wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/tls.c@0:d92f9d21154c, 2015-06-26 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 26 00:39:20 2015 +0000
- Revision:
- 0:d92f9d21154c
wolfSSL 3.6.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 0:d92f9d21154c | 1 | /* tls.c |
wolfSSL | 0:d92f9d21154c | 2 | * |
wolfSSL | 0:d92f9d21154c | 3 | * Copyright (C) 2006-2015 wolfSSL Inc. |
wolfSSL | 0:d92f9d21154c | 4 | * |
wolfSSL | 0:d92f9d21154c | 5 | * This file is part of wolfSSL. (formerly known as CyaSSL) |
wolfSSL | 0:d92f9d21154c | 6 | * |
wolfSSL | 0:d92f9d21154c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 0:d92f9d21154c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 0:d92f9d21154c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 0:d92f9d21154c | 10 | * (at your option) any later version. |
wolfSSL | 0:d92f9d21154c | 11 | * |
wolfSSL | 0:d92f9d21154c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 0:d92f9d21154c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 0:d92f9d21154c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 0:d92f9d21154c | 15 | * GNU General Public License for more details. |
wolfSSL | 0:d92f9d21154c | 16 | * |
wolfSSL | 0:d92f9d21154c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 0:d92f9d21154c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 0:d92f9d21154c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
wolfSSL | 0:d92f9d21154c | 20 | */ |
wolfSSL | 0:d92f9d21154c | 21 | |
wolfSSL | 0:d92f9d21154c | 22 | |
wolfSSL | 0:d92f9d21154c | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 0:d92f9d21154c | 24 | #include <config.h> |
wolfSSL | 0:d92f9d21154c | 25 | #endif |
wolfSSL | 0:d92f9d21154c | 26 | |
wolfSSL | 0:d92f9d21154c | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 0:d92f9d21154c | 28 | |
wolfSSL | 0:d92f9d21154c | 29 | #include <wolfssl/ssl.h> |
wolfSSL | 0:d92f9d21154c | 30 | #include <wolfssl/internal.h> |
wolfSSL | 0:d92f9d21154c | 31 | #include <wolfssl/error-ssl.h> |
wolfSSL | 0:d92f9d21154c | 32 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 0:d92f9d21154c | 33 | #ifdef NO_INLINE |
wolfSSL | 0:d92f9d21154c | 34 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 0:d92f9d21154c | 35 | #else |
wolfSSL | 0:d92f9d21154c | 36 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 0:d92f9d21154c | 37 | #endif |
wolfSSL | 0:d92f9d21154c | 38 | |
wolfSSL | 0:d92f9d21154c | 39 | |
wolfSSL | 0:d92f9d21154c | 40 | |
wolfSSL | 0:d92f9d21154c | 41 | #ifndef NO_TLS |
wolfSSL | 0:d92f9d21154c | 42 | |
wolfSSL | 0:d92f9d21154c | 43 | |
wolfSSL | 0:d92f9d21154c | 44 | #ifndef WOLFSSL_HAVE_MIN |
wolfSSL | 0:d92f9d21154c | 45 | #define WOLFSSL_HAVE_MIN |
wolfSSL | 0:d92f9d21154c | 46 | |
wolfSSL | 0:d92f9d21154c | 47 | static INLINE word32 min(word32 a, word32 b) |
wolfSSL | 0:d92f9d21154c | 48 | { |
wolfSSL | 0:d92f9d21154c | 49 | return a > b ? b : a; |
wolfSSL | 0:d92f9d21154c | 50 | } |
wolfSSL | 0:d92f9d21154c | 51 | |
wolfSSL | 0:d92f9d21154c | 52 | #endif /* WOLFSSL_HAVE_MIN */ |
wolfSSL | 0:d92f9d21154c | 53 | |
wolfSSL | 0:d92f9d21154c | 54 | |
wolfSSL | 0:d92f9d21154c | 55 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 0:d92f9d21154c | 56 | #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE |
wolfSSL | 0:d92f9d21154c | 57 | #else |
wolfSSL | 0:d92f9d21154c | 58 | #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 0:d92f9d21154c | 59 | #endif |
wolfSSL | 0:d92f9d21154c | 60 | |
wolfSSL | 0:d92f9d21154c | 61 | /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ |
wolfSSL | 0:d92f9d21154c | 62 | static int p_hash(byte* result, word32 resLen, const byte* secret, |
wolfSSL | 0:d92f9d21154c | 63 | word32 secLen, const byte* seed, word32 seedLen, int hash) |
wolfSSL | 0:d92f9d21154c | 64 | { |
wolfSSL | 0:d92f9d21154c | 65 | word32 len = P_HASH_MAX_SIZE; |
wolfSSL | 0:d92f9d21154c | 66 | word32 times; |
wolfSSL | 0:d92f9d21154c | 67 | word32 lastLen; |
wolfSSL | 0:d92f9d21154c | 68 | word32 lastTime; |
wolfSSL | 0:d92f9d21154c | 69 | word32 i; |
wolfSSL | 0:d92f9d21154c | 70 | word32 idx = 0; |
wolfSSL | 0:d92f9d21154c | 71 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 72 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 73 | byte* previous; |
wolfSSL | 0:d92f9d21154c | 74 | byte* current; |
wolfSSL | 0:d92f9d21154c | 75 | Hmac* hmac; |
wolfSSL | 0:d92f9d21154c | 76 | #else |
wolfSSL | 0:d92f9d21154c | 77 | byte previous[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 0:d92f9d21154c | 78 | byte current[P_HASH_MAX_SIZE]; /* max size */ |
wolfSSL | 0:d92f9d21154c | 79 | Hmac hmac[1]; |
wolfSSL | 0:d92f9d21154c | 80 | #endif |
wolfSSL | 0:d92f9d21154c | 81 | |
wolfSSL | 0:d92f9d21154c | 82 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 83 | previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 84 | current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 85 | hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 86 | |
wolfSSL | 0:d92f9d21154c | 87 | if (previous == NULL || current == NULL || hmac == NULL) { |
wolfSSL | 0:d92f9d21154c | 88 | if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 89 | if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 90 | if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 91 | |
wolfSSL | 0:d92f9d21154c | 92 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 93 | } |
wolfSSL | 0:d92f9d21154c | 94 | #endif |
wolfSSL | 0:d92f9d21154c | 95 | |
wolfSSL | 0:d92f9d21154c | 96 | switch (hash) { |
wolfSSL | 0:d92f9d21154c | 97 | #ifndef NO_MD5 |
wolfSSL | 0:d92f9d21154c | 98 | case md5_mac: |
wolfSSL | 0:d92f9d21154c | 99 | hash = MD5; |
wolfSSL | 0:d92f9d21154c | 100 | len = MD5_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 101 | break; |
wolfSSL | 0:d92f9d21154c | 102 | #endif |
wolfSSL | 0:d92f9d21154c | 103 | |
wolfSSL | 0:d92f9d21154c | 104 | #ifndef NO_SHA256 |
wolfSSL | 0:d92f9d21154c | 105 | case sha256_mac: |
wolfSSL | 0:d92f9d21154c | 106 | hash = SHA256; |
wolfSSL | 0:d92f9d21154c | 107 | len = SHA256_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 108 | break; |
wolfSSL | 0:d92f9d21154c | 109 | #endif |
wolfSSL | 0:d92f9d21154c | 110 | |
wolfSSL | 0:d92f9d21154c | 111 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 0:d92f9d21154c | 112 | case sha384_mac: |
wolfSSL | 0:d92f9d21154c | 113 | hash = SHA384; |
wolfSSL | 0:d92f9d21154c | 114 | len = SHA384_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 115 | break; |
wolfSSL | 0:d92f9d21154c | 116 | #endif |
wolfSSL | 0:d92f9d21154c | 117 | |
wolfSSL | 0:d92f9d21154c | 118 | #ifndef NO_SHA |
wolfSSL | 0:d92f9d21154c | 119 | case sha_mac: |
wolfSSL | 0:d92f9d21154c | 120 | default: |
wolfSSL | 0:d92f9d21154c | 121 | hash = SHA; |
wolfSSL | 0:d92f9d21154c | 122 | len = SHA_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 123 | break; |
wolfSSL | 0:d92f9d21154c | 124 | #endif |
wolfSSL | 0:d92f9d21154c | 125 | } |
wolfSSL | 0:d92f9d21154c | 126 | |
wolfSSL | 0:d92f9d21154c | 127 | times = resLen / len; |
wolfSSL | 0:d92f9d21154c | 128 | lastLen = resLen % len; |
wolfSSL | 0:d92f9d21154c | 129 | |
wolfSSL | 0:d92f9d21154c | 130 | if (lastLen) |
wolfSSL | 0:d92f9d21154c | 131 | times += 1; |
wolfSSL | 0:d92f9d21154c | 132 | |
wolfSSL | 0:d92f9d21154c | 133 | lastTime = times - 1; |
wolfSSL | 0:d92f9d21154c | 134 | |
wolfSSL | 0:d92f9d21154c | 135 | if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) { |
wolfSSL | 0:d92f9d21154c | 136 | if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */ |
wolfSSL | 0:d92f9d21154c | 137 | if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */ |
wolfSSL | 0:d92f9d21154c | 138 | for (i = 0; i < times; i++) { |
wolfSSL | 0:d92f9d21154c | 139 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 0:d92f9d21154c | 140 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 141 | break; |
wolfSSL | 0:d92f9d21154c | 142 | ret = wc_HmacUpdate(hmac, seed, seedLen); |
wolfSSL | 0:d92f9d21154c | 143 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 144 | break; |
wolfSSL | 0:d92f9d21154c | 145 | ret = wc_HmacFinal(hmac, current); |
wolfSSL | 0:d92f9d21154c | 146 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 147 | break; |
wolfSSL | 0:d92f9d21154c | 148 | |
wolfSSL | 0:d92f9d21154c | 149 | if ((i == lastTime) && lastLen) |
wolfSSL | 0:d92f9d21154c | 150 | XMEMCPY(&result[idx], current, |
wolfSSL | 0:d92f9d21154c | 151 | min(lastLen, P_HASH_MAX_SIZE)); |
wolfSSL | 0:d92f9d21154c | 152 | else { |
wolfSSL | 0:d92f9d21154c | 153 | XMEMCPY(&result[idx], current, len); |
wolfSSL | 0:d92f9d21154c | 154 | idx += len; |
wolfSSL | 0:d92f9d21154c | 155 | ret = wc_HmacUpdate(hmac, previous, len); |
wolfSSL | 0:d92f9d21154c | 156 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 157 | break; |
wolfSSL | 0:d92f9d21154c | 158 | ret = wc_HmacFinal(hmac, previous); |
wolfSSL | 0:d92f9d21154c | 159 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 160 | break; |
wolfSSL | 0:d92f9d21154c | 161 | } |
wolfSSL | 0:d92f9d21154c | 162 | } |
wolfSSL | 0:d92f9d21154c | 163 | } |
wolfSSL | 0:d92f9d21154c | 164 | } |
wolfSSL | 0:d92f9d21154c | 165 | } |
wolfSSL | 0:d92f9d21154c | 166 | |
wolfSSL | 0:d92f9d21154c | 167 | ForceZero(previous, P_HASH_MAX_SIZE); |
wolfSSL | 0:d92f9d21154c | 168 | ForceZero(current, P_HASH_MAX_SIZE); |
wolfSSL | 0:d92f9d21154c | 169 | ForceZero(hmac, sizeof(Hmac)); |
wolfSSL | 0:d92f9d21154c | 170 | |
wolfSSL | 0:d92f9d21154c | 171 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 172 | XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 173 | XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 174 | XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 175 | #endif |
wolfSSL | 0:d92f9d21154c | 176 | |
wolfSSL | 0:d92f9d21154c | 177 | return ret; |
wolfSSL | 0:d92f9d21154c | 178 | } |
wolfSSL | 0:d92f9d21154c | 179 | |
wolfSSL | 0:d92f9d21154c | 180 | #undef P_HASH_MAX_SIZE |
wolfSSL | 0:d92f9d21154c | 181 | |
wolfSSL | 0:d92f9d21154c | 182 | |
wolfSSL | 0:d92f9d21154c | 183 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 184 | |
wolfSSL | 0:d92f9d21154c | 185 | /* calculate XOR for TLSv1 PRF */ |
wolfSSL | 0:d92f9d21154c | 186 | static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) |
wolfSSL | 0:d92f9d21154c | 187 | { |
wolfSSL | 0:d92f9d21154c | 188 | word32 i; |
wolfSSL | 0:d92f9d21154c | 189 | |
wolfSSL | 0:d92f9d21154c | 190 | for (i = 0; i < digLen; i++) |
wolfSSL | 0:d92f9d21154c | 191 | digest[i] = md5[i] ^ sha[i]; |
wolfSSL | 0:d92f9d21154c | 192 | } |
wolfSSL | 0:d92f9d21154c | 193 | |
wolfSSL | 0:d92f9d21154c | 194 | |
wolfSSL | 0:d92f9d21154c | 195 | /* compute TLSv1 PRF (pseudo random function using HMAC) */ |
wolfSSL | 0:d92f9d21154c | 196 | static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, |
wolfSSL | 0:d92f9d21154c | 197 | const byte* label, word32 labLen, const byte* seed, |
wolfSSL | 0:d92f9d21154c | 198 | word32 seedLen) |
wolfSSL | 0:d92f9d21154c | 199 | { |
wolfSSL | 0:d92f9d21154c | 200 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 201 | word32 half = (secLen + 1) / 2; |
wolfSSL | 0:d92f9d21154c | 202 | |
wolfSSL | 0:d92f9d21154c | 203 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 204 | byte* md5_half; |
wolfSSL | 0:d92f9d21154c | 205 | byte* sha_half; |
wolfSSL | 0:d92f9d21154c | 206 | byte* labelSeed; |
wolfSSL | 0:d92f9d21154c | 207 | byte* md5_result; |
wolfSSL | 0:d92f9d21154c | 208 | byte* sha_result; |
wolfSSL | 0:d92f9d21154c | 209 | #else |
wolfSSL | 0:d92f9d21154c | 210 | byte md5_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 0:d92f9d21154c | 211 | byte sha_half[MAX_PRF_HALF]; /* half is real size */ |
wolfSSL | 0:d92f9d21154c | 212 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 0:d92f9d21154c | 213 | byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 0:d92f9d21154c | 214 | byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ |
wolfSSL | 0:d92f9d21154c | 215 | #endif |
wolfSSL | 0:d92f9d21154c | 216 | |
wolfSSL | 0:d92f9d21154c | 217 | if (half > MAX_PRF_HALF) |
wolfSSL | 0:d92f9d21154c | 218 | return BUFFER_E; |
wolfSSL | 0:d92f9d21154c | 219 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 0:d92f9d21154c | 220 | return BUFFER_E; |
wolfSSL | 0:d92f9d21154c | 221 | if (digLen > MAX_PRF_DIG) |
wolfSSL | 0:d92f9d21154c | 222 | return BUFFER_E; |
wolfSSL | 0:d92f9d21154c | 223 | |
wolfSSL | 0:d92f9d21154c | 224 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 225 | md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 226 | sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 227 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 228 | md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 229 | sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 230 | |
wolfSSL | 0:d92f9d21154c | 231 | if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || |
wolfSSL | 0:d92f9d21154c | 232 | md5_result == NULL || sha_result == NULL) { |
wolfSSL | 0:d92f9d21154c | 233 | if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 234 | if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 235 | if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 236 | if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 237 | if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 238 | |
wolfSSL | 0:d92f9d21154c | 239 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 240 | } |
wolfSSL | 0:d92f9d21154c | 241 | #endif |
wolfSSL | 0:d92f9d21154c | 242 | |
wolfSSL | 0:d92f9d21154c | 243 | XMEMSET(md5_result, 0, digLen); |
wolfSSL | 0:d92f9d21154c | 244 | XMEMSET(sha_result, 0, digLen); |
wolfSSL | 0:d92f9d21154c | 245 | |
wolfSSL | 0:d92f9d21154c | 246 | XMEMCPY(md5_half, secret, half); |
wolfSSL | 0:d92f9d21154c | 247 | XMEMCPY(sha_half, secret + half - secLen % 2, half); |
wolfSSL | 0:d92f9d21154c | 248 | |
wolfSSL | 0:d92f9d21154c | 249 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 0:d92f9d21154c | 250 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 0:d92f9d21154c | 251 | |
wolfSSL | 0:d92f9d21154c | 252 | if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, |
wolfSSL | 0:d92f9d21154c | 253 | labLen + seedLen, md5_mac)) == 0) { |
wolfSSL | 0:d92f9d21154c | 254 | if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, |
wolfSSL | 0:d92f9d21154c | 255 | labLen + seedLen, sha_mac)) == 0) { |
wolfSSL | 0:d92f9d21154c | 256 | get_xor(digest, digLen, md5_result, sha_result); |
wolfSSL | 0:d92f9d21154c | 257 | } |
wolfSSL | 0:d92f9d21154c | 258 | } |
wolfSSL | 0:d92f9d21154c | 259 | |
wolfSSL | 0:d92f9d21154c | 260 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 261 | XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 262 | XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 263 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 264 | XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 265 | XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 266 | #endif |
wolfSSL | 0:d92f9d21154c | 267 | |
wolfSSL | 0:d92f9d21154c | 268 | return ret; |
wolfSSL | 0:d92f9d21154c | 269 | } |
wolfSSL | 0:d92f9d21154c | 270 | |
wolfSSL | 0:d92f9d21154c | 271 | #endif |
wolfSSL | 0:d92f9d21154c | 272 | |
wolfSSL | 0:d92f9d21154c | 273 | |
wolfSSL | 0:d92f9d21154c | 274 | /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack |
wolfSSL | 0:d92f9d21154c | 275 | use */ |
wolfSSL | 0:d92f9d21154c | 276 | static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, |
wolfSSL | 0:d92f9d21154c | 277 | const byte* label, word32 labLen, const byte* seed, word32 seedLen, |
wolfSSL | 0:d92f9d21154c | 278 | int useAtLeastSha256, int hash_type) |
wolfSSL | 0:d92f9d21154c | 279 | { |
wolfSSL | 0:d92f9d21154c | 280 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 281 | |
wolfSSL | 0:d92f9d21154c | 282 | if (useAtLeastSha256) { |
wolfSSL | 0:d92f9d21154c | 283 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 284 | byte* labelSeed; |
wolfSSL | 0:d92f9d21154c | 285 | #else |
wolfSSL | 0:d92f9d21154c | 286 | byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ |
wolfSSL | 0:d92f9d21154c | 287 | #endif |
wolfSSL | 0:d92f9d21154c | 288 | |
wolfSSL | 0:d92f9d21154c | 289 | if (labLen + seedLen > MAX_PRF_LABSEED) |
wolfSSL | 0:d92f9d21154c | 290 | return BUFFER_E; |
wolfSSL | 0:d92f9d21154c | 291 | |
wolfSSL | 0:d92f9d21154c | 292 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 293 | labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, |
wolfSSL | 0:d92f9d21154c | 294 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 295 | if (labelSeed == NULL) |
wolfSSL | 0:d92f9d21154c | 296 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 297 | #endif |
wolfSSL | 0:d92f9d21154c | 298 | |
wolfSSL | 0:d92f9d21154c | 299 | XMEMCPY(labelSeed, label, labLen); |
wolfSSL | 0:d92f9d21154c | 300 | XMEMCPY(labelSeed + labLen, seed, seedLen); |
wolfSSL | 0:d92f9d21154c | 301 | |
wolfSSL | 0:d92f9d21154c | 302 | /* If a cipher suite wants an algorithm better than sha256, it |
wolfSSL | 0:d92f9d21154c | 303 | * should use better. */ |
wolfSSL | 0:d92f9d21154c | 304 | if (hash_type < sha256_mac) |
