 6772 | /* Create a key share entry using X448 parameters group. |
wolfSSL | 16:8e0d178b1d1e | 6773 | * Generates a key pair. |
wolfSSL | 16:8e0d178b1d1e | 6774 | * |
wolfSSL | 16:8e0d178b1d1e | 6775 | * ssl The SSL/TLS object. |
wolfSSL | 16:8e0d178b1d1e | 6776 | * kse The key share entry object. |
wolfSSL | 16:8e0d178b1d1e | 6777 | * returns 0 on success, otherwise failure. |
wolfSSL | 16:8e0d178b1d1e | 6778 | */ |
wolfSSL | 16:8e0d178b1d1e | 6779 | static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) |
wolfSSL | 16:8e0d178b1d1e | 6780 | { |
wolfSSL | 16:8e0d178b1d1e | 6781 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 6782 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 6783 | byte* keyData = NULL; |
wolfSSL | 16:8e0d178b1d1e | 6784 | word32 dataSize = CURVE448_KEY_SIZE; |
wolfSSL | 16:8e0d178b1d1e | 6785 | curve448_key* key; |
wolfSSL | 16:8e0d178b1d1e | 6786 | |
wolfSSL | 16:8e0d178b1d1e | 6787 | /* Allocate an ECC key to hold private key. */ |
wolfSSL | 16:8e0d178b1d1e | 6788 | key = (curve448_key*)XMALLOC(sizeof(curve448_key), ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 6789 | DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 6790 | if (key == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 6791 | WOLFSSL_MSG("EccTempKey Memory error"); |
wolfSSL | 16:8e0d178b1d1e | 6792 | return MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 6793 | } |
wolfSSL | 16:8e0d178b1d1e | 6794 | |
wolfSSL | 16:8e0d178b1d1e | 6795 | /* Make an ECC key. */ |
wolfSSL | 16:8e0d178b1d1e | 6796 | ret = wc_curve448_init(key); |
wolfSSL | 16:8e0d178b1d1e | 6797 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 6798 | goto end; |
wolfSSL | 16:8e0d178b1d1e | 6799 | ret = wc_curve448_make_key(ssl->rng, CURVE448_KEY_SIZE, key); |
wolfSSL | 16:8e0d178b1d1e | 6800 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 6801 | goto end; |
wolfSSL | 16:8e0d178b1d1e | 6802 | |
wolfSSL | 16:8e0d178b1d1e | 6803 | /* Allocate space for the public key. */ |
wolfSSL | 16:8e0d178b1d1e | 6804 | keyData = (byte*)XMALLOC(CURVE448_KEY_SIZE, ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 6805 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 6806 | if (keyData == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 6807 | WOLFSSL_MSG("Key data Memory error"); |
wolfSSL | 16:8e0d178b1d1e | 6808 | ret = MEMORY_E; |
wolfSSL | 16:8e0d178b1d1e | 6809 | goto end; |
wolfSSL | 16:8e0d178b1d1e | 6810 | } |
wolfSSL | 16:8e0d178b1d1e | 6811 | |
wolfSSL | 16:8e0d178b1d1e | 6812 | /* Export public key. */ |
wolfSSL | 16:8e0d178b1d1e | 6813 | if (wc_curve448_export_public_ex(key, keyData, &dataSize, |
wolfSSL | 16:8e0d178b1d1e | 6814 | EC448_LITTLE_ENDIAN) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 6815 | ret = ECC_EXPORT_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 6816 | goto end; |
wolfSSL | 16:8e0d178b1d1e | 6817 | } |
wolfSSL | 16:8e0d178b1d1e | 6818 | |
wolfSSL | 16:8e0d178b1d1e | 6819 | kse->pubKey = keyData; |
wolfSSL | 16:8e0d178b1d1e | 6820 | kse->pubKeyLen = CURVE448_KEY_SIZE; |
wolfSSL | 16:8e0d178b1d1e | 6821 | kse->key = key; |
wolfSSL | 16:8e0d178b1d1e | 6822 | |
wolfSSL | 16:8e0d178b1d1e | 6823 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 6824 | WOLFSSL_MSG("Public Curve448 Key"); |
wolfSSL | 16:8e0d178b1d1e | 6825 | WOLFSSL_BUFFER(keyData, dataSize); |
wolfSSL | 16:8e0d178b1d1e | 6826 | #endif |
wolfSSL | 16:8e0d178b1d1e | 6827 | |
wolfSSL | 16:8e0d178b1d1e | 6828 | end: |
wolfSSL | 16:8e0d178b1d1e | 6829 | if (ret != 0) { |
wolfSSL | 16:8e0d178b1d1e | 6830 | /* Data owned by key share entry otherwise. */ |
wolfSSL | 16:8e0d178b1d1e | 6831 | if (keyData != NULL) |
wolfSSL | 16:8e0d178b1d1e | 6832 | XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 6833 | wc_curve448_free(key); |
wolfSSL | 16:8e0d178b1d1e | 6834 | XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 6835 | } |
wolfSSL | 16:8e0d178b1d1e | 6836 | #else |
wolfSSL | 16:8e0d178b1d1e | 6837 | (void)ssl; |
wolfSSL | 16:8e0d178b1d1e | 6838 | (void)kse; |
wolfSSL | 16:8e0d178b1d1e | 6839 | |
wolfSSL | 16:8e0d178b1d1e | 6840 | ret = NOT_COMPILED_IN; |
wolfSSL | 16:8e0d178b1d1e | 6841 | #endif /* HAVE_CURVE448 */ |
wolfSSL | 16:8e0d178b1d1e | 6842 | |
wolfSSL | 16:8e0d178b1d1e | 6843 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 6844 | } |
wolfSSL | 16:8e0d178b1d1e | 6845 | |
wolfSSL | 15:117db924cf7c | 6846 | /* Create a key share entry using named elliptic curve parameters group. |
wolfSSL | 15:117db924cf7c | 6847 | * Generates a key pair. |
wolfSSL | 15:117db924cf7c | 6848 | * |
wolfSSL | 15:117db924cf7c | 6849 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6850 | * kse The key share entry object. |
wolfSSL | 15:117db924cf7c | 6851 | * returns 0 on success, otherwise failure. |
wolfSSL | 15:117db924cf7c | 6852 | */ |
wolfSSL | 15:117db924cf7c | 6853 | static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) |
wolfSSL | 15:117db924cf7c | 6854 | { |
wolfSSL | 15:117db924cf7c | 6855 | int ret; |
wolfSSL | 15:117db924cf7c | 6856 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 6857 | byte* keyData = NULL; |
wolfSSL | 15:117db924cf7c | 6858 | word32 dataSize; |
wolfSSL | 15:117db924cf7c | 6859 | byte* keyPtr = NULL; |
wolfSSL | 15:117db924cf7c | 6860 | word32 keySize; |
wolfSSL | 15:117db924cf7c | 6861 | ecc_key* eccKey; |
wolfSSL | 15:117db924cf7c | 6862 | word16 curveId; |
wolfSSL | 15:117db924cf7c | 6863 | |
wolfSSL | 15:117db924cf7c | 6864 | /* TODO: [TLS13] The key sizes should come from wolfcrypt. */ |
wolfSSL | 15:117db924cf7c | 6865 | /* Translate named group to a curve id. */ |
wolfSSL | 15:117db924cf7c | 6866 | switch (kse->group) { |
wolfSSL | 15:117db924cf7c | 6867 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 6868 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 6869 | case WOLFSSL_ECC_SECP256R1: |
wolfSSL | 15:117db924cf7c | 6870 | curveId = ECC_SECP256R1; |
wolfSSL | 15:117db924cf7c | 6871 | keySize = 32; |
wolfSSL | 15:117db924cf7c | 6872 | dataSize = keySize * 2 + 1; |
wolfSSL | 15:117db924cf7c | 6873 | break; |
wolfSSL | 15:117db924cf7c | 6874 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 6875 | #endif |
wolfSSL | 15:117db924cf7c | 6876 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 6877 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 6878 | case WOLFSSL_ECC_SECP384R1: |
wolfSSL | 15:117db924cf7c | 6879 | curveId = ECC_SECP384R1; |
wolfSSL | 15:117db924cf7c | 6880 | keySize = 48; |
wolfSSL | 15:117db924cf7c | 6881 | dataSize = keySize * 2 + 1; |
wolfSSL | 15:117db924cf7c | 6882 | break; |
wolfSSL | 15:117db924cf7c | 6883 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 6884 | #endif |
wolfSSL | 15:117db924cf7c | 6885 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 6886 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 6887 | case WOLFSSL_ECC_SECP521R1: |
wolfSSL | 15:117db924cf7c | 6888 | curveId = ECC_SECP521R1; |
wolfSSL | 15:117db924cf7c | 6889 | keySize = 66; |
wolfSSL | 15:117db924cf7c | 6890 | dataSize = keySize * 2 + 1; |
wolfSSL | 15:117db924cf7c | 6891 | break; |
wolfSSL | 15:117db924cf7c | 6892 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 6893 | #endif |
wolfSSL | 15:117db924cf7c | 6894 | #ifdef HAVE_X448 |
wolfSSL | 15:117db924cf7c | 6895 | case WOLFSSL_ECC_X448: |
wolfSSL | 15:117db924cf7c | 6896 | curveId = ECC_X448; |
wolfSSL | 15:117db924cf7c | 6897 | dataSize = keySize = 56; |
wolfSSL | 15:117db924cf7c | 6898 | break; |
wolfSSL | 15:117db924cf7c | 6899 | #endif |
wolfSSL | 15:117db924cf7c | 6900 | default: |
wolfSSL | 15:117db924cf7c | 6901 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 6902 | } |
wolfSSL | 15:117db924cf7c | 6903 | |
wolfSSL | 15:117db924cf7c | 6904 | /* Allocate an ECC key to hold private key. */ |
wolfSSL | 15:117db924cf7c | 6905 | keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, |
wolfSSL | 15:117db924cf7c | 6906 | DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6907 | if (keyPtr == NULL) { |
wolfSSL | 15:117db924cf7c | 6908 | WOLFSSL_MSG("EccTempKey Memory error"); |
wolfSSL | 15:117db924cf7c | 6909 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6910 | } |
wolfSSL | 15:117db924cf7c | 6911 | eccKey = (ecc_key*)keyPtr; |
wolfSSL | 15:117db924cf7c | 6912 | |
wolfSSL | 15:117db924cf7c | 6913 | /* Make an ECC key. */ |
wolfSSL | 15:117db924cf7c | 6914 | ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 6915 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6916 | goto end; |
wolfSSL | 15:117db924cf7c | 6917 | ret = wc_ecc_make_key_ex(ssl->rng, keySize, eccKey, curveId); |
wolfSSL | 15:117db924cf7c | 6918 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 6919 | /* TODO: Make this function non-blocking */ |
wolfSSL | 15:117db924cf7c | 6920 | if (ret == WC_PENDING_E) { |
wolfSSL | 15:117db924cf7c | 6921 | ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE); |
wolfSSL | 15:117db924cf7c | 6922 | } |
wolfSSL | 15:117db924cf7c | 6923 | #endif |
wolfSSL | 15:117db924cf7c | 6924 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 6925 | goto end; |
wolfSSL | 15:117db924cf7c | 6926 | |
wolfSSL | 15:117db924cf7c | 6927 | /* Allocate space for the public key. */ |
wolfSSL | 15:117db924cf7c | 6928 | keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6929 | if (keyData == NULL) { |
wolfSSL | 15:117db924cf7c | 6930 | WOLFSSL_MSG("Key data Memory error"); |
wolfSSL | 15:117db924cf7c | 6931 | ret = MEMORY_E; |
wolfSSL | 15:117db924cf7c | 6932 | goto end; |
wolfSSL | 15:117db924cf7c | 6933 | } |
wolfSSL | 15:117db924cf7c | 6934 | |
wolfSSL | 15:117db924cf7c | 6935 | /* Export public key. */ |
wolfSSL | 15:117db924cf7c | 6936 | if (wc_ecc_export_x963(eccKey, keyData, &dataSize) != 0) { |
wolfSSL | 15:117db924cf7c | 6937 | ret = ECC_EXPORT_ERROR; |
wolfSSL | 15:117db924cf7c | 6938 | goto end; |
wolfSSL | 15:117db924cf7c | 6939 | } |
wolfSSL | 15:117db924cf7c | 6940 | |
wolfSSL | 15:117db924cf7c | 6941 | kse->pubKey = keyData; |
wolfSSL | 15:117db924cf7c | 6942 | kse->pubKeyLen = dataSize; |
wolfSSL | 15:117db924cf7c | 6943 | kse->key = keyPtr; |
wolfSSL | 15:117db924cf7c | 6944 | |
wolfSSL | 15:117db924cf7c | 6945 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 6946 | WOLFSSL_MSG("Public ECC Key"); |
wolfSSL | 15:117db924cf7c | 6947 | WOLFSSL_BUFFER(keyData, dataSize); |
wolfSSL | 15:117db924cf7c | 6948 | #endif |
wolfSSL | 15:117db924cf7c | 6949 | |
wolfSSL | 15:117db924cf7c | 6950 | end: |
wolfSSL | 15:117db924cf7c | 6951 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 6952 | /* Data owned by key share entry otherwise. */ |
wolfSSL | 15:117db924cf7c | 6953 | if (keyPtr != NULL) |
wolfSSL | 15:117db924cf7c | 6954 | XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 6955 | if (keyData != NULL) |
wolfSSL | 15:117db924cf7c | 6956 | XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 6957 | } |
wolfSSL | 15:117db924cf7c | 6958 | #else |
wolfSSL | 15:117db924cf7c | 6959 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 6960 | (void)kse; |
wolfSSL | 15:117db924cf7c | 6961 | |
wolfSSL | 15:117db924cf7c | 6962 | ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 6963 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 6964 | |
wolfSSL | 15:117db924cf7c | 6965 | return ret; |
wolfSSL | 15:117db924cf7c | 6966 | } |
wolfSSL | 15:117db924cf7c | 6967 | |
wolfSSL | 15:117db924cf7c | 6968 | /* Generate a secret/key using the key share entry. |
wolfSSL | 15:117db924cf7c | 6969 | * |
wolfSSL | 15:117db924cf7c | 6970 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 6971 | * kse The key share entry holding peer data. |
wolfSSL | 15:117db924cf7c | 6972 | */ |
wolfSSL | 15:117db924cf7c | 6973 | static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) |
wolfSSL | 15:117db924cf7c | 6974 | { |
wolfSSL | 15:117db924cf7c | 6975 | /* Named FFHE groups have a bit set to identify them. */ |
wolfSSL | 15:117db924cf7c | 6976 | if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK) |
wolfSSL | 15:117db924cf7c | 6977 | return TLSX_KeyShare_GenDhKey(ssl, kse); |
wolfSSL | 15:117db924cf7c | 6978 | if (kse->group == WOLFSSL_ECC_X25519) |
wolfSSL | 15:117db924cf7c | 6979 | return TLSX_KeyShare_GenX25519Key(ssl, kse); |
wolfSSL | 16:8e0d178b1d1e | 6980 | if (kse->group == WOLFSSL_ECC_X448) |
wolfSSL | 16:8e0d178b1d1e | 6981 | return TLSX_KeyShare_GenX448Key(ssl, kse); |
wolfSSL | 15:117db924cf7c | 6982 | return TLSX_KeyShare_GenEccKey(ssl, kse); |
wolfSSL | 15:117db924cf7c | 6983 | } |
wolfSSL | 15:117db924cf7c | 6984 | |
wolfSSL | 15:117db924cf7c | 6985 | /* Free the key share dynamic data. |
wolfSSL | 15:117db924cf7c | 6986 | * |
wolfSSL | 15:117db924cf7c | 6987 | * list The linked list of key share entry objects. |
wolfSSL | 15:117db924cf7c | 6988 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 6989 | */ |
wolfSSL | 15:117db924cf7c | 6990 | static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) |
wolfSSL | 15:117db924cf7c | 6991 | { |
wolfSSL | 15:117db924cf7c | 6992 | KeyShareEntry* current; |
wolfSSL | 15:117db924cf7c | 6993 | |
wolfSSL | 15:117db924cf7c | 6994 | while ((current = list) != NULL) { |
wolfSSL | 15:117db924cf7c | 6995 | list = current->next; |
wolfSSL | 15:117db924cf7c | 6996 | if ((current->group & NAMED_DH_MASK) == 0) { |
wolfSSL | 15:117db924cf7c | 6997 | if (current->group == WOLFSSL_ECC_X25519) { |
wolfSSL | 15:117db924cf7c | 6998 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 6999 | wc_curve25519_free((curve25519_key*)current->key); |
wolfSSL | 15:117db924cf7c | 7000 | #endif |
wolfSSL | 15:117db924cf7c | 7001 | } |
wolfSSL | 16:8e0d178b1d1e | 7002 | else if (current->group == WOLFSSL_ECC_X448) { |
wolfSSL | 16:8e0d178b1d1e | 7003 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 7004 | wc_curve448_free((curve448_key*)current->key); |
wolfSSL | 16:8e0d178b1d1e | 7005 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7006 | } |
wolfSSL | 15:117db924cf7c | 7007 | else { |
wolfSSL | 15:117db924cf7c | 7008 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 7009 | wc_ecc_free((ecc_key*)(current->key)); |
wolfSSL | 15:117db924cf7c | 7010 | #endif |
wolfSSL | 15:117db924cf7c | 7011 | } |
wolfSSL | 15:117db924cf7c | 7012 | } |
wolfSSL | 16:8e0d178b1d1e | 7013 | if (current->key != NULL) |
wolfSSL | 16:8e0d178b1d1e | 7014 | XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 15:117db924cf7c | 7015 | XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 7016 | XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 7017 | XFREE(current, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 7018 | } |
wolfSSL | 15:117db924cf7c | 7019 | |
wolfSSL | 15:117db924cf7c | 7020 | (void)heap; |
wolfSSL | 15:117db924cf7c | 7021 | } |
wolfSSL | 15:117db924cf7c | 7022 | |
wolfSSL | 15:117db924cf7c | 7023 | /* Get the size of the encoded key share extension. |
wolfSSL | 15:117db924cf7c | 7024 | * |
wolfSSL | 15:117db924cf7c | 7025 | * list The linked list of key share extensions. |
wolfSSL | 15:117db924cf7c | 7026 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 7027 | * returns the number of bytes of the encoded key share extension. |
wolfSSL | 15:117db924cf7c | 7028 | */ |
wolfSSL | 15:117db924cf7c | 7029 | static word16 TLSX_KeyShare_GetSize(KeyShareEntry* list, byte msgType) |
wolfSSL | 15:117db924cf7c | 7030 | { |
wolfSSL | 16:8e0d178b1d1e | 7031 | word16 len = 0; |
wolfSSL | 15:117db924cf7c | 7032 | byte isRequest = (msgType == client_hello); |
wolfSSL | 15:117db924cf7c | 7033 | KeyShareEntry* current; |
wolfSSL | 15:117db924cf7c | 7034 | |
wolfSSL | 15:117db924cf7c | 7035 | /* The named group the server wants to use. */ |
wolfSSL | 15:117db924cf7c | 7036 | if (msgType == hello_retry_request) |
wolfSSL | 15:117db924cf7c | 7037 | return OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7038 | |
wolfSSL | 15:117db924cf7c | 7039 | /* List of key exchange groups. */ |
wolfSSL | 15:117db924cf7c | 7040 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 7041 | len += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7042 | while ((current = list) != NULL) { |
wolfSSL | 15:117db924cf7c | 7043 | list = current->next; |
wolfSSL | 15:117db924cf7c | 7044 | |
wolfSSL | 15:117db924cf7c | 7045 | if (!isRequest && current->key == NULL) |
wolfSSL | 15:117db924cf7c | 7046 | continue; |
wolfSSL | 15:117db924cf7c | 7047 | |
wolfSSL | 16:8e0d178b1d1e | 7048 | len += KE_GROUP_LEN + OPAQUE16_LEN + current->pubKeyLen; |
wolfSSL | 16:8e0d178b1d1e | 7049 | } |
wolfSSL | 16:8e0d178b1d1e | 7050 | |
wolfSSL | 16:8e0d178b1d1e | 7051 | return len; |
wolfSSL | 15:117db924cf7c | 7052 | } |
wolfSSL | 15:117db924cf7c | 7053 | |
wolfSSL | 15:117db924cf7c | 7054 | /* Writes the key share extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 7055 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 7056 | * |
wolfSSL | 15:117db924cf7c | 7057 | * list The linked list of key share entries. |
wolfSSL | 15:117db924cf7c | 7058 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 7059 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 7060 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 7061 | */ |
wolfSSL | 15:117db924cf7c | 7062 | static word16 TLSX_KeyShare_Write(KeyShareEntry* list, byte* output, |
wolfSSL | 15:117db924cf7c | 7063 | byte msgType) |
wolfSSL | 15:117db924cf7c | 7064 | { |
wolfSSL | 15:117db924cf7c | 7065 | word16 i = 0; |
wolfSSL | 15:117db924cf7c | 7066 | byte isRequest = (msgType == client_hello); |
wolfSSL | 15:117db924cf7c | 7067 | KeyShareEntry* current; |
wolfSSL | 15:117db924cf7c | 7068 | |
wolfSSL | 15:117db924cf7c | 7069 | if (msgType == hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 7070 | c16toa(list->group, output); |
wolfSSL | 15:117db924cf7c | 7071 | return OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7072 | } |
wolfSSL | 15:117db924cf7c | 7073 | |
wolfSSL | 15:117db924cf7c | 7074 | /* ClientHello has a list but ServerHello is only the chosen. */ |
wolfSSL | 15:117db924cf7c | 7075 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 7076 | i += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7077 | |
wolfSSL | 15:117db924cf7c | 7078 | /* Write out all in the list. */ |
wolfSSL | 15:117db924cf7c | 7079 | while ((current = list) != NULL) { |
wolfSSL | 15:117db924cf7c | 7080 | list = current->next; |
wolfSSL | 15:117db924cf7c | 7081 | |
wolfSSL | 15:117db924cf7c | 7082 | if (!isRequest && current->key == NULL) |
wolfSSL | 15:117db924cf7c | 7083 | continue; |
wolfSSL | 15:117db924cf7c | 7084 | |
wolfSSL | 15:117db924cf7c | 7085 | c16toa(current->group, &output[i]); |
wolfSSL | 15:117db924cf7c | 7086 | i += KE_GROUP_LEN; |
wolfSSL | 15:117db924cf7c | 7087 | c16toa((word16)(current->pubKeyLen), &output[i]); |
wolfSSL | 15:117db924cf7c | 7088 | i += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7089 | XMEMCPY(&output[i], current->pubKey, current->pubKeyLen); |
wolfSSL | 15:117db924cf7c | 7090 | i += (word16)current->pubKeyLen; |
wolfSSL | 15:117db924cf7c | 7091 | } |
wolfSSL | 15:117db924cf7c | 7092 | /* Write the length of the list if required. */ |
wolfSSL | 15:117db924cf7c | 7093 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 7094 | c16toa(i - OPAQUE16_LEN, output); |
wolfSSL | 15:117db924cf7c | 7095 | |
wolfSSL | 15:117db924cf7c | 7096 | return i; |
wolfSSL | 15:117db924cf7c | 7097 | } |
wolfSSL | 15:117db924cf7c | 7098 | |
wolfSSL | 15:117db924cf7c | 7099 | /* Process the DH key share extension on the client side. |
wolfSSL | 15:117db924cf7c | 7100 | * |
wolfSSL | 15:117db924cf7c | 7101 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7102 | * keyShareEntry The key share entry object to use to calculate shared secret. |
wolfSSL | 15:117db924cf7c | 7103 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7104 | */ |
wolfSSL | 15:117db924cf7c | 7105 | static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) |
wolfSSL | 15:117db924cf7c | 7106 | { |
wolfSSL | 15:117db924cf7c | 7107 | #ifndef NO_DH |
wolfSSL | 15:117db924cf7c | 7108 | int ret; |
wolfSSL | 15:117db924cf7c | 7109 | const DhParams* params; |
wolfSSL | 15:117db924cf7c | 7110 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7111 | DhKey* dhKey = NULL; |
wolfSSL | 15:117db924cf7c | 7112 | #else |
wolfSSL | 15:117db924cf7c | 7113 | DhKey dhKey[1]; |
wolfSSL | 15:117db924cf7c | 7114 | #endif |
wolfSSL | 15:117db924cf7c | 7115 | |
wolfSSL | 15:117db924cf7c | 7116 | switch (keyShareEntry->group) { |
wolfSSL | 15:117db924cf7c | 7117 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 15:117db924cf7c | 7118 | case WOLFSSL_FFDHE_2048: |
wolfSSL | 15:117db924cf7c | 7119 | params = wc_Dh_ffdhe2048_Get(); |
wolfSSL | 15:117db924cf7c | 7120 | break; |
wolfSSL | 15:117db924cf7c | 7121 | #endif |
wolfSSL | 15:117db924cf7c | 7122 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 15:117db924cf7c | 7123 | case WOLFSSL_FFDHE_3072: |
wolfSSL | 15:117db924cf7c | 7124 | params = wc_Dh_ffdhe3072_Get(); |
wolfSSL | 15:117db924cf7c | 7125 | break; |
wolfSSL | 15:117db924cf7c | 7126 | #endif |
wolfSSL | 15:117db924cf7c | 7127 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 15:117db924cf7c | 7128 | case WOLFSSL_FFDHE_4096: |
wolfSSL | 15:117db924cf7c | 7129 | params = wc_Dh_ffdhe4096_Get(); |
wolfSSL | 15:117db924cf7c | 7130 | break; |
wolfSSL | 15:117db924cf7c | 7131 | #endif |
wolfSSL | 15:117db924cf7c | 7132 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 15:117db924cf7c | 7133 | case WOLFSSL_FFDHE_6144: |
wolfSSL | 15:117db924cf7c | 7134 | params = wc_Dh_ffdhe6144_Get(); |
wolfSSL | 15:117db924cf7c | 7135 | break; |
wolfSSL | 15:117db924cf7c | 7136 | #endif |
wolfSSL | 15:117db924cf7c | 7137 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 15:117db924cf7c | 7138 | case WOLFSSL_FFDHE_8192: |
wolfSSL | 15:117db924cf7c | 7139 | params = wc_Dh_ffdhe8192_Get(); |
wolfSSL | 15:117db924cf7c | 7140 | break; |
wolfSSL | 15:117db924cf7c | 7141 | #endif |
wolfSSL | 15:117db924cf7c | 7142 | default: |
wolfSSL | 15:117db924cf7c | 7143 | return PEER_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7144 | } |
wolfSSL | 15:117db924cf7c | 7145 | |
wolfSSL | 15:117db924cf7c | 7146 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 7147 | WOLFSSL_MSG("Peer DH Key"); |
wolfSSL | 15:117db924cf7c | 7148 | WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 15:117db924cf7c | 7149 | #endif |
wolfSSL | 15:117db924cf7c | 7150 | |
wolfSSL | 15:117db924cf7c | 7151 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7152 | dhKey = (DhKey*)XMALLOC(sizeof(DhKey), ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 7153 | if (dhKey == NULL) |
wolfSSL | 15:117db924cf7c | 7154 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 7155 | #endif |
wolfSSL | 15:117db924cf7c | 7156 | |
wolfSSL | 15:117db924cf7c | 7157 | ret = wc_InitDhKey_ex(dhKey, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 7158 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 7159 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7160 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 7161 | #endif |
wolfSSL | 15:117db924cf7c | 7162 | return ret; |
wolfSSL | 15:117db924cf7c | 7163 | } |
wolfSSL | 15:117db924cf7c | 7164 | |
wolfSSL | 15:117db924cf7c | 7165 | /* Set key */ |
wolfSSL | 15:117db924cf7c | 7166 | ret = wc_DhSetKey(dhKey, (byte*)params->p, params->p_len, (byte*)params->g, |
wolfSSL | 15:117db924cf7c | 7167 | params->g_len); |
wolfSSL | 15:117db924cf7c | 7168 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 7169 | wc_FreeDhKey(dhKey); |
wolfSSL | 15:117db924cf7c | 7170 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7171 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 7172 | #endif |
wolfSSL | 15:117db924cf7c | 7173 | return ret; |
wolfSSL | 15:117db924cf7c | 7174 | } |
wolfSSL | 15:117db924cf7c | 7175 | |
wolfSSL | 15:117db924cf7c | 7176 | ret = wc_DhCheckPubKey(dhKey, keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 15:117db924cf7c | 7177 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 7178 | wc_FreeDhKey(dhKey); |
wolfSSL | 15:117db924cf7c | 7179 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7180 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 7181 | #endif |
wolfSSL | 15:117db924cf7c | 7182 | return PEER_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7183 | } |
wolfSSL | 15:117db924cf7c | 7184 | |
wolfSSL | 15:117db924cf7c | 7185 | /* Derive secret from private key and peer's public key. */ |
wolfSSL | 15:117db924cf7c | 7186 | ret = wc_DhAgree(dhKey, |
wolfSSL | 15:117db924cf7c | 7187 | ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, |
wolfSSL | 15:117db924cf7c | 7188 | (const byte*)keyShareEntry->key, keyShareEntry->keyLen, |
wolfSSL | 15:117db924cf7c | 7189 | keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 15:117db924cf7c | 7190 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 15:117db924cf7c | 7191 | /* TODO: Make this function non-blocking */ |
wolfSSL | 15:117db924cf7c | 7192 | if (ret == WC_PENDING_E) { |
wolfSSL | 16:8e0d178b1d1e | 7193 | ret = wc_AsyncWait(ret, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); |
wolfSSL | 16:8e0d178b1d1e | 7194 | } |
wolfSSL | 16:8e0d178b1d1e | 7195 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7196 | /* RFC 8446 Section 7.4.1: |
wolfSSL | 16:8e0d178b1d1e | 7197 | * ... left-padded with zeros up to the size of the prime. ... |
wolfSSL | 16:8e0d178b1d1e | 7198 | */ |
wolfSSL | 16:8e0d178b1d1e | 7199 | if (params->p_len > ssl->arrays->preMasterSz) { |
wolfSSL | 16:8e0d178b1d1e | 7200 | word32 diff = params->p_len - ssl->arrays->preMasterSz; |
wolfSSL | 16:8e0d178b1d1e | 7201 | XMEMMOVE(ssl->arrays->preMasterSecret + diff, |
wolfSSL | 16:8e0d178b1d1e | 7202 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); |
wolfSSL | 16:8e0d178b1d1e | 7203 | XMEMSET(ssl->arrays->preMasterSecret, 0, diff); |
wolfSSL | 16:8e0d178b1d1e | 7204 | ssl->arrays->preMasterSz = params->p_len; |
wolfSSL | 16:8e0d178b1d1e | 7205 | } |
wolfSSL | 16:8e0d178b1d1e | 7206 | |
wolfSSL | 16:8e0d178b1d1e | 7207 | ssl->options.dhKeySz = params->p_len; |
wolfSSL | 15:117db924cf7c | 7208 | |
wolfSSL | 15:117db924cf7c | 7209 | wc_FreeDhKey(dhKey); |
wolfSSL | 15:117db924cf7c | 7210 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 7211 | XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); |
wolfSSL | 15:117db924cf7c | 7212 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7213 | if (keyShareEntry->key != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7214 | XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7215 | keyShareEntry->key = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7216 | } |
wolfSSL | 16:8e0d178b1d1e | 7217 | XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7218 | keyShareEntry->pubKey = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7219 | XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7220 | keyShareEntry->ke = NULL; |
wolfSSL | 15:117db924cf7c | 7221 | |
wolfSSL | 15:117db924cf7c | 7222 | return ret; |
wolfSSL | 15:117db924cf7c | 7223 | #else |
wolfSSL | 15:117db924cf7c | 7224 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 7225 | (void)keyShareEntry; |
wolfSSL | 15:117db924cf7c | 7226 | return PEER_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7227 | #endif |
wolfSSL | 15:117db924cf7c | 7228 | } |
wolfSSL | 15:117db924cf7c | 7229 | |
wolfSSL | 15:117db924cf7c | 7230 | /* Process the X25519 key share extension on the client side. |
wolfSSL | 15:117db924cf7c | 7231 | * |
wolfSSL | 15:117db924cf7c | 7232 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7233 | * keyShareEntry The key share entry object to use to calculate shared secret. |
wolfSSL | 15:117db924cf7c | 7234 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7235 | */ |
wolfSSL | 15:117db924cf7c | 7236 | static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, |
wolfSSL | 15:117db924cf7c | 7237 | KeyShareEntry* keyShareEntry) |
wolfSSL | 15:117db924cf7c | 7238 | { |
wolfSSL | 15:117db924cf7c | 7239 | int ret; |
wolfSSL | 15:117db924cf7c | 7240 | |
wolfSSL | 15:117db924cf7c | 7241 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 7242 | curve25519_key* key = (curve25519_key*)keyShareEntry->key; |
wolfSSL | 15:117db924cf7c | 7243 | curve25519_key* peerX25519Key; |
wolfSSL | 15:117db924cf7c | 7244 | |
wolfSSL | 15:117db924cf7c | 7245 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 7246 | if (ssl->peerEccKey != NULL) { |
wolfSSL | 15:117db924cf7c | 7247 | wc_ecc_free(ssl->peerEccKey); |
wolfSSL | 15:117db924cf7c | 7248 | ssl->peerEccKey = NULL; |
wolfSSL | 15:117db924cf7c | 7249 | } |
wolfSSL | 15:117db924cf7c | 7250 | #endif |
wolfSSL | 15:117db924cf7c | 7251 | |
wolfSSL | 15:117db924cf7c | 7252 | peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, |
wolfSSL | 15:117db924cf7c | 7253 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 7254 | if (peerX25519Key == NULL) { |
wolfSSL | 15:117db924cf7c | 7255 | WOLFSSL_MSG("PeerEccKey Memory error"); |
wolfSSL | 15:117db924cf7c | 7256 | return MEMORY_ERROR; |
wolfSSL | 15:117db924cf7c | 7257 | } |
wolfSSL | 15:117db924cf7c | 7258 | ret = wc_curve25519_init(peerX25519Key); |
wolfSSL | 15:117db924cf7c | 7259 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 7260 | XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 7261 | return ret; |
wolfSSL | 15:117db924cf7c | 7262 | } |
wolfSSL | 15:117db924cf7c | 7263 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 7264 | WOLFSSL_MSG("Peer Curve25519 Key"); |
wolfSSL | 15:117db924cf7c | 7265 | WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 15:117db924cf7c | 7266 | #endif |
wolfSSL | 15:117db924cf7c | 7267 | |
wolfSSL | 16:8e0d178b1d1e | 7268 | if (wc_curve25519_check_public(keyShareEntry->ke, keyShareEntry->keLen, |
wolfSSL | 15:117db924cf7c | 7269 | EC25519_LITTLE_ENDIAN) != 0) { |
wolfSSL | 15:117db924cf7c | 7270 | ret = ECC_PEERKEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7271 | } |
wolfSSL | 15:117db924cf7c | 7272 | |
wolfSSL | 15:117db924cf7c | 7273 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 7274 | if (wc_curve25519_import_public_ex(keyShareEntry->ke, |
wolfSSL | 16:8e0d178b1d1e | 7275 | keyShareEntry->keLen, peerX25519Key, |
wolfSSL | 16:8e0d178b1d1e | 7276 | EC25519_LITTLE_ENDIAN) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 7277 | ret = ECC_PEERKEY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 7278 | } |
wolfSSL | 16:8e0d178b1d1e | 7279 | } |
wolfSSL | 16:8e0d178b1d1e | 7280 | |
wolfSSL | 16:8e0d178b1d1e | 7281 | if (ret == 0) { |
wolfSSL | 15:117db924cf7c | 7282 | ssl->ecdhCurveOID = ECC_X25519_OID; |
wolfSSL | 15:117db924cf7c | 7283 | |
wolfSSL | 15:117db924cf7c | 7284 | ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, |
wolfSSL | 15:117db924cf7c | 7285 | ssl->arrays->preMasterSecret, |
wolfSSL | 15:117db924cf7c | 7286 | &ssl->arrays->preMasterSz, |
wolfSSL | 15:117db924cf7c | 7287 | EC25519_LITTLE_ENDIAN); |
wolfSSL | 15:117db924cf7c | 7288 | } |
wolfSSL | 16:8e0d178b1d1e | 7289 | |
wolfSSL | 15:117db924cf7c | 7290 | wc_curve25519_free(peerX25519Key); |
wolfSSL | 15:117db924cf7c | 7291 | XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 7292 | wc_curve25519_free((curve25519_key*)keyShareEntry->key); |
wolfSSL | 16:8e0d178b1d1e | 7293 | if (keyShareEntry->key != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7294 | XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7295 | keyShareEntry->key = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7296 | } |
wolfSSL | 15:117db924cf7c | 7297 | #else |
wolfSSL | 15:117db924cf7c | 7298 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 7299 | (void)keyShareEntry; |
wolfSSL | 15:117db924cf7c | 7300 | |
wolfSSL | 15:117db924cf7c | 7301 | ret = PEER_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7302 | #endif /* HAVE_CURVE25519 */ |
wolfSSL | 15:117db924cf7c | 7303 | |
wolfSSL | 15:117db924cf7c | 7304 | return ret; |
wolfSSL | 15:117db924cf7c | 7305 | } |
wolfSSL | 15:117db924cf7c | 7306 | |
wolfSSL | 16:8e0d178b1d1e | 7307 | /* Process the X448 key share extension on the client side. |
wolfSSL | 16:8e0d178b1d1e | 7308 | * |
wolfSSL | 16:8e0d178b1d1e | 7309 | * ssl The SSL/TLS object. |
wolfSSL | 16:8e0d178b1d1e | 7310 | * keyShareEntry The key share entry object to use to calculate shared secret. |
wolfSSL | 16:8e0d178b1d1e | 7311 | * returns 0 on success and other values indicate failure. |
wolfSSL | 16:8e0d178b1d1e | 7312 | */ |
wolfSSL | 16:8e0d178b1d1e | 7313 | static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) |
wolfSSL | 16:8e0d178b1d1e | 7314 | { |
wolfSSL | 16:8e0d178b1d1e | 7315 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 7316 | |
wolfSSL | 16:8e0d178b1d1e | 7317 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 7318 | curve448_key* key = (curve448_key*)keyShareEntry->key; |
wolfSSL | 16:8e0d178b1d1e | 7319 | curve448_key* peerX448Key; |
wolfSSL | 16:8e0d178b1d1e | 7320 | |
wolfSSL | 16:8e0d178b1d1e | 7321 | #ifdef HAVE_ECC |
wolfSSL | 16:8e0d178b1d1e | 7322 | if (ssl->peerEccKey != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7323 | wc_ecc_free(ssl->peerEccKey); |
wolfSSL | 16:8e0d178b1d1e | 7324 | ssl->peerEccKey = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7325 | } |
wolfSSL | 16:8e0d178b1d1e | 7326 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7327 | |
wolfSSL | 16:8e0d178b1d1e | 7328 | peerX448Key = (curve448_key*)XMALLOC(sizeof(curve448_key), ssl->heap, |
wolfSSL | 16:8e0d178b1d1e | 7329 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 7330 | if (peerX448Key == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7331 | WOLFSSL_MSG("PeerEccKey Memory error"); |
wolfSSL | 16:8e0d178b1d1e | 7332 | return MEMORY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 7333 | } |
wolfSSL | 16:8e0d178b1d1e | 7334 | ret = wc_curve448_init(peerX448Key); |
wolfSSL | 16:8e0d178b1d1e | 7335 | if (ret != 0) { |
wolfSSL | 16:8e0d178b1d1e | 7336 | XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 7337 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 7338 | } |
wolfSSL | 16:8e0d178b1d1e | 7339 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 7340 | WOLFSSL_MSG("Peer Curve448 Key"); |
wolfSSL | 16:8e0d178b1d1e | 7341 | WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 16:8e0d178b1d1e | 7342 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7343 | |
wolfSSL | 16:8e0d178b1d1e | 7344 | if (wc_curve448_check_public(keyShareEntry->ke, keyShareEntry->keLen, |
wolfSSL | 16:8e0d178b1d1e | 7345 | EC448_LITTLE_ENDIAN) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 7346 | ret = ECC_PEERKEY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 7347 | } |
wolfSSL | 16:8e0d178b1d1e | 7348 | |
wolfSSL | 16:8e0d178b1d1e | 7349 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 7350 | if (wc_curve448_import_public_ex(keyShareEntry->ke, |
wolfSSL | 16:8e0d178b1d1e | 7351 | keyShareEntry->keLen, peerX448Key, |
wolfSSL | 16:8e0d178b1d1e | 7352 | EC448_LITTLE_ENDIAN) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 7353 | ret = ECC_PEERKEY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 7354 | } |
wolfSSL | 16:8e0d178b1d1e | 7355 | } |
wolfSSL | 16:8e0d178b1d1e | 7356 | |
wolfSSL | 16:8e0d178b1d1e | 7357 | if (ret == 0) { |
wolfSSL | 16:8e0d178b1d1e | 7358 | ssl->ecdhCurveOID = ECC_X448_OID; |
wolfSSL | 16:8e0d178b1d1e | 7359 | |
wolfSSL | 16:8e0d178b1d1e | 7360 | ret = wc_curve448_shared_secret_ex(key, peerX448Key, |
wolfSSL | 16:8e0d178b1d1e | 7361 | ssl->arrays->preMasterSecret, |
wolfSSL | 16:8e0d178b1d1e | 7362 | &ssl->arrays->preMasterSz, |
wolfSSL | 16:8e0d178b1d1e | 7363 | EC448_LITTLE_ENDIAN); |
wolfSSL | 16:8e0d178b1d1e | 7364 | } |
wolfSSL | 16:8e0d178b1d1e | 7365 | |
wolfSSL | 16:8e0d178b1d1e | 7366 | wc_curve448_free(peerX448Key); |
wolfSSL | 16:8e0d178b1d1e | 7367 | XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 16:8e0d178b1d1e | 7368 | wc_curve448_free((curve448_key*)keyShareEntry->key); |
wolfSSL | 16:8e0d178b1d1e | 7369 | if (keyShareEntry->key != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7370 | XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7371 | keyShareEntry->key = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7372 | } |
wolfSSL | 16:8e0d178b1d1e | 7373 | #else |
wolfSSL | 16:8e0d178b1d1e | 7374 | (void)ssl; |
wolfSSL | 16:8e0d178b1d1e | 7375 | (void)keyShareEntry; |
wolfSSL | 16:8e0d178b1d1e | 7376 | |
wolfSSL | 16:8e0d178b1d1e | 7377 | ret = PEER_KEY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 7378 | #endif /* HAVE_CURVE448 */ |
wolfSSL | 16:8e0d178b1d1e | 7379 | |
wolfSSL | 16:8e0d178b1d1e | 7380 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 7381 | } |
wolfSSL | 16:8e0d178b1d1e | 7382 | |
wolfSSL | 15:117db924cf7c | 7383 | /* Process the ECC key share extension on the client side. |
wolfSSL | 15:117db924cf7c | 7384 | * |
wolfSSL | 15:117db924cf7c | 7385 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7386 | * keyShareEntry The key share entry object to use to calculate shared secret. |
wolfSSL | 15:117db924cf7c | 7387 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7388 | */ |
wolfSSL | 15:117db924cf7c | 7389 | static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) |
wolfSSL | 15:117db924cf7c | 7390 | { |
wolfSSL | 15:117db924cf7c | 7391 | int ret; |
wolfSSL | 15:117db924cf7c | 7392 | |
wolfSSL | 15:117db924cf7c | 7393 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 7394 | int curveId; |
