wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Diff: wolfssl/internal.h
- Revision:
- 1:e27310ce7654
- Parent:
- 0:d92f9d21154c
--- a/wolfssl/internal.h Fri Jun 26 00:39:20 2015 +0000 +++ b/wolfssl/internal.h Mon Jul 20 08:05:20 2015 +0000 @@ -1,2514 +1,2515 @@ -/* internal.h - * - * Copyright (C) 2006-2015 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as wolfSSL) - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - - -#ifndef WOLFSSL_INT_H -#define WOLFSSL_INT_H - - -#include <wolfssl/wolfcrypt/types.h> -#include <wolfssl/ssl.h> -#ifdef HAVE_CRL - #include <wolfssl/crl.h> -#endif -#include <wolfssl/wolfcrypt/random.h> -#ifndef NO_DES3 - #include <wolfssl/wolfcrypt/des3.h> -#endif -#ifndef NO_HC128 - #include <wolfssl/wolfcrypt/hc128.h> -#endif -#ifndef NO_RABBIT - #include <wolfssl/wolfcrypt/rabbit.h> -#endif -#ifdef HAVE_CHACHA - #include <wolfssl/wolfcrypt/chacha.h> -#endif -#ifndef NO_ASN - #include <wolfssl/wolfcrypt/asn.h> -#endif -#ifndef NO_MD5 - #include <wolfssl/wolfcrypt/md5.h> -#endif -#ifndef NO_SHA - #include <wolfssl/wolfcrypt/sha.h> -#endif -#ifndef NO_AES - #include <wolfssl/wolfcrypt/aes.h> -#endif -#ifdef HAVE_POLY1305 - #include <wolfssl/wolfcrypt/poly1305.h> -#endif -#ifdef HAVE_CAMELLIA - #include <wolfssl/wolfcrypt/camellia.h> -#endif -#include <wolfssl/wolfcrypt/logging.h> -#ifndef NO_HMAC - #include <wolfssl/wolfcrypt/hmac.h> -#endif -#ifndef NO_RC4 - #include <wolfssl/wolfcrypt/arc4.h> -#endif -#ifdef HAVE_ECC - #include <wolfssl/wolfcrypt/ecc.h> -#endif -#ifndef NO_SHA256 - #include <wolfssl/wolfcrypt/sha256.h> -#endif -#ifdef HAVE_OCSP - #include <wolfssl/ocsp.h> -#endif -#ifdef WOLFSSL_SHA512 - #include <wolfssl/wolfcrypt/sha512.h> -#endif - -#ifdef HAVE_AESGCM - #include <wolfssl/wolfcrypt/sha512.h> -#endif - -#ifdef WOLFSSL_RIPEMD - #include <wolfssl/wolfcrypt/ripemd.h> -#endif - -#include <wolfssl/wolfcrypt/hash.h> - -#ifdef WOLFSSL_CALLBACKS - #include <wolfssl/callbacks.h> - #include <signal.h> -#endif - -#ifdef USE_WINDOWS_API - #ifdef WOLFSSL_GAME_BUILD - #include "system/xtl.h" - #else - #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) - /* On WinCE winsock2.h must be included before windows.h */ - #include <winsock2.h> - #endif - #include <windows.h> - #endif -#elif defined(THREADX) - #ifndef SINGLE_THREADED - #include "tx_api.h" - #endif -#elif defined(MICRIUM) - /* do nothing, just don't pick Unix */ -#elif defined(FREERTOS) || defined(WOLFSSL_SAFERTOS) - /* do nothing */ -#elif defined(EBSNET) - /* do nothing */ -#elif defined(FREESCALE_MQX) - /* do nothing */ -#elif defined(WOLFSSL_MDK_ARM) - #if defined(WOLFSSL_MDK5) - #include "cmsis_os.h" - #else - #include <rtl.h> - #endif -#elif defined(MBED) -#elif defined(WOLFSSL_TIRTOS) - /* do nothing */ -#else - #ifndef SINGLE_THREADED - #define WOLFSSL_PTHREADS - #include <pthread.h> - #endif - #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) - #include <unistd.h> /* for close of BIO */ - #endif -#endif - - -#ifdef HAVE_LIBZ - #include "zlib.h" -#endif - -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable: 4996) -#endif - -#ifdef NO_AES - #if !defined (ALIGN16) - #define ALIGN16 - #endif -#endif - -#ifdef NO_SHA - #define SHA_DIGEST_SIZE 20 -#endif - -#ifdef NO_SHA256 - #define SHA256_DIGEST_SIZE 32 -#endif - -#ifdef NO_MD5 - #define MD5_DIGEST_SIZE 16 -#endif - - -#ifdef __cplusplus - extern "C" { -#endif - - -#ifdef USE_WINDOWS_API - typedef unsigned int SOCKET_T; -#else - typedef int SOCKET_T; -#endif - - -typedef byte word24[3]; - -/* Define or comment out the cipher suites you'd like to be compiled in - make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined - - When adding cipher suites, add name to cipher_names, idx to cipher_name_idx - - Now that there is a maximum strength crypto build, the following BUILD_XXX - flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. - Those that do not use Perfect Forward Security and do not use AEAD ciphers - need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or - CHACHA-POLY. -*/ - -/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are - * not turned off. */ -#if defined(WOLFSSL_MAX_STRENGTH) && \ - ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ - (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ - (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ - (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ - !defined(NO_OLD_TLS)) - - #error "You are trying to build max strength with requirements disabled." -#endif - -#ifndef WOLFSSL_MAX_STRENGTH - - #if !defined(NO_RSA) && !defined(NO_RC4) - #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_RC4_128_SHA - #endif - #if !defined(NO_MD5) - #define BUILD_SSL_RSA_WITH_RC4_128_MD5 - #endif - #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) - #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - #endif - #endif - - #if !defined(NO_RSA) && !defined(NO_DES3) - #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - #if !defined(NO_TLS) && defined(HAVE_NTRU) - #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - #endif - #endif - #endif - - #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - #if defined(HAVE_NTRU) - #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - #endif - #endif - #if !defined (NO_SHA256) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - #endif - #if defined (HAVE_AESGCM) - #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - #if defined (WOLFSSL_SHA384) - #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - #endif - #endif - #if defined (HAVE_AESCCM) - #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 - #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - #endif - #endif - - #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) - #ifndef NO_RSA - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - #endif - #if !defined(NO_DH) - #if !defined(NO_SHA) - #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - #endif - #endif - #endif - #endif - - #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) - #if !defined(NO_SHA) - #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - #ifdef HAVE_AESGCM - #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - #endif - #ifdef HAVE_AESCCM - #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_128_CCM - #define BUILD_TLS_PSK_WITH_AES_256_CCM - #endif - #endif - #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_AESGCM - #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - #endif - #endif - #endif - - #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) - #if !defined(NO_RSA) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_NULL_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_RSA_WITH_NULL_SHA256 - #endif - #endif - #if !defined(NO_PSK) - #if !defined(NO_SHA) - #define BUILD_TLS_PSK_WITH_NULL_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_PSK_WITH_NULL_SHA256 - #endif - #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_PSK_WITH_NULL_SHA384 - #endif - #endif - #endif - - #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) - #define BUILD_TLS_RSA_WITH_HC_128_MD5 - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_HC_128_SHA - #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_HC_128_B2B256 - #endif - #endif - - #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_RABBIT_SHA - #endif - #endif - - #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ - !defined(NO_RSA) - - #if !defined(NO_SHA) - #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - #endif - #if !defined(NO_SHA256) - #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - #endif - #endif - - #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ - !defined(NO_AES) && !defined(NO_SHA) - #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - #endif - - #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) - #ifndef NO_SHA256 - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - #endif - #endif - #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - #ifdef HAVE_NULL_CIPHER - #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - #endif - #endif - #endif - - #if defined(HAVE_ECC) && !defined(NO_TLS) - #if !defined(NO_AES) - #if !defined(NO_SHA) - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - #endif - - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - #endif /* NO_SHA */ - #ifndef NO_SHA256 - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - #endif - - #ifdef WOLFSSL_SHA384 - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - #endif - - #if defined (HAVE_AESGCM) - #if !defined(NO_RSA) - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - #endif - #endif - - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - - #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - #endif - #endif - #endif /* NO_AES */ - #if !defined(NO_RC4) - #if !defined(NO_SHA) - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - #endif - - #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - #endif - #endif - #if !defined(NO_DES3) - #ifndef NO_SHA - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - #endif - - #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - #endif /* NO_SHA */ - #endif - #endif - -#endif /* !WOLFSSL_MAX_STRENGTH */ - -#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ - !defined(NO_RSA) && defined(HAVE_AESGCM) - - #ifndef NO_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - #endif - - #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - #endif -#endif - -#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) - #ifndef NO_SHA256 - #ifdef HAVE_AESGCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - #endif - #ifdef HAVE_AESCCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - #endif - #endif - #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) - #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - #endif -#endif - -#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) - #ifdef HAVE_AESGCM - #ifndef NO_SHA256 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - #ifndef NO_RSA - #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - #endif - #endif - #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - #ifndef NO_RSA - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - #endif - #endif - #endif - #if defined(HAVE_AESCCM) && !defined(NO_SHA256) - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - #endif -#endif - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) - #ifdef HAVE_ECC - #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - #ifndef NO_RSA - #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - #endif - #endif - #if !defined(NO_DH) && !defined(NO_RSA) - #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - #endif -#endif - - -#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ - defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) - #define BUILD_ARC4 -#endif - -#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) - #define BUILD_DES3 -#endif - -#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ - defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ - defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) - #undef BUILD_AES - #define BUILD_AES -#endif - -#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ - defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ - defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ - defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) - #define BUILD_AESGCM -#endif - -#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ - defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) - #define BUILD_HC128 -#endif - -#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) - #define BUILD_RABBIT -#endif - -#ifdef NO_DES3 - #define DES_BLOCK_SIZE 8 -#else - #undef BUILD_DES3 - #define BUILD_DES3 -#endif - -#ifdef NO_AES - #define AES_BLOCK_SIZE 16 -#else - #undef BUILD_AES - #define BUILD_AES -#endif - -#ifndef NO_RC4 - #undef BUILD_ARC4 - #define BUILD_ARC4 -#endif - -#ifdef HAVE_CHACHA - #define CHACHA20_BLOCK_SIZE 16 -#endif - -#if defined(WOLFSSL_MAX_STRENGTH) || \ - defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - - #define HAVE_AEAD -#endif - -#if defined(WOLFSSL_MAX_STRENGTH) || \ - defined(HAVE_ECC) || !defined(NO_DH) - - #define HAVE_PFS -#endif - - -/* actual cipher values, 2nd byte */ -enum { - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, - TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, - TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, - TLS_RSA_WITH_NULL_SHA = 0x02, - TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, - TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, - TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, - TLS_PSK_WITH_NULL_SHA256 = 0xb0, - TLS_PSK_WITH_NULL_SHA384 = 0xb1, - TLS_PSK_WITH_NULL_SHA = 0x2c, - SSL_RSA_WITH_RC4_128_SHA = 0x05, - SSL_RSA_WITH_RC4_128_MD5 = 0x04, - SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, - - /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, - - /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, - TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, - - /* wolfSSL extension - eSTREAM */ - TLS_RSA_WITH_HC_128_MD5 = 0xFB, - TLS_RSA_WITH_HC_128_SHA = 0xFC, - TLS_RSA_WITH_RABBIT_SHA = 0xFD, - - /* wolfSSL extension - Blake2b 256 */ - TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, - TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, - TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ - - /* wolfSSL extension - NTRU */ - TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, - TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ - TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, - - /* SHA256 */ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, - TLS_RSA_WITH_NULL_SHA256 = 0x3b, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, - TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, - - /* SHA384 */ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, - TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, - - /* AES-GCM */ - TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, - TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, - - /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, - - /* AES-CCM, first byte is 0xC0 but isn't ECC, - * also, in some of the other AES-CCM suites - * there will be second byte number conflicts - * with non-ECC AES-GCM */ - TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, - TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, - TLS_PSK_WITH_AES_128_CCM = 0xa4, - TLS_PSK_WITH_AES_256_CCM = 0xa5, - TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, - TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, - TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, - TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, - - /* Camellia */ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15, - - /* Renegotiation Indication Extension Special Suite */ - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff -}; - - -#ifndef WOLFSSL_SESSION_TIMEOUT - #define WOLFSSL_SESSION_TIMEOUT 500 - /* default session resumption cache timeout in seconds */ -#endif - - -enum Misc { - ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ - CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ - - SEND_CERT = 1, - SEND_BLANK_CERT = 2, - - DTLS_MAJOR = 0xfe, /* DTLS major version number */ - DTLS_MINOR = 0xff, /* DTLS minor version number */ - DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ - SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ - SSLv3_MINOR = 0, /* TLSv1 minor version number */ - TLSv1_MINOR = 1, /* TLSv1 minor version number */ - TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ - TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ - OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ - INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ - NO_COMPRESSION = 0, - ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ - HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ - SECRET_LEN = 48, /* pre RSA and all master */ - ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ - SIZEOF_SENDER = 4, /* clnt or srvr */ - FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ - MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ - MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE, - /* max added to msg, mac + pad from */ - /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max - digest sz + BLOC_SZ (iv) + pad byte (1) */ - MAX_COMP_EXTRA = 1024, /* max compression extra */ - MAX_MTU = 1500, /* max expected MTU */ - MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ - MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */ - MAX_STR_VERSION = 8, /* string rep of protocol version */ - - PAD_MD5 = 48, /* pad length for finished */ - PAD_SHA = 40, /* pad length for finished */ - MAX_PAD_SIZE = 256, /* maximum length of padding */ - COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ - COMPRESS_CONSTANT = 13, /* compression calc constant */ - COMPRESS_UPPER = 55, /* compression calc numerator */ - COMPRESS_LOWER = 64, /* compression calc denominator */ - - PEM_LINE_LEN = 80, /* PEM line max + fudge */ - LENGTH_SZ = 2, /* length field for HMAC, data only */ - VERSION_SZ = 2, /* length of proctocol version */ - SEQ_SZ = 8, /* 64 bit sequence number */ - BYTE3_LEN = 3, /* up to 24 bit byte lengths */ - ALERT_SIZE = 2, /* level + description */ - VERIFY_HEADER = 2, /* always use 2 bytes */ - EXT_ID_SZ = 2, /* always use 2 bytes */ - MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ - SESSION_HINT_SZ = 4, /* session timeout hint */ - - MAX_SUITE_SZ = 200, /* 100 suites for now! */ - RAN_LEN = 32, /* random length */ - SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ - ID_LEN = 32, /* session id length */ - MAX_COOKIE_LEN = 32, /* max dtls cookie size */ - COOKIE_SZ = 20, /* use a 20 byte cookie */ - SUITE_LEN = 2, /* cipher suite sz length */ - ENUM_LEN = 1, /* always a byte */ - OPAQUE8_LEN = 1, /* 1 byte */ - OPAQUE16_LEN = 2, /* 2 bytes */ - OPAQUE24_LEN = 3, /* 3 bytes */ - OPAQUE32_LEN = 4, /* 4 bytes */ - COMP_LEN = 1, /* compression length */ - CURVE_LEN = 2, /* ecc named curve length */ - SERVER_ID_LEN = 20, /* server session id length */ - - HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ - RECORD_HEADER_SZ = 5, /* type + version + len(2) */ - CERT_HEADER_SZ = 3, /* always 3 bytes */ - REQ_HEADER_SZ = 2, /* cert request header sz */ - HINT_LEN_SZ = 2, /* length of hint size field */ - TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ - HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ - HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ - HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ - HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ - HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ - - DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ - DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ - DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ - DTLS_RECORD_EXTRA = 8, /* diff from normal */ - DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ - DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ - DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ - - FINISHED_LABEL_SZ = 15, /* TLS finished label size */ - TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ - MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ - KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 256, /* Maximum half secret len */ - MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ - MAX_PRF_DIG = 224, /* Maximum digest len */ - MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ - SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ - - RC4_KEY_SIZE = 16, /* always 128bit */ - DES_KEY_SIZE = 8, /* des */ - DES3_KEY_SIZE = 24, /* 3 des ede */ - DES_IV_SIZE = DES_BLOCK_SIZE, - AES_256_KEY_SIZE = 32, /* for 256 bit */ - AES_192_KEY_SIZE = 24, /* for 192 bit */ - AES_IV_SIZE = 16, /* always block size */ - AES_128_KEY_SIZE = 16, /* for 128 bit */ - - AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ - AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ - AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ - AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ - AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ - AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ - AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */ - AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */ - AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ, - - AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ - AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ - AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ - - CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ - CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ - CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ - CAMELLIA_IV_SIZE = 16, /* always block size */ - - CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ - CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ - CHACHA20_IV_SIZE = 8, /* 64 bits for iv */ - - POLY1305_AUTH_SZ = 16, /* 128 bits */ - - HC_128_KEY_SIZE = 16, /* 128 bits */ - HC_128_IV_SIZE = 16, /* also 128 bits */ - - RABBIT_KEY_SIZE = 16, /* 128 bits */ - RABBIT_IV_SIZE = 8, /* 64 bits for iv */ - - EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ - - ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ - MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ - - MAX_HELLO_SZ = 128, /* max client or server hello */ - MAX_CERT_VERIFY_SZ = 1024, /* max */ - CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ - MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ - - DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ - DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ - DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ - - MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ - MAX_PSK_KEY_LEN = 64, /* max psk key supported */ - - MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ - -#ifdef FORTRESS - MAX_EX_DATA = 3, /* allow for three items of ex_data */ -#endif - - MAX_X509_SIZE = 2048, /* max static x509 buffer size */ - CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ - MAX_FILENAME_SZ = 256, /* max file name length */ - FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, - will use dynamic buffer if not big enough */ - - MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ - MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ - MAX_NTRU_BITS = 256, /* max symmetric bit strength */ - NO_SNIFF = 0, /* not sniffing */ - SNIFF = 1, /* currently sniffing */ - - HASH_SIG_SIZE = 2, /* default SHA1 RSA */ - - NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ - - NO_COPY = 0, /* should we copy static buffer for write */ - COPY = 1 /* should we copy static buffer for write */ -}; - - -#ifndef WOLFSSL_MIN_DHKEY_BITS - #ifdef WOLFSSL_MAX_STRENGTH - #define WOLFSSL_MIN_DHKEY_BITS 2048 - #else - #define WOLFSSL_MIN_DHKEY_BITS 1024 - #endif -#endif -#if (WOLFSSL_MIN_DHKEY_BITS % 8) - #error DH minimum bit size must be multiple of 8 -#endif -#if (WOLFSSL_MIN_DHKEY_BITS > 16000) - #error DH minimum bit size must not be greater than 16000 -#endif -#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) - - -#ifdef SESSION_INDEX -/* Shift values for making a session index */ -#define SESSIDX_ROW_SHIFT 4 -#define SESSIDX_IDX_MASK 0x0F -#endif - - -/* max cert chain peer depth */ -#ifndef MAX_CHAIN_DEPTH - #define MAX_CHAIN_DEPTH 9 -#endif - -#ifndef SESSION_TICKET_LEN - #define SESSION_TICKET_LEN 256 -#endif - -#ifndef SESSION_TICKET_HINT_DEFAULT - #define SESSION_TICKET_HINT_DEFAULT 300 -#endif - - -/* don't use extra 3/4k stack space unless need to */ -#ifdef HAVE_NTRU - #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ -#else - #define MAX_ENCRYPT_SZ ENCRYPT_LEN -#endif - - -/* states */ -enum states { - NULL_STATE = 0, - - SERVER_HELLOVERIFYREQUEST_COMPLETE, - SERVER_HELLO_COMPLETE, - SERVER_CERT_COMPLETE, - SERVER_KEYEXCHANGE_COMPLETE, - SERVER_HELLODONE_COMPLETE, - SERVER_FINISHED_COMPLETE, - - CLIENT_HELLO_COMPLETE, - CLIENT_KEYEXCHANGE_COMPLETE, - CLIENT_FINISHED_COMPLETE, - - HANDSHAKE_DONE -}; - - -#if defined(__GNUC__) - #define WOLFSSL_PACK __attribute__ ((packed)) -#else - #define WOLFSSL_PACK -#endif - -/* SSL Version */ -typedef struct ProtocolVersion { - byte major; - byte minor; -} WOLFSSL_PACK ProtocolVersion; - - -WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); -WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); -WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); -WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); - -#ifdef WOLFSSL_DTLS - WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); - WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); -#endif - - -enum BIO_TYPE { - BIO_BUFFER = 1, - BIO_SOCKET = 2, - BIO_SSL = 3, - BIO_MEMORY = 4 -}; - - -/* wolfSSL BIO_METHOD type */ -struct WOLFSSL_BIO_METHOD { - byte type; /* method type */ -}; - - -/* wolfSSL BIO type */ -struct WOLFSSL_BIO { - byte type; /* method type */ - byte close; /* close flag */ - byte eof; /* eof flag */ - WOLFSSL* ssl; /* possible associated ssl */ - byte* mem; /* memory buffer */ - int memLen; /* memory buffer length */ - int fd; /* possible file descriptor */ - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ -}; - - -/* wolfSSL method type */ -struct WOLFSSL_METHOD { - ProtocolVersion version; - byte side; /* connection side, server or client */ - byte downgrade; /* whether to downgrade version, default no */ -}; - - -/* defautls to client */ -WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); - -/* for sniffer */ -WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, - word32 size, word32 totalSz, int sniff); -WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); - - -/* wolfSSL buffer type */ -typedef struct buffer { - byte* buffer; - word32 length; -} buffer; - - -enum { - FORCED_FREE = 1, - NO_FORCED_FREE = 0 -}; - - -/* only use compression extra if using compression */ -#ifdef HAVE_LIBZ - #define COMP_EXTRA MAX_COMP_EXTRA -#else - #define COMP_EXTRA 0 -#endif - -/* only the sniffer needs space in the buffer for extra MTU record(s) */ -#ifdef WOLFSSL_SNIFFER - #define MTU_EXTRA MAX_MTU * 3 -#else - #define MTU_EXTRA 0 -#endif - - -/* embedded callbacks require large static buffers, make sure on */ -#ifdef WOLFSSL_CALLBACKS - #undef LARGE_STATIC_BUFFERS - #define LARGE_STATIC_BUFFERS -#endif - - -/* give user option to use 16K static buffers */ -#if defined(LARGE_STATIC_BUFFERS) - #define RECORD_SIZE MAX_RECORD_SIZE -#else - #ifdef WOLFSSL_DTLS - #define RECORD_SIZE MAX_MTU - #else - #define RECORD_SIZE 128 - #endif -#endif - - -/* user option to turn off 16K output option */ -/* if using small static buffers (default) and SSL_write tries to write data - larger than the record we have, dynamically get it, unless user says only - write in static buffer chuncks */ -#ifndef STATIC_CHUNKS_ONLY - #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE -#else - #define OUTPUT_RECORD_SIZE RECORD_SIZE -#endif - -/* wolfSSL input buffer - - RFC 2246: - - length - The length (in bytes) of the following TLSPlaintext.fragment. - The length should not exceed 2^14. -*/ -#if defined(LARGE_STATIC_BUFFERS) - #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ - MTU_EXTRA + MAX_MSG_EXTRA -#else - /* don't fragment memory from the record header */ - #define STATIC_BUFFER_LEN RECORD_HEADER_SZ -#endif - -typedef struct { - ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; - byte* buffer; /* place holder for static or dynamic buffer */ - word32 length; /* total buffer length used */ - word32 idx; /* idx to part of length already consumed */ - word32 bufferSize; /* current buffer size */ - byte dynamicFlag; /* dynamic memory currently in use */ - byte offset; /* alignment offset attempt */ -} bufferStatic; - -/* Cipher Suites holder */ -typedef struct Suites { - word16 suiteSz; /* suite length in bytes */ - word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ - byte suites[MAX_SUITE_SZ]; - byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ - byte setSuites; /* user set suites from default */ - byte hashAlgo; /* selected hash algorithm */ - byte sigAlgo; /* selected sig algorithm */ -} Suites; - - -WOLFSSL_LOCAL -void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16, - word16, word16, int); -WOLFSSL_LOCAL -int SetCipherList(Suites*, const char* list); - -#ifndef PSK_TYPES_DEFINED - typedef unsigned int (*psk_client_callback)(WOLFSSL*, const char*, char*, - unsigned int, unsigned char*, unsigned int); - typedef unsigned int (*psk_server_callback)(WOLFSSL*, const char*, - unsigned char*, unsigned int); -#endif /* PSK_TYPES_DEFINED */ - - -#ifdef HAVE_NETX - WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); - WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx); -#endif /* HAVE_NETX */ - - -/* wolfSSL Cipher type just points back to SSL */ -struct WOLFSSL_CIPHER { - WOLFSSL* ssl; -}; - - -typedef struct OCSP_Entry OCSP_Entry; - -#ifdef NO_SHA - #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE -#else - #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE -#endif - -#ifdef NO_ASN - /* no_asn won't have */ - typedef struct CertStatus CertStatus; -#endif - -struct OCSP_Entry { - OCSP_Entry* next; /* next entry */ - byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ - byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ - CertStatus* status; /* OCSP response list */ - int totalStatus; /* number on list */ -}; - - -#ifndef HAVE_OCSP - typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; -#endif - -/* wolfSSL OCSP controller */ -struct WOLFSSL_OCSP { - WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ - OCSP_Entry* ocspList; /* OCSP response list */ - wolfSSL_Mutex ocspLock; /* OCSP list lock */ -}; - -#ifndef MAX_DATE_SIZE -#define MAX_DATE_SIZE 32 -#endif - -typedef struct CRL_Entry CRL_Entry; - -#ifdef NO_SHA - #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE -#else - #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE -#endif - -#ifdef NO_ASN - typedef struct RevokedCert RevokedCert; -#endif - -/* Complete CRL */ -struct CRL_Entry { - CRL_Entry* next; /* next entry */ - byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ - /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ - /* restore the hash here if needed for optimized comparisons */ - byte lastDate[MAX_DATE_SIZE]; /* last date updated */ - byte nextDate[MAX_DATE_SIZE]; /* next update date */ - byte lastDateFormat; /* last date format */ - byte nextDateFormat; /* next date format */ - RevokedCert* certs; /* revoked cert list */ - int totalCerts; /* number on list */ -}; - - -typedef struct CRL_Monitor CRL_Monitor; - -/* CRL directory monitor */ -struct CRL_Monitor { - char* path; /* full dir path, if valid pointer we're using */ - int type; /* PEM or ASN1 type */ -}; - - -#ifndef HAVE_CRL - typedef struct WOLFSSL_CRL WOLFSSL_CRL; -#endif - -/* wolfSSL CRL controller */ -struct WOLFSSL_CRL { - WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ - CRL_Entry* crlList; /* our CRL list */ - wolfSSL_Mutex crlLock; /* CRL list lock */ - CRL_Monitor monitors[2]; /* PEM and DER possible */ -#ifdef HAVE_CRL_MONITOR - pthread_t tid; /* monitoring thread */ - int mfd; /* monitor fd, -1 if no init yet */ -#endif -}; - - -#ifdef NO_ASN - typedef struct Signer Signer; -#endif - - -#ifndef CA_TABLE_SIZE - #define CA_TABLE_SIZE 11 -#endif - -/* wolfSSL Certificate Manager */ -struct WOLFSSL_CERT_MANAGER { - Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ - void* heap; /* heap helper */ - WOLFSSL_CRL* crl; /* CRL checker */ - WOLFSSL_OCSP* ocsp; /* OCSP checker */ - char* ocspOverrideURL; /* use this responder */ - void* ocspIOCtx; /* I/O callback CTX */ - CallbackCACache caCacheCallback; /* CA cache addition callback */ - CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ - CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ - CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ - wolfSSL_Mutex caLock; /* CA list lock */ - byte crlEnabled; /* is CRL on ? */ - byte crlCheckAll; /* always leaf, but all ? */ - byte ocspEnabled; /* is OCSP on ? */ - byte ocspCheckAll; /* always leaf, but all ? */ - byte ocspSendNonce; /* send the OCSP nonce ? */ - byte ocspUseOverrideURL; /* ignore cert's responder, override */ -}; - -WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); -WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); -WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); -WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); -WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); - -/* wolfSSL Sock Addr */ -struct WOLFSSL_SOCKADDR { - unsigned int sz; /* sockaddr size */ - void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ -}; - -typedef struct WOLFSSL_DTLS_CTX { - WOLFSSL_SOCKADDR peer; - int fd; -} WOLFSSL_DTLS_CTX; - - -#ifdef WOLFSSL_DTLS - - #ifdef WORD64_AVAILABLE - typedef word64 DtlsSeq; - #else - typedef word32 