wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/tls.c@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 26 00:39:20 2015 +0000
Revision:
0:d92f9d21154c
wolfSSL 3.6.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:d92f9d21154c 1 /* tls.c
wolfSSL 0:d92f9d21154c 2 *
wolfSSL 0:d92f9d21154c 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:d92f9d21154c 4 *
wolfSSL 0:d92f9d21154c 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:d92f9d21154c 6 *
wolfSSL 0:d92f9d21154c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:d92f9d21154c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:d92f9d21154c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:d92f9d21154c 10 * (at your option) any later version.
wolfSSL 0:d92f9d21154c 11 *
wolfSSL 0:d92f9d21154c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:d92f9d21154c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:d92f9d21154c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:d92f9d21154c 15 * GNU General Public License for more details.
wolfSSL 0:d92f9d21154c 16 *
wolfSSL 0:d92f9d21154c 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:d92f9d21154c 18 * along with this program; if not, write to the Free Software
wolfSSL 0:d92f9d21154c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:d92f9d21154c 20 */
wolfSSL 0:d92f9d21154c 21
wolfSSL 0:d92f9d21154c 22
wolfSSL 0:d92f9d21154c 23 #ifdef HAVE_CONFIG_H
wolfSSL 0:d92f9d21154c 24 #include <config.h>
wolfSSL 0:d92f9d21154c 25 #endif
wolfSSL 0:d92f9d21154c 26
wolfSSL 0:d92f9d21154c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 0:d92f9d21154c 28
wolfSSL 0:d92f9d21154c 29 #include <wolfssl/ssl.h>
wolfSSL 0:d92f9d21154c 30 #include <wolfssl/internal.h>
wolfSSL 0:d92f9d21154c 31 #include <wolfssl/error-ssl.h>
wolfSSL 0:d92f9d21154c 32 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 0:d92f9d21154c 33 #ifdef NO_INLINE
wolfSSL 0:d92f9d21154c 34 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 0:d92f9d21154c 35 #else
wolfSSL 0:d92f9d21154c 36 #include <wolfcrypt/src/misc.c>
wolfSSL 0:d92f9d21154c 37 #endif
wolfSSL 0:d92f9d21154c 38
wolfSSL 0:d92f9d21154c 39
wolfSSL 0:d92f9d21154c 40
wolfSSL 0:d92f9d21154c 41 #ifndef NO_TLS
wolfSSL 0:d92f9d21154c 42
wolfSSL 0:d92f9d21154c 43
wolfSSL 0:d92f9d21154c 44 #ifndef WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 45 #define WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 46
wolfSSL 0:d92f9d21154c 47 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:d92f9d21154c 48 {
wolfSSL 0:d92f9d21154c 49 return a > b ? b : a;
wolfSSL 0:d92f9d21154c 50 }
wolfSSL 0:d92f9d21154c 51
wolfSSL 0:d92f9d21154c 52 #endif /* WOLFSSL_HAVE_MIN */
wolfSSL 0:d92f9d21154c 53
wolfSSL 0:d92f9d21154c 54
wolfSSL 0:d92f9d21154c 55 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 56 #define P_HASH_MAX_SIZE SHA384_DIGEST_SIZE
wolfSSL 0:d92f9d21154c 57 #else
wolfSSL 0:d92f9d21154c 58 #define P_HASH_MAX_SIZE SHA256_DIGEST_SIZE
wolfSSL 0:d92f9d21154c 59 #endif
wolfSSL 0:d92f9d21154c 60
wolfSSL 0:d92f9d21154c 61 /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL 0:d92f9d21154c 62 static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL 0:d92f9d21154c 63 word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL 0:d92f9d21154c 64 {
wolfSSL 0:d92f9d21154c 65 word32 len = P_HASH_MAX_SIZE;
wolfSSL 0:d92f9d21154c 66 word32 times;
wolfSSL 0:d92f9d21154c 67 word32 lastLen;
wolfSSL 0:d92f9d21154c 68 word32 lastTime;
wolfSSL 0:d92f9d21154c 69 word32 i;
wolfSSL 0:d92f9d21154c 70 word32 idx = 0;
wolfSSL 0:d92f9d21154c 71 int ret = 0;
wolfSSL 0:d92f9d21154c 72 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 73 byte* previous;
wolfSSL 0:d92f9d21154c 74 byte* current;
wolfSSL 0:d92f9d21154c 75 Hmac* hmac;
wolfSSL 0:d92f9d21154c 76 #else
wolfSSL 0:d92f9d21154c 77 byte previous[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 0:d92f9d21154c 78 byte current[P_HASH_MAX_SIZE]; /* max size */
wolfSSL 0:d92f9d21154c 79 Hmac hmac[1];
wolfSSL 0:d92f9d21154c 80 #endif
wolfSSL 0:d92f9d21154c 81
wolfSSL 0:d92f9d21154c 82 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 83 previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 84 current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 85 hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 86
wolfSSL 0:d92f9d21154c 87 if (previous == NULL || current == NULL || hmac == NULL) {
wolfSSL 0:d92f9d21154c 88 if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 89 if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 90 if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 91
wolfSSL 0:d92f9d21154c 92 return MEMORY_E;
wolfSSL 0:d92f9d21154c 93 }
wolfSSL 0:d92f9d21154c 94 #endif
wolfSSL 0:d92f9d21154c 95
wolfSSL 0:d92f9d21154c 96 switch (hash) {
wolfSSL 0:d92f9d21154c 97 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 98 case md5_mac:
wolfSSL 0:d92f9d21154c 99 hash = MD5;
wolfSSL 0:d92f9d21154c 100 len = MD5_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 101 break;
wolfSSL 0:d92f9d21154c 102 #endif
wolfSSL 0:d92f9d21154c 103
wolfSSL 0:d92f9d21154c 104 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 105 case sha256_mac:
wolfSSL 0:d92f9d21154c 106 hash = SHA256;
wolfSSL 0:d92f9d21154c 107 len = SHA256_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 108 break;
wolfSSL 0:d92f9d21154c 109 #endif
wolfSSL 0:d92f9d21154c 110
wolfSSL 0:d92f9d21154c 111 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 112 case sha384_mac:
wolfSSL 0:d92f9d21154c 113 hash = SHA384;
wolfSSL 0:d92f9d21154c 114 len = SHA384_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 115 break;
wolfSSL 0:d92f9d21154c 116 #endif
wolfSSL 0:d92f9d21154c 117
wolfSSL 0:d92f9d21154c 118 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 119 case sha_mac:
wolfSSL 0:d92f9d21154c 120 default:
wolfSSL 0:d92f9d21154c 121 hash = SHA;
wolfSSL 0:d92f9d21154c 122 len = SHA_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 123 break;
wolfSSL 0:d92f9d21154c 124 #endif
wolfSSL 0:d92f9d21154c 125 }
wolfSSL 0:d92f9d21154c 126
wolfSSL 0:d92f9d21154c 127 times = resLen / len;
wolfSSL 0:d92f9d21154c 128 lastLen = resLen % len;
wolfSSL 0:d92f9d21154c 129
wolfSSL 0:d92f9d21154c 130 if (lastLen)
wolfSSL 0:d92f9d21154c 131 times += 1;
wolfSSL 0:d92f9d21154c 132
wolfSSL 0:d92f9d21154c 133 lastTime = times - 1;
wolfSSL 0:d92f9d21154c 134
wolfSSL 0:d92f9d21154c 135 if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) {
wolfSSL 0:d92f9d21154c 136 if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */
wolfSSL 0:d92f9d21154c 137 if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */
wolfSSL 0:d92f9d21154c 138 for (i = 0; i < times; i++) {
wolfSSL 0:d92f9d21154c 139 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 0:d92f9d21154c 140 if (ret != 0)
wolfSSL 0:d92f9d21154c 141 break;
wolfSSL 0:d92f9d21154c 142 ret = wc_HmacUpdate(hmac, seed, seedLen);
wolfSSL 0:d92f9d21154c 143 if (ret != 0)
wolfSSL 0:d92f9d21154c 144 break;
wolfSSL 0:d92f9d21154c 145 ret = wc_HmacFinal(hmac, current);
wolfSSL 0:d92f9d21154c 146 if (ret != 0)
wolfSSL 0:d92f9d21154c 147 break;
wolfSSL 0:d92f9d21154c 148
wolfSSL 0:d92f9d21154c 149 if ((i == lastTime) && lastLen)
wolfSSL 0:d92f9d21154c 150 XMEMCPY(&result[idx], current,
wolfSSL 0:d92f9d21154c 151 min(lastLen, P_HASH_MAX_SIZE));
wolfSSL 0:d92f9d21154c 152 else {
wolfSSL 0:d92f9d21154c 153 XMEMCPY(&result[idx], current, len);
wolfSSL 0:d92f9d21154c 154 idx += len;
wolfSSL 0:d92f9d21154c 155 ret = wc_HmacUpdate(hmac, previous, len);
wolfSSL 0:d92f9d21154c 156 if (ret != 0)
wolfSSL 0:d92f9d21154c 157 break;
wolfSSL 0:d92f9d21154c 158 ret = wc_HmacFinal(hmac, previous);
wolfSSL 0:d92f9d21154c 159 if (ret != 0)
wolfSSL 0:d92f9d21154c 160 break;
wolfSSL 0:d92f9d21154c 161 }
wolfSSL 0:d92f9d21154c 162 }
wolfSSL 0:d92f9d21154c 163 }
wolfSSL 0:d92f9d21154c 164 }
wolfSSL 0:d92f9d21154c 165 }
wolfSSL 0:d92f9d21154c 166
wolfSSL 0:d92f9d21154c 167 ForceZero(previous, P_HASH_MAX_SIZE);
wolfSSL 0:d92f9d21154c 168 ForceZero(current, P_HASH_MAX_SIZE);
wolfSSL 0:d92f9d21154c 169 ForceZero(hmac, sizeof(Hmac));
wolfSSL 0:d92f9d21154c 170
wolfSSL 0:d92f9d21154c 171 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 172 XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 173 XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 174 XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 175 #endif
wolfSSL 0:d92f9d21154c 176
wolfSSL 0:d92f9d21154c 177 return ret;
wolfSSL 0:d92f9d21154c 178 }
wolfSSL 0:d92f9d21154c 179
wolfSSL 0:d92f9d21154c 180 #undef P_HASH_MAX_SIZE
wolfSSL 0:d92f9d21154c 181
wolfSSL 0:d92f9d21154c 182
wolfSSL 0:d92f9d21154c 183 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 184
wolfSSL 0:d92f9d21154c 185 /* calculate XOR for TLSv1 PRF */
wolfSSL 0:d92f9d21154c 186 static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
wolfSSL 0:d92f9d21154c 187 {
wolfSSL 0:d92f9d21154c 188 word32 i;
wolfSSL 0:d92f9d21154c 189
wolfSSL 0:d92f9d21154c 190 for (i = 0; i < digLen; i++)
wolfSSL 0:d92f9d21154c 191 digest[i] = md5[i] ^ sha[i];
wolfSSL 0:d92f9d21154c 192 }
wolfSSL 0:d92f9d21154c 193
wolfSSL 0:d92f9d21154c 194
wolfSSL 0:d92f9d21154c 195 /* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL 0:d92f9d21154c 196 static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL 0:d92f9d21154c 197 const byte* label, word32 labLen, const byte* seed,
wolfSSL 0:d92f9d21154c 198 word32 seedLen)
wolfSSL 0:d92f9d21154c 199 {
wolfSSL 0:d92f9d21154c 200 int ret = 0;
wolfSSL 0:d92f9d21154c 201 word32 half = (secLen + 1) / 2;
wolfSSL 0:d92f9d21154c 202
wolfSSL 0:d92f9d21154c 203 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 204 byte* md5_half;
wolfSSL 0:d92f9d21154c 205 byte* sha_half;
wolfSSL 0:d92f9d21154c 206 byte* labelSeed;
wolfSSL 0:d92f9d21154c 207 byte* md5_result;
wolfSSL 0:d92f9d21154c 208 byte* sha_result;
wolfSSL 0:d92f9d21154c 209 #else
wolfSSL 0:d92f9d21154c 210 byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 0:d92f9d21154c 211 byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL 0:d92f9d21154c 212 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 0:d92f9d21154c 213 byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 0:d92f9d21154c 214 byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL 0:d92f9d21154c 215 #endif
wolfSSL 0:d92f9d21154c 216
wolfSSL 0:d92f9d21154c 217 if (half > MAX_PRF_HALF)
wolfSSL 0:d92f9d21154c 218 return BUFFER_E;
wolfSSL 0:d92f9d21154c 219 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 0:d92f9d21154c 220 return BUFFER_E;
wolfSSL 0:d92f9d21154c 221 if (digLen > MAX_PRF_DIG)
wolfSSL 0:d92f9d21154c 222 return BUFFER_E;
wolfSSL 0:d92f9d21154c 223
wolfSSL 0:d92f9d21154c 224 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 225 md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 226 sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 227 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 228 md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 229 sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 230
wolfSSL 0:d92f9d21154c 231 if (md5_half == NULL || sha_half == NULL || labelSeed == NULL ||
wolfSSL 0:d92f9d21154c 232 md5_result == NULL || sha_result == NULL) {
wolfSSL 0:d92f9d21154c 233 if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 234 if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 235 if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 236 if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 237 if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 238
wolfSSL 0:d92f9d21154c 239 return MEMORY_E;
wolfSSL 0:d92f9d21154c 240 }
wolfSSL 0:d92f9d21154c 241 #endif
wolfSSL 0:d92f9d21154c 242
wolfSSL 0:d92f9d21154c 243 XMEMSET(md5_result, 0, digLen);
wolfSSL 0:d92f9d21154c 244 XMEMSET(sha_result, 0, digLen);
wolfSSL 0:d92f9d21154c 245
wolfSSL 0:d92f9d21154c 246 XMEMCPY(md5_half, secret, half);
wolfSSL 0:d92f9d21154c 247 XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL 0:d92f9d21154c 248
wolfSSL 0:d92f9d21154c 249 XMEMCPY(labelSeed, label, labLen);
wolfSSL 0:d92f9d21154c 250 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 0:d92f9d21154c 251
wolfSSL 0:d92f9d21154c 252 if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL 0:d92f9d21154c 253 labLen + seedLen, md5_mac)) == 0) {
wolfSSL 0:d92f9d21154c 254 if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL 0:d92f9d21154c 255 labLen + seedLen, sha_mac)) == 0) {
wolfSSL 0:d92f9d21154c 256 get_xor(digest, digLen, md5_result, sha_result);
wolfSSL 0:d92f9d21154c 257 }
wolfSSL 0:d92f9d21154c 258 }
wolfSSL 0:d92f9d21154c 259
wolfSSL 0:d92f9d21154c 260 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 261 XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 262 XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 263 XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 264 XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 265 XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 266 #endif
wolfSSL 0:d92f9d21154c 267
wolfSSL 0:d92f9d21154c 268 return ret;
wolfSSL 0:d92f9d21154c 269 }
wolfSSL 0:d92f9d21154c 270
wolfSSL 0:d92f9d21154c 271 #endif
wolfSSL 0:d92f9d21154c 272
wolfSSL 0:d92f9d21154c 273
wolfSSL 0:d92f9d21154c 274 /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL 0:d92f9d21154c 275 use */
wolfSSL 0:d92f9d21154c 276 static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL 0:d92f9d21154c 277 const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL 0:d92f9d21154c 278 int useAtLeastSha256, int hash_type)
wolfSSL 0:d92f9d21154c 279 {
wolfSSL 0:d92f9d21154c 280 int ret = 0;
wolfSSL 0:d92f9d21154c 281
wolfSSL 0:d92f9d21154c 282 if (useAtLeastSha256) {
wolfSSL 0:d92f9d21154c 283 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 284 byte* labelSeed;
wolfSSL 0:d92f9d21154c 285 #else
wolfSSL 0:d92f9d21154c 286 byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL 0:d92f9d21154c 287 #endif
wolfSSL 0:d92f9d21154c 288
wolfSSL 0:d92f9d21154c 289 if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL 0:d92f9d21154c 290 return BUFFER_E;
wolfSSL 0:d92f9d21154c 291
wolfSSL 0:d92f9d21154c 292 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 293 labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
wolfSSL 0:d92f9d21154c 294 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 295 if (labelSeed == NULL)
wolfSSL 0:d92f9d21154c 296 return MEMORY_E;
wolfSSL 0:d92f9d21154c 297 #endif
wolfSSL 0:d92f9d21154c 298
wolfSSL 0:d92f9d21154c 299 XMEMCPY(labelSeed, label, labLen);
wolfSSL 0:d92f9d21154c 300 XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL 0:d92f9d21154c 301
wolfSSL 0:d92f9d21154c 302 /* If a cipher suite wants an algorithm better than sha256, it
wolfSSL 0:d92f9d21154c 303 * should use better. */