wolfSSL | 15:117db924cf7c | 7395 | ecc_key* keyShareKey = (ecc_key*)keyShareEntry->key; |
wolfSSL | 15:117db924cf7c | 7396 | |
wolfSSL | 15:117db924cf7c | 7397 | if (ssl->peerEccKey != NULL) |
wolfSSL | 15:117db924cf7c | 7398 | wc_ecc_free(ssl->peerEccKey); |
wolfSSL | 15:117db924cf7c | 7399 | |
wolfSSL | 15:117db924cf7c | 7400 | ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, |
wolfSSL | 15:117db924cf7c | 7401 | DYNAMIC_TYPE_ECC); |
wolfSSL | 15:117db924cf7c | 7402 | if (ssl->peerEccKey == NULL) { |
wolfSSL | 15:117db924cf7c | 7403 | WOLFSSL_MSG("PeerEccKey Memory error"); |
wolfSSL | 15:117db924cf7c | 7404 | return MEMORY_ERROR; |
wolfSSL | 15:117db924cf7c | 7405 | } |
wolfSSL | 15:117db924cf7c | 7406 | ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId); |
wolfSSL | 15:117db924cf7c | 7407 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7408 | return ret; |
wolfSSL | 15:117db924cf7c | 7409 | |
wolfSSL | 15:117db924cf7c | 7410 | /* find supported curve */ |
wolfSSL | 15:117db924cf7c | 7411 | switch (keyShareEntry->group) { |
wolfSSL | 15:117db924cf7c | 7412 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7413 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7414 | case WOLFSSL_ECC_SECP256R1: |
wolfSSL | 15:117db924cf7c | 7415 | curveId = ECC_SECP256R1; |
wolfSSL | 15:117db924cf7c | 7416 | break; |
wolfSSL | 15:117db924cf7c | 7417 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7418 | #endif |
wolfSSL | 15:117db924cf7c | 7419 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7420 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7421 | case WOLFSSL_ECC_SECP384R1: |
wolfSSL | 15:117db924cf7c | 7422 | curveId = ECC_SECP384R1; |
wolfSSL | 15:117db924cf7c | 7423 | break; |
wolfSSL | 15:117db924cf7c | 7424 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7425 | #endif |
wolfSSL | 15:117db924cf7c | 7426 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7427 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7428 | case WOLFSSL_ECC_SECP521R1: |
wolfSSL | 15:117db924cf7c | 7429 | curveId = ECC_SECP521R1; |
wolfSSL | 15:117db924cf7c | 7430 | break; |
wolfSSL | 15:117db924cf7c | 7431 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7432 | #endif |
wolfSSL | 15:117db924cf7c | 7433 | #ifdef HAVE_X448 |
wolfSSL | 15:117db924cf7c | 7434 | case WOLFSSL_ECC_X448: |
wolfSSL | 15:117db924cf7c | 7435 | curveId = ECC_X448; |
wolfSSL | 15:117db924cf7c | 7436 | break; |
wolfSSL | 15:117db924cf7c | 7437 | #endif |
wolfSSL | 15:117db924cf7c | 7438 | default: |
wolfSSL | 15:117db924cf7c | 7439 | /* unsupported curve */ |
wolfSSL | 15:117db924cf7c | 7440 | return ECC_PEERKEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7441 | } |
wolfSSL | 15:117db924cf7c | 7442 | |
wolfSSL | 15:117db924cf7c | 7443 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 7444 | WOLFSSL_MSG("Peer ECC Key"); |
wolfSSL | 15:117db924cf7c | 7445 | WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); |
wolfSSL | 15:117db924cf7c | 7446 | #endif |
wolfSSL | 15:117db924cf7c | 7447 | |
wolfSSL | 15:117db924cf7c | 7448 | /* Point is validated by import function. */ |
wolfSSL | 15:117db924cf7c | 7449 | if (wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen, |
wolfSSL | 15:117db924cf7c | 7450 | ssl->peerEccKey, curveId) != 0) { |
wolfSSL | 15:117db924cf7c | 7451 | return ECC_PEERKEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7452 | } |
wolfSSL | 15:117db924cf7c | 7453 | ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum; |
wolfSSL | 15:117db924cf7c | 7454 | |
wolfSSL | 15:117db924cf7c | 7455 | do { |
wolfSSL | 15:117db924cf7c | 7456 | #if defined(WOLFSSL_ASYNC_CRYPT) |
wolfSSL | 15:117db924cf7c | 7457 | ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); |
wolfSSL | 15:117db924cf7c | 7458 | #endif |
wolfSSL | 15:117db924cf7c | 7459 | if (ret >= 0) |
wolfSSL | 15:117db924cf7c | 7460 | ret = wc_ecc_shared_secret(keyShareKey, ssl->peerEccKey, |
wolfSSL | 15:117db924cf7c | 7461 | ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz); |
wolfSSL | 15:117db924cf7c | 7462 | } while (ret == WC_PENDING_E); |
wolfSSL | 15:117db924cf7c | 7463 | |
wolfSSL | 15:117db924cf7c | 7464 | #if 0 |
wolfSSL | 15:117db924cf7c | 7465 | /* TODO: Switch to support async here and use: */ |
wolfSSL | 15:117db924cf7c | 7466 | ret = EccSharedSecret(ssl, keyShareEntry->key, ssl->peerEccKey, |
wolfSSL | 15:117db924cf7c | 7467 | keyShareEntry->ke, &keyShareEntry->keLen, |
wolfSSL | 15:117db924cf7c | 7468 | ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, |
wolfSSL | 15:117db924cf7c | 7469 | ssl->options.side |
wolfSSL | 15:117db924cf7c | 7470 | ); |
wolfSSL | 15:117db924cf7c | 7471 | #endif |
wolfSSL | 15:117db924cf7c | 7472 | |
wolfSSL | 16:8e0d178b1d1e | 7473 | wc_ecc_free(ssl->peerEccKey); |
wolfSSL | 16:8e0d178b1d1e | 7474 | XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); |
wolfSSL | 16:8e0d178b1d1e | 7475 | ssl->peerEccKey = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7476 | wc_ecc_free((ecc_key*)(keyShareEntry->key)); |
wolfSSL | 16:8e0d178b1d1e | 7477 | if (keyShareEntry->key != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7478 | XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7479 | keyShareEntry->key = NULL; |
wolfSSL | 16:8e0d178b1d1e | 7480 | } |
wolfSSL | 15:117db924cf7c | 7481 | |
wolfSSL | 15:117db924cf7c | 7482 | #else |
wolfSSL | 15:117db924cf7c | 7483 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 7484 | (void)keyShareEntry; |
wolfSSL | 15:117db924cf7c | 7485 | |
wolfSSL | 15:117db924cf7c | 7486 | ret = PEER_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 7487 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 7488 | |
wolfSSL | 15:117db924cf7c | 7489 | return ret; |
wolfSSL | 15:117db924cf7c | 7490 | } |
wolfSSL | 15:117db924cf7c | 7491 | |
wolfSSL | 15:117db924cf7c | 7492 | /* Process the key share extension on the client side. |
wolfSSL | 15:117db924cf7c | 7493 | * |
wolfSSL | 15:117db924cf7c | 7494 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7495 | * keyShareEntry The key share entry object to use to calculate shared secret. |
wolfSSL | 15:117db924cf7c | 7496 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7497 | */ |
wolfSSL | 15:117db924cf7c | 7498 | static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) |
wolfSSL | 15:117db924cf7c | 7499 | { |
wolfSSL | 15:117db924cf7c | 7500 | int ret; |
wolfSSL | 15:117db924cf7c | 7501 | |
wolfSSL | 15:117db924cf7c | 7502 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 7503 | ssl->session.namedGroup = (byte)keyShareEntry->group; |
wolfSSL | 15:117db924cf7c | 7504 | #endif |
wolfSSL | 15:117db924cf7c | 7505 | /* Use Key Share Data from server. */ |
wolfSSL | 15:117db924cf7c | 7506 | if (keyShareEntry->group & NAMED_DH_MASK) |
wolfSSL | 15:117db924cf7c | 7507 | ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7508 | else if (keyShareEntry->group == WOLFSSL_ECC_X25519) |
wolfSSL | 15:117db924cf7c | 7509 | ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry); |
wolfSSL | 16:8e0d178b1d1e | 7510 | else if (keyShareEntry->group == WOLFSSL_ECC_X448) |
wolfSSL | 16:8e0d178b1d1e | 7511 | ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7512 | else |
wolfSSL | 15:117db924cf7c | 7513 | ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7514 | |
wolfSSL | 15:117db924cf7c | 7515 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 15:117db924cf7c | 7516 | WOLFSSL_MSG("KE Secret"); |
wolfSSL | 15:117db924cf7c | 7517 | WOLFSSL_BUFFER(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); |
wolfSSL | 15:117db924cf7c | 7518 | #endif |
wolfSSL | 15:117db924cf7c | 7519 | |
wolfSSL | 15:117db924cf7c | 7520 | return ret; |
wolfSSL | 15:117db924cf7c | 7521 | } |
wolfSSL | 15:117db924cf7c | 7522 | |
wolfSSL | 15:117db924cf7c | 7523 | /* Parse an entry of the KeyShare extension. |
wolfSSL | 15:117db924cf7c | 7524 | * |
wolfSSL | 15:117db924cf7c | 7525 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7526 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 7527 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 7528 | * kse The new key share entry object. |
wolfSSL | 15:117db924cf7c | 7529 | * returns a positive number to indicate amount of data parsed and a negative |
wolfSSL | 15:117db924cf7c | 7530 | * number on error. |
wolfSSL | 15:117db924cf7c | 7531 | */ |
wolfSSL | 15:117db924cf7c | 7532 | static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 7533 | KeyShareEntry **kse) |
wolfSSL | 15:117db924cf7c | 7534 | { |
wolfSSL | 15:117db924cf7c | 7535 | int ret; |
wolfSSL | 15:117db924cf7c | 7536 | word16 group; |
wolfSSL | 15:117db924cf7c | 7537 | word16 keLen; |
wolfSSL | 15:117db924cf7c | 7538 | int offset = 0; |
wolfSSL | 15:117db924cf7c | 7539 | byte* ke; |
wolfSSL | 15:117db924cf7c | 7540 | |
wolfSSL | 15:117db924cf7c | 7541 | if (length < OPAQUE16_LEN + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 7542 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7543 | /* Named group */ |
wolfSSL | 15:117db924cf7c | 7544 | ato16(&input[offset], &group); |
wolfSSL | 15:117db924cf7c | 7545 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7546 | /* Key exchange data - public key. */ |
wolfSSL | 15:117db924cf7c | 7547 | ato16(&input[offset], &keLen); |
wolfSSL | 15:117db924cf7c | 7548 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 7549 | if (keLen == 0) |
wolfSSL | 16:8e0d178b1d1e | 7550 | return INVALID_PARAMETER; |
wolfSSL | 16:8e0d178b1d1e | 7551 | if (keLen > length - offset) |
wolfSSL | 15:117db924cf7c | 7552 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7553 | |
wolfSSL | 15:117db924cf7c | 7554 | /* Store a copy in the key share object. */ |
wolfSSL | 15:117db924cf7c | 7555 | ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 7556 | if (ke == NULL) |
wolfSSL | 15:117db924cf7c | 7557 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 7558 | XMEMCPY(ke, &input[offset], keLen); |
wolfSSL | 15:117db924cf7c | 7559 | |
wolfSSL | 15:117db924cf7c | 7560 | /* Populate a key share object in the extension. */ |
wolfSSL | 15:117db924cf7c | 7561 | ret = TLSX_KeyShare_Use(ssl, group, keLen, ke, kse); |
wolfSSL | 15:117db924cf7c | 7562 | if (ret != 0) { |
wolfSSL | 15:117db924cf7c | 7563 | XFREE(ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 7564 | return ret; |
wolfSSL | 15:117db924cf7c | 7565 | } |
wolfSSL | 15:117db924cf7c | 7566 | |
wolfSSL | 15:117db924cf7c | 7567 | /* Total length of the parsed data. */ |
wolfSSL | 15:117db924cf7c | 7568 | return offset + keLen; |
wolfSSL | 15:117db924cf7c | 7569 | } |
wolfSSL | 15:117db924cf7c | 7570 | |
wolfSSL | 15:117db924cf7c | 7571 | /* Searches the groups sent for the specified named group. |
wolfSSL | 15:117db924cf7c | 7572 | * |
wolfSSL | 15:117db924cf7c | 7573 | * ssl SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7574 | * name Group name to match. |
wolfSSL | 15:117db924cf7c | 7575 | * returns 1 when the extension has the group name and 0 otherwise. |
wolfSSL | 15:117db924cf7c | 7576 | */ |
wolfSSL | 15:117db924cf7c | 7577 | static int TLSX_KeyShare_Find(WOLFSSL* ssl, word16 group) |
wolfSSL | 15:117db924cf7c | 7578 | { |
wolfSSL | 15:117db924cf7c | 7579 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 7580 | KeyShareEntry* list; |
wolfSSL | 15:117db924cf7c | 7581 | |
wolfSSL | 15:117db924cf7c | 7582 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7583 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 7584 | extension = TLSX_Find(ssl->ctx->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7585 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 7586 | return 0; |
wolfSSL | 15:117db924cf7c | 7587 | } |
wolfSSL | 15:117db924cf7c | 7588 | |
wolfSSL | 15:117db924cf7c | 7589 | list = (KeyShareEntry*)extension->data; |
wolfSSL | 15:117db924cf7c | 7590 | while (list != NULL) { |
wolfSSL | 15:117db924cf7c | 7591 | if (list->group == group) |
wolfSSL | 15:117db924cf7c | 7592 | return 1; |
wolfSSL | 15:117db924cf7c | 7593 | list = list->next; |
wolfSSL | 15:117db924cf7c | 7594 | } |
wolfSSL | 15:117db924cf7c | 7595 | |
wolfSSL | 15:117db924cf7c | 7596 | return 0; |
wolfSSL | 15:117db924cf7c | 7597 | } |
wolfSSL | 15:117db924cf7c | 7598 | |
wolfSSL | 15:117db924cf7c | 7599 | |
wolfSSL | 15:117db924cf7c | 7600 | /* Searches the supported groups extension for the specified named group. |
wolfSSL | 15:117db924cf7c | 7601 | * |
wolfSSL | 15:117db924cf7c | 7602 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7603 | * name The group name to match. |
wolfSSL | 15:117db924cf7c | 7604 | * returns 1 when the extension has the group name and 0 otherwise. |
wolfSSL | 15:117db924cf7c | 7605 | */ |
wolfSSL | 15:117db924cf7c | 7606 | static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name) |
wolfSSL | 15:117db924cf7c | 7607 | { |
wolfSSL | 15:117db924cf7c | 7608 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 15:117db924cf7c | 7609 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 7610 | SupportedCurve* curve = NULL; |
wolfSSL | 15:117db924cf7c | 7611 | |
wolfSSL | 15:117db924cf7c | 7612 | if ((extension = TLSX_Find(ssl->extensions, |
wolfSSL | 15:117db924cf7c | 7613 | TLSX_SUPPORTED_GROUPS)) == NULL) { |
wolfSSL | 15:117db924cf7c | 7614 | if ((extension = TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 15:117db924cf7c | 7615 | TLSX_SUPPORTED_GROUPS)) == NULL) { |
wolfSSL | 15:117db924cf7c | 7616 | return 0; |
wolfSSL | 15:117db924cf7c | 7617 | } |
wolfSSL | 15:117db924cf7c | 7618 | } |
wolfSSL | 15:117db924cf7c | 7619 | |
wolfSSL | 15:117db924cf7c | 7620 | for (curve = (SupportedCurve*)extension->data; curve; curve = curve->next) { |
wolfSSL | 15:117db924cf7c | 7621 | if (curve->name == name) |
wolfSSL | 15:117db924cf7c | 7622 | return 1; |
wolfSSL | 15:117db924cf7c | 7623 | } |
wolfSSL | 15:117db924cf7c | 7624 | #endif |
wolfSSL | 15:117db924cf7c | 7625 | |
wolfSSL | 15:117db924cf7c | 7626 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 7627 | (void)name; |
wolfSSL | 15:117db924cf7c | 7628 | |
wolfSSL | 15:117db924cf7c | 7629 | return 0; |
wolfSSL | 15:117db924cf7c | 7630 | } |
wolfSSL | 15:117db924cf7c | 7631 | |
wolfSSL | 15:117db924cf7c | 7632 | |
wolfSSL | 15:117db924cf7c | 7633 | /* Parse the KeyShare extension. |
wolfSSL | 15:117db924cf7c | 7634 | * Different formats in different messages. |
wolfSSL | 15:117db924cf7c | 7635 | * |
wolfSSL | 15:117db924cf7c | 7636 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7637 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 7638 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 7639 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 7640 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7641 | */ |
wolfSSL | 15:117db924cf7c | 7642 | static int TLSX_KeyShare_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 7643 | byte msgType) |
wolfSSL | 15:117db924cf7c | 7644 | { |
wolfSSL | 15:117db924cf7c | 7645 | int ret; |
wolfSSL | 16:8e0d178b1d1e | 7646 | KeyShareEntry *keyShareEntry = NULL; |
wolfSSL | 15:117db924cf7c | 7647 | word16 group; |
wolfSSL | 15:117db924cf7c | 7648 | |
wolfSSL | 15:117db924cf7c | 7649 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 7650 | int offset = 0; |
wolfSSL | 15:117db924cf7c | 7651 | word16 len; |
wolfSSL | 15:117db924cf7c | 7652 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 7653 | |
wolfSSL | 15:117db924cf7c | 7654 | /* Add a KeyShare extension if it doesn't exist. */ |
wolfSSL | 15:117db924cf7c | 7655 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7656 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 7657 | /* Push new KeyShare extension. */ |
wolfSSL | 15:117db924cf7c | 7658 | ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 7659 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7660 | return ret; |
wolfSSL | 15:117db924cf7c | 7661 | } |
wolfSSL | 15:117db924cf7c | 7662 | |
wolfSSL | 15:117db924cf7c | 7663 | if (length < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 7664 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7665 | |
wolfSSL | 15:117db924cf7c | 7666 | /* ClientHello contains zero or more key share entries. */ |
wolfSSL | 15:117db924cf7c | 7667 | ato16(input, &len); |
wolfSSL | 15:117db924cf7c | 7668 | if (len != length - OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 7669 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7670 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 7671 | |
wolfSSL | 16:8e0d178b1d1e | 7672 | while (offset < (int)length) { |
wolfSSL | 16:8e0d178b1d1e | 7673 | ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset], length - offset, |
wolfSSL | 15:117db924cf7c | 7674 | &keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7675 | if (ret < 0) |
wolfSSL | 15:117db924cf7c | 7676 | return ret; |
wolfSSL | 15:117db924cf7c | 7677 | |
wolfSSL | 15:117db924cf7c | 7678 | offset += ret; |
wolfSSL | 15:117db924cf7c | 7679 | } |
wolfSSL | 15:117db924cf7c | 7680 | |
wolfSSL | 15:117db924cf7c | 7681 | ret = 0; |
wolfSSL | 15:117db924cf7c | 7682 | } |
wolfSSL | 15:117db924cf7c | 7683 | else if (msgType == server_hello) { |
wolfSSL | 15:117db924cf7c | 7684 | int len; |
wolfSSL | 15:117db924cf7c | 7685 | |
wolfSSL | 15:117db924cf7c | 7686 | if (length < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 7687 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7688 | |
wolfSSL | 15:117db924cf7c | 7689 | /* The data is the named group the server wants to use. */ |
wolfSSL | 15:117db924cf7c | 7690 | ato16(input, &group); |
wolfSSL | 15:117db924cf7c | 7691 | |
wolfSSL | 15:117db924cf7c | 7692 | /* Check the selected group was supported by ClientHello extensions. */ |
wolfSSL | 15:117db924cf7c | 7693 | if (!TLSX_SupportedGroups_Find(ssl, group)) |
wolfSSL | 15:117db924cf7c | 7694 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 7695 | |
wolfSSL | 15:117db924cf7c | 7696 | /* Check if the group was sent. */ |
wolfSSL | 15:117db924cf7c | 7697 | if (!TLSX_KeyShare_Find(ssl, group)) |
wolfSSL | 15:117db924cf7c | 7698 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 7699 | |
wolfSSL | 15:117db924cf7c | 7700 | /* ServerHello contains one key share entry. */ |
wolfSSL | 15:117db924cf7c | 7701 | len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry); |
wolfSSL | 16:8e0d178b1d1e | 7702 | if (len != (int)length) |
wolfSSL | 15:117db924cf7c | 7703 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7704 | |
wolfSSL | 15:117db924cf7c | 7705 | /* Not in list sent if there isn't a private key. */ |
wolfSSL | 16:8e0d178b1d1e | 7706 | if (keyShareEntry == NULL || keyShareEntry->key == NULL) |
wolfSSL | 15:117db924cf7c | 7707 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 7708 | |
wolfSSL | 15:117db924cf7c | 7709 | /* Process the entry to calculate the secret. */ |
wolfSSL | 15:117db924cf7c | 7710 | ret = TLSX_KeyShare_Process(ssl, keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7711 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 7712 | ssl->session.namedGroup = ssl->namedGroup = group; |
wolfSSL | 15:117db924cf7c | 7713 | } |
wolfSSL | 15:117db924cf7c | 7714 | else if (msgType == hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 7715 | if (length != OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 7716 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 7717 | |
wolfSSL | 15:117db924cf7c | 7718 | /* The data is the named group the server wants to use. */ |
wolfSSL | 15:117db924cf7c | 7719 | ato16(input, &group); |
wolfSSL | 15:117db924cf7c | 7720 | |
wolfSSL | 15:117db924cf7c | 7721 | /* Check the selected group was supported by ClientHello extensions. */ |
wolfSSL | 15:117db924cf7c | 7722 | if (!TLSX_SupportedGroups_Find(ssl, group)) |
wolfSSL | 15:117db924cf7c | 7723 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 7724 | |
wolfSSL | 15:117db924cf7c | 7725 | /* Check if the group was sent. */ |
wolfSSL | 15:117db924cf7c | 7726 | if (TLSX_KeyShare_Find(ssl, group)) |
wolfSSL | 15:117db924cf7c | 7727 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 7728 | |
wolfSSL | 15:117db924cf7c | 7729 | /* Clear out unusable key shares. */ |
wolfSSL | 15:117db924cf7c | 7730 | ret = TLSX_KeyShare_Empty(ssl); |
wolfSSL | 15:117db924cf7c | 7731 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7732 | return ret; |
wolfSSL | 15:117db924cf7c | 7733 | |
wolfSSL | 15:117db924cf7c | 7734 | /* Try to use the server's group. */ |
wolfSSL | 15:117db924cf7c | 7735 | ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); |
wolfSSL | 15:117db924cf7c | 7736 | } |
wolfSSL | 15:117db924cf7c | 7737 | else { |
wolfSSL | 15:117db924cf7c | 7738 | /* Not a message type that is allowed to have this extension. */ |
wolfSSL | 15:117db924cf7c | 7739 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 7740 | } |
wolfSSL | 15:117db924cf7c | 7741 | |
wolfSSL | 15:117db924cf7c | 7742 | return ret; |
wolfSSL | 15:117db924cf7c | 7743 | } |
wolfSSL | 15:117db924cf7c | 7744 | |
wolfSSL | 15:117db924cf7c | 7745 | /* Create a new key share entry and put it into the list. |
wolfSSL | 15:117db924cf7c | 7746 | * |
wolfSSL | 15:117db924cf7c | 7747 | * list The linked list of key share entries. |
wolfSSL | 15:117db924cf7c | 7748 | * group The named group. |
wolfSSL | 15:117db924cf7c | 7749 | * heap The memory to allocate with. |
wolfSSL | 15:117db924cf7c | 7750 | * keyShareEntry The new key share entry object. |
wolfSSL | 15:117db924cf7c | 7751 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7752 | */ |
wolfSSL | 15:117db924cf7c | 7753 | static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, |
wolfSSL | 15:117db924cf7c | 7754 | KeyShareEntry** keyShareEntry) |
wolfSSL | 15:117db924cf7c | 7755 | { |
wolfSSL | 15:117db924cf7c | 7756 | KeyShareEntry* kse; |
wolfSSL | 16:8e0d178b1d1e | 7757 | KeyShareEntry** next; |
wolfSSL | 15:117db924cf7c | 7758 | |
wolfSSL | 15:117db924cf7c | 7759 | kse = (KeyShareEntry*)XMALLOC(sizeof(KeyShareEntry), heap, |
wolfSSL | 15:117db924cf7c | 7760 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 7761 | if (kse == NULL) |
wolfSSL | 15:117db924cf7c | 7762 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 7763 | |
wolfSSL | 15:117db924cf7c | 7764 | XMEMSET(kse, 0, sizeof(*kse)); |
wolfSSL | 15:117db924cf7c | 7765 | kse->group = (word16)group; |
wolfSSL | 15:117db924cf7c | 7766 | |
wolfSSL | 15:117db924cf7c | 7767 | /* Add it to the back and maintain the links. */ |
wolfSSL | 16:8e0d178b1d1e | 7768 | while (*list != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7769 | /* Assign to temporary to work around compiler bug found by customer. */ |
wolfSSL | 16:8e0d178b1d1e | 7770 | next = &((*list)->next); |
wolfSSL | 16:8e0d178b1d1e | 7771 | list = next; |
wolfSSL | 16:8e0d178b1d1e | 7772 | } |
wolfSSL | 15:117db924cf7c | 7773 | *list = kse; |
wolfSSL | 15:117db924cf7c | 7774 | *keyShareEntry = kse; |
wolfSSL | 15:117db924cf7c | 7775 | |
wolfSSL | 15:117db924cf7c | 7776 | (void)heap; |
wolfSSL | 15:117db924cf7c | 7777 | |
wolfSSL | 15:117db924cf7c | 7778 | return 0; |
wolfSSL | 15:117db924cf7c | 7779 | } |
wolfSSL | 15:117db924cf7c | 7780 | |
wolfSSL | 15:117db924cf7c | 7781 | /* Use the data to create a new key share object in the extensions. |
wolfSSL | 15:117db924cf7c | 7782 | * |
wolfSSL | 15:117db924cf7c | 7783 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7784 | * group The named group. |
wolfSSL | 15:117db924cf7c | 7785 | * len The length of the public key data. |
wolfSSL | 15:117db924cf7c | 7786 | * data The public key data. |
wolfSSL | 15:117db924cf7c | 7787 | * kse The new key share entry object. |
wolfSSL | 15:117db924cf7c | 7788 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7789 | */ |
wolfSSL | 15:117db924cf7c | 7790 | int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data, |
wolfSSL | 15:117db924cf7c | 7791 | KeyShareEntry **kse) |
wolfSSL | 15:117db924cf7c | 7792 | { |
wolfSSL | 15:117db924cf7c | 7793 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 7794 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 7795 | KeyShareEntry* keyShareEntry = NULL; |
wolfSSL | 15:117db924cf7c | 7796 | |
wolfSSL | 15:117db924cf7c | 7797 | /* Find the KeyShare extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 7798 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7799 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 7800 | /* Push new KeyShare extension. */ |
wolfSSL | 15:117db924cf7c | 7801 | ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 7802 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7803 | return ret; |
wolfSSL | 15:117db924cf7c | 7804 | |
wolfSSL | 15:117db924cf7c | 7805 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7806 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 7807 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 7808 | } |
wolfSSL | 15:117db924cf7c | 7809 | extension->resp = 0; |
wolfSSL | 15:117db924cf7c | 7810 | |
wolfSSL | 15:117db924cf7c | 7811 | /* Try to find the key share entry with this group. */ |
wolfSSL | 15:117db924cf7c | 7812 | keyShareEntry = (KeyShareEntry*)extension->data; |
wolfSSL | 15:117db924cf7c | 7813 | while (keyShareEntry != NULL) { |
wolfSSL | 15:117db924cf7c | 7814 | if (keyShareEntry->group == group) |
wolfSSL | 15:117db924cf7c | 7815 | break; |
wolfSSL | 15:117db924cf7c | 7816 | keyShareEntry = keyShareEntry->next; |
wolfSSL | 15:117db924cf7c | 7817 | } |
wolfSSL | 15:117db924cf7c | 7818 | |
wolfSSL | 15:117db924cf7c | 7819 | /* Create a new key share entry if not found. */ |
wolfSSL | 15:117db924cf7c | 7820 | if (keyShareEntry == NULL) { |
wolfSSL | 15:117db924cf7c | 7821 | ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, group, |
wolfSSL | 15:117db924cf7c | 7822 | ssl->heap, &keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7823 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7824 | return ret; |
wolfSSL | 15:117db924cf7c | 7825 | } |
wolfSSL | 15:117db924cf7c | 7826 | |
wolfSSL | 15:117db924cf7c | 7827 | if (data != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7828 | if (keyShareEntry->ke != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 7829 | XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 16:8e0d178b1d1e | 7830 | } |
wolfSSL | 15:117db924cf7c | 7831 | keyShareEntry->ke = data; |
wolfSSL | 15:117db924cf7c | 7832 | keyShareEntry->keLen = len; |
wolfSSL | 15:117db924cf7c | 7833 | } |
wolfSSL | 15:117db924cf7c | 7834 | else { |
wolfSSL | 15:117db924cf7c | 7835 | /* Generate a key pair. */ |
wolfSSL | 15:117db924cf7c | 7836 | ret = TLSX_KeyShare_GenKey(ssl, keyShareEntry); |
wolfSSL | 15:117db924cf7c | 7837 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 7838 | return ret; |
wolfSSL | 15:117db924cf7c | 7839 | } |
wolfSSL | 15:117db924cf7c | 7840 | |
wolfSSL | 15:117db924cf7c | 7841 | if (kse != NULL) |
wolfSSL | 15:117db924cf7c | 7842 | *kse = keyShareEntry; |
wolfSSL | 15:117db924cf7c | 7843 | |
wolfSSL | 15:117db924cf7c | 7844 | return 0; |
wolfSSL | 15:117db924cf7c | 7845 | } |
wolfSSL | 15:117db924cf7c | 7846 | |
wolfSSL | 15:117db924cf7c | 7847 | /* Set an empty Key Share extension. |
wolfSSL | 15:117db924cf7c | 7848 | * |
wolfSSL | 15:117db924cf7c | 7849 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7850 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 7851 | */ |
wolfSSL | 15:117db924cf7c | 7852 | int TLSX_KeyShare_Empty(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 7853 | { |
wolfSSL | 15:117db924cf7c | 7854 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 7855 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 7856 | |
wolfSSL | 15:117db924cf7c | 7857 | /* Find the KeyShare extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 7858 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 7859 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 7860 | /* Push new KeyShare extension. */ |
wolfSSL | 15:117db924cf7c | 7861 | ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 7862 | } |
wolfSSL | 15:117db924cf7c | 7863 | else if (extension->data != NULL) { |
wolfSSL | 15:117db924cf7c | 7864 | TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); |
wolfSSL | 15:117db924cf7c | 7865 | extension->data = NULL; |
wolfSSL | 15:117db924cf7c | 7866 | } |
wolfSSL | 15:117db924cf7c | 7867 | |
wolfSSL | 15:117db924cf7c | 7868 | return ret; |
wolfSSL | 15:117db924cf7c | 7869 | } |
wolfSSL | 15:117db924cf7c | 7870 | |
wolfSSL | 15:117db924cf7c | 7871 | /* Returns whether this group is supported. |
wolfSSL | 15:117db924cf7c | 7872 | * |
wolfSSL | 15:117db924cf7c | 7873 | * namedGroup The named group to check. |
wolfSSL | 15:117db924cf7c | 7874 | * returns 1 when supported or 0 otherwise. |
wolfSSL | 15:117db924cf7c | 7875 | */ |
wolfSSL | 15:117db924cf7c | 7876 | static int TLSX_KeyShare_IsSupported(int namedGroup) |
wolfSSL | 15:117db924cf7c | 7877 | { |
wolfSSL | 15:117db924cf7c | 7878 | switch (namedGroup) { |
wolfSSL | 15:117db924cf7c | 7879 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 15:117db924cf7c | 7880 | case WOLFSSL_FFDHE_2048: |
wolfSSL | 15:117db924cf7c | 7881 | break; |
wolfSSL | 15:117db924cf7c | 7882 | #endif |
wolfSSL | 15:117db924cf7c | 7883 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 15:117db924cf7c | 7884 | case WOLFSSL_FFDHE_3072: |
wolfSSL | 15:117db924cf7c | 7885 | break; |
wolfSSL | 15:117db924cf7c | 7886 | #endif |
wolfSSL | 15:117db924cf7c | 7887 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 15:117db924cf7c | 7888 | case WOLFSSL_FFDHE_4096: |
wolfSSL | 15:117db924cf7c | 7889 | break; |
wolfSSL | 15:117db924cf7c | 7890 | #endif |
wolfSSL | 15:117db924cf7c | 7891 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 15:117db924cf7c | 7892 | case WOLFSSL_FFDHE_6144: |
wolfSSL | 15:117db924cf7c | 7893 | break; |
wolfSSL | 15:117db924cf7c | 7894 | #endif |
wolfSSL | 15:117db924cf7c | 7895 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 15:117db924cf7c | 7896 | case WOLFSSL_FFDHE_8192: |
wolfSSL | 15:117db924cf7c | 7897 | break; |
wolfSSL | 15:117db924cf7c | 7898 | #endif |
wolfSSL | 15:117db924cf7c | 7899 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7900 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7901 | case WOLFSSL_ECC_SECP256R1: |
wolfSSL | 15:117db924cf7c | 7902 | break; |
wolfSSL | 15:117db924cf7c | 7903 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7904 | #endif |
wolfSSL | 15:117db924cf7c | 7905 | #ifdef HAVE_CURVE25519 |
wolfSSL | 15:117db924cf7c | 7906 | case WOLFSSL_ECC_X25519: |
wolfSSL | 15:117db924cf7c | 7907 | break; |
wolfSSL | 15:117db924cf7c | 7908 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7909 | #ifdef HAVE_CURVE448 |
wolfSSL | 16:8e0d178b1d1e | 7910 | case WOLFSSL_ECC_X448: |
wolfSSL | 16:8e0d178b1d1e | 7911 | break; |
wolfSSL | 16:8e0d178b1d1e | 7912 | #endif |
wolfSSL | 15:117db924cf7c | 7913 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7914 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7915 | case WOLFSSL_ECC_SECP384R1: |
wolfSSL | 15:117db924cf7c | 7916 | break; |
wolfSSL | 15:117db924cf7c | 7917 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7918 | #endif |
wolfSSL | 15:117db924cf7c | 7919 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7920 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7921 | case WOLFSSL_ECC_SECP521R1: |
wolfSSL | 15:117db924cf7c | 7922 | break; |
wolfSSL | 15:117db924cf7c | 7923 | #endif /* !NO_ECC_SECP */ |
wolfSSL | 15:117db924cf7c | 7924 | #endif |
wolfSSL | 15:117db924cf7c | 7925 | default: |
wolfSSL | 15:117db924cf7c | 7926 | return 0; |
wolfSSL | 15:117db924cf7c | 7927 | } |
wolfSSL | 15:117db924cf7c | 7928 | |
wolfSSL | 15:117db924cf7c | 7929 | return 1; |
wolfSSL | 15:117db924cf7c | 7930 | } |
wolfSSL | 15:117db924cf7c | 7931 | |
wolfSSL | 15:117db924cf7c | 7932 | /* Examines the application specified group ranking and returns the rank of the |
wolfSSL | 15:117db924cf7c | 7933 | * group. |
wolfSSL | 15:117db924cf7c | 7934 | * If no group ranking set then all groups are rank 0 (highest). |
wolfSSL | 15:117db924cf7c | 7935 | * |
wolfSSL | 15:117db924cf7c | 7936 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 7937 | * group The group to check ranking for. |
wolfSSL | 15:117db924cf7c | 7938 | * returns ranking from 0 to MAX_GROUP_COUNT-1 or -1 when group not in list. |
wolfSSL | 15:117db924cf7c | 7939 | */ |
wolfSSL | 15:117db924cf7c | 7940 | static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) |
wolfSSL | 15:117db924cf7c | 7941 | { |
wolfSSL | 15:117db924cf7c | 7942 | byte i; |
wolfSSL | 15:117db924cf7c | 7943 | |
wolfSSL | 15:117db924cf7c | 7944 | if (ssl->numGroups == 0) { |
wolfSSL | 15:117db924cf7c | 7945 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 15:117db924cf7c | 7946 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7947 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7948 | ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP256R1; |
wolfSSL | 15:117db924cf7c | 7949 | #endif |
wolfSSL | 15:117db924cf7c | 7950 | #endif |
wolfSSL | 15:117db924cf7c | 7951 | #endif |
wolfSSL | 15:117db924cf7c | 7952 | #ifndef HAVE_FIPS |
wolfSSL | 15:117db924cf7c | 7953 | #if defined(HAVE_CURVE25519) |
wolfSSL | 15:117db924cf7c | 7954 | ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X25519; |
wolfSSL | 15:117db924cf7c | 7955 | #endif |
wolfSSL | 15:117db924cf7c | 7956 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7957 | #ifndef HAVE_FIPS |
wolfSSL | 16:8e0d178b1d1e | 7958 | #if defined(HAVE_CURVE448) |
wolfSSL | 16:8e0d178b1d1e | 7959 | ssl->group[ssl->numGroups++] = WOLFSSL_ECC_X448; |
wolfSSL | 16:8e0d178b1d1e | 7960 | #endif |
wolfSSL | 16:8e0d178b1d1e | 7961 | #endif |
wolfSSL | 15:117db924cf7c | 7962 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 15:117db924cf7c | 7963 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7964 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7965 | ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP384R1; |
wolfSSL | 15:117db924cf7c | 7966 | #endif |
wolfSSL | 15:117db924cf7c | 7967 | #endif |
wolfSSL | 15:117db924cf7c | 7968 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 7969 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 7970 | ssl->group[ssl->numGroups++] = WOLFSSL_ECC_SECP521R1; |
wolfSSL | 15:117db924cf7c | 7971 | #endif |
wolfSSL | 15:117db924cf7c | 7972 | #endif |
wolfSSL | 15:117db924cf7c | 7973 | #endif |
wolfSSL | 15:117db924cf7c | 7974 | /* Add FFDHE supported groups. */ |
wolfSSL | 15:117db924cf7c | 7975 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 15:117db924cf7c | 7976 | ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_2048; |
wolfSSL | 15:117db924cf7c | 7977 | #endif |
wolfSSL | 15:117db924cf7c | 7978 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 15:117db924cf7c | 7979 | ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_3072; |
wolfSSL | 15:117db924cf7c | 7980 | #endif |
wolfSSL | 15:117db924cf7c | 7981 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 15:117db924cf7c | 7982 | ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_4096; |
wolfSSL | 15:117db924cf7c | 7983 | #endif |
wolfSSL | 15:117db924cf7c | 7984 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 15:117db924cf7c | 7985 | ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_6144; |
wolfSSL | 15:117db924cf7c | 7986 | #endif |
wolfSSL | 15:117db924cf7c | 7987 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 15:117db924cf7c | 7988 | ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192; |
wolfSSL | 15:117db924cf7c | 7989 | #endif |
wolfSSL | 15:117db924cf7c | 7990 | } |
wolfSSL | 15:117db924cf7c | 7991 | |
wolfSSL | 15:117db924cf7c | 7992 | for (i = 0; i < ssl->numGroups; i++) |
wolfSSL | 16:8e0d178b1d1e | 7993 | if (ssl->group[i] == (word16)group) |
wolfSSL | 15:117db924cf7c | 7994 | return i; |
wolfSSL | 15:117db924cf7c | 7995 | |
wolfSSL | 15:117db924cf7c | 7996 | return -1; |
wolfSSL | 15:117db924cf7c | 7997 | } |
wolfSSL | 15:117db924cf7c | 7998 | |
wolfSSL | 15:117db924cf7c | 7999 | /* Set a key share that is supported by the client into extensions. |
wolfSSL | 15:117db924cf7c | 8000 | * |
wolfSSL | 15:117db924cf7c | 8001 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8002 | * returns BAD_KEY_SHARE_DATA if no supported group has a key share, |
wolfSSL | 15:117db924cf7c | 8003 | * 0 if a supported group has a key share and other values indicate an error. |
wolfSSL | 15:117db924cf7c | 8004 | */ |
wolfSSL | 15:117db924cf7c | 8005 | static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 8006 | { |
wolfSSL | 15:117db924cf7c | 8007 | int ret; |
wolfSSL | 15:117db924cf7c | 8008 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 15:117db924cf7c | 8009 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8010 | SupportedCurve* curve = NULL; |
wolfSSL | 15:117db924cf7c | 8011 | SupportedCurve* preferredCurve = NULL; |
wolfSSL | 15:117db924cf7c | 8012 | int preferredRank = WOLFSSL_MAX_GROUP_COUNT; |
wolfSSL | 15:117db924cf7c | 8013 | int rank; |
wolfSSL | 15:117db924cf7c | 8014 | |
wolfSSL | 15:117db924cf7c | 8015 | extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); |
wolfSSL | 15:117db924cf7c | 8016 | if (extension != NULL) |
wolfSSL | 15:117db924cf7c | 8017 | curve = (SupportedCurve*)extension->data; |
wolfSSL | 15:117db924cf7c | 8018 | /* Use server's preference order. */ |
wolfSSL | 15:117db924cf7c | 8019 | for (; curve != NULL; curve = curve->next) { |
wolfSSL | 15:117db924cf7c | 8020 | if (!TLSX_KeyShare_IsSupported(curve->name)) |
wolfSSL | 15:117db924cf7c | 8021 | continue; |
wolfSSL | 15:117db924cf7c | 8022 | |
