wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/internal.c@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:
wolfSSL
Date:
Tue Aug 22 10:48:22 2017 +0000
Revision:
13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 13:f67a6c6013ca 1 /* internal.c
wolfSSL 13:f67a6c6013ca 2 *
wolfSSL 13:f67a6c6013ca 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 13:f67a6c6013ca 4 *
wolfSSL 13:f67a6c6013ca 5 * This file is part of wolfSSL.
wolfSSL 13:f67a6c6013ca 6 *
wolfSSL 13:f67a6c6013ca 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 13:f67a6c6013ca 8 * it under the terms of the GNU General Public License as published by
wolfSSL 13:f67a6c6013ca 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 13:f67a6c6013ca 10 * (at your option) any later version.
wolfSSL 13:f67a6c6013ca 11 *
wolfSSL 13:f67a6c6013ca 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 13:f67a6c6013ca 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 13:f67a6c6013ca 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 13:f67a6c6013ca 15 * GNU General Public License for more details.
wolfSSL 13:f67a6c6013ca 16 *
wolfSSL 13:f67a6c6013ca 17 * You should have received a copy of the GNU General Public License
wolfSSL 13:f67a6c6013ca 18 * along with this program; if not, write to the Free Software
wolfSSL 13:f67a6c6013ca 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 13:f67a6c6013ca 20 */
wolfSSL 13:f67a6c6013ca 21
wolfSSL 13:f67a6c6013ca 22
wolfSSL 13:f67a6c6013ca 23
wolfSSL 13:f67a6c6013ca 24 #ifdef HAVE_CONFIG_H
wolfSSL 13:f67a6c6013ca 25 #include <config.h>
wolfSSL 13:f67a6c6013ca 26 #endif
wolfSSL 13:f67a6c6013ca 27
wolfSSL 13:f67a6c6013ca 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 13:f67a6c6013ca 29
wolfSSL 13:f67a6c6013ca 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 13:f67a6c6013ca 31
wolfSSL 13:f67a6c6013ca 32 #include <wolfssl/internal.h>
wolfSSL 13:f67a6c6013ca 33 #include <wolfssl/error-ssl.h>
wolfSSL 13:f67a6c6013ca 34 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 13:f67a6c6013ca 35 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 13:f67a6c6013ca 36 #ifdef NO_INLINE
wolfSSL 13:f67a6c6013ca 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 13:f67a6c6013ca 38 #else
wolfSSL 13:f67a6c6013ca 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 13:f67a6c6013ca 40 #include <wolfcrypt/src/misc.c>
wolfSSL 13:f67a6c6013ca 41 #endif
wolfSSL 13:f67a6c6013ca 42
wolfSSL 13:f67a6c6013ca 43 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 44 #include "zlib.h"
wolfSSL 13:f67a6c6013ca 45 #endif
wolfSSL 13:f67a6c6013ca 46
wolfSSL 13:f67a6c6013ca 47 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 48 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 13:f67a6c6013ca 49 #endif
wolfSSL 13:f67a6c6013ca 50
wolfSSL 13:f67a6c6013ca 51 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || \
wolfSSL 13:f67a6c6013ca 52 defined(CHACHA_AEAD_TEST) || defined(WOLFSSL_SESSION_EXPORT_DEBUG)
wolfSSL 13:f67a6c6013ca 53 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 13:f67a6c6013ca 54 #if MQX_USE_IO_OLD
wolfSSL 13:f67a6c6013ca 55 #include <fio.h>
wolfSSL 13:f67a6c6013ca 56 #else
wolfSSL 13:f67a6c6013ca 57 #include <nio.h>
wolfSSL 13:f67a6c6013ca 58 #endif
wolfSSL 13:f67a6c6013ca 59 #else
wolfSSL 13:f67a6c6013ca 60 #include <stdio.h>
wolfSSL 13:f67a6c6013ca 61 #endif
wolfSSL 13:f67a6c6013ca 62 #endif
wolfSSL 13:f67a6c6013ca 63
wolfSSL 13:f67a6c6013ca 64 #ifdef __sun
wolfSSL 13:f67a6c6013ca 65 #include <sys/filio.h>
wolfSSL 13:f67a6c6013ca 66 #endif
wolfSSL 13:f67a6c6013ca 67
wolfSSL 13:f67a6c6013ca 68
wolfSSL 13:f67a6c6013ca 69 #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
wolfSSL 13:f67a6c6013ca 70
wolfSSL 13:f67a6c6013ca 71 #ifdef _MSC_VER
wolfSSL 13:f67a6c6013ca 72 /* disable for while(0) cases at the .c level for now */
wolfSSL 13:f67a6c6013ca 73 #pragma warning(disable:4127)
wolfSSL 13:f67a6c6013ca 74 #endif
wolfSSL 13:f67a6c6013ca 75
wolfSSL 13:f67a6c6013ca 76 #if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL 13:f67a6c6013ca 77 #error \
wolfSSL 13:f67a6c6013ca 78 WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL 13:f67a6c6013ca 79 #endif
wolfSSL 13:f67a6c6013ca 80
wolfSSL 13:f67a6c6013ca 81 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
wolfSSL 13:f67a6c6013ca 82 #error Cannot use both secure-renegotiation and renegotiation-indication
wolfSSL 13:f67a6c6013ca 83 #endif
wolfSSL 13:f67a6c6013ca 84
wolfSSL 13:f67a6c6013ca 85 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 86 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 13:f67a6c6013ca 87 word32);
wolfSSL 13:f67a6c6013ca 88 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 13:f67a6c6013ca 89 word32);
wolfSSL 13:f67a6c6013ca 90 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 91 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 13:f67a6c6013ca 92 word32);
wolfSSL 13:f67a6c6013ca 93 #endif
wolfSSL 13:f67a6c6013ca 94 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 95 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 13:f67a6c6013ca 96 word32);
wolfSSL 13:f67a6c6013ca 97 #endif
wolfSSL 13:f67a6c6013ca 98 #endif
wolfSSL 13:f67a6c6013ca 99
wolfSSL 13:f67a6c6013ca 100
wolfSSL 13:f67a6c6013ca 101 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 102 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
wolfSSL 13:f67a6c6013ca 103 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 104 static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
wolfSSL 13:f67a6c6013ca 105 #endif
wolfSSL 13:f67a6c6013ca 106 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 107 static int SendHelloVerifyRequest(WOLFSSL*, const byte*, byte);
wolfSSL 13:f67a6c6013ca 108 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 109 #endif
wolfSSL 13:f67a6c6013ca 110
wolfSSL 13:f67a6c6013ca 111
wolfSSL 13:f67a6c6013ca 112 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 113 static INLINE int DtlsCheckWindow(WOLFSSL* ssl);
wolfSSL 13:f67a6c6013ca 114 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl);
wolfSSL 13:f67a6c6013ca 115 #endif
wolfSSL 13:f67a6c6013ca 116
wolfSSL 13:f67a6c6013ca 117
wolfSSL 13:f67a6c6013ca 118 enum processReply {
wolfSSL 13:f67a6c6013ca 119 doProcessInit = 0,
wolfSSL 13:f67a6c6013ca 120 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 121 runProcessOldClientHello,
wolfSSL 13:f67a6c6013ca 122 #endif
wolfSSL 13:f67a6c6013ca 123 getRecordLayerHeader,
wolfSSL 13:f67a6c6013ca 124 getData,
wolfSSL 13:f67a6c6013ca 125 decryptMessage,
wolfSSL 13:f67a6c6013ca 126 verifyMessage,
wolfSSL 13:f67a6c6013ca 127 runProcessingOneMessage
wolfSSL 13:f67a6c6013ca 128 };
wolfSSL 13:f67a6c6013ca 129
wolfSSL 13:f67a6c6013ca 130
wolfSSL 13:f67a6c6013ca 131 /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */
wolfSSL 13:f67a6c6013ca 132 static const byte tls13Downgrade[7] = {
wolfSSL 13:f67a6c6013ca 133 0x44, 0x4f, 0x47, 0x4e, 0x47, 0x52, 0x44
wolfSSL 13:f67a6c6013ca 134 };
wolfSSL 13:f67a6c6013ca 135 #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade)
wolfSSL 13:f67a6c6013ca 136
wolfSSL 13:f67a6c6013ca 137
wolfSSL 13:f67a6c6013ca 138 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 139 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 13:f67a6c6013ca 140 int content, int verify);
wolfSSL 13:f67a6c6013ca 141
wolfSSL 13:f67a6c6013ca 142 #endif
wolfSSL 13:f67a6c6013ca 143
wolfSSL 13:f67a6c6013ca 144 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 145 int QSH_Init(WOLFSSL* ssl);
wolfSSL 13:f67a6c6013ca 146 #endif
wolfSSL 13:f67a6c6013ca 147
wolfSSL 13:f67a6c6013ca 148
wolfSSL 13:f67a6c6013ca 149 int IsTLS(const WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 150 {
wolfSSL 13:f67a6c6013ca 151 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL 13:f67a6c6013ca 152 return 1;
wolfSSL 13:f67a6c6013ca 153
wolfSSL 13:f67a6c6013ca 154 return 0;
wolfSSL 13:f67a6c6013ca 155 }
wolfSSL 13:f67a6c6013ca 156
wolfSSL 13:f67a6c6013ca 157
wolfSSL 13:f67a6c6013ca 158 int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 159 {
wolfSSL 13:f67a6c6013ca 160 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL 13:f67a6c6013ca 161 return 1;
wolfSSL 13:f67a6c6013ca 162 if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL 13:f67a6c6013ca 163 return 1;
wolfSSL 13:f67a6c6013ca 164
wolfSSL 13:f67a6c6013ca 165 return 0;
wolfSSL 13:f67a6c6013ca 166 }
wolfSSL 13:f67a6c6013ca 167
wolfSSL 13:f67a6c6013ca 168 int IsAtLeastTLSv1_3(const ProtocolVersion pv)
wolfSSL 13:f67a6c6013ca 169 {
wolfSSL 13:f67a6c6013ca 170 return (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR);
wolfSSL 13:f67a6c6013ca 171 }
wolfSSL 13:f67a6c6013ca 172
wolfSSL 13:f67a6c6013ca 173
wolfSSL 13:f67a6c6013ca 174 static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
wolfSSL 13:f67a6c6013ca 175 {
wolfSSL 13:f67a6c6013ca 176 (void)isSend;
wolfSSL 13:f67a6c6013ca 177
wolfSSL 13:f67a6c6013ca 178 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 179 /* For DTLS, epoch 0 is always not encrypted. */
wolfSSL 13:f67a6c6013ca 180 if (ssl->options.dtls && !isSend && ssl->keys.curEpoch == 0)
wolfSSL 13:f67a6c6013ca 181 return 0;
wolfSSL 13:f67a6c6013ca 182 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 183
wolfSSL 13:f67a6c6013ca 184 return ssl->keys.encryptionOn;
wolfSSL 13:f67a6c6013ca 185 }
wolfSSL 13:f67a6c6013ca 186
wolfSSL 13:f67a6c6013ca 187
wolfSSL 13:f67a6c6013ca 188 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 13:f67a6c6013ca 189 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 13:f67a6c6013ca 190 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 191 {
wolfSSL 13:f67a6c6013ca 192 int result = ssl->options.dtls;
wolfSSL 13:f67a6c6013ca 193
wolfSSL 13:f67a6c6013ca 194 if (result) {
wolfSSL 13:f67a6c6013ca 195 #ifdef WOLFSSL_SCTP
wolfSSL 13:f67a6c6013ca 196 result = !ssl->options.dtlsSctp;
wolfSSL 13:f67a6c6013ca 197 #endif
wolfSSL 13:f67a6c6013ca 198 }
wolfSSL 13:f67a6c6013ca 199
wolfSSL 13:f67a6c6013ca 200 return result;
wolfSSL 13:f67a6c6013ca 201 }
wolfSSL 13:f67a6c6013ca 202
wolfSSL 13:f67a6c6013ca 203
wolfSSL 13:f67a6c6013ca 204 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 205 /* free all structs that where used with QSH */
wolfSSL 13:f67a6c6013ca 206 static int QSH_FreeAll(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 207 {
wolfSSL 13:f67a6c6013ca 208 QSHKey* key = ssl->QSH_Key;
wolfSSL 13:f67a6c6013ca 209 QSHKey* preKey = NULL;
wolfSSL 13:f67a6c6013ca 210 QSHSecret* secret = ssl->QSH_secret;
wolfSSL 13:f67a6c6013ca 211 QSHScheme* list = NULL;
wolfSSL 13:f67a6c6013ca 212 QSHScheme* preList = NULL;
wolfSSL 13:f67a6c6013ca 213
wolfSSL 13:f67a6c6013ca 214 /* free elements in struct */
wolfSSL 13:f67a6c6013ca 215 while (key) {
wolfSSL 13:f67a6c6013ca 216 preKey = key;
wolfSSL 13:f67a6c6013ca 217 if (key->pri.buffer) {
wolfSSL 13:f67a6c6013ca 218 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 13:f67a6c6013ca 219 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 13:f67a6c6013ca 220 }
wolfSSL 13:f67a6c6013ca 221 if (key->pub.buffer)
wolfSSL 13:f67a6c6013ca 222 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 223 key = (QSHKey*)key->next;
wolfSSL 13:f67a6c6013ca 224
wolfSSL 13:f67a6c6013ca 225 /* free struct */
wolfSSL 13:f67a6c6013ca 226 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL 13:f67a6c6013ca 227 }
wolfSSL 13:f67a6c6013ca 228 key = NULL;
wolfSSL 13:f67a6c6013ca 229
wolfSSL 13:f67a6c6013ca 230
wolfSSL 13:f67a6c6013ca 231 /* free all of peers QSH keys */
wolfSSL 13:f67a6c6013ca 232 key = ssl->peerQSHKey;
wolfSSL 13:f67a6c6013ca 233 while (key) {
wolfSSL 13:f67a6c6013ca 234 preKey = key;
wolfSSL 13:f67a6c6013ca 235 if (key->pri.buffer) {
wolfSSL 13:f67a6c6013ca 236 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 13:f67a6c6013ca 237 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 13:f67a6c6013ca 238 }
wolfSSL 13:f67a6c6013ca 239 if (key->pub.buffer)
wolfSSL 13:f67a6c6013ca 240 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 241 key = (QSHKey*)key->next;
wolfSSL 13:f67a6c6013ca 242
wolfSSL 13:f67a6c6013ca 243 /* free struct */
wolfSSL 13:f67a6c6013ca 244 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL 13:f67a6c6013ca 245 }
wolfSSL 13:f67a6c6013ca 246 key = NULL;
wolfSSL 13:f67a6c6013ca 247
wolfSSL 13:f67a6c6013ca 248 /* free secret information */
wolfSSL 13:f67a6c6013ca 249 if (secret) {
wolfSSL 13:f67a6c6013ca 250 /* free up the QSHScheme list in QSHSecret */
wolfSSL 13:f67a6c6013ca 251 if (secret->list)
wolfSSL 13:f67a6c6013ca 252 list = secret->list;
wolfSSL 13:f67a6c6013ca 253 while (list) {
wolfSSL 13:f67a6c6013ca 254 preList = list;
wolfSSL 13:f67a6c6013ca 255 if (list->PK)
wolfSSL 13:f67a6c6013ca 256 XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 257 list = (QSHScheme*)list->next;
wolfSSL 13:f67a6c6013ca 258 XFREE(preList, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL 13:f67a6c6013ca 259 }
wolfSSL 13:f67a6c6013ca 260
wolfSSL 13:f67a6c6013ca 261 /* free secret buffers */
wolfSSL 13:f67a6c6013ca 262 if (secret->SerSi) {
wolfSSL 13:f67a6c6013ca 263 if (secret->SerSi->buffer) {
wolfSSL 13:f67a6c6013ca 264 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 13:f67a6c6013ca 265 ForceZero(secret->SerSi->buffer, secret->SerSi->length);
wolfSSL 13:f67a6c6013ca 266 XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 267 }
wolfSSL 13:f67a6c6013ca 268 XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 269 }
wolfSSL 13:f67a6c6013ca 270 if (secret->CliSi) {
wolfSSL 13:f67a6c6013ca 271 if (secret->CliSi->buffer) {
wolfSSL 13:f67a6c6013ca 272 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 13:f67a6c6013ca 273 ForceZero(secret->CliSi->buffer, secret->CliSi->length);
wolfSSL 13:f67a6c6013ca 274 XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 275 }
wolfSSL 13:f67a6c6013ca 276 XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 277 }
wolfSSL 13:f67a6c6013ca 278 }
wolfSSL 13:f67a6c6013ca 279 XFREE(secret, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL 13:f67a6c6013ca 280 secret = NULL;
wolfSSL 13:f67a6c6013ca 281
wolfSSL 13:f67a6c6013ca 282 return 0;
wolfSSL 13:f67a6c6013ca 283 }
wolfSSL 13:f67a6c6013ca 284 #endif
wolfSSL 13:f67a6c6013ca 285
wolfSSL 13:f67a6c6013ca 286
wolfSSL 13:f67a6c6013ca 287 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 288 static WC_RNG* rng;
wolfSSL 13:f67a6c6013ca 289 static wolfSSL_Mutex* rngMutex;
wolfSSL 13:f67a6c6013ca 290
wolfSSL 13:f67a6c6013ca 291 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 13:f67a6c6013ca 292 {
wolfSSL 13:f67a6c6013ca 293 int ret = 0;
wolfSSL 13:f67a6c6013ca 294
wolfSSL 13:f67a6c6013ca 295 if (rng == NULL) {
wolfSSL 13:f67a6c6013ca 296 if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
wolfSSL 13:f67a6c6013ca 297 DYNAMIC_TYPE_RNG)) == NULL)
wolfSSL 13:f67a6c6013ca 298 return DRBG_OUT_OF_MEMORY;
wolfSSL 13:f67a6c6013ca 299 wc_InitRng(rng);
wolfSSL 13:f67a6c6013ca 300 }
wolfSSL 13:f67a6c6013ca 301
wolfSSL 13:f67a6c6013ca 302 if (rngMutex == NULL) {
wolfSSL 13:f67a6c6013ca 303 if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
wolfSSL 13:f67a6c6013ca 304 DYNAMIC_TYPE_MUTEX)) == NULL)
wolfSSL 13:f67a6c6013ca 305 return DRBG_OUT_OF_MEMORY;
wolfSSL 13:f67a6c6013ca 306 wc_InitMutex(rngMutex);
wolfSSL 13:f67a6c6013ca 307 }
wolfSSL 13:f67a6c6013ca 308
wolfSSL 13:f67a6c6013ca 309 ret |= wc_LockMutex(rngMutex);
wolfSSL 13:f67a6c6013ca 310 ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL 13:f67a6c6013ca 311 ret |= wc_UnLockMutex(rngMutex);
wolfSSL 13:f67a6c6013ca 312
wolfSSL 13:f67a6c6013ca 313 if (ret != 0)
wolfSSL 13:f67a6c6013ca 314 return DRBG_ENTROPY_FAIL;
wolfSSL 13:f67a6c6013ca 315
wolfSSL 13:f67a6c6013ca 316 return DRBG_OK;
wolfSSL 13:f67a6c6013ca 317 }
wolfSSL 13:f67a6c6013ca 318 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 319
wolfSSL 13:f67a6c6013ca 320 /* used by ssl.c too */
wolfSSL 13:f67a6c6013ca 321 void c32to24(word32 in, word24 out)
wolfSSL 13:f67a6c6013ca 322 {
wolfSSL 13:f67a6c6013ca 323 out[0] = (in >> 16) & 0xff;
wolfSSL 13:f67a6c6013ca 324 out[1] = (in >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 325 out[2] = in & 0xff;
wolfSSL 13:f67a6c6013ca 326 }
wolfSSL 13:f67a6c6013ca 327
wolfSSL 13:f67a6c6013ca 328
wolfSSL 13:f67a6c6013ca 329 /* convert 16 bit integer to opaque */
wolfSSL 13:f67a6c6013ca 330 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 13:f67a6c6013ca 331 {
wolfSSL 13:f67a6c6013ca 332 c[0] = (u16 >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 333 c[1] = u16 & 0xff;
wolfSSL 13:f67a6c6013ca 334 }
wolfSSL 13:f67a6c6013ca 335
wolfSSL 13:f67a6c6013ca 336
wolfSSL 13:f67a6c6013ca 337 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 13:f67a6c6013ca 338 || defined(HAVE_AESGCM) || defined(WOLFSSL_SESSION_EXPORT) \
wolfSSL 13:f67a6c6013ca 339 || defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET)
wolfSSL 13:f67a6c6013ca 340 /* convert 32 bit integer to opaque */
wolfSSL 13:f67a6c6013ca 341 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 13:f67a6c6013ca 342 {
wolfSSL 13:f67a6c6013ca 343 c[0] = (u32 >> 24) & 0xff;
wolfSSL 13:f67a6c6013ca 344 c[1] = (u32 >> 16) & 0xff;
wolfSSL 13:f67a6c6013ca 345 c[2] = (u32 >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 346 c[3] = u32 & 0xff;
wolfSSL 13:f67a6c6013ca 347 }
wolfSSL 13:f67a6c6013ca 348
wolfSSL 13:f67a6c6013ca 349 #endif
wolfSSL 13:f67a6c6013ca 350
wolfSSL 13:f67a6c6013ca 351
wolfSSL 13:f67a6c6013ca 352 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 13:f67a6c6013ca 353 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 13:f67a6c6013ca 354 {
wolfSSL 13:f67a6c6013ca 355 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 13:f67a6c6013ca 356 }
wolfSSL 13:f67a6c6013ca 357
wolfSSL 13:f67a6c6013ca 358
wolfSSL 13:f67a6c6013ca 359 /* convert opaque to 16 bit integer */
wolfSSL 13:f67a6c6013ca 360 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 13:f67a6c6013ca 361 {
wolfSSL 13:f67a6c6013ca 362 *u16 = (word16) ((c[0] << 8) | (c[1]));
wolfSSL 13:f67a6c6013ca 363 }
wolfSSL 13:f67a6c6013ca 364
wolfSSL 13:f67a6c6013ca 365
wolfSSL 13:f67a6c6013ca 366 #if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET) || \
wolfSSL 13:f67a6c6013ca 367 defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 13:f67a6c6013ca 368
wolfSSL 13:f67a6c6013ca 369 /* convert opaque to 32 bit integer */
wolfSSL 13:f67a6c6013ca 370 static INLINE void ato32(const byte* c, word32* u32)
wolfSSL 13:f67a6c6013ca 371 {
wolfSSL 13:f67a6c6013ca 372 *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
wolfSSL 13:f67a6c6013ca 373 }
wolfSSL 13:f67a6c6013ca 374
wolfSSL 13:f67a6c6013ca 375 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 376
wolfSSL 13:f67a6c6013ca 377
wolfSSL 13:f67a6c6013ca 378 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 379
wolfSSL 13:f67a6c6013ca 380 /* alloc user allocs to work with zlib */
wolfSSL 13:f67a6c6013ca 381 static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL 13:f67a6c6013ca 382 {
wolfSSL 13:f67a6c6013ca 383 (void)opaque;
wolfSSL 13:f67a6c6013ca 384 return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 13:f67a6c6013ca 385 }
wolfSSL 13:f67a6c6013ca 386
wolfSSL 13:f67a6c6013ca 387
wolfSSL 13:f67a6c6013ca 388 static void myFree(void* opaque, void* memory)
wolfSSL 13:f67a6c6013ca 389 {
wolfSSL 13:f67a6c6013ca 390 (void)opaque;
wolfSSL 13:f67a6c6013ca 391 XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 13:f67a6c6013ca 392 }
wolfSSL 13:f67a6c6013ca 393
wolfSSL 13:f67a6c6013ca 394
wolfSSL 13:f67a6c6013ca 395 /* init zlib comp/decomp streams, 0 on success */
wolfSSL 13:f67a6c6013ca 396 static int InitStreams(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 397 {
wolfSSL 13:f67a6c6013ca 398 ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 13:f67a6c6013ca 399 ssl->c_stream.zfree = (free_func)myFree;
wolfSSL 13:f67a6c6013ca 400 ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL 13:f67a6c6013ca 401
wolfSSL 13:f67a6c6013ca 402 if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL 13:f67a6c6013ca 403 return ZLIB_INIT_ERROR;
wolfSSL 13:f67a6c6013ca 404
wolfSSL 13:f67a6c6013ca 405 ssl->didStreamInit = 1;
wolfSSL 13:f67a6c6013ca 406
wolfSSL 13:f67a6c6013ca 407 ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 13:f67a6c6013ca 408 ssl->d_stream.zfree = (free_func)myFree;
wolfSSL 13:f67a6c6013ca 409 ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL 13:f67a6c6013ca 410
wolfSSL 13:f67a6c6013ca 411 if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL 13:f67a6c6013ca 412
wolfSSL 13:f67a6c6013ca 413 return 0;
wolfSSL 13:f67a6c6013ca 414 }
wolfSSL 13:f67a6c6013ca 415
wolfSSL 13:f67a6c6013ca 416
wolfSSL 13:f67a6c6013ca 417 static void FreeStreams(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 418 {
wolfSSL 13:f67a6c6013ca 419 if (ssl->didStreamInit) {
wolfSSL 13:f67a6c6013ca 420 deflateEnd(&ssl->c_stream);
wolfSSL 13:f67a6c6013ca 421 inflateEnd(&ssl->d_stream);
wolfSSL 13:f67a6c6013ca 422 }
wolfSSL 13:f67a6c6013ca 423 }
wolfSSL 13:f67a6c6013ca 424
wolfSSL 13:f67a6c6013ca 425
wolfSSL 13:f67a6c6013ca 426 /* compress in to out, return out size or error */
wolfSSL 13:f67a6c6013ca 427 static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL 13:f67a6c6013ca 428 {
wolfSSL 13:f67a6c6013ca 429 int err;
wolfSSL 13:f67a6c6013ca 430 int currTotal = (int)ssl->c_stream.total_out;
wolfSSL 13:f67a6c6013ca 431
wolfSSL 13:f67a6c6013ca 432 ssl->c_stream.next_in = in;
wolfSSL 13:f67a6c6013ca 433 ssl->c_stream.avail_in = inSz;
wolfSSL 13:f67a6c6013ca 434 ssl->c_stream.next_out = out;
wolfSSL 13:f67a6c6013ca 435 ssl->c_stream.avail_out = outSz;
wolfSSL 13:f67a6c6013ca 436
wolfSSL 13:f67a6c6013ca 437 err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL 13:f67a6c6013ca 438 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL 13:f67a6c6013ca 439
wolfSSL 13:f67a6c6013ca 440 return (int)ssl->c_stream.total_out - currTotal;
wolfSSL 13:f67a6c6013ca 441 }
wolfSSL 13:f67a6c6013ca 442
wolfSSL 13:f67a6c6013ca 443
wolfSSL 13:f67a6c6013ca 444 /* decompress in to out, return out size or error */
wolfSSL 13:f67a6c6013ca 445 static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL 13:f67a6c6013ca 446 {
wolfSSL 13:f67a6c6013ca 447 int err;
wolfSSL 13:f67a6c6013ca 448 int currTotal = (int)ssl->d_stream.total_out;
wolfSSL 13:f67a6c6013ca 449
wolfSSL 13:f67a6c6013ca 450 ssl->d_stream.next_in = in;
wolfSSL 13:f67a6c6013ca 451 ssl->d_stream.avail_in = inSz;
wolfSSL 13:f67a6c6013ca 452 ssl->d_stream.next_out = out;
wolfSSL 13:f67a6c6013ca 453 ssl->d_stream.avail_out = outSz;
wolfSSL 13:f67a6c6013ca 454
wolfSSL 13:f67a6c6013ca 455 err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL 13:f67a6c6013ca 456 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL 13:f67a6c6013ca 457
wolfSSL 13:f67a6c6013ca 458 return (int)ssl->d_stream.total_out - currTotal;
wolfSSL 13:f67a6c6013ca 459 }
wolfSSL 13:f67a6c6013ca 460
wolfSSL 13:f67a6c6013ca 461 #endif /* HAVE_LIBZ */
wolfSSL 13:f67a6c6013ca 462
wolfSSL 13:f67a6c6013ca 463
wolfSSL 13:f67a6c6013ca 464 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 13:f67a6c6013ca 465 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 466 /* serializes the cipher specs struct for exporting */
wolfSSL 13:f67a6c6013ca 467 static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 468 {
wolfSSL 13:f67a6c6013ca 469 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 470 CipherSpecs* specs;
wolfSSL 13:f67a6c6013ca 471
wolfSSL 13:f67a6c6013ca 472 WOLFSSL_ENTER("ExportCipherSpecState");
wolfSSL 13:f67a6c6013ca 473
wolfSSL 13:f67a6c6013ca 474 if (exp == NULL || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 475 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 476 }
wolfSSL 13:f67a6c6013ca 477
wolfSSL 13:f67a6c6013ca 478 specs= &(ssl->specs);
wolfSSL 13:f67a6c6013ca 479
wolfSSL 13:f67a6c6013ca 480 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 13:f67a6c6013ca 481 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 482 }
wolfSSL 13:f67a6c6013ca 483
wolfSSL 13:f67a6c6013ca 484 XMEMSET(exp, 0, DTLS_EXPORT_SPC_SZ);
wolfSSL 13:f67a6c6013ca 485
wolfSSL 13:f67a6c6013ca 486 c16toa(specs->key_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 487 c16toa(specs->iv_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 488 c16toa(specs->block_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 489 c16toa(specs->aead_mac_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 490 exp[idx++] = specs->bulk_cipher_algorithm;
wolfSSL 13:f67a6c6013ca 491 exp[idx++] = specs->cipher_type;
wolfSSL 13:f67a6c6013ca 492 exp[idx++] = specs->mac_algorithm;
wolfSSL 13:f67a6c6013ca 493 exp[idx++] = specs->kea;
wolfSSL 13:f67a6c6013ca 494 exp[idx++] = specs->sig_algo;
wolfSSL 13:f67a6c6013ca 495 exp[idx++] = specs->hash_size;
wolfSSL 13:f67a6c6013ca 496 exp[idx++] = specs->pad_size;
wolfSSL 13:f67a6c6013ca 497 exp[idx++] = specs->static_ecdh;
wolfSSL 13:f67a6c6013ca 498
wolfSSL 13:f67a6c6013ca 499 if (idx != DTLS_EXPORT_SPC_SZ) {
wolfSSL 13:f67a6c6013ca 500 WOLFSSL_MSG("DTLS_EXPORT_SPC_SZ needs updated and export version");
wolfSSL 13:f67a6c6013ca 501 return DTLS_EXPORT_VER_E;
wolfSSL 13:f67a6c6013ca 502 }
wolfSSL 13:f67a6c6013ca 503
wolfSSL 13:f67a6c6013ca 504 WOLFSSL_LEAVE("ExportCipherSpecState", idx);
wolfSSL 13:f67a6c6013ca 505 (void)ver;
wolfSSL 13:f67a6c6013ca 506 return idx;
wolfSSL 13:f67a6c6013ca 507 }
wolfSSL 13:f67a6c6013ca 508
wolfSSL 13:f67a6c6013ca 509
wolfSSL 13:f67a6c6013ca 510 /* serializes the key struct for exporting */
wolfSSL 13:f67a6c6013ca 511 static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 512 {
wolfSSL 13:f67a6c6013ca 513 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 514 byte sz;
wolfSSL 13:f67a6c6013ca 515 Keys* keys;
wolfSSL 13:f67a6c6013ca 516
wolfSSL 13:f67a6c6013ca 517 WOLFSSL_ENTER("ExportKeyState");
wolfSSL 13:f67a6c6013ca 518
wolfSSL 13:f67a6c6013ca 519 if (exp == NULL || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 520 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 521 }
wolfSSL 13:f67a6c6013ca 522
wolfSSL 13:f67a6c6013ca 523 keys = &(ssl->keys);
wolfSSL 13:f67a6c6013ca 524
wolfSSL 13:f67a6c6013ca 525 if (DTLS_EXPORT_KEY_SZ > len) {
wolfSSL 13:f67a6c6013ca 526 WOLFSSL_MSG("Buffer not large enough for max key struct size");
wolfSSL 13:f67a6c6013ca 527 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 528 }
wolfSSL 13:f67a6c6013ca 529
wolfSSL 13:f67a6c6013ca 530 XMEMSET(exp, 0, DTLS_EXPORT_KEY_SZ);
wolfSSL 13:f67a6c6013ca 531
wolfSSL 13:f67a6c6013ca 532 c32toa(keys->peer_sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 533 c32toa(keys->peer_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 534 c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 535 c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 536
wolfSSL 13:f67a6c6013ca 537 c16toa(keys->peerSeq[0].nextEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 538 c16toa(keys->peerSeq[0].nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 539 c32toa(keys->peerSeq[0].nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 540 c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 541 c16toa(keys->curSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 542 c32toa(keys->curSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 543 c16toa(keys->peerSeq[0].prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 544 c32toa(keys->peerSeq[0].prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 545
wolfSSL 13:f67a6c6013ca 546 c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 547 c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
wolfSSL 13:f67a6c6013ca 548 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 549
wolfSSL 13:f67a6c6013ca 550 c16toa(keys->dtls_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 551 c32toa(keys->dtls_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 552 c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 553 c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 554 c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 555 c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 556 c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 557 c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 558 exp[idx++] = keys->encryptionOn;
wolfSSL 13:f67a6c6013ca 559 exp[idx++] = keys->decryptedCur;
wolfSSL 13:f67a6c6013ca 560
wolfSSL 13:f67a6c6013ca 561 {
wolfSSL 13:f67a6c6013ca 562 word32 i;
wolfSSL 13:f67a6c6013ca 563
wolfSSL 13:f67a6c6013ca 564 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 565 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 13:f67a6c6013ca 566 c32toa(keys->peerSeq[0].window[i], exp + idx);
wolfSSL 13:f67a6c6013ca 567 idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 568 }
wolfSSL 13:f67a6c6013ca 569 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 570 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 13:f67a6c6013ca 571 c32toa(keys->peerSeq[0].prevWindow[i], exp + idx);
wolfSSL 13:f67a6c6013ca 572 idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 573 }
wolfSSL 13:f67a6c6013ca 574 }
wolfSSL 13:f67a6c6013ca 575
wolfSSL 13:f67a6c6013ca 576 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 577 sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 578 exp[idx++] = ssl->truncated_hmac;
wolfSSL 13:f67a6c6013ca 579 #else
wolfSSL 13:f67a6c6013ca 580 sz = ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 581 exp[idx++] = 0; /* no truncated hmac */
wolfSSL 13:f67a6c6013ca 582 #endif
wolfSSL 13:f67a6c6013ca 583 exp[idx++] = sz;
wolfSSL 13:f67a6c6013ca 584 XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 585 XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 586
wolfSSL 13:f67a6c6013ca 587 sz = ssl->specs.key_size;
wolfSSL 13:f67a6c6013ca 588 exp[idx++] = sz;
wolfSSL 13:f67a6c6013ca 589 XMEMCPY(exp + idx, keys->client_write_key, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 590 XMEMCPY(exp + idx, keys->server_write_key, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 591
wolfSSL 13:f67a6c6013ca 592 sz = ssl->specs.iv_size;
wolfSSL 13:f67a6c6013ca 593 exp[idx++] = sz;
wolfSSL 13:f67a6c6013ca 594 XMEMCPY(exp + idx, keys->client_write_IV, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 595 XMEMCPY(exp + idx, keys->server_write_IV, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 596 XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
wolfSSL 13:f67a6c6013ca 597 idx += AEAD_MAX_EXP_SZ;
wolfSSL 13:f67a6c6013ca 598
wolfSSL 13:f67a6c6013ca 599 sz = AEAD_MAX_IMP_SZ;
wolfSSL 13:f67a6c6013ca 600 exp[idx++] = sz;
wolfSSL 13:f67a6c6013ca 601 XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 602 XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 603
wolfSSL 13:f67a6c6013ca 604 /* DTLS_EXPORT_KEY_SZ is max value. idx size can vary */
wolfSSL 13:f67a6c6013ca 605 if (idx > DTLS_EXPORT_KEY_SZ) {
wolfSSL 13:f67a6c6013ca 606 WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version");
wolfSSL 13:f67a6c6013ca 607 return DTLS_EXPORT_VER_E;
wolfSSL 13:f67a6c6013ca 608 }
wolfSSL 13:f67a6c6013ca 609
wolfSSL 13:f67a6c6013ca 610 WOLFSSL_LEAVE("ExportKeyState", idx);
wolfSSL 13:f67a6c6013ca 611 (void)ver;
wolfSSL 13:f67a6c6013ca 612 return idx;
wolfSSL 13:f67a6c6013ca 613 }
wolfSSL 13:f67a6c6013ca 614
wolfSSL 13:f67a6c6013ca 615 static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 616 {
wolfSSL 13:f67a6c6013ca 617 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 618 CipherSpecs* specs;
wolfSSL 13:f67a6c6013ca 619
wolfSSL 13:f67a6c6013ca 620 WOLFSSL_ENTER("ImportCipherSpecState");
wolfSSL 13:f67a6c6013ca 621
wolfSSL 13:f67a6c6013ca 622 if (exp == NULL || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 623 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 624 }
wolfSSL 13:f67a6c6013ca 625
wolfSSL 13:f67a6c6013ca 626 specs= &(ssl->specs);
wolfSSL 13:f67a6c6013ca 627
wolfSSL 13:f67a6c6013ca 628 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 13:f67a6c6013ca 629 WOLFSSL_MSG("Buffer not large enough for max spec struct size");
wolfSSL 13:f67a6c6013ca 630 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 631 }
wolfSSL 13:f67a6c6013ca 632
wolfSSL 13:f67a6c6013ca 633 ato16(exp + idx, &specs->key_size); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 634 ato16(exp + idx, &specs->iv_size); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 635 ato16(exp + idx, &specs->block_size); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 636 ato16(exp + idx, &specs->aead_mac_size); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 637 specs->bulk_cipher_algorithm = exp[idx++];
wolfSSL 13:f67a6c6013ca 638 specs->cipher_type = exp[idx++];
wolfSSL 13:f67a6c6013ca 639 specs->mac_algorithm = exp[idx++];
wolfSSL 13:f67a6c6013ca 640 specs->kea = exp[idx++];
wolfSSL 13:f67a6c6013ca 641 specs->sig_algo = exp[idx++];
wolfSSL 13:f67a6c6013ca 642 specs->hash_size = exp[idx++];
wolfSSL 13:f67a6c6013ca 643 specs->pad_size = exp[idx++];
wolfSSL 13:f67a6c6013ca 644 specs->static_ecdh = exp[idx++];
wolfSSL 13:f67a6c6013ca 645
wolfSSL 13:f67a6c6013ca 646 WOLFSSL_LEAVE("ImportCipherSpecState", idx);
wolfSSL 13:f67a6c6013ca 647 (void)ver;
wolfSSL 13:f67a6c6013ca 648 return idx;
wolfSSL 13:f67a6c6013ca 649 }
wolfSSL 13:f67a6c6013ca 650
wolfSSL 13:f67a6c6013ca 651
wolfSSL 13:f67a6c6013ca 652 static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 653 {
wolfSSL 13:f67a6c6013ca 654 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 655 byte sz;
wolfSSL 13:f67a6c6013ca 656 Keys* keys;
wolfSSL 13:f67a6c6013ca 657
wolfSSL 13:f67a6c6013ca 658 WOLFSSL_ENTER("ImportKeyState");
wolfSSL 13:f67a6c6013ca 659
wolfSSL 13:f67a6c6013ca 660 if (exp == NULL || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 661 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 662 }
wolfSSL 13:f67a6c6013ca 663
wolfSSL 13:f67a6c6013ca 664 keys = &(ssl->keys);
wolfSSL 13:f67a6c6013ca 665
wolfSSL 13:f67a6c6013ca 666 /* check minimum length -- includes byte used for size indicators */
wolfSSL 13:f67a6c6013ca 667 if (len < DTLS_EXPORT_MIN_KEY_SZ) {
wolfSSL 13:f67a6c6013ca 668 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 669 }
wolfSSL 13:f67a6c6013ca 670 ato32(exp + idx, &keys->peer_sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 671 ato32(exp + idx, &keys->peer_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 672 ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 673 ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 674
wolfSSL 13:f67a6c6013ca 675 ato16(exp + idx, &keys->peerSeq[0].nextEpoch); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 676 ato16(exp + idx, &keys->peerSeq[0].nextSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 677 ato32(exp + idx, &keys->peerSeq[0].nextSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 678 ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 679 ato16(exp + idx, &keys->curSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 680 ato32(exp + idx, &keys->curSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 681 ato16(exp + idx, &keys->peerSeq[0].prevSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 682 ato32(exp + idx, &keys->peerSeq[0].prevSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 683
wolfSSL 13:f67a6c6013ca 684 ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 685 ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
wolfSSL 13:f67a6c6013ca 686 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 687
wolfSSL 13:f67a6c6013ca 688 ato16(exp + idx, &keys->dtls_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 689 ato32(exp + idx, &keys->dtls_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 690 ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 691 ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 692 ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 693 ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 694 ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 695 ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 696 keys->encryptionOn = exp[idx++];
wolfSSL 13:f67a6c6013ca 697 keys->decryptedCur = exp[idx++];
wolfSSL 13:f67a6c6013ca 698
wolfSSL 13:f67a6c6013ca 699 {
wolfSSL 13:f67a6c6013ca 700 word16 i, wordCount, wordAdj = 0;
wolfSSL 13:f67a6c6013ca 701
wolfSSL 13:f67a6c6013ca 702 /* do window */
wolfSSL 13:f67a6c6013ca 703 ato16(exp + idx, &wordCount);
wolfSSL 13:f67a6c6013ca 704 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 705
wolfSSL 13:f67a6c6013ca 706 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 13:f67a6c6013ca 707 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 13:f67a6c6013ca 708 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 13:f67a6c6013ca 709 }
wolfSSL 13:f67a6c6013ca 710
wolfSSL 13:f67a6c6013ca 711 XMEMSET(keys->peerSeq[0].window, 0xFF, DTLS_SEQ_SZ);
wolfSSL 13:f67a6c6013ca 712 for (i = 0; i < wordCount; i++) {
wolfSSL 13:f67a6c6013ca 713 ato32(exp + idx, &keys->peerSeq[0].window[i]);
wolfSSL 13:f67a6c6013ca 714 idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 715 }
wolfSSL 13:f67a6c6013ca 716 idx += wordAdj;
wolfSSL 13:f67a6c6013ca 717
wolfSSL 13:f67a6c6013ca 718 /* do prevWindow */
wolfSSL 13:f67a6c6013ca 719 ato16(exp + idx, &wordCount);
wolfSSL 13:f67a6c6013ca 720 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 721
wolfSSL 13:f67a6c6013ca 722 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 13:f67a6c6013ca 723 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 13:f67a6c6013ca 724 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 13:f67a6c6013ca 725 }
wolfSSL 13:f67a6c6013ca 726
wolfSSL 13:f67a6c6013ca 727 XMEMSET(keys->peerSeq[0].prevWindow, 0xFF, DTLS_SEQ_SZ);
wolfSSL 13:f67a6c6013ca 728 for (i = 0; i < wordCount; i++) {
wolfSSL 13:f67a6c6013ca 729 ato32(exp + idx, &keys->peerSeq[0].prevWindow[i]);
wolfSSL 13:f67a6c6013ca 730 idx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 731 }
wolfSSL 13:f67a6c6013ca 732 idx += wordAdj;
wolfSSL 13:f67a6c6013ca 733
wolfSSL 13:f67a6c6013ca 734 }
wolfSSL 13:f67a6c6013ca 735
wolfSSL 13:f67a6c6013ca 736 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 737 ssl->truncated_hmac = exp[idx++];
wolfSSL 13:f67a6c6013ca 738 #else
wolfSSL 13:f67a6c6013ca 739 idx++; /* no truncated hmac */
wolfSSL 13:f67a6c6013ca 740 #endif
wolfSSL 13:f67a6c6013ca 741 sz = exp[idx++];
wolfSSL 13:f67a6c6013ca 742 if (sz > MAX_DIGEST_SIZE || sz + idx > len) {
wolfSSL 13:f67a6c6013ca 743 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 744 }
wolfSSL 13:f67a6c6013ca 745 XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 746 XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 747
wolfSSL 13:f67a6c6013ca 748 sz = exp[idx++];
wolfSSL 13:f67a6c6013ca 749 if (sz > AES_256_KEY_SIZE || sz + idx > len) {
wolfSSL 13:f67a6c6013ca 750 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 751 }
wolfSSL 13:f67a6c6013ca 752 XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 753 XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 754
wolfSSL 13:f67a6c6013ca 755 sz = exp[idx++];
wolfSSL 13:f67a6c6013ca 756 if (sz > MAX_WRITE_IV_SZ || sz + idx > len) {
wolfSSL 13:f67a6c6013ca 757 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 758 }
wolfSSL 13:f67a6c6013ca 759 XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 760 XMEMCPY(keys->server_write_IV, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 761 XMEMCPY(keys->aead_exp_IV, exp + idx, AEAD_MAX_EXP_SZ);
wolfSSL 13:f67a6c6013ca 762 idx += AEAD_MAX_EXP_SZ;
wolfSSL 13:f67a6c6013ca 763
wolfSSL 13:f67a6c6013ca 764 sz = exp[idx++];
wolfSSL 13:f67a6c6013ca 765 if (sz > AEAD_MAX_IMP_SZ || sz + idx > len) {
wolfSSL 13:f67a6c6013ca 766 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 767 }
wolfSSL 13:f67a6c6013ca 768 XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 769 XMEMCPY(keys->aead_dec_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 13:f67a6c6013ca 770
wolfSSL 13:f67a6c6013ca 771 WOLFSSL_LEAVE("ImportKeyState", idx);
wolfSSL 13:f67a6c6013ca 772 (void)ver;
wolfSSL 13:f67a6c6013ca 773 return idx;
wolfSSL 13:f67a6c6013ca 774 }
wolfSSL 13:f67a6c6013ca 775
wolfSSL 13:f67a6c6013ca 776
wolfSSL 13:f67a6c6013ca 777 /* copy over necessary information from Options struct to buffer
wolfSSL 13:f67a6c6013ca 778 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 13:f67a6c6013ca 779 static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 780 {
wolfSSL 13:f67a6c6013ca 781 int idx = 0;
wolfSSL 13:f67a6c6013ca 782 word16 zero = 0;
wolfSSL 13:f67a6c6013ca 783 Options* options = &ssl->options;
wolfSSL 13:f67a6c6013ca 784
wolfSSL 13:f67a6c6013ca 785 WOLFSSL_ENTER("dtls_export_new");
wolfSSL 13:f67a6c6013ca 786
wolfSSL 13:f67a6c6013ca 787 if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 13:f67a6c6013ca 788 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 789 }
wolfSSL 13:f67a6c6013ca 790
wolfSSL 13:f67a6c6013ca 791 XMEMSET(exp, 0, DTLS_EXPORT_OPT_SZ);
wolfSSL 13:f67a6c6013ca 792
wolfSSL 13:f67a6c6013ca 793 /* these options are kept and sent to indicate verify status and strength
wolfSSL 13:f67a6c6013ca 794 * of handshake */
wolfSSL 13:f67a6c6013ca 795 exp[idx++] = options->sendVerify;
wolfSSL 13:f67a6c6013ca 796 exp[idx++] = options->verifyPeer;
wolfSSL 13:f67a6c6013ca 797 exp[idx++] = options->verifyNone;
wolfSSL 13:f67a6c6013ca 798 exp[idx++] = options->downgrade;
wolfSSL 13:f67a6c6013ca 799 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 800 c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 801 c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 802 #else
wolfSSL 13:f67a6c6013ca 803 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 804 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 805 #endif
wolfSSL 13:f67a6c6013ca 806 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 807 c16toa((word16)(options->minRsaKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 808 #else
wolfSSL 13:f67a6c6013ca 809 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 810 #endif
wolfSSL 13:f67a6c6013ca 811 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 812 c16toa((word16)(options->minEccKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 813 #else
wolfSSL 13:f67a6c6013ca 814 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 815 #endif
wolfSSL 13:f67a6c6013ca 816
wolfSSL 13:f67a6c6013ca 817 /* these options are kept to indicate state and behavior */
wolfSSL 13:f67a6c6013ca 818 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 819 exp[idx++] = options->havePSK;
wolfSSL 13:f67a6c6013ca 820 #else
wolfSSL 13:f67a6c6013ca 821 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 822 #endif
wolfSSL 13:f67a6c6013ca 823 exp[idx++] = options->sessionCacheOff;
wolfSSL 13:f67a6c6013ca 824 exp[idx++] = options->sessionCacheFlushOff;
wolfSSL 13:f67a6c6013ca 825 exp[idx++] = options->side;
wolfSSL 13:f67a6c6013ca 826 exp[idx++] = options->resuming;
wolfSSL 13:f67a6c6013ca 827 exp[idx++] = options->haveSessionId;
wolfSSL 13:f67a6c6013ca 828 exp[idx++] = options->tls;
wolfSSL 13:f67a6c6013ca 829 exp[idx++] = options->tls1_1;
wolfSSL 13:f67a6c6013ca 830 exp[idx++] = options->dtls;
wolfSSL 13:f67a6c6013ca 831 exp[idx++] = options->connReset;
wolfSSL 13:f67a6c6013ca 832 exp[idx++] = options->isClosed;
wolfSSL 13:f67a6c6013ca 833 exp[idx++] = options->closeNotify;
wolfSSL 13:f67a6c6013ca 834 exp[idx++] = options->sentNotify;
wolfSSL 13:f67a6c6013ca 835 exp[idx++] = options->usingCompression;
wolfSSL 13:f67a6c6013ca 836 exp[idx++] = options->haveRSA;
wolfSSL 13:f67a6c6013ca 837 exp[idx++] = options->haveECC;
wolfSSL 13:f67a6c6013ca 838 exp[idx++] = options->haveDH;
wolfSSL 13:f67a6c6013ca 839 exp[idx++] = options->haveNTRU;
wolfSSL 13:f67a6c6013ca 840 exp[idx++] = options->haveQSH;
wolfSSL 13:f67a6c6013ca 841 exp[idx++] = options->haveECDSAsig;
wolfSSL 13:f67a6c6013ca 842 exp[idx++] = options->haveStaticECC;
wolfSSL 13:f67a6c6013ca 843 exp[idx++] = options->havePeerVerify;
wolfSSL 13:f67a6c6013ca 844 exp[idx++] = options->usingPSK_cipher;
wolfSSL 13:f67a6c6013ca 845 exp[idx++] = options->usingAnon_cipher;
wolfSSL 13:f67a6c6013ca 846 exp[idx++] = options->sendAlertState;
wolfSSL 13:f67a6c6013ca 847 exp[idx++] = options->partialWrite;
wolfSSL 13:f67a6c6013ca 848 exp[idx++] = options->quietShutdown;
wolfSSL 13:f67a6c6013ca 849 exp[idx++] = options->groupMessages;
wolfSSL 13:f67a6c6013ca 850 #ifdef HAVE_POLY1305
wolfSSL 13:f67a6c6013ca 851 exp[idx++] = options->oldPoly;
wolfSSL 13:f67a6c6013ca 852 #else
wolfSSL 13:f67a6c6013ca 853 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 854 #endif
wolfSSL 13:f67a6c6013ca 855 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 856 exp[idx++] = options->haveAnon;
wolfSSL 13:f67a6c6013ca 857 #else
wolfSSL 13:f67a6c6013ca 858 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 859 #endif
wolfSSL 13:f67a6c6013ca 860 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 861 exp[idx++] = options->createTicket;
wolfSSL 13:f67a6c6013ca 862 exp[idx++] = options->useTicket;
wolfSSL 13:f67a6c6013ca 863 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 864 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 865 exp[idx++] = options->noTicketTls13;
wolfSSL 13:f67a6c6013ca 866 }
wolfSSL 13:f67a6c6013ca 867 #else
wolfSSL 13:f67a6c6013ca 868 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 869 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 870 }
wolfSSL 13:f67a6c6013ca 871 #endif
wolfSSL 13:f67a6c6013ca 872 #else
wolfSSL 13:f67a6c6013ca 873 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 874 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 875 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 876 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 877 }
wolfSSL 13:f67a6c6013ca 878 #endif
wolfSSL 13:f67a6c6013ca 879 exp[idx++] = options->processReply;
wolfSSL 13:f67a6c6013ca 880 exp[idx++] = options->cipherSuite0;
wolfSSL 13:f67a6c6013ca 881 exp[idx++] = options->cipherSuite;
wolfSSL 13:f67a6c6013ca 882 exp[idx++] = options->serverState;
wolfSSL 13:f67a6c6013ca 883 exp[idx++] = options->clientState;
wolfSSL 13:f67a6c6013ca 884 exp[idx++] = options->handShakeState;
wolfSSL 13:f67a6c6013ca 885 exp[idx++] = options->handShakeDone;
wolfSSL 13:f67a6c6013ca 886 exp[idx++] = options->minDowngrade;
wolfSSL 13:f67a6c6013ca 887 exp[idx++] = options->connectState;
wolfSSL 13:f67a6c6013ca 888 exp[idx++] = options->acceptState;
wolfSSL 13:f67a6c6013ca 889 exp[idx++] = options->asyncState;
wolfSSL 13:f67a6c6013ca 890
wolfSSL 13:f67a6c6013ca 891 /* version of connection */
wolfSSL 13:f67a6c6013ca 892 exp[idx++] = ssl->version.major;
wolfSSL 13:f67a6c6013ca 893 exp[idx++] = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 894
wolfSSL 13:f67a6c6013ca 895 (void)zero;
wolfSSL 13:f67a6c6013ca 896
wolfSSL 13:f67a6c6013ca 897 /* check if changes were made and notify of need to update export version */
wolfSSL 13:f67a6c6013ca 898 switch (ver) {
wolfSSL 13:f67a6c6013ca 899 case DTLS_EXPORT_VERSION_3:
wolfSSL 13:f67a6c6013ca 900 if (idx != DTLS_EXPORT_OPT_SZ_3) {
wolfSSL 13:f67a6c6013ca 901 WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
wolfSSL 13:f67a6c6013ca 902 return DTLS_EXPORT_VER_E;
wolfSSL 13:f67a6c6013ca 903 }
wolfSSL 13:f67a6c6013ca 904 break;
wolfSSL 13:f67a6c6013ca 905
wolfSSL 13:f67a6c6013ca 906 case DTLS_EXPORT_VERSION:
wolfSSL 13:f67a6c6013ca 907 if (idx != DTLS_EXPORT_OPT_SZ) {
wolfSSL 13:f67a6c6013ca 908 WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
wolfSSL 13:f67a6c6013ca 909 return DTLS_EXPORT_VER_E;
wolfSSL 13:f67a6c6013ca 910 }
wolfSSL 13:f67a6c6013ca 911 break;
wolfSSL 13:f67a6c6013ca 912
wolfSSL 13:f67a6c6013ca 913 default:
wolfSSL 13:f67a6c6013ca 914 WOLFSSL_MSG("New version case needs added to wolfSSL export");
wolfSSL 13:f67a6c6013ca 915 return DTLS_EXPORT_VER_E;
wolfSSL 13:f67a6c6013ca 916 }
wolfSSL 13:f67a6c6013ca 917
wolfSSL 13:f67a6c6013ca 918 WOLFSSL_LEAVE("dtls_export_new", idx);
wolfSSL 13:f67a6c6013ca 919
wolfSSL 13:f67a6c6013ca 920 return idx;
wolfSSL 13:f67a6c6013ca 921 }
wolfSSL 13:f67a6c6013ca 922
wolfSSL 13:f67a6c6013ca 923
wolfSSL 13:f67a6c6013ca 924 /* copy items from Export struct to Options struct
wolfSSL 13:f67a6c6013ca 925 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 13:f67a6c6013ca 926 static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 927 {
wolfSSL 13:f67a6c6013ca 928 int idx = 0;
wolfSSL 13:f67a6c6013ca 929 Options* options = &ssl->options;
wolfSSL 13:f67a6c6013ca 930
wolfSSL 13:f67a6c6013ca 931 switch (ver) {
wolfSSL 13:f67a6c6013ca 932 case DTLS_EXPORT_VERSION:
wolfSSL 13:f67a6c6013ca 933 if (len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 13:f67a6c6013ca 934 WOLFSSL_MSG("Sanity check on buffer size failed");
wolfSSL 13:f67a6c6013ca 935 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 936 }
wolfSSL 13:f67a6c6013ca 937 break;
wolfSSL 13:f67a6c6013ca 938
wolfSSL 13:f67a6c6013ca 939 case DTLS_EXPORT_VERSION_3:
wolfSSL 13:f67a6c6013ca 940 if (len < DTLS_EXPORT_OPT_SZ_3) {
wolfSSL 13:f67a6c6013ca 941 WOLFSSL_MSG("Sanity check on buffer size failed");
wolfSSL 13:f67a6c6013ca 942 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 943 }
wolfSSL 13:f67a6c6013ca 944 break;
wolfSSL 13:f67a6c6013ca 945
wolfSSL 13:f67a6c6013ca 946 default:
wolfSSL 13:f67a6c6013ca 947 WOLFSSL_MSG("Export version not supported");
wolfSSL 13:f67a6c6013ca 948 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 949 }
wolfSSL 13:f67a6c6013ca 950
wolfSSL 13:f67a6c6013ca 951 if (exp == NULL || options == NULL) {
wolfSSL 13:f67a6c6013ca 952 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 953 }
wolfSSL 13:f67a6c6013ca 954
wolfSSL 13:f67a6c6013ca 955
wolfSSL 13:f67a6c6013ca 956 /* these options are kept and sent to indicate verify status and strength
wolfSSL 13:f67a6c6013ca 957 * of handshake */
wolfSSL 13:f67a6c6013ca 958 options->sendVerify = exp[idx++];
wolfSSL 13:f67a6c6013ca 959 options->verifyPeer = exp[idx++];
wolfSSL 13:f67a6c6013ca 960 options->verifyNone = exp[idx++];
wolfSSL 13:f67a6c6013ca 961 options->downgrade = exp[idx++];
wolfSSL 13:f67a6c6013ca 962 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 963 ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 964 ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 965 #else
wolfSSL 13:f67a6c6013ca 966 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 967 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 968 #endif
wolfSSL 13:f67a6c6013ca 969 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 970 ato16(exp + idx, (word16*)&(options->minRsaKeySz)); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 971 #else
wolfSSL 13:f67a6c6013ca 972 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 973 #endif
wolfSSL 13:f67a6c6013ca 974 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 975 ato16(exp + idx, (word16*)&(options->minEccKeySz)); idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 976 #else
wolfSSL 13:f67a6c6013ca 977 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 978 #endif
wolfSSL 13:f67a6c6013ca 979
wolfSSL 13:f67a6c6013ca 980 /* these options are kept to indicate state and behavior */
wolfSSL 13:f67a6c6013ca 981 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 982 options->havePSK = exp[idx++];
wolfSSL 13:f67a6c6013ca 983 #else
wolfSSL 13:f67a6c6013ca 984 idx++;
wolfSSL 13:f67a6c6013ca 985 #endif
wolfSSL 13:f67a6c6013ca 986 options->sessionCacheOff = exp[idx++];
wolfSSL 13:f67a6c6013ca 987 options->sessionCacheFlushOff = exp[idx++];
wolfSSL 13:f67a6c6013ca 988 options->side = exp[idx++];
wolfSSL 13:f67a6c6013ca 989 options->resuming = exp[idx++];
wolfSSL 13:f67a6c6013ca 990 options->haveSessionId = exp[idx++];
wolfSSL 13:f67a6c6013ca 991 options->tls = exp[idx++];
wolfSSL 13:f67a6c6013ca 992 options->tls1_1 = exp[idx++];
wolfSSL 13:f67a6c6013ca 993 options->dtls = exp[idx++];
wolfSSL 13:f67a6c6013ca 994 options->connReset = exp[idx++];
wolfSSL 13:f67a6c6013ca 995 options->isClosed = exp[idx++];
wolfSSL 13:f67a6c6013ca 996 options->closeNotify = exp[idx++];
wolfSSL 13:f67a6c6013ca 997 options->sentNotify = exp[idx++];
wolfSSL 13:f67a6c6013ca 998 options->usingCompression = exp[idx++];
wolfSSL 13:f67a6c6013ca 999 options->haveRSA = exp[idx++];
wolfSSL 13:f67a6c6013ca 1000 options->haveECC = exp[idx++];
wolfSSL 13:f67a6c6013ca 1001 options->haveDH = exp[idx++];
wolfSSL 13:f67a6c6013ca 1002 options->haveNTRU = exp[idx++];
wolfSSL 13:f67a6c6013ca 1003 options->haveQSH = exp[idx++];
wolfSSL 13:f67a6c6013ca 1004 options->haveECDSAsig = exp[idx++];
wolfSSL 13:f67a6c6013ca 1005 options->haveStaticECC = exp[idx++];
wolfSSL 13:f67a6c6013ca 1006 options->havePeerVerify = exp[idx++];
wolfSSL 13:f67a6c6013ca 1007 options->usingPSK_cipher = exp[idx++];
wolfSSL 13:f67a6c6013ca 1008 options->usingAnon_cipher = exp[idx++];
wolfSSL 13:f67a6c6013ca 1009 options->sendAlertState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1010 options->partialWrite = exp[idx++];
wolfSSL 13:f67a6c6013ca 1011 options->quietShutdown = exp[idx++];
wolfSSL 13:f67a6c6013ca 1012 options->groupMessages = exp[idx++];
wolfSSL 13:f67a6c6013ca 1013 #ifdef HAVE_POLY1305
wolfSSL 13:f67a6c6013ca 1014 options->oldPoly = exp[idx++]; /* set when to use old rfc way of poly*/
wolfSSL 13:f67a6c6013ca 1015 #else
wolfSSL 13:f67a6c6013ca 1016 idx++;
wolfSSL 13:f67a6c6013ca 1017 #endif
wolfSSL 13:f67a6c6013ca 1018 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 1019 options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */
wolfSSL 13:f67a6c6013ca 1020 #else
wolfSSL 13:f67a6c6013ca 1021 idx++;
wolfSSL 13:f67a6c6013ca 1022 #endif
wolfSSL 13:f67a6c6013ca 1023 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 1024 options->createTicket = exp[idx++]; /* Server to create new Ticket */
wolfSSL 13:f67a6c6013ca 1025 options->useTicket = exp[idx++]; /* Use Ticket not session cache */
wolfSSL 13:f67a6c6013ca 1026 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 1027 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 1028 options->noTicketTls13 = exp[idx++];/* Server won't create new Ticket */
wolfSSL 13:f67a6c6013ca 1029 }
wolfSSL 13:f67a6c6013ca 1030 #else
wolfSSL 13:f67a6c6013ca 1031 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 1032 exp[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1033 }
wolfSSL 13:f67a6c6013ca 1034 #endif
wolfSSL 13:f67a6c6013ca 1035 #else
wolfSSL 13:f67a6c6013ca 1036 idx++;
wolfSSL 13:f67a6c6013ca 1037 idx++;
wolfSSL 13:f67a6c6013ca 1038 if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 1039 idx++;
wolfSSL 13:f67a6c6013ca 1040 }
wolfSSL 13:f67a6c6013ca 1041 #endif
wolfSSL 13:f67a6c6013ca 1042 options->processReply = exp[idx++];
wolfSSL 13:f67a6c6013ca 1043 options->cipherSuite0 = exp[idx++];
wolfSSL 13:f67a6c6013ca 1044 options->cipherSuite = exp[idx++];
wolfSSL 13:f67a6c6013ca 1045 options->serverState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1046 options->clientState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1047 options->handShakeState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1048 options->handShakeDone = exp[idx++];
wolfSSL 13:f67a6c6013ca 1049 options->minDowngrade = exp[idx++];
wolfSSL 13:f67a6c6013ca 1050 options->connectState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1051 options->acceptState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1052 options->asyncState = exp[idx++];
wolfSSL 13:f67a6c6013ca 1053
wolfSSL 13:f67a6c6013ca 1054 /* version of connection */
wolfSSL 13:f67a6c6013ca 1055 if (ssl->version.major != exp[idx++] || ssl->version.minor != exp[idx++]) {
wolfSSL 13:f67a6c6013ca 1056 WOLFSSL_MSG("Version mismatch ie DTLS v1 vs v1.2");
wolfSSL 13:f67a6c6013ca 1057 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 1058 }
wolfSSL 13:f67a6c6013ca 1059
wolfSSL 13:f67a6c6013ca 1060 return idx;
wolfSSL 13:f67a6c6013ca 1061 }
wolfSSL 13:f67a6c6013ca 1062
wolfSSL 13:f67a6c6013ca 1063 static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 1064 {
wolfSSL 13:f67a6c6013ca 1065 int idx = 0;
wolfSSL 13:f67a6c6013ca 1066 int ipSz = DTLS_EXPORT_IP; /* start as max size */
wolfSSL 13:f67a6c6013ca 1067 int fam = 0;
wolfSSL 13:f67a6c6013ca 1068 word16 port = 0;
wolfSSL 13:f67a6c6013ca 1069 char ip[DTLS_EXPORT_IP];
wolfSSL 13:f67a6c6013ca 1070
wolfSSL 13:f67a6c6013ca 1071 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 13:f67a6c6013ca 1072 WOLFSSL_MSG("Export version not supported");
wolfSSL 13:f67a6c6013ca 1073 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1074 }
wolfSSL 13:f67a6c6013ca 1075
wolfSSL 13:f67a6c6013ca 1076 if (ssl == NULL || exp == NULL || len < sizeof(ip) + 3 * DTLS_EXPORT_LEN) {
wolfSSL 13:f67a6c6013ca 1077 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1078 }
wolfSSL 13:f67a6c6013ca 1079
wolfSSL 13:f67a6c6013ca 1080 if (ssl->ctx->CBGetPeer == NULL) {
wolfSSL 13:f67a6c6013ca 1081 WOLFSSL_MSG("No get peer call back set");
wolfSSL 13:f67a6c6013ca 1082 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1083 }
wolfSSL 13:f67a6c6013ca 1084 if (ssl->ctx->CBGetPeer(ssl, ip, &ipSz, &port, &fam) != SSL_SUCCESS) {
wolfSSL 13:f67a6c6013ca 1085 WOLFSSL_MSG("Get peer callback error");
wolfSSL 13:f67a6c6013ca 1086 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 1087 }
wolfSSL 13:f67a6c6013ca 1088
wolfSSL 13:f67a6c6013ca 1089 /* check that ipSz/fam is not negative or too large since user can set cb */
wolfSSL 13:f67a6c6013ca 1090 if (ipSz < 0 || ipSz > DTLS_EXPORT_IP || fam < 0) {
wolfSSL 13:f67a6c6013ca 1091 WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback");
wolfSSL 13:f67a6c6013ca 1092 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 1093 }
wolfSSL 13:f67a6c6013ca 1094
wolfSSL 13:f67a6c6013ca 1095 c16toa((word16)fam, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1096 c16toa((word16)ipSz, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1097 XMEMCPY(exp + idx, ip, ipSz); idx += ipSz;
wolfSSL 13:f67a6c6013ca 1098 c16toa(port, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1099
wolfSSL 13:f67a6c6013ca 1100 return idx;
wolfSSL 13:f67a6c6013ca 1101 }
wolfSSL 13:f67a6c6013ca 1102
wolfSSL 13:f67a6c6013ca 1103
wolfSSL 13:f67a6c6013ca 1104 static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
wolfSSL 13:f67a6c6013ca 1105 {
wolfSSL 13:f67a6c6013ca 1106 word16 idx = 0;
wolfSSL 13:f67a6c6013ca 1107 word16 ipSz;
wolfSSL 13:f67a6c6013ca 1108 word16 fam;
wolfSSL 13:f67a6c6013ca 1109 word16 port;
wolfSSL 13:f67a6c6013ca 1110 char ip[DTLS_EXPORT_IP];
wolfSSL 13:f67a6c6013ca 1111
wolfSSL 13:f67a6c6013ca 1112 if (ver != DTLS_EXPORT_VERSION && ver != DTLS_EXPORT_VERSION_3) {
wolfSSL 13:f67a6c6013ca 1113 WOLFSSL_MSG("Export version not supported");
wolfSSL 13:f67a6c6013ca 1114 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1115 }
wolfSSL 13:f67a6c6013ca 1116
wolfSSL 13:f67a6c6013ca 1117 if (ssl == NULL || buf == NULL || len < 3 * DTLS_EXPORT_LEN) {
wolfSSL 13:f67a6c6013ca 1118 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1119 }
wolfSSL 13:f67a6c6013ca 1120
wolfSSL 13:f67a6c6013ca 1121 /* import sin family */
wolfSSL 13:f67a6c6013ca 1122 ato16(buf + idx, &fam); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1123
wolfSSL 13:f67a6c6013ca 1124 /* import ip address idx, and ipSz are unsigned but cast for enum */
wolfSSL 13:f67a6c6013ca 1125 ato16(buf + idx, &ipSz); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1126 if (ipSz >= sizeof(ip) || (word16)(idx + ipSz + DTLS_EXPORT_LEN) > len) {
wolfSSL 13:f67a6c6013ca 1127 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1128 }
wolfSSL 13:f67a6c6013ca 1129 XMEMSET(ip, 0, sizeof(ip));
wolfSSL 13:f67a6c6013ca 1130 XMEMCPY(ip, buf + idx, ipSz); idx += ipSz;
wolfSSL 13:f67a6c6013ca 1131 ip[ipSz] = '\0'; /* with check that ipSz less than ip this is valid */
wolfSSL 13:f67a6c6013ca 1132 ato16(buf + idx, &port); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1133
wolfSSL 13:f67a6c6013ca 1134 /* sanity check for a function to call, then use it to import peer info */
wolfSSL 13:f67a6c6013ca 1135 if (ssl->ctx->CBSetPeer == NULL) {
wolfSSL 13:f67a6c6013ca 1136 WOLFSSL_MSG("No set peer function");
wolfSSL 13:f67a6c6013ca 1137 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1138 }
wolfSSL 13:f67a6c6013ca 1139 if (ssl->ctx->CBSetPeer(ssl, ip, ipSz, port, fam) != SSL_SUCCESS) {
wolfSSL 13:f67a6c6013ca 1140 WOLFSSL_MSG("Error setting peer info");
wolfSSL 13:f67a6c6013ca 1141 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 1142 }
wolfSSL 13:f67a6c6013ca 1143
wolfSSL 13:f67a6c6013ca 1144 return idx;
wolfSSL 13:f67a6c6013ca 1145 }
wolfSSL 13:f67a6c6013ca 1146
wolfSSL 13:f67a6c6013ca 1147
wolfSSL 13:f67a6c6013ca 1148 /* WOLFSSL_LOCAL function that serializes the current WOLFSSL session
wolfSSL 13:f67a6c6013ca 1149 * buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
wolfSSL 13:f67a6c6013ca 1150 * passed in.
wolfSSL 13:f67a6c6013ca 1151 * On success returns the size of serialized session.*/
wolfSSL 13:f67a6c6013ca 1152 int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 13:f67a6c6013ca 1153 {
wolfSSL 13:f67a6c6013ca 1154 int ret;
wolfSSL 13:f67a6c6013ca 1155 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 1156 word32 totalLen = 0;
wolfSSL 13:f67a6c6013ca 1157
wolfSSL 13:f67a6c6013ca 1158 WOLFSSL_ENTER("wolfSSL_dtls_export_internal");
wolfSSL 13:f67a6c6013ca 1159
wolfSSL 13:f67a6c6013ca 1160 if (buf == NULL || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 1161 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BAD_FUNC_ARG);
wolfSSL 13:f67a6c6013ca 1162 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1163 }
wolfSSL 13:f67a6c6013ca 1164
wolfSSL 13:f67a6c6013ca 1165 totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */
wolfSSL 13:f67a6c6013ca 1166 /* each of the following have a 2 byte length before data */
wolfSSL 13:f67a6c6013ca 1167 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ;
wolfSSL 13:f67a6c6013ca 1168 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_KEY_SZ;
wolfSSL 13:f67a6c6013ca 1169 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ;
wolfSSL 13:f67a6c6013ca 1170 totalLen += DTLS_EXPORT_LEN + ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 13:f67a6c6013ca 1171
wolfSSL 13:f67a6c6013ca 1172 if (totalLen > sz) {
wolfSSL 13:f67a6c6013ca 1173 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BUFFER_E);
wolfSSL 13:f67a6c6013ca 1174 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1175 }
wolfSSL 13:f67a6c6013ca 1176
wolfSSL 13:f67a6c6013ca 1177 buf[idx++] = (byte)DTLS_EXPORT_PRO;
wolfSSL 13:f67a6c6013ca 1178 buf[idx++] = ((byte)DTLS_EXPORT_PRO & 0xF0) |
wolfSSL 13:f67a6c6013ca 1179 ((byte)DTLS_EXPORT_VERSION & 0X0F);
wolfSSL 13:f67a6c6013ca 1180
wolfSSL 13:f67a6c6013ca 1181 idx += DTLS_EXPORT_LEN; /* leave spot for length */
wolfSSL 13:f67a6c6013ca 1182
wolfSSL 13:f67a6c6013ca 1183 c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1184 if ((ret = dtls_export_new(ssl, buf + idx, sz - idx,
wolfSSL 13:f67a6c6013ca 1185 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 13:f67a6c6013ca 1186 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 13:f67a6c6013ca 1187 return ret;
wolfSSL 13:f67a6c6013ca 1188 }
wolfSSL 13:f67a6c6013ca 1189 idx += ret;
wolfSSL 13:f67a6c6013ca 1190
wolfSSL 13:f67a6c6013ca 1191 /* export keys struct and dtls state -- variable length stored in ret */
wolfSSL 13:f67a6c6013ca 1192 idx += DTLS_EXPORT_LEN; /* leave room for length */
wolfSSL 13:f67a6c6013ca 1193 if ((ret = ExportKeyState(ssl, buf + idx, sz - idx,
wolfSSL 13:f67a6c6013ca 1194 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 13:f67a6c6013ca 1195 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 13:f67a6c6013ca 1196 return ret;
wolfSSL 13:f67a6c6013ca 1197 }
wolfSSL 13:f67a6c6013ca 1198 c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret;
wolfSSL 13:f67a6c6013ca 1199
wolfSSL 13:f67a6c6013ca 1200 /* export of cipher specs struct */
wolfSSL 13:f67a6c6013ca 1201 c16toa((word16)DTLS_EXPORT_SPC_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1202 if ((ret = ExportCipherSpecState(ssl, buf + idx, sz - idx,
wolfSSL 13:f67a6c6013ca 1203 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 13:f67a6c6013ca 1204 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 13:f67a6c6013ca 1205 return ret;
wolfSSL 13:f67a6c6013ca 1206 }
wolfSSL 13:f67a6c6013ca 1207 idx += ret;
wolfSSL 13:f67a6c6013ca 1208
wolfSSL 13:f67a6c6013ca 1209 /* export of dtls peer information */
wolfSSL 13:f67a6c6013ca 1210 idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1211 if ((ret = ExportPeerInfo(ssl, buf + idx, sz - idx,
wolfSSL 13:f67a6c6013ca 1212 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 13:f67a6c6013ca 1213 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 13:f67a6c6013ca 1214 return ret;
wolfSSL 13:f67a6c6013ca 1215 }
wolfSSL 13:f67a6c6013ca 1216 c16toa(ret, buf + idx - DTLS_EXPORT_LEN);
wolfSSL 13:f67a6c6013ca 1217 idx += ret;
wolfSSL 13:f67a6c6013ca 1218
wolfSSL 13:f67a6c6013ca 1219 /* place total length of exported buffer minus 2 bytes protocol/version */
wolfSSL 13:f67a6c6013ca 1220 c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN);
wolfSSL 13:f67a6c6013ca 1221
wolfSSL 13:f67a6c6013ca 1222 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 13:f67a6c6013ca 1223 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 13:f67a6c6013ca 1224 {
wolfSSL 13:f67a6c6013ca 1225 char debug[256];
wolfSSL 13:f67a6c6013ca 1226 XSNPRINTF(debug, sizeof(debug), "Exporting DTLS session\n"
wolfSSL 13:f67a6c6013ca 1227 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 13:f67a6c6013ca 1228 , (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2);
wolfSSL 13:f67a6c6013ca 1229 WOLFSSL_MSG(debug);
wolfSSL 13:f67a6c6013ca 1230 }
wolfSSL 13:f67a6c6013ca 1231 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 13:f67a6c6013ca 1232
wolfSSL 13:f67a6c6013ca 1233 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", idx);
wolfSSL 13:f67a6c6013ca 1234 return idx;
wolfSSL 13:f67a6c6013ca 1235 }
wolfSSL 13:f67a6c6013ca 1236
wolfSSL 13:f67a6c6013ca 1237
wolfSSL 13:f67a6c6013ca 1238 /* On success return amount of buffer consumed */
wolfSSL 13:f67a6c6013ca 1239 int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 13:f67a6c6013ca 1240 {
wolfSSL 13:f67a6c6013ca 1241 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 1242 word16 length = 0;
wolfSSL 13:f67a6c6013ca 1243 int version;
wolfSSL 13:f67a6c6013ca 1244 int ret;
wolfSSL 13:f67a6c6013ca 1245 int optSz;
wolfSSL 13:f67a6c6013ca 1246
wolfSSL 13:f67a6c6013ca 1247 WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
wolfSSL 13:f67a6c6013ca 1248 /* check at least enough room for protocol and length */
wolfSSL 13:f67a6c6013ca 1249 if (sz < DTLS_EXPORT_LEN * 2 || ssl == NULL) {
wolfSSL 13:f67a6c6013ca 1250 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1251 }
wolfSSL 13:f67a6c6013ca 1252
wolfSSL 13:f67a6c6013ca 1253 /* sanity check on protocol ID and size of buffer */
wolfSSL 13:f67a6c6013ca 1254 if (buf[idx++] != (byte)DTLS_EXPORT_PRO ||
wolfSSL 13:f67a6c6013ca 1255 (buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) {
wolfSSL 13:f67a6c6013ca 1256 /* don't increment on second idx to next get version */
wolfSSL 13:f67a6c6013ca 1257 WOLFSSL_MSG("Incorrect protocol");
wolfSSL 13:f67a6c6013ca 1258 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1259 }
wolfSSL 13:f67a6c6013ca 1260 version = buf[idx++] & 0x0F;
wolfSSL 13:f67a6c6013ca 1261
wolfSSL 13:f67a6c6013ca 1262 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1263 if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */
wolfSSL 13:f67a6c6013ca 1264 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1265 }
wolfSSL 13:f67a6c6013ca 1266
wolfSSL 13:f67a6c6013ca 1267 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 13:f67a6c6013ca 1268 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 13:f67a6c6013ca 1269 {
wolfSSL 13:f67a6c6013ca 1270 char debug[256];
wolfSSL 13:f67a6c6013ca 1271 XSNPRINTF(debug, sizeof(debug), "Importing DTLS session\n"
wolfSSL 13:f67a6c6013ca 1272 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 13:f67a6c6013ca 1273 , (int)version, buf[0], (buf[1] >> 4), length);
wolfSSL 13:f67a6c6013ca 1274 WOLFSSL_MSG(debug);
wolfSSL 13:f67a6c6013ca 1275 }
wolfSSL 13:f67a6c6013ca 1276 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 13:f67a6c6013ca 1277
wolfSSL 13:f67a6c6013ca 1278 /* perform sanity checks and extract Options information used */
wolfSSL 13:f67a6c6013ca 1279 switch (version) {
wolfSSL 13:f67a6c6013ca 1280 case DTLS_EXPORT_VERSION:
wolfSSL 13:f67a6c6013ca 1281 optSz = DTLS_EXPORT_OPT_SZ;
wolfSSL 13:f67a6c6013ca 1282 break;
wolfSSL 13:f67a6c6013ca 1283
wolfSSL 13:f67a6c6013ca 1284 case DTLS_EXPORT_VERSION_3:
wolfSSL 13:f67a6c6013ca 1285 WOLFSSL_MSG("Importing older version 3");
wolfSSL 13:f67a6c6013ca 1286 optSz = DTLS_EXPORT_OPT_SZ_3;
wolfSSL 13:f67a6c6013ca 1287 break;
wolfSSL 13:f67a6c6013ca 1288
wolfSSL 13:f67a6c6013ca 1289 default:
wolfSSL 13:f67a6c6013ca 1290 WOLFSSL_MSG("Bad export version");
wolfSSL 13:f67a6c6013ca 1291 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 1292
wolfSSL 13:f67a6c6013ca 1293 }
wolfSSL 13:f67a6c6013ca 1294
wolfSSL 13:f67a6c6013ca 1295 if (DTLS_EXPORT_LEN + optSz + idx > sz) {
wolfSSL 13:f67a6c6013ca 1296 WOLFSSL_MSG("Import Options struct error");
wolfSSL 13:f67a6c6013ca 1297 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1298 }
wolfSSL 13:f67a6c6013ca 1299 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1300 if (length != optSz) {
wolfSSL 13:f67a6c6013ca 1301 WOLFSSL_MSG("Import Options struct error");
wolfSSL 13:f67a6c6013ca 1302 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1303 }
wolfSSL 13:f67a6c6013ca 1304 if ((ret = dtls_export_load(ssl, buf + idx, length, version)) < 0) {
wolfSSL 13:f67a6c6013ca 1305 WOLFSSL_MSG("Import Options struct error");
wolfSSL 13:f67a6c6013ca 1306 return ret;
wolfSSL 13:f67a6c6013ca 1307 }
wolfSSL 13:f67a6c6013ca 1308 idx += length;
wolfSSL 13:f67a6c6013ca 1309
wolfSSL 13:f67a6c6013ca 1310 /* perform sanity checks and extract Keys struct */
wolfSSL 13:f67a6c6013ca 1311 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 13:f67a6c6013ca 1312 WOLFSSL_MSG("Import Key struct error");
wolfSSL 13:f67a6c6013ca 1313 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1314 }
wolfSSL 13:f67a6c6013ca 1315 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1316 if (length > DTLS_EXPORT_KEY_SZ || length + idx > sz) {
wolfSSL 13:f67a6c6013ca 1317 WOLFSSL_MSG("Import Key struct error");
wolfSSL 13:f67a6c6013ca 1318 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1319 }
wolfSSL 13:f67a6c6013ca 1320 if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 13:f67a6c6013ca 1321 WOLFSSL_MSG("Import Key struct error");
wolfSSL 13:f67a6c6013ca 1322 return ret;
wolfSSL 13:f67a6c6013ca 1323 }
wolfSSL 13:f67a6c6013ca 1324 idx += ret;
wolfSSL 13:f67a6c6013ca 1325
wolfSSL 13:f67a6c6013ca 1326 /* perform sanity checks and extract CipherSpecs struct */
wolfSSL 13:f67a6c6013ca 1327 if (DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ + idx > sz) {
wolfSSL 13:f67a6c6013ca 1328 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 13:f67a6c6013ca 1329 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1330 }
wolfSSL 13:f67a6c6013ca 1331 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1332 if ( length != DTLS_EXPORT_SPC_SZ) {
wolfSSL 13:f67a6c6013ca 1333 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 13:f67a6c6013ca 1334 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1335 }
wolfSSL 13:f67a6c6013ca 1336 if ((ret = ImportCipherSpecState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 13:f67a6c6013ca 1337 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 13:f67a6c6013ca 1338 return ret;
wolfSSL 13:f67a6c6013ca 1339 }
wolfSSL 13:f67a6c6013ca 1340 idx += ret;
wolfSSL 13:f67a6c6013ca 1341
wolfSSL 13:f67a6c6013ca 1342 /* perform sanity checks and extract DTLS peer info */
wolfSSL 13:f67a6c6013ca 1343 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 13:f67a6c6013ca 1344 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 13:f67a6c6013ca 1345 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1346 }
wolfSSL 13:f67a6c6013ca 1347 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 13:f67a6c6013ca 1348 if (idx + length > sz) {
wolfSSL 13:f67a6c6013ca 1349 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 13:f67a6c6013ca 1350 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 1351 }
wolfSSL 13:f67a6c6013ca 1352 if ((ret = ImportPeerInfo(ssl, buf + idx, length, version)) < 0) {
wolfSSL 13:f67a6c6013ca 1353 WOLFSSL_MSG("Import Peer Addr error");
wolfSSL 13:f67a6c6013ca 1354 return ret;
wolfSSL 13:f67a6c6013ca 1355 }
wolfSSL 13:f67a6c6013ca 1356 idx += ret;
wolfSSL 13:f67a6c6013ca 1357
wolfSSL 13:f67a6c6013ca 1358 SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL 13:f67a6c6013ca 1359
wolfSSL 13:f67a6c6013ca 1360 /* set hmac function to use when verifying */
wolfSSL 13:f67a6c6013ca 1361 if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
wolfSSL 13:f67a6c6013ca 1362 ssl->options.dtls == 1) {
wolfSSL 13:f67a6c6013ca 1363 ssl->hmac = TLS_hmac;
wolfSSL 13:f67a6c6013ca 1364 }
wolfSSL 13:f67a6c6013ca 1365
wolfSSL 13:f67a6c6013ca 1366 /* make sure is a valid suite used */
wolfSSL 13:f67a6c6013ca 1367 if (wolfSSL_get_cipher(ssl) == NULL) {
wolfSSL 13:f67a6c6013ca 1368 WOLFSSL_MSG("Can not match cipher suite imported");
wolfSSL 13:f67a6c6013ca 1369 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 1370 }
wolfSSL 13:f67a6c6013ca 1371
wolfSSL 13:f67a6c6013ca 1372 /* do not allow stream ciphers with DTLS */
wolfSSL 13:f67a6c6013ca 1373 if (ssl->specs.cipher_type == stream) {
wolfSSL 13:f67a6c6013ca 1374 WOLFSSL_MSG("Can not import stream ciphers for DTLS");
wolfSSL 13:f67a6c6013ca 1375 return SANITY_CIPHER_E;
wolfSSL 13:f67a6c6013ca 1376 }
wolfSSL 13:f67a6c6013ca 1377
wolfSSL 13:f67a6c6013ca 1378 return idx;
wolfSSL 13:f67a6c6013ca 1379 }
wolfSSL 13:f67a6c6013ca 1380 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 1381 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 13:f67a6c6013ca 1382
wolfSSL 13:f67a6c6013ca 1383
wolfSSL 13:f67a6c6013ca 1384 void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
wolfSSL 13:f67a6c6013ca 1385 {
wolfSSL 13:f67a6c6013ca 1386 method->version = pv;
wolfSSL 13:f67a6c6013ca 1387 method->side = WOLFSSL_CLIENT_END;
wolfSSL 13:f67a6c6013ca 1388 method->downgrade = 0;
wolfSSL 13:f67a6c6013ca 1389 }
wolfSSL 13:f67a6c6013ca 1390
wolfSSL 13:f67a6c6013ca 1391
wolfSSL 13:f67a6c6013ca 1392 /* Initialize SSL context, return 0 on success */
wolfSSL 13:f67a6c6013ca 1393 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
wolfSSL 13:f67a6c6013ca 1394 {
wolfSSL 13:f67a6c6013ca 1395 int ret = 0;
wolfSSL 13:f67a6c6013ca 1396
wolfSSL 13:f67a6c6013ca 1397 XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
wolfSSL 13:f67a6c6013ca 1398
wolfSSL 13:f67a6c6013ca 1399 ctx->method = method;
wolfSSL 13:f67a6c6013ca 1400 ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL 13:f67a6c6013ca 1401 ctx->heap = ctx; /* defaults to self */
wolfSSL 13:f67a6c6013ca 1402 ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 13:f67a6c6013ca 1403 ctx->minDowngrade = TLSv1_MINOR; /* current default */
wolfSSL 13:f67a6c6013ca 1404
wolfSSL 13:f67a6c6013ca 1405 if (wc_InitMutex(&ctx->countMutex) < 0) {
wolfSSL 13:f67a6c6013ca 1406 WOLFSSL_MSG("Mutex error on CTX init");
wolfSSL 13:f67a6c6013ca 1407 ctx->err = CTX_INIT_MUTEX_E;
wolfSSL 13:f67a6c6013ca 1408 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 1409 }
wolfSSL 13:f67a6c6013ca 1410
wolfSSL 13:f67a6c6013ca 1411 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 1412 ctx->minDhKeySz = MIN_DHKEY_SZ;
wolfSSL 13:f67a6c6013ca 1413 #endif
wolfSSL 13:f67a6c6013ca 1414 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 1415 ctx->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 13:f67a6c6013ca 1416 #endif
wolfSSL 13:f67a6c6013ca 1417 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 1418 ctx->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 13:f67a6c6013ca 1419 ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL 13:f67a6c6013ca 1420 #endif
wolfSSL 13:f67a6c6013ca 1421 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 1422 ctx->verifyDepth = MAX_CHAIN_DEPTH;
wolfSSL 13:f67a6c6013ca 1423 #endif
wolfSSL 13:f67a6c6013ca 1424
wolfSSL 13:f67a6c6013ca 1425 #ifndef WOLFSSL_USER_IO
wolfSSL 13:f67a6c6013ca 1426 ctx->CBIORecv = EmbedReceive;
wolfSSL 13:f67a6c6013ca 1427 ctx->CBIOSend = EmbedSend;
wolfSSL 13:f67a6c6013ca 1428 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 1429 if (method->version.major == DTLS_MAJOR) {
wolfSSL 13:f67a6c6013ca 1430 ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL 13:f67a6c6013ca 1431 ctx->CBIOSend = EmbedSendTo;
wolfSSL 13:f67a6c6013ca 1432 }
wolfSSL 13:f67a6c6013ca 1433 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 13:f67a6c6013ca 1434 ctx->CBGetPeer = EmbedGetPeer;
wolfSSL 13:f67a6c6013ca 1435 ctx->CBSetPeer = EmbedSetPeer;
wolfSSL 13:f67a6c6013ca 1436 #endif
wolfSSL 13:f67a6c6013ca 1437 #endif
wolfSSL 13:f67a6c6013ca 1438 #endif /* WOLFSSL_USER_IO */
wolfSSL 13:f67a6c6013ca 1439
wolfSSL 13:f67a6c6013ca 1440 #ifdef HAVE_NETX
wolfSSL 13:f67a6c6013ca 1441 ctx->CBIORecv = NetX_Receive;
wolfSSL 13:f67a6c6013ca 1442 ctx->CBIOSend = NetX_Send;
wolfSSL 13:f67a6c6013ca 1443 #endif
wolfSSL 13:f67a6c6013ca 1444
wolfSSL 13:f67a6c6013ca 1445 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 1446 if (method->side == WOLFSSL_CLIENT_END)
wolfSSL 13:f67a6c6013ca 1447 ctx->haveNTRU = 1; /* always on cliet side */
wolfSSL 13:f67a6c6013ca 1448 /* server can turn on by loading key */
wolfSSL 13:f67a6c6013ca 1449 #endif
wolfSSL 13:f67a6c6013ca 1450 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 1451 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 1452 ctx->haveECDSAsig = 1; /* always on cliet side */
wolfSSL 13:f67a6c6013ca 1453 ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL 13:f67a6c6013ca 1454 ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL 13:f67a6c6013ca 1455 }
wolfSSL 13:f67a6c6013ca 1456 #endif
wolfSSL 13:f67a6c6013ca 1457
wolfSSL 13:f67a6c6013ca 1458 ctx->devId = INVALID_DEVID;
wolfSSL 13:f67a6c6013ca 1459
wolfSSL 13:f67a6c6013ca 1460 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
wolfSSL 13:f67a6c6013ca 1461 ctx->dtlsMtuSz = MAX_RECORD_SIZE;
wolfSSL 13:f67a6c6013ca 1462 #endif
wolfSSL 13:f67a6c6013ca 1463
wolfSSL 13:f67a6c6013ca 1464 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 1465 ctx->cm = wolfSSL_CertManagerNew_ex(heap);
wolfSSL 13:f67a6c6013ca 1466 if (ctx->cm == NULL) {
wolfSSL 13:f67a6c6013ca 1467 WOLFSSL_MSG("Bad Cert Manager New");
wolfSSL 13:f67a6c6013ca 1468 return BAD_CERT_MANAGER_ERROR;
wolfSSL 13:f67a6c6013ca 1469 }
wolfSSL 13:f67a6c6013ca 1470 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 1471 /* setup WOLFSSL_X509_STORE */
wolfSSL 13:f67a6c6013ca 1472 ctx->x509_store.cm = ctx->cm;
wolfSSL 13:f67a6c6013ca 1473 #endif
wolfSSL 13:f67a6c6013ca 1474 #endif
wolfSSL 13:f67a6c6013ca 1475
wolfSSL 13:f67a6c6013ca 1476 #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL 13:f67a6c6013ca 1477 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 1478 if ((method->version.major == SSLv3_MAJOR) &&
wolfSSL 13:f67a6c6013ca 1479 (method->version.minor >= TLSv1_MINOR)) {
wolfSSL 13:f67a6c6013ca 1480
wolfSSL 13:f67a6c6013ca 1481 ctx->haveEMS = 1;
wolfSSL 13:f67a6c6013ca 1482 }
wolfSSL 13:f67a6c6013ca 1483 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 1484 if (method->version.major == DTLS_MAJOR)
wolfSSL 13:f67a6c6013ca 1485 ctx->haveEMS = 1;
wolfSSL 13:f67a6c6013ca 1486 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 1487 }
wolfSSL 13:f67a6c6013ca 1488 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
wolfSSL 13:f67a6c6013ca 1489
wolfSSL 13:f67a6c6013ca 1490 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 13:f67a6c6013ca 1491 ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
wolfSSL 13:f67a6c6013ca 1492 #endif
wolfSSL 13:f67a6c6013ca 1493
wolfSSL 13:f67a6c6013ca 1494 #ifdef HAVE_WOLF_EVENT
wolfSSL 13:f67a6c6013ca 1495 ret = wolfEventQueue_Init(&ctx->event_queue);
wolfSSL 13:f67a6c6013ca 1496 #endif /* HAVE_WOLF_EVENT */
wolfSSL 13:f67a6c6013ca 1497
wolfSSL 13:f67a6c6013ca 1498 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 1499 ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ;
wolfSSL 13:f67a6c6013ca 1500 #endif
wolfSSL 13:f67a6c6013ca 1501
wolfSSL 13:f67a6c6013ca 1502 ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
wolfSSL 13:f67a6c6013ca 1503
wolfSSL 13:f67a6c6013ca 1504 return ret;
wolfSSL 13:f67a6c6013ca 1505 }
wolfSSL 13:f67a6c6013ca 1506
wolfSSL 13:f67a6c6013ca 1507
wolfSSL 13:f67a6c6013ca 1508 /* In case contexts are held in array and don't want to free actual ctx */
wolfSSL 13:f67a6c6013ca 1509 void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL 13:f67a6c6013ca 1510 {
wolfSSL 13:f67a6c6013ca 1511 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 1512 int i;
wolfSSL 13:f67a6c6013ca 1513 #endif
wolfSSL 13:f67a6c6013ca 1514
wolfSSL 13:f67a6c6013ca 1515 #ifdef HAVE_WOLF_EVENT
wolfSSL 13:f67a6c6013ca 1516 wolfEventQueue_Free(&ctx->event_queue);
wolfSSL 13:f67a6c6013ca 1517 #endif /* HAVE_WOLF_EVENT */
wolfSSL 13:f67a6c6013ca 1518
wolfSSL 13:f67a6c6013ca 1519 XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL 13:f67a6c6013ca 1520 if (ctx->suites)
wolfSSL 13:f67a6c6013ca 1521 XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 13:f67a6c6013ca 1522
wolfSSL 13:f67a6c6013ca 1523 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 1524 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 1525 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 1526 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 1527
wolfSSL 13:f67a6c6013ca 1528 #ifdef SINGLE_THREADED
wolfSSL 13:f67a6c6013ca 1529 if (ctx->rng) {
wolfSSL 13:f67a6c6013ca 1530 wc_FreeRng(ctx->rng);
wolfSSL 13:f67a6c6013ca 1531 XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 1532 }
wolfSSL 13:f67a6c6013ca 1533 #endif /* SINGLE_THREADED */
wolfSSL 13:f67a6c6013ca 1534
wolfSSL 13:f67a6c6013ca 1535 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 1536 FreeDer(&ctx->privateKey);
wolfSSL 13:f67a6c6013ca 1537 FreeDer(&ctx->certificate);
wolfSSL 13:f67a6c6013ca 1538 #ifdef KEEP_OUR_CERT
wolfSSL 13:f67a6c6013ca 1539 if (ctx->ourCert && ctx->ownOurCert) {
wolfSSL 13:f67a6c6013ca 1540 FreeX509(ctx->ourCert);
wolfSSL 13:f67a6c6013ca 1541 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 13:f67a6c6013ca 1542 }
wolfSSL 13:f67a6c6013ca 1543 #endif /* KEEP_OUR_CERT */
wolfSSL 13:f67a6c6013ca 1544 FreeDer(&ctx->certChain);
wolfSSL 13:f67a6c6013ca 1545 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 13:f67a6c6013ca 1546 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 1547 while (ctx->ca_names != NULL) {
wolfSSL 13:f67a6c6013ca 1548 WOLFSSL_STACK *next = ctx->ca_names->next;
wolfSSL 13:f67a6c6013ca 1549 wolfSSL_X509_NAME_free(ctx->ca_names->data.name);
wolfSSL 13:f67a6c6013ca 1550 XFREE(ctx->ca_names->data.name, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 13:f67a6c6013ca 1551 XFREE(ctx->ca_names, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 13:f67a6c6013ca 1552 ctx->ca_names = next;
wolfSSL 13:f67a6c6013ca 1553 }
wolfSSL 13:f67a6c6013ca 1554 #endif
wolfSSL 13:f67a6c6013ca 1555 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 1556 while (ctx->x509Chain != NULL) {
wolfSSL 13:f67a6c6013ca 1557 WOLFSSL_STACK *next = ctx->x509Chain->next;
wolfSSL 13:f67a6c6013ca 1558 wolfSSL_X509_free(ctx->x509Chain->data.x509);
wolfSSL 13:f67a6c6013ca 1559 XFREE(ctx->x509Chain, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 13:f67a6c6013ca 1560 ctx->x509Chain = next;
wolfSSL 13:f67a6c6013ca 1561 }
wolfSSL 13:f67a6c6013ca 1562 #endif
wolfSSL 13:f67a6c6013ca 1563 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 1564
wolfSSL 13:f67a6c6013ca 1565 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 1566 TLSX_FreeAll(ctx->extensions, ctx->heap);
wolfSSL 13:f67a6c6013ca 1567
wolfSSL 13:f67a6c6013ca 1568 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 1569 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 13:f67a6c6013ca 1570 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 1571 if (ctx->certOcspRequest) {
wolfSSL 13:f67a6c6013ca 1572 FreeOcspRequest(ctx->certOcspRequest);
wolfSSL 13:f67a6c6013ca 1573 XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 1574 }
wolfSSL 13:f67a6c6013ca 1575 #endif
wolfSSL 13:f67a6c6013ca 1576
wolfSSL 13:f67a6c6013ca 1577 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 1578 for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
wolfSSL 13:f67a6c6013ca 1579 if (ctx->chainOcspRequest[i]) {
wolfSSL 13:f67a6c6013ca 1580 FreeOcspRequest(ctx->chainOcspRequest[i]);
wolfSSL 13:f67a6c6013ca 1581 XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 1582 }
wolfSSL 13:f67a6c6013ca 1583 }
wolfSSL 13:f67a6c6013ca 1584 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 13:f67a6c6013ca 1585 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 1586
wolfSSL 13:f67a6c6013ca 1587 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 13:f67a6c6013ca 1588
wolfSSL 13:f67a6c6013ca 1589 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 13:f67a6c6013ca 1590 if (ctx->heap != NULL) {
wolfSSL 13:f67a6c6013ca 1591 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 1592 /* avoid derefrencing a test value */
wolfSSL 13:f67a6c6013ca 1593 if (ctx->heap != (void*)WOLFSSL_HEAP_TEST)
wolfSSL 13:f67a6c6013ca 1594 #endif
wolfSSL 13:f67a6c6013ca 1595 {
wolfSSL 13:f67a6c6013ca 1596 WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap);
wolfSSL 13:f67a6c6013ca 1597 wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex);
wolfSSL 13:f67a6c6013ca 1598 }
wolfSSL 13:f67a6c6013ca 1599 }
wolfSSL 13:f67a6c6013ca 1600 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 13:f67a6c6013ca 1601 }
wolfSSL 13:f67a6c6013ca 1602
wolfSSL 13:f67a6c6013ca 1603
wolfSSL 13:f67a6c6013ca 1604 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
wolfSSL 13:f67a6c6013ca 1605 {
wolfSSL 13:f67a6c6013ca 1606 int doFree = 0;
wolfSSL 13:f67a6c6013ca 1607
wolfSSL 13:f67a6c6013ca 1608 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 13:f67a6c6013ca 1609 WOLFSSL_MSG("Couldn't lock count mutex");
wolfSSL 13:f67a6c6013ca 1610
wolfSSL 13:f67a6c6013ca 1611 /* check error state, if mutex error code then mutex init failed but
wolfSSL 13:f67a6c6013ca 1612 * CTX was still malloc'd */
wolfSSL 13:f67a6c6013ca 1613 if (ctx->err == CTX_INIT_MUTEX_E) {
wolfSSL 13:f67a6c6013ca 1614 SSL_CtxResourceFree(ctx);
wolfSSL 13:f67a6c6013ca 1615 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 13:f67a6c6013ca 1616 }
wolfSSL 13:f67a6c6013ca 1617 return;
wolfSSL 13:f67a6c6013ca 1618 }
wolfSSL 13:f67a6c6013ca 1619 ctx->refCount--;
wolfSSL 13:f67a6c6013ca 1620 if (ctx->refCount == 0)
wolfSSL 13:f67a6c6013ca 1621 doFree = 1;
wolfSSL 13:f67a6c6013ca 1622 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 13:f67a6c6013ca 1623
wolfSSL 13:f67a6c6013ca 1624 if (doFree) {
wolfSSL 13:f67a6c6013ca 1625 WOLFSSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL 13:f67a6c6013ca 1626 SSL_CtxResourceFree(ctx);
wolfSSL 13:f67a6c6013ca 1627 wc_FreeMutex(&ctx->countMutex);
wolfSSL 13:f67a6c6013ca 1628 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 13:f67a6c6013ca 1629 }
wolfSSL 13:f67a6c6013ca 1630 else {
wolfSSL 13:f67a6c6013ca 1631 (void)ctx;
wolfSSL 13:f67a6c6013ca 1632 WOLFSSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL 13:f67a6c6013ca 1633 }
wolfSSL 13:f67a6c6013ca 1634 }
wolfSSL 13:f67a6c6013ca 1635
wolfSSL 13:f67a6c6013ca 1636
wolfSSL 13:f67a6c6013ca 1637 /* Set cipher pointers to null */
wolfSSL 13:f67a6c6013ca 1638 void InitCiphers(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 1639 {
wolfSSL 13:f67a6c6013ca 1640 #ifdef BUILD_ARC4
wolfSSL 13:f67a6c6013ca 1641 ssl->encrypt.arc4 = NULL;
wolfSSL 13:f67a6c6013ca 1642 ssl->decrypt.arc4 = NULL;
wolfSSL 13:f67a6c6013ca 1643 #endif
wolfSSL 13:f67a6c6013ca 1644 #ifdef BUILD_DES3
wolfSSL 13:f67a6c6013ca 1645 ssl->encrypt.des3 = NULL;
wolfSSL 13:f67a6c6013ca 1646 ssl->decrypt.des3 = NULL;
wolfSSL 13:f67a6c6013ca 1647 #endif
wolfSSL 13:f67a6c6013ca 1648 #ifdef BUILD_AES
wolfSSL 13:f67a6c6013ca 1649 ssl->encrypt.aes = NULL;
wolfSSL 13:f67a6c6013ca 1650 ssl->decrypt.aes = NULL;
wolfSSL 13:f67a6c6013ca 1651 #endif
wolfSSL 13:f67a6c6013ca 1652 #ifdef HAVE_CAMELLIA
wolfSSL 13:f67a6c6013ca 1653 ssl->encrypt.cam = NULL;
wolfSSL 13:f67a6c6013ca 1654 ssl->decrypt.cam = NULL;
wolfSSL 13:f67a6c6013ca 1655 #endif
wolfSSL 13:f67a6c6013ca 1656 #ifdef HAVE_HC128
wolfSSL 13:f67a6c6013ca 1657 ssl->encrypt.hc128 = NULL;
wolfSSL 13:f67a6c6013ca 1658 ssl->decrypt.hc128 = NULL;
wolfSSL 13:f67a6c6013ca 1659 #endif
wolfSSL 13:f67a6c6013ca 1660 #ifdef BUILD_RABBIT
wolfSSL 13:f67a6c6013ca 1661 ssl->encrypt.rabbit = NULL;
wolfSSL 13:f67a6c6013ca 1662 ssl->decrypt.rabbit = NULL;
wolfSSL 13:f67a6c6013ca 1663 #endif
wolfSSL 13:f67a6c6013ca 1664 #ifdef HAVE_CHACHA
wolfSSL 13:f67a6c6013ca 1665 ssl->encrypt.chacha = NULL;
wolfSSL 13:f67a6c6013ca 1666 ssl->decrypt.chacha = NULL;
wolfSSL 13:f67a6c6013ca 1667 #endif
wolfSSL 13:f67a6c6013ca 1668 #ifdef HAVE_POLY1305
wolfSSL 13:f67a6c6013ca 1669 ssl->auth.poly1305 = NULL;
wolfSSL 13:f67a6c6013ca 1670 #endif
wolfSSL 13:f67a6c6013ca 1671 ssl->encrypt.setup = 0;
wolfSSL 13:f67a6c6013ca 1672 ssl->decrypt.setup = 0;
wolfSSL 13:f67a6c6013ca 1673 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 13:f67a6c6013ca 1674 ssl->auth.setup = 0;
wolfSSL 13:f67a6c6013ca 1675 #endif
wolfSSL 13:f67a6c6013ca 1676 #ifdef HAVE_IDEA
wolfSSL 13:f67a6c6013ca 1677 ssl->encrypt.idea = NULL;
wolfSSL 13:f67a6c6013ca 1678 ssl->decrypt.idea = NULL;
wolfSSL 13:f67a6c6013ca 1679 #endif
wolfSSL 13:f67a6c6013ca 1680 }
wolfSSL 13:f67a6c6013ca 1681
wolfSSL 13:f67a6c6013ca 1682
wolfSSL 13:f67a6c6013ca 1683 /* Free ciphers */
wolfSSL 13:f67a6c6013ca 1684 void FreeCiphers(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 1685 {
wolfSSL 13:f67a6c6013ca 1686 (void)ssl;
wolfSSL 13:f67a6c6013ca 1687 #ifdef BUILD_ARC4
wolfSSL 13:f67a6c6013ca 1688 wc_Arc4Free(ssl->encrypt.arc4);
wolfSSL 13:f67a6c6013ca 1689 wc_Arc4Free(ssl->decrypt.arc4);
wolfSSL 13:f67a6c6013ca 1690 XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1691 XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1692 #endif
wolfSSL 13:f67a6c6013ca 1693 #ifdef BUILD_DES3
wolfSSL 13:f67a6c6013ca 1694 wc_Des3Free(ssl->encrypt.des3);
wolfSSL 13:f67a6c6013ca 1695 wc_Des3Free(ssl->decrypt.des3);
wolfSSL 13:f67a6c6013ca 1696 XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1697 XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1698 #endif
wolfSSL 13:f67a6c6013ca 1699 #ifdef BUILD_AES
wolfSSL 13:f67a6c6013ca 1700 wc_AesFree(ssl->encrypt.aes);
wolfSSL 13:f67a6c6013ca 1701 wc_AesFree(ssl->decrypt.aes);
wolfSSL 13:f67a6c6013ca 1702 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 1703 XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 1704 XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 1705 XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 1706 XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 1707 #endif
wolfSSL 13:f67a6c6013ca 1708 XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1709 XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1710 #endif
wolfSSL 13:f67a6c6013ca 1711 #ifdef HAVE_CAMELLIA
wolfSSL 13:f67a6c6013ca 1712 XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1713 XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1714 #endif
wolfSSL 13:f67a6c6013ca 1715 #ifdef HAVE_HC128
wolfSSL 13:f67a6c6013ca 1716 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1717 XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1718 #endif
wolfSSL 13:f67a6c6013ca 1719 #ifdef BUILD_RABBIT
wolfSSL 13:f67a6c6013ca 1720 XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1721 XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1722 #endif
wolfSSL 13:f67a6c6013ca 1723 #ifdef HAVE_CHACHA
wolfSSL 13:f67a6c6013ca 1724 XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1725 XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1726 #endif
wolfSSL 13:f67a6c6013ca 1727 #ifdef HAVE_POLY1305
wolfSSL 13:f67a6c6013ca 1728 XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1729 #endif
wolfSSL 13:f67a6c6013ca 1730 #ifdef HAVE_IDEA
wolfSSL 13:f67a6c6013ca 1731 XFREE(ssl->encrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1732 XFREE(ssl->decrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 13:f67a6c6013ca 1733 #endif
wolfSSL 13:f67a6c6013ca 1734 }
wolfSSL 13:f67a6c6013ca 1735
wolfSSL 13:f67a6c6013ca 1736
wolfSSL 13:f67a6c6013ca 1737 void InitCipherSpecs(CipherSpecs* cs)
wolfSSL 13:f67a6c6013ca 1738 {
wolfSSL 13:f67a6c6013ca 1739 cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL 13:f67a6c6013ca 1740 cs->cipher_type = INVALID_BYTE;
wolfSSL 13:f67a6c6013ca 1741 cs->mac_algorithm = INVALID_BYTE;
wolfSSL 13:f67a6c6013ca 1742 cs->kea = INVALID_BYTE;
wolfSSL 13:f67a6c6013ca 1743 cs->sig_algo = INVALID_BYTE;
wolfSSL 13:f67a6c6013ca 1744
wolfSSL 13:f67a6c6013ca 1745 cs->hash_size = 0;
wolfSSL 13:f67a6c6013ca 1746 cs->static_ecdh = 0;
wolfSSL 13:f67a6c6013ca 1747 cs->key_size = 0;
wolfSSL 13:f67a6c6013ca 1748 cs->iv_size = 0;
wolfSSL 13:f67a6c6013ca 1749 cs->block_size = 0;
wolfSSL 13:f67a6c6013ca 1750 }
wolfSSL 13:f67a6c6013ca 1751
wolfSSL 13:f67a6c6013ca 1752 void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
wolfSSL 13:f67a6c6013ca 1753 int haveAnon, int tls1_2, int keySz)
wolfSSL 13:f67a6c6013ca 1754 {
wolfSSL 13:f67a6c6013ca 1755 int idx = 0;
wolfSSL 13:f67a6c6013ca 1756
wolfSSL 13:f67a6c6013ca 1757 (void)tls1_2;
wolfSSL 13:f67a6c6013ca 1758 (void)keySz;
wolfSSL 13:f67a6c6013ca 1759
wolfSSL 13:f67a6c6013ca 1760 if (haveECDSAsig) {
wolfSSL 13:f67a6c6013ca 1761 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 1762 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 13:f67a6c6013ca 1763 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1764 #endif
wolfSSL 13:f67a6c6013ca 1765 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 1766 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 13:f67a6c6013ca 1767 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1768 #endif
wolfSSL 13:f67a6c6013ca 1769 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 1770 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 13:f67a6c6013ca 1771 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1772 #endif
wolfSSL 13:f67a6c6013ca 1773 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 1774 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 1775 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 13:f67a6c6013ca 1776 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1777 #endif
wolfSSL 13:f67a6c6013ca 1778 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 1779 suites->hashSigAlgo[idx++] = ED25519_SA_MAJOR;
wolfSSL 13:f67a6c6013ca 1780 suites->hashSigAlgo[idx++] = ED25519_SA_MINOR;
wolfSSL 13:f67a6c6013ca 1781 #endif
wolfSSL 13:f67a6c6013ca 1782 }
wolfSSL 13:f67a6c6013ca 1783
wolfSSL 13:f67a6c6013ca 1784 if (haveRSAsig) {
wolfSSL 13:f67a6c6013ca 1785 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 1786 if (tls1_2) {
wolfSSL 13:f67a6c6013ca 1787 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 1788 if (keySz >= MIN_RSA_SHA512_PSS_BITS) {
wolfSSL 13:f67a6c6013ca 1789 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
wolfSSL 13:f67a6c6013ca 1790 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 13:f67a6c6013ca 1791 }
wolfSSL 13:f67a6c6013ca 1792 #endif
wolfSSL 13:f67a6c6013ca 1793 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 1794 if (keySz >= MIN_RSA_SHA384_PSS_BITS) {
wolfSSL 13:f67a6c6013ca 1795 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
wolfSSL 13:f67a6c6013ca 1796 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 13:f67a6c6013ca 1797 }
wolfSSL 13:f67a6c6013ca 1798 #endif
wolfSSL 13:f67a6c6013ca 1799 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 1800 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
wolfSSL 13:f67a6c6013ca 1801 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 13:f67a6c6013ca 1802 #endif
wolfSSL 13:f67a6c6013ca 1803 }
wolfSSL 13:f67a6c6013ca 1804 #endif
wolfSSL 13:f67a6c6013ca 1805 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 1806 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 13:f67a6c6013ca 1807 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1808 #endif
wolfSSL 13:f67a6c6013ca 1809 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 1810 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 13:f67a6c6013ca 1811 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1812 #endif
wolfSSL 13:f67a6c6013ca 1813 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 1814 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 13:f67a6c6013ca 1815 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1816 #endif
wolfSSL 13:f67a6c6013ca 1817 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 1818 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 1819 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 13:f67a6c6013ca 1820 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 1821 #endif
wolfSSL 13:f67a6c6013ca 1822 }
wolfSSL 13:f67a6c6013ca 1823
wolfSSL 13:f67a6c6013ca 1824 if (haveAnon) {
wolfSSL 13:f67a6c6013ca 1825 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 1826 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 13:f67a6c6013ca 1827 suites->hashSigAlgo[idx++] = anonymous_sa_algo;
wolfSSL 13:f67a6c6013ca 1828 #endif
wolfSSL 13:f67a6c6013ca 1829 }
wolfSSL 13:f67a6c6013ca 1830
wolfSSL 13:f67a6c6013ca 1831 suites->hashSigAlgoSz = (word16)idx;
wolfSSL 13:f67a6c6013ca 1832 }
wolfSSL 13:f67a6c6013ca 1833
wolfSSL 13:f67a6c6013ca 1834 void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
wolfSSL 13:f67a6c6013ca 1835 word16 havePSK, word16 haveDH, word16 haveNTRU,
wolfSSL 13:f67a6c6013ca 1836 word16 haveECDSAsig, word16 haveECC,
wolfSSL 13:f67a6c6013ca 1837 word16 haveStaticECC, int side)
wolfSSL 13:f67a6c6013ca 1838 {
wolfSSL 13:f67a6c6013ca 1839 word16 idx = 0;
wolfSSL 13:f67a6c6013ca 1840 int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL 13:f67a6c6013ca 1841 int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 1842 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 1843 int tls1_3 = IsAtLeastTLSv1_3(pv);
wolfSSL 13:f67a6c6013ca 1844 #endif
wolfSSL 13:f67a6c6013ca 1845 int dtls = 0;
wolfSSL 13:f67a6c6013ca 1846 int haveRSAsig = 1;
wolfSSL 13:f67a6c6013ca 1847
wolfSSL 13:f67a6c6013ca 1848 (void)tls; /* shut up compiler */
wolfSSL 13:f67a6c6013ca 1849 (void)tls1_2;
wolfSSL 13:f67a6c6013ca 1850 (void)dtls;
wolfSSL 13:f67a6c6013ca 1851 (void)haveDH;
wolfSSL 13:f67a6c6013ca 1852 (void)havePSK;
wolfSSL 13:f67a6c6013ca 1853 (void)haveNTRU;
wolfSSL 13:f67a6c6013ca 1854 (void)haveStaticECC;
wolfSSL 13:f67a6c6013ca 1855 (void)haveECC;
wolfSSL 13:f67a6c6013ca 1856
wolfSSL 13:f67a6c6013ca 1857 if (suites == NULL) {
wolfSSL 13:f67a6c6013ca 1858 WOLFSSL_MSG("InitSuites pointer error");
wolfSSL 13:f67a6c6013ca 1859 return;
wolfSSL 13:f67a6c6013ca 1860 }
wolfSSL 13:f67a6c6013ca 1861
wolfSSL 13:f67a6c6013ca 1862 if (suites->setSuites)
wolfSSL 13:f67a6c6013ca 1863 return; /* trust user settings, don't override */
wolfSSL 13:f67a6c6013ca 1864
wolfSSL 13:f67a6c6013ca 1865 if (side == WOLFSSL_SERVER_END && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 1866 haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL 13:f67a6c6013ca 1867 (void)haveRSA; /* some builds won't read */
wolfSSL 13:f67a6c6013ca 1868 }
wolfSSL 13:f67a6c6013ca 1869
wolfSSL 13:f67a6c6013ca 1870 if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
wolfSSL 13:f67a6c6013ca 1871 haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL 13:f67a6c6013ca 1872 (void)haveRSAsig; /* non ecc builds won't read */
wolfSSL 13:f67a6c6013ca 1873 }
wolfSSL 13:f67a6c6013ca 1874
wolfSSL 13:f67a6c6013ca 1875 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 1876 if (pv.major == DTLS_MAJOR) {
wolfSSL 13:f67a6c6013ca 1877 dtls = 1;
wolfSSL 13:f67a6c6013ca 1878 tls = 1;
wolfSSL 13:f67a6c6013ca 1879 /* May be dead assignments dependant upon configuration */
wolfSSL 13:f67a6c6013ca 1880 (void) dtls;
wolfSSL 13:f67a6c6013ca 1881 (void) tls;
wolfSSL 13:f67a6c6013ca 1882 tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 1883 }
wolfSSL 13:f67a6c6013ca 1884 #endif
wolfSSL 13:f67a6c6013ca 1885
wolfSSL 13:f67a6c6013ca 1886 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 13:f67a6c6013ca 1887 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 1888 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1889 suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL 13:f67a6c6013ca 1890 }
wolfSSL 13:f67a6c6013ca 1891 #endif
wolfSSL 13:f67a6c6013ca 1892
wolfSSL 13:f67a6c6013ca 1893 #ifdef BUILD_TLS_QSH
wolfSSL 13:f67a6c6013ca 1894 if (tls) {
wolfSSL 13:f67a6c6013ca 1895 suites->suites[idx++] = QSH_BYTE;
wolfSSL 13:f67a6c6013ca 1896 suites->suites[idx++] = TLS_QSH;
wolfSSL 13:f67a6c6013ca 1897 }
wolfSSL 13:f67a6c6013ca 1898 #endif
wolfSSL 13:f67a6c6013ca 1899
wolfSSL 13:f67a6c6013ca 1900 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 1901 if (tls && haveNTRU && haveRSA) {
wolfSSL 13:f67a6c6013ca 1902 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1903 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 1904 }
wolfSSL 13:f67a6c6013ca 1905 #endif
wolfSSL 13:f67a6c6013ca 1906
wolfSSL 13:f67a6c6013ca 1907 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 1908 if (tls && haveNTRU && haveRSA) {
wolfSSL 13:f67a6c6013ca 1909 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1910 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 1911 }
wolfSSL 13:f67a6c6013ca 1912 #endif
wolfSSL 13:f67a6c6013ca 1913
wolfSSL 13:f67a6c6013ca 1914 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 1915 if (!dtls && tls && haveNTRU && haveRSA) {
wolfSSL 13:f67a6c6013ca 1916 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1917 suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 1918 }
wolfSSL 13:f67a6c6013ca 1919 #endif
wolfSSL 13:f67a6c6013ca 1920
wolfSSL 13:f67a6c6013ca 1921 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 1922 if (tls && haveNTRU && haveRSA) {
wolfSSL 13:f67a6c6013ca 1923 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1924 suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 1925 }
wolfSSL 13:f67a6c6013ca 1926 #endif
wolfSSL 13:f67a6c6013ca 1927
wolfSSL 13:f67a6c6013ca 1928 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 1929 #ifdef BUILD_TLS_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 1930 if (tls1_3) {
wolfSSL 13:f67a6c6013ca 1931 suites->suites[idx++] = TLS13_BYTE;
wolfSSL 13:f67a6c6013ca 1932 suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 1933 }
wolfSSL 13:f67a6c6013ca 1934 #endif
wolfSSL 13:f67a6c6013ca 1935
wolfSSL 13:f67a6c6013ca 1936 #ifdef BUILD_TLS_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 1937 if (tls1_3) {
wolfSSL 13:f67a6c6013ca 1938 suites->suites[idx++] = TLS13_BYTE;
wolfSSL 13:f67a6c6013ca 1939 suites->suites[idx++] = TLS_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 1940 }
wolfSSL 13:f67a6c6013ca 1941 #endif
wolfSSL 13:f67a6c6013ca 1942
wolfSSL 13:f67a6c6013ca 1943 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 1944 if (tls1_3) {
wolfSSL 13:f67a6c6013ca 1945 suites->suites[idx++] = TLS13_BYTE;
wolfSSL 13:f67a6c6013ca 1946 suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 1947 }
wolfSSL 13:f67a6c6013ca 1948 #endif
wolfSSL 13:f67a6c6013ca 1949
wolfSSL 13:f67a6c6013ca 1950 #ifdef BUILD_TLS_AES_128_CCM_SHA256
wolfSSL 13:f67a6c6013ca 1951 if (tls1_3) {
wolfSSL 13:f67a6c6013ca 1952 suites->suites[idx++] = TLS13_BYTE;
wolfSSL 13:f67a6c6013ca 1953 suites->suites[idx++] = TLS_AES_128_CCM_SHA256;
wolfSSL 13:f67a6c6013ca 1954 }
wolfSSL 13:f67a6c6013ca 1955 #endif
wolfSSL 13:f67a6c6013ca 1956
wolfSSL 13:f67a6c6013ca 1957 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL 13:f67a6c6013ca 1958 if (tls1_3) {
wolfSSL 13:f67a6c6013ca 1959 suites->suites[idx++] = TLS13_BYTE;
wolfSSL 13:f67a6c6013ca 1960 suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256;
wolfSSL 13:f67a6c6013ca 1961 }
wolfSSL 13:f67a6c6013ca 1962 #endif
wolfSSL 13:f67a6c6013ca 1963 #endif /* WOLFSSL_TLS13 */
wolfSSL 13:f67a6c6013ca 1964
wolfSSL 13:f67a6c6013ca 1965 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 1966 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 1967 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 1968 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 1969 }
wolfSSL 13:f67a6c6013ca 1970 #endif
wolfSSL 13:f67a6c6013ca 1971
wolfSSL 13:f67a6c6013ca 1972 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 1973 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 1974 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 1975 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 1976 }
wolfSSL 13:f67a6c6013ca 1977 #endif
wolfSSL 13:f67a6c6013ca 1978
wolfSSL 13:f67a6c6013ca 1979 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 1980 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 1981 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 1982 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 1983 }
wolfSSL 13:f67a6c6013ca 1984 #endif
wolfSSL 13:f67a6c6013ca 1985
wolfSSL 13:f67a6c6013ca 1986 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 1987 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 1988 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 1989 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 1990 }
wolfSSL 13:f67a6c6013ca 1991 #endif
wolfSSL 13:f67a6c6013ca 1992
wolfSSL 13:f67a6c6013ca 1993 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 1994 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 1995 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 1996 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 1997 }
wolfSSL 13:f67a6c6013ca 1998 #endif
wolfSSL 13:f67a6c6013ca 1999
wolfSSL 13:f67a6c6013ca 2000 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2001 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2002 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2003 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2004 }
wolfSSL 13:f67a6c6013ca 2005 #endif
wolfSSL 13:f67a6c6013ca 2006
wolfSSL 13:f67a6c6013ca 2007 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 2008 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2009 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2010 suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 2011 }
wolfSSL 13:f67a6c6013ca 2012 #endif
wolfSSL 13:f67a6c6013ca 2013
wolfSSL 13:f67a6c6013ca 2014 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2015 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2016 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2017 suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2018 }
wolfSSL 13:f67a6c6013ca 2019 #endif
wolfSSL 13:f67a6c6013ca 2020
wolfSSL 13:f67a6c6013ca 2021 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 2022 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2023 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2024 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 2025 }
wolfSSL 13:f67a6c6013ca 2026 #endif
wolfSSL 13:f67a6c6013ca 2027
wolfSSL 13:f67a6c6013ca 2028 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2029 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2030 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2031 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2032 }
wolfSSL 13:f67a6c6013ca 2033 #endif
wolfSSL 13:f67a6c6013ca 2034
wolfSSL 13:f67a6c6013ca 2035 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 2036 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2037 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2038 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 2039 }
wolfSSL 13:f67a6c6013ca 2040 #endif
wolfSSL 13:f67a6c6013ca 2041
wolfSSL 13:f67a6c6013ca 2042 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2043 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2044 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2045 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2046 }
wolfSSL 13:f67a6c6013ca 2047 #endif
wolfSSL 13:f67a6c6013ca 2048
wolfSSL 13:f67a6c6013ca 2049 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 2050 if (tls1_2 && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2051 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2052 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 2053 }
wolfSSL 13:f67a6c6013ca 2054 #endif
wolfSSL 13:f67a6c6013ca 2055
wolfSSL 13:f67a6c6013ca 2056 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2057 if (tls1_2 && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2058 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2059 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2060 }
wolfSSL 13:f67a6c6013ca 2061 #endif
wolfSSL 13:f67a6c6013ca 2062
wolfSSL 13:f67a6c6013ca 2063 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 2064 if (tls1_2 && havePSK) {
wolfSSL 13:f67a6c6013ca 2065 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2066 suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 13:f67a6c6013ca 2067 }
wolfSSL 13:f67a6c6013ca 2068 #endif
wolfSSL 13:f67a6c6013ca 2069
wolfSSL 13:f67a6c6013ca 2070 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 2071 if (tls1_2 && havePSK) {
wolfSSL 13:f67a6c6013ca 2072 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2073 suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 13:f67a6c6013ca 2074 }
wolfSSL 13:f67a6c6013ca 2075 #endif
wolfSSL 13:f67a6c6013ca 2076
wolfSSL 13:f67a6c6013ca 2077 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2078 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2079 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2080 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2081 }
wolfSSL 13:f67a6c6013ca 2082 #endif
wolfSSL 13:f67a6c6013ca 2083
wolfSSL 13:f67a6c6013ca 2084 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2085 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2086 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2087 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2088 }
wolfSSL 13:f67a6c6013ca 2089 #endif
wolfSSL 13:f67a6c6013ca 2090
wolfSSL 13:f67a6c6013ca 2091 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2092 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2093 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2094 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2095 }
wolfSSL 13:f67a6c6013ca 2096 #endif
wolfSSL 13:f67a6c6013ca 2097
wolfSSL 13:f67a6c6013ca 2098 /* Place as higher priority for MYSQL */
wolfSSL 13:f67a6c6013ca 2099 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 13:f67a6c6013ca 2100 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2101 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2102 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2103 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2104 }
wolfSSL 13:f67a6c6013ca 2105 #endif
wolfSSL 13:f67a6c6013ca 2106 #endif
wolfSSL 13:f67a6c6013ca 2107
wolfSSL 13:f67a6c6013ca 2108 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2109 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2110 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2111 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2112 }
wolfSSL 13:f67a6c6013ca 2113 #endif
wolfSSL 13:f67a6c6013ca 2114
wolfSSL 13:f67a6c6013ca 2115 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2116 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2117 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2118 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2119 }
wolfSSL 13:f67a6c6013ca 2120 #endif
wolfSSL 13:f67a6c6013ca 2121
wolfSSL 13:f67a6c6013ca 2122 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2123 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2124 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2125 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2126 }
wolfSSL 13:f67a6c6013ca 2127 #endif
wolfSSL 13:f67a6c6013ca 2128
wolfSSL 13:f67a6c6013ca 2129 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2130 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2131 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2132 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2133 }
wolfSSL 13:f67a6c6013ca 2134 #endif
wolfSSL 13:f67a6c6013ca 2135
wolfSSL 13:f67a6c6013ca 2136 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2137 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2138 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2139 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2140 }
wolfSSL 13:f67a6c6013ca 2141 #endif
wolfSSL 13:f67a6c6013ca 2142
wolfSSL 13:f67a6c6013ca 2143 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2144 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2145 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2146 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2147 }
wolfSSL 13:f67a6c6013ca 2148 #endif
wolfSSL 13:f67a6c6013ca 2149
wolfSSL 13:f67a6c6013ca 2150 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2151 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2152 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2153 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2154 }
wolfSSL 13:f67a6c6013ca 2155 #endif
wolfSSL 13:f67a6c6013ca 2156
wolfSSL 13:f67a6c6013ca 2157 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2158 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2159 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2160 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2161 }
wolfSSL 13:f67a6c6013ca 2162 #endif
wolfSSL 13:f67a6c6013ca 2163
wolfSSL 13:f67a6c6013ca 2164 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2165 if (tls && haveECC) {
wolfSSL 13:f67a6c6013ca 2166 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2167 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2168 }
wolfSSL 13:f67a6c6013ca 2169 #endif
wolfSSL 13:f67a6c6013ca 2170
wolfSSL 13:f67a6c6013ca 2171 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2172 if (tls && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2173 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2174 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2175 }
wolfSSL 13:f67a6c6013ca 2176 #endif
wolfSSL 13:f67a6c6013ca 2177
wolfSSL 13:f67a6c6013ca 2178 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2179 if (tls && haveECC) {
wolfSSL 13:f67a6c6013ca 2180 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2181 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2182 }
wolfSSL 13:f67a6c6013ca 2183 #endif
wolfSSL 13:f67a6c6013ca 2184
wolfSSL 13:f67a6c6013ca 2185 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2186 if (tls && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2187 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2188 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2189 }
wolfSSL 13:f67a6c6013ca 2190 #endif
wolfSSL 13:f67a6c6013ca 2191
wolfSSL 13:f67a6c6013ca 2192 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 2193 if (!dtls && tls && haveECC) {
wolfSSL 13:f67a6c6013ca 2194 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2195 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 2196 }
wolfSSL 13:f67a6c6013ca 2197 #endif
wolfSSL 13:f67a6c6013ca 2198
wolfSSL 13:f67a6c6013ca 2199 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 2200 if (!dtls && tls && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2201 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2202 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 2203 }
wolfSSL 13:f67a6c6013ca 2204 #endif
wolfSSL 13:f67a6c6013ca 2205
wolfSSL 13:f67a6c6013ca 2206 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2207 if (tls && haveECC) {
wolfSSL 13:f67a6c6013ca 2208 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2209 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2210 }
wolfSSL 13:f67a6c6013ca 2211 #endif
wolfSSL 13:f67a6c6013ca 2212
wolfSSL 13:f67a6c6013ca 2213 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2214 if (tls && haveECC && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2215 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2216 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2217 }
wolfSSL 13:f67a6c6013ca 2218 #endif
wolfSSL 13:f67a6c6013ca 2219
wolfSSL 13:f67a6c6013ca 2220 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2221 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2222 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2223 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2224 }
wolfSSL 13:f67a6c6013ca 2225 #endif
wolfSSL 13:f67a6c6013ca 2226
wolfSSL 13:f67a6c6013ca 2227 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2228 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2229 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2230 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2231 }
wolfSSL 13:f67a6c6013ca 2232 #endif
wolfSSL 13:f67a6c6013ca 2233
wolfSSL 13:f67a6c6013ca 2234 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2235 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2236 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2237 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2238 }
wolfSSL 13:f67a6c6013ca 2239 #endif
wolfSSL 13:f67a6c6013ca 2240
wolfSSL 13:f67a6c6013ca 2241 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2242 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2243 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2244 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2245 }
wolfSSL 13:f67a6c6013ca 2246 #endif
wolfSSL 13:f67a6c6013ca 2247
wolfSSL 13:f67a6c6013ca 2248 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 2249 if (!dtls && tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2250 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2251 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 2252 }
wolfSSL 13:f67a6c6013ca 2253 #endif
wolfSSL 13:f67a6c6013ca 2254
wolfSSL 13:f67a6c6013ca 2255 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 2256 if (!dtls && tls && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2257 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2258 suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 2259 }
wolfSSL 13:f67a6c6013ca 2260 #endif
wolfSSL 13:f67a6c6013ca 2261
wolfSSL 13:f67a6c6013ca 2262 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2263 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2264 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2265 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2266 }
wolfSSL 13:f67a6c6013ca 2267 #endif
wolfSSL 13:f67a6c6013ca 2268
wolfSSL 13:f67a6c6013ca 2269 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2270 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 13:f67a6c6013ca 2271 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2272 suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2273 }
wolfSSL 13:f67a6c6013ca 2274 #endif
wolfSSL 13:f67a6c6013ca 2275
wolfSSL 13:f67a6c6013ca 2276 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 2277 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2278 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2279 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
wolfSSL 13:f67a6c6013ca 2280 }
wolfSSL 13:f67a6c6013ca 2281 #endif
wolfSSL 13:f67a6c6013ca 2282
wolfSSL 13:f67a6c6013ca 2283 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 2284 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2285 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2286 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL 13:f67a6c6013ca 2287 }
wolfSSL 13:f67a6c6013ca 2288 #endif
wolfSSL 13:f67a6c6013ca 2289
wolfSSL 13:f67a6c6013ca 2290 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 2291 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2292 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2293 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL 13:f67a6c6013ca 2294 }
wolfSSL 13:f67a6c6013ca 2295 #endif
wolfSSL 13:f67a6c6013ca 2296
wolfSSL 13:f67a6c6013ca 2297 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 2298 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2299 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2300 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL 13:f67a6c6013ca 2301 }
wolfSSL 13:f67a6c6013ca 2302 #endif
wolfSSL 13:f67a6c6013ca 2303
wolfSSL 13:f67a6c6013ca 2304 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 2305 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2306 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2307 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL 13:f67a6c6013ca 2308 }
wolfSSL 13:f67a6c6013ca 2309 #endif
wolfSSL 13:f67a6c6013ca 2310
wolfSSL 13:f67a6c6013ca 2311 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2312 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2313 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2314 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2315 }
wolfSSL 13:f67a6c6013ca 2316 #endif
wolfSSL 13:f67a6c6013ca 2317
wolfSSL 13:f67a6c6013ca 2318 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2319 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2320 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2321 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2322 }
wolfSSL 13:f67a6c6013ca 2323 #endif
wolfSSL 13:f67a6c6013ca 2324
wolfSSL 13:f67a6c6013ca 2325 /* Place as higher priority for MYSQL testing */
wolfSSL 13:f67a6c6013ca 2326 #if !defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 13:f67a6c6013ca 2327 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2328 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2329 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2330 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2331 }
wolfSSL 13:f67a6c6013ca 2332 #endif
wolfSSL 13:f67a6c6013ca 2333 #endif
wolfSSL 13:f67a6c6013ca 2334
wolfSSL 13:f67a6c6013ca 2335 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2336 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2337 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2338 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2339 }
wolfSSL 13:f67a6c6013ca 2340 #endif
wolfSSL 13:f67a6c6013ca 2341
wolfSSL 13:f67a6c6013ca 2342 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2343 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2344 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2345 suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2346 }
wolfSSL 13:f67a6c6013ca 2347 #endif
wolfSSL 13:f67a6c6013ca 2348
wolfSSL 13:f67a6c6013ca 2349 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2350 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2351 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2352 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2353 }
wolfSSL 13:f67a6c6013ca 2354 #endif
wolfSSL 13:f67a6c6013ca 2355
wolfSSL 13:f67a6c6013ca 2356 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2357 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2358 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2359 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2360 }
wolfSSL 13:f67a6c6013ca 2361 #endif
wolfSSL 13:f67a6c6013ca 2362
wolfSSL 13:f67a6c6013ca 2363 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2364 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2365 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2366 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2367 }
wolfSSL 13:f67a6c6013ca 2368 #endif
wolfSSL 13:f67a6c6013ca 2369
wolfSSL 13:f67a6c6013ca 2370 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2371 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2372 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2373 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2374 }
wolfSSL 13:f67a6c6013ca 2375 #endif
wolfSSL 13:f67a6c6013ca 2376
wolfSSL 13:f67a6c6013ca 2377 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2378 if (tls1_2 && haveECC) {
wolfSSL 13:f67a6c6013ca 2379 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2380 suites->suites[idx++] =
wolfSSL 13:f67a6c6013ca 2381 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2382 }
wolfSSL 13:f67a6c6013ca 2383 #endif
wolfSSL 13:f67a6c6013ca 2384
wolfSSL 13:f67a6c6013ca 2385 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2386 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2387 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2388 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2389 }
wolfSSL 13:f67a6c6013ca 2390 #endif
wolfSSL 13:f67a6c6013ca 2391
wolfSSL 13:f67a6c6013ca 2392 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2393 if (tls1_2 && haveRSA) {
wolfSSL 13:f67a6c6013ca 2394 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2395 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2396 }
wolfSSL 13:f67a6c6013ca 2397 #endif
wolfSSL 13:f67a6c6013ca 2398
wolfSSL 13:f67a6c6013ca 2399 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 2400 if (tls && haveECC) {
wolfSSL 13:f67a6c6013ca 2401 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2402 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
wolfSSL 13:f67a6c6013ca 2403 }
wolfSSL 13:f67a6c6013ca 2404 #endif
wolfSSL 13:f67a6c6013ca 2405
wolfSSL 13:f67a6c6013ca 2406 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 2407 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2408 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2409 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL 13:f67a6c6013ca 2410 }
wolfSSL 13:f67a6c6013ca 2411 #endif
wolfSSL 13:f67a6c6013ca 2412
wolfSSL 13:f67a6c6013ca 2413 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 2414 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2415 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2416 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL 13:f67a6c6013ca 2417 }
wolfSSL 13:f67a6c6013ca 2418 #endif
wolfSSL 13:f67a6c6013ca 2419
wolfSSL 13:f67a6c6013ca 2420 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2421 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2422 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2423 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2424 }
wolfSSL 13:f67a6c6013ca 2425 #endif
wolfSSL 13:f67a6c6013ca 2426
wolfSSL 13:f67a6c6013ca 2427 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2428 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2429 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2430 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2431 }
wolfSSL 13:f67a6c6013ca 2432 #endif
wolfSSL 13:f67a6c6013ca 2433
wolfSSL 13:f67a6c6013ca 2434 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 2435 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2436 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2437 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 13:f67a6c6013ca 2438 }
wolfSSL 13:f67a6c6013ca 2439 #endif
wolfSSL 13:f67a6c6013ca 2440
wolfSSL 13:f67a6c6013ca 2441 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2442 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2443 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2444 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2445 }
wolfSSL 13:f67a6c6013ca 2446 #endif
wolfSSL 13:f67a6c6013ca 2447
wolfSSL 13:f67a6c6013ca 2448 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2449 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2450 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2451 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2452 }
wolfSSL 13:f67a6c6013ca 2453 #endif
wolfSSL 13:f67a6c6013ca 2454
wolfSSL 13:f67a6c6013ca 2455 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2456 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2457 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2458 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2459 }
wolfSSL 13:f67a6c6013ca 2460 #endif
wolfSSL 13:f67a6c6013ca 2461
wolfSSL 13:f67a6c6013ca 2462 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 2463 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2464 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2465 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
wolfSSL 13:f67a6c6013ca 2466 }
wolfSSL 13:f67a6c6013ca 2467 #endif
wolfSSL 13:f67a6c6013ca 2468
wolfSSL 13:f67a6c6013ca 2469 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 2470 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2471 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2472 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
wolfSSL 13:f67a6c6013ca 2473 }
wolfSSL 13:f67a6c6013ca 2474 #endif
wolfSSL 13:f67a6c6013ca 2475
wolfSSL 13:f67a6c6013ca 2476 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2477 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2478 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2479 suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2480 }
wolfSSL 13:f67a6c6013ca 2481 #endif
wolfSSL 13:f67a6c6013ca 2482
wolfSSL 13:f67a6c6013ca 2483 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2484 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2485 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2486 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2487 }
wolfSSL 13:f67a6c6013ca 2488 #endif
wolfSSL 13:f67a6c6013ca 2489
wolfSSL 13:f67a6c6013ca 2490 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 2491 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2492 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 13:f67a6c6013ca 2493 suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 13:f67a6c6013ca 2494 }
wolfSSL 13:f67a6c6013ca 2495 #endif
wolfSSL 13:f67a6c6013ca 2496
wolfSSL 13:f67a6c6013ca 2497 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2498 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2499 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2500 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2501 }
wolfSSL 13:f67a6c6013ca 2502 #endif
wolfSSL 13:f67a6c6013ca 2503
wolfSSL 13:f67a6c6013ca 2504 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 2505 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2506 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2507 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
wolfSSL 13:f67a6c6013ca 2508 }
wolfSSL 13:f67a6c6013ca 2509 #endif
wolfSSL 13:f67a6c6013ca 2510
wolfSSL 13:f67a6c6013ca 2511 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 2512 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2513 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2514 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
wolfSSL 13:f67a6c6013ca 2515 }
wolfSSL 13:f67a6c6013ca 2516 #endif
wolfSSL 13:f67a6c6013ca 2517
wolfSSL 13:f67a6c6013ca 2518 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 2519 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2520 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2521 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL 13:f67a6c6013ca 2522 }
wolfSSL 13:f67a6c6013ca 2523 #endif
wolfSSL 13:f67a6c6013ca 2524
wolfSSL 13:f67a6c6013ca 2525 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 2526 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2527 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2528 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL 13:f67a6c6013ca 2529 }
wolfSSL 13:f67a6c6013ca 2530 #endif
wolfSSL 13:f67a6c6013ca 2531
wolfSSL 13:f67a6c6013ca 2532 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 2533 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2534 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2535 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
wolfSSL 13:f67a6c6013ca 2536 }
wolfSSL 13:f67a6c6013ca 2537 #endif
wolfSSL 13:f67a6c6013ca 2538
wolfSSL 13:f67a6c6013ca 2539 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 2540 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2541 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2542 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
wolfSSL 13:f67a6c6013ca 2543 }
wolfSSL 13:f67a6c6013ca 2544 #endif
wolfSSL 13:f67a6c6013ca 2545
wolfSSL 13:f67a6c6013ca 2546 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 2547 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2548 suites->suites[idx++] = ECC_BYTE;
wolfSSL 13:f67a6c6013ca 2549 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
wolfSSL 13:f67a6c6013ca 2550 }
wolfSSL 13:f67a6c6013ca 2551 #endif
wolfSSL 13:f67a6c6013ca 2552
wolfSSL 13:f67a6c6013ca 2553 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 2554 if (tls && haveDH && havePSK) {
wolfSSL 13:f67a6c6013ca 2555 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2556 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
wolfSSL 13:f67a6c6013ca 2557 }
wolfSSL 13:f67a6c6013ca 2558 #endif
wolfSSL 13:f67a6c6013ca 2559
wolfSSL 13:f67a6c6013ca 2560 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 2561 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2562 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2563 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL 13:f67a6c6013ca 2564 }
wolfSSL 13:f67a6c6013ca 2565 #endif
wolfSSL 13:f67a6c6013ca 2566
wolfSSL 13:f67a6c6013ca 2567 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 2568 if (tls && havePSK) {
wolfSSL 13:f67a6c6013ca 2569 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2570 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL 13:f67a6c6013ca 2571 }
wolfSSL 13:f67a6c6013ca 2572 #endif
wolfSSL 13:f67a6c6013ca 2573
wolfSSL 13:f67a6c6013ca 2574 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 2575 if (!dtls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2576 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2577 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL 13:f67a6c6013ca 2578 }
wolfSSL 13:f67a6c6013ca 2579 #endif
wolfSSL 13:f67a6c6013ca 2580
wolfSSL 13:f67a6c6013ca 2581 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 13:f67a6c6013ca 2582 if (!dtls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2583 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2584 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL 13:f67a6c6013ca 2585 }
wolfSSL 13:f67a6c6013ca 2586 #endif
wolfSSL 13:f67a6c6013ca 2587
wolfSSL 13:f67a6c6013ca 2588 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 2589 if (haveRSA ) {
wolfSSL 13:f67a6c6013ca 2590 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2591 suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2592 }
wolfSSL 13:f67a6c6013ca 2593 #endif
wolfSSL 13:f67a6c6013ca 2594
wolfSSL 13:f67a6c6013ca 2595 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 13:f67a6c6013ca 2596 if (!dtls && tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2597 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2598 suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL 13:f67a6c6013ca 2599 }
wolfSSL 13:f67a6c6013ca 2600 #endif
wolfSSL 13:f67a6c6013ca 2601
wolfSSL 13:f67a6c6013ca 2602 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 13:f67a6c6013ca 2603 if (!dtls && tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2604 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2605 suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL 13:f67a6c6013ca 2606 }
wolfSSL 13:f67a6c6013ca 2607 #endif
wolfSSL 13:f67a6c6013ca 2608
wolfSSL 13:f67a6c6013ca 2609 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 13:f67a6c6013ca 2610 if (!dtls && tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2611 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2612 suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
wolfSSL 13:f67a6c6013ca 2613 }
wolfSSL 13:f67a6c6013ca 2614 #endif
wolfSSL 13:f67a6c6013ca 2615
wolfSSL 13:f67a6c6013ca 2616 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 13:f67a6c6013ca 2617 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2618 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2619 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
wolfSSL 13:f67a6c6013ca 2620 }
wolfSSL 13:f67a6c6013ca 2621 #endif
wolfSSL 13:f67a6c6013ca 2622
wolfSSL 13:f67a6c6013ca 2623 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 13:f67a6c6013ca 2624 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2625 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2626 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
wolfSSL 13:f67a6c6013ca 2627 }
wolfSSL 13:f67a6c6013ca 2628 #endif
wolfSSL 13:f67a6c6013ca 2629
wolfSSL 13:f67a6c6013ca 2630 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 13:f67a6c6013ca 2631 if (!dtls && tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2632 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2633 suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL 13:f67a6c6013ca 2634 }
wolfSSL 13:f67a6c6013ca 2635 #endif
wolfSSL 13:f67a6c6013ca 2636
wolfSSL 13:f67a6c6013ca 2637 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2638 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2639 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2640 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2641 }
wolfSSL 13:f67a6c6013ca 2642 #endif
wolfSSL 13:f67a6c6013ca 2643
wolfSSL 13:f67a6c6013ca 2644 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 2645 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2646 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2647 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2648 }
wolfSSL 13:f67a6c6013ca 2649 #endif
wolfSSL 13:f67a6c6013ca 2650
wolfSSL 13:f67a6c6013ca 2651 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2652 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2653 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2654 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2655 }
wolfSSL 13:f67a6c6013ca 2656 #endif
wolfSSL 13:f67a6c6013ca 2657
wolfSSL 13:f67a6c6013ca 2658 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 2659 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2660 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2661 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2662 }
wolfSSL 13:f67a6c6013ca 2663 #endif
wolfSSL 13:f67a6c6013ca 2664
wolfSSL 13:f67a6c6013ca 2665 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2666 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2667 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2668 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2669 }
wolfSSL 13:f67a6c6013ca 2670 #endif
wolfSSL 13:f67a6c6013ca 2671
wolfSSL 13:f67a6c6013ca 2672 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2673 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2674 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2675 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2676 }
wolfSSL 13:f67a6c6013ca 2677 #endif
wolfSSL 13:f67a6c6013ca 2678
wolfSSL 13:f67a6c6013ca 2679 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2680 if (tls && haveRSA) {
wolfSSL 13:f67a6c6013ca 2681 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2682 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2683 }
wolfSSL 13:f67a6c6013ca 2684 #endif
wolfSSL 13:f67a6c6013ca 2685
wolfSSL 13:f67a6c6013ca 2686 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 2687 if (tls && haveDH && haveRSA) {
wolfSSL 13:f67a6c6013ca 2688 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2689 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 13:f67a6c6013ca 2690 }
wolfSSL 13:f67a6c6013ca 2691 #endif
wolfSSL 13:f67a6c6013ca 2692
wolfSSL 13:f67a6c6013ca 2693 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 13:f67a6c6013ca 2694 if (haveRSA) {
wolfSSL 13:f67a6c6013ca 2695 suites->suites[idx++] = 0;
wolfSSL 13:f67a6c6013ca 2696 suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA;
wolfSSL 13:f67a6c6013ca 2697 }
wolfSSL 13:f67a6c6013ca 2698 #endif
wolfSSL 13:f67a6c6013ca 2699
wolfSSL 13:f67a6c6013ca 2700 suites->suiteSz = idx;
wolfSSL 13:f67a6c6013ca 2701
wolfSSL 13:f67a6c6013ca 2702 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0, tls1_2, keySz);
wolfSSL 13:f67a6c6013ca 2703 }
wolfSSL 13:f67a6c6013ca 2704
wolfSSL 13:f67a6c6013ca 2705 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \
wolfSSL 13:f67a6c6013ca 2706 (!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) || defined(HAVE_ECC)))
wolfSSL 13:f67a6c6013ca 2707
wolfSSL 13:f67a6c6013ca 2708 /* Decode the signature algorithm.