wolfSSL 0:d92f9d21154c 304 if (hash_type < sha256_mac)
wolfSSL 0:d92f9d21154c 305 hash_type = sha256_mac;
wolfSSL 0:d92f9d21154c 306 ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL 0:d92f9d21154c 307 labLen + seedLen, hash_type);
wolfSSL 0:d92f9d21154c 308
wolfSSL 0:d92f9d21154c 309 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 310 XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 311 #endif
wolfSSL 0:d92f9d21154c 312 }
wolfSSL 0:d92f9d21154c 313 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 314 else {
wolfSSL 0:d92f9d21154c 315 ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL 0:d92f9d21154c 316 seedLen);
wolfSSL 0:d92f9d21154c 317 }
wolfSSL 0:d92f9d21154c 318 #endif
wolfSSL 0:d92f9d21154c 319
wolfSSL 0:d92f9d21154c 320 return ret;
wolfSSL 0:d92f9d21154c 321 }
wolfSSL 0:d92f9d21154c 322
wolfSSL 0:d92f9d21154c 323
wolfSSL 0:d92f9d21154c 324 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 325 #define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL 0:d92f9d21154c 326 #else
wolfSSL 0:d92f9d21154c 327 #define HSHASH_SZ FINISHED_SZ
wolfSSL 0:d92f9d21154c 328 #endif
wolfSSL 0:d92f9d21154c 329
wolfSSL 0:d92f9d21154c 330
wolfSSL 0:d92f9d21154c 331 int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 0:d92f9d21154c 332 {
wolfSSL 0:d92f9d21154c 333 const byte* side;
wolfSSL 0:d92f9d21154c 334 byte handshake_hash[HSHASH_SZ];
wolfSSL 0:d92f9d21154c 335 word32 hashSz = FINISHED_SZ;
wolfSSL 0:d92f9d21154c 336
wolfSSL 0:d92f9d21154c 337 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 338 wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
wolfSSL 0:d92f9d21154c 339 wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wolfSSL 0:d92f9d21154c 340 #endif
wolfSSL 0:d92f9d21154c 341
wolfSSL 0:d92f9d21154c 342 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:d92f9d21154c 343 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 344 if (ssl->specs.mac_algorithm <= sha256_mac) {
wolfSSL 0:d92f9d21154c 345 int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
wolfSSL 0:d92f9d21154c 346
wolfSSL 0:d92f9d21154c 347 if (ret != 0)
wolfSSL 0:d92f9d21154c 348 return ret;
wolfSSL 0:d92f9d21154c 349
wolfSSL 0:d92f9d21154c 350 hashSz = SHA256_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 351 }
wolfSSL 0:d92f9d21154c 352 #endif
wolfSSL 0:d92f9d21154c 353 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 354 if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL 0:d92f9d21154c 355 int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
wolfSSL 0:d92f9d21154c 356
wolfSSL 0:d92f9d21154c 357 if (ret != 0)
wolfSSL 0:d92f9d21154c 358 return ret;
wolfSSL 0:d92f9d21154c 359
wolfSSL 0:d92f9d21154c 360 hashSz = SHA384_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 361 }
wolfSSL 0:d92f9d21154c 362 #endif
wolfSSL 0:d92f9d21154c 363 }
wolfSSL 0:d92f9d21154c 364
wolfSSL 0:d92f9d21154c 365 if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
wolfSSL 0:d92f9d21154c 366 side = tls_client;
wolfSSL 0:d92f9d21154c 367 else
wolfSSL 0:d92f9d21154c 368 side = tls_server;
wolfSSL 0:d92f9d21154c 369
wolfSSL 0:d92f9d21154c 370 return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL 0:d92f9d21154c 371 SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL 0:d92f9d21154c 372 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:d92f9d21154c 373 }
wolfSSL 0:d92f9d21154c 374
wolfSSL 0:d92f9d21154c 375
wolfSSL 0:d92f9d21154c 376 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 377
wolfSSL 0:d92f9d21154c 378 ProtocolVersion MakeTLSv1(void)
wolfSSL 0:d92f9d21154c 379 {
wolfSSL 0:d92f9d21154c 380 ProtocolVersion pv;
wolfSSL 0:d92f9d21154c 381 pv.major = SSLv3_MAJOR;
wolfSSL 0:d92f9d21154c 382 pv.minor = TLSv1_MINOR;
wolfSSL 0:d92f9d21154c 383
wolfSSL 0:d92f9d21154c 384 return pv;
wolfSSL 0:d92f9d21154c 385 }
wolfSSL 0:d92f9d21154c 386
wolfSSL 0:d92f9d21154c 387
wolfSSL 0:d92f9d21154c 388 ProtocolVersion MakeTLSv1_1(void)
wolfSSL 0:d92f9d21154c 389 {
wolfSSL 0:d92f9d21154c 390 ProtocolVersion pv;
wolfSSL 0:d92f9d21154c 391 pv.major = SSLv3_MAJOR;
wolfSSL 0:d92f9d21154c 392 pv.minor = TLSv1_1_MINOR;
wolfSSL 0:d92f9d21154c 393
wolfSSL 0:d92f9d21154c 394 return pv;
wolfSSL 0:d92f9d21154c 395 }
wolfSSL 0:d92f9d21154c 396
wolfSSL 0:d92f9d21154c 397 #endif
wolfSSL 0:d92f9d21154c 398
wolfSSL 0:d92f9d21154c 399
wolfSSL 0:d92f9d21154c 400 ProtocolVersion MakeTLSv1_2(void)
wolfSSL 0:d92f9d21154c 401 {
wolfSSL 0:d92f9d21154c 402 ProtocolVersion pv;
wolfSSL 0:d92f9d21154c 403 pv.major = SSLv3_MAJOR;
wolfSSL 0:d92f9d21154c 404 pv.minor = TLSv1_2_MINOR;
wolfSSL 0:d92f9d21154c 405
wolfSSL 0:d92f9d21154c 406 return pv;
wolfSSL 0:d92f9d21154c 407 }
wolfSSL 0:d92f9d21154c 408
wolfSSL 0:d92f9d21154c 409
wolfSSL 0:d92f9d21154c 410 static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL 0:d92f9d21154c 411 static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL 0:d92f9d21154c 412
wolfSSL 0:d92f9d21154c 413
wolfSSL 0:d92f9d21154c 414 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 0:d92f9d21154c 415 int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
wolfSSL 0:d92f9d21154c 416 const byte* ms, word32 msLen,
wolfSSL 0:d92f9d21154c 417 const byte* sr, const byte* cr,
wolfSSL 0:d92f9d21154c 418 int tls1_2, int hash_type)
wolfSSL 0:d92f9d21154c 419 {
wolfSSL 0:d92f9d21154c 420 byte seed[SEED_LEN];
wolfSSL 0:d92f9d21154c 421
wolfSSL 0:d92f9d21154c 422 XMEMCPY(seed, sr, RAN_LEN);
wolfSSL 0:d92f9d21154c 423 XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
wolfSSL 0:d92f9d21154c 424
wolfSSL 0:d92f9d21154c 425 return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
wolfSSL 0:d92f9d21154c 426 seed, SEED_LEN, tls1_2, hash_type);
wolfSSL 0:d92f9d21154c 427 }
wolfSSL 0:d92f9d21154c 428
wolfSSL 0:d92f9d21154c 429
wolfSSL 0:d92f9d21154c 430 int DeriveTlsKeys(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 431 {
wolfSSL 0:d92f9d21154c 432 int ret;
wolfSSL 0:d92f9d21154c 433 int length = 2 * ssl->specs.hash_size +
wolfSSL 0:d92f9d21154c 434 2 * ssl->specs.key_size +
wolfSSL 0:d92f9d21154c 435 2 * ssl->specs.iv_size;
wolfSSL 0:d92f9d21154c 436 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 437 byte* key_data;
wolfSSL 0:d92f9d21154c 438 #else
wolfSSL 0:d92f9d21154c 439 byte key_data[MAX_PRF_DIG];
wolfSSL 0:d92f9d21154c 440 #endif
wolfSSL 0:d92f9d21154c 441
wolfSSL 0:d92f9d21154c 442 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 443 key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 444 if (key_data == NULL) {
wolfSSL 0:d92f9d21154c 445 return MEMORY_E;
wolfSSL 0:d92f9d21154c 446 }
wolfSSL 0:d92f9d21154c 447 #endif
wolfSSL 0:d92f9d21154c 448
wolfSSL 0:d92f9d21154c 449 ret = wolfSSL_DeriveTlsKeys(key_data, length,
wolfSSL 0:d92f9d21154c 450 ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:d92f9d21154c 451 ssl->arrays->serverRandom, ssl->arrays->clientRandom,
wolfSSL 0:d92f9d21154c 452 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:d92f9d21154c 453 if (ret == 0)
wolfSSL 0:d92f9d21154c 454 ret = StoreKeys(ssl, key_data);
wolfSSL 0:d92f9d21154c 455
wolfSSL 0:d92f9d21154c 456 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 457 XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 458 #endif
wolfSSL 0:d92f9d21154c 459
wolfSSL 0:d92f9d21154c 460 return ret;
wolfSSL 0:d92f9d21154c 461 }
wolfSSL 0:d92f9d21154c 462
wolfSSL 0:d92f9d21154c 463
wolfSSL 0:d92f9d21154c 464 /* External facing wrapper so user can call as well, 0 on success */
wolfSSL 0:d92f9d21154c 465 int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
wolfSSL 0:d92f9d21154c 466 const byte* pms, word32 pmsLen,
wolfSSL 0:d92f9d21154c 467 const byte* cr, const byte* sr,
wolfSSL 0:d92f9d21154c 468 int tls1_2, int hash_type)
wolfSSL 0:d92f9d21154c 469 {
wolfSSL 0:d92f9d21154c 470 byte seed[SEED_LEN];
wolfSSL 0:d92f9d21154c 471
wolfSSL 0:d92f9d21154c 472 XMEMCPY(seed, cr, RAN_LEN);
wolfSSL 0:d92f9d21154c 473 XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
wolfSSL 0:d92f9d21154c 474
wolfSSL 0:d92f9d21154c 475 return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
wolfSSL 0:d92f9d21154c 476 seed, SEED_LEN, tls1_2, hash_type);
wolfSSL 0:d92f9d21154c 477 }
wolfSSL 0:d92f9d21154c 478
wolfSSL 0:d92f9d21154c 479
wolfSSL 0:d92f9d21154c 480 int MakeTlsMasterSecret(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 481 {
wolfSSL 0:d92f9d21154c 482 int ret;
wolfSSL 0:d92f9d21154c 483
wolfSSL 0:d92f9d21154c 484 ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:d92f9d21154c 485 ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL 0:d92f9d21154c 486 ssl->arrays->clientRandom, ssl->arrays->serverRandom,
wolfSSL 0:d92f9d21154c 487 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:d92f9d21154c 488
wolfSSL 0:d92f9d21154c 489 if (ret == 0) {
wolfSSL 0:d92f9d21154c 490 #ifdef SHOW_SECRETS
wolfSSL 0:d92f9d21154c 491 int i;
wolfSSL 0:d92f9d21154c 492
wolfSSL 0:d92f9d21154c 493 printf("master secret: ");
wolfSSL 0:d92f9d21154c 494 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 0:d92f9d21154c 495 printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL 0:d92f9d21154c 496 printf("\n");
wolfSSL 0:d92f9d21154c 497 #endif
wolfSSL 0:d92f9d21154c 498
wolfSSL 0:d92f9d21154c 499 ret = DeriveTlsKeys(ssl);
wolfSSL 0:d92f9d21154c 500 }
wolfSSL 0:d92f9d21154c 501
wolfSSL 0:d92f9d21154c 502 return ret;
wolfSSL 0:d92f9d21154c 503 }
wolfSSL 0:d92f9d21154c 504
wolfSSL 0:d92f9d21154c 505
wolfSSL 0:d92f9d21154c 506 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL 0:d92f9d21154c 507 * the master_secret. */
wolfSSL 0:d92f9d21154c 508 int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
wolfSSL 0:d92f9d21154c 509 const char* label)
wolfSSL 0:d92f9d21154c 510 {
wolfSSL 0:d92f9d21154c 511 int ret;
wolfSSL 0:d92f9d21154c 512 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 513 byte* seed;
wolfSSL 0:d92f9d21154c 514 #else
wolfSSL 0:d92f9d21154c 515 byte seed[SEED_LEN];
wolfSSL 0:d92f9d21154c 516 #endif
wolfSSL 0:d92f9d21154c 517
wolfSSL 0:d92f9d21154c 518 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 519 seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 520 if (seed == NULL)
wolfSSL 0:d92f9d21154c 521 return MEMORY_E;
wolfSSL 0:d92f9d21154c 522 #endif
wolfSSL 0:d92f9d21154c 523
wolfSSL 0:d92f9d21154c 524 /*
wolfSSL 0:d92f9d21154c 525 * As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL 0:d92f9d21154c 526 * from that used by the TLS protocol to derive keys.
wolfSSL 0:d92f9d21154c 527 */
wolfSSL 0:d92f9d21154c 528 XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 0:d92f9d21154c 529 XMEMCPY(seed + RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 0:d92f9d21154c 530
wolfSSL 0:d92f9d21154c 531 ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL 0:d92f9d21154c 532 (const byte *)label, (word32)strlen(label), seed, SEED_LEN,
wolfSSL 0:d92f9d21154c 533 IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL 0:d92f9d21154c 534
wolfSSL 0:d92f9d21154c 535 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 536 XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 537 #endif
wolfSSL 0:d92f9d21154c 538
wolfSSL 0:d92f9d21154c 539 return ret;
wolfSSL 0:d92f9d21154c 540 }
wolfSSL 0:d92f9d21154c 541
wolfSSL 0:d92f9d21154c 542
wolfSSL 0:d92f9d21154c 543 /*** next for static INLINE s copied internal.c ***/
wolfSSL 0:d92f9d21154c 544
wolfSSL 0:d92f9d21154c 545 /* convert 16 bit integer to opaque */
wolfSSL 0:d92f9d21154c 546 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 0:d92f9d21154c 547 {
wolfSSL 0:d92f9d21154c 548 c[0] = (u16 >> 8) & 0xff;
wolfSSL 0:d92f9d21154c 549 c[1] = u16 & 0xff;
wolfSSL 0:d92f9d21154c 550 }
wolfSSL 0:d92f9d21154c 551
wolfSSL 0:d92f9d21154c 552 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 0:d92f9d21154c 553 /* convert opaque to 16 bit integer */
wolfSSL 0:d92f9d21154c 554 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 0:d92f9d21154c 555 {
wolfSSL 0:d92f9d21154c 556 *u16 = (c[0] << 8) | (c[1]);
wolfSSL 0:d92f9d21154c 557 }
wolfSSL 0:d92f9d21154c 558
wolfSSL 0:d92f9d21154c 559 #ifdef HAVE_SNI
wolfSSL 0:d92f9d21154c 560 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 0:d92f9d21154c 561 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 0:d92f9d21154c 562 {
wolfSSL 0:d92f9d21154c 563 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 0:d92f9d21154c 564 }
wolfSSL 0:d92f9d21154c 565 #endif
wolfSSL 0:d92f9d21154c 566 #endif
wolfSSL 0:d92f9d21154c 567
wolfSSL 0:d92f9d21154c 568 /* convert 32 bit integer to opaque */
wolfSSL 0:d92f9d21154c 569 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 0:d92f9d21154c 570 {
wolfSSL 0:d92f9d21154c 571 c[0] = (u32 >> 24) & 0xff;
wolfSSL 0:d92f9d21154c 572 c[1] = (u32 >> 16) & 0xff;
wolfSSL 0:d92f9d21154c 573 c[2] = (u32 >> 8) & 0xff;
wolfSSL 0:d92f9d21154c 574 c[3] = u32 & 0xff;
wolfSSL 0:d92f9d21154c 575 }
wolfSSL 0:d92f9d21154c 576
wolfSSL 0:d92f9d21154c 577
wolfSSL 0:d92f9d21154c 578 static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
wolfSSL 0:d92f9d21154c 579 {
wolfSSL 0:d92f9d21154c 580 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 581 if (ssl->options.dtls) {
wolfSSL 0:d92f9d21154c 582 if (verify)
wolfSSL 0:d92f9d21154c 583 return ssl->keys.dtls_state.curSeq; /* explicit from peer */
wolfSSL 0:d92f9d21154c 584 else
wolfSSL 0:d92f9d21154c 585 return ssl->keys.dtls_sequence_number - 1; /* already incremented */
wolfSSL 0:d92f9d21154c 586 }
wolfSSL 0:d92f9d21154c 587 #endif
wolfSSL 0:d92f9d21154c 588 if (verify)
wolfSSL 0:d92f9d21154c 589 return ssl->keys.peer_sequence_number++;
wolfSSL 0:d92f9d21154c 590 else
wolfSSL 0:d92f9d21154c 591 return ssl->keys.sequence_number++;
wolfSSL 0:d92f9d21154c 592 }
wolfSSL 0:d92f9d21154c 593
wolfSSL 0:d92f9d21154c 594
wolfSSL 0:d92f9d21154c 595 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 596
wolfSSL 0:d92f9d21154c 597 static INLINE word32 GetEpoch(WOLFSSL* ssl, int verify)
wolfSSL 0:d92f9d21154c 598 {
wolfSSL 0:d92f9d21154c 599 if (verify)
wolfSSL 0:d92f9d21154c 600 return ssl->keys.dtls_state.curEpoch;
wolfSSL 0:d92f9d21154c 601 else
wolfSSL 0:d92f9d21154c 602 return ssl->keys.dtls_epoch;
wolfSSL 0:d92f9d21154c 603 }
wolfSSL 0:d92f9d21154c 604
wolfSSL 0:d92f9d21154c 605 #endif /* WOLFSSL_DTLS */
wolfSSL 0:d92f9d21154c 606
wolfSSL 0:d92f9d21154c 607
wolfSSL 0:d92f9d21154c 608 /*** end copy ***/
wolfSSL 0:d92f9d21154c 609
wolfSSL 0:d92f9d21154c 610
wolfSSL 0:d92f9d21154c 611 /* return HMAC digest type in wolfSSL format */
wolfSSL 0:d92f9d21154c 612 int wolfSSL_GetHmacType(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 613 {
wolfSSL 0:d92f9d21154c 614 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 615 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 616
wolfSSL 0:d92f9d21154c 617 switch (ssl->specs.mac_algorithm) {