wolfSSL | 15:117db924cf7c | 8023 | rank = TLSX_KeyShare_GroupRank(ssl, curve->name); |
wolfSSL | 15:117db924cf7c | 8024 | if (rank == -1) |
wolfSSL | 15:117db924cf7c | 8025 | continue; |
wolfSSL | 15:117db924cf7c | 8026 | if (rank < preferredRank) { |
wolfSSL | 15:117db924cf7c | 8027 | preferredCurve = curve; |
wolfSSL | 15:117db924cf7c | 8028 | preferredRank = rank; |
wolfSSL | 15:117db924cf7c | 8029 | } |
wolfSSL | 15:117db924cf7c | 8030 | } |
wolfSSL | 15:117db924cf7c | 8031 | curve = preferredCurve; |
wolfSSL | 15:117db924cf7c | 8032 | |
wolfSSL | 15:117db924cf7c | 8033 | if (curve == NULL) |
wolfSSL | 15:117db924cf7c | 8034 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 8035 | |
wolfSSL | 15:117db924cf7c | 8036 | /* Delete the old key share data list. */ |
wolfSSL | 15:117db924cf7c | 8037 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 8038 | if (extension != NULL) { |
wolfSSL | 15:117db924cf7c | 8039 | TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); |
wolfSSL | 15:117db924cf7c | 8040 | extension->data = NULL; |
wolfSSL | 15:117db924cf7c | 8041 | } |
wolfSSL | 15:117db924cf7c | 8042 | |
wolfSSL | 15:117db924cf7c | 8043 | /* Add in the chosen group. */ |
wolfSSL | 15:117db924cf7c | 8044 | ret = TLSX_KeyShare_Use(ssl, curve->name, 0, NULL, NULL); |
wolfSSL | 15:117db924cf7c | 8045 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8046 | return ret; |
wolfSSL | 15:117db924cf7c | 8047 | |
wolfSSL | 16:8e0d178b1d1e | 8048 | /* Set extension to be in response. */ |
wolfSSL | 15:117db924cf7c | 8049 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 8050 | extension->resp = 1; |
wolfSSL | 15:117db924cf7c | 8051 | #else |
wolfSSL | 15:117db924cf7c | 8052 | |
wolfSSL | 15:117db924cf7c | 8053 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 8054 | ret = NOT_COMPILED_IN; |
wolfSSL | 15:117db924cf7c | 8055 | #endif |
wolfSSL | 15:117db924cf7c | 8056 | |
wolfSSL | 15:117db924cf7c | 8057 | return ret; |
wolfSSL | 15:117db924cf7c | 8058 | } |
wolfSSL | 15:117db924cf7c | 8059 | |
wolfSSL | 15:117db924cf7c | 8060 | /* Ensure there is a key pair that can be used for key exchange. |
wolfSSL | 15:117db924cf7c | 8061 | * |
wolfSSL | 15:117db924cf7c | 8062 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8063 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8064 | */ |
wolfSSL | 15:117db924cf7c | 8065 | int TLSX_KeyShare_Establish(WOLFSSL *ssl) |
wolfSSL | 15:117db924cf7c | 8066 | { |
wolfSSL | 15:117db924cf7c | 8067 | int ret; |
wolfSSL | 15:117db924cf7c | 8068 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8069 | KeyShareEntry* clientKSE = NULL; |
wolfSSL | 15:117db924cf7c | 8070 | KeyShareEntry* serverKSE; |
wolfSSL | 15:117db924cf7c | 8071 | KeyShareEntry* list = NULL; |
wolfSSL | 15:117db924cf7c | 8072 | KeyShareEntry* preferredKSE = NULL; |
wolfSSL | 15:117db924cf7c | 8073 | int preferredRank = WOLFSSL_MAX_GROUP_COUNT; |
wolfSSL | 15:117db924cf7c | 8074 | int rank; |
wolfSSL | 15:117db924cf7c | 8075 | |
wolfSSL | 15:117db924cf7c | 8076 | /* Find the KeyShare extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 8077 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 8078 | if (extension != NULL) |
wolfSSL | 15:117db924cf7c | 8079 | list = (KeyShareEntry*)extension->data; |
wolfSSL | 15:117db924cf7c | 8080 | |
wolfSSL | 15:117db924cf7c | 8081 | if (extension && extension->resp == 1) |
wolfSSL | 15:117db924cf7c | 8082 | return 0; |
wolfSSL | 15:117db924cf7c | 8083 | |
wolfSSL | 15:117db924cf7c | 8084 | /* Use server's preference order. */ |
wolfSSL | 15:117db924cf7c | 8085 | for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) { |
wolfSSL | 15:117db924cf7c | 8086 | if (clientKSE->ke == NULL) |
wolfSSL | 15:117db924cf7c | 8087 | continue; |
wolfSSL | 15:117db924cf7c | 8088 | |
wolfSSL | 15:117db924cf7c | 8089 | /* Check consistency now - extensions in any order. */ |
wolfSSL | 15:117db924cf7c | 8090 | if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group)) |
wolfSSL | 15:117db924cf7c | 8091 | return BAD_KEY_SHARE_DATA; |
wolfSSL | 15:117db924cf7c | 8092 | |
wolfSSL | 15:117db924cf7c | 8093 | #ifdef OPENSSL_EXTRA |
wolfSSL | 15:117db924cf7c | 8094 | if ((clientKSE->group & NAMED_DH_MASK) == 0) { |
wolfSSL | 15:117db924cf7c | 8095 | /* Check if server supports group. */ |
wolfSSL | 15:117db924cf7c | 8096 | if (ssl->ctx->disabledCurves & (1 << clientKSE->group)) |
wolfSSL | 15:117db924cf7c | 8097 | continue; |
wolfSSL | 15:117db924cf7c | 8098 | } |
wolfSSL | 15:117db924cf7c | 8099 | #endif |
wolfSSL | 15:117db924cf7c | 8100 | if (!TLSX_KeyShare_IsSupported(clientKSE->group)) |
wolfSSL | 15:117db924cf7c | 8101 | continue; |
wolfSSL | 15:117db924cf7c | 8102 | |
wolfSSL | 15:117db924cf7c | 8103 | rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group); |
wolfSSL | 15:117db924cf7c | 8104 | if (rank == -1) |
wolfSSL | 15:117db924cf7c | 8105 | continue; |
wolfSSL | 15:117db924cf7c | 8106 | if (rank < preferredRank) { |
wolfSSL | 15:117db924cf7c | 8107 | preferredKSE = clientKSE; |
wolfSSL | 15:117db924cf7c | 8108 | preferredRank = rank; |
wolfSSL | 15:117db924cf7c | 8109 | } |
wolfSSL | 15:117db924cf7c | 8110 | } |
wolfSSL | 15:117db924cf7c | 8111 | clientKSE = preferredKSE; |
wolfSSL | 15:117db924cf7c | 8112 | |
wolfSSL | 15:117db924cf7c | 8113 | /* No supported group found - send HelloRetryRequest. */ |
wolfSSL | 15:117db924cf7c | 8114 | if (clientKSE == NULL) { |
wolfSSL | 15:117db924cf7c | 8115 | ret = TLSX_KeyShare_SetSupported(ssl); |
wolfSSL | 15:117db924cf7c | 8116 | /* Return KEY_SHARE_ERROR to indicate HelloRetryRequest required. */ |
wolfSSL | 15:117db924cf7c | 8117 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 8118 | return KEY_SHARE_ERROR; |
wolfSSL | 15:117db924cf7c | 8119 | return ret; |
wolfSSL | 15:117db924cf7c | 8120 | } |
wolfSSL | 15:117db924cf7c | 8121 | |
wolfSSL | 15:117db924cf7c | 8122 | list = NULL; |
wolfSSL | 15:117db924cf7c | 8123 | /* Generate a new key pair. */ |
wolfSSL | 15:117db924cf7c | 8124 | ret = TLSX_KeyShare_New(&list, clientKSE->group, ssl->heap, &serverKSE); |
wolfSSL | 15:117db924cf7c | 8125 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8126 | return ret; |
wolfSSL | 15:117db924cf7c | 8127 | |
wolfSSL | 15:117db924cf7c | 8128 | if (clientKSE->key == NULL) { |
wolfSSL | 15:117db924cf7c | 8129 | ret = TLSX_KeyShare_GenKey(ssl, serverKSE); |
wolfSSL | 15:117db924cf7c | 8130 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8131 | return ret; |
wolfSSL | 15:117db924cf7c | 8132 | } |
wolfSSL | 15:117db924cf7c | 8133 | else { |
wolfSSL | 15:117db924cf7c | 8134 | serverKSE->key = clientKSE->key; |
wolfSSL | 15:117db924cf7c | 8135 | serverKSE->keyLen = clientKSE->keyLen; |
wolfSSL | 15:117db924cf7c | 8136 | serverKSE->pubKey = clientKSE->pubKey; |
wolfSSL | 15:117db924cf7c | 8137 | serverKSE->pubKeyLen = clientKSE->pubKeyLen; |
wolfSSL | 15:117db924cf7c | 8138 | clientKSE->key = NULL; |
wolfSSL | 15:117db924cf7c | 8139 | clientKSE->pubKey = NULL; |
wolfSSL | 15:117db924cf7c | 8140 | } |
wolfSSL | 15:117db924cf7c | 8141 | serverKSE->ke = clientKSE->ke; |
wolfSSL | 15:117db924cf7c | 8142 | serverKSE->keLen = clientKSE->keLen; |
wolfSSL | 15:117db924cf7c | 8143 | clientKSE->ke = NULL; |
wolfSSL | 15:117db924cf7c | 8144 | clientKSE->keLen = 0; |
wolfSSL | 15:117db924cf7c | 8145 | |
wolfSSL | 15:117db924cf7c | 8146 | TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); |
wolfSSL | 15:117db924cf7c | 8147 | extension->data = (void *)serverKSE; |
wolfSSL | 15:117db924cf7c | 8148 | |
wolfSSL | 15:117db924cf7c | 8149 | extension->resp = 1; |
wolfSSL | 15:117db924cf7c | 8150 | |
wolfSSL | 15:117db924cf7c | 8151 | return 0; |
wolfSSL | 15:117db924cf7c | 8152 | } |
wolfSSL | 15:117db924cf7c | 8153 | |
wolfSSL | 15:117db924cf7c | 8154 | /* Derive the shared secret of the key exchange. |
wolfSSL | 15:117db924cf7c | 8155 | * |
wolfSSL | 15:117db924cf7c | 8156 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8157 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8158 | */ |
wolfSSL | 15:117db924cf7c | 8159 | int TLSX_KeyShare_DeriveSecret(WOLFSSL *ssl) |
wolfSSL | 15:117db924cf7c | 8160 | { |
wolfSSL | 15:117db924cf7c | 8161 | int ret; |
wolfSSL | 15:117db924cf7c | 8162 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8163 | KeyShareEntry* list = NULL; |
wolfSSL | 15:117db924cf7c | 8164 | |
wolfSSL | 15:117db924cf7c | 8165 | /* Find the KeyShare extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 8166 | extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); |
wolfSSL | 15:117db924cf7c | 8167 | if (extension != NULL) |
wolfSSL | 15:117db924cf7c | 8168 | list = (KeyShareEntry*)extension->data; |
wolfSSL | 15:117db924cf7c | 8169 | |
wolfSSL | 15:117db924cf7c | 8170 | if (list == NULL) |
wolfSSL | 15:117db924cf7c | 8171 | return KEY_SHARE_ERROR; |
wolfSSL | 15:117db924cf7c | 8172 | |
wolfSSL | 15:117db924cf7c | 8173 | /* Calculate secret. */ |
wolfSSL | 15:117db924cf7c | 8174 | ret = TLSX_KeyShare_Process(ssl, list); |
wolfSSL | 15:117db924cf7c | 8175 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8176 | return ret; |
wolfSSL | 15:117db924cf7c | 8177 | |
wolfSSL | 15:117db924cf7c | 8178 | return ret; |
wolfSSL | 15:117db924cf7c | 8179 | } |
wolfSSL | 15:117db924cf7c | 8180 | |
wolfSSL | 15:117db924cf7c | 8181 | #define KS_FREE_ALL TLSX_KeyShare_FreeAll |
wolfSSL | 15:117db924cf7c | 8182 | #define KS_GET_SIZE TLSX_KeyShare_GetSize |
wolfSSL | 15:117db924cf7c | 8183 | #define KS_WRITE TLSX_KeyShare_Write |
wolfSSL | 15:117db924cf7c | 8184 | #define KS_PARSE TLSX_KeyShare_Parse |
wolfSSL | 15:117db924cf7c | 8185 | |
wolfSSL | 15:117db924cf7c | 8186 | #else |
wolfSSL | 15:117db924cf7c | 8187 | |
wolfSSL | 15:117db924cf7c | 8188 | #define KS_FREE_ALL(a, b) |
wolfSSL | 15:117db924cf7c | 8189 | #define KS_GET_SIZE(a, b) 0 |
wolfSSL | 15:117db924cf7c | 8190 | #define KS_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 8191 | #define KS_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8192 | |
wolfSSL | 15:117db924cf7c | 8193 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 8194 | |
wolfSSL | 15:117db924cf7c | 8195 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8196 | /* Pre-Shared Key */ |
wolfSSL | 15:117db924cf7c | 8197 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8198 | |
wolfSSL | 15:117db924cf7c | 8199 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 8200 | /* Free the pre-shared key dynamic data. |
wolfSSL | 15:117db924cf7c | 8201 | * |
wolfSSL | 15:117db924cf7c | 8202 | * list The linked list of key share entry objects. |
wolfSSL | 15:117db924cf7c | 8203 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 8204 | */ |
wolfSSL | 15:117db924cf7c | 8205 | static void TLSX_PreSharedKey_FreeAll(PreSharedKey* list, void* heap) |
wolfSSL | 15:117db924cf7c | 8206 | { |
wolfSSL | 15:117db924cf7c | 8207 | PreSharedKey* current; |
wolfSSL | 15:117db924cf7c | 8208 | |
wolfSSL | 15:117db924cf7c | 8209 | while ((current = list) != NULL) { |
wolfSSL | 15:117db924cf7c | 8210 | list = current->next; |
wolfSSL | 15:117db924cf7c | 8211 | XFREE(current->identity, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 8212 | XFREE(current, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 8213 | } |
wolfSSL | 15:117db924cf7c | 8214 | |
wolfSSL | 15:117db924cf7c | 8215 | (void)heap; |
wolfSSL | 15:117db924cf7c | 8216 | } |
wolfSSL | 15:117db924cf7c | 8217 | |
wolfSSL | 15:117db924cf7c | 8218 | /* Get the size of the encoded pre shared key extension. |
wolfSSL | 15:117db924cf7c | 8219 | * |
wolfSSL | 15:117db924cf7c | 8220 | * list The linked list of pre-shared key extensions. |
wolfSSL | 15:117db924cf7c | 8221 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8222 | * returns the number of bytes of the encoded pre-shared key extension or |
wolfSSL | 15:117db924cf7c | 8223 | * SANITY_MSG_E to indicate invalid message type. |
wolfSSL | 15:117db924cf7c | 8224 | */ |
wolfSSL | 16:8e0d178b1d1e | 8225 | static int TLSX_PreSharedKey_GetSize(PreSharedKey* list, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 8226 | word16* pSz) |
wolfSSL | 15:117db924cf7c | 8227 | { |
wolfSSL | 15:117db924cf7c | 8228 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8229 | /* Length of identities + Length of binders. */ |
wolfSSL | 15:117db924cf7c | 8230 | word16 len = OPAQUE16_LEN + OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8231 | while (list != NULL) { |
wolfSSL | 15:117db924cf7c | 8232 | /* Each entry has: identity, ticket age and binder. */ |
wolfSSL | 15:117db924cf7c | 8233 | len += OPAQUE16_LEN + list->identityLen + OPAQUE32_LEN + |
wolfSSL | 15:117db924cf7c | 8234 | OPAQUE8_LEN + list->binderLen; |
wolfSSL | 15:117db924cf7c | 8235 | list = list->next; |
wolfSSL | 15:117db924cf7c | 8236 | } |
wolfSSL | 16:8e0d178b1d1e | 8237 | *pSz += len; |
wolfSSL | 16:8e0d178b1d1e | 8238 | return 0; |
wolfSSL | 15:117db924cf7c | 8239 | } |
wolfSSL | 15:117db924cf7c | 8240 | |
wolfSSL | 15:117db924cf7c | 8241 | if (msgType == server_hello) { |
wolfSSL | 16:8e0d178b1d1e | 8242 | *pSz += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8243 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 8244 | } |
wolfSSL | 16:8e0d178b1d1e | 8245 | |
wolfSSL | 16:8e0d178b1d1e | 8246 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8247 | } |
wolfSSL | 15:117db924cf7c | 8248 | |
wolfSSL | 15:117db924cf7c | 8249 | /* The number of bytes to be written for the binders. |
wolfSSL | 15:117db924cf7c | 8250 | * |
wolfSSL | 15:117db924cf7c | 8251 | * list The linked list of pre-shared key extensions. |
wolfSSL | 15:117db924cf7c | 8252 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8253 | * returns the number of bytes of the encoded pre-shared key extension or |
wolfSSL | 15:117db924cf7c | 8254 | * SANITY_MSG_E to indicate invalid message type. |
wolfSSL | 15:117db924cf7c | 8255 | */ |
wolfSSL | 16:8e0d178b1d1e | 8256 | int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 8257 | word16* pSz) |
wolfSSL | 15:117db924cf7c | 8258 | { |
wolfSSL | 15:117db924cf7c | 8259 | word16 len; |
wolfSSL | 15:117db924cf7c | 8260 | |
wolfSSL | 15:117db924cf7c | 8261 | if (msgType != client_hello) |
wolfSSL | 15:117db924cf7c | 8262 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8263 | |
wolfSSL | 15:117db924cf7c | 8264 | /* Length of all binders. */ |
wolfSSL | 15:117db924cf7c | 8265 | len = OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8266 | while (list != NULL) { |
wolfSSL | 15:117db924cf7c | 8267 | len += OPAQUE8_LEN + list->binderLen; |
wolfSSL | 15:117db924cf7c | 8268 | list = list->next; |
wolfSSL | 15:117db924cf7c | 8269 | } |
wolfSSL | 15:117db924cf7c | 8270 | |
wolfSSL | 16:8e0d178b1d1e | 8271 | *pSz = len; |
wolfSSL | 16:8e0d178b1d1e | 8272 | return 0; |
wolfSSL | 15:117db924cf7c | 8273 | } |
wolfSSL | 15:117db924cf7c | 8274 | |
wolfSSL | 15:117db924cf7c | 8275 | /* Writes the pre-shared key extension into the output buffer - binders only. |
wolfSSL | 15:117db924cf7c | 8276 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 8277 | * |
wolfSSL | 15:117db924cf7c | 8278 | * list The linked list of key share entries. |
wolfSSL | 15:117db924cf7c | 8279 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 8280 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8281 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 8282 | */ |
wolfSSL | 16:8e0d178b1d1e | 8283 | int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, byte* output, |
wolfSSL | 16:8e0d178b1d1e | 8284 | byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 8285 | { |
wolfSSL | 15:117db924cf7c | 8286 | PreSharedKey* current = list; |
wolfSSL | 15:117db924cf7c | 8287 | word16 idx = 0; |
wolfSSL | 15:117db924cf7c | 8288 | word16 lenIdx; |
wolfSSL | 15:117db924cf7c | 8289 | word16 len; |
wolfSSL | 15:117db924cf7c | 8290 | |
wolfSSL | 15:117db924cf7c | 8291 | if (msgType != client_hello) |
wolfSSL | 15:117db924cf7c | 8292 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8293 | |
wolfSSL | 15:117db924cf7c | 8294 | /* Skip length of all binders. */ |
wolfSSL | 15:117db924cf7c | 8295 | lenIdx = idx; |
wolfSSL | 15:117db924cf7c | 8296 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8297 | while (current != NULL) { |
wolfSSL | 15:117db924cf7c | 8298 | /* Binder data length. */ |
wolfSSL | 15:117db924cf7c | 8299 | output[idx++] = current->binderLen; |
wolfSSL | 15:117db924cf7c | 8300 | /* Binder data. */ |
wolfSSL | 15:117db924cf7c | 8301 | XMEMCPY(output + idx, current->binder, current->binderLen); |
wolfSSL | 15:117db924cf7c | 8302 | idx += current->binderLen; |
wolfSSL | 15:117db924cf7c | 8303 | |
wolfSSL | 15:117db924cf7c | 8304 | current = current->next; |
wolfSSL | 15:117db924cf7c | 8305 | } |
wolfSSL | 15:117db924cf7c | 8306 | /* Length of the binders. */ |
wolfSSL | 15:117db924cf7c | 8307 | len = idx - lenIdx - OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8308 | c16toa(len, output + lenIdx); |
wolfSSL | 15:117db924cf7c | 8309 | |
wolfSSL | 16:8e0d178b1d1e | 8310 | *pSz = idx; |
wolfSSL | 16:8e0d178b1d1e | 8311 | return 0; |
wolfSSL | 15:117db924cf7c | 8312 | } |
wolfSSL | 15:117db924cf7c | 8313 | |
wolfSSL | 15:117db924cf7c | 8314 | |
wolfSSL | 15:117db924cf7c | 8315 | /* Writes the pre-shared key extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 8316 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 8317 | * |
wolfSSL | 15:117db924cf7c | 8318 | * list The linked list of key share entries. |
wolfSSL | 15:117db924cf7c | 8319 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 8320 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8321 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 8322 | */ |
wolfSSL | 16:8e0d178b1d1e | 8323 | static int TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output, |
wolfSSL | 16:8e0d178b1d1e | 8324 | byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 8325 | { |
wolfSSL | 15:117db924cf7c | 8326 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8327 | PreSharedKey* current = list; |
wolfSSL | 15:117db924cf7c | 8328 | word16 idx = 0; |
wolfSSL | 15:117db924cf7c | 8329 | word16 lenIdx; |
wolfSSL | 15:117db924cf7c | 8330 | word16 len; |
wolfSSL | 16:8e0d178b1d1e | 8331 | int ret; |
wolfSSL | 15:117db924cf7c | 8332 | |
wolfSSL | 15:117db924cf7c | 8333 | /* Write identites only. Binders after HMACing over this. */ |
wolfSSL | 15:117db924cf7c | 8334 | lenIdx = idx; |
wolfSSL | 15:117db924cf7c | 8335 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8336 | while (current != NULL) { |
wolfSSL | 15:117db924cf7c | 8337 | /* Identity length */ |
wolfSSL | 15:117db924cf7c | 8338 | c16toa(current->identityLen, output + idx); |
wolfSSL | 15:117db924cf7c | 8339 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8340 | /* Identity data */ |
wolfSSL | 15:117db924cf7c | 8341 | XMEMCPY(output + idx, current->identity, current->identityLen); |
wolfSSL | 15:117db924cf7c | 8342 | idx += current->identityLen; |
wolfSSL | 15:117db924cf7c | 8343 | |
wolfSSL | 15:117db924cf7c | 8344 | /* Obfuscated ticket age. */ |
wolfSSL | 15:117db924cf7c | 8345 | c32toa(current->ticketAge, output + idx); |
wolfSSL | 15:117db924cf7c | 8346 | idx += OPAQUE32_LEN; |
wolfSSL | 15:117db924cf7c | 8347 | |
wolfSSL | 15:117db924cf7c | 8348 | current = current->next; |
wolfSSL | 15:117db924cf7c | 8349 | } |
wolfSSL | 15:117db924cf7c | 8350 | /* Length of the identites. */ |
wolfSSL | 15:117db924cf7c | 8351 | len = idx - lenIdx - OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8352 | c16toa(len, output + lenIdx); |
wolfSSL | 15:117db924cf7c | 8353 | |
wolfSSL | 15:117db924cf7c | 8354 | /* Don't include binders here. |
wolfSSL | 15:117db924cf7c | 8355 | * The binders are based on the hash of all the ClientHello data up to |
wolfSSL | 15:117db924cf7c | 8356 | * and include the identities written above. |
wolfSSL | 15:117db924cf7c | 8357 | */ |
wolfSSL | 16:8e0d178b1d1e | 8358 | ret = TLSX_PreSharedKey_GetSizeBinders(list, msgType, &len); |
wolfSSL | 16:8e0d178b1d1e | 8359 | if (ret < 0) |
wolfSSL | 16:8e0d178b1d1e | 8360 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 8361 | *pSz += idx + len; |
wolfSSL | 16:8e0d178b1d1e | 8362 | } |
wolfSSL | 16:8e0d178b1d1e | 8363 | else if (msgType == server_hello) { |
wolfSSL | 15:117db924cf7c | 8364 | word16 i; |
wolfSSL | 15:117db924cf7c | 8365 | |
wolfSSL | 15:117db924cf7c | 8366 | /* Find the index of the chosen identity. */ |
wolfSSL | 15:117db924cf7c | 8367 | for (i=0; list != NULL && !list->chosen; i++) |
wolfSSL | 15:117db924cf7c | 8368 | list = list->next; |
wolfSSL | 15:117db924cf7c | 8369 | if (list == NULL) |
wolfSSL | 15:117db924cf7c | 8370 | return BUILD_MSG_ERROR; |
wolfSSL | 15:117db924cf7c | 8371 | |
wolfSSL | 15:117db924cf7c | 8372 | /* The index of the identity chosen by the server from the list supplied |
wolfSSL | 15:117db924cf7c | 8373 | * by the client. |
wolfSSL | 15:117db924cf7c | 8374 | */ |
wolfSSL | 15:117db924cf7c | 8375 | c16toa(i, output); |
wolfSSL | 16:8e0d178b1d1e | 8376 | *pSz += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8377 | } |
wolfSSL | 16:8e0d178b1d1e | 8378 | else |
wolfSSL | 16:8e0d178b1d1e | 8379 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8380 | |
wolfSSL | 15:117db924cf7c | 8381 | return 0; |
wolfSSL | 15:117db924cf7c | 8382 | } |
wolfSSL | 15:117db924cf7c | 8383 | |
wolfSSL | 15:117db924cf7c | 8384 | /* Parse the pre-shared key extension. |
wolfSSL | 15:117db924cf7c | 8385 | * Different formats in different messages. |
wolfSSL | 15:117db924cf7c | 8386 | * |
wolfSSL | 15:117db924cf7c | 8387 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8388 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 8389 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 8390 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 8391 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8392 | */ |
wolfSSL | 15:117db924cf7c | 8393 | static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 8394 | byte msgType) |
wolfSSL | 15:117db924cf7c | 8395 | { |
wolfSSL | 15:117db924cf7c | 8396 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8397 | PreSharedKey* list; |
wolfSSL | 15:117db924cf7c | 8398 | |
wolfSSL | 15:117db924cf7c | 8399 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8400 | int ret; |
wolfSSL | 15:117db924cf7c | 8401 | word16 len; |
wolfSSL | 15:117db924cf7c | 8402 | word16 idx = 0; |
wolfSSL | 15:117db924cf7c | 8403 | |
wolfSSL | 15:117db924cf7c | 8404 | TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap); |
wolfSSL | 15:117db924cf7c | 8405 | |
wolfSSL | 15:117db924cf7c | 8406 | /* Length of identities and of binders. */ |
wolfSSL | 15:117db924cf7c | 8407 | if (length - idx < OPAQUE16_LEN + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 8408 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8409 | |
wolfSSL | 15:117db924cf7c | 8410 | /* Length of identities. */ |
wolfSSL | 15:117db924cf7c | 8411 | ato16(input + idx, &len); |
wolfSSL | 15:117db924cf7c | 8412 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8413 | if (len < MIN_PSK_ID_LEN || length - idx < len) |
wolfSSL | 15:117db924cf7c | 8414 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8415 | |
wolfSSL | 15:117db924cf7c | 8416 | /* Create a pre-shared key object for each identity. */ |
wolfSSL | 15:117db924cf7c | 8417 | while (len > 0) { |
wolfSSL | 15:117db924cf7c | 8418 | byte* identity; |
wolfSSL | 15:117db924cf7c | 8419 | word16 identityLen; |
wolfSSL | 15:117db924cf7c | 8420 | word32 age; |
wolfSSL | 15:117db924cf7c | 8421 | |
wolfSSL | 15:117db924cf7c | 8422 | if (len < OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 8423 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8424 | |
wolfSSL | 15:117db924cf7c | 8425 | /* Length of identity. */ |
wolfSSL | 15:117db924cf7c | 8426 | ato16(input + idx, &identityLen); |
wolfSSL | 15:117db924cf7c | 8427 | idx += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8428 | if (len < OPAQUE16_LEN + identityLen + OPAQUE32_LEN || |
wolfSSL | 16:8e0d178b1d1e | 8429 | identityLen > MAX_PSK_ID_LEN) |
wolfSSL | 15:117db924cf7c | 8430 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8431 | /* Cache identity pointer. */ |
wolfSSL | 15:117db924cf7c | 8432 | identity = input + idx; |
wolfSSL | 15:117db924cf7c | 8433 | idx += identityLen; |
wolfSSL | 15:117db924cf7c | 8434 | /* Ticket age. */ |
wolfSSL | 15:117db924cf7c | 8435 | ato32(input + idx, &age); |
wolfSSL | 15:117db924cf7c | 8436 | idx += OPAQUE32_LEN; |
wolfSSL | 15:117db924cf7c | 8437 | |
wolfSSL | 15:117db924cf7c | 8438 | ret = TLSX_PreSharedKey_Use(ssl, identity, identityLen, age, no_mac, |
wolfSSL | 15:117db924cf7c | 8439 | 0, 0, 1, NULL); |
wolfSSL | 15:117db924cf7c | 8440 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8441 | return ret; |
wolfSSL | 15:117db924cf7c | 8442 | |
wolfSSL | 15:117db924cf7c | 8443 | /* Done with this identity. */ |
wolfSSL | 15:117db924cf7c | 8444 | len -= OPAQUE16_LEN + identityLen + OPAQUE32_LEN; |
wolfSSL | 15:117db924cf7c | 8445 | } |
wolfSSL | 15:117db924cf7c | 8446 | |
wolfSSL | 15:117db924cf7c | 8447 | /* Find the list of identities sent to server. */ |
wolfSSL | 15:117db924cf7c | 8448 | extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); |
wolfSSL | 15:117db924cf7c | 8449 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 8450 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 8451 | list = (PreSharedKey*)extension->data; |
wolfSSL | 15:117db924cf7c | 8452 | |
wolfSSL | 15:117db924cf7c | 8453 | /* Length of binders. */ |
wolfSSL | 16:8e0d178b1d1e | 8454 | if (idx + OPAQUE16_LEN > length) |
wolfSSL | 16:8e0d178b1d1e | 8455 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8456 | ato16(input + idx, &len); |
wolfSSL | 15:117db924cf7c | 8457 | idx += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 8458 | if (len < MIN_PSK_BINDERS_LEN || length - idx < len) |
wolfSSL | 15:117db924cf7c | 8459 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8460 | |
wolfSSL | 15:117db924cf7c | 8461 | /* Set binder for each identity. */ |
wolfSSL | 15:117db924cf7c | 8462 | while (list != NULL && len > 0) { |
wolfSSL | 15:117db924cf7c | 8463 | /* Length of binder */ |
wolfSSL | 15:117db924cf7c | 8464 | list->binderLen = input[idx++]; |
wolfSSL | 15:117db924cf7c | 8465 | if (list->binderLen < WC_SHA256_DIGEST_SIZE || |
wolfSSL | 15:117db924cf7c | 8466 | list->binderLen > WC_MAX_DIGEST_SIZE) |
wolfSSL | 15:117db924cf7c | 8467 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8468 | if (len < OPAQUE8_LEN + list->binderLen) |
wolfSSL | 15:117db924cf7c | 8469 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8470 | |
wolfSSL | 15:117db924cf7c | 8471 | /* Copy binder into static buffer. */ |
wolfSSL | 15:117db924cf7c | 8472 | XMEMCPY(list->binder, input + idx, list->binderLen); |
wolfSSL | 15:117db924cf7c | 8473 | idx += list->binderLen; |
wolfSSL | 15:117db924cf7c | 8474 | |
wolfSSL | 15:117db924cf7c | 8475 | /* Done with binder entry. */ |
wolfSSL | 15:117db924cf7c | 8476 | len -= OPAQUE8_LEN + list->binderLen; |
wolfSSL | 15:117db924cf7c | 8477 | |
wolfSSL | 15:117db924cf7c | 8478 | /* Next identity. */ |
wolfSSL | 15:117db924cf7c | 8479 | list = list->next; |
wolfSSL | 15:117db924cf7c | 8480 | } |
wolfSSL | 15:117db924cf7c | 8481 | if (list != NULL || len != 0) |
wolfSSL | 15:117db924cf7c | 8482 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8483 | |
wolfSSL | 15:117db924cf7c | 8484 | return 0; |
wolfSSL | 15:117db924cf7c | 8485 | } |
wolfSSL | 15:117db924cf7c | 8486 | |
wolfSSL | 15:117db924cf7c | 8487 | if (msgType == server_hello) { |
wolfSSL | 15:117db924cf7c | 8488 | word16 idx; |
wolfSSL | 15:117db924cf7c | 8489 | |
wolfSSL | 15:117db924cf7c | 8490 | /* Index of identity chosen by server. */ |
wolfSSL | 15:117db924cf7c | 8491 | if (length != OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 8492 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8493 | ato16(input, &idx); |
wolfSSL | 15:117db924cf7c | 8494 | |
wolfSSL | 15:117db924cf7c | 8495 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 8496 | ssl->options.pskIdIndex = idx + 1; |
wolfSSL | 15:117db924cf7c | 8497 | #endif |
wolfSSL | 15:117db924cf7c | 8498 | |
wolfSSL | 15:117db924cf7c | 8499 | /* Find the list of identities sent to server. */ |
wolfSSL | 15:117db924cf7c | 8500 | extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); |
wolfSSL | 15:117db924cf7c | 8501 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 8502 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 8503 | list = (PreSharedKey*)extension->data; |
wolfSSL | 15:117db924cf7c | 8504 | |
wolfSSL | 15:117db924cf7c | 8505 | /* Mark the identity as chosen. */ |
wolfSSL | 15:117db924cf7c | 8506 | for (; list != NULL && idx > 0; idx--) |
wolfSSL | 15:117db924cf7c | 8507 | list = list->next; |
wolfSSL | 15:117db924cf7c | 8508 | if (list == NULL) |
wolfSSL | 15:117db924cf7c | 8509 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 8510 | list->chosen = 1; |
wolfSSL | 15:117db924cf7c | 8511 | |
wolfSSL | 15:117db924cf7c | 8512 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 15:117db924cf7c | 8513 | if (list->resumption) { |
wolfSSL | 15:117db924cf7c | 8514 | /* Check that the session's details are the same as the server's. */ |
wolfSSL | 15:117db924cf7c | 8515 | if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 || |
wolfSSL | 15:117db924cf7c | 8516 | ssl->options.cipherSuite != ssl->session.cipherSuite || |
wolfSSL | 15:117db924cf7c | 8517 | ssl->session.version.major != ssl->ctx->method->version.major || |
wolfSSL | 15:117db924cf7c | 8518 | ssl->session.version.minor != ssl->ctx->method->version.minor) { |
wolfSSL | 15:117db924cf7c | 8519 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 8520 | } |
wolfSSL | 15:117db924cf7c | 8521 | } |
wolfSSL | 15:117db924cf7c | 8522 | #endif |
wolfSSL | 15:117db924cf7c | 8523 | |
wolfSSL | 15:117db924cf7c | 8524 | return 0; |
wolfSSL | 15:117db924cf7c | 8525 | } |
wolfSSL | 15:117db924cf7c | 8526 | |
wolfSSL | 15:117db924cf7c | 8527 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8528 | } |
wolfSSL | 15:117db924cf7c | 8529 | |
wolfSSL | 15:117db924cf7c | 8530 | /* Create a new pre-shared key and put it into the list. |
wolfSSL | 15:117db924cf7c | 8531 | * |
wolfSSL | 15:117db924cf7c | 8532 | * list The linked list of pre-shared key. |
wolfSSL | 15:117db924cf7c | 8533 | * identity The identity. |
wolfSSL | 15:117db924cf7c | 8534 | * len The length of the identity data. |
wolfSSL | 15:117db924cf7c | 8535 | * heap The memory to allocate with. |
wolfSSL | 15:117db924cf7c | 8536 | * preSharedKey The new pre-shared key object. |
wolfSSL | 15:117db924cf7c | 8537 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8538 | */ |
wolfSSL | 15:117db924cf7c | 8539 | static int TLSX_PreSharedKey_New(PreSharedKey** list, byte* identity, |
wolfSSL | 15:117db924cf7c | 8540 | word16 len, void *heap, |
wolfSSL | 15:117db924cf7c | 8541 | PreSharedKey** preSharedKey) |
wolfSSL | 15:117db924cf7c | 8542 | { |
wolfSSL | 15:117db924cf7c | 8543 | PreSharedKey* psk; |
wolfSSL | 16:8e0d178b1d1e | 8544 | PreSharedKey** next; |
wolfSSL | 15:117db924cf7c | 8545 | |
wolfSSL | 15:117db924cf7c | 8546 | psk = (PreSharedKey*)XMALLOC(sizeof(PreSharedKey), heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 8547 | if (psk == NULL) |
wolfSSL | 15:117db924cf7c | 8548 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 8549 | XMEMSET(psk, 0, sizeof(*psk)); |
wolfSSL | 15:117db924cf7c | 8550 | |
wolfSSL | 15:117db924cf7c | 8551 | /* Make a copy of the identity data. */ |
wolfSSL | 15:117db924cf7c | 8552 | psk->identity = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 8553 | if (psk->identity == NULL) { |
wolfSSL | 15:117db924cf7c | 8554 | XFREE(psk, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 8555 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 8556 | } |
wolfSSL | 15:117db924cf7c | 8557 | XMEMCPY(psk->identity, identity, len); |
wolfSSL | 15:117db924cf7c | 8558 | psk->identityLen = len; |
wolfSSL | 15:117db924cf7c | 8559 | |
wolfSSL | 15:117db924cf7c | 8560 | /* Add it to the end and maintain the links. */ |
wolfSSL | 16:8e0d178b1d1e | 8561 | while (*list != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 8562 | /* Assign to temporary to work around compiler bug found by customer. */ |
wolfSSL | 16:8e0d178b1d1e | 8563 | next = &((*list)->next); |
wolfSSL | 16:8e0d178b1d1e | 8564 | list = next; |
wolfSSL | 16:8e0d178b1d1e | 8565 | } |
wolfSSL | 15:117db924cf7c | 8566 | *list = psk; |
wolfSSL | 15:117db924cf7c | 8567 | *preSharedKey = psk; |
wolfSSL | 15:117db924cf7c | 8568 | |
wolfSSL | 16:8e0d178b1d1e | 8569 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 8570 | |
wolfSSL | 15:117db924cf7c | 8571 | return 0; |
wolfSSL | 15:117db924cf7c | 8572 | } |
wolfSSL | 15:117db924cf7c | 8573 | |
wolfSSL | 15:117db924cf7c | 8574 | static WC_INLINE byte GetHmacLength(int hmac) |
wolfSSL | 15:117db924cf7c | 8575 | { |
wolfSSL | 15:117db924cf7c | 8576 | switch (hmac) { |
wolfSSL | 15:117db924cf7c | 8577 | #ifndef NO_SHA256 |
wolfSSL | 15:117db924cf7c | 8578 | case sha256_mac: |
wolfSSL | 15:117db924cf7c | 8579 | return WC_SHA256_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 8580 | #endif |
wolfSSL | 15:117db924cf7c | 8581 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 15:117db924cf7c | 8582 | case sha384_mac: |
wolfSSL | 15:117db924cf7c | 8583 | return WC_SHA384_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 8584 | #endif |
wolfSSL | 15:117db924cf7c | 8585 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 15:117db924cf7c | 8586 | case sha512_mac: |
wolfSSL | 15:117db924cf7c | 8587 | return WC_SHA512_DIGEST_SIZE; |
wolfSSL | 15:117db924cf7c | 8588 | #endif |
wolfSSL | 15:117db924cf7c | 8589 | } |
wolfSSL | 15:117db924cf7c | 8590 | return 0; |
wolfSSL | 15:117db924cf7c | 8591 | } |
wolfSSL | 15:117db924cf7c | 8592 | |
wolfSSL | 15:117db924cf7c | 8593 | /* Use the data to create a new pre-shared key object in the extensions. |
wolfSSL | 15:117db924cf7c | 8594 | * |
wolfSSL | 15:117db924cf7c | 8595 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8596 | * identity The identity. |
wolfSSL | 15:117db924cf7c | 8597 | * len The length of the identity data. |
wolfSSL | 15:117db924cf7c | 8598 | * age The age of the identity. |
wolfSSL | 15:117db924cf7c | 8599 | * hmac The HMAC algorithm. |
wolfSSL | 15:117db924cf7c | 8600 | * ciphersuite0 The first byte of the ciphersuite to use. |
wolfSSL | 15:117db924cf7c | 8601 | * ciphersuite The second byte of the ciphersuite to use. |
wolfSSL | 15:117db924cf7c | 8602 | * resumption The PSK is for resumption of a session. |
wolfSSL | 15:117db924cf7c | 8603 | * preSharedKey The new pre-shared key object. |
wolfSSL | 15:117db924cf7c | 8604 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8605 | */ |
wolfSSL | 15:117db924cf7c | 8606 | int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, word16 len, word32 age, |
wolfSSL | 15:117db924cf7c | 8607 | byte hmac, byte cipherSuite0, |
wolfSSL | 15:117db924cf7c | 8608 | byte cipherSuite, byte resumption, |
wolfSSL | 15:117db924cf7c | 8609 | PreSharedKey **preSharedKey) |
wolfSSL | 15:117db924cf7c | 8610 | { |
wolfSSL | 15:117db924cf7c | 8611 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 8612 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8613 | PreSharedKey* psk = NULL; |
wolfSSL | 15:117db924cf7c | 8614 | |
wolfSSL | 15:117db924cf7c | 8615 | /* Find the pre-shared key extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 8616 | extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); |
wolfSSL | 15:117db924cf7c | 8617 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 8618 | /* Push new pre-shared key extension. */ |
wolfSSL | 15:117db924cf7c | 8619 | ret = TLSX_Push(&ssl->extensions, TLSX_PRE_SHARED_KEY, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 8620 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8621 | return ret; |
wolfSSL | 15:117db924cf7c | 8622 | |
wolfSSL | 15:117db924cf7c | 8623 | extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); |
wolfSSL | 15:117db924cf7c | 8624 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 8625 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 8626 | } |
wolfSSL | 15:117db924cf7c | 8627 | |
wolfSSL | 15:117db924cf7c | 8628 | /* Try to find the pre-shared key with this identity. */ |
wolfSSL | 15:117db924cf7c | 8629 | psk = (PreSharedKey*)extension->data; |
wolfSSL | 15:117db924cf7c | 8630 | while (psk != NULL) { |
wolfSSL | 15:117db924cf7c | 8631 | if ((psk->identityLen == len) && |
wolfSSL | 15:117db924cf7c | 8632 | (XMEMCMP(psk->identity, identity, len) == 0)) { |
wolfSSL | 15:117db924cf7c | 8633 | break; |
wolfSSL | 15:117db924cf7c | 8634 | } |
wolfSSL | 15:117db924cf7c | 8635 | psk = psk->next; |
wolfSSL | 15:117db924cf7c | 8636 | } |
wolfSSL | 15:117db924cf7c | 8637 | |
wolfSSL | 15:117db924cf7c | 8638 | /* Create a new pre-shared key object if not found. */ |
wolfSSL | 15:117db924cf7c | 8639 | if (psk == NULL) { |
wolfSSL | 15:117db924cf7c | 8640 | ret = TLSX_PreSharedKey_New((PreSharedKey**)&extension->data, identity, |
wolfSSL | 15:117db924cf7c | 8641 | len, ssl->heap, &psk); |
wolfSSL | 15:117db924cf7c | 8642 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8643 | return ret; |
wolfSSL | 15:117db924cf7c | 8644 | } |
wolfSSL | 15:117db924cf7c | 8645 | |
wolfSSL | 15:117db924cf7c | 8646 | /* Update/set age and HMAC algorithm. */ |