wolfSSL 13:f67a6c6013ca 2709 *
wolfSSL 13:f67a6c6013ca 2710 * input The encoded signature algorithm.
wolfSSL 13:f67a6c6013ca 2711 * hashalgo The hash algorithm.
wolfSSL 13:f67a6c6013ca 2712 * hsType The signature type.
wolfSSL 13:f67a6c6013ca 2713 */
wolfSSL 13:f67a6c6013ca 2714 static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
wolfSSL 13:f67a6c6013ca 2715 {
wolfSSL 13:f67a6c6013ca 2716 switch (input[0]) {
wolfSSL 13:f67a6c6013ca 2717 case NEW_SA_MAJOR:
wolfSSL 13:f67a6c6013ca 2718 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 2719 /* PSS signatures: 0x080[4-6] */
wolfSSL 13:f67a6c6013ca 2720 if (input[1] <= sha512_mac) {
wolfSSL 13:f67a6c6013ca 2721 *hsType = input[0];
wolfSSL 13:f67a6c6013ca 2722 *hashAlgo = input[1];
wolfSSL 13:f67a6c6013ca 2723 }
wolfSSL 13:f67a6c6013ca 2724 #endif
wolfSSL 13:f67a6c6013ca 2725 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 2726 /* ED25519: 0x0807 */
wolfSSL 13:f67a6c6013ca 2727 if (input[1] == ED25519_SA_MINOR) {
wolfSSL 13:f67a6c6013ca 2728 *hsType = ed25519_sa_algo;
wolfSSL 13:f67a6c6013ca 2729 /* Hash performed as part of sign/verify operation. */
wolfSSL 13:f67a6c6013ca 2730 *hashAlgo = sha512_mac;
wolfSSL 13:f67a6c6013ca 2731 }
wolfSSL 13:f67a6c6013ca 2732 #endif
wolfSSL 13:f67a6c6013ca 2733 /* ED448: 0x0808 */
wolfSSL 13:f67a6c6013ca 2734 break;
wolfSSL 13:f67a6c6013ca 2735 default:
wolfSSL 13:f67a6c6013ca 2736 *hashAlgo = input[0];
wolfSSL 13:f67a6c6013ca 2737 *hsType = input[1];
wolfSSL 13:f67a6c6013ca 2738 break;
wolfSSL 13:f67a6c6013ca 2739 }
wolfSSL 13:f67a6c6013ca 2740 }
wolfSSL 13:f67a6c6013ca 2741 #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */
wolfSSL 13:f67a6c6013ca 2742
wolfSSL 13:f67a6c6013ca 2743 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 2744
wolfSSL 13:f67a6c6013ca 2745 static enum wc_HashType HashAlgoToType(int hashAlgo)
wolfSSL 13:f67a6c6013ca 2746 {
wolfSSL 13:f67a6c6013ca 2747 switch (hashAlgo) {
wolfSSL 13:f67a6c6013ca 2748 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 2749 case sha512_mac:
wolfSSL 13:f67a6c6013ca 2750 return WC_HASH_TYPE_SHA512;
wolfSSL 13:f67a6c6013ca 2751 #endif
wolfSSL 13:f67a6c6013ca 2752 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 2753 case sha384_mac:
wolfSSL 13:f67a6c6013ca 2754 return WC_HASH_TYPE_SHA384;
wolfSSL 13:f67a6c6013ca 2755 #endif
wolfSSL 13:f67a6c6013ca 2756 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 2757 case sha256_mac:
wolfSSL 13:f67a6c6013ca 2758 return WC_HASH_TYPE_SHA256;
wolfSSL 13:f67a6c6013ca 2759 #endif
wolfSSL 13:f67a6c6013ca 2760 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 2761 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 2762 case sha_mac:
wolfSSL 13:f67a6c6013ca 2763 return WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 2764 #endif
wolfSSL 13:f67a6c6013ca 2765 default:
wolfSSL 13:f67a6c6013ca 2766 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 13:f67a6c6013ca 2767 break;
wolfSSL 13:f67a6c6013ca 2768 }
wolfSSL 13:f67a6c6013ca 2769
wolfSSL 13:f67a6c6013ca 2770 return WC_HASH_TYPE_NONE;
wolfSSL 13:f67a6c6013ca 2771 }
wolfSSL 13:f67a6c6013ca 2772
wolfSSL 13:f67a6c6013ca 2773 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 2774
wolfSSL 13:f67a6c6013ca 2775
wolfSSL 13:f67a6c6013ca 2776 void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
wolfSSL 13:f67a6c6013ca 2777 {
wolfSSL 13:f67a6c6013ca 2778 (void)dynamicFlag;
wolfSSL 13:f67a6c6013ca 2779
wolfSSL 13:f67a6c6013ca 2780 if (name != NULL) {
wolfSSL 13:f67a6c6013ca 2781 name->name = name->staticName;
wolfSSL 13:f67a6c6013ca 2782 name->dynamicName = 0;
wolfSSL 13:f67a6c6013ca 2783 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 2784 XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL 13:f67a6c6013ca 2785 XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL 13:f67a6c6013ca 2786 name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
wolfSSL 13:f67a6c6013ca 2787 name->x509 = NULL;
wolfSSL 13:f67a6c6013ca 2788 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 2789 }
wolfSSL 13:f67a6c6013ca 2790 }
wolfSSL 13:f67a6c6013ca 2791
wolfSSL 13:f67a6c6013ca 2792
wolfSSL 13:f67a6c6013ca 2793 void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
wolfSSL 13:f67a6c6013ca 2794 {
wolfSSL 13:f67a6c6013ca 2795 if (name != NULL) {
wolfSSL 13:f67a6c6013ca 2796 if (name->dynamicName)
wolfSSL 13:f67a6c6013ca 2797 XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 13:f67a6c6013ca 2798 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 2799 if (name->fullName.fullName != NULL)
wolfSSL 13:f67a6c6013ca 2800 XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
wolfSSL 13:f67a6c6013ca 2801 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 2802 }
wolfSSL 13:f67a6c6013ca 2803 (void)heap;
wolfSSL 13:f67a6c6013ca 2804 }
wolfSSL 13:f67a6c6013ca 2805
wolfSSL 13:f67a6c6013ca 2806
wolfSSL 13:f67a6c6013ca 2807 /* Initialize wolfSSL X509 type */
wolfSSL 13:f67a6c6013ca 2808 void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
wolfSSL 13:f67a6c6013ca 2809 {
wolfSSL 13:f67a6c6013ca 2810 if (x509 == NULL) {
wolfSSL 13:f67a6c6013ca 2811 WOLFSSL_MSG("Null parameter passed in!");
wolfSSL 13:f67a6c6013ca 2812 return;
wolfSSL 13:f67a6c6013ca 2813 }
wolfSSL 13:f67a6c6013ca 2814
wolfSSL 13:f67a6c6013ca 2815 XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
wolfSSL 13:f67a6c6013ca 2816
wolfSSL 13:f67a6c6013ca 2817 x509->heap = heap;
wolfSSL 13:f67a6c6013ca 2818 InitX509Name(&x509->issuer, 0);
wolfSSL 13:f67a6c6013ca 2819 InitX509Name(&x509->subject, 0);
wolfSSL 13:f67a6c6013ca 2820 x509->version = 0;
wolfSSL 13:f67a6c6013ca 2821 x509->pubKey.buffer = NULL;
wolfSSL 13:f67a6c6013ca 2822 x509->sig.buffer = NULL;
wolfSSL 13:f67a6c6013ca 2823 x509->derCert = NULL;
wolfSSL 13:f67a6c6013ca 2824 x509->altNames = NULL;
wolfSSL 13:f67a6c6013ca 2825 x509->altNamesNext = NULL;
wolfSSL 13:f67a6c6013ca 2826 x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL 13:f67a6c6013ca 2827 x509->isCa = 0;
wolfSSL 13:f67a6c6013ca 2828 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 2829 x509->pkCurveOID = 0;
wolfSSL 13:f67a6c6013ca 2830 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 2831 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 2832 x509->pathLength = 0;
wolfSSL 13:f67a6c6013ca 2833 x509->basicConstSet = 0;
wolfSSL 13:f67a6c6013ca 2834 x509->basicConstCrit = 0;
wolfSSL 13:f67a6c6013ca 2835 x509->basicConstPlSet = 0;
wolfSSL 13:f67a6c6013ca 2836 x509->subjAltNameSet = 0;
wolfSSL 13:f67a6c6013ca 2837 x509->subjAltNameCrit = 0;
wolfSSL 13:f67a6c6013ca 2838 x509->authKeyIdSet = 0;
wolfSSL 13:f67a6c6013ca 2839 x509->authKeyIdCrit = 0;
wolfSSL 13:f67a6c6013ca 2840 x509->authKeyId = NULL;
wolfSSL 13:f67a6c6013ca 2841 x509->authKeyIdSz = 0;
wolfSSL 13:f67a6c6013ca 2842 x509->subjKeyIdSet = 0;
wolfSSL 13:f67a6c6013ca 2843 x509->subjKeyIdCrit = 0;
wolfSSL 13:f67a6c6013ca 2844 x509->subjKeyId = NULL;
wolfSSL 13:f67a6c6013ca 2845 x509->subjKeyIdSz = 0;
wolfSSL 13:f67a6c6013ca 2846 x509->keyUsageSet = 0;
wolfSSL 13:f67a6c6013ca 2847 x509->keyUsageCrit = 0;
wolfSSL 13:f67a6c6013ca 2848 x509->keyUsage = 0;
wolfSSL 13:f67a6c6013ca 2849 #ifdef WOLFSSL_SEP
wolfSSL 13:f67a6c6013ca 2850 x509->certPolicySet = 0;
wolfSSL 13:f67a6c6013ca 2851 x509->certPolicyCrit = 0;
wolfSSL 13:f67a6c6013ca 2852 #endif /* WOLFSSL_SEP */
wolfSSL 13:f67a6c6013ca 2853 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 2854 }
wolfSSL 13:f67a6c6013ca 2855
wolfSSL 13:f67a6c6013ca 2856
wolfSSL 13:f67a6c6013ca 2857 /* Free wolfSSL X509 type */
wolfSSL 13:f67a6c6013ca 2858 void FreeX509(WOLFSSL_X509* x509)
wolfSSL 13:f67a6c6013ca 2859 {
wolfSSL 13:f67a6c6013ca 2860 if (x509 == NULL)
wolfSSL 13:f67a6c6013ca 2861 return;
wolfSSL 13:f67a6c6013ca 2862
wolfSSL 13:f67a6c6013ca 2863 FreeX509Name(&x509->issuer, x509->heap);
wolfSSL 13:f67a6c6013ca 2864 FreeX509Name(&x509->subject, x509->heap);
wolfSSL 13:f67a6c6013ca 2865 if (x509->pubKey.buffer)
wolfSSL 13:f67a6c6013ca 2866 XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 2867 FreeDer(&x509->derCert);
wolfSSL 13:f67a6c6013ca 2868 XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 2869 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 2870 XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 2871 XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 2872 if (x509->authInfo != NULL) {
wolfSSL 13:f67a6c6013ca 2873 XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 2874 }
wolfSSL 13:f67a6c6013ca 2875 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 13:f67a6c6013ca 2876 XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 2877 }
wolfSSL 13:f67a6c6013ca 2878 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 2879 if (x509->altNames)
wolfSSL 13:f67a6c6013ca 2880 FreeAltNames(x509->altNames, NULL);
wolfSSL 13:f67a6c6013ca 2881 }
wolfSSL 13:f67a6c6013ca 2882
wolfSSL 13:f67a6c6013ca 2883 #endif /* !NO_DH || HAVE_ECC */
wolfSSL 13:f67a6c6013ca 2884
wolfSSL 13:f67a6c6013ca 2885 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 2886 /* Encode the signature algorithm into buffer.
wolfSSL 13:f67a6c6013ca 2887 *
wolfSSL 13:f67a6c6013ca 2888 * hashalgo The hash algorithm.
wolfSSL 13:f67a6c6013ca 2889 * hsType The signature type.
wolfSSL 13:f67a6c6013ca 2890 * output The buffer to encode into.
wolfSSL 13:f67a6c6013ca 2891 */
wolfSSL 13:f67a6c6013ca 2892 static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
wolfSSL 13:f67a6c6013ca 2893 {
wolfSSL 13:f67a6c6013ca 2894 switch (hsType) {
wolfSSL 13:f67a6c6013ca 2895 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 2896 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 2897 output[0] = hashAlgo;
wolfSSL 13:f67a6c6013ca 2898 output[1] = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 2899 break;
wolfSSL 13:f67a6c6013ca 2900 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 2901 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 2902 output[0] = ED25519_SA_MAJOR;
wolfSSL 13:f67a6c6013ca 2903 output[1] = ED25519_SA_MINOR;
wolfSSL 13:f67a6c6013ca 2904 break;
wolfSSL 13:f67a6c6013ca 2905 #endif
wolfSSL 13:f67a6c6013ca 2906 #endif
wolfSSL 13:f67a6c6013ca 2907 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 2908 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 2909 output[0] = hashAlgo;
wolfSSL 13:f67a6c6013ca 2910 output[1] = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 2911 break;
wolfSSL 13:f67a6c6013ca 2912 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 2913 /* PSS signatures: 0x080[4-6] */
wolfSSL 13:f67a6c6013ca 2914 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 2915 output[0] = rsa_pss_sa_algo;
wolfSSL 13:f67a6c6013ca 2916 output[1] = hashAlgo;
wolfSSL 13:f67a6c6013ca 2917 break;
wolfSSL 13:f67a6c6013ca 2918 #endif
wolfSSL 13:f67a6c6013ca 2919 #endif
wolfSSL 13:f67a6c6013ca 2920 /* ED448: 0x0808 */
wolfSSL 13:f67a6c6013ca 2921 }
wolfSSL 13:f67a6c6013ca 2922 }
wolfSSL 13:f67a6c6013ca 2923 static void SetDigest(WOLFSSL* ssl, int hashAlgo)
wolfSSL 13:f67a6c6013ca 2924 {
wolfSSL 13:f67a6c6013ca 2925 switch (hashAlgo) {
wolfSSL 13:f67a6c6013ca 2926 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 2927 case sha_mac:
wolfSSL 13:f67a6c6013ca 2928 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 13:f67a6c6013ca 2929 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 2930 break;
wolfSSL 13:f67a6c6013ca 2931 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 2932 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 2933 case sha256_mac:
wolfSSL 13:f67a6c6013ca 2934 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 13:f67a6c6013ca 2935 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 2936 break;
wolfSSL 13:f67a6c6013ca 2937 #endif /* !NO_SHA256 */
wolfSSL 13:f67a6c6013ca 2938 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 2939 case sha384_mac:
wolfSSL 13:f67a6c6013ca 2940 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 13:f67a6c6013ca 2941 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 2942 break;
wolfSSL 13:f67a6c6013ca 2943 #endif /* WOLFSSL_SHA384 */
wolfSSL 13:f67a6c6013ca 2944 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 2945 case sha512_mac:
wolfSSL 13:f67a6c6013ca 2946 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 13:f67a6c6013ca 2947 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 2948 break;
wolfSSL 13:f67a6c6013ca 2949 #endif /* WOLFSSL_SHA512 */
wolfSSL 13:f67a6c6013ca 2950 } /* switch */
wolfSSL 13:f67a6c6013ca 2951 }
wolfSSL 13:f67a6c6013ca 2952 #endif
wolfSSL 13:f67a6c6013ca 2953
wolfSSL 13:f67a6c6013ca 2954 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 2955 static int TypeHash(int hashAlgo)
wolfSSL 13:f67a6c6013ca 2956 {
wolfSSL 13:f67a6c6013ca 2957 switch (hashAlgo) {
wolfSSL 13:f67a6c6013ca 2958 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 2959 case sha512_mac:
wolfSSL 13:f67a6c6013ca 2960 return SHA512h;
wolfSSL 13:f67a6c6013ca 2961 #endif
wolfSSL 13:f67a6c6013ca 2962 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 2963 case sha384_mac:
wolfSSL 13:f67a6c6013ca 2964 return SHA384h;
wolfSSL 13:f67a6c6013ca 2965 #endif
wolfSSL 13:f67a6c6013ca 2966 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 2967 case sha256_mac:
wolfSSL 13:f67a6c6013ca 2968 return SHA256h;
wolfSSL 13:f67a6c6013ca 2969 #endif
wolfSSL 13:f67a6c6013ca 2970 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 2971 case sha_mac:
wolfSSL 13:f67a6c6013ca 2972 return SHAh;
wolfSSL 13:f67a6c6013ca 2973 #endif
wolfSSL 13:f67a6c6013ca 2974 }
wolfSSL 13:f67a6c6013ca 2975
wolfSSL 13:f67a6c6013ca 2976 return 0;
wolfSSL 13:f67a6c6013ca 2977 }
wolfSSL 13:f67a6c6013ca 2978
wolfSSL 13:f67a6c6013ca 2979 #if defined(WC_RSA_PSS)
wolfSSL 13:f67a6c6013ca 2980 int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf)
wolfSSL 13:f67a6c6013ca 2981 {
wolfSSL 13:f67a6c6013ca 2982 switch (hashAlgo) {
wolfSSL 13:f67a6c6013ca 2983 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 2984 case sha512_mac:
wolfSSL 13:f67a6c6013ca 2985 *hashType = WC_HASH_TYPE_SHA512;
wolfSSL 13:f67a6c6013ca 2986 if (mgf != NULL)
wolfSSL 13:f67a6c6013ca 2987 *mgf = WC_MGF1SHA512;
wolfSSL 13:f67a6c6013ca 2988 break;
wolfSSL 13:f67a6c6013ca 2989 #endif
wolfSSL 13:f67a6c6013ca 2990 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 2991 case sha384_mac:
wolfSSL 13:f67a6c6013ca 2992 *hashType = WC_HASH_TYPE_SHA384;
wolfSSL 13:f67a6c6013ca 2993 if (mgf != NULL)
wolfSSL 13:f67a6c6013ca 2994 *mgf = WC_MGF1SHA384;
wolfSSL 13:f67a6c6013ca 2995 break;
wolfSSL 13:f67a6c6013ca 2996 #endif
wolfSSL 13:f67a6c6013ca 2997 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 2998 case sha256_mac:
wolfSSL 13:f67a6c6013ca 2999 *hashType = WC_HASH_TYPE_SHA256;
wolfSSL 13:f67a6c6013ca 3000 if (mgf != NULL)
wolfSSL 13:f67a6c6013ca 3001 *mgf = WC_MGF1SHA256;
wolfSSL 13:f67a6c6013ca 3002 break;
wolfSSL 13:f67a6c6013ca 3003 #endif
wolfSSL 13:f67a6c6013ca 3004 default:
wolfSSL 13:f67a6c6013ca 3005 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3006 }
wolfSSL 13:f67a6c6013ca 3007
wolfSSL 13:f67a6c6013ca 3008 return 0;
wolfSSL 13:f67a6c6013ca 3009 }
wolfSSL 13:f67a6c6013ca 3010 #endif
wolfSSL 13:f67a6c6013ca 3011
wolfSSL 13:f67a6c6013ca 3012 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 13:f67a6c6013ca 3013 word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL 13:f67a6c6013ca 3014 const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 13:f67a6c6013ca 3015 {
wolfSSL 13:f67a6c6013ca 3016 int ret;
wolfSSL 13:f67a6c6013ca 3017
wolfSSL 13:f67a6c6013ca 3018 (void)ssl;
wolfSSL 13:f67a6c6013ca 3019 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3020 (void)keySz;
wolfSSL 13:f67a6c6013ca 3021 (void)ctx;
wolfSSL 13:f67a6c6013ca 3022 (void)sigAlgo;
wolfSSL 13:f67a6c6013ca 3023 (void)hashAlgo;
wolfSSL 13:f67a6c6013ca 3024
wolfSSL 13:f67a6c6013ca 3025 WOLFSSL_ENTER("RsaSign");
wolfSSL 13:f67a6c6013ca 3026
wolfSSL 13:f67a6c6013ca 3027 #if defined(WC_RSA_PSS)
wolfSSL 13:f67a6c6013ca 3028 if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL 13:f67a6c6013ca 3029 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 13:f67a6c6013ca 3030 int mgf = 0;
wolfSSL 13:f67a6c6013ca 3031
wolfSSL 13:f67a6c6013ca 3032 ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL 13:f67a6c6013ca 3033 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3034 return ret;
wolfSSL 13:f67a6c6013ca 3035
wolfSSL 13:f67a6c6013ca 3036 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 3037 if (ssl->ctx->RsaPssSignCb) {
wolfSSL 13:f67a6c6013ca 3038 ret = ssl->ctx->RsaPssSignCb(ssl, in, inSz, out, outSz,
wolfSSL 13:f67a6c6013ca 3039 TypeHash(hashAlgo), mgf,
wolfSSL 13:f67a6c6013ca 3040 keyBuf, keySz, ctx);
wolfSSL 13:f67a6c6013ca 3041 }
wolfSSL 13:f67a6c6013ca 3042 else
wolfSSL 13:f67a6c6013ca 3043 #endif
wolfSSL 13:f67a6c6013ca 3044 {
wolfSSL 13:f67a6c6013ca 3045 ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, key,
wolfSSL 13:f67a6c6013ca 3046 ssl->rng);
wolfSSL 13:f67a6c6013ca 3047 }
wolfSSL 13:f67a6c6013ca 3048 }
wolfSSL 13:f67a6c6013ca 3049 else
wolfSSL 13:f67a6c6013ca 3050 #endif
wolfSSL 13:f67a6c6013ca 3051 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 3052 if (ssl->ctx->RsaSignCb) {
wolfSSL 13:f67a6c6013ca 3053 ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 13:f67a6c6013ca 3054 ctx);
wolfSSL 13:f67a6c6013ca 3055 }
wolfSSL 13:f67a6c6013ca 3056 else
wolfSSL 13:f67a6c6013ca 3057 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3058 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 13:f67a6c6013ca 3059
wolfSSL 13:f67a6c6013ca 3060 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3061 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3062 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3063 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3064 }
wolfSSL 13:f67a6c6013ca 3065 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3066
wolfSSL 13:f67a6c6013ca 3067 /* For positive response return in outSz */
wolfSSL 13:f67a6c6013ca 3068 if (ret > 0) {
wolfSSL 13:f67a6c6013ca 3069 *outSz = ret;
wolfSSL 13:f67a6c6013ca 3070 ret = 0;
wolfSSL 13:f67a6c6013ca 3071 }
wolfSSL 13:f67a6c6013ca 3072
wolfSSL 13:f67a6c6013ca 3073 WOLFSSL_LEAVE("RsaSign", ret);
wolfSSL 13:f67a6c6013ca 3074
wolfSSL 13:f67a6c6013ca 3075 return ret;
wolfSSL 13:f67a6c6013ca 3076 }
wolfSSL 13:f67a6c6013ca 3077
wolfSSL 13:f67a6c6013ca 3078 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
wolfSSL 13:f67a6c6013ca 3079 int hashAlgo, RsaKey* key, const byte* keyBuf, word32 keySz,
wolfSSL 13:f67a6c6013ca 3080 void* ctx)
wolfSSL 13:f67a6c6013ca 3081 {
wolfSSL 13:f67a6c6013ca 3082 int ret;
wolfSSL 13:f67a6c6013ca 3083
wolfSSL 13:f67a6c6013ca 3084 (void)ssl;
wolfSSL 13:f67a6c6013ca 3085 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3086 (void)keySz;
wolfSSL 13:f67a6c6013ca 3087 (void)ctx;
wolfSSL 13:f67a6c6013ca 3088 (void)sigAlgo;
wolfSSL 13:f67a6c6013ca 3089 (void)hashAlgo;
wolfSSL 13:f67a6c6013ca 3090
wolfSSL 13:f67a6c6013ca 3091 WOLFSSL_ENTER("RsaVerify");
wolfSSL 13:f67a6c6013ca 3092
wolfSSL 13:f67a6c6013ca 3093 #if defined(WC_RSA_PSS)
wolfSSL 13:f67a6c6013ca 3094 if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL 13:f67a6c6013ca 3095 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 13:f67a6c6013ca 3096 int mgf = 0;
wolfSSL 13:f67a6c6013ca 3097
wolfSSL 13:f67a6c6013ca 3098 ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL 13:f67a6c6013ca 3099 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3100 return ret;
wolfSSL 13:f67a6c6013ca 3101 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3102 if (ssl->ctx->RsaPssVerifyCb) {
wolfSSL 13:f67a6c6013ca 3103 ret = ssl->ctx->RsaPssVerifyCb(ssl, in, inSz, out,
wolfSSL 13:f67a6c6013ca 3104 TypeHash(hashAlgo), mgf,
wolfSSL 13:f67a6c6013ca 3105 keyBuf, keySz, ctx);
wolfSSL 13:f67a6c6013ca 3106 }
wolfSSL 13:f67a6c6013ca 3107 else
wolfSSL 13:f67a6c6013ca 3108 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3109 ret = wc_RsaPSS_VerifyInline(in, inSz, out, hashType, mgf, key);
wolfSSL 13:f67a6c6013ca 3110 }
wolfSSL 13:f67a6c6013ca 3111 else
wolfSSL 13:f67a6c6013ca 3112 #endif
wolfSSL 13:f67a6c6013ca 3113 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3114 if (ssl->ctx->RsaVerifyCb) {
wolfSSL 13:f67a6c6013ca 3115 ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
wolfSSL 13:f67a6c6013ca 3116 }
wolfSSL 13:f67a6c6013ca 3117 else
wolfSSL 13:f67a6c6013ca 3118 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3119 {
wolfSSL 13:f67a6c6013ca 3120 ret = wc_RsaSSL_VerifyInline(in, inSz, out, key);
wolfSSL 13:f67a6c6013ca 3121 }
wolfSSL 13:f67a6c6013ca 3122
wolfSSL 13:f67a6c6013ca 3123 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3124 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3125 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3126 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3127 }
wolfSSL 13:f67a6c6013ca 3128 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3129
wolfSSL 13:f67a6c6013ca 3130 WOLFSSL_LEAVE("RsaVerify", ret);
wolfSSL 13:f67a6c6013ca 3131
wolfSSL 13:f67a6c6013ca 3132 return ret;
wolfSSL 13:f67a6c6013ca 3133 }
wolfSSL 13:f67a6c6013ca 3134
wolfSSL 13:f67a6c6013ca 3135 /* Verify RSA signature, 0 on success */
wolfSSL 13:f67a6c6013ca 3136 int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
wolfSSL 13:f67a6c6013ca 3137 const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key)
wolfSSL 13:f67a6c6013ca 3138 {
wolfSSL 13:f67a6c6013ca 3139 byte* out = NULL; /* inline result */
wolfSSL 13:f67a6c6013ca 3140 int ret;
wolfSSL 13:f67a6c6013ca 3141
wolfSSL 13:f67a6c6013ca 3142 (void)ssl;
wolfSSL 13:f67a6c6013ca 3143 (void)sigAlgo;
wolfSSL 13:f67a6c6013ca 3144 (void)hashAlgo;
wolfSSL 13:f67a6c6013ca 3145
wolfSSL 13:f67a6c6013ca 3146 WOLFSSL_ENTER("VerifyRsaSign");
wolfSSL 13:f67a6c6013ca 3147
wolfSSL 13:f67a6c6013ca 3148 if (verifySig == NULL || plain == NULL || key == NULL) {
wolfSSL 13:f67a6c6013ca 3149 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3150 }
wolfSSL 13:f67a6c6013ca 3151
wolfSSL 13:f67a6c6013ca 3152 if (sigSz > ENCRYPT_LEN) {
wolfSSL 13:f67a6c6013ca 3153 WOLFSSL_MSG("Signature buffer too big");
wolfSSL 13:f67a6c6013ca 3154 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 3155 }
wolfSSL 13:f67a6c6013ca 3156
wolfSSL 13:f67a6c6013ca 3157 #if defined(WC_RSA_PSS)
wolfSSL 13:f67a6c6013ca 3158 if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL 13:f67a6c6013ca 3159 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 13:f67a6c6013ca 3160 int mgf = 0;
wolfSSL 13:f67a6c6013ca 3161
wolfSSL 13:f67a6c6013ca 3162 ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL 13:f67a6c6013ca 3163 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3164 return ret;
wolfSSL 13:f67a6c6013ca 3165 ret = wc_RsaPSS_VerifyInline(verifySig, sigSz, &out, hashType, mgf,
wolfSSL 13:f67a6c6013ca 3166 key);
wolfSSL 13:f67a6c6013ca 3167 if (ret > 0) {
wolfSSL 13:f67a6c6013ca 3168 ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType);
wolfSSL 13:f67a6c6013ca 3169 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3170 ret = VERIFY_CERT_ERROR;
wolfSSL 13:f67a6c6013ca 3171 }
wolfSSL 13:f67a6c6013ca 3172 }
wolfSSL 13:f67a6c6013ca 3173 else
wolfSSL 13:f67a6c6013ca 3174 #endif
wolfSSL 13:f67a6c6013ca 3175 {
wolfSSL 13:f67a6c6013ca 3176 ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
wolfSSL 13:f67a6c6013ca 3177 if (ret > 0) {
wolfSSL 13:f67a6c6013ca 3178 if (ret != (int)plainSz || !out ||
wolfSSL 13:f67a6c6013ca 3179 XMEMCMP(plain, out, plainSz) != 0) {
wolfSSL 13:f67a6c6013ca 3180 WOLFSSL_MSG("RSA Signature verification failed");
wolfSSL 13:f67a6c6013ca 3181 ret = RSA_SIGN_FAULT;
wolfSSL 13:f67a6c6013ca 3182 } else {
wolfSSL 13:f67a6c6013ca 3183 ret = 0; /* RSA reset */
wolfSSL 13:f67a6c6013ca 3184 }
wolfSSL 13:f67a6c6013ca 3185 }
wolfSSL 13:f67a6c6013ca 3186 }
wolfSSL 13:f67a6c6013ca 3187
wolfSSL 13:f67a6c6013ca 3188 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3189 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3190 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3191 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3192 }
wolfSSL 13:f67a6c6013ca 3193 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3194
wolfSSL 13:f67a6c6013ca 3195 WOLFSSL_LEAVE("VerifyRsaSign", ret);
wolfSSL 13:f67a6c6013ca 3196
wolfSSL 13:f67a6c6013ca 3197 return ret;
wolfSSL 13:f67a6c6013ca 3198 }
wolfSSL 13:f67a6c6013ca 3199
wolfSSL 13:f67a6c6013ca 3200 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
wolfSSL 13:f67a6c6013ca 3201 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 13:f67a6c6013ca 3202 {
wolfSSL 13:f67a6c6013ca 3203 int ret;
wolfSSL 13:f67a6c6013ca 3204
wolfSSL 13:f67a6c6013ca 3205 (void)ssl;
wolfSSL 13:f67a6c6013ca 3206 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3207 (void)keySz;
wolfSSL 13:f67a6c6013ca 3208 (void)ctx;
wolfSSL 13:f67a6c6013ca 3209
wolfSSL 13:f67a6c6013ca 3210 WOLFSSL_ENTER("RsaDec");
wolfSSL 13:f67a6c6013ca 3211
wolfSSL 13:f67a6c6013ca 3212 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3213 if (ssl->ctx->RsaDecCb) {
wolfSSL 13:f67a6c6013ca 3214 ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz,
wolfSSL 13:f67a6c6013ca 3215 ctx);
wolfSSL 13:f67a6c6013ca 3216 }
wolfSSL 13:f67a6c6013ca 3217 else
wolfSSL 13:f67a6c6013ca 3218 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3219 {
wolfSSL 13:f67a6c6013ca 3220 #ifdef WC_RSA_BLINDING
wolfSSL 13:f67a6c6013ca 3221 ret = wc_RsaSetRNG(key, ssl->rng);
wolfSSL 13:f67a6c6013ca 3222 if (ret != 0)
wolfSSL 13:f67a6c6013ca 3223 return ret;
wolfSSL 13:f67a6c6013ca 3224 #endif
wolfSSL 13:f67a6c6013ca 3225 ret = wc_RsaPrivateDecryptInline(in, inSz, out, key);
wolfSSL 13:f67a6c6013ca 3226 }
wolfSSL 13:f67a6c6013ca 3227
wolfSSL 13:f67a6c6013ca 3228 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3229 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3230 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3231 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3232 }
wolfSSL 13:f67a6c6013ca 3233 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3234
wolfSSL 13:f67a6c6013ca 3235 /* For positive response return in outSz */
wolfSSL 13:f67a6c6013ca 3236 if (ret > 0) {
wolfSSL 13:f67a6c6013ca 3237 *outSz = ret;
wolfSSL 13:f67a6c6013ca 3238 ret = 0;
wolfSSL 13:f67a6c6013ca 3239 }
wolfSSL 13:f67a6c6013ca 3240
wolfSSL 13:f67a6c6013ca 3241 WOLFSSL_LEAVE("RsaDec", ret);
wolfSSL 13:f67a6c6013ca 3242
wolfSSL 13:f67a6c6013ca 3243 return ret;
wolfSSL 13:f67a6c6013ca 3244 }
wolfSSL 13:f67a6c6013ca 3245
wolfSSL 13:f67a6c6013ca 3246 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
wolfSSL 13:f67a6c6013ca 3247 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 13:f67a6c6013ca 3248 {
wolfSSL 13:f67a6c6013ca 3249 int ret;
wolfSSL 13:f67a6c6013ca 3250
wolfSSL 13:f67a6c6013ca 3251 (void)ssl;
wolfSSL 13:f67a6c6013ca 3252 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3253 (void)keySz;
wolfSSL 13:f67a6c6013ca 3254 (void)ctx;
wolfSSL 13:f67a6c6013ca 3255
wolfSSL 13:f67a6c6013ca 3256 WOLFSSL_ENTER("RsaEnc");
wolfSSL 13:f67a6c6013ca 3257
wolfSSL 13:f67a6c6013ca 3258 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3259 if (ssl->ctx->RsaEncCb) {
wolfSSL 13:f67a6c6013ca 3260 ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 13:f67a6c6013ca 3261 ctx);
wolfSSL 13:f67a6c6013ca 3262 }
wolfSSL 13:f67a6c6013ca 3263 else
wolfSSL 13:f67a6c6013ca 3264 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3265 {
wolfSSL 13:f67a6c6013ca 3266 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 13:f67a6c6013ca 3267 }
wolfSSL 13:f67a6c6013ca 3268
wolfSSL 13:f67a6c6013ca 3269 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3270 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3271 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3272 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3273 }
wolfSSL 13:f67a6c6013ca 3274 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3275
wolfSSL 13:f67a6c6013ca 3276 /* For positive response return in outSz */
wolfSSL 13:f67a6c6013ca 3277 if (ret > 0) {
wolfSSL 13:f67a6c6013ca 3278 *outSz = ret;
wolfSSL 13:f67a6c6013ca 3279 ret = 0;
wolfSSL 13:f67a6c6013ca 3280 }
wolfSSL 13:f67a6c6013ca 3281
wolfSSL 13:f67a6c6013ca 3282 WOLFSSL_LEAVE("RsaEnc", ret);
wolfSSL 13:f67a6c6013ca 3283
wolfSSL 13:f67a6c6013ca 3284 return ret;
wolfSSL 13:f67a6c6013ca 3285 }
wolfSSL 13:f67a6c6013ca 3286
wolfSSL 13:f67a6c6013ca 3287 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 3288
wolfSSL 13:f67a6c6013ca 3289 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3290
wolfSSL 13:f67a6c6013ca 3291 int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 13:f67a6c6013ca 3292 word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 13:f67a6c6013ca 3293 {
wolfSSL 13:f67a6c6013ca 3294 int ret;
wolfSSL 13:f67a6c6013ca 3295
wolfSSL 13:f67a6c6013ca 3296 (void)ssl;
wolfSSL 13:f67a6c6013ca 3297 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3298 (void)keySz;
wolfSSL 13:f67a6c6013ca 3299 (void)ctx;
wolfSSL 13:f67a6c6013ca 3300
wolfSSL 13:f67a6c6013ca 3301 WOLFSSL_ENTER("EccSign");
wolfSSL 13:f67a6c6013ca 3302
wolfSSL 13:f67a6c6013ca 3303 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 3304 if (ssl->ctx->EccSignCb) {
wolfSSL 13:f67a6c6013ca 3305 ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL 13:f67a6c6013ca 3306 keySz, ctx);
wolfSSL 13:f67a6c6013ca 3307 }
wolfSSL 13:f67a6c6013ca 3308 else
wolfSSL 13:f67a6c6013ca 3309 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3310 {
wolfSSL 13:f67a6c6013ca 3311 ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key);
wolfSSL 13:f67a6c6013ca 3312 }
wolfSSL 13:f67a6c6013ca 3313
wolfSSL 13:f67a6c6013ca 3314 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3315 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3316 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3317 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3318 }
wolfSSL 13:f67a6c6013ca 3319 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3320
wolfSSL 13:f67a6c6013ca 3321 WOLFSSL_LEAVE("EccSign", ret);
wolfSSL 13:f67a6c6013ca 3322
wolfSSL 13:f67a6c6013ca 3323 return ret;
wolfSSL 13:f67a6c6013ca 3324 }
wolfSSL 13:f67a6c6013ca 3325
wolfSSL 13:f67a6c6013ca 3326 int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
wolfSSL 13:f67a6c6013ca 3327 word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL 13:f67a6c6013ca 3328 void* ctx)
wolfSSL 13:f67a6c6013ca 3329 {
wolfSSL 13:f67a6c6013ca 3330 int ret;
wolfSSL 13:f67a6c6013ca 3331
wolfSSL 13:f67a6c6013ca 3332 (void)ssl;
wolfSSL 13:f67a6c6013ca 3333 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3334 (void)keySz;
wolfSSL 13:f67a6c6013ca 3335 (void)ctx;
wolfSSL 13:f67a6c6013ca 3336
wolfSSL 13:f67a6c6013ca 3337 WOLFSSL_ENTER("EccVerify");
wolfSSL 13:f67a6c6013ca 3338
wolfSSL 13:f67a6c6013ca 3339 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3340 if (ssl->ctx->EccVerifyCb) {
wolfSSL 13:f67a6c6013ca 3341 ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 13:f67a6c6013ca 3342 &ssl->eccVerifyRes, ctx);
wolfSSL 13:f67a6c6013ca 3343 }
wolfSSL 13:f67a6c6013ca 3344 else
wolfSSL 13:f67a6c6013ca 3345 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3346 {
wolfSSL 13:f67a6c6013ca 3347 ret = wc_ecc_verify_hash(in, inSz, out, outSz, &ssl->eccVerifyRes, key);
wolfSSL 13:f67a6c6013ca 3348 }
wolfSSL 13:f67a6c6013ca 3349
wolfSSL 13:f67a6c6013ca 3350 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3351 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3352 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3353 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3354 }
wolfSSL 13:f67a6c6013ca 3355 else
wolfSSL 13:f67a6c6013ca 3356 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3357 {
wolfSSL 13:f67a6c6013ca 3358 ret = (ret != 0 || ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL 13:f67a6c6013ca 3359 }
wolfSSL 13:f67a6c6013ca 3360
wolfSSL 13:f67a6c6013ca 3361 WOLFSSL_LEAVE("EccVerify", ret);
wolfSSL 13:f67a6c6013ca 3362
wolfSSL 13:f67a6c6013ca 3363 return ret;
wolfSSL 13:f67a6c6013ca 3364 }
wolfSSL 13:f67a6c6013ca 3365
wolfSSL 13:f67a6c6013ca 3366 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3367 /* Gets ECC key for shared secret callback testing
wolfSSL 13:f67a6c6013ca 3368 * Client side: returns peer key
wolfSSL 13:f67a6c6013ca 3369 * Server side: returns private key
wolfSSL 13:f67a6c6013ca 3370 */
wolfSSL 13:f67a6c6013ca 3371 static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
wolfSSL 13:f67a6c6013ca 3372 {
wolfSSL 13:f67a6c6013ca 3373 int ret = NO_PEER_KEY;
wolfSSL 13:f67a6c6013ca 3374 ecc_key* tmpKey = NULL;
wolfSSL 13:f67a6c6013ca 3375
wolfSSL 13:f67a6c6013ca 3376 if (ssl == NULL || otherKey == NULL) {
wolfSSL 13:f67a6c6013ca 3377 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3378 }
wolfSSL 13:f67a6c6013ca 3379
wolfSSL 13:f67a6c6013ca 3380 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 3381 if (ssl->specs.static_ecdh) {
wolfSSL 13:f67a6c6013ca 3382 if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent ||
wolfSSL 13:f67a6c6013ca 3383 !ssl->peerEccDsaKey->dp) {
wolfSSL 13:f67a6c6013ca 3384 return NO_PEER_KEY;
wolfSSL 13:f67a6c6013ca 3385 }
wolfSSL 13:f67a6c6013ca 3386 tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
wolfSSL 13:f67a6c6013ca 3387 }
wolfSSL 13:f67a6c6013ca 3388 else {
wolfSSL 13:f67a6c6013ca 3389 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 13:f67a6c6013ca 3390 !ssl->peerEccKey->dp) {
wolfSSL 13:f67a6c6013ca 3391 return NO_PEER_KEY;
wolfSSL 13:f67a6c6013ca 3392 }
wolfSSL 13:f67a6c6013ca 3393 tmpKey = (struct ecc_key*)ssl->peerEccKey;
wolfSSL 13:f67a6c6013ca 3394 }
wolfSSL 13:f67a6c6013ca 3395 }
wolfSSL 13:f67a6c6013ca 3396 else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 3397 if (ssl->specs.static_ecdh) {
wolfSSL 13:f67a6c6013ca 3398 if (ssl->hsKey == NULL) {
wolfSSL 13:f67a6c6013ca 3399 return NO_PRIVATE_KEY;
wolfSSL 13:f67a6c6013ca 3400 }
wolfSSL 13:f67a6c6013ca 3401 tmpKey = (struct ecc_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 3402 }
wolfSSL 13:f67a6c6013ca 3403 else {
wolfSSL 13:f67a6c6013ca 3404 if (!ssl->eccTempKeyPresent) {
wolfSSL 13:f67a6c6013ca 3405 return NO_PRIVATE_KEY;
wolfSSL 13:f67a6c6013ca 3406 }
wolfSSL 13:f67a6c6013ca 3407 tmpKey = (struct ecc_key*)ssl->eccTempKey;
wolfSSL 13:f67a6c6013ca 3408 }
wolfSSL 13:f67a6c6013ca 3409 }
wolfSSL 13:f67a6c6013ca 3410
wolfSSL 13:f67a6c6013ca 3411 if (tmpKey) {
wolfSSL 13:f67a6c6013ca 3412 *otherKey = tmpKey;
wolfSSL 13:f67a6c6013ca 3413 ret = 0;
wolfSSL 13:f67a6c6013ca 3414 }
wolfSSL 13:f67a6c6013ca 3415
wolfSSL 13:f67a6c6013ca 3416 return ret;
wolfSSL 13:f67a6c6013ca 3417 }
wolfSSL 13:f67a6c6013ca 3418 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3419
wolfSSL 13:f67a6c6013ca 3420 int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
wolfSSL 13:f67a6c6013ca 3421 byte* pubKeyDer, word32* pubKeySz, byte* out, word32* outlen,
wolfSSL 13:f67a6c6013ca 3422 int side, void* ctx)
wolfSSL 13:f67a6c6013ca 3423 {
wolfSSL 13:f67a6c6013ca 3424 int ret;
wolfSSL 13:f67a6c6013ca 3425 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 3426 WC_ASYNC_DEV* asyncDev;
wolfSSL 13:f67a6c6013ca 3427 #endif
wolfSSL 13:f67a6c6013ca 3428 (void)ssl;
wolfSSL 13:f67a6c6013ca 3429 (void)pubKeyDer;
wolfSSL 13:f67a6c6013ca 3430 (void)pubKeySz;
wolfSSL 13:f67a6c6013ca 3431 (void)side;
wolfSSL 13:f67a6c6013ca 3432 (void)ctx;
wolfSSL 13:f67a6c6013ca 3433
wolfSSL 13:f67a6c6013ca 3434 WOLFSSL_ENTER("EccSharedSecret");
wolfSSL 13:f67a6c6013ca 3435
wolfSSL 13:f67a6c6013ca 3436 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3437 if (ssl->ctx->EccSharedSecretCb) {
wolfSSL 13:f67a6c6013ca 3438 ecc_key* otherKey = NULL;
wolfSSL 13:f67a6c6013ca 3439
wolfSSL 13:f67a6c6013ca 3440 ret = EccGetKey(ssl, &otherKey);
wolfSSL 13:f67a6c6013ca 3441 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 3442 ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL 13:f67a6c6013ca 3443 pubKeySz, out, outlen, side, ctx);
wolfSSL 13:f67a6c6013ca 3444 }
wolfSSL 13:f67a6c6013ca 3445 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 3446 asyncDev = &otherKey->asyncDev;
wolfSSL 13:f67a6c6013ca 3447 #endif
wolfSSL 13:f67a6c6013ca 3448 }
wolfSSL 13:f67a6c6013ca 3449 else
wolfSSL 13:f67a6c6013ca 3450 #endif
wolfSSL 13:f67a6c6013ca 3451 {
wolfSSL 13:f67a6c6013ca 3452 ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
wolfSSL 13:f67a6c6013ca 3453 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 3454 asyncDev = &priv_key->asyncDev;
wolfSSL 13:f67a6c6013ca 3455 #endif
wolfSSL 13:f67a6c6013ca 3456 }
wolfSSL 13:f67a6c6013ca 3457
wolfSSL 13:f67a6c6013ca 3458 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3459 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3460 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3461 ret = wolfSSL_AsyncPush(ssl, asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3462 }
wolfSSL 13:f67a6c6013ca 3463 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3464
wolfSSL 13:f67a6c6013ca 3465 WOLFSSL_LEAVE("EccSharedSecret", ret);
wolfSSL 13:f67a6c6013ca 3466
wolfSSL 13:f67a6c6013ca 3467 return ret;
wolfSSL 13:f67a6c6013ca 3468 }
wolfSSL 13:f67a6c6013ca 3469
wolfSSL 13:f67a6c6013ca 3470 int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
wolfSSL 13:f67a6c6013ca 3471 {
wolfSSL 13:f67a6c6013ca 3472 int ret = 0;
wolfSSL 13:f67a6c6013ca 3473 int keySz = 0;
wolfSSL 13:f67a6c6013ca 3474
wolfSSL 13:f67a6c6013ca 3475 WOLFSSL_ENTER("EccMakeKey");
wolfSSL 13:f67a6c6013ca 3476
wolfSSL 13:f67a6c6013ca 3477 if (peer == NULL) {
wolfSSL 13:f67a6c6013ca 3478 keySz = ssl->eccTempKeySz;
wolfSSL 13:f67a6c6013ca 3479 }
wolfSSL 13:f67a6c6013ca 3480 else {
wolfSSL 13:f67a6c6013ca 3481 keySz = peer->dp->size;
wolfSSL 13:f67a6c6013ca 3482 }
wolfSSL 13:f67a6c6013ca 3483
wolfSSL 13:f67a6c6013ca 3484 if (ssl->ecdhCurveOID > 0) {
wolfSSL 13:f67a6c6013ca 3485 ret = wc_ecc_make_key_ex(ssl->rng, keySz, key,
wolfSSL 13:f67a6c6013ca 3486 wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL));
wolfSSL 13:f67a6c6013ca 3487 }
wolfSSL 13:f67a6c6013ca 3488 else {
wolfSSL 13:f67a6c6013ca 3489 ret = wc_ecc_make_key(ssl->rng, keySz, key);
wolfSSL 13:f67a6c6013ca 3490 if (ret == 0)
wolfSSL 13:f67a6c6013ca 3491 ssl->ecdhCurveOID = key->dp->oidSum;
wolfSSL 13:f67a6c6013ca 3492 }
wolfSSL 13:f67a6c6013ca 3493
wolfSSL 13:f67a6c6013ca 3494 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3495 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3496 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3497 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 3498 }
wolfSSL 13:f67a6c6013ca 3499 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3500
wolfSSL 13:f67a6c6013ca 3501 WOLFSSL_LEAVE("EccMakeKey", ret);
wolfSSL 13:f67a6c6013ca 3502
wolfSSL 13:f67a6c6013ca 3503 return ret;
wolfSSL 13:f67a6c6013ca 3504 }
wolfSSL 13:f67a6c6013ca 3505 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 3506
wolfSSL 13:f67a6c6013ca 3507 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 3508 /* Sign the data using EdDSA and key using X25519.
wolfSSL 13:f67a6c6013ca 3509 *
wolfSSL 13:f67a6c6013ca 3510 * ssl SSL object.
wolfSSL 13:f67a6c6013ca 3511 * in Data or message to sign.
wolfSSL 13:f67a6c6013ca 3512 * inSz Length of the data.
wolfSSL 13:f67a6c6013ca 3513 * out Buffer to hold signature.
wolfSSL 13:f67a6c6013ca 3514 * outSz On entry, size of the buffer. On exit, the size of the signature.
wolfSSL 13:f67a6c6013ca 3515 * key The private X25519 key data.
wolfSSL 13:f67a6c6013ca 3516 * keySz The length of the private key data in bytes.
wolfSSL 13:f67a6c6013ca 3517 * ctx The callback context.
wolfSSL 13:f67a6c6013ca 3518 * returns 0 on succes, otherwise the valus is an error.
wolfSSL 13:f67a6c6013ca 3519 */
wolfSSL 13:f67a6c6013ca 3520 int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 13:f67a6c6013ca 3521 word32* outSz, ed25519_key* key, byte* keyBuf, word32 keySz,
wolfSSL 13:f67a6c6013ca 3522 void* ctx)
wolfSSL 13:f67a6c6013ca 3523 {
wolfSSL 13:f67a6c6013ca 3524 int ret;
wolfSSL 13:f67a6c6013ca 3525
wolfSSL 13:f67a6c6013ca 3526 (void)ssl;
wolfSSL 13:f67a6c6013ca 3527 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3528 (void)keySz;
wolfSSL 13:f67a6c6013ca 3529 (void)ctx;
wolfSSL 13:f67a6c6013ca 3530
wolfSSL 13:f67a6c6013ca 3531 WOLFSSL_ENTER("Ed25519Sign");
wolfSSL 13:f67a6c6013ca 3532
wolfSSL 13:f67a6c6013ca 3533 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 3534 if (ssl->ctx->Ed25519SignCb) {
wolfSSL 13:f67a6c6013ca 3535 ret = ssl->ctx->Ed25519SignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL 13:f67a6c6013ca 3536 keySz, ctx);
wolfSSL 13:f67a6c6013ca 3537 }
wolfSSL 13:f67a6c6013ca 3538 else
wolfSSL 13:f67a6c6013ca 3539 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3540 {
wolfSSL 13:f67a6c6013ca 3541 ret = wc_ed25519_sign_msg(in, inSz, out, outSz, key);
wolfSSL 13:f67a6c6013ca 3542 }
wolfSSL 13:f67a6c6013ca 3543
wolfSSL 13:f67a6c6013ca 3544 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3545 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3546 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3547 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3548 }
wolfSSL 13:f67a6c6013ca 3549 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3550
wolfSSL 13:f67a6c6013ca 3551 WOLFSSL_LEAVE("Ed25519Sign", ret);
wolfSSL 13:f67a6c6013ca 3552
wolfSSL 13:f67a6c6013ca 3553 return ret;
wolfSSL 13:f67a6c6013ca 3554 }
wolfSSL 13:f67a6c6013ca 3555
wolfSSL 13:f67a6c6013ca 3556 /* Verify the data using EdDSA and key using X25519.
wolfSSL 13:f67a6c6013ca 3557 *
wolfSSL 13:f67a6c6013ca 3558 * ssl SSL object.
wolfSSL 13:f67a6c6013ca 3559 * in Signature data.
wolfSSL 13:f67a6c6013ca 3560 * inSz Length of the signature data in bytes.
wolfSSL 13:f67a6c6013ca 3561 * msg Message to verify.
wolfSSL 13:f67a6c6013ca 3562 * outSz Length of message in bytes.
wolfSSL 13:f67a6c6013ca 3563 * key The public X25519 key data.
wolfSSL 13:f67a6c6013ca 3564 * keySz The length of the private key data in bytes.
wolfSSL 13:f67a6c6013ca 3565 * ctx The callback context.
wolfSSL 13:f67a6c6013ca 3566 * returns 0 on succes, otherwise the valus is an error.
wolfSSL 13:f67a6c6013ca 3567 */
wolfSSL 13:f67a6c6013ca 3568 int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
wolfSSL 13:f67a6c6013ca 3569 word32 msgSz, ed25519_key* key, byte* keyBuf, word32 keySz,
wolfSSL 13:f67a6c6013ca 3570 void* ctx)
wolfSSL 13:f67a6c6013ca 3571 {
wolfSSL 13:f67a6c6013ca 3572 int ret;
wolfSSL 13:f67a6c6013ca 3573
wolfSSL 13:f67a6c6013ca 3574 (void)ssl;
wolfSSL 13:f67a6c6013ca 3575 (void)keyBuf;
wolfSSL 13:f67a6c6013ca 3576 (void)keySz;
wolfSSL 13:f67a6c6013ca 3577 (void)ctx;
wolfSSL 13:f67a6c6013ca 3578
wolfSSL 13:f67a6c6013ca 3579 WOLFSSL_ENTER("Ed25519Verify");
wolfSSL 13:f67a6c6013ca 3580
wolfSSL 13:f67a6c6013ca 3581 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3582 if (ssl->ctx->Ed25519VerifyCb) {
wolfSSL 13:f67a6c6013ca 3583 ret = ssl->ctx->Ed25519VerifyCb(ssl, in, inSz, msg, msgSz, keyBuf,
wolfSSL 13:f67a6c6013ca 3584 keySz, &ssl->eccVerifyRes, ctx);
wolfSSL 13:f67a6c6013ca 3585 }
wolfSSL 13:f67a6c6013ca 3586 else
wolfSSL 13:f67a6c6013ca 3587 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3588 {
wolfSSL 13:f67a6c6013ca 3589 ret = wc_ed25519_verify_msg(in, inSz, msg, msgSz,
wolfSSL 13:f67a6c6013ca 3590 &ssl->eccVerifyRes, key);
wolfSSL 13:f67a6c6013ca 3591 }
wolfSSL 13:f67a6c6013ca 3592
wolfSSL 13:f67a6c6013ca 3593 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3594 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3595 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3596 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3597 }
wolfSSL 13:f67a6c6013ca 3598 else
wolfSSL 13:f67a6c6013ca 3599 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3600 {
wolfSSL 13:f67a6c6013ca 3601 ret = (ret != 0 || ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL 13:f67a6c6013ca 3602 }
wolfSSL 13:f67a6c6013ca 3603
wolfSSL 13:f67a6c6013ca 3604 WOLFSSL_LEAVE("Ed25519Verify", ret);
wolfSSL 13:f67a6c6013ca 3605
wolfSSL 13:f67a6c6013ca 3606 return ret;
wolfSSL 13:f67a6c6013ca 3607 }
wolfSSL 13:f67a6c6013ca 3608 #endif /* HAVE_ED25519 */
wolfSSL 13:f67a6c6013ca 3609
wolfSSL 13:f67a6c6013ca 3610 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 3611 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3612 /* Gets X25519 key for shared secret callback testing
wolfSSL 13:f67a6c6013ca 3613 * Client side: returns peer key
wolfSSL 13:f67a6c6013ca 3614 * Server side: returns private key
wolfSSL 13:f67a6c6013ca 3615 */
wolfSSL 13:f67a6c6013ca 3616 static int X25519GetKey(WOLFSSL* ssl, curve25519_key** otherKey)
wolfSSL 13:f67a6c6013ca 3617 {
wolfSSL 13:f67a6c6013ca 3618 int ret = NO_PEER_KEY;
wolfSSL 13:f67a6c6013ca 3619 struct curve25519_key* tmpKey = NULL;
wolfSSL 13:f67a6c6013ca 3620
wolfSSL 13:f67a6c6013ca 3621 if (ssl == NULL || otherKey == NULL) {
wolfSSL 13:f67a6c6013ca 3622 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3623 }
wolfSSL 13:f67a6c6013ca 3624
wolfSSL 13:f67a6c6013ca 3625 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 3626 if (!ssl->peerX25519Key || !ssl->peerX25519KeyPresent ||
wolfSSL 13:f67a6c6013ca 3627 !ssl->peerX25519Key->dp) {
wolfSSL 13:f67a6c6013ca 3628 return NO_PEER_KEY;
wolfSSL 13:f67a6c6013ca 3629 }
wolfSSL 13:f67a6c6013ca 3630 tmpKey = (struct curve25519_key*)ssl->peerX25519Key;
wolfSSL 13:f67a6c6013ca 3631 }
wolfSSL 13:f67a6c6013ca 3632 else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 3633 if (!ssl->eccTempKeyPresent) {
wolfSSL 13:f67a6c6013ca 3634 return NO_PRIVATE_KEY;
wolfSSL 13:f67a6c6013ca 3635 }
wolfSSL 13:f67a6c6013ca 3636 tmpKey = (struct curve25519_key*)ssl->eccTempKey;
wolfSSL 13:f67a6c6013ca 3637 }
wolfSSL 13:f67a6c6013ca 3638
wolfSSL 13:f67a6c6013ca 3639 if (tmpKey) {
wolfSSL 13:f67a6c6013ca 3640 *otherKey = (curve25519_key *)tmpKey;
wolfSSL 13:f67a6c6013ca 3641 ret = 0;
wolfSSL 13:f67a6c6013ca 3642 }
wolfSSL 13:f67a6c6013ca 3643
wolfSSL 13:f67a6c6013ca 3644 return ret;
wolfSSL 13:f67a6c6013ca 3645 }
wolfSSL 13:f67a6c6013ca 3646 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 3647
wolfSSL 13:f67a6c6013ca 3648 static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key,
wolfSSL 13:f67a6c6013ca 3649 curve25519_key* pub_key, byte* pubKeyDer, word32* pubKeySz,
wolfSSL 13:f67a6c6013ca 3650 byte* out, word32* outlen, int side, void* ctx)
wolfSSL 13:f67a6c6013ca 3651 {
wolfSSL 13:f67a6c6013ca 3652 int ret;
wolfSSL 13:f67a6c6013ca 3653
wolfSSL 13:f67a6c6013ca 3654 (void)ssl;
wolfSSL 13:f67a6c6013ca 3655 (void)pubKeyDer;
wolfSSL 13:f67a6c6013ca 3656 (void)pubKeySz;
wolfSSL 13:f67a6c6013ca 3657 (void)side;
wolfSSL 13:f67a6c6013ca 3658 (void)ctx;
wolfSSL 13:f67a6c6013ca 3659
wolfSSL 13:f67a6c6013ca 3660 WOLFSSL_ENTER("X25519SharedSecret");
wolfSSL 13:f67a6c6013ca 3661
wolfSSL 13:f67a6c6013ca 3662 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 3663 if (ssl->ctx->X25519SharedSecretCb) {
wolfSSL 13:f67a6c6013ca 3664 curve25519_key* otherKey = NULL;
wolfSSL 13:f67a6c6013ca 3665
wolfSSL 13:f67a6c6013ca 3666 ret = X25519GetKey(ssl, &otherKey);
wolfSSL 13:f67a6c6013ca 3667 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 3668 ret = ssl->ctx->X25519SharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL 13:f67a6c6013ca 3669 pubKeySz, out, outlen, side, ctx);
wolfSSL 13:f67a6c6013ca 3670 }
wolfSSL 13:f67a6c6013ca 3671 }
wolfSSL 13:f67a6c6013ca 3672 else
wolfSSL 13:f67a6c6013ca 3673 #endif
wolfSSL 13:f67a6c6013ca 3674 {
wolfSSL 13:f67a6c6013ca 3675 ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
wolfSSL 13:f67a6c6013ca 3676 EC25519_LITTLE_ENDIAN);
wolfSSL 13:f67a6c6013ca 3677 }
wolfSSL 13:f67a6c6013ca 3678
wolfSSL 13:f67a6c6013ca 3679 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3680 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3681 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3682 ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev,
wolfSSL 13:f67a6c6013ca 3683 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 3684 }
wolfSSL 13:f67a6c6013ca 3685 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3686
wolfSSL 13:f67a6c6013ca 3687 WOLFSSL_LEAVE("X25519SharedSecret", ret);
wolfSSL 13:f67a6c6013ca 3688
wolfSSL 13:f67a6c6013ca 3689 return ret;
wolfSSL 13:f67a6c6013ca 3690 }
wolfSSL 13:f67a6c6013ca 3691
wolfSSL 13:f67a6c6013ca 3692 static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key,
wolfSSL 13:f67a6c6013ca 3693 curve25519_key* peer)
wolfSSL 13:f67a6c6013ca 3694 {
wolfSSL 13:f67a6c6013ca 3695 int ret = 0;
wolfSSL 13:f67a6c6013ca 3696
wolfSSL 13:f67a6c6013ca 3697 (void)peer;
wolfSSL 13:f67a6c6013ca 3698
wolfSSL 13:f67a6c6013ca 3699 WOLFSSL_ENTER("X25519MakeKey");
wolfSSL 13:f67a6c6013ca 3700
wolfSSL 13:f67a6c6013ca 3701 ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key);
wolfSSL 13:f67a6c6013ca 3702 if (ret == 0)
wolfSSL 13:f67a6c6013ca 3703 ssl->ecdhCurveOID = ECC_X25519_OID;
wolfSSL 13:f67a6c6013ca 3704
wolfSSL 13:f67a6c6013ca 3705 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3706 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3707 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3708 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 3709 }
wolfSSL 13:f67a6c6013ca 3710 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3711
wolfSSL 13:f67a6c6013ca 3712 WOLFSSL_LEAVE("X25519MakeKey", ret);
wolfSSL 13:f67a6c6013ca 3713
wolfSSL 13:f67a6c6013ca 3714 return ret;
wolfSSL 13:f67a6c6013ca 3715 }
wolfSSL 13:f67a6c6013ca 3716 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 3717
wolfSSL 13:f67a6c6013ca 3718 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 3719
wolfSSL 13:f67a6c6013ca 3720 #if !defined(NO_CERTS) || !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 3721 #if !defined(NO_DH)
wolfSSL 13:f67a6c6013ca 3722
wolfSSL 13:f67a6c6013ca 3723 int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 13:f67a6c6013ca 3724 byte* priv, word32* privSz,
wolfSSL 13:f67a6c6013ca 3725 byte* pub, word32* pubSz)
wolfSSL 13:f67a6c6013ca 3726 {
wolfSSL 13:f67a6c6013ca 3727 int ret;
wolfSSL 13:f67a6c6013ca 3728
wolfSSL 13:f67a6c6013ca 3729 WOLFSSL_ENTER("DhGenKeyPair");
wolfSSL 13:f67a6c6013ca 3730
wolfSSL 13:f67a6c6013ca 3731 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, priv, privSz, pub, pubSz);
wolfSSL 13:f67a6c6013ca 3732
wolfSSL 13:f67a6c6013ca 3733 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3734 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3735 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3736 ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 3737 }
wolfSSL 13:f67a6c6013ca 3738 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3739
wolfSSL 13:f67a6c6013ca 3740 WOLFSSL_LEAVE("DhGenKeyPair", ret);
wolfSSL 13:f67a6c6013ca 3741
wolfSSL 13:f67a6c6013ca 3742 return ret;
wolfSSL 13:f67a6c6013ca 3743 }
wolfSSL 13:f67a6c6013ca 3744
wolfSSL 13:f67a6c6013ca 3745 int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 13:f67a6c6013ca 3746 const byte* priv, word32 privSz,
wolfSSL 13:f67a6c6013ca 3747 const byte* otherPub, word32 otherPubSz,
wolfSSL 13:f67a6c6013ca 3748 byte* agree, word32* agreeSz)
wolfSSL 13:f67a6c6013ca 3749 {
wolfSSL 13:f67a6c6013ca 3750 int ret;
wolfSSL 13:f67a6c6013ca 3751
wolfSSL 13:f67a6c6013ca 3752 (void)ssl;
wolfSSL 13:f67a6c6013ca 3753
wolfSSL 13:f67a6c6013ca 3754 WOLFSSL_ENTER("DhAgree");
wolfSSL 13:f67a6c6013ca 3755
wolfSSL 13:f67a6c6013ca 3756 ret = wc_DhAgree(dhKey, agree, agreeSz, priv, privSz, otherPub, otherPubSz);
wolfSSL 13:f67a6c6013ca 3757
wolfSSL 13:f67a6c6013ca 3758 /* Handle async pending response */
wolfSSL 13:f67a6c6013ca 3759 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 13:f67a6c6013ca 3760 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 3761 ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 3762 }
wolfSSL 13:f67a6c6013ca 3763 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 3764
wolfSSL 13:f67a6c6013ca 3765 WOLFSSL_LEAVE("DhAgree", ret);
wolfSSL 13:f67a6c6013ca 3766
wolfSSL 13:f67a6c6013ca 3767 return ret;
wolfSSL 13:f67a6c6013ca 3768 }
wolfSSL 13:f67a6c6013ca 3769 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 3770 #endif /* !NO_CERTS || !NO_PSK */
wolfSSL 13:f67a6c6013ca 3771
wolfSSL 13:f67a6c6013ca 3772
wolfSSL 13:f67a6c6013ca 3773 /* This function inherits a WOLFSSL_CTX's fields into an SSL object.
wolfSSL 13:f67a6c6013ca 3774 It is used during initialization and to switch an ssl's CTX with
wolfSSL 13:f67a6c6013ca 3775 wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK
wolfSSL 13:f67a6c6013ca 3776 unless writeDup is on.
wolfSSL 13:f67a6c6013ca 3777
wolfSSL 13:f67a6c6013ca 3778 ssl object to initialize
wolfSSL 13:f67a6c6013ca 3779 ctx parent factory
wolfSSL 13:f67a6c6013ca 3780 writeDup flag indicating this is a write dup only
wolfSSL 13:f67a6c6013ca 3781
wolfSSL 13:f67a6c6013ca 3782 SSL_SUCCESS return value on success */
wolfSSL 13:f67a6c6013ca 3783 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL 13:f67a6c6013ca 3784 {
wolfSSL 13:f67a6c6013ca 3785 byte havePSK = 0;
wolfSSL 13:f67a6c6013ca 3786 byte haveAnon = 0;
wolfSSL 13:f67a6c6013ca 3787 byte newSSL;
wolfSSL 13:f67a6c6013ca 3788 byte haveRSA = 0;
wolfSSL 13:f67a6c6013ca 3789 byte haveMcast = 0;
wolfSSL 13:f67a6c6013ca 3790
wolfSSL 13:f67a6c6013ca 3791 (void)haveAnon; /* Squash unused var warnings */
wolfSSL 13:f67a6c6013ca 3792 (void)haveMcast;
wolfSSL 13:f67a6c6013ca 3793
wolfSSL 13:f67a6c6013ca 3794 if (!ssl || !ctx)
wolfSSL 13:f67a6c6013ca 3795 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3796
wolfSSL 13:f67a6c6013ca 3797 if (ssl->suites == NULL && !writeDup)
wolfSSL 13:f67a6c6013ca 3798 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 3799
wolfSSL 13:f67a6c6013ca 3800 newSSL = ssl->ctx == NULL; /* Assign after null check */
wolfSSL 13:f67a6c6013ca 3801
wolfSSL 13:f67a6c6013ca 3802 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 3803 if (ctx->server_hint[0] && ssl->arrays == NULL && !writeDup) {
wolfSSL 13:f67a6c6013ca 3804 return BAD_FUNC_ARG; /* needed for copy below */
wolfSSL 13:f67a6c6013ca 3805 }
wolfSSL 13:f67a6c6013ca 3806 #endif
wolfSSL 13:f67a6c6013ca 3807
wolfSSL 13:f67a6c6013ca 3808
wolfSSL 13:f67a6c6013ca 3809 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 3810 haveRSA = 1;
wolfSSL 13:f67a6c6013ca 3811 #endif
wolfSSL 13:f67a6c6013ca 3812 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 3813 havePSK = ctx->havePSK;
wolfSSL 13:f67a6c6013ca 3814 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 3815 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 3816 haveAnon = ctx->haveAnon;
wolfSSL 13:f67a6c6013ca 3817 #endif /* HAVE_ANON*/
wolfSSL 13:f67a6c6013ca 3818 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 3819 haveMcast = ctx->haveMcast;
wolfSSL 13:f67a6c6013ca 3820 #endif /* WOLFSSL_MULTICAST */
wolfSSL 13:f67a6c6013ca 3821
wolfSSL 13:f67a6c6013ca 3822 /* decrement previous CTX reference count if exists.