wolfSSL 0:d92f9d21154c 618 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 619 case md5_mac:
wolfSSL 0:d92f9d21154c 620 {
wolfSSL 0:d92f9d21154c 621 return MD5;
wolfSSL 0:d92f9d21154c 622 }
wolfSSL 0:d92f9d21154c 623 #endif
wolfSSL 0:d92f9d21154c 624 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 625 case sha256_mac:
wolfSSL 0:d92f9d21154c 626 {
wolfSSL 0:d92f9d21154c 627 return SHA256;
wolfSSL 0:d92f9d21154c 628 }
wolfSSL 0:d92f9d21154c 629 #endif
wolfSSL 0:d92f9d21154c 630 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 631 case sha384_mac:
wolfSSL 0:d92f9d21154c 632 {
wolfSSL 0:d92f9d21154c 633 return SHA384;
wolfSSL 0:d92f9d21154c 634 }
wolfSSL 0:d92f9d21154c 635
wolfSSL 0:d92f9d21154c 636 #endif
wolfSSL 0:d92f9d21154c 637 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 638 case sha_mac:
wolfSSL 0:d92f9d21154c 639 {
wolfSSL 0:d92f9d21154c 640 return SHA;
wolfSSL 0:d92f9d21154c 641 }
wolfSSL 0:d92f9d21154c 642 #endif
wolfSSL 0:d92f9d21154c 643 #ifdef HAVE_BLAKE2
wolfSSL 0:d92f9d21154c 644 case blake2b_mac:
wolfSSL 0:d92f9d21154c 645 {
wolfSSL 0:d92f9d21154c 646 return BLAKE2B_ID;
wolfSSL 0:d92f9d21154c 647 }
wolfSSL 0:d92f9d21154c 648 #endif
wolfSSL 0:d92f9d21154c 649 default:
wolfSSL 0:d92f9d21154c 650 {
wolfSSL 0:d92f9d21154c 651 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 652 }
wolfSSL 0:d92f9d21154c 653 }
wolfSSL 0:d92f9d21154c 654 }
wolfSSL 0:d92f9d21154c 655
wolfSSL 0:d92f9d21154c 656
wolfSSL 0:d92f9d21154c 657 int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
wolfSSL 0:d92f9d21154c 658 int verify)
wolfSSL 0:d92f9d21154c 659 {
wolfSSL 0:d92f9d21154c 660 if (ssl == NULL || inner == NULL)
wolfSSL 0:d92f9d21154c 661 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 662
wolfSSL 0:d92f9d21154c 663 XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
wolfSSL 0:d92f9d21154c 664
wolfSSL 0:d92f9d21154c 665 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 666 if (ssl->options.dtls)
wolfSSL 0:d92f9d21154c 667 c16toa((word16)GetEpoch(ssl, verify), inner);
wolfSSL 0:d92f9d21154c 668 #endif
wolfSSL 0:d92f9d21154c 669 c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
wolfSSL 0:d92f9d21154c 670 inner[SEQ_SZ] = (byte)content;
wolfSSL 0:d92f9d21154c 671 inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL 0:d92f9d21154c 672 inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL 0:d92f9d21154c 673 c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL 0:d92f9d21154c 674
wolfSSL 0:d92f9d21154c 675 return 0;
wolfSSL 0:d92f9d21154c 676 }
wolfSSL 0:d92f9d21154c 677
wolfSSL 0:d92f9d21154c 678
wolfSSL 0:d92f9d21154c 679 /* TLS type HMAC */
wolfSSL 0:d92f9d21154c 680 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 0:d92f9d21154c 681 int content, int verify)
wolfSSL 0:d92f9d21154c 682 {
wolfSSL 0:d92f9d21154c 683 Hmac hmac;
wolfSSL 0:d92f9d21154c 684 int ret;
wolfSSL 0:d92f9d21154c 685 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL 0:d92f9d21154c 686
wolfSSL 0:d92f9d21154c 687 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 688 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 689
wolfSSL 0:d92f9d21154c 690 #ifdef HAVE_FUZZER
wolfSSL 0:d92f9d21154c 691 if (ssl->fuzzerCb)
wolfSSL 0:d92f9d21154c 692 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 0:d92f9d21154c 693 #endif
wolfSSL 0:d92f9d21154c 694
wolfSSL 0:d92f9d21154c 695 wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL 0:d92f9d21154c 696
wolfSSL 0:d92f9d21154c 697 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL 0:d92f9d21154c 698 wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL 0:d92f9d21154c 699 if (ret != 0)
wolfSSL 0:d92f9d21154c 700 return ret;
wolfSSL 0:d92f9d21154c 701 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL 0:d92f9d21154c 702 if (ret != 0)
wolfSSL 0:d92f9d21154c 703 return ret;
wolfSSL 0:d92f9d21154c 704 ret = wc_HmacUpdate(&hmac, in, sz); /* content */
wolfSSL 0:d92f9d21154c 705 if (ret != 0)
wolfSSL 0:d92f9d21154c 706 return ret;
wolfSSL 0:d92f9d21154c 707 ret = wc_HmacFinal(&hmac, digest);
wolfSSL 0:d92f9d21154c 708 if (ret != 0)
wolfSSL 0:d92f9d21154c 709 return ret;
wolfSSL 0:d92f9d21154c 710
wolfSSL 0:d92f9d21154c 711 return 0;
wolfSSL 0:d92f9d21154c 712 }
wolfSSL 0:d92f9d21154c 713
wolfSSL 0:d92f9d21154c 714 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 0:d92f9d21154c 715
wolfSSL 0:d92f9d21154c 716
wolfSSL 0:d92f9d21154c 717 /** Supports up to 64 flags. Update as needed. */
wolfSSL 0:d92f9d21154c 718 #define SEMAPHORE_SIZE 8
wolfSSL 0:d92f9d21154c 719
wolfSSL 0:d92f9d21154c 720
wolfSSL 0:d92f9d21154c 721 static INLINE word16 TLSX_ToSemaphore(word16 type)
wolfSSL 0:d92f9d21154c 722 {
wolfSSL 0:d92f9d21154c 723 switch (type) {
wolfSSL 0:d92f9d21154c 724 case SECURE_RENEGOTIATION:
wolfSSL 0:d92f9d21154c 725 return 63;
wolfSSL 0:d92f9d21154c 726
wolfSSL 0:d92f9d21154c 727 default:
wolfSSL 0:d92f9d21154c 728 if (type > 62) {
wolfSSL 0:d92f9d21154c 729 /* This message SHOULD only happens during the adding of
wolfSSL 0:d92f9d21154c 730 new TLS extensions in which its IANA number overflows
wolfSSL 0:d92f9d21154c 731 the current semaphore's range, or if its number already
wolfSSL 0:d92f9d21154c 732 is assigned to be used by another extension.
wolfSSL 0:d92f9d21154c 733 Use this check value for the new extension and decrement
wolfSSL 0:d92f9d21154c 734 the check value by one. */
wolfSSL 0:d92f9d21154c 735 WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
wolfSSL 0:d92f9d21154c 736 }
wolfSSL 0:d92f9d21154c 737 }
wolfSSL 0:d92f9d21154c 738
wolfSSL 0:d92f9d21154c 739 return type;
wolfSSL 0:d92f9d21154c 740 }
wolfSSL 0:d92f9d21154c 741
wolfSSL 0:d92f9d21154c 742
wolfSSL 0:d92f9d21154c 743 #define IS_OFF(semaphore, light) \
wolfSSL 0:d92f9d21154c 744 ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL 0:d92f9d21154c 745
wolfSSL 0:d92f9d21154c 746
wolfSSL 0:d92f9d21154c 747 #define TURN_ON(semaphore, light) \
wolfSSL 0:d92f9d21154c 748 ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
wolfSSL 0:d92f9d21154c 749
wolfSSL 0:d92f9d21154c 750
wolfSSL 0:d92f9d21154c 751 static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
wolfSSL 0:d92f9d21154c 752 {
wolfSSL 0:d92f9d21154c 753 TLSX* extension;
wolfSSL 0:d92f9d21154c 754
wolfSSL 0:d92f9d21154c 755 extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 756 if (extension == NULL)
wolfSSL 0:d92f9d21154c 757 return MEMORY_E;
wolfSSL 0:d92f9d21154c 758
wolfSSL 0:d92f9d21154c 759 extension->type = type;
wolfSSL 0:d92f9d21154c 760 extension->data = data;
wolfSSL 0:d92f9d21154c 761 extension->resp = 0;
wolfSSL 0:d92f9d21154c 762 extension->next = *list;
wolfSSL 0:d92f9d21154c 763 *list = extension;
wolfSSL 0:d92f9d21154c 764
wolfSSL 0:d92f9d21154c 765 /* remove duplicated extensions, there should be only one of each type. */
wolfSSL 0:d92f9d21154c 766 do {
wolfSSL 0:d92f9d21154c 767 if (extension->next && extension->next->type == type) {
wolfSSL 0:d92f9d21154c 768 TLSX *next = extension->next;
wolfSSL 0:d92f9d21154c 769
wolfSSL 0:d92f9d21154c 770 extension->next = next->next;
wolfSSL 0:d92f9d21154c 771 next->next = NULL;
wolfSSL 0:d92f9d21154c 772
wolfSSL 0:d92f9d21154c 773 TLSX_FreeAll(next);
wolfSSL 0:d92f9d21154c 774
wolfSSL 0:d92f9d21154c 775 /* there is no way to occur more than */
wolfSSL 0:d92f9d21154c 776 /* two extensions of the same type. */
wolfSSL 0:d92f9d21154c 777 break;
wolfSSL 0:d92f9d21154c 778 }
wolfSSL 0:d92f9d21154c 779 } while ((extension = extension->next));
wolfSSL 0:d92f9d21154c 780
wolfSSL 0:d92f9d21154c 781 return 0;
wolfSSL 0:d92f9d21154c 782 }
wolfSSL 0:d92f9d21154c 783
wolfSSL 0:d92f9d21154c 784
wolfSSL 0:d92f9d21154c 785 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 786
wolfSSL 0:d92f9d21154c 787 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
wolfSSL 0:d92f9d21154c 788
wolfSSL 0:d92f9d21154c 789 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
wolfSSL 0:d92f9d21154c 790 {
wolfSSL 0:d92f9d21154c 791 TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL 0:d92f9d21154c 792
wolfSSL 0:d92f9d21154c 793 if (ext)
wolfSSL 0:d92f9d21154c 794 ext->resp = 1;
wolfSSL 0:d92f9d21154c 795 }
wolfSSL 0:d92f9d21154c 796
wolfSSL 0:d92f9d21154c 797 #endif
wolfSSL 0:d92f9d21154c 798
wolfSSL 0:d92f9d21154c 799 /* SNI - Server Name Indication */
wolfSSL 0:d92f9d21154c 800
wolfSSL 0:d92f9d21154c 801 #ifdef HAVE_SNI
wolfSSL 0:d92f9d21154c 802
wolfSSL 0:d92f9d21154c 803 static void TLSX_SNI_Free(SNI* sni)
wolfSSL 0:d92f9d21154c 804 {
wolfSSL 0:d92f9d21154c 805 if (sni) {
wolfSSL 0:d92f9d21154c 806 switch (sni->type) {
wolfSSL 0:d92f9d21154c 807 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 0:d92f9d21154c 808 XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 809 break;
wolfSSL 0:d92f9d21154c 810 }
wolfSSL 0:d92f9d21154c 811
wolfSSL 0:d92f9d21154c 812 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 813 }
wolfSSL 0:d92f9d21154c 814 }
wolfSSL 0:d92f9d21154c 815
wolfSSL 0:d92f9d21154c 816 static void TLSX_SNI_FreeAll(SNI* list)
wolfSSL 0:d92f9d21154c 817 {
wolfSSL 0:d92f9d21154c 818 SNI* sni;
wolfSSL 0:d92f9d21154c 819
wolfSSL 0:d92f9d21154c 820 while ((sni = list)) {
wolfSSL 0:d92f9d21154c 821 list = sni->next;
wolfSSL 0:d92f9d21154c 822 TLSX_SNI_Free(sni);
wolfSSL 0:d92f9d21154c 823 }
wolfSSL 0:d92f9d21154c 824 }
wolfSSL 0:d92f9d21154c 825
wolfSSL 0:d92f9d21154c 826 static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
wolfSSL 0:d92f9d21154c 827 {
wolfSSL 0:d92f9d21154c 828 SNI* sni;
wolfSSL 0:d92f9d21154c 829
wolfSSL 0:d92f9d21154c 830 if (list == NULL)
wolfSSL 0:d92f9d21154c 831 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 832
wolfSSL 0:d92f9d21154c 833 if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:d92f9d21154c 834 return MEMORY_E;
wolfSSL 0:d92f9d21154c 835
wolfSSL 0:d92f9d21154c 836 switch (type) {
wolfSSL 0:d92f9d21154c 837 case WOLFSSL_SNI_HOST_NAME: {
wolfSSL 0:d92f9d21154c 838 sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 839
wolfSSL 0:d92f9d21154c 840 if (sni->data.host_name) {
wolfSSL 0:d92f9d21154c 841 XSTRNCPY(sni->data.host_name, (const char*)data, size);
wolfSSL 0:d92f9d21154c 842 sni->data.host_name[size] = 0;
wolfSSL 0:d92f9d21154c 843 } else {
wolfSSL 0:d92f9d21154c 844 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 845 return MEMORY_E;
wolfSSL 0:d92f9d21154c 846 }
wolfSSL 0:d92f9d21154c 847 }
wolfSSL 0:d92f9d21154c 848 break;
wolfSSL 0:d92f9d21154c 849
wolfSSL 0:d92f9d21154c 850 default: /* invalid type */
wolfSSL 0:d92f9d21154c 851 XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 852 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 853 }
wolfSSL 0:d92f9d21154c 854
wolfSSL 0:d92f9d21154c 855 sni->type = type;
wolfSSL 0:d92f9d21154c 856 sni->next = *list;
wolfSSL 0:d92f9d21154c 857
wolfSSL 0:d92f9d21154c 858 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 859 sni->options = 0;
wolfSSL 0:d92f9d21154c 860 sni->status = WOLFSSL_SNI_NO_MATCH;
wolfSSL 0:d92f9d21154c 861 #endif
wolfSSL 0:d92f9d21154c 862
wolfSSL 0:d92f9d21154c 863 *list = sni;
wolfSSL 0:d92f9d21154c 864
wolfSSL 0:d92f9d21154c 865 return 0;
wolfSSL 0:d92f9d21154c 866 }
wolfSSL 0:d92f9d21154c 867
wolfSSL 0:d92f9d21154c 868 static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL 0:d92f9d21154c 869 {
wolfSSL 0:d92f9d21154c 870 SNI* sni;
wolfSSL 0:d92f9d21154c 871 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 0:d92f9d21154c 872
wolfSSL 0:d92f9d21154c 873 while ((sni = list)) {
wolfSSL 0:d92f9d21154c 874 list = sni->next;
wolfSSL 0:d92f9d21154c 875
wolfSSL 0:d92f9d21154c 876 length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL 0:d92f9d21154c 877
wolfSSL 0:d92f9d21154c 878 switch (sni->type) {
wolfSSL 0:d92f9d21154c 879 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 0:d92f9d21154c 880 length += XSTRLEN((char*)sni->data.host_name);
wolfSSL 0:d92f9d21154c 881 break;
wolfSSL 0:d92f9d21154c 882 }
wolfSSL 0:d92f9d21154c 883 }
wolfSSL 0:d92f9d21154c 884
wolfSSL 0:d92f9d21154c 885 return length;
wolfSSL 0:d92f9d21154c 886 }
wolfSSL 0:d92f9d21154c 887
wolfSSL 0:d92f9d21154c 888 static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL 0:d92f9d21154c 889 {
wolfSSL 0:d92f9d21154c 890 SNI* sni;
wolfSSL 0:d92f9d21154c 891 word16 length = 0;
wolfSSL 0:d92f9d21154c 892 word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL 0:d92f9d21154c 893
wolfSSL 0:d92f9d21154c 894 while ((sni = list)) {
wolfSSL 0:d92f9d21154c 895 list = sni->next;
wolfSSL 0:d92f9d21154c 896
wolfSSL 0:d92f9d21154c 897 output[offset++] = sni->type; /* sni type */
wolfSSL 0:d92f9d21154c 898
wolfSSL 0:d92f9d21154c 899 switch (sni->type) {
wolfSSL 0:d92f9d21154c 900 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 0:d92f9d21154c 901 length = XSTRLEN((char*)sni->data.host_name);
wolfSSL 0:d92f9d21154c 902
wolfSSL 0:d92f9d21154c 903 c16toa(length, output + offset); /* sni length */
wolfSSL 0:d92f9d21154c 904 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 905
wolfSSL 0:d92f9d21154c 906 XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL 0:d92f9d21154c 907
wolfSSL 0:d92f9d21154c 908 offset += length;
wolfSSL 0:d92f9d21154c 909 break;
wolfSSL 0:d92f9d21154c 910 }
wolfSSL 0:d92f9d21154c 911 }
wolfSSL 0:d92f9d21154c 912
wolfSSL 0:d92f9d21154c 913 c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL 0:d92f9d21154c 914
wolfSSL 0:d92f9d21154c 915 return offset;
wolfSSL 0:d92f9d21154c 916 }
wolfSSL 0:d92f9d21154c 917
wolfSSL 0:d92f9d21154c 918 static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL 0:d92f9d21154c 919 {
wolfSSL 0:d92f9d21154c 920 SNI *sni = list;
wolfSSL 0:d92f9d21154c 921
wolfSSL 0:d92f9d21154c 922 while (sni && sni->type != type)
wolfSSL 0:d92f9d21154c 923 sni = sni->next;
wolfSSL 0:d92f9d21154c 924
wolfSSL 0:d92f9d21154c 925 return sni;
wolfSSL 0:d92f9d21154c 926 }
wolfSSL 0:d92f9d21154c 927
wolfSSL 0:d92f9d21154c 928 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 929 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL 0:d92f9d21154c 930 {
wolfSSL 0:d92f9d21154c 931 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 932 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:d92f9d21154c 933
wolfSSL 0:d92f9d21154c 934 if (sni) {
wolfSSL 0:d92f9d21154c 935 sni->status = status;
wolfSSL 0:d92f9d21154c 936 WOLFSSL_MSG("SNI did match!");
wolfSSL 0:d92f9d21154c 937 }
wolfSSL 0:d92f9d21154c 938 }
wolfSSL 0:d92f9d21154c 939
wolfSSL 0:d92f9d21154c 940 byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL 0:d92f9d21154c 941 {
wolfSSL 0:d92f9d21154c 942 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 943 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:d92f9d21154c 944
wolfSSL 0:d92f9d21154c 945 if (sni)
wolfSSL 0:d92f9d21154c 946 return sni->status;
wolfSSL 0:d92f9d21154c 947
wolfSSL 0:d92f9d21154c 948 return 0;
wolfSSL 0:d92f9d21154c 949 }