wolfSSL | 15:117db924cf7c | 8647 | psk->ticketAge = age; |
wolfSSL | 15:117db924cf7c | 8648 | psk->hmac = hmac; |
wolfSSL | 15:117db924cf7c | 8649 | psk->cipherSuite0 = cipherSuite0; |
wolfSSL | 15:117db924cf7c | 8650 | psk->cipherSuite = cipherSuite; |
wolfSSL | 15:117db924cf7c | 8651 | psk->resumption = resumption; |
wolfSSL | 15:117db924cf7c | 8652 | psk->binderLen = GetHmacLength(psk->hmac); |
wolfSSL | 15:117db924cf7c | 8653 | |
wolfSSL | 15:117db924cf7c | 8654 | if (preSharedKey != NULL) |
wolfSSL | 15:117db924cf7c | 8655 | *preSharedKey = psk; |
wolfSSL | 15:117db924cf7c | 8656 | |
wolfSSL | 15:117db924cf7c | 8657 | return 0; |
wolfSSL | 15:117db924cf7c | 8658 | } |
wolfSSL | 15:117db924cf7c | 8659 | |
wolfSSL | 15:117db924cf7c | 8660 | #define PSK_FREE_ALL TLSX_PreSharedKey_FreeAll |
wolfSSL | 15:117db924cf7c | 8661 | #define PSK_GET_SIZE TLSX_PreSharedKey_GetSize |
wolfSSL | 15:117db924cf7c | 8662 | #define PSK_WRITE TLSX_PreSharedKey_Write |
wolfSSL | 15:117db924cf7c | 8663 | #define PSK_PARSE TLSX_PreSharedKey_Parse |
wolfSSL | 15:117db924cf7c | 8664 | |
wolfSSL | 15:117db924cf7c | 8665 | #else |
wolfSSL | 15:117db924cf7c | 8666 | |
wolfSSL | 15:117db924cf7c | 8667 | #define PSK_FREE_ALL(a, b) |
wolfSSL | 16:8e0d178b1d1e | 8668 | #define PSK_GET_SIZE(a, b, c) 0 |
wolfSSL | 16:8e0d178b1d1e | 8669 | #define PSK_WRITE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8670 | #define PSK_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8671 | |
wolfSSL | 15:117db924cf7c | 8672 | #endif |
wolfSSL | 15:117db924cf7c | 8673 | |
wolfSSL | 15:117db924cf7c | 8674 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8675 | /* PSK Key Exchange Modes */ |
wolfSSL | 15:117db924cf7c | 8676 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8677 | |
wolfSSL | 15:117db924cf7c | 8678 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 8679 | /* Get the size of the encoded PSK KE modes extension. |
wolfSSL | 15:117db924cf7c | 8680 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8681 | * |
wolfSSL | 15:117db924cf7c | 8682 | * modes The PSK KE mode bit string. |
wolfSSL | 15:117db924cf7c | 8683 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8684 | * returns the number of bytes of the encoded PSK KE mode extension. |
wolfSSL | 15:117db924cf7c | 8685 | */ |
wolfSSL | 16:8e0d178b1d1e | 8686 | static int TLSX_PskKeModes_GetSize(byte modes, byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 8687 | { |
wolfSSL | 15:117db924cf7c | 8688 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8689 | /* Format: Len | Modes* */ |
wolfSSL | 15:117db924cf7c | 8690 | word16 len = OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 8691 | /* Check whether each possible mode is to be written. */ |
wolfSSL | 15:117db924cf7c | 8692 | if (modes & (1 << PSK_KE)) |
wolfSSL | 15:117db924cf7c | 8693 | len += OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 8694 | if (modes & (1 << PSK_DHE_KE)) |
wolfSSL | 15:117db924cf7c | 8695 | len += OPAQUE8_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8696 | *pSz += len; |
wolfSSL | 16:8e0d178b1d1e | 8697 | return 0; |
wolfSSL | 15:117db924cf7c | 8698 | } |
wolfSSL | 15:117db924cf7c | 8699 | |
wolfSSL | 15:117db924cf7c | 8700 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8701 | } |
wolfSSL | 15:117db924cf7c | 8702 | |
wolfSSL | 15:117db924cf7c | 8703 | /* Writes the PSK KE modes extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 8704 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 8705 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8706 | * |
wolfSSL | 15:117db924cf7c | 8707 | * modes The PSK KE mode bit string. |
wolfSSL | 15:117db924cf7c | 8708 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 8709 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8710 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 8711 | */ |
wolfSSL | 16:8e0d178b1d1e | 8712 | static int TLSX_PskKeModes_Write(byte modes, byte* output, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 8713 | word16* pSz) |
wolfSSL | 15:117db924cf7c | 8714 | { |
wolfSSL | 15:117db924cf7c | 8715 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8716 | /* Format: Len | Modes* */ |
wolfSSL | 15:117db924cf7c | 8717 | int idx = OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 8718 | |
wolfSSL | 15:117db924cf7c | 8719 | /* Write out each possible mode. */ |
wolfSSL | 15:117db924cf7c | 8720 | if (modes & (1 << PSK_KE)) |
wolfSSL | 15:117db924cf7c | 8721 | output[idx++] = PSK_KE; |
wolfSSL | 15:117db924cf7c | 8722 | if (modes & (1 << PSK_DHE_KE)) |
wolfSSL | 15:117db924cf7c | 8723 | output[idx++] = PSK_DHE_KE; |
wolfSSL | 15:117db924cf7c | 8724 | /* Write out length of mode list. */ |
wolfSSL | 15:117db924cf7c | 8725 | output[0] = idx - OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 8726 | |
wolfSSL | 16:8e0d178b1d1e | 8727 | *pSz += idx; |
wolfSSL | 16:8e0d178b1d1e | 8728 | return 0; |
wolfSSL | 15:117db924cf7c | 8729 | } |
wolfSSL | 15:117db924cf7c | 8730 | |
wolfSSL | 15:117db924cf7c | 8731 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8732 | } |
wolfSSL | 15:117db924cf7c | 8733 | |
wolfSSL | 15:117db924cf7c | 8734 | /* Parse the PSK KE modes extension. |
wolfSSL | 15:117db924cf7c | 8735 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8736 | * |
wolfSSL | 15:117db924cf7c | 8737 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8738 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 8739 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 8740 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 8741 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8742 | */ |
wolfSSL | 15:117db924cf7c | 8743 | static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 8744 | byte msgType) |
wolfSSL | 15:117db924cf7c | 8745 | { |
wolfSSL | 15:117db924cf7c | 8746 | int ret; |
wolfSSL | 15:117db924cf7c | 8747 | |
wolfSSL | 15:117db924cf7c | 8748 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8749 | /* Format: Len | Modes* */ |
wolfSSL | 15:117db924cf7c | 8750 | int idx = 0; |
wolfSSL | 16:8e0d178b1d1e | 8751 | word16 len; |
wolfSSL | 15:117db924cf7c | 8752 | byte modes = 0; |
wolfSSL | 15:117db924cf7c | 8753 | |
wolfSSL | 15:117db924cf7c | 8754 | /* Ensure length byte exists. */ |
wolfSSL | 15:117db924cf7c | 8755 | if (length < OPAQUE8_LEN) |
wolfSSL | 15:117db924cf7c | 8756 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8757 | |
wolfSSL | 15:117db924cf7c | 8758 | /* Get length of mode list and ensure that is the only data. */ |
wolfSSL | 15:117db924cf7c | 8759 | len = input[0]; |
wolfSSL | 15:117db924cf7c | 8760 | if (length - OPAQUE8_LEN != len) |
wolfSSL | 15:117db924cf7c | 8761 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8762 | |
wolfSSL | 15:117db924cf7c | 8763 | idx = OPAQUE8_LEN; |
wolfSSL | 15:117db924cf7c | 8764 | /* Set a bit for each recognized modes. */ |
wolfSSL | 15:117db924cf7c | 8765 | while (len > 0) { |
wolfSSL | 15:117db924cf7c | 8766 | /* Ignore unrecognized modes. */ |
wolfSSL | 15:117db924cf7c | 8767 | if (input[idx] <= PSK_DHE_KE) |
wolfSSL | 15:117db924cf7c | 8768 | modes |= 1 << input[idx]; |
wolfSSL | 15:117db924cf7c | 8769 | idx++; |
wolfSSL | 15:117db924cf7c | 8770 | len--; |
wolfSSL | 15:117db924cf7c | 8771 | } |
wolfSSL | 15:117db924cf7c | 8772 | |
wolfSSL | 15:117db924cf7c | 8773 | ret = TLSX_PskKeModes_Use(ssl, modes); |
wolfSSL | 15:117db924cf7c | 8774 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8775 | return ret; |
wolfSSL | 15:117db924cf7c | 8776 | |
wolfSSL | 15:117db924cf7c | 8777 | return 0; |
wolfSSL | 15:117db924cf7c | 8778 | } |
wolfSSL | 15:117db924cf7c | 8779 | |
wolfSSL | 15:117db924cf7c | 8780 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8781 | } |
wolfSSL | 15:117db924cf7c | 8782 | |
wolfSSL | 15:117db924cf7c | 8783 | /* Use the data to create a new PSK Key Exchange Modes object in the extensions. |
wolfSSL | 15:117db924cf7c | 8784 | * |
wolfSSL | 15:117db924cf7c | 8785 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8786 | * modes The PSK key exchange modes. |
wolfSSL | 15:117db924cf7c | 8787 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8788 | */ |
wolfSSL | 15:117db924cf7c | 8789 | int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) |
wolfSSL | 15:117db924cf7c | 8790 | { |
wolfSSL | 15:117db924cf7c | 8791 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 8792 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8793 | |
wolfSSL | 15:117db924cf7c | 8794 | /* Find the PSK key exchange modes extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 8795 | extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES); |
wolfSSL | 15:117db924cf7c | 8796 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 8797 | /* Push new PSK key exchange modes extension. */ |
wolfSSL | 15:117db924cf7c | 8798 | ret = TLSX_Push(&ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES, NULL, |
wolfSSL | 15:117db924cf7c | 8799 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 8800 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8801 | return ret; |
wolfSSL | 15:117db924cf7c | 8802 | |
wolfSSL | 15:117db924cf7c | 8803 | extension = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES); |
wolfSSL | 15:117db924cf7c | 8804 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 8805 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 8806 | } |
wolfSSL | 15:117db924cf7c | 8807 | |
wolfSSL | 15:117db924cf7c | 8808 | extension->val = modes; |
wolfSSL | 15:117db924cf7c | 8809 | |
wolfSSL | 15:117db924cf7c | 8810 | return 0; |
wolfSSL | 15:117db924cf7c | 8811 | } |
wolfSSL | 15:117db924cf7c | 8812 | |
wolfSSL | 15:117db924cf7c | 8813 | #define PKM_GET_SIZE TLSX_PskKeModes_GetSize |
wolfSSL | 15:117db924cf7c | 8814 | #define PKM_WRITE TLSX_PskKeModes_Write |
wolfSSL | 15:117db924cf7c | 8815 | #define PKM_PARSE TLSX_PskKeModes_Parse |
wolfSSL | 15:117db924cf7c | 8816 | |
wolfSSL | 15:117db924cf7c | 8817 | #else |
wolfSSL | 15:117db924cf7c | 8818 | |
wolfSSL | 16:8e0d178b1d1e | 8819 | #define PKM_GET_SIZE(a, b, c) 0 |
wolfSSL | 16:8e0d178b1d1e | 8820 | #define PKM_WRITE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8821 | #define PKM_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8822 | |
wolfSSL | 15:117db924cf7c | 8823 | #endif |
wolfSSL | 15:117db924cf7c | 8824 | |
wolfSSL | 15:117db924cf7c | 8825 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8826 | /* Post-Handshake Authentication */ |
wolfSSL | 15:117db924cf7c | 8827 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8828 | |
wolfSSL | 15:117db924cf7c | 8829 | #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 16:8e0d178b1d1e | 8830 | /* Get the size of the encoded Post-Handshake Authentication extension. |
wolfSSL | 15:117db924cf7c | 8831 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8832 | * |
wolfSSL | 15:117db924cf7c | 8833 | * msgType The type of the message this extension is being written into. |
wolfSSL | 16:8e0d178b1d1e | 8834 | * returns the number of bytes of the encoded Post-Handshake Authentication |
wolfSSL | 15:117db924cf7c | 8835 | * extension. |
wolfSSL | 15:117db924cf7c | 8836 | */ |
wolfSSL | 16:8e0d178b1d1e | 8837 | static int TLSX_PostHandAuth_GetSize(byte msgType, word16* pSz) |
wolfSSL | 16:8e0d178b1d1e | 8838 | { |
wolfSSL | 16:8e0d178b1d1e | 8839 | if (msgType == client_hello) { |
wolfSSL | 16:8e0d178b1d1e | 8840 | *pSz += 0; |
wolfSSL | 15:117db924cf7c | 8841 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 8842 | } |
wolfSSL | 15:117db924cf7c | 8843 | |
wolfSSL | 15:117db924cf7c | 8844 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8845 | } |
wolfSSL | 15:117db924cf7c | 8846 | |
wolfSSL | 15:117db924cf7c | 8847 | /* Writes the Post-Handshake Authentication extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 8848 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 8849 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8850 | * |
wolfSSL | 15:117db924cf7c | 8851 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 8852 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8853 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 8854 | */ |
wolfSSL | 16:8e0d178b1d1e | 8855 | static int TLSX_PostHandAuth_Write(byte* output, byte msgType, word16* pSz) |
wolfSSL | 15:117db924cf7c | 8856 | { |
wolfSSL | 15:117db924cf7c | 8857 | (void)output; |
wolfSSL | 15:117db924cf7c | 8858 | |
wolfSSL | 16:8e0d178b1d1e | 8859 | if (msgType == client_hello) { |
wolfSSL | 16:8e0d178b1d1e | 8860 | *pSz += 0; |
wolfSSL | 15:117db924cf7c | 8861 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 8862 | } |
wolfSSL | 15:117db924cf7c | 8863 | |
wolfSSL | 15:117db924cf7c | 8864 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8865 | } |
wolfSSL | 15:117db924cf7c | 8866 | |
wolfSSL | 15:117db924cf7c | 8867 | /* Parse the Post-Handshake Authentication extension. |
wolfSSL | 15:117db924cf7c | 8868 | * Only in ClientHello. |
wolfSSL | 15:117db924cf7c | 8869 | * |
wolfSSL | 15:117db924cf7c | 8870 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8871 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 8872 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 8873 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 8874 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8875 | */ |
wolfSSL | 15:117db924cf7c | 8876 | static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 8877 | byte msgType) |
wolfSSL | 15:117db924cf7c | 8878 | { |
wolfSSL | 15:117db924cf7c | 8879 | (void)input; |
wolfSSL | 15:117db924cf7c | 8880 | |
wolfSSL | 15:117db924cf7c | 8881 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8882 | /* Ensure extension is empty. */ |
wolfSSL | 15:117db924cf7c | 8883 | if (length != 0) |
wolfSSL | 15:117db924cf7c | 8884 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8885 | |
wolfSSL | 15:117db924cf7c | 8886 | ssl->options.postHandshakeAuth = 1; |
wolfSSL | 15:117db924cf7c | 8887 | return 0; |
wolfSSL | 15:117db924cf7c | 8888 | } |
wolfSSL | 15:117db924cf7c | 8889 | |
wolfSSL | 15:117db924cf7c | 8890 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8891 | } |
wolfSSL | 15:117db924cf7c | 8892 | |
wolfSSL | 15:117db924cf7c | 8893 | /* Create a new Post-handshake authentication object in the extensions. |
wolfSSL | 15:117db924cf7c | 8894 | * |
wolfSSL | 15:117db924cf7c | 8895 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8896 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8897 | */ |
wolfSSL | 15:117db924cf7c | 8898 | static int TLSX_PostHandAuth_Use(WOLFSSL* ssl) |
wolfSSL | 15:117db924cf7c | 8899 | { |
wolfSSL | 15:117db924cf7c | 8900 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 8901 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 8902 | |
wolfSSL | 15:117db924cf7c | 8903 | /* Find the PSK key exchange modes extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 8904 | extension = TLSX_Find(ssl->extensions, TLSX_POST_HANDSHAKE_AUTH); |
wolfSSL | 15:117db924cf7c | 8905 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 8906 | /* Push new Post-handshake Authentication extension. */ |
wolfSSL | 15:117db924cf7c | 8907 | ret = TLSX_Push(&ssl->extensions, TLSX_POST_HANDSHAKE_AUTH, NULL, |
wolfSSL | 15:117db924cf7c | 8908 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 8909 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 8910 | return ret; |
wolfSSL | 15:117db924cf7c | 8911 | } |
wolfSSL | 15:117db924cf7c | 8912 | |
wolfSSL | 15:117db924cf7c | 8913 | return 0; |
wolfSSL | 15:117db924cf7c | 8914 | } |
wolfSSL | 15:117db924cf7c | 8915 | |
wolfSSL | 15:117db924cf7c | 8916 | #define PHA_GET_SIZE TLSX_PostHandAuth_GetSize |
wolfSSL | 15:117db924cf7c | 8917 | #define PHA_WRITE TLSX_PostHandAuth_Write |
wolfSSL | 15:117db924cf7c | 8918 | #define PHA_PARSE TLSX_PostHandAuth_Parse |
wolfSSL | 15:117db924cf7c | 8919 | |
wolfSSL | 15:117db924cf7c | 8920 | #else |
wolfSSL | 15:117db924cf7c | 8921 | |
wolfSSL | 16:8e0d178b1d1e | 8922 | #define PHA_GET_SIZE(a, b) 0 |
wolfSSL | 16:8e0d178b1d1e | 8923 | #define PHA_WRITE(a, b, c) 0 |
wolfSSL | 15:117db924cf7c | 8924 | #define PHA_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 8925 | |
wolfSSL | 15:117db924cf7c | 8926 | #endif |
wolfSSL | 15:117db924cf7c | 8927 | |
wolfSSL | 15:117db924cf7c | 8928 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8929 | /* Early Data Indication */ |
wolfSSL | 15:117db924cf7c | 8930 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 8931 | |
wolfSSL | 15:117db924cf7c | 8932 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 8933 | /* Get the size of the encoded Early Data Indication extension. |
wolfSSL | 15:117db924cf7c | 8934 | * In messages: ClientHello, EncryptedExtensions and NewSessionTicket. |
wolfSSL | 15:117db924cf7c | 8935 | * |
wolfSSL | 15:117db924cf7c | 8936 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8937 | * returns the number of bytes of the encoded Early Data Indication extension. |
wolfSSL | 15:117db924cf7c | 8938 | */ |
wolfSSL | 16:8e0d178b1d1e | 8939 | static int TLSX_EarlyData_GetSize(byte msgType, word16* pSz) |
wolfSSL | 16:8e0d178b1d1e | 8940 | { |
wolfSSL | 16:8e0d178b1d1e | 8941 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 8942 | |
wolfSSL | 15:117db924cf7c | 8943 | if (msgType == client_hello || msgType == encrypted_extensions) |
wolfSSL | 16:8e0d178b1d1e | 8944 | *pSz += 0; |
wolfSSL | 16:8e0d178b1d1e | 8945 | else if (msgType == session_ticket) |
wolfSSL | 16:8e0d178b1d1e | 8946 | *pSz += OPAQUE32_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8947 | else |
wolfSSL | 16:8e0d178b1d1e | 8948 | ret = SANITY_MSG_E; |
wolfSSL | 16:8e0d178b1d1e | 8949 | |
wolfSSL | 16:8e0d178b1d1e | 8950 | return ret; |
wolfSSL | 15:117db924cf7c | 8951 | } |
wolfSSL | 15:117db924cf7c | 8952 | |
wolfSSL | 15:117db924cf7c | 8953 | /* Writes the Early Data Indicator extension into the output buffer. |
wolfSSL | 15:117db924cf7c | 8954 | * Assumes that the the output buffer is big enough to hold data. |
wolfSSL | 15:117db924cf7c | 8955 | * In messages: ClientHello, EncryptedExtensions and NewSessionTicket. |
wolfSSL | 15:117db924cf7c | 8956 | * |
wolfSSL | 15:117db924cf7c | 8957 | * max The maximum early data size. |
wolfSSL | 15:117db924cf7c | 8958 | * output The buffer to write into. |
wolfSSL | 15:117db924cf7c | 8959 | * msgType The type of the message this extension is being written into. |
wolfSSL | 15:117db924cf7c | 8960 | * returns the number of bytes written into the buffer. |
wolfSSL | 15:117db924cf7c | 8961 | */ |
wolfSSL | 16:8e0d178b1d1e | 8962 | static int TLSX_EarlyData_Write(word32 max, byte* output, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 8963 | word16* pSz) |
wolfSSL | 16:8e0d178b1d1e | 8964 | { |
wolfSSL | 16:8e0d178b1d1e | 8965 | if (msgType == client_hello || msgType == encrypted_extensions) |
wolfSSL | 15:117db924cf7c | 8966 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 8967 | else if (msgType == session_ticket) { |
wolfSSL | 15:117db924cf7c | 8968 | c32toa(max, output); |
wolfSSL | 16:8e0d178b1d1e | 8969 | *pSz += OPAQUE32_LEN; |
wolfSSL | 16:8e0d178b1d1e | 8970 | return 0; |
wolfSSL | 15:117db924cf7c | 8971 | } |
wolfSSL | 15:117db924cf7c | 8972 | |
wolfSSL | 15:117db924cf7c | 8973 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 8974 | } |
wolfSSL | 15:117db924cf7c | 8975 | |
wolfSSL | 15:117db924cf7c | 8976 | /* Parse the Early Data Indicator extension. |
wolfSSL | 15:117db924cf7c | 8977 | * In messages: ClientHello, EncryptedExtensions and NewSessionTicket. |
wolfSSL | 15:117db924cf7c | 8978 | * |
wolfSSL | 15:117db924cf7c | 8979 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 8980 | * input The extension data. |
wolfSSL | 15:117db924cf7c | 8981 | * length The length of the extension data. |
wolfSSL | 15:117db924cf7c | 8982 | * msgType The type of the message this extension is being parsed from. |
wolfSSL | 15:117db924cf7c | 8983 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 8984 | */ |
wolfSSL | 15:117db924cf7c | 8985 | static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 15:117db924cf7c | 8986 | byte msgType) |
wolfSSL | 15:117db924cf7c | 8987 | { |
wolfSSL | 15:117db924cf7c | 8988 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 8989 | if (length != 0) |
wolfSSL | 15:117db924cf7c | 8990 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 8991 | |
wolfSSL | 16:8e0d178b1d1e | 8992 | if (ssl->earlyData == expecting_early_data) |
wolfSSL | 16:8e0d178b1d1e | 8993 | return TLSX_EarlyData_Use(ssl, 0); |
wolfSSL | 16:8e0d178b1d1e | 8994 | ssl->earlyData = early_data_ext; |
wolfSSL | 16:8e0d178b1d1e | 8995 | return 0; |
wolfSSL | 15:117db924cf7c | 8996 | } |
wolfSSL | 15:117db924cf7c | 8997 | if (msgType == encrypted_extensions) { |
wolfSSL | 15:117db924cf7c | 8998 | if (length != 0) |
wolfSSL | 15:117db924cf7c | 8999 | return BUFFER_E; |
wolfSSL | 15:117db924cf7c | 9000 | |
wolfSSL | 15:117db924cf7c | 9001 | /* Ensure the index of PSK identity chosen by server is 0. |
wolfSSL | 15:117db924cf7c | 9002 | * Index is plus one to handle 'not set' value of 0. |
wolfSSL | 15:117db924cf7c | 9003 | */ |
wolfSSL | 15:117db924cf7c | 9004 | if (ssl->options.pskIdIndex != 1) |
wolfSSL | 15:117db924cf7c | 9005 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 9006 | |
wolfSSL | 15:117db924cf7c | 9007 | return TLSX_EarlyData_Use(ssl, 1); |
wolfSSL | 15:117db924cf7c | 9008 | } |
wolfSSL | 15:117db924cf7c | 9009 | if (msgType == session_ticket) { |
wolfSSL | 16:8e0d178b1d1e | 9010 | word32 maxSz; |
wolfSSL | 15:117db924cf7c | 9011 | |
wolfSSL | 15:117db924cf7c | 9012 | if (length != OPAQUE32_LEN) |
wolfSSL | 15:117db924cf7c | 9013 | return BUFFER_E; |
wolfSSL | 16:8e0d178b1d1e | 9014 | ato32(input, &maxSz); |
wolfSSL | 16:8e0d178b1d1e | 9015 | |
wolfSSL | 16:8e0d178b1d1e | 9016 | ssl->session.maxEarlyDataSz = maxSz; |
wolfSSL | 15:117db924cf7c | 9017 | return 0; |
wolfSSL | 15:117db924cf7c | 9018 | } |
wolfSSL | 15:117db924cf7c | 9019 | |
wolfSSL | 15:117db924cf7c | 9020 | return SANITY_MSG_E; |
wolfSSL | 15:117db924cf7c | 9021 | } |
wolfSSL | 15:117db924cf7c | 9022 | |
wolfSSL | 15:117db924cf7c | 9023 | /* Use the data to create a new Early Data object in the extensions. |
wolfSSL | 15:117db924cf7c | 9024 | * |
wolfSSL | 15:117db924cf7c | 9025 | * ssl The SSL/TLS object. |
wolfSSL | 15:117db924cf7c | 9026 | * max The maximum early data size. |
wolfSSL | 15:117db924cf7c | 9027 | * returns 0 on success and other values indicate failure. |
wolfSSL | 15:117db924cf7c | 9028 | */ |
wolfSSL | 15:117db924cf7c | 9029 | int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max) |
wolfSSL | 15:117db924cf7c | 9030 | { |
wolfSSL | 15:117db924cf7c | 9031 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 9032 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 9033 | |
wolfSSL | 15:117db924cf7c | 9034 | /* Find the early data extension if it exists. */ |
wolfSSL | 15:117db924cf7c | 9035 | extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA); |
wolfSSL | 15:117db924cf7c | 9036 | if (extension == NULL) { |
wolfSSL | 15:117db924cf7c | 9037 | /* Push new early data extension. */ |
wolfSSL | 15:117db924cf7c | 9038 | ret = TLSX_Push(&ssl->extensions, TLSX_EARLY_DATA, NULL, ssl->heap); |
wolfSSL | 15:117db924cf7c | 9039 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 9040 | return ret; |
wolfSSL | 15:117db924cf7c | 9041 | |
wolfSSL | 15:117db924cf7c | 9042 | extension = TLSX_Find(ssl->extensions, TLSX_EARLY_DATA); |
wolfSSL | 15:117db924cf7c | 9043 | if (extension == NULL) |
wolfSSL | 15:117db924cf7c | 9044 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 9045 | } |
wolfSSL | 15:117db924cf7c | 9046 | |
wolfSSL | 15:117db924cf7c | 9047 | extension->resp = 1; |
wolfSSL | 15:117db924cf7c | 9048 | extension->val = max; |
wolfSSL | 15:117db924cf7c | 9049 | |
wolfSSL | 15:117db924cf7c | 9050 | return 0; |
wolfSSL | 15:117db924cf7c | 9051 | } |
wolfSSL | 15:117db924cf7c | 9052 | |
wolfSSL | 15:117db924cf7c | 9053 | #define EDI_GET_SIZE TLSX_EarlyData_GetSize |
wolfSSL | 15:117db924cf7c | 9054 | #define EDI_WRITE TLSX_EarlyData_Write |
wolfSSL | 15:117db924cf7c | 9055 | #define EDI_PARSE TLSX_EarlyData_Parse |
wolfSSL | 15:117db924cf7c | 9056 | |
wolfSSL | 15:117db924cf7c | 9057 | #else |
wolfSSL | 15:117db924cf7c | 9058 | |
wolfSSL | 16:8e0d178b1d1e | 9059 | #define EDI_GET_SIZE(a, b) 0 |
wolfSSL | 16:8e0d178b1d1e | 9060 | #define EDI_WRITE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 9061 | #define EDI_PARSE(a, b, c, d) 0 |
wolfSSL | 15:117db924cf7c | 9062 | |
wolfSSL | 15:117db924cf7c | 9063 | #endif |
wolfSSL | 15:117db924cf7c | 9064 | |
wolfSSL | 15:117db924cf7c | 9065 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 9066 | /* TLS Extensions Framework */ |
wolfSSL | 15:117db924cf7c | 9067 | /******************************************************************************/ |
wolfSSL | 15:117db924cf7c | 9068 | |
wolfSSL | 15:117db924cf7c | 9069 | /** Finds an extension in the provided list. */ |
wolfSSL | 15:117db924cf7c | 9070 | TLSX* TLSX_Find(TLSX* list, TLSX_Type type) |
wolfSSL | 15:117db924cf7c | 9071 | { |
wolfSSL | 15:117db924cf7c | 9072 | TLSX* extension = list; |
wolfSSL | 15:117db924cf7c | 9073 | |
wolfSSL | 15:117db924cf7c | 9074 | while (extension && extension->type != type) |
wolfSSL | 15:117db924cf7c | 9075 | extension = extension->next; |
wolfSSL | 15:117db924cf7c | 9076 | |
wolfSSL | 15:117db924cf7c | 9077 | return extension; |
wolfSSL | 15:117db924cf7c | 9078 | } |
wolfSSL | 15:117db924cf7c | 9079 | |
wolfSSL | 15:117db924cf7c | 9080 | /** Remove an extension. */ |
wolfSSL | 15:117db924cf7c | 9081 | void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap) |
wolfSSL | 15:117db924cf7c | 9082 | { |
wolfSSL | 15:117db924cf7c | 9083 | TLSX* extension = *list; |
wolfSSL | 15:117db924cf7c | 9084 | TLSX** next = list; |
wolfSSL | 15:117db924cf7c | 9085 | |
wolfSSL | 15:117db924cf7c | 9086 | while (extension && extension->type != type) { |
wolfSSL | 15:117db924cf7c | 9087 | next = &extension->next; |
wolfSSL | 15:117db924cf7c | 9088 | extension = extension->next; |
wolfSSL | 15:117db924cf7c | 9089 | } |
wolfSSL | 15:117db924cf7c | 9090 | |
wolfSSL | 15:117db924cf7c | 9091 | if (extension) { |
wolfSSL | 15:117db924cf7c | 9092 | *next = extension->next; |
wolfSSL | 15:117db924cf7c | 9093 | extension->next = NULL; |
wolfSSL | 15:117db924cf7c | 9094 | TLSX_FreeAll(extension, heap); |
wolfSSL | 15:117db924cf7c | 9095 | } |
wolfSSL | 15:117db924cf7c | 9096 | } |
wolfSSL | 15:117db924cf7c | 9097 | |
wolfSSL | 15:117db924cf7c | 9098 | /** Releases all extensions in the provided list. */ |
wolfSSL | 15:117db924cf7c | 9099 | void TLSX_FreeAll(TLSX* list, void* heap) |
wolfSSL | 15:117db924cf7c | 9100 | { |
wolfSSL | 15:117db924cf7c | 9101 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 9102 | |
wolfSSL | 15:117db924cf7c | 9103 | while ((extension = list)) { |
wolfSSL | 15:117db924cf7c | 9104 | list = extension->next; |
wolfSSL | 15:117db924cf7c | 9105 | |
wolfSSL | 15:117db924cf7c | 9106 | switch (extension->type) { |
wolfSSL | 15:117db924cf7c | 9107 | |
wolfSSL | 15:117db924cf7c | 9108 | case TLSX_SERVER_NAME: |
wolfSSL | 15:117db924cf7c | 9109 | SNI_FREE_ALL((SNI*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9110 | break; |
wolfSSL | 15:117db924cf7c | 9111 | |
wolfSSL | 16:8e0d178b1d1e | 9112 | case TLSX_TRUSTED_CA_KEYS: |
wolfSSL | 16:8e0d178b1d1e | 9113 | TCA_FREE_ALL((TCA*)extension->data, heap); |
wolfSSL | 16:8e0d178b1d1e | 9114 | break; |
wolfSSL | 16:8e0d178b1d1e | 9115 | |
wolfSSL | 15:117db924cf7c | 9116 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 15:117db924cf7c | 9117 | MFL_FREE_ALL(extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9118 | break; |
wolfSSL | 15:117db924cf7c | 9119 | |
wolfSSL | 15:117db924cf7c | 9120 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 15:117db924cf7c | 9121 | /* Nothing to do. */ |
wolfSSL | 15:117db924cf7c | 9122 | break; |
wolfSSL | 15:117db924cf7c | 9123 | |
wolfSSL | 15:117db924cf7c | 9124 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 15:117db924cf7c | 9125 | EC_FREE_ALL((SupportedCurve*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9126 | break; |
wolfSSL | 15:117db924cf7c | 9127 | |
wolfSSL | 15:117db924cf7c | 9128 | case TLSX_EC_POINT_FORMATS: |
wolfSSL | 15:117db924cf7c | 9129 | PF_FREE_ALL((PointFormat*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9130 | break; |
wolfSSL | 15:117db924cf7c | 9131 | |
wolfSSL | 15:117db924cf7c | 9132 | case TLSX_STATUS_REQUEST: |
wolfSSL | 15:117db924cf7c | 9133 | CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9134 | break; |
wolfSSL | 15:117db924cf7c | 9135 | |
wolfSSL | 15:117db924cf7c | 9136 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 15:117db924cf7c | 9137 | CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 15:117db924cf7c | 9138 | heap); |
wolfSSL | 15:117db924cf7c | 9139 | break; |
wolfSSL | 15:117db924cf7c | 9140 | |
wolfSSL | 15:117db924cf7c | 9141 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 15:117db924cf7c | 9142 | SCR_FREE_ALL(extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9143 | break; |
wolfSSL | 15:117db924cf7c | 9144 | |
wolfSSL | 15:117db924cf7c | 9145 | case TLSX_SESSION_TICKET: |
wolfSSL | 15:117db924cf7c | 9146 | WOLF_STK_FREE(extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9147 | break; |
wolfSSL | 15:117db924cf7c | 9148 | |
wolfSSL | 15:117db924cf7c | 9149 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 15:117db924cf7c | 9150 | QSH_FREE_ALL((QSHScheme*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9151 | break; |
wolfSSL | 15:117db924cf7c | 9152 | |
wolfSSL | 15:117db924cf7c | 9153 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 15:117db924cf7c | 9154 | ALPN_FREE_ALL((ALPN*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9155 | break; |
wolfSSL | 16:8e0d178b1d1e | 9156 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 9157 | case TLSX_SIGNATURE_ALGORITHMS: |
wolfSSL | 15:117db924cf7c | 9158 | break; |
wolfSSL | 16:8e0d178b1d1e | 9159 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9160 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 9161 | case TLSX_ENCRYPT_THEN_MAC: |
wolfSSL | 16:8e0d178b1d1e | 9162 | break; |
wolfSSL | 16:8e0d178b1d1e | 9163 | #endif |
wolfSSL | 15:117db924cf7c | 9164 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 9165 | case TLSX_SUPPORTED_VERSIONS: |
wolfSSL | 15:117db924cf7c | 9166 | break; |
wolfSSL | 15:117db924cf7c | 9167 | |
wolfSSL | 15:117db924cf7c | 9168 | case TLSX_COOKIE: |
wolfSSL | 15:117db924cf7c | 9169 | CKE_FREE_ALL((Cookie*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9170 | break; |
wolfSSL | 15:117db924cf7c | 9171 | |
wolfSSL | 15:117db924cf7c | 9172 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 9173 | case TLSX_PRE_SHARED_KEY: |
wolfSSL | 15:117db924cf7c | 9174 | PSK_FREE_ALL((PreSharedKey*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9175 | break; |
wolfSSL | 15:117db924cf7c | 9176 | |
wolfSSL | 15:117db924cf7c | 9177 | case TLSX_PSK_KEY_EXCHANGE_MODES: |
wolfSSL | 15:117db924cf7c | 9178 | break; |
wolfSSL | 15:117db924cf7c | 9179 | #endif |
wolfSSL | 15:117db924cf7c | 9180 | |
wolfSSL | 15:117db924cf7c | 9181 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 9182 | case TLSX_EARLY_DATA: |
wolfSSL | 15:117db924cf7c | 9183 | break; |
wolfSSL | 15:117db924cf7c | 9184 | #endif |
wolfSSL | 15:117db924cf7c | 9185 | |
wolfSSL | 15:117db924cf7c | 9186 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 9187 | case TLSX_POST_HANDSHAKE_AUTH: |
wolfSSL | 15:117db924cf7c | 9188 | break; |
wolfSSL | 15:117db924cf7c | 9189 | #endif |
wolfSSL | 15:117db924cf7c | 9190 | |
wolfSSL | 15:117db924cf7c | 9191 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 9192 | case TLSX_SIGNATURE_ALGORITHMS_CERT: |
wolfSSL | 15:117db924cf7c | 9193 | break; |
wolfSSL | 15:117db924cf7c | 9194 | #endif |
wolfSSL | 15:117db924cf7c | 9195 | |
wolfSSL | 15:117db924cf7c | 9196 | case TLSX_KEY_SHARE: |
wolfSSL | 15:117db924cf7c | 9197 | KS_FREE_ALL((KeyShareEntry*)extension->data, heap); |
wolfSSL | 15:117db924cf7c | 9198 | break; |
wolfSSL | 15:117db924cf7c | 9199 | #endif |
wolfSSL | 15:117db924cf7c | 9200 | } |
wolfSSL | 15:117db924cf7c | 9201 | |
wolfSSL | 15:117db924cf7c | 9202 | XFREE(extension, heap, DYNAMIC_TYPE_TLSX); |
wolfSSL | 15:117db924cf7c | 9203 | } |
wolfSSL | 15:117db924cf7c | 9204 | |
wolfSSL | 15:117db924cf7c | 9205 | (void)heap; |
wolfSSL | 15:117db924cf7c | 9206 | } |
wolfSSL | 15:117db924cf7c | 9207 | |
wolfSSL | 15:117db924cf7c | 9208 | /** Checks if the tls extensions are supported based on the protocol version. */ |
wolfSSL | 15:117db924cf7c | 9209 | int TLSX_SupportExtensions(WOLFSSL* ssl) { |
wolfSSL | 15:117db924cf7c | 9210 | return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); |
wolfSSL | 15:117db924cf7c | 9211 | } |
wolfSSL | 15:117db924cf7c | 9212 | |
wolfSSL | 15:117db924cf7c | 9213 | /** Tells the buffered size of the extensions in a list. */ |
wolfSSL | 16:8e0d178b1d1e | 9214 | static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 9215 | word16* pLength) |
wolfSSL | 15:117db924cf7c | 9216 | { |
wolfSSL | 15:117db924cf7c | 9217 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 9218 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 9219 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 9220 | byte isRequest = (msgType == client_hello || |
wolfSSL | 15:117db924cf7c | 9221 | msgType == certificate_request); |
wolfSSL | 15:117db924cf7c | 9222 | |
wolfSSL | 15:117db924cf7c | 9223 | while ((extension = list)) { |
wolfSSL | 15:117db924cf7c | 9224 | list = extension->next; |
wolfSSL | 15:117db924cf7c | 9225 | |
wolfSSL | 15:117db924cf7c | 9226 | /* only extensions marked as response are sent back to the client. */ |
wolfSSL | 15:117db924cf7c | 9227 | if (!isRequest && !extension->resp) |
wolfSSL | 15:117db924cf7c | 9228 | continue; /* skip! */ |
wolfSSL | 15:117db924cf7c | 9229 | |
wolfSSL | 15:117db924cf7c | 9230 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 15:117db924cf7c | 9231 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 15:117db924cf7c | 9232 | continue; /* skip! */ |
wolfSSL | 15:117db924cf7c | 9233 | |
wolfSSL | 15:117db924cf7c | 9234 | /* extension type + extension data length. */ |
wolfSSL | 15:117db924cf7c | 9235 | length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 9236 | |
wolfSSL | 15:117db924cf7c | 9237 | |
wolfSSL | 15:117db924cf7c | 9238 | switch (extension->type) { |
wolfSSL | 15:117db924cf7c | 9239 | |
wolfSSL | 15:117db924cf7c | 9240 | case TLSX_SERVER_NAME: |
wolfSSL | 15:117db924cf7c | 9241 | /* SNI only sends the name on the request. */ |
wolfSSL | 15:117db924cf7c | 9242 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 9243 | length += SNI_GET_SIZE((SNI*)extension->data); |
wolfSSL | 15:117db924cf7c | 9244 | break; |
wolfSSL | 15:117db924cf7c | 9245 | |
wolfSSL | 16:8e0d178b1d1e | 9246 | case TLSX_TRUSTED_CA_KEYS: |
wolfSSL | 16:8e0d178b1d1e | 9247 | /* TCA only sends the list on the request. */ |
wolfSSL | 16:8e0d178b1d1e | 9248 | if (isRequest) |
wolfSSL | 16:8e0d178b1d1e | 9249 | length += TCA_GET_SIZE((TCA*)extension->data); |
wolfSSL | 16:8e0d178b1d1e | 9250 | break; |
wolfSSL | 16:8e0d178b1d1e | 9251 | |
wolfSSL | 15:117db924cf7c | 9252 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 15:117db924cf7c | 9253 | length += MFL_GET_SIZE(extension->data); |
wolfSSL | 15:117db924cf7c | 9254 | break; |
wolfSSL | 15:117db924cf7c | 9255 | |
wolfSSL | 15:117db924cf7c | 9256 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 15:117db924cf7c | 9257 | /* always empty. */ |
wolfSSL | 15:117db924cf7c | 9258 | break; |
wolfSSL | 15:117db924cf7c | 9259 | |
wolfSSL | 15:117db924cf7c | 9260 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 15:117db924cf7c | 9261 | length += EC_GET_SIZE((SupportedCurve*)extension->data); |
wolfSSL | 15:117db924cf7c | 9262 | break; |
wolfSSL | 15:117db924cf7c | 9263 | |
wolfSSL | 15:117db924cf7c | 9264 | case TLSX_EC_POINT_FORMATS: |
wolfSSL | 15:117db924cf7c | 9265 | length += PF_GET_SIZE((PointFormat*)extension->data); |
wolfSSL | 15:117db924cf7c | 9266 | break; |
wolfSSL | 15:117db924cf7c | 9267 | |
wolfSSL | 15:117db924cf7c | 9268 | case TLSX_STATUS_REQUEST: |
wolfSSL | 15:117db924cf7c | 9269 | length += CSR_GET_SIZE( |
wolfSSL | 15:117db924cf7c | 9270 | (CertificateStatusRequest*)extension->data, isRequest); |
wolfSSL | 15:117db924cf7c | 9271 | break; |
wolfSSL | 15:117db924cf7c | 9272 | |
wolfSSL | 15:117db924cf7c | 9273 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 15:117db924cf7c | 9274 | length += CSR2_GET_SIZE( |
wolfSSL | 15:117db924cf7c | 9275 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 15:117db924cf7c | 9276 | isRequest); |
wolfSSL | 15:117db924cf7c | 9277 | break; |
wolfSSL | 15:117db924cf7c | 9278 | |
wolfSSL | 15:117db924cf7c | 9279 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 15:117db924cf7c | 9280 | length += SCR_GET_SIZE((SecureRenegotiation*)extension->data, |
wolfSSL | 15:117db924cf7c | 9281 | isRequest); |
wolfSSL | 15:117db924cf7c | 9282 | break; |
wolfSSL | 15:117db924cf7c | 9283 | |
wolfSSL | 15:117db924cf7c | 9284 | case TLSX_SESSION_TICKET: |
wolfSSL | 15:117db924cf7c | 9285 | length += WOLF_STK_GET_SIZE((SessionTicket*)extension->data, |
wolfSSL | 15:117db924cf7c | 9286 | isRequest); |
wolfSSL | 15:117db924cf7c | 9287 | break; |
wolfSSL | 15:117db924cf7c | 9288 | |