wolfSSL | 0:d92f9d21154c | 305 | hash_type = sha256_mac; |
wolfSSL | 0:d92f9d21154c | 306 | ret = p_hash(digest, digLen, secret, secLen, labelSeed, |
wolfSSL | 0:d92f9d21154c | 307 | labLen + seedLen, hash_type); |
wolfSSL | 0:d92f9d21154c | 308 | |
wolfSSL | 0:d92f9d21154c | 309 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 310 | XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 311 | #endif |
wolfSSL | 0:d92f9d21154c | 312 | } |
wolfSSL | 0:d92f9d21154c | 313 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 314 | else { |
wolfSSL | 0:d92f9d21154c | 315 | ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, |
wolfSSL | 0:d92f9d21154c | 316 | seedLen); |
wolfSSL | 0:d92f9d21154c | 317 | } |
wolfSSL | 0:d92f9d21154c | 318 | #endif |
wolfSSL | 0:d92f9d21154c | 319 | |
wolfSSL | 0:d92f9d21154c | 320 | return ret; |
wolfSSL | 0:d92f9d21154c | 321 | } |
wolfSSL | 0:d92f9d21154c | 322 | |
wolfSSL | 0:d92f9d21154c | 323 | |
wolfSSL | 0:d92f9d21154c | 324 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 0:d92f9d21154c | 325 | #define HSHASH_SZ SHA384_DIGEST_SIZE |
wolfSSL | 0:d92f9d21154c | 326 | #else |
wolfSSL | 0:d92f9d21154c | 327 | #define HSHASH_SZ FINISHED_SZ |
wolfSSL | 0:d92f9d21154c | 328 | #endif |
wolfSSL | 0:d92f9d21154c | 329 | |
wolfSSL | 0:d92f9d21154c | 330 | |
wolfSSL | 0:d92f9d21154c | 331 | int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) |
wolfSSL | 0:d92f9d21154c | 332 | { |
wolfSSL | 0:d92f9d21154c | 333 | const byte* side; |
wolfSSL | 0:d92f9d21154c | 334 | byte handshake_hash[HSHASH_SZ]; |
wolfSSL | 0:d92f9d21154c | 335 | word32 hashSz = FINISHED_SZ; |
wolfSSL | 0:d92f9d21154c | 336 | |
wolfSSL | 0:d92f9d21154c | 337 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 338 | wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash); |
wolfSSL | 0:d92f9d21154c | 339 | wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); |
wolfSSL | 0:d92f9d21154c | 340 | #endif |
wolfSSL | 0:d92f9d21154c | 341 | |
wolfSSL | 0:d92f9d21154c | 342 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 0:d92f9d21154c | 343 | #ifndef NO_SHA256 |
wolfSSL | 0:d92f9d21154c | 344 | if (ssl->specs.mac_algorithm <= sha256_mac) { |
wolfSSL | 0:d92f9d21154c | 345 | int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash); |
wolfSSL | 0:d92f9d21154c | 346 | |
wolfSSL | 0:d92f9d21154c | 347 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 348 | return ret; |
wolfSSL | 0:d92f9d21154c | 349 | |
wolfSSL | 0:d92f9d21154c | 350 | hashSz = SHA256_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 351 | } |
wolfSSL | 0:d92f9d21154c | 352 | #endif |
wolfSSL | 0:d92f9d21154c | 353 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 0:d92f9d21154c | 354 | if (ssl->specs.mac_algorithm == sha384_mac) { |
wolfSSL | 0:d92f9d21154c | 355 | int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash); |
wolfSSL | 0:d92f9d21154c | 356 | |
wolfSSL | 0:d92f9d21154c | 357 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 358 | return ret; |
wolfSSL | 0:d92f9d21154c | 359 | |
wolfSSL | 0:d92f9d21154c | 360 | hashSz = SHA384_DIGEST_SIZE; |
wolfSSL | 0:d92f9d21154c | 361 | } |
wolfSSL | 0:d92f9d21154c | 362 | #endif |
wolfSSL | 0:d92f9d21154c | 363 | } |
wolfSSL | 0:d92f9d21154c | 364 | |
wolfSSL | 0:d92f9d21154c | 365 | if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) |
wolfSSL | 0:d92f9d21154c | 366 | side = tls_client; |
wolfSSL | 0:d92f9d21154c | 367 | else |
wolfSSL | 0:d92f9d21154c | 368 | side = tls_server; |
wolfSSL | 0:d92f9d21154c | 369 | |
wolfSSL | 0:d92f9d21154c | 370 | return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, |
wolfSSL | 0:d92f9d21154c | 371 | SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, |
wolfSSL | 0:d92f9d21154c | 372 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 0:d92f9d21154c | 373 | } |
wolfSSL | 0:d92f9d21154c | 374 | |
wolfSSL | 0:d92f9d21154c | 375 | |
wolfSSL | 0:d92f9d21154c | 376 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 377 | |
wolfSSL | 0:d92f9d21154c | 378 | ProtocolVersion MakeTLSv1(void) |
wolfSSL | 0:d92f9d21154c | 379 | { |
wolfSSL | 0:d92f9d21154c | 380 | ProtocolVersion pv; |
wolfSSL | 0:d92f9d21154c | 381 | pv.major = SSLv3_MAJOR; |
wolfSSL | 0:d92f9d21154c | 382 | pv.minor = TLSv1_MINOR; |
wolfSSL | 0:d92f9d21154c | 383 | |
wolfSSL | 0:d92f9d21154c | 384 | return pv; |
wolfSSL | 0:d92f9d21154c | 385 | } |
wolfSSL | 0:d92f9d21154c | 386 | |
wolfSSL | 0:d92f9d21154c | 387 | |
wolfSSL | 0:d92f9d21154c | 388 | ProtocolVersion MakeTLSv1_1(void) |
wolfSSL | 0:d92f9d21154c | 389 | { |
wolfSSL | 0:d92f9d21154c | 390 | ProtocolVersion pv; |
wolfSSL | 0:d92f9d21154c | 391 | pv.major = SSLv3_MAJOR; |
wolfSSL | 0:d92f9d21154c | 392 | pv.minor = TLSv1_1_MINOR; |
wolfSSL | 0:d92f9d21154c | 393 | |
wolfSSL | 0:d92f9d21154c | 394 | return pv; |
wolfSSL | 0:d92f9d21154c | 395 | } |
wolfSSL | 0:d92f9d21154c | 396 | |
wolfSSL | 0:d92f9d21154c | 397 | #endif |
wolfSSL | 0:d92f9d21154c | 398 | |
wolfSSL | 0:d92f9d21154c | 399 | |
wolfSSL | 0:d92f9d21154c | 400 | ProtocolVersion MakeTLSv1_2(void) |
wolfSSL | 0:d92f9d21154c | 401 | { |
wolfSSL | 0:d92f9d21154c | 402 | ProtocolVersion pv; |
wolfSSL | 0:d92f9d21154c | 403 | pv.major = SSLv3_MAJOR; |
wolfSSL | 0:d92f9d21154c | 404 | pv.minor = TLSv1_2_MINOR; |
wolfSSL | 0:d92f9d21154c | 405 | |
wolfSSL | 0:d92f9d21154c | 406 | return pv; |
wolfSSL | 0:d92f9d21154c | 407 | } |
wolfSSL | 0:d92f9d21154c | 408 | |
wolfSSL | 0:d92f9d21154c | 409 | |
wolfSSL | 0:d92f9d21154c | 410 | static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; |
wolfSSL | 0:d92f9d21154c | 411 | static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; |
wolfSSL | 0:d92f9d21154c | 412 | |
wolfSSL | 0:d92f9d21154c | 413 | |
wolfSSL | 0:d92f9d21154c | 414 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 0:d92f9d21154c | 415 | int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen, |
wolfSSL | 0:d92f9d21154c | 416 | const byte* ms, word32 msLen, |
wolfSSL | 0:d92f9d21154c | 417 | const byte* sr, const byte* cr, |
wolfSSL | 0:d92f9d21154c | 418 | int tls1_2, int hash_type) |
wolfSSL | 0:d92f9d21154c | 419 | { |
wolfSSL | 0:d92f9d21154c | 420 | byte seed[SEED_LEN]; |
wolfSSL | 0:d92f9d21154c | 421 | |
wolfSSL | 0:d92f9d21154c | 422 | XMEMCPY(seed, sr, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 423 | XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 424 | |
wolfSSL | 0:d92f9d21154c | 425 | return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ, |
wolfSSL | 0:d92f9d21154c | 426 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 0:d92f9d21154c | 427 | } |
wolfSSL | 0:d92f9d21154c | 428 | |
wolfSSL | 0:d92f9d21154c | 429 | |
wolfSSL | 0:d92f9d21154c | 430 | int DeriveTlsKeys(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 431 | { |
wolfSSL | 0:d92f9d21154c | 432 | int ret; |
wolfSSL | 0:d92f9d21154c | 433 | int length = 2 * ssl->specs.hash_size + |
wolfSSL | 0:d92f9d21154c | 434 | 2 * ssl->specs.key_size + |
wolfSSL | 0:d92f9d21154c | 435 | 2 * ssl->specs.iv_size; |
wolfSSL | 0:d92f9d21154c | 436 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 437 | byte* key_data; |
wolfSSL | 0:d92f9d21154c | 438 | #else |
wolfSSL | 0:d92f9d21154c | 439 | byte key_data[MAX_PRF_DIG]; |
wolfSSL | 0:d92f9d21154c | 440 | #endif |
wolfSSL | 0:d92f9d21154c | 441 | |
wolfSSL | 0:d92f9d21154c | 442 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 443 | key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 444 | if (key_data == NULL) { |
wolfSSL | 0:d92f9d21154c | 445 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 446 | } |
wolfSSL | 0:d92f9d21154c | 447 | #endif |
wolfSSL | 0:d92f9d21154c | 448 | |
wolfSSL | 0:d92f9d21154c | 449 | ret = wolfSSL_DeriveTlsKeys(key_data, length, |
wolfSSL | 0:d92f9d21154c | 450 | ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 0:d92f9d21154c | 451 | ssl->arrays->serverRandom, ssl->arrays->clientRandom, |
wolfSSL | 0:d92f9d21154c | 452 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 0:d92f9d21154c | 453 | if (ret == 0) |
wolfSSL | 0:d92f9d21154c | 454 | ret = StoreKeys(ssl, key_data); |
wolfSSL | 0:d92f9d21154c | 455 | |
wolfSSL | 0:d92f9d21154c | 456 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 457 | XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 458 | #endif |
wolfSSL | 0:d92f9d21154c | 459 | |
wolfSSL | 0:d92f9d21154c | 460 | return ret; |
wolfSSL | 0:d92f9d21154c | 461 | } |
wolfSSL | 0:d92f9d21154c | 462 | |
wolfSSL | 0:d92f9d21154c | 463 | |
wolfSSL | 0:d92f9d21154c | 464 | /* External facing wrapper so user can call as well, 0 on success */ |
wolfSSL | 0:d92f9d21154c | 465 | int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, |
wolfSSL | 0:d92f9d21154c | 466 | const byte* pms, word32 pmsLen, |
wolfSSL | 0:d92f9d21154c | 467 | const byte* cr, const byte* sr, |
wolfSSL | 0:d92f9d21154c | 468 | int tls1_2, int hash_type) |
wolfSSL | 0:d92f9d21154c | 469 | { |
wolfSSL | 0:d92f9d21154c | 470 | byte seed[SEED_LEN]; |
wolfSSL | 0:d92f9d21154c | 471 | |
wolfSSL | 0:d92f9d21154c | 472 | XMEMCPY(seed, cr, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 473 | XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 474 | |
wolfSSL | 0:d92f9d21154c | 475 | return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, |
wolfSSL | 0:d92f9d21154c | 476 | seed, SEED_LEN, tls1_2, hash_type); |
wolfSSL | 0:d92f9d21154c | 477 | } |
wolfSSL | 0:d92f9d21154c | 478 | |
wolfSSL | 0:d92f9d21154c | 479 | |
wolfSSL | 0:d92f9d21154c | 480 | int MakeTlsMasterSecret(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 481 | { |
wolfSSL | 0:d92f9d21154c | 482 | int ret; |
wolfSSL | 0:d92f9d21154c | 483 | |
wolfSSL | 0:d92f9d21154c | 484 | ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 0:d92f9d21154c | 485 | ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, |
wolfSSL | 0:d92f9d21154c | 486 | ssl->arrays->clientRandom, ssl->arrays->serverRandom, |
wolfSSL | 0:d92f9d21154c | 487 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 0:d92f9d21154c | 488 | |
wolfSSL | 0:d92f9d21154c | 489 | if (ret == 0) { |
wolfSSL | 0:d92f9d21154c | 490 | #ifdef SHOW_SECRETS |
wolfSSL | 0:d92f9d21154c | 491 | int i; |
wolfSSL | 0:d92f9d21154c | 492 | |
wolfSSL | 0:d92f9d21154c | 493 | printf("master secret: "); |
wolfSSL | 0:d92f9d21154c | 494 | for (i = 0; i < SECRET_LEN; i++) |
wolfSSL | 0:d92f9d21154c | 495 | printf("%02x", ssl->arrays->masterSecret[i]); |
wolfSSL | 0:d92f9d21154c | 496 | printf("\n"); |
wolfSSL | 0:d92f9d21154c | 497 | #endif |
wolfSSL | 0:d92f9d21154c | 498 | |
wolfSSL | 0:d92f9d21154c | 499 | ret = DeriveTlsKeys(ssl); |
wolfSSL | 0:d92f9d21154c | 500 | } |
wolfSSL | 0:d92f9d21154c | 501 | |
wolfSSL | 0:d92f9d21154c | 502 | return ret; |
wolfSSL | 0:d92f9d21154c | 503 | } |
wolfSSL | 0:d92f9d21154c | 504 | |
wolfSSL | 0:d92f9d21154c | 505 | |
wolfSSL | 0:d92f9d21154c | 506 | /* Used by EAP-TLS and EAP-TTLS to derive keying material from |
wolfSSL | 0:d92f9d21154c | 507 | * the master_secret. */ |
wolfSSL | 0:d92f9d21154c | 508 | int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, |
wolfSSL | 0:d92f9d21154c | 509 | const char* label) |
wolfSSL | 0:d92f9d21154c | 510 | { |
wolfSSL | 0:d92f9d21154c | 511 | int ret; |
wolfSSL | 0:d92f9d21154c | 512 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 513 | byte* seed; |
wolfSSL | 0:d92f9d21154c | 514 | #else |
wolfSSL | 0:d92f9d21154c | 515 | byte seed[SEED_LEN]; |
wolfSSL | 0:d92f9d21154c | 516 | #endif |
wolfSSL | 0:d92f9d21154c | 517 | |
wolfSSL | 0:d92f9d21154c | 518 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 519 | seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 520 | if (seed == NULL) |
wolfSSL | 0:d92f9d21154c | 521 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 522 | #endif |
wolfSSL | 0:d92f9d21154c | 523 | |
wolfSSL | 0:d92f9d21154c | 524 | /* |
wolfSSL | 0:d92f9d21154c | 525 | * As per RFC-5281, the order of the client and server randoms is reversed |
wolfSSL | 0:d92f9d21154c | 526 | * from that used by the TLS protocol to derive keys. |
wolfSSL | 0:d92f9d21154c | 527 | */ |
wolfSSL | 0:d92f9d21154c | 528 | XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 529 | XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN); |
wolfSSL | 0:d92f9d21154c | 530 | |
wolfSSL | 0:d92f9d21154c | 531 | ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, |
wolfSSL | 0:d92f9d21154c | 532 | (const byte *)label, (word32)strlen(label), seed, SEED_LEN, |
wolfSSL | 0:d92f9d21154c | 533 | IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); |
wolfSSL | 0:d92f9d21154c | 534 | |
wolfSSL | 0:d92f9d21154c | 535 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 536 | XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 537 | #endif |
wolfSSL | 0:d92f9d21154c | 538 | |
wolfSSL | 0:d92f9d21154c | 539 | return ret; |
wolfSSL | 0:d92f9d21154c | 540 | } |
wolfSSL | 0:d92f9d21154c | 541 | |
wolfSSL | 0:d92f9d21154c | 542 | |
wolfSSL | 0:d92f9d21154c | 543 | /*** next for static INLINE s copied internal.c ***/ |
wolfSSL | 0:d92f9d21154c | 544 | |
wolfSSL | 0:d92f9d21154c | 545 | /* convert 16 bit integer to opaque */ |
wolfSSL | 0:d92f9d21154c | 546 | static INLINE void c16toa(word16 u16, byte* c) |
wolfSSL | 0:d92f9d21154c | 547 | { |
wolfSSL | 0:d92f9d21154c | 548 | c[0] = (u16 >> 8) & 0xff; |
wolfSSL | 0:d92f9d21154c | 549 | c[1] = u16 & 0xff; |
wolfSSL | 0:d92f9d21154c | 550 | } |
wolfSSL | 0:d92f9d21154c | 551 | |
wolfSSL | 0:d92f9d21154c | 552 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 0:d92f9d21154c | 553 | /* convert opaque to 16 bit integer */ |
wolfSSL | 0:d92f9d21154c | 554 | static INLINE void ato16(const byte* c, word16* u16) |
wolfSSL | 0:d92f9d21154c | 555 | { |
wolfSSL | 0:d92f9d21154c | 556 | *u16 = (c[0] << 8) | (c[1]); |
wolfSSL | 0:d92f9d21154c | 557 | } |
wolfSSL | 0:d92f9d21154c | 558 | |
wolfSSL | 0:d92f9d21154c | 559 | #ifdef HAVE_SNI |
wolfSSL | 0:d92f9d21154c | 560 | /* convert a 24 bit integer into a 32 bit one */ |
wolfSSL | 0:d92f9d21154c | 561 | static INLINE void c24to32(const word24 u24, word32* u32) |
wolfSSL | 0:d92f9d21154c | 562 | { |
wolfSSL | 0:d92f9d21154c | 563 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
wolfSSL | 0:d92f9d21154c | 564 | } |
wolfSSL | 0:d92f9d21154c | 565 | #endif |
wolfSSL | 0:d92f9d21154c | 566 | #endif |
wolfSSL | 0:d92f9d21154c | 567 | |
wolfSSL | 0:d92f9d21154c | 568 | /* convert 32 bit integer to opaque */ |
wolfSSL | 0:d92f9d21154c | 569 | static INLINE void c32toa(word32 u32, byte* c) |
wolfSSL | 0:d92f9d21154c | 570 | { |
wolfSSL | 0:d92f9d21154c | 571 | c[0] = (u32 >> 24) & 0xff; |
wolfSSL | 0:d92f9d21154c | 572 | c[1] = (u32 >> 16) & 0xff; |
wolfSSL | 0:d92f9d21154c | 573 | c[2] = (u32 >> 8) & 0xff; |
wolfSSL | 0:d92f9d21154c | 574 | c[3] = u32 & 0xff; |
wolfSSL | 0:d92f9d21154c | 575 | } |
wolfSSL | 0:d92f9d21154c | 576 | |
wolfSSL | 0:d92f9d21154c | 577 | |
wolfSSL | 0:d92f9d21154c | 578 | static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify) |
wolfSSL | 0:d92f9d21154c | 579 | { |
wolfSSL | 0:d92f9d21154c | 580 | #ifdef WOLFSSL_DTLS |
wolfSSL | 0:d92f9d21154c | 581 | if (ssl->options.dtls) { |
wolfSSL | 0:d92f9d21154c | 582 | if (verify) |
wolfSSL | 0:d92f9d21154c | 583 | return ssl->keys.dtls_state.curSeq; /* explicit from peer */ |
wolfSSL | 0:d92f9d21154c | 584 | else |
wolfSSL | 0:d92f9d21154c | 585 | return ssl->keys.dtls_sequence_number - 1; /* already incremented */ |
wolfSSL | 0:d92f9d21154c | 586 | } |
wolfSSL | 0:d92f9d21154c | 587 | #endif |
wolfSSL | 0:d92f9d21154c | 588 | if (verify) |
wolfSSL | 0:d92f9d21154c | 589 | return ssl->keys.peer_sequence_number++; |
wolfSSL | 0:d92f9d21154c | 590 | else |
wolfSSL | 0:d92f9d21154c | 591 | return ssl->keys.sequence_number++; |
wolfSSL | 0:d92f9d21154c | 592 | } |
wolfSSL | 0:d92f9d21154c | 593 | |
wolfSSL | 0:d92f9d21154c | 594 | |
wolfSSL | 0:d92f9d21154c | 595 | #ifdef WOLFSSL_DTLS |
wolfSSL | 0:d92f9d21154c | 596 | |
wolfSSL | 0:d92f9d21154c | 597 | static INLINE word32 GetEpoch(WOLFSSL* ssl, int verify) |
wolfSSL | 0:d92f9d21154c | 598 | { |
wolfSSL | 0:d92f9d21154c | 599 | if (verify) |
wolfSSL | 0:d92f9d21154c | 600 | return ssl->keys.dtls_state.curEpoch; |
wolfSSL | 0:d92f9d21154c | 601 | else |
wolfSSL | 0:d92f9d21154c | 602 | return ssl->keys.dtls_epoch; |
wolfSSL | 0:d92f9d21154c | 603 | } |
wolfSSL | 0:d92f9d21154c | 604 | |
wolfSSL | 0:d92f9d21154c | 605 | #endif /* WOLFSSL_DTLS */ |
wolfSSL | 0:d92f9d21154c | 606 | |
wolfSSL | 0:d92f9d21154c | 607 | |
wolfSSL | 0:d92f9d21154c | 608 | /*** end copy ***/ |
wolfSSL | 0:d92f9d21154c | 609 | |
wolfSSL | 0:d92f9d21154c | 610 | |
wolfSSL | 0:d92f9d21154c | 611 | /* return HMAC digest type in wolfSSL format */ |
wolfSSL | 0:d92f9d21154c | 612 | int wolfSSL_GetHmacType(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 613 | { |
wolfSSL | 0:d92f9d21154c | 614 | if (ssl == NULL) |
wolfSSL | 0:d92f9d21154c | 615 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 616 | |