DtlsSeq; - #endif - #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT) - - typedef struct DtlsState { - DtlsSeq window; /* Sliding window for current epoch */ - word16 nextEpoch; /* Expected epoch in next record */ - word32 nextSeq; /* Expected sequence in next record */ - - word16 curEpoch; /* Received epoch in current record */ - word32 curSeq; /* Received sequence in current record */ - - DtlsSeq prevWindow; /* Sliding window for old epoch */ - word32 prevSeq; /* Next sequence in allowed old epoch */ - } DtlsState; - -#endif /* WOLFSSL_DTLS */ - - -/* keys and secrets */ -typedef struct Keys { - byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ - byte server_write_MAC_secret[MAX_DIGEST_SIZE]; - byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ - byte server_write_key[AES_256_KEY_SIZE]; - byte client_write_IV[AES_IV_SIZE]; /* max sizes */ - byte server_write_IV[AES_IV_SIZE]; -#ifdef HAVE_AEAD - byte aead_exp_IV[AEAD_EXP_IV_SZ]; - byte aead_enc_imp_IV[AEAD_IMP_IV_SZ]; - byte aead_dec_imp_IV[AEAD_IMP_IV_SZ]; -#endif - - word32 peer_sequence_number; - word32 sequence_number; - -#ifdef WOLFSSL_DTLS - DtlsState dtls_state; /* Peer's state */ - word16 dtls_peer_handshake_number; - word16 dtls_expected_peer_handshake_number; - - word16 dtls_epoch; /* Current tx epoch */ - word32 dtls_sequence_number; /* Current tx sequence */ - word16 dtls_handshake_number; /* Current tx handshake seq */ -#endif - - word32 encryptSz; /* last size of encrypted data */ - word32 padSz; /* how much to advance after decrypt part */ - byte encryptionOn; /* true after change cipher spec */ - byte decryptedCur; /* only decrypt current record once */ -} Keys; - - - -/* RFC 6066 TLS Extensions */ -#ifdef HAVE_TLS_EXTENSIONS - -typedef enum { - SERVER_NAME_INDICATION = 0x0000, - MAX_FRAGMENT_LENGTH = 0x0001, - TRUNCATED_HMAC = 0x0004, - ELLIPTIC_CURVES = 0x000a, - SESSION_TICKET = 0x0023, - SECURE_RENEGOTIATION = 0xff01 -} TLSX_Type; - -typedef struct TLSX { - TLSX_Type type; /* Extension Type */ - void* data; /* Extension Data */ - byte resp; /* IsResponse Flag */ - struct TLSX* next; /* List Behavior */ -} TLSX; - -WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); -WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list); -WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); - -#ifndef NO_WOLFSSL_CLIENT -WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl); -WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output); -#endif - -#ifndef NO_WOLFSSL_SERVER -WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl); -WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output); -#endif - -WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, - byte isRequest, Suites *suites); - -#elif defined(HAVE_SNI) \ - || defined(HAVE_MAX_FRAGMENT) \ - || defined(HAVE_TRUNCATED_HMAC) \ - || defined(HAVE_SUPPORTED_CURVES) \ - || defined(HAVE_SECURE_RENEGOTIATION) \ - || defined(HAVE_SESSION_TICKET) - -#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. - -#endif /* HAVE_TLS_EXTENSIONS */ - -/* Server Name Indication */ -#ifdef HAVE_SNI - -typedef struct SNI { - byte type; /* SNI Type */ - union { char* host_name; } data; /* SNI Data */ - struct SNI* next; /* List Behavior */ -#ifndef NO_WOLFSSL_SERVER - byte options; /* Behaviour options */ - byte status; /* Matching result */ -#endif -} SNI; - -WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, - word16 size); - -#ifndef NO_WOLFSSL_SERVER -WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, - byte options); -WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); -WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, - void** data); -WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, - byte type, byte* sni, word32* inOutSz); -#endif - -#endif /* HAVE_SNI */ - -/* Maximum Fragment Length */ -#ifdef HAVE_MAX_FRAGMENT - -WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); - -#endif /* HAVE_MAX_FRAGMENT */ - -#ifdef HAVE_TRUNCATED_HMAC - -WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); - -#endif /* HAVE_TRUNCATED_HMAC */ - -#ifdef HAVE_SUPPORTED_CURVES - -typedef struct EllipticCurve { - word16 name; /* CurveNames */ - struct EllipticCurve* next; /* List Behavior */ -} EllipticCurve; - -WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); - -#ifndef NO_WOLFSSL_SERVER -WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, - byte second); -#endif - -#endif /* HAVE_SUPPORTED_CURVES */ - -#ifdef HAVE_SECURE_RENEGOTIATION - -enum key_cache_state { - SCR_CACHE_NULL = 0, /* empty / begin state */ - SCR_CACHE_NEEDED, /* need to cache keys */ - SCR_CACHE_COPY, /* we have a cached copy */ - SCR_CACHE_PARTIAL, /* partial restore to real keys */ - SCR_CACHE_COMPLETE /* complete restore to real keys */ -}; - - -/* Additional Conection State according to rfc5746 section 3.1 */ -typedef struct SecureRenegotiation { - byte enabled; /* secure_renegotiation flag in rfc */ - byte startScr; /* server requested client to start scr */ - enum key_cache_state cache_status; /* track key cache state */ - byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ - byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ - byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */ - Keys tmp_keys; /* can't overwrite real keys yet */ -} SecureRenegotiation; - -WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions); - -#endif /* HAVE_SECURE_RENEGOTIATION */ - -#ifdef HAVE_SESSION_TICKET - -typedef struct SessionTicket { - word32 lifetime; - byte* data; - word16 size; -} SessionTicket; - -WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, - SessionTicket* ticket); -WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, - byte* data, word16 size); -WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket); -#endif /* HAVE_SESSION_TICKET */ - -/* wolfSSL context type */ -struct WOLFSSL_CTX { - WOLFSSL_METHOD* method; - wolfSSL_Mutex countMutex; /* reference count mutex */ - int refCount; /* reference count */ -#ifndef NO_DH - buffer serverDH_P; - buffer serverDH_G; -#endif -#ifndef NO_CERTS - buffer certificate; - buffer certChain; - /* chain after self, in DER, with leading size for each cert */ - buffer privateKey; - WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ -#endif - Suites* suites; /* make dynamic, user may not need/set */ - void* heap; /* for user memory overrides */ - byte verifyPeer; - byte verifyNone; - byte failNoCert; - byte sessionCacheOff; - byte sessionCacheFlushOff; - byte sendVerify; /* for client side */ - byte haveRSA; /* RSA available */ - byte haveDH; /* server DH parms set by user */ - byte haveNTRU; /* server private NTRU key loaded */ - byte haveECDSAsig; /* server cert signed w/ ECDSA */ - byte haveStaticECC; /* static server ECC private key */ - byte partialWrite; /* only one msg per write call */ - byte quietShutdown; /* don't send close notify */ - byte groupMessages; /* group handshake messages before sending */ - byte minDowngrade; /* minimum downgrade version */ -#ifndef NO_DH - word16 minDhKeySz; /* minimum DH key size */ -#endif - CallbackIORecv CBIORecv; - CallbackIOSend CBIOSend; -#ifdef WOLFSSL_DTLS - CallbackGenCookie CBIOCookie; /* gen cookie callback */ -#endif - VerifyCallback verifyCallback; /* cert verification callback */ - word32 timeout; /* session timeout */ -#ifdef HAVE_ECC - word16 eccTempKeySz; /* in octets 20 - 66 */ - word32 pkCurveOID; /* curve Ecc_Sum */ -#endif -#ifndef NO_PSK - byte havePSK; /* psk key set by user */ - psk_client_callback client_psk_cb; /* client callback */ - psk_server_callback server_psk_cb; /* server callback */ - char server_hint[MAX_PSK_ID_LEN]; -#endif /* NO_PSK */ -#ifdef HAVE_ANON - byte haveAnon; /* User wants to allow Anon suites */ -#endif /* HAVE_ANON */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - pem_password_cb passwd_cb; - void* userdata; -#endif /* OPENSSL_EXTRA */ -#ifdef HAVE_OCSP - WOLFSSL_OCSP ocsp; -#endif -#ifdef HAVE_CAVIUM - int devId; /* cavium device id to use */ -#endif -#ifdef HAVE_TLS_EXTENSIONS - TLSX* extensions; /* RFC 6066 TLS Extensions data */ - #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) - SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ - void* ticketEncCtx; /* session encrypt context */ - int ticketHint; /* ticket hint in seconds */ - #endif -#endif -#ifdef ATOMIC_USER - CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ - CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ -#endif -#ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - CallbackEccSign EccSignCb; /* User EccSign Callback handler */ - CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ - #endif /* HAVE_ECC */ - #ifndef NO_RSA - CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ - CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ - CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ - CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ - #endif /* NO_RSA */ -#endif /* HAVE_PK_CALLBACKS */ -}; - - -WOLFSSL_LOCAL -int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*); -WOLFSSL_LOCAL -void FreeSSL_Ctx(WOLFSSL_CTX*); -WOLFSSL_LOCAL -void SSL_CtxResourceFree(WOLFSSL_CTX*); - -WOLFSSL_LOCAL -int DeriveTlsKeys(WOLFSSL* ssl); -WOLFSSL_LOCAL -int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, - word32 inSz, word16 sz); -#ifndef NO_CERTS - WOLFSSL_LOCAL - int AddCA(WOLFSSL_CERT_MANAGER* ctx, buffer der, int type, int verify); - WOLFSSL_LOCAL - int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); -#endif - -/* All cipher suite related info */ -typedef struct CipherSpecs { - word16 key_size; - word16 iv_size; - word16 block_size; - word16 aead_mac_size; - byte bulk_cipher_algorithm; - byte cipher_type; /* block, stream, or aead */ - byte mac_algorithm; - byte kea; /* key exchange algo */ - byte sig_algo; - byte hash_size; - byte pad_size; - byte static_ecdh; -} CipherSpecs; - - -void InitCipherSpecs(CipherSpecs* cs); - - -/* Supported Message Authentication Codes from page 43 */ -enum MACAlgorithm { - no_mac, - md5_mac, - sha_mac, - sha224_mac, - sha256_mac, /* needs to match external KDF_MacAlgorithm */ - sha384_mac, - sha512_mac, - rmd_mac, - blake2b_mac -}; - - -/* Supported Key Exchange Protocols */ -enum KeyExchangeAlgorithm { - no_kea, - rsa_kea, - diffie_hellman_kea, - fortezza_kea, - psk_kea, - dhe_psk_kea, - ntru_kea, - ecc_diffie_hellman_kea, - ecc_static_diffie_hellman_kea /* for verify suite only */ -}; - - -/* Supported Authentication Schemes */ -enum SignatureAlgorithm { - anonymous_sa_algo, - rsa_sa_algo, - dsa_sa_algo, - ecc_dsa_sa_algo -}; - - -/* Supprted ECC Curve Types */ -enum EccCurves { - named_curve = 3 -}; - - -/* Valid client certificate request types from page 27 */ -enum ClientCertificateType { - rsa_sign = 1, - dss_sign = 2, - rsa_fixed_dh = 3, - dss_fixed_dh = 4, - rsa_ephemeral_dh = 5, - dss_ephemeral_dh = 6, - fortezza_kea_cert = 20, - ecdsa_sign = 64, - rsa_fixed_ecdh = 65, - ecdsa_fixed_ecdh = 66 -}; - - -enum CipherType { stream, block, aead }; - - - - - - -/* cipher for now */ -typedef struct Ciphers { -#ifdef BUILD_ARC4 - Arc4* arc4; -#endif -#ifdef BUILD_DES3 - Des3* des3; -#endif -#if defined(BUILD_AES) || defined(BUILD_AESGCM) - Aes* aes; -#endif -#ifdef HAVE_CAMELLIA - Camellia* cam; -#endif -#ifdef HAVE_CHACHA - ChaCha* chacha; -#endif -#ifdef HAVE_HC128 - HC128* hc128; -#endif -#ifdef BUILD_RABBIT - Rabbit* rabbit; -#endif - byte setup; /* have we set it up flag for detection */ -} Ciphers; - - -#ifdef HAVE_ONE_TIME_AUTH -/* Ciphers for one time authentication such as poly1305 */ -typedef struct OneTimeAuth { -#ifdef HAVE_POLY1305 - Poly1305* poly1305; -#endif - byte setup; /* flag for if a cipher has been set */ - -} OneTimeAuth; -#endif - - -WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); -WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); - - -/* hashes type */ -typedef struct Hashes { - #ifndef NO_OLD_TLS - byte md5[MD5_DIGEST_SIZE]; - #endif - byte sha[SHA_DIGEST_SIZE]; - #ifndef NO_SHA256 - byte sha256[SHA256_DIGEST_SIZE]; - #endif - #ifdef WOLFSSL_SHA384 - byte sha384[SHA384_DIGEST_SIZE]; - #endif - #ifdef WOLFSSL_SHA512 - byte sha512[SHA512_DIGEST_SIZE]; - #endif -} Hashes; - - -/* Static x509 buffer */ -typedef struct x509_buffer { - int length; /* actual size */ - byte buffer[MAX_X509_SIZE]; /* max static cert size */ -} x509_buffer; - - -/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ -struct WOLFSSL_X509_CHAIN { - int count; /* total number in chain */ - x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ -}; - - -/* wolfSSL session type */ -struct WOLFSSL_SESSION { - word32 bornOn; /* create time in seconds */ - word32 timeout; /* timeout in seconds */ - byte sessionID[ID_LEN]; /* id for protocol */ - byte sessionIDSz; - byte masterSecret[SECRET_LEN]; /* stored secret */ -#ifdef SESSION_CERTS - WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ - ProtocolVersion version; /* which version was used */ - byte cipherSuite0; /* first byte, normally 0 */ - byte cipherSuite; /* 2nd byte, actual suite */ -#endif -#ifndef NO_CLIENT_CACHE - word16 idLen; /* serverID length */ - byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ -#endif -#ifdef HAVE_SESSION_TICKET - word16 ticketLen; - byte ticket[SESSION_TICKET_LEN]; -#endif -}; - - -WOLFSSL_LOCAL -WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*); -WOLFSSL_LOCAL -int SetSession(WOLFSSL*, WOLFSSL_SESSION*); - -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); - -#ifndef NO_CLIENT_CACHE - WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); -#endif - -/* client connect state for nonblocking restart */ -enum ConnectState { - CONNECT_BEGIN = 0, - CLIENT_HELLO_SENT, - HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ - HELLO_AGAIN_REPLY, - FIRST_REPLY_DONE, - FIRST_REPLY_FIRST, - FIRST_REPLY_SECOND, - FIRST_REPLY_THIRD, - FIRST_REPLY_FOURTH, - FINISHED_DONE, - SECOND_REPLY_DONE -}; - - -/* server accept state for nonblocking restart */ -enum AcceptState { - ACCEPT_BEGIN = 0, - ACCEPT_CLIENT_HELLO_DONE, - HELLO_VERIFY_SENT, - ACCEPT_FIRST_REPLY_DONE, - SERVER_HELLO_SENT, - CERT_SENT, - KEY_EXCHANGE_SENT, - CERT_REQ_SENT, - SERVER_HELLO_DONE, - ACCEPT_SECOND_REPLY_DONE, - TICKET_SENT, - CHANGE_CIPHER_SENT, - ACCEPT_FINISHED_DONE, - ACCEPT_THIRD_REPLY_DONE -}; - - -typedef struct Buffers { - bufferStatic inputBuffer; - bufferStatic outputBuffer; - buffer domainName; /* for client check */ - buffer clearOutputBuffer; - int prevSent; /* previous plain text bytes sent - when got WANT_WRITE */ - int plainSz; /* plain text bytes in buffer to send - when got WANT_WRITE */ - byte weOwnCert; /* SSL own cert flag */ - byte weOwnCertChain; /* SSL own cert chain flag */ - byte weOwnKey; /* SSL own key flag */ - byte weOwnDH; /* SSL own dh (p,g) flag */ -#ifndef NO_DH - buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ - buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ - buffer serverDH_Pub; - buffer serverDH_Priv; -#endif -#ifndef NO_CERTS - buffer certificate; /* WOLFSSL_CTX owns, unless we own */ - buffer key; /* WOLFSSL_CTX owns, unless we own */ - buffer certChain; /* WOLFSSL_CTX owns, unless we own */ - /* chain after self, in DER, with leading size for each cert */ -#endif -#ifdef WOLFSSL_DTLS - WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ -#endif -#ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ - #endif /* HAVE_ECC */ - #ifndef NO_RSA - buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ - #endif /* NO_RSA */ -#endif /* HAVE_PK_CALLBACKS */ -} Buffers; - -typedef struct Options { -#ifndef NO_PSK - psk_client_callback client_psk_cb; - psk_server_callback server_psk_cb; - word16 havePSK:1; /* psk key set by user */ -#endif /* NO_PSK */ - - /* on/off or small bit flags, optimize layout */ - word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ - word16 sessionCacheOff:1; - word16 sessionCacheFlushOff:1; - word16 side:1; /* client or server end */ - word16 verifyPeer:1; - word16 verifyNone:1; - word16 failNoCert:1; - word16 downgrade:1; /* allow downgrade of versions */ - word16 resuming:1; - word16 haveSessionId:1; /* server may not send */ - word16 tls:1; /* using TLS ? */ - word16 tls1_1:1; /* using TLSv1.1+ ? */ - word16 dtls:1; /* using datagrams ? */ - word16 connReset:1; /* has the peer reset */ - word16 isClosed:1; /* if we consider conn closed */ - word16 closeNotify:1; /* we've recieved a close notify */ - word16 sentNotify:1; /* we've sent a close notify */ - word16 usingCompression:1; /* are we using