wolfSSL | 15:117db924cf7c | 9289 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 15:117db924cf7c | 9290 | length += QSH_GET_SIZE((QSHScheme*)extension->data, isRequest); |
wolfSSL | 15:117db924cf7c | 9291 | break; |
wolfSSL | 15:117db924cf7c | 9292 | |
wolfSSL | 15:117db924cf7c | 9293 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 15:117db924cf7c | 9294 | length += ALPN_GET_SIZE((ALPN*)extension->data); |
wolfSSL | 15:117db924cf7c | 9295 | break; |
wolfSSL | 16:8e0d178b1d1e | 9296 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 9297 | case TLSX_SIGNATURE_ALGORITHMS: |
wolfSSL | 15:117db924cf7c | 9298 | length += SA_GET_SIZE(extension->data); |
wolfSSL | 15:117db924cf7c | 9299 | break; |
wolfSSL | 16:8e0d178b1d1e | 9300 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9301 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 9302 | case TLSX_ENCRYPT_THEN_MAC: |
wolfSSL | 16:8e0d178b1d1e | 9303 | ret = ETM_GET_SIZE(msgType, &length); |
wolfSSL | 16:8e0d178b1d1e | 9304 | break; |
wolfSSL | 16:8e0d178b1d1e | 9305 | #endif /* HAVE_ENCRYPT_THEN_MAC */ |
wolfSSL | 15:117db924cf7c | 9306 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 9307 | case TLSX_SUPPORTED_VERSIONS: |
wolfSSL | 15:117db924cf7c | 9308 | ret = SV_GET_SIZE(extension->data, msgType, &length); |
wolfSSL | 15:117db924cf7c | 9309 | break; |
wolfSSL | 15:117db924cf7c | 9310 | |
wolfSSL | 15:117db924cf7c | 9311 | case TLSX_COOKIE: |
wolfSSL | 15:117db924cf7c | 9312 | ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); |
wolfSSL | 15:117db924cf7c | 9313 | break; |
wolfSSL | 15:117db924cf7c | 9314 | |
wolfSSL | 15:117db924cf7c | 9315 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 9316 | case TLSX_PRE_SHARED_KEY: |
wolfSSL | 16:8e0d178b1d1e | 9317 | ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType, |
wolfSSL | 16:8e0d178b1d1e | 9318 | &length); |
wolfSSL | 15:117db924cf7c | 9319 | break; |
wolfSSL | 15:117db924cf7c | 9320 | |
wolfSSL | 15:117db924cf7c | 9321 | case TLSX_PSK_KEY_EXCHANGE_MODES: |
wolfSSL | 16:8e0d178b1d1e | 9322 | ret = PKM_GET_SIZE(extension->val, msgType, &length); |
wolfSSL | 15:117db924cf7c | 9323 | break; |
wolfSSL | 15:117db924cf7c | 9324 | #endif |
wolfSSL | 15:117db924cf7c | 9325 | |
wolfSSL | 15:117db924cf7c | 9326 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 9327 | case TLSX_EARLY_DATA: |
wolfSSL | 16:8e0d178b1d1e | 9328 | ret = EDI_GET_SIZE(msgType, &length); |
wolfSSL | 15:117db924cf7c | 9329 | break; |
wolfSSL | 15:117db924cf7c | 9330 | #endif |
wolfSSL | 15:117db924cf7c | 9331 | |
wolfSSL | 15:117db924cf7c | 9332 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 9333 | case TLSX_POST_HANDSHAKE_AUTH: |
wolfSSL | 16:8e0d178b1d1e | 9334 | ret = PHA_GET_SIZE(msgType, &length); |
wolfSSL | 15:117db924cf7c | 9335 | break; |
wolfSSL | 15:117db924cf7c | 9336 | #endif |
wolfSSL | 15:117db924cf7c | 9337 | |
wolfSSL | 15:117db924cf7c | 9338 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 9339 | case TLSX_SIGNATURE_ALGORITHMS_CERT: |
wolfSSL | 15:117db924cf7c | 9340 | length += SAC_GET_SIZE(extension->data); |
wolfSSL | 15:117db924cf7c | 9341 | break; |
wolfSSL | 15:117db924cf7c | 9342 | #endif |
wolfSSL | 15:117db924cf7c | 9343 | |
wolfSSL | 15:117db924cf7c | 9344 | case TLSX_KEY_SHARE: |
wolfSSL | 15:117db924cf7c | 9345 | length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); |
wolfSSL | 15:117db924cf7c | 9346 | break; |
wolfSSL | 15:117db924cf7c | 9347 | #endif |
wolfSSL | 15:117db924cf7c | 9348 | } |
wolfSSL | 15:117db924cf7c | 9349 | |
wolfSSL | 15:117db924cf7c | 9350 | /* marks the extension as processed so ctx level */ |
wolfSSL | 15:117db924cf7c | 9351 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 15:117db924cf7c | 9352 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 15:117db924cf7c | 9353 | } |
wolfSSL | 15:117db924cf7c | 9354 | |
wolfSSL | 15:117db924cf7c | 9355 | *pLength += length; |
wolfSSL | 15:117db924cf7c | 9356 | |
wolfSSL | 15:117db924cf7c | 9357 | return ret; |
wolfSSL | 15:117db924cf7c | 9358 | } |
wolfSSL | 15:117db924cf7c | 9359 | |
wolfSSL | 15:117db924cf7c | 9360 | /** Writes the extensions of a list in a buffer. */ |
wolfSSL | 15:117db924cf7c | 9361 | static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, |
wolfSSL | 15:117db924cf7c | 9362 | byte msgType, word16* pOffset) |
wolfSSL | 15:117db924cf7c | 9363 | { |
wolfSSL | 15:117db924cf7c | 9364 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 9365 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 9366 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 9367 | word16 length_offset = 0; |
wolfSSL | 15:117db924cf7c | 9368 | byte isRequest = (msgType == client_hello || |
wolfSSL | 15:117db924cf7c | 9369 | msgType == certificate_request); |
wolfSSL | 15:117db924cf7c | 9370 | |
wolfSSL | 15:117db924cf7c | 9371 | while ((extension = list)) { |
wolfSSL | 15:117db924cf7c | 9372 | list = extension->next; |
wolfSSL | 15:117db924cf7c | 9373 | |
wolfSSL | 15:117db924cf7c | 9374 | /* only extensions marked as response are written in a response. */ |
wolfSSL | 15:117db924cf7c | 9375 | if (!isRequest && !extension->resp) |
wolfSSL | 15:117db924cf7c | 9376 | continue; /* skip! */ |
wolfSSL | 15:117db924cf7c | 9377 | |
wolfSSL | 15:117db924cf7c | 9378 | /* ssl level extensions are expected to override ctx level ones. */ |
wolfSSL | 15:117db924cf7c | 9379 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 15:117db924cf7c | 9380 | continue; /* skip! */ |
wolfSSL | 15:117db924cf7c | 9381 | |
wolfSSL | 15:117db924cf7c | 9382 | /* writes extension type. */ |
wolfSSL | 15:117db924cf7c | 9383 | c16toa(extension->type, output + offset); |
wolfSSL | 15:117db924cf7c | 9384 | offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 9385 | length_offset = offset; |
wolfSSL | 15:117db924cf7c | 9386 | |
wolfSSL | 15:117db924cf7c | 9387 | /* extension data should be written internally. */ |
wolfSSL | 15:117db924cf7c | 9388 | switch (extension->type) { |
wolfSSL | 15:117db924cf7c | 9389 | case TLSX_SERVER_NAME: |
wolfSSL | 15:117db924cf7c | 9390 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 9391 | WOLFSSL_MSG("SNI extension to write"); |
wolfSSL | 15:117db924cf7c | 9392 | offset += SNI_WRITE((SNI*)extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9393 | } |
wolfSSL | 15:117db924cf7c | 9394 | break; |
wolfSSL | 15:117db924cf7c | 9395 | |
wolfSSL | 16:8e0d178b1d1e | 9396 | case TLSX_TRUSTED_CA_KEYS: |
wolfSSL | 16:8e0d178b1d1e | 9397 | WOLFSSL_MSG("Trusted CA Indication extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9398 | if (isRequest) { |
wolfSSL | 16:8e0d178b1d1e | 9399 | offset += TCA_WRITE((TCA*)extension->data, output + offset); |
wolfSSL | 16:8e0d178b1d1e | 9400 | } |
wolfSSL | 16:8e0d178b1d1e | 9401 | break; |
wolfSSL | 16:8e0d178b1d1e | 9402 | |
wolfSSL | 15:117db924cf7c | 9403 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 15:117db924cf7c | 9404 | WOLFSSL_MSG("Max Fragment Length extension to write"); |
wolfSSL | 15:117db924cf7c | 9405 | offset += MFL_WRITE((byte*)extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9406 | break; |
wolfSSL | 15:117db924cf7c | 9407 | |
wolfSSL | 15:117db924cf7c | 9408 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 15:117db924cf7c | 9409 | WOLFSSL_MSG("Truncated HMAC extension to write"); |
wolfSSL | 15:117db924cf7c | 9410 | /* always empty. */ |
wolfSSL | 15:117db924cf7c | 9411 | break; |
wolfSSL | 15:117db924cf7c | 9412 | |
wolfSSL | 15:117db924cf7c | 9413 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 15:117db924cf7c | 9414 | WOLFSSL_MSG("Supported Groups extension to write"); |
wolfSSL | 15:117db924cf7c | 9415 | offset += EC_WRITE((SupportedCurve*)extension->data, |
wolfSSL | 15:117db924cf7c | 9416 | output + offset); |
wolfSSL | 15:117db924cf7c | 9417 | break; |
wolfSSL | 15:117db924cf7c | 9418 | |
wolfSSL | 15:117db924cf7c | 9419 | case TLSX_EC_POINT_FORMATS: |
wolfSSL | 15:117db924cf7c | 9420 | WOLFSSL_MSG("Point Formats extension to write"); |
wolfSSL | 15:117db924cf7c | 9421 | offset += PF_WRITE((PointFormat*)extension->data, |
wolfSSL | 15:117db924cf7c | 9422 | output + offset); |
wolfSSL | 15:117db924cf7c | 9423 | break; |
wolfSSL | 15:117db924cf7c | 9424 | |
wolfSSL | 15:117db924cf7c | 9425 | case TLSX_STATUS_REQUEST: |
wolfSSL | 15:117db924cf7c | 9426 | WOLFSSL_MSG("Certificate Status Request extension to write"); |
wolfSSL | 15:117db924cf7c | 9427 | offset += CSR_WRITE((CertificateStatusRequest*)extension->data, |
wolfSSL | 15:117db924cf7c | 9428 | output + offset, isRequest); |
wolfSSL | 15:117db924cf7c | 9429 | break; |
wolfSSL | 15:117db924cf7c | 9430 | |
wolfSSL | 15:117db924cf7c | 9431 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 15:117db924cf7c | 9432 | WOLFSSL_MSG("Certificate Status Request v2 extension to write"); |
wolfSSL | 15:117db924cf7c | 9433 | offset += CSR2_WRITE( |
wolfSSL | 15:117db924cf7c | 9434 | (CertificateStatusRequestItemV2*)extension->data, |
wolfSSL | 15:117db924cf7c | 9435 | output + offset, isRequest); |
wolfSSL | 15:117db924cf7c | 9436 | break; |
wolfSSL | 15:117db924cf7c | 9437 | |
wolfSSL | 15:117db924cf7c | 9438 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 15:117db924cf7c | 9439 | WOLFSSL_MSG("Secure Renegotiation extension to write"); |
wolfSSL | 15:117db924cf7c | 9440 | offset += SCR_WRITE((SecureRenegotiation*)extension->data, |
wolfSSL | 15:117db924cf7c | 9441 | output + offset, isRequest); |
wolfSSL | 15:117db924cf7c | 9442 | break; |
wolfSSL | 15:117db924cf7c | 9443 | |
wolfSSL | 15:117db924cf7c | 9444 | case TLSX_SESSION_TICKET: |
wolfSSL | 15:117db924cf7c | 9445 | WOLFSSL_MSG("Session Ticket extension to write"); |
wolfSSL | 15:117db924cf7c | 9446 | offset += WOLF_STK_WRITE((SessionTicket*)extension->data, |
wolfSSL | 15:117db924cf7c | 9447 | output + offset, isRequest); |
wolfSSL | 15:117db924cf7c | 9448 | break; |
wolfSSL | 15:117db924cf7c | 9449 | |
wolfSSL | 15:117db924cf7c | 9450 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 15:117db924cf7c | 9451 | WOLFSSL_MSG("Quantum-Safe-Hybrid extension to write"); |
wolfSSL | 15:117db924cf7c | 9452 | if (isRequest) { |
wolfSSL | 15:117db924cf7c | 9453 | offset += QSH_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9454 | } |
wolfSSL | 15:117db924cf7c | 9455 | offset += QSHPK_WRITE((QSHScheme*)extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9456 | offset += QSH_SERREQ(output + offset, isRequest); |
wolfSSL | 15:117db924cf7c | 9457 | break; |
wolfSSL | 15:117db924cf7c | 9458 | |
wolfSSL | 15:117db924cf7c | 9459 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 15:117db924cf7c | 9460 | WOLFSSL_MSG("ALPN extension to write"); |
wolfSSL | 15:117db924cf7c | 9461 | offset += ALPN_WRITE((ALPN*)extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9462 | break; |
wolfSSL | 16:8e0d178b1d1e | 9463 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 9464 | case TLSX_SIGNATURE_ALGORITHMS: |
wolfSSL | 15:117db924cf7c | 9465 | WOLFSSL_MSG("Signature Algorithms extension to write"); |
wolfSSL | 15:117db924cf7c | 9466 | offset += SA_WRITE(extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9467 | break; |
wolfSSL | 16:8e0d178b1d1e | 9468 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9469 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 9470 | case TLSX_ENCRYPT_THEN_MAC: |
wolfSSL | 16:8e0d178b1d1e | 9471 | WOLFSSL_MSG("Encrypt-Then-Mac extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9472 | ret = ETM_WRITE(extension->data, output, msgType, &offset); |
wolfSSL | 16:8e0d178b1d1e | 9473 | break; |
wolfSSL | 16:8e0d178b1d1e | 9474 | #endif /* HAVE_ENCRYPT_THEN_MAC */ |
wolfSSL | 15:117db924cf7c | 9475 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 9476 | case TLSX_SUPPORTED_VERSIONS: |
wolfSSL | 15:117db924cf7c | 9477 | WOLFSSL_MSG("Supported Versions extension to write"); |
wolfSSL | 15:117db924cf7c | 9478 | ret = SV_WRITE(extension->data, output + offset, msgType, &offset); |
wolfSSL | 15:117db924cf7c | 9479 | break; |
wolfSSL | 15:117db924cf7c | 9480 | |
wolfSSL | 15:117db924cf7c | 9481 | case TLSX_COOKIE: |
wolfSSL | 15:117db924cf7c | 9482 | WOLFSSL_MSG("Cookie extension to write"); |
wolfSSL | 15:117db924cf7c | 9483 | ret = CKE_WRITE((Cookie*)extension->data, output + offset, |
wolfSSL | 15:117db924cf7c | 9484 | msgType, &offset); |
wolfSSL | 15:117db924cf7c | 9485 | break; |
wolfSSL | 15:117db924cf7c | 9486 | |
wolfSSL | 15:117db924cf7c | 9487 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 9488 | case TLSX_PRE_SHARED_KEY: |
wolfSSL | 15:117db924cf7c | 9489 | WOLFSSL_MSG("Pre-Shared Key extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9490 | ret = PSK_WRITE((PreSharedKey*)extension->data, output + offset, |
wolfSSL | 16:8e0d178b1d1e | 9491 | msgType, &offset); |
wolfSSL | 15:117db924cf7c | 9492 | break; |
wolfSSL | 15:117db924cf7c | 9493 | |
wolfSSL | 15:117db924cf7c | 9494 | case TLSX_PSK_KEY_EXCHANGE_MODES: |
wolfSSL | 15:117db924cf7c | 9495 | WOLFSSL_MSG("PSK Key Exchange Modes extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9496 | ret = PKM_WRITE(extension->val, output + offset, msgType, |
wolfSSL | 16:8e0d178b1d1e | 9497 | &offset); |
wolfSSL | 15:117db924cf7c | 9498 | break; |
wolfSSL | 15:117db924cf7c | 9499 | #endif |
wolfSSL | 15:117db924cf7c | 9500 | |
wolfSSL | 15:117db924cf7c | 9501 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 9502 | case TLSX_EARLY_DATA: |
wolfSSL | 15:117db924cf7c | 9503 | WOLFSSL_MSG("Early Data extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9504 | ret = EDI_WRITE(extension->val, output + offset, msgType, |
wolfSSL | 16:8e0d178b1d1e | 9505 | &offset); |
wolfSSL | 15:117db924cf7c | 9506 | break; |
wolfSSL | 15:117db924cf7c | 9507 | #endif |
wolfSSL | 15:117db924cf7c | 9508 | |
wolfSSL | 15:117db924cf7c | 9509 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 9510 | case TLSX_POST_HANDSHAKE_AUTH: |
wolfSSL | 15:117db924cf7c | 9511 | WOLFSSL_MSG("Post-Handshake Authentication extension to write"); |
wolfSSL | 16:8e0d178b1d1e | 9512 | ret = PHA_WRITE(output + offset, msgType, &offset); |
wolfSSL | 15:117db924cf7c | 9513 | break; |
wolfSSL | 15:117db924cf7c | 9514 | #endif |
wolfSSL | 15:117db924cf7c | 9515 | |
wolfSSL | 15:117db924cf7c | 9516 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 9517 | case TLSX_SIGNATURE_ALGORITHMS_CERT: |
wolfSSL | 15:117db924cf7c | 9518 | WOLFSSL_MSG("Signature Algorithms extension to write"); |
wolfSSL | 15:117db924cf7c | 9519 | offset += SAC_WRITE(extension->data, output + offset); |
wolfSSL | 15:117db924cf7c | 9520 | break; |
wolfSSL | 15:117db924cf7c | 9521 | #endif |
wolfSSL | 15:117db924cf7c | 9522 | |
wolfSSL | 15:117db924cf7c | 9523 | case TLSX_KEY_SHARE: |
wolfSSL | 15:117db924cf7c | 9524 | WOLFSSL_MSG("Key Share extension to write"); |
wolfSSL | 15:117db924cf7c | 9525 | offset += KS_WRITE((KeyShareEntry*)extension->data, |
wolfSSL | 16:8e0d178b1d1e | 9526 | output + offset, msgType); |
wolfSSL | 15:117db924cf7c | 9527 | break; |
wolfSSL | 15:117db924cf7c | 9528 | #endif |
wolfSSL | 15:117db924cf7c | 9529 | } |
wolfSSL | 15:117db924cf7c | 9530 | |
wolfSSL | 15:117db924cf7c | 9531 | /* writes extension data length. */ |
wolfSSL | 15:117db924cf7c | 9532 | c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN); |
wolfSSL | 15:117db924cf7c | 9533 | |
wolfSSL | 15:117db924cf7c | 9534 | /* marks the extension as processed so ctx level */ |
wolfSSL | 15:117db924cf7c | 9535 | /* extensions don't overlap with ssl level ones. */ |
wolfSSL | 15:117db924cf7c | 9536 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 15:117db924cf7c | 9537 | } |
wolfSSL | 15:117db924cf7c | 9538 | |
wolfSSL | 15:117db924cf7c | 9539 | *pOffset += offset; |
wolfSSL | 15:117db924cf7c | 9540 | |
wolfSSL | 15:117db924cf7c | 9541 | return ret; |
wolfSSL | 15:117db924cf7c | 9542 | } |
wolfSSL | 15:117db924cf7c | 9543 | |
wolfSSL | 15:117db924cf7c | 9544 | |
wolfSSL | 15:117db924cf7c | 9545 | #if defined(HAVE_NTRU) && defined(HAVE_QSH) |
wolfSSL | 15:117db924cf7c | 9546 | |
wolfSSL | 15:117db924cf7c | 9547 | static word32 GetEntropy(unsigned char* out, word32 num_bytes) |
wolfSSL | 15:117db924cf7c | 9548 | { |
wolfSSL | 15:117db924cf7c | 9549 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 9550 | |
wolfSSL | 15:117db924cf7c | 9551 | if (gRng == NULL) { |
wolfSSL | 15:117db924cf7c | 9552 | if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, |
wolfSSL | 15:117db924cf7c | 9553 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 15:117db924cf7c | 9554 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 15:117db924cf7c | 9555 | wc_InitRng(gRng); |
wolfSSL | 15:117db924cf7c | 9556 | } |
wolfSSL | 15:117db924cf7c | 9557 | |
wolfSSL | 15:117db924cf7c | 9558 | if (gRngMutex == NULL) { |
wolfSSL | 15:117db924cf7c | 9559 | if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, |
wolfSSL | 15:117db924cf7c | 9560 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 15:117db924cf7c | 9561 | return DRBG_OUT_OF_MEMORY; |
wolfSSL | 15:117db924cf7c | 9562 | wc_InitMutex(gRngMutex); |
wolfSSL | 15:117db924cf7c | 9563 | } |
wolfSSL | 15:117db924cf7c | 9564 | |
wolfSSL | 15:117db924cf7c | 9565 | ret |= wc_LockMutex(gRngMutex); |
wolfSSL | 15:117db924cf7c | 9566 | ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes); |
wolfSSL | 15:117db924cf7c | 9567 | ret |= wc_UnLockMutex(gRngMutex); |
wolfSSL | 15:117db924cf7c | 9568 | |
wolfSSL | 15:117db924cf7c | 9569 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 9570 | return DRBG_ENTROPY_FAIL; |
wolfSSL | 15:117db924cf7c | 9571 | |
wolfSSL | 15:117db924cf7c | 9572 | return DRBG_OK; |
wolfSSL | 15:117db924cf7c | 9573 | } |
wolfSSL | 15:117db924cf7c | 9574 | #endif |
wolfSSL | 15:117db924cf7c | 9575 | |
wolfSSL | 15:117db924cf7c | 9576 | |
wolfSSL | 15:117db924cf7c | 9577 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 9578 | static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type) |
wolfSSL | 15:117db924cf7c | 9579 | { |
wolfSSL | 16:8e0d178b1d1e | 9580 | int ret = -1; |
wolfSSL | 15:117db924cf7c | 9581 | |
wolfSSL | 15:117db924cf7c | 9582 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 9583 | |
wolfSSL | 15:117db924cf7c | 9584 | switch (type) { |
wolfSSL | 15:117db924cf7c | 9585 | #ifdef HAVE_NTRU |
wolfSSL | 15:117db924cf7c | 9586 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 15:117db924cf7c | 9587 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 15:117db924cf7c | 9588 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 15:117db924cf7c | 9589 | ret = TLSX_CreateNtruKey(ssl, type); |
wolfSSL | 15:117db924cf7c | 9590 | break; |
wolfSSL | 15:117db924cf7c | 9591 | #endif |
wolfSSL | 15:117db924cf7c | 9592 | default: |
wolfSSL | 15:117db924cf7c | 9593 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 16:8e0d178b1d1e | 9594 | break; |
wolfSSL | 15:117db924cf7c | 9595 | } |
wolfSSL | 15:117db924cf7c | 9596 | |
wolfSSL | 15:117db924cf7c | 9597 | return ret; |
wolfSSL | 15:117db924cf7c | 9598 | } |
wolfSSL | 15:117db924cf7c | 9599 | |
wolfSSL | 15:117db924cf7c | 9600 | |
wolfSSL | 15:117db924cf7c | 9601 | static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key) |
wolfSSL | 15:117db924cf7c | 9602 | { |
wolfSSL | 15:117db924cf7c | 9603 | QSHKey* current; |
wolfSSL | 15:117db924cf7c | 9604 | |
wolfSSL | 15:117db924cf7c | 9605 | if (key == NULL) |
wolfSSL | 15:117db924cf7c | 9606 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 9607 | |
wolfSSL | 15:117db924cf7c | 9608 | /* if no public key stored in key then do not add */ |
wolfSSL | 15:117db924cf7c | 9609 | if (key->pub.length == 0 || key->pub.buffer == NULL) |
wolfSSL | 15:117db924cf7c | 9610 | return 0; |
wolfSSL | 15:117db924cf7c | 9611 | |
wolfSSL | 15:117db924cf7c | 9612 | /* first element to be added to the list */ |
wolfSSL | 15:117db924cf7c | 9613 | current = *list; |
wolfSSL | 15:117db924cf7c | 9614 | if (current == NULL) { |
wolfSSL | 15:117db924cf7c | 9615 | *list = key; |
wolfSSL | 15:117db924cf7c | 9616 | return 0; |
wolfSSL | 15:117db924cf7c | 9617 | } |
wolfSSL | 15:117db924cf7c | 9618 | |
wolfSSL | 15:117db924cf7c | 9619 | while (current->next) { |
wolfSSL | 15:117db924cf7c | 9620 | /* can only have one of the key in the list */ |
wolfSSL | 15:117db924cf7c | 9621 | if (current->name == key->name) |
wolfSSL | 15:117db924cf7c | 9622 | return -1; |
wolfSSL | 15:117db924cf7c | 9623 | current = (QSHKey*)current->next; |
wolfSSL | 15:117db924cf7c | 9624 | } |
wolfSSL | 15:117db924cf7c | 9625 | |
wolfSSL | 15:117db924cf7c | 9626 | current->next = (struct QSHKey*)key; |
wolfSSL | 15:117db924cf7c | 9627 | |
wolfSSL | 15:117db924cf7c | 9628 | return 0; |
wolfSSL | 15:117db924cf7c | 9629 | } |
wolfSSL | 15:117db924cf7c | 9630 | |
wolfSSL | 15:117db924cf7c | 9631 | |
wolfSSL | 15:117db924cf7c | 9632 | #if defined(HAVE_NTRU) |
wolfSSL | 15:117db924cf7c | 9633 | int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) |
wolfSSL | 15:117db924cf7c | 9634 | { |
wolfSSL | 15:117db924cf7c | 9635 | int ret = -1; |
wolfSSL | 15:117db924cf7c | 9636 | int ntruType; |
wolfSSL | 15:117db924cf7c | 9637 | |
wolfSSL | 15:117db924cf7c | 9638 | /* variable declarations for NTRU*/ |
wolfSSL | 15:117db924cf7c | 9639 | QSHKey* temp = NULL; |
wolfSSL | 15:117db924cf7c | 9640 | byte public_key[1027]; |
wolfSSL | 15:117db924cf7c | 9641 | word16 public_key_len = sizeof(public_key); |
wolfSSL | 15:117db924cf7c | 9642 | byte private_key[1120]; |
wolfSSL | 15:117db924cf7c | 9643 | word16 private_key_len = sizeof(private_key); |
wolfSSL | 15:117db924cf7c | 9644 | DRBG_HANDLE drbg; |
wolfSSL | 15:117db924cf7c | 9645 | |
wolfSSL | 15:117db924cf7c | 9646 | if (ssl == NULL) |
wolfSSL | 15:117db924cf7c | 9647 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 9648 | |
wolfSSL | 15:117db924cf7c | 9649 | switch (type) { |
wolfSSL | 15:117db924cf7c | 9650 | case WOLFSSL_NTRU_EESS439: |
wolfSSL | 15:117db924cf7c | 9651 | ntruType = NTRU_EES439EP1; |
wolfSSL | 15:117db924cf7c | 9652 | break; |
wolfSSL | 15:117db924cf7c | 9653 | case WOLFSSL_NTRU_EESS593: |
wolfSSL | 15:117db924cf7c | 9654 | ntruType = NTRU_EES593EP1; |
wolfSSL | 15:117db924cf7c | 9655 | break; |
wolfSSL | 15:117db924cf7c | 9656 | case WOLFSSL_NTRU_EESS743: |
wolfSSL | 15:117db924cf7c | 9657 | ntruType = NTRU_EES743EP1; |
wolfSSL | 15:117db924cf7c | 9658 | break; |
wolfSSL | 15:117db924cf7c | 9659 | default: |
wolfSSL | 15:117db924cf7c | 9660 | WOLFSSL_MSG("Unknown type for creating NTRU key"); |
wolfSSL | 15:117db924cf7c | 9661 | return -1; |
wolfSSL | 15:117db924cf7c | 9662 | } |
wolfSSL | 15:117db924cf7c | 9663 | ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg); |
wolfSSL | 15:117db924cf7c | 9664 | if (ret != DRBG_OK) { |
wolfSSL | 15:117db924cf7c | 9665 | WOLFSSL_MSG("NTRU drbg instantiate failed\n"); |
wolfSSL | 15:117db924cf7c | 9666 | return ret; |
wolfSSL | 15:117db924cf7c | 9667 | } |
wolfSSL | 15:117db924cf7c | 9668 | |
wolfSSL | 15:117db924cf7c | 9669 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 15:117db924cf7c | 9670 | &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK) |
wolfSSL | 15:117db924cf7c | 9671 | return ret; |
wolfSSL | 15:117db924cf7c | 9672 | |
wolfSSL | 15:117db924cf7c | 9673 | if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType, |
wolfSSL | 15:117db924cf7c | 9674 | &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK) |
wolfSSL | 15:117db924cf7c | 9675 | return ret; |
wolfSSL | 15:117db924cf7c | 9676 | |
wolfSSL | 15:117db924cf7c | 9677 | ret = ntru_crypto_drbg_uninstantiate(drbg); |
wolfSSL | 15:117db924cf7c | 9678 | if (ret != NTRU_OK) { |
wolfSSL | 15:117db924cf7c | 9679 | WOLFSSL_MSG("NTRU drbg uninstantiate failed\n"); |
wolfSSL | 15:117db924cf7c | 9680 | return ret; |
wolfSSL | 15:117db924cf7c | 9681 | } |
wolfSSL | 15:117db924cf7c | 9682 | |
wolfSSL | 15:117db924cf7c | 9683 | if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, |
wolfSSL | 15:117db924cf7c | 9684 | DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 15:117db924cf7c | 9685 | return MEMORY_E; |
wolfSSL | 15:117db924cf7c | 9686 | temp->name = type; |
wolfSSL | 15:117db924cf7c | 9687 | temp->pub.length = public_key_len; |
wolfSSL | 15:117db924cf7c | 9688 | temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap, |
wolfSSL | 15:117db924cf7c | 9689 | DYNAMIC_TYPE_PUBLIC_KEY); |
wolfSSL | 15:117db924cf7c | 9690 | XMEMCPY(temp->pub.buffer, public_key, public_key_len); |
wolfSSL | 15:117db924cf7c | 9691 | temp->pri.length = private_key_len; |
wolfSSL | 15:117db924cf7c | 9692 | temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap, |
wolfSSL | 15:117db924cf7c | 9693 | DYNAMIC_TYPE_ARRAYS); |
wolfSSL | 15:117db924cf7c | 9694 | XMEMCPY(temp->pri.buffer, private_key, private_key_len); |
wolfSSL | 15:117db924cf7c | 9695 | temp->next = NULL; |
wolfSSL | 15:117db924cf7c | 9696 | |
wolfSSL | 15:117db924cf7c | 9697 | TLSX_AddQSHKey(&ssl->QSH_Key, temp); |
wolfSSL | 15:117db924cf7c | 9698 | |
wolfSSL | 15:117db924cf7c | 9699 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 9700 | (void)type; |
wolfSSL | 15:117db924cf7c | 9701 | |
wolfSSL | 15:117db924cf7c | 9702 | return ret; |
wolfSSL | 15:117db924cf7c | 9703 | } |
wolfSSL | 15:117db924cf7c | 9704 | #endif |
wolfSSL | 15:117db924cf7c | 9705 | |
wolfSSL | 15:117db924cf7c | 9706 | |
wolfSSL | 15:117db924cf7c | 9707 | /* |
wolfSSL | 15:117db924cf7c | 9708 | Used to find a public key from the list of keys |
wolfSSL | 15:117db924cf7c | 9709 | pubLen length of array |
wolfSSL | 15:117db924cf7c | 9710 | name input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX |
wolfSSL | 15:117db924cf7c | 9711 | |
wolfSSL | 15:117db924cf7c | 9712 | returns a pointer to public key byte* or NULL if not found |
wolfSSL | 15:117db924cf7c | 9713 | */ |
wolfSSL | 15:117db924cf7c | 9714 | static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name) |
wolfSSL | 15:117db924cf7c | 9715 | { |
wolfSSL | 15:117db924cf7c | 9716 | QSHKey* current = qsh; |
wolfSSL | 15:117db924cf7c | 9717 | |
wolfSSL | 15:117db924cf7c | 9718 | if (qsh == NULL || pubLen == NULL) |
wolfSSL | 15:117db924cf7c | 9719 | return NULL; |
wolfSSL | 15:117db924cf7c | 9720 | |
wolfSSL | 15:117db924cf7c | 9721 | *pubLen = 0; |
wolfSSL | 15:117db924cf7c | 9722 | |
wolfSSL | 15:117db924cf7c | 9723 | while(current) { |
wolfSSL | 15:117db924cf7c | 9724 | if (current->name == name) { |
wolfSSL | 15:117db924cf7c | 9725 | *pubLen = current->pub.length; |
wolfSSL | 15:117db924cf7c | 9726 | return current->pub.buffer; |
wolfSSL | 15:117db924cf7c | 9727 | } |
wolfSSL | 15:117db924cf7c | 9728 | current = (QSHKey*)current->next; |
wolfSSL | 15:117db924cf7c | 9729 | } |
wolfSSL | 15:117db924cf7c | 9730 | |
wolfSSL | 15:117db924cf7c | 9731 | return NULL; |
wolfSSL | 15:117db924cf7c | 9732 | } |
wolfSSL | 15:117db924cf7c | 9733 | #endif /* HAVE_QSH */ |
wolfSSL | 15:117db924cf7c | 9734 | |
wolfSSL | 15:117db924cf7c | 9735 | #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ |
wolfSSL | 15:117db924cf7c | 9736 | !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ |
wolfSSL | 16:8e0d178b1d1e | 9737 | (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) \ |
wolfSSL | 16:8e0d178b1d1e | 9738 | && !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES)) || \ |
wolfSSL | 16:8e0d178b1d1e | 9739 | ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 9740 | defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)) |
wolfSSL | 16:8e0d178b1d1e | 9741 | |
wolfSSL | 16:8e0d178b1d1e | 9742 | /* Populates the default supported groups / curves */ |
wolfSSL | 15:117db924cf7c | 9743 | static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) |
wolfSSL | 15:117db924cf7c | 9744 | { |
wolfSSL | 15:117db924cf7c | 9745 | int ret = WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 9746 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 9747 | int i; |
wolfSSL | 15:117db924cf7c | 9748 | |
wolfSSL | 15:117db924cf7c | 9749 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 9750 | if (ssl->options.resuming && ssl->session.namedGroup != 0) { |
wolfSSL | 15:117db924cf7c | 9751 | return TLSX_UseSupportedCurve(extensions, ssl->session.namedGroup, |
wolfSSL | 15:117db924cf7c | 9752 | ssl->heap); |
wolfSSL | 15:117db924cf7c | 9753 | } |
wolfSSL | 15:117db924cf7c | 9754 | #endif |
wolfSSL | 15:117db924cf7c | 9755 | |
wolfSSL | 15:117db924cf7c | 9756 | if (ssl->numGroups != 0) { |
wolfSSL | 15:117db924cf7c | 9757 | for (i = 0; i < ssl->numGroups; i++) { |
wolfSSL | 15:117db924cf7c | 9758 | ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap); |
wolfSSL | 15:117db924cf7c | 9759 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 9760 | return ret; |
wolfSSL | 15:117db924cf7c | 9761 | } |
wolfSSL | 15:117db924cf7c | 9762 | return WOLFSSL_SUCCESS; |
wolfSSL | 15:117db924cf7c | 9763 | } |
wolfSSL | 15:117db924cf7c | 9764 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 9765 | |
wolfSSL | 15:117db924cf7c | 9766 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9767 | /* list in order by strength, since not all servers choose by strength */ |
wolfSSL | 16:8e0d178b1d1e | 9768 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9769 | #ifndef NO_ECC_SECP |
wolfSSL | 16:8e0d178b1d1e | 9770 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9771 | WOLFSSL_ECC_SECP521R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9772 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9773 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9774 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9775 | #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9776 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 16:8e0d178b1d1e | 9777 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9778 | WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9779 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9780 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9781 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9782 | #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9783 | #ifndef NO_ECC_SECP |
wolfSSL | 16:8e0d178b1d1e | 9784 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9785 | WOLFSSL_ECC_SECP384R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9786 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9787 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9788 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 16:8e0d178b1d1e | 9789 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9790 | WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9791 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9792 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9793 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9794 | #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 16:8e0d178b1d1e | 9795 | |
wolfSSL | 16:8e0d178b1d1e | 9796 | #ifndef HAVE_FIPS |
wolfSSL | 16:8e0d178b1d1e | 9797 | #if defined(HAVE_CURVE448) |
wolfSSL | 16:8e0d178b1d1e | 9798 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9799 | WOLFSSL_ECC_X448, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9800 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9801 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9802 | #endif /* HAVE_FIPS */ |
wolfSSL | 16:8e0d178b1d1e | 9803 | |
wolfSSL | 16:8e0d178b1d1e | 9804 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9805 | #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9806 | #ifndef NO_ECC_SECP |
wolfSSL | 16:8e0d178b1d1e | 9807 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9808 | WOLFSSL_ECC_SECP256R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9809 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9810 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9811 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 16:8e0d178b1d1e | 9812 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9813 | WOLFSSL_ECC_SECP256K1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9814 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9815 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9816 | #ifdef HAVE_ECC_BRAINPOOL |
wolfSSL | 16:8e0d178b1d1e | 9817 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9818 | WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9819 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9820 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9821 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9822 | #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 16:8e0d178b1d1e | 9823 | |
wolfSSL | 16:8e0d178b1d1e | 9824 | #ifndef HAVE_FIPS |
wolfSSL | 16:8e0d178b1d1e | 9825 | #if defined(HAVE_CURVE25519) |
wolfSSL | 16:8e0d178b1d1e | 9826 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9827 | WOLFSSL_ECC_X25519, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9828 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9829 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9830 | #endif /* HAVE_FIPS */ |
wolfSSL | 16:8e0d178b1d1e | 9831 | |
wolfSSL | 16:8e0d178b1d1e | 9832 | #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9833 | #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9834 | #ifndef NO_ECC_SECP |
wolfSSL | 16:8e0d178b1d1e | 9835 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9836 | WOLFSSL_ECC_SECP224R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9837 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9838 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9839 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 16:8e0d178b1d1e | 9840 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9841 | WOLFSSL_ECC_SECP224K1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9842 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9843 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9844 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9845 | |
wolfSSL | 15:117db924cf7c | 9846 | #ifndef HAVE_FIPS |
wolfSSL | 16:8e0d178b1d1e | 9847 | #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) |
wolfSSL | 16:8e0d178b1d1e | 9848 | #ifndef NO_ECC_SECP |
wolfSSL | 16:8e0d178b1d1e | 9849 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9850 | WOLFSSL_ECC_SECP192R1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9851 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9852 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9853 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 16:8e0d178b1d1e | 9854 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9855 | WOLFSSL_ECC_SECP192K1, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9856 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 16:8e0d178b1d1e | 9857 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9858 | #endif |
wolfSSL | 15:117db924cf7c | 9859 | #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) |
wolfSSL | 15:117db924cf7c | 9860 | #ifndef NO_ECC_SECP |
wolfSSL | 15:117db924cf7c | 9861 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 15:117db924cf7c | 9862 | WOLFSSL_ECC_SECP160R1, ssl->heap); |
wolfSSL | 15:117db924cf7c | 9863 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 15:117db924cf7c | 9864 | #endif |
wolfSSL | 15:117db924cf7c | 9865 | #ifdef HAVE_ECC_SECPR2 |
wolfSSL | 15:117db924cf7c | 9866 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 15:117db924cf7c | 9867 | WOLFSSL_ECC_SECP160R2, ssl->heap); |
wolfSSL | 15:117db924cf7c | 9868 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 15:117db924cf7c | 9869 | #endif |
wolfSSL | 15:117db924cf7c | 9870 | #ifdef HAVE_ECC_KOBLITZ |
wolfSSL | 15:117db924cf7c | 9871 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 15:117db924cf7c | 9872 | WOLFSSL_ECC_SECP160K1, ssl->heap); |
wolfSSL | 15:117db924cf7c | 9873 | if (ret != WOLFSSL_SUCCESS) return ret; |
wolfSSL | 15:117db924cf7c | 9874 | #endif |
wolfSSL | 15:117db924cf7c | 9875 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9876 | #endif /* HAVE_FIPS */ |
wolfSSL | 16:8e0d178b1d1e | 9877 | #endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 16:8e0d178b1d1e | 9878 | |
wolfSSL | 16:8e0d178b1d1e | 9879 | /* Add FFDHE supported groups. */ |
wolfSSL | 16:8e0d178b1d1e | 9880 | #ifdef HAVE_FFDHE_8192 |
wolfSSL | 16:8e0d178b1d1e | 9881 | if (8192/8 >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 9882 | 8192/8 <= ssl->options.maxDhKeySz) { |
wolfSSL | 15:117db924cf7c | 9883 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9884 | WOLFSSL_FFDHE_8192, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9885 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 9886 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 9887 | } |
wolfSSL | 15:117db924cf7c | 9888 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9889 | #ifdef HAVE_FFDHE_6144 |
wolfSSL | 16:8e0d178b1d1e | 9890 | if (6144/8 >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 9891 | 6144/8 <= ssl->options.maxDhKeySz) { |
wolfSSL | 15:117db924cf7c | 9892 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9893 | WOLFSSL_FFDHE_6144, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9894 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 9895 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 9896 | } |
wolfSSL | 15:117db924cf7c | 9897 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9898 | #ifdef HAVE_FFDHE_4096 |
wolfSSL | 16:8e0d178b1d1e | 9899 | if (4096/8 >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 9900 | 4096/8 <= ssl->options.maxDhKeySz) { |