wolfSSL 0:d92f9d21154c 950 #endif
wolfSSL 0:d92f9d21154c 951
wolfSSL 0:d92f9d21154c 952 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 0:d92f9d21154c 953 byte isRequest)
wolfSSL 0:d92f9d21154c 954 {
wolfSSL 0:d92f9d21154c 955 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 956 word16 size = 0;
wolfSSL 0:d92f9d21154c 957 word16 offset = 0;
wolfSSL 0:d92f9d21154c 958 #endif
wolfSSL 0:d92f9d21154c 959
wolfSSL 0:d92f9d21154c 960 TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 961
wolfSSL 0:d92f9d21154c 962 if (!extension)
wolfSSL 0:d92f9d21154c 963 extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 964
wolfSSL 0:d92f9d21154c 965 if (!extension || !extension->data)
wolfSSL 0:d92f9d21154c 966 return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
wolfSSL 0:d92f9d21154c 967 SNI response from server. */
wolfSSL 0:d92f9d21154c 968
wolfSSL 0:d92f9d21154c 969 if (!isRequest)
wolfSSL 0:d92f9d21154c 970 return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
wolfSSL 0:d92f9d21154c 971 Nothing else to do. */
wolfSSL 0:d92f9d21154c 972
wolfSSL 0:d92f9d21154c 973 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 974
wolfSSL 0:d92f9d21154c 975 if (OPAQUE16_LEN > length)
wolfSSL 0:d92f9d21154c 976 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 977
wolfSSL 0:d92f9d21154c 978 ato16(input, &size);
wolfSSL 0:d92f9d21154c 979 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 980
wolfSSL 0:d92f9d21154c 981 /* validating sni list length */
wolfSSL 0:d92f9d21154c 982 if (length != OPAQUE16_LEN + size)
wolfSSL 0:d92f9d21154c 983 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 984
wolfSSL 0:d92f9d21154c 985 for (size = 0; offset < length; offset += size) {
wolfSSL 0:d92f9d21154c 986 SNI *sni;
wolfSSL 0:d92f9d21154c 987 byte type = input[offset++];
wolfSSL 0:d92f9d21154c 988
wolfSSL 0:d92f9d21154c 989 if (offset + OPAQUE16_LEN > length)
wolfSSL 0:d92f9d21154c 990 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 991
wolfSSL 0:d92f9d21154c 992 ato16(input + offset, &size);
wolfSSL 0:d92f9d21154c 993 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 994
wolfSSL 0:d92f9d21154c 995 if (offset + size > length)
wolfSSL 0:d92f9d21154c 996 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 997
wolfSSL 0:d92f9d21154c 998 if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type))) {
wolfSSL 0:d92f9d21154c 999 continue; /* not using this SNI type */
wolfSSL 0:d92f9d21154c 1000 }
wolfSSL 0:d92f9d21154c 1001
wolfSSL 0:d92f9d21154c 1002 switch(type) {
wolfSSL 0:d92f9d21154c 1003 case WOLFSSL_SNI_HOST_NAME: {
wolfSSL 0:d92f9d21154c 1004 byte matched = (XSTRLEN(sni->data.host_name) == size)
wolfSSL 0:d92f9d21154c 1005 && (XSTRNCMP(sni->data.host_name,
wolfSSL 0:d92f9d21154c 1006 (const char*)input + offset, size) == 0);
wolfSSL 0:d92f9d21154c 1007
wolfSSL 0:d92f9d21154c 1008 if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL 0:d92f9d21154c 1009 int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL 0:d92f9d21154c 1010 type, input + offset, size);
wolfSSL 0:d92f9d21154c 1011
wolfSSL 0:d92f9d21154c 1012 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:d92f9d21154c 1013
wolfSSL 0:d92f9d21154c 1014 TLSX_SNI_SetStatus(ssl->extensions, type,
wolfSSL 0:d92f9d21154c 1015 matched ? WOLFSSL_SNI_REAL_MATCH : WOLFSSL_SNI_FAKE_MATCH);
wolfSSL 0:d92f9d21154c 1016
wolfSSL 0:d92f9d21154c 1017 } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL 0:d92f9d21154c 1018 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 0:d92f9d21154c 1019
wolfSSL 0:d92f9d21154c 1020 return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL 0:d92f9d21154c 1021 }
wolfSSL 0:d92f9d21154c 1022 break;
wolfSSL 0:d92f9d21154c 1023 }
wolfSSL 0:d92f9d21154c 1024 }
wolfSSL 0:d92f9d21154c 1025
wolfSSL 0:d92f9d21154c 1026 TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 1027 }
wolfSSL 0:d92f9d21154c 1028
wolfSSL 0:d92f9d21154c 1029 #endif
wolfSSL 0:d92f9d21154c 1030
wolfSSL 0:d92f9d21154c 1031 return 0;
wolfSSL 0:d92f9d21154c 1032 }
wolfSSL 0:d92f9d21154c 1033
wolfSSL 0:d92f9d21154c 1034 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
wolfSSL 0:d92f9d21154c 1035 {
wolfSSL 0:d92f9d21154c 1036 TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 1037 SNI* sni = NULL;
wolfSSL 0:d92f9d21154c 1038 int ret = 0;
wolfSSL 0:d92f9d21154c 1039
wolfSSL 0:d92f9d21154c 1040 if (extensions == NULL || data == NULL)
wolfSSL 0:d92f9d21154c 1041 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1042
wolfSSL 0:d92f9d21154c 1043 if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
wolfSSL 0:d92f9d21154c 1044 return ret;
wolfSSL 0:d92f9d21154c 1045
wolfSSL 0:d92f9d21154c 1046 if (!extension) {
wolfSSL 0:d92f9d21154c 1047 if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni))
wolfSSL 0:d92f9d21154c 1048 != 0) {
wolfSSL 0:d92f9d21154c 1049 TLSX_SNI_Free(sni);
wolfSSL 0:d92f9d21154c 1050 return ret;
wolfSSL 0:d92f9d21154c 1051 }
wolfSSL 0:d92f9d21154c 1052 }
wolfSSL 0:d92f9d21154c 1053 else {
wolfSSL 0:d92f9d21154c 1054 /* push new SNI object to extension data. */
wolfSSL 0:d92f9d21154c 1055 sni->next = (SNI*)extension->data;
wolfSSL 0:d92f9d21154c 1056 extension->data = (void*)sni;
wolfSSL 0:d92f9d21154c 1057
wolfSSL 0:d92f9d21154c 1058 /* look for another server name of the same type to remove */
wolfSSL 0:d92f9d21154c 1059 do {
wolfSSL 0:d92f9d21154c 1060 if (sni->next && sni->next->type == type) {
wolfSSL 0:d92f9d21154c 1061 SNI *next = sni->next;
wolfSSL 0:d92f9d21154c 1062
wolfSSL 0:d92f9d21154c 1063 sni->next = next->next;
wolfSSL 0:d92f9d21154c 1064 TLSX_SNI_Free(next);
wolfSSL 0:d92f9d21154c 1065
wolfSSL 0:d92f9d21154c 1066 break;
wolfSSL 0:d92f9d21154c 1067 }
wolfSSL 0:d92f9d21154c 1068 } while ((sni = sni->next));
wolfSSL 0:d92f9d21154c 1069 }
wolfSSL 0:d92f9d21154c 1070
wolfSSL 0:d92f9d21154c 1071 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1072 }
wolfSSL 0:d92f9d21154c 1073
wolfSSL 0:d92f9d21154c 1074 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1075 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL 0:d92f9d21154c 1076 {
wolfSSL 0:d92f9d21154c 1077 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 1078 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:d92f9d21154c 1079
wolfSSL 0:d92f9d21154c 1080 if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
wolfSSL 0:d92f9d21154c 1081 switch (sni->type) {
wolfSSL 0:d92f9d21154c 1082 case WOLFSSL_SNI_HOST_NAME:
wolfSSL 0:d92f9d21154c 1083 *data = sni->data.host_name;
wolfSSL 0:d92f9d21154c 1084 return XSTRLEN(*data);
wolfSSL 0:d92f9d21154c 1085 }
wolfSSL 0:d92f9d21154c 1086 }
wolfSSL 0:d92f9d21154c 1087
wolfSSL 0:d92f9d21154c 1088 return 0;
wolfSSL 0:d92f9d21154c 1089 }
wolfSSL 0:d92f9d21154c 1090
wolfSSL 0:d92f9d21154c 1091 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL 0:d92f9d21154c 1092 {
wolfSSL 0:d92f9d21154c 1093 TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL 0:d92f9d21154c 1094 SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL 0:d92f9d21154c 1095
wolfSSL 0:d92f9d21154c 1096 if (sni)
wolfSSL 0:d92f9d21154c 1097 sni->options = options;
wolfSSL 0:d92f9d21154c 1098 }
wolfSSL 0:d92f9d21154c 1099
wolfSSL 0:d92f9d21154c 1100 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 0:d92f9d21154c 1101 byte type, byte* sni, word32* inOutSz)
wolfSSL 0:d92f9d21154c 1102 {
wolfSSL 0:d92f9d21154c 1103 word32 offset = 0;
wolfSSL 0:d92f9d21154c 1104 word32 len32 = 0;
wolfSSL 0:d92f9d21154c 1105 word16 len16 = 0;
wolfSSL 0:d92f9d21154c 1106
wolfSSL 0:d92f9d21154c 1107 if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL 0:d92f9d21154c 1108 return INCOMPLETE_DATA;
wolfSSL 0:d92f9d21154c 1109
wolfSSL 0:d92f9d21154c 1110 /* TLS record header */
wolfSSL 0:d92f9d21154c 1111 if ((enum ContentType) clientHello[offset++] != handshake)
wolfSSL 0:d92f9d21154c 1112 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1113
wolfSSL 0:d92f9d21154c 1114 if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL 0:d92f9d21154c 1115 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1116
wolfSSL 0:d92f9d21154c 1117 if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL 0:d92f9d21154c 1118 return SNI_UNSUPPORTED;
wolfSSL 0:d92f9d21154c 1119
wolfSSL 0:d92f9d21154c 1120 ato16(clientHello + offset, &len16);
wolfSSL 0:d92f9d21154c 1121 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1122
wolfSSL 0:d92f9d21154c 1123 if (offset + len16 > helloSz)
wolfSSL 0:d92f9d21154c 1124 return INCOMPLETE_DATA;
wolfSSL 0:d92f9d21154c 1125
wolfSSL 0:d92f9d21154c 1126 /* Handshake header */
wolfSSL 0:d92f9d21154c 1127 if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL 0:d92f9d21154c 1128 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1129
wolfSSL 0:d92f9d21154c 1130 c24to32(clientHello + offset + 1, &len32);
wolfSSL 0:d92f9d21154c 1131 offset += HANDSHAKE_HEADER_SZ;
wolfSSL 0:d92f9d21154c 1132
wolfSSL 0:d92f9d21154c 1133 if (offset + len32 > helloSz)
wolfSSL 0:d92f9d21154c 1134 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1135
wolfSSL 0:d92f9d21154c 1136 /* client hello */
wolfSSL 0:d92f9d21154c 1137 offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL 0:d92f9d21154c 1138
wolfSSL 0:d92f9d21154c 1139 if (helloSz < offset + clientHello[offset])
wolfSSL 0:d92f9d21154c 1140 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1141
wolfSSL 0:d92f9d21154c 1142 offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL 0:d92f9d21154c 1143
wolfSSL 0:d92f9d21154c 1144 /* cypher suites */
wolfSSL 0:d92f9d21154c 1145 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 1146 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1147
wolfSSL 0:d92f9d21154c 1148 ato16(clientHello + offset, &len16);
wolfSSL 0:d92f9d21154c 1149 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1150
wolfSSL 0:d92f9d21154c 1151 if (helloSz < offset + len16)
wolfSSL 0:d92f9d21154c 1152 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1153
wolfSSL 0:d92f9d21154c 1154 offset += len16; /* skip cypher suites */
wolfSSL 0:d92f9d21154c 1155
wolfSSL 0:d92f9d21154c 1156 /* compression methods */
wolfSSL 0:d92f9d21154c 1157 if (helloSz < offset + 1)
wolfSSL 0:d92f9d21154c 1158 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1159
wolfSSL 0:d92f9d21154c 1160 if (helloSz < offset + clientHello[offset])
wolfSSL 0:d92f9d21154c 1161 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1162
wolfSSL 0:d92f9d21154c 1163 offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL 0:d92f9d21154c 1164
wolfSSL 0:d92f9d21154c 1165 /* extensions */
wolfSSL 0:d92f9d21154c 1166 if (helloSz < offset + OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 1167 return 0; /* no extensions in client hello. */
wolfSSL 0:d92f9d21154c 1168
wolfSSL 0:d92f9d21154c 1169 ato16(clientHello + offset, &len16);
wolfSSL 0:d92f9d21154c 1170 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1171
wolfSSL 0:d92f9d21154c 1172 if (helloSz < offset + len16)
wolfSSL 0:d92f9d21154c 1173 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1174
wolfSSL 0:d92f9d21154c 1175 while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 0:d92f9d21154c 1176 word16 extType;
wolfSSL 0:d92f9d21154c 1177 word16 extLen;
wolfSSL 0:d92f9d21154c 1178
wolfSSL 0:d92f9d21154c 1179 ato16(clientHello + offset, &extType);
wolfSSL 0:d92f9d21154c 1180 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1181
wolfSSL 0:d92f9d21154c 1182 ato16(clientHello + offset, &extLen);
wolfSSL 0:d92f9d21154c 1183 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1184
wolfSSL 0:d92f9d21154c 1185 if (helloSz < offset + extLen)
wolfSSL 0:d92f9d21154c 1186 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1187
wolfSSL 0:d92f9d21154c 1188 if (extType != SERVER_NAME_INDICATION) {
wolfSSL 0:d92f9d21154c 1189 offset += extLen; /* skip extension */
wolfSSL 0:d92f9d21154c 1190 } else {
wolfSSL 0:d92f9d21154c 1191 word16 listLen;
wolfSSL 0:d92f9d21154c 1192
wolfSSL 0:d92f9d21154c 1193 ato16(clientHello + offset, &listLen);
wolfSSL 0:d92f9d21154c 1194 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1195
wolfSSL 0:d92f9d21154c 1196 if (helloSz < offset + listLen)
wolfSSL 0:d92f9d21154c 1197 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1198
wolfSSL 0:d92f9d21154c 1199 while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL 0:d92f9d21154c 1200 byte sniType = clientHello[offset++];
wolfSSL 0:d92f9d21154c 1201 word16 sniLen;
wolfSSL 0:d92f9d21154c 1202
wolfSSL 0:d92f9d21154c 1203 ato16(clientHello + offset, &sniLen);
wolfSSL 0:d92f9d21154c 1204 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1205
wolfSSL 0:d92f9d21154c 1206 if (helloSz < offset + sniLen)
wolfSSL 0:d92f9d21154c 1207 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1208
wolfSSL 0:d92f9d21154c 1209 if (sniType != type) {
wolfSSL 0:d92f9d21154c 1210 offset += sniLen;
wolfSSL 0:d92f9d21154c 1211 listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL 0:d92f9d21154c 1212 continue;
wolfSSL 0:d92f9d21154c 1213 }
wolfSSL 0:d92f9d21154c 1214
wolfSSL 0:d92f9d21154c 1215 *inOutSz = min(sniLen, *inOutSz);
wolfSSL 0:d92f9d21154c 1216 XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL 0:d92f9d21154c 1217
wolfSSL 0:d92f9d21154c 1218 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1219 }
wolfSSL 0:d92f9d21154c 1220 }
wolfSSL 0:d92f9d21154c 1221
wolfSSL 0:d92f9d21154c 1222 len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL 0:d92f9d21154c 1223 }
wolfSSL 0:d92f9d21154c 1224
wolfSSL 0:d92f9d21154c 1225 return len16 ? BUFFER_ERROR : 0;
wolfSSL 0:d92f9d21154c 1226 }
wolfSSL 0:d92f9d21154c 1227
wolfSSL 0:d92f9d21154c 1228 #endif
wolfSSL 0:d92f9d21154c 1229
wolfSSL 0:d92f9d21154c 1230 #define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL 0:d92f9d21154c 1231 #define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL 0:d92f9d21154c 1232 #define SNI_WRITE TLSX_SNI_Write
wolfSSL 0:d92f9d21154c 1233 #define SNI_PARSE TLSX_SNI_Parse
wolfSSL 0:d92f9d21154c 1234
wolfSSL 0:d92f9d21154c 1235 #else
wolfSSL 0:d92f9d21154c 1236
wolfSSL 0:d92f9d21154c 1237 #define SNI_FREE_ALL(list)
wolfSSL 0:d92f9d21154c 1238 #define SNI_GET_SIZE(list) 0
wolfSSL 0:d92f9d21154c 1239 #define SNI_WRITE(a, b) 0
wolfSSL 0:d92f9d21154c 1240 #define SNI_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1241
wolfSSL 0:d92f9d21154c 1242 #endif /* HAVE_SNI */
wolfSSL 0:d92f9d21154c 1243
wolfSSL 0:d92f9d21154c 1244 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:d92f9d21154c 1245
wolfSSL 0:d92f9d21154c 1246 static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL 0:d92f9d21154c 1247 {
wolfSSL 0:d92f9d21154c 1248 output[0] = data[0];
wolfSSL 0:d92f9d21154c 1249
wolfSSL 0:d92f9d21154c 1250 return ENUM_LEN;
wolfSSL 0:d92f9d21154c 1251 }
wolfSSL 0:d92f9d21154c 1252