compression */ - word16 haveRSA:1; /* RSA available */ - word16 haveDH:1; /* server DH parms set by user */ - word16 haveNTRU:1; /* server NTRU private key loaded */ - word16 haveECDSAsig:1; /* server ECDSA signed cert */ - word16 haveStaticECC:1; /* static server ECC private key */ - word16 havePeerCert:1; /* do we have peer's cert */ - word16 havePeerVerify:1; /* and peer's cert verify */ - word16 usingPSK_cipher:1; /* are using psk as cipher */ - word16 usingAnon_cipher:1; /* are we using an anon cipher */ - word16 sendAlertState:1; /* nonblocking resume */ - word16 partialWrite:1; /* only one msg per write call */ - word16 quietShutdown:1; /* don't send close notify */ - word16 certOnly:1; /* stop once we get cert */ - word16 groupMessages:1; /* group handshake messages */ - word16 usingNonblock:1; /* are we using nonblocking socket */ - word16 saveArrays:1; /* save array Memory for user get keys - or psk */ -#ifdef HAVE_POLY1305 - word16 oldPoly:1; /* set when to use old rfc way of poly*/ -#endif -#ifdef HAVE_ANON - word16 haveAnon:1; /* User wants to allow Anon suites */ -#endif -#ifdef HAVE_SESSION_TICKET - word16 createTicket:1; /* Server to create new Ticket */ - word16 useTicket:1; /* Use Ticket not session cache */ -#endif - - /* need full byte values for this section */ - byte processReply; /* nonblocking resume */ - byte cipherSuite0; /* first byte, normally 0 */ - byte cipherSuite; /* second byte, actual suite */ - byte serverState; - byte clientState; - byte handShakeState; - byte handShakeDone; /* at least one handshake complete */ - byte minDowngrade; /* minimum downgrade version */ - byte connectState; /* nonblocking resume */ - byte acceptState; /* nonblocking resume */ -#ifndef NO_DH - word16 minDhKeySz; /* minimum DH key size */ - word16 dhKeySz; /* actual DH key size */ -#endif - -} Options; - -typedef struct Arrays { - word32 preMasterSz; /* differs for DH, actual size */ -#ifndef NO_PSK - word32 psk_keySz; /* acutal size */ - char client_identity[MAX_PSK_ID_LEN]; - char server_hint[MAX_PSK_ID_LEN]; - byte psk_key[MAX_PSK_KEY_LEN]; -#endif - byte clientRandom[RAN_LEN]; - byte serverRandom[RAN_LEN]; - byte sessionID[ID_LEN]; - byte sessionIDSz; - byte preMasterSecret[ENCRYPT_LEN]; - byte masterSecret[SECRET_LEN]; -#ifdef WOLFSSL_DTLS - byte cookie[MAX_COOKIE_LEN]; - byte cookieSz; -#endif -} Arrays; - -#ifndef ASN_NAME_MAX -#define ASN_NAME_MAX 256 -#endif - -#ifndef MAX_DATE_SZ -#define MAX_DATE_SZ 32 -#endif - -struct WOLFSSL_X509_NAME { - char *name; - char staticName[ASN_NAME_MAX]; - int dynamicName; - int sz; -#ifdef OPENSSL_EXTRA - DecodedName fullName; -#endif /* OPENSSL_EXTRA */ -}; - -#ifndef EXTERNAL_SERIAL_SIZE - #define EXTERNAL_SERIAL_SIZE 32 -#endif - -#ifdef NO_ASN - typedef struct DNS_entry DNS_entry; -#endif - -struct WOLFSSL_X509 { - int version; - WOLFSSL_X509_NAME issuer; - WOLFSSL_X509_NAME subject; - int serialSz; - byte serial[EXTERNAL_SERIAL_SIZE]; - char subjectCN[ASN_NAME_MAX]; /* common name short cut */ -#ifdef WOLFSSL_SEP - int deviceTypeSz; - byte deviceType[EXTERNAL_SERIAL_SIZE]; - int hwTypeSz; - byte hwType[EXTERNAL_SERIAL_SIZE]; - int hwSerialNumSz; - byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; - #ifdef OPENSSL_EXTRA - byte certPolicySet; - byte certPolicyCrit; - #endif /* OPENSSL_EXTRA */ -#endif - int notBeforeSz; - byte notBefore[MAX_DATE_SZ]; - int notAfterSz; - byte notAfter[MAX_DATE_SZ]; - int sigOID; - buffer sig; - int pubKeyOID; - buffer pubKey; - #ifdef HAVE_ECC - word32 pkCurveOID; - #endif /* HAVE_ECC */ - buffer derCert; /* may need */ - DNS_entry* altNames; /* alt names list */ - DNS_entry* altNamesNext; /* hint for retrieval */ - byte dynamicMemory; /* dynamic memory flag */ - byte isCa; -#ifdef OPENSSL_EXTRA - word32 pathLength; - word16 keyUsage; - byte basicConstSet; - byte basicConstCrit; - byte basicConstPlSet; - byte subjAltNameSet; - byte subjAltNameCrit; - byte authKeyIdSet; - byte authKeyIdCrit; - byte* authKeyId; - word32 authKeyIdSz; - byte subjKeyIdSet; - byte subjKeyIdCrit; - byte* subjKeyId; - word32 subjKeyIdSz; - byte keyUsageSet; - byte keyUsageCrit; -#endif /* OPENSSL_EXTRA */ -}; - - -/* record layer header for PlainText, Compressed, and CipherText */ -typedef struct RecordLayerHeader { - byte type; - byte pvMajor; - byte pvMinor; - byte length[2]; -} RecordLayerHeader; - - -/* record layer header for DTLS PlainText, Compressed, and CipherText */ -typedef struct DtlsRecordLayerHeader { - byte type; - byte pvMajor; - byte pvMinor; - byte epoch[2]; /* increment on cipher state change */ - byte sequence_number[6]; /* per record */ - byte length[2]; -} DtlsRecordLayerHeader; - - -typedef struct DtlsPool { - buffer buf[DTLS_POOL_SZ]; - int used; -} DtlsPool; - -typedef struct DtlsMsg { - struct DtlsMsg* next; - word32 seq; /* Handshake sequence number */ - word32 sz; /* Length of whole mesage */ - word32 fragSz; /* Length of fragments received */ - byte type; - byte* buf; - byte* msg; -} DtlsMsg; - - -#ifdef HAVE_NETX - - /* NETX I/O Callback default */ - typedef struct NetX_Ctx { - NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ - NX_PACKET* nxPacket; /* incoming packet handle for short reads */ - ULONG nxOffset; /* offset already read from nxPacket */ - ULONG nxWait; /* wait option flag */ - } NetX_Ctx; - -#endif - - -/* Handshake messages recevied from peer (plus change cipher */ -typedef struct MsgsReceived { - word16 got_hello_request:1; - word16 got_client_hello:1; - word16 got_server_hello:1; - word16 got_hello_verify_request:1; - word16 got_session_ticket:1; - word16 got_certificate:1; - word16 got_server_key_exchange:1; - word16 got_certificate_request:1; - word16 got_server_hello_done:1; - word16 got_certificate_verify:1; - word16 got_client_key_exchange:1; - word16 got_finished:1; - word16 got_change_cipher:1; -} MsgsReceived; - - -/* Handshake hashes */ -typedef struct HS_Hashes { - Hashes verifyHashes; - Hashes certHashes; /* for cert verify */ -#ifndef NO_OLD_TLS -#ifndef NO_SHA - Sha hashSha; /* sha hash of handshake msgs */ -#endif -#ifndef NO_MD5 - Md5 hashMd5; /* md5 hash of handshake msgs */ -#endif -#endif /* NO_OLD_TLS */ -#ifndef NO_SHA256 - Sha256 hashSha256; /* sha256 hash of handshake msgs */ -#endif -#ifdef WOLFSSL_SHA384 - Sha384 hashSha384; /* sha384 hash of handshake msgs */ -#endif -#ifdef WOLFSSL_SHA512 - Sha512 hashSha512; /* sha512 hash of handshake msgs */ -#endif -} HS_Hashes; - - -/* wolfSSL ssl type */ -struct WOLFSSL { - WOLFSSL_CTX* ctx; - Suites* suites; /* only need during handshake */ - Arrays* arrays; - HS_Hashes* hsHashes; - void* IOCB_ReadCtx; - void* IOCB_WriteCtx; - RNG* rng; - void* verifyCbCtx; /* cert verify callback user ctx*/ - VerifyCallback verifyCallback; /* cert verification callback */ - void* heap; /* for user overrides */ -#ifndef NO_HANDSHAKE_DONE_CB - HandShakeDoneCb hsDoneCb; /* notify user handshake done */ - void* hsDoneCtx; /* user handshake cb context */ -#endif - WOLFSSL_CIPHER cipher; - hmacfp hmac; - Ciphers encrypt; - Ciphers decrypt; - Buffers buffers; - WOLFSSL_SESSION session; - WOLFSSL_ALERT_HISTORY alert_history; - int error; - int rfd; /* read file descriptor */ - int wfd; /* write file descriptor */ - int rflags; /* user read flags */ - int wflags; /* user write flags */ - word32 timeout; /* session timeout */ - word16 curSize; - RecordLayerHeader curRL; - MsgsReceived msgsReceived; /* peer messages received */ - ProtocolVersion version; /* negotiated version */ - ProtocolVersion chVersion; /* client hello version */ - CipherSpecs specs; - Keys keys; - Options options; -#ifdef OPENSSL_EXTRA - WOLFSSL_BIO* biord; /* socket bio read to free/close */ - WOLFSSL_BIO* biowr; /* socket bio write to free/close */ -#endif -#ifndef NO_RSA - RsaKey* peerRsaKey; - byte peerRsaKeyPresent; -#endif -#ifdef HAVE_NTRU - word16 peerNtruKeyLen; - byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; - byte peerNtruKeyPresent; -#endif -#ifdef HAVE_ECC - ecc_key* peerEccKey; /* peer's ECDHE key */ - ecc_key* peerEccDsaKey; /* peer's ECDSA key */ - ecc_key* eccTempKey; /* private ECDHE key */ - word32 pkCurveOID; /* curve Ecc_Sum */ - word16 eccTempKeySz; /* in octets 20 - 66 */ - byte peerEccKeyPresent; - byte peerEccDsaKeyPresent; - byte eccTempKeyPresent; -#endif -#ifdef HAVE_LIBZ - z_stream c_stream; /* compression stream */ - z_stream d_stream; /* decompression stream */ - byte didStreamInit; /* for stream init and end */ -#endif -#ifdef WOLFSSL_DTLS - int dtls_timeout_init; /* starting timeout vaule */ - int dtls_timeout_max; /* maximum timeout value */ - int dtls_timeout; /* current timeout value, changes */ - DtlsPool* dtls_pool; - DtlsMsg* dtls_msg_list; - void* IOCB_CookieCtx; /* gen cookie ctx */ - word32 dtls_expected_rx; -#endif -#ifdef WOLFSSL_CALLBACKS - HandShakeInfo handShakeInfo; /* info saved during handshake */ - TimeoutInfo timeoutInfo; /* info saved during handshake */ - byte hsInfoOn; /* track handshake info */ - byte toInfoOn; /* track timeout info */ -#endif -#ifdef HAVE_FUZZER - CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ - void* fuzzerCtx; /* user defined pointer */ -#endif -#ifdef KEEP_PEER_CERT - WOLFSSL_X509 peerCert; /* X509 peer cert */ -#endif -#ifdef FORTRESS - void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ -#endif -#ifdef HAVE_CAVIUM - int devId; /* cavium device id to use */ -#endif -#ifdef HAVE_ONE_TIME_AUTH - OneTimeAuth auth; -#endif -#ifdef HAVE_TLS_EXTENSIONS - TLSX* extensions; /* RFC 6066 TLS Extensions data */ - #ifdef HAVE_MAX_FRAGMENT - word16 max_fragment; - #endif - #ifdef HAVE_TRUNCATED_HMAC - byte truncated_hmac; - #endif - #ifdef HAVE_SECURE_RENEGOTIATION - SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ - #endif /* user turned on */ - #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) - CallbackSessionTicket session_ticket_cb; - void* session_ticket_ctx; - byte expect_session_ticket; - #endif -#endif /* HAVE_TLS_EXTENSIONS */ -#ifdef HAVE_NETX - NetX_Ctx nxCtx; /* NetX IO Context */ -#endif -#ifdef SESSION_INDEX - int sessionIndex; /* Session's location in the cache. */ -#endif -#ifdef ATOMIC_USER - void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ - void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ -#endif -#ifdef HAVE_PK_CALLBACKS - #ifdef HAVE_ECC - void* EccSignCtx; /* Ecc Sign Callback Context */ - void* EccVerifyCtx; /* Ecc Verify Callback Context */ - #endif /* HAVE_ECC */ - #ifndef NO_RSA - void* RsaSignCtx; /* Rsa Sign Callback Context */ - void* RsaVerifyCtx; /* Rsa Verify Callback Context */ - void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ - void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ - #endif /* NO_RSA */ -#endif /* HAVE_PK_CALLBACKS */ -#ifdef HAVE_SECRET_CALLBACK - SessionSecretCb sessionSecretCb; - void* sessionSecretCtx; -#endif /* HAVE_SECRET_CALLBACK */ -}; - - -WOLFSSL_LOCAL -int InitSSL(WOLFSSL*, WOLFSSL_CTX*); -WOLFSSL_LOCAL -void FreeSSL(WOLFSSL*); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ - - -enum { - IV_SZ = 32, /* max iv sz */ - NAME_SZ = 80 /* max one line */ -}; - - -typedef struct EncryptedInfo { - char name[NAME_SZ]; /* encryption name */ - byte iv[IV_SZ]; /* encrypted IV */ - word32 ivSz; /* encrypted IV size */ - long consumed; /* tracks PEM bytes consumed */ - byte set; /* if encryption set */ - WOLFSSL_CTX* ctx; /* CTX owner */ -} EncryptedInfo; - - -#ifndef NO_CERTS - WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, - buffer* der, void* heap, EncryptedInfo* info, - int* eccKey); - - WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, - int type, WOLFSSL* ssl, int userChain, - WOLFSSL_CRL* crl); -#endif - - -#ifdef WOLFSSL_CALLBACKS - WOLFSSL_LOCAL - void InitHandShakeInfo(HandShakeInfo*); - WOLFSSL_LOCAL - void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*); - WOLFSSL_LOCAL - void AddPacketName(const char*, HandShakeInfo*); - - WOLFSSL_LOCAL - void InitTimeoutInfo(TimeoutInfo*); - WOLFSSL_LOCAL - void FreeTimeoutInfo(TimeoutInfo*, void*); - WOLFSSL_LOCAL - void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); - WOLFSSL_LOCAL - void AddLateName(const char*, TimeoutInfo*); - WOLFSSL_LOCAL - void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); -#endif - - -/* Record Layer Header identifier from page 12 */ -enum ContentType { - no_type = 0, - change_cipher_spec = 20, - alert = 21, - handshake = 22, - application_data = 23 -}; - - -/* handshake header, same for each message type, pgs 20/21 */ -typedef struct HandShakeHeader { - byte type; - word24 length; -} HandShakeHeader; - - -/* DTLS handshake header, same for each message type */ -typedef struct DtlsHandShakeHeader { - byte type; - word24 length; - byte message_seq[2]; /* start at 0, restransmit gets same # */ - word24 fragment_offset; /* bytes in previous fragments */ - word24 fragment_length; /* length of this fragment */ -} DtlsHandShakeHeader; - - -enum HandShakeType { - no_shake = -1, - hello_request = 0, - client_hello = 1, - server_hello = 2, - hello_verify_request = 3, /* DTLS addition */ - session_ticket = 4, - certificate = 11, - server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20, - certificate_status = 22, - change_cipher_hs = 55 /* simulate unique handshake type for sanity - checks. record layer change_cipher - conflicts with handshake finished */ -}; - - -static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; -static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; - -static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; -static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; - - -/* internal functions */ -WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); -WOLFSSL_LOCAL int SendTicket(WOLFSSL*); -WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); -WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); -WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); -WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); -WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); -WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); -WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); -WOLFSSL_LOCAL int SendFinished(WOLFSSL*); -WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); -WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); - -WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); -WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); - -WOLFSSL_LOCAL int AddSession(WOLFSSL*); -WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); -WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); - -WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); -WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); - -WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); -WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); -WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); - -WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); -#ifndef NO_CERTS - WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); - #ifndef NO_SKID - WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); - #endif -#endif -WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, - const byte* sender); -WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); -WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); -WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); - -#ifndef NO_TLS - WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); - WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); -#endif - -#ifndef NO_WOLFSSL_CLIENT - WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); - WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); - WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); -#endif /* NO_WOLFSSL_CLIENT */ - -#ifndef NO_WOLFSSL_SERVER - WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); - WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); - #ifdef WOLFSSL_DTLS - WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL*); - #endif -#endif /* NO_WOLFSSL_SERVER */ - -#ifdef WOLFSSL_DTLS - WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*); - WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL*, const byte*, int); - WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*); - WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*); - WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*); - - WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); - WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); - WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); - WOLFSSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, - word32, word32); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, - byte, word32, word32, void*); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); -#endif /* WOLFSSL_DTLS */ - -#ifndef NO_TLS - - -#endif /* NO_TLS */ - - -WOLFSSL_LOCAL word32 LowResTimer(void); - -WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); -WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); -WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); -WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); -#ifndef NO_CERTS - WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); -#endif - -/* used by ssl.c and wolfssl_int.c */ -WOLFSSL_LOCAL void c32to24(word32 in, word24 out); - -WOLFSSL_LOCAL const char* const* GetCipherNames(void); -WOLFSSL_LOCAL int GetCipherNamesSize(void); - - -enum encrypt_side { - ENCRYPT_SIDE_ONLY = 1, - DECRYPT_SIDE_ONLY, - ENCRYPT_AND_DECRYPT_SIDE -}; - -WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); - - -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* wolfSSL_INT_H */ - +/* internal.