wolfSSL | 15:117db924cf7c | 9901 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9902 | WOLFSSL_FFDHE_4096, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9903 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 9904 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 9905 | } |
wolfSSL | 15:117db924cf7c | 9906 | #endif |
wolfSSL | 16:8e0d178b1d1e | 9907 | #ifdef HAVE_FFDHE_3072 |
wolfSSL | 16:8e0d178b1d1e | 9908 | if (3072/8 >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 9909 | 3072/8 <= ssl->options.maxDhKeySz) { |
wolfSSL | 15:117db924cf7c | 9910 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 16:8e0d178b1d1e | 9911 | WOLFSSL_FFDHE_3072, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 9912 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 9913 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 9914 | } |
wolfSSL | 15:117db924cf7c | 9915 | #endif |
wolfSSL | 15:117db924cf7c | 9916 | #ifdef HAVE_FFDHE_2048 |
wolfSSL | 16:8e0d178b1d1e | 9917 | if (2048/8 >= ssl->options.minDhKeySz && |
wolfSSL | 16:8e0d178b1d1e | 9918 | 2048/8 <= ssl->options.maxDhKeySz) { |
wolfSSL | 15:117db924cf7c | 9919 | ret = TLSX_UseSupportedCurve(extensions, |
wolfSSL | 15:117db924cf7c | 9920 | WOLFSSL_FFDHE_2048, ssl->heap); |
wolfSSL | 15:117db924cf7c | 9921 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 9922 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 9923 | } |
wolfSSL | 15:117db924cf7c | 9924 | #endif |
wolfSSL | 15:117db924cf7c | 9925 | |
wolfSSL | 15:117db924cf7c | 9926 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 9927 | (void)extensions; |
wolfSSL | 15:117db924cf7c | 9928 | |
wolfSSL | 15:117db924cf7c | 9929 | return ret; |
wolfSSL | 15:117db924cf7c | 9930 | } |
wolfSSL | 15:117db924cf7c | 9931 | |
wolfSSL | 15:117db924cf7c | 9932 | #endif |
wolfSSL | 15:117db924cf7c | 9933 | |
wolfSSL | 15:117db924cf7c | 9934 | int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) |
wolfSSL | 15:117db924cf7c | 9935 | { |
wolfSSL | 15:117db924cf7c | 9936 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 9937 | byte* public_key = NULL; |
wolfSSL | 15:117db924cf7c | 9938 | word16 public_key_len = 0; |
wolfSSL | 15:117db924cf7c | 9939 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 9940 | int usingPSK = 0; |
wolfSSL | 15:117db924cf7c | 9941 | #endif |
wolfSSL | 15:117db924cf7c | 9942 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 9943 | TLSX* extension; |
wolfSSL | 15:117db924cf7c | 9944 | QSHScheme* qsh; |
wolfSSL | 15:117db924cf7c | 9945 | QSHScheme* next; |
wolfSSL | 15:117db924cf7c | 9946 | |
wolfSSL | 15:117db924cf7c | 9947 | /* add supported QSHSchemes */ |
wolfSSL | 15:117db924cf7c | 9948 | WOLFSSL_MSG("Adding supported QSH Schemes"); |
wolfSSL | 15:117db924cf7c | 9949 | #endif |
wolfSSL | 15:117db924cf7c | 9950 | |
wolfSSL | 16:8e0d178b1d1e | 9951 | /* server will add extension depending on what is parsed from client */ |
wolfSSL | 15:117db924cf7c | 9952 | if (!isServer) { |
wolfSSL | 15:117db924cf7c | 9953 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 9954 | /* test if user has set a specific scheme already */ |
wolfSSL | 15:117db924cf7c | 9955 | if (!ssl->user_set_QSHSchemes) { |
wolfSSL | 15:117db924cf7c | 9956 | if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 15:117db924cf7c | 9957 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) { |
wolfSSL | 15:117db924cf7c | 9958 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 15:117db924cf7c | 9959 | return ret; |
wolfSSL | 15:117db924cf7c | 9960 | } |
wolfSSL | 15:117db924cf7c | 9961 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) { |
wolfSSL | 15:117db924cf7c | 9962 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 15:117db924cf7c | 9963 | return ret; |
wolfSSL | 15:117db924cf7c | 9964 | } |
wolfSSL | 15:117db924cf7c | 9965 | if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) { |
wolfSSL | 15:117db924cf7c | 9966 | WOLFSSL_MSG("Error creating ntru keys"); |
wolfSSL | 15:117db924cf7c | 9967 | return ret; |
wolfSSL | 15:117db924cf7c | 9968 | } |
wolfSSL | 15:117db924cf7c | 9969 | |
wolfSSL | 15:117db924cf7c | 9970 | /* add NTRU 256 */ |
wolfSSL | 15:117db924cf7c | 9971 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 15:117db924cf7c | 9972 | &public_key_len, WOLFSSL_NTRU_EESS743); |
wolfSSL | 15:117db924cf7c | 9973 | } |
wolfSSL | 15:117db924cf7c | 9974 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743, |
wolfSSL | 15:117db924cf7c | 9975 | public_key, public_key_len, ssl->heap) |
wolfSSL | 15:117db924cf7c | 9976 | != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 9977 | ret = -1; |
wolfSSL | 15:117db924cf7c | 9978 | |
wolfSSL | 15:117db924cf7c | 9979 | /* add NTRU 196 */ |
wolfSSL | 15:117db924cf7c | 9980 | if (ssl->sendQSHKeys) { |
wolfSSL | 15:117db924cf7c | 9981 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 15:117db924cf7c | 9982 | &public_key_len, WOLFSSL_NTRU_EESS593); |
wolfSSL | 15:117db924cf7c | 9983 | } |
wolfSSL | 15:117db924cf7c | 9984 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593, |
wolfSSL | 15:117db924cf7c | 9985 | public_key, public_key_len, ssl->heap) |
wolfSSL | 15:117db924cf7c | 9986 | != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 9987 | ret = -1; |
wolfSSL | 15:117db924cf7c | 9988 | |
wolfSSL | 15:117db924cf7c | 9989 | /* add NTRU 128 */ |
wolfSSL | 15:117db924cf7c | 9990 | if (ssl->sendQSHKeys) { |
wolfSSL | 15:117db924cf7c | 9991 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 15:117db924cf7c | 9992 | &public_key_len, WOLFSSL_NTRU_EESS439); |
wolfSSL | 15:117db924cf7c | 9993 | } |
wolfSSL | 15:117db924cf7c | 9994 | if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439, |
wolfSSL | 15:117db924cf7c | 9995 | public_key, public_key_len, ssl->heap) |
wolfSSL | 15:117db924cf7c | 9996 | != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 9997 | ret = -1; |
wolfSSL | 15:117db924cf7c | 9998 | } |
wolfSSL | 15:117db924cf7c | 9999 | else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { |
wolfSSL | 15:117db924cf7c | 10000 | /* for each scheme make a client key */ |
wolfSSL | 15:117db924cf7c | 10001 | extension = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 10002 | if (extension) { |
wolfSSL | 15:117db924cf7c | 10003 | qsh = (QSHScheme*)extension->data; |
wolfSSL | 15:117db924cf7c | 10004 | |
wolfSSL | 15:117db924cf7c | 10005 | while (qsh) { |
wolfSSL | 15:117db924cf7c | 10006 | if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0) |
wolfSSL | 15:117db924cf7c | 10007 | return ret; |
wolfSSL | 15:117db924cf7c | 10008 | |
wolfSSL | 15:117db924cf7c | 10009 | /* get next now because qsh could be freed */ |
wolfSSL | 15:117db924cf7c | 10010 | next = qsh->next; |
wolfSSL | 15:117db924cf7c | 10011 | |
wolfSSL | 15:117db924cf7c | 10012 | /* find the public key created and add to extension*/ |
wolfSSL | 15:117db924cf7c | 10013 | public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, |
wolfSSL | 15:117db924cf7c | 10014 | &public_key_len, qsh->name); |
wolfSSL | 15:117db924cf7c | 10015 | if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name, |
wolfSSL | 15:117db924cf7c | 10016 | public_key, public_key_len, |
wolfSSL | 15:117db924cf7c | 10017 | ssl->heap) != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 10018 | ret = -1; |
wolfSSL | 15:117db924cf7c | 10019 | qsh = next; |
wolfSSL | 15:117db924cf7c | 10020 | } |
wolfSSL | 15:117db924cf7c | 10021 | } |
wolfSSL | 15:117db924cf7c | 10022 | } |
wolfSSL | 15:117db924cf7c | 10023 | #endif |
wolfSSL | 15:117db924cf7c | 10024 | |
wolfSSL | 16:8e0d178b1d1e | 10025 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 10026 | if (!ssl->options.disallowEncThenMac) { |
wolfSSL | 16:8e0d178b1d1e | 10027 | ret = TLSX_EncryptThenMac_Use(ssl); |
wolfSSL | 16:8e0d178b1d1e | 10028 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10029 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10030 | } |
wolfSSL | 16:8e0d178b1d1e | 10031 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10032 | |
wolfSSL | 16:8e0d178b1d1e | 10033 | #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ |
wolfSSL | 16:8e0d178b1d1e | 10034 | defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 15:117db924cf7c | 10035 | if (!ssl->options.userCurves && !ssl->ctx->userCurves) { |
wolfSSL | 15:117db924cf7c | 10036 | if (TLSX_Find(ssl->ctx->extensions, |
wolfSSL | 15:117db924cf7c | 10037 | TLSX_SUPPORTED_GROUPS) == NULL) { |
wolfSSL | 15:117db924cf7c | 10038 | ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); |
wolfSSL | 15:117db924cf7c | 10039 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 10040 | return ret; |
wolfSSL | 15:117db924cf7c | 10041 | } |
wolfSSL | 16:8e0d178b1d1e | 10042 | } |
wolfSSL | 16:8e0d178b1d1e | 10043 | if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) && |
wolfSSL | 16:8e0d178b1d1e | 10044 | TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL && |
wolfSSL | 16:8e0d178b1d1e | 10045 | TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 10046 | ret = TLSX_UsePointFormat(&ssl->extensions, |
wolfSSL | 16:8e0d178b1d1e | 10047 | WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap); |
wolfSSL | 16:8e0d178b1d1e | 10048 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 16:8e0d178b1d1e | 10049 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10050 | } |
wolfSSL | 16:8e0d178b1d1e | 10051 | #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 15:117db924cf7c | 10052 | } /* is not server */ |
wolfSSL | 15:117db924cf7c | 10053 | |
wolfSSL | 16:8e0d178b1d1e | 10054 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 10055 | WOLFSSL_MSG("Adding signature algorithms extension"); |
wolfSSL | 15:117db924cf7c | 10056 | if ((ret = TLSX_SetSignatureAlgorithms(&ssl->extensions, ssl, ssl->heap)) |
wolfSSL | 15:117db924cf7c | 10057 | != 0) { |
wolfSSL | 15:117db924cf7c | 10058 | return ret; |
wolfSSL | 15:117db924cf7c | 10059 | } |
wolfSSL | 16:8e0d178b1d1e | 10060 | #else |
wolfSSL | 16:8e0d178b1d1e | 10061 | ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 10062 | #endif |
wolfSSL | 15:117db924cf7c | 10063 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10064 | if (!isServer && IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10065 | /* Add mandatory TLS v1.3 extension: supported version */ |
wolfSSL | 15:117db924cf7c | 10066 | WOLFSSL_MSG("Adding supported versions extension"); |
wolfSSL | 15:117db924cf7c | 10067 | if ((ret = TLSX_SetSupportedVersions(&ssl->extensions, ssl, |
wolfSSL | 15:117db924cf7c | 10068 | ssl->heap)) != 0) { |
wolfSSL | 15:117db924cf7c | 10069 | return ret; |
wolfSSL | 15:117db924cf7c | 10070 | } |
wolfSSL | 15:117db924cf7c | 10071 | |
wolfSSL | 15:117db924cf7c | 10072 | #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \ |
wolfSSL | 16:8e0d178b1d1e | 10073 | !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES) |
wolfSSL | 15:117db924cf7c | 10074 | if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { |
wolfSSL | 15:117db924cf7c | 10075 | /* Put in DH groups for TLS 1.3 only. */ |
wolfSSL | 15:117db924cf7c | 10076 | ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); |
wolfSSL | 15:117db924cf7c | 10077 | if (ret != WOLFSSL_SUCCESS) |
wolfSSL | 15:117db924cf7c | 10078 | return ret; |
wolfSSL | 15:117db924cf7c | 10079 | ret = 0; |
wolfSSL | 15:117db924cf7c | 10080 | } |
wolfSSL | 16:8e0d178b1d1e | 10081 | #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ |
wolfSSL | 15:117db924cf7c | 10082 | |
wolfSSL | 15:117db924cf7c | 10083 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 10084 | if (ssl->certHashSigAlgoSz > 0) { |
wolfSSL | 15:117db924cf7c | 10085 | WOLFSSL_MSG("Adding signature algorithms cert extension"); |
wolfSSL | 15:117db924cf7c | 10086 | if ((ret = TLSX_SetSignatureAlgorithmsCert(&ssl->extensions, |
wolfSSL | 15:117db924cf7c | 10087 | ssl, ssl->heap)) != 0) { |
wolfSSL | 15:117db924cf7c | 10088 | return ret; |
wolfSSL | 15:117db924cf7c | 10089 | } |
wolfSSL | 15:117db924cf7c | 10090 | } |
wolfSSL | 15:117db924cf7c | 10091 | #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ |
wolfSSL | 15:117db924cf7c | 10092 | |
wolfSSL | 15:117db924cf7c | 10093 | if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { |
wolfSSL | 15:117db924cf7c | 10094 | word16 namedGroup; |
wolfSSL | 15:117db924cf7c | 10095 | |
wolfSSL | 15:117db924cf7c | 10096 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10097 | if (ssl->options.resuming && ssl->session.namedGroup != 0) |
wolfSSL | 15:117db924cf7c | 10098 | namedGroup = ssl->session.namedGroup; |
wolfSSL | 15:117db924cf7c | 10099 | else |
wolfSSL | 15:117db924cf7c | 10100 | #endif |
wolfSSL | 15:117db924cf7c | 10101 | { |
wolfSSL | 15:117db924cf7c | 10102 | #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ |
wolfSSL | 15:117db924cf7c | 10103 | defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) |
wolfSSL | 15:117db924cf7c | 10104 | namedGroup = WOLFSSL_ECC_SECP256R1; |
wolfSSL | 15:117db924cf7c | 10105 | #elif defined(HAVE_CURVE25519) |
wolfSSL | 15:117db924cf7c | 10106 | namedGroup = WOLFSSL_ECC_X25519; |
wolfSSL | 16:8e0d178b1d1e | 10107 | #elif defined(HAVE_CURVE448) |
wolfSSL | 16:8e0d178b1d1e | 10108 | namedGroup = WOLFSSL_ECC_X448; |
wolfSSL | 15:117db924cf7c | 10109 | #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \ |
wolfSSL | 15:117db924cf7c | 10110 | defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) |
wolfSSL | 15:117db924cf7c | 10111 | namedGroup = WOLFSSL_ECC_SECP384R1; |
wolfSSL | 15:117db924cf7c | 10112 | #elif defined(HAVE_ECC) && (!defined(NO_ECC521) || \ |
wolfSSL | 15:117db924cf7c | 10113 | defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) |
wolfSSL | 15:117db924cf7c | 10114 | namedGroup = WOLFSSL_ECC_SECP521R1; |
wolfSSL | 15:117db924cf7c | 10115 | #elif defined(HAVE_FFDHE_2048) |
wolfSSL | 15:117db924cf7c | 10116 | namedGroup = WOLFSSL_FFDHE_2048; |
wolfSSL | 15:117db924cf7c | 10117 | #elif defined(HAVE_FFDHE_3072) |
wolfSSL | 15:117db924cf7c | 10118 | namedGroup = WOLFSSL_FFDHE_3072; |
wolfSSL | 15:117db924cf7c | 10119 | #elif defined(HAVE_FFDHE_4096) |
wolfSSL | 15:117db924cf7c | 10120 | namedGroup = WOLFSSL_FFDHE_4096; |
wolfSSL | 15:117db924cf7c | 10121 | #elif defined(HAVE_FFDHE_6144) |
wolfSSL | 15:117db924cf7c | 10122 | namedGroup = WOLFSSL_FFDHE_6144; |
wolfSSL | 15:117db924cf7c | 10123 | #elif defined(HAVE_FFDHE_8192) |
wolfSSL | 15:117db924cf7c | 10124 | namedGroup = WOLFSSL_FFDHE_8192; |
wolfSSL | 15:117db924cf7c | 10125 | #else |
wolfSSL | 15:117db924cf7c | 10126 | return KEY_SHARE_ERROR; |
wolfSSL | 15:117db924cf7c | 10127 | #endif |
wolfSSL | 15:117db924cf7c | 10128 | } |
wolfSSL | 15:117db924cf7c | 10129 | ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL); |
wolfSSL | 15:117db924cf7c | 10130 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10131 | return ret; |
wolfSSL | 15:117db924cf7c | 10132 | } |
wolfSSL | 15:117db924cf7c | 10133 | |
wolfSSL | 15:117db924cf7c | 10134 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10135 | TLSX_Remove(&ssl->extensions, TLSX_PRE_SHARED_KEY, ssl->heap); |
wolfSSL | 15:117db924cf7c | 10136 | #endif |
wolfSSL | 15:117db924cf7c | 10137 | #if defined(HAVE_SESSION_TICKET) |
wolfSSL | 15:117db924cf7c | 10138 | if (ssl->options.resuming && ssl->session.ticketLen > 0) { |
wolfSSL | 15:117db924cf7c | 10139 | WOLFSSL_SESSION* sess = &ssl->session; |
wolfSSL | 15:117db924cf7c | 10140 | word32 milli; |
wolfSSL | 15:117db924cf7c | 10141 | |
wolfSSL | 16:8e0d178b1d1e | 10142 | if (sess->ticketLen > MAX_PSK_ID_LEN) { |
wolfSSL | 16:8e0d178b1d1e | 10143 | WOLFSSL_MSG("Session ticket length for PSK ext is too large"); |
wolfSSL | 16:8e0d178b1d1e | 10144 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 10145 | } |
wolfSSL | 16:8e0d178b1d1e | 10146 | |
wolfSSL | 15:117db924cf7c | 10147 | /* Determine the MAC algorithm for the cipher suite used. */ |
wolfSSL | 15:117db924cf7c | 10148 | ssl->options.cipherSuite0 = sess->cipherSuite0; |
wolfSSL | 15:117db924cf7c | 10149 | ssl->options.cipherSuite = sess->cipherSuite; |
wolfSSL | 15:117db924cf7c | 10150 | ret = SetCipherSpecs(ssl); |
wolfSSL | 15:117db924cf7c | 10151 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10152 | return ret; |
wolfSSL | 15:117db924cf7c | 10153 | milli = TimeNowInMilliseconds() - sess->ticketSeen + |
wolfSSL | 15:117db924cf7c | 10154 | sess->ticketAdd; |
wolfSSL | 15:117db924cf7c | 10155 | /* Pre-shared key is mandatory extension for resumption. */ |
wolfSSL | 15:117db924cf7c | 10156 | ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen, |
wolfSSL | 15:117db924cf7c | 10157 | milli, ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 10158 | ssl->options.cipherSuite0, |
wolfSSL | 15:117db924cf7c | 10159 | ssl->options.cipherSuite, 1, |
wolfSSL | 15:117db924cf7c | 10160 | NULL); |
wolfSSL | 15:117db924cf7c | 10161 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10162 | return ret; |
wolfSSL | 15:117db924cf7c | 10163 | |
wolfSSL | 15:117db924cf7c | 10164 | usingPSK = 1; |
wolfSSL | 15:117db924cf7c | 10165 | } |
wolfSSL | 15:117db924cf7c | 10166 | #endif |
wolfSSL | 15:117db924cf7c | 10167 | #ifndef NO_PSK |
wolfSSL | 16:8e0d178b1d1e | 10168 | if (ssl->options.client_psk_cb != NULL || |
wolfSSL | 16:8e0d178b1d1e | 10169 | ssl->options.client_psk_tls13_cb != NULL) { |
wolfSSL | 15:117db924cf7c | 10170 | /* Default ciphersuite. */ |
wolfSSL | 15:117db924cf7c | 10171 | byte cipherSuite0 = TLS13_BYTE; |
wolfSSL | 15:117db924cf7c | 10172 | byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER; |
wolfSSL | 16:8e0d178b1d1e | 10173 | const char* cipherName = NULL; |
wolfSSL | 16:8e0d178b1d1e | 10174 | |
wolfSSL | 16:8e0d178b1d1e | 10175 | if (ssl->options.client_psk_tls13_cb != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 10176 | ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb( |
wolfSSL | 16:8e0d178b1d1e | 10177 | ssl, ssl->arrays->server_hint, |
wolfSSL | 16:8e0d178b1d1e | 10178 | ssl->arrays->client_identity, MAX_PSK_ID_LEN, |
wolfSSL | 16:8e0d178b1d1e | 10179 | ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); |
wolfSSL | 16:8e0d178b1d1e | 10180 | if (GetCipherSuiteFromName(cipherName, &cipherSuite0, |
wolfSSL | 16:8e0d178b1d1e | 10181 | &cipherSuite) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 10182 | return PSK_KEY_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 10183 | } |
wolfSSL | 16:8e0d178b1d1e | 10184 | } |
wolfSSL | 16:8e0d178b1d1e | 10185 | else { |
wolfSSL | 16:8e0d178b1d1e | 10186 | ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, |
wolfSSL | 15:117db924cf7c | 10187 | ssl->arrays->server_hint, ssl->arrays->client_identity, |
wolfSSL | 15:117db924cf7c | 10188 | MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); |
wolfSSL | 16:8e0d178b1d1e | 10189 | } |
wolfSSL | 15:117db924cf7c | 10190 | if (ssl->arrays->psk_keySz == 0 || |
wolfSSL | 15:117db924cf7c | 10191 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { |
wolfSSL | 15:117db924cf7c | 10192 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 10193 | } |
wolfSSL | 15:117db924cf7c | 10194 | ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; |
wolfSSL | 15:117db924cf7c | 10195 | /* TODO: Callback should be able to change ciphersuite. */ |
wolfSSL | 15:117db924cf7c | 10196 | ssl->options.cipherSuite0 = cipherSuite0; |
wolfSSL | 15:117db924cf7c | 10197 | ssl->options.cipherSuite = cipherSuite; |
wolfSSL | 15:117db924cf7c | 10198 | ret = SetCipherSpecs(ssl); |
wolfSSL | 15:117db924cf7c | 10199 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10200 | return ret; |
wolfSSL | 15:117db924cf7c | 10201 | |
wolfSSL | 15:117db924cf7c | 10202 | ret = TLSX_PreSharedKey_Use(ssl, |
wolfSSL | 15:117db924cf7c | 10203 | (byte*)ssl->arrays->client_identity, |
wolfSSL | 15:117db924cf7c | 10204 | (word16)XSTRLEN(ssl->arrays->client_identity), |
wolfSSL | 15:117db924cf7c | 10205 | 0, ssl->specs.mac_algorithm, |
wolfSSL | 15:117db924cf7c | 10206 | cipherSuite0, cipherSuite, 0, |
wolfSSL | 15:117db924cf7c | 10207 | NULL); |
wolfSSL | 15:117db924cf7c | 10208 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10209 | return ret; |
wolfSSL | 15:117db924cf7c | 10210 | |
wolfSSL | 15:117db924cf7c | 10211 | usingPSK = 1; |
wolfSSL | 15:117db924cf7c | 10212 | } |
wolfSSL | 15:117db924cf7c | 10213 | #endif |
wolfSSL | 15:117db924cf7c | 10214 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10215 | if (usingPSK) { |
wolfSSL | 15:117db924cf7c | 10216 | byte modes; |
wolfSSL | 15:117db924cf7c | 10217 | |
wolfSSL | 15:117db924cf7c | 10218 | /* Pre-shared key modes: mandatory extension for resumption. */ |
wolfSSL | 15:117db924cf7c | 10219 | modes = 1 << PSK_KE; |
wolfSSL | 16:8e0d178b1d1e | 10220 | #if !defined(NO_DH) || defined(HAVE_ECC) || \ |
wolfSSL | 16:8e0d178b1d1e | 10221 | defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) |
wolfSSL | 15:117db924cf7c | 10222 | if (!ssl->options.noPskDheKe) |
wolfSSL | 15:117db924cf7c | 10223 | modes |= 1 << PSK_DHE_KE; |
wolfSSL | 15:117db924cf7c | 10224 | #endif |
wolfSSL | 15:117db924cf7c | 10225 | ret = TLSX_PskKeModes_Use(ssl, modes); |
wolfSSL | 15:117db924cf7c | 10226 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10227 | return ret; |
wolfSSL | 15:117db924cf7c | 10228 | } |
wolfSSL | 15:117db924cf7c | 10229 | #endif |
wolfSSL | 15:117db924cf7c | 10230 | #if defined(WOLFSSL_POST_HANDSHAKE_AUTH) |
wolfSSL | 15:117db924cf7c | 10231 | if (!isServer && ssl->options.postHandshakeAuth) { |
wolfSSL | 15:117db924cf7c | 10232 | ret = TLSX_PostHandAuth_Use(ssl); |
wolfSSL | 15:117db924cf7c | 10233 | if (ret != 0) |
wolfSSL | 15:117db924cf7c | 10234 | return ret; |
wolfSSL | 15:117db924cf7c | 10235 | } |
wolfSSL | 15:117db924cf7c | 10236 | #endif |
wolfSSL | 15:117db924cf7c | 10237 | } |
wolfSSL | 15:117db924cf7c | 10238 | |
wolfSSL | 15:117db924cf7c | 10239 | #endif |
wolfSSL | 15:117db924cf7c | 10240 | |
wolfSSL | 15:117db924cf7c | 10241 | (void)isServer; |
wolfSSL | 15:117db924cf7c | 10242 | (void)public_key; |
wolfSSL | 15:117db924cf7c | 10243 | (void)public_key_len; |
wolfSSL | 15:117db924cf7c | 10244 | (void)ssl; |
wolfSSL | 15:117db924cf7c | 10245 | |
wolfSSL | 15:117db924cf7c | 10246 | return ret; |
wolfSSL | 15:117db924cf7c | 10247 | } |
wolfSSL | 15:117db924cf7c | 10248 | |
wolfSSL | 15:117db924cf7c | 10249 | |
wolfSSL | 15:117db924cf7c | 10250 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) |
wolfSSL | 15:117db924cf7c | 10251 | |
wolfSSL | 15:117db924cf7c | 10252 | /** Tells the buffered size of extensions to be sent into the client hello. */ |
wolfSSL | 15:117db924cf7c | 10253 | int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) |
wolfSSL | 15:117db924cf7c | 10254 | { |
wolfSSL | 15:117db924cf7c | 10255 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 10256 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 10257 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 15:117db924cf7c | 10258 | |
wolfSSL | 15:117db924cf7c | 10259 | if (!TLSX_SupportExtensions(ssl)) |
wolfSSL | 15:117db924cf7c | 10260 | return 0; |
wolfSSL | 15:117db924cf7c | 10261 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 10262 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10263 | PF_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10264 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10265 | WOLF_STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 16:8e0d178b1d1e | 10266 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 10267 | if (ssl->suites->hashSigAlgoSz == 0) |
wolfSSL | 15:117db924cf7c | 10268 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); |
wolfSSL | 16:8e0d178b1d1e | 10269 | #endif |
wolfSSL | 15:117db924cf7c | 10270 | #if defined(WOLFSSL_TLS13) |
wolfSSL | 15:117db924cf7c | 10271 | if (!IsAtLeastTLSv1_2(ssl)) |
wolfSSL | 15:117db924cf7c | 10272 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10273 | if (!IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10274 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10275 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10276 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10277 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); |
wolfSSL | 15:117db924cf7c | 10278 | #endif |
wolfSSL | 15:117db924cf7c | 10279 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 10280 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); |
wolfSSL | 15:117db924cf7c | 10281 | #endif |
wolfSSL | 15:117db924cf7c | 10282 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); |
wolfSSL | 15:117db924cf7c | 10283 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 10284 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); |
wolfSSL | 15:117db924cf7c | 10285 | #endif |
wolfSSL | 15:117db924cf7c | 10286 | } |
wolfSSL | 15:117db924cf7c | 10287 | #endif |
wolfSSL | 15:117db924cf7c | 10288 | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 10289 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
wolfSSL | 15:117db924cf7c | 10290 | if (!ssl->ctx->cm->ocspStaplingEnabled) { |
wolfSSL | 15:117db924cf7c | 10291 | /* mark already sent, so it won't send it */ |
wolfSSL | 15:117db924cf7c | 10292 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10293 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); |
wolfSSL | 15:117db924cf7c | 10294 | } |
wolfSSL | 15:117db924cf7c | 10295 | #endif |
wolfSSL | 15:117db924cf7c | 10296 | } |
wolfSSL | 16:8e0d178b1d1e | 10297 | |
wolfSSL | 15:117db924cf7c | 10298 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10299 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 10300 | else if (msgType == certificate_request) { |
wolfSSL | 15:117db924cf7c | 10301 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 16:8e0d178b1d1e | 10302 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 10303 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); |
wolfSSL | 16:8e0d178b1d1e | 10304 | #endif |
wolfSSL | 15:117db924cf7c | 10305 | /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, |
wolfSSL | 15:117db924cf7c | 10306 | * TLSX_CERTIFICATE_AUTHORITIES, OID_FILTERS |
wolfSSL | 15:117db924cf7c | 10307 | * TLSX_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 10308 | */ |
wolfSSL | 15:117db924cf7c | 10309 | } |
wolfSSL | 15:117db924cf7c | 10310 | #endif |
wolfSSL | 15:117db924cf7c | 10311 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10312 | if (ssl->extensions) { |
wolfSSL | 15:117db924cf7c | 10313 | ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); |
wolfSSL | 16:8e0d178b1d1e | 10314 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10315 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10316 | } |
wolfSSL | 16:8e0d178b1d1e | 10317 | if (ssl->ctx && ssl->ctx->extensions) { |
wolfSSL | 15:117db924cf7c | 10318 | ret = TLSX_GetSize(ssl->ctx->extensions, semaphore, msgType, &length); |
wolfSSL | 16:8e0d178b1d1e | 10319 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10320 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10321 | } |
wolfSSL | 15:117db924cf7c | 10322 | |
wolfSSL | 15:117db924cf7c | 10323 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 10324 | if (msgType == client_hello && ssl->options.haveEMS && |
wolfSSL | 16:8e0d178b1d1e | 10325 | (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) { |
wolfSSL | 15:117db924cf7c | 10326 | length += HELLO_EXT_SZ; |
wolfSSL | 15:117db924cf7c | 10327 | } |
wolfSSL | 15:117db924cf7c | 10328 | #endif |
wolfSSL | 15:117db924cf7c | 10329 | |
wolfSSL | 15:117db924cf7c | 10330 | if (length) |
wolfSSL | 15:117db924cf7c | 10331 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 15:117db924cf7c | 10332 | |
wolfSSL | 15:117db924cf7c | 10333 | *pLength += length; |
wolfSSL | 15:117db924cf7c | 10334 | |
wolfSSL | 15:117db924cf7c | 10335 | return ret; |
wolfSSL | 15:117db924cf7c | 10336 | } |
wolfSSL | 15:117db924cf7c | 10337 | |
wolfSSL | 15:117db924cf7c | 10338 | /** Writes the extensions to be sent into the client hello. */ |
wolfSSL | 15:117db924cf7c | 10339 | int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) |
wolfSSL | 15:117db924cf7c | 10340 | { |
wolfSSL | 15:117db924cf7c | 10341 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 10342 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 10343 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 15:117db924cf7c | 10344 | |
wolfSSL | 15:117db924cf7c | 10345 | if (!TLSX_SupportExtensions(ssl) || output == NULL) |
wolfSSL | 15:117db924cf7c | 10346 | return 0; |
wolfSSL | 15:117db924cf7c | 10347 | |
wolfSSL | 15:117db924cf7c | 10348 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 15:117db924cf7c | 10349 | |
wolfSSL | 15:117db924cf7c | 10350 | if (msgType == client_hello) { |
wolfSSL | 15:117db924cf7c | 10351 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10352 | PF_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10353 | WOLF_STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 15:117db924cf7c | 10354 | QSH_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 16:8e0d178b1d1e | 10355 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 10356 | if (ssl->suites->hashSigAlgoSz == 0) |
wolfSSL | 15:117db924cf7c | 10357 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); |
wolfSSL | 16:8e0d178b1d1e | 10358 | #endif |
wolfSSL | 15:117db924cf7c | 10359 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10360 | if (!IsAtLeastTLSv1_2(ssl)) |
wolfSSL | 15:117db924cf7c | 10361 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10362 | if (!IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10363 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10364 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10365 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES)); |
wolfSSL | 15:117db924cf7c | 10366 | #endif |
wolfSSL | 15:117db924cf7c | 10367 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 10368 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); |
wolfSSL | 15:117db924cf7c | 10369 | #endif |
wolfSSL | 15:117db924cf7c | 10370 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); |
wolfSSL | 15:117db924cf7c | 10371 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 10372 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); |
wolfSSL | 15:117db924cf7c | 10373 | #endif |
wolfSSL | 15:117db924cf7c | 10374 | } |
wolfSSL | 15:117db924cf7c | 10375 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10376 | /* Must write Pre-shared Key extension at the end in TLS v1.3. |
wolfSSL | 15:117db924cf7c | 10377 | * Must not write out Pre-shared Key extension in earlier versions of |
wolfSSL | 15:117db924cf7c | 10378 | * protocol. |
wolfSSL | 15:117db924cf7c | 10379 | */ |
wolfSSL | 15:117db924cf7c | 10380 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10381 | #endif |
wolfSSL | 15:117db924cf7c | 10382 | #endif |
wolfSSL | 15:117db924cf7c | 10383 | #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ |
wolfSSL | 15:117db924cf7c | 10384 | || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) |
wolfSSL | 15:117db924cf7c | 10385 | /* mark already sent, so it won't send it */ |
wolfSSL | 15:117db924cf7c | 10386 | if (!ssl->ctx->cm->ocspStaplingEnabled) { |
wolfSSL | 15:117db924cf7c | 10387 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10388 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); |
wolfSSL | 15:117db924cf7c | 10389 | } |
wolfSSL | 15:117db924cf7c | 10390 | #endif |
wolfSSL | 15:117db924cf7c | 10391 | } |
wolfSSL | 15:117db924cf7c | 10392 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10393 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 10394 | else if (msgType == certificate_request) { |
wolfSSL | 15:117db924cf7c | 10395 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 16:8e0d178b1d1e | 10396 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 10397 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); |
wolfSSL | 16:8e0d178b1d1e | 10398 | #endif |
wolfSSL | 15:117db924cf7c | 10399 | /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, |
wolfSSL | 15:117db924cf7c | 10400 | * TLSX_CERTIFICATE_AUTHORITIES, TLSX_OID_FILTERS |
wolfSSL | 15:117db924cf7c | 10401 | * TLSX_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 10402 | */ |
wolfSSL | 15:117db924cf7c | 10403 | } |
wolfSSL | 15:117db924cf7c | 10404 | #endif |
wolfSSL | 15:117db924cf7c | 10405 | #endif |
wolfSSL | 15:117db924cf7c | 10406 | if (ssl->extensions) { |
wolfSSL | 15:117db924cf7c | 10407 | ret = TLSX_Write(ssl->extensions, output + offset, semaphore, |
wolfSSL | 15:117db924cf7c | 10408 | msgType, &offset); |
wolfSSL | 16:8e0d178b1d1e | 10409 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10410 | return ret; |
wolfSSL | 15:117db924cf7c | 10411 | } |
wolfSSL | 15:117db924cf7c | 10412 | if (ssl->ctx && ssl->ctx->extensions) { |
wolfSSL | 15:117db924cf7c | 10413 | ret = TLSX_Write(ssl->ctx->extensions, output + offset, semaphore, |
wolfSSL | 15:117db924cf7c | 10414 | msgType, &offset); |
wolfSSL | 16:8e0d178b1d1e | 10415 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10416 | return ret; |
wolfSSL | 15:117db924cf7c | 10417 | } |
wolfSSL | 15:117db924cf7c | 10418 | |
wolfSSL | 15:117db924cf7c | 10419 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 10420 | if (msgType == client_hello && ssl->options.haveEMS && |
wolfSSL | 16:8e0d178b1d1e | 10421 | (!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade)) { |
wolfSSL | 16:8e0d178b1d1e | 10422 | WOLFSSL_MSG("EMS extension to write"); |
wolfSSL | 15:117db924cf7c | 10423 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 15:117db924cf7c | 10424 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 15:117db924cf7c | 10425 | c16toa(0, output + offset); |
wolfSSL | 15:117db924cf7c | 10426 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 15:117db924cf7c | 10427 | } |
wolfSSL | 15:117db924cf7c | 10428 | #endif |
wolfSSL | 15:117db924cf7c | 10429 | |
wolfSSL | 15:117db924cf7c | 10430 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10431 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10432 | if (msgType == client_hello && IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10433 | /* Write out what we can of Pre-shared key extension. */ |
wolfSSL | 15:117db924cf7c | 10434 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10435 | ret = TLSX_Write(ssl->extensions, output + offset, semaphore, |
wolfSSL | 15:117db924cf7c | 10436 | client_hello, &offset); |
wolfSSL | 16:8e0d178b1d1e | 10437 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10438 | return ret; |
wolfSSL | 15:117db924cf7c | 10439 | } |
wolfSSL | 15:117db924cf7c | 10440 | #endif |
wolfSSL | 15:117db924cf7c | 10441 | #endif |
wolfSSL | 15:117db924cf7c | 10442 | |
wolfSSL | 15:117db924cf7c | 10443 | if (offset > OPAQUE16_LEN || msgType != client_hello) |
wolfSSL | 15:117db924cf7c | 10444 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 15:117db924cf7c | 10445 | |
wolfSSL | 15:117db924cf7c | 10446 | *pOffset += offset; |
wolfSSL | 15:117db924cf7c | 10447 | |
wolfSSL | 15:117db924cf7c | 10448 | return ret; |
wolfSSL | 15:117db924cf7c | 10449 | } |
wolfSSL | 15:117db924cf7c | 10450 | |
wolfSSL | 15:117db924cf7c | 10451 | #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ |
wolfSSL | 15:117db924cf7c | 10452 | |
wolfSSL | 15:117db924cf7c | 10453 | #if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER) |
wolfSSL | 15:117db924cf7c | 10454 | |
wolfSSL | 15:117db924cf7c | 10455 | /** Tells the buffered size of extensions to be sent into the server hello. */ |
wolfSSL | 15:117db924cf7c | 10456 | int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) |
wolfSSL | 15:117db924cf7c | 10457 | { |
wolfSSL | 15:117db924cf7c | 10458 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 10459 | word16 length = 0; |
wolfSSL | 15:117db924cf7c | 10460 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 15:117db924cf7c | 10461 | |
wolfSSL | 15:117db924cf7c | 10462 | switch (msgType) { |
wolfSSL | 15:117db924cf7c | 10463 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 10464 | case server_hello: |
wolfSSL | 15:117db924cf7c | 10465 | PF_VALIDATE_RESPONSE(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10466 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10467 | if (IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10468 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10469 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 10470 | TURN_OFF(semaphore, |
wolfSSL | 15:117db924cf7c | 10471 | TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10472 | #endif |
wolfSSL | 15:117db924cf7c | 10473 | if (!ssl->options.noPskDheKe) |
wolfSSL | 15:117db924cf7c | 10474 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10475 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10476 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10477 | #endif |
wolfSSL | 15:117db924cf7c | 10478 | } |
wolfSSL | 15:117db924cf7c | 10479 | else { |
wolfSSL | 15:117db924cf7c | 10480 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10481 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10482 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10483 | #endif |
wolfSSL | 15:117db924cf7c | 10484 | } |
wolfSSL | 15:117db924cf7c | 10485 | #endif |
wolfSSL | 15:117db924cf7c | 10486 | break; |
wolfSSL | 15:117db924cf7c | 10487 | |
wolfSSL | 15:117db924cf7c | 10488 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10489 | case hello_retry_request: |
wolfSSL | 15:117db924cf7c | 10490 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10491 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 10492 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10493 | #endif |