wolfSSL 0:d92f9d21154c 1253 static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 0:d92f9d21154c 1254 byte isRequest)
wolfSSL 0:d92f9d21154c 1255 {
wolfSSL 0:d92f9d21154c 1256 if (length != ENUM_LEN)
wolfSSL 0:d92f9d21154c 1257 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1258
wolfSSL 0:d92f9d21154c 1259 switch (*input) {
wolfSSL 0:d92f9d21154c 1260 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 0:d92f9d21154c 1261 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 0:d92f9d21154c 1262 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 0:d92f9d21154c 1263 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 0:d92f9d21154c 1264 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 0:d92f9d21154c 1265
wolfSSL 0:d92f9d21154c 1266 default:
wolfSSL 0:d92f9d21154c 1267 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 0:d92f9d21154c 1268
wolfSSL 0:d92f9d21154c 1269 return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL 0:d92f9d21154c 1270 }
wolfSSL 0:d92f9d21154c 1271
wolfSSL 0:d92f9d21154c 1272 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1273 if (isRequest) {
wolfSSL 0:d92f9d21154c 1274 int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
wolfSSL 0:d92f9d21154c 1275
wolfSSL 0:d92f9d21154c 1276 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:d92f9d21154c 1277
wolfSSL 0:d92f9d21154c 1278 TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
wolfSSL 0:d92f9d21154c 1279 }
wolfSSL 0:d92f9d21154c 1280 #endif
wolfSSL 0:d92f9d21154c 1281
wolfSSL 0:d92f9d21154c 1282 return 0;
wolfSSL 0:d92f9d21154c 1283 }
wolfSSL 0:d92f9d21154c 1284
wolfSSL 0:d92f9d21154c 1285 int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
wolfSSL 0:d92f9d21154c 1286 {
wolfSSL 0:d92f9d21154c 1287 byte* data = NULL;
wolfSSL 0:d92f9d21154c 1288 int ret = 0;
wolfSSL 0:d92f9d21154c 1289
wolfSSL 0:d92f9d21154c 1290 if (extensions == NULL)
wolfSSL 0:d92f9d21154c 1291 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1292
wolfSSL 0:d92f9d21154c 1293 if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
wolfSSL 0:d92f9d21154c 1294 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1295
wolfSSL 0:d92f9d21154c 1296 if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:d92f9d21154c 1297 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1298
wolfSSL 0:d92f9d21154c 1299 data[0] = mfl;
wolfSSL 0:d92f9d21154c 1300
wolfSSL 0:d92f9d21154c 1301 /* push new MFL extension. */
wolfSSL 0:d92f9d21154c 1302 if ((ret = TLSX_Push(extensions, MAX_FRAGMENT_LENGTH, data)) != 0) {
wolfSSL 0:d92f9d21154c 1303 XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1304 return ret;
wolfSSL 0:d92f9d21154c 1305 }
wolfSSL 0:d92f9d21154c 1306
wolfSSL 0:d92f9d21154c 1307 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1308 }
wolfSSL 0:d92f9d21154c 1309
wolfSSL 0:d92f9d21154c 1310
wolfSSL 0:d92f9d21154c 1311 #define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
wolfSSL 0:d92f9d21154c 1312 #define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL 0:d92f9d21154c 1313 #define MFL_WRITE TLSX_MFL_Write
wolfSSL 0:d92f9d21154c 1314 #define MFL_PARSE TLSX_MFL_Parse
wolfSSL 0:d92f9d21154c 1315
wolfSSL 0:d92f9d21154c 1316 #else
wolfSSL 0:d92f9d21154c 1317
wolfSSL 0:d92f9d21154c 1318 #define MFL_FREE_ALL(a)
wolfSSL 0:d92f9d21154c 1319 #define MFL_GET_SIZE(a) 0
wolfSSL 0:d92f9d21154c 1320 #define MFL_WRITE(a, b) 0
wolfSSL 0:d92f9d21154c 1321 #define MFL_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1322
wolfSSL 0:d92f9d21154c 1323 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 0:d92f9d21154c 1324
wolfSSL 0:d92f9d21154c 1325 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 0:d92f9d21154c 1326
wolfSSL 0:d92f9d21154c 1327 static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 0:d92f9d21154c 1328 byte isRequest)
wolfSSL 0:d92f9d21154c 1329 {
wolfSSL 0:d92f9d21154c 1330 if (length != 0 || input == NULL)
wolfSSL 0:d92f9d21154c 1331 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1332
wolfSSL 0:d92f9d21154c 1333 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1334 if (isRequest) {
wolfSSL 0:d92f9d21154c 1335 int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL 0:d92f9d21154c 1336
wolfSSL 0:d92f9d21154c 1337 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:d92f9d21154c 1338
wolfSSL 0:d92f9d21154c 1339 TLSX_SetResponse(ssl, TRUNCATED_HMAC);
wolfSSL 0:d92f9d21154c 1340 }
wolfSSL 0:d92f9d21154c 1341 #endif
wolfSSL 0:d92f9d21154c 1342
wolfSSL 0:d92f9d21154c 1343 ssl->truncated_hmac = 1;
wolfSSL 0:d92f9d21154c 1344
wolfSSL 0:d92f9d21154c 1345 return 0;
wolfSSL 0:d92f9d21154c 1346 }
wolfSSL 0:d92f9d21154c 1347
wolfSSL 0:d92f9d21154c 1348 int TLSX_UseTruncatedHMAC(TLSX** extensions)
wolfSSL 0:d92f9d21154c 1349 {
wolfSSL 0:d92f9d21154c 1350 int ret = 0;
wolfSSL 0:d92f9d21154c 1351
wolfSSL 0:d92f9d21154c 1352 if (extensions == NULL)
wolfSSL 0:d92f9d21154c 1353 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1354
wolfSSL 0:d92f9d21154c 1355 if ((ret = TLSX_Push(extensions, TRUNCATED_HMAC, NULL)) != 0)
wolfSSL 0:d92f9d21154c 1356 return ret;
wolfSSL 0:d92f9d21154c 1357
wolfSSL 0:d92f9d21154c 1358 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1359 }
wolfSSL 0:d92f9d21154c 1360
wolfSSL 0:d92f9d21154c 1361 #define THM_PARSE TLSX_THM_Parse
wolfSSL 0:d92f9d21154c 1362
wolfSSL 0:d92f9d21154c 1363 #else
wolfSSL 0:d92f9d21154c 1364
wolfSSL 0:d92f9d21154c 1365 #define THM_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1366
wolfSSL 0:d92f9d21154c 1367 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 0:d92f9d21154c 1368
wolfSSL 0:d92f9d21154c 1369 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 0:d92f9d21154c 1370
wolfSSL 0:d92f9d21154c 1371 #ifndef HAVE_ECC
wolfSSL 0:d92f9d21154c 1372 #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL 0:d92f9d21154c 1373 Use --enable-ecc in the configure script or define HAVE_ECC.
wolfSSL 0:d92f9d21154c 1374 #endif
wolfSSL 0:d92f9d21154c 1375
wolfSSL 0:d92f9d21154c 1376 static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
wolfSSL 0:d92f9d21154c 1377 {
wolfSSL 0:d92f9d21154c 1378 EllipticCurve* curve;
wolfSSL 0:d92f9d21154c 1379
wolfSSL 0:d92f9d21154c 1380 while ((curve = list)) {
wolfSSL 0:d92f9d21154c 1381 list = curve->next;
wolfSSL 0:d92f9d21154c 1382 XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1383 }
wolfSSL 0:d92f9d21154c 1384 }
wolfSSL 0:d92f9d21154c 1385
wolfSSL 0:d92f9d21154c 1386 static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
wolfSSL 0:d92f9d21154c 1387 {
wolfSSL 0:d92f9d21154c 1388 EllipticCurve* curve;
wolfSSL 0:d92f9d21154c 1389
wolfSSL 0:d92f9d21154c 1390 if (list == NULL)
wolfSSL 0:d92f9d21154c 1391 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1392
wolfSSL 0:d92f9d21154c 1393 if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 0:d92f9d21154c 1394 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1395
wolfSSL 0:d92f9d21154c 1396 curve->name = name;
wolfSSL 0:d92f9d21154c 1397 curve->next = *list;
wolfSSL 0:d92f9d21154c 1398
wolfSSL 0:d92f9d21154c 1399 *list = curve;
wolfSSL 0:d92f9d21154c 1400
wolfSSL 0:d92f9d21154c 1401 return 0;
wolfSSL 0:d92f9d21154c 1402 }
wolfSSL 0:d92f9d21154c 1403
wolfSSL 0:d92f9d21154c 1404 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 1405
wolfSSL 0:d92f9d21154c 1406 static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
wolfSSL 0:d92f9d21154c 1407 {
wolfSSL 0:d92f9d21154c 1408 int i;
wolfSSL 0:d92f9d21154c 1409
wolfSSL 0:d92f9d21154c 1410 for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL 0:d92f9d21154c 1411 if (ssl->suites->suites[i] == ECC_BYTE)
wolfSSL 0:d92f9d21154c 1412 return;
wolfSSL 0:d92f9d21154c 1413
wolfSSL 0:d92f9d21154c 1414 /* No elliptic curve suite found */
wolfSSL 0:d92f9d21154c 1415 TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES));
wolfSSL 0:d92f9d21154c 1416 }
wolfSSL 0:d92f9d21154c 1417
wolfSSL 0:d92f9d21154c 1418 static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL 0:d92f9d21154c 1419 {
wolfSSL 0:d92f9d21154c 1420 EllipticCurve* curve;
wolfSSL 0:d92f9d21154c 1421 word16 length = OPAQUE16_LEN; /* list length */
wolfSSL 0:d92f9d21154c 1422
wolfSSL 0:d92f9d21154c 1423 while ((curve = list)) {
wolfSSL 0:d92f9d21154c 1424 list = curve->next;
wolfSSL 0:d92f9d21154c 1425 length += OPAQUE16_LEN; /* curve length */
wolfSSL 0:d92f9d21154c 1426 }
wolfSSL 0:d92f9d21154c 1427
wolfSSL 0:d92f9d21154c 1428 return length;
wolfSSL 0:d92f9d21154c 1429 }
wolfSSL 0:d92f9d21154c 1430
wolfSSL 0:d92f9d21154c 1431 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL 0:d92f9d21154c 1432 static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL 0:d92f9d21154c 1433 {
wolfSSL 0:d92f9d21154c 1434 word16 offset = 0;
wolfSSL 0:d92f9d21154c 1435
wolfSSL 0:d92f9d21154c 1436 if (!curve)
wolfSSL 0:d92f9d21154c 1437 return offset;
wolfSSL 0:d92f9d21154c 1438
wolfSSL 0:d92f9d21154c 1439 offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL 0:d92f9d21154c 1440 c16toa(curve->name, output + offset);
wolfSSL 0:d92f9d21154c 1441
wolfSSL 0:d92f9d21154c 1442 return OPAQUE16_LEN + offset;
wolfSSL 0:d92f9d21154c 1443 }
wolfSSL 0:d92f9d21154c 1444
wolfSSL 0:d92f9d21154c 1445 static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL 0:d92f9d21154c 1446 {
wolfSSL 0:d92f9d21154c 1447 word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL 0:d92f9d21154c 1448
wolfSSL 0:d92f9d21154c 1449 c16toa(length, output); /* writing list length */
wolfSSL 0:d92f9d21154c 1450
wolfSSL 0:d92f9d21154c 1451 return OPAQUE16_LEN + length;
wolfSSL 0:d92f9d21154c 1452 }
wolfSSL 0:d92f9d21154c 1453
wolfSSL 0:d92f9d21154c 1454 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 1455 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1456
wolfSSL 0:d92f9d21154c 1457 static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 0:d92f9d21154c 1458 byte isRequest)
wolfSSL 0:d92f9d21154c 1459 {
wolfSSL 0:d92f9d21154c 1460 word16 offset;
wolfSSL 0:d92f9d21154c 1461 word16 name;
wolfSSL 0:d92f9d21154c 1462 int r;
wolfSSL 0:d92f9d21154c 1463
wolfSSL 0:d92f9d21154c 1464 (void) isRequest; /* shut up compiler! */
wolfSSL 0:d92f9d21154c 1465
wolfSSL 0:d92f9d21154c 1466 if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 1467 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1468
wolfSSL 0:d92f9d21154c 1469 ato16(input, &offset);
wolfSSL 0:d92f9d21154c 1470
wolfSSL 0:d92f9d21154c 1471 /* validating curve list length */
wolfSSL 0:d92f9d21154c 1472 if (length != OPAQUE16_LEN + offset)
wolfSSL 0:d92f9d21154c 1473 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1474
wolfSSL 0:d92f9d21154c 1475 while (offset) {
wolfSSL 0:d92f9d21154c 1476 ato16(input + offset, &name);
wolfSSL 0:d92f9d21154c 1477 offset -= OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 1478
wolfSSL 0:d92f9d21154c 1479 r = TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL 0:d92f9d21154c 1480
wolfSSL 0:d92f9d21154c 1481 if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL 0:d92f9d21154c 1482 }
wolfSSL 0:d92f9d21154c 1483
wolfSSL 0:d92f9d21154c 1484 return 0;
wolfSSL 0:d92f9d21154c 1485 }
wolfSSL 0:d92f9d21154c 1486
wolfSSL 0:d92f9d21154c 1487 int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
wolfSSL 0:d92f9d21154c 1488 TLSX* extension = (first == ECC_BYTE)
wolfSSL 0:d92f9d21154c 1489 ? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
wolfSSL 0:d92f9d21154c 1490 : NULL;
wolfSSL 0:d92f9d21154c 1491 EllipticCurve* curve = NULL;
wolfSSL 0:d92f9d21154c 1492 word32 oid = 0;
wolfSSL 0:d92f9d21154c 1493 word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
wolfSSL 0:d92f9d21154c 1494 int sig = 0; /* valitade signature */
wolfSSL 0:d92f9d21154c 1495 int key = 0; /* validate key */
wolfSSL 0:d92f9d21154c 1496
wolfSSL 0:d92f9d21154c 1497 (void)oid;
wolfSSL 0:d92f9d21154c 1498 (void)octets;
wolfSSL 0:d92f9d21154c 1499
wolfSSL 0:d92f9d21154c 1500 if (!extension)
wolfSSL 0:d92f9d21154c 1501 return 1; /* no suite restriction */
wolfSSL 0:d92f9d21154c 1502
wolfSSL 0:d92f9d21154c 1503 for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
wolfSSL 0:d92f9d21154c 1504
wolfSSL 0:d92f9d21154c 1505 switch (curve->name) {
wolfSSL 0:d92f9d21154c 1506 #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC160)
wolfSSL 0:d92f9d21154c 1507 case WOLFSSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
wolfSSL 0:d92f9d21154c 1508 #endif
wolfSSL 0:d92f9d21154c 1509 #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC192)
wolfSSL 0:d92f9d21154c 1510 case WOLFSSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
wolfSSL 0:d92f9d21154c 1511 #endif
wolfSSL 0:d92f9d21154c 1512 #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC224)
wolfSSL 0:d92f9d21154c 1513 case WOLFSSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
wolfSSL 0:d92f9d21154c 1514 #endif
wolfSSL 0:d92f9d21154c 1515 #if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
wolfSSL 0:d92f9d21154c 1516 case WOLFSSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
wolfSSL 0:d92f9d21154c 1517 #endif
wolfSSL 0:d92f9d21154c 1518 #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC384)
wolfSSL 0:d92f9d21154c 1519 case WOLFSSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
wolfSSL 0:d92f9d21154c 1520 #endif
wolfSSL 0:d92f9d21154c 1521 #if defined(HAVE_ALL_CURVES) || defined(HAVE_ECC521)
wolfSSL 0:d92f9d21154c 1522 case WOLFSSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
wolfSSL 0:d92f9d21154c 1523 #endif
wolfSSL 0:d92f9d21154c 1524 default: continue; /* unsupported curve */
wolfSSL 0:d92f9d21154c 1525 }
wolfSSL 0:d92f9d21154c 1526
wolfSSL 0:d92f9d21154c 1527 switch (second) {
wolfSSL 0:d92f9d21154c 1528 #ifndef NO_DSA
wolfSSL 0:d92f9d21154c 1529 /* ECDHE_ECDSA */
wolfSSL 0:d92f9d21154c 1530 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:d92f9d21154c 1531 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:d92f9d21154c 1532 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL 0:d92f9d21154c 1533 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:d92f9d21154c 1534 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:d92f9d21154c 1535 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:d92f9d21154c 1536 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:d92f9d21154c 1537 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:d92f9d21154c 1538 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 0:d92f9d21154c 1539 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL 0:d92f9d21154c 1540 sig |= ssl->pkCurveOID == oid;
wolfSSL 0:d92f9d21154c 1541 key |= ssl->eccTempKeySz == octets;
wolfSSL 0:d92f9d21154c 1542 break;
wolfSSL 0:d92f9d21154c 1543
wolfSSL 0:d92f9d21154c 1544 /* ECDH_ECDSA */