wolfSSL 13:f67a6c6013ca 3823 * This should only happen if switching ctxs!*/
wolfSSL 13:f67a6c6013ca 3824 if (!newSSL) {
wolfSSL 13:f67a6c6013ca 3825 WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL 13:f67a6c6013ca 3826 wolfSSL_CTX_free(ssl->ctx);
wolfSSL 13:f67a6c6013ca 3827 }
wolfSSL 13:f67a6c6013ca 3828
wolfSSL 13:f67a6c6013ca 3829 /* increment CTX reference count */
wolfSSL 13:f67a6c6013ca 3830 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 13:f67a6c6013ca 3831 WOLFSSL_MSG("Couldn't lock CTX count mutex");
wolfSSL 13:f67a6c6013ca 3832 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 3833 }
wolfSSL 13:f67a6c6013ca 3834 ctx->refCount++;
wolfSSL 13:f67a6c6013ca 3835 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 13:f67a6c6013ca 3836 ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL 13:f67a6c6013ca 3837 ssl->version = ctx->method->version;
wolfSSL 13:f67a6c6013ca 3838
wolfSSL 13:f67a6c6013ca 3839 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3840 ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL 13:f67a6c6013ca 3841 ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL 13:f67a6c6013ca 3842 ssl->ecdhCurveOID = ctx->ecdhCurveOID;
wolfSSL 13:f67a6c6013ca 3843 #endif
wolfSSL 13:f67a6c6013ca 3844
wolfSSL 13:f67a6c6013ca 3845 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 3846 ssl->options.mask = ctx->mask;
wolfSSL 13:f67a6c6013ca 3847 #endif
wolfSSL 13:f67a6c6013ca 3848 ssl->timeout = ctx->timeout;
wolfSSL 13:f67a6c6013ca 3849 ssl->verifyCallback = ctx->verifyCallback;
wolfSSL 13:f67a6c6013ca 3850 ssl->options.side = ctx->method->side;
wolfSSL 13:f67a6c6013ca 3851 ssl->options.downgrade = ctx->method->downgrade;
wolfSSL 13:f67a6c6013ca 3852 ssl->options.minDowngrade = ctx->minDowngrade;
wolfSSL 13:f67a6c6013ca 3853
wolfSSL 13:f67a6c6013ca 3854 ssl->options.haveDH = ctx->haveDH;
wolfSSL 13:f67a6c6013ca 3855 ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL 13:f67a6c6013ca 3856 ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL 13:f67a6c6013ca 3857 ssl->options.haveECC = ctx->haveECC;
wolfSSL 13:f67a6c6013ca 3858 ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL 13:f67a6c6013ca 3859
wolfSSL 13:f67a6c6013ca 3860 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 3861 ssl->options.havePSK = ctx->havePSK;
wolfSSL 13:f67a6c6013ca 3862 ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL 13:f67a6c6013ca 3863 ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL 13:f67a6c6013ca 3864 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 3865 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 3866 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 13:f67a6c6013ca 3867 ssl->options.maxEarlyDataSz = ctx->maxEarlyDataSz;
wolfSSL 13:f67a6c6013ca 3868 #endif
wolfSSL 13:f67a6c6013ca 3869
wolfSSL 13:f67a6c6013ca 3870 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 3871 ssl->options.haveAnon = ctx->haveAnon;
wolfSSL 13:f67a6c6013ca 3872 #endif
wolfSSL 13:f67a6c6013ca 3873 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 3874 ssl->options.minDhKeySz = ctx->minDhKeySz;
wolfSSL 13:f67a6c6013ca 3875 #endif
wolfSSL 13:f67a6c6013ca 3876 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 3877 ssl->options.minRsaKeySz = ctx->minRsaKeySz;
wolfSSL 13:f67a6c6013ca 3878 #endif
wolfSSL 13:f67a6c6013ca 3879 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 3880 ssl->options.minEccKeySz = ctx->minEccKeySz;
wolfSSL 13:f67a6c6013ca 3881 #endif
wolfSSL 13:f67a6c6013ca 3882 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 3883 ssl->options.verifyDepth = ctx->verifyDepth;
wolfSSL 13:f67a6c6013ca 3884 #endif
wolfSSL 13:f67a6c6013ca 3885
wolfSSL 13:f67a6c6013ca 3886 ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL 13:f67a6c6013ca 3887 ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL 13:f67a6c6013ca 3888 #ifdef HAVE_EXT_CACHE
wolfSSL 13:f67a6c6013ca 3889 ssl->options.internalCacheOff = ctx->internalCacheOff;
wolfSSL 13:f67a6c6013ca 3890 #endif
wolfSSL 13:f67a6c6013ca 3891
wolfSSL 13:f67a6c6013ca 3892 ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL 13:f67a6c6013ca 3893 ssl->options.verifyNone = ctx->verifyNone;
wolfSSL 13:f67a6c6013ca 3894 ssl->options.failNoCert = ctx->failNoCert;
wolfSSL 13:f67a6c6013ca 3895 ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
wolfSSL 13:f67a6c6013ca 3896 ssl->options.sendVerify = ctx->sendVerify;
wolfSSL 13:f67a6c6013ca 3897
wolfSSL 13:f67a6c6013ca 3898 ssl->options.partialWrite = ctx->partialWrite;
wolfSSL 13:f67a6c6013ca 3899 ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL 13:f67a6c6013ca 3900 ssl->options.groupMessages = ctx->groupMessages;
wolfSSL 13:f67a6c6013ca 3901
wolfSSL 13:f67a6c6013ca 3902 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 3903 ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL 13:f67a6c6013ca 3904 ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL 13:f67a6c6013ca 3905 #endif
wolfSSL 13:f67a6c6013ca 3906
wolfSSL 13:f67a6c6013ca 3907 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 3908 /* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL 13:f67a6c6013ca 3909 ssl->buffers.certificate = ctx->certificate;
wolfSSL 13:f67a6c6013ca 3910 ssl->buffers.certChain = ctx->certChain;
wolfSSL 13:f67a6c6013ca 3911 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 3912 ssl->buffers.certChainCnt = ctx->certChainCnt;
wolfSSL 13:f67a6c6013ca 3913 #endif
wolfSSL 13:f67a6c6013ca 3914 ssl->buffers.key = ctx->privateKey;
wolfSSL 13:f67a6c6013ca 3915 ssl->buffers.keyType = ctx->privateKeyType;
wolfSSL 13:f67a6c6013ca 3916 ssl->buffers.keySz = ctx->privateKeySz;
wolfSSL 13:f67a6c6013ca 3917 #endif
wolfSSL 13:f67a6c6013ca 3918
wolfSSL 13:f67a6c6013ca 3919 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 3920 ssl->devId = ctx->devId;
wolfSSL 13:f67a6c6013ca 3921 #endif
wolfSSL 13:f67a6c6013ca 3922
wolfSSL 13:f67a6c6013ca 3923 if (writeDup == 0) {
wolfSSL 13:f67a6c6013ca 3924 int keySz = 0;
wolfSSL 13:f67a6c6013ca 3925 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 3926 keySz = ssl->buffers.keySz;
wolfSSL 13:f67a6c6013ca 3927 #endif
wolfSSL 13:f67a6c6013ca 3928
wolfSSL 13:f67a6c6013ca 3929 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 3930 if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL 13:f67a6c6013ca 3931 XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint,
wolfSSL 13:f67a6c6013ca 3932 sizeof(ssl->arrays->server_hint));
wolfSSL 13:f67a6c6013ca 3933 ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 3934 }
wolfSSL 13:f67a6c6013ca 3935 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 3936
wolfSSL 13:f67a6c6013ca 3937 if (ctx->suites)
wolfSSL 13:f67a6c6013ca 3938 *ssl->suites = *ctx->suites;
wolfSSL 13:f67a6c6013ca 3939 else
wolfSSL 13:f67a6c6013ca 3940 XMEMSET(ssl->suites, 0, sizeof(Suites));
wolfSSL 13:f67a6c6013ca 3941
wolfSSL 13:f67a6c6013ca 3942 /* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL 13:f67a6c6013ca 3943 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 13:f67a6c6013ca 3944 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 13:f67a6c6013ca 3945 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 13:f67a6c6013ca 3946 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 13:f67a6c6013ca 3947 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 13:f67a6c6013ca 3948 else
wolfSSL 13:f67a6c6013ca 3949 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 13:f67a6c6013ca 3950 TRUE, ssl->options.haveNTRU,
wolfSSL 13:f67a6c6013ca 3951 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 13:f67a6c6013ca 3952 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 13:f67a6c6013ca 3953
wolfSSL 13:f67a6c6013ca 3954 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 13:f67a6c6013ca 3955 /* make sure server has cert and key unless using PSK, Anon, or
wolfSSL 13:f67a6c6013ca 3956 * Multicast. This should be true even if just switching ssl ctx */
wolfSSL 13:f67a6c6013ca 3957 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 3958 !havePSK && !haveAnon && !haveMcast)
wolfSSL 13:f67a6c6013ca 3959 if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer
wolfSSL 13:f67a6c6013ca 3960 || !ssl->buffers.key || !ssl->buffers.key->buffer) {
wolfSSL 13:f67a6c6013ca 3961 WOLFSSL_MSG("Server missing certificate and/or private key");
wolfSSL 13:f67a6c6013ca 3962 return NO_PRIVATE_KEY;
wolfSSL 13:f67a6c6013ca 3963 }
wolfSSL 13:f67a6c6013ca 3964 #endif
wolfSSL 13:f67a6c6013ca 3965
wolfSSL 13:f67a6c6013ca 3966 } /* writeDup check */
wolfSSL 13:f67a6c6013ca 3967
wolfSSL 13:f67a6c6013ca 3968 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 13:f67a6c6013ca 3969 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 3970 ssl->dtls_export = ctx->dtls_export; /* export function for session */
wolfSSL 13:f67a6c6013ca 3971 #endif
wolfSSL 13:f67a6c6013ca 3972 #endif
wolfSSL 13:f67a6c6013ca 3973
wolfSSL 13:f67a6c6013ca 3974 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 3975 ssl->readAhead = ctx->readAhead;
wolfSSL 13:f67a6c6013ca 3976 #endif
wolfSSL 13:f67a6c6013ca 3977
wolfSSL 13:f67a6c6013ca 3978 return SSL_SUCCESS;
wolfSSL 13:f67a6c6013ca 3979 }
wolfSSL 13:f67a6c6013ca 3980
wolfSSL 13:f67a6c6013ca 3981 int InitHandshakeHashes(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 3982 {
wolfSSL 13:f67a6c6013ca 3983 int ret;
wolfSSL 13:f67a6c6013ca 3984
wolfSSL 13:f67a6c6013ca 3985 /* make sure existing handshake hashes are free'd */
wolfSSL 13:f67a6c6013ca 3986 if (ssl->hsHashes != NULL) {
wolfSSL 13:f67a6c6013ca 3987 FreeHandshakeHashes(ssl);
wolfSSL 13:f67a6c6013ca 3988 }
wolfSSL 13:f67a6c6013ca 3989
wolfSSL 13:f67a6c6013ca 3990 /* allocate handshake hashes */
wolfSSL 13:f67a6c6013ca 3991 ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
wolfSSL 13:f67a6c6013ca 3992 DYNAMIC_TYPE_HASHES);
wolfSSL 13:f67a6c6013ca 3993 if (ssl->hsHashes == NULL) {
wolfSSL 13:f67a6c6013ca 3994 WOLFSSL_MSG("HS_Hashes Memory error");
wolfSSL 13:f67a6c6013ca 3995 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 3996 }
wolfSSL 13:f67a6c6013ca 3997 XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes));
wolfSSL 13:f67a6c6013ca 3998
wolfSSL 13:f67a6c6013ca 3999 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 4000 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 4001 ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4002 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4003 return ret;
wolfSSL 13:f67a6c6013ca 4004 #endif
wolfSSL 13:f67a6c6013ca 4005 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 4006 ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4007 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4008 return ret;
wolfSSL 13:f67a6c6013ca 4009 #endif
wolfSSL 13:f67a6c6013ca 4010 #endif /* !NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 4011 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 4012 ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4013 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4014 return ret;
wolfSSL 13:f67a6c6013ca 4015 #endif
wolfSSL 13:f67a6c6013ca 4016 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 4017 ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4018 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4019 return ret;
wolfSSL 13:f67a6c6013ca 4020 #endif
wolfSSL 13:f67a6c6013ca 4021 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 4022 ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4023 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4024 return ret;
wolfSSL 13:f67a6c6013ca 4025 #endif
wolfSSL 13:f67a6c6013ca 4026
wolfSSL 13:f67a6c6013ca 4027 return ret;
wolfSSL 13:f67a6c6013ca 4028 }
wolfSSL 13:f67a6c6013ca 4029
wolfSSL 13:f67a6c6013ca 4030 void FreeHandshakeHashes(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 4031 {
wolfSSL 13:f67a6c6013ca 4032 if (ssl->hsHashes) {
wolfSSL 13:f67a6c6013ca 4033 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 4034 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 4035 wc_Md5Free(&ssl->hsHashes->hashMd5);
wolfSSL 13:f67a6c6013ca 4036 #endif
wolfSSL 13:f67a6c6013ca 4037 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 4038 wc_ShaFree(&ssl->hsHashes->hashSha);
wolfSSL 13:f67a6c6013ca 4039 #endif
wolfSSL 13:f67a6c6013ca 4040 #endif /* !NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 4041 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 4042 wc_Sha256Free(&ssl->hsHashes->hashSha256);
wolfSSL 13:f67a6c6013ca 4043 #endif
wolfSSL 13:f67a6c6013ca 4044 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 4045 wc_Sha384Free(&ssl->hsHashes->hashSha384);
wolfSSL 13:f67a6c6013ca 4046 #endif
wolfSSL 13:f67a6c6013ca 4047 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 4048 wc_Sha512Free(&ssl->hsHashes->hashSha512);
wolfSSL 13:f67a6c6013ca 4049 #endif
wolfSSL 13:f67a6c6013ca 4050
wolfSSL 13:f67a6c6013ca 4051 XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL 13:f67a6c6013ca 4052 ssl->hsHashes = NULL;
wolfSSL 13:f67a6c6013ca 4053 }
wolfSSL 13:f67a6c6013ca 4054 }
wolfSSL 13:f67a6c6013ca 4055
wolfSSL 13:f67a6c6013ca 4056
wolfSSL 13:f67a6c6013ca 4057 /* init everything to 0, NULL, default values before calling anything that may
wolfSSL 13:f67a6c6013ca 4058 fail so that destructor has a "good" state to cleanup
wolfSSL 13:f67a6c6013ca 4059
wolfSSL 13:f67a6c6013ca 4060 ssl object to initialize
wolfSSL 13:f67a6c6013ca 4061 ctx parent factory
wolfSSL 13:f67a6c6013ca 4062 writeDup flag indicating this is a write dup only
wolfSSL 13:f67a6c6013ca 4063
wolfSSL 13:f67a6c6013ca 4064 0 on success */
wolfSSL 13:f67a6c6013ca 4065 int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL 13:f67a6c6013ca 4066 {
wolfSSL 13:f67a6c6013ca 4067 int ret;
wolfSSL 13:f67a6c6013ca 4068
wolfSSL 13:f67a6c6013ca 4069 XMEMSET(ssl, 0, sizeof(WOLFSSL));
wolfSSL 13:f67a6c6013ca 4070
wolfSSL 13:f67a6c6013ca 4071 #if defined(WOLFSSL_STATIC_MEMORY)
wolfSSL 13:f67a6c6013ca 4072 if (ctx->heap != NULL) {
wolfSSL 13:f67a6c6013ca 4073 WOLFSSL_HEAP_HINT* ssl_hint;
wolfSSL 13:f67a6c6013ca 4074 WOLFSSL_HEAP_HINT* ctx_hint;
wolfSSL 13:f67a6c6013ca 4075
wolfSSL 13:f67a6c6013ca 4076 /* avoid derefrencing a test value */
wolfSSL 13:f67a6c6013ca 4077 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4078 if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 13:f67a6c6013ca 4079 ssl->heap = ctx->heap;
wolfSSL 13:f67a6c6013ca 4080 }
wolfSSL 13:f67a6c6013ca 4081 else {
wolfSSL 13:f67a6c6013ca 4082 #endif
wolfSSL 13:f67a6c6013ca 4083 ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT),
wolfSSL 13:f67a6c6013ca 4084 ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4085 if (ssl->heap == NULL) {
wolfSSL 13:f67a6c6013ca 4086 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4087 }
wolfSSL 13:f67a6c6013ca 4088 XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 13:f67a6c6013ca 4089 ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 13:f67a6c6013ca 4090 ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
wolfSSL 13:f67a6c6013ca 4091
wolfSSL 13:f67a6c6013ca 4092 /* lock and check IO count / handshake count */
wolfSSL 13:f67a6c6013ca 4093 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 13:f67a6c6013ca 4094 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 13:f67a6c6013ca 4095 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4096 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 13:f67a6c6013ca 4097 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 4098 }
wolfSSL 13:f67a6c6013ca 4099 if (ctx_hint->memory->maxHa > 0 &&
wolfSSL 13:f67a6c6013ca 4100 ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
wolfSSL 13:f67a6c6013ca 4101 WOLFSSL_MSG("At max number of handshakes for static memory");
wolfSSL 13:f67a6c6013ca 4102 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4103 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4104 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 13:f67a6c6013ca 4105 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4106 }
wolfSSL 13:f67a6c6013ca 4107
wolfSSL 13:f67a6c6013ca 4108 if (ctx_hint->memory->maxIO > 0 &&
wolfSSL 13:f67a6c6013ca 4109 ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
wolfSSL 13:f67a6c6013ca 4110 WOLFSSL_MSG("At max number of IO allowed for static memory");
wolfSSL 13:f67a6c6013ca 4111 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4112 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4113 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 13:f67a6c6013ca 4114 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4115 }
wolfSSL 13:f67a6c6013ca 4116 ctx_hint->memory->curIO++;
wolfSSL 13:f67a6c6013ca 4117 ctx_hint->memory->curHa++;
wolfSSL 13:f67a6c6013ca 4118 ssl_hint->memory = ctx_hint->memory;
wolfSSL 13:f67a6c6013ca 4119 ssl_hint->haFlag = 1;
wolfSSL 13:f67a6c6013ca 4120 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4121
wolfSSL 13:f67a6c6013ca 4122 /* check if tracking stats */
wolfSSL 13:f67a6c6013ca 4123 if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 13:f67a6c6013ca 4124 ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC(
wolfSSL 13:f67a6c6013ca 4125 sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4126 if (ssl_hint->stats == NULL) {
wolfSSL 13:f67a6c6013ca 4127 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4128 }
wolfSSL 13:f67a6c6013ca 4129 XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 13:f67a6c6013ca 4130 }
wolfSSL 13:f67a6c6013ca 4131
wolfSSL 13:f67a6c6013ca 4132 /* check if using fixed IO buffers */
wolfSSL 13:f67a6c6013ca 4133 if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 13:f67a6c6013ca 4134 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 13:f67a6c6013ca 4135 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 13:f67a6c6013ca 4136 return BAD_MUTEX_E;
wolfSSL 13:f67a6c6013ca 4137 }
wolfSSL 13:f67a6c6013ca 4138 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
wolfSSL 13:f67a6c6013ca 4139 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4140 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4141 }
wolfSSL 13:f67a6c6013ca 4142 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
wolfSSL 13:f67a6c6013ca 4143 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4144 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4145 }
wolfSSL 13:f67a6c6013ca 4146 if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) {
wolfSSL 13:f67a6c6013ca 4147 WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
wolfSSL 13:f67a6c6013ca 4148 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4149 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4150 }
wolfSSL 13:f67a6c6013ca 4151 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 13:f67a6c6013ca 4152 }
wolfSSL 13:f67a6c6013ca 4153 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4154 }
wolfSSL 13:f67a6c6013ca 4155 #endif
wolfSSL 13:f67a6c6013ca 4156 }
wolfSSL 13:f67a6c6013ca 4157 else {
wolfSSL 13:f67a6c6013ca 4158 ssl->heap = ctx->heap;
wolfSSL 13:f67a6c6013ca 4159 }
wolfSSL 13:f67a6c6013ca 4160 #else
wolfSSL 13:f67a6c6013ca 4161 ssl->heap = ctx->heap; /* carry over user heap without static memory */
wolfSSL 13:f67a6c6013ca 4162 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 13:f67a6c6013ca 4163
wolfSSL 13:f67a6c6013ca 4164 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 13:f67a6c6013ca 4165 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 13:f67a6c6013ca 4166
wolfSSL 13:f67a6c6013ca 4167 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 13:f67a6c6013ca 4168 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 13:f67a6c6013ca 4169
wolfSSL 13:f67a6c6013ca 4170 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 13:f67a6c6013ca 4171 InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL 13:f67a6c6013ca 4172 #endif
wolfSSL 13:f67a6c6013ca 4173
wolfSSL 13:f67a6c6013ca 4174 ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL 13:f67a6c6013ca 4175 ssl->wfd = -1;
wolfSSL 13:f67a6c6013ca 4176 ssl->devId = ctx->devId; /* device for async HW (from wolfAsync_DevOpen) */
wolfSSL 13:f67a6c6013ca 4177
wolfSSL 13:f67a6c6013ca 4178 ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL 13:f67a6c6013ca 4179 ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL 13:f67a6c6013ca 4180
wolfSSL 13:f67a6c6013ca 4181 #ifdef HAVE_NETX
wolfSSL 13:f67a6c6013ca 4182 ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL 13:f67a6c6013ca 4183 ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL 13:f67a6c6013ca 4184 #endif
wolfSSL 13:f67a6c6013ca 4185
wolfSSL 13:f67a6c6013ca 4186 /* initialize states */
wolfSSL 13:f67a6c6013ca 4187 ssl->options.serverState = NULL_STATE;
wolfSSL 13:f67a6c6013ca 4188 ssl->options.clientState = NULL_STATE;
wolfSSL 13:f67a6c6013ca 4189 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 13:f67a6c6013ca 4190 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 13:f67a6c6013ca 4191 ssl->options.handShakeState = NULL_STATE;
wolfSSL 13:f67a6c6013ca 4192 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 4193 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 4194 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 13:f67a6c6013ca 4195 ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 13:f67a6c6013ca 4196 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 13:f67a6c6013ca 4197
wolfSSL 13:f67a6c6013ca 4198 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 4199 #ifdef WOLFSSL_SCTP
wolfSSL 13:f67a6c6013ca 4200 ssl->options.dtlsSctp = ctx->dtlsSctp;
wolfSSL 13:f67a6c6013ca 4201 ssl->dtlsMtuSz = ctx->dtlsMtuSz;
wolfSSL 13:f67a6c6013ca 4202 ssl->dtls_expected_rx = ssl->dtlsMtuSz;
wolfSSL 13:f67a6c6013ca 4203 #else
wolfSSL 13:f67a6c6013ca 4204 ssl->dtls_expected_rx = MAX_MTU;
wolfSSL 13:f67a6c6013ca 4205 #endif
wolfSSL 13:f67a6c6013ca 4206 ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL 13:f67a6c6013ca 4207 ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL 13:f67a6c6013ca 4208 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 13:f67a6c6013ca 4209 ssl->buffers.dtlsCtx.rfd = -1;
wolfSSL 13:f67a6c6013ca 4210 ssl->buffers.dtlsCtx.wfd = -1;
wolfSSL 13:f67a6c6013ca 4211 #endif
wolfSSL 13:f67a6c6013ca 4212
wolfSSL 13:f67a6c6013ca 4213 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 4214 ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL 13:f67a6c6013ca 4215 #else
wolfSSL 13:f67a6c6013ca 4216 ssl->hmac = TLS_hmac;
wolfSSL 13:f67a6c6013ca 4217 #endif
wolfSSL 13:f67a6c6013ca 4218
wolfSSL 13:f67a6c6013ca 4219
wolfSSL 13:f67a6c6013ca 4220 ssl->cipher.ssl = ssl;
wolfSSL 13:f67a6c6013ca 4221
wolfSSL 13:f67a6c6013ca 4222 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 13:f67a6c6013ca 4223 ssl->options.haveEMS = ctx->haveEMS;
wolfSSL 13:f67a6c6013ca 4224 #endif
wolfSSL 13:f67a6c6013ca 4225 ssl->options.useClientOrder = ctx->useClientOrder;
wolfSSL 13:f67a6c6013ca 4226
wolfSSL 13:f67a6c6013ca 4227 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 4228 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 4229 ssl->options.noTicketTls13 = ctx->noTicketTls13;
wolfSSL 13:f67a6c6013ca 4230 #endif
wolfSSL 13:f67a6c6013ca 4231 ssl->options.noPskDheKe = ctx->noPskDheKe;
wolfSSL 13:f67a6c6013ca 4232 #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 13:f67a6c6013ca 4233 ssl->options.postHandshakeAuth = ctx->postHandshakeAuth;
wolfSSL 13:f67a6c6013ca 4234 #endif
wolfSSL 13:f67a6c6013ca 4235 #endif
wolfSSL 13:f67a6c6013ca 4236
wolfSSL 13:f67a6c6013ca 4237 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 4238 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 13:f67a6c6013ca 4239 ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL 13:f67a6c6013ca 4240 #endif
wolfSSL 13:f67a6c6013ca 4241 #ifdef HAVE_ALPN
wolfSSL 13:f67a6c6013ca 4242 ssl->alpn_client_list = NULL;
wolfSSL 13:f67a6c6013ca 4243 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 4244 ssl->alpnSelect = ctx->alpnSelect;
wolfSSL 13:f67a6c6013ca 4245 ssl->alpnSelectArg = ctx->alpnSelectArg;
wolfSSL 13:f67a6c6013ca 4246 #endif
wolfSSL 13:f67a6c6013ca 4247 #endif
wolfSSL 13:f67a6c6013ca 4248 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 13:f67a6c6013ca 4249 ssl->options.userCurves = ctx->userCurves;
wolfSSL 13:f67a6c6013ca 4250 #endif
wolfSSL 13:f67a6c6013ca 4251 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 13:f67a6c6013ca 4252
wolfSSL 13:f67a6c6013ca 4253 /* default alert state (none) */
wolfSSL 13:f67a6c6013ca 4254 ssl->alert_history.last_rx.code = -1;
wolfSSL 13:f67a6c6013ca 4255 ssl->alert_history.last_rx.level = -1;
wolfSSL 13:f67a6c6013ca 4256 ssl->alert_history.last_tx.code = -1;
wolfSSL 13:f67a6c6013ca 4257 ssl->alert_history.last_tx.level = -1;
wolfSSL 13:f67a6c6013ca 4258
wolfSSL 13:f67a6c6013ca 4259 InitCiphers(ssl);
wolfSSL 13:f67a6c6013ca 4260 InitCipherSpecs(&ssl->specs);
wolfSSL 13:f67a6c6013ca 4261
wolfSSL 13:f67a6c6013ca 4262 /* all done with init, now can return errors, call other stuff */
wolfSSL 13:f67a6c6013ca 4263
wolfSSL 13:f67a6c6013ca 4264 if (!writeDup) {
wolfSSL 13:f67a6c6013ca 4265 /* arrays */
wolfSSL 13:f67a6c6013ca 4266 ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL 13:f67a6c6013ca 4267 DYNAMIC_TYPE_ARRAYS);
wolfSSL 13:f67a6c6013ca 4268 if (ssl->arrays == NULL) {
wolfSSL 13:f67a6c6013ca 4269 WOLFSSL_MSG("Arrays Memory error");
wolfSSL 13:f67a6c6013ca 4270 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4271 }
wolfSSL 13:f67a6c6013ca 4272 XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL 13:f67a6c6013ca 4273 ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
wolfSSL 13:f67a6c6013ca 4274 DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 4275 if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL 13:f67a6c6013ca 4276 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4277 }
wolfSSL 13:f67a6c6013ca 4278 XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
wolfSSL 13:f67a6c6013ca 4279
wolfSSL 13:f67a6c6013ca 4280 /* suites */
wolfSSL 13:f67a6c6013ca 4281 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL 13:f67a6c6013ca 4282 DYNAMIC_TYPE_SUITES);
wolfSSL 13:f67a6c6013ca 4283 if (ssl->suites == NULL) {
wolfSSL 13:f67a6c6013ca 4284 WOLFSSL_MSG("Suites Memory error");
wolfSSL 13:f67a6c6013ca 4285 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4286 }
wolfSSL 13:f67a6c6013ca 4287 }
wolfSSL 13:f67a6c6013ca 4288
wolfSSL 13:f67a6c6013ca 4289 /* Initialize SSL with the appropriate fields from it's ctx */
wolfSSL 13:f67a6c6013ca 4290 /* requires valid arrays and suites unless writeDup ing */
wolfSSL 13:f67a6c6013ca 4291 if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != SSL_SUCCESS)
wolfSSL 13:f67a6c6013ca 4292 return ret;
wolfSSL 13:f67a6c6013ca 4293
wolfSSL 13:f67a6c6013ca 4294 ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL 13:f67a6c6013ca 4295
wolfSSL 13:f67a6c6013ca 4296 #ifdef SINGLE_THREADED
wolfSSL 13:f67a6c6013ca 4297 ssl->rng = ctx->rng; /* CTX may have one, if so use it */
wolfSSL 13:f67a6c6013ca 4298 #endif
wolfSSL 13:f67a6c6013ca 4299
wolfSSL 13:f67a6c6013ca 4300 if (ssl->rng == NULL) {
wolfSSL 13:f67a6c6013ca 4301 /* RNG */
wolfSSL 13:f67a6c6013ca 4302 ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap,DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 4303 if (ssl->rng == NULL) {
wolfSSL 13:f67a6c6013ca 4304 WOLFSSL_MSG("RNG Memory error");
wolfSSL 13:f67a6c6013ca 4305 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4306 }
wolfSSL 13:f67a6c6013ca 4307 XMEMSET(ssl->rng, 0, sizeof(WC_RNG));
wolfSSL 13:f67a6c6013ca 4308 ssl->options.weOwnRng = 1;
wolfSSL 13:f67a6c6013ca 4309
wolfSSL 13:f67a6c6013ca 4310 /* FIPS RNG API does not accept a heap hint */
wolfSSL 13:f67a6c6013ca 4311 #ifndef HAVE_FIPS
wolfSSL 13:f67a6c6013ca 4312 if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap, ssl->devId)) != 0) {
wolfSSL 13:f67a6c6013ca 4313 WOLFSSL_MSG("RNG Init error");
wolfSSL 13:f67a6c6013ca 4314 return ret;
wolfSSL 13:f67a6c6013ca 4315 }
wolfSSL 13:f67a6c6013ca 4316 #else
wolfSSL 13:f67a6c6013ca 4317 if ( (ret = wc_InitRng(ssl->rng)) != 0) {
wolfSSL 13:f67a6c6013ca 4318 WOLFSSL_MSG("RNG Init error");
wolfSSL 13:f67a6c6013ca 4319 return ret;
wolfSSL 13:f67a6c6013ca 4320 }
wolfSSL 13:f67a6c6013ca 4321 #endif
wolfSSL 13:f67a6c6013ca 4322 }
wolfSSL 13:f67a6c6013ca 4323
wolfSSL 13:f67a6c6013ca 4324 if (writeDup) {
wolfSSL 13:f67a6c6013ca 4325 /* all done */
wolfSSL 13:f67a6c6013ca 4326 return 0;
wolfSSL 13:f67a6c6013ca 4327 }
wolfSSL 13:f67a6c6013ca 4328
wolfSSL 13:f67a6c6013ca 4329 /* hsHashes */
wolfSSL 13:f67a6c6013ca 4330 ret = InitHandshakeHashes(ssl);
wolfSSL 13:f67a6c6013ca 4331 if (ret != 0)
wolfSSL 13:f67a6c6013ca 4332 return ret;
wolfSSL 13:f67a6c6013ca 4333
wolfSSL 13:f67a6c6013ca 4334 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 13:f67a6c6013ca 4335 if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 4336 ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL 13:f67a6c6013ca 4337 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4338 WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL 13:f67a6c6013ca 4339 return ret;
wolfSSL 13:f67a6c6013ca 4340 }
wolfSSL 13:f67a6c6013ca 4341 }
wolfSSL 13:f67a6c6013ca 4342 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 4343
wolfSSL 13:f67a6c6013ca 4344 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 13:f67a6c6013ca 4345 ssl->sessionSecretCb = NULL;
wolfSSL 13:f67a6c6013ca 4346 ssl->sessionSecretCtx = NULL;
wolfSSL 13:f67a6c6013ca 4347 #endif
wolfSSL 13:f67a6c6013ca 4348
wolfSSL 13:f67a6c6013ca 4349 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 4350 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 13:f67a6c6013ca 4351 #endif
wolfSSL 13:f67a6c6013ca 4352
wolfSSL 13:f67a6c6013ca 4353 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 4354 if (ctx->haveMcast) {
wolfSSL 13:f67a6c6013ca 4355 int i;
wolfSSL 13:f67a6c6013ca 4356
wolfSSL 13:f67a6c6013ca 4357 ssl->options.haveMcast = 1;
wolfSSL 13:f67a6c6013ca 4358 ssl->options.mcastID = ctx->mcastID;
wolfSSL 13:f67a6c6013ca 4359
wolfSSL 13:f67a6c6013ca 4360 /* Force the state to look like handshake has completed. */
wolfSSL 13:f67a6c6013ca 4361 /* Keying material is supplied externally. */
wolfSSL 13:f67a6c6013ca 4362 ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL 13:f67a6c6013ca 4363 ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL 13:f67a6c6013ca 4364 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 13:f67a6c6013ca 4365 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 13:f67a6c6013ca 4366 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 13:f67a6c6013ca 4367 ssl->options.handShakeDone = 1;
wolfSSL 13:f67a6c6013ca 4368
wolfSSL 13:f67a6c6013ca 4369 for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++)
wolfSSL 13:f67a6c6013ca 4370 ssl->keys.peerSeq[i].peerId = INVALID_PEER_ID;
wolfSSL 13:f67a6c6013ca 4371 }
wolfSSL 13:f67a6c6013ca 4372 #endif
wolfSSL 13:f67a6c6013ca 4373
wolfSSL 13:f67a6c6013ca 4374 return 0;
wolfSSL 13:f67a6c6013ca 4375 }
wolfSSL 13:f67a6c6013ca 4376
wolfSSL 13:f67a6c6013ca 4377
wolfSSL 13:f67a6c6013ca 4378 /* free use of temporary arrays */
wolfSSL 13:f67a6c6013ca 4379 void FreeArrays(WOLFSSL* ssl, int keep)
wolfSSL 13:f67a6c6013ca 4380 {
wolfSSL 13:f67a6c6013ca 4381 if (ssl->arrays) {
wolfSSL 13:f67a6c6013ca 4382 if (keep) {
wolfSSL 13:f67a6c6013ca 4383 /* keeps session id for user retrieval */
wolfSSL 13:f67a6c6013ca 4384 XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL 13:f67a6c6013ca 4385 ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 13:f67a6c6013ca 4386 }
wolfSSL 13:f67a6c6013ca 4387 if (ssl->arrays->preMasterSecret) {
wolfSSL 13:f67a6c6013ca 4388 XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 4389 ssl->arrays->preMasterSecret = NULL;
wolfSSL 13:f67a6c6013ca 4390 }
wolfSSL 13:f67a6c6013ca 4391 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 13:f67a6c6013ca 4392 ssl->arrays->pendingMsg = NULL;
wolfSSL 13:f67a6c6013ca 4393 ForceZero(ssl->arrays, sizeof(Arrays)); /* clear arrays struct */
wolfSSL 13:f67a6c6013ca 4394 }
wolfSSL 13:f67a6c6013ca 4395 XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 13:f67a6c6013ca 4396 ssl->arrays = NULL;
wolfSSL 13:f67a6c6013ca 4397 }
wolfSSL 13:f67a6c6013ca 4398
wolfSSL 13:f67a6c6013ca 4399 void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL 13:f67a6c6013ca 4400 {
wolfSSL 13:f67a6c6013ca 4401 if (ssl && pKey && *pKey) {
wolfSSL 13:f67a6c6013ca 4402 switch (type) {
wolfSSL 13:f67a6c6013ca 4403 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4404 case DYNAMIC_TYPE_RSA:
wolfSSL 13:f67a6c6013ca 4405 wc_FreeRsaKey((RsaKey*)*pKey);
wolfSSL 13:f67a6c6013ca 4406 break;
wolfSSL 13:f67a6c6013ca 4407 #endif /* ! NO_RSA */
wolfSSL 13:f67a6c6013ca 4408 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4409 case DYNAMIC_TYPE_ECC:
wolfSSL 13:f67a6c6013ca 4410 wc_ecc_free((ecc_key*)*pKey);
wolfSSL 13:f67a6c6013ca 4411 break;
wolfSSL 13:f67a6c6013ca 4412 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4413 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4414 case DYNAMIC_TYPE_ED25519:
wolfSSL 13:f67a6c6013ca 4415 wc_ed25519_free((ed25519_key*)*pKey);
wolfSSL 13:f67a6c6013ca 4416 break;
wolfSSL 13:f67a6c6013ca 4417 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4418 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4419 case DYNAMIC_TYPE_CURVE25519:
wolfSSL 13:f67a6c6013ca 4420 wc_curve25519_free((curve25519_key*)*pKey);
wolfSSL 13:f67a6c6013ca 4421 break;
wolfSSL 13:f67a6c6013ca 4422 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4423 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4424 case DYNAMIC_TYPE_DH:
wolfSSL 13:f67a6c6013ca 4425 wc_FreeDhKey((DhKey*)*pKey);
wolfSSL 13:f67a6c6013ca 4426 break;
wolfSSL 13:f67a6c6013ca 4427 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4428 default:
wolfSSL 13:f67a6c6013ca 4429 break;
wolfSSL 13:f67a6c6013ca 4430 }
wolfSSL 13:f67a6c6013ca 4431 XFREE(*pKey, ssl->heap, type);
wolfSSL 13:f67a6c6013ca 4432
wolfSSL 13:f67a6c6013ca 4433 /* Reset pointer */
wolfSSL 13:f67a6c6013ca 4434 *pKey = NULL;
wolfSSL 13:f67a6c6013ca 4435 }
wolfSSL 13:f67a6c6013ca 4436 }
wolfSSL 13:f67a6c6013ca 4437
wolfSSL 13:f67a6c6013ca 4438 int AllocKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL 13:f67a6c6013ca 4439 {
wolfSSL 13:f67a6c6013ca 4440 int ret = BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4441 int sz = 0;
wolfSSL 13:f67a6c6013ca 4442
wolfSSL 13:f67a6c6013ca 4443 if (ssl == NULL || pKey == NULL) {
wolfSSL 13:f67a6c6013ca 4444 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4445 }
wolfSSL 13:f67a6c6013ca 4446
wolfSSL 13:f67a6c6013ca 4447 /* Sanity check key destination */
wolfSSL 13:f67a6c6013ca 4448 if (*pKey != NULL) {
wolfSSL 13:f67a6c6013ca 4449 WOLFSSL_MSG("Key already present!");
wolfSSL 13:f67a6c6013ca 4450 return BAD_STATE_E;
wolfSSL 13:f67a6c6013ca 4451 }
wolfSSL 13:f67a6c6013ca 4452
wolfSSL 13:f67a6c6013ca 4453 /* Determine size */
wolfSSL 13:f67a6c6013ca 4454 switch (type) {
wolfSSL 13:f67a6c6013ca 4455 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4456 case DYNAMIC_TYPE_RSA:
wolfSSL 13:f67a6c6013ca 4457 sz = sizeof(RsaKey);
wolfSSL 13:f67a6c6013ca 4458 break;
wolfSSL 13:f67a6c6013ca 4459 #endif /* ! NO_RSA */
wolfSSL 13:f67a6c6013ca 4460 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4461 case DYNAMIC_TYPE_ECC:
wolfSSL 13:f67a6c6013ca 4462 sz = sizeof(ecc_key);
wolfSSL 13:f67a6c6013ca 4463 break;
wolfSSL 13:f67a6c6013ca 4464 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4465 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4466 case DYNAMIC_TYPE_ED25519:
wolfSSL 13:f67a6c6013ca 4467 sz = sizeof(ed25519_key);
wolfSSL 13:f67a6c6013ca 4468 break;
wolfSSL 13:f67a6c6013ca 4469 #endif /* HAVE_ED25519 */
wolfSSL 13:f67a6c6013ca 4470 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4471 case DYNAMIC_TYPE_CURVE25519:
wolfSSL 13:f67a6c6013ca 4472 sz = sizeof(curve25519_key);
wolfSSL 13:f67a6c6013ca 4473 break;
wolfSSL 13:f67a6c6013ca 4474 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4475 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4476 case DYNAMIC_TYPE_DH:
wolfSSL 13:f67a6c6013ca 4477 sz = sizeof(DhKey);
wolfSSL 13:f67a6c6013ca 4478 break;
wolfSSL 13:f67a6c6013ca 4479 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4480 default:
wolfSSL 13:f67a6c6013ca 4481 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4482 }
wolfSSL 13:f67a6c6013ca 4483
wolfSSL 13:f67a6c6013ca 4484 if (sz == 0) {
wolfSSL 13:f67a6c6013ca 4485 return NOT_COMPILED_IN;
wolfSSL 13:f67a6c6013ca 4486 }
wolfSSL 13:f67a6c6013ca 4487
wolfSSL 13:f67a6c6013ca 4488 /* Allocate memeory for key */
wolfSSL 13:f67a6c6013ca 4489 *pKey = XMALLOC(sz, ssl->heap, type);
wolfSSL 13:f67a6c6013ca 4490 if (*pKey == NULL) {
wolfSSL 13:f67a6c6013ca 4491 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 4492 }
wolfSSL 13:f67a6c6013ca 4493
wolfSSL 13:f67a6c6013ca 4494 /* Initialize key */
wolfSSL 13:f67a6c6013ca 4495 switch (type) {
wolfSSL 13:f67a6c6013ca 4496 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4497 case DYNAMIC_TYPE_RSA:
wolfSSL 13:f67a6c6013ca 4498 ret = wc_InitRsaKey_ex((RsaKey*)*pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4499 break;
wolfSSL 13:f67a6c6013ca 4500 #endif /* ! NO_RSA */
wolfSSL 13:f67a6c6013ca 4501 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4502 case DYNAMIC_TYPE_ECC:
wolfSSL 13:f67a6c6013ca 4503 ret = wc_ecc_init_ex((ecc_key*)*pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4504 break;
wolfSSL 13:f67a6c6013ca 4505 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4506 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4507 case DYNAMIC_TYPE_ED25519:
wolfSSL 13:f67a6c6013ca 4508 wc_ed25519_init((ed25519_key*)*pKey);
wolfSSL 13:f67a6c6013ca 4509 ret = 0;
wolfSSL 13:f67a6c6013ca 4510 break;
wolfSSL 13:f67a6c6013ca 4511 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4512 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4513 case DYNAMIC_TYPE_CURVE25519:
wolfSSL 13:f67a6c6013ca 4514 wc_curve25519_init((curve25519_key*)*pKey);
wolfSSL 13:f67a6c6013ca 4515 ret = 0;
wolfSSL 13:f67a6c6013ca 4516 break;
wolfSSL 13:f67a6c6013ca 4517 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4518 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4519 case DYNAMIC_TYPE_DH:
wolfSSL 13:f67a6c6013ca 4520 ret = wc_InitDhKey_ex((DhKey*)*pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4521 break;
wolfSSL 13:f67a6c6013ca 4522 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4523 default:
wolfSSL 13:f67a6c6013ca 4524 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4525 }
wolfSSL 13:f67a6c6013ca 4526
wolfSSL 13:f67a6c6013ca 4527 /* On error free handshake key */
wolfSSL 13:f67a6c6013ca 4528 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 4529 FreeKey(ssl, type, pKey);
wolfSSL 13:f67a6c6013ca 4530 }
wolfSSL 13:f67a6c6013ca 4531
wolfSSL 13:f67a6c6013ca 4532 return ret;
wolfSSL 13:f67a6c6013ca 4533 }
wolfSSL 13:f67a6c6013ca 4534
wolfSSL 13:f67a6c6013ca 4535 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 4536 static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
wolfSSL 13:f67a6c6013ca 4537 {
wolfSSL 13:f67a6c6013ca 4538 int ret = 0;
wolfSSL 13:f67a6c6013ca 4539
wolfSSL 13:f67a6c6013ca 4540 switch (type) {
wolfSSL 13:f67a6c6013ca 4541 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4542 case DYNAMIC_TYPE_RSA:
wolfSSL 13:f67a6c6013ca 4543 wc_FreeRsaKey((RsaKey*)pKey);
wolfSSL 13:f67a6c6013ca 4544 ret = wc_InitRsaKey_ex((RsaKey*)pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4545 break;
wolfSSL 13:f67a6c6013ca 4546 #endif /* ! NO_RSA */
wolfSSL 13:f67a6c6013ca 4547 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4548 case DYNAMIC_TYPE_ECC:
wolfSSL 13:f67a6c6013ca 4549 wc_ecc_free((ecc_key*)pKey);
wolfSSL 13:f67a6c6013ca 4550 ret = wc_ecc_init_ex((ecc_key*)pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4551 break;
wolfSSL 13:f67a6c6013ca 4552 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4553 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4554 case DYNAMIC_TYPE_ED25519:
wolfSSL 13:f67a6c6013ca 4555 wc_ed25519_free((ed25519_key*)pKey);
wolfSSL 13:f67a6c6013ca 4556 wc_ed25519_init((ed25519_key*)pKey);
wolfSSL 13:f67a6c6013ca 4557 break;
wolfSSL 13:f67a6c6013ca 4558 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4559 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4560 case DYNAMIC_TYPE_CURVE25519:
wolfSSL 13:f67a6c6013ca 4561 wc_curve25519_free((curve25519_key*)pKey);
wolfSSL 13:f67a6c6013ca 4562 wc_curve25519_init((curve25519_key*)pKey);
wolfSSL 13:f67a6c6013ca 4563 break;
wolfSSL 13:f67a6c6013ca 4564 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4565 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4566 case DYNAMIC_TYPE_DH:
wolfSSL 13:f67a6c6013ca 4567 wc_FreeDhKey((DhKey*)pKey);
wolfSSL 13:f67a6c6013ca 4568 ret = wc_InitDhKey_ex((DhKey*)pKey, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 4569 break;
wolfSSL 13:f67a6c6013ca 4570 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4571 default:
wolfSSL 13:f67a6c6013ca 4572 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 4573 }
wolfSSL 13:f67a6c6013ca 4574
wolfSSL 13:f67a6c6013ca 4575 return ret;
wolfSSL 13:f67a6c6013ca 4576 }
wolfSSL 13:f67a6c6013ca 4577 #endif
wolfSSL 13:f67a6c6013ca 4578
wolfSSL 13:f67a6c6013ca 4579 void FreeKeyExchange(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 4580 {
wolfSSL 13:f67a6c6013ca 4581 /* Cleanup signature buffer */
wolfSSL 13:f67a6c6013ca 4582 if (ssl->buffers.sig.buffer) {
wolfSSL 13:f67a6c6013ca 4583 XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 4584 ssl->buffers.sig.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4585 ssl->buffers.sig.length = 0;
wolfSSL 13:f67a6c6013ca 4586 }
wolfSSL 13:f67a6c6013ca 4587
wolfSSL 13:f67a6c6013ca 4588 /* Cleanup digest buffer */
wolfSSL 13:f67a6c6013ca 4589 if (ssl->buffers.digest.buffer) {
wolfSSL 13:f67a6c6013ca 4590 XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 13:f67a6c6013ca 4591 ssl->buffers.digest.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4592 ssl->buffers.digest.length = 0;
wolfSSL 13:f67a6c6013ca 4593 }
wolfSSL 13:f67a6c6013ca 4594
wolfSSL 13:f67a6c6013ca 4595 /* Free handshake key */
wolfSSL 13:f67a6c6013ca 4596 FreeKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 4597
wolfSSL 13:f67a6c6013ca 4598 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4599 /* Free temp DH key */
wolfSSL 13:f67a6c6013ca 4600 FreeKey(ssl, DYNAMIC_TYPE_DH, (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 4601 #endif
wolfSSL 13:f67a6c6013ca 4602
wolfSSL 13:f67a6c6013ca 4603 /* Cleanup async */
wolfSSL 13:f67a6c6013ca 4604 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 4605 if (ssl->async.freeArgs) {
wolfSSL 13:f67a6c6013ca 4606 ssl->async.freeArgs(ssl, ssl->async.args);
wolfSSL 13:f67a6c6013ca 4607 ssl->async.freeArgs = NULL;
wolfSSL 13:f67a6c6013ca 4608 }
wolfSSL 13:f67a6c6013ca 4609 #endif
wolfSSL 13:f67a6c6013ca 4610 }
wolfSSL 13:f67a6c6013ca 4611
wolfSSL 13:f67a6c6013ca 4612 /* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL 13:f67a6c6013ca 4613 void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 4614 {
wolfSSL 13:f67a6c6013ca 4615 /* Note: any resources used during the handshake should be released in the
wolfSSL 13:f67a6c6013ca 4616 * function FreeHandshakeResources(). Be careful with the special cases
wolfSSL 13:f67a6c6013ca 4617 * like the RNG which may optionally be kept for the whole session. (For
wolfSSL 13:f67a6c6013ca 4618 * example with the RNG, it isn't used beyond the handshake except when
wolfSSL 13:f67a6c6013ca 4619 * using stream ciphers where it is retained. */
wolfSSL 13:f67a6c6013ca 4620
wolfSSL 13:f67a6c6013ca 4621 FreeCiphers(ssl);
wolfSSL 13:f67a6c6013ca 4622 FreeArrays(ssl, 0);
wolfSSL 13:f67a6c6013ca 4623 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 4624 if (ssl->options.weOwnRng) {
wolfSSL 13:f67a6c6013ca 4625 wc_FreeRng(ssl->rng);
wolfSSL 13:f67a6c6013ca 4626 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 4627 }
wolfSSL 13:f67a6c6013ca 4628 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 13:f67a6c6013ca 4629 FreeHandshakeHashes(ssl);
wolfSSL 13:f67a6c6013ca 4630 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 13:f67a6c6013ca 4631
wolfSSL 13:f67a6c6013ca 4632 /* clear keys struct after session */
wolfSSL 13:f67a6c6013ca 4633 ForceZero(&ssl->keys, sizeof(Keys));
wolfSSL 13:f67a6c6013ca 4634
wolfSSL 13:f67a6c6013ca 4635 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4636 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 13:f67a6c6013ca 4637 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 13:f67a6c6013ca 4638 ssl->buffers.serverDH_Priv.length);
wolfSSL 13:f67a6c6013ca 4639 }
wolfSSL 13:f67a6c6013ca 4640 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 13:f67a6c6013ca 4641 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4642 /* parameters (p,g) may be owned by ctx */
wolfSSL 13:f67a6c6013ca 4643 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 4644 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4645 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4646 }
wolfSSL 13:f67a6c6013ca 4647 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4648 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 4649 ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL 13:f67a6c6013ca 4650 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 13:f67a6c6013ca 4651 #endif
wolfSSL 13:f67a6c6013ca 4652 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4653 FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL 13:f67a6c6013ca 4654 ssl->peerRsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4655 #endif
wolfSSL 13:f67a6c6013ca 4656 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 4657 ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL 13:f67a6c6013ca 4658 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 4659 ShrinkOutputBuffer(ssl);
wolfSSL 13:f67a6c6013ca 4660 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 13:f67a6c6013ca 4661 XFREE(ssl->buffers.tls13CookieSecret.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 4662 DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 13:f67a6c6013ca 4663 #endif
wolfSSL 13:f67a6c6013ca 4664 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 4665 DtlsMsgPoolReset(ssl);
wolfSSL 13:f67a6c6013ca 4666 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 13:f67a6c6013ca 4667 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 13:f67a6c6013ca 4668 ssl->dtls_rx_msg_list = NULL;
wolfSSL 13:f67a6c6013ca 4669 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 13:f67a6c6013ca 4670 }
wolfSSL 13:f67a6c6013ca 4671 XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 13:f67a6c6013ca 4672 ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL 13:f67a6c6013ca 4673 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 4674 XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 4675 DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 13:f67a6c6013ca 4676 #endif
wolfSSL 13:f67a6c6013ca 4677 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 4678 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 13:f67a6c6013ca 4679 if (ssl->biord != ssl->biowr) /* only free write if different */
wolfSSL 13:f67a6c6013ca 4680 wolfSSL_BIO_free(ssl->biowr);
wolfSSL 13:f67a6c6013ca 4681 wolfSSL_BIO_free(ssl->biord); /* always free read bio */
wolfSSL 13:f67a6c6013ca 4682 #endif
wolfSSL 13:f67a6c6013ca 4683 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 4684 FreeStreams(ssl);
wolfSSL 13:f67a6c6013ca 4685 #endif
wolfSSL 13:f67a6c6013ca 4686 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4687 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 4688 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4689 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL 13:f67a6c6013ca 4690 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4691 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4692 if (!ssl->peerX25519KeyPresent)
wolfSSL 13:f67a6c6013ca 4693 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4694 {
wolfSSL 13:f67a6c6013ca 4695 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 4696 ssl->eccTempKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4697 }
wolfSSL 13:f67a6c6013ca 4698 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4699 else {
wolfSSL 13:f67a6c6013ca 4700 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 4701 ssl->eccTempKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4702 }
wolfSSL 13:f67a6c6013ca 4703 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 4704 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4705 #endif
wolfSSL 13:f67a6c6013ca 4706 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4707 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4708 FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
wolfSSL 13:f67a6c6013ca 4709 ssl->peerEd25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4710 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 4711 if (ssl->buffers.peerEd25519Key.buffer != NULL) {
wolfSSL 13:f67a6c6013ca 4712 XFREE(ssl->buffers.peerEd25519Key.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 4713 DYNAMIC_TYPE_ED25519);
wolfSSL 13:f67a6c6013ca 4714 ssl->buffers.peerEd25519Key.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4715 }
wolfSSL 13:f67a6c6013ca 4716 #endif
wolfSSL 13:f67a6c6013ca 4717 #endif
wolfSSL 13:f67a6c6013ca 4718 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 4719 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4720 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 13:f67a6c6013ca 4721 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4722 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4723 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 13:f67a6c6013ca 4724 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 4725 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 4726 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 4727 TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL 13:f67a6c6013ca 4728
wolfSSL 13:f67a6c6013ca 4729 #ifdef HAVE_ALPN
wolfSSL 13:f67a6c6013ca 4730 if (ssl->alpn_client_list != NULL) {
wolfSSL 13:f67a6c6013ca 4731 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
wolfSSL 13:f67a6c6013ca 4732 ssl->alpn_client_list = NULL;
wolfSSL 13:f67a6c6013ca 4733 }
wolfSSL 13:f67a6c6013ca 4734 #endif
wolfSSL 13:f67a6c6013ca 4735 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 13:f67a6c6013ca 4736 #ifdef HAVE_NETX
wolfSSL 13:f67a6c6013ca 4737 if (ssl->nxCtx.nxPacket)
wolfSSL 13:f67a6c6013ca 4738 nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL 13:f67a6c6013ca 4739 #endif
wolfSSL 13:f67a6c6013ca 4740 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 13:f67a6c6013ca 4741 FreeX509(&ssl->peerCert);
wolfSSL 13:f67a6c6013ca 4742 #endif
wolfSSL 13:f67a6c6013ca 4743
wolfSSL 13:f67a6c6013ca 4744 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 4745 if (ssl->session.isDynamic) {
wolfSSL 13:f67a6c6013ca 4746 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 13:f67a6c6013ca 4747 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 13:f67a6c6013ca 4748 ssl->session.isDynamic = 0;
wolfSSL 13:f67a6c6013ca 4749 ssl->session.ticketLen = 0;
wolfSSL 13:f67a6c6013ca 4750 }
wolfSSL 13:f67a6c6013ca 4751 #endif
wolfSSL 13:f67a6c6013ca 4752 #ifdef HAVE_EXT_CACHE
wolfSSL 13:f67a6c6013ca 4753 wolfSSL_SESSION_free(ssl->extSession);
wolfSSL 13:f67a6c6013ca 4754 #endif
wolfSSL 13:f67a6c6013ca 4755 #ifdef HAVE_WRITE_DUP
wolfSSL 13:f67a6c6013ca 4756 if (ssl->dupWrite) {
wolfSSL 13:f67a6c6013ca 4757 FreeWriteDup(ssl);
wolfSSL 13:f67a6c6013ca 4758 }
wolfSSL 13:f67a6c6013ca 4759 #endif
wolfSSL 13:f67a6c6013ca 4760
wolfSSL 13:f67a6c6013ca 4761 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL 13:f67a6c6013ca 4762 while (ssl->certReqCtx != NULL) {
wolfSSL 13:f67a6c6013ca 4763 CertReqCtx* curr = ssl->certReqCtx;
wolfSSL 13:f67a6c6013ca 4764 ssl->certReqCtx = curr->next;
wolfSSL 13:f67a6c6013ca 4765 XFREE(curr, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 4766 }
wolfSSL 13:f67a6c6013ca 4767 #endif
wolfSSL 13:f67a6c6013ca 4768
wolfSSL 13:f67a6c6013ca 4769 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 13:f67a6c6013ca 4770 /* check if using fixed io buffers and free them */
wolfSSL 13:f67a6c6013ca 4771 if (ssl->heap != NULL) {
wolfSSL 13:f67a6c6013ca 4772 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4773 /* avoid dereferencing a test value */
wolfSSL 13:f67a6c6013ca 4774 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 13:f67a6c6013ca 4775 #endif
wolfSSL 13:f67a6c6013ca 4776 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 13:f67a6c6013ca 4777 WOLFSSL_HEAP* ctx_heap;
wolfSSL 13:f67a6c6013ca 4778
wolfSSL 13:f67a6c6013ca 4779 ctx_heap = ssl_hint->memory;
wolfSSL 13:f67a6c6013ca 4780 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 13:f67a6c6013ca 4781 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 13:f67a6c6013ca 4782 }
wolfSSL 13:f67a6c6013ca 4783 ctx_heap->curIO--;
wolfSSL 13:f67a6c6013ca 4784 if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
wolfSSL 13:f67a6c6013ca 4785 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 13:f67a6c6013ca 4786 }
wolfSSL 13:f67a6c6013ca 4787 if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
wolfSSL 13:f67a6c6013ca 4788 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 13:f67a6c6013ca 4789 }
wolfSSL 13:f67a6c6013ca 4790 if (ssl_hint->haFlag) { /* check if handshake count has been decreased*/
wolfSSL 13:f67a6c6013ca 4791 ctx_heap->curHa--;
wolfSSL 13:f67a6c6013ca 4792 }
wolfSSL 13:f67a6c6013ca 4793 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 13:f67a6c6013ca 4794
wolfSSL 13:f67a6c6013ca 4795 /* check if tracking stats */
wolfSSL 13:f67a6c6013ca 4796 if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 13:f67a6c6013ca 4797 XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4798 }
wolfSSL 13:f67a6c6013ca 4799 XFREE(ssl->heap, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4800 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4801 }
wolfSSL 13:f67a6c6013ca 4802 #endif
wolfSSL 13:f67a6c6013ca 4803 }
wolfSSL 13:f67a6c6013ca 4804 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 13:f67a6c6013ca 4805 }
wolfSSL 13:f67a6c6013ca 4806
wolfSSL 13:f67a6c6013ca 4807 /* Free any handshake resources no longer needed */
wolfSSL 13:f67a6c6013ca 4808 void FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 4809 {
wolfSSL 13:f67a6c6013ca 4810
wolfSSL 13:f67a6c6013ca 4811 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 4812 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 13:f67a6c6013ca 4813 WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
wolfSSL 13:f67a6c6013ca 4814 return;
wolfSSL 13:f67a6c6013ca 4815 }
wolfSSL 13:f67a6c6013ca 4816 #endif
wolfSSL 13:f67a6c6013ca 4817
wolfSSL 13:f67a6c6013ca 4818 /* input buffer */
wolfSSL 13:f67a6c6013ca 4819 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 4820 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 13:f67a6c6013ca 4821
wolfSSL 13:f67a6c6013ca 4822 /* suites */
wolfSSL 13:f67a6c6013ca 4823 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 13:f67a6c6013ca 4824 ssl->suites = NULL;
wolfSSL 13:f67a6c6013ca 4825
wolfSSL 13:f67a6c6013ca 4826 /* hsHashes */
wolfSSL 13:f67a6c6013ca 4827 FreeHandshakeHashes(ssl);
wolfSSL 13:f67a6c6013ca 4828
wolfSSL 13:f67a6c6013ca 4829 /* RNG */
wolfSSL 13:f67a6c6013ca 4830 if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
wolfSSL 13:f67a6c6013ca 4831 if (ssl->options.weOwnRng) {
wolfSSL 13:f67a6c6013ca 4832 wc_FreeRng(ssl->rng);
wolfSSL 13:f67a6c6013ca 4833 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 13:f67a6c6013ca 4834 ssl->rng = NULL;
wolfSSL 13:f67a6c6013ca 4835 ssl->options.weOwnRng = 0;
wolfSSL 13:f67a6c6013ca 4836 }
wolfSSL 13:f67a6c6013ca 4837 }
wolfSSL 13:f67a6c6013ca 4838
wolfSSL 13:f67a6c6013ca 4839 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 4840 /* DTLS_POOL */
wolfSSL 13:f67a6c6013ca 4841 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 4842 DtlsMsgPoolReset(ssl);
wolfSSL 13:f67a6c6013ca 4843 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 13:f67a6c6013ca 4844 ssl->dtls_rx_msg_list = NULL;
wolfSSL 13:f67a6c6013ca 4845 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 13:f67a6c6013ca 4846 }
wolfSSL 13:f67a6c6013ca 4847 #endif
wolfSSL 13:f67a6c6013ca 4848
wolfSSL 13:f67a6c6013ca 4849 /* arrays */
wolfSSL 13:f67a6c6013ca 4850 if (ssl->options.saveArrays == 0)
wolfSSL 13:f67a6c6013ca 4851 FreeArrays(ssl, 1);
wolfSSL 13:f67a6c6013ca 4852
wolfSSL 13:f67a6c6013ca 4853 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4854 /* peerRsaKey */
wolfSSL 13:f67a6c6013ca 4855 FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL 13:f67a6c6013ca 4856 ssl->peerRsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4857 #endif
wolfSSL 13:f67a6c6013ca 4858
wolfSSL 13:f67a6c6013ca 4859 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4860 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 4861 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4862 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL 13:f67a6c6013ca 4863 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4864 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4865 if (ssl->ecdhCurveOID != ECC_X25519_OID)
wolfSSL 13:f67a6c6013ca 4866 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4867 {
wolfSSL 13:f67a6c6013ca 4868 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 4869 ssl->eccTempKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4870 }
wolfSSL 13:f67a6c6013ca 4871 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 4872 else {
wolfSSL 13:f67a6c6013ca 4873 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 4874 ssl->eccTempKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4875 }
wolfSSL 13:f67a6c6013ca 4876 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 4877 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 4878 #endif /* HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 4879 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4880 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 4881 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 13:f67a6c6013ca 4882 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 13:f67a6c6013ca 4883 ssl->buffers.serverDH_Priv.length);
wolfSSL 13:f67a6c6013ca 4884 }
wolfSSL 13:f67a6c6013ca 4885 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 13:f67a6c6013ca 4886 ssl->buffers.serverDH_Priv.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4887 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4888 ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4889 /* parameters (p,g) may be owned by ctx */
wolfSSL 13:f67a6c6013ca 4890 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 4891 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4892 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4893 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 4894 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4895 }
wolfSSL 13:f67a6c6013ca 4896 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 4897 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 4898 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 13:f67a6c6013ca 4899 #endif
wolfSSL 13:f67a6c6013ca 4900 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 4901 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 4902 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 13:f67a6c6013ca 4903 ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4904 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 4905 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 4906 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 13:f67a6c6013ca 4907 ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4908 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 4909 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 4910 XFREE(ssl->buffers.peerEd25519Key.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 4911 DYNAMIC_TYPE_ED25519);
wolfSSL 13:f67a6c6013ca 4912 ssl->buffers.peerEd25519Key.buffer = NULL;
wolfSSL 13:f67a6c6013ca 4913 #endif
wolfSSL 13:f67a6c6013ca 4914 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 4915
wolfSSL 13:f67a6c6013ca 4916 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 4917 QSH_FreeAll(ssl);
wolfSSL 13:f67a6c6013ca 4918 #endif
wolfSSL 13:f67a6c6013ca 4919
wolfSSL 13:f67a6c6013ca 4920 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 4921 if (ssl->session.isDynamic) {
wolfSSL 13:f67a6c6013ca 4922 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 13:f67a6c6013ca 4923 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 13:f67a6c6013ca 4924 ssl->session.isDynamic = 0;
wolfSSL 13:f67a6c6013ca 4925 ssl->session.ticketLen = 0;
wolfSSL 13:f67a6c6013ca 4926 }
wolfSSL 13:f67a6c6013ca 4927 #endif
wolfSSL 13:f67a6c6013ca 4928
wolfSSL 13:f67a6c6013ca 4929 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 13:f67a6c6013ca 4930 /* when done with handshake decrement current handshake count */
wolfSSL 13:f67a6c6013ca 4931 if (ssl->heap != NULL) {
wolfSSL 13:f67a6c6013ca 4932 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4933 /* avoid dereferencing a test value */
wolfSSL 13:f67a6c6013ca 4934 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 13:f67a6c6013ca 4935 #endif
wolfSSL 13:f67a6c6013ca 4936 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 13:f67a6c6013ca 4937 WOLFSSL_HEAP* ctx_heap;
wolfSSL 13:f67a6c6013ca 4938
wolfSSL 13:f67a6c6013ca 4939 ctx_heap = ssl_hint->memory;
wolfSSL 13:f67a6c6013ca 4940 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 13:f67a6c6013ca 4941 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 13:f67a6c6013ca 4942 }
wolfSSL 13:f67a6c6013ca 4943 ctx_heap->curHa--;
wolfSSL 13:f67a6c6013ca 4944 ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */
wolfSSL 13:f67a6c6013ca 4945 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 13:f67a6c6013ca 4946 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 13:f67a6c6013ca 4947 }
wolfSSL 13:f67a6c6013ca 4948 #endif
wolfSSL 13:f67a6c6013ca 4949 }
wolfSSL 13:f67a6c6013ca 4950 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 13:f67a6c6013ca 4951 }
wolfSSL 13:f67a6c6013ca 4952
wolfSSL 13:f67a6c6013ca 4953
wolfSSL 13:f67a6c6013ca 4954 /* heap argument is the heap hint used when creating SSL */
wolfSSL 13:f67a6c6013ca 4955 void FreeSSL(WOLFSSL* ssl, void* heap)
wolfSSL 13:f67a6c6013ca 4956 {
wolfSSL 13:f67a6c6013ca 4957 if (ssl->ctx) {
wolfSSL 13:f67a6c6013ca 4958 FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
wolfSSL 13:f67a6c6013ca 4959 }
wolfSSL 13:f67a6c6013ca 4960 SSL_ResourceFree(ssl);
wolfSSL 13:f67a6c6013ca 4961 XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
wolfSSL 13:f67a6c6013ca 4962 (void)heap;
wolfSSL 13:f67a6c6013ca 4963 }
wolfSSL 13:f67a6c6013ca 4964
wolfSSL 13:f67a6c6013ca 4965
wolfSSL 13:f67a6c6013ca 4966 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 13:f67a6c6013ca 4967 || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS)
wolfSSL 13:f67a6c6013ca 4968 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 13:f67a6c6013ca 4969 {
wolfSSL 13:f67a6c6013ca 4970 if (verify) {
wolfSSL 13:f67a6c6013ca 4971 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 13:f67a6c6013ca 4972 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 13:f67a6c6013ca 4973 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 13:f67a6c6013ca 4974 /* handle rollover */
wolfSSL 13:f67a6c6013ca 4975 ssl->keys.peer_sequence_number_hi++;
wolfSSL 13:f67a6c6013ca 4976 }
wolfSSL 13:f67a6c6013ca 4977 }
wolfSSL 13:f67a6c6013ca 4978 else {
wolfSSL 13:f67a6c6013ca 4979 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 13:f67a6c6013ca 4980 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 13:f67a6c6013ca 4981 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 13:f67a6c6013ca 4982 /* handle rollover */
wolfSSL 13:f67a6c6013ca 4983 ssl->keys.sequence_number_hi++;
wolfSSL 13:f67a6c6013ca 4984 }
wolfSSL 13:f67a6c6013ca 4985 }
wolfSSL 13:f67a6c6013ca 4986 }
wolfSSL 13:f67a6c6013ca 4987
wolfSSL 13:f67a6c6013ca 4988
wolfSSL 13:f67a6c6013ca 4989 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 4990 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 13:f67a6c6013ca 4991 {
wolfSSL 13:f67a6c6013ca 4992 if (order == PREV_ORDER) {
wolfSSL 13:f67a6c6013ca 4993 /* Previous epoch case */
wolfSSL 13:f67a6c6013ca 4994 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 4995 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 4996 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 13:f67a6c6013ca 4997 (ssl->options.mcastID << 8) |
wolfSSL 13:f67a6c6013ca 4998 (ssl->keys.dtls_prev_sequence_number_hi & 0xFF);
wolfSSL 13:f67a6c6013ca 4999 #endif
wolfSSL 13:f67a6c6013ca 5000 }
wolfSSL 13:f67a6c6013ca 5001 else
wolfSSL 13:f67a6c6013ca 5002 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 13:f67a6c6013ca 5003 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 13:f67a6c6013ca 5004 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 13:f67a6c6013ca 5005 }
wolfSSL 13:f67a6c6013ca 5006 else if (order == PEER_ORDER) {
wolfSSL 13:f67a6c6013ca 5007 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 5008 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 5009 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 13:f67a6c6013ca 5010 (ssl->keys.curPeerId << 8) |
wolfSSL 13:f67a6c6013ca 5011 (ssl->keys.curSeq_hi & 0xFF);
wolfSSL 13:f67a6c6013ca 5012 #endif
wolfSSL 13:f67a6c6013ca 5013 }
wolfSSL 13:f67a6c6013ca 5014 else
wolfSSL 13:f67a6c6013ca 5015 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 13:f67a6c6013ca 5016 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 13:f67a6c6013ca 5017 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 13:f67a6c6013ca 5018 }
wolfSSL 13:f67a6c6013ca 5019 else {
wolfSSL 13:f67a6c6013ca 5020 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 5021 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 5022 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 13:f67a6c6013ca 5023 (ssl->options.mcastID << 8) |
wolfSSL 13:f67a6c6013ca 5024 (ssl->keys.dtls_sequence_number_hi & 0xFF);
wolfSSL 13:f67a6c6013ca 5025 #endif
wolfSSL 13:f67a6c6013ca 5026 }
wolfSSL 13:f67a6c6013ca 5027 else
wolfSSL 13:f67a6c6013ca 5028 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 13:f67a6c6013ca 5029 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 13:f67a6c6013ca 5030 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 13:f67a6c6013ca 5031 }
wolfSSL 13:f67a6c6013ca 5032 }
wolfSSL 13:f67a6c6013ca 5033
wolfSSL 13:f67a6c6013ca 5034 static INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order)
wolfSSL 13:f67a6c6013ca 5035 {
wolfSSL 13:f67a6c6013ca 5036 word32 seq;
wolfSSL 13:f67a6c6013ca 5037
wolfSSL 13:f67a6c6013ca 5038 if (order == PREV_ORDER) {
wolfSSL 13:f67a6c6013ca 5039 seq = ssl->keys.dtls_prev_sequence_number_lo++;
wolfSSL 13:f67a6c6013ca 5040 if (seq > ssl->keys.dtls_prev_sequence_number_lo) {
wolfSSL 13:f67a6c6013ca 5041 /* handle rollover */
wolfSSL 13:f67a6c6013ca 5042 ssl->keys.dtls_prev_sequence_number_hi++;
wolfSSL 13:f67a6c6013ca 5043 }
wolfSSL 13:f67a6c6013ca 5044 }
wolfSSL 13:f67a6c6013ca 5045 else if (order == PEER_ORDER) {
wolfSSL 13:f67a6c6013ca 5046 seq = ssl->keys.peer_sequence_number_lo++;
wolfSSL 13:f67a6c6013ca 5047 if (seq > ssl->keys.peer_sequence_number_lo) {
wolfSSL 13:f67a6c6013ca 5048 /* handle rollover */
wolfSSL 13:f67a6c6013ca 5049 ssl->keys.peer_sequence_number_hi++;
wolfSSL 13:f67a6c6013ca 5050 }
wolfSSL 13:f67a6c6013ca 5051 }
wolfSSL 13:f67a6c6013ca 5052 else {
wolfSSL 13:f67a6c6013ca 5053 seq = ssl->keys.dtls_sequence_number_lo++;
wolfSSL 13:f67a6c6013ca 5054 if (seq > ssl->keys.dtls_sequence_number_lo) {
wolfSSL 13:f67a6c6013ca 5055 /* handle rollover */
wolfSSL 13:f67a6c6013ca 5056 ssl->keys.dtls_sequence_number_hi++;
wolfSSL 13:f67a6c6013ca 5057 }
wolfSSL 13:f67a6c6013ca 5058 }
wolfSSL 13:f67a6c6013ca 5059 }
wolfSSL 13:f67a6c6013ca 5060 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 5061
wolfSSL 13:f67a6c6013ca 5062
wolfSSL 13:f67a6c6013ca 5063 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 13:f67a6c6013ca 5064 {
wolfSSL 13:f67a6c6013ca 5065 word32 seq[2] = {0, 0};
wolfSSL 13:f67a6c6013ca 5066
wolfSSL 13:f67a6c6013ca 5067 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5068 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 13:f67a6c6013ca 5069 }
wolfSSL 13:f67a6c6013ca 5070 else {
wolfSSL 13:f67a6c6013ca 5071 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5072 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 13:f67a6c6013ca 5073 #endif
wolfSSL 13:f67a6c6013ca 5074 }
wolfSSL 13:f67a6c6013ca 5075
wolfSSL 13:f67a6c6013ca 5076 c32toa(seq[0], out);
wolfSSL 13:f67a6c6013ca 5077 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 13:f67a6c6013ca 5078 }
wolfSSL 13:f67a6c6013ca 5079 #endif
wolfSSL 13:f67a6c6013ca 5080
wolfSSL 13:f67a6c6013ca 5081
wolfSSL 13:f67a6c6013ca 5082 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5083
wolfSSL 13:f67a6c6013ca 5084 /* functions for managing DTLS datagram reordering */
wolfSSL 13:f67a6c6013ca 5085
wolfSSL 13:f67a6c6013ca 5086 /* Need to allocate space for the handshake message header. The hashing
wolfSSL 13:f67a6c6013ca 5087 * routines assume the message pointer is still within the buffer that
wolfSSL 13:f67a6c6013ca 5088 * has the headers, and will include those headers in the hash. The store
wolfSSL 13:f67a6c6013ca 5089 * routines need to take that into account as well. New will allocate
wolfSSL 13:f67a6c6013ca 5090 * extra space for the headers. */
wolfSSL 13:f67a6c6013ca 5091 DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL 13:f67a6c6013ca 5092 {
wolfSSL 13:f67a6c6013ca 5093 DtlsMsg* msg = NULL;
wolfSSL 13:f67a6c6013ca 5094
wolfSSL 13:f67a6c6013ca 5095 (void)heap;
wolfSSL 13:f67a6c6013ca 5096 msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 13:f67a6c6013ca 5097
wolfSSL 13:f67a6c6013ca 5098 if (msg != NULL) {
wolfSSL 13:f67a6c6013ca 5099 XMEMSET(msg, 0, sizeof(DtlsMsg));
wolfSSL 13:f67a6c6013ca 5100 msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 5101 heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 13:f67a6c6013ca 5102 if (msg->buf != NULL) {
wolfSSL 13:f67a6c6013ca 5103 msg->sz = sz;
wolfSSL 13:f67a6c6013ca 5104 msg->type = no_shake;
wolfSSL 13:f67a6c6013ca 5105 msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5106 }
wolfSSL 13:f67a6c6013ca 5107 else {
wolfSSL 13:f67a6c6013ca 5108 XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 13:f67a6c6013ca 5109 msg = NULL;
wolfSSL 13:f67a6c6013ca 5110 }
wolfSSL 13:f67a6c6013ca 5111 }
wolfSSL 13:f67a6c6013ca 5112
wolfSSL 13:f67a6c6013ca 5113 return msg;
wolfSSL 13:f67a6c6013ca 5114 }
wolfSSL 13:f67a6c6013ca 5115
wolfSSL 13:f67a6c6013ca 5116 void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL 13:f67a6c6013ca 5117 {
wolfSSL 13:f67a6c6013ca 5118 (void)heap;
wolfSSL 13:f67a6c6013ca 5119
wolfSSL 13:f67a6c6013ca 5120 if (item != NULL) {
wolfSSL 13:f67a6c6013ca 5121 DtlsFrag* cur = item->fragList;
wolfSSL 13:f67a6c6013ca 5122 while (cur != NULL) {
wolfSSL 13:f67a6c6013ca 5123 DtlsFrag* next = cur->next;
wolfSSL 13:f67a6c6013ca 5124 XFREE(cur, heap, DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 13:f67a6c6013ca 5125 cur = next;
wolfSSL 13:f67a6c6013ca 5126 }
wolfSSL 13:f67a6c6013ca 5127 if (item->buf != NULL)
wolfSSL 13:f67a6c6013ca 5128 XFREE(item->buf, heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 13:f67a6c6013ca 5129 XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 13:f67a6c6013ca 5130 }
wolfSSL 13:f67a6c6013ca 5131 }
wolfSSL 13:f67a6c6013ca 5132
wolfSSL 13:f67a6c6013ca 5133
wolfSSL 13:f67a6c6013ca 5134 void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL 13:f67a6c6013ca 5135 {
wolfSSL 13:f67a6c6013ca 5136 DtlsMsg* next;
wolfSSL 13:f67a6c6013ca 5137 while (head) {
wolfSSL 13:f67a6c6013ca 5138 next = head->next;
wolfSSL 13:f67a6c6013ca 5139 DtlsMsgDelete(head, heap);
wolfSSL 13:f67a6c6013ca 5140 head = next;
wolfSSL 13:f67a6c6013ca 5141 }
wolfSSL 13:f67a6c6013ca 5142 }
wolfSSL 13:f67a6c6013ca 5143
wolfSSL 13:f67a6c6013ca 5144
wolfSSL 13:f67a6c6013ca 5145 /* Create a DTLS Fragment from *begin - end, adjust new *begin and bytesLeft */
wolfSSL 13:f67a6c6013ca 5146 static DtlsFrag* CreateFragment(word32* begin, word32 end, const byte* data,
wolfSSL 13:f67a6c6013ca 5147 byte* buf, word32* bytesLeft, void* heap)
wolfSSL 13:f67a6c6013ca 5148 {
wolfSSL 13:f67a6c6013ca 5149 DtlsFrag* newFrag;
wolfSSL 13:f67a6c6013ca 5150 word32 added = end - *begin + 1;
wolfSSL 13:f67a6c6013ca 5151
wolfSSL 13:f67a6c6013ca 5152 (void)heap;
wolfSSL 13:f67a6c6013ca 5153 newFrag = (DtlsFrag*)XMALLOC(sizeof(DtlsFrag), heap,
wolfSSL 13:f67a6c6013ca 5154 DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 13:f67a6c6013ca 5155 if (newFrag != NULL) {
wolfSSL 13:f67a6c6013ca 5156 newFrag->next = NULL;
wolfSSL 13:f67a6c6013ca 5157 newFrag->begin = *begin;
wolfSSL 13:f67a6c6013ca 5158 newFrag->end = end;
wolfSSL 13:f67a6c6013ca 5159
wolfSSL 13:f67a6c6013ca 5160 XMEMCPY(buf + *begin, data, added);
wolfSSL 13:f67a6c6013ca 5161 *bytesLeft -= added;
wolfSSL 13:f67a6c6013ca 5162 *begin = newFrag->end + 1;
wolfSSL 13:f67a6c6013ca 5163 }
wolfSSL 13:f67a6c6013ca 5164
wolfSSL 13:f67a6c6013ca 5165 return newFrag;
wolfSSL 13:f67a6c6013ca 5166 }
wolfSSL 13:f67a6c6013ca 5167
wolfSSL 13:f67a6c6013ca 5168
wolfSSL 13:f67a6c6013ca 5169 int DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL 13:f67a6c6013ca 5170 word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 13:f67a6c6013ca 5171 {
wolfSSL 13:f67a6c6013ca 5172 if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
wolfSSL 13:f67a6c6013ca 5173 (fragOffset + fragSz) <= msg->sz) {
wolfSSL 13:f67a6c6013ca 5174 DtlsFrag* cur = msg->fragList;
wolfSSL 13:f67a6c6013ca 5175 DtlsFrag* prev = cur;
wolfSSL 13:f67a6c6013ca 5176 DtlsFrag* newFrag;
wolfSSL 13:f67a6c6013ca 5177 word32 bytesLeft = fragSz; /* could be overlapping fragment */
wolfSSL 13:f67a6c6013ca 5178 word32 startOffset = fragOffset;
wolfSSL 13:f67a6c6013ca 5179 word32 added;
wolfSSL 13:f67a6c6013ca 5180
wolfSSL 13:f67a6c6013ca 5181 msg->seq = seq;
wolfSSL 13:f67a6c6013ca 5182 msg->type = type;
wolfSSL 13:f67a6c6013ca 5183
wolfSSL 13:f67a6c6013ca 5184 if (fragOffset == 0) {
wolfSSL 13:f67a6c6013ca 5185 XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 5186 DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 5187 c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL 13:f67a6c6013ca 5188 }
wolfSSL 13:f67a6c6013ca 5189
wolfSSL 13:f67a6c6013ca 5190 /* if no mesage data, just return */
wolfSSL 13:f67a6c6013ca 5191 if (fragSz == 0)
wolfSSL 13:f67a6c6013ca 5192 return 0;
wolfSSL 13:f67a6c6013ca 5193
wolfSSL 13:f67a6c6013ca 5194 /* if list is empty add full fragment to front */
wolfSSL 13:f67a6c6013ca 5195 if (cur == NULL) {
wolfSSL 13:f67a6c6013ca 5196 newFrag = CreateFragment(&fragOffset, fragOffset + fragSz - 1, data,
wolfSSL 13:f67a6c6013ca 5197 msg->msg, &bytesLeft, heap);
wolfSSL 13:f67a6c6013ca 5198 if (newFrag == NULL)
wolfSSL 13:f67a6c6013ca 5199 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 5200
wolfSSL 13:f67a6c6013ca 5201 msg->fragSz = fragSz;
wolfSSL 13:f67a6c6013ca 5202 msg->fragList = newFrag;
wolfSSL 13:f67a6c6013ca 5203
wolfSSL 13:f67a6c6013ca 5204 return 0;
wolfSSL 13:f67a6c6013ca 5205 }
wolfSSL 13:f67a6c6013ca 5206
wolfSSL 13:f67a6c6013ca 5207 /* add to front if before current front, up to next->begin */
wolfSSL 13:f67a6c6013ca 5208 if (fragOffset < cur->begin) {
wolfSSL 13:f67a6c6013ca 5209 word32 end = fragOffset + fragSz - 1;
wolfSSL 13:f67a6c6013ca 5210
wolfSSL 13:f67a6c6013ca 5211 if (end >= cur->begin)
wolfSSL 13:f67a6c6013ca 5212 end = cur->begin - 1;
wolfSSL 13:f67a6c6013ca 5213
wolfSSL 13:f67a6c6013ca 5214 added = end - fragOffset + 1;
wolfSSL 13:f67a6c6013ca 5215 newFrag = CreateFragment(&fragOffset, end, data, msg->msg,
wolfSSL 13:f67a6c6013ca 5216 &bytesLeft, heap);
wolfSSL 13:f67a6c6013ca 5217 if (newFrag == NULL)
wolfSSL 13:f67a6c6013ca 5218 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 5219
wolfSSL 13:f67a6c6013ca 5220 msg->fragSz += added;
wolfSSL 13:f67a6c6013ca 5221
wolfSSL 13:f67a6c6013ca 5222 newFrag->next = cur;
wolfSSL 13:f67a6c6013ca 5223 msg->fragList = newFrag;
wolfSSL 13:f67a6c6013ca 5224 }
wolfSSL 13:f67a6c6013ca 5225
wolfSSL 13:f67a6c6013ca 5226 /* while we have bytes left, try to find a gap to fill */
wolfSSL 13:f67a6c6013ca 5227 while (bytesLeft > 0) {
wolfSSL 13:f67a6c6013ca 5228 /* get previous packet in list */
wolfSSL 13:f67a6c6013ca 5229 while (cur && (fragOffset >= cur->begin)) {
wolfSSL 13:f67a6c6013ca 5230 prev = cur;
wolfSSL 13:f67a6c6013ca 5231 cur = cur->next;
wolfSSL 13:f67a6c6013ca 5232 }
wolfSSL 13:f67a6c6013ca 5233
wolfSSL 13:f67a6c6013ca 5234 /* don't add duplicate data */
wolfSSL 13:f67a6c6013ca 5235 if (prev->end >= fragOffset) {
wolfSSL 13:f67a6c6013ca 5236 if ( (fragOffset + bytesLeft - 1) <= prev->end)
wolfSSL 13:f67a6c6013ca 5237 return 0;
wolfSSL 13:f67a6c6013ca 5238 fragOffset = prev->end + 1;
wolfSSL 13:f67a6c6013ca 5239 bytesLeft = startOffset + fragSz - fragOffset;
wolfSSL 13:f67a6c6013ca 5240 }
wolfSSL 13:f67a6c6013ca 5241
wolfSSL 13:f67a6c6013ca 5242 if (cur == NULL)
wolfSSL 13:f67a6c6013ca 5243 /* we're at the end */
wolfSSL 13:f67a6c6013ca 5244 added = bytesLeft;
wolfSSL 13:f67a6c6013ca 5245 else
wolfSSL 13:f67a6c6013ca 5246 /* we're in between two frames */
wolfSSL 13:f67a6c6013ca 5247 added = min(bytesLeft, cur->begin - fragOffset);
wolfSSL 13:f67a6c6013ca 5248
wolfSSL 13:f67a6c6013ca 5249 /* data already there */
wolfSSL 13:f67a6c6013ca 5250 if (added == 0)
wolfSSL 13:f67a6c6013ca 5251 continue;
wolfSSL 13:f67a6c6013ca 5252
wolfSSL 13:f67a6c6013ca 5253 newFrag = CreateFragment(&fragOffset, fragOffset + added - 1,
wolfSSL 13:f67a6c6013ca 5254 data + fragOffset - startOffset,
wolfSSL 13:f67a6c6013ca 5255 msg->msg, &bytesLeft, heap);
wolfSSL 13:f67a6c6013ca 5256 if (newFrag == NULL)
wolfSSL 13:f67a6c6013ca 5257 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 5258
wolfSSL 13:f67a6c6013ca 5259 msg->fragSz += added;
wolfSSL 13:f67a6c6013ca 5260
wolfSSL 13:f67a6c6013ca 5261 newFrag->next = prev->next;
wolfSSL 13:f67a6c6013ca 5262 prev->next = newFrag;
wolfSSL 13:f67a6c6013ca 5263 }
wolfSSL 13:f67a6c6013ca 5264 }
wolfSSL 13:f67a6c6013ca 5265
wolfSSL 13:f67a6c6013ca 5266 return 0;
wolfSSL 13:f67a6c6013ca 5267 }
wolfSSL 13:f67a6c6013ca 5268
wolfSSL 13:f67a6c6013ca 5269
wolfSSL 13:f67a6c6013ca 5270 DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL 13:f67a6c6013ca 5271 {
wolfSSL 13:f67a6c6013ca 5272 while (head != NULL && head->seq != seq) {
wolfSSL 13:f67a6c6013ca 5273 head = head->next;
wolfSSL 13:f67a6c6013ca 5274 }
wolfSSL 13:f67a6c6013ca 5275 return head;
wolfSSL 13:f67a6c6013ca 5276 }
wolfSSL 13:f67a6c6013ca 5277
wolfSSL 13:f67a6c6013ca 5278
wolfSSL 13:f67a6c6013ca 5279 void DtlsMsgStore(WOLFSSL* ssl, word32 seq, const byte* data,
wolfSSL 13:f67a6c6013ca 5280 word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 13:f67a6c6013ca 5281 {
wolfSSL 13:f67a6c6013ca 5282 /* See if seq exists in the list. If it isn't in the list, make
wolfSSL 13:f67a6c6013ca 5283 * a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL 13:f67a6c6013ca 5284 * starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL 13:f67a6c6013ca 5285 * the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL 13:f67a6c6013ca 5286 * data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL 13:f67a6c6013ca 5287 * msg->fragSz. Insertions take into account data already in the list
wolfSSL 13:f67a6c6013ca 5288 * in case there are overlaps in the handshake message due to retransmit
wolfSSL 13:f67a6c6013ca 5289 * messages. The new item should be inserted into the list in its
wolfSSL 13:f67a6c6013ca 5290 * proper position.
wolfSSL 13:f67a6c6013ca 5291 *
wolfSSL 13:f67a6c6013ca 5292 * 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL 13:f67a6c6013ca 5293 * list, create new item and insert into list. Either case, keep
wolfSSL 13:f67a6c6013ca 5294 * pointer to item.
wolfSSL 13:f67a6c6013ca 5295 * 2. Copy the data from the message to the stored message where it
wolfSSL 13:f67a6c6013ca 5296 * belongs without overlaps.
wolfSSL 13:f67a6c6013ca 5297 */
wolfSSL 13:f67a6c6013ca 5298
wolfSSL 13:f67a6c6013ca 5299 DtlsMsg* head = ssl->dtls_rx_msg_list;
wolfSSL 13:f67a6c6013ca 5300
wolfSSL 13:f67a6c6013ca 5301 if (head != NULL) {
wolfSSL 13:f67a6c6013ca 5302 DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL 13:f67a6c6013ca 5303 if (cur == NULL) {
wolfSSL 13:f67a6c6013ca 5304 cur = DtlsMsgNew(dataSz, heap);
wolfSSL 13:f67a6c6013ca 5305 if (cur != NULL) {
wolfSSL 13:f67a6c6013ca 5306 if (DtlsMsgSet(cur, seq, data, type,
wolfSSL 13:f67a6c6013ca 5307 fragOffset, fragSz, heap) < 0) {
wolfSSL 13:f67a6c6013ca 5308 DtlsMsgDelete(cur, heap);
wolfSSL 13:f67a6c6013ca 5309 }
wolfSSL 13:f67a6c6013ca 5310 else {
wolfSSL 13:f67a6c6013ca 5311 ssl->dtls_rx_msg_list_sz++;
wolfSSL 13:f67a6c6013ca 5312 head = DtlsMsgInsert(head, cur);
wolfSSL 13:f67a6c6013ca 5313 }
wolfSSL 13:f67a6c6013ca 5314 }
wolfSSL 13:f67a6c6013ca 5315 }
wolfSSL 13:f67a6c6013ca 5316 else {
wolfSSL 13:f67a6c6013ca 5317 /* If this fails, the data is just dropped. */
wolfSSL 13:f67a6c6013ca 5318 DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
wolfSSL 13:f67a6c6013ca 5319 }
wolfSSL 13:f67a6c6013ca 5320 }
wolfSSL 13:f67a6c6013ca 5321 else {
wolfSSL 13:f67a6c6013ca 5322 head = DtlsMsgNew(dataSz, heap);
wolfSSL 13:f67a6c6013ca 5323 if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
wolfSSL 13:f67a6c6013ca 5324 DtlsMsgDelete(head, heap);
wolfSSL 13:f67a6c6013ca 5325 head = NULL;
wolfSSL 13:f67a6c6013ca 5326 }
wolfSSL 13:f67a6c6013ca 5327 else {
wolfSSL 13:f67a6c6013ca 5328 ssl->dtls_rx_msg_list_sz++;
wolfSSL 13:f67a6c6013ca 5329 }
wolfSSL 13:f67a6c6013ca 5330 }
wolfSSL 13:f67a6c6013ca 5331
wolfSSL 13:f67a6c6013ca 5332 ssl->dtls_rx_msg_list = head;
wolfSSL 13:f67a6c6013ca 5333 }
wolfSSL 13:f67a6c6013ca 5334
wolfSSL 13:f67a6c6013ca 5335
wolfSSL 13:f67a6c6013ca 5336 /* DtlsMsgInsert() is an in-order insert. */
wolfSSL 13:f67a6c6013ca 5337 DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL 13:f67a6c6013ca 5338 {
wolfSSL 13:f67a6c6013ca 5339 if (head == NULL || item->seq < head->seq) {
wolfSSL 13:f67a6c6013ca 5340 item->next = head;
wolfSSL 13:f67a6c6013ca 5341 head = item;
wolfSSL 13:f67a6c6013ca 5342 }
wolfSSL 13:f67a6c6013ca 5343 else if (head->next == NULL) {
wolfSSL 13:f67a6c6013ca 5344 head->next = item;
wolfSSL 13:f67a6c6013ca 5345 }
wolfSSL 13:f67a6c6013ca 5346 else {
wolfSSL 13:f67a6c6013ca 5347 DtlsMsg* cur = head->next;
wolfSSL 13:f67a6c6013ca 5348 DtlsMsg* prev = head;
wolfSSL 13:f67a6c6013ca 5349 while (cur) {
wolfSSL 13:f67a6c6013ca 5350 if (item->seq < cur->seq) {
wolfSSL 13:f67a6c6013ca 5351 item->next = cur;
wolfSSL 13:f67a6c6013ca 5352 prev->next = item;
wolfSSL 13:f67a6c6013ca 5353 break;
wolfSSL 13:f67a6c6013ca 5354 }
wolfSSL 13:f67a6c6013ca 5355 prev = cur;
wolfSSL 13:f67a6c6013ca 5356 cur = cur->next;
wolfSSL 13:f67a6c6013ca 5357 }
wolfSSL 13:f67a6c6013ca 5358 if (cur == NULL) {
wolfSSL 13:f67a6c6013ca 5359 prev->next = item;
wolfSSL 13:f67a6c6013ca 5360 }
wolfSSL 13:f67a6c6013ca 5361 }
wolfSSL 13:f67a6c6013ca 5362
wolfSSL 13:f67a6c6013ca 5363 return head;
wolfSSL 13:f67a6c6013ca 5364 }
wolfSSL 13:f67a6c6013ca 5365
wolfSSL 13:f67a6c6013ca 5366
wolfSSL 13:f67a6c6013ca 5367 /* DtlsMsgPoolSave() adds the message to the end of the stored transmit list. */
wolfSSL 13:f67a6c6013ca 5368 int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz)
wolfSSL 13:f67a6c6013ca 5369 {
wolfSSL 13:f67a6c6013ca 5370 DtlsMsg* item;
wolfSSL 13:f67a6c6013ca 5371 int ret = 0;
wolfSSL 13:f67a6c6013ca 5372
wolfSSL 13:f67a6c6013ca 5373 if (ssl->dtls_tx_msg_list_sz > DTLS_POOL_SZ)
wolfSSL 13:f67a6c6013ca 5374 return DTLS_POOL_SZ_E;
wolfSSL 13:f67a6c6013ca 5375
wolfSSL 13:f67a6c6013ca 5376 item = DtlsMsgNew(dataSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 5377
wolfSSL 13:f67a6c6013ca 5378 if (item != NULL) {
wolfSSL 13:f67a6c6013ca 5379 DtlsMsg* cur = ssl->dtls_tx_msg_list;
wolfSSL 13:f67a6c6013ca 5380
wolfSSL 13:f67a6c6013ca 5381 XMEMCPY(item->buf, data, dataSz);
wolfSSL 13:f67a6c6013ca 5382 item->sz = dataSz;
wolfSSL 13:f67a6c6013ca 5383 item->seq = ssl->keys.dtls_epoch;
wolfSSL 13:f67a6c6013ca 5384
wolfSSL 13:f67a6c6013ca 5385 if (cur == NULL)
wolfSSL 13:f67a6c6013ca 5386 ssl->dtls_tx_msg_list = item;
wolfSSL 13:f67a6c6013ca 5387 else {
wolfSSL 13:f67a6c6013ca 5388 while (cur->next)
wolfSSL 13:f67a6c6013ca 5389 cur = cur->next;
wolfSSL 13:f67a6c6013ca 5390 cur->next = item;
wolfSSL 13:f67a6c6013ca 5391 }
wolfSSL 13:f67a6c6013ca 5392 ssl->dtls_tx_msg_list_sz++;
wolfSSL 13:f67a6c6013ca 5393 }
wolfSSL 13:f67a6c6013ca 5394 else
wolfSSL 13:f67a6c6013ca 5395 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 5396
wolfSSL 13:f67a6c6013ca 5397 return ret;
wolfSSL 13:f67a6c6013ca 5398 }
wolfSSL 13:f67a6c6013ca 5399
wolfSSL 13:f67a6c6013ca 5400
wolfSSL 13:f67a6c6013ca 5401 /* DtlsMsgPoolTimeout() updates the timeout time. */
wolfSSL 13:f67a6c6013ca 5402 int DtlsMsgPoolTimeout(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5403 {
wolfSSL 13:f67a6c6013ca 5404 int result = -1;
wolfSSL 13:f67a6c6013ca 5405 if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL 13:f67a6c6013ca 5406 ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL 13:f67a6c6013ca 5407 result = 0;
wolfSSL 13:f67a6c6013ca 5408 }
wolfSSL 13:f67a6c6013ca 5409 return result;
wolfSSL 13:f67a6c6013ca 5410 }
wolfSSL 13:f67a6c6013ca 5411
wolfSSL 13:f67a6c6013ca 5412
wolfSSL 13:f67a6c6013ca 5413 /* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
wolfSSL 13:f67a6c6013ca 5414 * value. */
wolfSSL 13:f67a6c6013ca 5415 void DtlsMsgPoolReset(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5416 {
wolfSSL 13:f67a6c6013ca 5417 if (ssl->dtls_tx_msg_list) {
wolfSSL 13:f67a6c6013ca 5418 DtlsMsgListDelete(ssl->dtls_tx_msg_list, ssl->heap);
wolfSSL 13:f67a6c6013ca 5419 ssl->dtls_tx_msg_list = NULL;
wolfSSL 13:f67a6c6013ca 5420 ssl->dtls_tx_msg_list_sz = 0;
wolfSSL 13:f67a6c6013ca 5421 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 13:f67a6c6013ca 5422 }
wolfSSL 13:f67a6c6013ca 5423 }
wolfSSL 13:f67a6c6013ca 5424
wolfSSL 13:f67a6c6013ca 5425
wolfSSL 13:f67a6c6013ca 5426 int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
wolfSSL 13:f67a6c6013ca 5427 {
wolfSSL 13:f67a6c6013ca 5428 /**
wolfSSL 13:f67a6c6013ca 5429 * only the first message from previous flight should be valid
wolfSSL 13:f67a6c6013ca 5430 * to be used for triggering retransmission of whole DtlsMsgPool.
wolfSSL 13:f67a6c6013ca 5431 * change cipher suite type is not verified here
wolfSSL 13:f67a6c6013ca 5432 */
wolfSSL 13:f67a6c6013ca 5433 return ((fragOffset == 0) &&
wolfSSL 13:f67a6c6013ca 5434 (((ssl->options.side == WOLFSSL_SERVER_END) &&
wolfSSL 13:f67a6c6013ca 5435 ((type == client_hello) ||
wolfSSL 13:f67a6c6013ca 5436 ((ssl->options.verifyPeer) && (type == certificate)) ||
wolfSSL 13:f67a6c6013ca 5437 ((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
wolfSSL 13:f67a6c6013ca 5438 ((ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 13:f67a6c6013ca 5439 (type == server_hello))));
wolfSSL 13:f67a6c6013ca 5440 }
wolfSSL 13:f67a6c6013ca 5441
wolfSSL 13:f67a6c6013ca 5442
wolfSSL 13:f67a6c6013ca 5443 /* DtlsMsgPoolSend() will send the stored transmit list. The stored list is
wolfSSL 13:f67a6c6013ca 5444 * updated with new sequence numbers, and will be re-encrypted if needed. */
wolfSSL 13:f67a6c6013ca 5445 int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
wolfSSL 13:f67a6c6013ca 5446 {
wolfSSL 13:f67a6c6013ca 5447 int ret = 0;
wolfSSL 13:f67a6c6013ca 5448 DtlsMsg* pool = ssl->dtls_tx_msg_list;
wolfSSL 13:f67a6c6013ca 5449
wolfSSL 13:f67a6c6013ca 5450 if (pool != NULL) {
wolfSSL 13:f67a6c6013ca 5451
wolfSSL 13:f67a6c6013ca 5452 while (pool != NULL) {
wolfSSL 13:f67a6c6013ca 5453 if (pool->seq == 0) {
wolfSSL 13:f67a6c6013ca 5454 DtlsRecordLayerHeader* dtls;
wolfSSL 13:f67a6c6013ca 5455 int epochOrder;
wolfSSL 13:f67a6c6013ca 5456
wolfSSL 13:f67a6c6013ca 5457 dtls = (DtlsRecordLayerHeader*)pool->buf;
wolfSSL 13:f67a6c6013ca 5458 /* If the stored record's epoch is 0, and the currently set
wolfSSL 13:f67a6c6013ca 5459 * epoch is 0, use the "current order" sequence number.
wolfSSL 13:f67a6c6013ca 5460 * If the stored record's epoch is 0 and the currently set
wolfSSL 13:f67a6c6013ca 5461 * epoch is not 0, the stored record is considered a "previous
wolfSSL 13:f67a6c6013ca 5462 * order" sequence number. */
wolfSSL 13:f67a6c6013ca 5463 epochOrder = (ssl->keys.dtls_epoch == 0) ?
wolfSSL 13:f67a6c6013ca 5464 CUR_ORDER : PREV_ORDER;
wolfSSL 13:f67a6c6013ca 5465
wolfSSL 13:f67a6c6013ca 5466 WriteSEQ(ssl, epochOrder, dtls->sequence_number);
wolfSSL 13:f67a6c6013ca 5467 DtlsSEQIncrement(ssl, epochOrder);
wolfSSL 13:f67a6c6013ca 5468 if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0)
wolfSSL 13:f67a6c6013ca 5469 return ret;
wolfSSL 13:f67a6c6013ca 5470
wolfSSL 13:f67a6c6013ca 5471 XMEMCPY(ssl->buffers.outputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 5472 pool->buf, pool->sz);
wolfSSL 13:f67a6c6013ca 5473 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 5474 ssl->buffers.outputBuffer.length = pool->sz;
wolfSSL 13:f67a6c6013ca 5475 }
wolfSSL 13:f67a6c6013ca 5476 else if (pool->seq == ssl->keys.dtls_epoch) {
wolfSSL 13:f67a6c6013ca 5477 byte* input;
wolfSSL 13:f67a6c6013ca 5478 byte* output;
wolfSSL 13:f67a6c6013ca 5479 int inputSz, sendSz;
wolfSSL 13:f67a6c6013ca 5480
wolfSSL 13:f67a6c6013ca 5481 input = pool->buf;
wolfSSL 13:f67a6c6013ca 5482 inputSz = pool->sz;
wolfSSL 13:f67a6c6013ca 5483 sendSz = inputSz + MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 5484
wolfSSL 13:f67a6c6013ca 5485 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 5486 return ret;
wolfSSL 13:f67a6c6013ca 5487
wolfSSL 13:f67a6c6013ca 5488 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 5489 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 5490 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 13:f67a6c6013ca 5491 handshake, 0, 0, 0);
wolfSSL 13:f67a6c6013ca 5492 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 5493 return BUILD_MSG_ERROR;
wolfSSL 13:f67a6c6013ca 5494
wolfSSL 13:f67a6c6013ca 5495 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 5496 }
wolfSSL 13:f67a6c6013ca 5497
wolfSSL 13:f67a6c6013ca 5498 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 5499 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 5500 return ret;
wolfSSL 13:f67a6c6013ca 5501 }
wolfSSL 13:f67a6c6013ca 5502
wolfSSL 13:f67a6c6013ca 5503 /**
wolfSSL 13:f67a6c6013ca 5504 * on server side, retranmission is being triggered only by sending
wolfSSL 13:f67a6c6013ca 5505 * first message of given flight, in order to trigger client
wolfSSL 13:f67a6c6013ca 5506 * to retransmit its whole flight. Sending the whole previous flight
wolfSSL 13:f67a6c6013ca 5507 * could lead to retranmission of previous client flight for each
wolfSSL 13:f67a6c6013ca 5508 * server message from previous flight. Therefore one message should
wolfSSL 13:f67a6c6013ca 5509 * be enough to do the trick.
wolfSSL 13:f67a6c6013ca 5510 */
wolfSSL 13:f67a6c6013ca 5511 if (sendOnlyFirstPacket &&
wolfSSL 13:f67a6c6013ca 5512 ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 5513
wolfSSL 13:f67a6c6013ca 5514 pool = NULL;
wolfSSL 13:f67a6c6013ca 5515 }
wolfSSL 13:f67a6c6013ca 5516 else
wolfSSL 13:f67a6c6013ca 5517 pool = pool->next;
wolfSSL 13:f67a6c6013ca 5518 }
wolfSSL 13:f67a6c6013ca 5519 }
wolfSSL 13:f67a6c6013ca 5520
wolfSSL 13:f67a6c6013ca 5521 return ret;
wolfSSL 13:f67a6c6013ca 5522 }
wolfSSL 13:f67a6c6013ca 5523
wolfSSL 13:f67a6c6013ca 5524 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 5525
wolfSSL 13:f67a6c6013ca 5526 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 13:f67a6c6013ca 5527
wolfSSL 13:f67a6c6013ca 5528 ProtocolVersion MakeSSLv3(void)
wolfSSL 13:f67a6c6013ca 5529 {
wolfSSL 13:f67a6c6013ca 5530 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 5531 pv.major = SSLv3_MAJOR;
wolfSSL 13:f67a6c6013ca 5532 pv.minor = SSLv3_MINOR;
wolfSSL 13:f67a6c6013ca 5533
wolfSSL 13:f67a6c6013ca 5534 return pv;
wolfSSL 13:f67a6c6013ca 5535 }
wolfSSL 13:f67a6c6013ca 5536
wolfSSL 13:f67a6c6013ca 5537 #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 5538
wolfSSL 13:f67a6c6013ca 5539
wolfSSL 13:f67a6c6013ca 5540 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5541
wolfSSL 13:f67a6c6013ca 5542 ProtocolVersion MakeDTLSv1(void)
wolfSSL 13:f67a6c6013ca 5543 {
wolfSSL 13:f67a6c6013ca 5544 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 5545 pv.major = DTLS_MAJOR;
wolfSSL 13:f67a6c6013ca 5546 pv.minor = DTLS_MINOR;
wolfSSL 13:f67a6c6013ca 5547
wolfSSL 13:f67a6c6013ca 5548 return pv;
wolfSSL 13:f67a6c6013ca 5549 }
wolfSSL 13:f67a6c6013ca 5550
wolfSSL 13:f67a6c6013ca 5551 ProtocolVersion MakeDTLSv1_2(void)
wolfSSL 13:f67a6c6013ca 5552 {
wolfSSL 13:f67a6c6013ca 5553 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 5554 pv.major = DTLS_MAJOR;
wolfSSL 13:f67a6c6013ca 5555 pv.minor = DTLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 5556
wolfSSL 13:f67a6c6013ca 5557 return pv;
wolfSSL 13:f67a6c6013ca 5558 }
wolfSSL 13:f67a6c6013ca 5559
wolfSSL 13:f67a6c6013ca 5560 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 5561
wolfSSL 13:f67a6c6013ca 5562
wolfSSL 13:f67a6c6013ca 5563
wolfSSL 13:f67a6c6013ca 5564
wolfSSL 13:f67a6c6013ca 5565 #if defined(USER_TICKS)
wolfSSL 13:f67a6c6013ca 5566 #if 0
wolfSSL 13:f67a6c6013ca 5567 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5568 {
wolfSSL 13:f67a6c6013ca 5569 /*
wolfSSL 13:f67a6c6013ca 5570 write your own clock tick function if don't want time(0)
wolfSSL 13:f67a6c6013ca 5571 needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL 13:f67a6c6013ca 5572 */
wolfSSL 13:f67a6c6013ca 5573 }
wolfSSL 13:f67a6c6013ca 5574 #endif
wolfSSL 13:f67a6c6013ca 5575
wolfSSL 13:f67a6c6013ca 5576 #elif defined(TIME_OVERRIDES)
wolfSSL 13:f67a6c6013ca 5577
wolfSSL 13:f67a6c6013ca 5578 /* use same asn time overrides unless user wants tick override above */
wolfSSL 13:f67a6c6013ca 5579
wolfSSL 13:f67a6c6013ca 5580 #ifndef HAVE_TIME_T_TYPE
wolfSSL 13:f67a6c6013ca 5581 typedef long time_t;
wolfSSL 13:f67a6c6013ca 5582 #endif
wolfSSL 13:f67a6c6013ca 5583 extern time_t XTIME(time_t * timer);
wolfSSL 13:f67a6c6013ca 5584
wolfSSL 13:f67a6c6013ca 5585 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5586 {
wolfSSL 13:f67a6c6013ca 5587 return (word32) XTIME(0);
wolfSSL 13:f67a6c6013ca 5588 }
wolfSSL 13:f67a6c6013ca 5589
wolfSSL 13:f67a6c6013ca 5590 #elif defined(USE_WINDOWS_API)
wolfSSL 13:f67a6c6013ca 5591
wolfSSL 13:f67a6c6013ca 5592 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5593 {
wolfSSL 13:f67a6c6013ca 5594 static int init = 0;
wolfSSL 13:f67a6c6013ca 5595 static LARGE_INTEGER freq;
wolfSSL 13:f67a6c6013ca 5596 LARGE_INTEGER count;
wolfSSL 13:f67a6c6013ca 5597
wolfSSL 13:f67a6c6013ca 5598 if (!init) {
wolfSSL 13:f67a6c6013ca 5599 QueryPerformanceFrequency(&freq);
wolfSSL 13:f67a6c6013ca 5600 init = 1;
wolfSSL 13:f67a6c6013ca 5601 }
wolfSSL 13:f67a6c6013ca 5602
wolfSSL 13:f67a6c6013ca 5603 QueryPerformanceCounter(&count);
wolfSSL 13:f67a6c6013ca 5604
wolfSSL 13:f67a6c6013ca 5605 return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL 13:f67a6c6013ca 5606 }
wolfSSL 13:f67a6c6013ca 5607
wolfSSL 13:f67a6c6013ca 5608 #elif defined(HAVE_RTP_SYS)
wolfSSL 13:f67a6c6013ca 5609
wolfSSL 13:f67a6c6013ca 5610 #include "rtptime.h"
wolfSSL 13:f67a6c6013ca 5611
wolfSSL 13:f67a6c6013ca 5612 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5613 {
wolfSSL 13:f67a6c6013ca 5614 return (word32)rtp_get_system_sec();
wolfSSL 13:f67a6c6013ca 5615 }
wolfSSL 13:f67a6c6013ca 5616
wolfSSL 13:f67a6c6013ca 5617
wolfSSL 13:f67a6c6013ca 5618 #elif defined(MICRIUM)
wolfSSL 13:f67a6c6013ca 5619
wolfSSL 13:f67a6c6013ca 5620 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5621 {
wolfSSL 13:f67a6c6013ca 5622 NET_SECURE_OS_TICK clk = 0;
wolfSSL 13:f67a6c6013ca 5623
wolfSSL 13:f67a6c6013ca 5624 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL 13:f67a6c6013ca 5625 clk = NetSecure_OS_TimeGet();
wolfSSL 13:f67a6c6013ca 5626 #endif
wolfSSL 13:f67a6c6013ca 5627 return (word32)clk;
wolfSSL 13:f67a6c6013ca 5628 }
wolfSSL 13:f67a6c6013ca 5629
wolfSSL 13:f67a6c6013ca 5630
wolfSSL 13:f67a6c6013ca 5631 #elif defined(MICROCHIP_TCPIP_V5)
wolfSSL 13:f67a6c6013ca 5632
wolfSSL 13:f67a6c6013ca 5633 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5634 {
wolfSSL 13:f67a6c6013ca 5635 return (word32) (TickGet() / TICKS_PER_SECOND);
wolfSSL 13:f67a6c6013ca 5636 }
wolfSSL 13:f67a6c6013ca 5637
wolfSSL 13:f67a6c6013ca 5638
wolfSSL 13:f67a6c6013ca 5639 #elif defined(MICROCHIP_TCPIP)
wolfSSL 13:f67a6c6013ca 5640
wolfSSL 13:f67a6c6013ca 5641 #if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL 13:f67a6c6013ca 5642
wolfSSL 13:f67a6c6013ca 5643 #include <system/tmr/sys_tmr.h>
wolfSSL 13:f67a6c6013ca 5644
wolfSSL 13:f67a6c6013ca 5645 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5646 {
wolfSSL 13:f67a6c6013ca 5647 return (word32) (SYS_TMR_TickCountGet() /
wolfSSL 13:f67a6c6013ca 5648 SYS_TMR_TickCounterFrequencyGet());
wolfSSL 13:f67a6c6013ca 5649 }
wolfSSL 13:f67a6c6013ca 5650
wolfSSL 13:f67a6c6013ca 5651 #else
wolfSSL 13:f67a6c6013ca 5652
wolfSSL 13:f67a6c6013ca 5653 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5654 {
wolfSSL 13:f67a6c6013ca 5655 return (word32) (SYS_TICK_Get() / SYS_TICK_TicksPerSecondGet());
wolfSSL 13:f67a6c6013ca 5656 }
wolfSSL 13:f67a6c6013ca 5657
wolfSSL 13:f67a6c6013ca 5658 #endif
wolfSSL 13:f67a6c6013ca 5659
wolfSSL 13:f67a6c6013ca 5660 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 13:f67a6c6013ca 5661
wolfSSL 13:f67a6c6013ca 5662 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5663 {
wolfSSL 13:f67a6c6013ca 5664 TIME_STRUCT mqxTime;
wolfSSL 13:f67a6c6013ca 5665
wolfSSL 13:f67a6c6013ca 5666 _time_get_elapsed(&mqxTime);
wolfSSL 13:f67a6c6013ca 5667
wolfSSL 13:f67a6c6013ca 5668 return (word32) mqxTime.SECONDS;
wolfSSL 13:f67a6c6013ca 5669 }
wolfSSL 13:f67a6c6013ca 5670 #elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
wolfSSL 13:f67a6c6013ca 5671
wolfSSL 13:f67a6c6013ca 5672 #include "include/task.h"
wolfSSL 13:f67a6c6013ca 5673
wolfSSL 13:f67a6c6013ca 5674 unsigned int LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5675 {
wolfSSL 13:f67a6c6013ca 5676 return (unsigned int)(((float)xTaskGetTickCount())/configTICK_RATE_HZ);
wolfSSL 13:f67a6c6013ca 5677 }
wolfSSL 13:f67a6c6013ca 5678
wolfSSL 13:f67a6c6013ca 5679 #elif defined(FREESCALE_KSDK_BM)
wolfSSL 13:f67a6c6013ca 5680
wolfSSL 13:f67a6c6013ca 5681 #include "lwip/sys.h" /* lwIP */
wolfSSL 13:f67a6c6013ca 5682 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5683 {
wolfSSL 13:f67a6c6013ca 5684 return sys_now()/1000;
wolfSSL 13:f67a6c6013ca 5685 }
wolfSSL 13:f67a6c6013ca 5686
wolfSSL 13:f67a6c6013ca 5687 #elif defined(WOLFSSL_TIRTOS)
wolfSSL 13:f67a6c6013ca 5688
wolfSSL 13:f67a6c6013ca 5689 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5690 {
wolfSSL 13:f67a6c6013ca 5691 return (word32) Seconds_get();
wolfSSL 13:f67a6c6013ca 5692 }
wolfSSL 13:f67a6c6013ca 5693 #elif defined(WOLFSSL_XILINX)
wolfSSL 13:f67a6c6013ca 5694 #include "xrtcpsu.h"
wolfSSL 13:f67a6c6013ca 5695
wolfSSL 13:f67a6c6013ca 5696 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5697 {
wolfSSL 13:f67a6c6013ca 5698 XRtcPsu_Config* con;
wolfSSL 13:f67a6c6013ca 5699 XRtcPsu rtc;
wolfSSL 13:f67a6c6013ca 5700
wolfSSL 13:f67a6c6013ca 5701 con = XRtcPsu_LookupConfig(XPAR_XRTCPSU_0_DEVICE_ID);
wolfSSL 13:f67a6c6013ca 5702 if (con != NULL) {
wolfSSL 13:f67a6c6013ca 5703 if (XRtcPsu_CfgInitialize(&rtc, con, con->BaseAddr)
wolfSSL 13:f67a6c6013ca 5704 == XST_SUCCESS) {
wolfSSL 13:f67a6c6013ca 5705 return (word32)XRtcPsu_GetCurrentTime(&rtc);
wolfSSL 13:f67a6c6013ca 5706 }
wolfSSL 13:f67a6c6013ca 5707 else {
wolfSSL 13:f67a6c6013ca 5708 WOLFSSL_MSG("Unable to initialize RTC");
wolfSSL 13:f67a6c6013ca 5709 }
wolfSSL 13:f67a6c6013ca 5710 }
wolfSSL 13:f67a6c6013ca 5711
wolfSSL 13:f67a6c6013ca 5712 return 0;
wolfSSL 13:f67a6c6013ca 5713 }
wolfSSL 13:f67a6c6013ca 5714
wolfSSL 13:f67a6c6013ca 5715 #elif defined(WOLFSSL_UTASKER)
wolfSSL 13:f67a6c6013ca 5716
wolfSSL 13:f67a6c6013ca 5717 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5718 {
wolfSSL 13:f67a6c6013ca 5719 return (word32)(uTaskerSystemTick / TICK_RESOLUTION);
wolfSSL 13:f67a6c6013ca 5720 }
wolfSSL 13:f67a6c6013ca 5721
wolfSSL 13:f67a6c6013ca 5722 #else
wolfSSL 13:f67a6c6013ca 5723 /* Posix style time */
wolfSSL 13:f67a6c6013ca 5724 #include <time.h>
wolfSSL 13:f67a6c6013ca 5725
wolfSSL 13:f67a6c6013ca 5726 word32 LowResTimer(void)
wolfSSL 13:f67a6c6013ca 5727 {
wolfSSL 13:f67a6c6013ca 5728 return (word32)time(0);
wolfSSL 13:f67a6c6013ca 5729 }
wolfSSL 13:f67a6c6013ca 5730
wolfSSL 13:f67a6c6013ca 5731
wolfSSL 13:f67a6c6013ca 5732 #endif
wolfSSL 13:f67a6c6013ca 5733
wolfSSL 13:f67a6c6013ca 5734
wolfSSL 13:f67a6c6013ca 5735 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 5736 int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wolfSSL 13:f67a6c6013ca 5737 {
wolfSSL 13:f67a6c6013ca 5738 int ret = 0;
wolfSSL 13:f67a6c6013ca 5739
wolfSSL 13:f67a6c6013ca 5740 (void)output;
wolfSSL 13:f67a6c6013ca 5741 (void)sz;
wolfSSL 13:f67a6c6013ca 5742
wolfSSL 13:f67a6c6013ca 5743 if (ssl->hsHashes == NULL)
wolfSSL 13:f67a6c6013ca 5744 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 5745
wolfSSL 13:f67a6c6013ca 5746 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 5747 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 5748 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 5749 #endif
wolfSSL 13:f67a6c6013ca 5750 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 5751 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 5752 wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
wolfSSL 13:f67a6c6013ca 5753 #endif
wolfSSL 13:f67a6c6013ca 5754 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 5755 wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
wolfSSL 13:f67a6c6013ca 5756 #endif
wolfSSL 13:f67a6c6013ca 5757 #endif /* NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 5758
wolfSSL 13:f67a6c6013ca 5759 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 5760 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 5761 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
wolfSSL 13:f67a6c6013ca 5762 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5763 return ret;
wolfSSL 13:f67a6c6013ca 5764 #endif
wolfSSL 13:f67a6c6013ca 5765 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 5766 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
wolfSSL 13:f67a6c6013ca 5767 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5768 return ret;
wolfSSL 13:f67a6c6013ca 5769 #endif
wolfSSL 13:f67a6c6013ca 5770 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 5771 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
wolfSSL 13:f67a6c6013ca 5772 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5773 return ret;
wolfSSL 13:f67a6c6013ca 5774 #endif
wolfSSL 13:f67a6c6013ca 5775 }
wolfSSL 13:f67a6c6013ca 5776
wolfSSL 13:f67a6c6013ca 5777 return ret;
wolfSSL 13:f67a6c6013ca 5778 }
wolfSSL 13:f67a6c6013ca 5779 #endif /* NO_CERTS */
wolfSSL 13:f67a6c6013ca 5780
wolfSSL 13:f67a6c6013ca 5781
wolfSSL 13:f67a6c6013ca 5782 /* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL 13:f67a6c6013ca 5783 int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL 13:f67a6c6013ca 5784 {
wolfSSL 13:f67a6c6013ca 5785 int ret = 0;
wolfSSL 13:f67a6c6013ca 5786 const byte* adj;
wolfSSL 13:f67a6c6013ca 5787
wolfSSL 13:f67a6c6013ca 5788 adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL 13:f67a6c6013ca 5789 sz -= RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5790
wolfSSL 13:f67a6c6013ca 5791 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 5792 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 5793 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 5794 #endif
wolfSSL 13:f67a6c6013ca 5795 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5796 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5797 adj += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 5798 sz -= DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 5799 }
wolfSSL 13:f67a6c6013ca 5800 #endif
wolfSSL 13:f67a6c6013ca 5801 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 5802 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 5803 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 13:f67a6c6013ca 5804 #endif
wolfSSL 13:f67a6c6013ca 5805 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 5806 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 13:f67a6c6013ca 5807 #endif
wolfSSL 13:f67a6c6013ca 5808 #endif
wolfSSL 13:f67a6c6013ca 5809
wolfSSL 13:f67a6c6013ca 5810 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 5811 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 5812 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 13:f67a6c6013ca 5813 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5814 return ret;
wolfSSL 13:f67a6c6013ca 5815 #endif
wolfSSL 13:f67a6c6013ca 5816 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 5817 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 13:f67a6c6013ca 5818 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5819 return ret;
wolfSSL 13:f67a6c6013ca 5820 #endif
wolfSSL 13:f67a6c6013ca 5821 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 5822 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 13:f67a6c6013ca 5823 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5824 return ret;
wolfSSL 13:f67a6c6013ca 5825 #endif
wolfSSL 13:f67a6c6013ca 5826 }
wolfSSL 13:f67a6c6013ca 5827
wolfSSL 13:f67a6c6013ca 5828 return ret;
wolfSSL 13:f67a6c6013ca 5829 }
wolfSSL 13:f67a6c6013ca 5830
wolfSSL 13:f67a6c6013ca 5831
wolfSSL 13:f67a6c6013ca 5832 /* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL 13:f67a6c6013ca 5833 int HashInput(WOLFSSL* ssl, const byte* input, int sz)
wolfSSL 13:f67a6c6013ca 5834 {
wolfSSL 13:f67a6c6013ca 5835 int ret = 0;
wolfSSL 13:f67a6c6013ca 5836 const byte* adj;
wolfSSL 13:f67a6c6013ca 5837
wolfSSL 13:f67a6c6013ca 5838 adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5839 sz += HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5840
wolfSSL 13:f67a6c6013ca 5841 (void)adj;
wolfSSL 13:f67a6c6013ca 5842
wolfSSL 13:f67a6c6013ca 5843 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5844 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5845 adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 5846 sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 5847 }
wolfSSL 13:f67a6c6013ca 5848 #endif
wolfSSL 13:f67a6c6013ca 5849
wolfSSL 13:f67a6c6013ca 5850 if (ssl->hsHashes == NULL) {
wolfSSL 13:f67a6c6013ca 5851 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 5852 }
wolfSSL 13:f67a6c6013ca 5853
wolfSSL 13:f67a6c6013ca 5854 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 5855 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 5856 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 13:f67a6c6013ca 5857 #endif
wolfSSL 13:f67a6c6013ca 5858 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 5859 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 13:f67a6c6013ca 5860 #endif
wolfSSL 13:f67a6c6013ca 5861 #endif
wolfSSL 13:f67a6c6013ca 5862
wolfSSL 13:f67a6c6013ca 5863 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 5864 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 5865 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 13:f67a6c6013ca 5866 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5867 return ret;
wolfSSL 13:f67a6c6013ca 5868 #endif
wolfSSL 13:f67a6c6013ca 5869 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 5870 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 13:f67a6c6013ca 5871 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5872 return ret;
wolfSSL 13:f67a6c6013ca 5873 #endif
wolfSSL 13:f67a6c6013ca 5874 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 5875 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 13:f67a6c6013ca 5876 if (ret != 0)
wolfSSL 13:f67a6c6013ca 5877 return ret;
wolfSSL 13:f67a6c6013ca 5878 #endif
wolfSSL 13:f67a6c6013ca 5879 }
wolfSSL 13:f67a6c6013ca 5880
wolfSSL 13:f67a6c6013ca 5881 return ret;
wolfSSL 13:f67a6c6013ca 5882 }
wolfSSL 13:f67a6c6013ca 5883
wolfSSL 13:f67a6c6013ca 5884
wolfSSL 13:f67a6c6013ca 5885 /* add record layer header for message */
wolfSSL 13:f67a6c6013ca 5886 static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5887 {
wolfSSL 13:f67a6c6013ca 5888 RecordLayerHeader* rl;
wolfSSL 13:f67a6c6013ca 5889
wolfSSL 13:f67a6c6013ca 5890 /* record layer header */
wolfSSL 13:f67a6c6013ca 5891 rl = (RecordLayerHeader*)output;
wolfSSL 13:f67a6c6013ca 5892 if (rl == NULL) {
wolfSSL 13:f67a6c6013ca 5893 return;
wolfSSL 13:f67a6c6013ca 5894 }
wolfSSL 13:f67a6c6013ca 5895 rl->type = type;
wolfSSL 13:f67a6c6013ca 5896 rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL 13:f67a6c6013ca 5897 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 5898 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 13:f67a6c6013ca 5899 rl->pvMinor = TLSv1_MINOR;
wolfSSL 13:f67a6c6013ca 5900 else
wolfSSL 13:f67a6c6013ca 5901 #endif
wolfSSL 13:f67a6c6013ca 5902 rl->pvMinor = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 5903
wolfSSL 13:f67a6c6013ca 5904 #ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
wolfSSL 13:f67a6c6013ca 5905 if (ssl->options.side == WOLFSSL_CLIENT_END
wolfSSL 13:f67a6c6013ca 5906 && ssl->options.connectState == CONNECT_BEGIN
wolfSSL 13:f67a6c6013ca 5907 && !ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 5908 rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
wolfSSL 13:f67a6c6013ca 5909 : ssl->version.minor;
wolfSSL 13:f67a6c6013ca 5910 }
wolfSSL 13:f67a6c6013ca 5911 #endif
wolfSSL 13:f67a6c6013ca 5912
wolfSSL 13:f67a6c6013ca 5913 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5914 c16toa((word16)length, rl->length);
wolfSSL 13:f67a6c6013ca 5915 }
wolfSSL 13:f67a6c6013ca 5916 else {
wolfSSL 13:f67a6c6013ca 5917 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5918 DtlsRecordLayerHeader* dtls;
wolfSSL 13:f67a6c6013ca 5919
wolfSSL 13:f67a6c6013ca 5920 /* dtls record layer header extensions */
wolfSSL 13:f67a6c6013ca 5921 dtls = (DtlsRecordLayerHeader*)output;
wolfSSL 13:f67a6c6013ca 5922 WriteSEQ(ssl, 0, dtls->sequence_number);
wolfSSL 13:f67a6c6013ca 5923 c16toa((word16)length, dtls->length);
wolfSSL 13:f67a6c6013ca 5924 #endif
wolfSSL 13:f67a6c6013ca 5925 }
wolfSSL 13:f67a6c6013ca 5926 }
wolfSSL 13:f67a6c6013ca 5927
wolfSSL 13:f67a6c6013ca 5928
wolfSSL 13:f67a6c6013ca 5929 /* add handshake header for message */
wolfSSL 13:f67a6c6013ca 5930 static void AddHandShakeHeader(byte* output, word32 length,
wolfSSL 13:f67a6c6013ca 5931 word32 fragOffset, word32 fragLength,
wolfSSL 13:f67a6c6013ca 5932 byte type, WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5933 {
wolfSSL 13:f67a6c6013ca 5934 HandShakeHeader* hs;
wolfSSL 13:f67a6c6013ca 5935 (void)fragOffset;
wolfSSL 13:f67a6c6013ca 5936 (void)fragLength;
wolfSSL 13:f67a6c6013ca 5937 (void)ssl;
wolfSSL 13:f67a6c6013ca 5938
wolfSSL 13:f67a6c6013ca 5939 /* handshake header */
wolfSSL 13:f67a6c6013ca 5940 hs = (HandShakeHeader*)output;
wolfSSL 13:f67a6c6013ca 5941 hs->type = type;
wolfSSL 13:f67a6c6013ca 5942 c32to24(length, hs->length); /* type and length same for each */
wolfSSL 13:f67a6c6013ca 5943 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5944 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5945 DtlsHandShakeHeader* dtls;
wolfSSL 13:f67a6c6013ca 5946
wolfSSL 13:f67a6c6013ca 5947 /* dtls handshake header extensions */
wolfSSL 13:f67a6c6013ca 5948 dtls = (DtlsHandShakeHeader*)output;
wolfSSL 13:f67a6c6013ca 5949 c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL 13:f67a6c6013ca 5950 c32to24(fragOffset, dtls->fragment_offset);
wolfSSL 13:f67a6c6013ca 5951 c32to24(fragLength, dtls->fragment_length);
wolfSSL 13:f67a6c6013ca 5952 }
wolfSSL 13:f67a6c6013ca 5953 #endif
wolfSSL 13:f67a6c6013ca 5954 }
wolfSSL 13:f67a6c6013ca 5955
wolfSSL 13:f67a6c6013ca 5956
wolfSSL 13:f67a6c6013ca 5957 /* add both headers for handshake message */
wolfSSL 13:f67a6c6013ca 5958 static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5959 {
wolfSSL 13:f67a6c6013ca 5960 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5961 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5962
wolfSSL 13:f67a6c6013ca 5963 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5964 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5965 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 5966 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 5967 }
wolfSSL 13:f67a6c6013ca 5968 #endif
wolfSSL 13:f67a6c6013ca 5969
wolfSSL 13:f67a6c6013ca 5970 AddRecordHeader(output, length + lengthAdj, handshake, ssl);
wolfSSL 13:f67a6c6013ca 5971 AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
wolfSSL 13:f67a6c6013ca 5972 }
wolfSSL 13:f67a6c6013ca 5973
wolfSSL 13:f67a6c6013ca 5974
wolfSSL 13:f67a6c6013ca 5975 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 5976 static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
wolfSSL 13:f67a6c6013ca 5977 word32 length, byte type, WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 5978 {
wolfSSL 13:f67a6c6013ca 5979 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5980 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 5981 (void)fragSz;