wolfSSL | 0:d92f9d21154c | 617 | switch (ssl->specs.mac_algorithm) { |
wolfSSL | 0:d92f9d21154c | 618 | #ifndef NO_MD5 |
wolfSSL | 0:d92f9d21154c | 619 | case md5_mac: |
wolfSSL | 0:d92f9d21154c | 620 | { |
wolfSSL | 0:d92f9d21154c | 621 | return MD5; |
wolfSSL | 0:d92f9d21154c | 622 | } |
wolfSSL | 0:d92f9d21154c | 623 | #endif |
wolfSSL | 0:d92f9d21154c | 624 | #ifndef NO_SHA256 |
wolfSSL | 0:d92f9d21154c | 625 | case sha256_mac: |
wolfSSL | 0:d92f9d21154c | 626 | { |
wolfSSL | 0:d92f9d21154c | 627 | return SHA256; |
wolfSSL | 0:d92f9d21154c | 628 | } |
wolfSSL | 0:d92f9d21154c | 629 | #endif |
wolfSSL | 0:d92f9d21154c | 630 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 0:d92f9d21154c | 631 | case sha384_mac: |
wolfSSL | 0:d92f9d21154c | 632 | { |
wolfSSL | 0:d92f9d21154c | 633 | return SHA384; |
wolfSSL | 0:d92f9d21154c | 634 | } |
wolfSSL | 0:d92f9d21154c | 635 | |
wolfSSL | 0:d92f9d21154c | 636 | #endif |
wolfSSL | 0:d92f9d21154c | 637 | #ifndef NO_SHA |
wolfSSL | 0:d92f9d21154c | 638 | case sha_mac: |
wolfSSL | 0:d92f9d21154c | 639 | { |
wolfSSL | 0:d92f9d21154c | 640 | return SHA; |
wolfSSL | 0:d92f9d21154c | 641 | } |
wolfSSL | 0:d92f9d21154c | 642 | #endif |
wolfSSL | 0:d92f9d21154c | 643 | #ifdef HAVE_BLAKE2 |
wolfSSL | 0:d92f9d21154c | 644 | case blake2b_mac: |
wolfSSL | 0:d92f9d21154c | 645 | { |
wolfSSL | 0:d92f9d21154c | 646 | return BLAKE2B_ID; |
wolfSSL | 0:d92f9d21154c | 647 | } |
wolfSSL | 0:d92f9d21154c | 648 | #endif |
wolfSSL | 0:d92f9d21154c | 649 | default: |
wolfSSL | 0:d92f9d21154c | 650 | { |
wolfSSL | 0:d92f9d21154c | 651 | return SSL_FATAL_ERROR; |
wolfSSL | 0:d92f9d21154c | 652 | } |
wolfSSL | 0:d92f9d21154c | 653 | } |
wolfSSL | 0:d92f9d21154c | 654 | } |
wolfSSL | 0:d92f9d21154c | 655 | |
wolfSSL | 0:d92f9d21154c | 656 | |
wolfSSL | 0:d92f9d21154c | 657 | int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, |
wolfSSL | 0:d92f9d21154c | 658 | int verify) |
wolfSSL | 0:d92f9d21154c | 659 | { |
wolfSSL | 0:d92f9d21154c | 660 | if (ssl == NULL || inner == NULL) |
wolfSSL | 0:d92f9d21154c | 661 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 662 | |
wolfSSL | 0:d92f9d21154c | 663 | XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); |
wolfSSL | 0:d92f9d21154c | 664 | |
wolfSSL | 0:d92f9d21154c | 665 | #ifdef WOLFSSL_DTLS |
wolfSSL | 0:d92f9d21154c | 666 | if (ssl->options.dtls) |
wolfSSL | 0:d92f9d21154c | 667 | c16toa((word16)GetEpoch(ssl, verify), inner); |
wolfSSL | 0:d92f9d21154c | 668 | #endif |
wolfSSL | 0:d92f9d21154c | 669 | c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]); |
wolfSSL | 0:d92f9d21154c | 670 | inner[SEQ_SZ] = (byte)content; |
wolfSSL | 0:d92f9d21154c | 671 | inner[SEQ_SZ + ENUM_LEN] = ssl->version.major; |
wolfSSL | 0:d92f9d21154c | 672 | inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor; |
wolfSSL | 0:d92f9d21154c | 673 | c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ); |
wolfSSL | 0:d92f9d21154c | 674 | |
wolfSSL | 0:d92f9d21154c | 675 | return 0; |
wolfSSL | 0:d92f9d21154c | 676 | } |
wolfSSL | 0:d92f9d21154c | 677 | |
wolfSSL | 0:d92f9d21154c | 678 | |
wolfSSL | 0:d92f9d21154c | 679 | /* TLS type HMAC */ |
wolfSSL | 0:d92f9d21154c | 680 | int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, |
wolfSSL | 0:d92f9d21154c | 681 | int content, int verify) |
wolfSSL | 0:d92f9d21154c | 682 | { |
wolfSSL | 0:d92f9d21154c | 683 | Hmac hmac; |
wolfSSL | 0:d92f9d21154c | 684 | int ret; |
wolfSSL | 0:d92f9d21154c | 685 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 0:d92f9d21154c | 686 | |
wolfSSL | 0:d92f9d21154c | 687 | if (ssl == NULL) |
wolfSSL | 0:d92f9d21154c | 688 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 689 | |
wolfSSL | 0:d92f9d21154c | 690 | #ifdef HAVE_FUZZER |
wolfSSL | 0:d92f9d21154c | 691 | if (ssl->fuzzerCb) |
wolfSSL | 0:d92f9d21154c | 692 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
wolfSSL | 0:d92f9d21154c | 693 | #endif |
wolfSSL | 0:d92f9d21154c | 694 | |
wolfSSL | 0:d92f9d21154c | 695 | wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); |
wolfSSL | 0:d92f9d21154c | 696 | |
wolfSSL | 0:d92f9d21154c | 697 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 0:d92f9d21154c | 698 | wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); |
wolfSSL | 0:d92f9d21154c | 699 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 700 | return ret; |
wolfSSL | 0:d92f9d21154c | 701 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 0:d92f9d21154c | 702 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 703 | return ret; |
wolfSSL | 0:d92f9d21154c | 704 | ret = wc_HmacUpdate(&hmac, in, sz); /* content */ |
wolfSSL | 0:d92f9d21154c | 705 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 706 | return ret; |
wolfSSL | 0:d92f9d21154c | 707 | ret = wc_HmacFinal(&hmac, digest); |
wolfSSL | 0:d92f9d21154c | 708 | if (ret != 0) |
wolfSSL | 0:d92f9d21154c | 709 | return ret; |
wolfSSL | 0:d92f9d21154c | 710 | |
wolfSSL | 0:d92f9d21154c | 711 | return 0; |
wolfSSL | 0:d92f9d21154c | 712 | } |
wolfSSL | 0:d92f9d21154c | 713 | |
wolfSSL | 0:d92f9d21154c | 714 | #ifdef HAVE_TLS_EXTENSIONS |
wolfSSL | 0:d92f9d21154c | 715 | |
wolfSSL | 0:d92f9d21154c | 716 | |
wolfSSL | 0:d92f9d21154c | 717 | /** Supports up to 64 flags. Update as needed. */ |
wolfSSL | 0:d92f9d21154c | 718 | #define SEMAPHORE_SIZE 8 |
wolfSSL | 0:d92f9d21154c | 719 | |
wolfSSL | 0:d92f9d21154c | 720 | |
wolfSSL | 0:d92f9d21154c | 721 | static INLINE word16 TLSX_ToSemaphore(word16 type) |
wolfSSL | 0:d92f9d21154c | 722 | { |
wolfSSL | 0:d92f9d21154c | 723 | switch (type) { |
wolfSSL | 0:d92f9d21154c | 724 | case SECURE_RENEGOTIATION: |
wolfSSL | 0:d92f9d21154c | 725 | return 63; |
wolfSSL | 0:d92f9d21154c | 726 | |
wolfSSL | 0:d92f9d21154c | 727 | default: |
wolfSSL | 0:d92f9d21154c | 728 | if (type > 62) { |
wolfSSL | 0:d92f9d21154c | 729 | /* This message SHOULD only happens during the adding of |
wolfSSL | 0:d92f9d21154c | 730 | new TLS extensions in which its IANA number overflows |
wolfSSL | 0:d92f9d21154c | 731 | the current semaphore's range, or if its number already |
wolfSSL | 0:d92f9d21154c | 732 | is assigned to be used by another extension. |
wolfSSL | 0:d92f9d21154c | 733 | Use this check value for the new extension and decrement |
wolfSSL | 0:d92f9d21154c | 734 | the check value by one. */ |
wolfSSL | 0:d92f9d21154c | 735 | WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!"); |
wolfSSL | 0:d92f9d21154c | 736 | } |
wolfSSL | 0:d92f9d21154c | 737 | } |
wolfSSL | 0:d92f9d21154c | 738 | |
wolfSSL | 0:d92f9d21154c | 739 | return type; |
wolfSSL | 0:d92f9d21154c | 740 | } |
wolfSSL | 0:d92f9d21154c | 741 | |
wolfSSL | 0:d92f9d21154c | 742 | |
wolfSSL | 0:d92f9d21154c | 743 | #define IS_OFF(semaphore, light) \ |
wolfSSL | 0:d92f9d21154c | 744 | ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) |
wolfSSL | 0:d92f9d21154c | 745 | |
wolfSSL | 0:d92f9d21154c | 746 | |
wolfSSL | 0:d92f9d21154c | 747 | #define TURN_ON(semaphore, light) \ |
wolfSSL | 0:d92f9d21154c | 748 | ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) |
wolfSSL | 0:d92f9d21154c | 749 | |
wolfSSL | 0:d92f9d21154c | 750 | |
wolfSSL | 0:d92f9d21154c | 751 | static int TLSX_Push(TLSX** list, TLSX_Type type, void* data) |
wolfSSL | 0:d92f9d21154c | 752 | { |
wolfSSL | 0:d92f9d21154c | 753 | TLSX* extension; |
wolfSSL | 0:d92f9d21154c | 754 | |
wolfSSL | 0:d92f9d21154c | 755 | extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 756 | if (extension == NULL) |
wolfSSL | 0:d92f9d21154c | 757 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 758 | |
wolfSSL | 0:d92f9d21154c | 759 | extension->type = type; |
wolfSSL | 0:d92f9d21154c | 760 | extension->data = data; |
wolfSSL | 0:d92f9d21154c | 761 | extension->resp = 0; |
wolfSSL | 0:d92f9d21154c | 762 | extension->next = *list; |
wolfSSL | 0:d92f9d21154c | 763 | *list = extension; |
wolfSSL | 0:d92f9d21154c | 764 | |
wolfSSL | 0:d92f9d21154c | 765 | /* remove duplicated extensions, there should be only one of each type. */ |
wolfSSL | 0:d92f9d21154c | 766 | do { |
wolfSSL | 0:d92f9d21154c | 767 | if (extension->next && extension->next->type == type) { |
wolfSSL | 0:d92f9d21154c | 768 | TLSX *next = extension->next; |
wolfSSL | 0:d92f9d21154c | 769 | |
wolfSSL | 0:d92f9d21154c | 770 | extension->next = next->next; |
wolfSSL | 0:d92f9d21154c | 771 | next->next = NULL; |
wolfSSL | 0:d92f9d21154c | 772 | |
wolfSSL | 0:d92f9d21154c | 773 | TLSX_FreeAll(next); |
wolfSSL | 0:d92f9d21154c | 774 | |
wolfSSL | 0:d92f9d21154c | 775 | /* there is no way to occur more than */ |
wolfSSL | 0:d92f9d21154c | 776 | /* two extensions of the same type. */ |
wolfSSL | 0:d92f9d21154c | 777 | break; |
wolfSSL | 0:d92f9d21154c | 778 | } |
wolfSSL | 0:d92f9d21154c | 779 | } while ((extension = extension->next)); |
wolfSSL | 0:d92f9d21154c | 780 | |
wolfSSL | 0:d92f9d21154c | 781 | return 0; |
wolfSSL | 0:d92f9d21154c | 782 | } |
wolfSSL | 0:d92f9d21154c | 783 | |
wolfSSL | 0:d92f9d21154c | 784 | |
wolfSSL | 0:d92f9d21154c | 785 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 786 | |
wolfSSL | 0:d92f9d21154c | 787 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type); |
wolfSSL | 0:d92f9d21154c | 788 | |
wolfSSL | 0:d92f9d21154c | 789 | void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) |
wolfSSL | 0:d92f9d21154c | 790 | { |
wolfSSL | 0:d92f9d21154c | 791 | TLSX *ext = TLSX_Find(ssl->extensions, type); |
wolfSSL | 0:d92f9d21154c | 792 | |
wolfSSL | 0:d92f9d21154c | 793 | if (ext) |
wolfSSL | 0:d92f9d21154c | 794 | ext->resp = 1; |
wolfSSL | 0:d92f9d21154c | 795 | } |
wolfSSL | 0:d92f9d21154c | 796 | |
wolfSSL | 0:d92f9d21154c | 797 | #endif |
wolfSSL | 0:d92f9d21154c | 798 | |
wolfSSL | 0:d92f9d21154c | 799 | /* SNI - Server Name Indication */ |
wolfSSL | 0:d92f9d21154c | 800 | |
wolfSSL | 0:d92f9d21154c | 801 | #ifdef HAVE_SNI |
wolfSSL | 0:d92f9d21154c | 802 | |
wolfSSL | 0:d92f9d21154c | 803 | static void TLSX_SNI_Free(SNI* sni) |
wolfSSL | 0:d92f9d21154c | 804 | { |
wolfSSL | 0:d92f9d21154c | 805 | if (sni) { |
wolfSSL | 0:d92f9d21154c | 806 | switch (sni->type) { |
wolfSSL | 0:d92f9d21154c | 807 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 0:d92f9d21154c | 808 | XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 809 | break; |
wolfSSL | 0:d92f9d21154c | 810 | } |
wolfSSL | 0:d92f9d21154c | 811 | |
wolfSSL | 0:d92f9d21154c | 812 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 813 | } |
wolfSSL | 0:d92f9d21154c | 814 | } |
wolfSSL | 0:d92f9d21154c | 815 | |
wolfSSL | 0:d92f9d21154c | 816 | static void TLSX_SNI_FreeAll(SNI* list) |
wolfSSL | 0:d92f9d21154c | 817 | { |
wolfSSL | 0:d92f9d21154c | 818 | SNI* sni; |
wolfSSL | 0:d92f9d21154c | 819 | |
wolfSSL | 0:d92f9d21154c | 820 | while ((sni = list)) { |
wolfSSL | 0:d92f9d21154c | 821 | list = sni->next; |
wolfSSL | 0:d92f9d21154c | 822 | TLSX_SNI_Free(sni); |
wolfSSL | 0:d92f9d21154c | 823 | } |
wolfSSL | 0:d92f9d21154c | 824 | } |
wolfSSL | 0:d92f9d21154c | 825 | |
wolfSSL | 0:d92f9d21154c | 826 | static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size) |
wolfSSL | 0:d92f9d21154c | 827 | { |
wolfSSL | 0:d92f9d21154c | 828 | SNI* sni; |
wolfSSL | 0:d92f9d21154c | 829 | |
wolfSSL | 0:d92f9d21154c | 830 | if (list == NULL) |
wolfSSL | 0:d92f9d21154c | 831 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 832 | |
wolfSSL | 0:d92f9d21154c | 833 | if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 0:d92f9d21154c | 834 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 835 | |
wolfSSL | 0:d92f9d21154c | 836 | switch (type) { |
wolfSSL | 0:d92f9d21154c | 837 | case WOLFSSL_SNI_HOST_NAME: { |
wolfSSL | 0:d92f9d21154c | 838 | sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 839 | |
wolfSSL | 0:d92f9d21154c | 840 | if (sni->data.host_name) { |
wolfSSL | 0:d92f9d21154c | 841 | XSTRNCPY(sni->data.host_name, (const char*)data, size); |
wolfSSL | 0:d92f9d21154c | 842 | sni->data.host_name[size] = 0; |
wolfSSL | 0:d92f9d21154c | 843 | } else { |
wolfSSL | 0:d92f9d21154c | 844 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 845 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 846 | } |
wolfSSL | 0:d92f9d21154c | 847 | } |
wolfSSL | 0:d92f9d21154c | 848 | break; |
wolfSSL | 0:d92f9d21154c | 849 | |
wolfSSL | 0:d92f9d21154c | 850 | default: /* invalid type */ |
wolfSSL | 0:d92f9d21154c | 851 | XFREE(sni, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 852 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 853 | } |
wolfSSL | 0:d92f9d21154c | 854 | |
wolfSSL | 0:d92f9d21154c | 855 | sni->type = type; |
wolfSSL | 0:d92f9d21154c | 856 | sni->next = *list; |
wolfSSL | 0:d92f9d21154c | 857 | |
wolfSSL | 0:d92f9d21154c | 858 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 859 | sni->options = 0; |
wolfSSL | 0:d92f9d21154c | 860 | sni->status = WOLFSSL_SNI_NO_MATCH; |
wolfSSL | 0:d92f9d21154c | 861 | #endif |
wolfSSL | 0:d92f9d21154c | 862 | |
wolfSSL | 0:d92f9d21154c | 863 | *list = sni; |
wolfSSL | 0:d92f9d21154c | 864 | |
wolfSSL | 0:d92f9d21154c | 865 | return 0; |
wolfSSL | 0:d92f9d21154c | 866 | } |
wolfSSL | 0:d92f9d21154c | 867 | |
wolfSSL | 0:d92f9d21154c | 868 | static word16 TLSX_SNI_GetSize(SNI* list) |
wolfSSL | 0:d92f9d21154c | 869 | { |
wolfSSL | 0:d92f9d21154c | 870 | SNI* sni; |
wolfSSL | 0:d92f9d21154c | 871 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 0:d92f9d21154c | 872 | |
wolfSSL | 0:d92f9d21154c | 873 | while ((sni = list)) { |
wolfSSL | 0:d92f9d21154c | 874 | list = sni->next; |
wolfSSL | 0:d92f9d21154c | 875 | |
wolfSSL | 0:d92f9d21154c | 876 | length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */ |
wolfSSL | 0:d92f9d21154c | 877 | |
wolfSSL | 0:d92f9d21154c | 878 | switch (sni->type) { |
wolfSSL | 0:d92f9d21154c | 879 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 0:d92f9d21154c | 880 | length += XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 0:d92f9d21154c | 881 | break; |
wolfSSL | 0:d92f9d21154c | 882 | } |
wolfSSL | 0:d92f9d21154c | 883 | } |
wolfSSL | 0:d92f9d21154c | 884 | |
wolfSSL | 0:d92f9d21154c | 885 | return length; |
wolfSSL | 0:d92f9d21154c | 886 | } |
wolfSSL | 0:d92f9d21154c | 887 | |
wolfSSL | 0:d92f9d21154c | 888 | static word16 TLSX_SNI_Write(SNI* list, byte* output) |
wolfSSL | 0:d92f9d21154c | 889 | { |
wolfSSL | 0:d92f9d21154c | 890 | SNI* sni; |
wolfSSL | 0:d92f9d21154c | 891 | word16 length = 0; |
wolfSSL | 0:d92f9d21154c | 892 | word16 offset = OPAQUE16_LEN; /* list length offset */ |
wolfSSL | 0:d92f9d21154c | 893 | |
wolfSSL | 0:d92f9d21154c | 894 | while ((sni = list)) { |
wolfSSL | 0:d92f9d21154c | 895 | list = sni->next; |
wolfSSL | 0:d92f9d21154c | 896 | |
wolfSSL | 0:d92f9d21154c | 897 | output[offset++] = sni->type; /* sni type */ |
wolfSSL | 0:d92f9d21154c | 898 | |
wolfSSL | 0:d92f9d21154c | 899 | switch (sni->type) { |
wolfSSL | 0:d92f9d21154c | 900 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 0:d92f9d21154c | 901 | length = XSTRLEN((char*)sni->data.host_name); |
wolfSSL | 0:d92f9d21154c | 902 | |
wolfSSL | 0:d92f9d21154c | 903 | c16toa(length, output + offset); /* sni length */ |
wolfSSL | 0:d92f9d21154c | 904 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 905 | |
wolfSSL | 0:d92f9d21154c | 906 | XMEMCPY(output + offset, sni->data.host_name, length); |
wolfSSL | 0:d92f9d21154c | 907 | |
wolfSSL | 0:d92f9d21154c | 908 | offset += length; |
wolfSSL | 0:d92f9d21154c | 909 | break; |
wolfSSL | 0:d92f9d21154c | 910 | } |
wolfSSL | 0:d92f9d21154c | 911 | } |
wolfSSL | 0:d92f9d21154c | 912 | |
wolfSSL | 0:d92f9d21154c | 913 | c16toa(offset - OPAQUE16_LEN, output); /* writing list length */ |
wolfSSL | 0:d92f9d21154c | 914 | |
wolfSSL | 0:d92f9d21154c | 915 | return offset; |
wolfSSL | 0:d92f9d21154c | 916 | } |
wolfSSL | 0:d92f9d21154c | 917 | |
wolfSSL | 0:d92f9d21154c | 918 | static SNI* TLSX_SNI_Find(SNI *list, byte type) |
wolfSSL | 0:d92f9d21154c | 919 | { |
wolfSSL | 0:d92f9d21154c | 920 | SNI *sni = list; |
wolfSSL | 0:d92f9d21154c | 921 | |
wolfSSL | 0:d92f9d21154c | 922 | while (sni && sni->type != type) |
wolfSSL | 0:d92f9d21154c | 923 | sni = sni->next; |
wolfSSL | 0:d92f9d21154c | 924 | |
wolfSSL | 0:d92f9d21154c | 925 | return sni; |
wolfSSL | 0:d92f9d21154c | 926 | } |
wolfSSL | 0:d92f9d21154c | 927 | |
wolfSSL | 0:d92f9d21154c | 928 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 929 | static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status) |
wolfSSL | 0:d92f9d21154c | 930 | { |
wolfSSL | 0:d92f9d21154c | 931 | TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 932 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 0:d92f9d21154c | 933 | |
wolfSSL | 0:d92f9d21154c | 934 | if (sni) { |
wolfSSL | 0:d92f9d21154c | 935 | sni->status = status; |
wolfSSL | 0:d92f9d21154c | 936 | WOLFSSL_MSG("SNI did match!"); |
wolfSSL | 0:d92f9d21154c | 937 | } |
wolfSSL | 0:d92f9d21154c | 938 | } |
wolfSSL | 0:d92f9d21154c | 939 | |
wolfSSL | 0:d92f9d21154c | 940 | byte TLSX_SNI_Status(TLSX* extensions, byte type) |
wolfSSL | 0:d92f9d21154c | 941 | { |