wolfSSL 0:d92f9d21154c 1545 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:d92f9d21154c 1546 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:d92f9d21154c 1547 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL 0:d92f9d21154c 1548 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:d92f9d21154c 1549 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:d92f9d21154c 1550 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:d92f9d21154c 1551 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:d92f9d21154c 1552 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:d92f9d21154c 1553 sig |= ssl->pkCurveOID == oid;
wolfSSL 0:d92f9d21154c 1554 key |= ssl->pkCurveOID == oid;
wolfSSL 0:d92f9d21154c 1555 break;
wolfSSL 0:d92f9d21154c 1556 #endif
wolfSSL 0:d92f9d21154c 1557 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 1558 /* ECDHE_RSA */
wolfSSL 0:d92f9d21154c 1559 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:d92f9d21154c 1560 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:d92f9d21154c 1561 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL 0:d92f9d21154c 1562 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:d92f9d21154c 1563 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:d92f9d21154c 1564 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:d92f9d21154c 1565 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:d92f9d21154c 1566 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:d92f9d21154c 1567 sig = 1;
wolfSSL 0:d92f9d21154c 1568 key |= ssl->eccTempKeySz == octets;
wolfSSL 0:d92f9d21154c 1569 break;
wolfSSL 0:d92f9d21154c 1570
wolfSSL 0:d92f9d21154c 1571 /* ECDH_RSA */
wolfSSL 0:d92f9d21154c 1572 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL 0:d92f9d21154c 1573 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL 0:d92f9d21154c 1574 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL 0:d92f9d21154c 1575 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 0:d92f9d21154c 1576 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL 0:d92f9d21154c 1577 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL 0:d92f9d21154c 1578 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL 0:d92f9d21154c 1579 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL 0:d92f9d21154c 1580 sig = 1;
wolfSSL 0:d92f9d21154c 1581 key |= ssl->pkCurveOID == oid;
wolfSSL 0:d92f9d21154c 1582 break;
wolfSSL 0:d92f9d21154c 1583 #endif
wolfSSL 0:d92f9d21154c 1584 default:
wolfSSL 0:d92f9d21154c 1585 sig = 1;
wolfSSL 0:d92f9d21154c 1586 key = 1;
wolfSSL 0:d92f9d21154c 1587 break;
wolfSSL 0:d92f9d21154c 1588 }
wolfSSL 0:d92f9d21154c 1589 }
wolfSSL 0:d92f9d21154c 1590
wolfSSL 0:d92f9d21154c 1591 return sig && key;
wolfSSL 0:d92f9d21154c 1592 }
wolfSSL 0:d92f9d21154c 1593
wolfSSL 0:d92f9d21154c 1594 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 1595
wolfSSL 0:d92f9d21154c 1596 int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
wolfSSL 0:d92f9d21154c 1597 {
wolfSSL 0:d92f9d21154c 1598 TLSX* extension = TLSX_Find(*extensions, ELLIPTIC_CURVES);
wolfSSL 0:d92f9d21154c 1599 EllipticCurve* curve = NULL;
wolfSSL 0:d92f9d21154c 1600 int ret = 0;
wolfSSL 0:d92f9d21154c 1601
wolfSSL 0:d92f9d21154c 1602 if (extensions == NULL)
wolfSSL 0:d92f9d21154c 1603 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1604
wolfSSL 0:d92f9d21154c 1605 if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
wolfSSL 0:d92f9d21154c 1606 return ret;
wolfSSL 0:d92f9d21154c 1607
wolfSSL 0:d92f9d21154c 1608 if (!extension) {
wolfSSL 0:d92f9d21154c 1609 if ((ret = TLSX_Push(extensions, ELLIPTIC_CURVES, curve)) != 0) {
wolfSSL 0:d92f9d21154c 1610 XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1611 return ret;
wolfSSL 0:d92f9d21154c 1612 }
wolfSSL 0:d92f9d21154c 1613 }
wolfSSL 0:d92f9d21154c 1614 else {
wolfSSL 0:d92f9d21154c 1615 /* push new EllipticCurve object to extension data. */
wolfSSL 0:d92f9d21154c 1616 curve->next = (EllipticCurve*)extension->data;
wolfSSL 0:d92f9d21154c 1617 extension->data = (void*)curve;
wolfSSL 0:d92f9d21154c 1618
wolfSSL 0:d92f9d21154c 1619 /* look for another curve of the same name to remove (replacement) */
wolfSSL 0:d92f9d21154c 1620 do {
wolfSSL 0:d92f9d21154c 1621 if (curve->next && curve->next->name == name) {
wolfSSL 0:d92f9d21154c 1622 EllipticCurve *next = curve->next;
wolfSSL 0:d92f9d21154c 1623
wolfSSL 0:d92f9d21154c 1624 curve->next = next->next;
wolfSSL 0:d92f9d21154c 1625 XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1626
wolfSSL 0:d92f9d21154c 1627 break;
wolfSSL 0:d92f9d21154c 1628 }
wolfSSL 0:d92f9d21154c 1629 } while ((curve = curve->next));
wolfSSL 0:d92f9d21154c 1630 }
wolfSSL 0:d92f9d21154c 1631
wolfSSL 0:d92f9d21154c 1632 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1633 }
wolfSSL 0:d92f9d21154c 1634
wolfSSL 0:d92f9d21154c 1635 #define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL 0:d92f9d21154c 1636 #define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL 0:d92f9d21154c 1637
wolfSSL 0:d92f9d21154c 1638 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 1639 #define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL 0:d92f9d21154c 1640 #define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL 0:d92f9d21154c 1641 #else
wolfSSL 0:d92f9d21154c 1642 #define EC_GET_SIZE(list) 0
wolfSSL 0:d92f9d21154c 1643 #define EC_WRITE(a, b) 0
wolfSSL 0:d92f9d21154c 1644 #endif
wolfSSL 0:d92f9d21154c 1645
wolfSSL 0:d92f9d21154c 1646 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1647 #define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL 0:d92f9d21154c 1648 #else
wolfSSL 0:d92f9d21154c 1649 #define EC_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1650 #endif
wolfSSL 0:d92f9d21154c 1651
wolfSSL 0:d92f9d21154c 1652 #else
wolfSSL 0:d92f9d21154c 1653
wolfSSL 0:d92f9d21154c 1654 #define EC_FREE_ALL(list)
wolfSSL 0:d92f9d21154c 1655 #define EC_GET_SIZE(list) 0
wolfSSL 0:d92f9d21154c 1656 #define EC_WRITE(a, b) 0
wolfSSL 0:d92f9d21154c 1657 #define EC_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1658 #define EC_VALIDATE_REQUEST(a, b)
wolfSSL 0:d92f9d21154c 1659
wolfSSL 0:d92f9d21154c 1660 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 0:d92f9d21154c 1661
wolfSSL 0:d92f9d21154c 1662 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 0:d92f9d21154c 1663
wolfSSL 0:d92f9d21154c 1664 static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
wolfSSL 0:d92f9d21154c 1665 int isRequest)
wolfSSL 0:d92f9d21154c 1666 {
wolfSSL 0:d92f9d21154c 1667 byte length = OPAQUE8_LEN; /* empty info length */
wolfSSL 0:d92f9d21154c 1668
wolfSSL 0:d92f9d21154c 1669 if (data->enabled) {
wolfSSL 0:d92f9d21154c 1670 /* client sends client_verify_data only */
wolfSSL 0:d92f9d21154c 1671 length += TLS_FINISHED_SZ;
wolfSSL 0:d92f9d21154c 1672
wolfSSL 0:d92f9d21154c 1673 /* server also sends server_verify_data */
wolfSSL 0:d92f9d21154c 1674 if (!isRequest)
wolfSSL 0:d92f9d21154c 1675 length += TLS_FINISHED_SZ;
wolfSSL 0:d92f9d21154c 1676 }
wolfSSL 0:d92f9d21154c 1677
wolfSSL 0:d92f9d21154c 1678 return length;
wolfSSL 0:d92f9d21154c 1679 }
wolfSSL 0:d92f9d21154c 1680
wolfSSL 0:d92f9d21154c 1681 static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
wolfSSL 0:d92f9d21154c 1682 byte* output, int isRequest)
wolfSSL 0:d92f9d21154c 1683 {
wolfSSL 0:d92f9d21154c 1684 word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
wolfSSL 0:d92f9d21154c 1685
wolfSSL 0:d92f9d21154c 1686 if (data->enabled) {
wolfSSL 0:d92f9d21154c 1687 /* client sends client_verify_data only */
wolfSSL 0:d92f9d21154c 1688 XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
wolfSSL 0:d92f9d21154c 1689 offset += TLS_FINISHED_SZ;
wolfSSL 0:d92f9d21154c 1690
wolfSSL 0:d92f9d21154c 1691 /* server also sends server_verify_data */
wolfSSL 0:d92f9d21154c 1692 if (!isRequest) {
wolfSSL 0:d92f9d21154c 1693 XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
wolfSSL 0:d92f9d21154c 1694 offset += TLS_FINISHED_SZ;
wolfSSL 0:d92f9d21154c 1695 }
wolfSSL 0:d92f9d21154c 1696 }
wolfSSL 0:d92f9d21154c 1697
wolfSSL 0:d92f9d21154c 1698 output[0] = offset - 1; /* info length - self */
wolfSSL 0:d92f9d21154c 1699
wolfSSL 0:d92f9d21154c 1700 return offset;
wolfSSL 0:d92f9d21154c 1701 }
wolfSSL 0:d92f9d21154c 1702
wolfSSL 0:d92f9d21154c 1703 static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
wolfSSL 0:d92f9d21154c 1704 word16 length, byte isRequest)
wolfSSL 0:d92f9d21154c 1705 {
wolfSSL 0:d92f9d21154c 1706 int ret = SECURE_RENEGOTIATION_E;
wolfSSL 0:d92f9d21154c 1707
wolfSSL 0:d92f9d21154c 1708 if (length >= OPAQUE8_LEN) {
wolfSSL 0:d92f9d21154c 1709 if (ssl->secure_renegotiation == NULL) {
wolfSSL 0:d92f9d21154c 1710 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1711 if (isRequest && *input == 0) {
wolfSSL 0:d92f9d21154c 1712 ret = 0; /* don't reply, user didn't enable */
wolfSSL 0:d92f9d21154c 1713 }
wolfSSL 0:d92f9d21154c 1714 #endif
wolfSSL 0:d92f9d21154c 1715 }
wolfSSL 0:d92f9d21154c 1716 else if (isRequest) {
wolfSSL 0:d92f9d21154c 1717 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1718 if (*input == TLS_FINISHED_SZ) {
wolfSSL 0:d92f9d21154c 1719 /* TODO compare client_verify_data */
wolfSSL 0:d92f9d21154c 1720 ret = 0;
wolfSSL 0:d92f9d21154c 1721 }
wolfSSL 0:d92f9d21154c 1722 #endif
wolfSSL 0:d92f9d21154c 1723 }
wolfSSL 0:d92f9d21154c 1724 else {
wolfSSL 0:d92f9d21154c 1725 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 1726 if (!ssl->secure_renegotiation->enabled) {
wolfSSL 0:d92f9d21154c 1727 if (*input == 0) {
wolfSSL 0:d92f9d21154c 1728 ssl->secure_renegotiation->enabled = 1;
wolfSSL 0:d92f9d21154c 1729 ret = 0;
wolfSSL 0:d92f9d21154c 1730 }
wolfSSL 0:d92f9d21154c 1731 }
wolfSSL 0:d92f9d21154c 1732 else if (*input == 2 * TLS_FINISHED_SZ) {
wolfSSL 0:d92f9d21154c 1733 /* TODO compare client_verify_data and server_verify_data */
wolfSSL 0:d92f9d21154c 1734 ret = 0;
wolfSSL 0:d92f9d21154c 1735 }
wolfSSL 0:d92f9d21154c 1736 #endif
wolfSSL 0:d92f9d21154c 1737 }
wolfSSL 0:d92f9d21154c 1738 }
wolfSSL 0:d92f9d21154c 1739
wolfSSL 0:d92f9d21154c 1740 if (ret != 0) {
wolfSSL 0:d92f9d21154c 1741 /* TODO: turn on fatal error at ssl level too */
wolfSSL 0:d92f9d21154c 1742 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 0:d92f9d21154c 1743 }
wolfSSL 0:d92f9d21154c 1744
wolfSSL 0:d92f9d21154c 1745 return ret;
wolfSSL 0:d92f9d21154c 1746 }
wolfSSL 0:d92f9d21154c 1747
wolfSSL 0:d92f9d21154c 1748 int TLSX_UseSecureRenegotiation(TLSX** extensions)
wolfSSL 0:d92f9d21154c 1749 {
wolfSSL 0:d92f9d21154c 1750 int ret = 0;
wolfSSL 0:d92f9d21154c 1751 SecureRenegotiation* data = NULL;
wolfSSL 0:d92f9d21154c 1752
wolfSSL 0:d92f9d21154c 1753 data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
wolfSSL 0:d92f9d21154c 1754 DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1755 if (data == NULL)
wolfSSL 0:d92f9d21154c 1756 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1757
wolfSSL 0:d92f9d21154c 1758 XMEMSET(data, 0, sizeof(SecureRenegotiation));
wolfSSL 0:d92f9d21154c 1759
wolfSSL 0:d92f9d21154c 1760 ret = TLSX_Push(extensions, SECURE_RENEGOTIATION, data);
wolfSSL 0:d92f9d21154c 1761 if (ret != 0) {
wolfSSL 0:d92f9d21154c 1762 XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1763 return ret;
wolfSSL 0:d92f9d21154c 1764 }
wolfSSL 0:d92f9d21154c 1765
wolfSSL 0:d92f9d21154c 1766 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1767 }
wolfSSL 0:d92f9d21154c 1768
wolfSSL 0:d92f9d21154c 1769
wolfSSL 0:d92f9d21154c 1770 #define SCR_FREE_ALL(data) XFREE(data, NULL, DYNAMIC_TYPE_TLSX)
wolfSSL 0:d92f9d21154c 1771 #define SCR_GET_SIZE TLSX_SecureRenegotiation_GetSize
wolfSSL 0:d92f9d21154c 1772 #define SCR_WRITE TLSX_SecureRenegotiation_Write
wolfSSL 0:d92f9d21154c 1773 #define SCR_PARSE TLSX_SecureRenegotiation_Parse
wolfSSL 0:d92f9d21154c 1774
wolfSSL 0:d92f9d21154c 1775 #else
wolfSSL 0:d92f9d21154c 1776
wolfSSL 0:d92f9d21154c 1777 #define SCR_FREE_ALL(a)
wolfSSL 0:d92f9d21154c 1778 #define SCR_GET_SIZE(a, b) 0
wolfSSL 0:d92f9d21154c 1779 #define SCR_WRITE(a, b, c) 0
wolfSSL 0:d92f9d21154c 1780 #define SCR_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1781
wolfSSL 0:d92f9d21154c 1782 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 0:d92f9d21154c 1783
wolfSSL 0:d92f9d21154c 1784 #ifdef HAVE_SESSION_TICKET
wolfSSL 0:d92f9d21154c 1785
wolfSSL 0:d92f9d21154c 1786 static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1787 {
wolfSSL 0:d92f9d21154c 1788 TLSX* extension = TLSX_Find(ssl->extensions, SESSION_TICKET);
wolfSSL 0:d92f9d21154c 1789 SessionTicket* ticket = extension ? extension->data : NULL;
wolfSSL 0:d92f9d21154c 1790
wolfSSL 0:d92f9d21154c 1791 if (ticket) {
wolfSSL 0:d92f9d21154c 1792 /* TODO validate ticket timeout here! */
wolfSSL 0:d92f9d21154c 1793 if (ticket->lifetime == 0xfffffff) {
wolfSSL 0:d92f9d21154c 1794 /* send empty ticket on timeout */
wolfSSL 0:d92f9d21154c 1795 TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL 0:d92f9d21154c 1796 }
wolfSSL 0:d92f9d21154c 1797 }
wolfSSL 0:d92f9d21154c 1798 }
wolfSSL 0:d92f9d21154c 1799
wolfSSL 0:d92f9d21154c 1800
wolfSSL 0:d92f9d21154c 1801 static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
wolfSSL 0:d92f9d21154c 1802 {
wolfSSL 0:d92f9d21154c 1803 (void)isRequest;
wolfSSL 0:d92f9d21154c 1804 return ticket ? ticket->size : 0;
wolfSSL 0:d92f9d21154c 1805 }
wolfSSL 0:d92f9d21154c 1806
wolfSSL 0:d92f9d21154c 1807 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
wolfSSL 0:d92f9d21154c 1808 int isRequest)
wolfSSL 0:d92f9d21154c 1809 {
wolfSSL 0:d92f9d21154c 1810 word16 offset = 0; /* empty ticket */
wolfSSL 0:d92f9d21154c 1811
wolfSSL 0:d92f9d21154c 1812 if (isRequest && ticket) {
wolfSSL 0:d92f9d21154c 1813 XMEMCPY(output + offset, ticket->data, ticket->size);
wolfSSL 0:d92f9d21154c 1814 offset += ticket->size;
wolfSSL 0:d92f9d21154c 1815 }
wolfSSL 0:d92f9d21154c 1816
wolfSSL 0:d92f9d21154c 1817 return offset;
wolfSSL 0:d92f9d21154c 1818 }
wolfSSL 0:d92f9d21154c 1819
wolfSSL 0:d92f9d21154c 1820
wolfSSL 0:d92f9d21154c 1821 static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
wolfSSL 0:d92f9d21154c 1822 byte isRequest)
wolfSSL 0:d92f9d21154c 1823 {
wolfSSL 0:d92f9d21154c 1824 int ret = 0;
wolfSSL 0:d92f9d21154c 1825
wolfSSL 0:d92f9d21154c 1826 if (!isRequest) {
wolfSSL 0:d92f9d21154c 1827 /* client side */
wolfSSL 0:d92f9d21154c 1828 if (length != 0)
wolfSSL 0:d92f9d21154c 1829 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 1830
wolfSSL 0:d92f9d21154c 1831 ssl->expect_session_ticket = 1;
wolfSSL 0:d92f9d21154c 1832 }
wolfSSL 0:d92f9d21154c 1833 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 1834 else {
wolfSSL 0:d92f9d21154c 1835 /* server side */
wolfSSL 0:d92f9d21154c 1836 if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL 0:d92f9d21154c 1837 WOLFSSL_MSG("Client sent session ticket, server has no callback");
wolfSSL 0:d92f9d21154c 1838 return 0;
wolfSSL 0:d92f9d21154c 1839 }
wolfSSL 0:d92f9d21154c 1840