wolfSSL 13:f67a6c6013ca 5982
wolfSSL 13:f67a6c6013ca 5983 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 5984 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 5985 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 5986 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 5987 }
wolfSSL 13:f67a6c6013ca 5988 #endif
wolfSSL 13:f67a6c6013ca 5989
wolfSSL 13:f67a6c6013ca 5990 AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
wolfSSL 13:f67a6c6013ca 5991 AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
wolfSSL 13:f67a6c6013ca 5992 }
wolfSSL 13:f67a6c6013ca 5993 #endif /* NO_CERTS */
wolfSSL 13:f67a6c6013ca 5994
wolfSSL 13:f67a6c6013ca 5995
wolfSSL 13:f67a6c6013ca 5996 /* return bytes received, -1 on error */
wolfSSL 13:f67a6c6013ca 5997 static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 13:f67a6c6013ca 5998 {
wolfSSL 13:f67a6c6013ca 5999 int recvd;
wolfSSL 13:f67a6c6013ca 6000
wolfSSL 13:f67a6c6013ca 6001 if (ssl->ctx->CBIORecv == NULL) {
wolfSSL 13:f67a6c6013ca 6002 WOLFSSL_MSG("Your IO Recv callback is null, please set");
wolfSSL 13:f67a6c6013ca 6003 return -1;
wolfSSL 13:f67a6c6013ca 6004 }
wolfSSL 13:f67a6c6013ca 6005
wolfSSL 13:f67a6c6013ca 6006 retry:
wolfSSL 13:f67a6c6013ca 6007 recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL 13:f67a6c6013ca 6008 if (recvd < 0)
wolfSSL 13:f67a6c6013ca 6009 switch (recvd) {
wolfSSL 13:f67a6c6013ca 6010 case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL 13:f67a6c6013ca 6011 return -1;
wolfSSL 13:f67a6c6013ca 6012
wolfSSL 13:f67a6c6013ca 6013 case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL 13:f67a6c6013ca 6014 return WANT_READ;
wolfSSL 13:f67a6c6013ca 6015
wolfSSL 13:f67a6c6013ca 6016 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 13:f67a6c6013ca 6017 #ifdef USE_WINDOWS_API
wolfSSL 13:f67a6c6013ca 6018 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 6019 goto retry;
wolfSSL 13:f67a6c6013ca 6020 }
wolfSSL 13:f67a6c6013ca 6021 #endif
wolfSSL 13:f67a6c6013ca 6022 ssl->options.connReset = 1;
wolfSSL 13:f67a6c6013ca 6023 return -1;
wolfSSL 13:f67a6c6013ca 6024
wolfSSL 13:f67a6c6013ca 6025 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 13:f67a6c6013ca 6026 /* see if we got our timeout */
wolfSSL 13:f67a6c6013ca 6027 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 6028 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 6029 struct itimerval timeout;
wolfSSL 13:f67a6c6013ca 6030 getitimer(ITIMER_REAL, &timeout);
wolfSSL 13:f67a6c6013ca 6031 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 13:f67a6c6013ca 6032 timeout.it_value.tv_usec == 0) {
wolfSSL 13:f67a6c6013ca 6033 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 13:f67a6c6013ca 6034 "recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 13:f67a6c6013ca 6035 WOLFSSL_MSG("Got our timeout");
wolfSSL 13:f67a6c6013ca 6036 return WANT_READ;
wolfSSL 13:f67a6c6013ca 6037 }
wolfSSL 13:f67a6c6013ca 6038 }
wolfSSL 13:f67a6c6013ca 6039 #endif
wolfSSL 13:f67a6c6013ca 6040 goto retry;
wolfSSL 13:f67a6c6013ca 6041
wolfSSL 13:f67a6c6013ca 6042 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL 13:f67a6c6013ca 6043 ssl->options.isClosed = 1;
wolfSSL 13:f67a6c6013ca 6044 return -1;
wolfSSL 13:f67a6c6013ca 6045
wolfSSL 13:f67a6c6013ca 6046 case WOLFSSL_CBIO_ERR_TIMEOUT:
wolfSSL 13:f67a6c6013ca 6047 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 6048 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 13:f67a6c6013ca 6049 !ssl->options.handShakeDone &&
wolfSSL 13:f67a6c6013ca 6050 DtlsMsgPoolTimeout(ssl) == 0 &&
wolfSSL 13:f67a6c6013ca 6051 DtlsMsgPoolSend(ssl, 0) == 0) {
wolfSSL 13:f67a6c6013ca 6052
wolfSSL 13:f67a6c6013ca 6053 goto retry;
wolfSSL 13:f67a6c6013ca 6054 }
wolfSSL 13:f67a6c6013ca 6055 #endif
wolfSSL 13:f67a6c6013ca 6056 return -1;
wolfSSL 13:f67a6c6013ca 6057
wolfSSL 13:f67a6c6013ca 6058 default:
wolfSSL 13:f67a6c6013ca 6059 return recvd;
wolfSSL 13:f67a6c6013ca 6060 }
wolfSSL 13:f67a6c6013ca 6061
wolfSSL 13:f67a6c6013ca 6062 return recvd;
wolfSSL 13:f67a6c6013ca 6063 }
wolfSSL 13:f67a6c6013ca 6064
wolfSSL 13:f67a6c6013ca 6065
wolfSSL 13:f67a6c6013ca 6066 /* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL 13:f67a6c6013ca 6067 void ShrinkOutputBuffer(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 6068 {
wolfSSL 13:f67a6c6013ca 6069 WOLFSSL_MSG("Shrinking output buffer\n");
wolfSSL 13:f67a6c6013ca 6070 XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL 13:f67a6c6013ca 6071 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 13:f67a6c6013ca 6072 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 13:f67a6c6013ca 6073 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 13:f67a6c6013ca 6074 ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL 13:f67a6c6013ca 6075 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 13:f67a6c6013ca 6076 }
wolfSSL 13:f67a6c6013ca 6077
wolfSSL 13:f67a6c6013ca 6078
wolfSSL 13:f67a6c6013ca 6079 /* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL 13:f67a6c6013ca 6080 /* forced free means cleaning up */
wolfSSL 13:f67a6c6013ca 6081 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
wolfSSL 13:f67a6c6013ca 6082 {
wolfSSL 13:f67a6c6013ca 6083 int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL 13:f67a6c6013ca 6084 ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 6085 if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL 13:f67a6c6013ca 6086 return;
wolfSSL 13:f67a6c6013ca 6087
wolfSSL 13:f67a6c6013ca 6088 WOLFSSL_MSG("Shrinking input buffer\n");
wolfSSL 13:f67a6c6013ca 6089
wolfSSL 13:f67a6c6013ca 6090 if (!forcedFree && usedLength > 0)
wolfSSL 13:f67a6c6013ca 6091 XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL 13:f67a6c6013ca 6092 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 6093 usedLength);
wolfSSL 13:f67a6c6013ca 6094
wolfSSL 13:f67a6c6013ca 6095 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 13:f67a6c6013ca 6096 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 6097 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 13:f67a6c6013ca 6098 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 13:f67a6c6013ca 6099 ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL 13:f67a6c6013ca 6100 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 13:f67a6c6013ca 6101 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 6102 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 13:f67a6c6013ca 6103 }
wolfSSL 13:f67a6c6013ca 6104
wolfSSL 13:f67a6c6013ca 6105 int SendBuffered(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 6106 {
wolfSSL 13:f67a6c6013ca 6107 if (ssl->ctx->CBIOSend == NULL) {
wolfSSL 13:f67a6c6013ca 6108 WOLFSSL_MSG("Your IO Send callback is null, please set");
wolfSSL 13:f67a6c6013ca 6109 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 6110 }
wolfSSL 13:f67a6c6013ca 6111
wolfSSL 13:f67a6c6013ca 6112 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 13:f67a6c6013ca 6113 if (ssl->buffers.outputBuffer.idx == 0) {
wolfSSL 13:f67a6c6013ca 6114 WOLFSSL_MSG("Data to send");
wolfSSL 13:f67a6c6013ca 6115 WOLFSSL_BUFFER(ssl->buffers.outputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 6116 ssl->buffers.outputBuffer.length);
wolfSSL 13:f67a6c6013ca 6117 }
wolfSSL 13:f67a6c6013ca 6118 #endif
wolfSSL 13:f67a6c6013ca 6119
wolfSSL 13:f67a6c6013ca 6120 while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 13:f67a6c6013ca 6121 int sent = ssl->ctx->CBIOSend(ssl,
wolfSSL 13:f67a6c6013ca 6122 (char*)ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 6123 ssl->buffers.outputBuffer.idx,
wolfSSL 13:f67a6c6013ca 6124 (int)ssl->buffers.outputBuffer.length,
wolfSSL 13:f67a6c6013ca 6125 ssl->IOCB_WriteCtx);
wolfSSL 13:f67a6c6013ca 6126 if (sent < 0) {
wolfSSL 13:f67a6c6013ca 6127 switch (sent) {
wolfSSL 13:f67a6c6013ca 6128
wolfSSL 13:f67a6c6013ca 6129 case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL 13:f67a6c6013ca 6130 return WANT_WRITE;
wolfSSL 13:f67a6c6013ca 6131
wolfSSL 13:f67a6c6013ca 6132 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 13:f67a6c6013ca 6133 ssl->options.connReset = 1;
wolfSSL 13:f67a6c6013ca 6134 break;
wolfSSL 13:f67a6c6013ca 6135
wolfSSL 13:f67a6c6013ca 6136 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 13:f67a6c6013ca 6137 /* see if we got our timeout */
wolfSSL 13:f67a6c6013ca 6138 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 6139 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 6140 struct itimerval timeout;
wolfSSL 13:f67a6c6013ca 6141 getitimer(ITIMER_REAL, &timeout);
wolfSSL 13:f67a6c6013ca 6142 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 13:f67a6c6013ca 6143 timeout.it_value.tv_usec == 0) {
wolfSSL 13:f67a6c6013ca 6144 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 13:f67a6c6013ca 6145 "send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 13:f67a6c6013ca 6146 WOLFSSL_MSG("Got our timeout");
wolfSSL 13:f67a6c6013ca 6147 return WANT_WRITE;
wolfSSL 13:f67a6c6013ca 6148 }
wolfSSL 13:f67a6c6013ca 6149 }
wolfSSL 13:f67a6c6013ca 6150 #endif
wolfSSL 13:f67a6c6013ca 6151 continue;
wolfSSL 13:f67a6c6013ca 6152
wolfSSL 13:f67a6c6013ca 6153 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL 13:f67a6c6013ca 6154 ssl->options.connReset = 1; /* treat same as reset */
wolfSSL 13:f67a6c6013ca 6155 break;
wolfSSL 13:f67a6c6013ca 6156
wolfSSL 13:f67a6c6013ca 6157 default:
wolfSSL 13:f67a6c6013ca 6158 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 6159 }
wolfSSL 13:f67a6c6013ca 6160
wolfSSL 13:f67a6c6013ca 6161 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 6162 }
wolfSSL 13:f67a6c6013ca 6163
wolfSSL 13:f67a6c6013ca 6164 if (sent > (int)ssl->buffers.outputBuffer.length) {
wolfSSL 13:f67a6c6013ca 6165 WOLFSSL_MSG("SendBuffered() out of bounds read");
wolfSSL 13:f67a6c6013ca 6166 return SEND_OOB_READ_E;
wolfSSL 13:f67a6c6013ca 6167 }
wolfSSL 13:f67a6c6013ca 6168
wolfSSL 13:f67a6c6013ca 6169 ssl->buffers.outputBuffer.idx += sent;
wolfSSL 13:f67a6c6013ca 6170 ssl->buffers.outputBuffer.length -= sent;
wolfSSL 13:f67a6c6013ca 6171 }
wolfSSL 13:f67a6c6013ca 6172
wolfSSL 13:f67a6c6013ca 6173 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 6174
wolfSSL 13:f67a6c6013ca 6175 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 6176 ShrinkOutputBuffer(ssl);
wolfSSL 13:f67a6c6013ca 6177
wolfSSL 13:f67a6c6013ca 6178 return 0;
wolfSSL 13:f67a6c6013ca 6179 }
wolfSSL 13:f67a6c6013ca 6180
wolfSSL 13:f67a6c6013ca 6181
wolfSSL 13:f67a6c6013ca 6182 /* Grow the output buffer */
wolfSSL 13:f67a6c6013ca 6183 static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
wolfSSL 13:f67a6c6013ca 6184 {
wolfSSL 13:f67a6c6013ca 6185 byte* tmp;
wolfSSL 13:f67a6c6013ca 6186 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6187 byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL 13:f67a6c6013ca 6188 RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 6189 byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 13:f67a6c6013ca 6190 #else
wolfSSL 13:f67a6c6013ca 6191 const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 13:f67a6c6013ca 6192 #endif
wolfSSL 13:f67a6c6013ca 6193
wolfSSL 13:f67a6c6013ca 6194 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6195 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 13:f67a6c6013ca 6196 the header, if the user wants encrypted alignment they need
wolfSSL 13:f67a6c6013ca 6197 to define their alignment requirement */
wolfSSL 13:f67a6c6013ca 6198
wolfSSL 13:f67a6c6013ca 6199 if (align) {
wolfSSL 13:f67a6c6013ca 6200 while (align < hdrSz)
wolfSSL 13:f67a6c6013ca 6201 align *= 2;
wolfSSL 13:f67a6c6013ca 6202 }
wolfSSL 13:f67a6c6013ca 6203 #endif
wolfSSL 13:f67a6c6013ca 6204
wolfSSL 13:f67a6c6013ca 6205 tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL 13:f67a6c6013ca 6206 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 13:f67a6c6013ca 6207 WOLFSSL_MSG("growing output buffer\n");
wolfSSL 13:f67a6c6013ca 6208
wolfSSL 13:f67a6c6013ca 6209 if (tmp == NULL)
wolfSSL 13:f67a6c6013ca 6210 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6211
wolfSSL 13:f67a6c6013ca 6212 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6213 if (align)
wolfSSL 13:f67a6c6013ca 6214 tmp += align - hdrSz;
wolfSSL 13:f67a6c6013ca 6215 #endif
wolfSSL 13:f67a6c6013ca 6216
wolfSSL 13:f67a6c6013ca 6217 if (ssl->buffers.outputBuffer.length)
wolfSSL 13:f67a6c6013ca 6218 XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 6219 ssl->buffers.outputBuffer.length);
wolfSSL 13:f67a6c6013ca 6220
wolfSSL 13:f67a6c6013ca 6221 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 6222 XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL 13:f67a6c6013ca 6223 ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL 13:f67a6c6013ca 6224 DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 13:f67a6c6013ca 6225 ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL 13:f67a6c6013ca 6226
wolfSSL 13:f67a6c6013ca 6227 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6228 if (align)
wolfSSL 13:f67a6c6013ca 6229 ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL 13:f67a6c6013ca 6230 else
wolfSSL 13:f67a6c6013ca 6231 #endif
wolfSSL 13:f67a6c6013ca 6232 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 13:f67a6c6013ca 6233
wolfSSL 13:f67a6c6013ca 6234 ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL 13:f67a6c6013ca 6235 ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL 13:f67a6c6013ca 6236 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 6237 return 0;
wolfSSL 13:f67a6c6013ca 6238 }
wolfSSL 13:f67a6c6013ca 6239
wolfSSL 13:f67a6c6013ca 6240
wolfSSL 13:f67a6c6013ca 6241 /* Grow the input buffer, should only be to read cert or big app data */
wolfSSL 13:f67a6c6013ca 6242 int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
wolfSSL 13:f67a6c6013ca 6243 {
wolfSSL 13:f67a6c6013ca 6244 byte* tmp;
wolfSSL 13:f67a6c6013ca 6245 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6246 byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
wolfSSL 13:f67a6c6013ca 6247 byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 6248 #else
wolfSSL 13:f67a6c6013ca 6249 const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 13:f67a6c6013ca 6250 #endif
wolfSSL 13:f67a6c6013ca 6251
wolfSSL 13:f67a6c6013ca 6252 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6253 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 13:f67a6c6013ca 6254 the dtls record header, if the user wants encrypted alignment they need
wolfSSL 13:f67a6c6013ca 6255 to define their alignment requirement. in tls we read record header
wolfSSL 13:f67a6c6013ca 6256 to get size of record and put actual data back at front, so don't need */
wolfSSL 13:f67a6c6013ca 6257
wolfSSL 13:f67a6c6013ca 6258 if (align) {
wolfSSL 13:f67a6c6013ca 6259 while (align < hdrSz)
wolfSSL 13:f67a6c6013ca 6260 align *= 2;
wolfSSL 13:f67a6c6013ca 6261 }
wolfSSL 13:f67a6c6013ca 6262 #endif
wolfSSL 13:f67a6c6013ca 6263
wolfSSL 13:f67a6c6013ca 6264 if (usedLength < 0 || size < 0) {
wolfSSL 13:f67a6c6013ca 6265 WOLFSSL_MSG("GrowInputBuffer() called with negative number");
wolfSSL 13:f67a6c6013ca 6266 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 6267 }
wolfSSL 13:f67a6c6013ca 6268
wolfSSL 13:f67a6c6013ca 6269 tmp = (byte*)XMALLOC(size + usedLength + align,
wolfSSL 13:f67a6c6013ca 6270 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 6271 WOLFSSL_MSG("growing input buffer\n");
wolfSSL 13:f67a6c6013ca 6272
wolfSSL 13:f67a6c6013ca 6273 if (tmp == NULL)
wolfSSL 13:f67a6c6013ca 6274 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6275
wolfSSL 13:f67a6c6013ca 6276 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6277 if (align)
wolfSSL 13:f67a6c6013ca 6278 tmp += align - hdrSz;
wolfSSL 13:f67a6c6013ca 6279 #endif
wolfSSL 13:f67a6c6013ca 6280
wolfSSL 13:f67a6c6013ca 6281 if (usedLength)
wolfSSL 13:f67a6c6013ca 6282 XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 6283 ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL 13:f67a6c6013ca 6284
wolfSSL 13:f67a6c6013ca 6285 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 6286 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 13:f67a6c6013ca 6287 ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 6288
wolfSSL 13:f67a6c6013ca 6289 ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL 13:f67a6c6013ca 6290 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 13:f67a6c6013ca 6291 if (align)
wolfSSL 13:f67a6c6013ca 6292 ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL 13:f67a6c6013ca 6293 else
wolfSSL 13:f67a6c6013ca 6294 #endif
wolfSSL 13:f67a6c6013ca 6295 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 13:f67a6c6013ca 6296
wolfSSL 13:f67a6c6013ca 6297 ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL 13:f67a6c6013ca 6298 ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL 13:f67a6c6013ca 6299 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 6300 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 13:f67a6c6013ca 6301
wolfSSL 13:f67a6c6013ca 6302 return 0;
wolfSSL 13:f67a6c6013ca 6303 }
wolfSSL 13:f67a6c6013ca 6304
wolfSSL 13:f67a6c6013ca 6305
wolfSSL 13:f67a6c6013ca 6306 /* check available size into output buffer, make room if needed */
wolfSSL 13:f67a6c6013ca 6307 int CheckAvailableSize(WOLFSSL *ssl, int size)
wolfSSL 13:f67a6c6013ca 6308 {
wolfSSL 13:f67a6c6013ca 6309 if (size < 0) {
wolfSSL 13:f67a6c6013ca 6310 WOLFSSL_MSG("CheckAvailableSize() called with negative number");
wolfSSL 13:f67a6c6013ca 6311 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 6312 }
wolfSSL 13:f67a6c6013ca 6313
wolfSSL 13:f67a6c6013ca 6314 if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL 13:f67a6c6013ca 6315 < (word32)size) {
wolfSSL 13:f67a6c6013ca 6316 if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL 13:f67a6c6013ca 6317 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6318 }
wolfSSL 13:f67a6c6013ca 6319
wolfSSL 13:f67a6c6013ca 6320 return 0;
wolfSSL 13:f67a6c6013ca 6321 }
wolfSSL 13:f67a6c6013ca 6322
wolfSSL 13:f67a6c6013ca 6323
wolfSSL 13:f67a6c6013ca 6324 /* do all verify and sanity checks on record header */
wolfSSL 13:f67a6c6013ca 6325 static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 6326 RecordLayerHeader* rh, word16 *size)
wolfSSL 13:f67a6c6013ca 6327 {
wolfSSL 13:f67a6c6013ca 6328 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 6329 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 6330 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 6331 ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
wolfSSL 13:f67a6c6013ca 6332 ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 6333 #endif
wolfSSL 13:f67a6c6013ca 6334 XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 6335 *inOutIdx += RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 6336 ato16(rh->length, size);
wolfSSL 13:f67a6c6013ca 6337 }
wolfSSL 13:f67a6c6013ca 6338 else {
wolfSSL 13:f67a6c6013ca 6339 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 6340 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 6341 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 6342 ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 6343 FUZZ_HEAD, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 6344 #endif
wolfSSL 13:f67a6c6013ca 6345 /* type and version in same sport */
wolfSSL 13:f67a6c6013ca 6346 XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL 13:f67a6c6013ca 6347 *inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL 13:f67a6c6013ca 6348 ato16(input + *inOutIdx, &ssl->keys.curEpoch);
wolfSSL 13:f67a6c6013ca 6349 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 6350 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 6351 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 6352 ssl->keys.curPeerId = input[*inOutIdx];
wolfSSL 13:f67a6c6013ca 6353 ssl->keys.curSeq_hi = input[*inOutIdx+1];
wolfSSL 13:f67a6c6013ca 6354 #endif
wolfSSL 13:f67a6c6013ca 6355 }
wolfSSL 13:f67a6c6013ca 6356 else
wolfSSL 13:f67a6c6013ca 6357 ato16(input + *inOutIdx, &ssl->keys.curSeq_hi);
wolfSSL 13:f67a6c6013ca 6358 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 6359 ato32(input + *inOutIdx, &ssl->keys.curSeq_lo);
wolfSSL 13:f67a6c6013ca 6360 *inOutIdx += OPAQUE32_LEN; /* advance past rest of seq */
wolfSSL 13:f67a6c6013ca 6361 ato16(input + *inOutIdx, size);
wolfSSL 13:f67a6c6013ca 6362 *inOutIdx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 6363 #endif
wolfSSL 13:f67a6c6013ca 6364 }
wolfSSL 13:f67a6c6013ca 6365
wolfSSL 13:f67a6c6013ca 6366 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 6367 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 13:f67a6c6013ca 6368 (!DtlsCheckWindow(ssl) ||
wolfSSL 13:f67a6c6013ca 6369 (ssl->options.handShakeDone && ssl->keys.curEpoch == 0))) {
wolfSSL 13:f67a6c6013ca 6370 return SEQUENCE_ERROR;
wolfSSL 13:f67a6c6013ca 6371 }
wolfSSL 13:f67a6c6013ca 6372 #endif
wolfSSL 13:f67a6c6013ca 6373
wolfSSL 13:f67a6c6013ca 6374 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 6375 /* case where specific protocols are turned off */
wolfSSL 13:f67a6c6013ca 6376 if (!ssl->options.dtls && ssl->options.mask > 0) {
wolfSSL 13:f67a6c6013ca 6377 if (rh->pvMinor == SSLv3_MINOR &&
wolfSSL 13:f67a6c6013ca 6378 (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 13:f67a6c6013ca 6379 WOLFSSL_MSG("Option set to not allow SSLv3");
wolfSSL 13:f67a6c6013ca 6380 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 6381 }
wolfSSL 13:f67a6c6013ca 6382 if (rh->pvMinor == TLSv1_MINOR &&
wolfSSL 13:f67a6c6013ca 6383 (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 13:f67a6c6013ca 6384 WOLFSSL_MSG("Option set to not allow TLSv1");
wolfSSL 13:f67a6c6013ca 6385 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 6386 }
wolfSSL 13:f67a6c6013ca 6387 if (rh->pvMinor == TLSv1_1_MINOR &&
wolfSSL 13:f67a6c6013ca 6388 (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 13:f67a6c6013ca 6389 WOLFSSL_MSG("Option set to not allow TLSv1.1");
wolfSSL 13:f67a6c6013ca 6390 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 6391 }
wolfSSL 13:f67a6c6013ca 6392 if (rh->pvMinor == TLSv1_2_MINOR &&
wolfSSL 13:f67a6c6013ca 6393 (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 13:f67a6c6013ca 6394 WOLFSSL_MSG("Option set to not allow TLSv1.2");
wolfSSL 13:f67a6c6013ca 6395 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 6396 }
wolfSSL 13:f67a6c6013ca 6397 }
wolfSSL 13:f67a6c6013ca 6398 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 6399
wolfSSL 13:f67a6c6013ca 6400 /* catch version mismatch */
wolfSSL 13:f67a6c6013ca 6401 #ifndef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 6402 if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor)
wolfSSL 13:f67a6c6013ca 6403 #else
wolfSSL 13:f67a6c6013ca 6404 if (rh->pvMajor != ssl->version.major ||
wolfSSL 13:f67a6c6013ca 6405 (rh->pvMinor != ssl->version.minor &&
wolfSSL 13:f67a6c6013ca 6406 (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_MINOR)))
wolfSSL 13:f67a6c6013ca 6407 #endif
wolfSSL 13:f67a6c6013ca 6408 {
wolfSSL 13:f67a6c6013ca 6409 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 6410 ssl->options.acceptState < ACCEPT_FIRST_REPLY_DONE)
wolfSSL 13:f67a6c6013ca 6411
wolfSSL 13:f67a6c6013ca 6412 WOLFSSL_MSG("Client attempting to connect with different version");
wolfSSL 13:f67a6c6013ca 6413 else if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL 13:f67a6c6013ca 6414 ssl->options.downgrade &&
wolfSSL 13:f67a6c6013ca 6415 ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL 13:f67a6c6013ca 6416 WOLFSSL_MSG("Server attempting to accept with different version");
wolfSSL 13:f67a6c6013ca 6417 else if (ssl->options.dtls && rh->type == handshake)
wolfSSL 13:f67a6c6013ca 6418 /* Check the DTLS handshake message RH version later. */
wolfSSL 13:f67a6c6013ca 6419 WOLFSSL_MSG("DTLS handshake, skip RH version number check");
wolfSSL 13:f67a6c6013ca 6420 else {
wolfSSL 13:f67a6c6013ca 6421 WOLFSSL_MSG("SSL version error");
wolfSSL 13:f67a6c6013ca 6422 return VERSION_ERROR; /* only use requested version */
wolfSSL 13:f67a6c6013ca 6423 }
wolfSSL 13:f67a6c6013ca 6424 }
wolfSSL 13:f67a6c6013ca 6425
wolfSSL 13:f67a6c6013ca 6426 /* record layer length check */
wolfSSL 13:f67a6c6013ca 6427 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 13:f67a6c6013ca 6428 if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
wolfSSL 13:f67a6c6013ca 6429 SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL 13:f67a6c6013ca 6430 return LENGTH_ERROR;
wolfSSL 13:f67a6c6013ca 6431 }
wolfSSL 13:f67a6c6013ca 6432 #else
wolfSSL 13:f67a6c6013ca 6433 if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL 13:f67a6c6013ca 6434 return LENGTH_ERROR;
wolfSSL 13:f67a6c6013ca 6435 #endif
wolfSSL 13:f67a6c6013ca 6436
wolfSSL 13:f67a6c6013ca 6437 /* verify record type here as well */
wolfSSL 13:f67a6c6013ca 6438 switch (rh->type) {
wolfSSL 13:f67a6c6013ca 6439 case handshake:
wolfSSL 13:f67a6c6013ca 6440 case change_cipher_spec:
wolfSSL 13:f67a6c6013ca 6441 case application_data:
wolfSSL 13:f67a6c6013ca 6442 case alert:
wolfSSL 13:f67a6c6013ca 6443 break;
wolfSSL 13:f67a6c6013ca 6444 case no_type:
wolfSSL 13:f67a6c6013ca 6445 default:
wolfSSL 13:f67a6c6013ca 6446 WOLFSSL_MSG("Unknown Record Type");
wolfSSL 13:f67a6c6013ca 6447 return UNKNOWN_RECORD_TYPE;
wolfSSL 13:f67a6c6013ca 6448 }
wolfSSL 13:f67a6c6013ca 6449
wolfSSL 13:f67a6c6013ca 6450 /* haven't decrypted this record yet */
wolfSSL 13:f67a6c6013ca 6451 ssl->keys.decryptedCur = 0;
wolfSSL 13:f67a6c6013ca 6452
wolfSSL 13:f67a6c6013ca 6453 return 0;
wolfSSL 13:f67a6c6013ca 6454 }
wolfSSL 13:f67a6c6013ca 6455
wolfSSL 13:f67a6c6013ca 6456
wolfSSL 13:f67a6c6013ca 6457 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 6458 byte *type, word32 *size, word32 totalSz)
wolfSSL 13:f67a6c6013ca 6459 {
wolfSSL 13:f67a6c6013ca 6460 const byte *ptr = input + *inOutIdx;
wolfSSL 13:f67a6c6013ca 6461 (void)ssl;
wolfSSL 13:f67a6c6013ca 6462
wolfSSL 13:f67a6c6013ca 6463 *inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 6464 if (*inOutIdx > totalSz)
wolfSSL 13:f67a6c6013ca 6465 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 6466
wolfSSL 13:f67a6c6013ca 6467 *type = ptr[0];
wolfSSL 13:f67a6c6013ca 6468 c24to32(&ptr[1], size);
wolfSSL 13:f67a6c6013ca 6469
wolfSSL 13:f67a6c6013ca 6470 return 0;
wolfSSL 13:f67a6c6013ca 6471 }
wolfSSL 13:f67a6c6013ca 6472
wolfSSL 13:f67a6c6013ca 6473
wolfSSL 13:f67a6c6013ca 6474 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 6475 static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
wolfSSL 13:f67a6c6013ca 6476 word32* inOutIdx, byte *type, word32 *size,
wolfSSL 13:f67a6c6013ca 6477 word32 *fragOffset, word32 *fragSz,
wolfSSL 13:f67a6c6013ca 6478 word32 totalSz)
wolfSSL 13:f67a6c6013ca 6479 {
wolfSSL 13:f67a6c6013ca 6480 word32 idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 6481
wolfSSL 13:f67a6c6013ca 6482 *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 6483 if (*inOutIdx > totalSz)
wolfSSL 13:f67a6c6013ca 6484 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 6485
wolfSSL 13:f67a6c6013ca 6486 *type = input[idx++];
wolfSSL 13:f67a6c6013ca 6487 c24to32(input + idx, size);
wolfSSL 13:f67a6c6013ca 6488 idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 6489
wolfSSL 13:f67a6c6013ca 6490 ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL 13:f67a6c6013ca 6491 idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL 13:f67a6c6013ca 6492
wolfSSL 13:f67a6c6013ca 6493 c24to32(input + idx, fragOffset);
wolfSSL 13:f67a6c6013ca 6494 idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL 13:f67a6c6013ca 6495 c24to32(input + idx, fragSz);
wolfSSL 13:f67a6c6013ca 6496
wolfSSL 13:f67a6c6013ca 6497 if (ssl->curRL.pvMajor != ssl->version.major ||
wolfSSL 13:f67a6c6013ca 6498 ssl->curRL.pvMinor != ssl->version.minor) {
wolfSSL 13:f67a6c6013ca 6499
wolfSSL 13:f67a6c6013ca 6500 if (*type != client_hello && *type != hello_verify_request)
wolfSSL 13:f67a6c6013ca 6501 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 6502 else {
wolfSSL 13:f67a6c6013ca 6503 WOLFSSL_MSG("DTLS Handshake ignoring hello or verify version");
wolfSSL 13:f67a6c6013ca 6504 }
wolfSSL 13:f67a6c6013ca 6505 }
wolfSSL 13:f67a6c6013ca 6506 return 0;
wolfSSL 13:f67a6c6013ca 6507 }
wolfSSL 13:f67a6c6013ca 6508 #endif
wolfSSL 13:f67a6c6013ca 6509
wolfSSL 13:f67a6c6013ca 6510
wolfSSL 13:f67a6c6013ca 6511 #if !defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 6512 (defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 6513 /* fill with MD5 pad size since biggest required */
wolfSSL 13:f67a6c6013ca 6514 static const byte PAD1[PAD_MD5] =
wolfSSL 13:f67a6c6013ca 6515 { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 13:f67a6c6013ca 6516 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 13:f67a6c6013ca 6517 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 13:f67a6c6013ca 6518 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 13:f67a6c6013ca 6519 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 13:f67a6c6013ca 6520 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL 13:f67a6c6013ca 6521 };
wolfSSL 13:f67a6c6013ca 6522 static const byte PAD2[PAD_MD5] =
wolfSSL 13:f67a6c6013ca 6523 { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 13:f67a6c6013ca 6524 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 13:f67a6c6013ca 6525 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 13:f67a6c6013ca 6526 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 13:f67a6c6013ca 6527 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 13:f67a6c6013ca 6528 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL 13:f67a6c6013ca 6529 };
wolfSSL 13:f67a6c6013ca 6530 #endif /* !NO_OLD_TLS || (NO_OLD_TLS && WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL 13:f67a6c6013ca 6531
wolfSSL 13:f67a6c6013ca 6532 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 6533
wolfSSL 13:f67a6c6013ca 6534 /* calculate MD5 hash for finished */
wolfSSL 13:f67a6c6013ca 6535 #ifdef WOLFSSL_TI_HASH
wolfSSL 13:f67a6c6013ca 6536 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 13:f67a6c6013ca 6537 #endif
wolfSSL 13:f67a6c6013ca 6538
wolfSSL 13:f67a6c6013ca 6539 static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 13:f67a6c6013ca 6540 {
wolfSSL 13:f67a6c6013ca 6541 int ret;
wolfSSL 13:f67a6c6013ca 6542 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 6543 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6544 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6545 if (md5 == NULL)
wolfSSL 13:f67a6c6013ca 6546 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6547 #else
wolfSSL 13:f67a6c6013ca 6548 Md5 md5[1];
wolfSSL 13:f67a6c6013ca 6549 #endif
wolfSSL 13:f67a6c6013ca 6550
wolfSSL 13:f67a6c6013ca 6551 /* make md5 inner */
wolfSSL 13:f67a6c6013ca 6552 ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5);
wolfSSL 13:f67a6c6013ca 6553 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6554 ret = wc_Md5Update(md5, sender, SIZEOF_SENDER);
wolfSSL 13:f67a6c6013ca 6555 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6556 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 6557 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6558 ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL 13:f67a6c6013ca 6559 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6560 ret = wc_Md5Final(md5, md5_result);
wolfSSL 13:f67a6c6013ca 6561
wolfSSL 13:f67a6c6013ca 6562 /* make md5 outer */
wolfSSL 13:f67a6c6013ca 6563 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 6564 ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 6565 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 6566 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 6567 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6568 ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL 13:f67a6c6013ca 6569 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6570 ret = wc_Md5Update(md5, md5_result, MD5_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 6571 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6572 ret = wc_Md5Final(md5, hashes->md5);
wolfSSL 13:f67a6c6013ca 6573 wc_Md5Free(md5);
wolfSSL 13:f67a6c6013ca 6574 }
wolfSSL 13:f67a6c6013ca 6575 }
wolfSSL 13:f67a6c6013ca 6576
wolfSSL 13:f67a6c6013ca 6577 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6578 XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6579 #endif
wolfSSL 13:f67a6c6013ca 6580
wolfSSL 13:f67a6c6013ca 6581 return ret;
wolfSSL 13:f67a6c6013ca 6582 }
wolfSSL 13:f67a6c6013ca 6583
wolfSSL 13:f67a6c6013ca 6584
wolfSSL 13:f67a6c6013ca 6585 /* calculate SHA hash for finished */
wolfSSL 13:f67a6c6013ca 6586 static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 13:f67a6c6013ca 6587 {
wolfSSL 13:f67a6c6013ca 6588 int ret;
wolfSSL 13:f67a6c6013ca 6589 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 6590 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6591 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6592 if (sha == NULL)
wolfSSL 13:f67a6c6013ca 6593 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6594 #else
wolfSSL 13:f67a6c6013ca 6595 Sha sha[1];
wolfSSL 13:f67a6c6013ca 6596 #endif
wolfSSL 13:f67a6c6013ca 6597 /* make sha inner */
wolfSSL 13:f67a6c6013ca 6598 ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL 13:f67a6c6013ca 6599 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6600 ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER);
wolfSSL 13:f67a6c6013ca 6601 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6602 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 6603 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6604 ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL 13:f67a6c6013ca 6605 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6606 ret = wc_ShaFinal(sha, sha_result);
wolfSSL 13:f67a6c6013ca 6607
wolfSSL 13:f67a6c6013ca 6608 /* make sha outer */
wolfSSL 13:f67a6c6013ca 6609 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 6610 ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 6611 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 6612 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 6613 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6614 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL 13:f67a6c6013ca 6615 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6616 ret = wc_ShaUpdate(sha, sha_result, SHA_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 6617 if (ret == 0)
wolfSSL 13:f67a6c6013ca 6618 ret = wc_ShaFinal(sha, hashes->sha);
wolfSSL 13:f67a6c6013ca 6619 wc_ShaFree(sha);
wolfSSL 13:f67a6c6013ca 6620 }
wolfSSL 13:f67a6c6013ca 6621 }
wolfSSL 13:f67a6c6013ca 6622
wolfSSL 13:f67a6c6013ca 6623 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6624 XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6625 #endif
wolfSSL 13:f67a6c6013ca 6626
wolfSSL 13:f67a6c6013ca 6627 return ret;
wolfSSL 13:f67a6c6013ca 6628 }
wolfSSL 13:f67a6c6013ca 6629 #endif
wolfSSL 13:f67a6c6013ca 6630
wolfSSL 13:f67a6c6013ca 6631 /* Finished doesn't support SHA512, not SHA512 cipher suites yet */
wolfSSL 13:f67a6c6013ca 6632 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 13:f67a6c6013ca 6633 {
wolfSSL 13:f67a6c6013ca 6634 int ret = 0;
wolfSSL 13:f67a6c6013ca 6635 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 6636 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6637 Sha384* sha384;
wolfSSL 13:f67a6c6013ca 6638 #else
wolfSSL 13:f67a6c6013ca 6639 Sha384 sha384[1];
wolfSSL 13:f67a6c6013ca 6640 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 13:f67a6c6013ca 6641 #endif /* WOLFSSL_SHA384 */
wolfSSL 13:f67a6c6013ca 6642
wolfSSL 13:f67a6c6013ca 6643 if (ssl == NULL)
wolfSSL 13:f67a6c6013ca 6644 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 6645
wolfSSL 13:f67a6c6013ca 6646 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 6647 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6648 sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6649 if (sha384 == NULL)
wolfSSL 13:f67a6c6013ca 6650 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 6651 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 13:f67a6c6013ca 6652 #endif /* WOLFSSL_SHA384 */
wolfSSL 13:f67a6c6013ca 6653
wolfSSL 13:f67a6c6013ca 6654 /* store current states, building requires get_digest which resets state */
wolfSSL 13:f67a6c6013ca 6655 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 6656 sha384[0] = ssl->hsHashes->hashSha384;
wolfSSL 13:f67a6c6013ca 6657 #endif
wolfSSL 13:f67a6c6013ca 6658
wolfSSL 13:f67a6c6013ca 6659 #ifndef NO_TLS
wolfSSL 13:f67a6c6013ca 6660 if (ssl->options.tls) {
wolfSSL 13:f67a6c6013ca 6661 ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL 13:f67a6c6013ca 6662 }
wolfSSL 13:f67a6c6013ca 6663 #endif
wolfSSL 13:f67a6c6013ca 6664 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 6665 if (!ssl->options.tls) {
wolfSSL 13:f67a6c6013ca 6666 ret = BuildMD5(ssl, hashes, sender);
wolfSSL 13:f67a6c6013ca 6667 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 6668 ret = BuildSHA(ssl, hashes, sender);
wolfSSL 13:f67a6c6013ca 6669 }
wolfSSL 13:f67a6c6013ca 6670 }
wolfSSL 13:f67a6c6013ca 6671 #endif
wolfSSL 13:f67a6c6013ca 6672
wolfSSL 13:f67a6c6013ca 6673 /* restore */
wolfSSL 13:f67a6c6013ca 6674 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 6675 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 6676 ssl->hsHashes->hashSha384 = sha384[0];
wolfSSL 13:f67a6c6013ca 6677 #endif
wolfSSL 13:f67a6c6013ca 6678 }
wolfSSL 13:f67a6c6013ca 6679
wolfSSL 13:f67a6c6013ca 6680 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 6681 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 6682 XFREE(sha384, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 6683 #endif
wolfSSL 13:f67a6c6013ca 6684 #endif
wolfSSL 13:f67a6c6013ca 6685
wolfSSL 13:f67a6c6013ca 6686 return ret;
wolfSSL 13:f67a6c6013ca 6687 }
wolfSSL 13:f67a6c6013ca 6688
wolfSSL 13:f67a6c6013ca 6689
wolfSSL 13:f67a6c6013ca 6690 /* cipher requirements */
wolfSSL 13:f67a6c6013ca 6691 enum {
wolfSSL 13:f67a6c6013ca 6692 REQUIRES_RSA,
wolfSSL 13:f67a6c6013ca 6693 REQUIRES_DHE,
wolfSSL 13:f67a6c6013ca 6694 REQUIRES_ECC,
wolfSSL 13:f67a6c6013ca 6695 REQUIRES_ECC_STATIC,
wolfSSL 13:f67a6c6013ca 6696 REQUIRES_PSK,
wolfSSL 13:f67a6c6013ca 6697 REQUIRES_NTRU,
wolfSSL 13:f67a6c6013ca 6698 REQUIRES_RSA_SIG
wolfSSL 13:f67a6c6013ca 6699 };
wolfSSL 13:f67a6c6013ca 6700
wolfSSL 13:f67a6c6013ca 6701
wolfSSL 13:f67a6c6013ca 6702
wolfSSL 13:f67a6c6013ca 6703 /* Does this cipher suite (first, second) have the requirement
wolfSSL 13:f67a6c6013ca 6704 an ephemeral key exchange will still require the key for signing
wolfSSL 13:f67a6c6013ca 6705 the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL 13:f67a6c6013ca 6706 static int CipherRequires(byte first, byte second, int requirement)
wolfSSL 13:f67a6c6013ca 6707 {
wolfSSL 13:f67a6c6013ca 6708
wolfSSL 13:f67a6c6013ca 6709 if (first == CHACHA_BYTE) {
wolfSSL 13:f67a6c6013ca 6710
wolfSSL 13:f67a6c6013ca 6711 switch (second) {
wolfSSL 13:f67a6c6013ca 6712
wolfSSL 13:f67a6c6013ca 6713 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6714 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6715 return 1;
wolfSSL 13:f67a6c6013ca 6716 break;
wolfSSL 13:f67a6c6013ca 6717
wolfSSL 13:f67a6c6013ca 6718 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6719 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6720 return 1;
wolfSSL 13:f67a6c6013ca 6721 break;
wolfSSL 13:f67a6c6013ca 6722
wolfSSL 13:f67a6c6013ca 6723 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6724 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6725 return 1;
wolfSSL 13:f67a6c6013ca 6726 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 6727 return 1;
wolfSSL 13:f67a6c6013ca 6728 break;
wolfSSL 13:f67a6c6013ca 6729
wolfSSL 13:f67a6c6013ca 6730 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6731 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6732 return 1;
wolfSSL 13:f67a6c6013ca 6733 break;
wolfSSL 13:f67a6c6013ca 6734
wolfSSL 13:f67a6c6013ca 6735 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6736 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6737 return 1;
wolfSSL 13:f67a6c6013ca 6738 break;
wolfSSL 13:f67a6c6013ca 6739
wolfSSL 13:f67a6c6013ca 6740 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6741 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6742 return 1;
wolfSSL 13:f67a6c6013ca 6743 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 6744 return 1;
wolfSSL 13:f67a6c6013ca 6745 break;
wolfSSL 13:f67a6c6013ca 6746
wolfSSL 13:f67a6c6013ca 6747
wolfSSL 13:f67a6c6013ca 6748 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6749 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6750 return 1;
wolfSSL 13:f67a6c6013ca 6751 break;
wolfSSL 13:f67a6c6013ca 6752
wolfSSL 13:f67a6c6013ca 6753 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6754 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6755 return 1;
wolfSSL 13:f67a6c6013ca 6756 break;
wolfSSL 13:f67a6c6013ca 6757
wolfSSL 13:f67a6c6013ca 6758 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 6759 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6760 return 1;
wolfSSL 13:f67a6c6013ca 6761 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 6762 return 1;
wolfSSL 13:f67a6c6013ca 6763 break;
wolfSSL 13:f67a6c6013ca 6764 }
wolfSSL 13:f67a6c6013ca 6765 }
wolfSSL 13:f67a6c6013ca 6766
wolfSSL 13:f67a6c6013ca 6767 /* ECC extensions */
wolfSSL 13:f67a6c6013ca 6768 if (first == ECC_BYTE) {
wolfSSL 13:f67a6c6013ca 6769
wolfSSL 13:f67a6c6013ca 6770 switch (second) {
wolfSSL 13:f67a6c6013ca 6771
wolfSSL 13:f67a6c6013ca 6772 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 6773 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6774 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6775 return 1;
wolfSSL 13:f67a6c6013ca 6776 break;
wolfSSL 13:f67a6c6013ca 6777
wolfSSL 13:f67a6c6013ca 6778 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6779 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6780 return 1;
wolfSSL 13:f67a6c6013ca 6781 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6782 return 1;
wolfSSL 13:f67a6c6013ca 6783 break;
wolfSSL 13:f67a6c6013ca 6784
wolfSSL 13:f67a6c6013ca 6785 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 6786 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6787 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6788 return 1;
wolfSSL 13:f67a6c6013ca 6789 break;
wolfSSL 13:f67a6c6013ca 6790
wolfSSL 13:f67a6c6013ca 6791 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6792 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6793 return 1;
wolfSSL 13:f67a6c6013ca 6794 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6795 return 1;
wolfSSL 13:f67a6c6013ca 6796 break;
wolfSSL 13:f67a6c6013ca 6797 #endif
wolfSSL 13:f67a6c6013ca 6798
wolfSSL 13:f67a6c6013ca 6799 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 6800 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 6801 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6802 return 1;
wolfSSL 13:f67a6c6013ca 6803 break;
wolfSSL 13:f67a6c6013ca 6804
wolfSSL 13:f67a6c6013ca 6805 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 6806 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6807 return 1;
wolfSSL 13:f67a6c6013ca 6808 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6809 return 1;
wolfSSL 13:f67a6c6013ca 6810 break;
wolfSSL 13:f67a6c6013ca 6811 #endif
wolfSSL 13:f67a6c6013ca 6812 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 6813
wolfSSL 13:f67a6c6013ca 6814 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 6815 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6816 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6817 return 1;
wolfSSL 13:f67a6c6013ca 6818 break;
wolfSSL 13:f67a6c6013ca 6819
wolfSSL 13:f67a6c6013ca 6820 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6821 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6822 return 1;
wolfSSL 13:f67a6c6013ca 6823 break;
wolfSSL 13:f67a6c6013ca 6824 #endif
wolfSSL 13:f67a6c6013ca 6825 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 6826 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 6827 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6828 return 1;
wolfSSL 13:f67a6c6013ca 6829 break;
wolfSSL 13:f67a6c6013ca 6830
wolfSSL 13:f67a6c6013ca 6831 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 6832 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6833 return 1;
wolfSSL 13:f67a6c6013ca 6834 break;
wolfSSL 13:f67a6c6013ca 6835 #endif
wolfSSL 13:f67a6c6013ca 6836 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 6837 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6838 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6839 return 1;
wolfSSL 13:f67a6c6013ca 6840 break;
wolfSSL 13:f67a6c6013ca 6841
wolfSSL 13:f67a6c6013ca 6842 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6843 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6844 return 1;
wolfSSL 13:f67a6c6013ca 6845 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6846 return 1;
wolfSSL 13:f67a6c6013ca 6847 break;
wolfSSL 13:f67a6c6013ca 6848 #endif
wolfSSL 13:f67a6c6013ca 6849
wolfSSL 13:f67a6c6013ca 6850 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6851 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6852 return 1;
wolfSSL 13:f67a6c6013ca 6853 break;
wolfSSL 13:f67a6c6013ca 6854
wolfSSL 13:f67a6c6013ca 6855 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6856 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6857 return 1;
wolfSSL 13:f67a6c6013ca 6858 break;
wolfSSL 13:f67a6c6013ca 6859
wolfSSL 13:f67a6c6013ca 6860 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6861 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6862 return 1;
wolfSSL 13:f67a6c6013ca 6863 break;
wolfSSL 13:f67a6c6013ca 6864
wolfSSL 13:f67a6c6013ca 6865 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 6866 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6867 return 1;
wolfSSL 13:f67a6c6013ca 6868 break;
wolfSSL 13:f67a6c6013ca 6869
wolfSSL 13:f67a6c6013ca 6870 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 6871 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6872 return 1;
wolfSSL 13:f67a6c6013ca 6873 break;
wolfSSL 13:f67a6c6013ca 6874
wolfSSL 13:f67a6c6013ca 6875 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 6876 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6877 return 1;
wolfSSL 13:f67a6c6013ca 6878 break;
wolfSSL 13:f67a6c6013ca 6879
wolfSSL 13:f67a6c6013ca 6880 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 6881 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6882 return 1;
wolfSSL 13:f67a6c6013ca 6883 break;
wolfSSL 13:f67a6c6013ca 6884
wolfSSL 13:f67a6c6013ca 6885 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 6886 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6887 return 1;
wolfSSL 13:f67a6c6013ca 6888 break;
wolfSSL 13:f67a6c6013ca 6889
wolfSSL 13:f67a6c6013ca 6890 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 6891 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 6892 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6893 return 1;
wolfSSL 13:f67a6c6013ca 6894 break;
wolfSSL 13:f67a6c6013ca 6895
wolfSSL 13:f67a6c6013ca 6896 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 6897 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6898 return 1;
wolfSSL 13:f67a6c6013ca 6899 break;
wolfSSL 13:f67a6c6013ca 6900
wolfSSL 13:f67a6c6013ca 6901 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 6902 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6903 return 1;
wolfSSL 13:f67a6c6013ca 6904 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6905 return 1;
wolfSSL 13:f67a6c6013ca 6906 break;
wolfSSL 13:f67a6c6013ca 6907
wolfSSL 13:f67a6c6013ca 6908 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 6909 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6910 return 1;
wolfSSL 13:f67a6c6013ca 6911 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6912 return 1;
wolfSSL 13:f67a6c6013ca 6913 break;
wolfSSL 13:f67a6c6013ca 6914
wolfSSL 13:f67a6c6013ca 6915 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 13:f67a6c6013ca 6916 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 13:f67a6c6013ca 6917 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6918 return 1;
wolfSSL 13:f67a6c6013ca 6919 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6920 return 1;
wolfSSL 13:f67a6c6013ca 6921 break;
wolfSSL 13:f67a6c6013ca 6922
wolfSSL 13:f67a6c6013ca 6923 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 6924 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 6925 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 6926 return 1;
wolfSSL 13:f67a6c6013ca 6927 break;
wolfSSL 13:f67a6c6013ca 6928
wolfSSL 13:f67a6c6013ca 6929 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 6930 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 6931 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 6932 return 1;
wolfSSL 13:f67a6c6013ca 6933 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6934 return 1;
wolfSSL 13:f67a6c6013ca 6935 break;
wolfSSL 13:f67a6c6013ca 6936 #endif
wolfSSL 13:f67a6c6013ca 6937
wolfSSL 13:f67a6c6013ca 6938 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
wolfSSL 13:f67a6c6013ca 6939 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL 13:f67a6c6013ca 6940 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 13:f67a6c6013ca 6941 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6942 return 1;
wolfSSL 13:f67a6c6013ca 6943 break;
wolfSSL 13:f67a6c6013ca 6944
wolfSSL 13:f67a6c6013ca 6945 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 6946 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 6947 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6948 return 1;
wolfSSL 13:f67a6c6013ca 6949 break;
wolfSSL 13:f67a6c6013ca 6950
wolfSSL 13:f67a6c6013ca 6951 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 6952 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 6953 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6954 return 1;
wolfSSL 13:f67a6c6013ca 6955 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 13:f67a6c6013ca 6956 return 1;
wolfSSL 13:f67a6c6013ca 6957 break;
wolfSSL 13:f67a6c6013ca 6958
wolfSSL 13:f67a6c6013ca 6959 case TLS_PSK_WITH_AES_128_CCM:
wolfSSL 13:f67a6c6013ca 6960 case TLS_PSK_WITH_AES_256_CCM:
wolfSSL 13:f67a6c6013ca 6961 case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL 13:f67a6c6013ca 6962 case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL 13:f67a6c6013ca 6963 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6964 return 1;
wolfSSL 13:f67a6c6013ca 6965 break;
wolfSSL 13:f67a6c6013ca 6966
wolfSSL 13:f67a6c6013ca 6967 case TLS_DHE_PSK_WITH_AES_128_CCM:
wolfSSL 13:f67a6c6013ca 6968 case TLS_DHE_PSK_WITH_AES_256_CCM:
wolfSSL 13:f67a6c6013ca 6969 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6970 return 1;
wolfSSL 13:f67a6c6013ca 6971 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 6972 return 1;
wolfSSL 13:f67a6c6013ca 6973 break;
wolfSSL 13:f67a6c6013ca 6974
wolfSSL 13:f67a6c6013ca 6975 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 6976 if (requirement == REQUIRES_ECC)
wolfSSL 13:f67a6c6013ca 6977 return 1;
wolfSSL 13:f67a6c6013ca 6978 break;
wolfSSL 13:f67a6c6013ca 6979
wolfSSL 13:f67a6c6013ca 6980 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 6981 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6982 return 1;
wolfSSL 13:f67a6c6013ca 6983 break;
wolfSSL 13:f67a6c6013ca 6984
wolfSSL 13:f67a6c6013ca 6985 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 6986 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 6987 return 1;
wolfSSL 13:f67a6c6013ca 6988 break;
wolfSSL 13:f67a6c6013ca 6989
wolfSSL 13:f67a6c6013ca 6990 default:
wolfSSL 13:f67a6c6013ca 6991 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL 13:f67a6c6013ca 6992 return 0;
wolfSSL 13:f67a6c6013ca 6993 } /* switch */
wolfSSL 13:f67a6c6013ca 6994 } /* if */
wolfSSL 13:f67a6c6013ca 6995
wolfSSL 13:f67a6c6013ca 6996 /* Distinct TLS v1.3 cipher suites with cipher and digest only. */
wolfSSL 13:f67a6c6013ca 6997 if (first == TLS13_BYTE) {
wolfSSL 13:f67a6c6013ca 6998
wolfSSL 13:f67a6c6013ca 6999 switch (second) {
wolfSSL 13:f67a6c6013ca 7000 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7001 case TLS_AES_128_GCM_SHA256:
wolfSSL 13:f67a6c6013ca 7002 case TLS_AES_256_GCM_SHA384:
wolfSSL 13:f67a6c6013ca 7003 case TLS_CHACHA20_POLY1305_SHA256:
wolfSSL 13:f67a6c6013ca 7004 case TLS_AES_128_CCM_SHA256:
wolfSSL 13:f67a6c6013ca 7005 case TLS_AES_128_CCM_8_SHA256:
wolfSSL 13:f67a6c6013ca 7006 break;
wolfSSL 13:f67a6c6013ca 7007 #endif
wolfSSL 13:f67a6c6013ca 7008
wolfSSL 13:f67a6c6013ca 7009 default:
wolfSSL 13:f67a6c6013ca 7010 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires "
wolfSSL 13:f67a6c6013ca 7011 "TLS v1.3");
wolfSSL 13:f67a6c6013ca 7012 return 0;
wolfSSL 13:f67a6c6013ca 7013 }
wolfSSL 13:f67a6c6013ca 7014 }
wolfSSL 13:f67a6c6013ca 7015
wolfSSL 13:f67a6c6013ca 7016 if (first != ECC_BYTE && first != CHACHA_BYTE &&
wolfSSL 13:f67a6c6013ca 7017 first != TLS13_BYTE) { /* normal suites */
wolfSSL 13:f67a6c6013ca 7018 switch (second) {
wolfSSL 13:f67a6c6013ca 7019
wolfSSL 13:f67a6c6013ca 7020 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 7021 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 7022 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7023 return 1;
wolfSSL 13:f67a6c6013ca 7024 break;
wolfSSL 13:f67a6c6013ca 7025
wolfSSL 13:f67a6c6013ca 7026 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 13:f67a6c6013ca 7027 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7028 return 1;
wolfSSL 13:f67a6c6013ca 7029 break;
wolfSSL 13:f67a6c6013ca 7030
wolfSSL 13:f67a6c6013ca 7031 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7032 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7033 return 1;
wolfSSL 13:f67a6c6013ca 7034 break;
wolfSSL 13:f67a6c6013ca 7035
wolfSSL 13:f67a6c6013ca 7036 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 7037 if (requirement == REQUIRES_NTRU)
wolfSSL 13:f67a6c6013ca 7038 return 1;
wolfSSL 13:f67a6c6013ca 7039 break;
wolfSSL 13:f67a6c6013ca 7040
wolfSSL 13:f67a6c6013ca 7041 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7042 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7043 return 1;
wolfSSL 13:f67a6c6013ca 7044 break;
wolfSSL 13:f67a6c6013ca 7045
wolfSSL 13:f67a6c6013ca 7046 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7047 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7048 return 1;
wolfSSL 13:f67a6c6013ca 7049 break;
wolfSSL 13:f67a6c6013ca 7050
wolfSSL 13:f67a6c6013ca 7051 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7052 if (requirement == REQUIRES_NTRU)
wolfSSL 13:f67a6c6013ca 7053 return 1;
wolfSSL 13:f67a6c6013ca 7054 break;
wolfSSL 13:f67a6c6013ca 7055
wolfSSL 13:f67a6c6013ca 7056 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7057 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7058 return 1;
wolfSSL 13:f67a6c6013ca 7059 break;
wolfSSL 13:f67a6c6013ca 7060
wolfSSL 13:f67a6c6013ca 7061 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7062 if (requirement == REQUIRES_NTRU)
wolfSSL 13:f67a6c6013ca 7063 return 1;
wolfSSL 13:f67a6c6013ca 7064 break;
wolfSSL 13:f67a6c6013ca 7065
wolfSSL 13:f67a6c6013ca 7066 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7067 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7068 return 1;
wolfSSL 13:f67a6c6013ca 7069 break;
wolfSSL 13:f67a6c6013ca 7070
wolfSSL 13:f67a6c6013ca 7071 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 7072 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 7073 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7074 return 1;
wolfSSL 13:f67a6c6013ca 7075 break;
wolfSSL 13:f67a6c6013ca 7076
wolfSSL 13:f67a6c6013ca 7077 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7078 if (requirement == REQUIRES_NTRU)
wolfSSL 13:f67a6c6013ca 7079 return 1;
wolfSSL 13:f67a6c6013ca 7080 break;
wolfSSL 13:f67a6c6013ca 7081
wolfSSL 13:f67a6c6013ca 7082 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7083 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7084 return 1;
wolfSSL 13:f67a6c6013ca 7085 break;
wolfSSL 13:f67a6c6013ca 7086 #endif
wolfSSL 13:f67a6c6013ca 7087
wolfSSL 13:f67a6c6013ca 7088 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 7089 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 7090 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7091 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 7092 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7093 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7094 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 13:f67a6c6013ca 7095 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 7096 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 7097 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 7098 return 1;
wolfSSL 13:f67a6c6013ca 7099 break;
wolfSSL 13:f67a6c6013ca 7100
wolfSSL 13:f67a6c6013ca 7101 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 7102 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 7103 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7104 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 7105 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 13:f67a6c6013ca 7106 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 7107 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7108 return 1;
wolfSSL 13:f67a6c6013ca 7109 if (requirement == REQUIRES_PSK)
wolfSSL 13:f67a6c6013ca 7110 return 1;
wolfSSL 13:f67a6c6013ca 7111 break;
wolfSSL 13:f67a6c6013ca 7112
wolfSSL 13:f67a6c6013ca 7113 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 7114 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7115 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7116 return 1;
wolfSSL 13:f67a6c6013ca 7117 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7118 return 1;
wolfSSL 13:f67a6c6013ca 7119 break;
wolfSSL 13:f67a6c6013ca 7120
wolfSSL 13:f67a6c6013ca 7121 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7122 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7123 return 1;
wolfSSL 13:f67a6c6013ca 7124 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7125 return 1;
wolfSSL 13:f67a6c6013ca 7126 break;
wolfSSL 13:f67a6c6013ca 7127
wolfSSL 13:f67a6c6013ca 7128 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7129 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7130 return 1;
wolfSSL 13:f67a6c6013ca 7131 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7132 return 1;
wolfSSL 13:f67a6c6013ca 7133 break;
wolfSSL 13:f67a6c6013ca 7134
wolfSSL 13:f67a6c6013ca 7135 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7136 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7137 return 1;
wolfSSL 13:f67a6c6013ca 7138 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7139 return 1;
wolfSSL 13:f67a6c6013ca 7140 break;
wolfSSL 13:f67a6c6013ca 7141
wolfSSL 13:f67a6c6013ca 7142 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 13:f67a6c6013ca 7143 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7144 return 1;
wolfSSL 13:f67a6c6013ca 7145 break;
wolfSSL 13:f67a6c6013ca 7146
wolfSSL 13:f67a6c6013ca 7147 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 13:f67a6c6013ca 7148 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7149 return 1;
wolfSSL 13:f67a6c6013ca 7150 break;
wolfSSL 13:f67a6c6013ca 7151
wolfSSL 13:f67a6c6013ca 7152 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 13:f67a6c6013ca 7153 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7154 return 1;
wolfSSL 13:f67a6c6013ca 7155 break;
wolfSSL 13:f67a6c6013ca 7156
wolfSSL 13:f67a6c6013ca 7157 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 13:f67a6c6013ca 7158 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 13:f67a6c6013ca 7159 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7160 return 1;
wolfSSL 13:f67a6c6013ca 7161 break;
wolfSSL 13:f67a6c6013ca 7162
wolfSSL 13:f67a6c6013ca 7163 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 13:f67a6c6013ca 7164 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7165 return 1;
wolfSSL 13:f67a6c6013ca 7166 break;
wolfSSL 13:f67a6c6013ca 7167
wolfSSL 13:f67a6c6013ca 7168 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 7169 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 7170 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7171 return 1;
wolfSSL 13:f67a6c6013ca 7172 break;
wolfSSL 13:f67a6c6013ca 7173
wolfSSL 13:f67a6c6013ca 7174 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 7175 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 7176 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7177 return 1;
wolfSSL 13:f67a6c6013ca 7178 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7179 return 1;
wolfSSL 13:f67a6c6013ca 7180 break;
wolfSSL 13:f67a6c6013ca 7181
wolfSSL 13:f67a6c6013ca 7182 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7183 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7184 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7185 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7186 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7187 return 1;
wolfSSL 13:f67a6c6013ca 7188 break;
wolfSSL 13:f67a6c6013ca 7189
wolfSSL 13:f67a6c6013ca 7190 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7191 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7192 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7193 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 7194 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7195 return 1;
wolfSSL 13:f67a6c6013ca 7196 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 7197 return 1;
wolfSSL 13:f67a6c6013ca 7198 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7199 return 1;
wolfSSL 13:f67a6c6013ca 7200 break;
wolfSSL 13:f67a6c6013ca 7201
wolfSSL 13:f67a6c6013ca 7202 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 13:f67a6c6013ca 7203 if (requirement == REQUIRES_RSA)
wolfSSL 13:f67a6c6013ca 7204 return 1;
wolfSSL 13:f67a6c6013ca 7205 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 13:f67a6c6013ca 7206 return 1;
wolfSSL 13:f67a6c6013ca 7207 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7208 return 1;
wolfSSL 13:f67a6c6013ca 7209 break;
wolfSSL 13:f67a6c6013ca 7210 #endif
wolfSSL 13:f67a6c6013ca 7211 #ifdef HAVE_ANON
wolfSSL 13:f67a6c6013ca 7212 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 7213 if (requirement == REQUIRES_DHE)
wolfSSL 13:f67a6c6013ca 7214 return 1;
wolfSSL 13:f67a6c6013ca 7215 break;
wolfSSL 13:f67a6c6013ca 7216 #endif
wolfSSL 13:f67a6c6013ca 7217 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 7218 case WDM_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 7219 break;
wolfSSL 13:f67a6c6013ca 7220 #endif
wolfSSL 13:f67a6c6013ca 7221
wolfSSL 13:f67a6c6013ca 7222 default:
wolfSSL 13:f67a6c6013ca 7223 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL 13:f67a6c6013ca 7224 return 0;
wolfSSL 13:f67a6c6013ca 7225 } /* switch */
wolfSSL 13:f67a6c6013ca 7226 } /* if ECC / Normal suites else */
wolfSSL 13:f67a6c6013ca 7227
wolfSSL 13:f67a6c6013ca 7228 return 0;
wolfSSL 13:f67a6c6013ca 7229 }
wolfSSL 13:f67a6c6013ca 7230
wolfSSL 13:f67a6c6013ca 7231
wolfSSL 13:f67a6c6013ca 7232 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 7233
wolfSSL 13:f67a6c6013ca 7234
wolfSSL 13:f67a6c6013ca 7235 /* Match names with wildcards, each wildcard can represent a single name
wolfSSL 13:f67a6c6013ca 7236 component or fragment but not mulitple names, i.e.,
wolfSSL 13:f67a6c6013ca 7237 *.z.com matches y.z.com but not x.y.z.com
wolfSSL 13:f67a6c6013ca 7238
wolfSSL 13:f67a6c6013ca 7239 return 1 on success */
wolfSSL 13:f67a6c6013ca 7240 int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL 13:f67a6c6013ca 7241 {
wolfSSL 13:f67a6c6013ca 7242 char p, s;
wolfSSL 13:f67a6c6013ca 7243
wolfSSL 13:f67a6c6013ca 7244 if (pattern == NULL || str == NULL || len <= 0)
wolfSSL 13:f67a6c6013ca 7245 return 0;
wolfSSL 13:f67a6c6013ca 7246
wolfSSL 13:f67a6c6013ca 7247 while (len > 0) {
wolfSSL 13:f67a6c6013ca 7248
wolfSSL 13:f67a6c6013ca 7249 p = (char)XTOLOWER((unsigned char)*pattern++);
wolfSSL 13:f67a6c6013ca 7250 if (p == 0)
wolfSSL 13:f67a6c6013ca 7251 break;
wolfSSL 13:f67a6c6013ca 7252
wolfSSL 13:f67a6c6013ca 7253 if (p == '*') {
wolfSSL 13:f67a6c6013ca 7254 while (--len > 0 &&
wolfSSL 13:f67a6c6013ca 7255 (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*') {
wolfSSL 13:f67a6c6013ca 7256 }
wolfSSL 13:f67a6c6013ca 7257
wolfSSL 13:f67a6c6013ca 7258 if (len == 0)
wolfSSL 13:f67a6c6013ca 7259 p = '\0';
wolfSSL 13:f67a6c6013ca 7260
wolfSSL 13:f67a6c6013ca 7261 while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
wolfSSL 13:f67a6c6013ca 7262 if (s == p)
wolfSSL 13:f67a6c6013ca 7263 break;
wolfSSL 13:f67a6c6013ca 7264 if (s == '.')
wolfSSL 13:f67a6c6013ca 7265 return 0;
wolfSSL 13:f67a6c6013ca 7266 str++;
wolfSSL 13:f67a6c6013ca 7267 }
wolfSSL 13:f67a6c6013ca 7268 }
wolfSSL 13:f67a6c6013ca 7269 else {
wolfSSL 13:f67a6c6013ca 7270 if (p != (char)XTOLOWER((unsigned char) *str))
wolfSSL 13:f67a6c6013ca 7271 return 0;
wolfSSL 13:f67a6c6013ca 7272 }
wolfSSL 13:f67a6c6013ca 7273
wolfSSL 13:f67a6c6013ca 7274 if (*str != '\0')
wolfSSL 13:f67a6c6013ca 7275 str++;
wolfSSL 13:f67a6c6013ca 7276
wolfSSL 13:f67a6c6013ca 7277 if (len > 0)
wolfSSL 13:f67a6c6013ca 7278 len--;
wolfSSL 13:f67a6c6013ca 7279 }
wolfSSL 13:f67a6c6013ca 7280
wolfSSL 13:f67a6c6013ca 7281 return *str == '\0';
wolfSSL 13:f67a6c6013ca 7282 }
wolfSSL 13:f67a6c6013ca 7283
wolfSSL 13:f67a6c6013ca 7284
wolfSSL 13:f67a6c6013ca 7285 /* try to find an altName match to domain, return 1 on success */
wolfSSL 13:f67a6c6013ca 7286 int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL 13:f67a6c6013ca 7287 {
wolfSSL 13:f67a6c6013ca 7288 int match = 0;
wolfSSL 13:f67a6c6013ca 7289 DNS_entry* altName = NULL;
wolfSSL 13:f67a6c6013ca 7290
wolfSSL 13:f67a6c6013ca 7291 WOLFSSL_MSG("Checking AltNames");
wolfSSL 13:f67a6c6013ca 7292
wolfSSL 13:f67a6c6013ca 7293 if (dCert)
wolfSSL 13:f67a6c6013ca 7294 altName = dCert->altNames;
wolfSSL 13:f67a6c6013ca 7295
wolfSSL 13:f67a6c6013ca 7296 while (altName) {
wolfSSL 13:f67a6c6013ca 7297 WOLFSSL_MSG("\tindividual AltName check");
wolfSSL 13:f67a6c6013ca 7298
wolfSSL 13:f67a6c6013ca 7299 if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
wolfSSL 13:f67a6c6013ca 7300 match = 1;
wolfSSL 13:f67a6c6013ca 7301 break;
wolfSSL 13:f67a6c6013ca 7302 }
wolfSSL 13:f67a6c6013ca 7303
wolfSSL 13:f67a6c6013ca 7304 altName = altName->next;
wolfSSL 13:f67a6c6013ca 7305 }
wolfSSL 13:f67a6c6013ca 7306
wolfSSL 13:f67a6c6013ca 7307 return match;
wolfSSL 13:f67a6c6013ca 7308 }
wolfSSL 13:f67a6c6013ca 7309
wolfSSL 13:f67a6c6013ca 7310
wolfSSL 13:f67a6c6013ca 7311 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7312 /* Check that alternative names, if they exists, match the domain.
wolfSSL 13:f67a6c6013ca 7313 * Fail if there are wild patterns and they didn't match.
wolfSSL 13:f67a6c6013ca 7314 * Check the common name if no alternative names matched.
wolfSSL 13:f67a6c6013ca 7315 *
wolfSSL 13:f67a6c6013ca 7316 * dCert Decoded cert to get the alternative names from.
wolfSSL 13:f67a6c6013ca 7317 * domain Domain name to compare against.
wolfSSL 13:f67a6c6013ca 7318 * checkCN Whether to check the common name.
wolfSSL 13:f67a6c6013ca 7319 * returns whether there was a problem in matching.
wolfSSL 13:f67a6c6013ca 7320 */
wolfSSL 13:f67a6c6013ca 7321 static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
wolfSSL 13:f67a6c6013ca 7322 {
wolfSSL 13:f67a6c6013ca 7323 int match;
wolfSSL 13:f67a6c6013ca 7324 DNS_entry* altName = NULL;
wolfSSL 13:f67a6c6013ca 7325
wolfSSL 13:f67a6c6013ca 7326 WOLFSSL_MSG("Checking AltNames");
wolfSSL 13:f67a6c6013ca 7327
wolfSSL 13:f67a6c6013ca 7328 if (dCert)
wolfSSL 13:f67a6c6013ca 7329 altName = dCert->altNames;
wolfSSL 13:f67a6c6013ca 7330
wolfSSL 13:f67a6c6013ca 7331 *checkCN = altName == NULL;
wolfSSL 13:f67a6c6013ca 7332 match = 0;
wolfSSL 13:f67a6c6013ca 7333 while (altName) {
wolfSSL 13:f67a6c6013ca 7334 WOLFSSL_MSG("\tindividual AltName check");
wolfSSL 13:f67a6c6013ca 7335
wolfSSL 13:f67a6c6013ca 7336 if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name),
wolfSSL 13:f67a6c6013ca 7337 domain)) {
wolfSSL 13:f67a6c6013ca 7338 match = 1;
wolfSSL 13:f67a6c6013ca 7339 *checkCN = 0;
wolfSSL 13:f67a6c6013ca 7340 break;
wolfSSL 13:f67a6c6013ca 7341 }
wolfSSL 13:f67a6c6013ca 7342 /* No matches and wild pattern match failed. */
wolfSSL 13:f67a6c6013ca 7343 else if (altName->name[0] == '*' && match == 0)
wolfSSL 13:f67a6c6013ca 7344 match = -1;
wolfSSL 13:f67a6c6013ca 7345
wolfSSL 13:f67a6c6013ca 7346 altName = altName->next;
wolfSSL 13:f67a6c6013ca 7347 }
wolfSSL 13:f67a6c6013ca 7348
wolfSSL 13:f67a6c6013ca 7349 return match != -1;
wolfSSL 13:f67a6c6013ca 7350 }
wolfSSL 13:f67a6c6013ca 7351
wolfSSL 13:f67a6c6013ca 7352 /* Check the domain name matches the subject alternative name or the subject
wolfSSL 13:f67a6c6013ca 7353 * name.
wolfSSL 13:f67a6c6013ca 7354 *
wolfSSL 13:f67a6c6013ca 7355 * dcert Decoded certificate.
wolfSSL 13:f67a6c6013ca 7356 * domainName The domain name.
wolfSSL 13:f67a6c6013ca 7357 * domainNameLen The length of the domain name.
wolfSSL 13:f67a6c6013ca 7358 * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
wolfSSL 13:f67a6c6013ca 7359 */
wolfSSL 13:f67a6c6013ca 7360 int CheckHostName(DecodedCert* dCert, char *domainName, size_t domainNameLen)
wolfSSL 13:f67a6c6013ca 7361 {
wolfSSL 13:f67a6c6013ca 7362 int checkCN;
wolfSSL 13:f67a6c6013ca 7363
wolfSSL 13:f67a6c6013ca 7364 /* Assume name is NUL terminated. */
wolfSSL 13:f67a6c6013ca 7365 (void)domainNameLen;
wolfSSL 13:f67a6c6013ca 7366
wolfSSL 13:f67a6c6013ca 7367 if (CheckForAltNames(dCert, domainName, &checkCN) == 0) {
wolfSSL 13:f67a6c6013ca 7368 WOLFSSL_MSG("DomainName match on alt names failed too");
wolfSSL 13:f67a6c6013ca 7369 return DOMAIN_NAME_MISMATCH;
wolfSSL 13:f67a6c6013ca 7370 }
wolfSSL 13:f67a6c6013ca 7371 if (checkCN == 1) {
wolfSSL 13:f67a6c6013ca 7372 if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
wolfSSL 13:f67a6c6013ca 7373 domainName) == 0) {
wolfSSL 13:f67a6c6013ca 7374 WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL 13:f67a6c6013ca 7375 return DOMAIN_NAME_MISMATCH;
wolfSSL 13:f67a6c6013ca 7376 }
wolfSSL 13:f67a6c6013ca 7377 }
wolfSSL 13:f67a6c6013ca 7378
wolfSSL 13:f67a6c6013ca 7379 return 0;
wolfSSL 13:f67a6c6013ca 7380 }
wolfSSL 13:f67a6c6013ca 7381 #endif
wolfSSL 13:f67a6c6013ca 7382
wolfSSL 13:f67a6c6013ca 7383 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 13:f67a6c6013ca 7384
wolfSSL 13:f67a6c6013ca 7385 /* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL 13:f67a6c6013ca 7386 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
wolfSSL 13:f67a6c6013ca 7387 {
wolfSSL 13:f67a6c6013ca 7388 int ret = 0;
wolfSSL 13:f67a6c6013ca 7389
wolfSSL 13:f67a6c6013ca 7390 if (x509 == NULL || dCert == NULL ||
wolfSSL 13:f67a6c6013ca 7391 dCert->subjectCNLen < 0)
wolfSSL 13:f67a6c6013ca 7392 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 7393
wolfSSL 13:f67a6c6013ca 7394 x509->version = dCert->version + 1;
wolfSSL 13:f67a6c6013ca 7395
wolfSSL 13:f67a6c6013ca 7396 XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL 13:f67a6c6013ca 7397 x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 13:f67a6c6013ca 7398 x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL 13:f67a6c6013ca 7399 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7400 if (dCert->issuerName.fullName != NULL) {
wolfSSL 13:f67a6c6013ca 7401 XMEMCPY(&x509->issuer.fullName,
wolfSSL 13:f67a6c6013ca 7402 &dCert->issuerName, sizeof(DecodedName));
wolfSSL 13:f67a6c6013ca 7403 x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL 13:f67a6c6013ca 7404 dCert->issuerName.fullNameLen, x509->heap,
wolfSSL 13:f67a6c6013ca 7405 DYNAMIC_TYPE_X509);
wolfSSL 13:f67a6c6013ca 7406 if (x509->issuer.fullName.fullName != NULL)
wolfSSL 13:f67a6c6013ca 7407 XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL 13:f67a6c6013ca 7408 dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL 13:f67a6c6013ca 7409 }
wolfSSL 13:f67a6c6013ca 7410 x509->issuer.x509 = x509;
wolfSSL 13:f67a6c6013ca 7411 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 7412
wolfSSL 13:f67a6c6013ca 7413 XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL 13:f67a6c6013ca 7414 x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 13:f67a6c6013ca 7415 x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL 13:f67a6c6013ca 7416 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7417 if (dCert->subjectName.fullName != NULL) {
wolfSSL 13:f67a6c6013ca 7418 XMEMCPY(&x509->subject.fullName,
wolfSSL 13:f67a6c6013ca 7419 &dCert->subjectName, sizeof(DecodedName));
wolfSSL 13:f67a6c6013ca 7420 x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL 13:f67a6c6013ca 7421 dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 13:f67a6c6013ca 7422 if (x509->subject.fullName.fullName != NULL)
wolfSSL 13:f67a6c6013ca 7423 XMEMCPY(x509->subject.fullName.fullName,
wolfSSL 13:f67a6c6013ca 7424 dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL 13:f67a6c6013ca 7425 }
wolfSSL 13:f67a6c6013ca 7426 x509->subject.x509 = x509;
wolfSSL 13:f67a6c6013ca 7427 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 7428 #ifdef WOLFSSL_NGINX
wolfSSL 13:f67a6c6013ca 7429 XMEMCPY(x509->subject.raw, dCert->subjectRaw, dCert->subjectRawLen);
wolfSSL 13:f67a6c6013ca 7430 x509->subject.rawLen = dCert->subjectRawLen;
wolfSSL 13:f67a6c6013ca 7431 #endif
wolfSSL 13:f67a6c6013ca 7432
wolfSSL 13:f67a6c6013ca 7433 XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL 13:f67a6c6013ca 7434 x509->serialSz = dCert->serialSz;
wolfSSL 13:f67a6c6013ca 7435 if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 13:f67a6c6013ca 7436 XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL 13:f67a6c6013ca 7437 x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL 13:f67a6c6013ca 7438 }
wolfSSL 13:f67a6c6013ca 7439 else
wolfSSL 13:f67a6c6013ca 7440 x509->subjectCN[0] = '\0';
wolfSSL 13:f67a6c6013ca 7441
wolfSSL 13:f67a6c6013ca 7442 #ifdef WOLFSSL_SEP
wolfSSL 13:f67a6c6013ca 7443 {
wolfSSL 13:f67a6c6013ca 7444 int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 13:f67a6c6013ca 7445 if (minSz > 0) {
wolfSSL 13:f67a6c6013ca 7446 x509->deviceTypeSz = minSz;
wolfSSL 13:f67a6c6013ca 7447 XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL 13:f67a6c6013ca 7448 }
wolfSSL 13:f67a6c6013ca 7449 else
wolfSSL 13:f67a6c6013ca 7450 x509->deviceTypeSz = 0;
wolfSSL 13:f67a6c6013ca 7451 minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 13:f67a6c6013ca 7452 if (minSz > 0) {
wolfSSL 13:f67a6c6013ca 7453 x509->hwTypeSz = minSz;
wolfSSL 13:f67a6c6013ca 7454 XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL 13:f67a6c6013ca 7455 }
wolfSSL 13:f67a6c6013ca 7456 else
wolfSSL 13:f67a6c6013ca 7457 x509->hwTypeSz = 0;
wolfSSL 13:f67a6c6013ca 7458 minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 13:f67a6c6013ca 7459 if (minSz > 0) {
wolfSSL 13:f67a6c6013ca 7460 x509->hwSerialNumSz = minSz;
wolfSSL 13:f67a6c6013ca 7461 XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL 13:f67a6c6013ca 7462 }
wolfSSL 13:f67a6c6013ca 7463 else
wolfSSL 13:f67a6c6013ca 7464 x509->hwSerialNumSz = 0;
wolfSSL 13:f67a6c6013ca 7465 }
wolfSSL 13:f67a6c6013ca 7466 #endif /* WOLFSSL_SEP */
wolfSSL 13:f67a6c6013ca 7467 {
wolfSSL 13:f67a6c6013ca 7468 int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
wolfSSL 13:f67a6c6013ca 7469 if (minSz > 0) {
wolfSSL 13:f67a6c6013ca 7470 x509->notBeforeSz = minSz;
wolfSSL 13:f67a6c6013ca 7471 XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
wolfSSL 13:f67a6c6013ca 7472 }
wolfSSL 13:f67a6c6013ca 7473 else
wolfSSL 13:f67a6c6013ca 7474 x509->notBeforeSz = 0;
wolfSSL 13:f67a6c6013ca 7475 minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
wolfSSL 13:f67a6c6013ca 7476 if (minSz > 0) {
wolfSSL 13:f67a6c6013ca 7477 x509->notAfterSz = minSz;
wolfSSL 13:f67a6c6013ca 7478 XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
wolfSSL 13:f67a6c6013ca 7479 }
wolfSSL 13:f67a6c6013ca 7480 else
wolfSSL 13:f67a6c6013ca 7481 x509->notAfterSz = 0;
wolfSSL 13:f67a6c6013ca 7482 }
wolfSSL 13:f67a6c6013ca 7483
wolfSSL 13:f67a6c6013ca 7484 if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL 13:f67a6c6013ca 7485 x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 7486 dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 7487 if (x509->pubKey.buffer != NULL) {
wolfSSL 13:f67a6c6013ca 7488 x509->pubKeyOID = dCert->keyOID;
wolfSSL 13:f67a6c6013ca 7489 x509->pubKey.length = dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 7490 XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 7491 }
wolfSSL 13:f67a6c6013ca 7492 else
wolfSSL 13:f67a6c6013ca 7493 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7494 }
wolfSSL 13:f67a6c6013ca 7495
wolfSSL 13:f67a6c6013ca 7496 if (dCert->signature != NULL && dCert->sigLength != 0 &&
wolfSSL 13:f67a6c6013ca 7497 dCert->sigLength <= MAX_ENCODED_SIG_SZ) {
wolfSSL 13:f67a6c6013ca 7498 x509->sig.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 7499 dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 7500 if (x509->sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 7501 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7502 }
wolfSSL 13:f67a6c6013ca 7503 else {
wolfSSL 13:f67a6c6013ca 7504 XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL 13:f67a6c6013ca 7505 x509->sig.length = dCert->sigLength;
wolfSSL 13:f67a6c6013ca 7506 x509->sigOID = dCert->signatureOID;
wolfSSL 13:f67a6c6013ca 7507 }
wolfSSL 13:f67a6c6013ca 7508 }
wolfSSL 13:f67a6c6013ca 7509
wolfSSL 13:f67a6c6013ca 7510 /* store cert for potential retrieval */
wolfSSL 13:f67a6c6013ca 7511 if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
wolfSSL 13:f67a6c6013ca 7512 XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
wolfSSL 13:f67a6c6013ca 7513 }
wolfSSL 13:f67a6c6013ca 7514 else {
wolfSSL 13:f67a6c6013ca 7515 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7516 }
wolfSSL 13:f67a6c6013ca 7517
wolfSSL 13:f67a6c6013ca 7518 x509->altNames = dCert->altNames;
wolfSSL 13:f67a6c6013ca 7519 dCert->weOwnAltNames = 0;
wolfSSL 13:f67a6c6013ca 7520 x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL 13:f67a6c6013ca 7521
wolfSSL 13:f67a6c6013ca 7522 x509->isCa = dCert->isCA;
wolfSSL 13:f67a6c6013ca 7523 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7524 x509->pathLength = dCert->pathLength;
wolfSSL 13:f67a6c6013ca 7525 x509->keyUsage = dCert->extKeyUsage;
wolfSSL 13:f67a6c6013ca 7526
wolfSSL 13:f67a6c6013ca 7527 x509->CRLdistSet = dCert->extCRLdistSet;
wolfSSL 13:f67a6c6013ca 7528 x509->CRLdistCrit = dCert->extCRLdistCrit;
wolfSSL 13:f67a6c6013ca 7529 x509->CRLInfo = dCert->extCrlInfo;
wolfSSL 13:f67a6c6013ca 7530 x509->CRLInfoSz = dCert->extCrlInfoSz;
wolfSSL 13:f67a6c6013ca 7531 x509->authInfoSet = dCert->extAuthInfoSet;
wolfSSL 13:f67a6c6013ca 7532 x509->authInfoCrit = dCert->extAuthInfoCrit;
wolfSSL 13:f67a6c6013ca 7533 if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
wolfSSL 13:f67a6c6013ca 7534 x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
wolfSSL 13:f67a6c6013ca 7535 DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 7536 if (x509->authInfo != NULL) {
wolfSSL 13:f67a6c6013ca 7537 XMEMCPY(x509->authInfo, dCert->extAuthInfo, dCert->extAuthInfoSz);
wolfSSL 13:f67a6c6013ca 7538 x509->authInfoSz = dCert->extAuthInfoSz;
wolfSSL 13:f67a6c6013ca 7539 }
wolfSSL 13:f67a6c6013ca 7540 else {
wolfSSL 13:f67a6c6013ca 7541 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7542 }
wolfSSL 13:f67a6c6013ca 7543 }
wolfSSL 13:f67a6c6013ca 7544 x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL 13:f67a6c6013ca 7545 x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL 13:f67a6c6013ca 7546 x509->basicConstPlSet = dCert->pathLengthSet;
wolfSSL 13:f67a6c6013ca 7547 x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL 13:f67a6c6013ca 7548 x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL 13:f67a6c6013ca 7549 x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL 13:f67a6c6013ca 7550 x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL 13:f67a6c6013ca 7551 if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL 13:f67a6c6013ca 7552 x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
wolfSSL 13:f67a6c6013ca 7553 DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 7554 if (x509->authKeyId != NULL) {
wolfSSL 13:f67a6c6013ca 7555 XMEMCPY(x509->authKeyId,
wolfSSL 13:f67a6c6013ca 7556 dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL 13:f67a6c6013ca 7557 x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL 13:f67a6c6013ca 7558 }
wolfSSL 13:f67a6c6013ca 7559 else
wolfSSL 13:f67a6c6013ca 7560 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7561 }
wolfSSL 13:f67a6c6013ca 7562 x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL 13:f67a6c6013ca 7563 x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL 13:f67a6c6013ca 7564 if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL 13:f67a6c6013ca 7565 x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap,
wolfSSL 13:f67a6c6013ca 7566 DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 7567 if (x509->subjKeyId != NULL) {
wolfSSL 13:f67a6c6013ca 7568 XMEMCPY(x509->subjKeyId,
wolfSSL 13:f67a6c6013ca 7569 dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL 13:f67a6c6013ca 7570 x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL 13:f67a6c6013ca 7571 }
wolfSSL 13:f67a6c6013ca 7572 else
wolfSSL 13:f67a6c6013ca 7573 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7574 }
wolfSSL 13:f67a6c6013ca 7575 x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL 13:f67a6c6013ca 7576 x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL 13:f67a6c6013ca 7577 if (dCert->extExtKeyUsageSrc != NULL && dCert->extExtKeyUsageSz > 0) {
wolfSSL 13:f67a6c6013ca 7578 x509->extKeyUsageSrc = (byte*)XMALLOC(dCert->extExtKeyUsageSz,
wolfSSL 13:f67a6c6013ca 7579 x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 13:f67a6c6013ca 7580 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 13:f67a6c6013ca 7581 XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
wolfSSL 13:f67a6c6013ca 7582 dCert->extExtKeyUsageSz);
wolfSSL 13:f67a6c6013ca 7583 x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
wolfSSL 13:f67a6c6013ca 7584 x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
wolfSSL 13:f67a6c6013ca 7585 x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
wolfSSL 13:f67a6c6013ca 7586 }
wolfSSL 13:f67a6c6013ca 7587 else {
wolfSSL 13:f67a6c6013ca 7588 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 7589 }
wolfSSL 13:f67a6c6013ca 7590 }
wolfSSL 13:f67a6c6013ca 7591 #ifdef WOLFSSL_SEP
wolfSSL 13:f67a6c6013ca 7592 x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL 13:f67a6c6013ca 7593 x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL 13:f67a6c6013ca 7594 #endif /* WOLFSSL_SEP */
wolfSSL 13:f67a6c6013ca 7595 #ifdef WOLFSSL_CERT_EXT
wolfSSL 13:f67a6c6013ca 7596 {
wolfSSL 13:f67a6c6013ca 7597 int i;
wolfSSL 13:f67a6c6013ca 7598 for (i = 0; i < dCert->extCertPoliciesNb && i < MAX_CERTPOL_NB; i++)
wolfSSL 13:f67a6c6013ca 7599 XMEMCPY(x509->certPolicies[i], dCert->extCertPolicies[i],
wolfSSL 13:f67a6c6013ca 7600 MAX_CERTPOL_SZ);
wolfSSL 13:f67a6c6013ca 7601 x509->certPoliciesNb = dCert->extCertPoliciesNb;
wolfSSL 13:f67a6c6013ca 7602 }
wolfSSL 13:f67a6c6013ca 7603 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 13:f67a6c6013ca 7604 #endif /* OPENSSL_EXTRA */
wolfSSL 13:f67a6c6013ca 7605 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 7606 x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL 13:f67a6c6013ca 7607 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 7608
wolfSSL 13:f67a6c6013ca 7609 return ret;
wolfSSL 13:f67a6c6013ca 7610 }
wolfSSL 13:f67a6c6013ca 7611
wolfSSL 13:f67a6c6013ca 7612 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 13:f67a6c6013ca 7613
wolfSSL 13:f67a6c6013ca 7614 typedef struct ProcPeerCertArgs {
wolfSSL 13:f67a6c6013ca 7615 buffer* certs;
wolfSSL 13:f67a6c6013ca 7616 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7617 buffer* exts; /* extentions */
wolfSSL 13:f67a6c6013ca 7618 #endif
wolfSSL 13:f67a6c6013ca 7619 DecodedCert* dCert;
wolfSSL 13:f67a6c6013ca 7620 char* domain;
wolfSSL 13:f67a6c6013ca 7621 word32 idx;
wolfSSL 13:f67a6c6013ca 7622 word32 begin;
wolfSSL 13:f67a6c6013ca 7623 int totalCerts; /* number of certs in certs buffer */
wolfSSL 13:f67a6c6013ca 7624 int count;
wolfSSL 13:f67a6c6013ca 7625 int dCertInit;
wolfSSL 13:f67a6c6013ca 7626 int certIdx;
wolfSSL 13:f67a6c6013ca 7627 int fatal;
wolfSSL 13:f67a6c6013ca 7628 int lastErr;
wolfSSL 13:f67a6c6013ca 7629 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7630 byte ctxSz;
wolfSSL 13:f67a6c6013ca 7631 #endif
wolfSSL 13:f67a6c6013ca 7632 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 7633 byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */
wolfSSL 13:f67a6c6013ca 7634 #endif
wolfSSL 13:f67a6c6013ca 7635 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7636 char untrustedDepth;
wolfSSL 13:f67a6c6013ca 7637 #endif
wolfSSL 13:f67a6c6013ca 7638 } ProcPeerCertArgs;
wolfSSL 13:f67a6c6013ca 7639
wolfSSL 13:f67a6c6013ca 7640 static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 7641 {
wolfSSL 13:f67a6c6013ca 7642 ProcPeerCertArgs* args = (ProcPeerCertArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 7643
wolfSSL 13:f67a6c6013ca 7644 (void)ssl;
wolfSSL 13:f67a6c6013ca 7645
wolfSSL 13:f67a6c6013ca 7646 if (args->domain) {
wolfSSL 13:f67a6c6013ca 7647 XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_STRING);
wolfSSL 13:f67a6c6013ca 7648 args->domain = NULL;
wolfSSL 13:f67a6c6013ca 7649 }
wolfSSL 13:f67a6c6013ca 7650 if (args->certs) {
wolfSSL 13:f67a6c6013ca 7651 XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL 13:f67a6c6013ca 7652 args->certs = NULL;
wolfSSL 13:f67a6c6013ca 7653 }
wolfSSL 13:f67a6c6013ca 7654 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7655 if (args->exts) {
wolfSSL 13:f67a6c6013ca 7656 XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
wolfSSL 13:f67a6c6013ca 7657 args->exts = NULL;
wolfSSL 13:f67a6c6013ca 7658 }
wolfSSL 13:f67a6c6013ca 7659 #endif
wolfSSL 13:f67a6c6013ca 7660 if (args->dCert) {
wolfSSL 13:f67a6c6013ca 7661 if (args->dCertInit) {
wolfSSL 13:f67a6c6013ca 7662 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 7663 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 7664 }
wolfSSL 13:f67a6c6013ca 7665 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 7666 args->dCert = NULL;
wolfSSL 13:f67a6c6013ca 7667 }
wolfSSL 13:f67a6c6013ca 7668 }
wolfSSL 13:f67a6c6013ca 7669
wolfSSL 13:f67a6c6013ca 7670 int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 7671 word32 totalSz)
wolfSSL 13:f67a6c6013ca 7672 {
wolfSSL 13:f67a6c6013ca 7673 int ret = 0;
wolfSSL 13:f67a6c6013ca 7674 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 7675 ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 7676 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 7677 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 7678 #else
wolfSSL 13:f67a6c6013ca 7679 ProcPeerCertArgs args[1];
wolfSSL 13:f67a6c6013ca 7680 #endif
wolfSSL 13:f67a6c6013ca 7681
wolfSSL 13:f67a6c6013ca 7682 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 7683 byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */
wolfSSL 13:f67a6c6013ca 7684 #endif
wolfSSL 13:f67a6c6013ca 7685
wolfSSL 13:f67a6c6013ca 7686 WOLFSSL_ENTER("ProcessPeerCerts");
wolfSSL 13:f67a6c6013ca 7687
wolfSSL 13:f67a6c6013ca 7688 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 7689 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 7690 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 7691 /* Check for error */
wolfSSL 13:f67a6c6013ca 7692 if (ret < 0)
wolfSSL 13:f67a6c6013ca 7693 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 7694 }
wolfSSL 13:f67a6c6013ca 7695 else
wolfSSL 13:f67a6c6013ca 7696 #endif
wolfSSL 13:f67a6c6013ca 7697 {
wolfSSL 13:f67a6c6013ca 7698 /* Reset state */
wolfSSL 13:f67a6c6013ca 7699 ret = 0;
wolfSSL 13:f67a6c6013ca 7700 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 7701 XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
wolfSSL 13:f67a6c6013ca 7702 args->idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 7703 args->begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 7704 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 7705 ssl->async.freeArgs = FreeProcPeerCertArgs;
wolfSSL 13:f67a6c6013ca 7706 #endif
wolfSSL 13:f67a6c6013ca 7707 }
wolfSSL 13:f67a6c6013ca 7708
wolfSSL 13:f67a6c6013ca 7709 switch (ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 7710 {
wolfSSL 13:f67a6c6013ca 7711 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 7712 {
wolfSSL 13:f67a6c6013ca 7713 word32 listSz;
wolfSSL 13:f67a6c6013ca 7714
wolfSSL 13:f67a6c6013ca 7715 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 7716 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 7717 AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 7718 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 7719 AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 7720 #endif
wolfSSL 13:f67a6c6013ca 7721
wolfSSL 13:f67a6c6013ca 7722 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7723 if (ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 7724 byte ctxSz;
wolfSSL 13:f67a6c6013ca 7725
wolfSSL 13:f67a6c6013ca 7726 /* Certificate Request Context */
wolfSSL 13:f67a6c6013ca 7727 if ((args->idx - args->begin) + OPAQUE8_LEN > totalSz)
wolfSSL 13:f67a6c6013ca 7728 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 7729 ctxSz = *(input + args->idx);
wolfSSL 13:f67a6c6013ca 7730 args->idx++;
wolfSSL 13:f67a6c6013ca 7731 if ((args->idx - args->begin) + ctxSz > totalSz)
wolfSSL 13:f67a6c6013ca 7732 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 7733 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 7734 /* Must be empty when received from server. */
wolfSSL 13:f67a6c6013ca 7735 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 7736 if (ctxSz != 0) {
wolfSSL 13:f67a6c6013ca 7737 return INVALID_CERT_CTX_E;
wolfSSL 13:f67a6c6013ca 7738 }
wolfSSL 13:f67a6c6013ca 7739 }
wolfSSL 13:f67a6c6013ca 7740 #endif
wolfSSL 13:f67a6c6013ca 7741 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 7742 /* Must contain value sent in request. */
wolfSSL 13:f67a6c6013ca 7743 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 7744 if (ssl->options.handShakeState != HANDSHAKE_DONE &&
wolfSSL 13:f67a6c6013ca 7745 ctxSz != 0) {
wolfSSL 13:f67a6c6013ca 7746 return INVALID_CERT_CTX_E;
wolfSSL 13:f67a6c6013ca 7747 }
wolfSSL 13:f67a6c6013ca 7748 else if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 13:f67a6c6013ca 7749 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL 13:f67a6c6013ca 7750 CertReqCtx* curr = ssl->certReqCtx;
wolfSSL 13:f67a6c6013ca 7751 CertReqCtx* prev = NULL;
wolfSSL 13:f67a6c6013ca 7752 while (curr != NULL) {
wolfSSL 13:f67a6c6013ca 7753 if ((ctxSz == curr->len) &&
wolfSSL 13:f67a6c6013ca 7754 XMEMCMP(&curr->ctx, input + args->idx, ctxSz)
wolfSSL 13:f67a6c6013ca 7755 == 0) {
wolfSSL 13:f67a6c6013ca 7756 if (prev != NULL)
wolfSSL 13:f67a6c6013ca 7757 prev->next = curr->next;
wolfSSL 13:f67a6c6013ca 7758 else
wolfSSL 13:f67a6c6013ca 7759 ssl->certReqCtx = curr->next;
wolfSSL 13:f67a6c6013ca 7760 XFREE(curr, ssl->heap,
wolfSSL 13:f67a6c6013ca 7761 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 13:f67a6c6013ca 7762 break;
wolfSSL 13:f67a6c6013ca 7763 }
wolfSSL 13:f67a6c6013ca 7764 prev = curr;
wolfSSL 13:f67a6c6013ca 7765 curr = curr->next;
wolfSSL 13:f67a6c6013ca 7766 }
wolfSSL 13:f67a6c6013ca 7767 if (curr == NULL)
wolfSSL 13:f67a6c6013ca 7768 #endif
wolfSSL 13:f67a6c6013ca 7769 return INVALID_CERT_CTX_E;
wolfSSL 13:f67a6c6013ca 7770 }
wolfSSL 13:f67a6c6013ca 7771 }
wolfSSL 13:f67a6c6013ca 7772 #endif
wolfSSL 13:f67a6c6013ca 7773 args->idx += ctxSz;
wolfSSL 13:f67a6c6013ca 7774
wolfSSL 13:f67a6c6013ca 7775 /* allocate buffer for cert extensions */
wolfSSL 13:f67a6c6013ca 7776 args->exts = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
wolfSSL 13:f67a6c6013ca 7777 ssl->heap, DYNAMIC_TYPE_CERT_EXT);
wolfSSL 13:f67a6c6013ca 7778 if (args->exts == NULL) {
wolfSSL 13:f67a6c6013ca 7779 ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL 13:f67a6c6013ca 7780 }
wolfSSL 13:f67a6c6013ca 7781 }
wolfSSL 13:f67a6c6013ca 7782 #endif
wolfSSL 13:f67a6c6013ca 7783
wolfSSL 13:f67a6c6013ca 7784 /* allocate buffer for certs */
wolfSSL 13:f67a6c6013ca 7785 args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
wolfSSL 13:f67a6c6013ca 7786 ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL 13:f67a6c6013ca 7787 if (args->certs == NULL) {
wolfSSL 13:f67a6c6013ca 7788 ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL 13:f67a6c6013ca 7789 }
wolfSSL 13:f67a6c6013ca 7790 XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH);
wolfSSL 13:f67a6c6013ca 7791
wolfSSL 13:f67a6c6013ca 7792 /* Certificate List */
wolfSSL 13:f67a6c6013ca 7793 if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
wolfSSL 13:f67a6c6013ca 7794 ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7795 }
wolfSSL 13:f67a6c6013ca 7796 c24to32(input + args->idx, &listSz);
wolfSSL 13:f67a6c6013ca 7797 args->idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 7798 if (listSz > MAX_RECORD_SIZE) {
wolfSSL 13:f67a6c6013ca 7799 ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7800 }
wolfSSL 13:f67a6c6013ca 7801 if ((args->idx - args->begin) + listSz != totalSz) {
wolfSSL 13:f67a6c6013ca 7802 ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7803 }
wolfSSL 13:f67a6c6013ca 7804
wolfSSL 13:f67a6c6013ca 7805 WOLFSSL_MSG("Loading peer's cert chain");
wolfSSL 13:f67a6c6013ca 7806 /* first put cert chain into buffer so can verify top down
wolfSSL 13:f67a6c6013ca 7807 we're sent bottom up */
wolfSSL 13:f67a6c6013ca 7808 while (listSz) {
wolfSSL 13:f67a6c6013ca 7809 word32 certSz;
wolfSSL 13:f67a6c6013ca 7810
wolfSSL 13:f67a6c6013ca 7811 if (args->totalCerts >= MAX_CHAIN_DEPTH) {
wolfSSL 13:f67a6c6013ca 7812 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7813 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL 13:f67a6c6013ca 7814 #endif
wolfSSL 13:f67a6c6013ca 7815 ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7816 }
wolfSSL 13:f67a6c6013ca 7817
wolfSSL 13:f67a6c6013ca 7818 if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
wolfSSL 13:f67a6c6013ca 7819 ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7820 }
wolfSSL 13:f67a6c6013ca 7821
wolfSSL 13:f67a6c6013ca 7822 c24to32(input + args->idx, &certSz);
wolfSSL 13:f67a6c6013ca 7823 args->idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 7824
wolfSSL 13:f67a6c6013ca 7825 if ((args->idx - args->begin) + certSz > totalSz) {
wolfSSL 13:f67a6c6013ca 7826 ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 7827 }
wolfSSL 13:f67a6c6013ca 7828
wolfSSL 13:f67a6c6013ca 7829 args->certs[args->totalCerts].length = certSz;
wolfSSL 13:f67a6c6013ca 7830 args->certs[args->totalCerts].buffer = input + args->idx;
wolfSSL 13:f67a6c6013ca 7831
wolfSSL 13:f67a6c6013ca 7832 #ifdef SESSION_CERTS
wolfSSL 13:f67a6c6013ca 7833 if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
wolfSSL 13:f67a6c6013ca 7834 certSz < MAX_X509_SIZE) {
wolfSSL 13:f67a6c6013ca 7835 ssl->session.chain.certs[
wolfSSL 13:f67a6c6013ca 7836 ssl->session.chain.count].length = certSz;
wolfSSL 13:f67a6c6013ca 7837 XMEMCPY(ssl->session.chain.certs[
wolfSSL 13:f67a6c6013ca 7838 ssl->session.chain.count].buffer,
wolfSSL 13:f67a6c6013ca 7839 input + args->idx, certSz);
wolfSSL 13:f67a6c6013ca 7840 ssl->session.chain.count++;
wolfSSL 13:f67a6c6013ca 7841 }
wolfSSL 13:f67a6c6013ca 7842 else {
wolfSSL 13:f67a6c6013ca 7843 WOLFSSL_MSG("Couldn't store chain cert for session");
wolfSSL 13:f67a6c6013ca 7844 }
wolfSSL 13:f67a6c6013ca 7845 #endif /* SESSION_CERTS */
wolfSSL 13:f67a6c6013ca 7846
wolfSSL 13:f67a6c6013ca 7847 args->idx += certSz;
wolfSSL 13:f67a6c6013ca 7848 listSz -= certSz + CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 7849
wolfSSL 13:f67a6c6013ca 7850 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 7851 /* Extensions */
wolfSSL 13:f67a6c6013ca 7852 if (ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 7853 word16 extSz;
wolfSSL 13:f67a6c6013ca 7854
wolfSSL 13:f67a6c6013ca 7855 if ((args->idx - args->begin) + OPAQUE16_LEN > totalSz)
wolfSSL 13:f67a6c6013ca 7856 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 7857 ato16(input + args->idx, &extSz);
wolfSSL 13:f67a6c6013ca 7858 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 7859 if ((args->idx - args->begin) + extSz > totalSz)
wolfSSL 13:f67a6c6013ca 7860 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 7861 /* Store extension data info for later processing. */
wolfSSL 13:f67a6c6013ca 7862 args->exts[args->totalCerts].length = extSz;
wolfSSL 13:f67a6c6013ca 7863 args->exts[args->totalCerts].buffer = input + args->idx;
wolfSSL 13:f67a6c6013ca 7864 args->idx += extSz;
wolfSSL 13:f67a6c6013ca 7865 listSz -= extSz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 7866 }
wolfSSL 13:f67a6c6013ca 7867 #endif
wolfSSL 13:f67a6c6013ca 7868
wolfSSL 13:f67a6c6013ca 7869 args->totalCerts++;
wolfSSL 13:f67a6c6013ca 7870 WOLFSSL_MSG("\tPut another cert into chain");
wolfSSL 13:f67a6c6013ca 7871 } /* while (listSz) */
wolfSSL 13:f67a6c6013ca 7872
wolfSSL 13:f67a6c6013ca 7873 args->count = args->totalCerts;
wolfSSL 13:f67a6c6013ca 7874 args->certIdx = 0;
wolfSSL 13:f67a6c6013ca 7875
wolfSSL 13:f67a6c6013ca 7876 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 7877 args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 13:f67a6c6013ca 7878 DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 7879 if (args->dCert == NULL) {
wolfSSL 13:f67a6c6013ca 7880 ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL 13:f67a6c6013ca 7881 }
wolfSSL 13:f67a6c6013ca 7882
wolfSSL 13:f67a6c6013ca 7883 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 7884 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 7885 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 7886 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 7887
wolfSSL 13:f67a6c6013ca 7888 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 7889 {
wolfSSL 13:f67a6c6013ca 7890 if (args->count > 0) {
wolfSSL 13:f67a6c6013ca 7891 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 7892 if (args->certIdx == 0) {
wolfSSL 13:f67a6c6013ca 7893 /* if using trusted peer certs check before verify chain
wolfSSL 13:f67a6c6013ca 7894 and CA test */
wolfSSL 13:f67a6c6013ca 7895 TrustedPeerCert* tp;
wolfSSL 13:f67a6c6013ca 7896
wolfSSL 13:f67a6c6013ca 7897 if (!args->dCertInit) {
wolfSSL 13:f67a6c6013ca 7898 InitDecodedCert(args->dCert,
wolfSSL 13:f67a6c6013ca 7899 args->certs[args->certIdx].buffer,
wolfSSL 13:f67a6c6013ca 7900 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 13:f67a6c6013ca 7901 args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
wolfSSL 13:f67a6c6013ca 7902 args->dCertInit = 1;
wolfSSL 13:f67a6c6013ca 7903 }
wolfSSL 13:f67a6c6013ca 7904
wolfSSL 13:f67a6c6013ca 7905 ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
wolfSSL 13:f67a6c6013ca 7906 ssl->ctx->cm);
wolfSSL 13:f67a6c6013ca 7907 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 7908 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 7909 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 7910 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 13:f67a6c6013ca 7911 args->dCert->sigCtx.asyncDev,
wolfSSL 13:f67a6c6013ca 7912 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 7913 }
wolfSSL 13:f67a6c6013ca 7914 #endif
wolfSSL 13:f67a6c6013ca 7915 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 7916 }
wolfSSL 13:f67a6c6013ca 7917
wolfSSL 13:f67a6c6013ca 7918 #ifndef NO_SKID
wolfSSL 13:f67a6c6013ca 7919 if (args->dCert->extAuthKeyIdSet) {
wolfSSL 13:f67a6c6013ca 7920 tp = GetTrustedPeer(ssl->ctx->cm,
wolfSSL 13:f67a6c6013ca 7921 args->dCert->extSubjKeyId, WC_MATCH_SKID);
wolfSSL 13:f67a6c6013ca 7922 }
wolfSSL 13:f67a6c6013ca 7923 else { /* if the cert has no SKID try to match by name */
wolfSSL 13:f67a6c6013ca 7924 tp = GetTrustedPeer(ssl->ctx->cm,
wolfSSL 13:f67a6c6013ca 7925 args->dCert->subjectHash, WC_MATCH_NAME);
wolfSSL 13:f67a6c6013ca 7926 }
wolfSSL 13:f67a6c6013ca 7927 #else /* NO_SKID */
wolfSSL 13:f67a6c6013ca 7928 tp = GetTrustedPeer(ssl->ctx->cm, args->dCert->subjectHash,
wolfSSL 13:f67a6c6013ca 7929 WC_MATCH_NAME);
wolfSSL 13:f67a6c6013ca 7930 #endif /* NO SKID */
wolfSSL 13:f67a6c6013ca 7931 WOLFSSL_MSG("Checking for trusted peer cert");
wolfSSL 13:f67a6c6013ca 7932
wolfSSL 13:f67a6c6013ca 7933 if (tp == NULL) {
wolfSSL 13:f67a6c6013ca 7934 /* no trusted peer cert */
wolfSSL 13:f67a6c6013ca 7935 WOLFSSL_MSG("No matching trusted peer cert. "
wolfSSL 13:f67a6c6013ca 7936 "Checking CAs");
wolfSSL 13:f67a6c6013ca 7937 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 7938 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 7939 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7940 args->untrustedDepth = 1;
wolfSSL 13:f67a6c6013ca 7941 #endif
wolfSSL 13:f67a6c6013ca 7942 } else if (MatchTrustedPeer(tp, args->dCert)){
wolfSSL 13:f67a6c6013ca 7943 WOLFSSL_MSG("Found matching trusted peer cert");
wolfSSL 13:f67a6c6013ca 7944 haveTrustPeer = 1;
wolfSSL 13:f67a6c6013ca 7945 } else {
wolfSSL 13:f67a6c6013ca 7946 WOLFSSL_MSG("Trusted peer cert did not match!");
wolfSSL 13:f67a6c6013ca 7947 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 7948 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 7949 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7950 args->untrustedDepth = 1;
wolfSSL 13:f67a6c6013ca 7951 #endif
wolfSSL 13:f67a6c6013ca 7952 }
wolfSSL 13:f67a6c6013ca 7953 }
wolfSSL 13:f67a6c6013ca 7954 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 13:f67a6c6013ca 7955 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 7956 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 7957 else
wolfSSL 13:f67a6c6013ca 7958 #endif
wolfSSL 13:f67a6c6013ca 7959 if (args->certIdx == 0) {
wolfSSL 13:f67a6c6013ca 7960 byte* subjectHash;
wolfSSL 13:f67a6c6013ca 7961
wolfSSL 13:f67a6c6013ca 7962 if (!args->dCertInit) {
wolfSSL 13:f67a6c6013ca 7963 InitDecodedCert(args->dCert,
wolfSSL 13:f67a6c6013ca 7964 args->certs[args->certIdx].buffer,
wolfSSL 13:f67a6c6013ca 7965 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 13:f67a6c6013ca 7966 args->dCert->sigCtx.devId = ssl->devId;
wolfSSL 13:f67a6c6013ca 7967 args->dCertInit = 1;
wolfSSL 13:f67a6c6013ca 7968 }
wolfSSL 13:f67a6c6013ca 7969
wolfSSL 13:f67a6c6013ca 7970 ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
wolfSSL 13:f67a6c6013ca 7971 ssl->ctx->cm);
wolfSSL 13:f67a6c6013ca 7972 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 7973 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 7974 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 7975 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 13:f67a6c6013ca 7976 args->dCert->sigCtx.asyncDev,
wolfSSL 13:f67a6c6013ca 7977 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 7978 }
wolfSSL 13:f67a6c6013ca 7979 #endif
wolfSSL 13:f67a6c6013ca 7980 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 7981 }
wolfSSL 13:f67a6c6013ca 7982
wolfSSL 13:f67a6c6013ca 7983 #ifndef NO_SKID
wolfSSL 13:f67a6c6013ca 7984 subjectHash = args->dCert->extSubjKeyId;
wolfSSL 13:f67a6c6013ca 7985 #else
wolfSSL 13:f67a6c6013ca 7986 subjectHash = args->dCert->subjectHash;
wolfSSL 13:f67a6c6013ca 7987 #endif
wolfSSL 13:f67a6c6013ca 7988 if (!AlreadySigner(ssl->ctx->cm, subjectHash))
wolfSSL 13:f67a6c6013ca 7989 args->untrustedDepth = 1;
wolfSSL 13:f67a6c6013ca 7990 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 7991 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 7992 }
wolfSSL 13:f67a6c6013ca 7993 #endif
wolfSSL 13:f67a6c6013ca 7994
wolfSSL 13:f67a6c6013ca 7995 /* verify up to peer's first */
wolfSSL 13:f67a6c6013ca 7996 /* do not verify chain if trusted peer cert found */
wolfSSL 13:f67a6c6013ca 7997 while (args->count > 1
wolfSSL 13:f67a6c6013ca 7998 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 7999 && !haveTrustPeer
wolfSSL 13:f67a6c6013ca 8000 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 13:f67a6c6013ca 8001 ) {
wolfSSL 13:f67a6c6013ca 8002 byte* subjectHash;
wolfSSL 13:f67a6c6013ca 8003
wolfSSL 13:f67a6c6013ca 8004 args->certIdx = args->count - 1;
wolfSSL 13:f67a6c6013ca 8005
wolfSSL 13:f67a6c6013ca 8006 if (!args->dCertInit) {
wolfSSL 13:f67a6c6013ca 8007 InitDecodedCert(args->dCert,
wolfSSL 13:f67a6c6013ca 8008 args->certs[args->certIdx].buffer,
wolfSSL 13:f67a6c6013ca 8009 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 13:f67a6c6013ca 8010 args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
wolfSSL 13:f67a6c6013ca 8011 args->dCertInit = 1;
wolfSSL 13:f67a6c6013ca 8012 }
wolfSSL 13:f67a6c6013ca 8013
wolfSSL 13:f67a6c6013ca 8014 ret = ParseCertRelative(args->dCert, CERT_TYPE,
wolfSSL 13:f67a6c6013ca 8015 !ssl->options.verifyNone, ssl->ctx->cm);
wolfSSL 13:f67a6c6013ca 8016 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8017 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 8018 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 13:f67a6c6013ca 8019 args->dCert->sigCtx.asyncDev,
wolfSSL 13:f67a6c6013ca 8020 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 8021 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8022 }
wolfSSL 13:f67a6c6013ca 8023 #endif
wolfSSL 13:f67a6c6013ca 8024
wolfSSL 13:f67a6c6013ca 8025 #ifndef NO_SKID
wolfSSL 13:f67a6c6013ca 8026 subjectHash = args->dCert->extSubjKeyId;
wolfSSL 13:f67a6c6013ca 8027 #else
wolfSSL 13:f67a6c6013ca 8028 subjectHash = args->dCert->subjectHash;
wolfSSL 13:f67a6c6013ca 8029 #endif
wolfSSL 13:f67a6c6013ca 8030
wolfSSL 13:f67a6c6013ca 8031 /* Check key sizes for certs. Is redundent check since
wolfSSL 13:f67a6c6013ca 8032 ProcessBuffer also performs this check. */
wolfSSL 13:f67a6c6013ca 8033 if (!ssl->options.verifyNone) {
wolfSSL 13:f67a6c6013ca 8034 switch (args->dCert->keyOID) {
wolfSSL 13:f67a6c6013ca 8035 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 8036 case RSAk:
wolfSSL 13:f67a6c6013ca 8037 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 13:f67a6c6013ca 8038 args->dCert->pubKeySize <
wolfSSL 13:f67a6c6013ca 8039 (word16)ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 8040 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8041 "RSA key size in cert chain error");
wolfSSL 13:f67a6c6013ca 8042 ret = RSA_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8043 }
wolfSSL 13:f67a6c6013ca 8044 break;
wolfSSL 13:f67a6c6013ca 8045 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 8046 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 8047 case ECDSAk:
wolfSSL 13:f67a6c6013ca 8048 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 13:f67a6c6013ca 8049 args->dCert->pubKeySize <
wolfSSL 13:f67a6c6013ca 8050 (word16)ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 8051 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8052 "ECC key size in cert chain error");
wolfSSL 13:f67a6c6013ca 8053 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8054 }
wolfSSL 13:f67a6c6013ca 8055 break;
wolfSSL 13:f67a6c6013ca 8056 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 8057 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 8058 case ED25519k:
wolfSSL 13:f67a6c6013ca 8059 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 13:f67a6c6013ca 8060 ED25519_KEY_SIZE <
wolfSSL 13:f67a6c6013ca 8061 (word16)ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 8062 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8063 "ECC key size in cert chain error");
wolfSSL 13:f67a6c6013ca 8064 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8065 }
wolfSSL 13:f67a6c6013ca 8066 break;
wolfSSL 13:f67a6c6013ca 8067 #endif /* HAVE_ED25519 */
wolfSSL 13:f67a6c6013ca 8068 default:
wolfSSL 13:f67a6c6013ca 8069 WOLFSSL_MSG("Key size not checked");
wolfSSL 13:f67a6c6013ca 8070 /* key not being checked for size if not in
wolfSSL 13:f67a6c6013ca 8071 switch */
wolfSSL 13:f67a6c6013ca 8072 break;
wolfSSL 13:f67a6c6013ca 8073 } /* switch (dCert->keyOID) */
wolfSSL 13:f67a6c6013ca 8074 } /* if (!ssl->options.verifyNone) */
wolfSSL 13:f67a6c6013ca 8075
wolfSSL 13:f67a6c6013ca 8076 if (ret == 0 && args->dCert->isCA == 0) {
wolfSSL 13:f67a6c6013ca 8077 WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL 13:f67a6c6013ca 8078 }
wolfSSL 13:f67a6c6013ca 8079 else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL 13:f67a6c6013ca 8080 WOLFSSL_MSG("Chain cert not verified by option, not adding as CA");
wolfSSL 13:f67a6c6013ca 8081 }
wolfSSL 13:f67a6c6013ca 8082 else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
wolfSSL 13:f67a6c6013ca 8083 DerBuffer* add = NULL;
wolfSSL 13:f67a6c6013ca 8084 ret = AllocDer(&add, args->certs[args->certIdx].length,
wolfSSL 13:f67a6c6013ca 8085 CA_TYPE, ssl->heap);
wolfSSL 13:f67a6c6013ca 8086 if (ret < 0)
wolfSSL 13:f67a6c6013ca 8087 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8088
wolfSSL 13:f67a6c6013ca 8089 WOLFSSL_MSG("Adding CA from chain");
wolfSSL 13:f67a6c6013ca 8090
wolfSSL 13:f67a6c6013ca 8091 XMEMCPY(add->buffer, args->certs[args->certIdx].buffer,
wolfSSL 13:f67a6c6013ca 8092 args->certs[args->certIdx].length);
wolfSSL 13:f67a6c6013ca 8093
wolfSSL 13:f67a6c6013ca 8094
wolfSSL 13:f67a6c6013ca 8095 #ifdef WOLFSSL_NGINX
wolfSSL 13:f67a6c6013ca 8096 if (args->certIdx > args->untrustedDepth)
wolfSSL 13:f67a6c6013ca 8097 args->untrustedDepth = args->certIdx + 1;
wolfSSL 13:f67a6c6013ca 8098 #endif
wolfSSL 13:f67a6c6013ca 8099
wolfSSL 13:f67a6c6013ca 8100 /* already verified above */
wolfSSL 13:f67a6c6013ca 8101 ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0);
wolfSSL 13:f67a6c6013ca 8102 if (ret == 1) {
wolfSSL 13:f67a6c6013ca 8103 ret = 0; /* SSL_SUCCESS for external */
wolfSSL 13:f67a6c6013ca 8104 }
wolfSSL 13:f67a6c6013ca 8105 }
wolfSSL 13:f67a6c6013ca 8106 else if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8107 WOLFSSL_MSG("Failed to verify CA from chain");
wolfSSL 13:f67a6c6013ca 8108 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8109 ssl->peerVerifyRet = X509_V_ERR_INVALID_CA;
wolfSSL 13:f67a6c6013ca 8110 #endif
wolfSSL 13:f67a6c6013ca 8111 }
wolfSSL 13:f67a6c6013ca 8112 else {
wolfSSL 13:f67a6c6013ca 8113 WOLFSSL_MSG("Verified CA from chain and already had it");
wolfSSL 13:f67a6c6013ca 8114 }
wolfSSL 13:f67a6c6013ca 8115
wolfSSL 13:f67a6c6013ca 8116 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 13:f67a6c6013ca 8117 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 8118 int doCrlLookup = 1;
wolfSSL 13:f67a6c6013ca 8119 #ifdef HAVE_OCSP
wolfSSL 13:f67a6c6013ca 8120 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 8121 if (ssl->status_request_v2) {
wolfSSL 13:f67a6c6013ca 8122 ret = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL 13:f67a6c6013ca 8123 args->dCert, 0, ssl->heap);
wolfSSL 13:f67a6c6013ca 8124 }
wolfSSL 13:f67a6c6013ca 8125 else /* skips OCSP and force CRL check */
wolfSSL 13:f67a6c6013ca 8126 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 13:f67a6c6013ca 8127 if (ssl->ctx->cm->ocspEnabled &&
wolfSSL 13:f67a6c6013ca 8128 ssl->ctx->cm->ocspCheckAll) {
wolfSSL 13:f67a6c6013ca 8129 WOLFSSL_MSG("Doing Non Leaf OCSP check");
wolfSSL 13:f67a6c6013ca 8130 ret = CheckCertOCSP(ssl->ctx->cm->ocsp, args->dCert,
wolfSSL 13:f67a6c6013ca 8131 NULL);
wolfSSL 13:f67a6c6013ca 8132 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8133 /* non-blocking socket re-entry requires async */
wolfSSL 13:f67a6c6013ca 8134 if (ret == WANT_READ) {
wolfSSL 13:f67a6c6013ca 8135 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8136 }
wolfSSL 13:f67a6c6013ca 8137 #endif
wolfSSL 13:f67a6c6013ca 8138 doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 13:f67a6c6013ca 8139 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8140 doCrlLookup = 0;
wolfSSL 13:f67a6c6013ca 8141 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 13:f67a6c6013ca 8142 }
wolfSSL 13:f67a6c6013ca 8143 }
wolfSSL 13:f67a6c6013ca 8144 #endif /* HAVE_OCSP */
wolfSSL 13:f67a6c6013ca 8145
wolfSSL 13:f67a6c6013ca 8146 #ifdef HAVE_CRL
wolfSSL 13:f67a6c6013ca 8147 if (ret == 0 && doCrlLookup &&
wolfSSL 13:f67a6c6013ca 8148 ssl->ctx->cm->crlEnabled &&
wolfSSL 13:f67a6c6013ca 8149 ssl->ctx->cm->crlCheckAll) {
wolfSSL 13:f67a6c6013ca 8150 WOLFSSL_MSG("Doing Non Leaf CRL check");
wolfSSL 13:f67a6c6013ca 8151 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL 13:f67a6c6013ca 8152 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8153 /* non-blocking socket re-entry requires async */
wolfSSL 13:f67a6c6013ca 8154 if (ret == WANT_READ) {
wolfSSL 13:f67a6c6013ca 8155 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8156 }
wolfSSL 13:f67a6c6013ca 8157 #endif
wolfSSL 13:f67a6c6013ca 8158 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8159 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 13:f67a6c6013ca 8160 }
wolfSSL 13:f67a6c6013ca 8161 }
wolfSSL 13:f67a6c6013ca 8162 #endif /* HAVE_CRL */
wolfSSL 13:f67a6c6013ca 8163 (void)doCrlLookup;
wolfSSL 13:f67a6c6013ca 8164 }
wolfSSL 13:f67a6c6013ca 8165 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 13:f67a6c6013ca 8166
wolfSSL 13:f67a6c6013ca 8167 if (ret != 0 && args->lastErr == 0) {