wolfSSL | 0:d92f9d21154c | 942 | TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 943 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 0:d92f9d21154c | 944 | |
wolfSSL | 0:d92f9d21154c | 945 | if (sni) |
wolfSSL | 0:d92f9d21154c | 946 | return sni->status; |
wolfSSL | 0:d92f9d21154c | 947 | |
wolfSSL | 0:d92f9d21154c | 948 | return 0; |
wolfSSL | 0:d92f9d21154c | 949 | } |
wolfSSL | 0:d92f9d21154c | 950 | #endif |
wolfSSL | 0:d92f9d21154c | 951 | |
wolfSSL | 0:d92f9d21154c | 952 | static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 0:d92f9d21154c | 953 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 954 | { |
wolfSSL | 0:d92f9d21154c | 955 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 956 | word16 size = 0; |
wolfSSL | 0:d92f9d21154c | 957 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 958 | #endif |
wolfSSL | 0:d92f9d21154c | 959 | |
wolfSSL | 0:d92f9d21154c | 960 | TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 961 | |
wolfSSL | 0:d92f9d21154c | 962 | if (!extension) |
wolfSSL | 0:d92f9d21154c | 963 | extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 964 | |
wolfSSL | 0:d92f9d21154c | 965 | if (!extension || !extension->data) |
wolfSSL | 0:d92f9d21154c | 966 | return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected |
wolfSSL | 0:d92f9d21154c | 967 | SNI response from server. */ |
wolfSSL | 0:d92f9d21154c | 968 | |
wolfSSL | 0:d92f9d21154c | 969 | if (!isRequest) |
wolfSSL | 0:d92f9d21154c | 970 | return length ? BUFFER_ERROR : 0; /* SNI response must be empty! |
wolfSSL | 0:d92f9d21154c | 971 | Nothing else to do. */ |
wolfSSL | 0:d92f9d21154c | 972 | |
wolfSSL | 0:d92f9d21154c | 973 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 974 | |
wolfSSL | 0:d92f9d21154c | 975 | if (OPAQUE16_LEN > length) |
wolfSSL | 0:d92f9d21154c | 976 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 977 | |
wolfSSL | 0:d92f9d21154c | 978 | ato16(input, &size); |
wolfSSL | 0:d92f9d21154c | 979 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 980 | |
wolfSSL | 0:d92f9d21154c | 981 | /* validating sni list length */ |
wolfSSL | 0:d92f9d21154c | 982 | if (length != OPAQUE16_LEN + size) |
wolfSSL | 0:d92f9d21154c | 983 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 984 | |
wolfSSL | 0:d92f9d21154c | 985 | for (size = 0; offset < length; offset += size) { |
wolfSSL | 0:d92f9d21154c | 986 | SNI *sni; |
wolfSSL | 0:d92f9d21154c | 987 | byte type = input[offset++]; |
wolfSSL | 0:d92f9d21154c | 988 | |
wolfSSL | 0:d92f9d21154c | 989 | if (offset + OPAQUE16_LEN > length) |
wolfSSL | 0:d92f9d21154c | 990 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 991 | |
wolfSSL | 0:d92f9d21154c | 992 | ato16(input + offset, &size); |
wolfSSL | 0:d92f9d21154c | 993 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 994 | |
wolfSSL | 0:d92f9d21154c | 995 | if (offset + size > length) |
wolfSSL | 0:d92f9d21154c | 996 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 997 | |
wolfSSL | 0:d92f9d21154c | 998 | if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type))) { |
wolfSSL | 0:d92f9d21154c | 999 | continue; /* not using this SNI type */ |
wolfSSL | 0:d92f9d21154c | 1000 | } |
wolfSSL | 0:d92f9d21154c | 1001 | |
wolfSSL | 0:d92f9d21154c | 1002 | switch(type) { |
wolfSSL | 0:d92f9d21154c | 1003 | case WOLFSSL_SNI_HOST_NAME: { |
wolfSSL | 0:d92f9d21154c | 1004 | byte matched = (XSTRLEN(sni->data.host_name) == size) |
wolfSSL | 0:d92f9d21154c | 1005 | && (XSTRNCMP(sni->data.host_name, |
wolfSSL | 0:d92f9d21154c | 1006 | (const char*)input + offset, size) == 0); |
wolfSSL | 0:d92f9d21154c | 1007 | |
wolfSSL | 0:d92f9d21154c | 1008 | if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { |
wolfSSL | 0:d92f9d21154c | 1009 | int r = TLSX_UseSNI(&ssl->extensions, |
wolfSSL | 0:d92f9d21154c | 1010 | type, input + offset, size); |
wolfSSL | 0:d92f9d21154c | 1011 | |
wolfSSL | 0:d92f9d21154c | 1012 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 0:d92f9d21154c | 1013 | |
wolfSSL | 0:d92f9d21154c | 1014 | TLSX_SNI_SetStatus(ssl->extensions, type, |
wolfSSL | 0:d92f9d21154c | 1015 | matched ? WOLFSSL_SNI_REAL_MATCH : WOLFSSL_SNI_FAKE_MATCH); |
wolfSSL | 0:d92f9d21154c | 1016 | |
wolfSSL | 0:d92f9d21154c | 1017 | } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { |
wolfSSL | 0:d92f9d21154c | 1018 | SendAlert(ssl, alert_fatal, unrecognized_name); |
wolfSSL | 0:d92f9d21154c | 1019 | |
wolfSSL | 0:d92f9d21154c | 1020 | return UNKNOWN_SNI_HOST_NAME_E; |
wolfSSL | 0:d92f9d21154c | 1021 | } |
wolfSSL | 0:d92f9d21154c | 1022 | break; |
wolfSSL | 0:d92f9d21154c | 1023 | } |
wolfSSL | 0:d92f9d21154c | 1024 | } |
wolfSSL | 0:d92f9d21154c | 1025 | |
wolfSSL | 0:d92f9d21154c | 1026 | TLSX_SetResponse(ssl, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 1027 | } |
wolfSSL | 0:d92f9d21154c | 1028 | |
wolfSSL | 0:d92f9d21154c | 1029 | #endif |
wolfSSL | 0:d92f9d21154c | 1030 | |
wolfSSL | 0:d92f9d21154c | 1031 | return 0; |
wolfSSL | 0:d92f9d21154c | 1032 | } |
wolfSSL | 0:d92f9d21154c | 1033 | |
wolfSSL | 0:d92f9d21154c | 1034 | int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) |
wolfSSL | 0:d92f9d21154c | 1035 | { |
wolfSSL | 0:d92f9d21154c | 1036 | TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 1037 | SNI* sni = NULL; |
wolfSSL | 0:d92f9d21154c | 1038 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1039 | |
wolfSSL | 0:d92f9d21154c | 1040 | if (extensions == NULL || data == NULL) |
wolfSSL | 0:d92f9d21154c | 1041 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1042 | |
wolfSSL | 0:d92f9d21154c | 1043 | if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0) |
wolfSSL | 0:d92f9d21154c | 1044 | return ret; |
wolfSSL | 0:d92f9d21154c | 1045 | |
wolfSSL | 0:d92f9d21154c | 1046 | if (!extension) { |
wolfSSL | 0:d92f9d21154c | 1047 | if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni)) |
wolfSSL | 0:d92f9d21154c | 1048 | != 0) { |
wolfSSL | 0:d92f9d21154c | 1049 | TLSX_SNI_Free(sni); |
wolfSSL | 0:d92f9d21154c | 1050 | return ret; |
wolfSSL | 0:d92f9d21154c | 1051 | } |
wolfSSL | 0:d92f9d21154c | 1052 | } |
wolfSSL | 0:d92f9d21154c | 1053 | else { |
wolfSSL | 0:d92f9d21154c | 1054 | /* push new SNI object to extension data. */ |
wolfSSL | 0:d92f9d21154c | 1055 | sni->next = (SNI*)extension->data; |
wolfSSL | 0:d92f9d21154c | 1056 | extension->data = (void*)sni; |
wolfSSL | 0:d92f9d21154c | 1057 | |
wolfSSL | 0:d92f9d21154c | 1058 | /* look for another server name of the same type to remove */ |
wolfSSL | 0:d92f9d21154c | 1059 | do { |
wolfSSL | 0:d92f9d21154c | 1060 | if (sni->next && sni->next->type == type) { |
wolfSSL | 0:d92f9d21154c | 1061 | SNI *next = sni->next; |
wolfSSL | 0:d92f9d21154c | 1062 | |
wolfSSL | 0:d92f9d21154c | 1063 | sni->next = next->next; |
wolfSSL | 0:d92f9d21154c | 1064 | TLSX_SNI_Free(next); |
wolfSSL | 0:d92f9d21154c | 1065 | |
wolfSSL | 0:d92f9d21154c | 1066 | break; |
wolfSSL | 0:d92f9d21154c | 1067 | } |
wolfSSL | 0:d92f9d21154c | 1068 | } while ((sni = sni->next)); |
wolfSSL | 0:d92f9d21154c | 1069 | } |
wolfSSL | 0:d92f9d21154c | 1070 | |
wolfSSL | 0:d92f9d21154c | 1071 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1072 | } |
wolfSSL | 0:d92f9d21154c | 1073 | |
wolfSSL | 0:d92f9d21154c | 1074 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1075 | word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) |
wolfSSL | 0:d92f9d21154c | 1076 | { |
wolfSSL | 0:d92f9d21154c | 1077 | TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 1078 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 0:d92f9d21154c | 1079 | |
wolfSSL | 0:d92f9d21154c | 1080 | if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { |
wolfSSL | 0:d92f9d21154c | 1081 | switch (sni->type) { |
wolfSSL | 0:d92f9d21154c | 1082 | case WOLFSSL_SNI_HOST_NAME: |
wolfSSL | 0:d92f9d21154c | 1083 | *data = sni->data.host_name; |
wolfSSL | 0:d92f9d21154c | 1084 | return XSTRLEN(*data); |
wolfSSL | 0:d92f9d21154c | 1085 | } |
wolfSSL | 0:d92f9d21154c | 1086 | } |
wolfSSL | 0:d92f9d21154c | 1087 | |
wolfSSL | 0:d92f9d21154c | 1088 | return 0; |
wolfSSL | 0:d92f9d21154c | 1089 | } |
wolfSSL | 0:d92f9d21154c | 1090 | |
wolfSSL | 0:d92f9d21154c | 1091 | void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options) |
wolfSSL | 0:d92f9d21154c | 1092 | { |
wolfSSL | 0:d92f9d21154c | 1093 | TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION); |
wolfSSL | 0:d92f9d21154c | 1094 | SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type); |
wolfSSL | 0:d92f9d21154c | 1095 | |
wolfSSL | 0:d92f9d21154c | 1096 | if (sni) |
wolfSSL | 0:d92f9d21154c | 1097 | sni->options = options; |
wolfSSL | 0:d92f9d21154c | 1098 | } |
wolfSSL | 0:d92f9d21154c | 1099 | |
wolfSSL | 0:d92f9d21154c | 1100 | int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, |
wolfSSL | 0:d92f9d21154c | 1101 | byte type, byte* sni, word32* inOutSz) |
wolfSSL | 0:d92f9d21154c | 1102 | { |
wolfSSL | 0:d92f9d21154c | 1103 | word32 offset = 0; |
wolfSSL | 0:d92f9d21154c | 1104 | word32 len32 = 0; |
wolfSSL | 0:d92f9d21154c | 1105 | word16 len16 = 0; |
wolfSSL | 0:d92f9d21154c | 1106 | |
wolfSSL | 0:d92f9d21154c | 1107 | if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST) |
wolfSSL | 0:d92f9d21154c | 1108 | return INCOMPLETE_DATA; |
wolfSSL | 0:d92f9d21154c | 1109 | |
wolfSSL | 0:d92f9d21154c | 1110 | /* TLS record header */ |
wolfSSL | 0:d92f9d21154c | 1111 | if ((enum ContentType) clientHello[offset++] != handshake) |
wolfSSL | 0:d92f9d21154c | 1112 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1113 | |
wolfSSL | 0:d92f9d21154c | 1114 | if (clientHello[offset++] != SSLv3_MAJOR) |
wolfSSL | 0:d92f9d21154c | 1115 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1116 | |
wolfSSL | 0:d92f9d21154c | 1117 | if (clientHello[offset++] < TLSv1_MINOR) |
wolfSSL | 0:d92f9d21154c | 1118 | return SNI_UNSUPPORTED; |
wolfSSL | 0:d92f9d21154c | 1119 | |
wolfSSL | 0:d92f9d21154c | 1120 | ato16(clientHello + offset, &len16); |
wolfSSL | 0:d92f9d21154c | 1121 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1122 | |
wolfSSL | 0:d92f9d21154c | 1123 | if (offset + len16 > helloSz) |
wolfSSL | 0:d92f9d21154c | 1124 | return INCOMPLETE_DATA; |
wolfSSL | 0:d92f9d21154c | 1125 | |
wolfSSL | 0:d92f9d21154c | 1126 | /* Handshake header */ |
wolfSSL | 0:d92f9d21154c | 1127 | if ((enum HandShakeType) clientHello[offset] != client_hello) |
wolfSSL | 0:d92f9d21154c | 1128 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1129 | |
wolfSSL | 0:d92f9d21154c | 1130 | c24to32(clientHello + offset + 1, &len32); |
wolfSSL | 0:d92f9d21154c | 1131 | offset += HANDSHAKE_HEADER_SZ; |
wolfSSL | 0:d92f9d21154c | 1132 | |
wolfSSL | 0:d92f9d21154c | 1133 | if (offset + len32 > helloSz) |
wolfSSL | 0:d92f9d21154c | 1134 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1135 | |
wolfSSL | 0:d92f9d21154c | 1136 | /* client hello */ |
wolfSSL | 0:d92f9d21154c | 1137 | offset += VERSION_SZ + RAN_LEN; /* version, random */ |
wolfSSL | 0:d92f9d21154c | 1138 | |
wolfSSL | 0:d92f9d21154c | 1139 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 0:d92f9d21154c | 1140 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1141 | |
wolfSSL | 0:d92f9d21154c | 1142 | offset += ENUM_LEN + clientHello[offset]; /* skip session id */ |
wolfSSL | 0:d92f9d21154c | 1143 | |
wolfSSL | 0:d92f9d21154c | 1144 | /* cypher suites */ |
wolfSSL | 0:d92f9d21154c | 1145 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 1146 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1147 | |
wolfSSL | 0:d92f9d21154c | 1148 | ato16(clientHello + offset, &len16); |
wolfSSL | 0:d92f9d21154c | 1149 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1150 | |
wolfSSL | 0:d92f9d21154c | 1151 | if (helloSz < offset + len16) |
wolfSSL | 0:d92f9d21154c | 1152 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1153 | |
wolfSSL | 0:d92f9d21154c | 1154 | offset += len16; /* skip cypher suites */ |
wolfSSL | 0:d92f9d21154c | 1155 | |
wolfSSL | 0:d92f9d21154c | 1156 | /* compression methods */ |
wolfSSL | 0:d92f9d21154c | 1157 | if (helloSz < offset + 1) |
wolfSSL | 0:d92f9d21154c | 1158 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1159 | |
wolfSSL | 0:d92f9d21154c | 1160 | if (helloSz < offset + clientHello[offset]) |
wolfSSL | 0:d92f9d21154c | 1161 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1162 | |
wolfSSL | 0:d92f9d21154c | 1163 | offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ |
wolfSSL | 0:d92f9d21154c | 1164 | |
wolfSSL | 0:d92f9d21154c | 1165 | /* extensions */ |
wolfSSL | 0:d92f9d21154c | 1166 | if (helloSz < offset + OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 1167 | return 0; /* no extensions in client hello. */ |
wolfSSL | 0:d92f9d21154c | 1168 | |
wolfSSL | 0:d92f9d21154c | 1169 | ato16(clientHello + offset, &len16); |
wolfSSL | 0:d92f9d21154c | 1170 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1171 | |
wolfSSL | 0:d92f9d21154c | 1172 | if (helloSz < offset + len16) |
wolfSSL | 0:d92f9d21154c | 1173 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1174 | |
wolfSSL | 0:d92f9d21154c | 1175 | while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) { |
wolfSSL | 0:d92f9d21154c | 1176 | word16 extType; |
wolfSSL | 0:d92f9d21154c | 1177 | word16 extLen; |
wolfSSL | 0:d92f9d21154c | 1178 | |
wolfSSL | 0:d92f9d21154c | 1179 | ato16(clientHello + offset, &extType); |
wolfSSL | 0:d92f9d21154c | 1180 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1181 | |
wolfSSL | 0:d92f9d21154c | 1182 | ato16(clientHello + offset, &extLen); |
wolfSSL | 0:d92f9d21154c | 1183 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1184 | |
wolfSSL | 0:d92f9d21154c | 1185 | if (helloSz < offset + extLen) |
wolfSSL | 0:d92f9d21154c | 1186 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1187 | |
wolfSSL | 0:d92f9d21154c | 1188 | if (extType != SERVER_NAME_INDICATION) { |
wolfSSL | 0:d92f9d21154c | 1189 | offset += extLen; /* skip extension */ |
wolfSSL | 0:d92f9d21154c | 1190 | } else { |
wolfSSL | 0:d92f9d21154c | 1191 | word16 listLen; |
wolfSSL | 0:d92f9d21154c | 1192 | |
wolfSSL | 0:d92f9d21154c | 1193 | ato16(clientHello + offset, &listLen); |
wolfSSL | 0:d92f9d21154c | 1194 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1195 | |
wolfSSL | 0:d92f9d21154c | 1196 | if (helloSz < offset + listLen) |
wolfSSL | 0:d92f9d21154c | 1197 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1198 | |
wolfSSL | 0:d92f9d21154c | 1199 | while (listLen > ENUM_LEN + OPAQUE16_LEN) { |
wolfSSL | 0:d92f9d21154c | 1200 | byte sniType = clientHello[offset++]; |
wolfSSL | 0:d92f9d21154c | 1201 | word16 sniLen; |
wolfSSL | 0:d92f9d21154c | 1202 | |
wolfSSL | 0:d92f9d21154c | 1203 | ato16(clientHello + offset, &sniLen); |
wolfSSL | 0:d92f9d21154c | 1204 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1205 | |
wolfSSL | 0:d92f9d21154c | 1206 | if (helloSz < offset + sniLen) |
wolfSSL | 0:d92f9d21154c | 1207 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1208 | |
wolfSSL | 0:d92f9d21154c | 1209 | if (sniType != type) { |
wolfSSL | 0:d92f9d21154c | 1210 | offset += sniLen; |
wolfSSL | 0:d92f9d21154c | 1211 | listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen); |
wolfSSL | 0:d92f9d21154c | 1212 | continue; |
wolfSSL | 0:d92f9d21154c | 1213 | } |
wolfSSL | 0:d92f9d21154c | 1214 | |
wolfSSL | 0:d92f9d21154c | 1215 | *inOutSz = min(sniLen, *inOutSz); |
wolfSSL | 0:d92f9d21154c | 1216 | XMEMCPY(sni, clientHello + offset, *inOutSz); |
wolfSSL | 0:d92f9d21154c | 1217 | |
wolfSSL | 0:d92f9d21154c | 1218 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1219 | } |
wolfSSL | 0:d92f9d21154c | 1220 | } |
wolfSSL | 0:d92f9d21154c | 1221 | |
wolfSSL | 0:d92f9d21154c | 1222 | len16 -= min(2 * OPAQUE16_LEN + extLen, len16); |
wolfSSL | 0:d92f9d21154c | 1223 | } |
wolfSSL | 0:d92f9d21154c | 1224 | |
wolfSSL | 0:d92f9d21154c | 1225 | return len16 ? BUFFER_ERROR : 0; |
wolfSSL | 0:d92f9d21154c | 1226 | } |
wolfSSL | 0:d92f9d21154c | 1227 | |
wolfSSL | 0:d92f9d21154c | 1228 | #endif |
wolfSSL | 0:d92f9d21154c | 1229 | |
wolfSSL | 0:d92f9d21154c | 1230 | #define SNI_FREE_ALL TLSX_SNI_FreeAll |
wolfSSL | 0:d92f9d21154c | 1231 | #define SNI_GET_SIZE TLSX_SNI_GetSize |
wolfSSL | 0:d92f9d21154c | 1232 | #define SNI_WRITE TLSX_SNI_Write |
wolfSSL | 0:d92f9d21154c | 1233 | #define SNI_PARSE TLSX_SNI_Parse |
wolfSSL | 0:d92f9d21154c | 1234 | |
wolfSSL | 0:d92f9d21154c | 1235 | #else |
wolfSSL | 0:d92f9d21154c | 1236 | |
wolfSSL | 0:d92f9d21154c | 1237 | #define SNI_FREE_ALL(list) |
wolfSSL | 0:d92f9d21154c | 1238 | #define SNI_GET_SIZE(list) 0 |
wolfSSL | 0:d92f9d21154c | 1239 | #define SNI_WRITE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1240 | #define SNI_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1241 | |
wolfSSL | 0:d92f9d21154c | 1242 | #endif /* HAVE_SNI */ |
wolfSSL | 0:d92f9d21154c | 1243 | |
wolfSSL | 0:d92f9d21154c | 1244 | #ifdef HAVE_MAX_FRAGMENT |
wolfSSL | 0:d92f9d21154c | 1245 | |
wolfSSL | 0:d92f9d21154c | 1246 | static word16 TLSX_MFL_Write(byte* data, byte* output) |