wolfSSL | 15:117db924cf7c | 10494 | if (!ssl->options.noPskDheKe) |
wolfSSL | 15:117db924cf7c | 10495 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10496 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); |
wolfSSL | 15:117db924cf7c | 10497 | break; |
wolfSSL | 15:117db924cf7c | 10498 | #endif |
wolfSSL | 15:117db924cf7c | 10499 | |
wolfSSL | 15:117db924cf7c | 10500 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10501 | case encrypted_extensions: |
wolfSSL | 15:117db924cf7c | 10502 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); |
wolfSSL | 15:117db924cf7c | 10503 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10504 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); |
wolfSSL | 15:117db924cf7c | 10505 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10506 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10507 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10508 | #endif |
wolfSSL | 15:117db924cf7c | 10509 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 10510 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10511 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10512 | #if defined(HAVE_SECURE_RENEGOTIATION) |
wolfSSL | 16:8e0d178b1d1e | 10513 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO)); |
wolfSSL | 16:8e0d178b1d1e | 10514 | #endif |
wolfSSL | 15:117db924cf7c | 10515 | break; |
wolfSSL | 15:117db924cf7c | 10516 | |
wolfSSL | 15:117db924cf7c | 10517 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 10518 | case session_ticket: |
wolfSSL | 15:117db924cf7c | 10519 | if (ssl->options.tls1_3) { |
wolfSSL | 15:117db924cf7c | 10520 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10521 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); |
wolfSSL | 15:117db924cf7c | 10522 | } |
wolfSSL | 15:117db924cf7c | 10523 | break; |
wolfSSL | 15:117db924cf7c | 10524 | #endif |
wolfSSL | 15:117db924cf7c | 10525 | #endif |
wolfSSL | 15:117db924cf7c | 10526 | #endif |
wolfSSL | 15:117db924cf7c | 10527 | |
wolfSSL | 15:117db924cf7c | 10528 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10529 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 10530 | case certificate: |
wolfSSL | 15:117db924cf7c | 10531 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10532 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10533 | /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, |
wolfSSL | 15:117db924cf7c | 10534 | * TLSX_SERVER_CERTIFICATE_TYPE |
wolfSSL | 15:117db924cf7c | 10535 | */ |
wolfSSL | 15:117db924cf7c | 10536 | break; |
wolfSSL | 15:117db924cf7c | 10537 | #endif |
wolfSSL | 15:117db924cf7c | 10538 | #endif |
wolfSSL | 15:117db924cf7c | 10539 | } |
wolfSSL | 15:117db924cf7c | 10540 | |
wolfSSL | 15:117db924cf7c | 10541 | #ifdef HAVE_QSH |
wolfSSL | 15:117db924cf7c | 10542 | /* change response if not using TLS_QSH */ |
wolfSSL | 15:117db924cf7c | 10543 | if (!ssl->options.haveQSH) { |
wolfSSL | 15:117db924cf7c | 10544 | TLSX* ext = TLSX_Find(ssl->extensions, TLSX_QUANTUM_SAFE_HYBRID); |
wolfSSL | 15:117db924cf7c | 10545 | if (ext) |
wolfSSL | 15:117db924cf7c | 10546 | ext->resp = 0; |
wolfSSL | 15:117db924cf7c | 10547 | } |
wolfSSL | 15:117db924cf7c | 10548 | #endif |
wolfSSL | 15:117db924cf7c | 10549 | |
wolfSSL | 15:117db924cf7c | 10550 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 16:8e0d178b1d1e | 10551 | if (ssl->options.haveEMS && msgType == server_hello && |
wolfSSL | 16:8e0d178b1d1e | 10552 | !IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10553 | length += HELLO_EXT_SZ; |
wolfSSL | 16:8e0d178b1d1e | 10554 | } |
wolfSSL | 16:8e0d178b1d1e | 10555 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10556 | |
wolfSSL | 16:8e0d178b1d1e | 10557 | if (TLSX_SupportExtensions(ssl)) { |
wolfSSL | 15:117db924cf7c | 10558 | ret = TLSX_GetSize(ssl->extensions, semaphore, msgType, &length); |
wolfSSL | 16:8e0d178b1d1e | 10559 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10560 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10561 | } |
wolfSSL | 15:117db924cf7c | 10562 | |
wolfSSL | 15:117db924cf7c | 10563 | /* All the response data is set at the ssl object only, so no ctx here. */ |
wolfSSL | 15:117db924cf7c | 10564 | |
wolfSSL | 15:117db924cf7c | 10565 | if (length || msgType != server_hello) |
wolfSSL | 15:117db924cf7c | 10566 | length += OPAQUE16_LEN; /* for total length storage. */ |
wolfSSL | 15:117db924cf7c | 10567 | |
wolfSSL | 15:117db924cf7c | 10568 | *pLength += length; |
wolfSSL | 15:117db924cf7c | 10569 | |
wolfSSL | 15:117db924cf7c | 10570 | return ret; |
wolfSSL | 15:117db924cf7c | 10571 | } |
wolfSSL | 15:117db924cf7c | 10572 | |
wolfSSL | 15:117db924cf7c | 10573 | /** Writes the server hello extensions into a buffer. */ |
wolfSSL | 15:117db924cf7c | 10574 | int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset) |
wolfSSL | 15:117db924cf7c | 10575 | { |
wolfSSL | 15:117db924cf7c | 10576 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 10577 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 10578 | |
wolfSSL | 15:117db924cf7c | 10579 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 15:117db924cf7c | 10580 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 15:117db924cf7c | 10581 | |
wolfSSL | 15:117db924cf7c | 10582 | switch (msgType) { |
wolfSSL | 15:117db924cf7c | 10583 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 10584 | case server_hello: |
wolfSSL | 15:117db924cf7c | 10585 | PF_VALIDATE_RESPONSE(ssl, semaphore); |
wolfSSL | 15:117db924cf7c | 10586 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10587 | if (IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 15:117db924cf7c | 10588 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10589 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 10590 | TURN_OFF(semaphore, |
wolfSSL | 15:117db924cf7c | 10591 | TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10592 | #endif |
wolfSSL | 15:117db924cf7c | 10593 | if (!ssl->options.noPskDheKe) |
wolfSSL | 15:117db924cf7c | 10594 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10595 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10596 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10597 | #endif |
wolfSSL | 15:117db924cf7c | 10598 | } |
wolfSSL | 15:117db924cf7c | 10599 | else { |
wolfSSL | 15:117db924cf7c | 10600 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10601 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10602 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10603 | #endif |
wolfSSL | 15:117db924cf7c | 10604 | } |
wolfSSL | 15:117db924cf7c | 10605 | #endif |
wolfSSL | 15:117db924cf7c | 10606 | break; |
wolfSSL | 15:117db924cf7c | 10607 | |
wolfSSL | 15:117db924cf7c | 10608 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10609 | case hello_retry_request: |
wolfSSL | 15:117db924cf7c | 10610 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10611 | #ifndef WOLFSSL_TLS13_DRAFT_18 |
wolfSSL | 15:117db924cf7c | 10612 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10613 | #endif |
wolfSSL | 15:117db924cf7c | 10614 | if (!ssl->options.noPskDheKe) |
wolfSSL | 15:117db924cf7c | 10615 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10616 | /* Cookie is written below as last extension. */ |
wolfSSL | 15:117db924cf7c | 10617 | break; |
wolfSSL | 15:117db924cf7c | 10618 | #endif |
wolfSSL | 15:117db924cf7c | 10619 | |
wolfSSL | 15:117db924cf7c | 10620 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10621 | case encrypted_extensions: |
wolfSSL | 15:117db924cf7c | 10622 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); |
wolfSSL | 15:117db924cf7c | 10623 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS)); |
wolfSSL | 15:117db924cf7c | 10624 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); |
wolfSSL | 15:117db924cf7c | 10625 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); |
wolfSSL | 15:117db924cf7c | 10626 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 10627 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); |
wolfSSL | 15:117db924cf7c | 10628 | #endif |
wolfSSL | 15:117db924cf7c | 10629 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST |
wolfSSL | 15:117db924cf7c | 10630 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10631 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10632 | #if defined(HAVE_SECURE_RENEGOTIATION) |
wolfSSL | 16:8e0d178b1d1e | 10633 | TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO)); |
wolfSSL | 16:8e0d178b1d1e | 10634 | #endif |
wolfSSL | 15:117db924cf7c | 10635 | break; |
wolfSSL | 15:117db924cf7c | 10636 | |
wolfSSL | 15:117db924cf7c | 10637 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 10638 | case session_ticket: |
wolfSSL | 15:117db924cf7c | 10639 | if (ssl->options.tls1_3) { |
wolfSSL | 15:117db924cf7c | 10640 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10641 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_EARLY_DATA)); |
wolfSSL | 15:117db924cf7c | 10642 | } |
wolfSSL | 15:117db924cf7c | 10643 | break; |
wolfSSL | 15:117db924cf7c | 10644 | #endif |
wolfSSL | 15:117db924cf7c | 10645 | #endif |
wolfSSL | 15:117db924cf7c | 10646 | #endif |
wolfSSL | 15:117db924cf7c | 10647 | |
wolfSSL | 15:117db924cf7c | 10648 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10649 | #ifndef NO_CERTS |
wolfSSL | 15:117db924cf7c | 10650 | case certificate: |
wolfSSL | 15:117db924cf7c | 10651 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10652 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); |
wolfSSL | 15:117db924cf7c | 10653 | /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, |
wolfSSL | 15:117db924cf7c | 10654 | * TLSX_SERVER_CERTIFICATE_TYPE |
wolfSSL | 15:117db924cf7c | 10655 | */ |
wolfSSL | 15:117db924cf7c | 10656 | break; |
wolfSSL | 15:117db924cf7c | 10657 | #endif |
wolfSSL | 15:117db924cf7c | 10658 | #endif |
wolfSSL | 15:117db924cf7c | 10659 | } |
wolfSSL | 15:117db924cf7c | 10660 | |
wolfSSL | 15:117db924cf7c | 10661 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 15:117db924cf7c | 10662 | |
wolfSSL | 15:117db924cf7c | 10663 | ret = TLSX_Write(ssl->extensions, output + offset, semaphore, |
wolfSSL | 15:117db924cf7c | 10664 | msgType, &offset); |
wolfSSL | 16:8e0d178b1d1e | 10665 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10666 | return ret; |
wolfSSL | 15:117db924cf7c | 10667 | |
wolfSSL | 15:117db924cf7c | 10668 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10669 | if (msgType == hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 10670 | XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); |
wolfSSL | 15:117db924cf7c | 10671 | TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); |
wolfSSL | 15:117db924cf7c | 10672 | ret = TLSX_Write(ssl->extensions, output + offset, semaphore, |
wolfSSL | 15:117db924cf7c | 10673 | msgType, &offset); |
wolfSSL | 16:8e0d178b1d1e | 10674 | if (ret != 0) |
wolfSSL | 16:8e0d178b1d1e | 10675 | return ret; |
wolfSSL | 15:117db924cf7c | 10676 | } |
wolfSSL | 15:117db924cf7c | 10677 | #endif |
wolfSSL | 15:117db924cf7c | 10678 | |
wolfSSL | 15:117db924cf7c | 10679 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 16:8e0d178b1d1e | 10680 | if (ssl->options.haveEMS && msgType == server_hello && |
wolfSSL | 16:8e0d178b1d1e | 10681 | !IsAtLeastTLSv1_3(ssl->version)) { |
wolfSSL | 16:8e0d178b1d1e | 10682 | WOLFSSL_MSG("EMS extension to write"); |
wolfSSL | 15:117db924cf7c | 10683 | c16toa(HELLO_EXT_EXTMS, output + offset); |
wolfSSL | 15:117db924cf7c | 10684 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 15:117db924cf7c | 10685 | c16toa(0, output + offset); |
wolfSSL | 15:117db924cf7c | 10686 | offset += HELLO_EXT_SZ_SZ; |
wolfSSL | 15:117db924cf7c | 10687 | } |
wolfSSL | 15:117db924cf7c | 10688 | #endif |
wolfSSL | 15:117db924cf7c | 10689 | |
wolfSSL | 15:117db924cf7c | 10690 | if (offset > OPAQUE16_LEN || msgType != server_hello) |
wolfSSL | 15:117db924cf7c | 10691 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 15:117db924cf7c | 10692 | } |
wolfSSL | 15:117db924cf7c | 10693 | |
wolfSSL | 15:117db924cf7c | 10694 | if (pOffset) |
wolfSSL | 15:117db924cf7c | 10695 | *pOffset += offset; |
wolfSSL | 15:117db924cf7c | 10696 | |
wolfSSL | 15:117db924cf7c | 10697 | return ret; |
wolfSSL | 15:117db924cf7c | 10698 | } |
wolfSSL | 15:117db924cf7c | 10699 | |
wolfSSL | 15:117db924cf7c | 10700 | #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_SERVER */ |
wolfSSL | 15:117db924cf7c | 10701 | |
wolfSSL | 16:8e0d178b1d1e | 10702 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10703 | int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length, byte msgType, |
wolfSSL | 16:8e0d178b1d1e | 10704 | int* found) |
wolfSSL | 16:8e0d178b1d1e | 10705 | { |
wolfSSL | 16:8e0d178b1d1e | 10706 | int ret = 0; |
wolfSSL | 16:8e0d178b1d1e | 10707 | int offset = 0; |
wolfSSL | 16:8e0d178b1d1e | 10708 | |
wolfSSL | 16:8e0d178b1d1e | 10709 | *found = 0; |
wolfSSL | 16:8e0d178b1d1e | 10710 | while (offset < (int)length) { |
wolfSSL | 16:8e0d178b1d1e | 10711 | word16 type; |
wolfSSL | 16:8e0d178b1d1e | 10712 | word16 size; |
wolfSSL | 16:8e0d178b1d1e | 10713 | |
wolfSSL | 16:8e0d178b1d1e | 10714 | if (offset + (2 * OPAQUE16_LEN) > length) { |
wolfSSL | 16:8e0d178b1d1e | 10715 | ret = BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 10716 | break; |
wolfSSL | 16:8e0d178b1d1e | 10717 | } |
wolfSSL | 16:8e0d178b1d1e | 10718 | |
wolfSSL | 16:8e0d178b1d1e | 10719 | ato16(input + offset, &type); |
wolfSSL | 16:8e0d178b1d1e | 10720 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 16:8e0d178b1d1e | 10721 | |
wolfSSL | 16:8e0d178b1d1e | 10722 | ato16(input + offset, &size); |
wolfSSL | 16:8e0d178b1d1e | 10723 | offset += OPAQUE16_LEN; |
wolfSSL | 16:8e0d178b1d1e | 10724 | |
wolfSSL | 16:8e0d178b1d1e | 10725 | if (offset + size > length) { |
wolfSSL | 16:8e0d178b1d1e | 10726 | ret = BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 10727 | break; |
wolfSSL | 16:8e0d178b1d1e | 10728 | } |
wolfSSL | 16:8e0d178b1d1e | 10729 | |
wolfSSL | 16:8e0d178b1d1e | 10730 | if (type == TLSX_SUPPORTED_VERSIONS) { |
wolfSSL | 16:8e0d178b1d1e | 10731 | *found = 1; |
wolfSSL | 16:8e0d178b1d1e | 10732 | |
wolfSSL | 16:8e0d178b1d1e | 10733 | WOLFSSL_MSG("Supported Versions extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10734 | |
wolfSSL | 16:8e0d178b1d1e | 10735 | ret = SV_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 16:8e0d178b1d1e | 10736 | break; |
wolfSSL | 16:8e0d178b1d1e | 10737 | } |
wolfSSL | 16:8e0d178b1d1e | 10738 | |
wolfSSL | 16:8e0d178b1d1e | 10739 | offset += size; |
wolfSSL | 16:8e0d178b1d1e | 10740 | } |
wolfSSL | 16:8e0d178b1d1e | 10741 | |
wolfSSL | 16:8e0d178b1d1e | 10742 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 10743 | } |
wolfSSL | 16:8e0d178b1d1e | 10744 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10745 | |
wolfSSL | 15:117db924cf7c | 10746 | /** Parses a buffer of TLS extensions. */ |
wolfSSL | 15:117db924cf7c | 10747 | int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, |
wolfSSL | 15:117db924cf7c | 10748 | Suites *suites) |
wolfSSL | 15:117db924cf7c | 10749 | { |
wolfSSL | 15:117db924cf7c | 10750 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 10751 | word16 offset = 0; |
wolfSSL | 15:117db924cf7c | 10752 | byte isRequest = (msgType == client_hello || |
wolfSSL | 15:117db924cf7c | 10753 | msgType == certificate_request); |
wolfSSL | 15:117db924cf7c | 10754 | |
wolfSSL | 15:117db924cf7c | 10755 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 10756 | byte pendingEMS = 0; |
wolfSSL | 15:117db924cf7c | 10757 | #endif |
wolfSSL | 15:117db924cf7c | 10758 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 10759 | int pskDone = 0; |
wolfSSL | 15:117db924cf7c | 10760 | #endif |
wolfSSL | 15:117db924cf7c | 10761 | |
wolfSSL | 15:117db924cf7c | 10762 | if (!ssl || !input || (isRequest && !suites)) |
wolfSSL | 15:117db924cf7c | 10763 | return BAD_FUNC_ARG; |
wolfSSL | 15:117db924cf7c | 10764 | |
wolfSSL | 15:117db924cf7c | 10765 | while (ret == 0 && offset < length) { |
wolfSSL | 15:117db924cf7c | 10766 | word16 type; |
wolfSSL | 15:117db924cf7c | 10767 | word16 size; |
wolfSSL | 15:117db924cf7c | 10768 | |
wolfSSL | 15:117db924cf7c | 10769 | #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) |
wolfSSL | 15:117db924cf7c | 10770 | if (msgType == client_hello && pskDone) |
wolfSSL | 15:117db924cf7c | 10771 | return PSK_KEY_ERROR; |
wolfSSL | 15:117db924cf7c | 10772 | #endif |
wolfSSL | 15:117db924cf7c | 10773 | |
wolfSSL | 15:117db924cf7c | 10774 | if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) |
wolfSSL | 15:117db924cf7c | 10775 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 10776 | |
wolfSSL | 15:117db924cf7c | 10777 | ato16(input + offset, &type); |
wolfSSL | 15:117db924cf7c | 10778 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 15:117db924cf7c | 10779 | |
wolfSSL | 15:117db924cf7c | 10780 | ato16(input + offset, &size); |
wolfSSL | 15:117db924cf7c | 10781 | offset += OPAQUE16_LEN; |
wolfSSL | 15:117db924cf7c | 10782 | |
wolfSSL | 15:117db924cf7c | 10783 | if (offset + size > length) |
wolfSSL | 15:117db924cf7c | 10784 | return BUFFER_ERROR; |
wolfSSL | 15:117db924cf7c | 10785 | |
wolfSSL | 15:117db924cf7c | 10786 | switch (type) { |
wolfSSL | 15:117db924cf7c | 10787 | case TLSX_SERVER_NAME: |
wolfSSL | 15:117db924cf7c | 10788 | WOLFSSL_MSG("SNI extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10789 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10790 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10791 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10792 | |
wolfSSL | 16:8e0d178b1d1e | 10793 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10794 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 10795 | msgType != client_hello && |
wolfSSL | 16:8e0d178b1d1e | 10796 | msgType != server_hello && |
wolfSSL | 16:8e0d178b1d1e | 10797 | msgType != encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 10798 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 10799 | } |
wolfSSL | 16:8e0d178b1d1e | 10800 | else if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 10801 | msgType == encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 10802 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 10803 | } |
wolfSSL | 16:8e0d178b1d1e | 10804 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10805 | ret = SNI_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 16:8e0d178b1d1e | 10806 | break; |
wolfSSL | 16:8e0d178b1d1e | 10807 | |
wolfSSL | 16:8e0d178b1d1e | 10808 | case TLSX_TRUSTED_CA_KEYS: |
wolfSSL | 16:8e0d178b1d1e | 10809 | WOLFSSL_MSG("Trusted CA extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10810 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10811 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10812 | #endif |
wolfSSL | 15:117db924cf7c | 10813 | |
wolfSSL | 15:117db924cf7c | 10814 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10815 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10816 | msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 10817 | msgType != encrypted_extensions) { |
wolfSSL | 15:117db924cf7c | 10818 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 10819 | } |
wolfSSL | 15:117db924cf7c | 10820 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10821 | ret = TCA_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10822 | break; |
wolfSSL | 15:117db924cf7c | 10823 | |
wolfSSL | 15:117db924cf7c | 10824 | case TLSX_MAX_FRAGMENT_LENGTH: |
wolfSSL | 15:117db924cf7c | 10825 | WOLFSSL_MSG("Max Fragment Length extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10826 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10827 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10828 | #endif |
wolfSSL | 15:117db924cf7c | 10829 | |
wolfSSL | 15:117db924cf7c | 10830 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10831 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10832 | msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 10833 | msgType != encrypted_extensions) { |
wolfSSL | 15:117db924cf7c | 10834 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 10835 | } |
wolfSSL | 16:8e0d178b1d1e | 10836 | else if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 10837 | msgType == encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 10838 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 10839 | } |
wolfSSL | 15:117db924cf7c | 10840 | #endif |
wolfSSL | 15:117db924cf7c | 10841 | ret = MFL_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10842 | break; |
wolfSSL | 15:117db924cf7c | 10843 | |
wolfSSL | 15:117db924cf7c | 10844 | case TLSX_TRUNCATED_HMAC: |
wolfSSL | 15:117db924cf7c | 10845 | WOLFSSL_MSG("Truncated HMAC extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10846 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10847 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10848 | #endif |
wolfSSL | 15:117db924cf7c | 10849 | |
wolfSSL | 15:117db924cf7c | 10850 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10851 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 10852 | break; |
wolfSSL | 15:117db924cf7c | 10853 | #endif |
wolfSSL | 15:117db924cf7c | 10854 | ret = THM_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10855 | break; |
wolfSSL | 15:117db924cf7c | 10856 | |
wolfSSL | 15:117db924cf7c | 10857 | case TLSX_SUPPORTED_GROUPS: |
wolfSSL | 15:117db924cf7c | 10858 | WOLFSSL_MSG("Supported Groups extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10859 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10860 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10861 | #endif |
wolfSSL | 15:117db924cf7c | 10862 | |
wolfSSL | 15:117db924cf7c | 10863 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10864 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10865 | msgType != client_hello && |
wolfSSL | 16:8e0d178b1d1e | 10866 | msgType != server_hello && |
wolfSSL | 15:117db924cf7c | 10867 | msgType != encrypted_extensions) { |
wolfSSL | 15:117db924cf7c | 10868 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 10869 | } |
wolfSSL | 16:8e0d178b1d1e | 10870 | else if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 10871 | msgType == encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 10872 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 10873 | } |
wolfSSL | 15:117db924cf7c | 10874 | #endif |
wolfSSL | 15:117db924cf7c | 10875 | ret = EC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10876 | break; |
wolfSSL | 15:117db924cf7c | 10877 | |
wolfSSL | 15:117db924cf7c | 10878 | case TLSX_EC_POINT_FORMATS: |
wolfSSL | 15:117db924cf7c | 10879 | WOLFSSL_MSG("Point Formats extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10880 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10881 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10882 | #endif |
wolfSSL | 15:117db924cf7c | 10883 | |
wolfSSL | 15:117db924cf7c | 10884 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10885 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 10886 | break; |
wolfSSL | 15:117db924cf7c | 10887 | #endif |
wolfSSL | 15:117db924cf7c | 10888 | ret = PF_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10889 | break; |
wolfSSL | 15:117db924cf7c | 10890 | |
wolfSSL | 15:117db924cf7c | 10891 | case TLSX_STATUS_REQUEST: |
wolfSSL | 15:117db924cf7c | 10892 | WOLFSSL_MSG("Certificate Status Request extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10893 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10894 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10895 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10896 | |
wolfSSL | 16:8e0d178b1d1e | 10897 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10898 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 10899 | msgType != client_hello && |
wolfSSL | 16:8e0d178b1d1e | 10900 | msgType != certificate_request && |
wolfSSL | 16:8e0d178b1d1e | 10901 | msgType != certificate) { |
wolfSSL | 16:8e0d178b1d1e | 10902 | break; |
wolfSSL | 16:8e0d178b1d1e | 10903 | } |
wolfSSL | 16:8e0d178b1d1e | 10904 | #endif |
wolfSSL | 15:117db924cf7c | 10905 | ret = CSR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10906 | break; |
wolfSSL | 15:117db924cf7c | 10907 | |
wolfSSL | 15:117db924cf7c | 10908 | case TLSX_STATUS_REQUEST_V2: |
wolfSSL | 15:117db924cf7c | 10909 | WOLFSSL_MSG("Certificate Status Request v2 extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10910 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10911 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10912 | #endif |
wolfSSL | 15:117db924cf7c | 10913 | |
wolfSSL | 15:117db924cf7c | 10914 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10915 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10916 | msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 10917 | msgType != certificate_request && |
wolfSSL | 15:117db924cf7c | 10918 | msgType != certificate) { |
wolfSSL | 15:117db924cf7c | 10919 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 10920 | } |
wolfSSL | 15:117db924cf7c | 10921 | #endif |
wolfSSL | 15:117db924cf7c | 10922 | ret = CSR2_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10923 | break; |
wolfSSL | 15:117db924cf7c | 10924 | |
wolfSSL | 15:117db924cf7c | 10925 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 10926 | case HELLO_EXT_EXTMS: |
wolfSSL | 15:117db924cf7c | 10927 | WOLFSSL_MSG("Extended Master Secret extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10928 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10929 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10930 | #endif |
wolfSSL | 15:117db924cf7c | 10931 | |
wolfSSL | 15:117db924cf7c | 10932 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10933 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 10934 | break; |
wolfSSL | 15:117db924cf7c | 10935 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10936 | if (size != 0) |
wolfSSL | 16:8e0d178b1d1e | 10937 | return BUFFER_ERROR; |
wolfSSL | 16:8e0d178b1d1e | 10938 | |
wolfSSL | 15:117db924cf7c | 10939 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 10940 | if (isRequest) |
wolfSSL | 15:117db924cf7c | 10941 | ssl->options.haveEMS = 1; |
wolfSSL | 15:117db924cf7c | 10942 | #endif |
wolfSSL | 15:117db924cf7c | 10943 | pendingEMS = 1; |
wolfSSL | 15:117db924cf7c | 10944 | break; |
wolfSSL | 15:117db924cf7c | 10945 | #endif |
wolfSSL | 15:117db924cf7c | 10946 | |
wolfSSL | 15:117db924cf7c | 10947 | case TLSX_RENEGOTIATION_INFO: |
wolfSSL | 15:117db924cf7c | 10948 | WOLFSSL_MSG("Secure Renegotiation extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10949 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10950 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10951 | #endif |
wolfSSL | 15:117db924cf7c | 10952 | |
wolfSSL | 15:117db924cf7c | 10953 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10954 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 10955 | break; |
wolfSSL | 15:117db924cf7c | 10956 | #endif |
wolfSSL | 15:117db924cf7c | 10957 | ret = SCR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10958 | break; |
wolfSSL | 15:117db924cf7c | 10959 | |
wolfSSL | 15:117db924cf7c | 10960 | case TLSX_SESSION_TICKET: |
wolfSSL | 15:117db924cf7c | 10961 | WOLFSSL_MSG("Session Ticket extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10962 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10963 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10964 | #endif |
wolfSSL | 15:117db924cf7c | 10965 | |
wolfSSL | 15:117db924cf7c | 10966 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10967 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10968 | msgType != client_hello) { |
wolfSSL | 15:117db924cf7c | 10969 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 10970 | } |
wolfSSL | 15:117db924cf7c | 10971 | #endif |
wolfSSL | 15:117db924cf7c | 10972 | ret = WOLF_STK_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10973 | break; |
wolfSSL | 15:117db924cf7c | 10974 | |
wolfSSL | 15:117db924cf7c | 10975 | case TLSX_QUANTUM_SAFE_HYBRID: |
wolfSSL | 15:117db924cf7c | 10976 | WOLFSSL_MSG("Quantum-Safe-Hybrid extension received"); |
wolfSSL | 16:8e0d178b1d1e | 10977 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10978 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10979 | #endif |
wolfSSL | 15:117db924cf7c | 10980 | |
wolfSSL | 15:117db924cf7c | 10981 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 10982 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 10983 | break; |
wolfSSL | 15:117db924cf7c | 10984 | #endif |
wolfSSL | 15:117db924cf7c | 10985 | ret = QSH_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 10986 | break; |
wolfSSL | 15:117db924cf7c | 10987 | |
wolfSSL | 15:117db924cf7c | 10988 | case TLSX_APPLICATION_LAYER_PROTOCOL: |
wolfSSL | 15:117db924cf7c | 10989 | WOLFSSL_MSG("ALPN extension received"); |
wolfSSL | 15:117db924cf7c | 10990 | |
wolfSSL | 16:8e0d178b1d1e | 10991 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 10992 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 10993 | #endif |
wolfSSL | 16:8e0d178b1d1e | 10994 | |
wolfSSL | 15:117db924cf7c | 10995 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 10996 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 10997 | msgType != client_hello && |
wolfSSL | 16:8e0d178b1d1e | 10998 | msgType != server_hello && |
wolfSSL | 15:117db924cf7c | 10999 | msgType != encrypted_extensions) { |
wolfSSL | 15:117db924cf7c | 11000 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11001 | } |
wolfSSL | 16:8e0d178b1d1e | 11002 | else if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 11003 | msgType == encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 11004 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11005 | } |
wolfSSL | 15:117db924cf7c | 11006 | #endif |
wolfSSL | 15:117db924cf7c | 11007 | ret = ALPN_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 11008 | break; |
wolfSSL | 16:8e0d178b1d1e | 11009 | #if !defined(WOLFSSL_NO_SIGALG) |
wolfSSL | 15:117db924cf7c | 11010 | case TLSX_SIGNATURE_ALGORITHMS: |
wolfSSL | 15:117db924cf7c | 11011 | WOLFSSL_MSG("Signature Algorithms extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11012 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11013 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11014 | #endif |
wolfSSL | 15:117db924cf7c | 11015 | |
wolfSSL | 15:117db924cf7c | 11016 | if (!IsAtLeastTLSv1_2(ssl)) |
wolfSSL | 15:117db924cf7c | 11017 | break; |
wolfSSL | 15:117db924cf7c | 11018 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 11019 | if (IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 15:117db924cf7c | 11020 | msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 11021 | msgType != certificate_request) { |
wolfSSL | 15:117db924cf7c | 11022 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11023 | } |
wolfSSL | 15:117db924cf7c | 11024 | #endif |
wolfSSL | 15:117db924cf7c | 11025 | ret = SA_PARSE(ssl, input + offset, size, isRequest, suites); |
wolfSSL | 15:117db924cf7c | 11026 | break; |
wolfSSL | 16:8e0d178b1d1e | 11027 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11028 | |
wolfSSL | 16:8e0d178b1d1e | 11029 | #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) |
wolfSSL | 16:8e0d178b1d1e | 11030 | case TLSX_ENCRYPT_THEN_MAC: |
wolfSSL | 16:8e0d178b1d1e | 11031 | WOLFSSL_MSG("Encrypt-Then-Mac extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11032 | |
wolfSSL | 16:8e0d178b1d1e | 11033 | /* Ignore for TLS 1.3+ */ |
wolfSSL | 16:8e0d178b1d1e | 11034 | if (IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 16:8e0d178b1d1e | 11035 | break; |
wolfSSL | 16:8e0d178b1d1e | 11036 | |
wolfSSL | 16:8e0d178b1d1e | 11037 | ret = ETM_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 16:8e0d178b1d1e | 11038 | break; |
wolfSSL | 16:8e0d178b1d1e | 11039 | #endif /* HAVE_ENCRYPT_THEN_MAC */ |
wolfSSL | 15:117db924cf7c | 11040 | |
wolfSSL | 15:117db924cf7c | 11041 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 11042 | case TLSX_SUPPORTED_VERSIONS: |
wolfSSL | 16:8e0d178b1d1e | 11043 | WOLFSSL_MSG("Skipping Supported Versions - already processed"); |
wolfSSL | 16:8e0d178b1d1e | 11044 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11045 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11046 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11047 | |
wolfSSL | 15:117db924cf7c | 11048 | break; |
wolfSSL | 15:117db924cf7c | 11049 | |
wolfSSL | 15:117db924cf7c | 11050 | case TLSX_COOKIE: |
wolfSSL | 15:117db924cf7c | 11051 | WOLFSSL_MSG("Cookie extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11052 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11053 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11054 | #endif |
wolfSSL | 15:117db924cf7c | 11055 | |
wolfSSL | 15:117db924cf7c | 11056 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11057 | break; |
wolfSSL | 15:117db924cf7c | 11058 | |
wolfSSL | 16:8e0d178b1d1e | 11059 | if (msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 11060 | msgType != hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 11061 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11062 | } |
wolfSSL | 16:8e0d178b1d1e | 11063 | |
wolfSSL | 15:117db924cf7c | 11064 | ret = CKE_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11065 | break; |
wolfSSL | 15:117db924cf7c | 11066 | |
wolfSSL | 15:117db924cf7c | 11067 | #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) |
wolfSSL | 15:117db924cf7c | 11068 | case TLSX_PRE_SHARED_KEY: |
wolfSSL | 15:117db924cf7c | 11069 | WOLFSSL_MSG("Pre-Shared Key extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11070 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11071 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11072 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11073 | |
wolfSSL | 16:8e0d178b1d1e | 11074 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11075 | break; |
wolfSSL | 15:117db924cf7c | 11076 | |
wolfSSL | 16:8e0d178b1d1e | 11077 | if (msgType != client_hello && msgType != server_hello) |
wolfSSL | 15:117db924cf7c | 11078 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11079 | |
wolfSSL | 15:117db924cf7c | 11080 | ret = PSK_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11081 | pskDone = 1; |
wolfSSL | 15:117db924cf7c | 11082 | break; |
wolfSSL | 15:117db924cf7c | 11083 | |
wolfSSL | 15:117db924cf7c | 11084 | case TLSX_PSK_KEY_EXCHANGE_MODES: |
wolfSSL | 15:117db924cf7c | 11085 | WOLFSSL_MSG("PSK Key Exchange Modes extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11086 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11087 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11088 | #endif |
wolfSSL | 15:117db924cf7c | 11089 | |
wolfSSL | 15:117db924cf7c | 11090 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11091 | break; |
wolfSSL | 15:117db924cf7c | 11092 | |
wolfSSL | 16:8e0d178b1d1e | 11093 | if (msgType != client_hello) |
wolfSSL | 15:117db924cf7c | 11094 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11095 | |
wolfSSL | 15:117db924cf7c | 11096 | ret = PKM_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11097 | break; |
wolfSSL | 15:117db924cf7c | 11098 | #endif |
wolfSSL | 15:117db924cf7c | 11099 | |
wolfSSL | 15:117db924cf7c | 11100 | #ifdef WOLFSSL_EARLY_DATA |
wolfSSL | 15:117db924cf7c | 11101 | case TLSX_EARLY_DATA: |
wolfSSL | 15:117db924cf7c | 11102 | WOLFSSL_MSG("Early Data extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11103 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11104 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11105 | #endif |
wolfSSL | 15:117db924cf7c | 11106 | |
wolfSSL | 15:117db924cf7c | 11107 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11108 | break; |
wolfSSL | 15:117db924cf7c | 11109 | |
wolfSSL | 16:8e0d178b1d1e | 11110 | if (msgType != client_hello && msgType != session_ticket && |
wolfSSL | 16:8e0d178b1d1e | 11111 | msgType != encrypted_extensions) { |
wolfSSL | 16:8e0d178b1d1e | 11112 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11113 | } |
wolfSSL | 16:8e0d178b1d1e | 11114 | if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 11115 | (msgType == session_ticket || |
wolfSSL | 16:8e0d178b1d1e | 11116 | msgType == encrypted_extensions)) { |
wolfSSL | 15:117db924cf7c | 11117 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11118 | } |
wolfSSL | 15:117db924cf7c | 11119 | ret = EDI_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11120 | break; |
wolfSSL | 15:117db924cf7c | 11121 | #endif |
wolfSSL | 15:117db924cf7c | 11122 | |
wolfSSL | 15:117db924cf7c | 11123 | #ifdef WOLFSSL_POST_HANDSHAKE_AUTH |
wolfSSL | 15:117db924cf7c | 11124 | case TLSX_POST_HANDSHAKE_AUTH: |
wolfSSL | 15:117db924cf7c | 11125 | WOLFSSL_MSG("Post Handshake Authentication extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11126 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11127 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11128 | #endif |
wolfSSL | 15:117db924cf7c | 11129 | |
wolfSSL | 15:117db924cf7c | 11130 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11131 | break; |
wolfSSL | 15:117db924cf7c | 11132 | |
wolfSSL | 16:8e0d178b1d1e | 11133 | if (msgType != client_hello) |
wolfSSL | 15:117db924cf7c | 11134 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11135 | |
wolfSSL | 15:117db924cf7c | 11136 | ret = PHA_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11137 | break; |