wolfSSL 13:f67a6c6013ca 8168 args->lastErr = ret; /* save error from last time */
wolfSSL 13:f67a6c6013ca 8169 ret = 0; /* reset error */
wolfSSL 13:f67a6c6013ca 8170 }
wolfSSL 13:f67a6c6013ca 8171
wolfSSL 13:f67a6c6013ca 8172 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 8173 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 8174 args->count--;
wolfSSL 13:f67a6c6013ca 8175 } /* while (count > 0 && !haveTrustPeer) */
wolfSSL 13:f67a6c6013ca 8176 } /* if (count > 0) */
wolfSSL 13:f67a6c6013ca 8177
wolfSSL 13:f67a6c6013ca 8178 /* Check for error */
wolfSSL 13:f67a6c6013ca 8179 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8180 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8181 }
wolfSSL 13:f67a6c6013ca 8182
wolfSSL 13:f67a6c6013ca 8183 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 8184 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 8185 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 8186 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 8187
wolfSSL 13:f67a6c6013ca 8188 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 8189 {
wolfSSL 13:f67a6c6013ca 8190 /* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL 13:f67a6c6013ca 8191 if (args->count > 0) {
wolfSSL 13:f67a6c6013ca 8192 WOLFSSL_MSG("Verifying Peer's cert");
wolfSSL 13:f67a6c6013ca 8193
wolfSSL 13:f67a6c6013ca 8194 args->certIdx = 0;
wolfSSL 13:f67a6c6013ca 8195
wolfSSL 13:f67a6c6013ca 8196 if (!args->dCertInit) {
wolfSSL 13:f67a6c6013ca 8197 InitDecodedCert(args->dCert,
wolfSSL 13:f67a6c6013ca 8198 args->certs[args->certIdx].buffer,
wolfSSL 13:f67a6c6013ca 8199 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 13:f67a6c6013ca 8200 args->dCertInit = 1;
wolfSSL 13:f67a6c6013ca 8201 }
wolfSSL 13:f67a6c6013ca 8202
wolfSSL 13:f67a6c6013ca 8203 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 13:f67a6c6013ca 8204 if (!haveTrustPeer)
wolfSSL 13:f67a6c6013ca 8205 #endif
wolfSSL 13:f67a6c6013ca 8206 { /* only parse if not already present in dCert from above */
wolfSSL 13:f67a6c6013ca 8207 ret = ParseCertRelative(args->dCert, CERT_TYPE,
wolfSSL 13:f67a6c6013ca 8208 !ssl->options.verifyNone, ssl->ctx->cm);
wolfSSL 13:f67a6c6013ca 8209 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8210 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 8211 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 13:f67a6c6013ca 8212 args->dCert->sigCtx.asyncDev,
wolfSSL 13:f67a6c6013ca 8213 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 8214 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8215 }
wolfSSL 13:f67a6c6013ca 8216 #endif
wolfSSL 13:f67a6c6013ca 8217 }
wolfSSL 13:f67a6c6013ca 8218
wolfSSL 13:f67a6c6013ca 8219 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 8220 WOLFSSL_MSG("Verified Peer's cert");
wolfSSL 13:f67a6c6013ca 8221 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8222 ssl->peerVerifyRet = X509_V_OK;
wolfSSL 13:f67a6c6013ca 8223 #endif
wolfSSL 13:f67a6c6013ca 8224 args->fatal = 0;
wolfSSL 13:f67a6c6013ca 8225 }
wolfSSL 13:f67a6c6013ca 8226 else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
wolfSSL 13:f67a6c6013ca 8227 WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
wolfSSL 13:f67a6c6013ca 8228 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8229 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 13:f67a6c6013ca 8230 #endif
wolfSSL 13:f67a6c6013ca 8231 args->fatal = 1;
wolfSSL 13:f67a6c6013ca 8232 }
wolfSSL 13:f67a6c6013ca 8233 else {
wolfSSL 13:f67a6c6013ca 8234 WOLFSSL_MSG("Failed to verify Peer's cert");
wolfSSL 13:f67a6c6013ca 8235 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8236 ssl->peerVerifyRet = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
wolfSSL 13:f67a6c6013ca 8237 #endif
wolfSSL 13:f67a6c6013ca 8238 if (ssl->verifyCallback) {
wolfSSL 13:f67a6c6013ca 8239 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8240 "\tCallback override available, will continue");
wolfSSL 13:f67a6c6013ca 8241 args->fatal = 0;
wolfSSL 13:f67a6c6013ca 8242 }
wolfSSL 13:f67a6c6013ca 8243 else {
wolfSSL 13:f67a6c6013ca 8244 WOLFSSL_MSG("\tNo callback override available, fatal");
wolfSSL 13:f67a6c6013ca 8245 args->fatal = 1;
wolfSSL 13:f67a6c6013ca 8246 }
wolfSSL 13:f67a6c6013ca 8247 }
wolfSSL 13:f67a6c6013ca 8248
wolfSSL 13:f67a6c6013ca 8249 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 8250 if (args->fatal == 0 && ssl->secure_renegotiation
wolfSSL 13:f67a6c6013ca 8251 && ssl->secure_renegotiation->enabled) {
wolfSSL 13:f67a6c6013ca 8252
wolfSSL 13:f67a6c6013ca 8253 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 8254 /* compare against previous time */
wolfSSL 13:f67a6c6013ca 8255 if (XMEMCMP(args->dCert->subjectHash,
wolfSSL 13:f67a6c6013ca 8256 ssl->secure_renegotiation->subject_hash,
wolfSSL 13:f67a6c6013ca 8257 SHA_DIGEST_SIZE) != 0) {
wolfSSL 13:f67a6c6013ca 8258 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8259 "Peer sent different cert during scr, fatal");
wolfSSL 13:f67a6c6013ca 8260 args->fatal = 1;
wolfSSL 13:f67a6c6013ca 8261 ret = SCR_DIFFERENT_CERT_E;
wolfSSL 13:f67a6c6013ca 8262 }
wolfSSL 13:f67a6c6013ca 8263 }
wolfSSL 13:f67a6c6013ca 8264
wolfSSL 13:f67a6c6013ca 8265 /* cache peer's hash */
wolfSSL 13:f67a6c6013ca 8266 if (args->fatal == 0) {
wolfSSL 13:f67a6c6013ca 8267 XMEMCPY(ssl->secure_renegotiation->subject_hash,
wolfSSL 13:f67a6c6013ca 8268 args->dCert->subjectHash, SHA_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 8269 }
wolfSSL 13:f67a6c6013ca 8270 }
wolfSSL 13:f67a6c6013ca 8271 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 13:f67a6c6013ca 8272
wolfSSL 13:f67a6c6013ca 8273 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 13:f67a6c6013ca 8274 if (args->fatal == 0) {
wolfSSL 13:f67a6c6013ca 8275 int doLookup = 1;
wolfSSL 13:f67a6c6013ca 8276
wolfSSL 13:f67a6c6013ca 8277 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 8278 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 13:f67a6c6013ca 8279 if (ssl->status_request) {
wolfSSL 13:f67a6c6013ca 8280 args->fatal = TLSX_CSR_InitRequest(ssl->extensions,
wolfSSL 13:f67a6c6013ca 8281 args->dCert, ssl->heap);
wolfSSL 13:f67a6c6013ca 8282 doLookup = 0;
wolfSSL 13:f67a6c6013ca 8283 }
wolfSSL 13:f67a6c6013ca 8284 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 13:f67a6c6013ca 8285 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 8286 if (ssl->status_request_v2) {
wolfSSL 13:f67a6c6013ca 8287 args->fatal = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL 13:f67a6c6013ca 8288 args->dCert, 1, ssl->heap);
wolfSSL 13:f67a6c6013ca 8289 doLookup = 0;
wolfSSL 13:f67a6c6013ca 8290 }
wolfSSL 13:f67a6c6013ca 8291 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 13:f67a6c6013ca 8292 }
wolfSSL 13:f67a6c6013ca 8293
wolfSSL 13:f67a6c6013ca 8294 #ifdef HAVE_OCSP
wolfSSL 13:f67a6c6013ca 8295 if (doLookup && ssl->ctx->cm->ocspEnabled) {
wolfSSL 13:f67a6c6013ca 8296 WOLFSSL_MSG("Doing Leaf OCSP check");
wolfSSL 13:f67a6c6013ca 8297 ret = CheckCertOCSP(ssl->ctx->cm->ocsp, args->dCert,
wolfSSL 13:f67a6c6013ca 8298 NULL);
wolfSSL 13:f67a6c6013ca 8299 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8300 /* non-blocking socket re-entry requires async */
wolfSSL 13:f67a6c6013ca 8301 if (ret == WANT_READ) {
wolfSSL 13:f67a6c6013ca 8302 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8303 }
wolfSSL 13:f67a6c6013ca 8304 #endif
wolfSSL 13:f67a6c6013ca 8305 doLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 13:f67a6c6013ca 8306 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8307 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 13:f67a6c6013ca 8308 args->fatal = 0;
wolfSSL 13:f67a6c6013ca 8309 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8310 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 13:f67a6c6013ca 8311 #endif
wolfSSL 13:f67a6c6013ca 8312 }
wolfSSL 13:f67a6c6013ca 8313 }
wolfSSL 13:f67a6c6013ca 8314 #endif /* HAVE_OCSP */
wolfSSL 13:f67a6c6013ca 8315
wolfSSL 13:f67a6c6013ca 8316 #ifdef HAVE_CRL
wolfSSL 13:f67a6c6013ca 8317 if (doLookup && ssl->ctx->cm->crlEnabled) {
wolfSSL 13:f67a6c6013ca 8318 WOLFSSL_MSG("Doing Leaf CRL check");
wolfSSL 13:f67a6c6013ca 8319 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL 13:f67a6c6013ca 8320 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8321 /* non-blocking socket re-entry requires async */
wolfSSL 13:f67a6c6013ca 8322 if (ret == WANT_READ) {
wolfSSL 13:f67a6c6013ca 8323 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8324 }
wolfSSL 13:f67a6c6013ca 8325 #endif
wolfSSL 13:f67a6c6013ca 8326 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8327 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 13:f67a6c6013ca 8328 args->fatal = 0;
wolfSSL 13:f67a6c6013ca 8329 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8330 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 13:f67a6c6013ca 8331 #endif
wolfSSL 13:f67a6c6013ca 8332 }
wolfSSL 13:f67a6c6013ca 8333 }
wolfSSL 13:f67a6c6013ca 8334 #endif /* HAVE_CRL */
wolfSSL 13:f67a6c6013ca 8335 (void)doLookup;
wolfSSL 13:f67a6c6013ca 8336 }
wolfSSL 13:f67a6c6013ca 8337 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 13:f67a6c6013ca 8338
wolfSSL 13:f67a6c6013ca 8339 #ifdef KEEP_PEER_CERT
wolfSSL 13:f67a6c6013ca 8340 if (args->fatal == 0) {
wolfSSL 13:f67a6c6013ca 8341 /* set X509 format for peer cert */
wolfSSL 13:f67a6c6013ca 8342 int copyRet = CopyDecodedToX509(&ssl->peerCert,
wolfSSL 13:f67a6c6013ca 8343 args->dCert);
wolfSSL 13:f67a6c6013ca 8344 if (copyRet == MEMORY_E)
wolfSSL 13:f67a6c6013ca 8345 args->fatal = 1;
wolfSSL 13:f67a6c6013ca 8346 }
wolfSSL 13:f67a6c6013ca 8347 #endif /* KEEP_PEER_CERT */
wolfSSL 13:f67a6c6013ca 8348
wolfSSL 13:f67a6c6013ca 8349 #ifndef IGNORE_KEY_EXTENSIONS
wolfSSL 13:f67a6c6013ca 8350 if (args->dCert->extKeyUsageSet) {
wolfSSL 13:f67a6c6013ca 8351 if ((ssl->specs.kea == rsa_kea) &&
wolfSSL 13:f67a6c6013ca 8352 (ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 13:f67a6c6013ca 8353 (args->dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL 13:f67a6c6013ca 8354 ret = KEYUSE_ENCIPHER_E;
wolfSSL 13:f67a6c6013ca 8355 }
wolfSSL 13:f67a6c6013ca 8356 if ((ssl->specs.sig_algo == rsa_sa_algo ||
wolfSSL 13:f67a6c6013ca 8357 (ssl->specs.sig_algo == ecc_dsa_sa_algo &&
wolfSSL 13:f67a6c6013ca 8358 !ssl->specs.static_ecdh)) &&
wolfSSL 13:f67a6c6013ca 8359 (args->dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL 13:f67a6c6013ca 8360 WOLFSSL_MSG("KeyUse Digital Sig not set");
wolfSSL 13:f67a6c6013ca 8361 ret = KEYUSE_SIGNATURE_E;
wolfSSL 13:f67a6c6013ca 8362 }
wolfSSL 13:f67a6c6013ca 8363 }
wolfSSL 13:f67a6c6013ca 8364
wolfSSL 13:f67a6c6013ca 8365 if (args->dCert->extExtKeyUsageSet) {
wolfSSL 13:f67a6c6013ca 8366 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 8367 if ((args->dCert->extExtKeyUsage &
wolfSSL 13:f67a6c6013ca 8368 (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL 13:f67a6c6013ca 8369 WOLFSSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL 13:f67a6c6013ca 8370 ret = EXTKEYUSE_AUTH_E;
wolfSSL 13:f67a6c6013ca 8371 }
wolfSSL 13:f67a6c6013ca 8372 }
wolfSSL 13:f67a6c6013ca 8373 else {
wolfSSL 13:f67a6c6013ca 8374 if ((args->dCert->extExtKeyUsage &
wolfSSL 13:f67a6c6013ca 8375 (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL 13:f67a6c6013ca 8376 WOLFSSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL 13:f67a6c6013ca 8377 ret = EXTKEYUSE_AUTH_E;
wolfSSL 13:f67a6c6013ca 8378 }
wolfSSL 13:f67a6c6013ca 8379 }
wolfSSL 13:f67a6c6013ca 8380 }
wolfSSL 13:f67a6c6013ca 8381 #endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL 13:f67a6c6013ca 8382
wolfSSL 13:f67a6c6013ca 8383 if (args->fatal) {
wolfSSL 13:f67a6c6013ca 8384 ssl->error = ret;
wolfSSL 13:f67a6c6013ca 8385 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8386 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 13:f67a6c6013ca 8387 #endif
wolfSSL 13:f67a6c6013ca 8388 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8389 }
wolfSSL 13:f67a6c6013ca 8390
wolfSSL 13:f67a6c6013ca 8391 ssl->options.havePeerCert = 1;
wolfSSL 13:f67a6c6013ca 8392 } /* if (count > 0) */
wolfSSL 13:f67a6c6013ca 8393
wolfSSL 13:f67a6c6013ca 8394 /* Check for error */
wolfSSL 13:f67a6c6013ca 8395 if (args->fatal && ret != 0) {
wolfSSL 13:f67a6c6013ca 8396 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8397 }
wolfSSL 13:f67a6c6013ca 8398
wolfSSL 13:f67a6c6013ca 8399 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 8400 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 8401 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 8402 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 8403
wolfSSL 13:f67a6c6013ca 8404 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 8405 {
wolfSSL 13:f67a6c6013ca 8406 if (args->count > 0) {
wolfSSL 13:f67a6c6013ca 8407 args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap,
wolfSSL 13:f67a6c6013ca 8408 DYNAMIC_TYPE_STRING);
wolfSSL 13:f67a6c6013ca 8409 if (args->domain == NULL) {
wolfSSL 13:f67a6c6013ca 8410 ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL 13:f67a6c6013ca 8411 }
wolfSSL 13:f67a6c6013ca 8412
wolfSSL 13:f67a6c6013ca 8413 /* store for callback use */
wolfSSL 13:f67a6c6013ca 8414 if (args->dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 13:f67a6c6013ca 8415 XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen);
wolfSSL 13:f67a6c6013ca 8416 args->domain[args->dCert->subjectCNLen] = '\0';
wolfSSL 13:f67a6c6013ca 8417 }
wolfSSL 13:f67a6c6013ca 8418 else {
wolfSSL 13:f67a6c6013ca 8419 args->domain[0] = '\0';
wolfSSL 13:f67a6c6013ca 8420 }
wolfSSL 13:f67a6c6013ca 8421
wolfSSL 13:f67a6c6013ca 8422 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL 13:f67a6c6013ca 8423 if (MatchDomainName(args->dCert->subjectCN,
wolfSSL 13:f67a6c6013ca 8424 args->dCert->subjectCNLen,
wolfSSL 13:f67a6c6013ca 8425 (char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL 13:f67a6c6013ca 8426 WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL 13:f67a6c6013ca 8427 if (CheckAltNames(args->dCert,
wolfSSL 13:f67a6c6013ca 8428 (char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL 13:f67a6c6013ca 8429 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 8430 "DomainName match on alt names failed too");
wolfSSL 13:f67a6c6013ca 8431 /* try to get peer key still */
wolfSSL 13:f67a6c6013ca 8432 ret = DOMAIN_NAME_MISMATCH;
wolfSSL 13:f67a6c6013ca 8433 }
wolfSSL 13:f67a6c6013ca 8434 }
wolfSSL 13:f67a6c6013ca 8435 }
wolfSSL 13:f67a6c6013ca 8436
wolfSSL 13:f67a6c6013ca 8437 /* decode peer key */
wolfSSL 13:f67a6c6013ca 8438 switch (args->dCert->keyOID) {
wolfSSL 13:f67a6c6013ca 8439 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 8440 case RSAk:
wolfSSL 13:f67a6c6013ca 8441 {
wolfSSL 13:f67a6c6013ca 8442 word32 keyIdx = 0;
wolfSSL 13:f67a6c6013ca 8443 int keyRet = 0;
wolfSSL 13:f67a6c6013ca 8444
wolfSSL 13:f67a6c6013ca 8445 if (ssl->peerRsaKey == NULL) {
wolfSSL 13:f67a6c6013ca 8446 keyRet = AllocKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL 13:f67a6c6013ca 8447 (void**)&ssl->peerRsaKey);
wolfSSL 13:f67a6c6013ca 8448 } else if (ssl->peerRsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 8449 keyRet = ReuseKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL 13:f67a6c6013ca 8450 ssl->peerRsaKey);
wolfSSL 13:f67a6c6013ca 8451 ssl->peerRsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 8452 }
wolfSSL 13:f67a6c6013ca 8453
wolfSSL 13:f67a6c6013ca 8454 if (keyRet != 0 || wc_RsaPublicKeyDecode(
wolfSSL 13:f67a6c6013ca 8455 args->dCert->publicKey, &keyIdx, ssl->peerRsaKey,
wolfSSL 13:f67a6c6013ca 8456 args->dCert->pubKeySize) != 0) {
wolfSSL 13:f67a6c6013ca 8457 ret = PEER_KEY_ERROR;
wolfSSL 13:f67a6c6013ca 8458 }
wolfSSL 13:f67a6c6013ca 8459 else {
wolfSSL 13:f67a6c6013ca 8460 ssl->peerRsaKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 8461 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 8462 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 8463 ssl->buffers.peerRsaKey.buffer =
wolfSSL 13:f67a6c6013ca 8464 (byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL 13:f67a6c6013ca 8465 ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 13:f67a6c6013ca 8466 if (ssl->buffers.peerRsaKey.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 8467 ret = MEMORY_ERROR;
wolfSSL 13:f67a6c6013ca 8468 }
wolfSSL 13:f67a6c6013ca 8469 else {
wolfSSL 13:f67a6c6013ca 8470 XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL 13:f67a6c6013ca 8471 args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8472 args->dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 8473 ssl->buffers.peerRsaKey.length =
wolfSSL 13:f67a6c6013ca 8474 args->dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 8475 }
wolfSSL 13:f67a6c6013ca 8476 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 8477 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 8478 }
wolfSSL 13:f67a6c6013ca 8479
wolfSSL 13:f67a6c6013ca 8480 /* check size of peer RSA key */
wolfSSL 13:f67a6c6013ca 8481 if (ret == 0 && ssl->peerRsaKeyPresent &&
wolfSSL 13:f67a6c6013ca 8482 !ssl->options.verifyNone &&
wolfSSL 13:f67a6c6013ca 8483 wc_RsaEncryptSize(ssl->peerRsaKey)
wolfSSL 13:f67a6c6013ca 8484 < ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 8485 ret = RSA_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8486 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 13:f67a6c6013ca 8487 }
wolfSSL 13:f67a6c6013ca 8488 break;
wolfSSL 13:f67a6c6013ca 8489 }
wolfSSL 13:f67a6c6013ca 8490 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 8491 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 8492 case NTRUk:
wolfSSL 13:f67a6c6013ca 8493 {
wolfSSL 13:f67a6c6013ca 8494 if (args->dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL 13:f67a6c6013ca 8495 ret = PEER_KEY_ERROR;
wolfSSL 13:f67a6c6013ca 8496 }
wolfSSL 13:f67a6c6013ca 8497 else {
wolfSSL 13:f67a6c6013ca 8498 XMEMCPY(ssl->peerNtruKey, args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8499 args->dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 8500 ssl->peerNtruKeyLen =
wolfSSL 13:f67a6c6013ca 8501 (word16)args->dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 8502 ssl->peerNtruKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 8503 }
wolfSSL 13:f67a6c6013ca 8504 break;
wolfSSL 13:f67a6c6013ca 8505 }
wolfSSL 13:f67a6c6013ca 8506 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 8507 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 8508 case ECDSAk:
wolfSSL 13:f67a6c6013ca 8509 {
wolfSSL 13:f67a6c6013ca 8510 int curveId;
wolfSSL 13:f67a6c6013ca 8511 int keyRet = 0;
wolfSSL 13:f67a6c6013ca 8512 if (ssl->peerEccDsaKey == NULL) {
wolfSSL 13:f67a6c6013ca 8513 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 8514 keyRet = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 8515 (void**)&ssl->peerEccDsaKey);
wolfSSL 13:f67a6c6013ca 8516 } else if (ssl->peerEccDsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 8517 keyRet = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 8518 ssl->peerEccDsaKey);
wolfSSL 13:f67a6c6013ca 8519 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 8520 }
wolfSSL 13:f67a6c6013ca 8521
wolfSSL 13:f67a6c6013ca 8522 curveId = wc_ecc_get_oid(args->dCert->keyOID, NULL, NULL);
wolfSSL 13:f67a6c6013ca 8523 if (keyRet != 0 ||
wolfSSL 13:f67a6c6013ca 8524 wc_ecc_import_x963_ex(args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8525 args->dCert->pubKeySize, ssl->peerEccDsaKey,
wolfSSL 13:f67a6c6013ca 8526 curveId) != 0) {
wolfSSL 13:f67a6c6013ca 8527 ret = PEER_KEY_ERROR;
wolfSSL 13:f67a6c6013ca 8528 }
wolfSSL 13:f67a6c6013ca 8529 else {
wolfSSL 13:f67a6c6013ca 8530 ssl->peerEccDsaKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 8531 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 8532 ssl->buffers.peerEccDsaKey.buffer =
wolfSSL 13:f67a6c6013ca 8533 (byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL 13:f67a6c6013ca 8534 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 13:f67a6c6013ca 8535 if (ssl->buffers.peerEccDsaKey.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 8536 ERROR_OUT(MEMORY_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 8537 }
wolfSSL 13:f67a6c6013ca 8538 else {
wolfSSL 13:f67a6c6013ca 8539 XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 13:f67a6c6013ca 8540 args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8541 args->dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 8542 ssl->buffers.peerEccDsaKey.length =
wolfSSL 13:f67a6c6013ca 8543 args->dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 8544 }
wolfSSL 13:f67a6c6013ca 8545 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 8546 }
wolfSSL 13:f67a6c6013ca 8547
wolfSSL 13:f67a6c6013ca 8548 /* check size of peer ECC key */
wolfSSL 13:f67a6c6013ca 8549 if (ret == 0 && ssl->peerEccDsaKeyPresent &&
wolfSSL 13:f67a6c6013ca 8550 !ssl->options.verifyNone &&
wolfSSL 13:f67a6c6013ca 8551 wc_ecc_size(ssl->peerEccDsaKey)
wolfSSL 13:f67a6c6013ca 8552 < ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 8553 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8554 WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL 13:f67a6c6013ca 8555 }
wolfSSL 13:f67a6c6013ca 8556 break;
wolfSSL 13:f67a6c6013ca 8557 }
wolfSSL 13:f67a6c6013ca 8558 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 8559 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 8560 case ED25519k:
wolfSSL 13:f67a6c6013ca 8561 {
wolfSSL 13:f67a6c6013ca 8562 int keyRet = 0;
wolfSSL 13:f67a6c6013ca 8563 if (ssl->peerEd25519Key == NULL) {
wolfSSL 13:f67a6c6013ca 8564 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 8565 keyRet = AllocKey(ssl, DYNAMIC_TYPE_ED25519,
wolfSSL 13:f67a6c6013ca 8566 (void**)&ssl->peerEd25519Key);
wolfSSL 13:f67a6c6013ca 8567 } else if (ssl->peerEd25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 8568 keyRet = ReuseKey(ssl, DYNAMIC_TYPE_ED25519,
wolfSSL 13:f67a6c6013ca 8569 ssl->peerEd25519Key);
wolfSSL 13:f67a6c6013ca 8570 ssl->peerEd25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 8571 }
wolfSSL 13:f67a6c6013ca 8572
wolfSSL 13:f67a6c6013ca 8573 if (keyRet != 0 ||
wolfSSL 13:f67a6c6013ca 8574 wc_ed25519_import_public(args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8575 args->dCert->pubKeySize,
wolfSSL 13:f67a6c6013ca 8576 ssl->peerEd25519Key)
wolfSSL 13:f67a6c6013ca 8577 != 0) {
wolfSSL 13:f67a6c6013ca 8578 ret = PEER_KEY_ERROR;
wolfSSL 13:f67a6c6013ca 8579 }
wolfSSL 13:f67a6c6013ca 8580 else {
wolfSSL 13:f67a6c6013ca 8581 ssl->peerEd25519KeyPresent = 1;
wolfSSL 13:f67a6c6013ca 8582 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 8583 ssl->buffers.peerEd25519Key.buffer =
wolfSSL 13:f67a6c6013ca 8584 (byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL 13:f67a6c6013ca 8585 ssl->heap, DYNAMIC_TYPE_ED25519);
wolfSSL 13:f67a6c6013ca 8586 if (ssl->buffers.peerEd25519Key.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 8587 ERROR_OUT(MEMORY_ERROR, exit_ppc);
wolfSSL 13:f67a6c6013ca 8588 }
wolfSSL 13:f67a6c6013ca 8589 else {
wolfSSL 13:f67a6c6013ca 8590 XMEMCPY(ssl->buffers.peerEd25519Key.buffer,
wolfSSL 13:f67a6c6013ca 8591 args->dCert->publicKey,
wolfSSL 13:f67a6c6013ca 8592 args->dCert->pubKeySize);
wolfSSL 13:f67a6c6013ca 8593 ssl->buffers.peerEd25519Key.length =
wolfSSL 13:f67a6c6013ca 8594 args->dCert->pubKeySize;
wolfSSL 13:f67a6c6013ca 8595 }
wolfSSL 13:f67a6c6013ca 8596 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 8597 }
wolfSSL 13:f67a6c6013ca 8598
wolfSSL 13:f67a6c6013ca 8599 /* check size of peer ECC key */
wolfSSL 13:f67a6c6013ca 8600 if (ret == 0 && ssl->peerEd25519KeyPresent &&
wolfSSL 13:f67a6c6013ca 8601 !ssl->options.verifyNone &&
wolfSSL 13:f67a6c6013ca 8602 ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 8603 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 8604 WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL 13:f67a6c6013ca 8605 }
wolfSSL 13:f67a6c6013ca 8606 break;
wolfSSL 13:f67a6c6013ca 8607 }
wolfSSL 13:f67a6c6013ca 8608 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 8609 default:
wolfSSL 13:f67a6c6013ca 8610 break;
wolfSSL 13:f67a6c6013ca 8611 }
wolfSSL 13:f67a6c6013ca 8612
wolfSSL 13:f67a6c6013ca 8613 FreeDecodedCert(args->dCert);
wolfSSL 13:f67a6c6013ca 8614 args->dCertInit = 0;
wolfSSL 13:f67a6c6013ca 8615
wolfSSL 13:f67a6c6013ca 8616 /* release since we don't need it anymore */
wolfSSL 13:f67a6c6013ca 8617 if (args->dCert) {
wolfSSL 13:f67a6c6013ca 8618 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 8619 args->dCert = NULL;
wolfSSL 13:f67a6c6013ca 8620 }
wolfSSL 13:f67a6c6013ca 8621 } /* if (count > 0) */
wolfSSL 13:f67a6c6013ca 8622
wolfSSL 13:f67a6c6013ca 8623 /* Check for error */
wolfSSL 13:f67a6c6013ca 8624 if (args->fatal && ret != 0) {
wolfSSL 13:f67a6c6013ca 8625 goto exit_ppc;
wolfSSL 13:f67a6c6013ca 8626 }
wolfSSL 13:f67a6c6013ca 8627
wolfSSL 13:f67a6c6013ca 8628 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 8629 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 8630 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 8631 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 8632
wolfSSL 13:f67a6c6013ca 8633 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 8634 {
wolfSSL 13:f67a6c6013ca 8635 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8636 WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 13:f67a6c6013ca 8637 sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,
wolfSSL 13:f67a6c6013ca 8638 DYNAMIC_TYPE_X509_STORE);
wolfSSL 13:f67a6c6013ca 8639 if (store == NULL) {
wolfSSL 13:f67a6c6013ca 8640 ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL 13:f67a6c6013ca 8641 }
wolfSSL 13:f67a6c6013ca 8642 #else
wolfSSL 13:f67a6c6013ca 8643 WOLFSSL_X509_STORE_CTX store[1];
wolfSSL 13:f67a6c6013ca 8644 #endif
wolfSSL 13:f67a6c6013ca 8645
wolfSSL 13:f67a6c6013ca 8646 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
wolfSSL 13:f67a6c6013ca 8647
wolfSSL 13:f67a6c6013ca 8648 /* load last error */
wolfSSL 13:f67a6c6013ca 8649 if (args->lastErr != 0 && ret == 0) {
wolfSSL 13:f67a6c6013ca 8650 ret = args->lastErr;
wolfSSL 13:f67a6c6013ca 8651 }
wolfSSL 13:f67a6c6013ca 8652
wolfSSL 13:f67a6c6013ca 8653 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 8654 if (args->untrustedDepth > ssl->options.verifyDepth) {
wolfSSL 13:f67a6c6013ca 8655 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL 13:f67a6c6013ca 8656 ret = MAX_CHAIN_ERROR;
wolfSSL 13:f67a6c6013ca 8657 }
wolfSSL 13:f67a6c6013ca 8658 #endif
wolfSSL 13:f67a6c6013ca 8659 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8660 if (!ssl->options.verifyNone) {
wolfSSL 13:f67a6c6013ca 8661 int why = bad_certificate;
wolfSSL 13:f67a6c6013ca 8662
wolfSSL 13:f67a6c6013ca 8663 if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) {
wolfSSL 13:f67a6c6013ca 8664 why = certificate_expired;
wolfSSL 13:f67a6c6013ca 8665 }
wolfSSL 13:f67a6c6013ca 8666 if (ssl->verifyCallback) {
wolfSSL 13:f67a6c6013ca 8667 int ok;
wolfSSL 13:f67a6c6013ca 8668
wolfSSL 13:f67a6c6013ca 8669 store->error = ret;
wolfSSL 13:f67a6c6013ca 8670 store->error_depth = args->totalCerts;
wolfSSL 13:f67a6c6013ca 8671 store->discardSessionCerts = 0;
wolfSSL 13:f67a6c6013ca 8672 store->domain = args->domain;
wolfSSL 13:f67a6c6013ca 8673 store->userCtx = ssl->verifyCbCtx;
wolfSSL 13:f67a6c6013ca 8674 store->certs = args->certs;
wolfSSL 13:f67a6c6013ca 8675 store->totalCerts = args->totalCerts;
wolfSSL 13:f67a6c6013ca 8676 #ifdef KEEP_PEER_CERT
wolfSSL 13:f67a6c6013ca 8677 if (ssl->peerCert.subject.sz > 0)
wolfSSL 13:f67a6c6013ca 8678 store->current_cert = &ssl->peerCert;
wolfSSL 13:f67a6c6013ca 8679 else
wolfSSL 13:f67a6c6013ca 8680 store->current_cert = NULL;
wolfSSL 13:f67a6c6013ca 8681 #else
wolfSSL 13:f67a6c6013ca 8682 store->current_cert = NULL;
wolfSSL 13:f67a6c6013ca 8683 #endif /* KEEP_PEER_CERT */
wolfSSL 13:f67a6c6013ca 8684 #if defined(HAVE_EX_DATA) || defined(HAVE_FORTRESS)
wolfSSL 13:f67a6c6013ca 8685 store->ex_data = ssl;
wolfSSL 13:f67a6c6013ca 8686 #endif
wolfSSL 13:f67a6c6013ca 8687 ok = ssl->verifyCallback(0, store);
wolfSSL 13:f67a6c6013ca 8688 if (ok) {
wolfSSL 13:f67a6c6013ca 8689 WOLFSSL_MSG("Verify callback overriding error!");
wolfSSL 13:f67a6c6013ca 8690 ret = 0;
wolfSSL 13:f67a6c6013ca 8691 }
wolfSSL 13:f67a6c6013ca 8692 #ifdef SESSION_CERTS
wolfSSL 13:f67a6c6013ca 8693 if (store->discardSessionCerts) {
wolfSSL 13:f67a6c6013ca 8694 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 13:f67a6c6013ca 8695 ssl->session.chain.count = 0;
wolfSSL 13:f67a6c6013ca 8696 }
wolfSSL 13:f67a6c6013ca 8697 #endif /* SESSION_CERTS */
wolfSSL 13:f67a6c6013ca 8698 }
wolfSSL 13:f67a6c6013ca 8699 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 8700 SendAlert(ssl, alert_fatal, why); /* try to send */
wolfSSL 13:f67a6c6013ca 8701 ssl->options.isClosed = 1;
wolfSSL 13:f67a6c6013ca 8702 }
wolfSSL 13:f67a6c6013ca 8703 }
wolfSSL 13:f67a6c6013ca 8704 ssl->error = ret;
wolfSSL 13:f67a6c6013ca 8705 }
wolfSSL 13:f67a6c6013ca 8706 #ifdef WOLFSSL_ALWAYS_VERIFY_CB
wolfSSL 13:f67a6c6013ca 8707 else {
wolfSSL 13:f67a6c6013ca 8708 if (ssl->verifyCallback) {
wolfSSL 13:f67a6c6013ca 8709 int ok;
wolfSSL 13:f67a6c6013ca 8710
wolfSSL 13:f67a6c6013ca 8711 store->error = ret;
wolfSSL 13:f67a6c6013ca 8712 #ifdef WOLFSSL_WPAS
wolfSSL 13:f67a6c6013ca 8713 store->error_depth = 0;
wolfSSL 13:f67a6c6013ca 8714 #else
wolfSSL 13:f67a6c6013ca 8715 store->error_depth = args->totalCerts;
wolfSSL 13:f67a6c6013ca 8716 #endif
wolfSSL 13:f67a6c6013ca 8717 store->discardSessionCerts = 0;
wolfSSL 13:f67a6c6013ca 8718 store->domain = args->domain;
wolfSSL 13:f67a6c6013ca 8719 store->userCtx = ssl->verifyCbCtx;
wolfSSL 13:f67a6c6013ca 8720 store->certs = args->certs;
wolfSSL 13:f67a6c6013ca 8721 store->totalCerts = args->totalCerts;
wolfSSL 13:f67a6c6013ca 8722 #ifdef KEEP_PEER_CERT
wolfSSL 13:f67a6c6013ca 8723 if (ssl->peerCert.subject.sz > 0)
wolfSSL 13:f67a6c6013ca 8724 store->current_cert = &ssl->peerCert;
wolfSSL 13:f67a6c6013ca 8725 else
wolfSSL 13:f67a6c6013ca 8726 store->current_cert = NULL;
wolfSSL 13:f67a6c6013ca 8727 #endif
wolfSSL 13:f67a6c6013ca 8728 store->ex_data = ssl;
wolfSSL 13:f67a6c6013ca 8729
wolfSSL 13:f67a6c6013ca 8730 ok = ssl->verifyCallback(1, store);
wolfSSL 13:f67a6c6013ca 8731 if (!ok) {
wolfSSL 13:f67a6c6013ca 8732 WOLFSSL_MSG("Verify callback overriding valid certificate!");
wolfSSL 13:f67a6c6013ca 8733 ret = -1;
wolfSSL 13:f67a6c6013ca 8734 SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL 13:f67a6c6013ca 8735 ssl->options.isClosed = 1;
wolfSSL 13:f67a6c6013ca 8736 }
wolfSSL 13:f67a6c6013ca 8737 #ifdef SESSION_CERTS
wolfSSL 13:f67a6c6013ca 8738 if (store->discardSessionCerts) {
wolfSSL 13:f67a6c6013ca 8739 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 13:f67a6c6013ca 8740 ssl->session.chain.count = 0;
wolfSSL 13:f67a6c6013ca 8741 }
wolfSSL 13:f67a6c6013ca 8742 #endif /* SESSION_CERTS */
wolfSSL 13:f67a6c6013ca 8743 }
wolfSSL 13:f67a6c6013ca 8744 }
wolfSSL 13:f67a6c6013ca 8745 #endif /* WOLFSSL_ALWAYS_VERIFY_CB */
wolfSSL 13:f67a6c6013ca 8746
wolfSSL 13:f67a6c6013ca 8747 if (ssl->options.verifyNone &&
wolfSSL 13:f67a6c6013ca 8748 (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
wolfSSL 13:f67a6c6013ca 8749 WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
wolfSSL 13:f67a6c6013ca 8750 ret = ssl->error = 0;
wolfSSL 13:f67a6c6013ca 8751 }
wolfSSL 13:f67a6c6013ca 8752
wolfSSL 13:f67a6c6013ca 8753 if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 8754 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 13:f67a6c6013ca 8755 }
wolfSSL 13:f67a6c6013ca 8756
wolfSSL 13:f67a6c6013ca 8757 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 8758 args->idx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 8759 }
wolfSSL 13:f67a6c6013ca 8760
wolfSSL 13:f67a6c6013ca 8761 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8762 XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
wolfSSL 13:f67a6c6013ca 8763 #endif
wolfSSL 13:f67a6c6013ca 8764 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 8765 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 8766 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 8767 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 8768
wolfSSL 13:f67a6c6013ca 8769 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 8770 {
wolfSSL 13:f67a6c6013ca 8771 /* Set final index */
wolfSSL 13:f67a6c6013ca 8772 *inOutIdx = args->idx;
wolfSSL 13:f67a6c6013ca 8773
wolfSSL 13:f67a6c6013ca 8774 break;
wolfSSL 13:f67a6c6013ca 8775 }
wolfSSL 13:f67a6c6013ca 8776 default:
wolfSSL 13:f67a6c6013ca 8777 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 8778 break;
wolfSSL 13:f67a6c6013ca 8779 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 8780
wolfSSL 13:f67a6c6013ca 8781 exit_ppc:
wolfSSL 13:f67a6c6013ca 8782
wolfSSL 13:f67a6c6013ca 8783 WOLFSSL_LEAVE("ProcessPeerCerts", ret);
wolfSSL 13:f67a6c6013ca 8784
wolfSSL 13:f67a6c6013ca 8785 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 8786 if (ret == WC_PENDING_E || ret == WANT_READ) {
wolfSSL 13:f67a6c6013ca 8787 /* Mark message as not recevied so it can process again */
wolfSSL 13:f67a6c6013ca 8788 ssl->msgsReceived.got_certificate = 0;
wolfSSL 13:f67a6c6013ca 8789
wolfSSL 13:f67a6c6013ca 8790 return ret;
wolfSSL 13:f67a6c6013ca 8791 }
wolfSSL 13:f67a6c6013ca 8792 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 8793
wolfSSL 13:f67a6c6013ca 8794 FreeProcPeerCertArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 8795 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 8796
wolfSSL 13:f67a6c6013ca 8797 return ret;
wolfSSL 13:f67a6c6013ca 8798 }
wolfSSL 13:f67a6c6013ca 8799
wolfSSL 13:f67a6c6013ca 8800 static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 8801 word32 size)
wolfSSL 13:f67a6c6013ca 8802 {
wolfSSL 13:f67a6c6013ca 8803 return ProcessPeerCerts(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 8804 }
wolfSSL 13:f67a6c6013ca 8805
wolfSSL 13:f67a6c6013ca 8806 static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 8807 word32 size)
wolfSSL 13:f67a6c6013ca 8808 {
wolfSSL 13:f67a6c6013ca 8809 int ret = 0;
wolfSSL 13:f67a6c6013ca 8810 byte status_type;
wolfSSL 13:f67a6c6013ca 8811 word32 status_length;
wolfSSL 13:f67a6c6013ca 8812
wolfSSL 13:f67a6c6013ca 8813 if (size < ENUM_LEN + OPAQUE24_LEN)
wolfSSL 13:f67a6c6013ca 8814 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8815
wolfSSL 13:f67a6c6013ca 8816 status_type = input[(*inOutIdx)++];
wolfSSL 13:f67a6c6013ca 8817
wolfSSL 13:f67a6c6013ca 8818 c24to32(input + *inOutIdx, &status_length);
wolfSSL 13:f67a6c6013ca 8819 *inOutIdx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 8820
wolfSSL 13:f67a6c6013ca 8821 if (size != ENUM_LEN + OPAQUE24_LEN + status_length)
wolfSSL 13:f67a6c6013ca 8822 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8823
wolfSSL 13:f67a6c6013ca 8824 switch (status_type) {
wolfSSL 13:f67a6c6013ca 8825
wolfSSL 13:f67a6c6013ca 8826 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 13:f67a6c6013ca 8827 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 8828
wolfSSL 13:f67a6c6013ca 8829 /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
wolfSSL 13:f67a6c6013ca 8830 case WOLFSSL_CSR2_OCSP: {
wolfSSL 13:f67a6c6013ca 8831 OcspRequest* request;
wolfSSL 13:f67a6c6013ca 8832
wolfSSL 13:f67a6c6013ca 8833 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8834 CertStatus* status;
wolfSSL 13:f67a6c6013ca 8835 OcspResponse* response;
wolfSSL 13:f67a6c6013ca 8836 #else
wolfSSL 13:f67a6c6013ca 8837 CertStatus status[1];
wolfSSL 13:f67a6c6013ca 8838 OcspResponse response[1];
wolfSSL 13:f67a6c6013ca 8839 #endif
wolfSSL 13:f67a6c6013ca 8840
wolfSSL 13:f67a6c6013ca 8841 do {
wolfSSL 13:f67a6c6013ca 8842 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 13:f67a6c6013ca 8843 if (ssl->status_request) {
wolfSSL 13:f67a6c6013ca 8844 request = (OcspRequest*)TLSX_CSR_GetRequest(
wolfSSL 13:f67a6c6013ca 8845 ssl->extensions);
wolfSSL 13:f67a6c6013ca 8846 ssl->status_request = 0;
wolfSSL 13:f67a6c6013ca 8847 break;
wolfSSL 13:f67a6c6013ca 8848 }
wolfSSL 13:f67a6c6013ca 8849 #endif
wolfSSL 13:f67a6c6013ca 8850
wolfSSL 13:f67a6c6013ca 8851 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 8852 if (ssl->status_request_v2) {
wolfSSL 13:f67a6c6013ca 8853 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 13:f67a6c6013ca 8854 ssl->extensions, status_type, 0);
wolfSSL 13:f67a6c6013ca 8855 ssl->status_request_v2 = 0;
wolfSSL 13:f67a6c6013ca 8856 break;
wolfSSL 13:f67a6c6013ca 8857 }
wolfSSL 13:f67a6c6013ca 8858 #endif
wolfSSL 13:f67a6c6013ca 8859
wolfSSL 13:f67a6c6013ca 8860 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8861 } while(0);
wolfSSL 13:f67a6c6013ca 8862
wolfSSL 13:f67a6c6013ca 8863 if (request == NULL)
wolfSSL 13:f67a6c6013ca 8864 return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */
wolfSSL 13:f67a6c6013ca 8865
wolfSSL 13:f67a6c6013ca 8866 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8867 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL 13:f67a6c6013ca 8868 DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8869 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL 13:f67a6c6013ca 8870 DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8871
wolfSSL 13:f67a6c6013ca 8872 if (status == NULL || response == NULL) {
wolfSSL 13:f67a6c6013ca 8873 if (status)
wolfSSL 13:f67a6c6013ca 8874 XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8875 if (response)
wolfSSL 13:f67a6c6013ca 8876 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8877
wolfSSL 13:f67a6c6013ca 8878 return MEMORY_ERROR;
wolfSSL 13:f67a6c6013ca 8879 }
wolfSSL 13:f67a6c6013ca 8880 #endif
wolfSSL 13:f67a6c6013ca 8881
wolfSSL 13:f67a6c6013ca 8882 InitOcspResponse(response, status, input +*inOutIdx, status_length);
wolfSSL 13:f67a6c6013ca 8883
wolfSSL 13:f67a6c6013ca 8884 if (OcspResponseDecode(response, ssl->ctx->cm, ssl->heap, 0) != 0)
wolfSSL 13:f67a6c6013ca 8885 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8886 else if (CompareOcspReqResp(request, response) != 0)
wolfSSL 13:f67a6c6013ca 8887 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8888 else if (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 13:f67a6c6013ca 8889 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8890 else if (response->status->status == CERT_REVOKED)
wolfSSL 13:f67a6c6013ca 8891 ret = OCSP_CERT_REVOKED;
wolfSSL 13:f67a6c6013ca 8892 else if (response->status->status != CERT_GOOD)
wolfSSL 13:f67a6c6013ca 8893 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8894
wolfSSL 13:f67a6c6013ca 8895 *inOutIdx += status_length;
wolfSSL 13:f67a6c6013ca 8896
wolfSSL 13:f67a6c6013ca 8897 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8898 XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8899 XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8900 #endif
wolfSSL 13:f67a6c6013ca 8901
wolfSSL 13:f67a6c6013ca 8902 }
wolfSSL 13:f67a6c6013ca 8903 break;
wolfSSL 13:f67a6c6013ca 8904
wolfSSL 13:f67a6c6013ca 8905 #endif
wolfSSL 13:f67a6c6013ca 8906
wolfSSL 13:f67a6c6013ca 8907 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 8908
wolfSSL 13:f67a6c6013ca 8909 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 13:f67a6c6013ca 8910 OcspRequest* request;
wolfSSL 13:f67a6c6013ca 8911 word32 list_length = status_length;
wolfSSL 13:f67a6c6013ca 8912 byte idx = 0;
wolfSSL 13:f67a6c6013ca 8913
wolfSSL 13:f67a6c6013ca 8914 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8915 CertStatus* status;
wolfSSL 13:f67a6c6013ca 8916 OcspResponse* response;
wolfSSL 13:f67a6c6013ca 8917 #else
wolfSSL 13:f67a6c6013ca 8918 CertStatus status[1];
wolfSSL 13:f67a6c6013ca 8919 OcspResponse response[1];
wolfSSL 13:f67a6c6013ca 8920 #endif
wolfSSL 13:f67a6c6013ca 8921
wolfSSL 13:f67a6c6013ca 8922 do {
wolfSSL 13:f67a6c6013ca 8923 if (ssl->status_request_v2) {
wolfSSL 13:f67a6c6013ca 8924 ssl->status_request_v2 = 0;
wolfSSL 13:f67a6c6013ca 8925 break;
wolfSSL 13:f67a6c6013ca 8926 }
wolfSSL 13:f67a6c6013ca 8927
wolfSSL 13:f67a6c6013ca 8928 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8929 } while(0);
wolfSSL 13:f67a6c6013ca 8930
wolfSSL 13:f67a6c6013ca 8931 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8932 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL 13:f67a6c6013ca 8933 DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8934 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL 13:f67a6c6013ca 8935 DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8936
wolfSSL 13:f67a6c6013ca 8937 if (status == NULL || response == NULL) {
wolfSSL 13:f67a6c6013ca 8938 if (status)
wolfSSL 13:f67a6c6013ca 8939 XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8940 if (response)
wolfSSL 13:f67a6c6013ca 8941 XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8942
wolfSSL 13:f67a6c6013ca 8943 return MEMORY_ERROR;
wolfSSL 13:f67a6c6013ca 8944 }
wolfSSL 13:f67a6c6013ca 8945 #endif
wolfSSL 13:f67a6c6013ca 8946
wolfSSL 13:f67a6c6013ca 8947 while (list_length && ret == 0) {
wolfSSL 13:f67a6c6013ca 8948 if (OPAQUE24_LEN > list_length) {
wolfSSL 13:f67a6c6013ca 8949 ret = BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8950 break;
wolfSSL 13:f67a6c6013ca 8951 }
wolfSSL 13:f67a6c6013ca 8952
wolfSSL 13:f67a6c6013ca 8953 c24to32(input + *inOutIdx, &status_length);
wolfSSL 13:f67a6c6013ca 8954 *inOutIdx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 8955 list_length -= OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 8956
wolfSSL 13:f67a6c6013ca 8957 if (status_length > list_length) {
wolfSSL 13:f67a6c6013ca 8958 ret = BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 8959 break;
wolfSSL 13:f67a6c6013ca 8960 }
wolfSSL 13:f67a6c6013ca 8961
wolfSSL 13:f67a6c6013ca 8962 if (status_length) {
wolfSSL 13:f67a6c6013ca 8963 InitOcspResponse(response, status, input +*inOutIdx,
wolfSSL 13:f67a6c6013ca 8964 status_length);
wolfSSL 13:f67a6c6013ca 8965
wolfSSL 13:f67a6c6013ca 8966 if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap,
wolfSSL 13:f67a6c6013ca 8967 0) != 0)
wolfSSL 13:f67a6c6013ca 8968 || (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 13:f67a6c6013ca 8969 || (response->status->status != CERT_GOOD))
wolfSSL 13:f67a6c6013ca 8970 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8971
wolfSSL 13:f67a6c6013ca 8972 while (ret == 0) {
wolfSSL 13:f67a6c6013ca 8973 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 13:f67a6c6013ca 8974 ssl->extensions, status_type, idx++);
wolfSSL 13:f67a6c6013ca 8975
wolfSSL 13:f67a6c6013ca 8976 if (request == NULL)
wolfSSL 13:f67a6c6013ca 8977 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8978 else if (CompareOcspReqResp(request, response) == 0)
wolfSSL 13:f67a6c6013ca 8979 break;
wolfSSL 13:f67a6c6013ca 8980 else if (idx == 1) /* server cert must be OK */
wolfSSL 13:f67a6c6013ca 8981 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 13:f67a6c6013ca 8982 }
wolfSSL 13:f67a6c6013ca 8983
wolfSSL 13:f67a6c6013ca 8984 *inOutIdx += status_length;
wolfSSL 13:f67a6c6013ca 8985 list_length -= status_length;
wolfSSL 13:f67a6c6013ca 8986 }
wolfSSL 13:f67a6c6013ca 8987 }
wolfSSL 13:f67a6c6013ca 8988
wolfSSL 13:f67a6c6013ca 8989 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 8990 ssl->status_request_v2 = 0;
wolfSSL 13:f67a6c6013ca 8991 #endif
wolfSSL 13:f67a6c6013ca 8992
wolfSSL 13:f67a6c6013ca 8993 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 8994 XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL 13:f67a6c6013ca 8995 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 8996 #endif
wolfSSL 13:f67a6c6013ca 8997
wolfSSL 13:f67a6c6013ca 8998 }
wolfSSL 13:f67a6c6013ca 8999 break;
wolfSSL 13:f67a6c6013ca 9000
wolfSSL 13:f67a6c6013ca 9001 #endif
wolfSSL 13:f67a6c6013ca 9002
wolfSSL 13:f67a6c6013ca 9003 default:
wolfSSL 13:f67a6c6013ca 9004 ret = BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 9005 }
wolfSSL 13:f67a6c6013ca 9006
wolfSSL 13:f67a6c6013ca 9007 if (ret != 0)
wolfSSL 13:f67a6c6013ca 9008 SendAlert(ssl, alert_fatal, bad_certificate_status_response);
wolfSSL 13:f67a6c6013ca 9009
wolfSSL 13:f67a6c6013ca 9010 return ret;
wolfSSL 13:f67a6c6013ca 9011 }
wolfSSL 13:f67a6c6013ca 9012
wolfSSL 13:f67a6c6013ca 9013 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 9014
wolfSSL 13:f67a6c6013ca 9015
wolfSSL 13:f67a6c6013ca 9016 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 9017 word32 size, word32 totalSz)
wolfSSL 13:f67a6c6013ca 9018 {
wolfSSL 13:f67a6c6013ca 9019 (void)input;
wolfSSL 13:f67a6c6013ca 9020
wolfSSL 13:f67a6c6013ca 9021 if (size) /* must be 0 */
wolfSSL 13:f67a6c6013ca 9022 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 9023
wolfSSL 13:f67a6c6013ca 9024 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 9025 /* access beyond input + size should be checked against totalSz */
wolfSSL 13:f67a6c6013ca 9026 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 13:f67a6c6013ca 9027 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 9028
wolfSSL 13:f67a6c6013ca 9029 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 9030 }
wolfSSL 13:f67a6c6013ca 9031
wolfSSL 13:f67a6c6013ca 9032 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 9033 SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL 13:f67a6c6013ca 9034 return FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 9035 }
wolfSSL 13:f67a6c6013ca 9036 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 9037 else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 13:f67a6c6013ca 9038 ssl->secure_renegotiation->startScr = 1;
wolfSSL 13:f67a6c6013ca 9039 return 0;
wolfSSL 13:f67a6c6013ca 9040 }
wolfSSL 13:f67a6c6013ca 9041 #endif
wolfSSL 13:f67a6c6013ca 9042 else {
wolfSSL 13:f67a6c6013ca 9043 return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL 13:f67a6c6013ca 9044 }
wolfSSL 13:f67a6c6013ca 9045 }
wolfSSL 13:f67a6c6013ca 9046
wolfSSL 13:f67a6c6013ca 9047
wolfSSL 13:f67a6c6013ca 9048 int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL 13:f67a6c6013ca 9049 word32 totalSz, int sniff)
wolfSSL 13:f67a6c6013ca 9050 {
wolfSSL 13:f67a6c6013ca 9051 word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 9052
wolfSSL 13:f67a6c6013ca 9053 if (finishedSz != size)
wolfSSL 13:f67a6c6013ca 9054 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 9055
wolfSSL 13:f67a6c6013ca 9056 /* check against totalSz */
wolfSSL 13:f67a6c6013ca 9057 if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL 13:f67a6c6013ca 9058 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 9059
wolfSSL 13:f67a6c6013ca 9060 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 9061 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 9062 if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 9063 #endif
wolfSSL 13:f67a6c6013ca 9064
wolfSSL 13:f67a6c6013ca 9065 if (sniff == NO_SNIFF) {
wolfSSL 13:f67a6c6013ca 9066 if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
wolfSSL 13:f67a6c6013ca 9067 WOLFSSL_MSG("Verify finished error on hashes");
wolfSSL 13:f67a6c6013ca 9068 return VERIFY_FINISHED_ERROR;
wolfSSL 13:f67a6c6013ca 9069 }
wolfSSL 13:f67a6c6013ca 9070 }
wolfSSL 13:f67a6c6013ca 9071
wolfSSL 13:f67a6c6013ca 9072 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 9073 if (ssl->secure_renegotiation) {
wolfSSL 13:f67a6c6013ca 9074 /* save peer's state */
wolfSSL 13:f67a6c6013ca 9075 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 13:f67a6c6013ca 9076 XMEMCPY(ssl->secure_renegotiation->server_verify_data,
wolfSSL 13:f67a6c6013ca 9077 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 9078 else
wolfSSL 13:f67a6c6013ca 9079 XMEMCPY(ssl->secure_renegotiation->client_verify_data,
wolfSSL 13:f67a6c6013ca 9080 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 9081 }
wolfSSL 13:f67a6c6013ca 9082 #endif
wolfSSL 13:f67a6c6013ca 9083
wolfSSL 13:f67a6c6013ca 9084 /* force input exhaustion at ProcessReply consuming padSz */
wolfSSL 13:f67a6c6013ca 9085 *inOutIdx += size + ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 9086
wolfSSL 13:f67a6c6013ca 9087 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 9088 ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL 13:f67a6c6013ca 9089 if (!ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 9090 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 13:f67a6c6013ca 9091 ssl->options.handShakeDone = 1;
wolfSSL 13:f67a6c6013ca 9092 }
wolfSSL 13:f67a6c6013ca 9093 }
wolfSSL 13:f67a6c6013ca 9094 else {
wolfSSL 13:f67a6c6013ca 9095 ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL 13:f67a6c6013ca 9096 if (ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 9097 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 13:f67a6c6013ca 9098 ssl->options.handShakeDone = 1;
wolfSSL 13:f67a6c6013ca 9099 }
wolfSSL 13:f67a6c6013ca 9100 }
wolfSSL 13:f67a6c6013ca 9101
wolfSSL 13:f67a6c6013ca 9102 return 0;
wolfSSL 13:f67a6c6013ca 9103 }
wolfSSL 13:f67a6c6013ca 9104
wolfSSL 13:f67a6c6013ca 9105
wolfSSL 13:f67a6c6013ca 9106 /* Make sure no duplicates, no fast forward, or other problems; 0 on success */
wolfSSL 13:f67a6c6013ca 9107 static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
wolfSSL 13:f67a6c6013ca 9108 {
wolfSSL 13:f67a6c6013ca 9109 /* verify not a duplicate, mark received, check state */
wolfSSL 13:f67a6c6013ca 9110 switch (type) {
wolfSSL 13:f67a6c6013ca 9111
wolfSSL 13:f67a6c6013ca 9112 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9113 case hello_request:
wolfSSL 13:f67a6c6013ca 9114 if (ssl->msgsReceived.got_hello_request) {
wolfSSL 13:f67a6c6013ca 9115 WOLFSSL_MSG("Duplicate HelloRequest received");
wolfSSL 13:f67a6c6013ca 9116 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9117 }
wolfSSL 13:f67a6c6013ca 9118 ssl->msgsReceived.got_hello_request = 1;
wolfSSL 13:f67a6c6013ca 9119
wolfSSL 13:f67a6c6013ca 9120 break;
wolfSSL 13:f67a6c6013ca 9121 #endif
wolfSSL 13:f67a6c6013ca 9122
wolfSSL 13:f67a6c6013ca 9123 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9124 case client_hello:
wolfSSL 13:f67a6c6013ca 9125 if (ssl->msgsReceived.got_client_hello) {
wolfSSL 13:f67a6c6013ca 9126 WOLFSSL_MSG("Duplicate ClientHello received");
wolfSSL 13:f67a6c6013ca 9127 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9128 }
wolfSSL 13:f67a6c6013ca 9129 ssl->msgsReceived.got_client_hello = 1;
wolfSSL 13:f67a6c6013ca 9130
wolfSSL 13:f67a6c6013ca 9131 break;
wolfSSL 13:f67a6c6013ca 9132 #endif
wolfSSL 13:f67a6c6013ca 9133
wolfSSL 13:f67a6c6013ca 9134 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9135 case server_hello:
wolfSSL 13:f67a6c6013ca 9136 if (ssl->msgsReceived.got_server_hello) {
wolfSSL 13:f67a6c6013ca 9137 WOLFSSL_MSG("Duplicate ServerHello received");
wolfSSL 13:f67a6c6013ca 9138 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9139 }
wolfSSL 13:f67a6c6013ca 9140 ssl->msgsReceived.got_server_hello = 1;
wolfSSL 13:f67a6c6013ca 9141
wolfSSL 13:f67a6c6013ca 9142 break;
wolfSSL 13:f67a6c6013ca 9143 #endif
wolfSSL 13:f67a6c6013ca 9144
wolfSSL 13:f67a6c6013ca 9145 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9146 case hello_verify_request:
wolfSSL 13:f67a6c6013ca 9147 if (ssl->msgsReceived.got_hello_verify_request) {
wolfSSL 13:f67a6c6013ca 9148 WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
wolfSSL 13:f67a6c6013ca 9149 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9150 }
wolfSSL 13:f67a6c6013ca 9151 ssl->msgsReceived.got_hello_verify_request = 1;
wolfSSL 13:f67a6c6013ca 9152
wolfSSL 13:f67a6c6013ca 9153 break;
wolfSSL 13:f67a6c6013ca 9154 #endif
wolfSSL 13:f67a6c6013ca 9155
wolfSSL 13:f67a6c6013ca 9156 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9157 case session_ticket:
wolfSSL 13:f67a6c6013ca 9158 if (ssl->msgsReceived.got_session_ticket) {
wolfSSL 13:f67a6c6013ca 9159 WOLFSSL_MSG("Duplicate SessionTicket received");
wolfSSL 13:f67a6c6013ca 9160 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9161 }
wolfSSL 13:f67a6c6013ca 9162 ssl->msgsReceived.got_session_ticket = 1;
wolfSSL 13:f67a6c6013ca 9163
wolfSSL 13:f67a6c6013ca 9164 break;
wolfSSL 13:f67a6c6013ca 9165 #endif
wolfSSL 13:f67a6c6013ca 9166
wolfSSL 13:f67a6c6013ca 9167 case certificate:
wolfSSL 13:f67a6c6013ca 9168 if (ssl->msgsReceived.got_certificate) {
wolfSSL 13:f67a6c6013ca 9169 WOLFSSL_MSG("Duplicate Certificate received");
wolfSSL 13:f67a6c6013ca 9170 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9171 }
wolfSSL 13:f67a6c6013ca 9172 ssl->msgsReceived.got_certificate = 1;
wolfSSL 13:f67a6c6013ca 9173
wolfSSL 13:f67a6c6013ca 9174 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9175 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 9176 if ( ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 13:f67a6c6013ca 9177 WOLFSSL_MSG("No ServerHello before Cert");
wolfSSL 13:f67a6c6013ca 9178 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9179 }
wolfSSL 13:f67a6c6013ca 9180 }
wolfSSL 13:f67a6c6013ca 9181 #endif
wolfSSL 13:f67a6c6013ca 9182 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9183 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 9184 if ( ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 13:f67a6c6013ca 9185 WOLFSSL_MSG("No ClientHello before Cert");
wolfSSL 13:f67a6c6013ca 9186 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9187 }
wolfSSL 13:f67a6c6013ca 9188 }
wolfSSL 13:f67a6c6013ca 9189 #endif
wolfSSL 13:f67a6c6013ca 9190 break;
wolfSSL 13:f67a6c6013ca 9191
wolfSSL 13:f67a6c6013ca 9192 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9193 case certificate_status:
wolfSSL 13:f67a6c6013ca 9194 if (ssl->msgsReceived.got_certificate_status) {
wolfSSL 13:f67a6c6013ca 9195 WOLFSSL_MSG("Duplicate CertificateSatatus received");
wolfSSL 13:f67a6c6013ca 9196 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9197 }
wolfSSL 13:f67a6c6013ca 9198 ssl->msgsReceived.got_certificate_status = 1;
wolfSSL 13:f67a6c6013ca 9199
wolfSSL 13:f67a6c6013ca 9200 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 13:f67a6c6013ca 9201 WOLFSSL_MSG("No Certificate before CertificateStatus");
wolfSSL 13:f67a6c6013ca 9202 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9203 }
wolfSSL 13:f67a6c6013ca 9204 if (ssl->msgsReceived.got_server_key_exchange != 0) {
wolfSSL 13:f67a6c6013ca 9205 WOLFSSL_MSG("CertificateStatus after ServerKeyExchange");
wolfSSL 13:f67a6c6013ca 9206 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9207 }
wolfSSL 13:f67a6c6013ca 9208
wolfSSL 13:f67a6c6013ca 9209 break;
wolfSSL 13:f67a6c6013ca 9210 #endif
wolfSSL 13:f67a6c6013ca 9211
wolfSSL 13:f67a6c6013ca 9212 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9213 case server_key_exchange:
wolfSSL 13:f67a6c6013ca 9214 if (ssl->msgsReceived.got_server_key_exchange) {
wolfSSL 13:f67a6c6013ca 9215 WOLFSSL_MSG("Duplicate ServerKeyExchange received");
wolfSSL 13:f67a6c6013ca 9216 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9217 }
wolfSSL 13:f67a6c6013ca 9218 ssl->msgsReceived.got_server_key_exchange = 1;
wolfSSL 13:f67a6c6013ca 9219
wolfSSL 13:f67a6c6013ca 9220 if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 13:f67a6c6013ca 9221 WOLFSSL_MSG("No ServerHello before ServerKeyExchange");
wolfSSL 13:f67a6c6013ca 9222 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9223 }
wolfSSL 13:f67a6c6013ca 9224 if (ssl->msgsReceived.got_certificate_status == 0) {
wolfSSL 13:f67a6c6013ca 9225 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 13:f67a6c6013ca 9226 if (ssl->status_request) {
wolfSSL 13:f67a6c6013ca 9227 int ret;
wolfSSL 13:f67a6c6013ca 9228
wolfSSL 13:f67a6c6013ca 9229 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 13:f67a6c6013ca 9230 if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0)
wolfSSL 13:f67a6c6013ca 9231 return ret;
wolfSSL 13:f67a6c6013ca 9232 }
wolfSSL 13:f67a6c6013ca 9233 #endif
wolfSSL 13:f67a6c6013ca 9234 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 9235 if (ssl->status_request_v2) {
wolfSSL 13:f67a6c6013ca 9236 int ret;
wolfSSL 13:f67a6c6013ca 9237
wolfSSL 13:f67a6c6013ca 9238 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 13:f67a6c6013ca 9239 if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0)
wolfSSL 13:f67a6c6013ca 9240 return ret;
wolfSSL 13:f67a6c6013ca 9241 }
wolfSSL 13:f67a6c6013ca 9242 #endif
wolfSSL 13:f67a6c6013ca 9243 }
wolfSSL 13:f67a6c6013ca 9244
wolfSSL 13:f67a6c6013ca 9245 break;
wolfSSL 13:f67a6c6013ca 9246 #endif
wolfSSL 13:f67a6c6013ca 9247
wolfSSL 13:f67a6c6013ca 9248 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9249 case certificate_request:
wolfSSL 13:f67a6c6013ca 9250 if (ssl->msgsReceived.got_certificate_request) {
wolfSSL 13:f67a6c6013ca 9251 WOLFSSL_MSG("Duplicate CertificateRequest received");
wolfSSL 13:f67a6c6013ca 9252 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9253 }
wolfSSL 13:f67a6c6013ca 9254 ssl->msgsReceived.got_certificate_request = 1;
wolfSSL 13:f67a6c6013ca 9255
wolfSSL 13:f67a6c6013ca 9256 break;
wolfSSL 13:f67a6c6013ca 9257 #endif
wolfSSL 13:f67a6c6013ca 9258
wolfSSL 13:f67a6c6013ca 9259 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9260 case server_hello_done:
wolfSSL 13:f67a6c6013ca 9261 if (ssl->msgsReceived.got_server_hello_done) {
wolfSSL 13:f67a6c6013ca 9262 WOLFSSL_MSG("Duplicate ServerHelloDone received");
wolfSSL 13:f67a6c6013ca 9263 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9264 }
wolfSSL 13:f67a6c6013ca 9265 ssl->msgsReceived.got_server_hello_done = 1;
wolfSSL 13:f67a6c6013ca 9266
wolfSSL 13:f67a6c6013ca 9267 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 13:f67a6c6013ca 9268 if (ssl->specs.kea == psk_kea ||
wolfSSL 13:f67a6c6013ca 9269 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 13:f67a6c6013ca 9270 ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 13:f67a6c6013ca 9271 ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 9272 WOLFSSL_MSG("No Cert required");
wolfSSL 13:f67a6c6013ca 9273 } else {
wolfSSL 13:f67a6c6013ca 9274 WOLFSSL_MSG("No Certificate before ServerHelloDone");
wolfSSL 13:f67a6c6013ca 9275 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9276 }
wolfSSL 13:f67a6c6013ca 9277 }
wolfSSL 13:f67a6c6013ca 9278 if (ssl->msgsReceived.got_server_key_exchange == 0) {
wolfSSL 13:f67a6c6013ca 9279 int pskNoServerHint = 0; /* not required in this case */
wolfSSL 13:f67a6c6013ca 9280
wolfSSL 13:f67a6c6013ca 9281 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 9282 if (ssl->specs.kea == psk_kea &&
wolfSSL 13:f67a6c6013ca 9283 ssl->arrays->server_hint[0] == 0)
wolfSSL 13:f67a6c6013ca 9284 pskNoServerHint = 1;
wolfSSL 13:f67a6c6013ca 9285 #endif
wolfSSL 13:f67a6c6013ca 9286 if (ssl->specs.static_ecdh == 1 ||
wolfSSL 13:f67a6c6013ca 9287 ssl->specs.kea == rsa_kea ||
wolfSSL 13:f67a6c6013ca 9288 ssl->specs.kea == ntru_kea ||
wolfSSL 13:f67a6c6013ca 9289 pskNoServerHint) {
wolfSSL 13:f67a6c6013ca 9290 WOLFSSL_MSG("No KeyExchange required");
wolfSSL 13:f67a6c6013ca 9291 } else {
wolfSSL 13:f67a6c6013ca 9292 WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
wolfSSL 13:f67a6c6013ca 9293 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9294 }
wolfSSL 13:f67a6c6013ca 9295 }
wolfSSL 13:f67a6c6013ca 9296 break;
wolfSSL 13:f67a6c6013ca 9297 #endif
wolfSSL 13:f67a6c6013ca 9298
wolfSSL 13:f67a6c6013ca 9299 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9300 case certificate_verify:
wolfSSL 13:f67a6c6013ca 9301 if (ssl->msgsReceived.got_certificate_verify) {
wolfSSL 13:f67a6c6013ca 9302 WOLFSSL_MSG("Duplicate CertificateVerify received");
wolfSSL 13:f67a6c6013ca 9303 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9304 }
wolfSSL 13:f67a6c6013ca 9305 ssl->msgsReceived.got_certificate_verify = 1;
wolfSSL 13:f67a6c6013ca 9306
wolfSSL 13:f67a6c6013ca 9307 if ( ssl->msgsReceived.got_certificate == 0) {
wolfSSL 13:f67a6c6013ca 9308 WOLFSSL_MSG("No Cert before CertVerify");
wolfSSL 13:f67a6c6013ca 9309 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9310 }
wolfSSL 13:f67a6c6013ca 9311 break;
wolfSSL 13:f67a6c6013ca 9312 #endif
wolfSSL 13:f67a6c6013ca 9313
wolfSSL 13:f67a6c6013ca 9314 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9315 case client_key_exchange:
wolfSSL 13:f67a6c6013ca 9316 if (ssl->msgsReceived.got_client_key_exchange) {
wolfSSL 13:f67a6c6013ca 9317 WOLFSSL_MSG("Duplicate ClientKeyExchange received");
wolfSSL 13:f67a6c6013ca 9318 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9319 }
wolfSSL 13:f67a6c6013ca 9320 ssl->msgsReceived.got_client_key_exchange = 1;
wolfSSL 13:f67a6c6013ca 9321
wolfSSL 13:f67a6c6013ca 9322 if (ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 13:f67a6c6013ca 9323 WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
wolfSSL 13:f67a6c6013ca 9324 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9325 }
wolfSSL 13:f67a6c6013ca 9326 break;
wolfSSL 13:f67a6c6013ca 9327 #endif
wolfSSL 13:f67a6c6013ca 9328
wolfSSL 13:f67a6c6013ca 9329 case finished:
wolfSSL 13:f67a6c6013ca 9330 if (ssl->msgsReceived.got_finished) {
wolfSSL 13:f67a6c6013ca 9331 WOLFSSL_MSG("Duplicate Finished received");
wolfSSL 13:f67a6c6013ca 9332 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9333 }
wolfSSL 13:f67a6c6013ca 9334 ssl->msgsReceived.got_finished = 1;
wolfSSL 13:f67a6c6013ca 9335
wolfSSL 13:f67a6c6013ca 9336 if (ssl->msgsReceived.got_change_cipher == 0) {
wolfSSL 13:f67a6c6013ca 9337 WOLFSSL_MSG("Finished received before ChangeCipher");
wolfSSL 13:f67a6c6013ca 9338 return NO_CHANGE_CIPHER_E;
wolfSSL 13:f67a6c6013ca 9339 }
wolfSSL 13:f67a6c6013ca 9340 break;
wolfSSL 13:f67a6c6013ca 9341
wolfSSL 13:f67a6c6013ca 9342 case change_cipher_hs:
wolfSSL 13:f67a6c6013ca 9343 if (ssl->msgsReceived.got_change_cipher) {
wolfSSL 13:f67a6c6013ca 9344 WOLFSSL_MSG("Duplicate ChangeCipher received");
wolfSSL 13:f67a6c6013ca 9345 return DUPLICATE_MSG_E;
wolfSSL 13:f67a6c6013ca 9346 }
wolfSSL 13:f67a6c6013ca 9347 /* DTLS is going to ignore the CCS message if the client key
wolfSSL 13:f67a6c6013ca 9348 * exchange message wasn't received yet. */
wolfSSL 13:f67a6c6013ca 9349 if (!ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 9350 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 13:f67a6c6013ca 9351
wolfSSL 13:f67a6c6013ca 9352 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9353 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 9354 if (!ssl->options.resuming &&
wolfSSL 13:f67a6c6013ca 9355 ssl->msgsReceived.got_server_hello_done == 0) {
wolfSSL 13:f67a6c6013ca 9356 WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
wolfSSL 13:f67a6c6013ca 9357 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9358 }
wolfSSL 13:f67a6c6013ca 9359 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 9360 if (ssl->expect_session_ticket) {
wolfSSL 13:f67a6c6013ca 9361 WOLFSSL_MSG("Expected session ticket missing");
wolfSSL 13:f67a6c6013ca 9362 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 9363 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 9364 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9365 #endif
wolfSSL 13:f67a6c6013ca 9366 return SESSION_TICKET_EXPECT_E;
wolfSSL 13:f67a6c6013ca 9367 }
wolfSSL 13:f67a6c6013ca 9368 #endif
wolfSSL 13:f67a6c6013ca 9369 }
wolfSSL 13:f67a6c6013ca 9370 #endif
wolfSSL 13:f67a6c6013ca 9371 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9372 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 9373 if (!ssl->options.resuming &&
wolfSSL 13:f67a6c6013ca 9374 ssl->msgsReceived.got_client_key_exchange == 0) {
wolfSSL 13:f67a6c6013ca 9375 WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
wolfSSL 13:f67a6c6013ca 9376 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9377 }
wolfSSL 13:f67a6c6013ca 9378 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 9379 if (ssl->options.verifyPeer &&
wolfSSL 13:f67a6c6013ca 9380 ssl->options.havePeerCert) {
wolfSSL 13:f67a6c6013ca 9381
wolfSSL 13:f67a6c6013ca 9382 if (!ssl->options.havePeerVerify) {
wolfSSL 13:f67a6c6013ca 9383 WOLFSSL_MSG("client didn't send cert verify");
wolfSSL 13:f67a6c6013ca 9384 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 9385 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 9386 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9387 #endif
wolfSSL 13:f67a6c6013ca 9388 return NO_PEER_VERIFY;
wolfSSL 13:f67a6c6013ca 9389 }
wolfSSL 13:f67a6c6013ca 9390 }
wolfSSL 13:f67a6c6013ca 9391 #endif
wolfSSL 13:f67a6c6013ca 9392 }
wolfSSL 13:f67a6c6013ca 9393 #endif
wolfSSL 13:f67a6c6013ca 9394 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 9395 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 13:f67a6c6013ca 9396 break;
wolfSSL 13:f67a6c6013ca 9397
wolfSSL 13:f67a6c6013ca 9398 default:
wolfSSL 13:f67a6c6013ca 9399 WOLFSSL_MSG("Unknown message type");
wolfSSL 13:f67a6c6013ca 9400 return SANITY_MSG_E;
wolfSSL 13:f67a6c6013ca 9401 }
wolfSSL 13:f67a6c6013ca 9402
wolfSSL 13:f67a6c6013ca 9403 return 0;
wolfSSL 13:f67a6c6013ca 9404 }
wolfSSL 13:f67a6c6013ca 9405
wolfSSL 13:f67a6c6013ca 9406
wolfSSL 13:f67a6c6013ca 9407 static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 9408 byte type, word32 size, word32 totalSz)
wolfSSL 13:f67a6c6013ca 9409 {
wolfSSL 13:f67a6c6013ca 9410 int ret = 0;
wolfSSL 13:f67a6c6013ca 9411 word32 expectedIdx;
wolfSSL 13:f67a6c6013ca 9412
wolfSSL 13:f67a6c6013ca 9413 WOLFSSL_ENTER("DoHandShakeMsgType");
wolfSSL 13:f67a6c6013ca 9414
wolfSSL 13:f67a6c6013ca 9415 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 9416 if (type == hello_retry_request) {
wolfSSL 13:f67a6c6013ca 9417 return DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
wolfSSL 13:f67a6c6013ca 9418 totalSz);
wolfSSL 13:f67a6c6013ca 9419 }
wolfSSL 13:f67a6c6013ca 9420 #endif
wolfSSL 13:f67a6c6013ca 9421
wolfSSL 13:f67a6c6013ca 9422 /* make sure can read the message */
wolfSSL 13:f67a6c6013ca 9423 if (*inOutIdx + size > totalSz)
wolfSSL 13:f67a6c6013ca 9424 return INCOMPLETE_DATA;
wolfSSL 13:f67a6c6013ca 9425
wolfSSL 13:f67a6c6013ca 9426 expectedIdx = *inOutIdx + size +
wolfSSL 13:f67a6c6013ca 9427 (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
wolfSSL 13:f67a6c6013ca 9428
wolfSSL 13:f67a6c6013ca 9429 /* sanity check msg received */
wolfSSL 13:f67a6c6013ca 9430 if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
wolfSSL 13:f67a6c6013ca 9431 WOLFSSL_MSG("Sanity Check on handshake message type received failed");
wolfSSL 13:f67a6c6013ca 9432 return ret;
wolfSSL 13:f67a6c6013ca 9433 }
wolfSSL 13:f67a6c6013ca 9434
wolfSSL 13:f67a6c6013ca 9435 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 9436 /* add name later, add on record and handshake header part back on */
wolfSSL 13:f67a6c6013ca 9437 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 9438 int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 9439 AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
wolfSSL 13:f67a6c6013ca 9440 size + add, ssl->heap);
wolfSSL 13:f67a6c6013ca 9441 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 9442 }
wolfSSL 13:f67a6c6013ca 9443 #endif
wolfSSL 13:f67a6c6013ca 9444
wolfSSL 13:f67a6c6013ca 9445 if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL 13:f67a6c6013ca 9446 WOLFSSL_MSG("HandShake message after handshake complete");
wolfSSL 13:f67a6c6013ca 9447 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 9448 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9449 }
wolfSSL 13:f67a6c6013ca 9450
wolfSSL 13:f67a6c6013ca 9451 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL 13:f67a6c6013ca 9452 ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL 13:f67a6c6013ca 9453 WOLFSSL_MSG("First server message not server hello");
wolfSSL 13:f67a6c6013ca 9454 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 9455 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9456 }
wolfSSL 13:f67a6c6013ca 9457
wolfSSL 13:f67a6c6013ca 9458 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
wolfSSL 13:f67a6c6013ca 9459 type == server_hello_done &&
wolfSSL 13:f67a6c6013ca 9460 ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL 13:f67a6c6013ca 9461 WOLFSSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL 13:f67a6c6013ca 9462 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 9463 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9464 }
wolfSSL 13:f67a6c6013ca 9465
wolfSSL 13:f67a6c6013ca 9466 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 9467 ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL 13:f67a6c6013ca 9468 WOLFSSL_MSG("First client message not client hello");
wolfSSL 13:f67a6c6013ca 9469 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 9470 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 9471 }
wolfSSL 13:f67a6c6013ca 9472
wolfSSL 13:f67a6c6013ca 9473 /* above checks handshake state */
wolfSSL 13:f67a6c6013ca 9474 /* hello_request not hashed */
wolfSSL 13:f67a6c6013ca 9475 /* Also, skip hashing the client_hello message here for DTLS. It will be
wolfSSL 13:f67a6c6013ca 9476 * hashed later if the DTLS cookie is correct. */
wolfSSL 13:f67a6c6013ca 9477 if (type != hello_request &&
wolfSSL 13:f67a6c6013ca 9478 !(IsDtlsNotSctpMode(ssl) && type == client_hello) &&
wolfSSL 13:f67a6c6013ca 9479 ssl->error != WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 9480 ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9481 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 9482 }
wolfSSL 13:f67a6c6013ca 9483
wolfSSL 13:f67a6c6013ca 9484 switch (type) {
wolfSSL 13:f67a6c6013ca 9485
wolfSSL 13:f67a6c6013ca 9486 case hello_request:
wolfSSL 13:f67a6c6013ca 9487 WOLFSSL_MSG("processing hello request");
wolfSSL 13:f67a6c6013ca 9488 ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL 13:f67a6c6013ca 9489 break;
wolfSSL 13:f67a6c6013ca 9490
wolfSSL 13:f67a6c6013ca 9491 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 9492 case hello_verify_request:
wolfSSL 13:f67a6c6013ca 9493 WOLFSSL_MSG("processing hello verify request");
wolfSSL 13:f67a6c6013ca 9494 ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9495 break;
wolfSSL 13:f67a6c6013ca 9496
wolfSSL 13:f67a6c6013ca 9497 case server_hello:
wolfSSL 13:f67a6c6013ca 9498 WOLFSSL_MSG("processing server hello");
wolfSSL 13:f67a6c6013ca 9499 ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9500 break;
wolfSSL 13:f67a6c6013ca 9501
wolfSSL 13:f67a6c6013ca 9502 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 9503 case certificate_request:
wolfSSL 13:f67a6c6013ca 9504 WOLFSSL_MSG("processing certificate request");
wolfSSL 13:f67a6c6013ca 9505 ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9506 break;
wolfSSL 13:f67a6c6013ca 9507 #endif
wolfSSL 13:f67a6c6013ca 9508
wolfSSL 13:f67a6c6013ca 9509 case server_key_exchange:
wolfSSL 13:f67a6c6013ca 9510 WOLFSSL_MSG("processing server key exchange");
wolfSSL 13:f67a6c6013ca 9511 ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9512 break;
wolfSSL 13:f67a6c6013ca 9513
wolfSSL 13:f67a6c6013ca 9514 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 9515 case session_ticket:
wolfSSL 13:f67a6c6013ca 9516 WOLFSSL_MSG("processing session ticket");
wolfSSL 13:f67a6c6013ca 9517 ret = DoSessionTicket(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9518 break;
wolfSSL 13:f67a6c6013ca 9519 #endif /* HAVE_SESSION_TICKET */
wolfSSL 13:f67a6c6013ca 9520 #endif
wolfSSL 13:f67a6c6013ca 9521
wolfSSL 13:f67a6c6013ca 9522 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 9523 case certificate:
wolfSSL 13:f67a6c6013ca 9524 WOLFSSL_MSG("processing certificate");
wolfSSL 13:f67a6c6013ca 9525 ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9526 break;
wolfSSL 13:f67a6c6013ca 9527
wolfSSL 13:f67a6c6013ca 9528 case certificate_status:
wolfSSL 13:f67a6c6013ca 9529 WOLFSSL_MSG("processing certificate status");
wolfSSL 13:f67a6c6013ca 9530 ret = DoCertificateStatus(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9531 break;
wolfSSL 13:f67a6c6013ca 9532 #endif
wolfSSL 13:f67a6c6013ca 9533
wolfSSL 13:f67a6c6013ca 9534 case server_hello_done:
wolfSSL 13:f67a6c6013ca 9535 WOLFSSL_MSG("processing server hello done");
wolfSSL 13:f67a6c6013ca 9536 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 9537 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 9538 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 9539 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 9540 AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 9541 #endif
wolfSSL 13:f67a6c6013ca 9542 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 13:f67a6c6013ca 9543 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 9544 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 9545 }
wolfSSL 13:f67a6c6013ca 9546 if (ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 9547 WOLFSSL_MSG("Not resuming as thought");
wolfSSL 13:f67a6c6013ca 9548 ssl->options.resuming = 0;
wolfSSL 13:f67a6c6013ca 9549 }
wolfSSL 13:f67a6c6013ca 9550 break;
wolfSSL 13:f67a6c6013ca 9551
wolfSSL 13:f67a6c6013ca 9552 case finished:
wolfSSL 13:f67a6c6013ca 9553 WOLFSSL_MSG("processing finished");
wolfSSL 13:f67a6c6013ca 9554 ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL 13:f67a6c6013ca 9555 break;
wolfSSL 13:f67a6c6013ca 9556
wolfSSL 13:f67a6c6013ca 9557 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 9558 case client_hello:
wolfSSL 13:f67a6c6013ca 9559 WOLFSSL_MSG("processing client hello");
wolfSSL 13:f67a6c6013ca 9560 ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9561 break;
wolfSSL 13:f67a6c6013ca 9562
wolfSSL 13:f67a6c6013ca 9563 case client_key_exchange:
wolfSSL 13:f67a6c6013ca 9564 WOLFSSL_MSG("processing client key exchange");
wolfSSL 13:f67a6c6013ca 9565 ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9566 break;
wolfSSL 13:f67a6c6013ca 9567
wolfSSL 13:f67a6c6013ca 9568 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 9569 case certificate_verify:
wolfSSL 13:f67a6c6013ca 9570 WOLFSSL_MSG("processing certificate verify");
wolfSSL 13:f67a6c6013ca 9571 ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL 13:f67a6c6013ca 9572 break;
wolfSSL 13:f67a6c6013ca 9573 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 13:f67a6c6013ca 9574
wolfSSL 13:f67a6c6013ca 9575 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 9576
wolfSSL 13:f67a6c6013ca 9577 default:
wolfSSL 13:f67a6c6013ca 9578 WOLFSSL_MSG("Unknown handshake message type");
wolfSSL 13:f67a6c6013ca 9579 ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL 13:f67a6c6013ca 9580 break;
wolfSSL 13:f67a6c6013ca 9581 }
wolfSSL 13:f67a6c6013ca 9582
wolfSSL 13:f67a6c6013ca 9583 if (ret == 0 && expectedIdx != *inOutIdx) {
wolfSSL 13:f67a6c6013ca 9584 WOLFSSL_MSG("Extra data in handshake message");
wolfSSL 13:f67a6c6013ca 9585 if (!ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 9586 SendAlert(ssl, alert_fatal, decode_error);
wolfSSL 13:f67a6c6013ca 9587 ret = DECODE_E;
wolfSSL 13:f67a6c6013ca 9588 }
wolfSSL 13:f67a6c6013ca 9589
wolfSSL 13:f67a6c6013ca 9590 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 9591 /* if async, offset index so this msg will be processed again */
wolfSSL 13:f67a6c6013ca 9592 if (ret == WC_PENDING_E && *inOutIdx > 0) {
wolfSSL 13:f67a6c6013ca 9593 *inOutIdx -= HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 9594 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 9595 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 9596 *inOutIdx -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 9597 }
wolfSSL 13:f67a6c6013ca 9598 #endif
wolfSSL 13:f67a6c6013ca 9599 }
wolfSSL 13:f67a6c6013ca 9600 #endif
wolfSSL 13:f67a6c6013ca 9601
wolfSSL 13:f67a6c6013ca 9602 WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL 13:f67a6c6013ca 9603 return ret;
wolfSSL 13:f67a6c6013ca 9604 }
wolfSSL 13:f67a6c6013ca 9605
wolfSSL 13:f67a6c6013ca 9606
wolfSSL 13:f67a6c6013ca 9607 static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 9608 word32 totalSz)
wolfSSL 13:f67a6c6013ca 9609 {
wolfSSL 13:f67a6c6013ca 9610 int ret = 0;
wolfSSL 13:f67a6c6013ca 9611 word32 inputLength;
wolfSSL 13:f67a6c6013ca 9612
wolfSSL 13:f67a6c6013ca 9613 WOLFSSL_ENTER("DoHandShakeMsg()");
wolfSSL 13:f67a6c6013ca 9614
wolfSSL 13:f67a6c6013ca 9615 if (ssl->arrays == NULL) {
wolfSSL 13:f67a6c6013ca 9616 byte type;
wolfSSL 13:f67a6c6013ca 9617 word32 size;
wolfSSL 13:f67a6c6013ca 9618
wolfSSL 13:f67a6c6013ca 9619 if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0)
wolfSSL 13:f67a6c6013ca 9620 return PARSE_ERROR;
wolfSSL 13:f67a6c6013ca 9621
wolfSSL 13:f67a6c6013ca 9622 return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 13:f67a6c6013ca 9623 }
wolfSSL 13:f67a6c6013ca 9624
wolfSSL 13:f67a6c6013ca 9625 inputLength = ssl->buffers.inputBuffer.length - *inOutIdx;
wolfSSL 13:f67a6c6013ca 9626
wolfSSL 13:f67a6c6013ca 9627 /* If there is a pending fragmented handshake message,
wolfSSL 13:f67a6c6013ca 9628 * pending message size will be non-zero. */
wolfSSL 13:f67a6c6013ca 9629 if (ssl->arrays->pendingMsgSz == 0) {
wolfSSL 13:f67a6c6013ca 9630 byte type;
wolfSSL 13:f67a6c6013ca 9631 word32 size;
wolfSSL 13:f67a6c6013ca 9632
wolfSSL 13:f67a6c6013ca 9633 if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
wolfSSL 13:f67a6c6013ca 9634 return PARSE_ERROR;
wolfSSL 13:f67a6c6013ca 9635
wolfSSL 13:f67a6c6013ca 9636 /* Cap the maximum size of a handshake message to something reasonable.
wolfSSL 13:f67a6c6013ca 9637 * By default is the maximum size of a certificate message assuming
wolfSSL 13:f67a6c6013ca 9638 * nine 2048-bit RSA certificates in the chain. */
wolfSSL 13:f67a6c6013ca 9639 if (size > MAX_HANDSHAKE_SZ) {
wolfSSL 13:f67a6c6013ca 9640 WOLFSSL_MSG("Handshake message too large");
wolfSSL 13:f67a6c6013ca 9641 return HANDSHAKE_SIZE_ERROR;
wolfSSL 13:f67a6c6013ca 9642 }
wolfSSL 13:f67a6c6013ca 9643
wolfSSL 13:f67a6c6013ca 9644 /* size is the size of the certificate message payload */
wolfSSL 13:f67a6c6013ca 9645 if (inputLength - HANDSHAKE_HEADER_SZ < size) {
wolfSSL 13:f67a6c6013ca 9646 ssl->arrays->pendingMsgType = type;
wolfSSL 13:f67a6c6013ca 9647 ssl->arrays->pendingMsgSz = size + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 9648 ssl->arrays->pendingMsg = (byte*)XMALLOC(size + HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 9649 ssl->heap,
wolfSSL 13:f67a6c6013ca 9650 DYNAMIC_TYPE_ARRAYS);
wolfSSL 13:f67a6c6013ca 9651 if (ssl->arrays->pendingMsg == NULL)
wolfSSL 13:f67a6c6013ca 9652 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 9653 XMEMCPY(ssl->arrays->pendingMsg,
wolfSSL 13:f67a6c6013ca 9654 input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 9655 inputLength);
wolfSSL 13:f67a6c6013ca 9656 ssl->arrays->pendingMsgOffset = inputLength;
wolfSSL 13:f67a6c6013ca 9657 *inOutIdx += inputLength - HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 9658 return 0;
wolfSSL 13:f67a6c6013ca 9659 }
wolfSSL 13:f67a6c6013ca 9660
wolfSSL 13:f67a6c6013ca 9661 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 13:f67a6c6013ca 9662 }
wolfSSL 13:f67a6c6013ca 9663 else {
wolfSSL 13:f67a6c6013ca 9664 if (inputLength + ssl->arrays->pendingMsgOffset
wolfSSL 13:f67a6c6013ca 9665 > ssl->arrays->pendingMsgSz) {
wolfSSL 13:f67a6c6013ca 9666
wolfSSL 13:f67a6c6013ca 9667 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 9668 }
wolfSSL 13:f67a6c6013ca 9669
wolfSSL 13:f67a6c6013ca 9670 XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
wolfSSL 13:f67a6c6013ca 9671 input + *inOutIdx, inputLength);
wolfSSL 13:f67a6c6013ca 9672 ssl->arrays->pendingMsgOffset += inputLength;
wolfSSL 13:f67a6c6013ca 9673 *inOutIdx += inputLength;
wolfSSL 13:f67a6c6013ca 9674
wolfSSL 13:f67a6c6013ca 9675 if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz)
wolfSSL 13:f67a6c6013ca 9676 {
wolfSSL 13:f67a6c6013ca 9677 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 9678 ret = DoHandShakeMsgType(ssl,
wolfSSL 13:f67a6c6013ca 9679 ssl->arrays->pendingMsg
wolfSSL 13:f67a6c6013ca 9680 + HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 9681 &idx, ssl->arrays->pendingMsgType,
wolfSSL 13:f67a6c6013ca 9682 ssl->arrays->pendingMsgSz
wolfSSL 13:f67a6c6013ca 9683 - HANDSHAKE_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 9684 ssl->arrays->pendingMsgSz);
wolfSSL 13:f67a6c6013ca 9685 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 9686 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 9687 /* setup to process fragment again */
wolfSSL 13:f67a6c6013ca 9688 ssl->arrays->pendingMsgOffset -= inputLength;
wolfSSL 13:f67a6c6013ca 9689 *inOutIdx -= inputLength;
wolfSSL 13:f67a6c6013ca 9690 }
wolfSSL 13:f67a6c6013ca 9691 else
wolfSSL 13:f67a6c6013ca 9692 #endif
wolfSSL 13:f67a6c6013ca 9693 {
wolfSSL 13:f67a6c6013ca 9694 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 13:f67a6c6013ca 9695 ssl->arrays->pendingMsg = NULL;
wolfSSL 13:f67a6c6013ca 9696 ssl->arrays->pendingMsgSz = 0;
wolfSSL 13:f67a6c6013ca 9697 }
wolfSSL 13:f67a6c6013ca 9698 }
wolfSSL 13:f67a6c6013ca 9699 }
wolfSSL 13:f67a6c6013ca 9700
wolfSSL 13:f67a6c6013ca 9701 WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL 13:f67a6c6013ca 9702 return ret;
wolfSSL 13:f67a6c6013ca 9703 }
wolfSSL 13:f67a6c6013ca 9704
wolfSSL 13:f67a6c6013ca 9705 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 9706
wolfSSL 13:f67a6c6013ca 9707 static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 9708 {
wolfSSL 13:f67a6c6013ca 9709 word32* window;
wolfSSL 13:f67a6c6013ca 9710 word16 cur_hi, next_hi;
wolfSSL 13:f67a6c6013ca 9711 word32 cur_lo, next_lo, diff;
wolfSSL 13:f67a6c6013ca 9712 int curLT;
wolfSSL 13:f67a6c6013ca 9713 WOLFSSL_DTLS_PEERSEQ* peerSeq = NULL;
wolfSSL 13:f67a6c6013ca 9714
wolfSSL 13:f67a6c6013ca 9715 if (!ssl->options.haveMcast)
wolfSSL 13:f67a6c6013ca 9716 peerSeq = ssl->keys.peerSeq;
wolfSSL 13:f67a6c6013ca 9717 else {
wolfSSL 13:f67a6c6013ca 9718 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 9719 WOLFSSL_DTLS_PEERSEQ* p;
wolfSSL 13:f67a6c6013ca 9720 int i;
wolfSSL 13:f67a6c6013ca 9721
wolfSSL 13:f67a6c6013ca 9722 for (i = 0, p = ssl->keys.peerSeq;
wolfSSL 13:f67a6c6013ca 9723 i < WOLFSSL_DTLS_PEERSEQ_SZ;
wolfSSL 13:f67a6c6013ca 9724 i++, p++) {
wolfSSL 13:f67a6c6013ca 9725
wolfSSL 13:f67a6c6013ca 9726 if (p->peerId == ssl->keys.curPeerId) {
wolfSSL 13:f67a6c6013ca 9727 peerSeq = p;
wolfSSL 13:f67a6c6013ca 9728 break;
wolfSSL 13:f67a6c6013ca 9729 }
wolfSSL 13:f67a6c6013ca 9730 }
wolfSSL 13:f67a6c6013ca 9731 #endif
wolfSSL 13:f67a6c6013ca 9732 }
wolfSSL 13:f67a6c6013ca 9733
wolfSSL 13:f67a6c6013ca 9734 if (peerSeq == NULL) {
wolfSSL 13:f67a6c6013ca 9735 WOLFSSL_MSG("Could not find peer sequence");
wolfSSL 13:f67a6c6013ca 9736 return 0;
wolfSSL 13:f67a6c6013ca 9737 }
wolfSSL 13:f67a6c6013ca 9738
wolfSSL 13:f67a6c6013ca 9739 if (ssl->keys.curEpoch == peerSeq->nextEpoch) {
wolfSSL 13:f67a6c6013ca 9740 next_hi = peerSeq->nextSeq_hi;
wolfSSL 13:f67a6c6013ca 9741 next_lo = peerSeq->nextSeq_lo;
wolfSSL 13:f67a6c6013ca 9742 window = peerSeq->window;
wolfSSL 13:f67a6c6013ca 9743 }
wolfSSL 13:f67a6c6013ca 9744 else if (ssl->keys.curEpoch == peerSeq->nextEpoch - 1) {
wolfSSL 13:f67a6c6013ca 9745 next_hi = peerSeq->prevSeq_hi;
wolfSSL 13:f67a6c6013ca 9746 next_lo = peerSeq->prevSeq_lo;
wolfSSL 13:f67a6c6013ca 9747 window = peerSeq->prevWindow;
wolfSSL 13:f67a6c6013ca 9748 }
wolfSSL 13:f67a6c6013ca 9749 else {
wolfSSL 13:f67a6c6013ca 9750 return 0;
wolfSSL 13:f67a6c6013ca 9751 }
wolfSSL 13:f67a6c6013ca 9752
wolfSSL 13:f67a6c6013ca 9753 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 13:f67a6c6013ca 9754 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 13:f67a6c6013ca 9755
wolfSSL 13:f67a6c6013ca 9756 /* If the difference between next and cur is > 2^32, way outside window. */
wolfSSL 13:f67a6c6013ca 9757 if ((cur_hi > next_hi + 1) || (next_hi > cur_hi + 1)) {
wolfSSL 13:f67a6c6013ca 9758 WOLFSSL_MSG("Current record from way too far in the future.");
wolfSSL 13:f67a6c6013ca 9759 return 0;
wolfSSL 13:f67a6c6013ca 9760 }
wolfSSL 13:f67a6c6013ca 9761
wolfSSL 13:f67a6c6013ca 9762 if (cur_hi == next_hi) {
wolfSSL 13:f67a6c6013ca 9763 curLT = cur_lo < next_lo;
wolfSSL 13:f67a6c6013ca 9764 diff = curLT ? next_lo - cur_lo : cur_lo - next_lo;
wolfSSL 13:f67a6c6013ca 9765 }
wolfSSL 13:f67a6c6013ca 9766 else {
wolfSSL 13:f67a6c6013ca 9767 curLT = cur_hi < next_hi;
wolfSSL 13:f67a6c6013ca 9768 diff = curLT ? cur_lo - next_lo : next_lo - cur_lo;
wolfSSL 13:f67a6c6013ca 9769 }
wolfSSL 13:f67a6c6013ca 9770
wolfSSL 13:f67a6c6013ca 9771 /* Check to see that the next value is greater than the number of messages
wolfSSL 13:f67a6c6013ca 9772 * trackable in the window, and that the difference between the next
wolfSSL 13:f67a6c6013ca 9773 * expected sequence number and the received sequence number is inside the
wolfSSL 13:f67a6c6013ca 9774 * window. */
wolfSSL 13:f67a6c6013ca 9775 if ((next_hi || next_lo > DTLS_SEQ_BITS) &&
wolfSSL 13:f67a6c6013ca 9776 curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 13:f67a6c6013ca 9777
wolfSSL 13:f67a6c6013ca 9778 WOLFSSL_MSG("Current record sequence number from the past.");
wolfSSL 13:f67a6c6013ca 9779 return 0;
wolfSSL 13:f67a6c6013ca 9780 }
wolfSSL 13:f67a6c6013ca 9781 #ifndef WOLFSSL_DTLS_ALLOW_FUTURE
wolfSSL 13:f67a6c6013ca 9782 else if (!curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 13:f67a6c6013ca 9783 WOLFSSL_MSG("Rejecting message too far into the future.");
wolfSSL 13:f67a6c6013ca 9784 return 0;
wolfSSL 13:f67a6c6013ca 9785 }
wolfSSL 13:f67a6c6013ca 9786 #endif
wolfSSL 13:f67a6c6013ca 9787 else if (curLT) {
wolfSSL 13:f67a6c6013ca 9788 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9789 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9790
wolfSSL 13:f67a6c6013ca 9791 /* verify idx is valid for window array */
wolfSSL 13:f67a6c6013ca 9792 if (idx >= WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 13:f67a6c6013ca 9793 WOLFSSL_MSG("Invalid DTLS windows index");
wolfSSL 13:f67a6c6013ca 9794 return 0;
wolfSSL 13:f67a6c6013ca 9795 }
wolfSSL 13:f67a6c6013ca 9796
wolfSSL 13:f67a6c6013ca 9797 if (window[idx] & (1 << (newDiff - 1))) {
wolfSSL 13:f67a6c6013ca 9798 WOLFSSL_MSG("Current record sequence number already received.");
wolfSSL 13:f67a6c6013ca 9799 return 0;
wolfSSL 13:f67a6c6013ca 9800 }
wolfSSL 13:f67a6c6013ca 9801 }
wolfSSL 13:f67a6c6013ca 9802
wolfSSL 13:f67a6c6013ca 9803 return 1;
wolfSSL 13:f67a6c6013ca 9804 }
wolfSSL 13:f67a6c6013ca 9805
wolfSSL 13:f67a6c6013ca 9806
wolfSSL 13:f67a6c6013ca 9807 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 9808 static INLINE word32 UpdateHighwaterMark(word32 cur, word32 first,
wolfSSL 13:f67a6c6013ca 9809 word32 second, word32 max)
wolfSSL 13:f67a6c6013ca 9810 {
wolfSSL 13:f67a6c6013ca 9811 word32 newCur = 0;
wolfSSL 13:f67a6c6013ca 9812
wolfSSL 13:f67a6c6013ca 9813 if (cur < first)
wolfSSL 13:f67a6c6013ca 9814 newCur = first;
wolfSSL 13:f67a6c6013ca 9815 else if (cur < second)
wolfSSL 13:f67a6c6013ca 9816 newCur = second;
wolfSSL 13:f67a6c6013ca 9817 else if (cur < max)
wolfSSL 13:f67a6c6013ca 9818 newCur = max;
wolfSSL 13:f67a6c6013ca 9819
wolfSSL 13:f67a6c6013ca 9820 return newCur;
wolfSSL 13:f67a6c6013ca 9821 }
wolfSSL 13:f67a6c6013ca 9822 #endif /* WOLFSSL_MULTICAST */
wolfSSL 13:f67a6c6013ca 9823
wolfSSL 13:f67a6c6013ca 9824
wolfSSL 13:f67a6c6013ca 9825 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 9826 {
wolfSSL 13:f67a6c6013ca 9827 word32* window;
wolfSSL 13:f67a6c6013ca 9828 word32* next_lo;
wolfSSL 13:f67a6c6013ca 9829 word16* next_hi;
wolfSSL 13:f67a6c6013ca 9830 int curLT;
wolfSSL 13:f67a6c6013ca 9831 word32 cur_lo, diff;
wolfSSL 13:f67a6c6013ca 9832 word16 cur_hi;
wolfSSL 13:f67a6c6013ca 9833 WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
wolfSSL 13:f67a6c6013ca 9834
wolfSSL 13:f67a6c6013ca 9835 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 13:f67a6c6013ca 9836 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 13:f67a6c6013ca 9837
wolfSSL 13:f67a6c6013ca 9838 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 9839 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 9840 WOLFSSL_DTLS_PEERSEQ* p;
wolfSSL 13:f67a6c6013ca 9841 int i;
wolfSSL 13:f67a6c6013ca 9842
wolfSSL 13:f67a6c6013ca 9843 peerSeq = NULL;
wolfSSL 13:f67a6c6013ca 9844 for (i = 0, p = ssl->keys.peerSeq;
wolfSSL 13:f67a6c6013ca 9845 i < WOLFSSL_DTLS_PEERSEQ_SZ;
wolfSSL 13:f67a6c6013ca 9846 i++, p++) {
wolfSSL 13:f67a6c6013ca 9847
wolfSSL 13:f67a6c6013ca 9848 if (p->peerId == ssl->keys.curPeerId) {
wolfSSL 13:f67a6c6013ca 9849 peerSeq = p;
wolfSSL 13:f67a6c6013ca 9850 break;
wolfSSL 13:f67a6c6013ca 9851 }
wolfSSL 13:f67a6c6013ca 9852 }
wolfSSL 13:f67a6c6013ca 9853
wolfSSL 13:f67a6c6013ca 9854 if (peerSeq == NULL) {
wolfSSL 13:f67a6c6013ca 9855 WOLFSSL_MSG("Couldn't find that peer ID to update window.");
wolfSSL 13:f67a6c6013ca 9856 return 0;
wolfSSL 13:f67a6c6013ca 9857 }
wolfSSL 13:f67a6c6013ca 9858
wolfSSL 13:f67a6c6013ca 9859 if (p->highwaterMark && cur_lo >= p->highwaterMark) {
wolfSSL 13:f67a6c6013ca 9860 int cbError = 0;
wolfSSL 13:f67a6c6013ca 9861
wolfSSL 13:f67a6c6013ca 9862 if (ssl->ctx->mcastHwCb)
wolfSSL 13:f67a6c6013ca 9863 cbError = ssl->ctx->mcastHwCb(p->peerId,
wolfSSL 13:f67a6c6013ca 9864 ssl->ctx->mcastMaxSeq,
wolfSSL 13:f67a6c6013ca 9865 cur_lo, ssl->mcastHwCbCtx);
wolfSSL 13:f67a6c6013ca 9866 if (cbError) {
wolfSSL 13:f67a6c6013ca 9867 WOLFSSL_MSG("Multicast highwater callback returned an error.");
wolfSSL 13:f67a6c6013ca 9868 return MCAST_HIGHWATER_CB_E;
wolfSSL 13:f67a6c6013ca 9869 }
wolfSSL 13:f67a6c6013ca 9870
wolfSSL 13:f67a6c6013ca 9871 p->highwaterMark = UpdateHighwaterMark(cur_lo,
wolfSSL 13:f67a6c6013ca 9872 ssl->ctx->mcastFirstSeq,
wolfSSL 13:f67a6c6013ca 9873 ssl->ctx->mcastSecondSeq,
wolfSSL 13:f67a6c6013ca 9874 ssl->ctx->mcastMaxSeq);
wolfSSL 13:f67a6c6013ca 9875 }
wolfSSL 13:f67a6c6013ca 9876 }
wolfSSL 13:f67a6c6013ca 9877 #endif
wolfSSL 13:f67a6c6013ca 9878
wolfSSL 13:f67a6c6013ca 9879 if (ssl->keys.curEpoch == peerSeq->nextEpoch) {
wolfSSL 13:f67a6c6013ca 9880 next_hi = &peerSeq->nextSeq_hi;
wolfSSL 13:f67a6c6013ca 9881 next_lo = &peerSeq->nextSeq_lo;
wolfSSL 13:f67a6c6013ca 9882 window = peerSeq->window;
wolfSSL 13:f67a6c6013ca 9883 }
wolfSSL 13:f67a6c6013ca 9884 else {
wolfSSL 13:f67a6c6013ca 9885 next_hi = &peerSeq->prevSeq_hi;
wolfSSL 13:f67a6c6013ca 9886 next_lo = &peerSeq->prevSeq_lo;
wolfSSL 13:f67a6c6013ca 9887 window = peerSeq->prevWindow;
wolfSSL 13:f67a6c6013ca 9888 }
wolfSSL 13:f67a6c6013ca 9889
wolfSSL 13:f67a6c6013ca 9890 if (cur_hi == *next_hi) {
wolfSSL 13:f67a6c6013ca 9891 curLT = cur_lo < *next_lo;
wolfSSL 13:f67a6c6013ca 9892 diff = curLT ? *next_lo - cur_lo : cur_lo - *next_lo;
wolfSSL 13:f67a6c6013ca 9893 }
wolfSSL 13:f67a6c6013ca 9894 else {
wolfSSL 13:f67a6c6013ca 9895 curLT = cur_hi < *next_hi;
wolfSSL 13:f67a6c6013ca 9896 diff = curLT ? cur_lo - *next_lo : *next_lo - cur_lo;
wolfSSL 13:f67a6c6013ca 9897 }
wolfSSL 13:f67a6c6013ca 9898
wolfSSL 13:f67a6c6013ca 9899 if (curLT) {
wolfSSL 13:f67a6c6013ca 9900 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9901 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9902
wolfSSL 13:f67a6c6013ca 9903 if (idx < WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL 13:f67a6c6013ca 9904 window[idx] |= (1 << (newDiff - 1));
wolfSSL 13:f67a6c6013ca 9905 }
wolfSSL 13:f67a6c6013ca 9906 else {
wolfSSL 13:f67a6c6013ca 9907 if (diff >= DTLS_SEQ_BITS)
wolfSSL 13:f67a6c6013ca 9908 XMEMSET(window, 0, DTLS_SEQ_SZ);
wolfSSL 13:f67a6c6013ca 9909 else {
wolfSSL 13:f67a6c6013ca 9910 word32 idx, newDiff, temp, i;
wolfSSL 13:f67a6c6013ca 9911 word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL 13:f67a6c6013ca 9912
wolfSSL 13:f67a6c6013ca 9913 temp = 0;
wolfSSL 13:f67a6c6013ca 9914 diff++;
wolfSSL 13:f67a6c6013ca 9915 idx = diff / DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9916 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 13:f67a6c6013ca 9917
wolfSSL 13:f67a6c6013ca 9918 XMEMCPY(oldWindow, window, sizeof(oldWindow));
wolfSSL 13:f67a6c6013ca 9919
wolfSSL 13:f67a6c6013ca 9920 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 13:f67a6c6013ca 9921 if (i < idx)
wolfSSL 13:f67a6c6013ca 9922 window[i] = 0;
wolfSSL 13:f67a6c6013ca 9923 else {
wolfSSL 13:f67a6c6013ca 9924 temp |= (oldWindow[i-idx] << newDiff);
wolfSSL 13:f67a6c6013ca 9925 window[i] = temp;
wolfSSL 13:f67a6c6013ca 9926 temp = oldWindow[i-idx] >> (DTLS_WORD_BITS - newDiff);
wolfSSL 13:f67a6c6013ca 9927 }
wolfSSL 13:f67a6c6013ca 9928 }
wolfSSL 13:f67a6c6013ca 9929 }
wolfSSL 13:f67a6c6013ca 9930 window[0] |= 1;
wolfSSL 13:f67a6c6013ca 9931 *next_lo = cur_lo + 1;
wolfSSL 13:f67a6c6013ca 9932 if (*next_lo < cur_lo)
wolfSSL 13:f67a6c6013ca 9933 (*next_hi)++;
wolfSSL 13:f67a6c6013ca 9934 }
wolfSSL 13:f67a6c6013ca 9935
wolfSSL 13:f67a6c6013ca 9936 return 1;
wolfSSL 13:f67a6c6013ca 9937 }
wolfSSL 13:f67a6c6013ca 9938
wolfSSL 13:f67a6c6013ca 9939
wolfSSL 13:f67a6c6013ca 9940 static int DtlsMsgDrain(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 9941 {
wolfSSL 13:f67a6c6013ca 9942 DtlsMsg* item = ssl->dtls_rx_msg_list;
wolfSSL 13:f67a6c6013ca 9943 int ret = 0;
wolfSSL 13:f67a6c6013ca 9944
wolfSSL 13:f67a6c6013ca 9945 /* While there is an item in the store list, and it is the expected
wolfSSL 13:f67a6c6013ca 9946 * message, and it is complete, and there hasn't been an error in the
wolfSSL 13:f67a6c6013ca 9947 * last messge... */
wolfSSL 13:f67a6c6013ca 9948 while (item != NULL &&
wolfSSL 13:f67a6c6013ca 9949 ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL 13:f67a6c6013ca 9950 item->fragSz == item->sz &&
wolfSSL 13:f67a6c6013ca 9951 ret == 0) {
wolfSSL 13:f67a6c6013ca 9952 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 9953 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 13:f67a6c6013ca 9954 ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL 13:f67a6c6013ca 9955 &idx, item->type, item->sz, item->sz);
wolfSSL 13:f67a6c6013ca 9956 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 9957 ssl->keys.dtls_expected_peer_handshake_number--;
wolfSSL 13:f67a6c6013ca 9958 break;
wolfSSL 13:f67a6c6013ca 9959 }
wolfSSL 13:f67a6c6013ca 9960 ssl->dtls_rx_msg_list = item->next;
wolfSSL 13:f67a6c6013ca 9961 DtlsMsgDelete(item, ssl->heap);
wolfSSL 13:f67a6c6013ca 9962 item = ssl->dtls_rx_msg_list;
wolfSSL 13:f67a6c6013ca 9963 ssl->dtls_rx_msg_list_sz--;
wolfSSL 13:f67a6c6013ca 9964 }
wolfSSL 13:f67a6c6013ca 9965
wolfSSL 13:f67a6c6013ca 9966 return ret;
wolfSSL 13:f67a6c6013ca 9967 }
wolfSSL 13:f67a6c6013ca 9968
wolfSSL 13:f67a6c6013ca 9969
wolfSSL 13:f67a6c6013ca 9970 static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 9971 word32 totalSz)
wolfSSL 13:f67a6c6013ca 9972 {
wolfSSL 13:f67a6c6013ca 9973 byte type;
wolfSSL 13:f67a6c6013ca 9974 word32 size;
wolfSSL 13:f67a6c6013ca 9975 word32 fragOffset, fragSz;
wolfSSL 13:f67a6c6013ca 9976 int ret = 0;
wolfSSL 13:f67a6c6013ca 9977
wolfSSL 13:f67a6c6013ca 9978 WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL 13:f67a6c6013ca 9979
wolfSSL 13:f67a6c6013ca 9980 /* process any pending DTLS messages - this flow can happen with async */
wolfSSL 13:f67a6c6013ca 9981 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 13:f67a6c6013ca 9982 ret = DtlsMsgDrain(ssl);
wolfSSL 13:f67a6c6013ca 9983 if (ret != 0)
wolfSSL 13:f67a6c6013ca 9984 return ret;
wolfSSL 13:f67a6c6013ca 9985
wolfSSL 13:f67a6c6013ca 9986 /* if done processing fragment exit with success */
wolfSSL 13:f67a6c6013ca 9987 if (totalSz == *inOutIdx)
wolfSSL 13:f67a6c6013ca 9988 return ret;
wolfSSL 13:f67a6c6013ca 9989 }
wolfSSL 13:f67a6c6013ca 9990
wolfSSL 13:f67a6c6013ca 9991 /* parse header */
wolfSSL 13:f67a6c6013ca 9992 if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL 13:f67a6c6013ca 9993 &size, &fragOffset, &fragSz, totalSz) != 0)
wolfSSL 13:f67a6c6013ca 9994 return PARSE_ERROR;
wolfSSL 13:f67a6c6013ca 9995
wolfSSL 13:f67a6c6013ca 9996 /* check that we have complete fragment */
wolfSSL 13:f67a6c6013ca 9997 if (*inOutIdx + fragSz > totalSz)
wolfSSL 13:f67a6c6013ca 9998 return INCOMPLETE_DATA;
wolfSSL 13:f67a6c6013ca 9999
wolfSSL 13:f67a6c6013ca 10000 /* Check the handshake sequence number first. If out of order,
wolfSSL 13:f67a6c6013ca 10001 * add the current message to the list. If the message is in order,
wolfSSL 13:f67a6c6013ca 10002 * but it is a fragment, add the current message to the list, then
wolfSSL 13:f67a6c6013ca 10003 * check the head of the list to see if it is complete, if so, pop
wolfSSL 13:f67a6c6013ca 10004 * it out as the current message. If the message is complete and in
wolfSSL 13:f67a6c6013ca 10005 * order, process it. Check the head of the list to see if it is in
wolfSSL 13:f67a6c6013ca 10006 * order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL 13:f67a6c6013ca 10007 * head is out of order, return for more processing.
wolfSSL 13:f67a6c6013ca 10008 */
wolfSSL 13:f67a6c6013ca 10009 if (ssl->keys.dtls_peer_handshake_number >
wolfSSL 13:f67a6c6013ca 10010 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 13:f67a6c6013ca 10011 /* Current message is out of order. It will get stored in the list.
wolfSSL 13:f67a6c6013ca 10012 * Storing also takes care of defragmentation. If the messages is a
wolfSSL 13:f67a6c6013ca 10013 * client hello, we need to process this out of order; the server
wolfSSL 13:f67a6c6013ca 10014 * is not supposed to keep state, but the second client hello will
wolfSSL 13:f67a6c6013ca 10015 * have a different handshake sequence number than is expected, and
wolfSSL 13:f67a6c6013ca 10016 * the server shouldn't be expecting any particular handshake sequence
wolfSSL 13:f67a6c6013ca 10017 * number. (If the cookie changes multiple times in quick succession,
wolfSSL 13:f67a6c6013ca 10018 * the client could be sending multiple new client hello messages
wolfSSL 13:f67a6c6013ca 10019 * with newer and newer cookies.) */
wolfSSL 13:f67a6c6013ca 10020 if (type != client_hello) {
wolfSSL 13:f67a6c6013ca 10021 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 13:f67a6c6013ca 10022 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 13:f67a6c6013ca 10023 input + *inOutIdx, size, type,
wolfSSL 13:f67a6c6013ca 10024 fragOffset, fragSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 10025 }
wolfSSL 13:f67a6c6013ca 10026 *inOutIdx += fragSz;
wolfSSL 13:f67a6c6013ca 10027 ret = 0;
wolfSSL 13:f67a6c6013ca 10028 }
wolfSSL 13:f67a6c6013ca 10029 else {
wolfSSL 13:f67a6c6013ca 10030 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 13:f67a6c6013ca 10031 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 10032 ssl->keys.dtls_expected_peer_handshake_number =
wolfSSL 13:f67a6c6013ca 10033 ssl->keys.dtls_peer_handshake_number + 1;
wolfSSL 13:f67a6c6013ca 10034 }
wolfSSL 13:f67a6c6013ca 10035 }
wolfSSL 13:f67a6c6013ca 10036 }
wolfSSL 13:f67a6c6013ca 10037 else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL 13:f67a6c6013ca 10038 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 13:f67a6c6013ca 10039 /* Already saw this message and processed it. It can be ignored. */
wolfSSL 13:f67a6c6013ca 10040 *inOutIdx += fragSz;
wolfSSL 13:f67a6c6013ca 10041 if(type == finished ) {
wolfSSL 13:f67a6c6013ca 10042 if (*inOutIdx + ssl->keys.padSz > totalSz) {
wolfSSL 13:f67a6c6013ca 10043 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 10044 }
wolfSSL 13:f67a6c6013ca 10045 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 10046 }
wolfSSL 13:f67a6c6013ca 10047 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 13:f67a6c6013ca 10048 VerifyForDtlsMsgPoolSend(ssl, type, fragOffset)) {
wolfSSL 13:f67a6c6013ca 10049
wolfSSL 13:f67a6c6013ca 10050 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 13:f67a6c6013ca 10051 }
wolfSSL 13:f67a6c6013ca 10052 }
wolfSSL 13:f67a6c6013ca 10053 else if (fragSz < size) {
wolfSSL 13:f67a6c6013ca 10054 /* Since this branch is in order, but fragmented, dtls_rx_msg_list will
wolfSSL 13:f67a6c6013ca 10055 * be pointing to the message with this fragment in it. Check it to see
wolfSSL 13:f67a6c6013ca 10056 * if it is completed. */
wolfSSL 13:f67a6c6013ca 10057 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 13:f67a6c6013ca 10058 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 13:f67a6c6013ca 10059 input + *inOutIdx, size, type,
wolfSSL 13:f67a6c6013ca 10060 fragOffset, fragSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 10061 }
wolfSSL 13:f67a6c6013ca 10062 *inOutIdx += fragSz;
wolfSSL 13:f67a6c6013ca 10063 ret = 0;
wolfSSL 13:f67a6c6013ca 10064 if (ssl->dtls_rx_msg_list != NULL &&
wolfSSL 13:f67a6c6013ca 10065 ssl->dtls_rx_msg_list->fragSz >= ssl->dtls_rx_msg_list->sz)
wolfSSL 13:f67a6c6013ca 10066 ret = DtlsMsgDrain(ssl);
wolfSSL 13:f67a6c6013ca 10067 }
wolfSSL 13:f67a6c6013ca 10068 else {
wolfSSL 13:f67a6c6013ca 10069 /* This branch is in order next, and a complete message. */
wolfSSL 13:f67a6c6013ca 10070 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 13:f67a6c6013ca 10071 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 10072 if (type != client_hello || !IsDtlsNotSctpMode(ssl))
wolfSSL 13:f67a6c6013ca 10073 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 13:f67a6c6013ca 10074 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 13:f67a6c6013ca 10075 ret = DtlsMsgDrain(ssl);
wolfSSL 13:f67a6c6013ca 10076 }
wolfSSL 13:f67a6c6013ca 10077 }
wolfSSL 13:f67a6c6013ca 10078 }
wolfSSL 13:f67a6c6013ca 10079
wolfSSL 13:f67a6c6013ca 10080 WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL 13:f67a6c6013ca 10081 return ret;
wolfSSL 13:f67a6c6013ca 10082 }
wolfSSL 13:f67a6c6013ca 10083 #endif
wolfSSL 13:f67a6c6013ca 10084
wolfSSL 13:f67a6c6013ca 10085
wolfSSL 13:f67a6c6013ca 10086 #ifdef HAVE_AEAD
wolfSSL 13:f67a6c6013ca 10087 static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 10088 {
wolfSSL 13:f67a6c6013ca 10089 int i;
wolfSSL 13:f67a6c6013ca 10090 for (i = AEAD_MAX_EXP_SZ-1; i >= 0; i--) {
wolfSSL 13:f67a6c6013ca 10091 if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL 13:f67a6c6013ca 10092 }
wolfSSL 13:f67a6c6013ca 10093 }
wolfSSL 13:f67a6c6013ca 10094
wolfSSL 13:f67a6c6013ca 10095
wolfSSL 13:f67a6c6013ca 10096 #if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
wolfSSL 13:f67a6c6013ca 10097 /* Used for the older version of creating AEAD tags with Poly1305 */
wolfSSL 13:f67a6c6013ca 10098 static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
wolfSSL 13:f67a6c6013ca 10099 byte* cipher, word16 sz, byte* tag)
wolfSSL 13:f67a6c6013ca 10100 {
wolfSSL 13:f67a6c6013ca 10101 int ret = 0;
wolfSSL 13:f67a6c6013ca 10102 int msglen = (sz - ssl->specs.aead_mac_size);
wolfSSL 13:f67a6c6013ca 10103 word32 keySz = 32;
wolfSSL 13:f67a6c6013ca 10104 byte padding[8]; /* used to temporarily store lengths */
wolfSSL 13:f67a6c6013ca 10105
wolfSSL 13:f67a6c6013ca 10106 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10107 printf("Using old version of poly1305 input.\n");
wolfSSL 13:f67a6c6013ca 10108 #endif
wolfSSL 13:f67a6c6013ca 10109
wolfSSL 13:f67a6c6013ca 10110 if (msglen < 0)
wolfSSL 13:f67a6c6013ca 10111 return INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 10112
wolfSSL 13:f67a6c6013ca 10113 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
wolfSSL 13:f67a6c6013ca 10114 return ret;
wolfSSL 13:f67a6c6013ca 10115
wolfSSL 13:f67a6c6013ca 10116 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
wolfSSL 13:f67a6c6013ca 10117 AEAD_AUTH_DATA_SZ)) != 0)
wolfSSL 13:f67a6c6013ca 10118 return ret;
wolfSSL 13:f67a6c6013ca 10119
wolfSSL 13:f67a6c6013ca 10120 /* length of additional input plus padding */
wolfSSL 13:f67a6c6013ca 10121 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 13:f67a6c6013ca 10122 padding[0] = AEAD_AUTH_DATA_SZ;
wolfSSL 13:f67a6c6013ca 10123 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
wolfSSL 13:f67a6c6013ca 10124 sizeof(padding))) != 0)
wolfSSL 13:f67a6c6013ca 10125 return ret;
wolfSSL 13:f67a6c6013ca 10126
wolfSSL 13:f67a6c6013ca 10127
wolfSSL 13:f67a6c6013ca 10128 /* add cipher info and then its length */
wolfSSL 13:f67a6c6013ca 10129 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 13:f67a6c6013ca 10130 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
wolfSSL 13:f67a6c6013ca 10131 return ret;
wolfSSL 13:f67a6c6013ca 10132
wolfSSL 13:f67a6c6013ca 10133 /* 32 bit size of cipher to 64 bit endian */
wolfSSL 13:f67a6c6013ca 10134 padding[0] = msglen & 0xff;
wolfSSL 13:f67a6c6013ca 10135 padding[1] = (msglen >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 10136 padding[2] = (msglen >> 16) & 0xff;
wolfSSL 13:f67a6c6013ca 10137 padding[3] = (msglen >> 24) & 0xff;
wolfSSL 13:f67a6c6013ca 10138 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
wolfSSL 13:f67a6c6013ca 10139 != 0)
wolfSSL 13:f67a6c6013ca 10140 return ret;
wolfSSL 13:f67a6c6013ca 10141
wolfSSL 13:f67a6c6013ca 10142 /* generate tag */
wolfSSL 13:f67a6c6013ca 10143 if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
wolfSSL 13:f67a6c6013ca 10144 return ret;
wolfSSL 13:f67a6c6013ca 10145
wolfSSL 13:f67a6c6013ca 10146 return ret;
wolfSSL 13:f67a6c6013ca 10147 }
wolfSSL 13:f67a6c6013ca 10148
wolfSSL 13:f67a6c6013ca 10149
wolfSSL 13:f67a6c6013ca 10150 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL 13:f67a6c6013ca 10151 * the implmentation follows an older draft for creating the nonce and MAC.
wolfSSL 13:f67a6c6013ca 10152 * The flag oldPoly gets set automaticlly depending on what cipher suite was
wolfSSL 13:f67a6c6013ca 10153 * negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL 13:f67a6c6013ca 10154 * cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL 13:f67a6c6013ca 10155 * draft in comparision to the more recent RFC.
wolfSSL 13:f67a6c6013ca 10156 *
wolfSSL 13:f67a6c6013ca 10157 * ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL 13:f67a6c6013ca 10158 * out output buffer to hold encrypted data
wolfSSL 13:f67a6c6013ca 10159 * input data to encrypt
wolfSSL 13:f67a6c6013ca 10160 * sz size of input
wolfSSL 13:f67a6c6013ca 10161 *
wolfSSL 13:f67a6c6013ca 10162 * Return 0 on success negative values in error case
wolfSSL 13:f67a6c6013ca 10163 */
wolfSSL 13:f67a6c6013ca 10164 static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL 13:f67a6c6013ca 10165 word16 sz)
wolfSSL 13:f67a6c6013ca 10166 {
wolfSSL 13:f67a6c6013ca 10167 const byte* additionalSrc = input - RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 10168 int ret = 0;
wolfSSL 13:f67a6c6013ca 10169 word32 msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 13:f67a6c6013ca 10170 byte tag[POLY1305_AUTH_SZ];
wolfSSL 13:f67a6c6013ca 10171 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 13:f67a6c6013ca 10172 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 13:f67a6c6013ca 10173 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
wolfSSL 13:f67a6c6013ca 10174 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10175 int i;
wolfSSL 13:f67a6c6013ca 10176 #endif
wolfSSL 13:f67a6c6013ca 10177
wolfSSL 13:f67a6c6013ca 10178 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 13:f67a6c6013ca 10179 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 13:f67a6c6013ca 10180 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10181 XMEMSET(add, 0, sizeof(add));
wolfSSL 13:f67a6c6013ca 10182
wolfSSL 13:f67a6c6013ca 10183 /* opaque SEQ number stored for AD */
wolfSSL 13:f67a6c6013ca 10184 WriteSEQ(ssl, CUR_ORDER, add);
wolfSSL 13:f67a6c6013ca 10185
wolfSSL 13:f67a6c6013ca 10186 if (ssl->options.oldPoly != 0) {
wolfSSL 13:f67a6c6013ca 10187 /* get nonce. SEQ should not be incremented again here */
wolfSSL 13:f67a6c6013ca 10188 XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL 13:f67a6c6013ca 10189 }
wolfSSL 13:f67a6c6013ca 10190
wolfSSL 13:f67a6c6013ca 10191 /* Store the type, version. Unfortunately, they are in
wolfSSL 13:f67a6c6013ca 10192 * the input buffer ahead of the plaintext. */
wolfSSL 13:f67a6c6013ca 10193 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 10194 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 10195 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 10196 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 10197 }
wolfSSL 13:f67a6c6013ca 10198 #endif
wolfSSL 13:f67a6c6013ca 10199
wolfSSL 13:f67a6c6013ca 10200 /* add TLS message size to additional data */
wolfSSL 13:f67a6c6013ca 10201 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 10202 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 13:f67a6c6013ca 10203
wolfSSL 13:f67a6c6013ca 10204 XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL 13:f67a6c6013ca 10205
wolfSSL 13:f67a6c6013ca 10206 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10207 printf("Encrypt Additional : ");
wolfSSL 13:f67a6c6013ca 10208 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 13:f67a6c6013ca 10209 printf("%02x", add[i]);
wolfSSL 13:f67a6c6013ca 10210 }
wolfSSL 13:f67a6c6013ca 10211 printf("\n\n");
wolfSSL 13:f67a6c6013ca 10212 printf("input before encryption :\n");
wolfSSL 13:f67a6c6013ca 10213 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 10214 printf("%02x", input[i]);
wolfSSL 13:f67a6c6013ca 10215 if ((i + 1) % 16 == 0)
wolfSSL 13:f67a6c6013ca 10216 printf("\n");
wolfSSL 13:f67a6c6013ca 10217 }
wolfSSL 13:f67a6c6013ca 10218 printf("\n");
wolfSSL 13:f67a6c6013ca 10219 #endif
wolfSSL 13:f67a6c6013ca 10220
wolfSSL 13:f67a6c6013ca 10221 if (ssl->options.oldPoly == 0) {
wolfSSL 13:f67a6c6013ca 10222 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 13:f67a6c6013ca 10223 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 13:f67a6c6013ca 10224 XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10225 nonce[4] ^= add[0];
wolfSSL 13:f67a6c6013ca 10226 nonce[5] ^= add[1];
wolfSSL 13:f67a6c6013ca 10227 nonce[6] ^= add[2];
wolfSSL 13:f67a6c6013ca 10228 nonce[7] ^= add[3];
wolfSSL 13:f67a6c6013ca 10229 nonce[8] ^= add[4];
wolfSSL 13:f67a6c6013ca 10230 nonce[9] ^= add[5];
wolfSSL 13:f67a6c6013ca 10231 nonce[10] ^= add[6];
wolfSSL 13:f67a6c6013ca 10232 nonce[11] ^= add[7];
wolfSSL 13:f67a6c6013ca 10233 }
wolfSSL 13:f67a6c6013ca 10234
wolfSSL 13:f67a6c6013ca 10235 /* set the nonce for chacha and get poly1305 key */
wolfSSL 13:f67a6c6013ca 10236 if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) {
wolfSSL 13:f67a6c6013ca 10237 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 13:f67a6c6013ca 10238 return ret;
wolfSSL 13:f67a6c6013ca 10239 }
wolfSSL 13:f67a6c6013ca 10240
wolfSSL 13:f67a6c6013ca 10241 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 13:f67a6c6013ca 10242 /* create Poly1305 key using chacha20 keystream */
wolfSSL 13:f67a6c6013ca 10243 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, poly,
wolfSSL 13:f67a6c6013ca 10244 poly, sizeof(poly))) != 0)
wolfSSL 13:f67a6c6013ca 10245 return ret;
wolfSSL 13:f67a6c6013ca 10246
wolfSSL 13:f67a6c6013ca 10247 /* encrypt the plain text */
wolfSSL 13:f67a6c6013ca 10248 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out,
wolfSSL 13:f67a6c6013ca 10249 input, msgLen)) != 0) {
wolfSSL 13:f67a6c6013ca 10250 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10251 return ret;
wolfSSL 13:f67a6c6013ca 10252 }
wolfSSL 13:f67a6c6013ca 10253
wolfSSL 13:f67a6c6013ca 10254 /* get the poly1305 tag using either old padding scheme or more recent */
wolfSSL 13:f67a6c6013ca 10255 if (ssl->options.oldPoly != 0) {
wolfSSL 13:f67a6c6013ca 10256 if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
wolfSSL 13:f67a6c6013ca 10257 poly, sz, tag)) != 0) {
wolfSSL 13:f67a6c6013ca 10258 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10259 return ret;
wolfSSL 13:f67a6c6013ca 10260 }
wolfSSL 13:f67a6c6013ca 10261 }
wolfSSL 13:f67a6c6013ca 10262 else {
wolfSSL 13:f67a6c6013ca 10263 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 13:f67a6c6013ca 10264 sizeof(poly))) != 0) {
wolfSSL 13:f67a6c6013ca 10265 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10266 return ret;
wolfSSL 13:f67a6c6013ca 10267 }
wolfSSL 13:f67a6c6013ca 10268 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 13:f67a6c6013ca 10269 sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 13:f67a6c6013ca 10270 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10271 return ret;
wolfSSL 13:f67a6c6013ca 10272 }
wolfSSL 13:f67a6c6013ca 10273 }
wolfSSL 13:f67a6c6013ca 10274 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 13:f67a6c6013ca 10275
wolfSSL 13:f67a6c6013ca 10276 /* append tag to ciphertext */
wolfSSL 13:f67a6c6013ca 10277 XMEMCPY(out + msgLen, tag, sizeof(tag));
wolfSSL 13:f67a6c6013ca 10278
wolfSSL 13:f67a6c6013ca 10279 AeadIncrementExpIV(ssl);
wolfSSL 13:f67a6c6013ca 10280
wolfSSL 13:f67a6c6013ca 10281 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10282 printf("mac tag :\n");
wolfSSL 13:f67a6c6013ca 10283 for (i = 0; i < 16; i++) {
wolfSSL 13:f67a6c6013ca 10284 printf("%02x", tag[i]);
wolfSSL 13:f67a6c6013ca 10285 if ((i + 1) % 16 == 0)
wolfSSL 13:f67a6c6013ca 10286 printf("\n");
wolfSSL 13:f67a6c6013ca 10287 }
wolfSSL 13:f67a6c6013ca 10288 printf("\n\noutput after encrypt :\n");
wolfSSL 13:f67a6c6013ca 10289 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 10290 printf("%02x", out[i]);
wolfSSL 13:f67a6c6013ca 10291 if ((i + 1) % 16 == 0)
wolfSSL 13:f67a6c6013ca 10292 printf("\n");
wolfSSL 13:f67a6c6013ca 10293 }
wolfSSL 13:f67a6c6013ca 10294 printf("\n");
wolfSSL 13:f67a6c6013ca 10295 #endif
wolfSSL 13:f67a6c6013ca 10296
wolfSSL 13:f67a6c6013ca 10297 return ret;
wolfSSL 13:f67a6c6013ca 10298 }
wolfSSL 13:f67a6c6013ca 10299
wolfSSL 13:f67a6c6013ca 10300
wolfSSL 13:f67a6c6013ca 10301 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL 13:f67a6c6013ca 10302 * the implmentation follows an older draft for creating the nonce and MAC.
wolfSSL 13:f67a6c6013ca 10303 * The flag oldPoly gets set automaticlly depending on what cipher suite was
wolfSSL 13:f67a6c6013ca 10304 * negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL 13:f67a6c6013ca 10305 * cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL 13:f67a6c6013ca 10306 * draft in comparision to the more recent RFC.