wolfSSL | 0:d92f9d21154c | 1247 | { |
wolfSSL | 0:d92f9d21154c | 1248 | output[0] = data[0]; |
wolfSSL | 0:d92f9d21154c | 1249 | |
wolfSSL | 0:d92f9d21154c | 1250 | return ENUM_LEN; |
wolfSSL | 0:d92f9d21154c | 1251 | } |
wolfSSL | 0:d92f9d21154c | 1252 | |
wolfSSL | 0:d92f9d21154c | 1253 | static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 0:d92f9d21154c | 1254 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1255 | { |
wolfSSL | 0:d92f9d21154c | 1256 | if (length != ENUM_LEN) |
wolfSSL | 0:d92f9d21154c | 1257 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1258 | |
wolfSSL | 0:d92f9d21154c | 1259 | switch (*input) { |
wolfSSL | 0:d92f9d21154c | 1260 | case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; |
wolfSSL | 0:d92f9d21154c | 1261 | case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; |
wolfSSL | 0:d92f9d21154c | 1262 | case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; |
wolfSSL | 0:d92f9d21154c | 1263 | case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; |
wolfSSL | 0:d92f9d21154c | 1264 | case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; |
wolfSSL | 0:d92f9d21154c | 1265 | |
wolfSSL | 0:d92f9d21154c | 1266 | default: |
wolfSSL | 0:d92f9d21154c | 1267 | SendAlert(ssl, alert_fatal, illegal_parameter); |
wolfSSL | 0:d92f9d21154c | 1268 | |
wolfSSL | 0:d92f9d21154c | 1269 | return UNKNOWN_MAX_FRAG_LEN_E; |
wolfSSL | 0:d92f9d21154c | 1270 | } |
wolfSSL | 0:d92f9d21154c | 1271 | |
wolfSSL | 0:d92f9d21154c | 1272 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1273 | if (isRequest) { |
wolfSSL | 0:d92f9d21154c | 1274 | int r = TLSX_UseMaxFragment(&ssl->extensions, *input); |
wolfSSL | 0:d92f9d21154c | 1275 | |
wolfSSL | 0:d92f9d21154c | 1276 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 0:d92f9d21154c | 1277 | |
wolfSSL | 0:d92f9d21154c | 1278 | TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH); |
wolfSSL | 0:d92f9d21154c | 1279 | } |
wolfSSL | 0:d92f9d21154c | 1280 | #endif |
wolfSSL | 0:d92f9d21154c | 1281 | |
wolfSSL | 0:d92f9d21154c | 1282 | return 0; |
wolfSSL | 0:d92f9d21154c | 1283 | } |
wolfSSL | 0:d92f9d21154c | 1284 | |
wolfSSL | 0:d92f9d21154c | 1285 | int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) |
wolfSSL | 0:d92f9d21154c | 1286 | { |
wolfSSL | 0:d92f9d21154c | 1287 | byte* data = NULL; |
wolfSSL | 0:d92f9d21154c | 1288 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1289 | |
wolfSSL | 0:d92f9d21154c | 1290 | if (extensions == NULL) |
wolfSSL | 0:d92f9d21154c | 1291 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1292 | |
wolfSSL | 0:d92f9d21154c | 1293 | if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) |
wolfSSL | 0:d92f9d21154c | 1294 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1295 | |
wolfSSL | 0:d92f9d21154c | 1296 | if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 0:d92f9d21154c | 1297 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 1298 | |
wolfSSL | 0:d92f9d21154c | 1299 | data[0] = mfl; |
wolfSSL | 0:d92f9d21154c | 1300 | |
wolfSSL | 0:d92f9d21154c | 1301 | /* push new MFL extension. */ |
wolfSSL | 0:d92f9d21154c | 1302 | if ((ret = TLSX_Push(extensions, MAX_FRAGMENT_LENGTH, data)) != 0) { |
wolfSSL | 0:d92f9d21154c | 1303 | XFREE(data, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1304 | return ret; |
wolfSSL | 0:d92f9d21154c | 1305 | } |
wolfSSL | 0:d92f9d21154c | 1306 | |
wolfSSL | 0:d92f9d21154c | 1307 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1308 | } |
wolfSSL | 0:d92f9d21154c | 1309 | |
wolfSSL | 0:d92f9d21154c | 1310 | |
wolfSSL | 0:d92f9d21154c | 1311 | #define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX) |
wolfSSL | 0:d92f9d21154c | 1312 | #define MFL_GET_SIZE(data) ENUM_LEN |
wolfSSL | 0:d92f9d21154c | 1313 | #define MFL_WRITE TLSX_MFL_Write |
wolfSSL | 0:d92f9d21154c | 1314 | #define MFL_PARSE TLSX_MFL_Parse |
wolfSSL | 0:d92f9d21154c | 1315 | |
wolfSSL | 0:d92f9d21154c | 1316 | #else |
wolfSSL | 0:d92f9d21154c | 1317 | |
wolfSSL | 0:d92f9d21154c | 1318 | #define MFL_FREE_ALL(a) |
wolfSSL | 0:d92f9d21154c | 1319 | #define MFL_GET_SIZE(a) 0 |
wolfSSL | 0:d92f9d21154c | 1320 | #define MFL_WRITE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1321 | #define MFL_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1322 | |
wolfSSL | 0:d92f9d21154c | 1323 | #endif /* HAVE_MAX_FRAGMENT */ |
wolfSSL | 0:d92f9d21154c | 1324 | |
wolfSSL | 0:d92f9d21154c | 1325 | #ifdef HAVE_TRUNCATED_HMAC |
wolfSSL | 0:d92f9d21154c | 1326 | |
wolfSSL | 0:d92f9d21154c | 1327 | static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 0:d92f9d21154c | 1328 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1329 | { |
wolfSSL | 0:d92f9d21154c | 1330 | if (length != 0 || input == NULL) |
wolfSSL | 0:d92f9d21154c | 1331 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1332 | |
wolfSSL | 0:d92f9d21154c | 1333 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1334 | if (isRequest) { |
wolfSSL | 0:d92f9d21154c | 1335 | int r = TLSX_UseTruncatedHMAC(&ssl->extensions); |
wolfSSL | 0:d92f9d21154c | 1336 | |
wolfSSL | 0:d92f9d21154c | 1337 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 0:d92f9d21154c | 1338 | |
wolfSSL | 0:d92f9d21154c | 1339 | TLSX_SetResponse(ssl, TRUNCATED_HMAC); |
wolfSSL | 0:d92f9d21154c | 1340 | } |
wolfSSL | 0:d92f9d21154c | 1341 | #endif |
wolfSSL | 0:d92f9d21154c | 1342 | |
wolfSSL | 0:d92f9d21154c | 1343 | ssl->truncated_hmac = 1; |
wolfSSL | 0:d92f9d21154c | 1344 | |
wolfSSL | 0:d92f9d21154c | 1345 | return 0; |
wolfSSL | 0:d92f9d21154c | 1346 | } |
wolfSSL | 0:d92f9d21154c | 1347 | |
wolfSSL | 0:d92f9d21154c | 1348 | int TLSX_UseTruncatedHMAC(TLSX** extensions) |
wolfSSL | 0:d92f9d21154c | 1349 | { |
wolfSSL | 0:d92f9d21154c | 1350 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1351 | |
wolfSSL | 0:d92f9d21154c | 1352 | if (extensions == NULL) |
wolfSSL | 0:d92f9d21154c | 1353 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1354 | |
wolfSSL | 0:d92f9d21154c | 1355 | if ((ret = TLSX_Push(extensions, TRUNCATED_HMAC, NULL)) != 0) |
wolfSSL | 0:d92f9d21154c | 1356 | return ret; |
wolfSSL | 0:d92f9d21154c | 1357 | |
wolfSSL | 0:d92f9d21154c | 1358 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1359 | } |
wolfSSL | 0:d92f9d21154c | 1360 | |
wolfSSL | 0:d92f9d21154c | 1361 | #define THM_PARSE TLSX_THM_Parse |
wolfSSL | 0:d92f9d21154c | 1362 | |
wolfSSL | 0:d92f9d21154c | 1363 | #else |
wolfSSL | 0:d92f9d21154c | 1364 | |
wolfSSL | 0:d92f9d21154c | 1365 | #define THM_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1366 | |
wolfSSL | 0:d92f9d21154c | 1367 | #endif /* HAVE_TRUNCATED_HMAC */ |
wolfSSL | 0:d92f9d21154c | 1368 | |
wolfSSL | 0:d92f9d21154c | 1369 | #ifdef HAVE_SUPPORTED_CURVES |
wolfSSL | 0:d92f9d21154c | 1370 | |
wolfSSL | 0:d92f9d21154c | 1371 | #ifndef HAVE_ECC |
wolfSSL | 0:d92f9d21154c | 1372 | #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ |
wolfSSL | 0:d92f9d21154c | 1373 | Use --enable-ecc in the configure script or define HAVE_ECC. |
wolfSSL | 0:d92f9d21154c | 1374 | #endif |
wolfSSL | 0:d92f9d21154c | 1375 | |
wolfSSL | 0:d92f9d21154c | 1376 | static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) |
wolfSSL | 0:d92f9d21154c | 1377 | { |
wolfSSL | 0:d92f9d21154c | 1378 | EllipticCurve* curve; |
wolfSSL | 0:d92f9d21154c | 1379 | |
wolfSSL | 0:d92f9d21154c | 1380 | while ((curve = list)) { |
wolfSSL | 0:d92f9d21154c | 1381 | list = curve->next; |
wolfSSL | 0:d92f9d21154c | 1382 | XFREE(curve, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1383 | } |
wolfSSL | 0:d92f9d21154c | 1384 | } |
wolfSSL | 0:d92f9d21154c | 1385 | |
wolfSSL | 0:d92f9d21154c | 1386 | static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name) |
wolfSSL | 0:d92f9d21154c | 1387 | { |
wolfSSL | 0:d92f9d21154c | 1388 | EllipticCurve* curve; |
wolfSSL | 0:d92f9d21154c | 1389 | |
wolfSSL | 0:d92f9d21154c | 1390 | if (list == NULL) |
wolfSSL | 0:d92f9d21154c | 1391 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1392 | |
wolfSSL | 0:d92f9d21154c | 1393 | if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL) |
wolfSSL | 0:d92f9d21154c | 1394 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 1395 | |
wolfSSL | 0:d92f9d21154c | 1396 | curve->name = name; |
wolfSSL | 0:d92f9d21154c | 1397 | curve->next = *list; |
wolfSSL | 0:d92f9d21154c | 1398 | |
wolfSSL | 0:d92f9d21154c | 1399 | *list = curve; |
wolfSSL | 0:d92f9d21154c | 1400 | |
wolfSSL | 0:d92f9d21154c | 1401 | return 0; |
wolfSSL | 0:d92f9d21154c | 1402 | } |
wolfSSL | 0:d92f9d21154c | 1403 | |
wolfSSL | 0:d92f9d21154c | 1404 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 0:d92f9d21154c | 1405 | |
wolfSSL | 0:d92f9d21154c | 1406 | static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) |
wolfSSL | 0:d92f9d21154c | 1407 | { |
wolfSSL | 0:d92f9d21154c | 1408 | int i; |
wolfSSL | 0:d92f9d21154c | 1409 | |
wolfSSL | 0:d92f9d21154c | 1410 | for (i = 0; i < ssl->suites->suiteSz; i+= 2) |
wolfSSL | 0:d92f9d21154c | 1411 | if (ssl->suites->suites[i] == ECC_BYTE) |
wolfSSL | 0:d92f9d21154c | 1412 | return; |
wolfSSL | 0:d92f9d21154c | 1413 | |
wolfSSL | 0:d92f9d21154c | 1414 | /* No elliptic curve suite found */ |
wolfSSL | 0:d92f9d21154c | 1415 | TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES)); |
wolfSSL | 0:d92f9d21154c | 1416 | } |
wolfSSL | 0:d92f9d21154c | 1417 | |
wolfSSL | 0:d92f9d21154c | 1418 | static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) |
wolfSSL | 0:d92f9d21154c | 1419 | { |
wolfSSL | 0:d92f9d21154c | 1420 | EllipticCurve* curve; |
wolfSSL | 0:d92f9d21154c | 1421 | word16 length = OPAQUE16_LEN; /* list length */ |
wolfSSL | 0:d92f9d21154c | 1422 | |
wolfSSL | 0:d92f9d21154c | 1423 | while ((curve = list)) { |
wolfSSL | 0:d92f9d21154c | 1424 | list = curve->next; |
wolfSSL | 0:d92f9d21154c | 1425 | length += OPAQUE16_LEN; /* curve length */ |
wolfSSL | 0:d92f9d21154c | 1426 | } |
wolfSSL | 0:d92f9d21154c | 1427 | |
wolfSSL | 0:d92f9d21154c | 1428 | return length; |
wolfSSL | 0:d92f9d21154c | 1429 | } |
wolfSSL | 0:d92f9d21154c | 1430 | |
wolfSSL | 0:d92f9d21154c | 1431 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output); |
wolfSSL | 0:d92f9d21154c | 1432 | static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output) |
wolfSSL | 0:d92f9d21154c | 1433 | { |
wolfSSL | 0:d92f9d21154c | 1434 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 1435 | |
wolfSSL | 0:d92f9d21154c | 1436 | if (!curve) |
wolfSSL | 0:d92f9d21154c | 1437 | return offset; |
wolfSSL | 0:d92f9d21154c | 1438 | |
wolfSSL | 0:d92f9d21154c | 1439 | offset = TLSX_EllipticCurve_WriteR(curve->next, output); |
wolfSSL | 0:d92f9d21154c | 1440 | c16toa(curve->name, output + offset); |
wolfSSL | 0:d92f9d21154c | 1441 | |
wolfSSL | 0:d92f9d21154c | 1442 | return OPAQUE16_LEN + offset; |
wolfSSL | 0:d92f9d21154c | 1443 | } |
wolfSSL | 0:d92f9d21154c | 1444 | |
wolfSSL | 0:d92f9d21154c | 1445 | static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output) |
wolfSSL | 0:d92f9d21154c | 1446 | { |
wolfSSL | 0:d92f9d21154c | 1447 | word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN); |
wolfSSL | 0:d92f9d21154c | 1448 | |
wolfSSL | 0:d92f9d21154c | 1449 | c16toa(length, output); /* writing list length */ |
wolfSSL | 0:d92f9d21154c | 1450 | |
wolfSSL | 0:d92f9d21154c | 1451 | return OPAQUE16_LEN + length; |
wolfSSL | 0:d92f9d21154c | 1452 | } |
wolfSSL | 0:d92f9d21154c | 1453 | |
wolfSSL | 0:d92f9d21154c | 1454 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 0:d92f9d21154c | 1455 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1456 | |
wolfSSL | 0:d92f9d21154c | 1457 | static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 0:d92f9d21154c | 1458 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1459 | { |
wolfSSL | 0:d92f9d21154c | 1460 | word16 offset; |
wolfSSL | 0:d92f9d21154c | 1461 | word16 name; |
wolfSSL | 0:d92f9d21154c | 1462 | int r; |
wolfSSL | 0:d92f9d21154c | 1463 | |
wolfSSL | 0:d92f9d21154c | 1464 | (void) isRequest; /* shut up compiler! */ |
wolfSSL | 0:d92f9d21154c | 1465 | |
wolfSSL | 0:d92f9d21154c | 1466 | if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 1467 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1468 | |
wolfSSL | 0:d92f9d21154c | 1469 | ato16(input, &offset); |
wolfSSL | 0:d92f9d21154c | 1470 | |
wolfSSL | 0:d92f9d21154c | 1471 | /* validating curve list length */ |
wolfSSL | 0:d92f9d21154c | 1472 | if (length != OPAQUE16_LEN + offset) |
wolfSSL | 0:d92f9d21154c | 1473 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1474 | |
wolfSSL | 0:d92f9d21154c | 1475 | while (offset) { |
wolfSSL | 0:d92f9d21154c | 1476 | ato16(input + offset, &name); |
wolfSSL | 0:d92f9d21154c | 1477 | offset -= OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 1478 | |
wolfSSL | 0:d92f9d21154c | 1479 | r = TLSX_UseSupportedCurve(&ssl->extensions, name); |
wolfSSL | 0:d92f9d21154c | 1480 | |
wolfSSL | 0:d92f9d21154c | 1481 | if (r != SSL_SUCCESS) return r; /* throw error */ |
wolfSSL | 0:d92f9d21154c | 1482 | } |
wolfSSL | 0:d92f9d21154c | 1483 | |
wolfSSL | 0:d92f9d21154c | 1484 | return 0; |
wolfSSL | 0:d92f9d21154c | 1485 | } |
wolfSSL | 0:d92f9d21154c | 1486 | |
wolfSSL | 0:d92f9d21154c | 1487 | int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { |
wolfSSL | 0:d92f9d21154c | 1488 | TLSX* extension = (first == ECC_BYTE) |
wolfSSL | 0:d92f9d21154c | 1489 | ? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES) |
wolfSSL | 0:d92f9d21154c | 1490 | : NULL; |
wolfSSL | 0:d92f9d21154c | 1491 | EllipticCurve* curve = NULL; |
wolfSSL | 0:d92f9d21154c | 1492 | word32 oid = 0; |
wolfSSL | 0:d92f9d21154c | 1493 | word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */ |
wolfSSL | 0:d92f9d21154c | 1494 | int sig = 0; /* valitade signature */ |
wolfSSL | 0:d92f9d21154c | 1495 | int key = 0; /* validate key */ |
wolfSSL | 0:d92f9d21154c | 1496 | |
wolfSSL | 0:d92f9d21154c | 1497 | (void)oid; |
wolfSSL | 0:d92f9d21154c | 1498 | (void)octets; |
wolfSSL | 0:d92f9d21154c | 1499 | |
wolfSSL | 0:d92f9d21154c | 1500 | if (!extension) |
wolfSSL | 0:d92f9d21154c | 1501 | return 1; /* no suite restriction */ |
wolfSSL | 0:d92f9d21154c | 1502 | |
wolfSSL | 0:d92f9d21154c | 1503 | for (curve = extension->data; curve && !(sig && key); curve = curve->next) { |
wolfSSL | 0:d92f9d21154c | 1504 | |
wolfSSL | 0:d92f9d21154c | 1505 | switch (curve->name) { |
wolfSSL | 0:d92f9d21154c | 1506 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160) |
wolfSSL | 0:d92f9d21154c | 1507 | case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break; |
wolfSSL | 0:d92f9d21154c | 1508 | #endif |
wolfSSL | 0:d92f9d21154c | 1509 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192) |
wolfSSL | 0:d92f9d21154c | 1510 | case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break; |
wolfSSL | 0:d92f9d21154c | 1511 | #endif |
wolfSSL | 0:d92f9d21154c | 1512 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224) |
wolfSSL | 0:d92f9d21154c | 1513 | case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break; |
wolfSSL | 0:d92f9d21154c | 1514 | #endif |
wolfSSL | 0:d92f9d21154c | 1515 | #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256) |
wolfSSL | 0:d92f9d21154c | 1516 | case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break; |
wolfSSL | 0:d92f9d21154c | 1517 | #endif |
wolfSSL | 0:d92f9d21154c | 1518 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384) |
wolfSSL | 0:d92f9d21154c | 1519 | case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break; |
wolfSSL | 0:d92f9d21154c | 1520 | #endif |
wolfSSL | 0:d92f9d21154c | 1521 | #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521) |
wolfSSL | 0:d92f9d21154c | 1522 | case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break; |
wolfSSL | 0:d92f9d21154c | 1523 | #endif |
wolfSSL | 0:d92f9d21154c | 1524 | default: continue; /* unsupported curve */ |
wolfSSL | 0:d92f9d21154c | 1525 | } |
wolfSSL | 0:d92f9d21154c | 1526 | |
wolfSSL | 0:d92f9d21154c | 1527 | switch (second) { |
wolfSSL | 0:d92f9d21154c | 1528 | #ifndef NO_DSA |
wolfSSL | 0:d92f9d21154c | 1529 | /* ECDHE_ECDSA */ |
wolfSSL | 0:d92f9d21154c | 1530 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1531 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1532 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 0:d92f9d21154c | 1533 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1534 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 0:d92f9d21154c | 1535 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 0:d92f9d21154c | 1536 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 0:d92f9d21154c | 1537 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 0:d92f9d21154c | 1538 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
wolfSSL | 0:d92f9d21154c | 1539 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: |
wolfSSL | 0:d92f9d21154c | 1540 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 0:d92f9d21154c | 1541 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 0:d92f9d21154c | 1542 | break; |