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as wolfSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef WOLFSSL_INT_H +#define WOLFSSL_INT_H + + +#include <wolfssl/wolfcrypt/types.h> +#include <wolfssl/ssl.h> +#ifdef HAVE_CRL + #include <wolfssl/crl.h> +#endif +#include <wolfssl/wolfcrypt/random.h> +#ifndef NO_DES3 + #include <wolfssl/wolfcrypt/des3.h> +#endif +#ifndef NO_HC128 + #include <wolfssl/wolfcrypt/hc128.h> +#endif +#ifndef NO_RABBIT + #include <wolfssl/wolfcrypt/rabbit.h> +#endif +#ifdef HAVE_CHACHA + #include <wolfssl/wolfcrypt/chacha.h> +#endif +#ifndef NO_ASN + #include <wolfssl/wolfcrypt/asn.h> +#endif +#ifndef NO_MD5 + #include <wolfssl/wolfcrypt/md5.h> +#endif +#ifndef NO_SHA + #include <wolfssl/wolfcrypt/sha.h> +#endif +#ifndef NO_AES + #include <wolfssl/wolfcrypt/aes.h> +#endif +#ifdef HAVE_POLY1305 + #include <wolfssl/wolfcrypt/poly1305.h> +#endif +#ifdef HAVE_CAMELLIA + #include <wolfssl/wolfcrypt/camellia.h> +#endif +#include <wolfssl/wolfcrypt/logging.h> +#ifndef NO_HMAC + #include <wolfssl/wolfcrypt/hmac.h> +#endif +#ifndef NO_RC4 + #include <wolfssl/wolfcrypt/arc4.h> +#endif +#ifdef HAVE_ECC + #include <wolfssl/wolfcrypt/ecc.h> +#endif +#ifndef NO_SHA256 + #include <wolfssl/wolfcrypt/sha256.h> +#endif +#ifdef HAVE_OCSP + #include <wolfssl/ocsp.h> +#endif +#ifdef WOLFSSL_SHA512 + #include <wolfssl/wolfcrypt/sha512.h> +#endif + +#ifdef HAVE_AESGCM + #include <wolfssl/wolfcrypt/sha512.h> +#endif + +#ifdef WOLFSSL_RIPEMD + #include <wolfssl/wolfcrypt/ripemd.h> +#endif + +#include <wolfssl/wolfcrypt/hash.h> + +#ifdef WOLFSSL_CALLBACKS + #include <wolfssl/callbacks.h> + #include <signal.h> +#endif + +#ifdef USE_WINDOWS_API + #ifdef WOLFSSL_GAME_BUILD + #include "system/xtl.h" + #else + #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) + /* On WinCE winsock2.h must be included before windows.h */ + #include <winsock2.h> + #endif + #include <windows.h> + #endif +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #include "tx_api.h" + #endif +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#elif defined(FREERTOS) || defined(WOLFSSL_SAFERTOS) + /* do nothing */ +#elif defined(EBSNET) + /* do nothing */ +#elif defined(FREESCALE_MQX) + /* do nothing */ +#elif defined(WOLFSSL_MDK_ARM) + #if defined(WOLFSSL_MDK5) + #include "cmsis_os.h" + #else + #include <rtl.h> + #endif +#elif defined(MBED)|| defined(WOLFSSL_CMSIS_RTOS) + /* do nothing */ +#elif defined(WOLFSSL_TIRTOS) + /* do nothing */ +#else + #ifndef SINGLE_THREADED + #define WOLFSSL_PTHREADS + #include <pthread.h> + #endif + #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) + #include <unistd.h> /* for close of BIO */ + #endif +#endif + + +#ifdef HAVE_LIBZ + #include "zlib.h" +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef NO_AES + #if !defined (ALIGN16) + #define ALIGN16 + #endif +#endif + +#ifdef NO_SHA + #define SHA_DIGEST_SIZE 20 +#endif + +#ifdef NO_SHA256 + #define SHA256_DIGEST_SIZE 32 +#endif + +#ifdef NO_MD5 + #define MD5_DIGEST_SIZE 16 +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef USE_WINDOWS_API + typedef unsigned int SOCKET_T; +#else + typedef int SOCKET_T; +#endif + + +typedef byte word24[3]; + +/* Define or comment out the cipher suites you'd like to be compiled in + make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined + + When adding cipher suites, add name to cipher_names, idx to cipher_name_idx + + Now that there is a maximum strength crypto build, the following BUILD_XXX + flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH. + Those that do not use Perfect Forward Security and do not use AEAD ciphers + need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or + CHACHA-POLY. +*/ + +/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are + * not turned off. */ +#if defined(WOLFSSL_MAX_STRENGTH) && \ + ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \ + (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \ + (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \ + (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \ + !defined(NO_OLD_TLS)) + + #error "You are trying to build max strength with requirements disabled." +#endif + +#ifndef WOLFSSL_MAX_STRENGTH + + #if !defined(NO_RSA) && !defined(NO_RC4) + #if !defined(NO_SHA) + #define BUILD_SSL_RSA_WITH_RC4_128_SHA + #endif + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif + #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) + #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA + #endif + #endif + + #if !defined(NO_RSA) && !defined(NO_DES3) + #if !defined(NO_SHA) + #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #if !defined(NO_TLS) && defined(HAVE_NTRU) + #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA + #endif + #endif + #endif + + #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #if defined(HAVE_NTRU) + #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA + #endif + #endif + #if !defined (NO_SHA256) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif + #if defined (HAVE_AESGCM) + #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 + #if defined (WOLFSSL_SHA384) + #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #if defined (HAVE_AESCCM) + #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 + #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + #endif + #endif + + #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) + #ifndef NO_RSA + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #if !defined(NO_DH) + #if !defined(NO_SHA) + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #endif + #endif + #endif + + #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) + #if !defined(NO_SHA) + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + #endif + #ifdef HAVE_AESCCM + #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_128_CCM + #define BUILD_TLS_PSK_WITH_AES_256_CCM + #endif + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif + + #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) + #if !defined(NO_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #endif + #endif + #if !defined(NO_PSK) + #if !defined(NO_SHA) + #define BUILD_TLS_PSK_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_PSK_WITH_NULL_SHA256 + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_PSK_WITH_NULL_SHA384 + #endif + #endif + #endif + + #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) + #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_HC_128_SHA + #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_HC_128_B2B256 + #endif + #endif + + #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_RABBIT_SHA + #endif + #endif + + #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) + + #if !defined(NO_SHA) + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #endif + #if !defined(NO_SHA256) + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + #endif + #endif + + #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ + !defined(NO_AES) && !defined(NO_SHA) + #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA + #endif + + #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + #endif + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + #endif + #endif + #endif + + #if defined(HAVE_ECC) && !defined(NO_TLS) + #if !defined(NO_AES) + #if !defined(NO_SHA) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif + + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif /* NO_SHA */ + #ifndef NO_SHA256 + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #endif + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #endif + + #ifdef WOLFSSL_SHA384 + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #endif + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #endif + + #if defined (HAVE_AESGCM) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #if defined(WOLFSSL_SHA384) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + + #if defined(WOLFSSL_SHA384) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif /* NO_AES */ + #if !defined(NO_RC4) + #if !defined(NO_SHA) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #endif + + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #endif + #endif + #if !defined(NO_DES3) + #ifndef NO_SHA + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #endif + + #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif /* NO_SHA */ + #endif + #endif + +#endif /* !WOLFSSL_MAX_STRENGTH */ + +#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) && defined(HAVE_AESGCM) + + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + #endif + + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + #endif +#endif + +#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) + #ifndef NO_SHA256 + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + #endif + #ifdef HAVE_AESCCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #endif + #endif + #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) + #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + #endif +#endif + +#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) + #ifdef HAVE_AESGCM + #ifndef NO_SHA256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + #endif + #endif + #ifdef WOLFSSL_SHA384 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #endif + #if defined(HAVE_AESCCM) && !defined(NO_SHA256) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #endif +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) + #ifdef HAVE_ECC + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif + #if !defined(NO_DH) && !defined(NO_RSA) + #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + #endif +#endif + + +#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ + defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) + #define BUILD_ARC4 +#endif + +#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) + #define BUILD_DES3 +#endif + +#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ + defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + #undef BUILD_AES + #define BUILD_AES +#endif + +#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) + #define BUILD_AESGCM +#endif + +#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \ + defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \ + defined(BUILD_TLS_RSA_WITH_HC_128_B2B256) + #define BUILD_HC128 +#endif + +#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA) + #define BUILD_RABBIT +#endif + +#ifdef NO_DES3 + #define DES_BLOCK_SIZE 8 +#else + #undef BUILD_DES3 + #define BUILD_DES3 +#endif + +#ifdef NO_AES + #define AES_BLOCK_SIZE 16 +#else + #undef BUILD_AES + #define BUILD_AES +#endif + +#ifndef NO_RC4 + #undef BUILD_ARC4 + #define BUILD_ARC4 +#endif + +#ifdef HAVE_CHACHA + #define CHACHA20_BLOCK_SIZE 16 +#endif + +#if defined(WOLFSSL_MAX_STRENGTH) || \ + defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + + #define HAVE_AEAD +#endif + +#if defined(WOLFSSL_MAX_STRENGTH) || \ + defined(HAVE_ECC) || !defined(NO_DH) + + #define HAVE_PFS +#endif + + +/* actual cipher values, 2nd byte */ +enum { + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, + TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, + TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + TLS_RSA_WITH_NULL_SHA = 0x02, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, + TLS_PSK_WITH_NULL_SHA256 = 0xb0, + TLS_PSK_WITH_NULL_SHA384 = 0xb1, + TLS_PSK_WITH_NULL_SHA = 0x2c, + SSL_RSA_WITH_RC4_128_SHA = 0x05, + SSL_RSA_WITH_RC4_128_MD5 = 0x04, + SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, + + /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, + + /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04, + TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, + + /* wolfSSL extension - eSTREAM */ + TLS_RSA_WITH_HC_128_MD5 = 0xFB, + TLS_RSA_WITH_HC_128_SHA = 0xFC, + TLS_RSA_WITH_RABBIT_SHA = 0xFD, + + /* wolfSSL extension - Blake2b 256 */ + TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, + TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, + TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */ + + /* wolfSSL extension - NTRU */ + TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, + TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, + + /* SHA256 */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, + TLS_RSA_WITH_NULL_SHA256 = 0x3b, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, + + /* SHA384 */ + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, + + /* AES-GCM */ + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, + + /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32, + + /* AES-CCM, first byte is 0xC0 but isn't ECC, + * also, in some of the other AES-CCM suites + * there will be second byte number conflicts + * with non-ECC AES-GCM */ + TLS_RSA_WITH_AES_128_CCM_8 = 0xa0, + TLS_RSA_WITH_AES_256_CCM_8 = 0xa1, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf, + TLS_PSK_WITH_AES_128_CCM = 0xa4, + TLS_PSK_WITH_AES_256_CCM = 0xa5, + TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, + TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, + TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, + + /* Camellia */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, + + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15, + + /* Renegotiation Indication Extension Special Suite */ + TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff +}; + + +#ifndef WOLFSSL_SESSION_TIMEOUT + #define WOLFSSL_SESSION_TIMEOUT 500 + /* default session resumption cache timeout in seconds */ +#endif + + +enum Misc { + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */ + + SEND_CERT = 1, + SEND_BLANK_CERT = 2, + + DTLS_MAJOR = 0xfe, /* DTLS major version number */ + DTLS_MINOR = 0xff, /* DTLS minor version number */ + DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ + SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ + SSLv3_MINOR = 0, /* TLSv1 minor version number */ + TLSv1_MINOR = 1, /* TLSv1 minor version number */ + TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ + TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ + OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ + INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ + NO_COMPRESSION = 0, + ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */ + HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */ + SECRET_LEN = 48, /* pre RSA and all master */ + ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ + SIZEOF_SENDER = 4, /* clnt or srvr */ + FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */ + MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ + MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE, + /* max added to msg, mac + pad from */ + /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max + digest sz + BLOC_SZ (iv) + pad byte (1) */ + MAX_COMP_EXTRA = 1024, /* max compression extra */ + MAX_MTU = 1500, /* max expected MTU */ + MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ + MAX_DH_SZ = 1036, /* 4096 p, pub, g + 2 byte size for each */ + MAX_STR_VERSION = 8, /* string rep of protocol version */ + + PAD_MD5 = 48, /* pad length for finished */ + PAD_SHA = 40, /* pad length for finished */ + MAX_PAD_SIZE = 256, /* maximum length of padding */ + COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ + COMPRESS_CONSTANT = 13, /* compression calc constant */ + COMPRESS_UPPER = 55, /* compression calc numerator */ + COMPRESS_LOWER = 64, /* compression calc denominator */ + + PEM_LINE_LEN = 80, /* PEM