wolfSSL 13:f67a6c6013ca 10307 *
wolfSSL 13:f67a6c6013ca 10308 * ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL 13:f67a6c6013ca 10309 * plain output buffer to hold decrypted data
wolfSSL 13:f67a6c6013ca 10310 * input data to decrypt
wolfSSL 13:f67a6c6013ca 10311 * sz size of input
wolfSSL 13:f67a6c6013ca 10312 *
wolfSSL 13:f67a6c6013ca 10313 * Return 0 on success negative values in error case
wolfSSL 13:f67a6c6013ca 10314 */
wolfSSL 13:f67a6c6013ca 10315 static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 13:f67a6c6013ca 10316 word16 sz)
wolfSSL 13:f67a6c6013ca 10317 {
wolfSSL 13:f67a6c6013ca 10318 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 13:f67a6c6013ca 10319 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 13:f67a6c6013ca 10320 byte tag[POLY1305_AUTH_SZ];
wolfSSL 13:f67a6c6013ca 10321 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
wolfSSL 13:f67a6c6013ca 10322 int ret = 0;
wolfSSL 13:f67a6c6013ca 10323 int msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 13:f67a6c6013ca 10324
wolfSSL 13:f67a6c6013ca 10325 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10326 int i;
wolfSSL 13:f67a6c6013ca 10327 printf("input before decrypt :\n");
wolfSSL 13:f67a6c6013ca 10328 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 10329 printf("%02x", input[i]);
wolfSSL 13:f67a6c6013ca 10330 if ((i + 1) % 16 == 0)
wolfSSL 13:f67a6c6013ca 10331 printf("\n");
wolfSSL 13:f67a6c6013ca 10332 }
wolfSSL 13:f67a6c6013ca 10333 printf("\n");
wolfSSL 13:f67a6c6013ca 10334 #endif
wolfSSL 13:f67a6c6013ca 10335
wolfSSL 13:f67a6c6013ca 10336 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 13:f67a6c6013ca 10337 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10338 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 13:f67a6c6013ca 10339 XMEMSET(add, 0, sizeof(add));
wolfSSL 13:f67a6c6013ca 10340
wolfSSL 13:f67a6c6013ca 10341 /* sequence number field is 64-bits */
wolfSSL 13:f67a6c6013ca 10342 WriteSEQ(ssl, PEER_ORDER, add);
wolfSSL 13:f67a6c6013ca 10343
wolfSSL 13:f67a6c6013ca 10344 if (ssl->options.oldPoly != 0) {
wolfSSL 13:f67a6c6013ca 10345 /* get nonce, SEQ should not be incremented again here */
wolfSSL 13:f67a6c6013ca 10346 XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL 13:f67a6c6013ca 10347 }
wolfSSL 13:f67a6c6013ca 10348
wolfSSL 13:f67a6c6013ca 10349 /* get AD info */
wolfSSL 13:f67a6c6013ca 10350 /* Store the type, version. */
wolfSSL 13:f67a6c6013ca 10351 add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 13:f67a6c6013ca 10352 add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 13:f67a6c6013ca 10353 add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 13:f67a6c6013ca 10354
wolfSSL 13:f67a6c6013ca 10355 /* add TLS message size to additional data */
wolfSSL 13:f67a6c6013ca 10356 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 13:f67a6c6013ca 10357 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 13:f67a6c6013ca 10358
wolfSSL 13:f67a6c6013ca 10359 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10360 printf("Decrypt Additional : ");
wolfSSL 13:f67a6c6013ca 10361 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 13:f67a6c6013ca 10362 printf("%02x", add[i]);
wolfSSL 13:f67a6c6013ca 10363 }
wolfSSL 13:f67a6c6013ca 10364 printf("\n\n");
wolfSSL 13:f67a6c6013ca 10365 #endif
wolfSSL 13:f67a6c6013ca 10366
wolfSSL 13:f67a6c6013ca 10367 if (ssl->options.oldPoly == 0) {
wolfSSL 13:f67a6c6013ca 10368 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 13:f67a6c6013ca 10369 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 13:f67a6c6013ca 10370 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10371 nonce[4] ^= add[0];
wolfSSL 13:f67a6c6013ca 10372 nonce[5] ^= add[1];
wolfSSL 13:f67a6c6013ca 10373 nonce[6] ^= add[2];
wolfSSL 13:f67a6c6013ca 10374 nonce[7] ^= add[3];
wolfSSL 13:f67a6c6013ca 10375 nonce[8] ^= add[4];
wolfSSL 13:f67a6c6013ca 10376 nonce[9] ^= add[5];
wolfSSL 13:f67a6c6013ca 10377 nonce[10] ^= add[6];
wolfSSL 13:f67a6c6013ca 10378 nonce[11] ^= add[7];
wolfSSL 13:f67a6c6013ca 10379 }
wolfSSL 13:f67a6c6013ca 10380
wolfSSL 13:f67a6c6013ca 10381 /* set nonce and get poly1305 key */
wolfSSL 13:f67a6c6013ca 10382 if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) {
wolfSSL 13:f67a6c6013ca 10383 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 13:f67a6c6013ca 10384 return ret;
wolfSSL 13:f67a6c6013ca 10385 }
wolfSSL 13:f67a6c6013ca 10386
wolfSSL 13:f67a6c6013ca 10387 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 13:f67a6c6013ca 10388 /* use chacha20 keystream to get poly1305 key for tag */
wolfSSL 13:f67a6c6013ca 10389 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, poly,
wolfSSL 13:f67a6c6013ca 10390 poly, sizeof(poly))) != 0)
wolfSSL 13:f67a6c6013ca 10391 return ret;
wolfSSL 13:f67a6c6013ca 10392
wolfSSL 13:f67a6c6013ca 10393 /* get the tag using Poly1305 */
wolfSSL 13:f67a6c6013ca 10394 if (ssl->options.oldPoly != 0) {
wolfSSL 13:f67a6c6013ca 10395 if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
wolfSSL 13:f67a6c6013ca 10396 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10397 return ret;
wolfSSL 13:f67a6c6013ca 10398 }
wolfSSL 13:f67a6c6013ca 10399 }
wolfSSL 13:f67a6c6013ca 10400 else {
wolfSSL 13:f67a6c6013ca 10401 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 13:f67a6c6013ca 10402 sizeof(poly))) != 0) {
wolfSSL 13:f67a6c6013ca 10403 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10404 return ret;
wolfSSL 13:f67a6c6013ca 10405 }
wolfSSL 13:f67a6c6013ca 10406 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 13:f67a6c6013ca 10407 sizeof(add), (byte*)input, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 13:f67a6c6013ca 10408 ForceZero(poly, sizeof(poly));
wolfSSL 13:f67a6c6013ca 10409 return ret;
wolfSSL 13:f67a6c6013ca 10410 }
wolfSSL 13:f67a6c6013ca 10411 }
wolfSSL 13:f67a6c6013ca 10412 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 13:f67a6c6013ca 10413
wolfSSL 13:f67a6c6013ca 10414 /* check tag sent along with packet */
wolfSSL 13:f67a6c6013ca 10415 if (ConstantCompare(input + msgLen, tag, ssl->specs.aead_mac_size) != 0) {
wolfSSL 13:f67a6c6013ca 10416 WOLFSSL_MSG("MAC did not match");
wolfSSL 13:f67a6c6013ca 10417 if (!ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 10418 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 13:f67a6c6013ca 10419 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 10420 }
wolfSSL 13:f67a6c6013ca 10421
wolfSSL 13:f67a6c6013ca 10422 /* if the tag was good decrypt message */
wolfSSL 13:f67a6c6013ca 10423 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
wolfSSL 13:f67a6c6013ca 10424 input, msgLen)) != 0)
wolfSSL 13:f67a6c6013ca 10425 return ret;
wolfSSL 13:f67a6c6013ca 10426
wolfSSL 13:f67a6c6013ca 10427 #ifdef CHACHA_AEAD_TEST
wolfSSL 13:f67a6c6013ca 10428 printf("plain after decrypt :\n");
wolfSSL 13:f67a6c6013ca 10429 for (i = 0; i < sz; i++) {
wolfSSL 13:f67a6c6013ca 10430 printf("%02x", plain[i]);
wolfSSL 13:f67a6c6013ca 10431 if ((i + 1) % 16 == 0)
wolfSSL 13:f67a6c6013ca 10432 printf("\n");
wolfSSL 13:f67a6c6013ca 10433 }
wolfSSL 13:f67a6c6013ca 10434 printf("\n");
wolfSSL 13:f67a6c6013ca 10435 #endif
wolfSSL 13:f67a6c6013ca 10436
wolfSSL 13:f67a6c6013ca 10437 return ret;
wolfSSL 13:f67a6c6013ca 10438 }
wolfSSL 13:f67a6c6013ca 10439 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL 13:f67a6c6013ca 10440 #endif /* HAVE_AEAD */
wolfSSL 13:f67a6c6013ca 10441
wolfSSL 13:f67a6c6013ca 10442
wolfSSL 13:f67a6c6013ca 10443 static INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL 13:f67a6c6013ca 10444 word16 sz, int asyncOkay)
wolfSSL 13:f67a6c6013ca 10445 {
wolfSSL 13:f67a6c6013ca 10446 int ret = 0;
wolfSSL 13:f67a6c6013ca 10447 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10448 WC_ASYNC_DEV* asyncDev = NULL;
wolfSSL 13:f67a6c6013ca 10449 word32 event_flags = WC_ASYNC_FLAG_CALL_AGAIN;
wolfSSL 13:f67a6c6013ca 10450 #else
wolfSSL 13:f67a6c6013ca 10451 (void)asyncOkay;
wolfSSL 13:f67a6c6013ca 10452 #endif
wolfSSL 13:f67a6c6013ca 10453
wolfSSL 13:f67a6c6013ca 10454 (void)out;
wolfSSL 13:f67a6c6013ca 10455 (void)input;
wolfSSL 13:f67a6c6013ca 10456 (void)sz;
wolfSSL 13:f67a6c6013ca 10457
wolfSSL 13:f67a6c6013ca 10458 switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL 13:f67a6c6013ca 10459 #ifdef BUILD_ARC4
wolfSSL 13:f67a6c6013ca 10460 case wolfssl_rc4:
wolfSSL 13:f67a6c6013ca 10461 wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL 13:f67a6c6013ca 10462 break;
wolfSSL 13:f67a6c6013ca 10463 #endif
wolfSSL 13:f67a6c6013ca 10464
wolfSSL 13:f67a6c6013ca 10465 #ifdef BUILD_DES3
wolfSSL 13:f67a6c6013ca 10466 case wolfssl_triple_des:
wolfSSL 13:f67a6c6013ca 10467 ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL 13:f67a6c6013ca 10468 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10469 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10470 asyncDev = &ssl->encrypt.des3->asyncDev;
wolfSSL 13:f67a6c6013ca 10471 if (asyncOkay)
wolfSSL 13:f67a6c6013ca 10472 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 13:f67a6c6013ca 10473 }
wolfSSL 13:f67a6c6013ca 10474 #endif
wolfSSL 13:f67a6c6013ca 10475 break;
wolfSSL 13:f67a6c6013ca 10476 #endif
wolfSSL 13:f67a6c6013ca 10477
wolfSSL 13:f67a6c6013ca 10478 #ifdef BUILD_AES
wolfSSL 13:f67a6c6013ca 10479 case wolfssl_aes:
wolfSSL 13:f67a6c6013ca 10480 ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL 13:f67a6c6013ca 10481 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10482 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10483 asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL 13:f67a6c6013ca 10484 if (asyncOkay)
wolfSSL 13:f67a6c6013ca 10485 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 13:f67a6c6013ca 10486 break;
wolfSSL 13:f67a6c6013ca 10487 }
wolfSSL 13:f67a6c6013ca 10488 #endif
wolfSSL 13:f67a6c6013ca 10489 break;
wolfSSL 13:f67a6c6013ca 10490 #endif
wolfSSL 13:f67a6c6013ca 10491
wolfSSL 13:f67a6c6013ca 10492 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10493 case wolfssl_aes_gcm:
wolfSSL 13:f67a6c6013ca 10494 case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
wolfSSL 13:f67a6c6013ca 10495 {
wolfSSL 13:f67a6c6013ca 10496 wc_AesAuthEncryptFunc aes_auth_fn;
wolfSSL 13:f67a6c6013ca 10497 const byte* additionalSrc;
wolfSSL 13:f67a6c6013ca 10498 #if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10499 aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 13:f67a6c6013ca 10500 ? wc_AesGcmEncrypt : wc_AesCcmEncrypt;
wolfSSL 13:f67a6c6013ca 10501 #elif defined(BUILD_AESGCM)
wolfSSL 13:f67a6c6013ca 10502 aes_auth_fn = wc_AesGcmEncrypt;
wolfSSL 13:f67a6c6013ca 10503 #else
wolfSSL 13:f67a6c6013ca 10504 aes_auth_fn = wc_AesCcmEncrypt;
wolfSSL 13:f67a6c6013ca 10505 #endif
wolfSSL 13:f67a6c6013ca 10506 additionalSrc = input - 5;
wolfSSL 13:f67a6c6013ca 10507
wolfSSL 13:f67a6c6013ca 10508 XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 13:f67a6c6013ca 10509
wolfSSL 13:f67a6c6013ca 10510 /* sequence number field is 64-bits */
wolfSSL 13:f67a6c6013ca 10511 WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
wolfSSL 13:f67a6c6013ca 10512
wolfSSL 13:f67a6c6013ca 10513 /* Store the type, version. Unfortunately, they are in
wolfSSL 13:f67a6c6013ca 10514 * the input buffer ahead of the plaintext. */
wolfSSL 13:f67a6c6013ca 10515 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 10516 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 10517 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 10518 }
wolfSSL 13:f67a6c6013ca 10519 #endif
wolfSSL 13:f67a6c6013ca 10520 XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
wolfSSL 13:f67a6c6013ca 10521 additionalSrc, 3);
wolfSSL 13:f67a6c6013ca 10522
wolfSSL 13:f67a6c6013ca 10523 /* Store the length of the plain text minus the explicit
wolfSSL 13:f67a6c6013ca 10524 * IV length minus the authentication tag size. */
wolfSSL 13:f67a6c6013ca 10525 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10526 ssl->encrypt.additional + AEAD_LEN_OFFSET);
wolfSSL 13:f67a6c6013ca 10527 XMEMCPY(ssl->encrypt.nonce,
wolfSSL 13:f67a6c6013ca 10528 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10529 XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
wolfSSL 13:f67a6c6013ca 10530 ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10531 ret = aes_auth_fn(ssl->encrypt.aes,
wolfSSL 13:f67a6c6013ca 10532 out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL 13:f67a6c6013ca 10533 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10534 ssl->encrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL 13:f67a6c6013ca 10535 out + sz - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10536 ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10537 ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
wolfSSL 13:f67a6c6013ca 10538 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10539 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10540 asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL 13:f67a6c6013ca 10541 if (asyncOkay)
wolfSSL 13:f67a6c6013ca 10542 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 13:f67a6c6013ca 10543 }
wolfSSL 13:f67a6c6013ca 10544 #endif
wolfSSL 13:f67a6c6013ca 10545 }
wolfSSL 13:f67a6c6013ca 10546 break;
wolfSSL 13:f67a6c6013ca 10547 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10548
wolfSSL 13:f67a6c6013ca 10549 #ifdef HAVE_CAMELLIA
wolfSSL 13:f67a6c6013ca 10550 case wolfssl_camellia:
wolfSSL 13:f67a6c6013ca 10551 ret = wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL 13:f67a6c6013ca 10552 break;
wolfSSL 13:f67a6c6013ca 10553 #endif
wolfSSL 13:f67a6c6013ca 10554
wolfSSL 13:f67a6c6013ca 10555 #ifdef HAVE_HC128
wolfSSL 13:f67a6c6013ca 10556 case wolfssl_hc128:
wolfSSL 13:f67a6c6013ca 10557 ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL 13:f67a6c6013ca 10558 break;
wolfSSL 13:f67a6c6013ca 10559 #endif
wolfSSL 13:f67a6c6013ca 10560
wolfSSL 13:f67a6c6013ca 10561 #ifdef BUILD_RABBIT
wolfSSL 13:f67a6c6013ca 10562 case wolfssl_rabbit:
wolfSSL 13:f67a6c6013ca 10563 ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL 13:f67a6c6013ca 10564 break;
wolfSSL 13:f67a6c6013ca 10565 #endif
wolfSSL 13:f67a6c6013ca 10566
wolfSSL 13:f67a6c6013ca 10567 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 13:f67a6c6013ca 10568 case wolfssl_chacha:
wolfSSL 13:f67a6c6013ca 10569 ret = ChachaAEADEncrypt(ssl, out, input, sz);
wolfSSL 13:f67a6c6013ca 10570 break;
wolfSSL 13:f67a6c6013ca 10571 #endif
wolfSSL 13:f67a6c6013ca 10572
wolfSSL 13:f67a6c6013ca 10573 #ifdef HAVE_NULL_CIPHER
wolfSSL 13:f67a6c6013ca 10574 case wolfssl_cipher_null:
wolfSSL 13:f67a6c6013ca 10575 if (input != out) {
wolfSSL 13:f67a6c6013ca 10576 XMEMMOVE(out, input, sz);
wolfSSL 13:f67a6c6013ca 10577 }
wolfSSL 13:f67a6c6013ca 10578 break;
wolfSSL 13:f67a6c6013ca 10579 #endif
wolfSSL 13:f67a6c6013ca 10580
wolfSSL 13:f67a6c6013ca 10581 #ifdef HAVE_IDEA
wolfSSL 13:f67a6c6013ca 10582 case wolfssl_idea:
wolfSSL 13:f67a6c6013ca 10583 ret = wc_IdeaCbcEncrypt(ssl->encrypt.idea, out, input, sz);
wolfSSL 13:f67a6c6013ca 10584 break;
wolfSSL 13:f67a6c6013ca 10585 #endif
wolfSSL 13:f67a6c6013ca 10586
wolfSSL 13:f67a6c6013ca 10587 default:
wolfSSL 13:f67a6c6013ca 10588 WOLFSSL_MSG("wolfSSL Encrypt programming error");
wolfSSL 13:f67a6c6013ca 10589 ret = ENCRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 10590 }
wolfSSL 13:f67a6c6013ca 10591
wolfSSL 13:f67a6c6013ca 10592 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10593 /* if async is not okay, then block */
wolfSSL 13:f67a6c6013ca 10594 if (ret == WC_PENDING_E && !asyncOkay) {
wolfSSL 13:f67a6c6013ca 10595 ret = wc_AsyncWait(ret, asyncDev, event_flags);
wolfSSL 13:f67a6c6013ca 10596 }
wolfSSL 13:f67a6c6013ca 10597 #endif
wolfSSL 13:f67a6c6013ca 10598
wolfSSL 13:f67a6c6013ca 10599 return ret;
wolfSSL 13:f67a6c6013ca 10600 }
wolfSSL 13:f67a6c6013ca 10601
wolfSSL 13:f67a6c6013ca 10602 static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
wolfSSL 13:f67a6c6013ca 10603 int asyncOkay)
wolfSSL 13:f67a6c6013ca 10604 {
wolfSSL 13:f67a6c6013ca 10605 int ret = 0;
wolfSSL 13:f67a6c6013ca 10606
wolfSSL 13:f67a6c6013ca 10607 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10608 if (ssl->error == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10609 ssl->error = 0; /* clear async */
wolfSSL 13:f67a6c6013ca 10610 }
wolfSSL 13:f67a6c6013ca 10611 #endif
wolfSSL 13:f67a6c6013ca 10612
wolfSSL 13:f67a6c6013ca 10613 switch (ssl->encrypt.state) {
wolfSSL 13:f67a6c6013ca 10614 case CIPHER_STATE_BEGIN:
wolfSSL 13:f67a6c6013ca 10615 {
wolfSSL 13:f67a6c6013ca 10616 if (ssl->encrypt.setup == 0) {
wolfSSL 13:f67a6c6013ca 10617 WOLFSSL_MSG("Encrypt ciphers not setup");
wolfSSL 13:f67a6c6013ca 10618 return ENCRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 10619 }
wolfSSL 13:f67a6c6013ca 10620
wolfSSL 13:f67a6c6013ca 10621 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 10622 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 10623 ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 10624 #endif
wolfSSL 13:f67a6c6013ca 10625
wolfSSL 13:f67a6c6013ca 10626 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10627 /* make sure AES GCM/CCM memory is allocated */
wolfSSL 13:f67a6c6013ca 10628 /* free for these happens in FreeCiphers */
wolfSSL 13:f67a6c6013ca 10629 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 13:f67a6c6013ca 10630 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 13:f67a6c6013ca 10631 /* make sure auth iv and auth are allocated */
wolfSSL 13:f67a6c6013ca 10632 if (ssl->encrypt.additional == NULL)
wolfSSL 13:f67a6c6013ca 10633 ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL 13:f67a6c6013ca 10634 ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 10635 if (ssl->encrypt.nonce == NULL)
wolfSSL 13:f67a6c6013ca 10636 ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL 13:f67a6c6013ca 10637 ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 10638 if (ssl->encrypt.additional == NULL ||
wolfSSL 13:f67a6c6013ca 10639 ssl->encrypt.nonce == NULL) {
wolfSSL 13:f67a6c6013ca 10640 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 10641 }
wolfSSL 13:f67a6c6013ca 10642 }
wolfSSL 13:f67a6c6013ca 10643 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10644
wolfSSL 13:f67a6c6013ca 10645 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 10646 ssl->encrypt.state = CIPHER_STATE_DO;
wolfSSL 13:f67a6c6013ca 10647 }
wolfSSL 13:f67a6c6013ca 10648 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 10649
wolfSSL 13:f67a6c6013ca 10650 case CIPHER_STATE_DO:
wolfSSL 13:f67a6c6013ca 10651 {
wolfSSL 13:f67a6c6013ca 10652 ret = EncryptDo(ssl, out, input, sz, asyncOkay);
wolfSSL 13:f67a6c6013ca 10653
wolfSSL 13:f67a6c6013ca 10654 /* Advance state */
wolfSSL 13:f67a6c6013ca 10655 ssl->encrypt.state = CIPHER_STATE_END;
wolfSSL 13:f67a6c6013ca 10656
wolfSSL 13:f67a6c6013ca 10657 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10658 /* If pending, then leave and return will resume below */
wolfSSL 13:f67a6c6013ca 10659 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10660 return ret;
wolfSSL 13:f67a6c6013ca 10661 }
wolfSSL 13:f67a6c6013ca 10662 #endif
wolfSSL 13:f67a6c6013ca 10663 }
wolfSSL 13:f67a6c6013ca 10664 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 10665
wolfSSL 13:f67a6c6013ca 10666 case CIPHER_STATE_END:
wolfSSL 13:f67a6c6013ca 10667 {
wolfSSL 13:f67a6c6013ca 10668 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10669 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 13:f67a6c6013ca 10670 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 13:f67a6c6013ca 10671 {
wolfSSL 13:f67a6c6013ca 10672 /* finalize authentication cipher */
wolfSSL 13:f67a6c6013ca 10673 AeadIncrementExpIV(ssl);
wolfSSL 13:f67a6c6013ca 10674
wolfSSL 13:f67a6c6013ca 10675 if (ssl->encrypt.nonce)
wolfSSL 13:f67a6c6013ca 10676 ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL 13:f67a6c6013ca 10677
wolfSSL 13:f67a6c6013ca 10678 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 10679 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 10680 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 10681 #endif
wolfSSL 13:f67a6c6013ca 10682 }
wolfSSL 13:f67a6c6013ca 10683 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10684 break;
wolfSSL 13:f67a6c6013ca 10685 }
wolfSSL 13:f67a6c6013ca 10686 }
wolfSSL 13:f67a6c6013ca 10687
wolfSSL 13:f67a6c6013ca 10688 /* Reset state */
wolfSSL 13:f67a6c6013ca 10689 ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 13:f67a6c6013ca 10690
wolfSSL 13:f67a6c6013ca 10691 return ret;
wolfSSL 13:f67a6c6013ca 10692 }
wolfSSL 13:f67a6c6013ca 10693
wolfSSL 13:f67a6c6013ca 10694 static INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 13:f67a6c6013ca 10695 word16 sz)
wolfSSL 13:f67a6c6013ca 10696 {
wolfSSL 13:f67a6c6013ca 10697 int ret = 0;
wolfSSL 13:f67a6c6013ca 10698
wolfSSL 13:f67a6c6013ca 10699 (void)plain;
wolfSSL 13:f67a6c6013ca 10700 (void)input;
wolfSSL 13:f67a6c6013ca 10701 (void)sz;
wolfSSL 13:f67a6c6013ca 10702
wolfSSL 13:f67a6c6013ca 10703 switch (ssl->specs.bulk_cipher_algorithm)
wolfSSL 13:f67a6c6013ca 10704 {
wolfSSL 13:f67a6c6013ca 10705 #ifdef BUILD_ARC4
wolfSSL 13:f67a6c6013ca 10706 case wolfssl_rc4:
wolfSSL 13:f67a6c6013ca 10707 wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10708 break;
wolfSSL 13:f67a6c6013ca 10709 #endif
wolfSSL 13:f67a6c6013ca 10710
wolfSSL 13:f67a6c6013ca 10711 #ifdef BUILD_DES3
wolfSSL 13:f67a6c6013ca 10712 case wolfssl_triple_des:
wolfSSL 13:f67a6c6013ca 10713 ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10714 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10715 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10716 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev,
wolfSSL 13:f67a6c6013ca 10717 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 10718 }
wolfSSL 13:f67a6c6013ca 10719 #endif
wolfSSL 13:f67a6c6013ca 10720 break;
wolfSSL 13:f67a6c6013ca 10721 #endif
wolfSSL 13:f67a6c6013ca 10722
wolfSSL 13:f67a6c6013ca 10723 #ifdef BUILD_AES
wolfSSL 13:f67a6c6013ca 10724 case wolfssl_aes:
wolfSSL 13:f67a6c6013ca 10725 ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10726 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10727 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10728 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev,
wolfSSL 13:f67a6c6013ca 10729 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 10730 }
wolfSSL 13:f67a6c6013ca 10731 #endif
wolfSSL 13:f67a6c6013ca 10732 break;
wolfSSL 13:f67a6c6013ca 10733 #endif
wolfSSL 13:f67a6c6013ca 10734
wolfSSL 13:f67a6c6013ca 10735 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10736 case wolfssl_aes_gcm:
wolfSSL 13:f67a6c6013ca 10737 case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
wolfSSL 13:f67a6c6013ca 10738 {
wolfSSL 13:f67a6c6013ca 10739 wc_AesAuthDecryptFunc aes_auth_fn;
wolfSSL 13:f67a6c6013ca 10740 #if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10741 aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 13:f67a6c6013ca 10742 ? wc_AesGcmDecrypt : wc_AesCcmDecrypt;
wolfSSL 13:f67a6c6013ca 10743 #elif defined(BUILD_AESGCM)
wolfSSL 13:f67a6c6013ca 10744 aes_auth_fn = wc_AesGcmDecrypt;
wolfSSL 13:f67a6c6013ca 10745 #else
wolfSSL 13:f67a6c6013ca 10746 aes_auth_fn = wc_AesCcmDecrypt;
wolfSSL 13:f67a6c6013ca 10747 #endif
wolfSSL 13:f67a6c6013ca 10748
wolfSSL 13:f67a6c6013ca 10749 XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 13:f67a6c6013ca 10750
wolfSSL 13:f67a6c6013ca 10751 /* sequence number field is 64-bits */
wolfSSL 13:f67a6c6013ca 10752 WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
wolfSSL 13:f67a6c6013ca 10753
wolfSSL 13:f67a6c6013ca 10754 ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 13:f67a6c6013ca 10755 ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 13:f67a6c6013ca 10756 ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 13:f67a6c6013ca 10757
wolfSSL 13:f67a6c6013ca 10758 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10759 ssl->decrypt.additional + AEAD_LEN_OFFSET);
wolfSSL 13:f67a6c6013ca 10760 XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV,
wolfSSL 13:f67a6c6013ca 10761 AESGCM_IMP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10762 XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input,
wolfSSL 13:f67a6c6013ca 10763 AESGCM_EXP_IV_SZ);
wolfSSL 13:f67a6c6013ca 10764 if ((ret = aes_auth_fn(ssl->decrypt.aes,
wolfSSL 13:f67a6c6013ca 10765 plain + AESGCM_EXP_IV_SZ,
wolfSSL 13:f67a6c6013ca 10766 input + AESGCM_EXP_IV_SZ,
wolfSSL 13:f67a6c6013ca 10767 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10768 ssl->decrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL 13:f67a6c6013ca 10769 input + sz - ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10770 ssl->specs.aead_mac_size,
wolfSSL 13:f67a6c6013ca 10771 ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
wolfSSL 13:f67a6c6013ca 10772 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10773 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10774 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 13:f67a6c6013ca 10775 &ssl->decrypt.aes->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 13:f67a6c6013ca 10776 break;
wolfSSL 13:f67a6c6013ca 10777 }
wolfSSL 13:f67a6c6013ca 10778 #endif
wolfSSL 13:f67a6c6013ca 10779 }
wolfSSL 13:f67a6c6013ca 10780 }
wolfSSL 13:f67a6c6013ca 10781 break;
wolfSSL 13:f67a6c6013ca 10782 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10783
wolfSSL 13:f67a6c6013ca 10784 #ifdef HAVE_CAMELLIA
wolfSSL 13:f67a6c6013ca 10785 case wolfssl_camellia:
wolfSSL 13:f67a6c6013ca 10786 ret = wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10787 break;
wolfSSL 13:f67a6c6013ca 10788 #endif
wolfSSL 13:f67a6c6013ca 10789
wolfSSL 13:f67a6c6013ca 10790 #ifdef HAVE_HC128
wolfSSL 13:f67a6c6013ca 10791 case wolfssl_hc128:
wolfSSL 13:f67a6c6013ca 10792 ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10793 break;
wolfSSL 13:f67a6c6013ca 10794 #endif
wolfSSL 13:f67a6c6013ca 10795
wolfSSL 13:f67a6c6013ca 10796 #ifdef BUILD_RABBIT
wolfSSL 13:f67a6c6013ca 10797 case wolfssl_rabbit:
wolfSSL 13:f67a6c6013ca 10798 ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10799 break;
wolfSSL 13:f67a6c6013ca 10800 #endif
wolfSSL 13:f67a6c6013ca 10801
wolfSSL 13:f67a6c6013ca 10802 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 13:f67a6c6013ca 10803 case wolfssl_chacha:
wolfSSL 13:f67a6c6013ca 10804 ret = ChachaAEADDecrypt(ssl, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10805 break;
wolfSSL 13:f67a6c6013ca 10806 #endif
wolfSSL 13:f67a6c6013ca 10807
wolfSSL 13:f67a6c6013ca 10808 #ifdef HAVE_NULL_CIPHER
wolfSSL 13:f67a6c6013ca 10809 case wolfssl_cipher_null:
wolfSSL 13:f67a6c6013ca 10810 if (input != plain) {
wolfSSL 13:f67a6c6013ca 10811 XMEMMOVE(plain, input, sz);
wolfSSL 13:f67a6c6013ca 10812 }
wolfSSL 13:f67a6c6013ca 10813 break;
wolfSSL 13:f67a6c6013ca 10814 #endif
wolfSSL 13:f67a6c6013ca 10815
wolfSSL 13:f67a6c6013ca 10816 #ifdef HAVE_IDEA
wolfSSL 13:f67a6c6013ca 10817 case wolfssl_idea:
wolfSSL 13:f67a6c6013ca 10818 ret = wc_IdeaCbcDecrypt(ssl->decrypt.idea, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10819 break;
wolfSSL 13:f67a6c6013ca 10820 #endif
wolfSSL 13:f67a6c6013ca 10821
wolfSSL 13:f67a6c6013ca 10822 default:
wolfSSL 13:f67a6c6013ca 10823 WOLFSSL_MSG("wolfSSL Decrypt programming error");
wolfSSL 13:f67a6c6013ca 10824 ret = DECRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 10825 }
wolfSSL 13:f67a6c6013ca 10826
wolfSSL 13:f67a6c6013ca 10827 return ret;
wolfSSL 13:f67a6c6013ca 10828 }
wolfSSL 13:f67a6c6013ca 10829
wolfSSL 13:f67a6c6013ca 10830 static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 13:f67a6c6013ca 10831 word16 sz)
wolfSSL 13:f67a6c6013ca 10832 {
wolfSSL 13:f67a6c6013ca 10833 int ret = 0;
wolfSSL 13:f67a6c6013ca 10834
wolfSSL 13:f67a6c6013ca 10835 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10836 ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
wolfSSL 13:f67a6c6013ca 10837 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10838 /* check for still pending */
wolfSSL 13:f67a6c6013ca 10839 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 10840 return ret;
wolfSSL 13:f67a6c6013ca 10841
wolfSSL 13:f67a6c6013ca 10842 ssl->error = 0; /* clear async */
wolfSSL 13:f67a6c6013ca 10843
wolfSSL 13:f67a6c6013ca 10844 /* let failures through so CIPHER_STATE_END logic is run */
wolfSSL 13:f67a6c6013ca 10845 }
wolfSSL 13:f67a6c6013ca 10846 else
wolfSSL 13:f67a6c6013ca 10847 #endif
wolfSSL 13:f67a6c6013ca 10848 {
wolfSSL 13:f67a6c6013ca 10849 /* Reset state */
wolfSSL 13:f67a6c6013ca 10850 ret = 0;
wolfSSL 13:f67a6c6013ca 10851 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 13:f67a6c6013ca 10852 }
wolfSSL 13:f67a6c6013ca 10853
wolfSSL 13:f67a6c6013ca 10854 switch (ssl->decrypt.state) {
wolfSSL 13:f67a6c6013ca 10855 case CIPHER_STATE_BEGIN:
wolfSSL 13:f67a6c6013ca 10856 {
wolfSSL 13:f67a6c6013ca 10857 if (ssl->decrypt.setup == 0) {
wolfSSL 13:f67a6c6013ca 10858 WOLFSSL_MSG("Decrypt ciphers not setup");
wolfSSL 13:f67a6c6013ca 10859 return DECRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 10860 }
wolfSSL 13:f67a6c6013ca 10861
wolfSSL 13:f67a6c6013ca 10862 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10863 /* make sure AES GCM/CCM memory is allocated */
wolfSSL 13:f67a6c6013ca 10864 /* free for these happens in FreeCiphers */
wolfSSL 13:f67a6c6013ca 10865 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 13:f67a6c6013ca 10866 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 13:f67a6c6013ca 10867 /* make sure auth iv and auth are allocated */
wolfSSL 13:f67a6c6013ca 10868 if (ssl->decrypt.additional == NULL)
wolfSSL 13:f67a6c6013ca 10869 ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL 13:f67a6c6013ca 10870 ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 10871 if (ssl->decrypt.nonce == NULL)
wolfSSL 13:f67a6c6013ca 10872 ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL 13:f67a6c6013ca 10873 ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL 13:f67a6c6013ca 10874 if (ssl->decrypt.additional == NULL ||
wolfSSL 13:f67a6c6013ca 10875 ssl->decrypt.nonce == NULL) {
wolfSSL 13:f67a6c6013ca 10876 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 10877 }
wolfSSL 13:f67a6c6013ca 10878 }
wolfSSL 13:f67a6c6013ca 10879 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10880
wolfSSL 13:f67a6c6013ca 10881 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 10882 ssl->decrypt.state = CIPHER_STATE_DO;
wolfSSL 13:f67a6c6013ca 10883 }
wolfSSL 13:f67a6c6013ca 10884 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 10885 case CIPHER_STATE_DO:
wolfSSL 13:f67a6c6013ca 10886 {
wolfSSL 13:f67a6c6013ca 10887 ret = DecryptDo(ssl, plain, input, sz);
wolfSSL 13:f67a6c6013ca 10888
wolfSSL 13:f67a6c6013ca 10889 /* Advance state */
wolfSSL 13:f67a6c6013ca 10890 ssl->decrypt.state = CIPHER_STATE_END;
wolfSSL 13:f67a6c6013ca 10891
wolfSSL 13:f67a6c6013ca 10892 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 10893 /* If pending, leave and return below */
wolfSSL 13:f67a6c6013ca 10894 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 10895 return ret;
wolfSSL 13:f67a6c6013ca 10896 }
wolfSSL 13:f67a6c6013ca 10897 #endif
wolfSSL 13:f67a6c6013ca 10898 }
wolfSSL 13:f67a6c6013ca 10899 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 10900 case CIPHER_STATE_END:
wolfSSL 13:f67a6c6013ca 10901 {
wolfSSL 13:f67a6c6013ca 10902 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 10903 /* make sure AES GCM/CCM nonce is cleared */
wolfSSL 13:f67a6c6013ca 10904 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 13:f67a6c6013ca 10905 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 13:f67a6c6013ca 10906 if (ssl->decrypt.nonce)
wolfSSL 13:f67a6c6013ca 10907 ForceZero(ssl->decrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL 13:f67a6c6013ca 10908
wolfSSL 13:f67a6c6013ca 10909 if (ret < 0)
wolfSSL 13:f67a6c6013ca 10910 ret = VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 10911 }
wolfSSL 13:f67a6c6013ca 10912 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 13:f67a6c6013ca 10913 break;
wolfSSL 13:f67a6c6013ca 10914 }
wolfSSL 13:f67a6c6013ca 10915 }
wolfSSL 13:f67a6c6013ca 10916
wolfSSL 13:f67a6c6013ca 10917 /* Reset state */
wolfSSL 13:f67a6c6013ca 10918 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 13:f67a6c6013ca 10919
wolfSSL 13:f67a6c6013ca 10920 /* handle mac error case */
wolfSSL 13:f67a6c6013ca 10921 if (ret == VERIFY_MAC_ERROR) {
wolfSSL 13:f67a6c6013ca 10922 if (!ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 10923 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 13:f67a6c6013ca 10924
wolfSSL 13:f67a6c6013ca 10925 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 13:f67a6c6013ca 10926 ssl->macDropCount++;
wolfSSL 13:f67a6c6013ca 10927 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 13:f67a6c6013ca 10928 }
wolfSSL 13:f67a6c6013ca 10929
wolfSSL 13:f67a6c6013ca 10930 return ret;
wolfSSL 13:f67a6c6013ca 10931 }
wolfSSL 13:f67a6c6013ca 10932
wolfSSL 13:f67a6c6013ca 10933 /* Check conditions for a cipher to have an explicit IV.
wolfSSL 13:f67a6c6013ca 10934 *
wolfSSL 13:f67a6c6013ca 10935 * ssl The SSL/TLS object.
wolfSSL 13:f67a6c6013ca 10936 * returns 1 if the cipher in use has an explicit IV and 0 otherwise.
wolfSSL 13:f67a6c6013ca 10937 */
wolfSSL 13:f67a6c6013ca 10938 static INLINE int CipherHasExpIV(WOLFSSL *ssl)
wolfSSL 13:f67a6c6013ca 10939 {
wolfSSL 13:f67a6c6013ca 10940 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 10941 if (ssl->options.tls1_3)
wolfSSL 13:f67a6c6013ca 10942 return 0;
wolfSSL 13:f67a6c6013ca 10943 #endif
wolfSSL 13:f67a6c6013ca 10944 return (ssl->specs.cipher_type == aead) &&
wolfSSL 13:f67a6c6013ca 10945 (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha);
wolfSSL 13:f67a6c6013ca 10946 }
wolfSSL 13:f67a6c6013ca 10947
wolfSSL 13:f67a6c6013ca 10948 /* check cipher text size for sanity */
wolfSSL 13:f67a6c6013ca 10949 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
wolfSSL 13:f67a6c6013ca 10950 {
wolfSSL 13:f67a6c6013ca 10951 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 10952 word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 13:f67a6c6013ca 10953 : ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 10954 #else
wolfSSL 13:f67a6c6013ca 10955 word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL 13:f67a6c6013ca 10956 #endif
wolfSSL 13:f67a6c6013ca 10957
wolfSSL 13:f67a6c6013ca 10958 if (ssl->specs.cipher_type == block) {
wolfSSL 13:f67a6c6013ca 10959 if (encryptSz % ssl->specs.block_size) {
wolfSSL 13:f67a6c6013ca 10960 WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL 13:f67a6c6013ca 10961 return SANITY_CIPHER_E;
wolfSSL 13:f67a6c6013ca 10962 }
wolfSSL 13:f67a6c6013ca 10963
wolfSSL 13:f67a6c6013ca 10964 minLength++; /* pad byte */
wolfSSL 13:f67a6c6013ca 10965
wolfSSL 13:f67a6c6013ca 10966 if (ssl->specs.block_size > minLength)
wolfSSL 13:f67a6c6013ca 10967 minLength = ssl->specs.block_size;
wolfSSL 13:f67a6c6013ca 10968
wolfSSL 13:f67a6c6013ca 10969 if (ssl->options.tls1_1)
wolfSSL 13:f67a6c6013ca 10970 minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL 13:f67a6c6013ca 10971 }
wolfSSL 13:f67a6c6013ca 10972 else if (ssl->specs.cipher_type == aead) {
wolfSSL 13:f67a6c6013ca 10973 minLength = ssl->specs.aead_mac_size; /* authTag size */
wolfSSL 13:f67a6c6013ca 10974 if (CipherHasExpIV(ssl))
wolfSSL 13:f67a6c6013ca 10975 minLength += AESGCM_EXP_IV_SZ; /* explicit IV */
wolfSSL 13:f67a6c6013ca 10976 }
wolfSSL 13:f67a6c6013ca 10977
wolfSSL 13:f67a6c6013ca 10978 if (encryptSz < minLength) {
wolfSSL 13:f67a6c6013ca 10979 WOLFSSL_MSG("Ciphertext not minimum size");
wolfSSL 13:f67a6c6013ca 10980 return SANITY_CIPHER_E;
wolfSSL 13:f67a6c6013ca 10981 }
wolfSSL 13:f67a6c6013ca 10982
wolfSSL 13:f67a6c6013ca 10983 return 0;
wolfSSL 13:f67a6c6013ca 10984 }
wolfSSL 13:f67a6c6013ca 10985
wolfSSL 13:f67a6c6013ca 10986
wolfSSL 13:f67a6c6013ca 10987 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 10988
wolfSSL 13:f67a6c6013ca 10989 static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 10990 {
wolfSSL 13:f67a6c6013ca 10991 Md5 md5;
wolfSSL 13:f67a6c6013ca 10992 int i;
wolfSSL 13:f67a6c6013ca 10993
wolfSSL 13:f67a6c6013ca 10994 wc_InitMd5(&md5); /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 10995
wolfSSL 13:f67a6c6013ca 10996 for (i = 0; i < rounds; i++)
wolfSSL 13:f67a6c6013ca 10997 wc_Md5Update(&md5, data, sz);
wolfSSL 13:f67a6c6013ca 10998 wc_Md5Free(&md5); /* in case needed to release resources */
wolfSSL 13:f67a6c6013ca 10999 }
wolfSSL 13:f67a6c6013ca 11000
wolfSSL 13:f67a6c6013ca 11001
wolfSSL 13:f67a6c6013ca 11002
wolfSSL 13:f67a6c6013ca 11003 /* do a dummy sha round */
wolfSSL 13:f67a6c6013ca 11004 static INLINE void ShaRounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11005 {
wolfSSL 13:f67a6c6013ca 11006 Sha sha;
wolfSSL 13:f67a6c6013ca 11007 int i;
wolfSSL 13:f67a6c6013ca 11008
wolfSSL 13:f67a6c6013ca 11009 wc_InitSha(&sha); /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11010
wolfSSL 13:f67a6c6013ca 11011 for (i = 0; i < rounds; i++)
wolfSSL 13:f67a6c6013ca 11012 wc_ShaUpdate(&sha, data, sz);
wolfSSL 13:f67a6c6013ca 11013 wc_ShaFree(&sha); /* in case needed to release resources */
wolfSSL 13:f67a6c6013ca 11014 }
wolfSSL 13:f67a6c6013ca 11015 #endif
wolfSSL 13:f67a6c6013ca 11016
wolfSSL 13:f67a6c6013ca 11017
wolfSSL 13:f67a6c6013ca 11018 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 11019
wolfSSL 13:f67a6c6013ca 11020 static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11021 {
wolfSSL 13:f67a6c6013ca 11022 Sha256 sha256;
wolfSSL 13:f67a6c6013ca 11023 int i;
wolfSSL 13:f67a6c6013ca 11024
wolfSSL 13:f67a6c6013ca 11025 wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11026
wolfSSL 13:f67a6c6013ca 11027 for (i = 0; i < rounds; i++) {
wolfSSL 13:f67a6c6013ca 11028 wc_Sha256Update(&sha256, data, sz);
wolfSSL 13:f67a6c6013ca 11029 /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11030 }
wolfSSL 13:f67a6c6013ca 11031 wc_Sha256Free(&sha256); /* in case needed to release resources */
wolfSSL 13:f67a6c6013ca 11032 }
wolfSSL 13:f67a6c6013ca 11033
wolfSSL 13:f67a6c6013ca 11034 #endif
wolfSSL 13:f67a6c6013ca 11035
wolfSSL 13:f67a6c6013ca 11036
wolfSSL 13:f67a6c6013ca 11037 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 11038
wolfSSL 13:f67a6c6013ca 11039 static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11040 {
wolfSSL 13:f67a6c6013ca 11041 Sha384 sha384;
wolfSSL 13:f67a6c6013ca 11042 int i;
wolfSSL 13:f67a6c6013ca 11043
wolfSSL 13:f67a6c6013ca 11044 wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11045
wolfSSL 13:f67a6c6013ca 11046 for (i = 0; i < rounds; i++) {
wolfSSL 13:f67a6c6013ca 11047 wc_Sha384Update(&sha384, data, sz);
wolfSSL 13:f67a6c6013ca 11048 /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11049 }
wolfSSL 13:f67a6c6013ca 11050 wc_Sha384Free(&sha384); /* in case needed to release resources */
wolfSSL 13:f67a6c6013ca 11051 }
wolfSSL 13:f67a6c6013ca 11052
wolfSSL 13:f67a6c6013ca 11053 #endif
wolfSSL 13:f67a6c6013ca 11054
wolfSSL 13:f67a6c6013ca 11055
wolfSSL 13:f67a6c6013ca 11056 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 11057
wolfSSL 13:f67a6c6013ca 11058 static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11059 {
wolfSSL 13:f67a6c6013ca 11060 Sha512 sha512;
wolfSSL 13:f67a6c6013ca 11061 int i;
wolfSSL 13:f67a6c6013ca 11062
wolfSSL 13:f67a6c6013ca 11063 wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11064
wolfSSL 13:f67a6c6013ca 11065 for (i = 0; i < rounds; i++) {
wolfSSL 13:f67a6c6013ca 11066 wc_Sha512Update(&sha512, data, sz);
wolfSSL 13:f67a6c6013ca 11067 /* no error check on purpose, dummy round */
wolfSSL 13:f67a6c6013ca 11068 }
wolfSSL 13:f67a6c6013ca 11069 wc_Sha512Free(&sha512); /* in case needed to release resources */
wolfSSL 13:f67a6c6013ca 11070 }
wolfSSL 13:f67a6c6013ca 11071
wolfSSL 13:f67a6c6013ca 11072 #endif
wolfSSL 13:f67a6c6013ca 11073
wolfSSL 13:f67a6c6013ca 11074
wolfSSL 13:f67a6c6013ca 11075 #ifdef WOLFSSL_RIPEMD
wolfSSL 13:f67a6c6013ca 11076
wolfSSL 13:f67a6c6013ca 11077 static INLINE void RmdRounds(int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11078 {
wolfSSL 13:f67a6c6013ca 11079 RipeMd ripemd;
wolfSSL 13:f67a6c6013ca 11080 int i;
wolfSSL 13:f67a6c6013ca 11081
wolfSSL 13:f67a6c6013ca 11082 wc_InitRipeMd(&ripemd);
wolfSSL 13:f67a6c6013ca 11083
wolfSSL 13:f67a6c6013ca 11084 for (i = 0; i < rounds; i++)
wolfSSL 13:f67a6c6013ca 11085 wc_RipeMdUpdate(&ripemd, data, sz);
wolfSSL 13:f67a6c6013ca 11086 }
wolfSSL 13:f67a6c6013ca 11087
wolfSSL 13:f67a6c6013ca 11088 #endif
wolfSSL 13:f67a6c6013ca 11089
wolfSSL 13:f67a6c6013ca 11090
wolfSSL 13:f67a6c6013ca 11091 /* Do dummy rounds */
wolfSSL 13:f67a6c6013ca 11092 static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
wolfSSL 13:f67a6c6013ca 11093 {
wolfSSL 13:f67a6c6013ca 11094 (void)rounds;
wolfSSL 13:f67a6c6013ca 11095 (void)data;
wolfSSL 13:f67a6c6013ca 11096 (void)sz;
wolfSSL 13:f67a6c6013ca 11097
wolfSSL 13:f67a6c6013ca 11098 switch (type) {
wolfSSL 13:f67a6c6013ca 11099 case no_mac :
wolfSSL 13:f67a6c6013ca 11100 break;
wolfSSL 13:f67a6c6013ca 11101
wolfSSL 13:f67a6c6013ca 11102 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 11103 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 11104 case md5_mac :
wolfSSL 13:f67a6c6013ca 11105 Md5Rounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11106 break;
wolfSSL 13:f67a6c6013ca 11107 #endif
wolfSSL 13:f67a6c6013ca 11108
wolfSSL 13:f67a6c6013ca 11109 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 11110 case sha_mac :
wolfSSL 13:f67a6c6013ca 11111 ShaRounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11112 break;
wolfSSL 13:f67a6c6013ca 11113 #endif
wolfSSL 13:f67a6c6013ca 11114 #endif
wolfSSL 13:f67a6c6013ca 11115
wolfSSL 13:f67a6c6013ca 11116 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 11117 case sha256_mac :
wolfSSL 13:f67a6c6013ca 11118 Sha256Rounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11119 break;
wolfSSL 13:f67a6c6013ca 11120 #endif
wolfSSL 13:f67a6c6013ca 11121
wolfSSL 13:f67a6c6013ca 11122 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 11123 case sha384_mac :
wolfSSL 13:f67a6c6013ca 11124 Sha384Rounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11125 break;
wolfSSL 13:f67a6c6013ca 11126 #endif
wolfSSL 13:f67a6c6013ca 11127
wolfSSL 13:f67a6c6013ca 11128 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 11129 case sha512_mac :
wolfSSL 13:f67a6c6013ca 11130 Sha512Rounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11131 break;
wolfSSL 13:f67a6c6013ca 11132 #endif
wolfSSL 13:f67a6c6013ca 11133
wolfSSL 13:f67a6c6013ca 11134 #ifdef WOLFSSL_RIPEMD
wolfSSL 13:f67a6c6013ca 11135 case rmd_mac :
wolfSSL 13:f67a6c6013ca 11136 RmdRounds(rounds, data, sz);
wolfSSL 13:f67a6c6013ca 11137 break;
wolfSSL 13:f67a6c6013ca 11138 #endif
wolfSSL 13:f67a6c6013ca 11139
wolfSSL 13:f67a6c6013ca 11140 default:
wolfSSL 13:f67a6c6013ca 11141 WOLFSSL_MSG("Bad round type");
wolfSSL 13:f67a6c6013ca 11142 break;
wolfSSL 13:f67a6c6013ca 11143 }
wolfSSL 13:f67a6c6013ca 11144 }
wolfSSL 13:f67a6c6013ca 11145
wolfSSL 13:f67a6c6013ca 11146
wolfSSL 13:f67a6c6013ca 11147 /* do number of compression rounds on dummy data */
wolfSSL 13:f67a6c6013ca 11148 static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
wolfSSL 13:f67a6c6013ca 11149 {
wolfSSL 13:f67a6c6013ca 11150 if (rounds)
wolfSSL 13:f67a6c6013ca 11151 DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
wolfSSL 13:f67a6c6013ca 11152 }
wolfSSL 13:f67a6c6013ca 11153
wolfSSL 13:f67a6c6013ca 11154
wolfSSL 13:f67a6c6013ca 11155 /* check all length bytes for the pad value, return 0 on success */
wolfSSL 13:f67a6c6013ca 11156 static int PadCheck(const byte* a, byte pad, int length)
wolfSSL 13:f67a6c6013ca 11157 {
wolfSSL 13:f67a6c6013ca 11158 int i;
wolfSSL 13:f67a6c6013ca 11159 int compareSum = 0;
wolfSSL 13:f67a6c6013ca 11160
wolfSSL 13:f67a6c6013ca 11161 for (i = 0; i < length; i++) {
wolfSSL 13:f67a6c6013ca 11162 compareSum |= a[i] ^ pad;
wolfSSL 13:f67a6c6013ca 11163 }
wolfSSL 13:f67a6c6013ca 11164
wolfSSL 13:f67a6c6013ca 11165 return compareSum;
wolfSSL 13:f67a6c6013ca 11166 }
wolfSSL 13:f67a6c6013ca 11167
wolfSSL 13:f67a6c6013ca 11168
wolfSSL 13:f67a6c6013ca 11169 /* get compression extra rounds */
wolfSSL 13:f67a6c6013ca 11170 static INLINE int GetRounds(int pLen, int padLen, int t)
wolfSSL 13:f67a6c6013ca 11171 {
wolfSSL 13:f67a6c6013ca 11172 int roundL1 = 1; /* round up flags */
wolfSSL 13:f67a6c6013ca 11173 int roundL2 = 1;
wolfSSL 13:f67a6c6013ca 11174
wolfSSL 13:f67a6c6013ca 11175 int L1 = COMPRESS_CONSTANT + pLen - t;
wolfSSL 13:f67a6c6013ca 11176 int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
wolfSSL 13:f67a6c6013ca 11177
wolfSSL 13:f67a6c6013ca 11178 L1 -= COMPRESS_UPPER;
wolfSSL 13:f67a6c6013ca 11179 L2 -= COMPRESS_UPPER;
wolfSSL 13:f67a6c6013ca 11180
wolfSSL 13:f67a6c6013ca 11181 if ( (L1 % COMPRESS_LOWER) == 0)
wolfSSL 13:f67a6c6013ca 11182 roundL1 = 0;
wolfSSL 13:f67a6c6013ca 11183 if ( (L2 % COMPRESS_LOWER) == 0)
wolfSSL 13:f67a6c6013ca 11184 roundL2 = 0;
wolfSSL 13:f67a6c6013ca 11185
wolfSSL 13:f67a6c6013ca 11186 L1 /= COMPRESS_LOWER;
wolfSSL 13:f67a6c6013ca 11187 L2 /= COMPRESS_LOWER;
wolfSSL 13:f67a6c6013ca 11188
wolfSSL 13:f67a6c6013ca 11189 L1 += roundL1;
wolfSSL 13:f67a6c6013ca 11190 L2 += roundL2;
wolfSSL 13:f67a6c6013ca 11191
wolfSSL 13:f67a6c6013ca 11192 return L1 - L2;
wolfSSL 13:f67a6c6013ca 11193 }
wolfSSL 13:f67a6c6013ca 11194
wolfSSL 13:f67a6c6013ca 11195
wolfSSL 13:f67a6c6013ca 11196 /* timing resistant pad/verify check, return 0 on success */
wolfSSL 13:f67a6c6013ca 11197 static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL 13:f67a6c6013ca 11198 int pLen, int content)
wolfSSL 13:f67a6c6013ca 11199 {
wolfSSL 13:f67a6c6013ca 11200 byte verify[MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 11201 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 13:f67a6c6013ca 11202 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 13:f67a6c6013ca 11203 int ret = 0;
wolfSSL 13:f67a6c6013ca 11204
wolfSSL 13:f67a6c6013ca 11205 (void)dmy;
wolfSSL 13:f67a6c6013ca 11206
wolfSSL 13:f67a6c6013ca 11207 if ( (t + padLen + 1) > pLen) {
wolfSSL 13:f67a6c6013ca 11208 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 13:f67a6c6013ca 11209 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
wolfSSL 13:f67a6c6013ca 11210 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 13:f67a6c6013ca 11211 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 13:f67a6c6013ca 11212
wolfSSL 13:f67a6c6013ca 11213 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11214 }
wolfSSL 13:f67a6c6013ca 11215
wolfSSL 13:f67a6c6013ca 11216 if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
wolfSSL 13:f67a6c6013ca 11217 WOLFSSL_MSG("PadCheck failed");
wolfSSL 13:f67a6c6013ca 11218 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 13:f67a6c6013ca 11219 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 13:f67a6c6013ca 11220 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 13:f67a6c6013ca 11221
wolfSSL 13:f67a6c6013ca 11222 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11223 }
wolfSSL 13:f67a6c6013ca 11224
wolfSSL 13:f67a6c6013ca 11225 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 13:f67a6c6013ca 11226 ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
wolfSSL 13:f67a6c6013ca 11227
wolfSSL 13:f67a6c6013ca 11228 CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
wolfSSL 13:f67a6c6013ca 11229
wolfSSL 13:f67a6c6013ca 11230 if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
wolfSSL 13:f67a6c6013ca 11231 WOLFSSL_MSG("Verify MAC compare failed");
wolfSSL 13:f67a6c6013ca 11232 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11233 }
wolfSSL 13:f67a6c6013ca 11234
wolfSSL 13:f67a6c6013ca 11235 /* treat any faulure as verify MAC error */
wolfSSL 13:f67a6c6013ca 11236 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11237 ret = VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11238
wolfSSL 13:f67a6c6013ca 11239 return ret;
wolfSSL 13:f67a6c6013ca 11240 }
wolfSSL 13:f67a6c6013ca 11241
wolfSSL 13:f67a6c6013ca 11242
wolfSSL 13:f67a6c6013ca 11243 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
wolfSSL 13:f67a6c6013ca 11244 {
wolfSSL 13:f67a6c6013ca 11245 word32 msgSz = ssl->keys.encryptSz;
wolfSSL 13:f67a6c6013ca 11246 word32 idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 11247 int dataSz;
wolfSSL 13:f67a6c6013ca 11248 int ivExtra = 0;
wolfSSL 13:f67a6c6013ca 11249 byte* rawData = input + idx; /* keep current for hmac */
wolfSSL 13:f67a6c6013ca 11250 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 11251 byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 13:f67a6c6013ca 11252 #endif
wolfSSL 13:f67a6c6013ca 11253
wolfSSL 13:f67a6c6013ca 11254 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 11255 if (ssl->earlyData) {
wolfSSL 13:f67a6c6013ca 11256 }
wolfSSL 13:f67a6c6013ca 11257 else
wolfSSL 13:f67a6c6013ca 11258 #endif
wolfSSL 13:f67a6c6013ca 11259 if (ssl->options.handShakeDone == 0) {
wolfSSL 13:f67a6c6013ca 11260 WOLFSSL_MSG("Received App data before a handshake completed");
wolfSSL 13:f67a6c6013ca 11261 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 11262 return OUT_OF_ORDER_E;
wolfSSL 13:f67a6c6013ca 11263 }
wolfSSL 13:f67a6c6013ca 11264
wolfSSL 13:f67a6c6013ca 11265 if (ssl->specs.cipher_type == block) {
wolfSSL 13:f67a6c6013ca 11266 if (ssl->options.tls1_1)
wolfSSL 13:f67a6c6013ca 11267 ivExtra = ssl->specs.block_size;
wolfSSL 13:f67a6c6013ca 11268 }
wolfSSL 13:f67a6c6013ca 11269 else if (ssl->specs.cipher_type == aead) {
wolfSSL 13:f67a6c6013ca 11270 if (CipherHasExpIV(ssl))
wolfSSL 13:f67a6c6013ca 11271 ivExtra = AESGCM_EXP_IV_SZ;
wolfSSL 13:f67a6c6013ca 11272 }
wolfSSL 13:f67a6c6013ca 11273
wolfSSL 13:f67a6c6013ca 11274 dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 11275 if (dataSz < 0) {
wolfSSL 13:f67a6c6013ca 11276 WOLFSSL_MSG("App data buffer error, malicious input?");
wolfSSL 13:f67a6c6013ca 11277 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 11278 }
wolfSSL 13:f67a6c6013ca 11279 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 11280 if (ssl->earlyData) {
wolfSSL 13:f67a6c6013ca 11281 if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) {
wolfSSL 13:f67a6c6013ca 11282 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 11283 return SSL_FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 11284 }
wolfSSL 13:f67a6c6013ca 11285 ssl->earlyDataSz += dataSz;
wolfSSL 13:f67a6c6013ca 11286 }
wolfSSL 13:f67a6c6013ca 11287 #endif
wolfSSL 13:f67a6c6013ca 11288
wolfSSL 13:f67a6c6013ca 11289 /* read data */
wolfSSL 13:f67a6c6013ca 11290 if (dataSz) {
wolfSSL 13:f67a6c6013ca 11291 int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL 13:f67a6c6013ca 11292
wolfSSL 13:f67a6c6013ca 11293 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 11294 if (ssl->options.usingCompression) {
wolfSSL 13:f67a6c6013ca 11295 dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL 13:f67a6c6013ca 11296 if (dataSz < 0) return dataSz;
wolfSSL 13:f67a6c6013ca 11297 }
wolfSSL 13:f67a6c6013ca 11298 #endif
wolfSSL 13:f67a6c6013ca 11299 idx += rawSz;
wolfSSL 13:f67a6c6013ca 11300
wolfSSL 13:f67a6c6013ca 11301 ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL 13:f67a6c6013ca 11302 ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL 13:f67a6c6013ca 11303 }
wolfSSL 13:f67a6c6013ca 11304
wolfSSL 13:f67a6c6013ca 11305 idx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 11306
wolfSSL 13:f67a6c6013ca 11307 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 11308 /* decompress could be bigger, overwrite after verify */
wolfSSL 13:f67a6c6013ca 11309 if (ssl->options.usingCompression)
wolfSSL 13:f67a6c6013ca 11310 XMEMMOVE(rawData, decomp, dataSz);
wolfSSL 13:f67a6c6013ca 11311 #endif
wolfSSL 13:f67a6c6013ca 11312
wolfSSL 13:f67a6c6013ca 11313 *inOutIdx = idx;
wolfSSL 13:f67a6c6013ca 11314 return 0;
wolfSSL 13:f67a6c6013ca 11315 }
wolfSSL 13:f67a6c6013ca 11316
wolfSSL 13:f67a6c6013ca 11317
wolfSSL 13:f67a6c6013ca 11318 /* process alert, return level */
wolfSSL 13:f67a6c6013ca 11319 static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL 13:f67a6c6013ca 11320 word32 totalSz)
wolfSSL 13:f67a6c6013ca 11321 {
wolfSSL 13:f67a6c6013ca 11322 byte level;
wolfSSL 13:f67a6c6013ca 11323 byte code;
wolfSSL 13:f67a6c6013ca 11324
wolfSSL 13:f67a6c6013ca 11325 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 11326 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 11327 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 11328 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 11329 /* add record header back on to info + alert bytes level/code */
wolfSSL 13:f67a6c6013ca 11330 AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
wolfSSL 13:f67a6c6013ca 11331 RECORD_HEADER_SZ, RECORD_HEADER_SZ + ALERT_SIZE,
wolfSSL 13:f67a6c6013ca 11332 ssl->heap);
wolfSSL 13:f67a6c6013ca 11333 #endif
wolfSSL 13:f67a6c6013ca 11334
wolfSSL 13:f67a6c6013ca 11335 if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) {
wolfSSL 13:f67a6c6013ca 11336 WOLFSSL_MSG("Alert count exceeded");
wolfSSL 13:f67a6c6013ca 11337 return ALERT_COUNT_E;
wolfSSL 13:f67a6c6013ca 11338 }
wolfSSL 13:f67a6c6013ca 11339
wolfSSL 13:f67a6c6013ca 11340 /* make sure can read the message */
wolfSSL 13:f67a6c6013ca 11341 if (*inOutIdx + ALERT_SIZE > totalSz)
wolfSSL 13:f67a6c6013ca 11342 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 11343
wolfSSL 13:f67a6c6013ca 11344 level = input[(*inOutIdx)++];
wolfSSL 13:f67a6c6013ca 11345 code = input[(*inOutIdx)++];
wolfSSL 13:f67a6c6013ca 11346 ssl->alert_history.last_rx.code = code;
wolfSSL 13:f67a6c6013ca 11347 ssl->alert_history.last_rx.level = level;
wolfSSL 13:f67a6c6013ca 11348 *type = code;
wolfSSL 13:f67a6c6013ca 11349 if (level == alert_fatal) {
wolfSSL 13:f67a6c6013ca 11350 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 13:f67a6c6013ca 11351 }
wolfSSL 13:f67a6c6013ca 11352
wolfSSL 13:f67a6c6013ca 11353 WOLFSSL_MSG("Got alert");
wolfSSL 13:f67a6c6013ca 11354 if (*type == close_notify) {
wolfSSL 13:f67a6c6013ca 11355 WOLFSSL_MSG("\tclose notify");
wolfSSL 13:f67a6c6013ca 11356 ssl->options.closeNotify = 1;
wolfSSL 13:f67a6c6013ca 11357 }
wolfSSL 13:f67a6c6013ca 11358 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 11359 if (*type == decode_error) {
wolfSSL 13:f67a6c6013ca 11360 WOLFSSL_MSG(" decode error");
wolfSSL 13:f67a6c6013ca 11361 }
wolfSSL 13:f67a6c6013ca 11362 if (*type == illegal_parameter) {
wolfSSL 13:f67a6c6013ca 11363 WOLFSSL_MSG(" illegal parameter");
wolfSSL 13:f67a6c6013ca 11364 }
wolfSSL 13:f67a6c6013ca 11365 #endif
wolfSSL 13:f67a6c6013ca 11366 WOLFSSL_ERROR(*type);
wolfSSL 13:f67a6c6013ca 11367 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 11368 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 13:f67a6c6013ca 11369 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 11370 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 11371 }
wolfSSL 13:f67a6c6013ca 11372
wolfSSL 13:f67a6c6013ca 11373 return level;
wolfSSL 13:f67a6c6013ca 11374 }
wolfSSL 13:f67a6c6013ca 11375
wolfSSL 13:f67a6c6013ca 11376 static int GetInputData(WOLFSSL *ssl, word32 size)
wolfSSL 13:f67a6c6013ca 11377 {
wolfSSL 13:f67a6c6013ca 11378 int in;
wolfSSL 13:f67a6c6013ca 11379 int inSz;
wolfSSL 13:f67a6c6013ca 11380 int maxLength;
wolfSSL 13:f67a6c6013ca 11381 int usedLength;
wolfSSL 13:f67a6c6013ca 11382 int dtlsExtra = 0;
wolfSSL 13:f67a6c6013ca 11383
wolfSSL 13:f67a6c6013ca 11384
wolfSSL 13:f67a6c6013ca 11385 /* check max input length */
wolfSSL 13:f67a6c6013ca 11386 usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 11387 maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL 13:f67a6c6013ca 11388 inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL 13:f67a6c6013ca 11389
wolfSSL 13:f67a6c6013ca 11390 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11391 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11392 if (size < ssl->dtls_expected_rx)
wolfSSL 13:f67a6c6013ca 11393 dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL 13:f67a6c6013ca 11394 inSz = ssl->dtls_expected_rx;
wolfSSL 13:f67a6c6013ca 11395 }
wolfSSL 13:f67a6c6013ca 11396 #endif
wolfSSL 13:f67a6c6013ca 11397
wolfSSL 13:f67a6c6013ca 11398 /* check that no lengths or size values are negative */
wolfSSL 13:f67a6c6013ca 11399 if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
wolfSSL 13:f67a6c6013ca 11400 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 11401 }
wolfSSL 13:f67a6c6013ca 11402
wolfSSL 13:f67a6c6013ca 11403 if (inSz > maxLength) {
wolfSSL 13:f67a6c6013ca 11404 if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL 13:f67a6c6013ca 11405 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 11406 }
wolfSSL 13:f67a6c6013ca 11407
wolfSSL 13:f67a6c6013ca 11408 /* Put buffer data at start if not there */
wolfSSL 13:f67a6c6013ca 11409 if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL 13:f67a6c6013ca 11410 XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11411 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11412 usedLength);
wolfSSL 13:f67a6c6013ca 11413
wolfSSL 13:f67a6c6013ca 11414 /* remove processed data */
wolfSSL 13:f67a6c6013ca 11415 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 11416 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 13:f67a6c6013ca 11417
wolfSSL 13:f67a6c6013ca 11418 /* read data from network */
wolfSSL 13:f67a6c6013ca 11419 do {
wolfSSL 13:f67a6c6013ca 11420 in = Receive(ssl,
wolfSSL 13:f67a6c6013ca 11421 ssl->buffers.inputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 11422 ssl->buffers.inputBuffer.length,
wolfSSL 13:f67a6c6013ca 11423 inSz);
wolfSSL 13:f67a6c6013ca 11424 if (in == -1)
wolfSSL 13:f67a6c6013ca 11425 return SOCKET_ERROR_E;
wolfSSL 13:f67a6c6013ca 11426
wolfSSL 13:f67a6c6013ca 11427 if (in == WANT_READ)
wolfSSL 13:f67a6c6013ca 11428 return WANT_READ;
wolfSSL 13:f67a6c6013ca 11429
wolfSSL 13:f67a6c6013ca 11430 if (in > inSz)
wolfSSL 13:f67a6c6013ca 11431 return RECV_OVERFLOW_E;
wolfSSL 13:f67a6c6013ca 11432
wolfSSL 13:f67a6c6013ca 11433 ssl->buffers.inputBuffer.length += in;
wolfSSL 13:f67a6c6013ca 11434 inSz -= in;
wolfSSL 13:f67a6c6013ca 11435
wolfSSL 13:f67a6c6013ca 11436 } while (ssl->buffers.inputBuffer.length < size);
wolfSSL 13:f67a6c6013ca 11437
wolfSSL 13:f67a6c6013ca 11438 #ifdef WOLFSSL_DEBUG_TLS
wolfSSL 13:f67a6c6013ca 11439 if (ssl->buffers.inputBuffer.idx == 0) {
wolfSSL 13:f67a6c6013ca 11440 WOLFSSL_MSG("Data received");
wolfSSL 13:f67a6c6013ca 11441 WOLFSSL_BUFFER(ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11442 ssl->buffers.inputBuffer.length);
wolfSSL 13:f67a6c6013ca 11443 }
wolfSSL 13:f67a6c6013ca 11444 #endif
wolfSSL 13:f67a6c6013ca 11445
wolfSSL 13:f67a6c6013ca 11446 return 0;
wolfSSL 13:f67a6c6013ca 11447 }
wolfSSL 13:f67a6c6013ca 11448
wolfSSL 13:f67a6c6013ca 11449
wolfSSL 13:f67a6c6013ca 11450 static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL 13:f67a6c6013ca 11451 int content, word32* padSz)
wolfSSL 13:f67a6c6013ca 11452 {
wolfSSL 13:f67a6c6013ca 11453 int ivExtra = 0;
wolfSSL 13:f67a6c6013ca 11454 int ret;
wolfSSL 13:f67a6c6013ca 11455 word32 pad = 0;
wolfSSL 13:f67a6c6013ca 11456 word32 padByte = 0;
wolfSSL 13:f67a6c6013ca 11457 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 11458 word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 13:f67a6c6013ca 11459 : ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 11460 #else
wolfSSL 13:f67a6c6013ca 11461 word32 digestSz = ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 11462 #endif
wolfSSL 13:f67a6c6013ca 11463 byte verify[MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 11464
wolfSSL 13:f67a6c6013ca 11465 if (ssl->specs.cipher_type == block) {
wolfSSL 13:f67a6c6013ca 11466 if (ssl->options.tls1_1)
wolfSSL 13:f67a6c6013ca 11467 ivExtra = ssl->specs.block_size;
wolfSSL 13:f67a6c6013ca 11468 pad = *(input + msgSz - ivExtra - 1);
wolfSSL 13:f67a6c6013ca 11469 padByte = 1;
wolfSSL 13:f67a6c6013ca 11470
wolfSSL 13:f67a6c6013ca 11471 if (ssl->options.tls) {
wolfSSL 13:f67a6c6013ca 11472 ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL 13:f67a6c6013ca 11473 content);
wolfSSL 13:f67a6c6013ca 11474 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11475 return ret;
wolfSSL 13:f67a6c6013ca 11476 }
wolfSSL 13:f67a6c6013ca 11477 else { /* sslv3, some implementations have bad padding, but don't
wolfSSL 13:f67a6c6013ca 11478 * allow bad read */
wolfSSL 13:f67a6c6013ca 11479 int badPadLen = 0;
wolfSSL 13:f67a6c6013ca 11480 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 13:f67a6c6013ca 11481 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 13:f67a6c6013ca 11482
wolfSSL 13:f67a6c6013ca 11483 (void)dmy;
wolfSSL 13:f67a6c6013ca 11484
wolfSSL 13:f67a6c6013ca 11485 if (pad > (msgSz - digestSz - 1)) {
wolfSSL 13:f67a6c6013ca 11486 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 13:f67a6c6013ca 11487 pad = 0; /* no bad read */
wolfSSL 13:f67a6c6013ca 11488 badPadLen = 1;
wolfSSL 13:f67a6c6013ca 11489 }
wolfSSL 13:f67a6c6013ca 11490 PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL 13:f67a6c6013ca 11491 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
wolfSSL 13:f67a6c6013ca 11492 content, 1);
wolfSSL 13:f67a6c6013ca 11493 if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL 13:f67a6c6013ca 11494 digestSz) != 0)
wolfSSL 13:f67a6c6013ca 11495 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11496 if (ret != 0 || badPadLen)
wolfSSL 13:f67a6c6013ca 11497 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11498 }
wolfSSL 13:f67a6c6013ca 11499 }
wolfSSL 13:f67a6c6013ca 11500 else if (ssl->specs.cipher_type == stream) {
wolfSSL 13:f67a6c6013ca 11501 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
wolfSSL 13:f67a6c6013ca 11502 if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL 13:f67a6c6013ca 11503 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11504 }
wolfSSL 13:f67a6c6013ca 11505 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11506 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 11507 }
wolfSSL 13:f67a6c6013ca 11508
wolfSSL 13:f67a6c6013ca 11509 if (ssl->specs.cipher_type == aead) {
wolfSSL 13:f67a6c6013ca 11510 *padSz = ssl->specs.aead_mac_size;
wolfSSL 13:f67a6c6013ca 11511 }
wolfSSL 13:f67a6c6013ca 11512 else {
wolfSSL 13:f67a6c6013ca 11513 *padSz = digestSz + pad + padByte;
wolfSSL 13:f67a6c6013ca 11514 }
wolfSSL 13:f67a6c6013ca 11515
wolfSSL 13:f67a6c6013ca 11516 return 0;
wolfSSL 13:f67a6c6013ca 11517 }
wolfSSL 13:f67a6c6013ca 11518
wolfSSL 13:f67a6c6013ca 11519
wolfSSL 13:f67a6c6013ca 11520 /* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL 13:f67a6c6013ca 11521 negative number is error */
wolfSSL 13:f67a6c6013ca 11522 int ProcessReply(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 11523 {
wolfSSL 13:f67a6c6013ca 11524 int ret = 0, type, readSz;
wolfSSL 13:f67a6c6013ca 11525 int atomicUser = 0;
wolfSSL 13:f67a6c6013ca 11526 word32 startIdx = 0;
wolfSSL 13:f67a6c6013ca 11527 #if defined(WOLFSSL_DTLS)
wolfSSL 13:f67a6c6013ca 11528 int used;
wolfSSL 13:f67a6c6013ca 11529 #endif
wolfSSL 13:f67a6c6013ca 11530
wolfSSL 13:f67a6c6013ca 11531 #ifdef ATOMIC_USER
wolfSSL 13:f67a6c6013ca 11532 if (ssl->ctx->DecryptVerifyCb)
wolfSSL 13:f67a6c6013ca 11533 atomicUser = 1;
wolfSSL 13:f67a6c6013ca 11534 #endif
wolfSSL 13:f67a6c6013ca 11535
wolfSSL 13:f67a6c6013ca 11536 if (ssl->error != 0 && ssl->error != WANT_READ &&
wolfSSL 13:f67a6c6013ca 11537 ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 11538 WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL 13:f67a6c6013ca 11539 return ssl->error;
wolfSSL 13:f67a6c6013ca 11540 }
wolfSSL 13:f67a6c6013ca 11541
wolfSSL 13:f67a6c6013ca 11542 for (;;) {
wolfSSL 13:f67a6c6013ca 11543 switch (ssl->options.processReply) {
wolfSSL 13:f67a6c6013ca 11544
wolfSSL 13:f67a6c6013ca 11545 /* in the WOLFSSL_SERVER case, get the first byte for detecting
wolfSSL 13:f67a6c6013ca 11546 * old client hello */
wolfSSL 13:f67a6c6013ca 11547 case doProcessInit:
wolfSSL 13:f67a6c6013ca 11548
wolfSSL 13:f67a6c6013ca 11549 readSz = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 11550
wolfSSL 13:f67a6c6013ca 11551 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11552 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 11553 readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 11554 #endif
wolfSSL 13:f67a6c6013ca 11555
wolfSSL 13:f67a6c6013ca 11556 /* get header or return error */
wolfSSL 13:f67a6c6013ca 11557 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11558 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 13:f67a6c6013ca 11559 return ret;
wolfSSL 13:f67a6c6013ca 11560 } else {
wolfSSL 13:f67a6c6013ca 11561 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11562 /* read ahead may already have header */
wolfSSL 13:f67a6c6013ca 11563 used = ssl->buffers.inputBuffer.length -
wolfSSL 13:f67a6c6013ca 11564 ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 11565 if (used < readSz) {
wolfSSL 13:f67a6c6013ca 11566 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 13:f67a6c6013ca 11567 return ret;
wolfSSL 13:f67a6c6013ca 11568 }
wolfSSL 13:f67a6c6013ca 11569 #endif
wolfSSL 13:f67a6c6013ca 11570 }
wolfSSL 13:f67a6c6013ca 11571
wolfSSL 13:f67a6c6013ca 11572 #ifdef OLD_HELLO_ALLOWED
wolfSSL 13:f67a6c6013ca 11573
wolfSSL 13:f67a6c6013ca 11574 /* see if sending SSLv2 client hello */
wolfSSL 13:f67a6c6013ca 11575 if ( ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 11576 ssl->options.clientState == NULL_STATE &&
wolfSSL 13:f67a6c6013ca 11577 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL 13:f67a6c6013ca 11578 != handshake) {
wolfSSL 13:f67a6c6013ca 11579 byte b0, b1;
wolfSSL 13:f67a6c6013ca 11580
wolfSSL 13:f67a6c6013ca 11581 ssl->options.processReply = runProcessOldClientHello;
wolfSSL 13:f67a6c6013ca 11582
wolfSSL 13:f67a6c6013ca 11583 /* sanity checks before getting size at front */
wolfSSL 13:f67a6c6013ca 11584 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 13:f67a6c6013ca 11585 ssl->buffers.inputBuffer.idx + OPAQUE16_LEN] != OLD_HELLO_ID) {
wolfSSL 13:f67a6c6013ca 11586 WOLFSSL_MSG("Not a valid old client hello");
wolfSSL 13:f67a6c6013ca 11587 return PARSE_ERROR;
wolfSSL 13:f67a6c6013ca 11588 }
wolfSSL 13:f67a6c6013ca 11589
wolfSSL 13:f67a6c6013ca 11590 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 13:f67a6c6013ca 11591 ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != SSLv3_MAJOR &&
wolfSSL 13:f67a6c6013ca 11592 ssl->buffers.inputBuffer.buffer[
wolfSSL 13:f67a6c6013ca 11593 ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != DTLS_MAJOR) {
wolfSSL 13:f67a6c6013ca 11594 WOLFSSL_MSG("Not a valid version in old client hello");
wolfSSL 13:f67a6c6013ca 11595 return PARSE_ERROR;
wolfSSL 13:f67a6c6013ca 11596 }
wolfSSL 13:f67a6c6013ca 11597
wolfSSL 13:f67a6c6013ca 11598 /* how many bytes need ProcessOldClientHello */
wolfSSL 13:f67a6c6013ca 11599 b0 =
wolfSSL 13:f67a6c6013ca 11600 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 13:f67a6c6013ca 11601 b1 =
wolfSSL 13:f67a6c6013ca 11602 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 13:f67a6c6013ca 11603 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
wolfSSL 13:f67a6c6013ca 11604 }
wolfSSL 13:f67a6c6013ca 11605 else {
wolfSSL 13:f67a6c6013ca 11606 ssl->options.processReply = getRecordLayerHeader;
wolfSSL 13:f67a6c6013ca 11607 continue;
wolfSSL 13:f67a6c6013ca 11608 }
wolfSSL 13:f67a6c6013ca 11609 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11610
wolfSSL 13:f67a6c6013ca 11611 /* in the WOLFSSL_SERVER case, run the old client hello */
wolfSSL 13:f67a6c6013ca 11612 case runProcessOldClientHello:
wolfSSL 13:f67a6c6013ca 11613
wolfSSL 13:f67a6c6013ca 11614 /* get sz bytes or return error */
wolfSSL 13:f67a6c6013ca 11615 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11616 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 13:f67a6c6013ca 11617 return ret;
wolfSSL 13:f67a6c6013ca 11618 } else {
wolfSSL 13:f67a6c6013ca 11619 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11620 /* read ahead may already have */
wolfSSL 13:f67a6c6013ca 11621 used = ssl->buffers.inputBuffer.length -
wolfSSL 13:f67a6c6013ca 11622 ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 11623 if (used < ssl->curSize)
wolfSSL 13:f67a6c6013ca 11624 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 13:f67a6c6013ca 11625 return ret;
wolfSSL 13:f67a6c6013ca 11626 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 11627 }
wolfSSL 13:f67a6c6013ca 11628
wolfSSL 13:f67a6c6013ca 11629 ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11630 &ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11631 ssl->buffers.inputBuffer.length -
wolfSSL 13:f67a6c6013ca 11632 ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11633 ssl->curSize);
wolfSSL 13:f67a6c6013ca 11634 if (ret < 0)
wolfSSL 13:f67a6c6013ca 11635 return ret;
wolfSSL 13:f67a6c6013ca 11636
wolfSSL 13:f67a6c6013ca 11637 else if (ssl->buffers.inputBuffer.idx ==
wolfSSL 13:f67a6c6013ca 11638 ssl->buffers.inputBuffer.length) {
wolfSSL 13:f67a6c6013ca 11639 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11640 return 0;
wolfSSL 13:f67a6c6013ca 11641 }
wolfSSL 13:f67a6c6013ca 11642
wolfSSL 13:f67a6c6013ca 11643 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 13:f67a6c6013ca 11644 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11645
wolfSSL 13:f67a6c6013ca 11646 /* get the record layer header */
wolfSSL 13:f67a6c6013ca 11647 case getRecordLayerHeader:
wolfSSL 13:f67a6c6013ca 11648
wolfSSL 13:f67a6c6013ca 11649 ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11650 &ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11651 &ssl->curRL, &ssl->curSize);
wolfSSL 13:f67a6c6013ca 11652 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11653 if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL 13:f67a6c6013ca 11654 WOLFSSL_MSG("Silently dropping out of order DTLS message");
wolfSSL 13:f67a6c6013ca 11655 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11656 ssl->buffers.inputBuffer.length = 0;
wolfSSL 13:f67a6c6013ca 11657 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 13:f67a6c6013ca 11658 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 13:f67a6c6013ca 11659 ssl->replayDropCount++;
wolfSSL 13:f67a6c6013ca 11660 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 13:f67a6c6013ca 11661
wolfSSL 13:f67a6c6013ca 11662 if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) {
wolfSSL 13:f67a6c6013ca 11663 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 13:f67a6c6013ca 11664 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11665 return ret;
wolfSSL 13:f67a6c6013ca 11666 }
wolfSSL 13:f67a6c6013ca 11667
wolfSSL 13:f67a6c6013ca 11668 continue;
wolfSSL 13:f67a6c6013ca 11669 }
wolfSSL 13:f67a6c6013ca 11670 #endif
wolfSSL 13:f67a6c6013ca 11671 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11672 return ret;
wolfSSL 13:f67a6c6013ca 11673
wolfSSL 13:f67a6c6013ca 11674 ssl->options.processReply = getData;
wolfSSL 13:f67a6c6013ca 11675 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11676
wolfSSL 13:f67a6c6013ca 11677 /* retrieve record layer data */
wolfSSL 13:f67a6c6013ca 11678 case getData:
wolfSSL 13:f67a6c6013ca 11679
wolfSSL 13:f67a6c6013ca 11680 /* get sz bytes or return error */
wolfSSL 13:f67a6c6013ca 11681 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11682 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 13:f67a6c6013ca 11683 return ret;
wolfSSL 13:f67a6c6013ca 11684 } else {
wolfSSL 13:f67a6c6013ca 11685 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11686 /* read ahead may already have */
wolfSSL 13:f67a6c6013ca 11687 used = ssl->buffers.inputBuffer.length -
wolfSSL 13:f67a6c6013ca 11688 ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 11689 if (used < ssl->curSize)
wolfSSL 13:f67a6c6013ca 11690 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 13:f67a6c6013ca 11691 return ret;
wolfSSL 13:f67a6c6013ca 11692 #endif
wolfSSL 13:f67a6c6013ca 11693 }
wolfSSL 13:f67a6c6013ca 11694
wolfSSL 13:f67a6c6013ca 11695 ssl->options.processReply = decryptMessage;
wolfSSL 13:f67a6c6013ca 11696 startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL 13:f67a6c6013ca 11697 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11698
wolfSSL 13:f67a6c6013ca 11699 /* decrypt message */
wolfSSL 13:f67a6c6013ca 11700 case decryptMessage:
wolfSSL 13:f67a6c6013ca 11701
wolfSSL 13:f67a6c6013ca 11702 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) {
wolfSSL 13:f67a6c6013ca 11703 bufferStatic* in = &ssl->buffers.inputBuffer;
wolfSSL 13:f67a6c6013ca 11704
wolfSSL 13:f67a6c6013ca 11705 ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL 13:f67a6c6013ca 11706 if (ret < 0)
wolfSSL 13:f67a6c6013ca 11707 return ret;
wolfSSL 13:f67a6c6013ca 11708
wolfSSL 13:f67a6c6013ca 11709 if (atomicUser) {
wolfSSL 13:f67a6c6013ca 11710 #ifdef ATOMIC_USER
wolfSSL 13:f67a6c6013ca 11711 ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL 13:f67a6c6013ca 11712 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11713 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11714 ssl->curSize, ssl->curRL.type, 1,
wolfSSL 13:f67a6c6013ca 11715 &ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL 13:f67a6c6013ca 11716 #endif /* ATOMIC_USER */
wolfSSL 13:f67a6c6013ca 11717 }
wolfSSL 13:f67a6c6013ca 11718 else {
wolfSSL 13:f67a6c6013ca 11719 if (!ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 11720 ret = Decrypt(ssl,
wolfSSL 13:f67a6c6013ca 11721 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11722 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11723 ssl->curSize);
wolfSSL 13:f67a6c6013ca 11724 }
wolfSSL 13:f67a6c6013ca 11725 else {
wolfSSL 13:f67a6c6013ca 11726 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 11727 ret = DecryptTls13(ssl,
wolfSSL 13:f67a6c6013ca 11728 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11729 in->buffer + in->idx,
wolfSSL 13:f67a6c6013ca 11730 ssl->curSize);
wolfSSL 13:f67a6c6013ca 11731 #else
wolfSSL 13:f67a6c6013ca 11732 ret = DECRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 11733 #endif /* WOLFSSL_TLS13 */
wolfSSL 13:f67a6c6013ca 11734 }
wolfSSL 13:f67a6c6013ca 11735 }
wolfSSL 13:f67a6c6013ca 11736
wolfSSL 13:f67a6c6013ca 11737 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 11738 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 11739 return ret;
wolfSSL 13:f67a6c6013ca 11740 #endif
wolfSSL 13:f67a6c6013ca 11741
wolfSSL 13:f67a6c6013ca 11742 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 11743 /* handle success */
wolfSSL 13:f67a6c6013ca 11744 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL 13:f67a6c6013ca 11745 ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL 13:f67a6c6013ca 11746 /* go past TLSv1.1 IV */
wolfSSL 13:f67a6c6013ca 11747 if (CipherHasExpIV(ssl))
wolfSSL 13:f67a6c6013ca 11748 ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL 13:f67a6c6013ca 11749 }
wolfSSL 13:f67a6c6013ca 11750 else {
wolfSSL 13:f67a6c6013ca 11751 WOLFSSL_MSG("Decrypt failed");
wolfSSL 13:f67a6c6013ca 11752 WOLFSSL_ERROR(ret);
wolfSSL 13:f67a6c6013ca 11753 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 11754 if (ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 11755 ssl->earlyDataSz += ssl->curSize;
wolfSSL 13:f67a6c6013ca 11756 if (ssl->earlyDataSz <= ssl->options.maxEarlyDataSz) {
wolfSSL 13:f67a6c6013ca 11757 if (ssl->keys.peer_sequence_number_lo-- == 0)
wolfSSL 13:f67a6c6013ca 11758 ssl->keys.peer_sequence_number_hi--;
wolfSSL 13:f67a6c6013ca 11759 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11760 ssl->buffers.inputBuffer.idx =
wolfSSL 13:f67a6c6013ca 11761 ssl->buffers.inputBuffer.length;
wolfSSL 13:f67a6c6013ca 11762 return 0;
wolfSSL 13:f67a6c6013ca 11763 }
wolfSSL 13:f67a6c6013ca 11764 }
wolfSSL 13:f67a6c6013ca 11765 #endif
wolfSSL 13:f67a6c6013ca 11766 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11767 /* If in DTLS mode, if the decrypt fails for any
wolfSSL 13:f67a6c6013ca 11768 * reason, pretend the datagram never happened. */
wolfSSL 13:f67a6c6013ca 11769 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11770 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11771 ssl->buffers.inputBuffer.idx =
wolfSSL 13:f67a6c6013ca 11772 ssl->buffers.inputBuffer.length;
wolfSSL 13:f67a6c6013ca 11773 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 13:f67a6c6013ca 11774 ssl->macDropCount++;
wolfSSL 13:f67a6c6013ca 11775 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 13:f67a6c6013ca 11776 }
wolfSSL 13:f67a6c6013ca 11777 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 11778
wolfSSL 13:f67a6c6013ca 11779 return DECRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 11780 }
wolfSSL 13:f67a6c6013ca 11781 }
wolfSSL 13:f67a6c6013ca 11782
wolfSSL 13:f67a6c6013ca 11783 ssl->options.processReply = verifyMessage;
wolfSSL 13:f67a6c6013ca 11784 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11785
wolfSSL 13:f67a6c6013ca 11786 /* verify digest of message */
wolfSSL 13:f67a6c6013ca 11787 case verifyMessage:
wolfSSL 13:f67a6c6013ca 11788
wolfSSL 13:f67a6c6013ca 11789 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) {
wolfSSL 13:f67a6c6013ca 11790 if (!atomicUser) {
wolfSSL 13:f67a6c6013ca 11791 ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 11792 ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11793 ssl->curSize, ssl->curRL.type,
wolfSSL 13:f67a6c6013ca 11794 &ssl->keys.padSz);
wolfSSL 13:f67a6c6013ca 11795 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 11796 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 11797 return ret;
wolfSSL 13:f67a6c6013ca 11798 #endif
wolfSSL 13:f67a6c6013ca 11799 if (ret < 0) {
wolfSSL 13:f67a6c6013ca 11800 WOLFSSL_MSG("VerifyMac failed");
wolfSSL 13:f67a6c6013ca 11801 WOLFSSL_ERROR(ret);
wolfSSL 13:f67a6c6013ca 11802 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11803 /* If in DTLS mode, if the decrypt fails for any
wolfSSL 13:f67a6c6013ca 11804 * reason, pretend the datagram never happened. */
wolfSSL 13:f67a6c6013ca 11805 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11806 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11807 ssl->buffers.inputBuffer.idx =
wolfSSL 13:f67a6c6013ca 11808 ssl->buffers.inputBuffer.length;
wolfSSL 13:f67a6c6013ca 11809 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 13:f67a6c6013ca 11810 ssl->macDropCount++;
wolfSSL 13:f67a6c6013ca 11811 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 13:f67a6c6013ca 11812 }
wolfSSL 13:f67a6c6013ca 11813 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 11814 return DECRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 11815 }
wolfSSL 13:f67a6c6013ca 11816 }
wolfSSL 13:f67a6c6013ca 11817
wolfSSL 13:f67a6c6013ca 11818 ssl->keys.encryptSz = ssl->curSize;
wolfSSL 13:f67a6c6013ca 11819 ssl->keys.decryptedCur = 1;
wolfSSL 13:f67a6c6013ca 11820 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 11821 if (ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 11822 /* Get the real content type from the end of the data. */
wolfSSL 13:f67a6c6013ca 11823 ssl->keys.padSz++;
wolfSSL 13:f67a6c6013ca 11824 ssl->curRL.type = ssl->buffers.inputBuffer.buffer[
wolfSSL 13:f67a6c6013ca 11825 ssl->buffers.inputBuffer.length - ssl->keys.padSz];
wolfSSL 13:f67a6c6013ca 11826 }
wolfSSL 13:f67a6c6013ca 11827 #endif
wolfSSL 13:f67a6c6013ca 11828 }
wolfSSL 13:f67a6c6013ca 11829
wolfSSL 13:f67a6c6013ca 11830 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 13:f67a6c6013ca 11831 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 11832
wolfSSL 13:f67a6c6013ca 11833 /* the record layer is here */
wolfSSL 13:f67a6c6013ca 11834 case runProcessingOneMessage:
wolfSSL 13:f67a6c6013ca 11835
wolfSSL 13:f67a6c6013ca 11836 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11837 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 11838 DtlsUpdateWindow(ssl);
wolfSSL 13:f67a6c6013ca 11839 }
wolfSSL 13:f67a6c6013ca 11840 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 11841
wolfSSL 13:f67a6c6013ca 11842 WOLFSSL_MSG("received record layer msg");
wolfSSL 13:f67a6c6013ca 11843
wolfSSL 13:f67a6c6013ca 11844 switch (ssl->curRL.type) {
wolfSSL 13:f67a6c6013ca 11845 case handshake :
wolfSSL 13:f67a6c6013ca 11846 /* debugging in DoHandShakeMsg */
wolfSSL 13:f67a6c6013ca 11847 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11848 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11849 ret = DoDtlsHandShakeMsg(ssl,
wolfSSL 13:f67a6c6013ca 11850 ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11851 &ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11852 ssl->buffers.inputBuffer.length);
wolfSSL 13:f67a6c6013ca 11853 #endif
wolfSSL 13:f67a6c6013ca 11854 }
wolfSSL 13:f67a6c6013ca 11855 else if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 13:f67a6c6013ca 11856 ret = DoHandShakeMsg(ssl,
wolfSSL 13:f67a6c6013ca 11857 ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11858 &ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11859 ssl->buffers.inputBuffer.length);
wolfSSL 13:f67a6c6013ca 11860 }
wolfSSL 13:f67a6c6013ca 11861 else {
wolfSSL 13:f67a6c6013ca 11862 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 11863 ret = DoTls13HandShakeMsg(ssl,
wolfSSL 13:f67a6c6013ca 11864 ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 11865 &ssl->buffers.inputBuffer.idx,
wolfSSL 13:f67a6c6013ca 11866 ssl->buffers.inputBuffer.length);
wolfSSL 13:f67a6c6013ca 11867 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 11868 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11869 return ret;
wolfSSL 13:f67a6c6013ca 11870 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 11871 ssl->earlyData &&
wolfSSL 13:f67a6c6013ca 11872 ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 13:f67a6c6013ca 11873 ssl->earlyData = 0;
wolfSSL 13:f67a6c6013ca 11874 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 11875 return ZERO_RETURN;
wolfSSL 13:f67a6c6013ca 11876 }
wolfSSL 13:f67a6c6013ca 11877 #endif
wolfSSL 13:f67a6c6013ca 11878 #else
wolfSSL 13:f67a6c6013ca 11879 ret = BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 11880 #endif
wolfSSL 13:f67a6c6013ca 11881 }
wolfSSL 13:f67a6c6013ca 11882 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11883 return ret;
wolfSSL 13:f67a6c6013ca 11884 break;
wolfSSL 13:f67a6c6013ca 11885
wolfSSL 13:f67a6c6013ca 11886 case change_cipher_spec:
wolfSSL 13:f67a6c6013ca 11887 WOLFSSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL 13:f67a6c6013ca 11888 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 11889 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 11890 AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 11891 /* add record header back on info */
wolfSSL 13:f67a6c6013ca 11892 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 11893 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
wolfSSL 13:f67a6c6013ca 11894 ssl->buffers.inputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 11895 ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 11896 1 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL 13:f67a6c6013ca 11897 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 11898 }
wolfSSL 13:f67a6c6013ca 11899 #endif
wolfSSL 13:f67a6c6013ca 11900
wolfSSL 13:f67a6c6013ca 11901 ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
wolfSSL 13:f67a6c6013ca 11902 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 11903 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11904 return ret;
wolfSSL 13:f67a6c6013ca 11905 }
wolfSSL 13:f67a6c6013ca 11906 else {
wolfSSL 13:f67a6c6013ca 11907 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11908 /* Check for duplicate CCS message in DTLS mode.
wolfSSL 13:f67a6c6013ca 11909 * DTLS allows for duplicate messages, and it should be
wolfSSL 13:f67a6c6013ca 11910 * skipped. Also skip if out of order. */
wolfSSL 13:f67a6c6013ca 11911 if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E)
wolfSSL 13:f67a6c6013ca 11912 return ret;
wolfSSL 13:f67a6c6013ca 11913
wolfSSL 13:f67a6c6013ca 11914 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 11915 ret = DtlsMsgPoolSend(ssl, 1);
wolfSSL 13:f67a6c6013ca 11916 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11917 return ret;
wolfSSL 13:f67a6c6013ca 11918 }
wolfSSL 13:f67a6c6013ca 11919
wolfSSL 13:f67a6c6013ca 11920 if (ssl->curSize != 1) {
wolfSSL 13:f67a6c6013ca 11921 WOLFSSL_MSG("Malicious or corrupted"
wolfSSL 13:f67a6c6013ca 11922 " duplicate ChangeCipher msg");
wolfSSL 13:f67a6c6013ca 11923 return LENGTH_ERROR;
wolfSSL 13:f67a6c6013ca 11924 }
wolfSSL 13:f67a6c6013ca 11925 ssl->buffers.inputBuffer.idx++;
wolfSSL 13:f67a6c6013ca 11926 break;
wolfSSL 13:f67a6c6013ca 11927 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 11928 }
wolfSSL 13:f67a6c6013ca 11929 }
wolfSSL 13:f67a6c6013ca 11930
wolfSSL 13:f67a6c6013ca 11931 if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
wolfSSL 13:f67a6c6013ca 11932 ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 11933 ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
wolfSSL 13:f67a6c6013ca 11934 }
wolfSSL 13:f67a6c6013ca 11935
wolfSSL 13:f67a6c6013ca 11936 if (ssl->curSize != 1) {
wolfSSL 13:f67a6c6013ca 11937 WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL 13:f67a6c6013ca 11938 return LENGTH_ERROR;
wolfSSL 13:f67a6c6013ca 11939 }
wolfSSL 13:f67a6c6013ca 11940
wolfSSL 13:f67a6c6013ca 11941 ssl->buffers.inputBuffer.idx++;
wolfSSL 13:f67a6c6013ca 11942 ssl->keys.encryptionOn = 1;
wolfSSL 13:f67a6c6013ca 11943
wolfSSL 13:f67a6c6013ca 11944 /* setup decrypt keys for following messages */
wolfSSL 13:f67a6c6013ca 11945 /* XXX This might not be what we want to do when
wolfSSL 13:f67a6c6013ca 11946 * receiving a CCS with multicast. We update the
wolfSSL 13:f67a6c6013ca 11947 * key when the application updates them. */
wolfSSL 13:f67a6c6013ca 11948 if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
wolfSSL 13:f67a6c6013ca 11949 return ret;
wolfSSL 13:f67a6c6013ca 11950
wolfSSL 13:f67a6c6013ca 11951 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11952 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 11953 WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
wolfSSL 13:f67a6c6013ca 11954 #ifdef WOLFSSL_MULTICAST
wolfSSL 13:f67a6c6013ca 11955 if (ssl->options.haveMcast) {
wolfSSL 13:f67a6c6013ca 11956 peerSeq += ssl->keys.curPeerId;
wolfSSL 13:f67a6c6013ca 11957 peerSeq->highwaterMark = UpdateHighwaterMark(0,
wolfSSL 13:f67a6c6013ca 11958 ssl->ctx->mcastFirstSeq,
wolfSSL 13:f67a6c6013ca 11959 ssl->ctx->mcastSecondSeq,
wolfSSL 13:f67a6c6013ca 11960 ssl->ctx->mcastMaxSeq);
wolfSSL 13:f67a6c6013ca 11961 }
wolfSSL 13:f67a6c6013ca 11962 #endif
wolfSSL 13:f67a6c6013ca 11963 DtlsMsgPoolReset(ssl);
wolfSSL 13:f67a6c6013ca 11964 peerSeq->nextEpoch++;
wolfSSL 13:f67a6c6013ca 11965 peerSeq->prevSeq_lo = peerSeq->nextSeq_lo;
wolfSSL 13:f67a6c6013ca 11966 peerSeq->prevSeq_hi = peerSeq->nextSeq_hi;
wolfSSL 13:f67a6c6013ca 11967 peerSeq->nextSeq_lo = 0;
wolfSSL 13:f67a6c6013ca 11968 peerSeq->nextSeq_hi = 0;
wolfSSL 13:f67a6c6013ca 11969 XMEMCPY(peerSeq->prevWindow, peerSeq->window,
wolfSSL 13:f67a6c6013ca 11970 DTLS_SEQ_SZ);
wolfSSL 13:f67a6c6013ca 11971 XMEMSET(peerSeq->window, 0, DTLS_SEQ_SZ);
wolfSSL 13:f67a6c6013ca 11972 }
wolfSSL 13:f67a6c6013ca 11973 #endif
wolfSSL 13:f67a6c6013ca 11974
wolfSSL 13:f67a6c6013ca 11975 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 11976 if (ssl->options.usingCompression)
wolfSSL 13:f67a6c6013ca 11977 if ( (ret = InitStreams(ssl)) != 0)
wolfSSL 13:f67a6c6013ca 11978 return ret;
wolfSSL 13:f67a6c6013ca 11979 #endif
wolfSSL 13:f67a6c6013ca 11980 ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
wolfSSL 13:f67a6c6013ca 11981 ssl->options.side == WOLFSSL_CLIENT_END ?