wolfSSL 0:d92f9d21154c 1841 if (length == 0) {
wolfSSL 0:d92f9d21154c 1842 /* blank ticket */
wolfSSL 0:d92f9d21154c 1843 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL 0:d92f9d21154c 1844 if (ret == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 1845 ret = 0;
wolfSSL 0:d92f9d21154c 1846 TLSX_SetResponse(ssl, SESSION_TICKET); /* send blank ticket */
wolfSSL 0:d92f9d21154c 1847 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 0:d92f9d21154c 1848 ssl->options.useTicket = 1;
wolfSSL 0:d92f9d21154c 1849 }
wolfSSL 0:d92f9d21154c 1850 } else {
wolfSSL 0:d92f9d21154c 1851 /* got actual ticket from client */
wolfSSL 0:d92f9d21154c 1852 ret = DoClientTicket(ssl, input, length);
wolfSSL 0:d92f9d21154c 1853 if (ret == WOLFSSL_TICKET_RET_OK) { /* use ticket to resume */
wolfSSL 0:d92f9d21154c 1854 WOLFSSL_MSG("Using exisitng client ticket");
wolfSSL 0:d92f9d21154c 1855 ssl->options.useTicket = 1;
wolfSSL 0:d92f9d21154c 1856 ssl->options.resuming = 1;
wolfSSL 0:d92f9d21154c 1857 } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 0:d92f9d21154c 1858 WOLFSSL_MSG("Using existing client ticket, creating new one");
wolfSSL 0:d92f9d21154c 1859 ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL 0:d92f9d21154c 1860 if (ret == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 1861 ret = 0;
wolfSSL 0:d92f9d21154c 1862 TLSX_SetResponse(ssl, SESSION_TICKET);
wolfSSL 0:d92f9d21154c 1863 /* send blank ticket */
wolfSSL 0:d92f9d21154c 1864 ssl->options.createTicket = 1; /* will send ticket msg */
wolfSSL 0:d92f9d21154c 1865 ssl->options.useTicket = 1;
wolfSSL 0:d92f9d21154c 1866 ssl->options.resuming = 1;
wolfSSL 0:d92f9d21154c 1867 }
wolfSSL 0:d92f9d21154c 1868 } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
wolfSSL 0:d92f9d21154c 1869 WOLFSSL_MSG("Process client ticket rejected, not using");
wolfSSL 0:d92f9d21154c 1870 ret = 0; /* not fatal */
wolfSSL 0:d92f9d21154c 1871 } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
wolfSSL 0:d92f9d21154c 1872 WOLFSSL_MSG("Process client ticket fatal error, not using");
wolfSSL 0:d92f9d21154c 1873 }
wolfSSL 0:d92f9d21154c 1874 }
wolfSSL 0:d92f9d21154c 1875 }
wolfSSL 0:d92f9d21154c 1876 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 1877
wolfSSL 0:d92f9d21154c 1878 return ret;
wolfSSL 0:d92f9d21154c 1879 }
wolfSSL 0:d92f9d21154c 1880
wolfSSL 0:d92f9d21154c 1881 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
wolfSSL 0:d92f9d21154c 1882 byte* data, word16 size)
wolfSSL 0:d92f9d21154c 1883 {
wolfSSL 0:d92f9d21154c 1884 SessionTicket* ticket = (SessionTicket*)XMALLOC(sizeof(SessionTicket),
wolfSSL 0:d92f9d21154c 1885 NULL, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1886 if (ticket) {
wolfSSL 0:d92f9d21154c 1887 ticket->data = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1888 if (ticket->data == NULL) {
wolfSSL 0:d92f9d21154c 1889 XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1890 return NULL;
wolfSSL 0:d92f9d21154c 1891 }
wolfSSL 0:d92f9d21154c 1892
wolfSSL 0:d92f9d21154c 1893 XMEMCPY(ticket->data, data, size);
wolfSSL 0:d92f9d21154c 1894 ticket->size = size;
wolfSSL 0:d92f9d21154c 1895 ticket->lifetime = lifetime;
wolfSSL 0:d92f9d21154c 1896 }
wolfSSL 0:d92f9d21154c 1897
wolfSSL 0:d92f9d21154c 1898 return ticket;
wolfSSL 0:d92f9d21154c 1899 }
wolfSSL 0:d92f9d21154c 1900 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket)
wolfSSL 0:d92f9d21154c 1901 {
wolfSSL 0:d92f9d21154c 1902 if (ticket) {
wolfSSL 0:d92f9d21154c 1903 XFREE(ticket->data, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1904 XFREE(ticket, NULL, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1905 }
wolfSSL 0:d92f9d21154c 1906 }
wolfSSL 0:d92f9d21154c 1907
wolfSSL 0:d92f9d21154c 1908 int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
wolfSSL 0:d92f9d21154c 1909 {
wolfSSL 0:d92f9d21154c 1910 int ret = 0;
wolfSSL 0:d92f9d21154c 1911
wolfSSL 0:d92f9d21154c 1912 if (extensions == NULL)
wolfSSL 0:d92f9d21154c 1913 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1914
wolfSSL 0:d92f9d21154c 1915 /* If the ticket is NULL, the client will request a new ticket from the
wolfSSL 0:d92f9d21154c 1916 server. Otherwise, the client will use it in the next client hello. */
wolfSSL 0:d92f9d21154c 1917 if ((ret = TLSX_Push(extensions, SESSION_TICKET, (void*)ticket)) != 0)
wolfSSL 0:d92f9d21154c 1918 return ret;
wolfSSL 0:d92f9d21154c 1919
wolfSSL 0:d92f9d21154c 1920 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1921 }
wolfSSL 0:d92f9d21154c 1922
wolfSSL 0:d92f9d21154c 1923 #define STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest
wolfSSL 0:d92f9d21154c 1924 #define STK_GET_SIZE TLSX_SessionTicket_GetSize
wolfSSL 0:d92f9d21154c 1925 #define STK_WRITE TLSX_SessionTicket_Write
wolfSSL 0:d92f9d21154c 1926 #define STK_PARSE TLSX_SessionTicket_Parse
wolfSSL 0:d92f9d21154c 1927
wolfSSL 0:d92f9d21154c 1928 #else
wolfSSL 0:d92f9d21154c 1929
wolfSSL 0:d92f9d21154c 1930 #define STK_VALIDATE_REQUEST(a)
wolfSSL 0:d92f9d21154c 1931 #define STK_GET_SIZE(a, b) 0
wolfSSL 0:d92f9d21154c 1932 #define STK_WRITE(a, b, c) 0
wolfSSL 0:d92f9d21154c 1933 #define STK_PARSE(a, b, c, d) 0
wolfSSL 0:d92f9d21154c 1934
wolfSSL 0:d92f9d21154c 1935 #endif /* HAVE_SESSION_TICKET */
wolfSSL 0:d92f9d21154c 1936
wolfSSL 0:d92f9d21154c 1937
wolfSSL 0:d92f9d21154c 1938 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL 0:d92f9d21154c 1939 {
wolfSSL 0:d92f9d21154c 1940 TLSX* extension = list;
wolfSSL 0:d92f9d21154c 1941
wolfSSL 0:d92f9d21154c 1942 while (extension && extension->type != type)
wolfSSL 0:d92f9d21154c 1943 extension = extension->next;
wolfSSL 0:d92f9d21154c 1944
wolfSSL 0:d92f9d21154c 1945 return extension;
wolfSSL 0:d92f9d21154c 1946 }
wolfSSL 0:d92f9d21154c 1947
wolfSSL 0:d92f9d21154c 1948 void TLSX_FreeAll(TLSX* list)
wolfSSL 0:d92f9d21154c 1949 {
wolfSSL 0:d92f9d21154c 1950 TLSX* extension;
wolfSSL 0:d92f9d21154c 1951
wolfSSL 0:d92f9d21154c 1952 while ((extension = list)) {
wolfSSL 0:d92f9d21154c 1953 list = extension->next;
wolfSSL 0:d92f9d21154c 1954
wolfSSL 0:d92f9d21154c 1955 switch (extension->type) {
wolfSSL 0:d92f9d21154c 1956 case SERVER_NAME_INDICATION:
wolfSSL 0:d92f9d21154c 1957 SNI_FREE_ALL((SNI*)extension->data);
wolfSSL 0:d92f9d21154c 1958 break;
wolfSSL 0:d92f9d21154c 1959
wolfSSL 0:d92f9d21154c 1960 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:d92f9d21154c 1961 MFL_FREE_ALL(extension->data);
wolfSSL 0:d92f9d21154c 1962 break;
wolfSSL 0:d92f9d21154c 1963
wolfSSL 0:d92f9d21154c 1964 case TRUNCATED_HMAC:
wolfSSL 0:d92f9d21154c 1965 /* Nothing to do. */
wolfSSL 0:d92f9d21154c 1966 break;
wolfSSL 0:d92f9d21154c 1967
wolfSSL 0:d92f9d21154c 1968 case ELLIPTIC_CURVES:
wolfSSL 0:d92f9d21154c 1969 EC_FREE_ALL(extension->data);
wolfSSL 0:d92f9d21154c 1970 break;
wolfSSL 0:d92f9d21154c 1971
wolfSSL 0:d92f9d21154c 1972 case SECURE_RENEGOTIATION:
wolfSSL 0:d92f9d21154c 1973 SCR_FREE_ALL(extension->data);
wolfSSL 0:d92f9d21154c 1974 break;
wolfSSL 0:d92f9d21154c 1975
wolfSSL 0:d92f9d21154c 1976 case SESSION_TICKET:
wolfSSL 0:d92f9d21154c 1977 /* Nothing to do. */
wolfSSL 0:d92f9d21154c 1978 break;
wolfSSL 0:d92f9d21154c 1979 }
wolfSSL 0:d92f9d21154c 1980
wolfSSL 0:d92f9d21154c 1981 XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
wolfSSL 0:d92f9d21154c 1982 }
wolfSSL 0:d92f9d21154c 1983 }
wolfSSL 0:d92f9d21154c 1984
wolfSSL 0:d92f9d21154c 1985 int TLSX_SupportExtensions(WOLFSSL* ssl) {
wolfSSL 0:d92f9d21154c 1986 return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
wolfSSL 0:d92f9d21154c 1987 }
wolfSSL 0:d92f9d21154c 1988
wolfSSL 0:d92f9d21154c 1989 static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL 0:d92f9d21154c 1990 {
wolfSSL 0:d92f9d21154c 1991 TLSX* extension;
wolfSSL 0:d92f9d21154c 1992 word16 length = 0;
wolfSSL 0:d92f9d21154c 1993
wolfSSL 0:d92f9d21154c 1994 while ((extension = list)) {
wolfSSL 0:d92f9d21154c 1995 list = extension->next;
wolfSSL 0:d92f9d21154c 1996
wolfSSL 0:d92f9d21154c 1997 if (!isRequest && !extension->resp)
wolfSSL 0:d92f9d21154c 1998 continue; /* skip! */
wolfSSL 0:d92f9d21154c 1999
wolfSSL 0:d92f9d21154c 2000 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 0:d92f9d21154c 2001 continue; /* skip! */
wolfSSL 0:d92f9d21154c 2002
wolfSSL 0:d92f9d21154c 2003 /* type + data length */
wolfSSL 0:d92f9d21154c 2004 length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 2005
wolfSSL 0:d92f9d21154c 2006 switch (extension->type) {
wolfSSL 0:d92f9d21154c 2007 case SERVER_NAME_INDICATION:
wolfSSL 0:d92f9d21154c 2008 if (isRequest)
wolfSSL 0:d92f9d21154c 2009 length += SNI_GET_SIZE(extension->data);
wolfSSL 0:d92f9d21154c 2010 break;
wolfSSL 0:d92f9d21154c 2011 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:d92f9d21154c 2012 length += MFL_GET_SIZE(extension->data);
wolfSSL 0:d92f9d21154c 2013 break;
wolfSSL 0:d92f9d21154c 2014
wolfSSL 0:d92f9d21154c 2015 case TRUNCATED_HMAC:
wolfSSL 0:d92f9d21154c 2016 /* empty extension. */
wolfSSL 0:d92f9d21154c 2017 break;
wolfSSL 0:d92f9d21154c 2018
wolfSSL 0:d92f9d21154c 2019 case ELLIPTIC_CURVES:
wolfSSL 0:d92f9d21154c 2020 length += EC_GET_SIZE(extension->data);
wolfSSL 0:d92f9d21154c 2021 break;
wolfSSL 0:d92f9d21154c 2022
wolfSSL 0:d92f9d21154c 2023 case SECURE_RENEGOTIATION:
wolfSSL 0:d92f9d21154c 2024 length += SCR_GET_SIZE(extension->data, isRequest);
wolfSSL 0:d92f9d21154c 2025 break;
wolfSSL 0:d92f9d21154c 2026
wolfSSL 0:d92f9d21154c 2027 case SESSION_TICKET:
wolfSSL 0:d92f9d21154c 2028 length += STK_GET_SIZE(extension->data, isRequest);
wolfSSL 0:d92f9d21154c 2029 break;
wolfSSL 0:d92f9d21154c 2030 }
wolfSSL 0:d92f9d21154c 2031
wolfSSL 0:d92f9d21154c 2032 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 0:d92f9d21154c 2033 }
wolfSSL 0:d92f9d21154c 2034
wolfSSL 0:d92f9d21154c 2035 return length;
wolfSSL 0:d92f9d21154c 2036 }
wolfSSL 0:d92f9d21154c 2037
wolfSSL 0:d92f9d21154c 2038 static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL 0:d92f9d21154c 2039 byte isRequest)
wolfSSL 0:d92f9d21154c 2040 {
wolfSSL 0:d92f9d21154c 2041 TLSX* extension;
wolfSSL 0:d92f9d21154c 2042 word16 offset = 0;
wolfSSL 0:d92f9d21154c 2043 word16 length_offset = 0;
wolfSSL 0:d92f9d21154c 2044
wolfSSL 0:d92f9d21154c 2045 while ((extension = list)) {
wolfSSL 0:d92f9d21154c 2046 list = extension->next;
wolfSSL 0:d92f9d21154c 2047
wolfSSL 0:d92f9d21154c 2048 if (!isRequest && !extension->resp)
wolfSSL 0:d92f9d21154c 2049 continue; /* skip! */
wolfSSL 0:d92f9d21154c 2050
wolfSSL 0:d92f9d21154c 2051 if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
wolfSSL 0:d92f9d21154c 2052 continue; /* skip! */
wolfSSL 0:d92f9d21154c 2053
wolfSSL 0:d92f9d21154c 2054 /* extension type */
wolfSSL 0:d92f9d21154c 2055 c16toa(extension->type, output + offset);
wolfSSL 0:d92f9d21154c 2056 offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 2057 length_offset = offset;
wolfSSL 0:d92f9d21154c 2058
wolfSSL 0:d92f9d21154c 2059 /* extension data should be written internally */
wolfSSL 0:d92f9d21154c 2060 switch (extension->type) {
wolfSSL 0:d92f9d21154c 2061 case SERVER_NAME_INDICATION:
wolfSSL 0:d92f9d21154c 2062 if (isRequest)
wolfSSL 0:d92f9d21154c 2063 offset += SNI_WRITE(extension->data, output + offset);
wolfSSL 0:d92f9d21154c 2064 break;
wolfSSL 0:d92f9d21154c 2065
wolfSSL 0:d92f9d21154c 2066 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:d92f9d21154c 2067 offset += MFL_WRITE(extension->data, output + offset);
wolfSSL 0:d92f9d21154c 2068 break;
wolfSSL 0:d92f9d21154c 2069
wolfSSL 0:d92f9d21154c 2070 case TRUNCATED_HMAC:
wolfSSL 0:d92f9d21154c 2071 /* empty extension. */
wolfSSL 0:d92f9d21154c 2072 break;
wolfSSL 0:d92f9d21154c 2073
wolfSSL 0:d92f9d21154c 2074 case ELLIPTIC_CURVES:
wolfSSL 0:d92f9d21154c 2075 offset += EC_WRITE(extension->data, output + offset);
wolfSSL 0:d92f9d21154c 2076 break;
wolfSSL 0:d92f9d21154c 2077
wolfSSL 0:d92f9d21154c 2078 case SECURE_RENEGOTIATION:
wolfSSL 0:d92f9d21154c 2079 offset += SCR_WRITE(extension->data, output + offset,
wolfSSL 0:d92f9d21154c 2080 isRequest);
wolfSSL 0:d92f9d21154c 2081 break;
wolfSSL 0:d92f9d21154c 2082
wolfSSL 0:d92f9d21154c 2083 case SESSION_TICKET:
wolfSSL 0:d92f9d21154c 2084 offset += STK_WRITE(extension->data, output + offset,
wolfSSL 0:d92f9d21154c 2085 isRequest);
wolfSSL 0:d92f9d21154c 2086 break;
wolfSSL 0:d92f9d21154c 2087 }
wolfSSL 0:d92f9d21154c 2088
wolfSSL 0:d92f9d21154c 2089 /* writing extension data length */
wolfSSL 0:d92f9d21154c 2090 c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
wolfSSL 0:d92f9d21154c 2091
wolfSSL 0:d92f9d21154c 2092 TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
wolfSSL 0:d92f9d21154c 2093 }
wolfSSL 0:d92f9d21154c 2094
wolfSSL 0:d92f9d21154c 2095 return offset;
wolfSSL 0:d92f9d21154c 2096 }
wolfSSL 0:d92f9d21154c 2097
wolfSSL 0:d92f9d21154c 2098 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 2099
wolfSSL 0:d92f9d21154c 2100 word16 TLSX_GetRequestSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 2101 {
wolfSSL 0:d92f9d21154c 2102 word16 length = 0;
wolfSSL 0:d92f9d21154c 2103
wolfSSL 0:d92f9d21154c 2104 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 0:d92f9d21154c 2105 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 0:d92f9d21154c 2106
wolfSSL 0:d92f9d21154c 2107 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 0:d92f9d21154c 2108 STK_VALIDATE_REQUEST(ssl);
wolfSSL 0:d92f9d21154c 2109
wolfSSL 0:d92f9d21154c 2110 if (ssl->extensions)
wolfSSL 0:d92f9d21154c 2111 length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL 0:d92f9d21154c 2112
wolfSSL 0:d92f9d21154c 2113 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 0:d92f9d21154c 2114 length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL 0:d92f9d21154c 2115
wolfSSL 0:d92f9d21154c 2116 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 0:d92f9d21154c 2117 length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
wolfSSL 0:d92f9d21154c 2118 }
wolfSSL 0:d92f9d21154c 2119
wolfSSL 0:d92f9d21154c 2120 if (length)
wolfSSL 0:d92f9d21154c 2121 length += OPAQUE16_LEN; /* for total length storage */
wolfSSL 0:d92f9d21154c 2122
wolfSSL 0:d92f9d21154c 2123 return length;
wolfSSL 0:d92f9d21154c 2124 }
wolfSSL 0:d92f9d21154c 2125
wolfSSL 0:d92f9d21154c 2126 word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
wolfSSL 0:d92f9d21154c 2127 {
wolfSSL 0:d92f9d21154c 2128 word16 offset = 0;
wolfSSL 0:d92f9d21154c 2129
wolfSSL 0:d92f9d21154c 2130 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 0:d92f9d21154c 2131 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 0:d92f9d21154c 2132
wolfSSL 0:d92f9d21154c 2133 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 0:d92f9d21154c 2134
wolfSSL 0:d92f9d21154c 2135 EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL 0:d92f9d21154c 2136