wolfSSL | 0:d92f9d21154c | 1543 | |
wolfSSL | 0:d92f9d21154c | 1544 | /* ECDH_ECDSA */ |
wolfSSL | 0:d92f9d21154c | 1545 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1546 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1547 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: |
wolfSSL | 0:d92f9d21154c | 1548 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1549 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 0:d92f9d21154c | 1550 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 0:d92f9d21154c | 1551 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 0:d92f9d21154c | 1552 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 0:d92f9d21154c | 1553 | sig |= ssl->pkCurveOID == oid; |
wolfSSL | 0:d92f9d21154c | 1554 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 0:d92f9d21154c | 1555 | break; |
wolfSSL | 0:d92f9d21154c | 1556 | #endif |
wolfSSL | 0:d92f9d21154c | 1557 | #ifndef NO_RSA |
wolfSSL | 0:d92f9d21154c | 1558 | /* ECDHE_RSA */ |
wolfSSL | 0:d92f9d21154c | 1559 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1560 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1561 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA: |
wolfSSL | 0:d92f9d21154c | 1562 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1563 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 0:d92f9d21154c | 1564 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 0:d92f9d21154c | 1565 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 0:d92f9d21154c | 1566 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 0:d92f9d21154c | 1567 | sig = 1; |
wolfSSL | 0:d92f9d21154c | 1568 | key |= ssl->eccTempKeySz == octets; |
wolfSSL | 0:d92f9d21154c | 1569 | break; |
wolfSSL | 0:d92f9d21154c | 1570 | |
wolfSSL | 0:d92f9d21154c | 1571 | /* ECDH_RSA */ |
wolfSSL | 0:d92f9d21154c | 1572 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1573 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1574 | case TLS_ECDH_RSA_WITH_RC4_128_SHA: |
wolfSSL | 0:d92f9d21154c | 1575 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: |
wolfSSL | 0:d92f9d21154c | 1576 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: |
wolfSSL | 0:d92f9d21154c | 1577 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: |
wolfSSL | 0:d92f9d21154c | 1578 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: |
wolfSSL | 0:d92f9d21154c | 1579 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: |
wolfSSL | 0:d92f9d21154c | 1580 | sig = 1; |
wolfSSL | 0:d92f9d21154c | 1581 | key |= ssl->pkCurveOID == oid; |
wolfSSL | 0:d92f9d21154c | 1582 | break; |
wolfSSL | 0:d92f9d21154c | 1583 | #endif |
wolfSSL | 0:d92f9d21154c | 1584 | default: |
wolfSSL | 0:d92f9d21154c | 1585 | sig = 1; |
wolfSSL | 0:d92f9d21154c | 1586 | key = 1; |
wolfSSL | 0:d92f9d21154c | 1587 | break; |
wolfSSL | 0:d92f9d21154c | 1588 | } |
wolfSSL | 0:d92f9d21154c | 1589 | } |
wolfSSL | 0:d92f9d21154c | 1590 | |
wolfSSL | 0:d92f9d21154c | 1591 | return sig && key; |
wolfSSL | 0:d92f9d21154c | 1592 | } |
wolfSSL | 0:d92f9d21154c | 1593 | |
wolfSSL | 0:d92f9d21154c | 1594 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 0:d92f9d21154c | 1595 | |
wolfSSL | 0:d92f9d21154c | 1596 | int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) |
wolfSSL | 0:d92f9d21154c | 1597 | { |
wolfSSL | 0:d92f9d21154c | 1598 | TLSX* extension = TLSX_Find(*extensions, ELLIPTIC_CURVES); |
wolfSSL | 0:d92f9d21154c | 1599 | EllipticCurve* curve = NULL; |
wolfSSL | 0:d92f9d21154c | 1600 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1601 | |
wolfSSL | 0:d92f9d21154c | 1602 | if (extensions == NULL) |
wolfSSL | 0:d92f9d21154c | 1603 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1604 | |
wolfSSL | 0:d92f9d21154c | 1605 | if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0) |
wolfSSL | 0:d92f9d21154c | 1606 | return ret; |
wolfSSL | 0:d92f9d21154c | 1607 | |
wolfSSL | 0:d92f9d21154c | 1608 | if (!extension) { |
wolfSSL | 0:d92f9d21154c | 1609 | if ((ret = TLSX_Push(extensions, ELLIPTIC_CURVES, curve)) != 0) { |
wolfSSL | 0:d92f9d21154c | 1610 | XFREE(curve, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1611 | return ret; |
wolfSSL | 0:d92f9d21154c | 1612 | } |
wolfSSL | 0:d92f9d21154c | 1613 | } |
wolfSSL | 0:d92f9d21154c | 1614 | else { |
wolfSSL | 0:d92f9d21154c | 1615 | /* push new EllipticCurve object to extension data. */ |
wolfSSL | 0:d92f9d21154c | 1616 | curve->next = (EllipticCurve*)extension->data; |
wolfSSL | 0:d92f9d21154c | 1617 | extension->data = (void*)curve; |
wolfSSL | 0:d92f9d21154c | 1618 | |
wolfSSL | 0:d92f9d21154c | 1619 | /* look for another curve of the same name to remove (replacement) */ |
wolfSSL | 0:d92f9d21154c | 1620 | do { |
wolfSSL | 0:d92f9d21154c | 1621 | if (curve->next && curve->next->name == name) { |
wolfSSL | 0:d92f9d21154c | 1622 | EllipticCurve *next = curve->next; |
wolfSSL | 0:d92f9d21154c | 1623 | |
wolfSSL | 0:d92f9d21154c | 1624 | curve->next = next->next; |
wolfSSL | 0:d92f9d21154c | 1625 | XFREE(next, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1626 | |
wolfSSL | 0:d92f9d21154c | 1627 | break; |
wolfSSL | 0:d92f9d21154c | 1628 | } |
wolfSSL | 0:d92f9d21154c | 1629 | } while ((curve = curve->next)); |
wolfSSL | 0:d92f9d21154c | 1630 | } |
wolfSSL | 0:d92f9d21154c | 1631 | |
wolfSSL | 0:d92f9d21154c | 1632 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1633 | } |
wolfSSL | 0:d92f9d21154c | 1634 | |
wolfSSL | 0:d92f9d21154c | 1635 | #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll |
wolfSSL | 0:d92f9d21154c | 1636 | #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest |
wolfSSL | 0:d92f9d21154c | 1637 | |
wolfSSL | 0:d92f9d21154c | 1638 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 0:d92f9d21154c | 1639 | #define EC_GET_SIZE TLSX_EllipticCurve_GetSize |
wolfSSL | 0:d92f9d21154c | 1640 | #define EC_WRITE TLSX_EllipticCurve_Write |
wolfSSL | 0:d92f9d21154c | 1641 | #else |
wolfSSL | 0:d92f9d21154c | 1642 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 0:d92f9d21154c | 1643 | #define EC_WRITE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1644 | #endif |
wolfSSL | 0:d92f9d21154c | 1645 | |
wolfSSL | 0:d92f9d21154c | 1646 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1647 | #define EC_PARSE TLSX_EllipticCurve_Parse |
wolfSSL | 0:d92f9d21154c | 1648 | #else |
wolfSSL | 0:d92f9d21154c | 1649 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1650 | #endif |
wolfSSL | 0:d92f9d21154c | 1651 | |
wolfSSL | 0:d92f9d21154c | 1652 | #else |
wolfSSL | 0:d92f9d21154c | 1653 | |
wolfSSL | 0:d92f9d21154c | 1654 | #define EC_FREE_ALL(list) |
wolfSSL | 0:d92f9d21154c | 1655 | #define EC_GET_SIZE(list) 0 |
wolfSSL | 0:d92f9d21154c | 1656 | #define EC_WRITE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1657 | #define EC_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1658 | #define EC_VALIDATE_REQUEST(a, b) |
wolfSSL | 0:d92f9d21154c | 1659 | |
wolfSSL | 0:d92f9d21154c | 1660 | #endif /* HAVE_SUPPORTED_CURVES */ |
wolfSSL | 0:d92f9d21154c | 1661 | |
wolfSSL | 0:d92f9d21154c | 1662 | #ifdef HAVE_SECURE_RENEGOTIATION |
wolfSSL | 0:d92f9d21154c | 1663 | |
wolfSSL | 0:d92f9d21154c | 1664 | static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data, |
wolfSSL | 0:d92f9d21154c | 1665 | int isRequest) |
wolfSSL | 0:d92f9d21154c | 1666 | { |
wolfSSL | 0:d92f9d21154c | 1667 | byte length = OPAQUE8_LEN; /* empty info length */ |
wolfSSL | 0:d92f9d21154c | 1668 | |
wolfSSL | 0:d92f9d21154c | 1669 | if (data->enabled) { |
wolfSSL | 0:d92f9d21154c | 1670 | /* client sends client_verify_data only */ |
wolfSSL | 0:d92f9d21154c | 1671 | length += TLS_FINISHED_SZ; |
wolfSSL | 0:d92f9d21154c | 1672 | |
wolfSSL | 0:d92f9d21154c | 1673 | /* server also sends server_verify_data */ |
wolfSSL | 0:d92f9d21154c | 1674 | if (!isRequest) |
wolfSSL | 0:d92f9d21154c | 1675 | length += TLS_FINISHED_SZ; |
wolfSSL | 0:d92f9d21154c | 1676 | } |
wolfSSL | 0:d92f9d21154c | 1677 | |
wolfSSL | 0:d92f9d21154c | 1678 | return length; |
wolfSSL | 0:d92f9d21154c | 1679 | } |
wolfSSL | 0:d92f9d21154c | 1680 | |
wolfSSL | 0:d92f9d21154c | 1681 | static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data, |
wolfSSL | 0:d92f9d21154c | 1682 | byte* output, int isRequest) |
wolfSSL | 0:d92f9d21154c | 1683 | { |
wolfSSL | 0:d92f9d21154c | 1684 | word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */ |
wolfSSL | 0:d92f9d21154c | 1685 | |
wolfSSL | 0:d92f9d21154c | 1686 | if (data->enabled) { |
wolfSSL | 0:d92f9d21154c | 1687 | /* client sends client_verify_data only */ |
wolfSSL | 0:d92f9d21154c | 1688 | XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 0:d92f9d21154c | 1689 | offset += TLS_FINISHED_SZ; |
wolfSSL | 0:d92f9d21154c | 1690 | |
wolfSSL | 0:d92f9d21154c | 1691 | /* server also sends server_verify_data */ |
wolfSSL | 0:d92f9d21154c | 1692 | if (!isRequest) { |
wolfSSL | 0:d92f9d21154c | 1693 | XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ); |
wolfSSL | 0:d92f9d21154c | 1694 | offset += TLS_FINISHED_SZ; |
wolfSSL | 0:d92f9d21154c | 1695 | } |
wolfSSL | 0:d92f9d21154c | 1696 | } |
wolfSSL | 0:d92f9d21154c | 1697 | |
wolfSSL | 0:d92f9d21154c | 1698 | output[0] = offset - 1; /* info length - self */ |
wolfSSL | 0:d92f9d21154c | 1699 | |
wolfSSL | 0:d92f9d21154c | 1700 | return offset; |
wolfSSL | 0:d92f9d21154c | 1701 | } |
wolfSSL | 0:d92f9d21154c | 1702 | |
wolfSSL | 0:d92f9d21154c | 1703 | static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, |
wolfSSL | 0:d92f9d21154c | 1704 | word16 length, byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1705 | { |
wolfSSL | 0:d92f9d21154c | 1706 | int ret = SECURE_RENEGOTIATION_E; |
wolfSSL | 0:d92f9d21154c | 1707 | |
wolfSSL | 0:d92f9d21154c | 1708 | if (length >= OPAQUE8_LEN) { |
wolfSSL | 0:d92f9d21154c | 1709 | if (ssl->secure_renegotiation == NULL) { |
wolfSSL | 0:d92f9d21154c | 1710 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1711 | if (isRequest && *input == 0) { |
wolfSSL | 0:d92f9d21154c | 1712 | ret = 0; /* don't reply, user didn't enable */ |
wolfSSL | 0:d92f9d21154c | 1713 | } |
wolfSSL | 0:d92f9d21154c | 1714 | #endif |
wolfSSL | 0:d92f9d21154c | 1715 | } |
wolfSSL | 0:d92f9d21154c | 1716 | else if (isRequest) { |
wolfSSL | 0:d92f9d21154c | 1717 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1718 | if (*input == TLS_FINISHED_SZ) { |
wolfSSL | 0:d92f9d21154c | 1719 | /* TODO compare client_verify_data */ |
wolfSSL | 0:d92f9d21154c | 1720 | ret = 0; |
wolfSSL | 0:d92f9d21154c | 1721 | } |
wolfSSL | 0:d92f9d21154c | 1722 | #endif |
wolfSSL | 0:d92f9d21154c | 1723 | } |
wolfSSL | 0:d92f9d21154c | 1724 | else { |
wolfSSL | 0:d92f9d21154c | 1725 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 0:d92f9d21154c | 1726 | if (!ssl->secure_renegotiation->enabled) { |
wolfSSL | 0:d92f9d21154c | 1727 | if (*input == 0) { |
wolfSSL | 0:d92f9d21154c | 1728 | ssl->secure_renegotiation->enabled = 1; |
wolfSSL | 0:d92f9d21154c | 1729 | ret = 0; |
wolfSSL | 0:d92f9d21154c | 1730 | } |
wolfSSL | 0:d92f9d21154c | 1731 | } |
wolfSSL | 0:d92f9d21154c | 1732 | else if (*input == 2 * TLS_FINISHED_SZ) { |
wolfSSL | 0:d92f9d21154c | 1733 | /* TODO compare client_verify_data and server_verify_data */ |
wolfSSL | 0:d92f9d21154c | 1734 | ret = 0; |
wolfSSL | 0:d92f9d21154c | 1735 | } |
wolfSSL | 0:d92f9d21154c | 1736 | #endif |
wolfSSL | 0:d92f9d21154c | 1737 | } |
wolfSSL | 0:d92f9d21154c | 1738 | } |
wolfSSL | 0:d92f9d21154c | 1739 | |
wolfSSL | 0:d92f9d21154c | 1740 | if (ret != 0) { |
wolfSSL | 0:d92f9d21154c | 1741 | /* TODO: turn on fatal error at ssl level too */ |
wolfSSL | 0:d92f9d21154c | 1742 | SendAlert(ssl, alert_fatal, handshake_failure); |
wolfSSL | 0:d92f9d21154c | 1743 | } |
wolfSSL | 0:d92f9d21154c | 1744 | |
wolfSSL | 0:d92f9d21154c | 1745 | return ret; |
wolfSSL | 0:d92f9d21154c | 1746 | } |
wolfSSL | 0:d92f9d21154c | 1747 | |
wolfSSL | 0:d92f9d21154c | 1748 | int TLSX_UseSecureRenegotiation(TLSX** extensions) |
wolfSSL | 0:d92f9d21154c | 1749 | { |
wolfSSL | 0:d92f9d21154c | 1750 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1751 | SecureRenegotiation* data = NULL; |
wolfSSL | 0:d92f9d21154c | 1752 | |
wolfSSL | 0:d92f9d21154c | 1753 | data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL, |
wolfSSL | 0:d92f9d21154c | 1754 | DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1755 | if (data == NULL) |
wolfSSL | 0:d92f9d21154c | 1756 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 1757 | |
wolfSSL | 0:d92f9d21154c | 1758 | XMEMSET(data, 0, sizeof(SecureRenegotiation)); |
wolfSSL | 0:d92f9d21154c | 1759 | |
wolfSSL | 0:d92f9d21154c | 1760 | ret = TLSX_Push(extensions, SECURE_RENEGOTIATION, data); |
wolfSSL | 0:d92f9d21154c | 1761 | if (ret != 0) { |
wolfSSL | 0:d92f9d21154c | 1762 | XFREE(data, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1763 | return ret; |
wolfSSL | 0:d92f9d21154c | 1764 | } |
wolfSSL | 0:d92f9d21154c | 1765 | |
wolfSSL | 0:d92f9d21154c | 1766 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1767 | } |
wolfSSL | 0:d92f9d21154c | 1768 | |
wolfSSL | 0:d92f9d21154c | 1769 | |
wolfSSL | 0:d92f9d21154c | 1770 | #define SCR_FREE_ALL(data) XFREE(data, NULL, DYNAMIC_TYPE_TLSX) |
wolfSSL | 0:d92f9d21154c | 1771 | #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize |
wolfSSL | 0:d92f9d21154c | 1772 | #define SCR_WRITE TLSX_SecureRenegotiation_Write |
wolfSSL | 0:d92f9d21154c | 1773 | #define SCR_PARSE TLSX_SecureRenegotiation_Parse |
wolfSSL | 0:d92f9d21154c | 1774 | |
wolfSSL | 0:d92f9d21154c | 1775 | #else |
wolfSSL | 0:d92f9d21154c | 1776 | |
wolfSSL | 0:d92f9d21154c | 1777 | #define SCR_FREE_ALL(a) |
wolfSSL | 0:d92f9d21154c | 1778 | #define SCR_GET_SIZE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1779 | #define SCR_WRITE(a, b, c) 0 |
wolfSSL | 0:d92f9d21154c | 1780 | #define SCR_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1781 | |
wolfSSL | 0:d92f9d21154c | 1782 | #endif /* HAVE_SECURE_RENEGOTIATION */ |
wolfSSL | 0:d92f9d21154c | 1783 | |
wolfSSL | 0:d92f9d21154c | 1784 | #ifdef HAVE_SESSION_TICKET |
wolfSSL | 0:d92f9d21154c | 1785 | |
wolfSSL | 0:d92f9d21154c | 1786 | static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 1787 | { |
wolfSSL | 0:d92f9d21154c | 1788 | TLSX* extension = TLSX_Find(ssl->extensions, SESSION_TICKET); |
wolfSSL | 0:d92f9d21154c | 1789 | SessionTicket* ticket = extension ? extension->data : NULL; |
wolfSSL | 0:d92f9d21154c | 1790 | |
wolfSSL | 0:d92f9d21154c | 1791 | if (ticket) { |
wolfSSL | 0:d92f9d21154c | 1792 | /* TODO validate ticket timeout here! */ |
wolfSSL | 0:d92f9d21154c | 1793 | if (ticket->lifetime == 0xfffffff) { |
wolfSSL | 0:d92f9d21154c | 1794 | /* send empty ticket on timeout */ |
wolfSSL | 0:d92f9d21154c | 1795 | TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 0:d92f9d21154c | 1796 | } |
wolfSSL | 0:d92f9d21154c | 1797 | } |
wolfSSL | 0:d92f9d21154c | 1798 | } |
wolfSSL | 0:d92f9d21154c | 1799 | |
wolfSSL | 0:d92f9d21154c | 1800 | |
wolfSSL | 0:d92f9d21154c | 1801 | static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) |
wolfSSL | 0:d92f9d21154c | 1802 | { |
wolfSSL | 0:d92f9d21154c | 1803 | (void)isRequest; |
wolfSSL | 0:d92f9d21154c | 1804 | return ticket ? ticket->size : 0; |
wolfSSL | 0:d92f9d21154c | 1805 | } |
wolfSSL | 0:d92f9d21154c | 1806 | |
wolfSSL | 0:d92f9d21154c | 1807 | static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output, |
wolfSSL | 0:d92f9d21154c | 1808 | int isRequest) |
wolfSSL | 0:d92f9d21154c | 1809 | { |
wolfSSL | 0:d92f9d21154c | 1810 | word16 offset = 0; /* empty ticket */ |
wolfSSL | 0:d92f9d21154c | 1811 | |
wolfSSL | 0:d92f9d21154c | 1812 | if (isRequest && ticket) { |
wolfSSL | 0:d92f9d21154c | 1813 | XMEMCPY(output + offset, ticket->data, ticket->size); |
wolfSSL | 0:d92f9d21154c | 1814 | offset += ticket->size; |
wolfSSL | 0:d92f9d21154c | 1815 | } |
wolfSSL | 0:d92f9d21154c | 1816 | |
wolfSSL | 0:d92f9d21154c | 1817 | return offset; |
wolfSSL | 0:d92f9d21154c | 1818 | } |
wolfSSL | 0:d92f9d21154c | 1819 | |
wolfSSL | 0:d92f9d21154c | 1820 | |
wolfSSL | 0:d92f9d21154c | 1821 | static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, |
wolfSSL | 0:d92f9d21154c | 1822 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1823 | { |
wolfSSL | 0:d92f9d21154c | 1824 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1825 | |
wolfSSL | 0:d92f9d21154c | 1826 | if (!isRequest) { |
wolfSSL | 0:d92f9d21154c | 1827 | /* client side */ |
wolfSSL | 0:d92f9d21154c | 1828 | if (length != 0) |
wolfSSL | 0:d92f9d21154c | 1829 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 1830 | |
wolfSSL | 0:d92f9d21154c | 1831 | ssl->expect_session_ticket = 1; |
wolfSSL | 0:d92f9d21154c | 1832 | } |
wolfSSL | 0:d92f9d21154c | 1833 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 1834 | else { |
wolfSSL | 0:d92f9d21154c | 1835 | /* server side */ |
wolfSSL | 0:d92f9d21154c | 1836 | if (ssl->ctx->ticketEncCb == NULL) { |
wolfSSL | 0:d92f9d21154c | 1837 | WOLFSSL_MSG("Client sent session ticket, server has no callback"); |