wolfSSL 13:f67a6c6013ca 11982 server : client);
wolfSSL 13:f67a6c6013ca 11983 if (ret != 0)
wolfSSL 13:f67a6c6013ca 11984 return ret;
wolfSSL 13:f67a6c6013ca 11985 break;
wolfSSL 13:f67a6c6013ca 11986
wolfSSL 13:f67a6c6013ca 11987 case application_data:
wolfSSL 13:f67a6c6013ca 11988 WOLFSSL_MSG("got app DATA");
wolfSSL 13:f67a6c6013ca 11989 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 11990 if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
wolfSSL 13:f67a6c6013ca 11991 FreeHandshakeResources(ssl);
wolfSSL 13:f67a6c6013ca 11992 ssl->options.dtlsHsRetain = 0;
wolfSSL 13:f67a6c6013ca 11993 }
wolfSSL 13:f67a6c6013ca 11994 #endif
wolfSSL 13:f67a6c6013ca 11995 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 11996 if (ssl->keys.keyUpdateRespond) {
wolfSSL 13:f67a6c6013ca 11997 WOLFSSL_MSG("No KeyUpdate from peer seen");
wolfSSL 13:f67a6c6013ca 11998 return SANITY_MSG_E;
wolfSSL 13:f67a6c6013ca 11999 }
wolfSSL 13:f67a6c6013ca 12000 #endif
wolfSSL 13:f67a6c6013ca 12001 if ((ret = DoApplicationData(ssl,
wolfSSL 13:f67a6c6013ca 12002 ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 12003 &ssl->buffers.inputBuffer.idx))
wolfSSL 13:f67a6c6013ca 12004 != 0) {
wolfSSL 13:f67a6c6013ca 12005 WOLFSSL_ERROR(ret);
wolfSSL 13:f67a6c6013ca 12006 return ret;
wolfSSL 13:f67a6c6013ca 12007 }
wolfSSL 13:f67a6c6013ca 12008 break;
wolfSSL 13:f67a6c6013ca 12009
wolfSSL 13:f67a6c6013ca 12010 case alert:
wolfSSL 13:f67a6c6013ca 12011 WOLFSSL_MSG("got ALERT!");
wolfSSL 13:f67a6c6013ca 12012 ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 13:f67a6c6013ca 12013 &ssl->buffers.inputBuffer.idx, &type,
wolfSSL 13:f67a6c6013ca 12014 ssl->buffers.inputBuffer.length);
wolfSSL 13:f67a6c6013ca 12015 if (ret == alert_fatal)
wolfSSL 13:f67a6c6013ca 12016 return FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 12017 else if (ret < 0)
wolfSSL 13:f67a6c6013ca 12018 return ret;
wolfSSL 13:f67a6c6013ca 12019
wolfSSL 13:f67a6c6013ca 12020 /* catch warnings that are handled as errors */
wolfSSL 13:f67a6c6013ca 12021 if (type == close_notify)
wolfSSL 13:f67a6c6013ca 12022 return ssl->error = ZERO_RETURN;
wolfSSL 13:f67a6c6013ca 12023
wolfSSL 13:f67a6c6013ca 12024 if (type == decrypt_error)
wolfSSL 13:f67a6c6013ca 12025 return FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 12026 break;
wolfSSL 13:f67a6c6013ca 12027
wolfSSL 13:f67a6c6013ca 12028 default:
wolfSSL 13:f67a6c6013ca 12029 WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL 13:f67a6c6013ca 12030 return UNKNOWN_RECORD_TYPE;
wolfSSL 13:f67a6c6013ca 12031 }
wolfSSL 13:f67a6c6013ca 12032
wolfSSL 13:f67a6c6013ca 12033 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 12034
wolfSSL 13:f67a6c6013ca 12035 /* input exhausted? */
wolfSSL 13:f67a6c6013ca 12036 if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length)
wolfSSL 13:f67a6c6013ca 12037 return 0;
wolfSSL 13:f67a6c6013ca 12038
wolfSSL 13:f67a6c6013ca 12039 /* more messages per record */
wolfSSL 13:f67a6c6013ca 12040 else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL 13:f67a6c6013ca 12041 WOLFSSL_MSG("More messages in record");
wolfSSL 13:f67a6c6013ca 12042
wolfSSL 13:f67a6c6013ca 12043 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 13:f67a6c6013ca 12044
wolfSSL 13:f67a6c6013ca 12045 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 12046 WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
wolfSSL 13:f67a6c6013ca 12047 if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
wolfSSL 13:f67a6c6013ca 12048 ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 12049 }
wolfSSL 13:f67a6c6013ca 12050 else {
wolfSSL 13:f67a6c6013ca 12051 WOLFSSL_MSG("\tmiddle padding error");
wolfSSL 13:f67a6c6013ca 12052 return FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 12053 }
wolfSSL 13:f67a6c6013ca 12054 }
wolfSSL 13:f67a6c6013ca 12055
wolfSSL 13:f67a6c6013ca 12056 continue;
wolfSSL 13:f67a6c6013ca 12057 }
wolfSSL 13:f67a6c6013ca 12058 /* more records */
wolfSSL 13:f67a6c6013ca 12059 else {
wolfSSL 13:f67a6c6013ca 12060 WOLFSSL_MSG("More records in input");
wolfSSL 13:f67a6c6013ca 12061 ssl->options.processReply = doProcessInit;
wolfSSL 13:f67a6c6013ca 12062 continue;
wolfSSL 13:f67a6c6013ca 12063 }
wolfSSL 13:f67a6c6013ca 12064
wolfSSL 13:f67a6c6013ca 12065 default:
wolfSSL 13:f67a6c6013ca 12066 WOLFSSL_MSG("Bad process input state, programming error");
wolfSSL 13:f67a6c6013ca 12067 return INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 12068 }
wolfSSL 13:f67a6c6013ca 12069 }
wolfSSL 13:f67a6c6013ca 12070 }
wolfSSL 13:f67a6c6013ca 12071
wolfSSL 13:f67a6c6013ca 12072
wolfSSL 13:f67a6c6013ca 12073 int SendChangeCipher(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 12074 {
wolfSSL 13:f67a6c6013ca 12075 byte *output;
wolfSSL 13:f67a6c6013ca 12076 int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL 13:f67a6c6013ca 12077 int idx = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12078 int ret;
wolfSSL 13:f67a6c6013ca 12079
wolfSSL 13:f67a6c6013ca 12080 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12081 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12082 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 12083 idx += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 12084 }
wolfSSL 13:f67a6c6013ca 12085 #endif
wolfSSL 13:f67a6c6013ca 12086
wolfSSL 13:f67a6c6013ca 12087 /* are we in scr */
wolfSSL 13:f67a6c6013ca 12088 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 13:f67a6c6013ca 12089 sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 12090 }
wolfSSL 13:f67a6c6013ca 12091
wolfSSL 13:f67a6c6013ca 12092 /* check for avalaible size */
wolfSSL 13:f67a6c6013ca 12093 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 12094 return ret;
wolfSSL 13:f67a6c6013ca 12095
wolfSSL 13:f67a6c6013ca 12096 /* get output buffer */
wolfSSL 13:f67a6c6013ca 12097 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 12098 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 12099
wolfSSL 13:f67a6c6013ca 12100 AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL 13:f67a6c6013ca 12101
wolfSSL 13:f67a6c6013ca 12102 output[idx] = 1; /* turn it on */
wolfSSL 13:f67a6c6013ca 12103
wolfSSL 13:f67a6c6013ca 12104 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 13:f67a6c6013ca 12105 byte input[ENUM_LEN];
wolfSSL 13:f67a6c6013ca 12106 int inputSz = ENUM_LEN;
wolfSSL 13:f67a6c6013ca 12107
wolfSSL 13:f67a6c6013ca 12108 input[0] = 1; /* turn it on */
wolfSSL 13:f67a6c6013ca 12109 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 13:f67a6c6013ca 12110 change_cipher_spec, 0, 0, 0);
wolfSSL 13:f67a6c6013ca 12111 if (sendSz < 0) {
wolfSSL 13:f67a6c6013ca 12112 return sendSz;
wolfSSL 13:f67a6c6013ca 12113 }
wolfSSL 13:f67a6c6013ca 12114 }
wolfSSL 13:f67a6c6013ca 12115
wolfSSL 13:f67a6c6013ca 12116 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12117 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 12118 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 12119 return ret;
wolfSSL 13:f67a6c6013ca 12120 }
wolfSSL 13:f67a6c6013ca 12121 #endif
wolfSSL 13:f67a6c6013ca 12122 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 12123 if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 12124 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 12125 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 12126 ssl->heap);
wolfSSL 13:f67a6c6013ca 12127 #endif
wolfSSL 13:f67a6c6013ca 12128 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 12129
wolfSSL 13:f67a6c6013ca 12130 if (ssl->options.groupMessages)
wolfSSL 13:f67a6c6013ca 12131 return 0;
wolfSSL 13:f67a6c6013ca 12132 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
wolfSSL 13:f67a6c6013ca 12133 else if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12134 /* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL 13:f67a6c6013ca 12135 * same datagram as the finished message. */
wolfSSL 13:f67a6c6013ca 12136 return 0;
wolfSSL 13:f67a6c6013ca 12137 }
wolfSSL 13:f67a6c6013ca 12138 #endif
wolfSSL 13:f67a6c6013ca 12139 else
wolfSSL 13:f67a6c6013ca 12140 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 12141 }
wolfSSL 13:f67a6c6013ca 12142
wolfSSL 13:f67a6c6013ca 12143
wolfSSL 13:f67a6c6013ca 12144 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 12145 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 13:f67a6c6013ca 12146 int content, int verify)
wolfSSL 13:f67a6c6013ca 12147 {
wolfSSL 13:f67a6c6013ca 12148 byte result[MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 12149 word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL 13:f67a6c6013ca 12150 word32 padSz = ssl->specs.pad_size;
wolfSSL 13:f67a6c6013ca 12151 int ret = 0;
wolfSSL 13:f67a6c6013ca 12152
wolfSSL 13:f67a6c6013ca 12153 Md5 md5;
wolfSSL 13:f67a6c6013ca 12154 Sha sha;
wolfSSL 13:f67a6c6013ca 12155
wolfSSL 13:f67a6c6013ca 12156 /* data */
wolfSSL 13:f67a6c6013ca 12157 byte seq[SEQ_SZ];
wolfSSL 13:f67a6c6013ca 12158 byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL 13:f67a6c6013ca 12159 const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
wolfSSL 13:f67a6c6013ca 12160
wolfSSL 13:f67a6c6013ca 12161 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 12162 if (ssl->fuzzerCb)
wolfSSL 13:f67a6c6013ca 12163 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 12164 #endif
wolfSSL 13:f67a6c6013ca 12165
wolfSSL 13:f67a6c6013ca 12166 XMEMSET(seq, 0, SEQ_SZ);
wolfSSL 13:f67a6c6013ca 12167 conLen[0] = (byte)content;
wolfSSL 13:f67a6c6013ca 12168 c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL 13:f67a6c6013ca 12169 WriteSEQ(ssl, verify, seq);
wolfSSL 13:f67a6c6013ca 12170
wolfSSL 13:f67a6c6013ca 12171 if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL 13:f67a6c6013ca 12172 ret = wc_InitMd5_ex(&md5, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 12173 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12174 return ret;
wolfSSL 13:f67a6c6013ca 12175
wolfSSL 13:f67a6c6013ca 12176 /* inner */
wolfSSL 13:f67a6c6013ca 12177 ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 13:f67a6c6013ca 12178 ret |= wc_Md5Update(&md5, PAD1, padSz);
wolfSSL 13:f67a6c6013ca 12179 ret |= wc_Md5Update(&md5, seq, SEQ_SZ);
wolfSSL 13:f67a6c6013ca 12180 ret |= wc_Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL 13:f67a6c6013ca 12181 /* in buffer */
wolfSSL 13:f67a6c6013ca 12182 ret |= wc_Md5Update(&md5, in, sz);
wolfSSL 13:f67a6c6013ca 12183 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12184 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12185 ret = wc_Md5Final(&md5, result);
wolfSSL 13:f67a6c6013ca 12186 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12187 /* TODO: Make non-blocking */
wolfSSL 13:f67a6c6013ca 12188 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12189 ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 12190 }
wolfSSL 13:f67a6c6013ca 12191 #endif
wolfSSL 13:f67a6c6013ca 12192 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12193 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12194
wolfSSL 13:f67a6c6013ca 12195 /* outer */
wolfSSL 13:f67a6c6013ca 12196 ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 13:f67a6c6013ca 12197 ret |= wc_Md5Update(&md5, PAD2, padSz);
wolfSSL 13:f67a6c6013ca 12198 ret |= wc_Md5Update(&md5, result, digestSz);
wolfSSL 13:f67a6c6013ca 12199 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12200 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12201 ret = wc_Md5Final(&md5, digest);
wolfSSL 13:f67a6c6013ca 12202 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12203 /* TODO: Make non-blocking */
wolfSSL 13:f67a6c6013ca 12204 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12205 ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 12206 }
wolfSSL 13:f67a6c6013ca 12207 #endif
wolfSSL 13:f67a6c6013ca 12208 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12209 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12210
wolfSSL 13:f67a6c6013ca 12211 wc_Md5Free(&md5);
wolfSSL 13:f67a6c6013ca 12212 }
wolfSSL 13:f67a6c6013ca 12213 else {
wolfSSL 13:f67a6c6013ca 12214 ret = wc_InitSha_ex(&sha, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 12215 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12216 return ret;
wolfSSL 13:f67a6c6013ca 12217
wolfSSL 13:f67a6c6013ca 12218 /* inner */
wolfSSL 13:f67a6c6013ca 12219 ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 13:f67a6c6013ca 12220 ret |= wc_ShaUpdate(&sha, PAD1, padSz);
wolfSSL 13:f67a6c6013ca 12221 ret |= wc_ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL 13:f67a6c6013ca 12222 ret |= wc_ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL 13:f67a6c6013ca 12223 /* in buffer */
wolfSSL 13:f67a6c6013ca 12224 ret |= wc_ShaUpdate(&sha, in, sz);
wolfSSL 13:f67a6c6013ca 12225 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12226 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12227 ret = wc_ShaFinal(&sha, result);
wolfSSL 13:f67a6c6013ca 12228 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12229 /* TODO: Make non-blocking */
wolfSSL 13:f67a6c6013ca 12230 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12231 ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 12232 }
wolfSSL 13:f67a6c6013ca 12233 #endif
wolfSSL 13:f67a6c6013ca 12234 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12235 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12236
wolfSSL 13:f67a6c6013ca 12237 /* outer */
wolfSSL 13:f67a6c6013ca 12238 ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 13:f67a6c6013ca 12239 ret |= wc_ShaUpdate(&sha, PAD2, padSz);
wolfSSL 13:f67a6c6013ca 12240 ret |= wc_ShaUpdate(&sha, result, digestSz);
wolfSSL 13:f67a6c6013ca 12241 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12242 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12243 ret = wc_ShaFinal(&sha, digest);
wolfSSL 13:f67a6c6013ca 12244 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12245 /* TODO: Make non-blocking */
wolfSSL 13:f67a6c6013ca 12246 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12247 ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 13:f67a6c6013ca 12248 }
wolfSSL 13:f67a6c6013ca 12249 #endif
wolfSSL 13:f67a6c6013ca 12250 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12251 return VERIFY_MAC_ERROR;
wolfSSL 13:f67a6c6013ca 12252
wolfSSL 13:f67a6c6013ca 12253 wc_ShaFree(&sha);
wolfSSL 13:f67a6c6013ca 12254 }
wolfSSL 13:f67a6c6013ca 12255 return 0;
wolfSSL 13:f67a6c6013ca 12256 }
wolfSSL 13:f67a6c6013ca 12257 #endif /* NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 12258
wolfSSL 13:f67a6c6013ca 12259
wolfSSL 13:f67a6c6013ca 12260 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 12261
wolfSSL 13:f67a6c6013ca 12262 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 13:f67a6c6013ca 12263 static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 13:f67a6c6013ca 12264 {
wolfSSL 13:f67a6c6013ca 12265 int ret;
wolfSSL 13:f67a6c6013ca 12266 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 12267 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12268 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 12269 #else
wolfSSL 13:f67a6c6013ca 12270 Md5 md5[1];
wolfSSL 13:f67a6c6013ca 12271 #endif
wolfSSL 13:f67a6c6013ca 12272
wolfSSL 13:f67a6c6013ca 12273 /* make md5 inner */
wolfSSL 13:f67a6c6013ca 12274 ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
wolfSSL 13:f67a6c6013ca 12275 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12276 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 12277 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12278 ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL 13:f67a6c6013ca 12279 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12280 ret = wc_Md5Final(md5, md5_result);
wolfSSL 13:f67a6c6013ca 12281
wolfSSL 13:f67a6c6013ca 12282 /* make md5 outer */
wolfSSL 13:f67a6c6013ca 12283 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 12284 ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 12285 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 12286 ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 12287 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12288 ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL 13:f67a6c6013ca 12289 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12290 ret = wc_Md5Update(md5, md5_result, MD5_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 12291 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12292 ret = wc_Md5Final(md5, digest);
wolfSSL 13:f67a6c6013ca 12293 wc_Md5Free(md5);
wolfSSL 13:f67a6c6013ca 12294 }
wolfSSL 13:f67a6c6013ca 12295 }
wolfSSL 13:f67a6c6013ca 12296
wolfSSL 13:f67a6c6013ca 12297 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12298 XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 12299 #endif
wolfSSL 13:f67a6c6013ca 12300
wolfSSL 13:f67a6c6013ca 12301 return ret;
wolfSSL 13:f67a6c6013ca 12302 }
wolfSSL 13:f67a6c6013ca 12303 #endif /* !NO_MD5 && !NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 12304
wolfSSL 13:f67a6c6013ca 12305 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 12306 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 12307 static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 13:f67a6c6013ca 12308 {
wolfSSL 13:f67a6c6013ca 12309 int ret;
wolfSSL 13:f67a6c6013ca 12310 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 12311 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12312 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 12313 #else
wolfSSL 13:f67a6c6013ca 12314 Sha sha[1];
wolfSSL 13:f67a6c6013ca 12315 #endif
wolfSSL 13:f67a6c6013ca 12316
wolfSSL 13:f67a6c6013ca 12317 /* make sha inner */
wolfSSL 13:f67a6c6013ca 12318 ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL 13:f67a6c6013ca 12319 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12320 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 12321 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12322 ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL 13:f67a6c6013ca 12323 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12324 ret = wc_ShaFinal(sha, sha_result);
wolfSSL 13:f67a6c6013ca 12325
wolfSSL 13:f67a6c6013ca 12326 /* make sha outer */
wolfSSL 13:f67a6c6013ca 12327 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 12328 ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL 13:f67a6c6013ca 12329 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 12330 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 13:f67a6c6013ca 12331 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12332 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL 13:f67a6c6013ca 12333 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12334 ret = wc_ShaUpdate(sha, sha_result, SHA_DIGEST_SIZE);
wolfSSL 13:f67a6c6013ca 12335 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12336 ret = wc_ShaFinal(sha, digest);
wolfSSL 13:f67a6c6013ca 12337 wc_ShaFree(sha);
wolfSSL 13:f67a6c6013ca 12338 }
wolfSSL 13:f67a6c6013ca 12339 }
wolfSSL 13:f67a6c6013ca 12340
wolfSSL 13:f67a6c6013ca 12341 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12342 XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL 13:f67a6c6013ca 12343 #endif
wolfSSL 13:f67a6c6013ca 12344
wolfSSL 13:f67a6c6013ca 12345 return ret;
wolfSSL 13:f67a6c6013ca 12346 }
wolfSSL 13:f67a6c6013ca 12347 #endif /* !NO_SHA && (!NO_OLD_TLS || WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL 13:f67a6c6013ca 12348
wolfSSL 13:f67a6c6013ca 12349 int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
wolfSSL 13:f67a6c6013ca 12350 {
wolfSSL 13:f67a6c6013ca 12351 int ret = 0;
wolfSSL 13:f67a6c6013ca 12352
wolfSSL 13:f67a6c6013ca 12353 (void)hashes;
wolfSSL 13:f67a6c6013ca 12354
wolfSSL 13:f67a6c6013ca 12355 if (ssl->options.tls) {
wolfSSL 13:f67a6c6013ca 12356 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 13:f67a6c6013ca 12357 ret = wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
wolfSSL 13:f67a6c6013ca 12358 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12359 return ret;
wolfSSL 13:f67a6c6013ca 12360 #endif
wolfSSL 13:f67a6c6013ca 12361 #if !defined(NO_SHA)
wolfSSL 13:f67a6c6013ca 12362 ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
wolfSSL 13:f67a6c6013ca 12363 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12364 return ret;
wolfSSL 13:f67a6c6013ca 12365 #endif
wolfSSL 13:f67a6c6013ca 12366 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 12367 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 12368 ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,
wolfSSL 13:f67a6c6013ca 12369 hashes->sha256);
wolfSSL 13:f67a6c6013ca 12370 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12371 return ret;
wolfSSL 13:f67a6c6013ca 12372 #endif
wolfSSL 13:f67a6c6013ca 12373 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 12374 ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384,
wolfSSL 13:f67a6c6013ca 12375 hashes->sha384);
wolfSSL 13:f67a6c6013ca 12376 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12377 return ret;
wolfSSL 13:f67a6c6013ca 12378 #endif
wolfSSL 13:f67a6c6013ca 12379 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 12380 ret = wc_Sha512GetHash(&ssl->hsHashes->hashSha512,
wolfSSL 13:f67a6c6013ca 12381 hashes->sha512);
wolfSSL 13:f67a6c6013ca 12382 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12383 return ret;
wolfSSL 13:f67a6c6013ca 12384 #endif
wolfSSL 13:f67a6c6013ca 12385 }
wolfSSL 13:f67a6c6013ca 12386 }
wolfSSL 13:f67a6c6013ca 12387 else {
wolfSSL 13:f67a6c6013ca 12388 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 13:f67a6c6013ca 12389 ret = BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL 13:f67a6c6013ca 12390 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12391 return ret;
wolfSSL 13:f67a6c6013ca 12392 #endif
wolfSSL 13:f67a6c6013ca 12393 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 13:f67a6c6013ca 12394 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 13:f67a6c6013ca 12395 ret = BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL 13:f67a6c6013ca 12396 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12397 return ret;
wolfSSL 13:f67a6c6013ca 12398 #endif
wolfSSL 13:f67a6c6013ca 12399 }
wolfSSL 13:f67a6c6013ca 12400
wolfSSL 13:f67a6c6013ca 12401 return ret;
wolfSSL 13:f67a6c6013ca 12402 }
wolfSSL 13:f67a6c6013ca 12403
wolfSSL 13:f67a6c6013ca 12404 #endif /* WOLFSSL_LEANPSK */
wolfSSL 13:f67a6c6013ca 12405
wolfSSL 13:f67a6c6013ca 12406 /* Persistable BuildMessage arguments */
wolfSSL 13:f67a6c6013ca 12407 typedef struct BuildMsgArgs {
wolfSSL 13:f67a6c6013ca 12408 word32 digestSz;
wolfSSL 13:f67a6c6013ca 12409 word32 sz;
wolfSSL 13:f67a6c6013ca 12410 word32 pad;
wolfSSL 13:f67a6c6013ca 12411 word32 idx;
wolfSSL 13:f67a6c6013ca 12412 word32 headerSz;
wolfSSL 13:f67a6c6013ca 12413 word16 size;
wolfSSL 13:f67a6c6013ca 12414 word32 ivSz; /* TLSv1.1 IV */
wolfSSL 13:f67a6c6013ca 12415 byte iv[AES_BLOCK_SIZE]; /* max size */
wolfSSL 13:f67a6c6013ca 12416 } BuildMsgArgs;
wolfSSL 13:f67a6c6013ca 12417
wolfSSL 13:f67a6c6013ca 12418 static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 12419 {
wolfSSL 13:f67a6c6013ca 12420 BuildMsgArgs* args = (BuildMsgArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 12421
wolfSSL 13:f67a6c6013ca 12422 (void)ssl;
wolfSSL 13:f67a6c6013ca 12423 (void)args;
wolfSSL 13:f67a6c6013ca 12424
wolfSSL 13:f67a6c6013ca 12425 /* no allocations in BuildMessage */
wolfSSL 13:f67a6c6013ca 12426 }
wolfSSL 13:f67a6c6013ca 12427
wolfSSL 13:f67a6c6013ca 12428 /* Build SSL Message, encrypted */
wolfSSL 13:f67a6c6013ca 12429 int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL 13:f67a6c6013ca 12430 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay)
wolfSSL 13:f67a6c6013ca 12431 {
wolfSSL 13:f67a6c6013ca 12432 int ret = 0;
wolfSSL 13:f67a6c6013ca 12433 BuildMsgArgs* args;
wolfSSL 13:f67a6c6013ca 12434 BuildMsgArgs lcl_args;
wolfSSL 13:f67a6c6013ca 12435 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12436 args = (BuildMsgArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 12437 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 12438 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 12439 #endif
wolfSSL 13:f67a6c6013ca 12440
wolfSSL 13:f67a6c6013ca 12441 WOLFSSL_ENTER("BuildMessage");
wolfSSL 13:f67a6c6013ca 12442
wolfSSL 13:f67a6c6013ca 12443 if (ssl == NULL) {
wolfSSL 13:f67a6c6013ca 12444 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 12445 }
wolfSSL 13:f67a6c6013ca 12446
wolfSSL 13:f67a6c6013ca 12447 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 12448 if (ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 12449 return BuildTls13Message(ssl, output, outSz, input, inSz, type,
wolfSSL 13:f67a6c6013ca 12450 hashOutput, sizeOnly, asyncOkay);
wolfSSL 13:f67a6c6013ca 12451 }
wolfSSL 13:f67a6c6013ca 12452 #endif
wolfSSL 13:f67a6c6013ca 12453
wolfSSL 13:f67a6c6013ca 12454 ret = WC_NOT_PENDING_E;
wolfSSL 13:f67a6c6013ca 12455 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12456 if (asyncOkay) {
wolfSSL 13:f67a6c6013ca 12457 ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
wolfSSL 13:f67a6c6013ca 12458 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12459 /* Check for error */
wolfSSL 13:f67a6c6013ca 12460 if (ret < 0)
wolfSSL 13:f67a6c6013ca 12461 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12462 }
wolfSSL 13:f67a6c6013ca 12463 }
wolfSSL 13:f67a6c6013ca 12464 else
wolfSSL 13:f67a6c6013ca 12465 #endif
wolfSSL 13:f67a6c6013ca 12466 {
wolfSSL 13:f67a6c6013ca 12467 args = &lcl_args;
wolfSSL 13:f67a6c6013ca 12468 }
wolfSSL 13:f67a6c6013ca 12469
wolfSSL 13:f67a6c6013ca 12470 /* Reset state */
wolfSSL 13:f67a6c6013ca 12471 if (ret == WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12472 ret = 0;
wolfSSL 13:f67a6c6013ca 12473 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 13:f67a6c6013ca 12474 XMEMSET(args, 0, sizeof(BuildMsgArgs));
wolfSSL 13:f67a6c6013ca 12475
wolfSSL 13:f67a6c6013ca 12476 args->sz = RECORD_HEADER_SZ + inSz;
wolfSSL 13:f67a6c6013ca 12477 args->idx = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12478 args->headerSz = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12479 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12480 ssl->async.freeArgs = FreeBuildMsgArgs;
wolfSSL 13:f67a6c6013ca 12481 #endif
wolfSSL 13:f67a6c6013ca 12482 }
wolfSSL 13:f67a6c6013ca 12483
wolfSSL 13:f67a6c6013ca 12484 switch (ssl->options.buildMsgState) {
wolfSSL 13:f67a6c6013ca 12485 case BUILD_MSG_BEGIN:
wolfSSL 13:f67a6c6013ca 12486 {
wolfSSL 13:f67a6c6013ca 12487 /* catch mistaken sizeOnly parameter */
wolfSSL 13:f67a6c6013ca 12488 if (!sizeOnly && (output == NULL || input == NULL) ) {
wolfSSL 13:f67a6c6013ca 12489 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 12490 }
wolfSSL 13:f67a6c6013ca 12491 if (sizeOnly && (output || input) ) {
wolfSSL 13:f67a6c6013ca 12492 WOLFSSL_MSG("BuildMessage w/sizeOnly doesn't need input/output");
wolfSSL 13:f67a6c6013ca 12493 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 12494 }
wolfSSL 13:f67a6c6013ca 12495
wolfSSL 13:f67a6c6013ca 12496 ssl->options.buildMsgState = BUILD_MSG_SIZE;
wolfSSL 13:f67a6c6013ca 12497 }
wolfSSL 13:f67a6c6013ca 12498 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 12499 case BUILD_MSG_SIZE:
wolfSSL 13:f67a6c6013ca 12500 {
wolfSSL 13:f67a6c6013ca 12501 args->digestSz = ssl->specs.hash_size;
wolfSSL 13:f67a6c6013ca 12502 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 12503 if (ssl->truncated_hmac)
wolfSSL 13:f67a6c6013ca 12504 args->digestSz = min(TRUNCATED_HMAC_SZ, args->digestSz);
wolfSSL 13:f67a6c6013ca 12505 #endif
wolfSSL 13:f67a6c6013ca 12506 args->sz += args->digestSz;
wolfSSL 13:f67a6c6013ca 12507
wolfSSL 13:f67a6c6013ca 12508 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12509 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12510 args->sz += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 12511 args->idx += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 12512 args->headerSz += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 12513 }
wolfSSL 13:f67a6c6013ca 12514 #endif
wolfSSL 13:f67a6c6013ca 12515
wolfSSL 13:f67a6c6013ca 12516 if (ssl->specs.cipher_type == block) {
wolfSSL 13:f67a6c6013ca 12517 word32 blockSz = ssl->specs.block_size;
wolfSSL 13:f67a6c6013ca 12518 if (ssl->options.tls1_1) {
wolfSSL 13:f67a6c6013ca 12519 args->ivSz = blockSz;
wolfSSL 13:f67a6c6013ca 12520 args->sz += args->ivSz;
wolfSSL 13:f67a6c6013ca 12521
wolfSSL 13:f67a6c6013ca 12522 if (args->ivSz > (word32)sizeof(args->iv))
wolfSSL 13:f67a6c6013ca 12523 ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL 13:f67a6c6013ca 12524 }
wolfSSL 13:f67a6c6013ca 12525 args->sz += 1; /* pad byte */
wolfSSL 13:f67a6c6013ca 12526 args->pad = (args->sz - args->headerSz) % blockSz;
wolfSSL 13:f67a6c6013ca 12527 args->pad = blockSz - args->pad;
wolfSSL 13:f67a6c6013ca 12528 args->sz += args->pad;
wolfSSL 13:f67a6c6013ca 12529 }
wolfSSL 13:f67a6c6013ca 12530
wolfSSL 13:f67a6c6013ca 12531 #ifdef HAVE_AEAD
wolfSSL 13:f67a6c6013ca 12532 if (ssl->specs.cipher_type == aead) {
wolfSSL 13:f67a6c6013ca 12533 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 13:f67a6c6013ca 12534 args->ivSz = AESGCM_EXP_IV_SZ;
wolfSSL 13:f67a6c6013ca 12535
wolfSSL 13:f67a6c6013ca 12536 args->sz += (args->ivSz + ssl->specs.aead_mac_size - args->digestSz);
wolfSSL 13:f67a6c6013ca 12537 }
wolfSSL 13:f67a6c6013ca 12538 #endif
wolfSSL 13:f67a6c6013ca 12539
wolfSSL 13:f67a6c6013ca 12540 /* done with size calculations */
wolfSSL 13:f67a6c6013ca 12541 if (sizeOnly)
wolfSSL 13:f67a6c6013ca 12542 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12543
wolfSSL 13:f67a6c6013ca 12544 if (args->sz > (word32)outSz) {
wolfSSL 13:f67a6c6013ca 12545 WOLFSSL_MSG("Oops, want to write past output buffer size");
wolfSSL 13:f67a6c6013ca 12546 ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL 13:f67a6c6013ca 12547 }
wolfSSL 13:f67a6c6013ca 12548
wolfSSL 13:f67a6c6013ca 12549 if (args->ivSz > 0) {
wolfSSL 13:f67a6c6013ca 12550 ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz);
wolfSSL 13:f67a6c6013ca 12551 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12552 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12553
wolfSSL 13:f67a6c6013ca 12554 }
wolfSSL 13:f67a6c6013ca 12555
wolfSSL 13:f67a6c6013ca 12556 #ifdef HAVE_AEAD
wolfSSL 13:f67a6c6013ca 12557 if (ssl->specs.cipher_type == aead) {
wolfSSL 13:f67a6c6013ca 12558 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 13:f67a6c6013ca 12559 XMEMCPY(args->iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 13:f67a6c6013ca 12560 }
wolfSSL 13:f67a6c6013ca 12561 #endif
wolfSSL 13:f67a6c6013ca 12562
wolfSSL 13:f67a6c6013ca 12563 args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */
wolfSSL 13:f67a6c6013ca 12564 AddRecordHeader(output, args->size, (byte)type, ssl);
wolfSSL 13:f67a6c6013ca 12565
wolfSSL 13:f67a6c6013ca 12566 /* write to output */
wolfSSL 13:f67a6c6013ca 12567 if (args->ivSz) {
wolfSSL 13:f67a6c6013ca 12568 XMEMCPY(output + args->idx, args->iv,
wolfSSL 13:f67a6c6013ca 12569 min(args->ivSz, sizeof(args->iv)));
wolfSSL 13:f67a6c6013ca 12570 args->idx += args->ivSz;
wolfSSL 13:f67a6c6013ca 12571 }
wolfSSL 13:f67a6c6013ca 12572 XMEMCPY(output + args->idx, input, inSz);
wolfSSL 13:f67a6c6013ca 12573 args->idx += inSz;
wolfSSL 13:f67a6c6013ca 12574
wolfSSL 13:f67a6c6013ca 12575 ssl->options.buildMsgState = BUILD_MSG_HASH;
wolfSSL 13:f67a6c6013ca 12576 }
wolfSSL 13:f67a6c6013ca 12577 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 12578 case BUILD_MSG_HASH:
wolfSSL 13:f67a6c6013ca 12579 {
wolfSSL 13:f67a6c6013ca 12580 word32 i;
wolfSSL 13:f67a6c6013ca 12581
wolfSSL 13:f67a6c6013ca 12582 if (type == handshake && hashOutput) {
wolfSSL 13:f67a6c6013ca 12583 ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
wolfSSL 13:f67a6c6013ca 12584 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12585 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12586 }
wolfSSL 13:f67a6c6013ca 12587 if (ssl->specs.cipher_type == block) {
wolfSSL 13:f67a6c6013ca 12588 word32 tmpIdx = args->idx + args->digestSz;
wolfSSL 13:f67a6c6013ca 12589
wolfSSL 13:f67a6c6013ca 12590 for (i = 0; i <= args->pad; i++)
wolfSSL 13:f67a6c6013ca 12591 output[tmpIdx++] = (byte)args->pad; /* pad byte gets pad value */
wolfSSL 13:f67a6c6013ca 12592 }
wolfSSL 13:f67a6c6013ca 12593
wolfSSL 13:f67a6c6013ca 12594 ssl->options.buildMsgState = BUILD_MSG_VERIFY_MAC;
wolfSSL 13:f67a6c6013ca 12595 }
wolfSSL 13:f67a6c6013ca 12596 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 12597 case BUILD_MSG_VERIFY_MAC:
wolfSSL 13:f67a6c6013ca 12598 {
wolfSSL 13:f67a6c6013ca 12599 /* User Record Layer Callback handling */
wolfSSL 13:f67a6c6013ca 12600 #ifdef ATOMIC_USER
wolfSSL 13:f67a6c6013ca 12601 if (ssl->ctx->MacEncryptCb) {
wolfSSL 13:f67a6c6013ca 12602 ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
wolfSSL 13:f67a6c6013ca 12603 output + args->headerSz + args->ivSz, inSz, type, 0,
wolfSSL 13:f67a6c6013ca 12604 output + args->headerSz, output + args->headerSz, args->size,
wolfSSL 13:f67a6c6013ca 12605 ssl->MacEncryptCtx);
wolfSSL 13:f67a6c6013ca 12606 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12607 }
wolfSSL 13:f67a6c6013ca 12608 #endif
wolfSSL 13:f67a6c6013ca 12609
wolfSSL 13:f67a6c6013ca 12610 if (ssl->specs.cipher_type != aead) {
wolfSSL 13:f67a6c6013ca 12611 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 13:f67a6c6013ca 12612 if (ssl->truncated_hmac && ssl->specs.hash_size > args->digestSz) {
wolfSSL 13:f67a6c6013ca 12613 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12614 byte* hmac = NULL;
wolfSSL 13:f67a6c6013ca 12615 #else
wolfSSL 13:f67a6c6013ca 12616 byte hmac[MAX_DIGEST_SIZE];
wolfSSL 13:f67a6c6013ca 12617 #endif
wolfSSL 13:f67a6c6013ca 12618
wolfSSL 13:f67a6c6013ca 12619 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12620 hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap,
wolfSSL 13:f67a6c6013ca 12621 DYNAMIC_TYPE_DIGEST);
wolfSSL 13:f67a6c6013ca 12622 if (hmac == NULL)
wolfSSL 13:f67a6c6013ca 12623 ERROR_OUT(MEMORY_E, exit_buildmsg);
wolfSSL 13:f67a6c6013ca 12624 #endif
wolfSSL 13:f67a6c6013ca 12625
wolfSSL 13:f67a6c6013ca 12626 ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz,
wolfSSL 13:f67a6c6013ca 12627 type, 0);
wolfSSL 13:f67a6c6013ca 12628 XMEMCPY(output + args->idx, hmac, args->digestSz);
wolfSSL 13:f67a6c6013ca 12629
wolfSSL 13:f67a6c6013ca 12630 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 12631 XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL 13:f67a6c6013ca 12632 #endif
wolfSSL 13:f67a6c6013ca 12633 }
wolfSSL 13:f67a6c6013ca 12634 else
wolfSSL 13:f67a6c6013ca 12635 #endif
wolfSSL 13:f67a6c6013ca 12636 ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz,
wolfSSL 13:f67a6c6013ca 12637 inSz, type, 0);
wolfSSL 13:f67a6c6013ca 12638 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12639 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 12640 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 12641 #endif
wolfSSL 13:f67a6c6013ca 12642 }
wolfSSL 13:f67a6c6013ca 12643 if (ret != 0)
wolfSSL 13:f67a6c6013ca 12644 goto exit_buildmsg;
wolfSSL 13:f67a6c6013ca 12645
wolfSSL 13:f67a6c6013ca 12646 ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
wolfSSL 13:f67a6c6013ca 12647 }
wolfSSL 13:f67a6c6013ca 12648 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 12649 case BUILD_MSG_ENCRYPT:
wolfSSL 13:f67a6c6013ca 12650 {
wolfSSL 13:f67a6c6013ca 12651 ret = Encrypt(ssl, output + args->headerSz, output + args->headerSz, args->size,
wolfSSL 13:f67a6c6013ca 12652 asyncOkay);
wolfSSL 13:f67a6c6013ca 12653 break;
wolfSSL 13:f67a6c6013ca 12654 }
wolfSSL 13:f67a6c6013ca 12655 }
wolfSSL 13:f67a6c6013ca 12656
wolfSSL 13:f67a6c6013ca 12657 exit_buildmsg:
wolfSSL 13:f67a6c6013ca 12658
wolfSSL 13:f67a6c6013ca 12659 WOLFSSL_LEAVE("BuildMessage", ret);
wolfSSL 13:f67a6c6013ca 12660
wolfSSL 13:f67a6c6013ca 12661 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 12662 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 12663 return ret;
wolfSSL 13:f67a6c6013ca 12664 }
wolfSSL 13:f67a6c6013ca 12665 #endif
wolfSSL 13:f67a6c6013ca 12666
wolfSSL 13:f67a6c6013ca 12667 /* make sure build message state is reset */
wolfSSL 13:f67a6c6013ca 12668 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 13:f67a6c6013ca 12669
wolfSSL 13:f67a6c6013ca 12670 /* return sz on success */
wolfSSL 13:f67a6c6013ca 12671 if (ret == 0)
wolfSSL 13:f67a6c6013ca 12672 ret = args->sz;
wolfSSL 13:f67a6c6013ca 12673
wolfSSL 13:f67a6c6013ca 12674 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 12675 FreeBuildMsgArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 12676
wolfSSL 13:f67a6c6013ca 12677 return ret;
wolfSSL 13:f67a6c6013ca 12678 }
wolfSSL 13:f67a6c6013ca 12679
wolfSSL 13:f67a6c6013ca 12680
wolfSSL 13:f67a6c6013ca 12681 int SendFinished(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 12682 {
wolfSSL 13:f67a6c6013ca 12683 int sendSz,
wolfSSL 13:f67a6c6013ca 12684 finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL 13:f67a6c6013ca 12685 FINISHED_SZ;
wolfSSL 13:f67a6c6013ca 12686 byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL 13:f67a6c6013ca 12687 byte *output;
wolfSSL 13:f67a6c6013ca 12688 Hashes* hashes;
wolfSSL 13:f67a6c6013ca 12689 int ret;
wolfSSL 13:f67a6c6013ca 12690 int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12691 int outputSz;
wolfSSL 13:f67a6c6013ca 12692
wolfSSL 13:f67a6c6013ca 12693 /* setup encrypt keys */
wolfSSL 13:f67a6c6013ca 12694 if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
wolfSSL 13:f67a6c6013ca 12695 return ret;
wolfSSL 13:f67a6c6013ca 12696
wolfSSL 13:f67a6c6013ca 12697 /* check for available size */
wolfSSL 13:f67a6c6013ca 12698 outputSz = sizeof(input) + MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 12699 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 13:f67a6c6013ca 12700 return ret;
wolfSSL 13:f67a6c6013ca 12701
wolfSSL 13:f67a6c6013ca 12702 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12703 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12704 headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 12705 ssl->keys.dtls_epoch++;
wolfSSL 13:f67a6c6013ca 12706 ssl->keys.dtls_prev_sequence_number_hi =
wolfSSL 13:f67a6c6013ca 12707 ssl->keys.dtls_sequence_number_hi;
wolfSSL 13:f67a6c6013ca 12708 ssl->keys.dtls_prev_sequence_number_lo =
wolfSSL 13:f67a6c6013ca 12709 ssl->keys.dtls_sequence_number_lo;
wolfSSL 13:f67a6c6013ca 12710 ssl->keys.dtls_sequence_number_hi = 0;
wolfSSL 13:f67a6c6013ca 12711 ssl->keys.dtls_sequence_number_lo = 0;
wolfSSL 13:f67a6c6013ca 12712 }
wolfSSL 13:f67a6c6013ca 12713 #endif
wolfSSL 13:f67a6c6013ca 12714
wolfSSL 13:f67a6c6013ca 12715 /* get output buffer */
wolfSSL 13:f67a6c6013ca 12716 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 12717 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 12718
wolfSSL 13:f67a6c6013ca 12719 AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
wolfSSL 13:f67a6c6013ca 12720
wolfSSL 13:f67a6c6013ca 12721 /* make finished hashes */
wolfSSL 13:f67a6c6013ca 12722 hashes = (Hashes*)&input[headerSz];
wolfSSL 13:f67a6c6013ca 12723 ret = BuildFinished(ssl, hashes,
wolfSSL 13:f67a6c6013ca 12724 ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
wolfSSL 13:f67a6c6013ca 12725 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 12726
wolfSSL 13:f67a6c6013ca 12727 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 12728 if (ssl->secure_renegotiation) {
wolfSSL 13:f67a6c6013ca 12729 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 13:f67a6c6013ca 12730 XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
wolfSSL 13:f67a6c6013ca 12731 TLS_FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 12732 else
wolfSSL 13:f67a6c6013ca 12733 XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
wolfSSL 13:f67a6c6013ca 12734 TLS_FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 12735 }
wolfSSL 13:f67a6c6013ca 12736 #endif
wolfSSL 13:f67a6c6013ca 12737
wolfSSL 13:f67a6c6013ca 12738 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12739 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 12740 if ((ret = DtlsMsgPoolSave(ssl, input, headerSz + finishedSz)) != 0)
wolfSSL 13:f67a6c6013ca 12741 return ret;
wolfSSL 13:f67a6c6013ca 12742 }
wolfSSL 13:f67a6c6013ca 12743 #endif
wolfSSL 13:f67a6c6013ca 12744
wolfSSL 13:f67a6c6013ca 12745 sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
wolfSSL 13:f67a6c6013ca 12746 handshake, 1, 0, 0);
wolfSSL 13:f67a6c6013ca 12747 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 12748 return BUILD_MSG_ERROR;
wolfSSL 13:f67a6c6013ca 12749
wolfSSL 13:f67a6c6013ca 12750 if (!ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 12751 #ifndef NO_SESSION_CACHE
wolfSSL 13:f67a6c6013ca 12752 AddSession(ssl); /* just try */
wolfSSL 13:f67a6c6013ca 12753 #endif
wolfSSL 13:f67a6c6013ca 12754 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 12755 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 13:f67a6c6013ca 12756 ssl->options.handShakeDone = 1;
wolfSSL 13:f67a6c6013ca 12757 }
wolfSSL 13:f67a6c6013ca 12758 }
wolfSSL 13:f67a6c6013ca 12759 else {
wolfSSL 13:f67a6c6013ca 12760 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 13:f67a6c6013ca 12761 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 13:f67a6c6013ca 12762 ssl->options.handShakeDone = 1;
wolfSSL 13:f67a6c6013ca 12763 }
wolfSSL 13:f67a6c6013ca 12764 }
wolfSSL 13:f67a6c6013ca 12765
wolfSSL 13:f67a6c6013ca 12766 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 12767 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 12768 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 12769 AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 12770 ssl->heap);
wolfSSL 13:f67a6c6013ca 12771 #endif
wolfSSL 13:f67a6c6013ca 12772
wolfSSL 13:f67a6c6013ca 12773 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 12774
wolfSSL 13:f67a6c6013ca 12775 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 12776 }
wolfSSL 13:f67a6c6013ca 12777
wolfSSL 13:f67a6c6013ca 12778
wolfSSL 13:f67a6c6013ca 12779 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 12780 int SendCertificate(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 12781 {
wolfSSL 13:f67a6c6013ca 12782 int ret = 0;
wolfSSL 13:f67a6c6013ca 12783 word32 certSz, certChainSz, headerSz, listSz, payloadSz;
wolfSSL 13:f67a6c6013ca 12784 word32 length, maxFragment;
wolfSSL 13:f67a6c6013ca 12785
wolfSSL 13:f67a6c6013ca 12786 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 13:f67a6c6013ca 12787 return 0; /* not needed */
wolfSSL 13:f67a6c6013ca 12788
wolfSSL 13:f67a6c6013ca 12789 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 13:f67a6c6013ca 12790 certSz = 0;
wolfSSL 13:f67a6c6013ca 12791 certChainSz = 0;
wolfSSL 13:f67a6c6013ca 12792 headerSz = CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12793 length = CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12794 listSz = 0;
wolfSSL 13:f67a6c6013ca 12795 }
wolfSSL 13:f67a6c6013ca 12796 else {
wolfSSL 13:f67a6c6013ca 12797 if (!ssl->buffers.certificate) {
wolfSSL 13:f67a6c6013ca 12798 WOLFSSL_MSG("Send Cert missing certificate buffer");
wolfSSL 13:f67a6c6013ca 12799 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 12800 }
wolfSSL 13:f67a6c6013ca 12801 certSz = ssl->buffers.certificate->length;
wolfSSL 13:f67a6c6013ca 12802 headerSz = 2 * CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12803 /* list + cert size */
wolfSSL 13:f67a6c6013ca 12804 length = certSz + headerSz;
wolfSSL 13:f67a6c6013ca 12805 listSz = certSz + CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12806
wolfSSL 13:f67a6c6013ca 12807 /* may need to send rest of chain, already has leading size(s) */
wolfSSL 13:f67a6c6013ca 12808 if (certSz && ssl->buffers.certChain) {
wolfSSL 13:f67a6c6013ca 12809 certChainSz = ssl->buffers.certChain->length;
wolfSSL 13:f67a6c6013ca 12810 length += certChainSz;
wolfSSL 13:f67a6c6013ca 12811 listSz += certChainSz;
wolfSSL 13:f67a6c6013ca 12812 }
wolfSSL 13:f67a6c6013ca 12813 else
wolfSSL 13:f67a6c6013ca 12814 certChainSz = 0;
wolfSSL 13:f67a6c6013ca 12815 }
wolfSSL 13:f67a6c6013ca 12816
wolfSSL 13:f67a6c6013ca 12817 payloadSz = length;
wolfSSL 13:f67a6c6013ca 12818
wolfSSL 13:f67a6c6013ca 12819 if (ssl->fragOffset != 0)
wolfSSL 13:f67a6c6013ca 12820 length -= (ssl->fragOffset + headerSz);
wolfSSL 13:f67a6c6013ca 12821
wolfSSL 13:f67a6c6013ca 12822 maxFragment = MAX_RECORD_SIZE;
wolfSSL 13:f67a6c6013ca 12823 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12824 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12825 maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
wolfSSL 13:f67a6c6013ca 12826 - DTLS_HANDSHAKE_HEADER_SZ - 100;
wolfSSL 13:f67a6c6013ca 12827 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 12828 }
wolfSSL 13:f67a6c6013ca 12829
wolfSSL 13:f67a6c6013ca 12830 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 13:f67a6c6013ca 12831 if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
wolfSSL 13:f67a6c6013ca 12832 maxFragment = ssl->max_fragment;
wolfSSL 13:f67a6c6013ca 12833 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 13:f67a6c6013ca 12834
wolfSSL 13:f67a6c6013ca 12835 while (length > 0 && ret == 0) {
wolfSSL 13:f67a6c6013ca 12836 byte* output = NULL;
wolfSSL 13:f67a6c6013ca 12837 word32 fragSz = 0;
wolfSSL 13:f67a6c6013ca 12838 word32 i = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12839 int sendSz = RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12840
wolfSSL 13:f67a6c6013ca 12841 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12842 if (ssl->fragOffset == 0) {
wolfSSL 13:f67a6c6013ca 12843 if (headerSz + certSz + certChainSz <=
wolfSSL 13:f67a6c6013ca 12844 maxFragment - HANDSHAKE_HEADER_SZ) {
wolfSSL 13:f67a6c6013ca 12845
wolfSSL 13:f67a6c6013ca 12846 fragSz = headerSz + certSz + certChainSz;
wolfSSL 13:f67a6c6013ca 12847 }
wolfSSL 13:f67a6c6013ca 12848 else {
wolfSSL 13:f67a6c6013ca 12849 fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12850 }
wolfSSL 13:f67a6c6013ca 12851 sendSz += fragSz + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12852 i += HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12853 }
wolfSSL 13:f67a6c6013ca 12854 else {
wolfSSL 13:f67a6c6013ca 12855 fragSz = min(length, maxFragment);
wolfSSL 13:f67a6c6013ca 12856 sendSz += fragSz;
wolfSSL 13:f67a6c6013ca 12857 }
wolfSSL 13:f67a6c6013ca 12858
wolfSSL 13:f67a6c6013ca 12859 if (IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 12860 sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 12861 }
wolfSSL 13:f67a6c6013ca 12862 else {
wolfSSL 13:f67a6c6013ca 12863 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12864 fragSz = min(length, maxFragment);
wolfSSL 13:f67a6c6013ca 12865 sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 13:f67a6c6013ca 12866 + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12867 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 13:f67a6c6013ca 12868 + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12869 #endif
wolfSSL 13:f67a6c6013ca 12870 }
wolfSSL 13:f67a6c6013ca 12871
wolfSSL 13:f67a6c6013ca 12872 /* check for available size */
wolfSSL 13:f67a6c6013ca 12873 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 12874 return ret;
wolfSSL 13:f67a6c6013ca 12875
wolfSSL 13:f67a6c6013ca 12876 /* get output buffer */
wolfSSL 13:f67a6c6013ca 12877 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 12878 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 12879
wolfSSL 13:f67a6c6013ca 12880 if (ssl->fragOffset == 0) {
wolfSSL 13:f67a6c6013ca 12881 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12882 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 13:f67a6c6013ca 12883 if (!IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 12884 HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 12885 HANDSHAKE_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 12886 }
wolfSSL 13:f67a6c6013ca 12887 else {
wolfSSL 13:f67a6c6013ca 12888 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12889 AddHeaders(output, payloadSz, certificate, ssl);
wolfSSL 13:f67a6c6013ca 12890 if (!IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 12891 HashOutputRaw(ssl,
wolfSSL 13:f67a6c6013ca 12892 output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
wolfSSL 13:f67a6c6013ca 12893 HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
wolfSSL 13:f67a6c6013ca 12894 /* Adding the headers increments these, decrement them for
wolfSSL 13:f67a6c6013ca 12895 * actual message header. */
wolfSSL 13:f67a6c6013ca 12896 ssl->keys.dtls_handshake_number--;
wolfSSL 13:f67a6c6013ca 12897 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 13:f67a6c6013ca 12898 ssl->keys.dtls_handshake_number--;
wolfSSL 13:f67a6c6013ca 12899 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 12900 }
wolfSSL 13:f67a6c6013ca 12901
wolfSSL 13:f67a6c6013ca 12902 /* list total */
wolfSSL 13:f67a6c6013ca 12903 c32to24(listSz, output + i);
wolfSSL 13:f67a6c6013ca 12904 if (!IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 12905 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 12906 i += CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12907 length -= CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12908 fragSz -= CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12909 if (certSz) {
wolfSSL 13:f67a6c6013ca 12910 c32to24(certSz, output + i);
wolfSSL 13:f67a6c6013ca 12911 if (!IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 12912 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 12913 i += CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12914 length -= CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12915 fragSz -= CERT_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 12916
wolfSSL 13:f67a6c6013ca 12917 if (!IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 12918 HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz);
wolfSSL 13:f67a6c6013ca 12919 if (certChainSz)
wolfSSL 13:f67a6c6013ca 12920 HashOutputRaw(ssl, ssl->buffers.certChain->buffer,
wolfSSL 13:f67a6c6013ca 12921 certChainSz);
wolfSSL 13:f67a6c6013ca 12922 }
wolfSSL 13:f67a6c6013ca 12923 }
wolfSSL 13:f67a6c6013ca 12924 }
wolfSSL 13:f67a6c6013ca 12925 else {
wolfSSL 13:f67a6c6013ca 12926 if (!ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 12927 AddRecordHeader(output, fragSz, handshake, ssl);
wolfSSL 13:f67a6c6013ca 12928 }
wolfSSL 13:f67a6c6013ca 12929 else {
wolfSSL 13:f67a6c6013ca 12930 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12931 AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
wolfSSL 13:f67a6c6013ca 12932 payloadSz, certificate, ssl);
wolfSSL 13:f67a6c6013ca 12933 ssl->keys.dtls_handshake_number--;
wolfSSL 13:f67a6c6013ca 12934 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 12935 }
wolfSSL 13:f67a6c6013ca 12936 }
wolfSSL 13:f67a6c6013ca 12937
wolfSSL 13:f67a6c6013ca 12938 /* member */
wolfSSL 13:f67a6c6013ca 12939 if (certSz && ssl->fragOffset < certSz) {
wolfSSL 13:f67a6c6013ca 12940 word32 copySz = min(certSz - ssl->fragOffset, fragSz);
wolfSSL 13:f67a6c6013ca 12941 XMEMCPY(output + i,
wolfSSL 13:f67a6c6013ca 12942 ssl->buffers.certificate->buffer + ssl->fragOffset, copySz);
wolfSSL 13:f67a6c6013ca 12943 i += copySz;
wolfSSL 13:f67a6c6013ca 12944 ssl->fragOffset += copySz;
wolfSSL 13:f67a6c6013ca 12945 length -= copySz;
wolfSSL 13:f67a6c6013ca 12946 fragSz -= copySz;
wolfSSL 13:f67a6c6013ca 12947 }
wolfSSL 13:f67a6c6013ca 12948 if (certChainSz && fragSz) {
wolfSSL 13:f67a6c6013ca 12949 word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
wolfSSL 13:f67a6c6013ca 12950 XMEMCPY(output + i,
wolfSSL 13:f67a6c6013ca 12951 ssl->buffers.certChain->buffer + ssl->fragOffset - certSz,
wolfSSL 13:f67a6c6013ca 12952 copySz);
wolfSSL 13:f67a6c6013ca 12953 i += copySz;
wolfSSL 13:f67a6c6013ca 12954 ssl->fragOffset += copySz;
wolfSSL 13:f67a6c6013ca 12955 length -= copySz;
wolfSSL 13:f67a6c6013ca 12956 }
wolfSSL 13:f67a6c6013ca 12957
wolfSSL 13:f67a6c6013ca 12958 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 12959 byte* input = NULL;
wolfSSL 13:f67a6c6013ca 12960 int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 13:f67a6c6013ca 12961
wolfSSL 13:f67a6c6013ca 12962 if (inputSz < 0) {
wolfSSL 13:f67a6c6013ca 12963 WOLFSSL_MSG("Send Cert bad inputSz");
wolfSSL 13:f67a6c6013ca 12964 return BUFFER_E;
wolfSSL 13:f67a6c6013ca 12965 }
wolfSSL 13:f67a6c6013ca 12966
wolfSSL 13:f67a6c6013ca 12967 if (inputSz > 0) { /* clang thinks could be zero, let's help */
wolfSSL 13:f67a6c6013ca 12968 input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 12969 DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 12970 if (input == NULL)
wolfSSL 13:f67a6c6013ca 12971 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 12972 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 13:f67a6c6013ca 12973 }
wolfSSL 13:f67a6c6013ca 12974
wolfSSL 13:f67a6c6013ca 12975 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 13:f67a6c6013ca 12976 handshake, 1, 0, 0);
wolfSSL 13:f67a6c6013ca 12977
wolfSSL 13:f67a6c6013ca 12978 if (inputSz > 0)
wolfSSL 13:f67a6c6013ca 12979 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 12980
wolfSSL 13:f67a6c6013ca 12981 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 12982 return sendSz;
wolfSSL 13:f67a6c6013ca 12983 }
wolfSSL 13:f67a6c6013ca 12984 else {
wolfSSL 13:f67a6c6013ca 12985 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12986 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 12987 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 12988 #endif
wolfSSL 13:f67a6c6013ca 12989 }
wolfSSL 13:f67a6c6013ca 12990
wolfSSL 13:f67a6c6013ca 12991 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 12992 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 12993 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 12994 return ret;
wolfSSL 13:f67a6c6013ca 12995 }
wolfSSL 13:f67a6c6013ca 12996 #endif
wolfSSL 13:f67a6c6013ca 12997
wolfSSL 13:f67a6c6013ca 12998 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 12999 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 13000 AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 13001 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 13002 AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 13003 ssl->heap);
wolfSSL 13:f67a6c6013ca 13004 #endif
wolfSSL 13:f67a6c6013ca 13005
wolfSSL 13:f67a6c6013ca 13006 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 13007 if (!ssl->options.groupMessages)
wolfSSL 13:f67a6c6013ca 13008 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 13009 }
wolfSSL 13:f67a6c6013ca 13010
wolfSSL 13:f67a6c6013ca 13011 if (ret != WANT_WRITE) {
wolfSSL 13:f67a6c6013ca 13012 /* Clean up the fragment offset. */
wolfSSL 13:f67a6c6013ca 13013 ssl->fragOffset = 0;
wolfSSL 13:f67a6c6013ca 13014 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13015 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13016 ssl->keys.dtls_handshake_number++;
wolfSSL 13:f67a6c6013ca 13017 #endif
wolfSSL 13:f67a6c6013ca 13018 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 13:f67a6c6013ca 13019 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 13:f67a6c6013ca 13020 }
wolfSSL 13:f67a6c6013ca 13021
wolfSSL 13:f67a6c6013ca 13022 return ret;
wolfSSL 13:f67a6c6013ca 13023 }
wolfSSL 13:f67a6c6013ca 13024
wolfSSL 13:f67a6c6013ca 13025
wolfSSL 13:f67a6c6013ca 13026 int SendCertificateRequest(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 13027 {
wolfSSL 13:f67a6c6013ca 13028 byte *output;
wolfSSL 13:f67a6c6013ca 13029 int ret;
wolfSSL 13:f67a6c6013ca 13030 int sendSz;
wolfSSL 13:f67a6c6013ca 13031 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 13032 word32 dnLen = 0;
wolfSSL 13:f67a6c6013ca 13033 #ifdef WOLFSSL_NGINX
wolfSSL 13:f67a6c6013ca 13034 STACK_OF(WOLFSSL_X509_NAME)* names;
wolfSSL 13:f67a6c6013ca 13035 #endif
wolfSSL 13:f67a6c6013ca 13036
wolfSSL 13:f67a6c6013ca 13037 int typeTotal = 1; /* only 1 for now */
wolfSSL 13:f67a6c6013ca 13038 int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL 13:f67a6c6013ca 13039
wolfSSL 13:f67a6c6013ca 13040 if (IsAtLeastTLSv1_2(ssl))
wolfSSL 13:f67a6c6013ca 13041 reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL 13:f67a6c6013ca 13042
wolfSSL 13:f67a6c6013ca 13043 #ifdef WOLFSSL_NGINX
wolfSSL 13:f67a6c6013ca 13044 /* Certificate Authorities */
wolfSSL 13:f67a6c6013ca 13045 names = ssl->ctx->ca_names;
wolfSSL 13:f67a6c6013ca 13046 while (names != NULL) {
wolfSSL 13:f67a6c6013ca 13047 byte seq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 13048
wolfSSL 13:f67a6c6013ca 13049 /* 16-bit length | SEQ | Len | DER of name */
wolfSSL 13:f67a6c6013ca 13050 dnLen += OPAQUE16_LEN + SetSequence(names->data.name->rawLen, seq) +
wolfSSL 13:f67a6c6013ca 13051 names->data.name->rawLen;
wolfSSL 13:f67a6c6013ca 13052 names = names->next;
wolfSSL 13:f67a6c6013ca 13053 }
wolfSSL 13:f67a6c6013ca 13054 reqSz += dnLen;
wolfSSL 13:f67a6c6013ca 13055 #endif
wolfSSL 13:f67a6c6013ca 13056
wolfSSL 13:f67a6c6013ca 13057 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 13:f67a6c6013ca 13058 return 0; /* not needed */
wolfSSL 13:f67a6c6013ca 13059
wolfSSL 13:f67a6c6013ca 13060 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL 13:f67a6c6013ca 13061
wolfSSL 13:f67a6c6013ca 13062 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13063 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 13064 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 13065 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 13066 }
wolfSSL 13:f67a6c6013ca 13067 #endif
wolfSSL 13:f67a6c6013ca 13068 /* check for available size */
wolfSSL 13:f67a6c6013ca 13069 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 13070 return ret;
wolfSSL 13:f67a6c6013ca 13071
wolfSSL 13:f67a6c6013ca 13072 /* get output buffer */
wolfSSL 13:f67a6c6013ca 13073 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 13074 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 13075
wolfSSL 13:f67a6c6013ca 13076 AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL 13:f67a6c6013ca 13077
wolfSSL 13:f67a6c6013ca 13078 /* write to output */
wolfSSL 13:f67a6c6013ca 13079 output[i++] = (byte)typeTotal; /* # of types */
wolfSSL 13:f67a6c6013ca 13080 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 13081 if ((ssl->options.cipherSuite0 == ECC_BYTE ||
wolfSSL 13:f67a6c6013ca 13082 ssl->options.cipherSuite0 == CHACHA_BYTE) &&
wolfSSL 13:f67a6c6013ca 13083 ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 13084 output[i++] = ecdsa_sign;
wolfSSL 13:f67a6c6013ca 13085 } else
wolfSSL 13:f67a6c6013ca 13086 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 13087 {
wolfSSL 13:f67a6c6013ca 13088 output[i++] = rsa_sign;
wolfSSL 13:f67a6c6013ca 13089 }
wolfSSL 13:f67a6c6013ca 13090
wolfSSL 13:f67a6c6013ca 13091 /* supported hash/sig */
wolfSSL 13:f67a6c6013ca 13092 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 13093 c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL 13:f67a6c6013ca 13094 i += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 13095
wolfSSL 13:f67a6c6013ca 13096 XMEMCPY(&output[i],
wolfSSL 13:f67a6c6013ca 13097 ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL 13:f67a6c6013ca 13098 i += ssl->suites->hashSigAlgoSz;
wolfSSL 13:f67a6c6013ca 13099 }
wolfSSL 13:f67a6c6013ca 13100
wolfSSL 13:f67a6c6013ca 13101 /* Certificate Authorities */
wolfSSL 13:f67a6c6013ca 13102 c16toa((word16)dnLen, &output[i]); /* auth's */
wolfSSL 13:f67a6c6013ca 13103 i += REQ_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 13104 #ifdef WOLFSSL_NGINX
wolfSSL 13:f67a6c6013ca 13105 names = ssl->ctx->ca_names;
wolfSSL 13:f67a6c6013ca 13106 while (names != NULL) {
wolfSSL 13:f67a6c6013ca 13107 byte seq[MAX_SEQ_SZ];
wolfSSL 13:f67a6c6013ca 13108
wolfSSL 13:f67a6c6013ca 13109 c16toa(names->data.name->rawLen +
wolfSSL 13:f67a6c6013ca 13110 SetSequence(names->data.name->rawLen, seq), &output[i]);
wolfSSL 13:f67a6c6013ca 13111 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 13112 i += SetSequence(names->data.name->rawLen, output + i);
wolfSSL 13:f67a6c6013ca 13113 XMEMCPY(output + i, names->data.name->raw, names->data.name->rawLen);
wolfSSL 13:f67a6c6013ca 13114 i += names->data.name->rawLen;
wolfSSL 13:f67a6c6013ca 13115 names = names->next;
wolfSSL 13:f67a6c6013ca 13116 }
wolfSSL 13:f67a6c6013ca 13117 #endif
wolfSSL 13:f67a6c6013ca 13118 (void)i;
wolfSSL 13:f67a6c6013ca 13119
wolfSSL 13:f67a6c6013ca 13120 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13121 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 13122 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 13123 return ret;
wolfSSL 13:f67a6c6013ca 13124 }
wolfSSL 13:f67a6c6013ca 13125 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13126 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 13127 #endif
wolfSSL 13:f67a6c6013ca 13128
wolfSSL 13:f67a6c6013ca 13129 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 13130 if (ret != 0)
wolfSSL 13:f67a6c6013ca 13131 return ret;
wolfSSL 13:f67a6c6013ca 13132
wolfSSL 13:f67a6c6013ca 13133 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 13134 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 13135 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 13136 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 13137 AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
wolfSSL 13:f67a6c6013ca 13138 sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 13139 #endif
wolfSSL 13:f67a6c6013ca 13140 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 13141 if (ssl->options.groupMessages)
wolfSSL 13:f67a6c6013ca 13142 return 0;
wolfSSL 13:f67a6c6013ca 13143 else
wolfSSL 13:f67a6c6013ca 13144 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 13145 }
wolfSSL 13:f67a6c6013ca 13146
wolfSSL 13:f67a6c6013ca 13147 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 13148 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 13:f67a6c6013ca 13149 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 13150 static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
wolfSSL 13:f67a6c6013ca 13151 byte count)
wolfSSL 13:f67a6c6013ca 13152 {
wolfSSL 13:f67a6c6013ca 13153 byte* output = NULL;
wolfSSL 13:f67a6c6013ca 13154 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 13155 word32 length = ENUM_LEN;
wolfSSL 13:f67a6c6013ca 13156 int sendSz = 0;
wolfSSL 13:f67a6c6013ca 13157 int ret = 0;
wolfSSL 13:f67a6c6013ca 13158 int i = 0;
wolfSSL 13:f67a6c6013ca 13159
wolfSSL 13:f67a6c6013ca 13160 WOLFSSL_ENTER("BuildCertificateStatus");
wolfSSL 13:f67a6c6013ca 13161
wolfSSL 13:f67a6c6013ca 13162 switch (type) {
wolfSSL 13:f67a6c6013ca 13163 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 13:f67a6c6013ca 13164 length += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 13165 FALL_THROUGH; /* followed by */
wolfSSL 13:f67a6c6013ca 13166
wolfSSL 13:f67a6c6013ca 13167 case WOLFSSL_CSR2_OCSP:
wolfSSL 13:f67a6c6013ca 13168 for (i = 0; i < count; i++)
wolfSSL 13:f67a6c6013ca 13169 length += OPAQUE24_LEN + status[i].length;
wolfSSL 13:f67a6c6013ca 13170 break;
wolfSSL 13:f67a6c6013ca 13171
wolfSSL 13:f67a6c6013ca 13172 default:
wolfSSL 13:f67a6c6013ca 13173 return 0;
wolfSSL 13:f67a6c6013ca 13174 }
wolfSSL 13:f67a6c6013ca 13175
wolfSSL 13:f67a6c6013ca 13176 sendSz = idx + length;
wolfSSL 13:f67a6c6013ca 13177
wolfSSL 13:f67a6c6013ca 13178 if (ssl->keys.encryptionOn)
wolfSSL 13:f67a6c6013ca 13179 sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 13180
wolfSSL 13:f67a6c6013ca 13181 if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
wolfSSL 13:f67a6c6013ca 13182 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 13183 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 13184
wolfSSL 13:f67a6c6013ca 13185 AddHeaders(output, length, certificate_status, ssl);
wolfSSL 13:f67a6c6013ca 13186
wolfSSL 13:f67a6c6013ca 13187 output[idx++] = type;
wolfSSL 13:f67a6c6013ca 13188
wolfSSL 13:f67a6c6013ca 13189 if (type == WOLFSSL_CSR2_OCSP_MULTI) {
wolfSSL 13:f67a6c6013ca 13190 c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
wolfSSL 13:f67a6c6013ca 13191 idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 13192 }
wolfSSL 13:f67a6c6013ca 13193
wolfSSL 13:f67a6c6013ca 13194 for (i = 0; i < count; i++) {
wolfSSL 13:f67a6c6013ca 13195 c32to24(status[i].length, output + idx);
wolfSSL 13:f67a6c6013ca 13196 idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 13197
wolfSSL 13:f67a6c6013ca 13198 XMEMCPY(output + idx, status[i].buffer, status[i].length);
wolfSSL 13:f67a6c6013ca 13199 idx += status[i].length;
wolfSSL 13:f67a6c6013ca 13200 }
wolfSSL 13:f67a6c6013ca 13201
wolfSSL 13:f67a6c6013ca 13202 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 13203 byte* input;
wolfSSL 13:f67a6c6013ca 13204 int inputSz = idx - RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 13205
wolfSSL 13:f67a6c6013ca 13206 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 13207 if (input == NULL)
wolfSSL 13:f67a6c6013ca 13208 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 13209
wolfSSL 13:f67a6c6013ca 13210 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 13:f67a6c6013ca 13211 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 13:f67a6c6013ca 13212 handshake, 1, 0, 0);
wolfSSL 13:f67a6c6013ca 13213 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 13214
wolfSSL 13:f67a6c6013ca 13215 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 13216 ret = sendSz;
wolfSSL 13:f67a6c6013ca 13217 }
wolfSSL 13:f67a6c6013ca 13218 else {
wolfSSL 13:f67a6c6013ca 13219 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13220 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13221 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 13222 #endif
wolfSSL 13:f67a6c6013ca 13223 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 13224 }
wolfSSL 13:f67a6c6013ca 13225
wolfSSL 13:f67a6c6013ca 13226 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13227 if (ret == 0 && IsDtlsNotSctpMode(ssl))
wolfSSL 13:f67a6c6013ca 13228 ret = DtlsMsgPoolSave(ssl, output, sendSz);
wolfSSL 13:f67a6c6013ca 13229 #endif
wolfSSL 13:f67a6c6013ca 13230
wolfSSL 13:f67a6c6013ca 13231 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 13232 if (ret == 0 && ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 13233 AddPacketName("CertificateStatus", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 13234 if (ret == 0 && ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 13235 AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output,
wolfSSL 13:f67a6c6013ca 13236 sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 13237 #endif
wolfSSL 13:f67a6c6013ca 13238
wolfSSL 13:f67a6c6013ca 13239 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13240 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 13241 if (!ssl->options.groupMessages)
wolfSSL 13:f67a6c6013ca 13242 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 13243 }
wolfSSL 13:f67a6c6013ca 13244 }
wolfSSL 13:f67a6c6013ca 13245
wolfSSL 13:f67a6c6013ca 13246 WOLFSSL_LEAVE("BuildCertificateStatus", ret);
wolfSSL 13:f67a6c6013ca 13247 return ret;
wolfSSL 13:f67a6c6013ca 13248 }
wolfSSL 13:f67a6c6013ca 13249 #endif
wolfSSL 13:f67a6c6013ca 13250 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 13251
wolfSSL 13:f67a6c6013ca 13252
wolfSSL 13:f67a6c6013ca 13253 int SendCertificateStatus(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 13254 {
wolfSSL 13:f67a6c6013ca 13255 int ret = 0;
wolfSSL 13:f67a6c6013ca 13256 byte status_type = 0;
wolfSSL 13:f67a6c6013ca 13257
wolfSSL 13:f67a6c6013ca 13258 WOLFSSL_ENTER("SendCertificateStatus");
wolfSSL 13:f67a6c6013ca 13259
wolfSSL 13:f67a6c6013ca 13260 (void) ssl;
wolfSSL 13:f67a6c6013ca 13261
wolfSSL 13:f67a6c6013ca 13262 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 13:f67a6c6013ca 13263 status_type = ssl->status_request;
wolfSSL 13:f67a6c6013ca 13264 #endif
wolfSSL 13:f67a6c6013ca 13265
wolfSSL 13:f67a6c6013ca 13266 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 13267 status_type = status_type ? status_type : ssl->status_request_v2;
wolfSSL 13:f67a6c6013ca 13268 #endif
wolfSSL 13:f67a6c6013ca 13269
wolfSSL 13:f67a6c6013ca 13270 switch (status_type) {
wolfSSL 13:f67a6c6013ca 13271
wolfSSL 13:f67a6c6013ca 13272 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 13273 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 13:f67a6c6013ca 13274 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 13:f67a6c6013ca 13275 /* case WOLFSSL_CSR_OCSP: */
wolfSSL 13:f67a6c6013ca 13276 case WOLFSSL_CSR2_OCSP:
wolfSSL 13:f67a6c6013ca 13277 {
wolfSSL 13:f67a6c6013ca 13278 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 13:f67a6c6013ca 13279 buffer response;
wolfSSL 13:f67a6c6013ca 13280
wolfSSL 13:f67a6c6013ca 13281 XMEMSET(&response, 0, sizeof(response));
wolfSSL 13:f67a6c6013ca 13282
wolfSSL 13:f67a6c6013ca 13283 /* unable to fetch status. skip. */
wolfSSL 13:f67a6c6013ca 13284 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 13:f67a6c6013ca 13285 return 0;
wolfSSL 13:f67a6c6013ca 13286
wolfSSL 13:f67a6c6013ca 13287 if (request == NULL || ssl->buffers.weOwnCert) {
wolfSSL 13:f67a6c6013ca 13288 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 13:f67a6c6013ca 13289 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13290 DecodedCert* cert = NULL;
wolfSSL 13:f67a6c6013ca 13291 #else
wolfSSL 13:f67a6c6013ca 13292 DecodedCert cert[1];
wolfSSL 13:f67a6c6013ca 13293 #endif
wolfSSL 13:f67a6c6013ca 13294
wolfSSL 13:f67a6c6013ca 13295 /* unable to fetch status. skip. */
wolfSSL 13:f67a6c6013ca 13296 if (der->buffer == NULL || der->length == 0)
wolfSSL 13:f67a6c6013ca 13297 return 0;
wolfSSL 13:f67a6c6013ca 13298
wolfSSL 13:f67a6c6013ca 13299 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13300 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 13:f67a6c6013ca 13301 DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13302 if (cert == NULL)
wolfSSL 13:f67a6c6013ca 13303 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 13304 #endif
wolfSSL 13:f67a6c6013ca 13305
wolfSSL 13:f67a6c6013ca 13306 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 13:f67a6c6013ca 13307 /* TODO: Setup async support here */
wolfSSL 13:f67a6c6013ca 13308 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 13:f67a6c6013ca 13309 ssl->ctx->cm)) != 0) {
wolfSSL 13:f67a6c6013ca 13310 WOLFSSL_MSG("ParseCert failed");
wolfSSL 13:f67a6c6013ca 13311 }
wolfSSL 13:f67a6c6013ca 13312 else {
wolfSSL 13:f67a6c6013ca 13313 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 13:f67a6c6013ca 13314 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13315 if (request) {
wolfSSL 13:f67a6c6013ca 13316 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 13:f67a6c6013ca 13317 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13318 /* make sure ctx OCSP request is updated */
wolfSSL 13:f67a6c6013ca 13319 if (!ssl->buffers.weOwnCert) {
wolfSSL 13:f67a6c6013ca 13320 wolfSSL_Mutex* ocspLock =
wolfSSL 13:f67a6c6013ca 13321 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 13:f67a6c6013ca 13322 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 13:f67a6c6013ca 13323 if (ssl->ctx->certOcspRequest == NULL)
wolfSSL 13:f67a6c6013ca 13324 ssl->ctx->certOcspRequest = request;
wolfSSL 13:f67a6c6013ca 13325 wc_UnLockMutex(ocspLock);
wolfSSL 13:f67a6c6013ca 13326 }
wolfSSL 13:f67a6c6013ca 13327 }
wolfSSL 13:f67a6c6013ca 13328 }
wolfSSL 13:f67a6c6013ca 13329 else {
wolfSSL 13:f67a6c6013ca 13330 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13331 request = NULL;
wolfSSL 13:f67a6c6013ca 13332 }
wolfSSL 13:f67a6c6013ca 13333 }
wolfSSL 13:f67a6c6013ca 13334 else {
wolfSSL 13:f67a6c6013ca 13335 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 13336 }
wolfSSL 13:f67a6c6013ca 13337 }
wolfSSL 13:f67a6c6013ca 13338
wolfSSL 13:f67a6c6013ca 13339 FreeDecodedCert(cert);
wolfSSL 13:f67a6c6013ca 13340
wolfSSL 13:f67a6c6013ca 13341 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13342 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13343 #endif
wolfSSL 13:f67a6c6013ca 13344 }
wolfSSL 13:f67a6c6013ca 13345
wolfSSL 13:f67a6c6013ca 13346 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13347 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 13348 request->ssl = ssl;
wolfSSL 13:f67a6c6013ca 13349 #endif
wolfSSL 13:f67a6c6013ca 13350 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 13:f67a6c6013ca 13351 &response);
wolfSSL 13:f67a6c6013ca 13352
wolfSSL 13:f67a6c6013ca 13353 /* Suppressing, not critical */
wolfSSL 13:f67a6c6013ca 13354 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 13:f67a6c6013ca 13355 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 13:f67a6c6013ca 13356 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 13:f67a6c6013ca 13357 ret = 0;
wolfSSL 13:f67a6c6013ca 13358 }
wolfSSL 13:f67a6c6013ca 13359
wolfSSL 13:f67a6c6013ca 13360 if (response.buffer) {
wolfSSL 13:f67a6c6013ca 13361 if (ret == 0)
wolfSSL 13:f67a6c6013ca 13362 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 13:f67a6c6013ca 13363 &response, 1);
wolfSSL 13:f67a6c6013ca 13364
wolfSSL 13:f67a6c6013ca 13365 XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13366 response.buffer = NULL;
wolfSSL 13:f67a6c6013ca 13367 }
wolfSSL 13:f67a6c6013ca 13368
wolfSSL 13:f67a6c6013ca 13369 }
wolfSSL 13:f67a6c6013ca 13370
wolfSSL 13:f67a6c6013ca 13371 if (request != ssl->ctx->certOcspRequest)
wolfSSL 13:f67a6c6013ca 13372 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13373
wolfSSL 13:f67a6c6013ca 13374 break;
wolfSSL 13:f67a6c6013ca 13375 }
wolfSSL 13:f67a6c6013ca 13376
wolfSSL 13:f67a6c6013ca 13377 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 13:f67a6c6013ca 13378 /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 13:f67a6c6013ca 13379
wolfSSL 13:f67a6c6013ca 13380 #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 13:f67a6c6013ca 13381 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 13:f67a6c6013ca 13382 {
wolfSSL 13:f67a6c6013ca 13383 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 13:f67a6c6013ca 13384 buffer responses[1 + MAX_CHAIN_DEPTH];
wolfSSL 13:f67a6c6013ca 13385 int i = 0;
wolfSSL 13:f67a6c6013ca 13386
wolfSSL 13:f67a6c6013ca 13387 XMEMSET(responses, 0, sizeof(responses));
wolfSSL 13:f67a6c6013ca 13388
wolfSSL 13:f67a6c6013ca 13389 /* unable to fetch status. skip. */
wolfSSL 13:f67a6c6013ca 13390 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 13:f67a6c6013ca 13391 return 0;
wolfSSL 13:f67a6c6013ca 13392
wolfSSL 13:f67a6c6013ca 13393 if (!request || ssl->buffers.weOwnCert) {
wolfSSL 13:f67a6c6013ca 13394 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 13:f67a6c6013ca 13395 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13396 DecodedCert* cert = NULL;
wolfSSL 13:f67a6c6013ca 13397 #else
wolfSSL 13:f67a6c6013ca 13398 DecodedCert cert[1];
wolfSSL 13:f67a6c6013ca 13399 #endif
wolfSSL 13:f67a6c6013ca 13400
wolfSSL 13:f67a6c6013ca 13401 /* unable to fetch status. skip. */
wolfSSL 13:f67a6c6013ca 13402 if (der->buffer == NULL || der->length == 0)
wolfSSL 13:f67a6c6013ca 13403 return 0;
wolfSSL 13:f67a6c6013ca 13404
wolfSSL 13:f67a6c6013ca 13405 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13406 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 13:f67a6c6013ca 13407 DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13408 if (cert == NULL)
wolfSSL 13:f67a6c6013ca 13409 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 13410 #endif
wolfSSL 13:f67a6c6013ca 13411
wolfSSL 13:f67a6c6013ca 13412 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 13:f67a6c6013ca 13413 /* TODO: Setup async support here */
wolfSSL 13:f67a6c6013ca 13414 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 13:f67a6c6013ca 13415 ssl->ctx->cm)) != 0) {
wolfSSL 13:f67a6c6013ca 13416 WOLFSSL_MSG("ParseCert failed");
wolfSSL 13:f67a6c6013ca 13417 }
wolfSSL 13:f67a6c6013ca 13418 else {
wolfSSL 13:f67a6c6013ca 13419 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 13:f67a6c6013ca 13420 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13421 if (request) {
wolfSSL 13:f67a6c6013ca 13422 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 13:f67a6c6013ca 13423 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13424 /* make sure ctx OCSP request is updated */
wolfSSL 13:f67a6c6013ca 13425 if (!ssl->buffers.weOwnCert) {
wolfSSL 13:f67a6c6013ca 13426 wolfSSL_Mutex* ocspLock =
wolfSSL 13:f67a6c6013ca 13427 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 13:f67a6c6013ca 13428 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 13:f67a6c6013ca 13429 if (ssl->ctx->certOcspRequest == NULL)
wolfSSL 13:f67a6c6013ca 13430 ssl->ctx->certOcspRequest = request;
wolfSSL 13:f67a6c6013ca 13431 wc_UnLockMutex(ocspLock);
wolfSSL 13:f67a6c6013ca 13432 }
wolfSSL 13:f67a6c6013ca 13433 }
wolfSSL 13:f67a6c6013ca 13434 }
wolfSSL 13:f67a6c6013ca 13435 else {
wolfSSL 13:f67a6c6013ca 13436 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13437 request = NULL;
wolfSSL 13:f67a6c6013ca 13438 }
wolfSSL 13:f67a6c6013ca 13439 }
wolfSSL 13:f67a6c6013ca 13440 else {
wolfSSL 13:f67a6c6013ca 13441 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 13442 }
wolfSSL 13:f67a6c6013ca 13443 }
wolfSSL 13:f67a6c6013ca 13444
wolfSSL 13:f67a6c6013ca 13445 FreeDecodedCert(cert);
wolfSSL 13:f67a6c6013ca 13446
wolfSSL 13:f67a6c6013ca 13447 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13448 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13449 #endif
wolfSSL 13:f67a6c6013ca 13450 }
wolfSSL 13:f67a6c6013ca 13451
wolfSSL 13:f67a6c6013ca 13452 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13453 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 13454 request->ssl = ssl;
wolfSSL 13:f67a6c6013ca 13455 #endif
wolfSSL 13:f67a6c6013ca 13456 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 13:f67a6c6013ca 13457 &responses[0]);
wolfSSL 13:f67a6c6013ca 13458
wolfSSL 13:f67a6c6013ca 13459 /* Suppressing, not critical */
wolfSSL 13:f67a6c6013ca 13460 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 13:f67a6c6013ca 13461 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 13:f67a6c6013ca 13462 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 13:f67a6c6013ca 13463 ret = 0;
wolfSSL 13:f67a6c6013ca 13464 }
wolfSSL 13:f67a6c6013ca 13465 }
wolfSSL 13:f67a6c6013ca 13466
wolfSSL 13:f67a6c6013ca 13467 if (request != ssl->ctx->certOcspRequest)
wolfSSL 13:f67a6c6013ca 13468 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13469
wolfSSL 13:f67a6c6013ca 13470 if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
wolfSSL 13:f67a6c6013ca 13471 || ssl->buffers.weOwnCertChain)) {
wolfSSL 13:f67a6c6013ca 13472 buffer der;
wolfSSL 13:f67a6c6013ca 13473 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 13474 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13475 DecodedCert* cert = NULL;
wolfSSL 13:f67a6c6013ca 13476 #else
wolfSSL 13:f67a6c6013ca 13477 DecodedCert cert[1];
wolfSSL 13:f67a6c6013ca 13478 #endif
wolfSSL 13:f67a6c6013ca 13479
wolfSSL 13:f67a6c6013ca 13480 XMEMSET(&der, 0, sizeof(buffer));
wolfSSL 13:f67a6c6013ca 13481
wolfSSL 13:f67a6c6013ca 13482 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13483 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 13:f67a6c6013ca 13484 DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13485 if (cert == NULL)
wolfSSL 13:f67a6c6013ca 13486 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 13487 #endif
wolfSSL 13:f67a6c6013ca 13488
wolfSSL 13:f67a6c6013ca 13489 while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {
wolfSSL 13:f67a6c6013ca 13490 c24to32(ssl->buffers.certChain->buffer + idx, &der.length);
wolfSSL 13:f67a6c6013ca 13491 idx += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 13492
wolfSSL 13:f67a6c6013ca 13493 der.buffer = ssl->buffers.certChain->buffer + idx;
wolfSSL 13:f67a6c6013ca 13494 idx += der.length;
wolfSSL 13:f67a6c6013ca 13495
wolfSSL 13:f67a6c6013ca 13496 if (idx > ssl->buffers.certChain->length)
wolfSSL 13:f67a6c6013ca 13497 break;
wolfSSL 13:f67a6c6013ca 13498
wolfSSL 13:f67a6c6013ca 13499 InitDecodedCert(cert, der.buffer, der.length, ssl->heap);
wolfSSL 13:f67a6c6013ca 13500 /* TODO: Setup async support here */
wolfSSL 13:f67a6c6013ca 13501 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 13:f67a6c6013ca 13502 ssl->ctx->cm)) != 0) {
wolfSSL 13:f67a6c6013ca 13503 WOLFSSL_MSG("ParseCert failed");
wolfSSL 13:f67a6c6013ca 13504 break;
wolfSSL 13:f67a6c6013ca 13505 }
wolfSSL 13:f67a6c6013ca 13506 else {
wolfSSL 13:f67a6c6013ca 13507 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 13:f67a6c6013ca 13508 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13509 if (request == NULL) {
wolfSSL 13:f67a6c6013ca 13510 FreeDecodedCert(cert);
wolfSSL 13:f67a6c6013ca 13511
wolfSSL 13:f67a6c6013ca 13512 ret = MEMORY_E;
wolfSSL 13:f67a6c6013ca 13513 break;
wolfSSL 13:f67a6c6013ca 13514 }
wolfSSL 13:f67a6c6013ca 13515
wolfSSL 13:f67a6c6013ca 13516 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 13:f67a6c6013ca 13517 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 13518 /* make sure ctx OCSP request is updated */
wolfSSL 13:f67a6c6013ca 13519 if (!ssl->buffers.weOwnCertChain) {
wolfSSL 13:f67a6c6013ca 13520 wolfSSL_Mutex* ocspLock =
wolfSSL 13:f67a6c6013ca 13521 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 13:f67a6c6013ca 13522 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 13:f67a6c6013ca 13523 if (ssl->ctx->chainOcspRequest[i] == NULL)
wolfSSL 13:f67a6c6013ca 13524 ssl->ctx->chainOcspRequest[i] = request;
wolfSSL 13:f67a6c6013ca 13525 wc_UnLockMutex(ocspLock);
wolfSSL 13:f67a6c6013ca 13526 }
wolfSSL 13:f67a6c6013ca 13527 }
wolfSSL 13:f67a6c6013ca 13528 }
wolfSSL 13:f67a6c6013ca 13529 else {
wolfSSL 13:f67a6c6013ca 13530 FreeDecodedCert(cert);
wolfSSL 13:f67a6c6013ca 13531 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13532 request = NULL;
wolfSSL 13:f67a6c6013ca 13533 break;
wolfSSL 13:f67a6c6013ca 13534 }
wolfSSL 13:f67a6c6013ca 13535
wolfSSL 13:f67a6c6013ca 13536 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 13537 request->ssl = ssl;
wolfSSL 13:f67a6c6013ca 13538 #endif
wolfSSL 13:f67a6c6013ca 13539 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 13:f67a6c6013ca 13540 request, &responses[i + 1]);
wolfSSL 13:f67a6c6013ca 13541
wolfSSL 13:f67a6c6013ca 13542 /* Suppressing, not critical */
wolfSSL 13:f67a6c6013ca 13543 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 13:f67a6c6013ca 13544 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 13:f67a6c6013ca 13545 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 13:f67a6c6013ca 13546 ret = 0;
wolfSSL 13:f67a6c6013ca 13547 }
wolfSSL 13:f67a6c6013ca 13548
wolfSSL 13:f67a6c6013ca 13549 if (request != ssl->ctx->chainOcspRequest[i])
wolfSSL 13:f67a6c6013ca 13550 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13551
wolfSSL 13:f67a6c6013ca 13552 i++;
wolfSSL 13:f67a6c6013ca 13553 }
wolfSSL 13:f67a6c6013ca 13554
wolfSSL 13:f67a6c6013ca 13555 FreeDecodedCert(cert);
wolfSSL 13:f67a6c6013ca 13556 }
wolfSSL 13:f67a6c6013ca 13557
wolfSSL 13:f67a6c6013ca 13558 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 13559 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 13:f67a6c6013ca 13560 #endif
wolfSSL 13:f67a6c6013ca 13561 }
wolfSSL 13:f67a6c6013ca 13562 else {
wolfSSL 13:f67a6c6013ca 13563 while (ret == 0 &&
wolfSSL 13:f67a6c6013ca 13564 NULL != (request = ssl->ctx->chainOcspRequest[i])) {
wolfSSL 13:f67a6c6013ca 13565 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 13566 request->ssl = ssl;
wolfSSL 13:f67a6c6013ca 13567 #endif
wolfSSL 13:f67a6c6013ca 13568 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 13:f67a6c6013ca 13569 request, &responses[++i]);
wolfSSL 13:f67a6c6013ca 13570
wolfSSL 13:f67a6c6013ca 13571 /* Suppressing, not critical */
wolfSSL 13:f67a6c6013ca 13572 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 13:f67a6c6013ca 13573 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 13:f67a6c6013ca 13574 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 13:f67a6c6013ca 13575 ret = 0;
wolfSSL 13:f67a6c6013ca 13576 }
wolfSSL 13:f67a6c6013ca 13577 }
wolfSSL 13:f67a6c6013ca 13578 }
wolfSSL 13:f67a6c6013ca 13579
wolfSSL 13:f67a6c6013ca 13580 if (responses[0].buffer) {
wolfSSL 13:f67a6c6013ca 13581 if (ret == 0)
wolfSSL 13:f67a6c6013ca 13582 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 13:f67a6c6013ca 13583 responses, (byte)i + 1);
wolfSSL 13:f67a6c6013ca 13584
wolfSSL 13:f67a6c6013ca 13585 for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
wolfSSL 13:f67a6c6013ca 13586 if (responses[i].buffer)
wolfSSL 13:f67a6c6013ca 13587 XFREE(responses[i].buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 13588 DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 13:f67a6c6013ca 13589 }
wolfSSL 13:f67a6c6013ca 13590
wolfSSL 13:f67a6c6013ca 13591 break;
wolfSSL 13:f67a6c6013ca 13592 }
wolfSSL 13:f67a6c6013ca 13593 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 13:f67a6c6013ca 13594 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 13595
wolfSSL 13:f67a6c6013ca 13596 default:
wolfSSL 13:f67a6c6013ca 13597 break;
wolfSSL 13:f67a6c6013ca 13598 }
wolfSSL 13:f67a6c6013ca 13599
wolfSSL 13:f67a6c6013ca 13600 return ret;
wolfSSL 13:f67a6c6013ca 13601 }
wolfSSL 13:f67a6c6013ca 13602
wolfSSL 13:f67a6c6013ca 13603 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 13604
wolfSSL 13:f67a6c6013ca 13605
wolfSSL 13:f67a6c6013ca 13606 int SendData(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 13:f67a6c6013ca 13607 {
wolfSSL 13:f67a6c6013ca 13608 int sent = 0, /* plainText size */
wolfSSL 13:f67a6c6013ca 13609 sendSz,
wolfSSL 13:f67a6c6013ca 13610 ret,
wolfSSL 13:f67a6c6013ca 13611 dtlsExtra = 0;
wolfSSL 13:f67a6c6013ca 13612
wolfSSL 13:f67a6c6013ca 13613 if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 13614 ssl->error = 0;
wolfSSL 13:f67a6c6013ca 13615
wolfSSL 13:f67a6c6013ca 13616 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13617 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 13618 /* In DTLS mode, we forgive some errors and allow the session
wolfSSL 13:f67a6c6013ca 13619 * to continue despite them. */
wolfSSL 13:f67a6c6013ca 13620 if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR)
wolfSSL 13:f67a6c6013ca 13621 ssl->error = 0;
wolfSSL 13:f67a6c6013ca 13622 }
wolfSSL 13:f67a6c6013ca 13623 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 13624
wolfSSL 13:f67a6c6013ca 13625 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 13626 if (ssl->earlyData) {
wolfSSL 13:f67a6c6013ca 13627 if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 13:f67a6c6013ca 13628 WOLFSSL_MSG("handshake complete, trying to send early data");
wolfSSL 13:f67a6c6013ca 13629 return BUILD_MSG_ERROR;
wolfSSL 13:f67a6c6013ca 13630 }
wolfSSL 13:f67a6c6013ca 13631 }
wolfSSL 13:f67a6c6013ca 13632 else
wolfSSL 13:f67a6c6013ca 13633 #endif
wolfSSL 13:f67a6c6013ca 13634 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 13:f67a6c6013ca 13635 int err;
wolfSSL 13:f67a6c6013ca 13636 WOLFSSL_MSG("handshake not complete, trying to finish");
wolfSSL 13:f67a6c6013ca 13637 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 13:f67a6c6013ca 13638 /* if async would block return WANT_WRITE */
wolfSSL 13:f67a6c6013ca 13639 if (ssl->error == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 13640 return WOLFSSL_CBIO_ERR_WANT_WRITE;
wolfSSL 13:f67a6c6013ca 13641 }
wolfSSL 13:f67a6c6013ca 13642 return err;
wolfSSL 13:f67a6c6013ca 13643 }
wolfSSL 13:f67a6c6013ca 13644 }
wolfSSL 13:f67a6c6013ca 13645
wolfSSL 13:f67a6c6013ca 13646 /* last time system socket output buffer was full, try again to send */
wolfSSL 13:f67a6c6013ca 13647 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 13:f67a6c6013ca 13648 WOLFSSL_MSG("output buffer was full, trying to send again");
wolfSSL 13:f67a6c6013ca 13649 if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL 13:f67a6c6013ca 13650 WOLFSSL_ERROR(ssl->error);
wolfSSL 13:f67a6c6013ca 13651 if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 13:f67a6c6013ca 13652 return 0; /* peer reset */
wolfSSL 13:f67a6c6013ca 13653 return ssl->error;
wolfSSL 13:f67a6c6013ca 13654 }
wolfSSL 13:f67a6c6013ca 13655 else {
wolfSSL 13:f67a6c6013ca 13656 /* advance sent to previous sent + plain size just sent */
wolfSSL 13:f67a6c6013ca 13657 sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL 13:f67a6c6013ca 13658 WOLFSSL_MSG("sent write buffered data");
wolfSSL 13:f67a6c6013ca 13659
wolfSSL 13:f67a6c6013ca 13660 if (sent > sz) {
wolfSSL 13:f67a6c6013ca 13661 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
wolfSSL 13:f67a6c6013ca 13662 return ssl->error = BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 13663 }
wolfSSL 13:f67a6c6013ca 13664 }
wolfSSL 13:f67a6c6013ca 13665 }
wolfSSL 13:f67a6c6013ca 13666
wolfSSL 13:f67a6c6013ca 13667 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13668 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 13669 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 13670 }
wolfSSL 13:f67a6c6013ca 13671 #endif
wolfSSL 13:f67a6c6013ca 13672
wolfSSL 13:f67a6c6013ca 13673 for (;;) {
wolfSSL 13:f67a6c6013ca 13674 int len;
wolfSSL 13:f67a6c6013ca 13675 byte* out;
wolfSSL 13:f67a6c6013ca 13676 byte* sendBuffer = (byte*)data + sent; /* may switch on comp */
wolfSSL 13:f67a6c6013ca 13677 int buffSz; /* may switch on comp */
wolfSSL 13:f67a6c6013ca 13678 int outputSz;
wolfSSL 13:f67a6c6013ca 13679 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 13680 byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 13:f67a6c6013ca 13681 #endif
wolfSSL 13:f67a6c6013ca 13682
wolfSSL 13:f67a6c6013ca 13683 if (sent == sz) break;
wolfSSL 13:f67a6c6013ca 13684
wolfSSL 13:f67a6c6013ca 13685 len = min(sz - sent, OUTPUT_RECORD_SIZE);
wolfSSL 13:f67a6c6013ca 13686 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 13:f67a6c6013ca 13687 len = min(len, ssl->max_fragment);
wolfSSL 13:f67a6c6013ca 13688 #endif
wolfSSL 13:f67a6c6013ca 13689
wolfSSL 13:f67a6c6013ca 13690 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13691 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 13692 len = min(len, MAX_UDP_SIZE);
wolfSSL 13:f67a6c6013ca 13693 }
wolfSSL 13:f67a6c6013ca 13694 #endif
wolfSSL 13:f67a6c6013ca 13695 buffSz = len;
wolfSSL 13:f67a6c6013ca 13696
wolfSSL 13:f67a6c6013ca 13697 /* check for available size */
wolfSSL 13:f67a6c6013ca 13698 outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 13699 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 13:f67a6c6013ca 13700 return ssl->error = ret;
wolfSSL 13:f67a6c6013ca 13701
wolfSSL 13:f67a6c6013ca 13702 /* get output buffer */
wolfSSL 13:f67a6c6013ca 13703 out = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 13704 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 13705
wolfSSL 13:f67a6c6013ca 13706 #ifdef HAVE_LIBZ
wolfSSL 13:f67a6c6013ca 13707 if (ssl->options.usingCompression) {
wolfSSL 13:f67a6c6013ca 13708 buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL 13:f67a6c6013ca 13709 if (buffSz < 0) {
wolfSSL 13:f67a6c6013ca 13710 return buffSz;
wolfSSL 13:f67a6c6013ca 13711 }
wolfSSL 13:f67a6c6013ca 13712 sendBuffer = comp;
wolfSSL 13:f67a6c6013ca 13713 }
wolfSSL 13:f67a6c6013ca 13714 #endif
wolfSSL 13:f67a6c6013ca 13715 if (!ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 13716 sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL 13:f67a6c6013ca 13717 application_data, 0, 0, 1);
wolfSSL 13:f67a6c6013ca 13718 }
wolfSSL 13:f67a6c6013ca 13719 else {
wolfSSL 13:f67a6c6013ca 13720 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 13721 sendSz = BuildTls13Message(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL 13:f67a6c6013ca 13722 application_data, 0, 0, 1);
wolfSSL 13:f67a6c6013ca 13723 #else
wolfSSL 13:f67a6c6013ca 13724 sendSz = BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 13725 #endif
wolfSSL 13:f67a6c6013ca 13726 }
wolfSSL 13:f67a6c6013ca 13727 if (sendSz < 0) {
wolfSSL 13:f67a6c6013ca 13728 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 13729 if (sendSz == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 13730 ssl->error = sendSz;
wolfSSL 13:f67a6c6013ca 13731 #endif
wolfSSL 13:f67a6c6013ca 13732 return BUILD_MSG_ERROR;
wolfSSL 13:f67a6c6013ca 13733 }
wolfSSL 13:f67a6c6013ca 13734
wolfSSL 13:f67a6c6013ca 13735 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 13736
wolfSSL 13:f67a6c6013ca 13737 if ( (ret = SendBuffered(ssl)) < 0) {
wolfSSL 13:f67a6c6013ca 13738 WOLFSSL_ERROR(ret);
wolfSSL 13:f67a6c6013ca 13739 /* store for next call if WANT_WRITE or user embedSend() that
wolfSSL 13:f67a6c6013ca 13740 doesn't present like WANT_WRITE */
wolfSSL 13:f67a6c6013ca 13741 ssl->buffers.plainSz = len;
wolfSSL 13:f67a6c6013ca 13742 ssl->buffers.prevSent = sent;
wolfSSL 13:f67a6c6013ca 13743 if (ret == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 13:f67a6c6013ca 13744 return 0; /* peer reset */
wolfSSL 13:f67a6c6013ca 13745 return ssl->error = ret;
wolfSSL 13:f67a6c6013ca 13746 }
wolfSSL 13:f67a6c6013ca 13747
wolfSSL 13:f67a6c6013ca 13748 sent += len;
wolfSSL 13:f67a6c6013ca 13749
wolfSSL 13:f67a6c6013ca 13750 /* only one message per attempt */
wolfSSL 13:f67a6c6013ca 13751 if (ssl->options.partialWrite == 1) {
wolfSSL 13:f67a6c6013ca 13752 WOLFSSL_MSG("Paritial Write on, only sending one record");
wolfSSL 13:f67a6c6013ca 13753 break;
wolfSSL 13:f67a6c6013ca 13754 }
wolfSSL 13:f67a6c6013ca 13755 }
wolfSSL 13:f67a6c6013ca 13756
wolfSSL 13:f67a6c6013ca 13757 return sent;
wolfSSL 13:f67a6c6013ca 13758 }
wolfSSL 13:f67a6c6013ca 13759
wolfSSL 13:f67a6c6013ca 13760 /* process input data */
wolfSSL 13:f67a6c6013ca 13761 int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
wolfSSL 13:f67a6c6013ca 13762 {
wolfSSL 13:f67a6c6013ca 13763 int size;
wolfSSL 13:f67a6c6013ca 13764
wolfSSL 13:f67a6c6013ca 13765 WOLFSSL_ENTER("ReceiveData()");
wolfSSL 13:f67a6c6013ca 13766
wolfSSL 13:f67a6c6013ca 13767 /* reset error state */
wolfSSL 13:f67a6c6013ca 13768 if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 13769 ssl->error = 0;
wolfSSL 13:f67a6c6013ca 13770 }
wolfSSL 13:f67a6c6013ca 13771
wolfSSL 13:f67a6c6013ca 13772 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13773 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 13774 /* In DTLS mode, we forgive some errors and allow the session
wolfSSL 13:f67a6c6013ca 13775 * to continue despite them. */
wolfSSL 13:f67a6c6013ca 13776 if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR)
wolfSSL 13:f67a6c6013ca 13777 ssl->error = 0;
wolfSSL 13:f67a6c6013ca 13778 }
wolfSSL 13:f67a6c6013ca 13779 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 13780
wolfSSL 13:f67a6c6013ca 13781 if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL 13:f67a6c6013ca 13782 WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
wolfSSL 13:f67a6c6013ca 13783 return ssl->error;
wolfSSL 13:f67a6c6013ca 13784 }
wolfSSL 13:f67a6c6013ca 13785
wolfSSL 13:f67a6c6013ca 13786 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 13787 if (ssl->earlyData) {
wolfSSL 13:f67a6c6013ca 13788 }
wolfSSL 13:f67a6c6013ca 13789 else
wolfSSL 13:f67a6c6013ca 13790 #endif
wolfSSL 13:f67a6c6013ca 13791 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 13:f67a6c6013ca 13792 int err;
wolfSSL 13:f67a6c6013ca 13793 WOLFSSL_MSG("Handshake not complete, trying to finish");
wolfSSL 13:f67a6c6013ca 13794 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 13:f67a6c6013ca 13795 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 13796 /* if async would block return WANT_WRITE */
wolfSSL 13:f67a6c6013ca 13797 if (ssl->error == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 13798 return WOLFSSL_CBIO_ERR_WANT_READ;
wolfSSL 13:f67a6c6013ca 13799 }
wolfSSL 13:f67a6c6013ca 13800 #endif
wolfSSL 13:f67a6c6013ca 13801 return err;
wolfSSL 13:f67a6c6013ca 13802 }
wolfSSL 13:f67a6c6013ca 13803 }
wolfSSL 13:f67a6c6013ca 13804
wolfSSL 13:f67a6c6013ca 13805 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 13806 startScr:
wolfSSL 13:f67a6c6013ca 13807 if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
wolfSSL 13:f67a6c6013ca 13808 int err;
wolfSSL 13:f67a6c6013ca 13809 ssl->secure_renegotiation->startScr = 0; /* only start once */
wolfSSL 13:f67a6c6013ca 13810 WOLFSSL_MSG("Need to start scr, server requested");
wolfSSL 13:f67a6c6013ca 13811 if ( (err = wolfSSL_Rehandshake(ssl)) != SSL_SUCCESS)
wolfSSL 13:f67a6c6013ca 13812 return err;
wolfSSL 13:f67a6c6013ca 13813 }
wolfSSL 13:f67a6c6013ca 13814 #endif
wolfSSL 13:f67a6c6013ca 13815
wolfSSL 13:f67a6c6013ca 13816 while (ssl->buffers.clearOutputBuffer.length == 0) {
wolfSSL 13:f67a6c6013ca 13817 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 13:f67a6c6013ca 13818 WOLFSSL_ERROR(ssl->error);
wolfSSL 13:f67a6c6013ca 13819 if (ssl->error == ZERO_RETURN) {
wolfSSL 13:f67a6c6013ca 13820 WOLFSSL_MSG("Zero return, no more data coming");
wolfSSL 13:f67a6c6013ca 13821 return 0; /* no more data coming */
wolfSSL 13:f67a6c6013ca 13822 }
wolfSSL 13:f67a6c6013ca 13823 if (ssl->error == SOCKET_ERROR_E) {
wolfSSL 13:f67a6c6013ca 13824 if (ssl->options.connReset || ssl->options.isClosed) {
wolfSSL 13:f67a6c6013ca 13825 WOLFSSL_MSG("Peer reset or closed, connection done");
wolfSSL 13:f67a6c6013ca 13826 ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL 13:f67a6c6013ca 13827 WOLFSSL_ERROR(ssl->error);
wolfSSL 13:f67a6c6013ca 13828 return 0; /* peer reset or closed */
wolfSSL 13:f67a6c6013ca 13829 }
wolfSSL 13:f67a6c6013ca 13830 }
wolfSSL 13:f67a6c6013ca 13831 return ssl->error;
wolfSSL 13:f67a6c6013ca 13832 }
wolfSSL 13:f67a6c6013ca 13833 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 13834 if (ssl->secure_renegotiation &&
wolfSSL 13:f67a6c6013ca 13835 ssl->secure_renegotiation->startScr) {
wolfSSL 13:f67a6c6013ca 13836 goto startScr;
wolfSSL 13:f67a6c6013ca 13837 }
wolfSSL 13:f67a6c6013ca 13838 #endif
wolfSSL 13:f67a6c6013ca 13839 }
wolfSSL 13:f67a6c6013ca 13840
wolfSSL 13:f67a6c6013ca 13841 if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL 13:f67a6c6013ca 13842 size = sz;
wolfSSL 13:f67a6c6013ca 13843 else
wolfSSL 13:f67a6c6013ca 13844 size = ssl->buffers.clearOutputBuffer.length;
wolfSSL 13:f67a6c6013ca 13845
wolfSSL 13:f67a6c6013ca 13846 XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL 13:f67a6c6013ca 13847
wolfSSL 13:f67a6c6013ca 13848 if (peek == 0) {
wolfSSL 13:f67a6c6013ca 13849 ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL 13:f67a6c6013ca 13850 ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL 13:f67a6c6013ca 13851 }
wolfSSL 13:f67a6c6013ca 13852
wolfSSL 13:f67a6c6013ca 13853 if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL 13:f67a6c6013ca 13854 ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 13:f67a6c6013ca 13855 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 13:f67a6c6013ca 13856
wolfSSL 13:f67a6c6013ca 13857 WOLFSSL_LEAVE("ReceiveData()", size);
wolfSSL 13:f67a6c6013ca 13858 return size;
wolfSSL 13:f67a6c6013ca 13859 }
wolfSSL 13:f67a6c6013ca 13860
wolfSSL 13:f67a6c6013ca 13861
wolfSSL 13:f67a6c6013ca 13862 /* send alert message */
wolfSSL 13:f67a6c6013ca 13863 int SendAlert(WOLFSSL* ssl, int severity, int type)
wolfSSL 13:f67a6c6013ca 13864 {
wolfSSL 13:f67a6c6013ca 13865 byte input[ALERT_SIZE];
wolfSSL 13:f67a6c6013ca 13866 byte *output;
wolfSSL 13:f67a6c6013ca 13867 int sendSz;
wolfSSL 13:f67a6c6013ca 13868 int ret;
wolfSSL 13:f67a6c6013ca 13869 int outputSz;
wolfSSL 13:f67a6c6013ca 13870 int dtlsExtra = 0;
wolfSSL 13:f67a6c6013ca 13871
wolfSSL 13:f67a6c6013ca 13872 #ifdef HAVE_WRITE_DUP
wolfSSL 13:f67a6c6013ca 13873 if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) {
wolfSSL 13:f67a6c6013ca 13874 int notifyErr = 0;
wolfSSL 13:f67a6c6013ca 13875
wolfSSL 13:f67a6c6013ca 13876 WOLFSSL_MSG("Read dup side cannot write alerts, notifying sibling");
wolfSSL 13:f67a6c6013ca 13877
wolfSSL 13:f67a6c6013ca 13878 if (type == close_notify) {
wolfSSL 13:f67a6c6013ca 13879 notifyErr = ZERO_RETURN;
wolfSSL 13:f67a6c6013ca 13880 } else if (severity == alert_fatal) {
wolfSSL 13:f67a6c6013ca 13881 notifyErr = FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 13882 }
wolfSSL 13:f67a6c6013ca 13883
wolfSSL 13:f67a6c6013ca 13884 if (notifyErr != 0) {
wolfSSL 13:f67a6c6013ca 13885 return NotifyWriteSide(ssl, notifyErr);
wolfSSL 13:f67a6c6013ca 13886 }
wolfSSL 13:f67a6c6013ca 13887
wolfSSL 13:f67a6c6013ca 13888 return 0;
wolfSSL 13:f67a6c6013ca 13889 }
wolfSSL 13:f67a6c6013ca 13890 #endif
wolfSSL 13:f67a6c6013ca 13891
wolfSSL 13:f67a6c6013ca 13892 /* if sendalert is called again for nonblocking */
wolfSSL 13:f67a6c6013ca 13893 if (ssl->options.sendAlertState != 0) {
wolfSSL 13:f67a6c6013ca 13894 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 13895 if (ret == 0)
wolfSSL 13:f67a6c6013ca 13896 ssl->options.sendAlertState = 0;
wolfSSL 13:f67a6c6013ca 13897 return ret;
wolfSSL 13:f67a6c6013ca 13898 }
wolfSSL 13:f67a6c6013ca 13899
wolfSSL 13:f67a6c6013ca 13900 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13901 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13902 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 13903 #endif
wolfSSL 13:f67a6c6013ca 13904
wolfSSL 13:f67a6c6013ca 13905 /* check for available size */
wolfSSL 13:f67a6c6013ca 13906 outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
wolfSSL 13:f67a6c6013ca 13907 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 13:f67a6c6013ca 13908 return ret;
wolfSSL 13:f67a6c6013ca 13909
wolfSSL 13:f67a6c6013ca 13910 /* get output buffer */
wolfSSL 13:f67a6c6013ca 13911 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 13912 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 13913
wolfSSL 13:f67a6c6013ca 13914 input[0] = (byte)severity;
wolfSSL 13:f67a6c6013ca 13915 input[1] = (byte)type;
wolfSSL 13:f67a6c6013ca 13916 ssl->alert_history.last_tx.code = type;
wolfSSL 13:f67a6c6013ca 13917 ssl->alert_history.last_tx.level = severity;
wolfSSL 13:f67a6c6013ca 13918 if (severity == alert_fatal) {
wolfSSL 13:f67a6c6013ca 13919 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 13:f67a6c6013ca 13920 }
wolfSSL 13:f67a6c6013ca 13921
wolfSSL 13:f67a6c6013ca 13922 /* only send encrypted alert if handshake actually complete, otherwise
wolfSSL 13:f67a6c6013ca 13923 other side may not be able to handle it */
wolfSSL 13:f67a6c6013ca 13924 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
wolfSSL 13:f67a6c6013ca 13925 sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,
wolfSSL 13:f67a6c6013ca 13926 alert, 0, 0, 0);
wolfSSL 13:f67a6c6013ca 13927 else {
wolfSSL 13:f67a6c6013ca 13928
wolfSSL 13:f67a6c6013ca 13929 AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL 13:f67a6c6013ca 13930 output += RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 13931 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13932 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13933 output += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 13934 #endif
wolfSSL 13:f67a6c6013ca 13935 XMEMCPY(output, input, ALERT_SIZE);
wolfSSL 13:f67a6c6013ca 13936
wolfSSL 13:f67a6c6013ca 13937 sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL 13:f67a6c6013ca 13938 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 13939 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 13940 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 13941 #endif
wolfSSL 13:f67a6c6013ca 13942 }
wolfSSL 13:f67a6c6013ca 13943 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 13944 return BUILD_MSG_ERROR;
wolfSSL 13:f67a6c6013ca 13945
wolfSSL 13:f67a6c6013ca 13946 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 13947 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 13948 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 13949 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 13950 AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
wolfSSL 13:f67a6c6013ca 13951 #endif
wolfSSL 13:f67a6c6013ca 13952
wolfSSL 13:f67a6c6013ca 13953 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 13954 ssl->options.sendAlertState = 1;
wolfSSL 13:f67a6c6013ca 13955
wolfSSL 13:f67a6c6013ca 13956 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 13957 }
wolfSSL 13:f67a6c6013ca 13958
wolfSSL 13:f67a6c6013ca 13959 const char* wolfSSL_ERR_reason_error_string(unsigned long e)
wolfSSL 13:f67a6c6013ca 13960 {
wolfSSL 13:f67a6c6013ca 13961 #ifdef NO_ERROR_STRINGS
wolfSSL 13:f67a6c6013ca 13962
wolfSSL 13:f67a6c6013ca 13963 (void)e;
wolfSSL 13:f67a6c6013ca 13964 return "no support for error strings built in";
wolfSSL 13:f67a6c6013ca 13965
wolfSSL 13:f67a6c6013ca 13966 #else
wolfSSL 13:f67a6c6013ca 13967
wolfSSL 13:f67a6c6013ca 13968 int error = (int)e;
wolfSSL 13:f67a6c6013ca 13969
wolfSSL 13:f67a6c6013ca 13970 /* pass to wolfCrypt */
wolfSSL 13:f67a6c6013ca 13971 if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL 13:f67a6c6013ca 13972 return wc_GetErrorString(error);
wolfSSL 13:f67a6c6013ca 13973 }
wolfSSL 13:f67a6c6013ca 13974
wolfSSL 13:f67a6c6013ca 13975 switch (error) {
wolfSSL 13:f67a6c6013ca 13976
wolfSSL 13:f67a6c6013ca 13977 case UNSUPPORTED_SUITE :
wolfSSL 13:f67a6c6013ca 13978 return "unsupported cipher suite";
wolfSSL 13:f67a6c6013ca 13979
wolfSSL 13:f67a6c6013ca 13980 case INPUT_CASE_ERROR :
wolfSSL 13:f67a6c6013ca 13981 return "input state error";
wolfSSL 13:f67a6c6013ca 13982
wolfSSL 13:f67a6c6013ca 13983 case PREFIX_ERROR :
wolfSSL 13:f67a6c6013ca 13984 return "bad index to key rounds";
wolfSSL 13:f67a6c6013ca 13985
wolfSSL 13:f67a6c6013ca 13986 case MEMORY_ERROR :
wolfSSL 13:f67a6c6013ca 13987 return "out of memory";
wolfSSL 13:f67a6c6013ca 13988
wolfSSL 13:f67a6c6013ca 13989 case VERIFY_FINISHED_ERROR :
wolfSSL 13:f67a6c6013ca 13990 return "verify problem on finished";
wolfSSL 13:f67a6c6013ca 13991
wolfSSL 13:f67a6c6013ca 13992 case VERIFY_MAC_ERROR :
wolfSSL 13:f67a6c6013ca 13993 return "verify mac problem";
wolfSSL 13:f67a6c6013ca 13994
wolfSSL 13:f67a6c6013ca 13995 case PARSE_ERROR :
wolfSSL 13:f67a6c6013ca 13996 return "parse error on header";
wolfSSL 13:f67a6c6013ca 13997
wolfSSL 13:f67a6c6013ca 13998 case SIDE_ERROR :
wolfSSL 13:f67a6c6013ca 13999 return "wrong client/server type";
wolfSSL 13:f67a6c6013ca 14000
wolfSSL 13:f67a6c6013ca 14001 case NO_PEER_CERT :
wolfSSL 13:f67a6c6013ca 14002 return "peer didn't send cert";
wolfSSL 13:f67a6c6013ca 14003
wolfSSL 13:f67a6c6013ca 14004 case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL 13:f67a6c6013ca 14005 return "weird handshake type";
wolfSSL 13:f67a6c6013ca 14006
wolfSSL 13:f67a6c6013ca 14007 case SOCKET_ERROR_E :
wolfSSL 13:f67a6c6013ca 14008 return "error state on socket";
wolfSSL 13:f67a6c6013ca 14009
wolfSSL 13:f67a6c6013ca 14010 case SOCKET_NODATA :
wolfSSL 13:f67a6c6013ca 14011 return "expected data, not there";
wolfSSL 13:f67a6c6013ca 14012
wolfSSL 13:f67a6c6013ca 14013 case INCOMPLETE_DATA :
wolfSSL 13:f67a6c6013ca 14014 return "don't have enough data to complete task";
wolfSSL 13:f67a6c6013ca 14015
wolfSSL 13:f67a6c6013ca 14016 case UNKNOWN_RECORD_TYPE :
wolfSSL 13:f67a6c6013ca 14017 return "unknown type in record hdr";
wolfSSL 13:f67a6c6013ca 14018
wolfSSL 13:f67a6c6013ca 14019 case DECRYPT_ERROR :
wolfSSL 13:f67a6c6013ca 14020 return "error during decryption";
wolfSSL 13:f67a6c6013ca 14021
wolfSSL 13:f67a6c6013ca 14022 case FATAL_ERROR :
wolfSSL 13:f67a6c6013ca 14023 return "revcd alert fatal error";
wolfSSL 13:f67a6c6013ca 14024
wolfSSL 13:f67a6c6013ca 14025 case ENCRYPT_ERROR :
wolfSSL 13:f67a6c6013ca 14026 return "error during encryption";
wolfSSL 13:f67a6c6013ca 14027
wolfSSL 13:f67a6c6013ca 14028 case FREAD_ERROR :
wolfSSL 13:f67a6c6013ca 14029 return "fread problem";
wolfSSL 13:f67a6c6013ca 14030
wolfSSL 13:f67a6c6013ca 14031 case NO_PEER_KEY :
wolfSSL 13:f67a6c6013ca 14032 return "need peer's key";
wolfSSL 13:f67a6c6013ca 14033
wolfSSL 13:f67a6c6013ca 14034 case NO_PRIVATE_KEY :
wolfSSL 13:f67a6c6013ca 14035 return "need the private key";
wolfSSL 13:f67a6c6013ca 14036
wolfSSL 13:f67a6c6013ca 14037 case NO_DH_PARAMS :
wolfSSL 13:f67a6c6013ca 14038 return "server missing DH params";
wolfSSL 13:f67a6c6013ca 14039
wolfSSL 13:f67a6c6013ca 14040 case RSA_PRIVATE_ERROR :
wolfSSL 13:f67a6c6013ca 14041 return "error during rsa priv op";
wolfSSL 13:f67a6c6013ca 14042
wolfSSL 13:f67a6c6013ca 14043 case MATCH_SUITE_ERROR :
wolfSSL 13:f67a6c6013ca 14044 return "can't match cipher suite";
wolfSSL 13:f67a6c6013ca 14045
wolfSSL 13:f67a6c6013ca 14046 case COMPRESSION_ERROR :
wolfSSL 13:f67a6c6013ca 14047 return "compression mismatch error";
wolfSSL 13:f67a6c6013ca 14048
wolfSSL 13:f67a6c6013ca 14049 case BUILD_MSG_ERROR :
wolfSSL 13:f67a6c6013ca 14050 return "build message failure";
wolfSSL 13:f67a6c6013ca 14051
wolfSSL 13:f67a6c6013ca 14052 case BAD_HELLO :
wolfSSL 13:f67a6c6013ca 14053 return "client hello malformed";
wolfSSL 13:f67a6c6013ca 14054
wolfSSL 13:f67a6c6013ca 14055 case DOMAIN_NAME_MISMATCH :
wolfSSL 13:f67a6c6013ca 14056 return "peer subject name mismatch";
wolfSSL 13:f67a6c6013ca 14057
wolfSSL 13:f67a6c6013ca 14058 case WANT_READ :
wolfSSL 13:f67a6c6013ca 14059 case SSL_ERROR_WANT_READ :
wolfSSL 13:f67a6c6013ca 14060 return "non-blocking socket wants data to be read";
wolfSSL 13:f67a6c6013ca 14061
wolfSSL 13:f67a6c6013ca 14062 case NOT_READY_ERROR :
wolfSSL 13:f67a6c6013ca 14063 return "handshake layer not ready yet, complete first";
wolfSSL 13:f67a6c6013ca 14064
wolfSSL 13:f67a6c6013ca 14065 case PMS_VERSION_ERROR :
wolfSSL 13:f67a6c6013ca 14066 return "premaster secret version mismatch error";
wolfSSL 13:f67a6c6013ca 14067
wolfSSL 13:f67a6c6013ca 14068 case VERSION_ERROR :
wolfSSL 13:f67a6c6013ca 14069 return "record layer version error";
wolfSSL 13:f67a6c6013ca 14070
wolfSSL 13:f67a6c6013ca 14071 case WANT_WRITE :
wolfSSL 13:f67a6c6013ca 14072 case SSL_ERROR_WANT_WRITE :
wolfSSL 13:f67a6c6013ca 14073 return "non-blocking socket write buffer full";
wolfSSL 13:f67a6c6013ca 14074
wolfSSL 13:f67a6c6013ca 14075 case BUFFER_ERROR :
wolfSSL 13:f67a6c6013ca 14076 return "malformed buffer input error";
wolfSSL 13:f67a6c6013ca 14077
wolfSSL 13:f67a6c6013ca 14078 case VERIFY_CERT_ERROR :
wolfSSL 13:f67a6c6013ca 14079 return "verify problem on certificate";
wolfSSL 13:f67a6c6013ca 14080
wolfSSL 13:f67a6c6013ca 14081 case VERIFY_SIGN_ERROR :
wolfSSL 13:f67a6c6013ca 14082 return "verify problem based on signature";
wolfSSL 13:f67a6c6013ca 14083
wolfSSL 13:f67a6c6013ca 14084 case CLIENT_ID_ERROR :
wolfSSL 13:f67a6c6013ca 14085 return "psk client identity error";
wolfSSL 13:f67a6c6013ca 14086
wolfSSL 13:f67a6c6013ca 14087 case SERVER_HINT_ERROR:
wolfSSL 13:f67a6c6013ca 14088 return "psk server hint error";
wolfSSL 13:f67a6c6013ca 14089
wolfSSL 13:f67a6c6013ca 14090 case PSK_KEY_ERROR:
wolfSSL 13:f67a6c6013ca 14091 return "psk key callback error";
wolfSSL 13:f67a6c6013ca 14092
wolfSSL 13:f67a6c6013ca 14093 case NTRU_KEY_ERROR:
wolfSSL 13:f67a6c6013ca 14094 return "NTRU key error";
wolfSSL 13:f67a6c6013ca 14095
wolfSSL 13:f67a6c6013ca 14096 case NTRU_DRBG_ERROR:
wolfSSL 13:f67a6c6013ca 14097 return "NTRU drbg error";
wolfSSL 13:f67a6c6013ca 14098
wolfSSL 13:f67a6c6013ca 14099 case NTRU_ENCRYPT_ERROR:
wolfSSL 13:f67a6c6013ca 14100 return "NTRU encrypt error";
wolfSSL 13:f67a6c6013ca 14101
wolfSSL 13:f67a6c6013ca 14102 case NTRU_DECRYPT_ERROR:
wolfSSL 13:f67a6c6013ca 14103 return "NTRU decrypt error";
wolfSSL 13:f67a6c6013ca 14104
wolfSSL 13:f67a6c6013ca 14105 case ZLIB_INIT_ERROR:
wolfSSL 13:f67a6c6013ca 14106 return "zlib init error";
wolfSSL 13:f67a6c6013ca 14107
wolfSSL 13:f67a6c6013ca 14108 case ZLIB_COMPRESS_ERROR:
wolfSSL 13:f67a6c6013ca 14109 return "zlib compress error";
wolfSSL 13:f67a6c6013ca 14110
wolfSSL 13:f67a6c6013ca 14111 case ZLIB_DECOMPRESS_ERROR:
wolfSSL 13:f67a6c6013ca 14112 return "zlib decompress error";
wolfSSL 13:f67a6c6013ca 14113
wolfSSL 13:f67a6c6013ca 14114 case GETTIME_ERROR:
wolfSSL 13:f67a6c6013ca 14115 return "gettimeofday() error";
wolfSSL 13:f67a6c6013ca 14116
wolfSSL 13:f67a6c6013ca 14117 case GETITIMER_ERROR:
wolfSSL 13:f67a6c6013ca 14118 return "getitimer() error";
wolfSSL 13:f67a6c6013ca 14119
wolfSSL 13:f67a6c6013ca 14120 case SIGACT_ERROR:
wolfSSL 13:f67a6c6013ca 14121 return "sigaction() error";
wolfSSL 13:f67a6c6013ca 14122
wolfSSL 13:f67a6c6013ca 14123 case SETITIMER_ERROR:
wolfSSL 13:f67a6c6013ca 14124 return "setitimer() error";
wolfSSL 13:f67a6c6013ca 14125
wolfSSL 13:f67a6c6013ca 14126 case LENGTH_ERROR:
wolfSSL 13:f67a6c6013ca 14127 return "record layer length error";
wolfSSL 13:f67a6c6013ca 14128
wolfSSL 13:f67a6c6013ca 14129 case PEER_KEY_ERROR:
wolfSSL 13:f67a6c6013ca 14130 return "cant decode peer key";
wolfSSL 13:f67a6c6013ca 14131
wolfSSL 13:f67a6c6013ca 14132 case ZERO_RETURN:
wolfSSL 13:f67a6c6013ca 14133 case SSL_ERROR_ZERO_RETURN:
wolfSSL 13:f67a6c6013ca 14134 return "peer sent close notify alert";
wolfSSL 13:f67a6c6013ca 14135
wolfSSL 13:f67a6c6013ca 14136 case ECC_CURVETYPE_ERROR:
wolfSSL 13:f67a6c6013ca 14137 return "Bad ECC Curve Type or unsupported";
wolfSSL 13:f67a6c6013ca 14138
wolfSSL 13:f67a6c6013ca 14139 case ECC_CURVE_ERROR:
wolfSSL 13:f67a6c6013ca 14140 return "Bad ECC Curve or unsupported";
wolfSSL 13:f67a6c6013ca 14141
wolfSSL 13:f67a6c6013ca 14142 case ECC_PEERKEY_ERROR:
wolfSSL 13:f67a6c6013ca 14143 return "Bad ECC Peer Key";
wolfSSL 13:f67a6c6013ca 14144
wolfSSL 13:f67a6c6013ca 14145 case ECC_MAKEKEY_ERROR:
wolfSSL 13:f67a6c6013ca 14146 return "ECC Make Key failure";
wolfSSL 13:f67a6c6013ca 14147
wolfSSL 13:f67a6c6013ca 14148 case ECC_EXPORT_ERROR:
wolfSSL 13:f67a6c6013ca 14149 return "ECC Export Key failure";
wolfSSL 13:f67a6c6013ca 14150
wolfSSL 13:f67a6c6013ca 14151 case ECC_SHARED_ERROR:
wolfSSL 13:f67a6c6013ca 14152 return "ECC DHE shared failure";
wolfSSL 13:f67a6c6013ca 14153
wolfSSL 13:f67a6c6013ca 14154 case NOT_CA_ERROR:
wolfSSL 13:f67a6c6013ca 14155 return "Not a CA by basic constraint error";
wolfSSL 13:f67a6c6013ca 14156
wolfSSL 13:f67a6c6013ca 14157 case HTTP_TIMEOUT:
wolfSSL 13:f67a6c6013ca 14158 return "HTTP timeout for OCSP or CRL req";
wolfSSL 13:f67a6c6013ca 14159
wolfSSL 13:f67a6c6013ca 14160 case BAD_CERT_MANAGER_ERROR:
wolfSSL 13:f67a6c6013ca 14161 return "Bad Cert Manager error";
wolfSSL 13:f67a6c6013ca 14162
wolfSSL 13:f67a6c6013ca 14163 case OCSP_CERT_REVOKED:
wolfSSL 13:f67a6c6013ca 14164 return "OCSP Cert revoked";
wolfSSL 13:f67a6c6013ca 14165
wolfSSL 13:f67a6c6013ca 14166 case CRL_CERT_REVOKED:
wolfSSL 13:f67a6c6013ca 14167 return "CRL Cert revoked";
wolfSSL 13:f67a6c6013ca 14168
wolfSSL 13:f67a6c6013ca 14169 case CRL_MISSING:
wolfSSL 13:f67a6c6013ca 14170 return "CRL missing, not loaded";
wolfSSL 13:f67a6c6013ca 14171
wolfSSL 13:f67a6c6013ca 14172 case MONITOR_SETUP_E:
wolfSSL 13:f67a6c6013ca 14173 return "CRL monitor setup error";
wolfSSL 13:f67a6c6013ca 14174
wolfSSL 13:f67a6c6013ca 14175 case THREAD_CREATE_E:
wolfSSL 13:f67a6c6013ca 14176 return "Thread creation problem";
wolfSSL 13:f67a6c6013ca 14177
wolfSSL 13:f67a6c6013ca 14178 case OCSP_NEED_URL:
wolfSSL 13:f67a6c6013ca 14179 return "OCSP need URL";
wolfSSL 13:f67a6c6013ca 14180
wolfSSL 13:f67a6c6013ca 14181 case OCSP_CERT_UNKNOWN:
wolfSSL 13:f67a6c6013ca 14182 return "OCSP Cert unknown";
wolfSSL 13:f67a6c6013ca 14183
wolfSSL 13:f67a6c6013ca 14184 case OCSP_LOOKUP_FAIL:
wolfSSL 13:f67a6c6013ca 14185 return "OCSP Responder lookup fail";
wolfSSL 13:f67a6c6013ca 14186
wolfSSL 13:f67a6c6013ca 14187 case MAX_CHAIN_ERROR:
wolfSSL 13:f67a6c6013ca 14188 return "Maximum Chain Depth Exceeded";
wolfSSL 13:f67a6c6013ca 14189
wolfSSL 13:f67a6c6013ca 14190 case COOKIE_ERROR:
wolfSSL 13:f67a6c6013ca 14191 return "DTLS Cookie Error";
wolfSSL 13:f67a6c6013ca 14192
wolfSSL 13:f67a6c6013ca 14193 case SEQUENCE_ERROR:
wolfSSL 13:f67a6c6013ca 14194 return "DTLS Sequence Error";
wolfSSL 13:f67a6c6013ca 14195
wolfSSL 13:f67a6c6013ca 14196 case SUITES_ERROR:
wolfSSL 13:f67a6c6013ca 14197 return "Suites Pointer Error";
wolfSSL 13:f67a6c6013ca 14198
wolfSSL 13:f67a6c6013ca 14199 case SSL_NO_PEM_HEADER:
wolfSSL 13:f67a6c6013ca 14200 return "No PEM Header Error";
wolfSSL 13:f67a6c6013ca 14201
wolfSSL 13:f67a6c6013ca 14202 case OUT_OF_ORDER_E:
wolfSSL 13:f67a6c6013ca 14203 return "Out of order message, fatal";
wolfSSL 13:f67a6c6013ca 14204
wolfSSL 13:f67a6c6013ca 14205 case BAD_KEA_TYPE_E:
wolfSSL 13:f67a6c6013ca 14206 return "Bad KEA type found";
wolfSSL 13:f67a6c6013ca 14207
wolfSSL 13:f67a6c6013ca 14208 case SANITY_CIPHER_E:
wolfSSL 13:f67a6c6013ca 14209 return "Sanity check on ciphertext failed";
wolfSSL 13:f67a6c6013ca 14210
wolfSSL 13:f67a6c6013ca 14211 case RECV_OVERFLOW_E:
wolfSSL 13:f67a6c6013ca 14212 return "Receive callback returned more than requested";
wolfSSL 13:f67a6c6013ca 14213
wolfSSL 13:f67a6c6013ca 14214 case GEN_COOKIE_E:
wolfSSL 13:f67a6c6013ca 14215 return "Generate Cookie Error";
wolfSSL 13:f67a6c6013ca 14216
wolfSSL 13:f67a6c6013ca 14217 case NO_PEER_VERIFY:
wolfSSL 13:f67a6c6013ca 14218 return "Need peer certificate verify Error";
wolfSSL 13:f67a6c6013ca 14219
wolfSSL 13:f67a6c6013ca 14220 case FWRITE_ERROR:
wolfSSL 13:f67a6c6013ca 14221 return "fwrite Error";
wolfSSL 13:f67a6c6013ca 14222
wolfSSL 13:f67a6c6013ca 14223 case CACHE_MATCH_ERROR:
wolfSSL 13:f67a6c6013ca 14224 return "Cache restore header match Error";
wolfSSL 13:f67a6c6013ca 14225
wolfSSL 13:f67a6c6013ca 14226 case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL 13:f67a6c6013ca 14227 return "Unrecognized host name Error";
wolfSSL 13:f67a6c6013ca 14228
wolfSSL 13:f67a6c6013ca 14229 case UNKNOWN_MAX_FRAG_LEN_E:
wolfSSL 13:f67a6c6013ca 14230 return "Unrecognized max frag len Error";
wolfSSL 13:f67a6c6013ca 14231
wolfSSL 13:f67a6c6013ca 14232 case KEYUSE_SIGNATURE_E:
wolfSSL 13:f67a6c6013ca 14233 return "Key Use digitalSignature not set Error";
wolfSSL 13:f67a6c6013ca 14234
wolfSSL 13:f67a6c6013ca 14235 case KEYUSE_ENCIPHER_E:
wolfSSL 13:f67a6c6013ca 14236 return "Key Use keyEncipherment not set Error";
wolfSSL 13:f67a6c6013ca 14237
wolfSSL 13:f67a6c6013ca 14238 case EXTKEYUSE_AUTH_E:
wolfSSL 13:f67a6c6013ca 14239 return "Ext Key Use server/client auth not set Error";
wolfSSL 13:f67a6c6013ca 14240
wolfSSL 13:f67a6c6013ca 14241 case SEND_OOB_READ_E:
wolfSSL 13:f67a6c6013ca 14242 return "Send Callback Out of Bounds Read Error";
wolfSSL 13:f67a6c6013ca 14243
wolfSSL 13:f67a6c6013ca 14244 case SECURE_RENEGOTIATION_E:
wolfSSL 13:f67a6c6013ca 14245 return "Invalid Renegotiation Error";
wolfSSL 13:f67a6c6013ca 14246
wolfSSL 13:f67a6c6013ca 14247 case SESSION_TICKET_LEN_E:
wolfSSL 13:f67a6c6013ca 14248 return "Session Ticket Too Long Error";
wolfSSL 13:f67a6c6013ca 14249
wolfSSL 13:f67a6c6013ca 14250 case SESSION_TICKET_EXPECT_E:
wolfSSL 13:f67a6c6013ca 14251 return "Session Ticket Error";
wolfSSL 13:f67a6c6013ca 14252
wolfSSL 13:f67a6c6013ca 14253 case SCR_DIFFERENT_CERT_E:
wolfSSL 13:f67a6c6013ca 14254 return "Peer sent different cert during SCR";
wolfSSL 13:f67a6c6013ca 14255
wolfSSL 13:f67a6c6013ca 14256 case SESSION_SECRET_CB_E:
wolfSSL 13:f67a6c6013ca 14257 return "Session Secret Callback Error";
wolfSSL 13:f67a6c6013ca 14258
wolfSSL 13:f67a6c6013ca 14259 case NO_CHANGE_CIPHER_E:
wolfSSL 13:f67a6c6013ca 14260 return "Finished received from peer before Change Cipher Error";
wolfSSL 13:f67a6c6013ca 14261
wolfSSL 13:f67a6c6013ca 14262 case SANITY_MSG_E:
wolfSSL 13:f67a6c6013ca 14263 return "Sanity Check on message order Error";
wolfSSL 13:f67a6c6013ca 14264
wolfSSL 13:f67a6c6013ca 14265 case DUPLICATE_MSG_E:
wolfSSL 13:f67a6c6013ca 14266 return "Duplicate HandShake message Error";
wolfSSL 13:f67a6c6013ca 14267
wolfSSL 13:f67a6c6013ca 14268 case SNI_UNSUPPORTED:
wolfSSL 13:f67a6c6013ca 14269 return "Protocol version does not support SNI Error";
wolfSSL 13:f67a6c6013ca 14270
wolfSSL 13:f67a6c6013ca 14271 case SOCKET_PEER_CLOSED_E:
wolfSSL 13:f67a6c6013ca 14272 return "Peer closed underlying transport Error";
wolfSSL 13:f67a6c6013ca 14273
wolfSSL 13:f67a6c6013ca 14274 case BAD_TICKET_KEY_CB_SZ:
wolfSSL 13:f67a6c6013ca 14275 return "Bad user session ticket key callback Size Error";
wolfSSL 13:f67a6c6013ca 14276
wolfSSL 13:f67a6c6013ca 14277 case BAD_TICKET_MSG_SZ:
wolfSSL 13:f67a6c6013ca 14278 return "Bad session ticket message Size Error";
wolfSSL 13:f67a6c6013ca 14279
wolfSSL 13:f67a6c6013ca 14280 case BAD_TICKET_ENCRYPT:
wolfSSL 13:f67a6c6013ca 14281 return "Bad user ticket callback encrypt Error";
wolfSSL 13:f67a6c6013ca 14282
wolfSSL 13:f67a6c6013ca 14283 case DH_KEY_SIZE_E:
wolfSSL 13:f67a6c6013ca 14284 return "DH key too small Error";
wolfSSL 13:f67a6c6013ca 14285
wolfSSL 13:f67a6c6013ca 14286 case SNI_ABSENT_ERROR:
wolfSSL 13:f67a6c6013ca 14287 return "No Server Name Indication extension Error";
wolfSSL 13:f67a6c6013ca 14288
wolfSSL 13:f67a6c6013ca 14289 case RSA_SIGN_FAULT:
wolfSSL 13:f67a6c6013ca 14290 return "RSA Signature Fault Error";
wolfSSL 13:f67a6c6013ca 14291
wolfSSL 13:f67a6c6013ca 14292 case HANDSHAKE_SIZE_ERROR:
wolfSSL 13:f67a6c6013ca 14293 return "Handshake message too large Error";
wolfSSL 13:f67a6c6013ca 14294
wolfSSL 13:f67a6c6013ca 14295 case UNKNOWN_ALPN_PROTOCOL_NAME_E:
wolfSSL 13:f67a6c6013ca 14296 return "Unrecognized protocol name Error";
wolfSSL 13:f67a6c6013ca 14297
wolfSSL 13:f67a6c6013ca 14298 case BAD_CERTIFICATE_STATUS_ERROR:
wolfSSL 13:f67a6c6013ca 14299 return "Bad Certificate Status Message Error";
wolfSSL 13:f67a6c6013ca 14300
wolfSSL 13:f67a6c6013ca 14301 case OCSP_INVALID_STATUS:
wolfSSL 13:f67a6c6013ca 14302 return "Invalid OCSP Status Error";
wolfSSL 13:f67a6c6013ca 14303
wolfSSL 13:f67a6c6013ca 14304 case RSA_KEY_SIZE_E:
wolfSSL 13:f67a6c6013ca 14305 return "RSA key too small";
wolfSSL 13:f67a6c6013ca 14306
wolfSSL 13:f67a6c6013ca 14307 case ECC_KEY_SIZE_E:
wolfSSL 13:f67a6c6013ca 14308 return "ECC key too small";
wolfSSL 13:f67a6c6013ca 14309
wolfSSL 13:f67a6c6013ca 14310 case DTLS_EXPORT_VER_E:
wolfSSL 13:f67a6c6013ca 14311 return "Version needs updated after code change or version mismatch";
wolfSSL 13:f67a6c6013ca 14312
wolfSSL 13:f67a6c6013ca 14313 case INPUT_SIZE_E:
wolfSSL 13:f67a6c6013ca 14314 return "Input size too large Error";
wolfSSL 13:f67a6c6013ca 14315
wolfSSL 13:f67a6c6013ca 14316 case CTX_INIT_MUTEX_E:
wolfSSL 13:f67a6c6013ca 14317 return "Initialize ctx mutex error";
wolfSSL 13:f67a6c6013ca 14318
wolfSSL 13:f67a6c6013ca 14319 case EXT_MASTER_SECRET_NEEDED_E:
wolfSSL 13:f67a6c6013ca 14320 return "Extended Master Secret must be enabled to resume EMS session";
wolfSSL 13:f67a6c6013ca 14321
wolfSSL 13:f67a6c6013ca 14322 case DTLS_POOL_SZ_E:
wolfSSL 13:f67a6c6013ca 14323 return "Maximum DTLS pool size exceeded";
wolfSSL 13:f67a6c6013ca 14324
wolfSSL 13:f67a6c6013ca 14325 case DECODE_E:
wolfSSL 13:f67a6c6013ca 14326 return "Decode handshake message error";
wolfSSL 13:f67a6c6013ca 14327
wolfSSL 13:f67a6c6013ca 14328 case WRITE_DUP_READ_E:
wolfSSL 13:f67a6c6013ca 14329 return "Write dup write side can't read error";
wolfSSL 13:f67a6c6013ca 14330
wolfSSL 13:f67a6c6013ca 14331 case WRITE_DUP_WRITE_E:
wolfSSL 13:f67a6c6013ca 14332 return "Write dup read side can't write error";
wolfSSL 13:f67a6c6013ca 14333
wolfSSL 13:f67a6c6013ca 14334 case INVALID_CERT_CTX_E:
wolfSSL 13:f67a6c6013ca 14335 return "Certificate context does not match request or not empty";
wolfSSL 13:f67a6c6013ca 14336
wolfSSL 13:f67a6c6013ca 14337 case BAD_KEY_SHARE_DATA:
wolfSSL 13:f67a6c6013ca 14338 return "The Key Share data contains group that was in Client Hello";
wolfSSL 13:f67a6c6013ca 14339
wolfSSL 13:f67a6c6013ca 14340 case MISSING_HANDSHAKE_DATA:
wolfSSL 13:f67a6c6013ca 14341 return "The handshake message is missing required data";
wolfSSL 13:f67a6c6013ca 14342
wolfSSL 13:f67a6c6013ca 14343 case BAD_BINDER:
wolfSSL 13:f67a6c6013ca 14344 return "Binder value does not match value server calculated";
wolfSSL 13:f67a6c6013ca 14345
wolfSSL 13:f67a6c6013ca 14346 case EXT_NOT_ALLOWED:
wolfSSL 13:f67a6c6013ca 14347 return "Extension type not allowed in handshake message type";
wolfSSL 13:f67a6c6013ca 14348
wolfSSL 13:f67a6c6013ca 14349 case INVALID_PARAMETER:
wolfSSL 13:f67a6c6013ca 14350 return "The security parameter is invalid";
wolfSSL 13:f67a6c6013ca 14351
wolfSSL 13:f67a6c6013ca 14352 case KEY_SHARE_ERROR:
wolfSSL 13:f67a6c6013ca 14353 return "Key share extension did not contain a valid named group";
wolfSSL 13:f67a6c6013ca 14354
wolfSSL 13:f67a6c6013ca 14355 case POST_HAND_AUTH_ERROR:
wolfSSL 13:f67a6c6013ca 14356 return "Client will not do post handshake authentication";
wolfSSL 13:f67a6c6013ca 14357
wolfSSL 13:f67a6c6013ca 14358 case HRR_COOKIE_ERROR:
wolfSSL 13:f67a6c6013ca 14359 return "Cookie does not match one sent in HelloRetryRequest";
wolfSSL 13:f67a6c6013ca 14360
wolfSSL 13:f67a6c6013ca 14361 case MCAST_HIGHWATER_CB_E:
wolfSSL 13:f67a6c6013ca 14362 return "Multicast highwater callback returned error";
wolfSSL 13:f67a6c6013ca 14363
wolfSSL 13:f67a6c6013ca 14364 case ALERT_COUNT_E:
wolfSSL 13:f67a6c6013ca 14365 return "Alert Count exceeded error";
wolfSSL 13:f67a6c6013ca 14366
wolfSSL 13:f67a6c6013ca 14367 case EXT_MISSING:
wolfSSL 13:f67a6c6013ca 14368 return "Required TLS extension missing";
wolfSSL 13:f67a6c6013ca 14369
wolfSSL 13:f67a6c6013ca 14370 default :
wolfSSL 13:f67a6c6013ca 14371 return "unknown error number";
wolfSSL 13:f67a6c6013ca 14372 }
wolfSSL 13:f67a6c6013ca 14373
wolfSSL 13:f67a6c6013ca 14374 #endif /* NO_ERROR_STRINGS */
wolfSSL 13:f67a6c6013ca 14375 }
wolfSSL 13:f67a6c6013ca 14376
wolfSSL 13:f67a6c6013ca 14377 void SetErrorString(int error, char* str)
wolfSSL 13:f67a6c6013ca 14378 {
wolfSSL 13:f67a6c6013ca 14379 XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
wolfSSL 13:f67a6c6013ca 14380 }
wolfSSL 13:f67a6c6013ca 14381
wolfSSL 13:f67a6c6013ca 14382
wolfSSL 13:f67a6c6013ca 14383 /* be sure to add to cipher_name_idx too !!!! */
wolfSSL 13:f67a6c6013ca 14384 static const char* const cipher_names[] =
wolfSSL 13:f67a6c6013ca 14385 {
wolfSSL 13:f67a6c6013ca 14386 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14387 "RC4-SHA",
wolfSSL 13:f67a6c6013ca 14388 #endif
wolfSSL 13:f67a6c6013ca 14389
wolfSSL 13:f67a6c6013ca 14390 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 13:f67a6c6013ca 14391 "RC4-MD5",
wolfSSL 13:f67a6c6013ca 14392 #endif
wolfSSL 13:f67a6c6013ca 14393
wolfSSL 13:f67a6c6013ca 14394 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14395 "DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14396 #endif
wolfSSL 13:f67a6c6013ca 14397
wolfSSL 13:f67a6c6013ca 14398 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14399 "AES128-SHA",
wolfSSL 13:f67a6c6013ca 14400 #endif
wolfSSL 13:f67a6c6013ca 14401
wolfSSL 13:f67a6c6013ca 14402 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14403 "AES256-SHA",
wolfSSL 13:f67a6c6013ca 14404 #endif
wolfSSL 13:f67a6c6013ca 14405
wolfSSL 13:f67a6c6013ca 14406 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 14407 "NULL-SHA",
wolfSSL 13:f67a6c6013ca 14408 #endif
wolfSSL 13:f67a6c6013ca 14409
wolfSSL 13:f67a6c6013ca 14410 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14411 "NULL-SHA256",
wolfSSL 13:f67a6c6013ca 14412 #endif
wolfSSL 13:f67a6c6013ca 14413
wolfSSL 13:f67a6c6013ca 14414 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14415 "DHE-RSA-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14416 #endif
wolfSSL 13:f67a6c6013ca 14417
wolfSSL 13:f67a6c6013ca 14418 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14419 "DHE-RSA-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14420 #endif
wolfSSL 13:f67a6c6013ca 14421
wolfSSL 13:f67a6c6013ca 14422 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14423 "DHE-PSK-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14424 #endif
wolfSSL 13:f67a6c6013ca 14425
wolfSSL 13:f67a6c6013ca 14426 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14427 "DHE-PSK-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14428 #endif