wolfSSL 0:d92f9d21154c 2137 if (ssl->extensions)
wolfSSL 0:d92f9d21154c 2138 offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL 0:d92f9d21154c 2139 semaphore, 1);
wolfSSL 0:d92f9d21154c 2140
wolfSSL 0:d92f9d21154c 2141 if (ssl->ctx && ssl->ctx->extensions)
wolfSSL 0:d92f9d21154c 2142 offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL 0:d92f9d21154c 2143 semaphore, 1);
wolfSSL 0:d92f9d21154c 2144
wolfSSL 0:d92f9d21154c 2145 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 0:d92f9d21154c 2146 {
wolfSSL 0:d92f9d21154c 2147 int i;
wolfSSL 0:d92f9d21154c 2148 /* extension type */
wolfSSL 0:d92f9d21154c 2149 c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL 0:d92f9d21154c 2150 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 0:d92f9d21154c 2151
wolfSSL 0:d92f9d21154c 2152 /* extension data length */
wolfSSL 0:d92f9d21154c 2153 c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL 0:d92f9d21154c 2154 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 2155
wolfSSL 0:d92f9d21154c 2156 /* sig algos length */
wolfSSL 0:d92f9d21154c 2157 c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL 0:d92f9d21154c 2158 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 2159
wolfSSL 0:d92f9d21154c 2160 /* sig algos */
wolfSSL 0:d92f9d21154c 2161 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL 0:d92f9d21154c 2162 output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL 0:d92f9d21154c 2163 }
wolfSSL 0:d92f9d21154c 2164
wolfSSL 0:d92f9d21154c 2165 if (offset > OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 2166 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 0:d92f9d21154c 2167 }
wolfSSL 0:d92f9d21154c 2168
wolfSSL 0:d92f9d21154c 2169 return offset;
wolfSSL 0:d92f9d21154c 2170 }
wolfSSL 0:d92f9d21154c 2171
wolfSSL 0:d92f9d21154c 2172 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 2173
wolfSSL 0:d92f9d21154c 2174 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 2175
wolfSSL 0:d92f9d21154c 2176 word16 TLSX_GetResponseSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 2177 {
wolfSSL 0:d92f9d21154c 2178 word16 length = 0;
wolfSSL 0:d92f9d21154c 2179 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 0:d92f9d21154c 2180
wolfSSL 0:d92f9d21154c 2181 if (TLSX_SupportExtensions(ssl))
wolfSSL 0:d92f9d21154c 2182 length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL 0:d92f9d21154c 2183
wolfSSL 0:d92f9d21154c 2184 /* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL 0:d92f9d21154c 2185
wolfSSL 0:d92f9d21154c 2186 if (length)
wolfSSL 0:d92f9d21154c 2187 length += OPAQUE16_LEN; /* for total length storage */
wolfSSL 0:d92f9d21154c 2188
wolfSSL 0:d92f9d21154c 2189 return length;
wolfSSL 0:d92f9d21154c 2190 }
wolfSSL 0:d92f9d21154c 2191
wolfSSL 0:d92f9d21154c 2192 word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
wolfSSL 0:d92f9d21154c 2193 {
wolfSSL 0:d92f9d21154c 2194 word16 offset = 0;
wolfSSL 0:d92f9d21154c 2195
wolfSSL 0:d92f9d21154c 2196 if (TLSX_SupportExtensions(ssl) && output) {
wolfSSL 0:d92f9d21154c 2197 byte semaphore[SEMAPHORE_SIZE] = {0};
wolfSSL 0:d92f9d21154c 2198
wolfSSL 0:d92f9d21154c 2199 offset += OPAQUE16_LEN; /* extensions length */
wolfSSL 0:d92f9d21154c 2200
wolfSSL 0:d92f9d21154c 2201 offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL 0:d92f9d21154c 2202
wolfSSL 0:d92f9d21154c 2203 if (offset > OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 2204 c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL 0:d92f9d21154c 2205 }
wolfSSL 0:d92f9d21154c 2206
wolfSSL 0:d92f9d21154c 2207 return offset;
wolfSSL 0:d92f9d21154c 2208 }
wolfSSL 0:d92f9d21154c 2209
wolfSSL 0:d92f9d21154c 2210 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 2211
wolfSSL 0:d92f9d21154c 2212 int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL 0:d92f9d21154c 2213 Suites *suites)
wolfSSL 0:d92f9d21154c 2214 {
wolfSSL 0:d92f9d21154c 2215 int ret = 0;
wolfSSL 0:d92f9d21154c 2216 word16 offset = 0;
wolfSSL 0:d92f9d21154c 2217
wolfSSL 0:d92f9d21154c 2218 if (!ssl || !input || (isRequest && !suites))
wolfSSL 0:d92f9d21154c 2219 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2220
wolfSSL 0:d92f9d21154c 2221 while (ret == 0 && offset < length) {
wolfSSL 0:d92f9d21154c 2222 word16 type;
wolfSSL 0:d92f9d21154c 2223 word16 size;
wolfSSL 0:d92f9d21154c 2224
wolfSSL 0:d92f9d21154c 2225 if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 2226 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 2227
wolfSSL 0:d92f9d21154c 2228 ato16(input + offset, &type);
wolfSSL 0:d92f9d21154c 2229 offset += HELLO_EXT_TYPE_SZ;
wolfSSL 0:d92f9d21154c 2230
wolfSSL 0:d92f9d21154c 2231 ato16(input + offset, &size);
wolfSSL 0:d92f9d21154c 2232 offset += OPAQUE16_LEN;
wolfSSL 0:d92f9d21154c 2233
wolfSSL 0:d92f9d21154c 2234 if (offset + size > length)
wolfSSL 0:d92f9d21154c 2235 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 2236
wolfSSL 0:d92f9d21154c 2237 switch (type) {
wolfSSL 0:d92f9d21154c 2238 case SERVER_NAME_INDICATION:
wolfSSL 0:d92f9d21154c 2239 WOLFSSL_MSG("SNI extension received");
wolfSSL 0:d92f9d21154c 2240
wolfSSL 0:d92f9d21154c 2241 ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2242 break;
wolfSSL 0:d92f9d21154c 2243
wolfSSL 0:d92f9d21154c 2244 case MAX_FRAGMENT_LENGTH:
wolfSSL 0:d92f9d21154c 2245 WOLFSSL_MSG("Max Fragment Length extension received");
wolfSSL 0:d92f9d21154c 2246
wolfSSL 0:d92f9d21154c 2247 ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2248 break;
wolfSSL 0:d92f9d21154c 2249
wolfSSL 0:d92f9d21154c 2250 case TRUNCATED_HMAC:
wolfSSL 0:d92f9d21154c 2251 WOLFSSL_MSG("Truncated HMAC extension received");
wolfSSL 0:d92f9d21154c 2252
wolfSSL 0:d92f9d21154c 2253 ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2254 break;
wolfSSL 0:d92f9d21154c 2255
wolfSSL 0:d92f9d21154c 2256 case ELLIPTIC_CURVES:
wolfSSL 0:d92f9d21154c 2257 WOLFSSL_MSG("Elliptic Curves extension received");
wolfSSL 0:d92f9d21154c 2258
wolfSSL 0:d92f9d21154c 2259 ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2260 break;
wolfSSL 0:d92f9d21154c 2261
wolfSSL 0:d92f9d21154c 2262 case SECURE_RENEGOTIATION:
wolfSSL 0:d92f9d21154c 2263 WOLFSSL_MSG("Secure Renegotiation extension received");
wolfSSL 0:d92f9d21154c 2264
wolfSSL 0:d92f9d21154c 2265 ret = SCR_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2266 break;
wolfSSL 0:d92f9d21154c 2267
wolfSSL 0:d92f9d21154c 2268 case SESSION_TICKET:
wolfSSL 0:d92f9d21154c 2269 WOLFSSL_MSG("Session Ticket extension received");
wolfSSL 0:d92f9d21154c 2270
wolfSSL 0:d92f9d21154c 2271 ret = STK_PARSE(ssl, input + offset, size, isRequest);
wolfSSL 0:d92f9d21154c 2272 break;
wolfSSL 0:d92f9d21154c 2273
wolfSSL 0:d92f9d21154c 2274 case HELLO_EXT_SIG_ALGO:
wolfSSL 0:d92f9d21154c 2275 if (isRequest) {
wolfSSL 0:d92f9d21154c 2276 /* do not mess with offset inside the switch! */
wolfSSL 0:d92f9d21154c 2277 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:d92f9d21154c 2278 ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL 0:d92f9d21154c 2279
wolfSSL 0:d92f9d21154c 2280 if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL 0:d92f9d21154c 2281 return BUFFER_ERROR;
wolfSSL 0:d92f9d21154c 2282
wolfSSL 0:d92f9d21154c 2283 XMEMCPY(suites->hashSigAlgo,
wolfSSL 0:d92f9d21154c 2284 input + offset + OPAQUE16_LEN,
wolfSSL 0:d92f9d21154c 2285 min(suites->hashSigAlgoSz,
wolfSSL 0:d92f9d21154c 2286 HELLO_EXT_SIGALGO_MAX));
wolfSSL 0:d92f9d21154c 2287 }
wolfSSL 0:d92f9d21154c 2288 } else {
wolfSSL 0:d92f9d21154c 2289 WOLFSSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL 0:d92f9d21154c 2290 }
wolfSSL 0:d92f9d21154c 2291
wolfSSL 0:d92f9d21154c 2292 break;
wolfSSL 0:d92f9d21154c 2293 }
wolfSSL 0:d92f9d21154c 2294
wolfSSL 0:d92f9d21154c 2295 /* offset should be updated here! */
wolfSSL 0:d92f9d21154c 2296 offset += size;
wolfSSL 0:d92f9d21154c 2297 }
wolfSSL 0:d92f9d21154c 2298
wolfSSL 0:d92f9d21154c 2299 return ret;
wolfSSL 0:d92f9d21154c 2300 }
wolfSSL 0:d92f9d21154c 2301
wolfSSL 0:d92f9d21154c 2302 /* undefining semaphore macros */
wolfSSL 0:d92f9d21154c 2303 #undef IS_OFF
wolfSSL 0:d92f9d21154c 2304 #undef TURN_ON
wolfSSL 0:d92f9d21154c 2305 #undef SEMAPHORE_SIZE
wolfSSL 0:d92f9d21154c 2306
wolfSSL 0:d92f9d21154c 2307 #endif
wolfSSL 0:d92f9d21154c 2308
wolfSSL 0:d92f9d21154c 2309
wolfSSL 0:d92f9d21154c 2310 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 2311
wolfSSL 0:d92f9d21154c 2312 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 2313
wolfSSL 0:d92f9d21154c 2314 WOLFSSL_METHOD* wolfTLSv1_client_method(void)
wolfSSL 0:d92f9d21154c 2315 {
wolfSSL 0:d92f9d21154c 2316 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2317 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2318 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2319 if (method)
wolfSSL 0:d92f9d21154c 2320 InitSSL_Method(method, MakeTLSv1());
wolfSSL 0:d92f9d21154c 2321 return method;
wolfSSL 0:d92f9d21154c 2322 }
wolfSSL 0:d92f9d21154c 2323
wolfSSL 0:d92f9d21154c 2324
wolfSSL 0:d92f9d21154c 2325 WOLFSSL_METHOD* wolfTLSv1_1_client_method(void)
wolfSSL 0:d92f9d21154c 2326 {
wolfSSL 0:d92f9d21154c 2327 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2328 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2329 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2330 if (method)
wolfSSL 0:d92f9d21154c 2331 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:d92f9d21154c 2332 return method;
wolfSSL 0:d92f9d21154c 2333 }
wolfSSL 0:d92f9d21154c 2334
wolfSSL 0:d92f9d21154c 2335 #endif /* !NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 2336
wolfSSL 0:d92f9d21154c 2337 #ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL 0:d92f9d21154c 2338
wolfSSL 0:d92f9d21154c 2339 WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
wolfSSL 0:d92f9d21154c 2340 {
wolfSSL 0:d92f9d21154c 2341 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2342 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2343 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2344 if (method)
wolfSSL 0:d92f9d21154c 2345 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:d92f9d21154c 2346 return method;
wolfSSL 0:d92f9d21154c 2347 }
wolfSSL 0:d92f9d21154c 2348
wolfSSL 0:d92f9d21154c 2349 #endif
wolfSSL 0:d92f9d21154c 2350
wolfSSL 0:d92f9d21154c 2351
wolfSSL 0:d92f9d21154c 2352 WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL 0:d92f9d21154c 2353 {
wolfSSL 0:d92f9d21154c 2354 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2355 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2356 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2357 if (method) {
wolfSSL 0:d92f9d21154c 2358 #ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL 0:d92f9d21154c 2359 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:d92f9d21154c 2360 #else
wolfSSL 0:d92f9d21154c 2361 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:d92f9d21154c 2362 #endif
wolfSSL 0:d92f9d21154c 2363 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 2364 method->downgrade = 1;
wolfSSL 0:d92f9d21154c 2365 #endif
wolfSSL 0:d92f9d21154c 2366 }
wolfSSL 0:d92f9d21154c 2367 return method;
wolfSSL 0:d92f9d21154c 2368 }
wolfSSL 0:d92f9d21154c 2369
wolfSSL 0:d92f9d21154c 2370
wolfSSL 0:d92f9d21154c 2371 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 2372
wolfSSL 0:d92f9d21154c 2373
wolfSSL 0:d92f9d21154c 2374
wolfSSL 0:d92f9d21154c 2375 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 2376
wolfSSL 0:d92f9d21154c 2377 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 2378
wolfSSL 0:d92f9d21154c 2379 WOLFSSL_METHOD* wolfTLSv1_server_method(void)
wolfSSL 0:d92f9d21154c 2380 {
wolfSSL 0:d92f9d21154c 2381 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2382 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2383 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2384 if (method) {
wolfSSL 0:d92f9d21154c 2385 InitSSL_Method(method, MakeTLSv1());
wolfSSL 0:d92f9d21154c 2386 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 2387 }
wolfSSL 0:d92f9d21154c 2388 return method;
wolfSSL 0:d92f9d21154c 2389 }
wolfSSL 0:d92f9d21154c 2390
wolfSSL 0:d92f9d21154c 2391
wolfSSL 0:d92f9d21154c 2392 WOLFSSL_METHOD* wolfTLSv1_1_server_method(void)
wolfSSL 0:d92f9d21154c 2393 {
wolfSSL 0:d92f9d21154c 2394 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2395 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2396 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2397 if (method) {
wolfSSL 0:d92f9d21154c 2398 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:d92f9d21154c 2399 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 2400 }
wolfSSL 0:d92f9d21154c 2401 return method;
wolfSSL 0:d92f9d21154c 2402 }
wolfSSL 0:d92f9d21154c 2403
wolfSSL 0:d92f9d21154c 2404 #endif /* !NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 2405
wolfSSL 0:d92f9d21154c 2406 #ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL 0:d92f9d21154c 2407
wolfSSL 0:d92f9d21154c 2408 WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
wolfSSL 0:d92f9d21154c 2409 {
wolfSSL 0:d92f9d21154c 2410 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2411 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2412 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2413 if (method) {
wolfSSL 0:d92f9d21154c 2414 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:d92f9d21154c 2415 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 2416 }
wolfSSL 0:d92f9d21154c 2417 return method;
wolfSSL 0:d92f9d21154c 2418 }
wolfSSL 0:d92f9d21154c 2419
wolfSSL 0:d92f9d21154c 2420 #endif
wolfSSL 0:d92f9d21154c 2421
wolfSSL 0:d92f9d21154c 2422
wolfSSL 0:d92f9d21154c 2423 WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL 0:d92f9d21154c 2424 {
wolfSSL 0:d92f9d21154c 2425 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 2426 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 2427 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 2428 if (method) {
wolfSSL 0:d92f9d21154c 2429 #ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL 0:d92f9d21154c 2430 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 0:d92f9d21154c 2431 #else
wolfSSL 0:d92f9d21154c 2432 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 0:d92f9d21154c 2433 #endif
wolfSSL 0:d92f9d21154c 2434 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 2435 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 2436 method->downgrade = 1;
wolfSSL 0:d92f9d21154c 2437 #endif /* !NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 2438 }
wolfSSL 0:d92f9d21154c 2439 return method;
wolfSSL 0:d92f9d21154c 2440 }
wolfSSL 0:d92f9d21154c 2441
wolfSSL 0:d92f9d21154c 2442
wolfSSL 0:d92f9d21154c 2443
wolfSSL 0:d92f9d21154c 2444 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 2445 #endif /* NO_TLS */
wolfSSL 0:d92f9d21154c 2446
wolfSSL 0:d92f9d21154c 2447