wolfSSL | 0:d92f9d21154c | 1838 | return 0; |
wolfSSL | 0:d92f9d21154c | 1839 | } |
wolfSSL | 0:d92f9d21154c | 1840 | |
wolfSSL | 0:d92f9d21154c | 1841 | if (length == 0) { |
wolfSSL | 0:d92f9d21154c | 1842 | /* blank ticket */ |
wolfSSL | 0:d92f9d21154c | 1843 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 0:d92f9d21154c | 1844 | if (ret == SSL_SUCCESS) { |
wolfSSL | 0:d92f9d21154c | 1845 | ret = 0; |
wolfSSL | 0:d92f9d21154c | 1846 | TLSX_SetResponse(ssl, SESSION_TICKET); /* send blank ticket */ |
wolfSSL | 0:d92f9d21154c | 1847 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 0:d92f9d21154c | 1848 | ssl->options.useTicket = 1; |
wolfSSL | 0:d92f9d21154c | 1849 | } |
wolfSSL | 0:d92f9d21154c | 1850 | } else { |
wolfSSL | 0:d92f9d21154c | 1851 | /* got actual ticket from client */ |
wolfSSL | 0:d92f9d21154c | 1852 | ret = DoClientTicket(ssl, input, length); |
wolfSSL | 0:d92f9d21154c | 1853 | if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */ |
wolfSSL | 0:d92f9d21154c | 1854 | WOLFSSL_MSG("Using exisitng client ticket"); |
wolfSSL | 0:d92f9d21154c | 1855 | ssl->options.useTicket = 1; |
wolfSSL | 0:d92f9d21154c | 1856 | ssl->options.resuming = 1; |
wolfSSL | 0:d92f9d21154c | 1857 | } else if (ret == WOLFSSL_TICKET_RET_CREATE) { |
wolfSSL | 0:d92f9d21154c | 1858 | WOLFSSL_MSG("Using existing client ticket, creating new one"); |
wolfSSL | 0:d92f9d21154c | 1859 | ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); |
wolfSSL | 0:d92f9d21154c | 1860 | if (ret == SSL_SUCCESS) { |
wolfSSL | 0:d92f9d21154c | 1861 | ret = 0; |
wolfSSL | 0:d92f9d21154c | 1862 | TLSX_SetResponse(ssl, SESSION_TICKET); |
wolfSSL | 0:d92f9d21154c | 1863 | /* send blank ticket */ |
wolfSSL | 0:d92f9d21154c | 1864 | ssl->options.createTicket = 1; /* will send ticket msg */ |
wolfSSL | 0:d92f9d21154c | 1865 | ssl->options.useTicket = 1; |
wolfSSL | 0:d92f9d21154c | 1866 | ssl->options.resuming = 1; |
wolfSSL | 0:d92f9d21154c | 1867 | } |
wolfSSL | 0:d92f9d21154c | 1868 | } else if (ret == WOLFSSL_TICKET_RET_REJECT) { |
wolfSSL | 0:d92f9d21154c | 1869 | WOLFSSL_MSG("Process client ticket rejected, not using"); |
wolfSSL | 0:d92f9d21154c | 1870 | ret = 0; /* not fatal */ |
wolfSSL | 0:d92f9d21154c | 1871 | } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { |
wolfSSL | 0:d92f9d21154c | 1872 | WOLFSSL_MSG("Process client ticket fatal error, not using"); |
wolfSSL | 0:d92f9d21154c | 1873 | } |
wolfSSL | 0:d92f9d21154c | 1874 | } |
wolfSSL | 0:d92f9d21154c | 1875 | } |
wolfSSL | 0:d92f9d21154c | 1876 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 0:d92f9d21154c | 1877 | |
wolfSSL | 0:d92f9d21154c | 1878 | return ret; |
wolfSSL | 0:d92f9d21154c | 1879 | } |
wolfSSL | 0:d92f9d21154c | 1880 | |
wolfSSL | 0:d92f9d21154c | 1881 | WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, |
wolfSSL | 0:d92f9d21154c | 1882 | byte* data, word16 size) |
wolfSSL | 0:d92f9d21154c | 1883 | { |
wolfSSL | 0:d92f9d21154c | 1884 | SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket), |
wolfSSL | 0:d92f9d21154c | 1885 | NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1886 | if (ticket) { |
wolfSSL | 0:d92f9d21154c | 1887 | ticket->data = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1888 | if (ticket->data == NULL) { |
wolfSSL | 0:d92f9d21154c | 1889 | XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1890 | return NULL; |
wolfSSL | 0:d92f9d21154c | 1891 | } |
wolfSSL | 0:d92f9d21154c | 1892 | |
wolfSSL | 0:d92f9d21154c | 1893 | XMEMCPY(ticket->data, data, size); |
wolfSSL | 0:d92f9d21154c | 1894 | ticket->size = size; |
wolfSSL | 0:d92f9d21154c | 1895 | ticket->lifetime = lifetime; |
wolfSSL | 0:d92f9d21154c | 1896 | } |
wolfSSL | 0:d92f9d21154c | 1897 | |
wolfSSL | 0:d92f9d21154c | 1898 | return ticket; |
wolfSSL | 0:d92f9d21154c | 1899 | } |
wolfSSL | 0:d92f9d21154c | 1900 | WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket) |
wolfSSL | 0:d92f9d21154c | 1901 | { |
wolfSSL | 0:d92f9d21154c | 1902 | if (ticket) { |
wolfSSL | 0:d92f9d21154c | 1903 | XFREE(ticket->data, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1904 | XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1905 | } |
wolfSSL | 0:d92f9d21154c | 1906 | } |
wolfSSL | 0:d92f9d21154c | 1907 | |
wolfSSL | 0:d92f9d21154c | 1908 | int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) |
wolfSSL | 0:d92f9d21154c | 1909 | { |
wolfSSL | 0:d92f9d21154c | 1910 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 1911 | |
wolfSSL | 0:d92f9d21154c | 1912 | if (extensions == NULL) |
wolfSSL | 0:d92f9d21154c | 1913 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 1914 | |
wolfSSL | 0:d92f9d21154c | 1915 | /* If the ticket is NULL, the client will request a new ticket from the |
wolfSSL | 0:d92f9d21154c | 1916 | server. Otherwise, the client will use it in the next client hello. */ |
wolfSSL | 0:d92f9d21154c | 1917 | if ((ret = TLSX_Push(extensions, SESSION_TICKET, (void*)ticket)) != 0) |
wolfSSL | 0:d92f9d21154c | 1918 | return ret; |
wolfSSL | 0:d92f9d21154c | 1919 | |
wolfSSL | 0:d92f9d21154c | 1920 | return SSL_SUCCESS; |
wolfSSL | 0:d92f9d21154c | 1921 | } |
wolfSSL | 0:d92f9d21154c | 1922 | |
wolfSSL | 0:d92f9d21154c | 1923 | #define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest |
wolfSSL | 0:d92f9d21154c | 1924 | #define STK_GET_SIZE TLSX_SessionTicket_GetSize |
wolfSSL | 0:d92f9d21154c | 1925 | #define STK_WRITE TLSX_SessionTicket_Write |
wolfSSL | 0:d92f9d21154c | 1926 | #define STK_PARSE TLSX_SessionTicket_Parse |
wolfSSL | 0:d92f9d21154c | 1927 | |
wolfSSL | 0:d92f9d21154c | 1928 | #else |
wolfSSL | 0:d92f9d21154c | 1929 | |
wolfSSL | 0:d92f9d21154c | 1930 | #define STK_VALIDATE_REQUEST(a) |
wolfSSL | 0:d92f9d21154c | 1931 | #define STK_GET_SIZE(a, b) 0 |
wolfSSL | 0:d92f9d21154c | 1932 | #define STK_WRITE(a, b, c) 0 |
wolfSSL | 0:d92f9d21154c | 1933 | #define STK_PARSE(a, b, c, d) 0 |
wolfSSL | 0:d92f9d21154c | 1934 | |
wolfSSL | 0:d92f9d21154c | 1935 | #endif /* HAVE_SESSION_TICKET */ |
wolfSSL | 0:d92f9d21154c | 1936 | |
wolfSSL | 0:d92f9d21154c | 1937 | |
wolfSSL | 0:d92f9d21154c | 1938 | TLSX* TLSX_Find(TLSX* list, TLSX_Type type) |
wolfSSL | 0:d92f9d21154c | 1939 | { |
wolfSSL | 0:d92f9d21154c | 1940 | TLSX* extension = list; |
wolfSSL | 0:d92f9d21154c | 1941 | |
wolfSSL | 0:d92f9d21154c | 1942 | while (extension && extension->type != type) |
wolfSSL | 0:d92f9d21154c | 1943 | extension = extension->next; |
wolfSSL | 0:d92f9d21154c | 1944 | |
wolfSSL | 0:d92f9d21154c | 1945 | return extension; |
wolfSSL | 0:d92f9d21154c | 1946 | } |
wolfSSL | 0:d92f9d21154c | 1947 | |
wolfSSL | 0:d92f9d21154c | 1948 | void TLSX_FreeAll(TLSX* list) |
wolfSSL | 0:d92f9d21154c | 1949 | { |
wolfSSL | 0:d92f9d21154c | 1950 | TLSX* extension; |
wolfSSL | 0:d92f9d21154c | 1951 | |
wolfSSL | 0:d92f9d21154c | 1952 | while ((extension = list)) { |
wolfSSL | 0:d92f9d21154c | 1953 | list = extension->next; |
wolfSSL | 0:d92f9d21154c | 1954 | |
wolfSSL | 0:d92f9d21154c | 1955 | switch (extension->type) { |
wolfSSL | 0:d92f9d21154c | 1956 | case SERVER_NAME_INDICATION: |
wolfSSL | 0:d92f9d21154c | 1957 | SNI_FREE_ALL((SNI*)extension->data); |
wolfSSL | 0:d92f9d21154c | 1958 | break; |
wolfSSL | 0:d92f9d21154c | 1959 | |
wolfSSL | 0:d92f9d21154c | 1960 | case MAX_FRAGMENT_LENGTH: |
wolfSSL | 0:d92f9d21154c | 1961 | MFL_FREE_ALL(extension->data); |
wolfSSL | 0:d92f9d21154c | 1962 | break; |
wolfSSL | 0:d92f9d21154c | 1963 | |
wolfSSL | 0:d92f9d21154c | 1964 | case TRUNCATED_HMAC: |
wolfSSL | 0:d92f9d21154c | 1965 | /* Nothing to do. */ |
wolfSSL | 0:d92f9d21154c | 1966 | break; |
wolfSSL | 0:d92f9d21154c | 1967 | |
wolfSSL | 0:d92f9d21154c | 1968 | case ELLIPTIC_CURVES: |
wolfSSL | 0:d92f9d21154c | 1969 | EC_FREE_ALL(extension->data); |
wolfSSL | 0:d92f9d21154c | 1970 | break; |
wolfSSL | 0:d92f9d21154c | 1971 | |
wolfSSL | 0:d92f9d21154c | 1972 | case SECURE_RENEGOTIATION: |
wolfSSL | 0:d92f9d21154c | 1973 | SCR_FREE_ALL(extension->data); |
wolfSSL | 0:d92f9d21154c | 1974 | break; |
wolfSSL | 0:d92f9d21154c | 1975 | |
wolfSSL | 0:d92f9d21154c | 1976 | case SESSION_TICKET: |
wolfSSL | 0:d92f9d21154c | 1977 | /* Nothing to do. */ |
wolfSSL | 0:d92f9d21154c | 1978 | break; |
wolfSSL | 0:d92f9d21154c | 1979 | } |
wolfSSL | 0:d92f9d21154c | 1980 | |
wolfSSL | 0:d92f9d21154c | 1981 | XFREE(extension, 0, DYNAMIC_TYPE_TLSX); |
wolfSSL | 0:d92f9d21154c | 1982 | } |
wolfSSL | 0:d92f9d21154c | 1983 | } |
wolfSSL | 0:d92f9d21154c | 1984 | |
wolfSSL | 0:d92f9d21154c | 1985 | int TLSX_SupportExtensions(WOLFSSL* ssl) { |
wolfSSL | 0:d92f9d21154c | 1986 | return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR); |
wolfSSL | 0:d92f9d21154c | 1987 | } |
wolfSSL | 0:d92f9d21154c | 1988 | |
wolfSSL | 0:d92f9d21154c | 1989 | static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) |
wolfSSL | 0:d92f9d21154c | 1990 | { |
wolfSSL | 0:d92f9d21154c | 1991 | TLSX* extension; |
wolfSSL | 0:d92f9d21154c | 1992 | word16 length = 0; |
wolfSSL | 0:d92f9d21154c | 1993 | |
wolfSSL | 0:d92f9d21154c | 1994 | while ((extension = list)) { |
wolfSSL | 0:d92f9d21154c | 1995 | list = extension->next; |
wolfSSL | 0:d92f9d21154c | 1996 | |
wolfSSL | 0:d92f9d21154c | 1997 | if (!isRequest && !extension->resp) |
wolfSSL | 0:d92f9d21154c | 1998 | continue; /* skip! */ |
wolfSSL | 0:d92f9d21154c | 1999 | |
wolfSSL | 0:d92f9d21154c | 2000 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 0:d92f9d21154c | 2001 | continue; /* skip! */ |
wolfSSL | 0:d92f9d21154c | 2002 | |
wolfSSL | 0:d92f9d21154c | 2003 | /* type + data length */ |
wolfSSL | 0:d92f9d21154c | 2004 | length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 2005 | |
wolfSSL | 0:d92f9d21154c | 2006 | switch (extension->type) { |
wolfSSL | 0:d92f9d21154c | 2007 | case SERVER_NAME_INDICATION: |
wolfSSL | 0:d92f9d21154c | 2008 | if (isRequest) |
wolfSSL | 0:d92f9d21154c | 2009 | length += SNI_GET_SIZE(extension->data); |
wolfSSL | 0:d92f9d21154c | 2010 | break; |
wolfSSL | 0:d92f9d21154c | 2011 | case MAX_FRAGMENT_LENGTH: |
wolfSSL | 0:d92f9d21154c | 2012 | length += MFL_GET_SIZE(extension->data); |
wolfSSL | 0:d92f9d21154c | 2013 | break; |
wolfSSL | 0:d92f9d21154c | 2014 | |
wolfSSL | 0:d92f9d21154c | 2015 | case TRUNCATED_HMAC: |
wolfSSL | 0:d92f9d21154c | 2016 | /* empty extension. */ |
wolfSSL | 0:d92f9d21154c | 2017 | break; |
wolfSSL | 0:d92f9d21154c | 2018 | |
wolfSSL | 0:d92f9d21154c | 2019 | case ELLIPTIC_CURVES: |
wolfSSL | 0:d92f9d21154c | 2020 | length += EC_GET_SIZE(extension->data); |
wolfSSL | 0:d92f9d21154c | 2021 | break; |
wolfSSL | 0:d92f9d21154c | 2022 | |
wolfSSL | 0:d92f9d21154c | 2023 | case SECURE_RENEGOTIATION: |
wolfSSL | 0:d92f9d21154c | 2024 | length += SCR_GET_SIZE(extension->data, isRequest); |
wolfSSL | 0:d92f9d21154c | 2025 | break; |
wolfSSL | 0:d92f9d21154c | 2026 | |
wolfSSL | 0:d92f9d21154c | 2027 | case SESSION_TICKET: |
wolfSSL | 0:d92f9d21154c | 2028 | length += STK_GET_SIZE(extension->data, isRequest); |
wolfSSL | 0:d92f9d21154c | 2029 | break; |
wolfSSL | 0:d92f9d21154c | 2030 | } |
wolfSSL | 0:d92f9d21154c | 2031 | |
wolfSSL | 0:d92f9d21154c | 2032 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 0:d92f9d21154c | 2033 | } |
wolfSSL | 0:d92f9d21154c | 2034 | |
wolfSSL | 0:d92f9d21154c | 2035 | return length; |
wolfSSL | 0:d92f9d21154c | 2036 | } |
wolfSSL | 0:d92f9d21154c | 2037 | |
wolfSSL | 0:d92f9d21154c | 2038 | static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, |
wolfSSL | 0:d92f9d21154c | 2039 | byte isRequest) |
wolfSSL | 0:d92f9d21154c | 2040 | { |
wolfSSL | 0:d92f9d21154c | 2041 | TLSX* extension; |
wolfSSL | 0:d92f9d21154c | 2042 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 2043 | word16 length_offset = 0; |
wolfSSL | 0:d92f9d21154c | 2044 | |
wolfSSL | 0:d92f9d21154c | 2045 | while ((extension = list)) { |
wolfSSL | 0:d92f9d21154c | 2046 | list = extension->next; |
wolfSSL | 0:d92f9d21154c | 2047 | |
wolfSSL | 0:d92f9d21154c | 2048 | if (!isRequest && !extension->resp) |
wolfSSL | 0:d92f9d21154c | 2049 | continue; /* skip! */ |
wolfSSL | 0:d92f9d21154c | 2050 | |
wolfSSL | 0:d92f9d21154c | 2051 | if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) |
wolfSSL | 0:d92f9d21154c | 2052 | continue; /* skip! */ |
wolfSSL | 0:d92f9d21154c | 2053 | |
wolfSSL | 0:d92f9d21154c | 2054 | /* extension type */ |
wolfSSL | 0:d92f9d21154c | 2055 | c16toa(extension->type, output + offset); |
wolfSSL | 0:d92f9d21154c | 2056 | offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 2057 | length_offset = offset; |
wolfSSL | 0:d92f9d21154c | 2058 | |
wolfSSL | 0:d92f9d21154c | 2059 | /* extension data should be written internally */ |
wolfSSL | 0:d92f9d21154c | 2060 | switch (extension->type) { |
wolfSSL | 0:d92f9d21154c | 2061 | case SERVER_NAME_INDICATION: |
wolfSSL | 0:d92f9d21154c | 2062 | if (isRequest) |
wolfSSL | 0:d92f9d21154c | 2063 | offset += SNI_WRITE(extension->data, output + offset); |
wolfSSL | 0:d92f9d21154c | 2064 | break; |
wolfSSL | 0:d92f9d21154c | 2065 | |
wolfSSL | 0:d92f9d21154c | 2066 | case MAX_FRAGMENT_LENGTH: |
wolfSSL | 0:d92f9d21154c | 2067 | offset += MFL_WRITE(extension->data, output + offset); |
wolfSSL | 0:d92f9d21154c | 2068 | break; |
wolfSSL | 0:d92f9d21154c | 2069 | |
wolfSSL | 0:d92f9d21154c | 2070 | case TRUNCATED_HMAC: |
wolfSSL | 0:d92f9d21154c | 2071 | /* empty extension. */ |
wolfSSL | 0:d92f9d21154c | 2072 | break; |
wolfSSL | 0:d92f9d21154c | 2073 | |
wolfSSL | 0:d92f9d21154c | 2074 | case ELLIPTIC_CURVES: |
wolfSSL | 0:d92f9d21154c | 2075 | offset += EC_WRITE(extension->data, output + offset); |
wolfSSL | 0:d92f9d21154c | 2076 | break; |
wolfSSL | 0:d92f9d21154c | 2077 | |
wolfSSL | 0:d92f9d21154c | 2078 | case SECURE_RENEGOTIATION: |
wolfSSL | 0:d92f9d21154c | 2079 | offset += SCR_WRITE(extension->data, output + offset, |
wolfSSL | 0:d92f9d21154c | 2080 | isRequest); |
wolfSSL | 0:d92f9d21154c | 2081 | break; |
wolfSSL | 0:d92f9d21154c | 2082 | |
wolfSSL | 0:d92f9d21154c | 2083 | case SESSION_TICKET: |
wolfSSL | 0:d92f9d21154c | 2084 | offset += STK_WRITE(extension->data, output + offset, |
wolfSSL | 0:d92f9d21154c | 2085 | isRequest); |
wolfSSL | 0:d92f9d21154c | 2086 | break; |
wolfSSL | 0:d92f9d21154c | 2087 | } |
wolfSSL | 0:d92f9d21154c | 2088 | |
wolfSSL | 0:d92f9d21154c | 2089 | /* writing extension data length */ |
wolfSSL | 0:d92f9d21154c | 2090 | c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN); |
wolfSSL | 0:d92f9d21154c | 2091 | |
wolfSSL | 0:d92f9d21154c | 2092 | TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); |
wolfSSL | 0:d92f9d21154c | 2093 | } |
wolfSSL | 0:d92f9d21154c | 2094 | |
wolfSSL | 0:d92f9d21154c | 2095 | return offset; |
wolfSSL | 0:d92f9d21154c | 2096 | } |
wolfSSL | 0:d92f9d21154c | 2097 | |
wolfSSL | 0:d92f9d21154c | 2098 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 0:d92f9d21154c | 2099 | |
wolfSSL | 0:d92f9d21154c | 2100 | word16 TLSX_GetRequestSize(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 2101 | { |
wolfSSL | 0:d92f9d21154c | 2102 | word16 length = 0; |
wolfSSL | 0:d92f9d21154c | 2103 | |
wolfSSL | 0:d92f9d21154c | 2104 | if (TLSX_SupportExtensions(ssl)) { |
wolfSSL | 0:d92f9d21154c | 2105 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 0:d92f9d21154c | 2106 | |
wolfSSL | 0:d92f9d21154c | 2107 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 0:d92f9d21154c | 2108 | STK_VALIDATE_REQUEST(ssl); |
wolfSSL | 0:d92f9d21154c | 2109 | |
wolfSSL | 0:d92f9d21154c | 2110 | if (ssl->extensions) |
wolfSSL | 0:d92f9d21154c | 2111 | length += TLSX_GetSize(ssl->extensions, semaphore, 1); |
wolfSSL | 0:d92f9d21154c | 2112 | |
wolfSSL | 0:d92f9d21154c | 2113 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 0:d92f9d21154c | 2114 | length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1); |
wolfSSL | 0:d92f9d21154c | 2115 | |
wolfSSL | 0:d92f9d21154c | 2116 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 0:d92f9d21154c | 2117 | length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN; |
wolfSSL | 0:d92f9d21154c | 2118 | } |
wolfSSL | 0:d92f9d21154c | 2119 | |
wolfSSL | 0:d92f9d21154c | 2120 | if (length) |
wolfSSL | 0:d92f9d21154c | 2121 | length += OPAQUE16_LEN; /* for total length storage */ |
wolfSSL | 0:d92f9d21154c | 2122 | |
wolfSSL | 0:d92f9d21154c | 2123 | return length; |
wolfSSL | 0:d92f9d21154c | 2124 | } |
wolfSSL | 0:d92f9d21154c | 2125 | |
wolfSSL | 0:d92f9d21154c | 2126 | word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output) |
wolfSSL | 0:d92f9d21154c | 2127 | { |
wolfSSL | 0:d92f9d21154c | 2128 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 2129 | |
wolfSSL | 0:d92f9d21154c | 2130 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 0:d92f9d21154c | 2131 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 0:d92f9d21154c | 2132 | |
wolfSSL | 0:d92f9d21154c | 2133 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 0:d92f9d21154c | 2134 | |
wolfSSL | 0:d92f9d21154c | 2135 | EC_VALIDATE_REQUEST(ssl, semaphore); |