line max + fudge */ + LENGTH_SZ = 2, /* length field for HMAC, data only */ + VERSION_SZ = 2, /* length of proctocol version */ + SEQ_SZ = 8, /* 64 bit sequence number */ + BYTE3_LEN = 3, /* up to 24 bit byte lengths */ + ALERT_SIZE = 2, /* level + description */ + VERIFY_HEADER = 2, /* always use 2 bytes */ + EXT_ID_SZ = 2, /* always use 2 bytes */ + MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ + SESSION_HINT_SZ = 4, /* session timeout hint */ + + MAX_SUITE_SZ = 200, /* 100 suites for now! */ + RAN_LEN = 32, /* random length */ + SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ + ID_LEN = 32, /* session id length */ + MAX_COOKIE_LEN = 32, /* max dtls cookie size */ + COOKIE_SZ = 20, /* use a 20 byte cookie */ + SUITE_LEN = 2, /* cipher suite sz length */ + ENUM_LEN = 1, /* always a byte */ + OPAQUE8_LEN = 1, /* 1 byte */ + OPAQUE16_LEN = 2, /* 2 bytes */ + OPAQUE24_LEN = 3, /* 3 bytes */ + OPAQUE32_LEN = 4, /* 4 bytes */ + COMP_LEN = 1, /* compression length */ + CURVE_LEN = 2, /* ecc named curve length */ + SERVER_ID_LEN = 20, /* server session id length */ + + HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + RECORD_HEADER_SZ = 5, /* type + version + len(2) */ + CERT_HEADER_SZ = 3, /* always 3 bytes */ + REQ_HEADER_SZ = 2, /* cert request header sz */ + HINT_LEN_SZ = 2, /* length of hint size field */ + TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */ + HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */ + HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ + HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ + HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ + HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ + + DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ + DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ + DTLS_RECORD_EXTRA = 8, /* diff from normal */ + DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */ + DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */ + DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */ + + FINISHED_LABEL_SZ = 15, /* TLS finished label size */ + TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ + MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ + KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ + MAX_PRF_HALF = 256, /* Maximum half secret len */ + MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ + MAX_PRF_DIG = 224, /* Maximum digest len */ + MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ + SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + + RC4_KEY_SIZE = 16, /* always 128bit */ + DES_KEY_SIZE = 8, /* des */ + DES3_KEY_SIZE = 24, /* 3 des ede */ + DES_IV_SIZE = DES_BLOCK_SIZE, + AES_256_KEY_SIZE = 32, /* for 256 bit */ + AES_192_KEY_SIZE = 24, /* for 192 bit */ + AES_IV_SIZE = 16, /* always block size */ + AES_128_KEY_SIZE = 16, /* for 128 bit */ + + AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ + AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ + AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */ + AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */ + AEAD_LEN_OFFSET = 11, /* Auth Data: Length */ + AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */ + AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */ + AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */ + AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ, + + AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */ + AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */ + AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */ + + CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ + CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ + CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ + CAMELLIA_IV_SIZE = 16, /* always block size */ + + CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */ + CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */ + CHACHA20_IV_SIZE = 8, /* 64 bits for iv */ + + POLY1305_AUTH_SZ = 16, /* 128 bits */ + + HC_128_KEY_SIZE = 16, /* 128 bits */ + HC_128_IV_SIZE = 16, /* also 128 bits */ + + RABBIT_KEY_SIZE = 16, /* 128 bits */ + RABBIT_IV_SIZE = 8, /* 64 bits for iv */ + + EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ + + ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ + MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ + + MAX_HELLO_SZ = 128, /* max client or server hello */ + MAX_CERT_VERIFY_SZ = 1024, /* max */ + CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ + MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ + + DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */ + DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */ + DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ + + MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ + MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + + MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ + +#ifdef FORTRESS + MAX_EX_DATA = 3, /* allow for three items of ex_data */ +#endif + + MAX_X509_SIZE = 2048, /* max static x509 buffer size */ + CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ + MAX_FILENAME_SZ = 256, /* max file name length */ + FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, + will use dynamic buffer if not big enough */ + + MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_BITS = 256, /* max symmetric bit strength */ + NO_SNIFF = 0, /* not sniffing */ + SNIFF = 1, /* currently sniffing */ + + HASH_SIG_SIZE = 2, /* default SHA1 RSA */ + + NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ + + NO_COPY = 0, /* should we copy static buffer for write */ + COPY = 1 /* should we copy static buffer for write */ +}; + + +#ifndef WOLFSSL_MIN_DHKEY_BITS + #ifdef WOLFSSL_MAX_STRENGTH + #define WOLFSSL_MIN_DHKEY_BITS 2048 + #else + #define WOLFSSL_MIN_DHKEY_BITS 1024 + #endif +#endif +#if (WOLFSSL_MIN_DHKEY_BITS % 8) + #error DH minimum bit size must be multiple of 8 +#endif +#if (WOLFSSL_MIN_DHKEY_BITS > 16000) + #error DH minimum bit size must not be greater than 16000 +#endif +#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8) + + +#ifdef SESSION_INDEX +/* Shift values for making a session index */ +#define SESSIDX_ROW_SHIFT 4 +#define SESSIDX_IDX_MASK 0x0F +#endif + + +/* max cert chain peer depth */ +#ifndef MAX_CHAIN_DEPTH + #define MAX_CHAIN_DEPTH 9 +#endif + +#ifndef SESSION_TICKET_LEN + #define SESSION_TICKET_LEN 256 +#endif + +#ifndef SESSION_TICKET_HINT_DEFAULT + #define SESSION_TICKET_HINT_DEFAULT 300 +#endif + + +/* don't use extra 3/4k stack space unless need to */ +#ifdef HAVE_NTRU + #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ +#else + #define MAX_ENCRYPT_SZ ENCRYPT_LEN +#endif + + +/* states */ +enum states { + NULL_STATE = 0, + + SERVER_HELLOVERIFYREQUEST_COMPLETE, + SERVER_HELLO_COMPLETE, + SERVER_CERT_COMPLETE, + SERVER_KEYEXCHANGE_COMPLETE, + SERVER_HELLODONE_COMPLETE, + SERVER_FINISHED_COMPLETE, + + CLIENT_HELLO_COMPLETE, + CLIENT_KEYEXCHANGE_COMPLETE, + CLIENT_FINISHED_COMPLETE, + + HANDSHAKE_DONE +}; + + +#if defined(__GNUC__) + #define WOLFSSL_PACK __attribute__ ((packed)) +#else + #define WOLFSSL_PACK +#endif + +/* SSL Version */ +typedef struct ProtocolVersion { + byte major; + byte minor; +} WOLFSSL_PACK ProtocolVersion; + + +WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void); +WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void); + +#ifdef WOLFSSL_DTLS + WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void); + WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); +#endif + + +enum BIO_TYPE { + BIO_BUFFER = 1, + BIO_SOCKET = 2, + BIO_SSL = 3, + BIO_MEMORY = 4 +}; + + +/* wolfSSL BIO_METHOD type */ +struct WOLFSSL_BIO_METHOD { + byte type; /* method type */ +}; + + +/* wolfSSL BIO type */ +struct WOLFSSL_BIO { + byte type; /* method type */ + byte close; /* close flag */ + byte eof; /* eof flag */ + WOLFSSL* ssl; /* possible associated ssl */ + byte* mem; /* memory buffer */ + int memLen; /* memory buffer length */ + int fd; /* possible file descriptor */ + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ +}; + + +/* wolfSSL method type */ +struct WOLFSSL_METHOD { + ProtocolVersion version; + byte side; /* connection side, server or client */ + byte downgrade; /* whether to downgrade version, default no */ +}; + + +/* defautls to client */ +WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion); + +/* for sniffer */ +WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 size, word32 totalSz, int sniff); +WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); + + +/* wolfSSL buffer type */ +typedef struct buffer { + byte* buffer; + word32 length; +} buffer; + + +enum { + FORCED_FREE = 1, + NO_FORCED_FREE = 0 +}; + + +/* only use compression extra if using compression */ +#ifdef HAVE_LIBZ + #define COMP_EXTRA MAX_COMP_EXTRA +#else + #define COMP_EXTRA 0 +#endif + +/* only the sniffer needs space in the buffer for extra MTU record(s) */ +#ifdef WOLFSSL_SNIFFER + #define MTU_EXTRA MAX_MTU * 3 +#else + #define MTU_EXTRA 0 +#endif + + +/* embedded callbacks require large static buffers, make sure on */ +#ifdef WOLFSSL_CALLBACKS + #undef LARGE_STATIC_BUFFERS + #define LARGE_STATIC_BUFFERS +#endif + + +/* give user option to use 16K static buffers */ +#if defined(LARGE_STATIC_BUFFERS) + #define RECORD_SIZE MAX_RECORD_SIZE +#else + #ifdef WOLFSSL_DTLS + #define RECORD_SIZE MAX_MTU + #else + #define RECORD_SIZE 128 + #endif +#endif + + +/* user option to turn off 16K output option */ +/* if using small static buffers (default) and SSL_write tries to write data + larger than the record we have, dynamically get it, unless user says only + write in static buffer chuncks */ +#ifndef STATIC_CHUNKS_ONLY + #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE +#else + #define OUTPUT_RECORD_SIZE RECORD_SIZE +#endif + +/* wolfSSL input buffer + + RFC 2246: + + length + The length (in bytes) of the following TLSPlaintext.fragment. + The length should not exceed 2^14. +*/ +#if defined(LARGE_STATIC_BUFFERS) + #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ + MTU_EXTRA + MAX_MSG_EXTRA +#else + /* don't fragment memory from the record header */ + #define STATIC_BUFFER_LEN RECORD_HEADER_SZ +#endif + +typedef struct { + ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; + byte* buffer; /* place holder for static or dynamic buffer */ + word32 length; /* total buffer length used */ + word32 idx; /* idx to part of length already consumed */ + word32 bufferSize; /* current buffer size */ + byte dynamicFlag; /* dynamic memory currently in use */ + byte offset; /* alignment offset attempt */ +} bufferStatic; + +/* Cipher Suites holder */ +typedef struct Suites { + word16 suiteSz; /* suite length in bytes */ + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + byte suites[MAX_SUITE_SZ]; + byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ + byte setSuites; /* user set suites from default */ + byte hashAlgo; /* selected hash algorithm */ + byte sigAlgo; /* selected sig algorithm */ +} Suites; + + +WOLFSSL_LOCAL +void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16, + word16, word16, int); +WOLFSSL_LOCAL +int SetCipherList(Suites*, const char* list); + +#ifndef PSK_TYPES_DEFINED + typedef unsigned int (*psk_client_callback)(WOLFSSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + typedef unsigned int (*psk_server_callback)(WOLFSSL*, const char*, + unsigned char*, unsigned int); +#endif /* PSK_TYPES_DEFINED */ + + +#ifdef HAVE_NETX + WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); + WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx); +#endif /* HAVE_NETX */ + + +/* wolfSSL Cipher type just points back to SSL */ +struct WOLFSSL_CIPHER { + WOLFSSL* ssl; +}; + + +typedef struct OCSP_Entry OCSP_Entry; + +#ifdef NO_SHA + #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE +#else + #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE +#endif + +#ifdef NO_ASN + /* no_asn won't have */ + typedef struct CertStatus CertStatus; +#endif + +struct OCSP_Entry { + OCSP_Entry* next; /* next entry */ + byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ + byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ + CertStatus* status; /* OCSP response list */ + int totalStatus; /* number on list */ +}; + + +#ifndef HAVE_OCSP + typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; +#endif + +/* wolfSSL OCSP controller */ +struct WOLFSSL_OCSP { + WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ + OCSP_Entry* ocspList; /* OCSP response list */ + wolfSSL_Mutex ocspLock; /* OCSP list lock */ +}; + +#ifndef MAX_DATE_SIZE +#define MAX_DATE_SIZE 32 +#endif + +typedef struct CRL_Entry CRL_Entry; + +#ifdef NO_SHA + #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE +#else + #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE +#endif + +#ifdef NO_ASN + typedef struct RevokedCert RevokedCert; +#endif + +/* Complete CRL */ +struct CRL_Entry { + CRL_Entry* next; /* next entry */ + byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ + /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ + /* restore the hash here if needed for optimized comparisons */ + byte lastDate[MAX_DATE_SIZE]; /* last date updated */ + byte nextDate[MAX_DATE_SIZE]; /* next update date */ + byte lastDateFormat; /* last date format */ + byte nextDateFormat; /* next date format */ + RevokedCert* certs; /* revoked cert list */ + int totalCerts; /* number on list */ +}; + + +typedef struct CRL_Monitor CRL_Monitor; + +/* CRL directory monitor */ +struct CRL_Monitor { + char* path; /* full dir path, if valid pointer we're using */ + int type; /* PEM or ASN1 type */ +}; + + +#ifndef HAVE_CRL + typedef struct WOLFSSL_CRL WOLFSSL_CRL; +#endif + +/* wolfSSL CRL controller */ +struct WOLFSSL_CRL { + WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ + CRL_Entry* crlList; /* our CRL list */ + wolfSSL_Mutex crlLock; /* CRL list lock */ + CRL_Monitor monitors[2]; /* PEM and DER possible */ +#ifdef HAVE_CRL_MONITOR + pthread_t tid; /* monitoring thread */ + int mfd; /* monitor fd, -1 if no init yet */ +#endif +}; + + +#ifdef NO_ASN + typedef struct Signer Signer; +#endif + + +#ifndef CA_TABLE_SIZE + #define CA_TABLE_SIZE 11 +#endif +/* wolfSSL Certificate Manager */ +struct WOLFSSL_CERT_MANAGER { + Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */ + void* heap; /* heap helper */ + WOLFSSL_CRL* crl; /* CRL checker */ + WOLFSSL_OCSP* ocsp; /* OCSP checker */ + char* ocspOverrideURL; /* use this responder */ + void* ocspIOCtx; /* I/O callback CTX */ + CallbackCACache caCacheCallback; /* CA cache addition callback */ + CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ + CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ + CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ + wolfSSL_Mutex caLock; /* CA list lock */ + byte crlEnabled; /* is CRL on ? */ + byte crlCheckAll; /* always leaf, but all ? */ + byte ocspEnabled; /* is OCSP on ? */ + byte ocspCheckAll; /* always leaf, but all ? */ + byte ocspSendNonce; /* send the OCSP nonce ? */ + byte ocspUseOverrideURL; /* ignore cert's responder, override */ +}; + +WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); +WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*); +WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*); +WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int); +WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*); + +/* wolfSSL Sock Addr */ +struct WOLFSSL_SOCKADDR { + unsigned int sz; /* sockaddr size */ + void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */ +}; + +typedef struct WOLFSSL_DTLS_CTX { + WOLFSSL_SOCKADDR peer; + int fd; +} WOLFSSL_DTLS_CTX; + + +#ifdef WOLFSSL_DTLS + + #ifdef WORD64_AVAILABLE + typedef word64 DtlsSeq; + #else + typedef word32 DtlsSeq; + #endif + #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT) + + typedef struct DtlsState { + DtlsSeq window; /* Sliding window for current epoch */ + word16 nextEpoch; /* Expected epoch in next record */ + word32 nextSeq; /* Expected sequence in next record */ + + word16 curEpoch; /* Received epoch in current record */ + word32 curSeq; /* Received sequence in current record */ + + DtlsSeq prevWindow; /* Sliding window for old epoch */ + word32 prevSeq; /* Next sequence in allowed old epoch */ + } DtlsState; + +#endif /* WOLFSSL_DTLS */ + + +/* keys and secrets */ +typedef struct Keys { + byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */ + byte server_write_MAC_secret[MAX_DIGEST_SIZE]; + byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ + byte server_write_key[AES_256_KEY_SIZE]; + byte client_write_IV[AES_IV_SIZE]; /* max sizes */ + byte server_write_IV[AES_IV_SIZE]; +#ifdef HAVE_AEAD + byte aead_exp_IV[AEAD_EXP_IV_SZ]; + byte aead_enc_imp_IV[AEAD_IMP_IV_SZ]; + byte aead_dec_imp_IV[AEAD_IMP_IV_SZ]; +#endif + + word32 peer_sequence_number; + word32 sequence_number; + +#ifdef WOLFSSL_DTLS + DtlsState dtls_state; /* Peer's state */ + word16 dtls_peer_handshake_number; + word16 dtls_expected_peer_handshake_number; + + word16 dtls_epoch; /* Current tx epoch */ + word32 dtls_sequence_number; /* Current tx sequence */ + word16 dtls_handshake_number; /* Current tx handshake seq */ +#endif + + word32 encryptSz; /* last size of encrypted data */ + word32 padSz; /* how much to advance after decrypt part */ + byte encryptionOn; /* true after change cipher spec */ + byte decryptedCur; /* only decrypt current record once */ +} Keys; + + + +/* RFC 6066 TLS Extensions */ +#ifdef HAVE_TLS_EXTENSIONS + +typedef enum { + SERVER_NAME_INDICATION = 0x0000, + MAX_FRAGMENT_LENGTH = 0x0001, + TRUNCATED_HMAC = 0x0004, + ELLIPTIC_CURVES = 0x000a, + SESSION_TICKET = 0x0023, + SECURE_RENEGOTIATION = 0xff01 +} TLSX_Type; + +typedef struct TLSX { + TLSX_Type type; /* Extension Type */ + void* data; /* Extension Data */ + byte resp; /* IsResponse Flag */ + struct TLSX* next; /* List Behavior */ +} TLSX; + +WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); +WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list); +WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); + +#ifndef NO_WOLFSSL_CLIENT +WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl); +WOLFSSL_LOCAL word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output); +#endif + +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL word16 TLSX_GetResponseSize(WOLFSSL* ssl); +WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output); +#endif + +WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, + byte isRequest, Suites *suites); + +#elif defined(HAVE_SNI) \ + || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUNCATED_HMAC) \ + || defined(HAVE_SUPPORTED_CURVES) \ + || defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SESSION_TICKET) + +#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. + +#endif /* HAVE_TLS_EXTENSIONS */ + +/* Server Name Indication */ +#ifdef HAVE_SNI + +typedef struct SNI { + byte type; /* SNI Type */ + union { char* host_name; } data; /* SNI Data */ + struct SNI* next; /* List Behavior */ +#ifndef NO_WOLFSSL_SERVER + byte options; /* Behaviour options */ + byte status; /* Matching result */ +#endif +} SNI; + +WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, + word16 size); + +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, + byte options); +WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); +WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, + void** data); +WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz, + byte type, byte* sni, word32* inOutSz); +#endif + +#endif /* HAVE_SNI */ + +/* Maximum Fragment Length */ +#ifdef HAVE_MAX_FRAGMENT + +WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); + +#endif /* HAVE_MAX_FRAGMENT */ + +#ifdef HAVE_TRUNCATED_HMAC + +WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); + +#endif /* HAVE_TRUNCATED_HMAC */ + +#ifdef HAVE_SUPPORTED_CURVES + +typedef struct EllipticCurve { + word16 name; /* CurveNames */ + struct EllipticCurve* next; /* List Behavior */ +} EllipticCurve; + +WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); + +#ifndef NO_WOLFSSL_SERVER +WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, + byte second); +#endif + +#endif /* HAVE_SUPPORTED_CURVES */ + +#ifdef HAVE_SECURE_RENEGOTIATION + +enum key_cache_state { + SCR_CACHE_NULL = 0, /* empty / begin state */ + SCR_CACHE_NEEDED, /* need to cache keys */ + SCR_CACHE_COPY, /* we have a cached copy */ + SCR_CACHE_PARTIAL, /* partial restore to real keys */ + SCR_CACHE_COMPLETE /* complete restore to real keys */ +}; + + +/* Additional Conection State according to rfc5746 section 3.1 */ +typedef struct SecureRenegotiation { + byte enabled; /* secure_renegotiation flag in rfc */ + byte startScr; /* server requested client to start scr */ + enum key_cache_state cache_status; /* track key cache state */ + byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ + byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ + byte subject_hash[SHA_DIGEST_SIZE]; /* peer cert hash */ + Keys tmp_keys; /* can't overwrite real keys yet */ +} SecureRenegotiation; + +WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions); + +#endif /* HAVE_SECURE_RENEGOTIATION */ + +#ifdef HAVE_SESSION_TICKET + +typedef struct SessionTicket { + word32 lifetime; + byte* data; + word16 size; +} SessionTicket; + +WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, + SessionTicket* ticket); +WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, + byte* data, word16 size); +WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket); +#endif /* HAVE_SESSION_TICKET */ + +/* wolfSSL context type */ +struct WOLFSSL_CTX { + WOLFSSL_METHOD* method; + wolfSSL_Mutex countMutex; /* reference count mutex */ + int refCount; /* reference count */ +#ifndef NO_DH + buffer serverDH_P; + buffer serverDH_G; +#endif +#ifndef NO_CERTS + buffer certificate; + buffer certChain; + /* chain after self, in DER, with leading size for each cert */ + buffer privateKey; + WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ +#endif + Suites* suites; /* make dynamic, user may not need/set */ + void* heap; /* for user memory overrides */ + byte verifyPeer; + byte verifyNone; + byte failNoCert; + byte sessionCacheOff; + byte sessionCacheFlushOff; + byte sendVerify; /* for client side */ + byte haveRSA; /* RSA available */ + byte haveDH; /* server DH parms set by user */ + byte haveNTRU; /* server private NTRU key loaded */ + byte haveECDSAsig; /* server cert signed w/ ECDSA */ + byte haveStaticECC; /* static server ECC private key */ + byte partialWrite; /* only one msg per write call */ + byte quietShutdown; /* don't send close notify */ + byte groupMessages; /* group handshake messages before sending */ + byte minDowngrade; /* minimum downgrade version */ +#ifndef NO_DH + word16 minDhKeySz; /* minimum DH key size */ +#endif + CallbackIORecv CBIORecv; + CallbackIOSend CBIOSend; +#ifdef WOLFSSL_DTLS + CallbackGenCookie CBIOCookie; /* gen cookie callback */ +#endif + VerifyCallback verifyCallback; /* cert verification callback */ + word32 timeout; /* session timeout */ +#ifdef HAVE_ECC + word16 eccTempKeySz; /* in octets 20 - 66 */ + word32 pkCurveOID; /* curve Ecc_Sum */ +#endif +#ifndef NO_PSK + byte havePSK; /* psk key set by user */ + psk_client_callback client_psk_cb; /* client callback */ + psk_server_callback server_psk_cb; /* server callback */ + char server_hint[MAX_PSK_ID_LEN]; +#endif /* NO_PSK */ +#ifdef HAVE_ANON + byte haveAnon; /* User wants to allow Anon suites */ +#endif /* HAVE_ANON */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + pem_password_cb passwd_cb; + void* userdata; +#endif /* OPENSSL_EXTRA */ +#ifdef HAVE_OCSP + WOLFSSL_OCSP ocsp; +#endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif +#ifdef HAVE_TLS_EXTENSIONS + TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER) + SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */ + void* ticketEncCtx; /* session encrypt context */ + int ticketHint; /* ticket hint in seconds */ + #endif +#endif +#ifdef ATOMIC_USER + CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ + CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + CallbackEccSign EccSignCb; /* User EccSign Callback handler */ + CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ + #endif /* HAVE_ECC */ + #ifndef NO_RSA + CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ + CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ + CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ + CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +}; + + +WOLFSSL_LOCAL +int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*); +WOLFSSL_LOCAL +void FreeSSL_Ctx(WOLFSSL_CTX*); +WOLFSSL_LOCAL +void SSL_CtxResourceFree(WOLFSSL_CTX*); + +WOLFSSL_LOCAL +int DeriveTlsKeys(WOLFSSL* ssl); +WOLFSSL_LOCAL +int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 inSz, word16 sz); +#ifndef NO_CERTS + WOLFSSL_LOCAL + int AddCA(WOLFSSL_CERT_MANAGER* ctx, buffer der, int type, int verify); + WOLFSSL_LOCAL + int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash); +#endif + +/* All cipher suite related info */ +typedef struct CipherSpecs { + word16 key_size; + word16 iv_size; + word16 block_size; + word16 aead_mac_size; + byte bulk_cipher_algorithm; + byte cipher_type; /* block, stream, or aead */ + byte mac_algorithm; + byte kea; /* key exchange algo */ + byte sig_algo; + byte hash_size; + byte pad_size; + byte static_ecdh; +} CipherSpecs; + + +void InitCipherSpecs(CipherSpecs* cs); + + +/* Supported Message Authentication Codes from page 43 */ +enum MACAlgorithm { + no_mac, + md5_mac, + sha_mac, + sha224_mac, + sha256_mac, /* needs to match external KDF_MacAlgorithm */ + sha384_mac, + sha512_mac, + rmd_mac, + blake2b_mac +}; + + +/* Supported Key Exchange Protocols */ +enum KeyExchangeAlgorithm { + no_kea, + rsa_kea, + diffie_hellman_kea, + fortezza_kea, + psk_kea, + dhe_psk_kea, + ntru_kea, + ecc_diffie_hellman_kea, + ecc_static_diffie_hellman_kea /* for verify suite only */ +}; + + +/* Supported Authentication Schemes */ +enum SignatureAlgorithm { + anonymous_sa_algo, + rsa_sa_algo, + dsa_sa_algo, + ecc_dsa_sa_algo +}; + + +/* Supprted ECC Curve Types */ +enum EccCurves { + named_curve = 3 +}; + + +/* Valid client certificate request types from page 27 */ +enum ClientCertificateType { + rsa_sign = 1, + dss_sign = 2, + rsa_fixed_dh = 3, + dss_fixed_dh = 4, + rsa_ephemeral_dh = 5, + dss_ephemeral_dh = 6, + fortezza_kea_cert = 20, + ecdsa_sign = 64, + rsa_fixed_ecdh = 65, + ecdsa_fixed_ecdh = 66 +}; + + +enum CipherType { stream, block, aead }; + + + + + + +/* cipher for now */ +typedef struct Ciphers { +#ifdef BUILD_ARC4 + Arc4* arc4; +#endif +#ifdef BUILD_DES3 + Des3* des3; +#endif +#if defined(BUILD_AES) || defined(BUILD_AESGCM) + Aes* aes; +#endif +#ifdef HAVE_CAMELLIA + Camellia* cam; +#endif +#ifdef HAVE_CHACHA + ChaCha* chacha; +#endif +#ifdef HAVE_HC128 + HC128* hc128; +#endif +#ifdef BUILD_RABBIT + Rabbit* rabbit; +#endif + byte setup; /* have we set it up flag for detection */ +} Ciphers; + + +#ifdef HAVE_ONE_TIME_AUTH +/* Ciphers for one time authentication such as poly1305 */ +typedef struct OneTimeAuth { +#ifdef HAVE_POLY1305 + Poly1305* poly1305; +#endif + byte setup; /* flag for if a cipher has been set */ + +} OneTimeAuth; +#endif + + +WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl); +WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl); + + +/* hashes type */ +typedef struct Hashes { + #ifndef NO_OLD_TLS + byte md5[MD5_DIGEST_SIZE]; + #endif + byte sha[SHA_DIGEST_SIZE]; + #ifndef NO_SHA256 + byte sha256[SHA256_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA384 + byte sha384[SHA384_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA512 + byte sha512[SHA512_DIGEST_SIZE]; + #endif +} Hashes; + + +/* Static x509 buffer */ +typedef struct x509_buffer { + int length; /* actual size */ + byte buffer[MAX_X509_SIZE]; /* max static cert size */ +} x509_buffer; + + +/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ +struct WOLFSSL_X509_CHAIN { + int count; /* total number in chain */ + x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ +}; + + +/* wolfSSL session type */ +struct WOLFSSL_SESSION { + word32 bornOn; /* create time in seconds */ + word32 timeout; /* timeout in seconds */ + byte sessionID[ID_LEN]; /* id for protocol */ + byte sessionIDSz; + byte masterSecret[SECRET_LEN]; /* stored secret */ +#ifdef SESSION_CERTS + WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ + ProtocolVersion version; /* which version was used */ + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* 2nd byte, actual suite */ +#endif +#ifndef NO_CLIENT_CACHE + word16 idLen; /* serverID length */ + byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ +#endif +#ifdef HAVE_SESSION_TICKET + word16 ticketLen; + byte ticket[SESSION_TICKET_LEN]; +#endif +}; + + +WOLFSSL_LOCAL +WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*); +WOLFSSL_LOCAL +int SetSession(WOLFSSL*, WOLFSSL_SESSION*); + +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); + +#ifndef NO_CLIENT_CACHE + WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); +#endif + +/* client connect state for nonblocking restart */ +enum ConnectState { + CONNECT_BEGIN = 0, + CLIENT_HELLO_SENT, + HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ + HELLO_AGAIN_REPLY, + FIRST_REPLY_DONE, + FIRST_REPLY_FIRST, + FIRST_REPLY_SECOND, + FIRST_REPLY_THIRD, + FIRST_REPLY_FOURTH, + FINISHED_DONE, + SECOND_REPLY_DONE +}; + + +/* server accept state for nonblocking restart */ +enum AcceptState { + ACCEPT_BEGIN = 0, + ACCEPT_CLIENT_HELLO_DONE, + HELLO_VERIFY_SENT, + ACCEPT_FIRST_REPLY_DONE, + SERVER_HELLO_SENT, + CERT_SENT, + KEY_EXCHANGE_SENT, + CERT_REQ_SENT, + SERVER_HELLO_DONE, + ACCEPT_SECOND_REPLY_DONE, + TICKET_SENT, + CHANGE_CIPHER_SENT, + ACCEPT_FINISHED_DONE, + ACCEPT_THIRD_REPLY_DONE +}; + + +typedef struct Buffers { + bufferStatic inputBuffer; + bufferStatic outputBuffer; + buffer domainName; /* for client check */ + buffer clearOutputBuffer; + int prevSent; /* previous plain text bytes sent + when got WANT_WRITE */ + int plainSz; /* plain text bytes in buffer to send + when got WANT_WRITE */ + byte weOwnCert; /* SSL own cert flag */ + byte weOwnCertChain; /* SSL own cert chain flag */ + byte weOwnKey; /* SSL own key flag */ + byte weOwnDH; /* SSL own dh (p,g) flag */ +#ifndef NO_DH + buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */ + buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */ + buffer serverDH_Pub; + buffer serverDH_Priv; +#endif +#ifndef NO_CERTS + buffer certificate; /* WOLFSSL_CTX owns, unless we own */ + buffer key; /* WOLFSSL_CTX owns, unless we own */ + buffer certChain; /* WOLFSSL_CTX owns, unless we own */ + /* chain after self, in DER, with leading size for each cert */ +#endif +#ifdef WOLFSSL_DTLS + WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */ + #endif /* HAVE_ECC */ + #ifndef NO_RSA + buffer peerRsaKey; /* we own for Rsa Verify Callbacks */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +} Buffers; + +typedef struct Options { +#ifndef NO_PSK + psk_client_callback client_psk_cb; + psk_server_callback server_psk_cb; + word16 havePSK:1; /* psk key set by user */ +#endif /* NO_PSK */ + + /* on/off or small bit flags, optimize layout */ + word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */ + word16 sessionCacheOff:1; + word16 sessionCacheFlushOff:1; + word16 side:1; /* client or server end */ + word16 verifyPeer:1; + word16 verifyNone:1; + word16 failNoCert:1; + word16 downgrade:1; /* allow downgrade of versions */ + word16 resuming:1; + word16 haveSessionId:1; /* server may not send */ + word16 tls:1; /* using TLS ? */ + word16 tls1_1:1; /* using TLSv1.1+ ? */ + word16 dtls:1; /* using datagrams ? */ + word16 connReset:1; /* has the peer reset */ + word16 isClosed:1; /* if we consider conn closed */ + word16 closeNotify:1; /* we've recieved a close notify */ + word16 sentNotify:1; /* we've sent a close notify */ + word16 usingCompression:1; /* are we using compression */ + word16 haveRSA:1; /* RSA available */ + word16 haveDH:1; /* server DH parms set by user */ + word16 haveNTRU:1; /* server NTRU private key loaded */ + word16 haveECDSAsig:1; /* server ECDSA signed cert */ + word16 haveStaticECC:1; /* static server ECC private key */ + word16 havePeerCert:1; /* do we have peer's cert */ + word16 havePeerVerify:1; /* and peer's cert verify */ + word16 usingPSK_cipher:1; /* are using psk as cipher */ + word16 usingAnon_cipher:1; /* are we using an anon cipher */ + word16 sendAlertState:1; /* nonblocking resume */ + word16 partialWrite:1; /* only one msg per write call */ + word16 quietShutdown:1; /* don't send close notify */ + word16 certOnly:1; /* stop once we get cert */ + word16 groupMessages:1; /* group handshake messages */ + word16 usingNonblock:1; /* are we using nonblocking socket */ + word16 saveArrays:1; /* save array Memory for user get keys + or psk */ +#ifdef HAVE_POLY1305 + word16 oldPoly:1; /* set when to use old rfc way of poly*/ +#endif +#ifdef HAVE_ANON + word16 haveAnon:1; /* User wants to allow Anon suites */ +#endif +#ifdef HAVE_SESSION_TICKET + word16 createTicket:1; /* Server to create new Ticket */ + word16 useTicket:1; /* Use Ticket not session cache */ +#endif + + /* need full byte values for this section */ + byte processReply; /* nonblocking resume */ + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* second byte, actual suite */ + byte serverState; + byte clientState; + byte handShakeState; + byte handShakeDone; /* at least one handshake complete */ + byte minDowngrade; /* minimum downgrade version */ + byte connectState; /* nonblocking resume */ + byte acceptState; /* nonblocking resume */ +#ifndef NO_DH + word16 minDhKeySz; /* minimum DH key size */ + word16 dhKeySz; /* actual DH key size */ +#endif + +} Options; + +typedef struct Arrays { + word32 preMasterSz; /* differs for DH, actual size */ +#ifndef NO_PSK + word32 psk_keySz; /* acutal size */ + char client_identity[MAX_PSK_ID_LEN]; + char server_hint[MAX_PSK_ID_LEN]; + byte psk_key[MAX_PSK_KEY_LEN]; +#endif + byte clientRandom[RAN_LEN]; + byte serverRandom[RAN_LEN]; + byte sessionID[ID_LEN]; + byte sessionIDSz; + byte preMasterSecret[ENCRYPT_LEN]; + byte masterSecret[SECRET_LEN]; +#ifdef WOLFSSL_DTLS + byte cookie[MAX_COOKIE_LEN]; + byte cookieSz; +#endif +} Arrays; + +#ifndef ASN_NAME_MAX +#define ASN_NAME_MAX 256 +#endif + +#ifndef MAX_DATE_SZ +#define MAX_DATE_SZ 32 +#endif + +struct WOLFSSL_X509_NAME { + char *name; + char staticName[ASN_NAME_MAX]; + int dynamicName; + int sz; +#ifdef OPENSSL_EXTRA + DecodedName fullName; +#endif /* OPENSSL_EXTRA */ +}; + +#ifndef EXTERNAL_SERIAL_SIZE + #define EXTERNAL_SERIAL_SIZE 32 +#endif + +#ifdef NO_ASN + typedef struct DNS_entry DNS_entry; +#endif + +struct WOLFSSL_X509 { + int version; + WOLFSSL_X509_NAME issuer; + WOLFSSL_X509_NAME subject; + int serialSz; + byte serial[EXTERNAL_SERIAL_SIZE]; + char subjectCN[ASN_NAME_MAX]; /* common name short cut */ +#ifdef WOLFSSL_SEP + int deviceTypeSz; + byte deviceType[EXTERNAL_SERIAL_SIZE]; + int hwTypeSz; + byte hwType[EXTERNAL_SERIAL_SIZE]; + int hwSerialNumSz; + byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; + #ifdef OPENSSL_EXTRA + byte certPolicySet; + byte certPolicyCrit; + #endif /* OPENSSL_EXTRA */ +#endif + int notBeforeSz; + byte notBefore[MAX_DATE_SZ]; + int notAfterSz; + byte notAfter[MAX_DATE_SZ]; + int sigOID; + buffer sig; + int pubKeyOID; + buffer pubKey; + #ifdef HAVE_ECC + word32 pkCurveOID; + #endif /* HAVE_ECC */ + buffer derCert; /* may need */ + DNS_entry* altNames; /* alt names list */ + DNS_entry* altNamesNext; /* hint for retrieval */ + byte dynamicMemory; /* dynamic memory flag */ + byte isCa; +#ifdef OPENSSL_EXTRA + word32 pathLength; + word16 keyUsage; + byte basicConstSet; + byte basicConstCrit; + byte basicConstPlSet; + byte subjAltNameSet; + byte subjAltNameCrit; + byte authKeyIdSet; + byte authKeyIdCrit; + byte* authKeyId; + word32 authKeyIdSz; + byte subjKeyIdSet; + byte subjKeyIdCrit; + byte* subjKeyId; + word32 subjKeyIdSz; + byte keyUsageSet; + byte keyUsageCrit; +#endif /* OPENSSL_EXTRA */ +}; + + +/* record layer header for PlainText, Compressed, and CipherText */ +typedef struct RecordLayerHeader { + byte type; + byte pvMajor; + byte pvMinor; + byte length[2]; +} RecordLayerHeader; + + +/* record layer header for DTLS PlainText, Compressed, and CipherText */ +typedef struct DtlsRecordLayerHeader { + byte type; + byte pvMajor; + byte pvMinor; + byte epoch[2]; /* increment on cipher state change */ + byte sequence_number[6]; /* per record */ + byte length[2]; +} DtlsRecordLayerHeader; + + +typedef struct DtlsPool { + buffer buf[DTLS_POOL_SZ]; + int used; +} DtlsPool; + +typedef struct DtlsMsg { + struct DtlsMsg* next; + word32 seq; /* Handshake sequence number */ + word32 sz; /* Length of whole mesage */ + word32 fragSz; /* Length of fragments received */ + byte type; + byte* buf; + byte* msg; +} DtlsMsg; + + +#ifdef HAVE_NETX + + /* NETX I/O Callback default */ + typedef struct NetX_Ctx { + NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */ + NX_PACKET* nxPacket; /* incoming packet handle for short reads */ + ULONG nxOffset; /* offset already read from nxPacket */ + ULONG nxWait; /* wait option flag */ + } NetX_Ctx; + +#endif + + +/* Handshake messages recevied from peer (plus change cipher */ +typedef struct MsgsReceived { + word16 got_hello_request:1; + word16 got_client_hello:1; + word16 got_server_hello:1; + word16 got_hello_verify_request:1; + word16 got_session_ticket:1; + word16 got_certificate:1; + word16 got_server_key_exchange:1; + word16 got_certificate_request:1; + word16 got_server_hello_done:1; + word16 got_certificate_verify:1; + word16 got_client_key_exchange:1; + word16 got_finished:1; + word16 got_change_cipher:1; +} MsgsReceived; + + +/* Handshake hashes */ +typedef struct HS_Hashes { + Hashes verifyHashes; + Hashes certHashes; /* for cert verify */ +#ifndef NO_OLD_TLS +#ifndef NO_SHA + Sha hashSha; /* sha hash of handshake msgs */ +#endif +#ifndef NO_MD5 + Md5 hashMd5; /* md5 hash of handshake msgs */ +#endif +#endif /* NO_OLD_TLS */ +#ifndef NO_SHA256 + Sha256 hashSha256; /* sha256 hash of handshake msgs */ +#endif +#ifdef WOLFSSL_SHA384 + Sha384 hashSha384; /* sha384 hash of handshake msgs */ +#endif +#ifdef WOLFSSL_SHA512 + Sha512 hashSha512; /* sha512 hash of handshake msgs */ +#endif +} HS_Hashes; + + +/* wolfSSL ssl type */ +struct WOLFSSL { + WOLFSSL_CTX* ctx; + Suites* suites; /* only need during handshake */ + Arrays* arrays; + HS_Hashes* hsHashes; + void* IOCB_ReadCtx; + void* IOCB_WriteCtx; + RNG* rng; + void* verifyCbCtx; /* cert verify callback user ctx*/ + VerifyCallback verifyCallback; /* cert verification callback */ + void* heap; /* for user overrides */ +#ifndef NO_HANDSHAKE_DONE_CB + HandShakeDoneCb hsDoneCb; /* notify user handshake done */ + void* hsDoneCtx; /* user handshake cb context */ +#endif + WOLFSSL_CIPHER cipher; + hmacfp hmac; + Ciphers encrypt; + Ciphers decrypt; + Buffers buffers; + WOLFSSL_SESSION session; + WOLFSSL_ALERT_HISTORY alert_history; + int error; + int rfd; /* read file descriptor */ + int wfd; /* write file descriptor */ + int rflags; /* user read flags */ + int wflags; /* user write flags */ + word32 timeout; /* session timeout */ + word16 curSize; + RecordLayerHeader curRL; + MsgsReceived msgsReceived; /* peer messages received */ + ProtocolVersion version; /* negotiated version */ + ProtocolVersion chVersion; /* client hello version */ + CipherSpecs specs; + Keys keys; + Options options; +#ifdef OPENSSL_EXTRA + WOLFSSL_BIO* biord; /* socket bio read to free/close */ + WOLFSSL_BIO* biowr; /* socket bio write to free/close */ +#endif +#ifndef NO_RSA + RsaKey* peerRsaKey; + byte peerRsaKeyPresent; +#endif +#ifdef HAVE_NTRU + word16 peerNtruKeyLen; + byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; + byte peerNtruKeyPresent; +#endif +#ifdef HAVE_ECC + ecc_key* peerEccKey; /* peer's ECDHE key */ + ecc_key* peerEccDsaKey; /* peer's ECDSA key */ + ecc_key* eccTempKey; /* private ECDHE key */ + word32 pkCurveOID; /* curve Ecc_Sum */ + word16 eccTempKeySz; /* in octets 20 - 66 */ + byte peerEccKeyPresent; + byte peerEccDsaKeyPresent; + byte eccTempKeyPresent; +#endif +#ifdef HAVE_LIBZ + z_stream c_stream; /* compression stream */ + z_stream d_stream; /* decompression stream */ + byte didStreamInit; /* for stream init and end */ +#endif +#ifdef WOLFSSL_DTLS + int dtls_timeout_init; /* starting timeout vaule */ + int dtls_timeout_max; /* maximum timeout value */ + int dtls_timeout; /* current timeout value, changes */ + DtlsPool* dtls_pool; + DtlsMsg* dtls_msg_list; + void* IOCB_CookieCtx; /* gen cookie ctx */ + word32 dtls_expected_rx; +#endif +#ifdef WOLFSSL_CALLBACKS + HandShakeInfo handShakeInfo; /* info saved during handshake */ + TimeoutInfo timeoutInfo; /* info saved during handshake */ + byte hsInfoOn; /* track handshake info */ + byte toInfoOn; /* track timeout info */ +#endif +#ifdef HAVE_FUZZER + CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ + void* fuzzerCtx; /* user defined pointer */ +#endif +#ifdef KEEP_PEER_CERT + WOLFSSL_X509 peerCert; /* X509 peer cert */ +#endif +#ifdef FORTRESS + void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ +#endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif +#ifdef HAVE_ONE_TIME_AUTH + OneTimeAuth auth; +#endif +#ifdef HAVE_TLS_EXTENSIONS + TLSX* extensions; /* RFC 6066 TLS Extensions data */ + #ifdef HAVE_MAX_FRAGMENT + word16 max_fragment; + #endif + #ifdef HAVE_TRUNCATED_HMAC + byte truncated_hmac; + #endif + #ifdef HAVE_SECURE_RENEGOTIATION + SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */ + #endif /* user turned on */ + #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) + CallbackSessionTicket session_ticket_cb; + void* session_ticket_ctx; + byte expect_session_ticket; + #endif +#endif /* HAVE_TLS_EXTENSIONS */ +#ifdef HAVE_NETX + NetX_Ctx nxCtx; /* NetX IO Context */ +#endif +#ifdef SESSION_INDEX + int sessionIndex; /* Session's location in the cache. */ +#endif +#ifdef ATOMIC_USER + void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */ + void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */ +#endif +#ifdef HAVE_PK_CALLBACKS + #ifdef HAVE_ECC + void* EccSignCtx; /* Ecc Sign Callback Context */ + void* EccVerifyCtx; /* Ecc Verify Callback Context */ + #endif /* HAVE_ECC */ + #ifndef NO_RSA + void* RsaSignCtx; /* Rsa Sign Callback Context */ + void* RsaVerifyCtx; /* Rsa Verify Callback Context */ + void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */ + void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ + #endif /* NO_RSA */ +#endif /* HAVE_PK_CALLBACKS */ +#ifdef HAVE_SECRET_CALLBACK + SessionSecretCb sessionSecretCb; + void* sessionSecretCtx; +#endif /* HAVE_SECRET_CALLBACK */ +}; + + +WOLFSSL_LOCAL +int InitSSL(WOLFSSL*, WOLFSSL_CTX*); +WOLFSSL_LOCAL +void FreeSSL(WOLFSSL*); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ + + +enum { + IV_SZ = 32, /* max iv sz */ + NAME_SZ = 80 /* max one line */ +}; + + +typedef struct EncryptedInfo { + char name[NAME_SZ]; /* encryption name */ + byte iv[IV_SZ]; /* encrypted IV */ + word32 ivSz; /* encrypted IV size */ + long consumed; /* tracks PEM bytes consumed */ + byte set; /* if encryption set */ + WOLFSSL_CTX* ctx; /* CTX owner */ +} EncryptedInfo; + + +#ifndef NO_CERTS + WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, + buffer* der, void* heap, EncryptedInfo* info, + int* eccKey); + + WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, + int type, WOLFSSL* ssl, int userChain, + WOLFSSL_CRL* crl); +#endif + + +#ifdef WOLFSSL_CALLBACKS + WOLFSSL_LOCAL + void InitHandShakeInfo(HandShakeInfo*); + WOLFSSL_LOCAL + void FinishHandShakeInfo(HandShakeInfo*, const WOLFSSL*); + WOLFSSL_LOCAL + void AddPacketName(const char*, HandShakeInfo*); + + WOLFSSL_LOCAL + void InitTimeoutInfo(TimeoutInfo*); + WOLFSSL_LOCAL + void FreeTimeoutInfo(TimeoutInfo*, void*); + WOLFSSL_LOCAL + void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); + WOLFSSL_LOCAL + void AddLateName(const char*, TimeoutInfo*); + WOLFSSL_LOCAL + void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); +#endif + + +/* Record Layer Header identifier from page 12 */ +enum ContentType { + no_type = 0, + change_cipher_spec = 20, + alert = 21, + handshake = 22, + application_data = 23 +}; + + +/* handshake header, same for each message type, pgs 20/21 */ +typedef struct HandShakeHeader { + byte type; + word24 length; +} HandShakeHeader; + + +/* DTLS handshake header, same for each message type */ +typedef struct DtlsHandShakeHeader { + byte type; + word24 length; + byte message_seq[2]; /* start at 0, restransmit gets same # */ + word24 fragment_offset; /* bytes in previous fragments */ + word24 fragment_length; /* length of this fragment */ +} DtlsHandShakeHeader; + + +enum HandShakeType { + no_shake = -1, + hello_request = 0, + client_hello = 1, + server_hello = 2, + hello_verify_request = 3, /* DTLS addition */ + session_ticket = 4, + certificate = 11, + server_key_exchange = 12, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, + certificate_status = 22, + change_cipher_hs = 55 /* simulate unique handshake type for sanity + checks. record layer change_cipher + conflicts with handshake finished */ +}; + + +static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; +static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; + +static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; +static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; + + +/* internal functions */ +WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*); +WOLFSSL_LOCAL int SendTicket(WOLFSSL*); +WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); +WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); +WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); +WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); +WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*); +WOLFSSL_LOCAL int SendBuffered(WOLFSSL*); +WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int); +WOLFSSL_LOCAL int SendFinished(WOLFSSL*); +WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int); +WOLFSSL_LOCAL int ProcessReply(WOLFSSL*); + +WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*); +WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*); + +WOLFSSL_LOCAL int AddSession(WOLFSSL*); +WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl); +WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData); + +WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); +WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); + +WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); +WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); +WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl); + +WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl); +#ifndef NO_CERTS + WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash); + #ifndef NO_SKID + WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); + #endif +#endif +WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, + const byte* sender); +WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep); +WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size); +WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); + +#ifndef NO_TLS + WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); + WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, + word32 sz, int content, int verify); +#endif + +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_LOCAL int SendClientHello(WOLFSSL*); + WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*); + WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*); +#endif /* NO_WOLFSSL_CLIENT */ + +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_LOCAL int SendServerHello(WOLFSSL*); + WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*); + #ifdef WOLFSSL_DTLS + WOLFSSL_LOCAL int SendHelloVerifyRequest(WOLFSSL*); + #endif +#endif /* NO_WOLFSSL_SERVER */ + +#ifdef WOLFSSL_DTLS + WOLFSSL_LOCAL int DtlsPoolInit(WOLFSSL*); + WOLFSSL_LOCAL int DtlsPoolSave(WOLFSSL*, const byte*, int); + WOLFSSL_LOCAL int DtlsPoolTimeout(WOLFSSL*); + WOLFSSL_LOCAL int DtlsPoolSend(WOLFSSL*); + WOLFSSL_LOCAL void DtlsPoolReset(WOLFSSL*); + + WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); + WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); + WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); + WOLFSSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, + word32, word32); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, + byte, word32, word32, void*); + WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); +#endif /* WOLFSSL_DTLS */ + +#ifndef NO_TLS + + +#endif /* NO_TLS */ + + +WOLFSSL_LOCAL word32 LowResTimer(void); + +WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); +WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); +WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); +WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); +#ifndef NO_CERTS + WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); +#endif + +/* used by ssl.c and wolfssl_int.c */ +WOLFSSL_LOCAL void c32to24(word32 in, word24 out); + +WOLFSSL_LOCAL const char* const* GetCipherNames(void); +WOLFSSL_LOCAL int GetCipherNamesSize(void); + + +enum encrypt_side { + ENCRYPT_SIDE_ONLY = 1, + DECRYPT_SIDE_ONLY, + ENCRYPT_AND_DECRYPT_SIDE +}; + +WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* wolfSSL_INT_H */ + +