wolfSSL | 15:117db924cf7c | 11138 | #endif |
wolfSSL | 15:117db924cf7c | 11139 | |
wolfSSL | 15:117db924cf7c | 11140 | #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) |
wolfSSL | 15:117db924cf7c | 11141 | case TLSX_SIGNATURE_ALGORITHMS_CERT: |
wolfSSL | 15:117db924cf7c | 11142 | WOLFSSL_MSG("Signature Algorithms extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11143 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11144 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11145 | #endif |
wolfSSL | 15:117db924cf7c | 11146 | |
wolfSSL | 15:117db924cf7c | 11147 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11148 | break; |
wolfSSL | 15:117db924cf7c | 11149 | |
wolfSSL | 16:8e0d178b1d1e | 11150 | if (msgType != client_hello && |
wolfSSL | 15:117db924cf7c | 11151 | msgType != certificate_request) { |
wolfSSL | 15:117db924cf7c | 11152 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11153 | } |
wolfSSL | 16:8e0d178b1d1e | 11154 | if (!IsAtLeastTLSv1_3(ssl->version) && |
wolfSSL | 16:8e0d178b1d1e | 11155 | msgType == certificate_request) { |
wolfSSL | 16:8e0d178b1d1e | 11156 | return EXT_NOT_ALLOWED; |
wolfSSL | 16:8e0d178b1d1e | 11157 | } |
wolfSSL | 15:117db924cf7c | 11158 | |
wolfSSL | 15:117db924cf7c | 11159 | ret = SAC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 15:117db924cf7c | 11160 | break; |
wolfSSL | 15:117db924cf7c | 11161 | #endif |
wolfSSL | 15:117db924cf7c | 11162 | |
wolfSSL | 15:117db924cf7c | 11163 | case TLSX_KEY_SHARE: |
wolfSSL | 15:117db924cf7c | 11164 | WOLFSSL_MSG("Key Share extension received"); |
wolfSSL | 16:8e0d178b1d1e | 11165 | #ifdef WOLFSSL_DEBUG_TLS |
wolfSSL | 16:8e0d178b1d1e | 11166 | WOLFSSL_BUFFER(input + offset, size); |
wolfSSL | 16:8e0d178b1d1e | 11167 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11168 | |
wolfSSL | 16:8e0d178b1d1e | 11169 | if (!IsAtLeastTLSv1_3(ssl->version)) |
wolfSSL | 15:117db924cf7c | 11170 | break; |
wolfSSL | 15:117db924cf7c | 11171 | |
wolfSSL | 16:8e0d178b1d1e | 11172 | if (msgType != client_hello && msgType != server_hello && |
wolfSSL | 15:117db924cf7c | 11173 | msgType != hello_retry_request) { |
wolfSSL | 15:117db924cf7c | 11174 | return EXT_NOT_ALLOWED; |
wolfSSL | 15:117db924cf7c | 11175 | } |
wolfSSL | 15:117db924cf7c | 11176 | ret = KS_PARSE(ssl, input + offset, size, msgType); |
wolfSSL | 15:117db924cf7c | 11177 | break; |
wolfSSL | 15:117db924cf7c | 11178 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11179 | default: |
wolfSSL | 16:8e0d178b1d1e | 11180 | WOLFSSL_MSG("Unknown TLS extension type"); |
wolfSSL | 15:117db924cf7c | 11181 | } |
wolfSSL | 15:117db924cf7c | 11182 | |
wolfSSL | 15:117db924cf7c | 11183 | /* offset should be updated here! */ |
wolfSSL | 15:117db924cf7c | 11184 | offset += size; |
wolfSSL | 15:117db924cf7c | 11185 | } |
wolfSSL | 15:117db924cf7c | 11186 | |
wolfSSL | 15:117db924cf7c | 11187 | #ifdef HAVE_EXTENDED_MASTER |
wolfSSL | 15:117db924cf7c | 11188 | if (!isRequest && ssl->options.haveEMS && !pendingEMS) |
wolfSSL | 15:117db924cf7c | 11189 | ssl->options.haveEMS = 0; |
wolfSSL | 15:117db924cf7c | 11190 | #endif |
wolfSSL | 15:117db924cf7c | 11191 | |
wolfSSL | 15:117db924cf7c | 11192 | if (ret == 0) |
wolfSSL | 15:117db924cf7c | 11193 | ret = SNI_VERIFY_PARSE(ssl, isRequest); |
wolfSSL | 16:8e0d178b1d1e | 11194 | if (ret == 0) |
wolfSSL | 16:8e0d178b1d1e | 11195 | ret = TCA_VERIFY_PARSE(ssl, isRequest); |
wolfSSL | 15:117db924cf7c | 11196 | |
wolfSSL | 15:117db924cf7c | 11197 | return ret; |
wolfSSL | 15:117db924cf7c | 11198 | } |
wolfSSL | 15:117db924cf7c | 11199 | |
wolfSSL | 15:117db924cf7c | 11200 | /* undefining semaphore macros */ |
wolfSSL | 15:117db924cf7c | 11201 | #undef IS_OFF |
wolfSSL | 15:117db924cf7c | 11202 | #undef TURN_ON |
wolfSSL | 15:117db924cf7c | 11203 | #undef SEMAPHORE_SIZE |
wolfSSL | 15:117db924cf7c | 11204 | |
wolfSSL | 15:117db924cf7c | 11205 | #endif /* HAVE_TLS_EXTENSIONS */ |
wolfSSL | 15:117db924cf7c | 11206 | |
wolfSSL | 15:117db924cf7c | 11207 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 15:117db924cf7c | 11208 | |
wolfSSL | 16:8e0d178b1d1e | 11209 | WOLFSSL_METHOD* wolfTLS_client_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11210 | { |
wolfSSL | 16:8e0d178b1d1e | 11211 | return wolfTLS_client_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11212 | } |
wolfSSL | 16:8e0d178b1d1e | 11213 | WOLFSSL_METHOD* wolfTLS_client_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11214 | { |
wolfSSL | 16:8e0d178b1d1e | 11215 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11216 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11217 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11218 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11219 | WOLFSSL_ENTER("TLS_client_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11220 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11221 | #if defined(WOLFSSL_TLS13) |
wolfSSL | 16:8e0d178b1d1e | 11222 | InitSSL_Method(method, MakeTLSv1_3()); |
wolfSSL | 16:8e0d178b1d1e | 11223 | #elif !defined(WOLFSSL_NO_TLS12) |
wolfSSL | 16:8e0d178b1d1e | 11224 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11225 | #elif !defined(NO_OLD_TLS) |
wolfSSL | 16:8e0d178b1d1e | 11226 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 16:8e0d178b1d1e | 11227 | #elif defined(WOLFSSL_ALLOW_TLSV10) |
wolfSSL | 16:8e0d178b1d1e | 11228 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11229 | #else |
wolfSSL | 16:8e0d178b1d1e | 11230 | #error No TLS version enabled! |
wolfSSL | 16:8e0d178b1d1e | 11231 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11232 | |
wolfSSL | 16:8e0d178b1d1e | 11233 | method->downgrade = 1; |
wolfSSL | 16:8e0d178b1d1e | 11234 | method->side = WOLFSSL_CLIENT_END; |
wolfSSL | 16:8e0d178b1d1e | 11235 | } |
wolfSSL | 16:8e0d178b1d1e | 11236 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11237 | } |
wolfSSL | 16:8e0d178b1d1e | 11238 | |
wolfSSL | 15:117db924cf7c | 11239 | #ifndef NO_OLD_TLS |
wolfSSL | 15:117db924cf7c | 11240 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 15:117db924cf7c | 11241 | WOLFSSL_METHOD* wolfTLSv1_client_method(void) |
wolfSSL | 15:117db924cf7c | 11242 | { |
wolfSSL | 15:117db924cf7c | 11243 | return wolfTLSv1_client_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11244 | } |
wolfSSL | 15:117db924cf7c | 11245 | WOLFSSL_METHOD* wolfTLSv1_client_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11246 | { |
wolfSSL | 15:117db924cf7c | 11247 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11248 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11249 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11250 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11251 | WOLFSSL_ENTER("TLSv1_client_method_ex"); |
wolfSSL | 15:117db924cf7c | 11252 | if (method) |
wolfSSL | 15:117db924cf7c | 11253 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 15:117db924cf7c | 11254 | return method; |
wolfSSL | 15:117db924cf7c | 11255 | } |
wolfSSL | 15:117db924cf7c | 11256 | #endif /* WOLFSSL_ALLOW_TLSV10 */ |
wolfSSL | 15:117db924cf7c | 11257 | |
wolfSSL | 15:117db924cf7c | 11258 | WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) |
wolfSSL | 15:117db924cf7c | 11259 | { |
wolfSSL | 15:117db924cf7c | 11260 | return wolfTLSv1_1_client_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11261 | } |
wolfSSL | 15:117db924cf7c | 11262 | WOLFSSL_METHOD* wolfTLSv1_1_client_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11263 | { |
wolfSSL | 15:117db924cf7c | 11264 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11265 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11266 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11267 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11268 | WOLFSSL_ENTER("TLSv1_1_client_method_ex"); |
wolfSSL | 15:117db924cf7c | 11269 | if (method) |
wolfSSL | 15:117db924cf7c | 11270 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 15:117db924cf7c | 11271 | return method; |
wolfSSL | 15:117db924cf7c | 11272 | } |
wolfSSL | 15:117db924cf7c | 11273 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 15:117db924cf7c | 11274 | |
wolfSSL | 15:117db924cf7c | 11275 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 11276 | WOLFSSL_ABI |
wolfSSL | 15:117db924cf7c | 11277 | WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) |
wolfSSL | 15:117db924cf7c | 11278 | { |
wolfSSL | 15:117db924cf7c | 11279 | return wolfTLSv1_2_client_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11280 | } |
wolfSSL | 15:117db924cf7c | 11281 | WOLFSSL_METHOD* wolfTLSv1_2_client_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11282 | { |
wolfSSL | 15:117db924cf7c | 11283 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11284 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11285 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11286 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11287 | WOLFSSL_ENTER("TLSv1_2_client_method_ex"); |
wolfSSL | 15:117db924cf7c | 11288 | if (method) |
wolfSSL | 15:117db924cf7c | 11289 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 15:117db924cf7c | 11290 | return method; |
wolfSSL | 15:117db924cf7c | 11291 | } |
wolfSSL | 15:117db924cf7c | 11292 | #endif /* WOLFSSL_NO_TLS12 */ |
wolfSSL | 15:117db924cf7c | 11293 | |
wolfSSL | 15:117db924cf7c | 11294 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 11295 | /* The TLS v1.3 client method data. |
wolfSSL | 15:117db924cf7c | 11296 | * |
wolfSSL | 15:117db924cf7c | 11297 | * returns the method data for a TLS v1.3 client. |
wolfSSL | 15:117db924cf7c | 11298 | */ |
wolfSSL | 16:8e0d178b1d1e | 11299 | WOLFSSL_ABI |
wolfSSL | 15:117db924cf7c | 11300 | WOLFSSL_METHOD* wolfTLSv1_3_client_method(void) |
wolfSSL | 15:117db924cf7c | 11301 | { |
wolfSSL | 15:117db924cf7c | 11302 | return wolfTLSv1_3_client_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11303 | } |
wolfSSL | 15:117db924cf7c | 11304 | |
wolfSSL | 15:117db924cf7c | 11305 | /* The TLS v1.3 client method data. |
wolfSSL | 15:117db924cf7c | 11306 | * |
wolfSSL | 15:117db924cf7c | 11307 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 11308 | * returns the method data for a TLS v1.3 client. |
wolfSSL | 15:117db924cf7c | 11309 | */ |
wolfSSL | 15:117db924cf7c | 11310 | WOLFSSL_METHOD* wolfTLSv1_3_client_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11311 | { |
wolfSSL | 15:117db924cf7c | 11312 | WOLFSSL_METHOD* method = (WOLFSSL_METHOD*) |
wolfSSL | 15:117db924cf7c | 11313 | XMALLOC(sizeof(WOLFSSL_METHOD), heap, |
wolfSSL | 15:117db924cf7c | 11314 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11315 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11316 | WOLFSSL_ENTER("TLSv1_3_client_method_ex"); |
wolfSSL | 15:117db924cf7c | 11317 | if (method) |
wolfSSL | 15:117db924cf7c | 11318 | InitSSL_Method(method, MakeTLSv1_3()); |
wolfSSL | 15:117db924cf7c | 11319 | return method; |
wolfSSL | 15:117db924cf7c | 11320 | } |
wolfSSL | 15:117db924cf7c | 11321 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 11322 | |
wolfSSL | 16:8e0d178b1d1e | 11323 | #ifdef WOLFSSL_DTLS |
wolfSSL | 16:8e0d178b1d1e | 11324 | |
wolfSSL | 16:8e0d178b1d1e | 11325 | WOLFSSL_METHOD* wolfDTLS_client_method(void) |
wolfSSL | 15:117db924cf7c | 11326 | { |
wolfSSL | 16:8e0d178b1d1e | 11327 | return wolfDTLS_client_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11328 | } |
wolfSSL | 16:8e0d178b1d1e | 11329 | WOLFSSL_METHOD* wolfDTLS_client_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11330 | { |
wolfSSL | 15:117db924cf7c | 11331 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11332 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11333 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11334 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11335 | WOLFSSL_ENTER("DTLS_client_method_ex"); |
wolfSSL | 15:117db924cf7c | 11336 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11337 | #if !defined(WOLFSSL_NO_TLS12) |
wolfSSL | 16:8e0d178b1d1e | 11338 | InitSSL_Method(method, MakeDTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11339 | #elif !defined(NO_OLD_TLS) |
wolfSSL | 16:8e0d178b1d1e | 11340 | InitSSL_Method(method, MakeDTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11341 | #else |
wolfSSL | 16:8e0d178b1d1e | 11342 | #error No DTLS version enabled! |
wolfSSL | 16:8e0d178b1d1e | 11343 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11344 | |
wolfSSL | 15:117db924cf7c | 11345 | method->downgrade = 1; |
wolfSSL | 16:8e0d178b1d1e | 11346 | method->side = WOLFSSL_CLIENT_END; |
wolfSSL | 15:117db924cf7c | 11347 | } |
wolfSSL | 15:117db924cf7c | 11348 | return method; |
wolfSSL | 15:117db924cf7c | 11349 | } |
wolfSSL | 15:117db924cf7c | 11350 | |
wolfSSL | 16:8e0d178b1d1e | 11351 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 11352 | WOLFSSL_METHOD* wolfDTLSv1_client_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11353 | { |
wolfSSL | 16:8e0d178b1d1e | 11354 | return wolfDTLSv1_client_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11355 | } |
wolfSSL | 16:8e0d178b1d1e | 11356 | WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11357 | { |
wolfSSL | 16:8e0d178b1d1e | 11358 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11359 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11360 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11361 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11362 | WOLFSSL_ENTER("DTLSv1_client_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11363 | if (method) |
wolfSSL | 16:8e0d178b1d1e | 11364 | InitSSL_Method(method, MakeDTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11365 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11366 | } |
wolfSSL | 16:8e0d178b1d1e | 11367 | #endif /* NO_OLD_TLS */ |
wolfSSL | 16:8e0d178b1d1e | 11368 | |
wolfSSL | 16:8e0d178b1d1e | 11369 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 11370 | WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11371 | { |
wolfSSL | 16:8e0d178b1d1e | 11372 | return wolfDTLSv1_2_client_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11373 | } |
wolfSSL | 16:8e0d178b1d1e | 11374 | WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11375 | { |
wolfSSL | 16:8e0d178b1d1e | 11376 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11377 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11378 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11379 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11380 | WOLFSSL_ENTER("DTLSv1_2_client_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11381 | if (method) |
wolfSSL | 16:8e0d178b1d1e | 11382 | InitSSL_Method(method, MakeDTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11383 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11384 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11385 | } |
wolfSSL | 16:8e0d178b1d1e | 11386 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 11387 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 16:8e0d178b1d1e | 11388 | |
wolfSSL | 15:117db924cf7c | 11389 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 15:117db924cf7c | 11390 | |
wolfSSL | 15:117db924cf7c | 11391 | |
wolfSSL | 16:8e0d178b1d1e | 11392 | /* EITHER SIDE METHODS */ |
wolfSSL | 16:8e0d178b1d1e | 11393 | #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) |
wolfSSL | 16:8e0d178b1d1e | 11394 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 11395 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 16:8e0d178b1d1e | 11396 | /* Gets a WOLFSL_METHOD type that is not set as client or server |
wolfSSL | 16:8e0d178b1d1e | 11397 | * |
wolfSSL | 16:8e0d178b1d1e | 11398 | * Returns a pointer to a WOLFSSL_METHOD struct |
wolfSSL | 16:8e0d178b1d1e | 11399 | */ |
wolfSSL | 16:8e0d178b1d1e | 11400 | WOLFSSL_METHOD* wolfTLSv1_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11401 | { |
wolfSSL | 16:8e0d178b1d1e | 11402 | return wolfTLSv1_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11403 | } |
wolfSSL | 16:8e0d178b1d1e | 11404 | WOLFSSL_METHOD* wolfTLSv1_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11405 | { |
wolfSSL | 16:8e0d178b1d1e | 11406 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11407 | WOLFSSL_ENTER("TLSv1_method"); |
wolfSSL | 16:8e0d178b1d1e | 11408 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11409 | m = wolfTLSv1_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11410 | #else |
wolfSSL | 16:8e0d178b1d1e | 11411 | m = wolfTLSv1_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11412 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11413 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11414 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11415 | } |
wolfSSL | 16:8e0d178b1d1e | 11416 | |
wolfSSL | 16:8e0d178b1d1e | 11417 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11418 | } |
wolfSSL | 16:8e0d178b1d1e | 11419 | #endif /* WOLFSSL_ALLOW_TLSV10 */ |
wolfSSL | 16:8e0d178b1d1e | 11420 | |
wolfSSL | 16:8e0d178b1d1e | 11421 | /* Gets a WOLFSL_METHOD type that is not set as client or server |
wolfSSL | 16:8e0d178b1d1e | 11422 | * |
wolfSSL | 16:8e0d178b1d1e | 11423 | * Returns a pointer to a WOLFSSL_METHOD struct |
wolfSSL | 16:8e0d178b1d1e | 11424 | */ |
wolfSSL | 16:8e0d178b1d1e | 11425 | WOLFSSL_METHOD* wolfTLSv1_1_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11426 | { |
wolfSSL | 16:8e0d178b1d1e | 11427 | return wolfTLSv1_1_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11428 | } |
wolfSSL | 16:8e0d178b1d1e | 11429 | WOLFSSL_METHOD* wolfTLSv1_1_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11430 | { |
wolfSSL | 16:8e0d178b1d1e | 11431 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11432 | WOLFSSL_ENTER("TLSv1_1_method"); |
wolfSSL | 16:8e0d178b1d1e | 11433 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11434 | m = wolfTLSv1_1_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11435 | #else |
wolfSSL | 16:8e0d178b1d1e | 11436 | m = wolfTLSv1_1_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11437 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11438 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11439 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11440 | } |
wolfSSL | 16:8e0d178b1d1e | 11441 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11442 | } |
wolfSSL | 16:8e0d178b1d1e | 11443 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 16:8e0d178b1d1e | 11444 | |
wolfSSL | 16:8e0d178b1d1e | 11445 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 11446 | /* Gets a WOLFSL_METHOD type that is not set as client or server |
wolfSSL | 16:8e0d178b1d1e | 11447 | * |
wolfSSL | 16:8e0d178b1d1e | 11448 | * Returns a pointer to a WOLFSSL_METHOD struct |
wolfSSL | 16:8e0d178b1d1e | 11449 | */ |
wolfSSL | 16:8e0d178b1d1e | 11450 | WOLFSSL_METHOD* wolfTLSv1_2_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11451 | { |
wolfSSL | 16:8e0d178b1d1e | 11452 | return wolfTLSv1_2_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11453 | } |
wolfSSL | 16:8e0d178b1d1e | 11454 | WOLFSSL_METHOD* wolfTLSv1_2_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11455 | { |
wolfSSL | 16:8e0d178b1d1e | 11456 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11457 | WOLFSSL_ENTER("TLSv1_2_method"); |
wolfSSL | 16:8e0d178b1d1e | 11458 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11459 | m = wolfTLSv1_2_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11460 | #else |
wolfSSL | 16:8e0d178b1d1e | 11461 | m = wolfTLSv1_2_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11462 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11463 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11464 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11465 | } |
wolfSSL | 16:8e0d178b1d1e | 11466 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11467 | } |
wolfSSL | 16:8e0d178b1d1e | 11468 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 11469 | |
wolfSSL | 16:8e0d178b1d1e | 11470 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 16:8e0d178b1d1e | 11471 | /* Gets a WOLFSL_METHOD type that is not set as client or server |
wolfSSL | 16:8e0d178b1d1e | 11472 | * |
wolfSSL | 16:8e0d178b1d1e | 11473 | * Returns a pointer to a WOLFSSL_METHOD struct |
wolfSSL | 16:8e0d178b1d1e | 11474 | */ |
wolfSSL | 16:8e0d178b1d1e | 11475 | WOLFSSL_METHOD* wolfTLSv1_3_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11476 | { |
wolfSSL | 16:8e0d178b1d1e | 11477 | return wolfTLSv1_3_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11478 | } |
wolfSSL | 16:8e0d178b1d1e | 11479 | WOLFSSL_METHOD* wolfTLSv1_3_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11480 | { |
wolfSSL | 16:8e0d178b1d1e | 11481 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11482 | WOLFSSL_ENTER("TLSv1_3_method"); |
wolfSSL | 16:8e0d178b1d1e | 11483 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11484 | m = wolfTLSv1_3_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11485 | #else |
wolfSSL | 16:8e0d178b1d1e | 11486 | m = wolfTLSv1_3_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11487 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11488 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11489 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11490 | } |
wolfSSL | 16:8e0d178b1d1e | 11491 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11492 | } |
wolfSSL | 16:8e0d178b1d1e | 11493 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 16:8e0d178b1d1e | 11494 | |
wolfSSL | 16:8e0d178b1d1e | 11495 | #ifdef WOLFSSL_DTLS |
wolfSSL | 16:8e0d178b1d1e | 11496 | WOLFSSL_METHOD* wolfDTLS_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11497 | { |
wolfSSL | 16:8e0d178b1d1e | 11498 | return wolfDTLS_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11499 | } |
wolfSSL | 16:8e0d178b1d1e | 11500 | WOLFSSL_METHOD* wolfDTLS_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11501 | { |
wolfSSL | 16:8e0d178b1d1e | 11502 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11503 | WOLFSSL_ENTER("DTLS_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11504 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11505 | m = wolfDTLS_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11506 | #else |
wolfSSL | 16:8e0d178b1d1e | 11507 | m = wolfDTLS_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11508 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11509 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11510 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11511 | } |
wolfSSL | 16:8e0d178b1d1e | 11512 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11513 | } |
wolfSSL | 16:8e0d178b1d1e | 11514 | |
wolfSSL | 16:8e0d178b1d1e | 11515 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 11516 | WOLFSSL_METHOD* wolfDTLSv1_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11517 | { |
wolfSSL | 16:8e0d178b1d1e | 11518 | return wolfDTLSv1_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11519 | } |
wolfSSL | 16:8e0d178b1d1e | 11520 | WOLFSSL_METHOD* wolfDTLSv1_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11521 | { |
wolfSSL | 16:8e0d178b1d1e | 11522 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11523 | WOLFSSL_ENTER("DTLSv1_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11524 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11525 | m = wolfDTLSv1_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11526 | #else |
wolfSSL | 16:8e0d178b1d1e | 11527 | m = wolfDTLSv1_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11528 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11529 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11530 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11531 | } |
wolfSSL | 16:8e0d178b1d1e | 11532 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11533 | } |
wolfSSL | 16:8e0d178b1d1e | 11534 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 16:8e0d178b1d1e | 11535 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 11536 | WOLFSSL_METHOD* wolfDTLSv1_2_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11537 | { |
wolfSSL | 16:8e0d178b1d1e | 11538 | return wolfDTLSv1_2_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11539 | } |
wolfSSL | 16:8e0d178b1d1e | 11540 | WOLFSSL_METHOD* wolfDTLSv1_2_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11541 | { |
wolfSSL | 16:8e0d178b1d1e | 11542 | WOLFSSL_METHOD* m; |
wolfSSL | 16:8e0d178b1d1e | 11543 | WOLFSSL_ENTER("DTLSv1_2_method"); |
wolfSSL | 16:8e0d178b1d1e | 11544 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 16:8e0d178b1d1e | 11545 | m = wolfDTLSv1_2_client_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11546 | #else |
wolfSSL | 16:8e0d178b1d1e | 11547 | m = wolfDTLSv1_2_server_method_ex(heap); |
wolfSSL | 16:8e0d178b1d1e | 11548 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11549 | if (m != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 11550 | m->side = WOLFSSL_NEITHER_END; |
wolfSSL | 16:8e0d178b1d1e | 11551 | } |
wolfSSL | 16:8e0d178b1d1e | 11552 | return m; |
wolfSSL | 16:8e0d178b1d1e | 11553 | } |
wolfSSL | 16:8e0d178b1d1e | 11554 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 11555 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 16:8e0d178b1d1e | 11556 | #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ |
wolfSSL | 16:8e0d178b1d1e | 11557 | |
wolfSSL | 15:117db924cf7c | 11558 | |
wolfSSL | 15:117db924cf7c | 11559 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 15:117db924cf7c | 11560 | |
wolfSSL | 16:8e0d178b1d1e | 11561 | WOLFSSL_METHOD* wolfTLS_server_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11562 | { |
wolfSSL | 16:8e0d178b1d1e | 11563 | return wolfTLS_server_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11564 | } |
wolfSSL | 16:8e0d178b1d1e | 11565 | |
wolfSSL | 16:8e0d178b1d1e | 11566 | WOLFSSL_METHOD* wolfTLS_server_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11567 | { |
wolfSSL | 16:8e0d178b1d1e | 11568 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11569 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11570 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11571 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11572 | WOLFSSL_ENTER("TLS_server_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11573 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11574 | #if defined(WOLFSSL_TLS13) |
wolfSSL | 16:8e0d178b1d1e | 11575 | InitSSL_Method(method, MakeTLSv1_3()); |
wolfSSL | 16:8e0d178b1d1e | 11576 | #elif !defined(WOLFSSL_NO_TLS12) |
wolfSSL | 16:8e0d178b1d1e | 11577 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11578 | #elif !defined(NO_OLD_TLS) |
wolfSSL | 16:8e0d178b1d1e | 11579 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 16:8e0d178b1d1e | 11580 | #elif defined(WOLFSSL_ALLOW_TLSV10) |
wolfSSL | 16:8e0d178b1d1e | 11581 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11582 | #else |
wolfSSL | 16:8e0d178b1d1e | 11583 | #error No TLS version enabled! |
wolfSSL | 16:8e0d178b1d1e | 11584 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11585 | |
wolfSSL | 16:8e0d178b1d1e | 11586 | method->downgrade = 1; |
wolfSSL | 16:8e0d178b1d1e | 11587 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 16:8e0d178b1d1e | 11588 | } |
wolfSSL | 16:8e0d178b1d1e | 11589 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11590 | } |
wolfSSL | 16:8e0d178b1d1e | 11591 | |
wolfSSL | 15:117db924cf7c | 11592 | #ifndef NO_OLD_TLS |
wolfSSL | 15:117db924cf7c | 11593 | #ifdef WOLFSSL_ALLOW_TLSV10 |
wolfSSL | 15:117db924cf7c | 11594 | WOLFSSL_METHOD* wolfTLSv1_server_method(void) |
wolfSSL | 15:117db924cf7c | 11595 | { |
wolfSSL | 15:117db924cf7c | 11596 | return wolfTLSv1_server_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11597 | } |
wolfSSL | 15:117db924cf7c | 11598 | WOLFSSL_METHOD* wolfTLSv1_server_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11599 | { |
wolfSSL | 15:117db924cf7c | 11600 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11601 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11602 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11603 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11604 | WOLFSSL_ENTER("TLSv1_server_method_ex"); |
wolfSSL | 15:117db924cf7c | 11605 | if (method) { |
wolfSSL | 15:117db924cf7c | 11606 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 15:117db924cf7c | 11607 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 15:117db924cf7c | 11608 | } |
wolfSSL | 15:117db924cf7c | 11609 | return method; |
wolfSSL | 15:117db924cf7c | 11610 | } |
wolfSSL | 15:117db924cf7c | 11611 | #endif /* WOLFSSL_ALLOW_TLSV10 */ |
wolfSSL | 15:117db924cf7c | 11612 | |
wolfSSL | 15:117db924cf7c | 11613 | WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) |
wolfSSL | 15:117db924cf7c | 11614 | { |
wolfSSL | 15:117db924cf7c | 11615 | return wolfTLSv1_1_server_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11616 | } |
wolfSSL | 15:117db924cf7c | 11617 | WOLFSSL_METHOD* wolfTLSv1_1_server_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11618 | { |
wolfSSL | 15:117db924cf7c | 11619 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11620 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11621 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11622 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11623 | WOLFSSL_ENTER("TLSv1_1_server_method_ex"); |
wolfSSL | 15:117db924cf7c | 11624 | if (method) { |
wolfSSL | 15:117db924cf7c | 11625 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 15:117db924cf7c | 11626 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 15:117db924cf7c | 11627 | } |
wolfSSL | 15:117db924cf7c | 11628 | return method; |
wolfSSL | 15:117db924cf7c | 11629 | } |
wolfSSL | 15:117db924cf7c | 11630 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 15:117db924cf7c | 11631 | |
wolfSSL | 16:8e0d178b1d1e | 11632 | |
wolfSSL | 15:117db924cf7c | 11633 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 15:117db924cf7c | 11634 | WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) |
wolfSSL | 15:117db924cf7c | 11635 | { |
wolfSSL | 15:117db924cf7c | 11636 | return wolfTLSv1_2_server_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11637 | } |
wolfSSL | 15:117db924cf7c | 11638 | WOLFSSL_METHOD* wolfTLSv1_2_server_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11639 | { |
wolfSSL | 15:117db924cf7c | 11640 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11641 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11642 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11643 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11644 | WOLFSSL_ENTER("TLSv1_2_server_method_ex"); |
wolfSSL | 15:117db924cf7c | 11645 | if (method) { |
wolfSSL | 15:117db924cf7c | 11646 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 15:117db924cf7c | 11647 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 15:117db924cf7c | 11648 | } |
wolfSSL | 15:117db924cf7c | 11649 | return method; |
wolfSSL | 15:117db924cf7c | 11650 | } |
wolfSSL | 15:117db924cf7c | 11651 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 15:117db924cf7c | 11652 | |
wolfSSL | 15:117db924cf7c | 11653 | #ifdef WOLFSSL_TLS13 |
wolfSSL | 15:117db924cf7c | 11654 | /* The TLS v1.3 server method data. |
wolfSSL | 15:117db924cf7c | 11655 | * |
wolfSSL | 15:117db924cf7c | 11656 | * returns the method data for a TLS v1.3 server. |
wolfSSL | 15:117db924cf7c | 11657 | */ |
wolfSSL | 15:117db924cf7c | 11658 | WOLFSSL_METHOD* wolfTLSv1_3_server_method(void) |
wolfSSL | 15:117db924cf7c | 11659 | { |
wolfSSL | 15:117db924cf7c | 11660 | return wolfTLSv1_3_server_method_ex(NULL); |
wolfSSL | 15:117db924cf7c | 11661 | } |
wolfSSL | 15:117db924cf7c | 11662 | |
wolfSSL | 15:117db924cf7c | 11663 | /* The TLS v1.3 server method data. |
wolfSSL | 15:117db924cf7c | 11664 | * |
wolfSSL | 15:117db924cf7c | 11665 | * heap The heap used for allocation. |
wolfSSL | 15:117db924cf7c | 11666 | * returns the method data for a TLS v1.3 server. |
wolfSSL | 15:117db924cf7c | 11667 | */ |
wolfSSL | 15:117db924cf7c | 11668 | WOLFSSL_METHOD* wolfTLSv1_3_server_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11669 | { |
wolfSSL | 15:117db924cf7c | 11670 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11671 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11672 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11673 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11674 | WOLFSSL_ENTER("TLSv1_3_server_method_ex"); |
wolfSSL | 15:117db924cf7c | 11675 | if (method) { |
wolfSSL | 15:117db924cf7c | 11676 | InitSSL_Method(method, MakeTLSv1_3()); |
wolfSSL | 15:117db924cf7c | 11677 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 15:117db924cf7c | 11678 | } |
wolfSSL | 15:117db924cf7c | 11679 | return method; |
wolfSSL | 15:117db924cf7c | 11680 | } |
wolfSSL | 15:117db924cf7c | 11681 | #endif /* WOLFSSL_TLS13 */ |
wolfSSL | 15:117db924cf7c | 11682 | |
wolfSSL | 16:8e0d178b1d1e | 11683 | #ifdef WOLFSSL_DTLS |
wolfSSL | 16:8e0d178b1d1e | 11684 | WOLFSSL_METHOD* wolfDTLS_server_method(void) |
wolfSSL | 15:117db924cf7c | 11685 | { |
wolfSSL | 16:8e0d178b1d1e | 11686 | return wolfDTLS_server_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11687 | } |
wolfSSL | 16:8e0d178b1d1e | 11688 | WOLFSSL_METHOD* wolfDTLS_server_method_ex(void* heap) |
wolfSSL | 15:117db924cf7c | 11689 | { |
wolfSSL | 15:117db924cf7c | 11690 | WOLFSSL_METHOD* method = |
wolfSSL | 15:117db924cf7c | 11691 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 15:117db924cf7c | 11692 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 15:117db924cf7c | 11693 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11694 | WOLFSSL_ENTER("DTLS_server_method_ex"); |
wolfSSL | 15:117db924cf7c | 11695 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11696 | #if !defined(WOLFSSL_NO_TLS12) |
wolfSSL | 16:8e0d178b1d1e | 11697 | InitSSL_Method(method, MakeDTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11698 | #elif !defined(NO_OLD_TLS) |
wolfSSL | 16:8e0d178b1d1e | 11699 | InitSSL_Method(method, MakeDTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11700 | #else |
wolfSSL | 16:8e0d178b1d1e | 11701 | #error No DTLS version enabled! |
wolfSSL | 16:8e0d178b1d1e | 11702 | #endif |
wolfSSL | 16:8e0d178b1d1e | 11703 | |
wolfSSL | 15:117db924cf7c | 11704 | method->downgrade = 1; |
wolfSSL | 15:117db924cf7c | 11705 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 15:117db924cf7c | 11706 | } |
wolfSSL | 15:117db924cf7c | 11707 | return method; |
wolfSSL | 15:117db924cf7c | 11708 | } |
wolfSSL | 15:117db924cf7c | 11709 | |
wolfSSL | 16:8e0d178b1d1e | 11710 | #ifndef NO_OLD_TLS |
wolfSSL | 16:8e0d178b1d1e | 11711 | WOLFSSL_METHOD* wolfDTLSv1_server_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11712 | { |
wolfSSL | 16:8e0d178b1d1e | 11713 | return wolfDTLSv1_server_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11714 | } |
wolfSSL | 16:8e0d178b1d1e | 11715 | WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11716 | { |
wolfSSL | 16:8e0d178b1d1e | 11717 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11718 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11719 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11720 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11721 | WOLFSSL_ENTER("DTLSv1_server_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11722 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11723 | InitSSL_Method(method, MakeDTLSv1()); |
wolfSSL | 16:8e0d178b1d1e | 11724 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 16:8e0d178b1d1e | 11725 | } |
wolfSSL | 16:8e0d178b1d1e | 11726 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11727 | } |
wolfSSL | 16:8e0d178b1d1e | 11728 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 16:8e0d178b1d1e | 11729 | |
wolfSSL | 16:8e0d178b1d1e | 11730 | #ifndef WOLFSSL_NO_TLS12 |
wolfSSL | 16:8e0d178b1d1e | 11731 | WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void) |
wolfSSL | 16:8e0d178b1d1e | 11732 | { |
wolfSSL | 16:8e0d178b1d1e | 11733 | return wolfDTLSv1_2_server_method_ex(NULL); |
wolfSSL | 16:8e0d178b1d1e | 11734 | } |
wolfSSL | 16:8e0d178b1d1e | 11735 | WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap) |
wolfSSL | 16:8e0d178b1d1e | 11736 | { |
wolfSSL | 16:8e0d178b1d1e | 11737 | WOLFSSL_METHOD* method = |
wolfSSL | 16:8e0d178b1d1e | 11738 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), |
wolfSSL | 16:8e0d178b1d1e | 11739 | heap, DYNAMIC_TYPE_METHOD); |
wolfSSL | 16:8e0d178b1d1e | 11740 | WOLFSSL_ENTER("DTLSv1_2_server_method_ex"); |
wolfSSL | 16:8e0d178b1d1e | 11741 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11742 | if (method) { |
wolfSSL | 16:8e0d178b1d1e | 11743 | InitSSL_Method(method, MakeDTLSv1_2()); |
wolfSSL | 16:8e0d178b1d1e | 11744 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 16:8e0d178b1d1e | 11745 | } |
wolfSSL | 16:8e0d178b1d1e | 11746 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 11747 | return method; |
wolfSSL | 16:8e0d178b1d1e | 11748 | } |
wolfSSL | 16:8e0d178b1d1e | 11749 | #endif /* !WOLFSSL_NO_TLS12 */ |
wolfSSL | 16:8e0d178b1d1e | 11750 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 15:117db924cf7c | 11751 | |
wolfSSL | 15:117db924cf7c | 11752 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 16:8e0d178b1d1e | 11753 | |
wolfSSL | 15:117db924cf7c | 11754 | #endif /* NO_TLS */ |
wolfSSL | 15:117db924cf7c | 11755 | #endif /* WOLFCRYPT_ONLY */ |
wolfSSL | 15:117db924cf7c | 11756 |