wolfSSL | 0:d92f9d21154c | 2136 | |
wolfSSL | 0:d92f9d21154c | 2137 | if (ssl->extensions) |
wolfSSL | 0:d92f9d21154c | 2138 | offset += TLSX_Write(ssl->extensions, output + offset, |
wolfSSL | 0:d92f9d21154c | 2139 | semaphore, 1); |
wolfSSL | 0:d92f9d21154c | 2140 | |
wolfSSL | 0:d92f9d21154c | 2141 | if (ssl->ctx && ssl->ctx->extensions) |
wolfSSL | 0:d92f9d21154c | 2142 | offset += TLSX_Write(ssl->ctx->extensions, output + offset, |
wolfSSL | 0:d92f9d21154c | 2143 | semaphore, 1); |
wolfSSL | 0:d92f9d21154c | 2144 | |
wolfSSL | 0:d92f9d21154c | 2145 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
wolfSSL | 0:d92f9d21154c | 2146 | { |
wolfSSL | 0:d92f9d21154c | 2147 | int i; |
wolfSSL | 0:d92f9d21154c | 2148 | /* extension type */ |
wolfSSL | 0:d92f9d21154c | 2149 | c16toa(HELLO_EXT_SIG_ALGO, output + offset); |
wolfSSL | 0:d92f9d21154c | 2150 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 0:d92f9d21154c | 2151 | |
wolfSSL | 0:d92f9d21154c | 2152 | /* extension data length */ |
wolfSSL | 0:d92f9d21154c | 2153 | c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 0:d92f9d21154c | 2154 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 2155 | |
wolfSSL | 0:d92f9d21154c | 2156 | /* sig algos length */ |
wolfSSL | 0:d92f9d21154c | 2157 | c16toa(ssl->suites->hashSigAlgoSz, output + offset); |
wolfSSL | 0:d92f9d21154c | 2158 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 2159 | |
wolfSSL | 0:d92f9d21154c | 2160 | /* sig algos */ |
wolfSSL | 0:d92f9d21154c | 2161 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++) |
wolfSSL | 0:d92f9d21154c | 2162 | output[offset] = ssl->suites->hashSigAlgo[i]; |
wolfSSL | 0:d92f9d21154c | 2163 | } |
wolfSSL | 0:d92f9d21154c | 2164 | |
wolfSSL | 0:d92f9d21154c | 2165 | if (offset > OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 2166 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 0:d92f9d21154c | 2167 | } |
wolfSSL | 0:d92f9d21154c | 2168 | |
wolfSSL | 0:d92f9d21154c | 2169 | return offset; |
wolfSSL | 0:d92f9d21154c | 2170 | } |
wolfSSL | 0:d92f9d21154c | 2171 | |
wolfSSL | 0:d92f9d21154c | 2172 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 0:d92f9d21154c | 2173 | |
wolfSSL | 0:d92f9d21154c | 2174 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 2175 | |
wolfSSL | 0:d92f9d21154c | 2176 | word16 TLSX_GetResponseSize(WOLFSSL* ssl) |
wolfSSL | 0:d92f9d21154c | 2177 | { |
wolfSSL | 0:d92f9d21154c | 2178 | word16 length = 0; |
wolfSSL | 0:d92f9d21154c | 2179 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 0:d92f9d21154c | 2180 | |
wolfSSL | 0:d92f9d21154c | 2181 | if (TLSX_SupportExtensions(ssl)) |
wolfSSL | 0:d92f9d21154c | 2182 | length += TLSX_GetSize(ssl->extensions, semaphore, 0); |
wolfSSL | 0:d92f9d21154c | 2183 | |
wolfSSL | 0:d92f9d21154c | 2184 | /* All the response data is set at the ssl object only, so no ctx here. */ |
wolfSSL | 0:d92f9d21154c | 2185 | |
wolfSSL | 0:d92f9d21154c | 2186 | if (length) |
wolfSSL | 0:d92f9d21154c | 2187 | length += OPAQUE16_LEN; /* for total length storage */ |
wolfSSL | 0:d92f9d21154c | 2188 | |
wolfSSL | 0:d92f9d21154c | 2189 | return length; |
wolfSSL | 0:d92f9d21154c | 2190 | } |
wolfSSL | 0:d92f9d21154c | 2191 | |
wolfSSL | 0:d92f9d21154c | 2192 | word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output) |
wolfSSL | 0:d92f9d21154c | 2193 | { |
wolfSSL | 0:d92f9d21154c | 2194 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 2195 | |
wolfSSL | 0:d92f9d21154c | 2196 | if (TLSX_SupportExtensions(ssl) && output) { |
wolfSSL | 0:d92f9d21154c | 2197 | byte semaphore[SEMAPHORE_SIZE] = {0}; |
wolfSSL | 0:d92f9d21154c | 2198 | |
wolfSSL | 0:d92f9d21154c | 2199 | offset += OPAQUE16_LEN; /* extensions length */ |
wolfSSL | 0:d92f9d21154c | 2200 | |
wolfSSL | 0:d92f9d21154c | 2201 | offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0); |
wolfSSL | 0:d92f9d21154c | 2202 | |
wolfSSL | 0:d92f9d21154c | 2203 | if (offset > OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 2204 | c16toa(offset - OPAQUE16_LEN, output); /* extensions length */ |
wolfSSL | 0:d92f9d21154c | 2205 | } |
wolfSSL | 0:d92f9d21154c | 2206 | |
wolfSSL | 0:d92f9d21154c | 2207 | return offset; |
wolfSSL | 0:d92f9d21154c | 2208 | } |
wolfSSL | 0:d92f9d21154c | 2209 | |
wolfSSL | 0:d92f9d21154c | 2210 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 0:d92f9d21154c | 2211 | |
wolfSSL | 0:d92f9d21154c | 2212 | int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, |
wolfSSL | 0:d92f9d21154c | 2213 | Suites *suites) |
wolfSSL | 0:d92f9d21154c | 2214 | { |
wolfSSL | 0:d92f9d21154c | 2215 | int ret = 0; |
wolfSSL | 0:d92f9d21154c | 2216 | word16 offset = 0; |
wolfSSL | 0:d92f9d21154c | 2217 | |
wolfSSL | 0:d92f9d21154c | 2218 | if (!ssl || !input || (isRequest && !suites)) |
wolfSSL | 0:d92f9d21154c | 2219 | return BAD_FUNC_ARG; |
wolfSSL | 0:d92f9d21154c | 2220 | |
wolfSSL | 0:d92f9d21154c | 2221 | while (ret == 0 && offset < length) { |
wolfSSL | 0:d92f9d21154c | 2222 | word16 type; |
wolfSSL | 0:d92f9d21154c | 2223 | word16 size; |
wolfSSL | 0:d92f9d21154c | 2224 | |
wolfSSL | 0:d92f9d21154c | 2225 | if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 2226 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 2227 | |
wolfSSL | 0:d92f9d21154c | 2228 | ato16(input + offset, &type); |
wolfSSL | 0:d92f9d21154c | 2229 | offset += HELLO_EXT_TYPE_SZ; |
wolfSSL | 0:d92f9d21154c | 2230 | |
wolfSSL | 0:d92f9d21154c | 2231 | ato16(input + offset, &size); |
wolfSSL | 0:d92f9d21154c | 2232 | offset += OPAQUE16_LEN; |
wolfSSL | 0:d92f9d21154c | 2233 | |
wolfSSL | 0:d92f9d21154c | 2234 | if (offset + size > length) |
wolfSSL | 0:d92f9d21154c | 2235 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 2236 | |
wolfSSL | 0:d92f9d21154c | 2237 | switch (type) { |
wolfSSL | 0:d92f9d21154c | 2238 | case SERVER_NAME_INDICATION: |
wolfSSL | 0:d92f9d21154c | 2239 | WOLFSSL_MSG("SNI extension received"); |
wolfSSL | 0:d92f9d21154c | 2240 | |
wolfSSL | 0:d92f9d21154c | 2241 | ret = SNI_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2242 | break; |
wolfSSL | 0:d92f9d21154c | 2243 | |
wolfSSL | 0:d92f9d21154c | 2244 | case MAX_FRAGMENT_LENGTH: |
wolfSSL | 0:d92f9d21154c | 2245 | WOLFSSL_MSG("Max Fragment Length extension received"); |
wolfSSL | 0:d92f9d21154c | 2246 | |
wolfSSL | 0:d92f9d21154c | 2247 | ret = MFL_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2248 | break; |
wolfSSL | 0:d92f9d21154c | 2249 | |
wolfSSL | 0:d92f9d21154c | 2250 | case TRUNCATED_HMAC: |
wolfSSL | 0:d92f9d21154c | 2251 | WOLFSSL_MSG("Truncated HMAC extension received"); |
wolfSSL | 0:d92f9d21154c | 2252 | |
wolfSSL | 0:d92f9d21154c | 2253 | ret = THM_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2254 | break; |
wolfSSL | 0:d92f9d21154c | 2255 | |
wolfSSL | 0:d92f9d21154c | 2256 | case ELLIPTIC_CURVES: |
wolfSSL | 0:d92f9d21154c | 2257 | WOLFSSL_MSG("Elliptic Curves extension received"); |
wolfSSL | 0:d92f9d21154c | 2258 | |
wolfSSL | 0:d92f9d21154c | 2259 | ret = EC_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2260 | break; |
wolfSSL | 0:d92f9d21154c | 2261 | |
wolfSSL | 0:d92f9d21154c | 2262 | case SECURE_RENEGOTIATION: |
wolfSSL | 0:d92f9d21154c | 2263 | WOLFSSL_MSG("Secure Renegotiation extension received"); |
wolfSSL | 0:d92f9d21154c | 2264 | |
wolfSSL | 0:d92f9d21154c | 2265 | ret = SCR_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2266 | break; |
wolfSSL | 0:d92f9d21154c | 2267 | |
wolfSSL | 0:d92f9d21154c | 2268 | case SESSION_TICKET: |
wolfSSL | 0:d92f9d21154c | 2269 | WOLFSSL_MSG("Session Ticket extension received"); |
wolfSSL | 0:d92f9d21154c | 2270 | |
wolfSSL | 0:d92f9d21154c | 2271 | ret = STK_PARSE(ssl, input + offset, size, isRequest); |
wolfSSL | 0:d92f9d21154c | 2272 | break; |
wolfSSL | 0:d92f9d21154c | 2273 | |
wolfSSL | 0:d92f9d21154c | 2274 | case HELLO_EXT_SIG_ALGO: |
wolfSSL | 0:d92f9d21154c | 2275 | if (isRequest) { |
wolfSSL | 0:d92f9d21154c | 2276 | /* do not mess with offset inside the switch! */ |
wolfSSL | 0:d92f9d21154c | 2277 | if (IsAtLeastTLSv1_2(ssl)) { |
wolfSSL | 0:d92f9d21154c | 2278 | ato16(input + offset, &suites->hashSigAlgoSz); |
wolfSSL | 0:d92f9d21154c | 2279 | |
wolfSSL | 0:d92f9d21154c | 2280 | if (suites->hashSigAlgoSz > size - OPAQUE16_LEN) |
wolfSSL | 0:d92f9d21154c | 2281 | return BUFFER_ERROR; |
wolfSSL | 0:d92f9d21154c | 2282 | |
wolfSSL | 0:d92f9d21154c | 2283 | XMEMCPY(suites->hashSigAlgo, |
wolfSSL | 0:d92f9d21154c | 2284 | input + offset + OPAQUE16_LEN, |
wolfSSL | 0:d92f9d21154c | 2285 | min(suites->hashSigAlgoSz, |
wolfSSL | 0:d92f9d21154c | 2286 | HELLO_EXT_SIGALGO_MAX)); |
wolfSSL | 0:d92f9d21154c | 2287 | } |
wolfSSL | 0:d92f9d21154c | 2288 | } else { |
wolfSSL | 0:d92f9d21154c | 2289 | WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension."); |
wolfSSL | 0:d92f9d21154c | 2290 | } |
wolfSSL | 0:d92f9d21154c | 2291 | |
wolfSSL | 0:d92f9d21154c | 2292 | break; |
wolfSSL | 0:d92f9d21154c | 2293 | } |
wolfSSL | 0:d92f9d21154c | 2294 | |
wolfSSL | 0:d92f9d21154c | 2295 | /* offset should be updated here! */ |
wolfSSL | 0:d92f9d21154c | 2296 | offset += size; |
wolfSSL | 0:d92f9d21154c | 2297 | } |
wolfSSL | 0:d92f9d21154c | 2298 | |
wolfSSL | 0:d92f9d21154c | 2299 | return ret; |
wolfSSL | 0:d92f9d21154c | 2300 | } |
wolfSSL | 0:d92f9d21154c | 2301 | |
wolfSSL | 0:d92f9d21154c | 2302 | /* undefining semaphore macros */ |
wolfSSL | 0:d92f9d21154c | 2303 | #undef IS_OFF |
wolfSSL | 0:d92f9d21154c | 2304 | #undef TURN_ON |
wolfSSL | 0:d92f9d21154c | 2305 | #undef SEMAPHORE_SIZE |
wolfSSL | 0:d92f9d21154c | 2306 | |
wolfSSL | 0:d92f9d21154c | 2307 | #endif |
wolfSSL | 0:d92f9d21154c | 2308 | |
wolfSSL | 0:d92f9d21154c | 2309 | |
wolfSSL | 0:d92f9d21154c | 2310 | #ifndef NO_WOLFSSL_CLIENT |
wolfSSL | 0:d92f9d21154c | 2311 | |
wolfSSL | 0:d92f9d21154c | 2312 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 2313 | |
wolfSSL | 0:d92f9d21154c | 2314 | WOLFSSL_METHOD* wolfTLSv1_client_method(void) |
wolfSSL | 0:d92f9d21154c | 2315 | { |
wolfSSL | 0:d92f9d21154c | 2316 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2317 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2318 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2319 | if (method) |
wolfSSL | 0:d92f9d21154c | 2320 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 0:d92f9d21154c | 2321 | return method; |
wolfSSL | 0:d92f9d21154c | 2322 | } |
wolfSSL | 0:d92f9d21154c | 2323 | |
wolfSSL | 0:d92f9d21154c | 2324 | |
wolfSSL | 0:d92f9d21154c | 2325 | WOLFSSL_METHOD* wolfTLSv1_1_client_method(void) |
wolfSSL | 0:d92f9d21154c | 2326 | { |
wolfSSL | 0:d92f9d21154c | 2327 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2328 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2329 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2330 | if (method) |
wolfSSL | 0:d92f9d21154c | 2331 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 0:d92f9d21154c | 2332 | return method; |
wolfSSL | 0:d92f9d21154c | 2333 | } |
wolfSSL | 0:d92f9d21154c | 2334 | |
wolfSSL | 0:d92f9d21154c | 2335 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 0:d92f9d21154c | 2336 | |
wolfSSL | 0:d92f9d21154c | 2337 | #ifndef NO_SHA256 /* can't use without SHA256 */ |
wolfSSL | 0:d92f9d21154c | 2338 | |
wolfSSL | 0:d92f9d21154c | 2339 | WOLFSSL_METHOD* wolfTLSv1_2_client_method(void) |
wolfSSL | 0:d92f9d21154c | 2340 | { |
wolfSSL | 0:d92f9d21154c | 2341 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2342 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2343 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2344 | if (method) |
wolfSSL | 0:d92f9d21154c | 2345 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 0:d92f9d21154c | 2346 | return method; |
wolfSSL | 0:d92f9d21154c | 2347 | } |
wolfSSL | 0:d92f9d21154c | 2348 | |
wolfSSL | 0:d92f9d21154c | 2349 | #endif |
wolfSSL | 0:d92f9d21154c | 2350 | |
wolfSSL | 0:d92f9d21154c | 2351 | |
wolfSSL | 0:d92f9d21154c | 2352 | WOLFSSL_METHOD* wolfSSLv23_client_method(void) |
wolfSSL | 0:d92f9d21154c | 2353 | { |
wolfSSL | 0:d92f9d21154c | 2354 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2355 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2356 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2357 | if (method) { |
wolfSSL | 0:d92f9d21154c | 2358 | #ifndef NO_SHA256 /* 1.2 requires SHA256 */ |
wolfSSL | 0:d92f9d21154c | 2359 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 0:d92f9d21154c | 2360 | #else |
wolfSSL | 0:d92f9d21154c | 2361 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 0:d92f9d21154c | 2362 | #endif |
wolfSSL | 0:d92f9d21154c | 2363 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 2364 | method->downgrade = 1; |
wolfSSL | 0:d92f9d21154c | 2365 | #endif |
wolfSSL | 0:d92f9d21154c | 2366 | } |
wolfSSL | 0:d92f9d21154c | 2367 | return method; |
wolfSSL | 0:d92f9d21154c | 2368 | } |
wolfSSL | 0:d92f9d21154c | 2369 | |
wolfSSL | 0:d92f9d21154c | 2370 | |
wolfSSL | 0:d92f9d21154c | 2371 | #endif /* NO_WOLFSSL_CLIENT */ |
wolfSSL | 0:d92f9d21154c | 2372 | |
wolfSSL | 0:d92f9d21154c | 2373 | |
wolfSSL | 0:d92f9d21154c | 2374 | |
wolfSSL | 0:d92f9d21154c | 2375 | #ifndef NO_WOLFSSL_SERVER |
wolfSSL | 0:d92f9d21154c | 2376 | |
wolfSSL | 0:d92f9d21154c | 2377 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 2378 | |
wolfSSL | 0:d92f9d21154c | 2379 | WOLFSSL_METHOD* wolfTLSv1_server_method(void) |
wolfSSL | 0:d92f9d21154c | 2380 | { |
wolfSSL | 0:d92f9d21154c | 2381 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2382 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2383 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2384 | if (method) { |
wolfSSL | 0:d92f9d21154c | 2385 | InitSSL_Method(method, MakeTLSv1()); |
wolfSSL | 0:d92f9d21154c | 2386 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 0:d92f9d21154c | 2387 | } |
wolfSSL | 0:d92f9d21154c | 2388 | return method; |
wolfSSL | 0:d92f9d21154c | 2389 | } |
wolfSSL | 0:d92f9d21154c | 2390 | |
wolfSSL | 0:d92f9d21154c | 2391 | |
wolfSSL | 0:d92f9d21154c | 2392 | WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) |
wolfSSL | 0:d92f9d21154c | 2393 | { |
wolfSSL | 0:d92f9d21154c | 2394 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2395 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2396 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2397 | if (method) { |
wolfSSL | 0:d92f9d21154c | 2398 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 0:d92f9d21154c | 2399 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 0:d92f9d21154c | 2400 | } |
wolfSSL | 0:d92f9d21154c | 2401 | return method; |
wolfSSL | 0:d92f9d21154c | 2402 | } |
wolfSSL | 0:d92f9d21154c | 2403 | |
wolfSSL | 0:d92f9d21154c | 2404 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 0:d92f9d21154c | 2405 | |
wolfSSL | 0:d92f9d21154c | 2406 | #ifndef NO_SHA256 /* can't use without SHA256 */ |
wolfSSL | 0:d92f9d21154c | 2407 | |
wolfSSL | 0:d92f9d21154c | 2408 | WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) |
wolfSSL | 0:d92f9d21154c | 2409 | { |
wolfSSL | 0:d92f9d21154c | 2410 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2411 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2412 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2413 | if (method) { |
wolfSSL | 0:d92f9d21154c | 2414 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 0:d92f9d21154c | 2415 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 0:d92f9d21154c | 2416 | } |
wolfSSL | 0:d92f9d21154c | 2417 | return method; |
wolfSSL | 0:d92f9d21154c | 2418 | } |
wolfSSL | 0:d92f9d21154c | 2419 | |
wolfSSL | 0:d92f9d21154c | 2420 | #endif |
wolfSSL | 0:d92f9d21154c | 2421 | |
wolfSSL | 0:d92f9d21154c | 2422 | |
wolfSSL | 0:d92f9d21154c | 2423 | WOLFSSL_METHOD* wolfSSLv23_server_method(void) |
wolfSSL | 0:d92f9d21154c | 2424 | { |
wolfSSL | 0:d92f9d21154c | 2425 | WOLFSSL_METHOD* method = |
wolfSSL | 0:d92f9d21154c | 2426 | (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, |
wolfSSL | 0:d92f9d21154c | 2427 | DYNAMIC_TYPE_METHOD); |
wolfSSL | 0:d92f9d21154c | 2428 | if (method) { |
wolfSSL | 0:d92f9d21154c | 2429 | #ifndef NO_SHA256 /* 1.2 requires SHA256 */ |
wolfSSL | 0:d92f9d21154c | 2430 | InitSSL_Method(method, MakeTLSv1_2()); |
wolfSSL | 0:d92f9d21154c | 2431 | #else |
wolfSSL | 0:d92f9d21154c | 2432 | InitSSL_Method(method, MakeTLSv1_1()); |
wolfSSL | 0:d92f9d21154c | 2433 | #endif |
wolfSSL | 0:d92f9d21154c | 2434 | method->side = WOLFSSL_SERVER_END; |
wolfSSL | 0:d92f9d21154c | 2435 | #ifndef NO_OLD_TLS |
wolfSSL | 0:d92f9d21154c | 2436 | method->downgrade = 1; |
wolfSSL | 0:d92f9d21154c | 2437 | #endif /* !NO_OLD_TLS */ |
wolfSSL | 0:d92f9d21154c | 2438 | } |
wolfSSL | 0:d92f9d21154c | 2439 | return method; |
wolfSSL | 0:d92f9d21154c | 2440 | } |
wolfSSL | 0:d92f9d21154c | 2441 | |
wolfSSL | 0:d92f9d21154c | 2442 | |
wolfSSL | 0:d92f9d21154c | 2443 | |
wolfSSL | 0:d92f9d21154c | 2444 | #endif /* NO_WOLFSSL_SERVER */ |
wolfSSL | 0:d92f9d21154c | 2445 | #endif /* NO_TLS */ |
wolfSSL | 0:d92f9d21154c | 2446 | |
wolfSSL | 0:d92f9d21154c | 2447 |