wolfSSL 13:f67a6c6013ca 14429
wolfSSL 13:f67a6c6013ca 14430 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14431 "PSK-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14432 #endif
wolfSSL 13:f67a6c6013ca 14433
wolfSSL 13:f67a6c6013ca 14434 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14435 "PSK-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14436 #endif
wolfSSL 13:f67a6c6013ca 14437
wolfSSL 13:f67a6c6013ca 14438 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14439 "DHE-PSK-AES256-CBC-SHA384",
wolfSSL 13:f67a6c6013ca 14440 #endif
wolfSSL 13:f67a6c6013ca 14441
wolfSSL 13:f67a6c6013ca 14442 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14443 "DHE-PSK-AES128-CBC-SHA256",
wolfSSL 13:f67a6c6013ca 14444 #endif
wolfSSL 13:f67a6c6013ca 14445
wolfSSL 13:f67a6c6013ca 14446 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14447 "PSK-AES256-CBC-SHA384",
wolfSSL 13:f67a6c6013ca 14448 #endif
wolfSSL 13:f67a6c6013ca 14449
wolfSSL 13:f67a6c6013ca 14450 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14451 "PSK-AES128-CBC-SHA256",
wolfSSL 13:f67a6c6013ca 14452 #endif
wolfSSL 13:f67a6c6013ca 14453
wolfSSL 13:f67a6c6013ca 14454 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14455 "PSK-AES128-CBC-SHA",
wolfSSL 13:f67a6c6013ca 14456 #endif
wolfSSL 13:f67a6c6013ca 14457
wolfSSL 13:f67a6c6013ca 14458 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14459 "PSK-AES256-CBC-SHA",
wolfSSL 13:f67a6c6013ca 14460 #endif
wolfSSL 13:f67a6c6013ca 14461
wolfSSL 13:f67a6c6013ca 14462 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 14463 "DHE-PSK-AES128-CCM",
wolfSSL 13:f67a6c6013ca 14464 #endif
wolfSSL 13:f67a6c6013ca 14465
wolfSSL 13:f67a6c6013ca 14466 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 14467 "DHE-PSK-AES256-CCM",
wolfSSL 13:f67a6c6013ca 14468 #endif
wolfSSL 13:f67a6c6013ca 14469
wolfSSL 13:f67a6c6013ca 14470 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 14471 "PSK-AES128-CCM",
wolfSSL 13:f67a6c6013ca 14472 #endif
wolfSSL 13:f67a6c6013ca 14473
wolfSSL 13:f67a6c6013ca 14474 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 14475 "PSK-AES256-CCM",
wolfSSL 13:f67a6c6013ca 14476 #endif
wolfSSL 13:f67a6c6013ca 14477
wolfSSL 13:f67a6c6013ca 14478 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 14479 "PSK-AES128-CCM-8",
wolfSSL 13:f67a6c6013ca 14480 #endif
wolfSSL 13:f67a6c6013ca 14481
wolfSSL 13:f67a6c6013ca 14482 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 14483 "PSK-AES256-CCM-8",
wolfSSL 13:f67a6c6013ca 14484 #endif
wolfSSL 13:f67a6c6013ca 14485
wolfSSL 13:f67a6c6013ca 14486 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 14487 "DHE-PSK-NULL-SHA384",
wolfSSL 13:f67a6c6013ca 14488 #endif
wolfSSL 13:f67a6c6013ca 14489
wolfSSL 13:f67a6c6013ca 14490 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14491 "DHE-PSK-NULL-SHA256",
wolfSSL 13:f67a6c6013ca 14492 #endif
wolfSSL 13:f67a6c6013ca 14493
wolfSSL 13:f67a6c6013ca 14494 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 14495 "PSK-NULL-SHA384",
wolfSSL 13:f67a6c6013ca 14496 #endif
wolfSSL 13:f67a6c6013ca 14497
wolfSSL 13:f67a6c6013ca 14498 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14499 "PSK-NULL-SHA256",
wolfSSL 13:f67a6c6013ca 14500 #endif
wolfSSL 13:f67a6c6013ca 14501
wolfSSL 13:f67a6c6013ca 14502 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 14503 "PSK-NULL-SHA",
wolfSSL 13:f67a6c6013ca 14504 #endif
wolfSSL 13:f67a6c6013ca 14505
wolfSSL 13:f67a6c6013ca 14506 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 13:f67a6c6013ca 14507 "HC128-MD5",
wolfSSL 13:f67a6c6013ca 14508 #endif
wolfSSL 13:f67a6c6013ca 14509
wolfSSL 13:f67a6c6013ca 14510 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 13:f67a6c6013ca 14511 "HC128-SHA",
wolfSSL 13:f67a6c6013ca 14512 #endif
wolfSSL 13:f67a6c6013ca 14513
wolfSSL 13:f67a6c6013ca 14514 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 13:f67a6c6013ca 14515 "HC128-B2B256",
wolfSSL 13:f67a6c6013ca 14516 #endif
wolfSSL 13:f67a6c6013ca 14517
wolfSSL 13:f67a6c6013ca 14518 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 13:f67a6c6013ca 14519 "AES128-B2B256",
wolfSSL 13:f67a6c6013ca 14520 #endif
wolfSSL 13:f67a6c6013ca 14521
wolfSSL 13:f67a6c6013ca 14522 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 13:f67a6c6013ca 14523 "AES256-B2B256",
wolfSSL 13:f67a6c6013ca 14524 #endif
wolfSSL 13:f67a6c6013ca 14525
wolfSSL 13:f67a6c6013ca 14526 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 13:f67a6c6013ca 14527 "RABBIT-SHA",
wolfSSL 13:f67a6c6013ca 14528 #endif
wolfSSL 13:f67a6c6013ca 14529
wolfSSL 13:f67a6c6013ca 14530 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14531 "NTRU-RC4-SHA",
wolfSSL 13:f67a6c6013ca 14532 #endif
wolfSSL 13:f67a6c6013ca 14533
wolfSSL 13:f67a6c6013ca 14534 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14535 "NTRU-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14536 #endif
wolfSSL 13:f67a6c6013ca 14537
wolfSSL 13:f67a6c6013ca 14538 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14539 "NTRU-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14540 #endif
wolfSSL 13:f67a6c6013ca 14541
wolfSSL 13:f67a6c6013ca 14542 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14543 "NTRU-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14544 #endif
wolfSSL 13:f67a6c6013ca 14545
wolfSSL 13:f67a6c6013ca 14546 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 14547 "AES128-CCM-8",
wolfSSL 13:f67a6c6013ca 14548 #endif
wolfSSL 13:f67a6c6013ca 14549
wolfSSL 13:f67a6c6013ca 14550 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 14551 "AES256-CCM-8",
wolfSSL 13:f67a6c6013ca 14552 #endif
wolfSSL 13:f67a6c6013ca 14553
wolfSSL 13:f67a6c6013ca 14554 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 14555 "ECDHE-ECDSA-AES128-CCM",
wolfSSL 13:f67a6c6013ca 14556 #endif
wolfSSL 13:f67a6c6013ca 14557
wolfSSL 13:f67a6c6013ca 14558 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 14559 "ECDHE-ECDSA-AES128-CCM-8",
wolfSSL 13:f67a6c6013ca 14560 #endif
wolfSSL 13:f67a6c6013ca 14561
wolfSSL 13:f67a6c6013ca 14562 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 14563 "ECDHE-ECDSA-AES256-CCM-8",
wolfSSL 13:f67a6c6013ca 14564 #endif
wolfSSL 13:f67a6c6013ca 14565
wolfSSL 13:f67a6c6013ca 14566 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14567 "ECDHE-RSA-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14568 #endif
wolfSSL 13:f67a6c6013ca 14569
wolfSSL 13:f67a6c6013ca 14570 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14571 "ECDHE-RSA-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14572 #endif
wolfSSL 13:f67a6c6013ca 14573
wolfSSL 13:f67a6c6013ca 14574 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14575 "ECDHE-ECDSA-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14576 #endif
wolfSSL 13:f67a6c6013ca 14577
wolfSSL 13:f67a6c6013ca 14578 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14579 "ECDHE-ECDSA-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14580 #endif
wolfSSL 13:f67a6c6013ca 14581
wolfSSL 13:f67a6c6013ca 14582 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14583 "ECDHE-RSA-RC4-SHA",
wolfSSL 13:f67a6c6013ca 14584 #endif
wolfSSL 13:f67a6c6013ca 14585
wolfSSL 13:f67a6c6013ca 14586 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14587 "ECDHE-RSA-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14588 #endif
wolfSSL 13:f67a6c6013ca 14589
wolfSSL 13:f67a6c6013ca 14590 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14591 "ECDHE-ECDSA-RC4-SHA",
wolfSSL 13:f67a6c6013ca 14592 #endif
wolfSSL 13:f67a6c6013ca 14593
wolfSSL 13:f67a6c6013ca 14594 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14595 "ECDHE-ECDSA-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14596 #endif
wolfSSL 13:f67a6c6013ca 14597
wolfSSL 13:f67a6c6013ca 14598 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14599 "AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14600 #endif
wolfSSL 13:f67a6c6013ca 14601
wolfSSL 13:f67a6c6013ca 14602 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14603 "AES256-SHA256",
wolfSSL 13:f67a6c6013ca 14604 #endif
wolfSSL 13:f67a6c6013ca 14605
wolfSSL 13:f67a6c6013ca 14606 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14607 "DHE-RSA-AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14608 #endif
wolfSSL 13:f67a6c6013ca 14609
wolfSSL 13:f67a6c6013ca 14610 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14611 "DHE-RSA-AES256-SHA256",
wolfSSL 13:f67a6c6013ca 14612 #endif
wolfSSL 13:f67a6c6013ca 14613
wolfSSL 13:f67a6c6013ca 14614 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14615 "ECDH-RSA-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14616 #endif
wolfSSL 13:f67a6c6013ca 14617
wolfSSL 13:f67a6c6013ca 14618 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14619 "ECDH-RSA-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14620 #endif
wolfSSL 13:f67a6c6013ca 14621
wolfSSL 13:f67a6c6013ca 14622 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14623 "ECDH-ECDSA-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14624 #endif
wolfSSL 13:f67a6c6013ca 14625
wolfSSL 13:f67a6c6013ca 14626 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14627 "ECDH-ECDSA-AES256-SHA",
wolfSSL 13:f67a6c6013ca 14628 #endif
wolfSSL 13:f67a6c6013ca 14629
wolfSSL 13:f67a6c6013ca 14630 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14631 "ECDH-RSA-RC4-SHA",
wolfSSL 13:f67a6c6013ca 14632 #endif
wolfSSL 13:f67a6c6013ca 14633
wolfSSL 13:f67a6c6013ca 14634 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14635 "ECDH-RSA-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14636 #endif
wolfSSL 13:f67a6c6013ca 14637
wolfSSL 13:f67a6c6013ca 14638 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14639 "ECDH-ECDSA-RC4-SHA",
wolfSSL 13:f67a6c6013ca 14640 #endif
wolfSSL 13:f67a6c6013ca 14641
wolfSSL 13:f67a6c6013ca 14642 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14643 "ECDH-ECDSA-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14644 #endif
wolfSSL 13:f67a6c6013ca 14645
wolfSSL 13:f67a6c6013ca 14646 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14647 "AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14648 #endif
wolfSSL 13:f67a6c6013ca 14649
wolfSSL 13:f67a6c6013ca 14650 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14651 "AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14652 #endif
wolfSSL 13:f67a6c6013ca 14653
wolfSSL 13:f67a6c6013ca 14654 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14655 "DHE-RSA-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14656 #endif
wolfSSL 13:f67a6c6013ca 14657
wolfSSL 13:f67a6c6013ca 14658 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14659 "DHE-RSA-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14660 #endif
wolfSSL 13:f67a6c6013ca 14661
wolfSSL 13:f67a6c6013ca 14662 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14663 "ECDHE-RSA-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14664 #endif
wolfSSL 13:f67a6c6013ca 14665
wolfSSL 13:f67a6c6013ca 14666 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14667 "ECDHE-RSA-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14668 #endif
wolfSSL 13:f67a6c6013ca 14669
wolfSSL 13:f67a6c6013ca 14670 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14671 "ECDHE-ECDSA-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14672 #endif
wolfSSL 13:f67a6c6013ca 14673
wolfSSL 13:f67a6c6013ca 14674 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14675 "ECDHE-ECDSA-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14676 #endif
wolfSSL 13:f67a6c6013ca 14677
wolfSSL 13:f67a6c6013ca 14678 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14679 "ECDH-RSA-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14680 #endif
wolfSSL 13:f67a6c6013ca 14681
wolfSSL 13:f67a6c6013ca 14682 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14683 "ECDH-RSA-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14684 #endif
wolfSSL 13:f67a6c6013ca 14685
wolfSSL 13:f67a6c6013ca 14686 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14687 "ECDH-ECDSA-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14688 #endif
wolfSSL 13:f67a6c6013ca 14689
wolfSSL 13:f67a6c6013ca 14690 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14691 "ECDH-ECDSA-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14692 #endif
wolfSSL 13:f67a6c6013ca 14693
wolfSSL 13:f67a6c6013ca 14694 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14695 "CAMELLIA128-SHA",
wolfSSL 13:f67a6c6013ca 14696 #endif
wolfSSL 13:f67a6c6013ca 14697
wolfSSL 13:f67a6c6013ca 14698 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14699 "DHE-RSA-CAMELLIA128-SHA",
wolfSSL 13:f67a6c6013ca 14700 #endif
wolfSSL 13:f67a6c6013ca 14701
wolfSSL 13:f67a6c6013ca 14702 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14703 "CAMELLIA256-SHA",
wolfSSL 13:f67a6c6013ca 14704 #endif
wolfSSL 13:f67a6c6013ca 14705
wolfSSL 13:f67a6c6013ca 14706 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14707 "DHE-RSA-CAMELLIA256-SHA",
wolfSSL 13:f67a6c6013ca 14708 #endif
wolfSSL 13:f67a6c6013ca 14709
wolfSSL 13:f67a6c6013ca 14710 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14711 "CAMELLIA128-SHA256",
wolfSSL 13:f67a6c6013ca 14712 #endif
wolfSSL 13:f67a6c6013ca 14713
wolfSSL 13:f67a6c6013ca 14714 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14715 "DHE-RSA-CAMELLIA128-SHA256",
wolfSSL 13:f67a6c6013ca 14716 #endif
wolfSSL 13:f67a6c6013ca 14717
wolfSSL 13:f67a6c6013ca 14718 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14719 "CAMELLIA256-SHA256",
wolfSSL 13:f67a6c6013ca 14720 #endif
wolfSSL 13:f67a6c6013ca 14721
wolfSSL 13:f67a6c6013ca 14722 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14723 "DHE-RSA-CAMELLIA256-SHA256",
wolfSSL 13:f67a6c6013ca 14724 #endif
wolfSSL 13:f67a6c6013ca 14725
wolfSSL 13:f67a6c6013ca 14726 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14727 "ECDHE-RSA-AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14728 #endif
wolfSSL 13:f67a6c6013ca 14729
wolfSSL 13:f67a6c6013ca 14730 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14731 "ECDHE-ECDSA-AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14732 #endif
wolfSSL 13:f67a6c6013ca 14733
wolfSSL 13:f67a6c6013ca 14734 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14735 "ECDH-RSA-AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14736 #endif
wolfSSL 13:f67a6c6013ca 14737
wolfSSL 13:f67a6c6013ca 14738 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14739 "ECDH-ECDSA-AES128-SHA256",
wolfSSL 13:f67a6c6013ca 14740 #endif
wolfSSL 13:f67a6c6013ca 14741
wolfSSL 13:f67a6c6013ca 14742 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14743 "ECDHE-RSA-AES256-SHA384",
wolfSSL 13:f67a6c6013ca 14744 #endif
wolfSSL 13:f67a6c6013ca 14745
wolfSSL 13:f67a6c6013ca 14746 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14747 "ECDHE-ECDSA-AES256-SHA384",
wolfSSL 13:f67a6c6013ca 14748 #endif
wolfSSL 13:f67a6c6013ca 14749
wolfSSL 13:f67a6c6013ca 14750 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14751 "ECDH-RSA-AES256-SHA384",
wolfSSL 13:f67a6c6013ca 14752 #endif
wolfSSL 13:f67a6c6013ca 14753
wolfSSL 13:f67a6c6013ca 14754 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14755 "ECDH-ECDSA-AES256-SHA384",
wolfSSL 13:f67a6c6013ca 14756 #endif
wolfSSL 13:f67a6c6013ca 14757
wolfSSL 13:f67a6c6013ca 14758 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14759 "ECDHE-RSA-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14760 #endif
wolfSSL 13:f67a6c6013ca 14761
wolfSSL 13:f67a6c6013ca 14762 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14763 "ECDHE-ECDSA-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14764 #endif
wolfSSL 13:f67a6c6013ca 14765
wolfSSL 13:f67a6c6013ca 14766 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14767 "DHE-RSA-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14768 #endif
wolfSSL 13:f67a6c6013ca 14769
wolfSSL 13:f67a6c6013ca 14770 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14771 "ECDHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 13:f67a6c6013ca 14772 #endif
wolfSSL 13:f67a6c6013ca 14773
wolfSSL 13:f67a6c6013ca 14774 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14775 "ECDHE-ECDSA-CHACHA20-POLY1305-OLD",
wolfSSL 13:f67a6c6013ca 14776 #endif
wolfSSL 13:f67a6c6013ca 14777
wolfSSL 13:f67a6c6013ca 14778 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14779 "DHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 13:f67a6c6013ca 14780 #endif
wolfSSL 13:f67a6c6013ca 14781
wolfSSL 13:f67a6c6013ca 14782 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14783 "ADH-AES128-SHA",
wolfSSL 13:f67a6c6013ca 14784 #endif
wolfSSL 13:f67a6c6013ca 14785
wolfSSL 13:f67a6c6013ca 14786 #ifdef BUILD_TLS_QSH
wolfSSL 13:f67a6c6013ca 14787 "QSH",
wolfSSL 13:f67a6c6013ca 14788 #endif
wolfSSL 13:f67a6c6013ca 14789
wolfSSL 13:f67a6c6013ca 14790 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 13:f67a6c6013ca 14791 "RENEGOTIATION-INFO",
wolfSSL 13:f67a6c6013ca 14792 #endif
wolfSSL 13:f67a6c6013ca 14793
wolfSSL 13:f67a6c6013ca 14794 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 13:f67a6c6013ca 14795 "IDEA-CBC-SHA",
wolfSSL 13:f67a6c6013ca 14796 #endif
wolfSSL 13:f67a6c6013ca 14797
wolfSSL 13:f67a6c6013ca 14798 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 14799 "ECDHE-ECDSA-NULL-SHA",
wolfSSL 13:f67a6c6013ca 14800 #endif
wolfSSL 13:f67a6c6013ca 14801
wolfSSL 13:f67a6c6013ca 14802 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14803 "ECDHE-PSK-NULL-SHA256",
wolfSSL 13:f67a6c6013ca 14804 #endif
wolfSSL 13:f67a6c6013ca 14805
wolfSSL 13:f67a6c6013ca 14806 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14807 "ECDHE-PSK-AES128-CBC-SHA256",
wolfSSL 13:f67a6c6013ca 14808 #endif
wolfSSL 13:f67a6c6013ca 14809
wolfSSL 13:f67a6c6013ca 14810 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14811 "PSK-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14812 #endif
wolfSSL 13:f67a6c6013ca 14813
wolfSSL 13:f67a6c6013ca 14814 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14815 "ECDHE-PSK-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14816 #endif
wolfSSL 13:f67a6c6013ca 14817
wolfSSL 13:f67a6c6013ca 14818 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14819 "DHE-PSK-CHACHA20-POLY1305",
wolfSSL 13:f67a6c6013ca 14820 #endif
wolfSSL 13:f67a6c6013ca 14821
wolfSSL 13:f67a6c6013ca 14822 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14823 "EDH-RSA-DES-CBC3-SHA",
wolfSSL 13:f67a6c6013ca 14824 #endif
wolfSSL 13:f67a6c6013ca 14825
wolfSSL 13:f67a6c6013ca 14826 #ifdef BUILD_TLS_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14827 "TLS13-AES128-GCM-SHA256",
wolfSSL 13:f67a6c6013ca 14828 #endif
wolfSSL 13:f67a6c6013ca 14829
wolfSSL 13:f67a6c6013ca 14830 #ifdef BUILD_TLS_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14831 "TLS13-AES256-GCM-SHA384",
wolfSSL 13:f67a6c6013ca 14832 #endif
wolfSSL 13:f67a6c6013ca 14833
wolfSSL 13:f67a6c6013ca 14834 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 14835 "TLS13-CHACHA20-POLY1305-SHA256",
wolfSSL 13:f67a6c6013ca 14836 #endif
wolfSSL 13:f67a6c6013ca 14837
wolfSSL 13:f67a6c6013ca 14838 #ifdef BUILD_TLS_AES_128_CCM_SHA256
wolfSSL 13:f67a6c6013ca 14839 "TLS13-AES128-CCM-SHA256",
wolfSSL 13:f67a6c6013ca 14840 #endif
wolfSSL 13:f67a6c6013ca 14841
wolfSSL 13:f67a6c6013ca 14842 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL 13:f67a6c6013ca 14843 "TLS13-AES128-CCM-8-SHA256",
wolfSSL 13:f67a6c6013ca 14844 #endif
wolfSSL 13:f67a6c6013ca 14845
wolfSSL 13:f67a6c6013ca 14846 #ifdef BUILD_WDM_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14847 "WDM-NULL-SHA256",
wolfSSL 13:f67a6c6013ca 14848 #endif
wolfSSL 13:f67a6c6013ca 14849 };
wolfSSL 13:f67a6c6013ca 14850
wolfSSL 13:f67a6c6013ca 14851
wolfSSL 13:f67a6c6013ca 14852 /* cipher suite number that matches above name table */
wolfSSL 13:f67a6c6013ca 14853 static int cipher_name_idx[] =
wolfSSL 13:f67a6c6013ca 14854 {
wolfSSL 13:f67a6c6013ca 14855
wolfSSL 13:f67a6c6013ca 14856 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 14857 SSL_RSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 14858 #endif
wolfSSL 13:f67a6c6013ca 14859
wolfSSL 13:f67a6c6013ca 14860 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 13:f67a6c6013ca 14861 SSL_RSA_WITH_RC4_128_MD5,
wolfSSL 13:f67a6c6013ca 14862 #endif
wolfSSL 13:f67a6c6013ca 14863
wolfSSL 13:f67a6c6013ca 14864 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 14865 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14866 #endif
wolfSSL 13:f67a6c6013ca 14867
wolfSSL 13:f67a6c6013ca 14868 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14869 TLS_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14870 #endif
wolfSSL 13:f67a6c6013ca 14871
wolfSSL 13:f67a6c6013ca 14872 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14873 TLS_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14874 #endif
wolfSSL 13:f67a6c6013ca 14875
wolfSSL 13:f67a6c6013ca 14876 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 14877 TLS_RSA_WITH_NULL_SHA,
wolfSSL 13:f67a6c6013ca 14878 #endif
wolfSSL 13:f67a6c6013ca 14879
wolfSSL 13:f67a6c6013ca 14880 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14881 TLS_RSA_WITH_NULL_SHA256,
wolfSSL 13:f67a6c6013ca 14882 #endif
wolfSSL 13:f67a6c6013ca 14883
wolfSSL 13:f67a6c6013ca 14884 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14885 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14886 #endif
wolfSSL 13:f67a6c6013ca 14887
wolfSSL 13:f67a6c6013ca 14888 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14889 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14890 #endif
wolfSSL 13:f67a6c6013ca 14891
wolfSSL 13:f67a6c6013ca 14892 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14893 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 14894 #endif
wolfSSL 13:f67a6c6013ca 14895
wolfSSL 13:f67a6c6013ca 14896 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14897 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 14898 #endif
wolfSSL 13:f67a6c6013ca 14899
wolfSSL 13:f67a6c6013ca 14900 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 14901 TLS_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 14902 #endif
wolfSSL 13:f67a6c6013ca 14903
wolfSSL 13:f67a6c6013ca 14904 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 14905 TLS_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 14906 #endif
wolfSSL 13:f67a6c6013ca 14907
wolfSSL 13:f67a6c6013ca 14908 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14909 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 14910 #endif
wolfSSL 13:f67a6c6013ca 14911
wolfSSL 13:f67a6c6013ca 14912 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14913 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 14914 #endif
wolfSSL 13:f67a6c6013ca 14915
wolfSSL 13:f67a6c6013ca 14916 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 14917 TLS_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 14918 #endif
wolfSSL 13:f67a6c6013ca 14919
wolfSSL 13:f67a6c6013ca 14920 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 14921 TLS_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 14922 #endif
wolfSSL 13:f67a6c6013ca 14923
wolfSSL 13:f67a6c6013ca 14924 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 14925 TLS_PSK_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14926 #endif
wolfSSL 13:f67a6c6013ca 14927
wolfSSL 13:f67a6c6013ca 14928 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 14929 TLS_PSK_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 14930 #endif
wolfSSL 13:f67a6c6013ca 14931
wolfSSL 13:f67a6c6013ca 14932 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 14933 TLS_DHE_PSK_WITH_AES_128_CCM,
wolfSSL 13:f67a6c6013ca 14934 #endif
wolfSSL 13:f67a6c6013ca 14935
wolfSSL 13:f67a6c6013ca 14936 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 14937 TLS_DHE_PSK_WITH_AES_256_CCM,
wolfSSL 13:f67a6c6013ca 14938 #endif
wolfSSL 13:f67a6c6013ca 14939
wolfSSL 13:f67a6c6013ca 14940 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 14941 TLS_PSK_WITH_AES_128_CCM,
wolfSSL 13:f67a6c6013ca 14942 #endif
wolfSSL 13:f67a6c6013ca 14943
wolfSSL 13:f67a6c6013ca 14944 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 13:f67a6c6013ca 14945 TLS_PSK_WITH_AES_256_CCM,
wolfSSL 13:f67a6c6013ca 14946 #endif
wolfSSL 13:f67a6c6013ca 14947
wolfSSL 13:f67a6c6013ca 14948 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 14949 TLS_PSK_WITH_AES_128_CCM_8,
wolfSSL 13:f67a6c6013ca 14950 #endif
wolfSSL 13:f67a6c6013ca 14951
wolfSSL 13:f67a6c6013ca 14952 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 14953 TLS_PSK_WITH_AES_256_CCM_8,
wolfSSL 13:f67a6c6013ca 14954 #endif
wolfSSL 13:f67a6c6013ca 14955
wolfSSL 13:f67a6c6013ca 14956 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 14957 TLS_DHE_PSK_WITH_NULL_SHA384,
wolfSSL 13:f67a6c6013ca 14958 #endif
wolfSSL 13:f67a6c6013ca 14959
wolfSSL 13:f67a6c6013ca 14960 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14961 TLS_DHE_PSK_WITH_NULL_SHA256,
wolfSSL 13:f67a6c6013ca 14962 #endif
wolfSSL 13:f67a6c6013ca 14963
wolfSSL 13:f67a6c6013ca 14964 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 13:f67a6c6013ca 14965 TLS_PSK_WITH_NULL_SHA384,
wolfSSL 13:f67a6c6013ca 14966 #endif
wolfSSL 13:f67a6c6013ca 14967
wolfSSL 13:f67a6c6013ca 14968 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 14969 TLS_PSK_WITH_NULL_SHA256,
wolfSSL 13:f67a6c6013ca 14970 #endif
wolfSSL 13:f67a6c6013ca 14971
wolfSSL 13:f67a6c6013ca 14972 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 14973 TLS_PSK_WITH_NULL_SHA,
wolfSSL 13:f67a6c6013ca 14974 #endif
wolfSSL 13:f67a6c6013ca 14975
wolfSSL 13:f67a6c6013ca 14976 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 13:f67a6c6013ca 14977 TLS_RSA_WITH_HC_128_MD5,
wolfSSL 13:f67a6c6013ca 14978 #endif
wolfSSL 13:f67a6c6013ca 14979
wolfSSL 13:f67a6c6013ca 14980 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 13:f67a6c6013ca 14981 TLS_RSA_WITH_HC_128_SHA,
wolfSSL 13:f67a6c6013ca 14982 #endif
wolfSSL 13:f67a6c6013ca 14983
wolfSSL 13:f67a6c6013ca 14984 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 13:f67a6c6013ca 14985 TLS_RSA_WITH_HC_128_B2B256,
wolfSSL 13:f67a6c6013ca 14986 #endif
wolfSSL 13:f67a6c6013ca 14987
wolfSSL 13:f67a6c6013ca 14988 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 13:f67a6c6013ca 14989 TLS_RSA_WITH_AES_128_CBC_B2B256,
wolfSSL 13:f67a6c6013ca 14990 #endif
wolfSSL 13:f67a6c6013ca 14991
wolfSSL 13:f67a6c6013ca 14992 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 13:f67a6c6013ca 14993 TLS_RSA_WITH_AES_256_CBC_B2B256,
wolfSSL 13:f67a6c6013ca 14994 #endif
wolfSSL 13:f67a6c6013ca 14995
wolfSSL 13:f67a6c6013ca 14996 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 13:f67a6c6013ca 14997 TLS_RSA_WITH_RABBIT_SHA,
wolfSSL 13:f67a6c6013ca 14998 #endif
wolfSSL 13:f67a6c6013ca 14999
wolfSSL 13:f67a6c6013ca 15000 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 15001 TLS_NTRU_RSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 15002 #endif
wolfSSL 13:f67a6c6013ca 15003
wolfSSL 13:f67a6c6013ca 15004 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15005 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15006 #endif
wolfSSL 13:f67a6c6013ca 15007
wolfSSL 13:f67a6c6013ca 15008 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15009 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15010 #endif
wolfSSL 13:f67a6c6013ca 15011
wolfSSL 13:f67a6c6013ca 15012 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15013 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15014 #endif
wolfSSL 13:f67a6c6013ca 15015
wolfSSL 13:f67a6c6013ca 15016 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 15017 TLS_RSA_WITH_AES_128_CCM_8,
wolfSSL 13:f67a6c6013ca 15018 #endif
wolfSSL 13:f67a6c6013ca 15019
wolfSSL 13:f67a6c6013ca 15020 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 15021 TLS_RSA_WITH_AES_256_CCM_8,
wolfSSL 13:f67a6c6013ca 15022 #endif
wolfSSL 13:f67a6c6013ca 15023
wolfSSL 13:f67a6c6013ca 15024 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 13:f67a6c6013ca 15025 TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
wolfSSL 13:f67a6c6013ca 15026 #endif
wolfSSL 13:f67a6c6013ca 15027
wolfSSL 13:f67a6c6013ca 15028 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 13:f67a6c6013ca 15029 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
wolfSSL 13:f67a6c6013ca 15030 #endif
wolfSSL 13:f67a6c6013ca 15031
wolfSSL 13:f67a6c6013ca 15032 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 13:f67a6c6013ca 15033 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
wolfSSL 13:f67a6c6013ca 15034 #endif
wolfSSL 13:f67a6c6013ca 15035
wolfSSL 13:f67a6c6013ca 15036 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15037 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15038 #endif
wolfSSL 13:f67a6c6013ca 15039
wolfSSL 13:f67a6c6013ca 15040 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15041 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15042 #endif
wolfSSL 13:f67a6c6013ca 15043
wolfSSL 13:f67a6c6013ca 15044 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15045 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15046 #endif
wolfSSL 13:f67a6c6013ca 15047
wolfSSL 13:f67a6c6013ca 15048 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15049 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15050 #endif
wolfSSL 13:f67a6c6013ca 15051
wolfSSL 13:f67a6c6013ca 15052 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 15053 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 15054 #endif
wolfSSL 13:f67a6c6013ca 15055
wolfSSL 13:f67a6c6013ca 15056 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15057 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15058 #endif
wolfSSL 13:f67a6c6013ca 15059
wolfSSL 13:f67a6c6013ca 15060 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 15061 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 15062 #endif
wolfSSL 13:f67a6c6013ca 15063
wolfSSL 13:f67a6c6013ca 15064 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15065 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15066 #endif
wolfSSL 13:f67a6c6013ca 15067
wolfSSL 13:f67a6c6013ca 15068 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15069 TLS_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15070 #endif
wolfSSL 13:f67a6c6013ca 15071
wolfSSL 13:f67a6c6013ca 15072 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15073 TLS_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15074 #endif
wolfSSL 13:f67a6c6013ca 15075
wolfSSL 13:f67a6c6013ca 15076 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15077 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15078 #endif
wolfSSL 13:f67a6c6013ca 15079
wolfSSL 13:f67a6c6013ca 15080 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15081 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15082 #endif
wolfSSL 13:f67a6c6013ca 15083
wolfSSL 13:f67a6c6013ca 15084 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15085 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15086 #endif
wolfSSL 13:f67a6c6013ca 15087
wolfSSL 13:f67a6c6013ca 15088 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15089 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15090 #endif
wolfSSL 13:f67a6c6013ca 15091
wolfSSL 13:f67a6c6013ca 15092 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15093 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15094 #endif
wolfSSL 13:f67a6c6013ca 15095
wolfSSL 13:f67a6c6013ca 15096 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15097 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15098 #endif
wolfSSL 13:f67a6c6013ca 15099
wolfSSL 13:f67a6c6013ca 15100 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 15101 TLS_ECDH_RSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 15102 #endif
wolfSSL 13:f67a6c6013ca 15103
wolfSSL 13:f67a6c6013ca 15104 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15105 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15106 #endif
wolfSSL 13:f67a6c6013ca 15107
wolfSSL 13:f67a6c6013ca 15108 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 13:f67a6c6013ca 15109 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
wolfSSL 13:f67a6c6013ca 15110 #endif
wolfSSL 13:f67a6c6013ca 15111
wolfSSL 13:f67a6c6013ca 15112 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15113 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15114 #endif
wolfSSL 13:f67a6c6013ca 15115
wolfSSL 13:f67a6c6013ca 15116 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15117 TLS_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15118 #endif
wolfSSL 13:f67a6c6013ca 15119
wolfSSL 13:f67a6c6013ca 15120 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15121 TLS_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15122 #endif
wolfSSL 13:f67a6c6013ca 15123
wolfSSL 13:f67a6c6013ca 15124 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15125 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15126 #endif
wolfSSL 13:f67a6c6013ca 15127
wolfSSL 13:f67a6c6013ca 15128 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15129 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15130 #endif
wolfSSL 13:f67a6c6013ca 15131
wolfSSL 13:f67a6c6013ca 15132 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15133 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15134 #endif
wolfSSL 13:f67a6c6013ca 15135
wolfSSL 13:f67a6c6013ca 15136 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15137 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15138 #endif
wolfSSL 13:f67a6c6013ca 15139
wolfSSL 13:f67a6c6013ca 15140 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15141 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15142 #endif
wolfSSL 13:f67a6c6013ca 15143
wolfSSL 13:f67a6c6013ca 15144 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15145 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15146 #endif
wolfSSL 13:f67a6c6013ca 15147
wolfSSL 13:f67a6c6013ca 15148 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15149 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15150 #endif
wolfSSL 13:f67a6c6013ca 15151
wolfSSL 13:f67a6c6013ca 15152 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15153 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15154 #endif
wolfSSL 13:f67a6c6013ca 15155
wolfSSL 13:f67a6c6013ca 15156 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15157 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15158 #endif
wolfSSL 13:f67a6c6013ca 15159
wolfSSL 13:f67a6c6013ca 15160 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15161 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15162 #endif
wolfSSL 13:f67a6c6013ca 15163
wolfSSL 13:f67a6c6013ca 15164 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15165 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15166 #endif
wolfSSL 13:f67a6c6013ca 15167
wolfSSL 13:f67a6c6013ca 15168 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15169 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15170 #endif
wolfSSL 13:f67a6c6013ca 15171
wolfSSL 13:f67a6c6013ca 15172 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15173 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15174 #endif
wolfSSL 13:f67a6c6013ca 15175
wolfSSL 13:f67a6c6013ca 15176 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 13:f67a6c6013ca 15177 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15178 #endif
wolfSSL 13:f67a6c6013ca 15179
wolfSSL 13:f67a6c6013ca 15180 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15181 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15182 #endif
wolfSSL 13:f67a6c6013ca 15183
wolfSSL 13:f67a6c6013ca 15184 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15185 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15186 #endif
wolfSSL 13:f67a6c6013ca 15187
wolfSSL 13:f67a6c6013ca 15188 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15189 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15190 #endif
wolfSSL 13:f67a6c6013ca 15191
wolfSSL 13:f67a6c6013ca 15192 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15193 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15194 #endif
wolfSSL 13:f67a6c6013ca 15195
wolfSSL 13:f67a6c6013ca 15196 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15197 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15198 #endif
wolfSSL 13:f67a6c6013ca 15199
wolfSSL 13:f67a6c6013ca 15200 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15201 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15202 #endif
wolfSSL 13:f67a6c6013ca 15203
wolfSSL 13:f67a6c6013ca 15204 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15205 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15206 #endif
wolfSSL 13:f67a6c6013ca 15207
wolfSSL 13:f67a6c6013ca 15208 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15209 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15210 #endif
wolfSSL 13:f67a6c6013ca 15211
wolfSSL 13:f67a6c6013ca 15212 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 15213 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 15214 #endif
wolfSSL 13:f67a6c6013ca 15215
wolfSSL 13:f67a6c6013ca 15216 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 15217 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 15218 #endif
wolfSSL 13:f67a6c6013ca 15219
wolfSSL 13:f67a6c6013ca 15220 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 15221 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 15222 #endif
wolfSSL 13:f67a6c6013ca 15223
wolfSSL 13:f67a6c6013ca 15224 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 13:f67a6c6013ca 15225 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 13:f67a6c6013ca 15226 #endif
wolfSSL 13:f67a6c6013ca 15227
wolfSSL 13:f67a6c6013ca 15228 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15229 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15230 #endif
wolfSSL 13:f67a6c6013ca 15231
wolfSSL 13:f67a6c6013ca 15232 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15233 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15234 #endif
wolfSSL 13:f67a6c6013ca 15235
wolfSSL 13:f67a6c6013ca 15236 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15237 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15238 #endif
wolfSSL 13:f67a6c6013ca 15239
wolfSSL 13:f67a6c6013ca 15240 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15241 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15242 #endif
wolfSSL 13:f67a6c6013ca 15243
wolfSSL 13:f67a6c6013ca 15244 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15245 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15246 #endif
wolfSSL 13:f67a6c6013ca 15247
wolfSSL 13:f67a6c6013ca 15248 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15249 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15250 #endif
wolfSSL 13:f67a6c6013ca 15251
wolfSSL 13:f67a6c6013ca 15252 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15253 TLS_DH_anon_WITH_AES_128_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15254 #endif
wolfSSL 13:f67a6c6013ca 15255
wolfSSL 13:f67a6c6013ca 15256 #ifdef BUILD_TLS_QSH
wolfSSL 13:f67a6c6013ca 15257 TLS_QSH,
wolfSSL 13:f67a6c6013ca 15258 #endif
wolfSSL 13:f67a6c6013ca 15259
wolfSSL 13:f67a6c6013ca 15260 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 13:f67a6c6013ca 15261 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
wolfSSL 13:f67a6c6013ca 15262 #endif
wolfSSL 13:f67a6c6013ca 15263
wolfSSL 13:f67a6c6013ca 15264 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 13:f67a6c6013ca 15265 SSL_RSA_WITH_IDEA_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15266 #endif
wolfSSL 13:f67a6c6013ca 15267
wolfSSL 13:f67a6c6013ca 15268 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 13:f67a6c6013ca 15269 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
wolfSSL 13:f67a6c6013ca 15270 #endif
wolfSSL 13:f67a6c6013ca 15271
wolfSSL 13:f67a6c6013ca 15272 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 15273 TLS_ECDHE_PSK_WITH_NULL_SHA256,
wolfSSL 13:f67a6c6013ca 15274 #endif
wolfSSL 13:f67a6c6013ca 15275
wolfSSL 13:f67a6c6013ca 15276 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 13:f67a6c6013ca 15277 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 13:f67a6c6013ca 15278 #endif
wolfSSL 13:f67a6c6013ca 15279
wolfSSL 13:f67a6c6013ca 15280 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15281 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15282 #endif
wolfSSL 13:f67a6c6013ca 15283
wolfSSL 13:f67a6c6013ca 15284 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15285 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15286 #endif
wolfSSL 13:f67a6c6013ca 15287
wolfSSL 13:f67a6c6013ca 15288 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15289 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15290 #endif
wolfSSL 13:f67a6c6013ca 15291
wolfSSL 13:f67a6c6013ca 15292 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 13:f67a6c6013ca 15293 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 13:f67a6c6013ca 15294 #endif
wolfSSL 13:f67a6c6013ca 15295
wolfSSL 13:f67a6c6013ca 15296 #ifdef BUILD_TLS_AES_128_GCM_SHA256
wolfSSL 13:f67a6c6013ca 15297 TLS_AES_128_GCM_SHA256,
wolfSSL 13:f67a6c6013ca 15298 #endif
wolfSSL 13:f67a6c6013ca 15299
wolfSSL 13:f67a6c6013ca 15300 #ifdef BUILD_TLS_AES_256_GCM_SHA384
wolfSSL 13:f67a6c6013ca 15301 TLS_AES_256_GCM_SHA384,
wolfSSL 13:f67a6c6013ca 15302 #endif
wolfSSL 13:f67a6c6013ca 15303
wolfSSL 13:f67a6c6013ca 15304 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL 13:f67a6c6013ca 15305 TLS_CHACHA20_POLY1305_SHA256,
wolfSSL 13:f67a6c6013ca 15306 #endif
wolfSSL 13:f67a6c6013ca 15307
wolfSSL 13:f67a6c6013ca 15308 #ifdef BUILD_TLS_AES_128_CCM_SHA256
wolfSSL 13:f67a6c6013ca 15309 TLS_AES_128_CCM_SHA256,
wolfSSL 13:f67a6c6013ca 15310 #endif
wolfSSL 13:f67a6c6013ca 15311
wolfSSL 13:f67a6c6013ca 15312 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL 13:f67a6c6013ca 15313 TLS_AES_128_CCM_8_SHA256,
wolfSSL 13:f67a6c6013ca 15314 #endif
wolfSSL 13:f67a6c6013ca 15315
wolfSSL 13:f67a6c6013ca 15316 #ifdef BUILD_WDM_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 15317 WDM_WITH_NULL_SHA256,
wolfSSL 13:f67a6c6013ca 15318 #endif
wolfSSL 13:f67a6c6013ca 15319 };
wolfSSL 13:f67a6c6013ca 15320
wolfSSL 13:f67a6c6013ca 15321
wolfSSL 13:f67a6c6013ca 15322 /* returns the cipher_names array */
wolfSSL 13:f67a6c6013ca 15323 const char* const* GetCipherNames(void)
wolfSSL 13:f67a6c6013ca 15324 {
wolfSSL 13:f67a6c6013ca 15325 return cipher_names;
wolfSSL 13:f67a6c6013ca 15326 }
wolfSSL 13:f67a6c6013ca 15327
wolfSSL 13:f67a6c6013ca 15328
wolfSSL 13:f67a6c6013ca 15329 /* returns the size of the cipher_names array */
wolfSSL 13:f67a6c6013ca 15330 int GetCipherNamesSize(void)
wolfSSL 13:f67a6c6013ca 15331 {
wolfSSL 13:f67a6c6013ca 15332 return (int)(sizeof(cipher_names) / sizeof(char*));
wolfSSL 13:f67a6c6013ca 15333 }
wolfSSL 13:f67a6c6013ca 15334
wolfSSL 13:f67a6c6013ca 15335 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 13:f67a6c6013ca 15336 const char* GetCipherNameInternal(const char* cipherName, int cipherSuite)
wolfSSL 13:f67a6c6013ca 15337 {
wolfSSL 13:f67a6c6013ca 15338 const char* result = NULL;
wolfSSL 13:f67a6c6013ca 15339 const char* first;
wolfSSL 13:f67a6c6013ca 15340 int i;
wolfSSL 13:f67a6c6013ca 15341
wolfSSL 13:f67a6c6013ca 15342 if (cipherName == NULL) {
wolfSSL 13:f67a6c6013ca 15343 WOLFSSL_MSG("Bad argument");
wolfSSL 13:f67a6c6013ca 15344 return NULL;
wolfSSL 13:f67a6c6013ca 15345 }
wolfSSL 13:f67a6c6013ca 15346
wolfSSL 13:f67a6c6013ca 15347 first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA"
wolfSSL 13:f67a6c6013ca 15348 : (XSTRSTR(cipherName, "EC")) ? "EC"
wolfSSL 13:f67a6c6013ca 15349 : (XSTRSTR(cipherName, "CCM")) ? "CCM"
wolfSSL 13:f67a6c6013ca 15350 : NULL; /* normal */
wolfSSL 13:f67a6c6013ca 15351
wolfSSL 13:f67a6c6013ca 15352 for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) {
wolfSSL 13:f67a6c6013ca 15353 if (cipher_name_idx[i] == cipherSuite) {
wolfSSL 13:f67a6c6013ca 15354 const char* nameFound = cipher_names[i];
wolfSSL 13:f67a6c6013ca 15355
wolfSSL 13:f67a6c6013ca 15356 /* extra sanity check on returned cipher name */
wolfSSL 13:f67a6c6013ca 15357 if (nameFound == NULL) {
wolfSSL 13:f67a6c6013ca 15358 continue;
wolfSSL 13:f67a6c6013ca 15359 }
wolfSSL 13:f67a6c6013ca 15360
wolfSSL 13:f67a6c6013ca 15361 /* if first is null then not any */
wolfSSL 13:f67a6c6013ca 15362 if (first == NULL) {
wolfSSL 13:f67a6c6013ca 15363 if ( !XSTRSTR(nameFound, "CHACHA") &&
wolfSSL 13:f67a6c6013ca 15364 !XSTRSTR(nameFound, "EC") &&
wolfSSL 13:f67a6c6013ca 15365 !XSTRSTR(nameFound, "CCM")) {
wolfSSL 13:f67a6c6013ca 15366 result = nameFound;
wolfSSL 13:f67a6c6013ca 15367 break;
wolfSSL 13:f67a6c6013ca 15368 }
wolfSSL 13:f67a6c6013ca 15369 }
wolfSSL 13:f67a6c6013ca 15370 else if (XSTRSTR(nameFound, first)) {
wolfSSL 13:f67a6c6013ca 15371 result = nameFound;
wolfSSL 13:f67a6c6013ca 15372 break;
wolfSSL 13:f67a6c6013ca 15373 }
wolfSSL 13:f67a6c6013ca 15374 }
wolfSSL 13:f67a6c6013ca 15375 }
wolfSSL 13:f67a6c6013ca 15376
wolfSSL 13:f67a6c6013ca 15377 return result;
wolfSSL 13:f67a6c6013ca 15378 }
wolfSSL 13:f67a6c6013ca 15379
wolfSSL 13:f67a6c6013ca 15380 const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 15381 {
wolfSSL 13:f67a6c6013ca 15382 if (ssl == NULL) {
wolfSSL 13:f67a6c6013ca 15383 WOLFSSL_MSG("Bad argument");
wolfSSL 13:f67a6c6013ca 15384 return NULL;
wolfSSL 13:f67a6c6013ca 15385 }
wolfSSL 13:f67a6c6013ca 15386
wolfSSL 13:f67a6c6013ca 15387 return GetCipherNameInternal(
wolfSSL 13:f67a6c6013ca 15388 wolfSSL_CIPHER_get_name(&ssl->cipher),
wolfSSL 13:f67a6c6013ca 15389 ssl->options.cipherSuite);
wolfSSL 13:f67a6c6013ca 15390 }
wolfSSL 13:f67a6c6013ca 15391
wolfSSL 13:f67a6c6013ca 15392
wolfSSL 13:f67a6c6013ca 15393 const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
wolfSSL 13:f67a6c6013ca 15394 const unsigned char cipherSuite0)
wolfSSL 13:f67a6c6013ca 15395 {
wolfSSL 13:f67a6c6013ca 15396
wolfSSL 13:f67a6c6013ca 15397 WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite");
wolfSSL 13:f67a6c6013ca 15398
wolfSSL 13:f67a6c6013ca 15399 (void)cipherSuite;
wolfSSL 13:f67a6c6013ca 15400 (void)cipherSuite0;
wolfSSL 13:f67a6c6013ca 15401
wolfSSL 13:f67a6c6013ca 15402 #ifndef NO_ERROR_STRINGS
wolfSSL 13:f67a6c6013ca 15403
wolfSSL 13:f67a6c6013ca 15404 #if defined(HAVE_CHACHA)
wolfSSL 13:f67a6c6013ca 15405 if (cipherSuite0 == CHACHA_BYTE) {
wolfSSL 13:f67a6c6013ca 15406 /* ChaCha suites */
wolfSSL 13:f67a6c6013ca 15407 switch (cipherSuite) {
wolfSSL 13:f67a6c6013ca 15408 #ifdef HAVE_POLY1305
wolfSSL 13:f67a6c6013ca 15409 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15410 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15411 return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15412
wolfSSL 13:f67a6c6013ca 15413 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15414 return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15415
wolfSSL 13:f67a6c6013ca 15416 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15417 return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15418
wolfSSL 13:f67a6c6013ca 15419 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15420 return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15421 #endif
wolfSSL 13:f67a6c6013ca 15422 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15423 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15424
wolfSSL 13:f67a6c6013ca 15425 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15426 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15427 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 15428 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15429 return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15430 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15431 return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15432 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15433 return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15434 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 15435 #endif /* HAVE_POLY1305 */
wolfSSL 13:f67a6c6013ca 15436 } /* switch */
wolfSSL 13:f67a6c6013ca 15437 } /* chacha */
wolfSSL 13:f67a6c6013ca 15438 #endif /* HAVE_CHACHA */
wolfSSL 13:f67a6c6013ca 15439
wolfSSL 13:f67a6c6013ca 15440 #if defined(HAVE_ECC) || defined(HAVE_AESCCM)
wolfSSL 13:f67a6c6013ca 15441 /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
wolfSSL 13:f67a6c6013ca 15442 * but the AES-CCM cipher suites also use it, even the ones that
wolfSSL 13:f67a6c6013ca 15443 * aren't ECC. */
wolfSSL 13:f67a6c6013ca 15444 if (cipherSuite0 == ECC_BYTE) {
wolfSSL 13:f67a6c6013ca 15445 /* ECC suites */
wolfSSL 13:f67a6c6013ca 15446 switch (cipherSuite) {
wolfSSL 13:f67a6c6013ca 15447 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 15448 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15449 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15450 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15451 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15452 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15453 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15454 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15455 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15456 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15457 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15458 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15459 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15460 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15461 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15462 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15463 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15464 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15465 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15466 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15467 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15468 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15469 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15470 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15471 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15472 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15473 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15474 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15475 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15476 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15477 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15478 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15479 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15480 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15481 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15482 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15483 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 15484 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15485 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15486 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15487 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15488 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15489 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15490 #endif /* !NO_RC4 */
wolfSSL 13:f67a6c6013ca 15491 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 15492 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15493 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15494 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15495 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15496 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15497 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15498 #endif /* !NO_DES3 */
wolfSSL 13:f67a6c6013ca 15499
wolfSSL 13:f67a6c6013ca 15500 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15501 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15502 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15503 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15504 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15505 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15506 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15507 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15508 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15509 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15510 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 15511 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15512 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15513 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15514 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15515 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15516 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15517 #endif /* !NO_RC4 */
wolfSSL 13:f67a6c6013ca 15518 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 15519 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15520 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15521 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15522 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15523 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15524 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15525 #endif /* !NO_DES3 */
wolfSSL 13:f67a6c6013ca 15526 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 15527
wolfSSL 13:f67a6c6013ca 15528 #ifdef HAVE_AESGCM
wolfSSL 13:f67a6c6013ca 15529 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15530 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15531 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15532 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15533 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15534 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15535 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15536 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15537 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15538 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15539 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15540 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15541 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15542 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15543 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15544 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15545 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15546 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15547 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15548 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15549 #endif /* HAVE_AESGCM */
wolfSSL 13:f67a6c6013ca 15550
wolfSSL 13:f67a6c6013ca 15551 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 15552 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
wolfSSL 13:f67a6c6013ca 15553 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 15554 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 15555 return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
wolfSSL 13:f67a6c6013ca 15556 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15557 return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15558 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 15559 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15560 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 13:f67a6c6013ca 15561 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 13:f67a6c6013ca 15562 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 13:f67a6c6013ca 15563 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 13:f67a6c6013ca 15564 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15565 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 15566 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 13:f67a6c6013ca 15567 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 13:f67a6c6013ca 15568 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 13:f67a6c6013ca 15569 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 13:f67a6c6013ca 15570 case TLS_PSK_WITH_AES_128_CCM :
wolfSSL 13:f67a6c6013ca 15571 return "TLS_PSK_WITH_AES_128_CCM";
wolfSSL 13:f67a6c6013ca 15572 case TLS_PSK_WITH_AES_256_CCM :
wolfSSL 13:f67a6c6013ca 15573 return "TLS_PSK_WITH_AES_256_CCM";
wolfSSL 13:f67a6c6013ca 15574 case TLS_DHE_PSK_WITH_AES_128_CCM :
wolfSSL 13:f67a6c6013ca 15575 return "TLS_DHE_PSK_WITH_AES_128_CCM";
wolfSSL 13:f67a6c6013ca 15576 case TLS_DHE_PSK_WITH_AES_256_CCM :
wolfSSL 13:f67a6c6013ca 15577 return "TLS_DHE_PSK_WITH_AES_256_CCM";
wolfSSL 13:f67a6c6013ca 15578 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 15579 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 15580 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
wolfSSL 13:f67a6c6013ca 15581 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
wolfSSL 13:f67a6c6013ca 15582 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 13:f67a6c6013ca 15583 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 13:f67a6c6013ca 15584 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 13:f67a6c6013ca 15585 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 13:f67a6c6013ca 15586 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 15587 #endif /* HAVE_AESGCM */
wolfSSL 13:f67a6c6013ca 15588
wolfSSL 13:f67a6c6013ca 15589 default:
wolfSSL 13:f67a6c6013ca 15590 return "NONE";
wolfSSL 13:f67a6c6013ca 15591 } /* switch */
wolfSSL 13:f67a6c6013ca 15592 } /* ECC and AES CCM/GCM */
wolfSSL 13:f67a6c6013ca 15593 #endif /* HAVE_ECC || HAVE_AESCCM*/
wolfSSL 13:f67a6c6013ca 15594
wolfSSL 13:f67a6c6013ca 15595 if (cipherSuite0 == TLS13_BYTE) {
wolfSSL 13:f67a6c6013ca 15596 /* TLS v1.3 suites */
wolfSSL 13:f67a6c6013ca 15597 switch (cipherSuite) {
wolfSSL 13:f67a6c6013ca 15598 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 15599 #ifdef HAVE_AESGCM
wolfSSL 13:f67a6c6013ca 15600 case TLS_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15601 return "TLS_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15602 case TLS_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15603 return "TLS_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15604 #endif
wolfSSL 13:f67a6c6013ca 15605
wolfSSL 13:f67a6c6013ca 15606 #ifdef HAVE_CHACHA
wolfSSL 13:f67a6c6013ca 15607 case TLS_CHACHA20_POLY1305_SHA256 :
wolfSSL 13:f67a6c6013ca 15608 return "TLS_CHACHA20_POLY1305_SHA256";
wolfSSL 13:f67a6c6013ca 15609 #endif
wolfSSL 13:f67a6c6013ca 15610
wolfSSL 13:f67a6c6013ca 15611 #ifdef HAVE_AESCCM
wolfSSL 13:f67a6c6013ca 15612 case TLS_AES_128_CCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15613 return "TLS_AES_128_CCM_SHA256";
wolfSSL 13:f67a6c6013ca 15614 case TLS_AES_128_CCM_8_SHA256 :
wolfSSL 13:f67a6c6013ca 15615 return "TLS_AES_256_CCM_8_SHA256";
wolfSSL 13:f67a6c6013ca 15616 #endif
wolfSSL 13:f67a6c6013ca 15617 #endif
wolfSSL 13:f67a6c6013ca 15618
wolfSSL 13:f67a6c6013ca 15619 default:
wolfSSL 13:f67a6c6013ca 15620 return "NONE";
wolfSSL 13:f67a6c6013ca 15621 }
wolfSSL 13:f67a6c6013ca 15622 }
wolfSSL 13:f67a6c6013ca 15623
wolfSSL 13:f67a6c6013ca 15624 if (cipherSuite0 != ECC_BYTE &&
wolfSSL 13:f67a6c6013ca 15625 cipherSuite0 != CHACHA_BYTE &&
wolfSSL 13:f67a6c6013ca 15626 cipherSuite0 != TLS13_BYTE) {
wolfSSL 13:f67a6c6013ca 15627
wolfSSL 13:f67a6c6013ca 15628 /* normal suites */
wolfSSL 13:f67a6c6013ca 15629 switch (cipherSuite) {
wolfSSL 13:f67a6c6013ca 15630 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15631 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 15632 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15633 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15634 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15635 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15636 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 15637 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 13:f67a6c6013ca 15638 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 13:f67a6c6013ca 15639 #endif /* !NO_MD5 */
wolfSSL 13:f67a6c6013ca 15640 #endif /* !NO_RC4 */
wolfSSL 13:f67a6c6013ca 15641 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15642 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 15643 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15644 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15645 #endif /* !NO_DES3 */
wolfSSL 13:f67a6c6013ca 15646 #ifdef HAVE_IDEA
wolfSSL 13:f67a6c6013ca 15647 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15648 return "SSL_RSA_WITH_IDEA_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15649 #endif /* HAVE_IDEA */
wolfSSL 13:f67a6c6013ca 15650
wolfSSL 13:f67a6c6013ca 15651 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15652 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15653 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15654 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15655 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15656 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15657 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15658 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15659 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15660 #ifdef HAVE_BLAKE2
wolfSSL 13:f67a6c6013ca 15661 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 13:f67a6c6013ca 15662 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 13:f67a6c6013ca 15663 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 13:f67a6c6013ca 15664 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 13:f67a6c6013ca 15665 #endif /* HAVE_BLAKE2 */
wolfSSL 13:f67a6c6013ca 15666 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15667 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 15668 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 13:f67a6c6013ca 15669 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15670 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 15671 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 13:f67a6c6013ca 15672 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 15673
wolfSSL 13:f67a6c6013ca 15674 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 15675 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15676 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15677 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15678 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15679 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15680 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15681 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 15682 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15683 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15684 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 15685 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 13:f67a6c6013ca 15686 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15687 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15688 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 15689 return "TLS_DHE_PSK_WITH_NULL_SHA256";
wolfSSL 13:f67a6c6013ca 15690 #ifdef HAVE_AESGCM
wolfSSL 13:f67a6c6013ca 15691 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15692 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15693 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15694 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15695 #endif /* HAVE_AESGCM */
wolfSSL 13:f67a6c6013ca 15696 #endif /* !NO_SHA256 */
wolfSSL 13:f67a6c6013ca 15697 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 15698 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15699 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15700 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 13:f67a6c6013ca 15701 return "TLS_PSK_WITH_NULL_SHA384";
wolfSSL 13:f67a6c6013ca 15702 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 13:f67a6c6013ca 15703 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 13:f67a6c6013ca 15704 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 13:f67a6c6013ca 15705 return "TLS_DHE_PSK_WITH_NULL_SHA384";
wolfSSL 13:f67a6c6013ca 15706 #ifdef HAVE_AESGCM
wolfSSL 13:f67a6c6013ca 15707 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15708 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15709 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15710 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15711 #endif /* HAVE_AESGCM */
wolfSSL 13:f67a6c6013ca 15712 #endif /* WOLFSSL_SHA384 */
wolfSSL 13:f67a6c6013ca 15713 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15714 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 13:f67a6c6013ca 15715 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 13:f67a6c6013ca 15716 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15717 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 15718
wolfSSL 13:f67a6c6013ca 15719 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 15720 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15721 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15722 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15723 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15724 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15725 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15726 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15727 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15728 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15729 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 15730 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 13:f67a6c6013ca 15731 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15732 #endif
wolfSSL 13:f67a6c6013ca 15733 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 15734 #ifndef NO_HC128
wolfSSL 13:f67a6c6013ca 15735 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 15736 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 13:f67a6c6013ca 15737 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 13:f67a6c6013ca 15738 #endif /* !NO_MD5 */
wolfSSL 13:f67a6c6013ca 15739 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15740 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 13:f67a6c6013ca 15741 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 13:f67a6c6013ca 15742 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15743 #ifdef HAVE_BLAKE2
wolfSSL 13:f67a6c6013ca 15744 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 13:f67a6c6013ca 15745 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 13:f67a6c6013ca 15746 #endif /* HAVE_BLAKE2 */
wolfSSL 13:f67a6c6013ca 15747 #endif /* !NO_HC128 */
wolfSSL 13:f67a6c6013ca 15748 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15749 #ifndef NO_RABBIT
wolfSSL 13:f67a6c6013ca 15750 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 13:f67a6c6013ca 15751 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 13:f67a6c6013ca 15752 #endif /* !NO_RABBIT */
wolfSSL 13:f67a6c6013ca 15753 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 15754 #ifndef NO_RC4
wolfSSL 13:f67a6c6013ca 15755 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 13:f67a6c6013ca 15756 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 13:f67a6c6013ca 15757 #endif /* !NO_RC4 */
wolfSSL 13:f67a6c6013ca 15758 #ifndef NO_DES3
wolfSSL 13:f67a6c6013ca 15759 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15760 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15761 #endif /* !NO_DES3 */
wolfSSL 13:f67a6c6013ca 15762 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15763 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15764 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15765 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15766 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 15767
wolfSSL 13:f67a6c6013ca 15768 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 15769 case TLS_QSH :
wolfSSL 13:f67a6c6013ca 15770 return "TLS_QSH";
wolfSSL 13:f67a6c6013ca 15771 #endif /* HAVE_QSH */
wolfSSL 13:f67a6c6013ca 15772 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15773
wolfSSL 13:f67a6c6013ca 15774 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15775 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15776 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15777 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15778 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 13:f67a6c6013ca 15779 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 13:f67a6c6013ca 15780 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 13:f67a6c6013ca 15781 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 13:f67a6c6013ca 15782 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15783 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15784 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15785 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15786 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15787 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15788 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15789 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15790 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15791 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15792 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 15793 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15794 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15795 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15796 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15797 #endif /* !NO_SHA */
wolfSSL 13:f67a6c6013ca 15798 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15799 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15800 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 13:f67a6c6013ca 15801 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 13:f67a6c6013ca 15802 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 15803
wolfSSL 13:f67a6c6013ca 15804 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 13:f67a6c6013ca 15805 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 13:f67a6c6013ca 15806 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
wolfSSL 13:f67a6c6013ca 15807 #endif
wolfSSL 13:f67a6c6013ca 15808 #ifdef BUILD_WDM_WITH_NULL_SHA256
wolfSSL 13:f67a6c6013ca 15809 case WDM_WITH_NULL_SHA256 :
wolfSSL 13:f67a6c6013ca 15810 return "WDM_WITH_NULL_SHA256";
wolfSSL 13:f67a6c6013ca 15811 #endif
wolfSSL 13:f67a6c6013ca 15812 default:
wolfSSL 13:f67a6c6013ca 15813 return "NONE";
wolfSSL 13:f67a6c6013ca 15814 } /* switch */
wolfSSL 13:f67a6c6013ca 15815 } /* normal / PSK */
wolfSSL 13:f67a6c6013ca 15816 #endif /* NO_ERROR_STRINGS */
wolfSSL 13:f67a6c6013ca 15817
wolfSSL 13:f67a6c6013ca 15818 return "NONE";
wolfSSL 13:f67a6c6013ca 15819 }
wolfSSL 13:f67a6c6013ca 15820
wolfSSL 13:f67a6c6013ca 15821
wolfSSL 13:f67a6c6013ca 15822 /**
wolfSSL 13:f67a6c6013ca 15823 Set the enabled cipher suites.
wolfSSL 13:f67a6c6013ca 15824
wolfSSL 13:f67a6c6013ca 15825 @param [out] suites Suites structure.
wolfSSL 13:f67a6c6013ca 15826 @param [in] list List of cipher suites, only supports full name from
wolfSSL 13:f67a6c6013ca 15827 cipher_names[] delimited by ':'.
wolfSSL 13:f67a6c6013ca 15828
wolfSSL 13:f67a6c6013ca 15829 @return true on success, else false.
wolfSSL 13:f67a6c6013ca 15830 */
wolfSSL 13:f67a6c6013ca 15831 int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
wolfSSL 13:f67a6c6013ca 15832 {
wolfSSL 13:f67a6c6013ca 15833 int ret = 0;
wolfSSL 13:f67a6c6013ca 15834 int idx = 0;
wolfSSL 13:f67a6c6013ca 15835 int haveRSAsig = 0;
wolfSSL 13:f67a6c6013ca 15836 int haveECDSAsig = 0;
wolfSSL 13:f67a6c6013ca 15837 int haveAnon = 0;
wolfSSL 13:f67a6c6013ca 15838 const int suiteSz = GetCipherNamesSize();
wolfSSL 13:f67a6c6013ca 15839 char* next = (char*)list;
wolfSSL 13:f67a6c6013ca 15840
wolfSSL 13:f67a6c6013ca 15841 if (suites == NULL || list == NULL) {
wolfSSL 13:f67a6c6013ca 15842 WOLFSSL_MSG("SetCipherList parameter error");
wolfSSL 13:f67a6c6013ca 15843 return 0;
wolfSSL 13:f67a6c6013ca 15844 }
wolfSSL 13:f67a6c6013ca 15845
wolfSSL 13:f67a6c6013ca 15846 if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
wolfSSL 13:f67a6c6013ca 15847 XSTRNCMP(next, "DEFAULT", 7) == 0)
wolfSSL 13:f67a6c6013ca 15848 return 1; /* wolfSSL defualt */
wolfSSL 13:f67a6c6013ca 15849
wolfSSL 13:f67a6c6013ca 15850 do {
wolfSSL 13:f67a6c6013ca 15851 char* current = next;
wolfSSL 13:f67a6c6013ca 15852 char name[MAX_SUITE_NAME + 1];
wolfSSL 13:f67a6c6013ca 15853 int i;
wolfSSL 13:f67a6c6013ca 15854 word32 length;
wolfSSL 13:f67a6c6013ca 15855
wolfSSL 13:f67a6c6013ca 15856 next = XSTRSTR(next, ":");
wolfSSL 13:f67a6c6013ca 15857 length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL 13:f67a6c6013ca 15858 : (word32)(next - current));
wolfSSL 13:f67a6c6013ca 15859
wolfSSL 13:f67a6c6013ca 15860 XSTRNCPY(name, current, length);
wolfSSL 13:f67a6c6013ca 15861 name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL 13:f67a6c6013ca 15862
wolfSSL 13:f67a6c6013ca 15863 for (i = 0; i < suiteSz; i++) {
wolfSSL 13:f67a6c6013ca 15864 if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
wolfSSL 13:f67a6c6013ca 15865 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 15866 /* don't allow stream ciphers with DTLS */
wolfSSL 13:f67a6c6013ca 15867 if (ctx->method->version.major == DTLS_MAJOR) {
wolfSSL 13:f67a6c6013ca 15868 if (XSTRSTR(name, "RC4") ||
wolfSSL 13:f67a6c6013ca 15869 XSTRSTR(name, "HC128") ||
wolfSSL 13:f67a6c6013ca 15870 XSTRSTR(name, "RABBIT"))
wolfSSL 13:f67a6c6013ca 15871 {
wolfSSL 13:f67a6c6013ca 15872 WOLFSSL_MSG("Stream ciphers not supported with DTLS");
wolfSSL 13:f67a6c6013ca 15873 continue;
wolfSSL 13:f67a6c6013ca 15874 }
wolfSSL 13:f67a6c6013ca 15875
wolfSSL 13:f67a6c6013ca 15876 }
wolfSSL 13:f67a6c6013ca 15877 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 15878
wolfSSL 13:f67a6c6013ca 15879 if (idx + 1 >= WOLFSSL_MAX_SUITE_SZ) {
wolfSSL 13:f67a6c6013ca 15880 WOLFSSL_MSG("WOLFSSL_MAX_SUITE_SZ set too low");
wolfSSL 13:f67a6c6013ca 15881 return 0; /* suites buffer not large enough, error out */
wolfSSL 13:f67a6c6013ca 15882 }
wolfSSL 13:f67a6c6013ca 15883
wolfSSL 13:f67a6c6013ca 15884 suites->suites[idx++] = (XSTRSTR(name, "TLS13")) ? TLS13_BYTE
wolfSSL 13:f67a6c6013ca 15885 : (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
wolfSSL 13:f67a6c6013ca 15886 : (XSTRSTR(name, "QSH")) ? QSH_BYTE
wolfSSL 13:f67a6c6013ca 15887 : (XSTRSTR(name, "EC")) ? ECC_BYTE
wolfSSL 13:f67a6c6013ca 15888 : (XSTRSTR(name, "CCM")) ? ECC_BYTE
wolfSSL 13:f67a6c6013ca 15889 : 0x00; /* normal */
wolfSSL 13:f67a6c6013ca 15890 suites->suites[idx++] = (byte)cipher_name_idx[i];
wolfSSL 13:f67a6c6013ca 15891
wolfSSL 13:f67a6c6013ca 15892 /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
wolfSSL 13:f67a6c6013ca 15893 * suites don't necessarily have RSA in the name. */
wolfSSL 13:f67a6c6013ca 15894 if (XSTRSTR(name, "TLS13")) {
wolfSSL 13:f67a6c6013ca 15895 haveRSAsig = 1;
wolfSSL 13:f67a6c6013ca 15896 haveECDSAsig = 1;
wolfSSL 13:f67a6c6013ca 15897 }
wolfSSL 13:f67a6c6013ca 15898 else if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
wolfSSL 13:f67a6c6013ca 15899 haveECDSAsig = 1;
wolfSSL 13:f67a6c6013ca 15900 else if (XSTRSTR(name, "ADH"))
wolfSSL 13:f67a6c6013ca 15901 haveAnon = 1;
wolfSSL 13:f67a6c6013ca 15902 else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
wolfSSL 13:f67a6c6013ca 15903 haveRSAsig = 1;
wolfSSL 13:f67a6c6013ca 15904
wolfSSL 13:f67a6c6013ca 15905 ret = 1; /* found at least one */
wolfSSL 13:f67a6c6013ca 15906 break;
wolfSSL 13:f67a6c6013ca 15907 }
wolfSSL 13:f67a6c6013ca 15908 }
wolfSSL 13:f67a6c6013ca 15909 }
wolfSSL 13:f67a6c6013ca 15910 while (next++); /* ++ needed to skip ':' */
wolfSSL 13:f67a6c6013ca 15911
wolfSSL 13:f67a6c6013ca 15912 if (ret) {
wolfSSL 13:f67a6c6013ca 15913 int keySz = 0;
wolfSSL 13:f67a6c6013ca 15914 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 15915 keySz = ctx->privateKeySz;
wolfSSL 13:f67a6c6013ca 15916 #endif
wolfSSL 13:f67a6c6013ca 15917 suites->setSuites = 1;
wolfSSL 13:f67a6c6013ca 15918 suites->suiteSz = (word16)idx;
wolfSSL 13:f67a6c6013ca 15919 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon, 1,
wolfSSL 13:f67a6c6013ca 15920 keySz);
wolfSSL 13:f67a6c6013ca 15921 }
wolfSSL 13:f67a6c6013ca 15922
wolfSSL 13:f67a6c6013ca 15923 (void)ctx;
wolfSSL 13:f67a6c6013ca 15924
wolfSSL 13:f67a6c6013ca 15925 return ret;
wolfSSL 13:f67a6c6013ca 15926 }
wolfSSL 13:f67a6c6013ca 15927
wolfSSL 13:f67a6c6013ca 15928 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)
wolfSSL 13:f67a6c6013ca 15929 void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
wolfSSL 13:f67a6c6013ca 15930 word32 hashSigAlgoSz)
wolfSSL 13:f67a6c6013ca 15931 {
wolfSSL 13:f67a6c6013ca 15932 word32 i;
wolfSSL 13:f67a6c6013ca 15933
wolfSSL 13:f67a6c6013ca 15934 ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL 13:f67a6c6013ca 15935
wolfSSL 13:f67a6c6013ca 15936 /* set defaults */
wolfSSL 13:f67a6c6013ca 15937 if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 13:f67a6c6013ca 15938 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 13:f67a6c6013ca 15939 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 15940 ssl->suites->sigAlgo = ssl->buffers.keyType;
wolfSSL 13:f67a6c6013ca 15941 #endif
wolfSSL 13:f67a6c6013ca 15942 }
wolfSSL 13:f67a6c6013ca 15943 else if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 15944 #ifdef WOLFSSL_ALLOW_TLS_SHA1
wolfSSL 13:f67a6c6013ca 15945 ssl->suites->hashAlgo = sha_mac;
wolfSSL 13:f67a6c6013ca 15946 #else
wolfSSL 13:f67a6c6013ca 15947 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 13:f67a6c6013ca 15948 #endif
wolfSSL 13:f67a6c6013ca 15949 }
wolfSSL 13:f67a6c6013ca 15950 else {
wolfSSL 13:f67a6c6013ca 15951 ssl->suites->hashAlgo = sha_mac;
wolfSSL 13:f67a6c6013ca 15952 }
wolfSSL 13:f67a6c6013ca 15953
wolfSSL 13:f67a6c6013ca 15954 /* i+1 since peek a byte ahead for type */
wolfSSL 13:f67a6c6013ca 15955 for (i = 0; (i+1) < hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) {
wolfSSL 13:f67a6c6013ca 15956 byte hashAlgo = 0, sigAlgo = 0;
wolfSSL 13:f67a6c6013ca 15957
wolfSSL 13:f67a6c6013ca 15958 DecodeSigAlg(&hashSigAlgo[i], &hashAlgo, &sigAlgo);
wolfSSL 13:f67a6c6013ca 15959 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 15960 if (ssl->pkCurveOID == ECC_ED25519_OID && sigAlgo != ed25519_sa_algo)
wolfSSL 13:f67a6c6013ca 15961 continue;
wolfSSL 13:f67a6c6013ca 15962
wolfSSL 13:f67a6c6013ca 15963 if (sigAlgo == ed25519_sa_algo &&
wolfSSL 13:f67a6c6013ca 15964 ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 15965 ssl->suites->sigAlgo = sigAlgo;
wolfSSL 13:f67a6c6013ca 15966 ssl->suites->hashAlgo = sha512_mac;
wolfSSL 13:f67a6c6013ca 15967 break;
wolfSSL 13:f67a6c6013ca 15968 }
wolfSSL 13:f67a6c6013ca 15969 #endif
wolfSSL 13:f67a6c6013ca 15970 if (sigAlgo == ssl->suites->sigAlgo || (sigAlgo == rsa_pss_sa_algo &&
wolfSSL 13:f67a6c6013ca 15971 ssl->suites->sigAlgo == rsa_sa_algo)) {
wolfSSL 13:f67a6c6013ca 15972 if (hashAlgo == sha_mac) {
wolfSSL 13:f67a6c6013ca 15973 ssl->suites->sigAlgo = sigAlgo;
wolfSSL 13:f67a6c6013ca 15974 break;
wolfSSL 13:f67a6c6013ca 15975 }
wolfSSL 13:f67a6c6013ca 15976 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 15977 else if (hashAlgo == sha256_mac) {
wolfSSL 13:f67a6c6013ca 15978 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 13:f67a6c6013ca 15979 ssl->suites->sigAlgo = sigAlgo;
wolfSSL 13:f67a6c6013ca 15980 break;
wolfSSL 13:f67a6c6013ca 15981 }
wolfSSL 13:f67a6c6013ca 15982 #endif
wolfSSL 13:f67a6c6013ca 15983 #ifdef WOLFSSL_SHA384
wolfSSL 13:f67a6c6013ca 15984 else if (hashAlgo == sha384_mac) {
wolfSSL 13:f67a6c6013ca 15985 ssl->suites->hashAlgo = sha384_mac;
wolfSSL 13:f67a6c6013ca 15986 ssl->suites->sigAlgo = sigAlgo;
wolfSSL 13:f67a6c6013ca 15987 break;
wolfSSL 13:f67a6c6013ca 15988 }
wolfSSL 13:f67a6c6013ca 15989 #endif
wolfSSL 13:f67a6c6013ca 15990 #ifdef WOLFSSL_SHA512
wolfSSL 13:f67a6c6013ca 15991 else if (hashAlgo == sha512_mac) {
wolfSSL 13:f67a6c6013ca 15992 ssl->suites->hashAlgo = sha512_mac;
wolfSSL 13:f67a6c6013ca 15993 ssl->suites->sigAlgo = sigAlgo;
wolfSSL 13:f67a6c6013ca 15994 break;
wolfSSL 13:f67a6c6013ca 15995 }
wolfSSL 13:f67a6c6013ca 15996 #endif
wolfSSL 13:f67a6c6013ca 15997 }
wolfSSL 13:f67a6c6013ca 15998 else if (ssl->specs.sig_algo == 0) {
wolfSSL 13:f67a6c6013ca 15999 ssl->suites->hashAlgo = ssl->specs.mac_algorithm;
wolfSSL 13:f67a6c6013ca 16000 }
wolfSSL 13:f67a6c6013ca 16001 }
wolfSSL 13:f67a6c6013ca 16002
wolfSSL 13:f67a6c6013ca 16003 }
wolfSSL 13:f67a6c6013ca 16004 #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
wolfSSL 13:f67a6c6013ca 16005
wolfSSL 13:f67a6c6013ca 16006 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 16007
wolfSSL 13:f67a6c6013ca 16008 /* Initialisze HandShakeInfo */
wolfSSL 13:f67a6c6013ca 16009 void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 16010 {
wolfSSL 13:f67a6c6013ca 16011 int i;
wolfSSL 13:f67a6c6013ca 16012
wolfSSL 13:f67a6c6013ca 16013 info->ssl = ssl;
wolfSSL 13:f67a6c6013ca 16014 info->cipherName[0] = 0;
wolfSSL 13:f67a6c6013ca 16015 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 13:f67a6c6013ca 16016 info->packetNames[i][0] = 0;
wolfSSL 13:f67a6c6013ca 16017 info->numberPackets = 0;
wolfSSL 13:f67a6c6013ca 16018 info->negotiationError = 0;
wolfSSL 13:f67a6c6013ca 16019 }
wolfSSL 13:f67a6c6013ca 16020
wolfSSL 13:f67a6c6013ca 16021 /* Set Final HandShakeInfo parameters */
wolfSSL 13:f67a6c6013ca 16022 void FinishHandShakeInfo(HandShakeInfo* info)
wolfSSL 13:f67a6c6013ca 16023 {
wolfSSL 13:f67a6c6013ca 16024 int i;
wolfSSL 13:f67a6c6013ca 16025 int sz = sizeof(cipher_name_idx)/sizeof(int);
wolfSSL 13:f67a6c6013ca 16026
wolfSSL 13:f67a6c6013ca 16027 for (i = 0; i < sz; i++)
wolfSSL 13:f67a6c6013ca 16028 if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
wolfSSL 13:f67a6c6013ca 16029 if (info->ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL 13:f67a6c6013ca 16030 continue; /* ECC suites at end */
wolfSSL 13:f67a6c6013ca 16031 XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
wolfSSL 13:f67a6c6013ca 16032 break;
wolfSSL 13:f67a6c6013ca 16033 }
wolfSSL 13:f67a6c6013ca 16034
wolfSSL 13:f67a6c6013ca 16035 /* error max and min are negative numbers */
wolfSSL 13:f67a6c6013ca 16036 if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR)
wolfSSL 13:f67a6c6013ca 16037 info->negotiationError = info->ssl->error;
wolfSSL 13:f67a6c6013ca 16038 }
wolfSSL 13:f67a6c6013ca 16039
wolfSSL 13:f67a6c6013ca 16040
wolfSSL 13:f67a6c6013ca 16041 /* Add name to info packet names, increase packet name count */
wolfSSL 13:f67a6c6013ca 16042 void AddPacketName(const char* name, HandShakeInfo* info)
wolfSSL 13:f67a6c6013ca 16043 {
wolfSSL 13:f67a6c6013ca 16044 if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL 13:f67a6c6013ca 16045 XSTRNCPY(info->packetNames[info->numberPackets++], name,
wolfSSL 13:f67a6c6013ca 16046 MAX_PACKETNAME_SZ);
wolfSSL 13:f67a6c6013ca 16047 }
wolfSSL 13:f67a6c6013ca 16048 }
wolfSSL 13:f67a6c6013ca 16049
wolfSSL 13:f67a6c6013ca 16050
wolfSSL 13:f67a6c6013ca 16051 /* Initialisze TimeoutInfo */
wolfSSL 13:f67a6c6013ca 16052 void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL 13:f67a6c6013ca 16053 {
wolfSSL 13:f67a6c6013ca 16054 int i;
wolfSSL 13:f67a6c6013ca 16055
wolfSSL 13:f67a6c6013ca 16056 info->timeoutName[0] = 0;
wolfSSL 13:f67a6c6013ca 16057 info->flags = 0;
wolfSSL 13:f67a6c6013ca 16058
wolfSSL 13:f67a6c6013ca 16059 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL 13:f67a6c6013ca 16060 info->packets[i].packetName[0] = 0;
wolfSSL 13:f67a6c6013ca 16061 info->packets[i].timestamp.tv_sec = 0;
wolfSSL 13:f67a6c6013ca 16062 info->packets[i].timestamp.tv_usec = 0;
wolfSSL 13:f67a6c6013ca 16063 info->packets[i].bufferValue = 0;
wolfSSL 13:f67a6c6013ca 16064 info->packets[i].valueSz = 0;
wolfSSL 13:f67a6c6013ca 16065 }
wolfSSL 13:f67a6c6013ca 16066 info->numberPackets = 0;
wolfSSL 13:f67a6c6013ca 16067 info->timeoutValue.tv_sec = 0;
wolfSSL 13:f67a6c6013ca 16068 info->timeoutValue.tv_usec = 0;
wolfSSL 13:f67a6c6013ca 16069 }
wolfSSL 13:f67a6c6013ca 16070
wolfSSL 13:f67a6c6013ca 16071
wolfSSL 13:f67a6c6013ca 16072 /* Free TimeoutInfo */
wolfSSL 13:f67a6c6013ca 16073 void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL 13:f67a6c6013ca 16074 {
wolfSSL 13:f67a6c6013ca 16075 int i;
wolfSSL 13:f67a6c6013ca 16076 (void)heap;
wolfSSL 13:f67a6c6013ca 16077 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 13:f67a6c6013ca 16078 if (info->packets[i].bufferValue) {
wolfSSL 13:f67a6c6013ca 16079 XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL 13:f67a6c6013ca 16080 info->packets[i].bufferValue = 0;
wolfSSL 13:f67a6c6013ca 16081 }
wolfSSL 13:f67a6c6013ca 16082
wolfSSL 13:f67a6c6013ca 16083 }
wolfSSL 13:f67a6c6013ca 16084
wolfSSL 13:f67a6c6013ca 16085
wolfSSL 13:f67a6c6013ca 16086 /* Add PacketInfo to TimeoutInfo */
wolfSSL 13:f67a6c6013ca 16087 void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
wolfSSL 13:f67a6c6013ca 16088 int sz, void* heap)
wolfSSL 13:f67a6c6013ca 16089 {
wolfSSL 13:f67a6c6013ca 16090 if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL 13:f67a6c6013ca 16091 Timeval currTime;
wolfSSL 13:f67a6c6013ca 16092
wolfSSL 13:f67a6c6013ca 16093 /* may add name after */
wolfSSL 13:f67a6c6013ca 16094 if (name)
wolfSSL 13:f67a6c6013ca 16095 XSTRNCPY(info->packets[info->numberPackets].packetName, name,
wolfSSL 13:f67a6c6013ca 16096 MAX_PACKETNAME_SZ);
wolfSSL 13:f67a6c6013ca 16097
wolfSSL 13:f67a6c6013ca 16098 /* add data, put in buffer if bigger than static buffer */
wolfSSL 13:f67a6c6013ca 16099 info->packets[info->numberPackets].valueSz = sz;
wolfSSL 13:f67a6c6013ca 16100 if (sz < MAX_VALUE_SZ)
wolfSSL 13:f67a6c6013ca 16101 XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL 13:f67a6c6013ca 16102 else {
wolfSSL 13:f67a6c6013ca 16103 info->packets[info->numberPackets].bufferValue =
wolfSSL 13:f67a6c6013ca 16104 (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL 13:f67a6c6013ca 16105 if (!info->packets[info->numberPackets].bufferValue)
wolfSSL 13:f67a6c6013ca 16106 /* let next alloc catch, just don't fill, not fatal here */
wolfSSL 13:f67a6c6013ca 16107 info->packets[info->numberPackets].valueSz = 0;
wolfSSL 13:f67a6c6013ca 16108 else
wolfSSL 13:f67a6c6013ca 16109 XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL 13:f67a6c6013ca 16110 data, sz);
wolfSSL 13:f67a6c6013ca 16111 }
wolfSSL 13:f67a6c6013ca 16112 gettimeofday(&currTime, 0);
wolfSSL 13:f67a6c6013ca 16113 info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL 13:f67a6c6013ca 16114 currTime.tv_sec;
wolfSSL 13:f67a6c6013ca 16115 info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL 13:f67a6c6013ca 16116 currTime.tv_usec;
wolfSSL 13:f67a6c6013ca 16117 info->numberPackets++;
wolfSSL 13:f67a6c6013ca 16118 }
wolfSSL 13:f67a6c6013ca 16119 }
wolfSSL 13:f67a6c6013ca 16120
wolfSSL 13:f67a6c6013ca 16121
wolfSSL 13:f67a6c6013ca 16122 /* Add packet name to previsouly added packet info */
wolfSSL 13:f67a6c6013ca 16123 void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL 13:f67a6c6013ca 16124 {
wolfSSL 13:f67a6c6013ca 16125 /* make sure we have a valid previous one */
wolfSSL 13:f67a6c6013ca 16126 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 13:f67a6c6013ca 16127 MAX_PACKETS_HANDSHAKE) {
wolfSSL 13:f67a6c6013ca 16128 XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
wolfSSL 13:f67a6c6013ca 16129 MAX_PACKETNAME_SZ);
wolfSSL 13:f67a6c6013ca 16130 }
wolfSSL 13:f67a6c6013ca 16131 }
wolfSSL 13:f67a6c6013ca 16132
wolfSSL 13:f67a6c6013ca 16133 /* Add record header to previsouly added packet info */
wolfSSL 13:f67a6c6013ca 16134 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL 13:f67a6c6013ca 16135 {
wolfSSL 13:f67a6c6013ca 16136 /* make sure we have a valid previous one */
wolfSSL 13:f67a6c6013ca 16137 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 13:f67a6c6013ca 16138 MAX_PACKETS_HANDSHAKE) {
wolfSSL 13:f67a6c6013ca 16139 if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL 13:f67a6c6013ca 16140 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL 13:f67a6c6013ca 16141 RECORD_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 16142 else
wolfSSL 13:f67a6c6013ca 16143 XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL 13:f67a6c6013ca 16144 RECORD_HEADER_SZ);
wolfSSL 13:f67a6c6013ca 16145 }
wolfSSL 13:f67a6c6013ca 16146 }
wolfSSL 13:f67a6c6013ca 16147
wolfSSL 13:f67a6c6013ca 16148 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 13:f67a6c6013ca 16149
wolfSSL 13:f67a6c6013ca 16150
wolfSSL 13:f67a6c6013ca 16151
wolfSSL 13:f67a6c6013ca 16152 /* client only parts */
wolfSSL 13:f67a6c6013ca 16153 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 13:f67a6c6013ca 16154
wolfSSL 13:f67a6c6013ca 16155 int SendClientHello(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 16156 {
wolfSSL 13:f67a6c6013ca 16157 byte *output;
wolfSSL 13:f67a6c6013ca 16158 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 16159 int sendSz;
wolfSSL 13:f67a6c6013ca 16160 int idSz = ssl->options.resuming
wolfSSL 13:f67a6c6013ca 16161 ? ssl->session.sessionIDSz
wolfSSL 13:f67a6c6013ca 16162 : 0;
wolfSSL 13:f67a6c6013ca 16163 int ret;
wolfSSL 13:f67a6c6013ca 16164 word16 extSz = 0;
wolfSSL 13:f67a6c6013ca 16165
wolfSSL 13:f67a6c6013ca 16166
wolfSSL 13:f67a6c6013ca 16167 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 16168 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 13:f67a6c6013ca 16169 return SendTls13ClientHello(ssl);
wolfSSL 13:f67a6c6013ca 16170 #endif
wolfSSL 13:f67a6c6013ca 16171
wolfSSL 13:f67a6c6013ca 16172 if (ssl->suites == NULL) {
wolfSSL 13:f67a6c6013ca 16173 WOLFSSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL 13:f67a6c6013ca 16174 return SUITES_ERROR;
wolfSSL 13:f67a6c6013ca 16175 }
wolfSSL 13:f67a6c6013ca 16176
wolfSSL 13:f67a6c6013ca 16177 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 16178 if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL 13:f67a6c6013ca 16179 SessionTicket* ticket;
wolfSSL 13:f67a6c6013ca 16180
wolfSSL 13:f67a6c6013ca 16181 ticket = TLSX_SessionTicket_Create(0, ssl->session.ticket,
wolfSSL 13:f67a6c6013ca 16182 ssl->session.ticketLen, ssl->heap);
wolfSSL 13:f67a6c6013ca 16183 if (ticket == NULL) return MEMORY_E;
wolfSSL 13:f67a6c6013ca 16184
wolfSSL 13:f67a6c6013ca 16185 ret = TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap);
wolfSSL 13:f67a6c6013ca 16186 if (ret != SSL_SUCCESS) return ret;
wolfSSL 13:f67a6c6013ca 16187
wolfSSL 13:f67a6c6013ca 16188 idSz = 0;
wolfSSL 13:f67a6c6013ca 16189 }
wolfSSL 13:f67a6c6013ca 16190 #endif
wolfSSL 13:f67a6c6013ca 16191 length = VERSION_SZ + RAN_LEN
wolfSSL 13:f67a6c6013ca 16192 + idSz + ENUM_LEN
wolfSSL 13:f67a6c6013ca 16193 + ssl->suites->suiteSz + SUITE_LEN
wolfSSL 13:f67a6c6013ca 16194 + COMP_LEN + ENUM_LEN;
wolfSSL 13:f67a6c6013ca 16195
wolfSSL 13:f67a6c6013ca 16196 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 16197 /* auto populate extensions supported unless user defined */
wolfSSL 13:f67a6c6013ca 16198 if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
wolfSSL 13:f67a6c6013ca 16199 return ret;
wolfSSL 13:f67a6c6013ca 16200 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 16201 if (QSH_Init(ssl) != 0)
wolfSSL 13:f67a6c6013ca 16202 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 16203 #endif
wolfSSL 13:f67a6c6013ca 16204 extSz = TLSX_GetRequestSize(ssl, client_hello);
wolfSSL 13:f67a6c6013ca 16205 if (extSz != 0)
wolfSSL 13:f67a6c6013ca 16206 length += extSz;
wolfSSL 13:f67a6c6013ca 16207 #else
wolfSSL 13:f67a6c6013ca 16208 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 13:f67a6c6013ca 16209 extSz += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL 13:f67a6c6013ca 16210 + ssl->suites->hashSigAlgoSz;
wolfSSL 13:f67a6c6013ca 16211 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 13:f67a6c6013ca 16212 if (ssl->options.haveEMS)
wolfSSL 13:f67a6c6013ca 16213 extSz += HELLO_EXT_SZ;
wolfSSL 13:f67a6c6013ca 16214 #endif
wolfSSL 13:f67a6c6013ca 16215 if (extSz != 0)
wolfSSL 13:f67a6c6013ca 16216 length += extSz + HELLO_EXT_SZ_SZ;
wolfSSL 13:f67a6c6013ca 16217 #endif
wolfSSL 13:f67a6c6013ca 16218 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 16219
wolfSSL 13:f67a6c6013ca 16220 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16221 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 16222 length += ENUM_LEN; /* cookie */
wolfSSL 13:f67a6c6013ca 16223 if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL 13:f67a6c6013ca 16224 sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 16225 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 16226 }
wolfSSL 13:f67a6c6013ca 16227 #endif
wolfSSL 13:f67a6c6013ca 16228
wolfSSL 13:f67a6c6013ca 16229 if (IsEncryptionOn(ssl, 1))
wolfSSL 13:f67a6c6013ca 16230 sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 16231
wolfSSL 13:f67a6c6013ca 16232 /* check for available size */
wolfSSL 13:f67a6c6013ca 16233 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 16234 return ret;
wolfSSL 13:f67a6c6013ca 16235
wolfSSL 13:f67a6c6013ca 16236 /* get output buffer */
wolfSSL 13:f67a6c6013ca 16237 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 16238 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 16239
wolfSSL 13:f67a6c6013ca 16240 AddHeaders(output, length, client_hello, ssl);
wolfSSL 13:f67a6c6013ca 16241
wolfSSL 13:f67a6c6013ca 16242 /* client hello, first version */
wolfSSL 13:f67a6c6013ca 16243 output[idx++] = ssl->version.major;
wolfSSL 13:f67a6c6013ca 16244 output[idx++] = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 16245 ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL 13:f67a6c6013ca 16246
wolfSSL 13:f67a6c6013ca 16247 /* then random */
wolfSSL 13:f67a6c6013ca 16248 if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL 13:f67a6c6013ca 16249 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL 13:f67a6c6013ca 16250 if (ret != 0)
wolfSSL 13:f67a6c6013ca 16251 return ret;
wolfSSL 13:f67a6c6013ca 16252
wolfSSL 13:f67a6c6013ca 16253 /* store random */
wolfSSL 13:f67a6c6013ca 16254 XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL 13:f67a6c6013ca 16255 } else {
wolfSSL 13:f67a6c6013ca 16256 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16257 /* send same random on hello again */
wolfSSL 13:f67a6c6013ca 16258 XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 16259 #endif
wolfSSL 13:f67a6c6013ca 16260 }
wolfSSL 13:f67a6c6013ca 16261 idx += RAN_LEN;
wolfSSL 13:f67a6c6013ca 16262
wolfSSL 13:f67a6c6013ca 16263 /* then session id */
wolfSSL 13:f67a6c6013ca 16264 output[idx++] = (byte)idSz;
wolfSSL 13:f67a6c6013ca 16265 if (idSz) {
wolfSSL 13:f67a6c6013ca 16266 XMEMCPY(output + idx, ssl->session.sessionID,
wolfSSL 13:f67a6c6013ca 16267 ssl->session.sessionIDSz);
wolfSSL 13:f67a6c6013ca 16268 idx += ssl->session.sessionIDSz;
wolfSSL 13:f67a6c6013ca 16269 }
wolfSSL 13:f67a6c6013ca 16270
wolfSSL 13:f67a6c6013ca 16271 /* then DTLS cookie */
wolfSSL 13:f67a6c6013ca 16272 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16273 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 16274 byte cookieSz = ssl->arrays->cookieSz;
wolfSSL 13:f67a6c6013ca 16275
wolfSSL 13:f67a6c6013ca 16276 output[idx++] = cookieSz;
wolfSSL 13:f67a6c6013ca 16277 if (cookieSz) {
wolfSSL 13:f67a6c6013ca 16278 XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL 13:f67a6c6013ca 16279 idx += cookieSz;
wolfSSL 13:f67a6c6013ca 16280 }
wolfSSL 13:f67a6c6013ca 16281 }
wolfSSL 13:f67a6c6013ca 16282 #endif
wolfSSL 13:f67a6c6013ca 16283 /* then cipher suites */
wolfSSL 13:f67a6c6013ca 16284 c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL 13:f67a6c6013ca 16285 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16286 XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL 13:f67a6c6013ca 16287 idx += ssl->suites->suiteSz;
wolfSSL 13:f67a6c6013ca 16288
wolfSSL 13:f67a6c6013ca 16289 /* last, compression */
wolfSSL 13:f67a6c6013ca 16290 output[idx++] = COMP_LEN;
wolfSSL 13:f67a6c6013ca 16291 if (ssl->options.usingCompression)
wolfSSL 13:f67a6c6013ca 16292 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 13:f67a6c6013ca 16293 else
wolfSSL 13:f67a6c6013ca 16294 output[idx++] = NO_COMPRESSION;
wolfSSL 13:f67a6c6013ca 16295
wolfSSL 13:f67a6c6013ca 16296 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 16297 idx += TLSX_WriteRequest(ssl, output + idx, client_hello);
wolfSSL 13:f67a6c6013ca 16298
wolfSSL 13:f67a6c6013ca 16299 (void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL 13:f67a6c6013ca 16300 #else
wolfSSL 13:f67a6c6013ca 16301 if (extSz != 0) {
wolfSSL 13:f67a6c6013ca 16302 c16toa(extSz, output + idx);
wolfSSL 13:f67a6c6013ca 16303 idx += HELLO_EXT_SZ_SZ;
wolfSSL 13:f67a6c6013ca 16304
wolfSSL 13:f67a6c6013ca 16305 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 16306 if (ssl->suites->hashSigAlgoSz) {
wolfSSL 13:f67a6c6013ca 16307 int i;
wolfSSL 13:f67a6c6013ca 16308 /* extension type */
wolfSSL 13:f67a6c6013ca 16309 c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL 13:f67a6c6013ca 16310 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 13:f67a6c6013ca 16311 /* extension data length */
wolfSSL 13:f67a6c6013ca 16312 c16toa(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz,
wolfSSL 13:f67a6c6013ca 16313 output + idx);
wolfSSL 13:f67a6c6013ca 16314 idx += HELLO_EXT_SZ_SZ;
wolfSSL 13:f67a6c6013ca 16315 /* sig algos length */
wolfSSL 13:f67a6c6013ca 16316 c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL 13:f67a6c6013ca 16317 idx += HELLO_EXT_SIGALGO_SZ;
wolfSSL 13:f67a6c6013ca 16318 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL 13:f67a6c6013ca 16319 output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL 13:f67a6c6013ca 16320 }
wolfSSL 13:f67a6c6013ca 16321 }
wolfSSL 13:f67a6c6013ca 16322 }
wolfSSL 13:f67a6c6013ca 16323 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 13:f67a6c6013ca 16324 if (ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 16325 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 13:f67a6c6013ca 16326 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 13:f67a6c6013ca 16327 c16toa(0, output + idx);
wolfSSL 13:f67a6c6013ca 16328 idx += HELLO_EXT_SZ_SZ;
wolfSSL 13:f67a6c6013ca 16329 }
wolfSSL 13:f67a6c6013ca 16330 #endif
wolfSSL 13:f67a6c6013ca 16331 }
wolfSSL 13:f67a6c6013ca 16332 #endif
wolfSSL 13:f67a6c6013ca 16333
wolfSSL 13:f67a6c6013ca 16334 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 16335 byte* input;
wolfSSL 13:f67a6c6013ca 16336 int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 13:f67a6c6013ca 16337
wolfSSL 13:f67a6c6013ca 16338 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 16339 if (input == NULL)
wolfSSL 13:f67a6c6013ca 16340 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 16341
wolfSSL 13:f67a6c6013ca 16342 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 13:f67a6c6013ca 16343 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 13:f67a6c6013ca 16344 handshake, 1, 0, 0);
wolfSSL 13:f67a6c6013ca 16345 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 16346
wolfSSL 13:f67a6c6013ca 16347 if (sendSz < 0)
wolfSSL 13:f67a6c6013ca 16348 return sendSz;
wolfSSL 13:f67a6c6013ca 16349 } else {
wolfSSL 13:f67a6c6013ca 16350 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16351 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 16352 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 16353 #endif
wolfSSL 13:f67a6c6013ca 16354 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 16355 if (ret != 0)
wolfSSL 13:f67a6c6013ca 16356 return ret;
wolfSSL 13:f67a6c6013ca 16357 }
wolfSSL 13:f67a6c6013ca 16358
wolfSSL 13:f67a6c6013ca 16359 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16360 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 16361 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 16362 return ret;
wolfSSL 13:f67a6c6013ca 16363 }
wolfSSL 13:f67a6c6013ca 16364 #endif
wolfSSL 13:f67a6c6013ca 16365
wolfSSL 13:f67a6c6013ca 16366 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 13:f67a6c6013ca 16367
wolfSSL 13:f67a6c6013ca 16368 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 16369 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 16370 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 16371 AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 16372 ssl->heap);
wolfSSL 13:f67a6c6013ca 16373 #endif
wolfSSL 13:f67a6c6013ca 16374
wolfSSL 13:f67a6c6013ca 16375 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 16376
wolfSSL 13:f67a6c6013ca 16377 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 16378 }
wolfSSL 13:f67a6c6013ca 16379
wolfSSL 13:f67a6c6013ca 16380
wolfSSL 13:f67a6c6013ca 16381 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
wolfSSL 13:f67a6c6013ca 16382 word32* inOutIdx, word32 size)
wolfSSL 13:f67a6c6013ca 16383 {
wolfSSL 13:f67a6c6013ca 16384 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 16385 byte cookieSz;
wolfSSL 13:f67a6c6013ca 16386 word32 begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 16387
wolfSSL 13:f67a6c6013ca 16388 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 16389 if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
wolfSSL 13:f67a6c6013ca 16390 &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 16391 if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 16392 #endif
wolfSSL 13:f67a6c6013ca 16393
wolfSSL 13:f67a6c6013ca 16394 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16395 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 16396 DtlsMsgPoolReset(ssl);
wolfSSL 13:f67a6c6013ca 16397 }
wolfSSL 13:f67a6c6013ca 16398 #endif
wolfSSL 13:f67a6c6013ca 16399
wolfSSL 13:f67a6c6013ca 16400 if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL 13:f67a6c6013ca 16401 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16402
wolfSSL 13:f67a6c6013ca 16403 XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 16404 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16405
wolfSSL 13:f67a6c6013ca 16406 if (pv.major != DTLS_MAJOR ||
wolfSSL 13:f67a6c6013ca 16407 (pv.minor != DTLS_MINOR && pv.minor != DTLSv1_2_MINOR))
wolfSSL 13:f67a6c6013ca 16408 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16409
wolfSSL 13:f67a6c6013ca 16410 cookieSz = input[(*inOutIdx)++];
wolfSSL 13:f67a6c6013ca 16411
wolfSSL 13:f67a6c6013ca 16412 if (cookieSz) {
wolfSSL 13:f67a6c6013ca 16413 if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL 13:f67a6c6013ca 16414 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16415
wolfSSL 13:f67a6c6013ca 16416 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16417 if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL 13:f67a6c6013ca 16418 XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL 13:f67a6c6013ca 16419 ssl->arrays->cookieSz = cookieSz;
wolfSSL 13:f67a6c6013ca 16420 }
wolfSSL 13:f67a6c6013ca 16421 #endif
wolfSSL 13:f67a6c6013ca 16422 *inOutIdx += cookieSz;
wolfSSL 13:f67a6c6013ca 16423 }
wolfSSL 13:f67a6c6013ca 16424
wolfSSL 13:f67a6c6013ca 16425 ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 13:f67a6c6013ca 16426 return 0;
wolfSSL 13:f67a6c6013ca 16427 }
wolfSSL 13:f67a6c6013ca 16428
wolfSSL 13:f67a6c6013ca 16429
wolfSSL 13:f67a6c6013ca 16430 static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 16431 {
wolfSSL 13:f67a6c6013ca 16432 int ret = 0;
wolfSSL 13:f67a6c6013ca 16433
wolfSSL 13:f67a6c6013ca 16434 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 13:f67a6c6013ca 16435 /* If a session secret callback exists, we are using that
wolfSSL 13:f67a6c6013ca 16436 * key instead of the saved session key. */
wolfSSL 13:f67a6c6013ca 16437 ret = ret || (ssl->sessionSecretCb != NULL);
wolfSSL 13:f67a6c6013ca 16438 #endif
wolfSSL 13:f67a6c6013ca 16439
wolfSSL 13:f67a6c6013ca 16440 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 16441 /* server may send blank ticket which may not be expected to indicate
wolfSSL 13:f67a6c6013ca 16442 * existing one ok but will also be sending a new one */
wolfSSL 13:f67a6c6013ca 16443 ret = ret || (ssl->session.ticketLen > 0);
wolfSSL 13:f67a6c6013ca 16444 #endif
wolfSSL 13:f67a6c6013ca 16445
wolfSSL 13:f67a6c6013ca 16446 ret = ret ||
wolfSSL 13:f67a6c6013ca 16447 (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL 13:f67a6c6013ca 16448 ssl->session.sessionID, ID_LEN) == 0);
wolfSSL 13:f67a6c6013ca 16449
wolfSSL 13:f67a6c6013ca 16450 return ret;
wolfSSL 13:f67a6c6013ca 16451 }
wolfSSL 13:f67a6c6013ca 16452
wolfSSL 13:f67a6c6013ca 16453 /* Check the version in the received message is valid and set protocol
wolfSSL 13:f67a6c6013ca 16454 * version to use.
wolfSSL 13:f67a6c6013ca 16455 *
wolfSSL 13:f67a6c6013ca 16456 * ssl The SSL/TLS object.
wolfSSL 13:f67a6c6013ca 16457 * pv The protocol version from the packet.
wolfSSL 13:f67a6c6013ca 16458 * returns 0 on success, otherwise failure.
wolfSSL 13:f67a6c6013ca 16459 */
wolfSSL 13:f67a6c6013ca 16460 int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv)
wolfSSL 13:f67a6c6013ca 16461 {
wolfSSL 13:f67a6c6013ca 16462 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 16463 /* TODO: [TLS13] Remove this.
wolfSSL 13:f67a6c6013ca 16464 * Translate the draft TLS v1.3 version to final version.
wolfSSL 13:f67a6c6013ca 16465 */
wolfSSL 13:f67a6c6013ca 16466 if (pv.major == TLS_DRAFT_MAJOR) {
wolfSSL 13:f67a6c6013ca 16467 pv.major = SSLv3_MAJOR;
wolfSSL 13:f67a6c6013ca 16468 pv.minor = TLSv1_3_MINOR;
wolfSSL 13:f67a6c6013ca 16469 }
wolfSSL 13:f67a6c6013ca 16470 #endif
wolfSSL 13:f67a6c6013ca 16471
wolfSSL 13:f67a6c6013ca 16472 /* Check for upgrade attack. */
wolfSSL 13:f67a6c6013ca 16473 if (pv.minor > ssl->version.minor) {
wolfSSL 13:f67a6c6013ca 16474 WOLFSSL_MSG("Server using higher version, fatal error");
wolfSSL 13:f67a6c6013ca 16475 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16476 }
wolfSSL 13:f67a6c6013ca 16477 if (pv.minor < ssl->version.minor) {
wolfSSL 13:f67a6c6013ca 16478 WOLFSSL_MSG("server using lower version");
wolfSSL 13:f67a6c6013ca 16479
wolfSSL 13:f67a6c6013ca 16480 /* Check for downgrade attack. */
wolfSSL 13:f67a6c6013ca 16481 if (!ssl->options.downgrade) {
wolfSSL 13:f67a6c6013ca 16482 WOLFSSL_MSG("\tno downgrade allowed, fatal error");
wolfSSL 13:f67a6c6013ca 16483 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16484 }
wolfSSL 13:f67a6c6013ca 16485 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 13:f67a6c6013ca 16486 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 13:f67a6c6013ca 16487 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16488 }
wolfSSL 13:f67a6c6013ca 16489
wolfSSL 13:f67a6c6013ca 16490 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 16491 if (ssl->secure_renegotiation &&
wolfSSL 13:f67a6c6013ca 16492 ssl->secure_renegotiation->enabled &&
wolfSSL 13:f67a6c6013ca 16493 ssl->options.handShakeDone) {
wolfSSL 13:f67a6c6013ca 16494 WOLFSSL_MSG("Server changed version during scr");
wolfSSL 13:f67a6c6013ca 16495 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16496 }
wolfSSL 13:f67a6c6013ca 16497 #endif
wolfSSL 13:f67a6c6013ca 16498
wolfSSL 13:f67a6c6013ca 16499 /* Checks made - OK to downgrade. */
wolfSSL 13:f67a6c6013ca 16500 if (pv.minor == SSLv3_MINOR) {
wolfSSL 13:f67a6c6013ca 16501 /* turn off tls */
wolfSSL 13:f67a6c6013ca 16502 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 13:f67a6c6013ca 16503 ssl->options.tls = 0;
wolfSSL 13:f67a6c6013ca 16504 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 16505 ssl->version.minor = SSLv3_MINOR;
wolfSSL 13:f67a6c6013ca 16506 }
wolfSSL 13:f67a6c6013ca 16507 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 13:f67a6c6013ca 16508 /* turn off tls 1.1+ */
wolfSSL 13:f67a6c6013ca 16509 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 13:f67a6c6013ca 16510 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 16511 ssl->version.minor = TLSv1_MINOR;
wolfSSL 13:f67a6c6013ca 16512 }
wolfSSL 13:f67a6c6013ca 16513 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 13:f67a6c6013ca 16514 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 13:f67a6c6013ca 16515 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 13:f67a6c6013ca 16516 }
wolfSSL 13:f67a6c6013ca 16517 else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL 13:f67a6c6013ca 16518 WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL 13:f67a6c6013ca 16519 ssl->version.minor = TLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 16520 }
wolfSSL 13:f67a6c6013ca 16521 }
wolfSSL 13:f67a6c6013ca 16522
wolfSSL 13:f67a6c6013ca 16523 return 0;
wolfSSL 13:f67a6c6013ca 16524 }
wolfSSL 13:f67a6c6013ca 16525
wolfSSL 13:f67a6c6013ca 16526 int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 16527 word32 helloSz)
wolfSSL 13:f67a6c6013ca 16528 {
wolfSSL 13:f67a6c6013ca 16529 byte cs0; /* cipher suite bytes 0, 1 */
wolfSSL 13:f67a6c6013ca 16530 byte cs1;
wolfSSL 13:f67a6c6013ca 16531 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 16532 byte compression;
wolfSSL 13:f67a6c6013ca 16533 word32 i = *inOutIdx;
wolfSSL 13:f67a6c6013ca 16534 word32 begin = i;
wolfSSL 13:f67a6c6013ca 16535 int ret;
wolfSSL 13:f67a6c6013ca 16536
wolfSSL 13:f67a6c6013ca 16537 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 16538 if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 16539 if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 16540 #endif
wolfSSL 13:f67a6c6013ca 16541
wolfSSL 13:f67a6c6013ca 16542 /* protocol version, random and session id length check */
wolfSSL 13:f67a6c6013ca 16543 if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 16544 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16545
wolfSSL 13:f67a6c6013ca 16546 /* protocol version */
wolfSSL 13:f67a6c6013ca 16547 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 16548 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16549
wolfSSL 13:f67a6c6013ca 16550 ret = CheckVersion(ssl, pv);
wolfSSL 13:f67a6c6013ca 16551 if (ret != 0)
wolfSSL 13:f67a6c6013ca 16552 return ret;
wolfSSL 13:f67a6c6013ca 16553
wolfSSL 13:f67a6c6013ca 16554 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 16555 if (IsAtLeastTLSv1_3(pv))
wolfSSL 13:f67a6c6013ca 16556 return DoTls13ServerHello(ssl, input, inOutIdx, helloSz);
wolfSSL 13:f67a6c6013ca 16557 #endif
wolfSSL 13:f67a6c6013ca 16558
wolfSSL 13:f67a6c6013ca 16559 /* random */
wolfSSL 13:f67a6c6013ca 16560 XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL 13:f67a6c6013ca 16561 i += RAN_LEN;
wolfSSL 13:f67a6c6013ca 16562
wolfSSL 13:f67a6c6013ca 16563 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 16564 if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
wolfSSL 13:f67a6c6013ca 16565 /* TLS v1.3 capable client not allowed to downgrade when connecting
wolfSSL 13:f67a6c6013ca 16566 * to TLS v1.3 capable server.
wolfSSL 13:f67a6c6013ca 16567 */
wolfSSL 13:f67a6c6013ca 16568 if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL 13:f67a6c6013ca 16569 tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
wolfSSL 13:f67a6c6013ca 16570 (*(input + i - 1) == 0 || *(input + i - 1) == 1)) {
wolfSSL 13:f67a6c6013ca 16571 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 13:f67a6c6013ca 16572 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16573 }
wolfSSL 13:f67a6c6013ca 16574 }
wolfSSL 13:f67a6c6013ca 16575 else
wolfSSL 13:f67a6c6013ca 16576 #endif
wolfSSL 13:f67a6c6013ca 16577 if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
wolfSSL 13:f67a6c6013ca 16578 ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
wolfSSL 13:f67a6c6013ca 16579 /* TLS v1.2 capable client not allowed to downgrade when connecting
wolfSSL 13:f67a6c6013ca 16580 * to TLS v1.2 capable server.
wolfSSL 13:f67a6c6013ca 16581 */
wolfSSL 13:f67a6c6013ca 16582 if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL 13:f67a6c6013ca 16583 tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
wolfSSL 13:f67a6c6013ca 16584 *(input + i - 1) == 0) {
wolfSSL 13:f67a6c6013ca 16585 SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL 13:f67a6c6013ca 16586 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 16587 }
wolfSSL 13:f67a6c6013ca 16588 }
wolfSSL 13:f67a6c6013ca 16589
wolfSSL 13:f67a6c6013ca 16590 /* session id */
wolfSSL 13:f67a6c6013ca 16591 ssl->arrays->sessionIDSz = input[i++];
wolfSSL 13:f67a6c6013ca 16592
wolfSSL 13:f67a6c6013ca 16593 if (ssl->arrays->sessionIDSz > ID_LEN) {
wolfSSL 13:f67a6c6013ca 16594 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 13:f67a6c6013ca 16595 ssl->arrays->sessionIDSz = 0;
wolfSSL 13:f67a6c6013ca 16596 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16597 }
wolfSSL 13:f67a6c6013ca 16598 else if (ssl->arrays->sessionIDSz) {
wolfSSL 13:f67a6c6013ca 16599 if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
wolfSSL 13:f67a6c6013ca 16600 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16601
wolfSSL 13:f67a6c6013ca 16602 XMEMCPY(ssl->arrays->sessionID, input + i,
wolfSSL 13:f67a6c6013ca 16603 ssl->arrays->sessionIDSz);
wolfSSL 13:f67a6c6013ca 16604 i += ssl->arrays->sessionIDSz;
wolfSSL 13:f67a6c6013ca 16605 ssl->options.haveSessionId = 1;
wolfSSL 13:f67a6c6013ca 16606 }
wolfSSL 13:f67a6c6013ca 16607
wolfSSL 13:f67a6c6013ca 16608
wolfSSL 13:f67a6c6013ca 16609 /* suite and compression */
wolfSSL 13:f67a6c6013ca 16610 if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 16611 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16612
wolfSSL 13:f67a6c6013ca 16613 cs0 = input[i++];
wolfSSL 13:f67a6c6013ca 16614 cs1 = input[i++];
wolfSSL 13:f67a6c6013ca 16615
wolfSSL 13:f67a6c6013ca 16616 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 13:f67a6c6013ca 16617 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL 13:f67a6c6013ca 16618 ssl->options.handShakeDone) {
wolfSSL 13:f67a6c6013ca 16619 if (ssl->options.cipherSuite0 != cs0 ||
wolfSSL 13:f67a6c6013ca 16620 ssl->options.cipherSuite != cs1) {
wolfSSL 13:f67a6c6013ca 16621 WOLFSSL_MSG("Server changed cipher suite during scr");
wolfSSL 13:f67a6c6013ca 16622 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 16623 }
wolfSSL 13:f67a6c6013ca 16624 }
wolfSSL 13:f67a6c6013ca 16625 #endif
wolfSSL 13:f67a6c6013ca 16626
wolfSSL 13:f67a6c6013ca 16627 ssl->options.cipherSuite0 = cs0;
wolfSSL 13:f67a6c6013ca 16628 ssl->options.cipherSuite = cs1;
wolfSSL 13:f67a6c6013ca 16629 compression = input[i++];
wolfSSL 13:f67a6c6013ca 16630
wolfSSL 13:f67a6c6013ca 16631 if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
wolfSSL 13:f67a6c6013ca 16632 WOLFSSL_MSG("Server forcing compression w/o support");
wolfSSL 13:f67a6c6013ca 16633 return COMPRESSION_ERROR;
wolfSSL 13:f67a6c6013ca 16634 }
wolfSSL 13:f67a6c6013ca 16635
wolfSSL 13:f67a6c6013ca 16636 if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL 13:f67a6c6013ca 16637 WOLFSSL_MSG("Server refused compression, turning off");
wolfSSL 13:f67a6c6013ca 16638 ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL 13:f67a6c6013ca 16639 }
wolfSSL 13:f67a6c6013ca 16640
wolfSSL 13:f67a6c6013ca 16641 *inOutIdx = i;
wolfSSL 13:f67a6c6013ca 16642
wolfSSL 13:f67a6c6013ca 16643 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 16644 if ( (i - begin) < helloSz) {
wolfSSL 13:f67a6c6013ca 16645 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 13:f67a6c6013ca 16646 word16 totalExtSz;
wolfSSL 13:f67a6c6013ca 16647
wolfSSL 13:f67a6c6013ca 16648 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 16649 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16650
wolfSSL 13:f67a6c6013ca 16651 ato16(&input[i], &totalExtSz);
wolfSSL 13:f67a6c6013ca 16652 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16653
wolfSSL 13:f67a6c6013ca 16654 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 13:f67a6c6013ca 16655 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16656
wolfSSL 13:f67a6c6013ca 16657 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL 13:f67a6c6013ca 16658 totalExtSz, 0, NULL)))
wolfSSL 13:f67a6c6013ca 16659 return ret;
wolfSSL 13:f67a6c6013ca 16660
wolfSSL 13:f67a6c6013ca 16661 i += totalExtSz;
wolfSSL 13:f67a6c6013ca 16662 *inOutIdx = i;
wolfSSL 13:f67a6c6013ca 16663 }
wolfSSL 13:f67a6c6013ca 16664 else
wolfSSL 13:f67a6c6013ca 16665 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 13:f67a6c6013ca 16666 }
wolfSSL 13:f67a6c6013ca 16667 else
wolfSSL 13:f67a6c6013ca 16668 ssl->options.haveEMS = 0; /* If no extensions, no EMS */
wolfSSL 13:f67a6c6013ca 16669 #else
wolfSSL 13:f67a6c6013ca 16670 {
wolfSSL 13:f67a6c6013ca 16671 int allowExt = 0;
wolfSSL 13:f67a6c6013ca 16672 byte pendingEMS = 0;
wolfSSL 13:f67a6c6013ca 16673
wolfSSL 13:f67a6c6013ca 16674 if ( (i - begin) < helloSz) {
wolfSSL 13:f67a6c6013ca 16675 if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL 13:f67a6c6013ca 16676 ssl->version.minor >= TLSv1_MINOR) {
wolfSSL 13:f67a6c6013ca 16677
wolfSSL 13:f67a6c6013ca 16678 allowExt = 1;
wolfSSL 13:f67a6c6013ca 16679 }
wolfSSL 13:f67a6c6013ca 16680 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16681 if (ssl->version.major == DTLS_MAJOR)
wolfSSL 13:f67a6c6013ca 16682 allowExt = 1;
wolfSSL 13:f67a6c6013ca 16683 #endif
wolfSSL 13:f67a6c6013ca 16684
wolfSSL 13:f67a6c6013ca 16685 if (allowExt) {
wolfSSL 13:f67a6c6013ca 16686 word16 totalExtSz;
wolfSSL 13:f67a6c6013ca 16687
wolfSSL 13:f67a6c6013ca 16688 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 16689 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16690
wolfSSL 13:f67a6c6013ca 16691 ato16(&input[i], &totalExtSz);
wolfSSL 13:f67a6c6013ca 16692 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16693
wolfSSL 13:f67a6c6013ca 16694 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 13:f67a6c6013ca 16695 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16696
wolfSSL 13:f67a6c6013ca 16697 while (totalExtSz) {
wolfSSL 13:f67a6c6013ca 16698 word16 extId, extSz;
wolfSSL 13:f67a6c6013ca 16699
wolfSSL 13:f67a6c6013ca 16700 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 13:f67a6c6013ca 16701 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16702
wolfSSL 13:f67a6c6013ca 16703 ato16(&input[i], &extId);
wolfSSL 13:f67a6c6013ca 16704 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16705 ato16(&input[i], &extSz);
wolfSSL 13:f67a6c6013ca 16706 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16707
wolfSSL 13:f67a6c6013ca 16708 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 13:f67a6c6013ca 16709 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16710
wolfSSL 13:f67a6c6013ca 16711 if (extId == HELLO_EXT_EXTMS)
wolfSSL 13:f67a6c6013ca 16712 pendingEMS = 1;
wolfSSL 13:f67a6c6013ca 16713 else
wolfSSL 13:f67a6c6013ca 16714 i += extSz;
wolfSSL 13:f67a6c6013ca 16715
wolfSSL 13:f67a6c6013ca 16716 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 13:f67a6c6013ca 16717 }
wolfSSL 13:f67a6c6013ca 16718
wolfSSL 13:f67a6c6013ca 16719 *inOutIdx = i;
wolfSSL 13:f67a6c6013ca 16720 }
wolfSSL 13:f67a6c6013ca 16721 else
wolfSSL 13:f67a6c6013ca 16722 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 13:f67a6c6013ca 16723 }
wolfSSL 13:f67a6c6013ca 16724
wolfSSL 13:f67a6c6013ca 16725 if (!pendingEMS && ssl->options.haveEMS)
wolfSSL 13:f67a6c6013ca 16726 ssl->options.haveEMS = 0;
wolfSSL 13:f67a6c6013ca 16727 }
wolfSSL 13:f67a6c6013ca 16728 #endif
wolfSSL 13:f67a6c6013ca 16729
wolfSSL 13:f67a6c6013ca 16730 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 13:f67a6c6013ca 16731
wolfSSL 13:f67a6c6013ca 16732 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 16733 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 16734 }
wolfSSL 13:f67a6c6013ca 16735
wolfSSL 13:f67a6c6013ca 16736 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 13:f67a6c6013ca 16737 if (ssl->sessionSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 16738 int secretSz = SECRET_LEN;
wolfSSL 13:f67a6c6013ca 16739 ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
wolfSSL 13:f67a6c6013ca 16740 &secretSz, ssl->sessionSecretCtx);
wolfSSL 13:f67a6c6013ca 16741 if (ret != 0 || secretSz != SECRET_LEN)
wolfSSL 13:f67a6c6013ca 16742 return SESSION_SECRET_CB_E;
wolfSSL 13:f67a6c6013ca 16743 }
wolfSSL 13:f67a6c6013ca 16744 #endif /* HAVE_SECRET_CALLBACK */
wolfSSL 13:f67a6c6013ca 16745
wolfSSL 13:f67a6c6013ca 16746 if (ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 16747 if (DSH_CheckSessionId(ssl)) {
wolfSSL 13:f67a6c6013ca 16748 if (SetCipherSpecs(ssl) == 0) {
wolfSSL 13:f67a6c6013ca 16749
wolfSSL 13:f67a6c6013ca 16750 XMEMCPY(ssl->arrays->masterSecret,
wolfSSL 13:f67a6c6013ca 16751 ssl->session.masterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 16752 #ifdef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 16753 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 16754 #else
wolfSSL 13:f67a6c6013ca 16755 ret = -1; /* default value */
wolfSSL 13:f67a6c6013ca 16756 #ifndef NO_TLS
wolfSSL 13:f67a6c6013ca 16757 if (ssl->options.tls)
wolfSSL 13:f67a6c6013ca 16758 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 16759 #endif
wolfSSL 13:f67a6c6013ca 16760 if (!ssl->options.tls)
wolfSSL 13:f67a6c6013ca 16761 ret = DeriveKeys(ssl);
wolfSSL 13:f67a6c6013ca 16762 #endif /* NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 16763 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 13:f67a6c6013ca 16764
wolfSSL 13:f67a6c6013ca 16765 return ret;
wolfSSL 13:f67a6c6013ca 16766 }
wolfSSL 13:f67a6c6013ca 16767 else {
wolfSSL 13:f67a6c6013ca 16768 WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL 13:f67a6c6013ca 16769 return UNSUPPORTED_SUITE;
wolfSSL 13:f67a6c6013ca 16770 }
wolfSSL 13:f67a6c6013ca 16771 }
wolfSSL 13:f67a6c6013ca 16772 else {
wolfSSL 13:f67a6c6013ca 16773 WOLFSSL_MSG("Server denied resumption attempt");
wolfSSL 13:f67a6c6013ca 16774 ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL 13:f67a6c6013ca 16775 }
wolfSSL 13:f67a6c6013ca 16776 }
wolfSSL 13:f67a6c6013ca 16777 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 16778 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 16779 DtlsMsgPoolReset(ssl);
wolfSSL 13:f67a6c6013ca 16780 }
wolfSSL 13:f67a6c6013ca 16781 #endif
wolfSSL 13:f67a6c6013ca 16782
wolfSSL 13:f67a6c6013ca 16783 return SetCipherSpecs(ssl);
wolfSSL 13:f67a6c6013ca 16784 }
wolfSSL 13:f67a6c6013ca 16785
wolfSSL 13:f67a6c6013ca 16786
wolfSSL 13:f67a6c6013ca 16787 /* Make sure client setup is valid for this suite, true on success */
wolfSSL 13:f67a6c6013ca 16788 int VerifyClientSuite(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 16789 {
wolfSSL 13:f67a6c6013ca 16790 int havePSK = 0;
wolfSSL 13:f67a6c6013ca 16791 byte first = ssl->options.cipherSuite0;
wolfSSL 13:f67a6c6013ca 16792 byte second = ssl->options.cipherSuite;
wolfSSL 13:f67a6c6013ca 16793
wolfSSL 13:f67a6c6013ca 16794 WOLFSSL_ENTER("VerifyClientSuite");
wolfSSL 13:f67a6c6013ca 16795
wolfSSL 13:f67a6c6013ca 16796 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 16797 havePSK = ssl->options.havePSK;
wolfSSL 13:f67a6c6013ca 16798 #endif
wolfSSL 13:f67a6c6013ca 16799
wolfSSL 13:f67a6c6013ca 16800 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 13:f67a6c6013ca 16801 WOLFSSL_MSG("Requires PSK");
wolfSSL 13:f67a6c6013ca 16802 if (havePSK == 0) {
wolfSSL 13:f67a6c6013ca 16803 WOLFSSL_MSG("Don't have PSK");
wolfSSL 13:f67a6c6013ca 16804 return 0;
wolfSSL 13:f67a6c6013ca 16805 }
wolfSSL 13:f67a6c6013ca 16806 }
wolfSSL 13:f67a6c6013ca 16807
wolfSSL 13:f67a6c6013ca 16808 return 1; /* success */
wolfSSL 13:f67a6c6013ca 16809 }
wolfSSL 13:f67a6c6013ca 16810
wolfSSL 13:f67a6c6013ca 16811
wolfSSL 13:f67a6c6013ca 16812 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 16813 /* just read in and ignore for now TODO: */
wolfSSL 13:f67a6c6013ca 16814 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
wolfSSL 13:f67a6c6013ca 16815 inOutIdx, word32 size)
wolfSSL 13:f67a6c6013ca 16816 {
wolfSSL 13:f67a6c6013ca 16817 word16 len;
wolfSSL 13:f67a6c6013ca 16818 word32 begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 16819
wolfSSL 13:f67a6c6013ca 16820 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 16821 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 16822 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 16823 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 16824 AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 16825 #endif
wolfSSL 13:f67a6c6013ca 16826
wolfSSL 13:f67a6c6013ca 16827 if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL 13:f67a6c6013ca 16828 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16829
wolfSSL 13:f67a6c6013ca 16830 len = input[(*inOutIdx)++];
wolfSSL 13:f67a6c6013ca 16831
wolfSSL 13:f67a6c6013ca 16832 if ((*inOutIdx - begin) + len > size)
wolfSSL 13:f67a6c6013ca 16833 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16834
wolfSSL 13:f67a6c6013ca 16835 /* types, read in here */
wolfSSL 13:f67a6c6013ca 16836 *inOutIdx += len;
wolfSSL 13:f67a6c6013ca 16837
wolfSSL 13:f67a6c6013ca 16838 /* signature and hash signature algorithm */
wolfSSL 13:f67a6c6013ca 16839 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 16840 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 13:f67a6c6013ca 16841 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16842
wolfSSL 13:f67a6c6013ca 16843 ato16(input + *inOutIdx, &len);
wolfSSL 13:f67a6c6013ca 16844 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16845
wolfSSL 13:f67a6c6013ca 16846 if ((*inOutIdx - begin) + len > size)
wolfSSL 13:f67a6c6013ca 16847 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16848
wolfSSL 13:f67a6c6013ca 16849 PickHashSigAlgo(ssl, input + *inOutIdx, len);
wolfSSL 13:f67a6c6013ca 16850 *inOutIdx += len;
wolfSSL 13:f67a6c6013ca 16851 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 16852 ssl->pssAlgo = 0;
wolfSSL 13:f67a6c6013ca 16853 if (ssl->suites->sigAlgo == rsa_pss_sa_algo)
wolfSSL 13:f67a6c6013ca 16854 ssl->pssAlgo |= 1 << ssl->suites->hashAlgo;
wolfSSL 13:f67a6c6013ca 16855 #endif
wolfSSL 13:f67a6c6013ca 16856 }
wolfSSL 13:f67a6c6013ca 16857
wolfSSL 13:f67a6c6013ca 16858 /* authorities */
wolfSSL 13:f67a6c6013ca 16859 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 13:f67a6c6013ca 16860 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16861
wolfSSL 13:f67a6c6013ca 16862 ato16(input + *inOutIdx, &len);
wolfSSL 13:f67a6c6013ca 16863 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16864
wolfSSL 13:f67a6c6013ca 16865 if ((*inOutIdx - begin) + len > size)
wolfSSL 13:f67a6c6013ca 16866 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16867
wolfSSL 13:f67a6c6013ca 16868 while (len) {
wolfSSL 13:f67a6c6013ca 16869 word16 dnSz;
wolfSSL 13:f67a6c6013ca 16870
wolfSSL 13:f67a6c6013ca 16871 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 13:f67a6c6013ca 16872 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16873
wolfSSL 13:f67a6c6013ca 16874 ato16(input + *inOutIdx, &dnSz);
wolfSSL 13:f67a6c6013ca 16875 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 16876
wolfSSL 13:f67a6c6013ca 16877 if ((*inOutIdx - begin) + dnSz > size)
wolfSSL 13:f67a6c6013ca 16878 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 16879
wolfSSL 13:f67a6c6013ca 16880 *inOutIdx += dnSz;
wolfSSL 13:f67a6c6013ca 16881 len -= OPAQUE16_LEN + dnSz;
wolfSSL 13:f67a6c6013ca 16882 }
wolfSSL 13:f67a6c6013ca 16883
wolfSSL 13:f67a6c6013ca 16884 /* don't send client cert or cert verify if user hasn't provided
wolfSSL 13:f67a6c6013ca 16885 cert and private key */
wolfSSL 13:f67a6c6013ca 16886 if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
wolfSSL 13:f67a6c6013ca 16887 ssl->buffers.key && ssl->buffers.key->buffer)
wolfSSL 13:f67a6c6013ca 16888 ssl->options.sendVerify = SEND_CERT;
wolfSSL 13:f67a6c6013ca 16889 else if (IsTLS(ssl))
wolfSSL 13:f67a6c6013ca 16890 ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL 13:f67a6c6013ca 16891
wolfSSL 13:f67a6c6013ca 16892 if (IsEncryptionOn(ssl, 0))
wolfSSL 13:f67a6c6013ca 16893 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 16894
wolfSSL 13:f67a6c6013ca 16895 return 0;
wolfSSL 13:f67a6c6013ca 16896 }
wolfSSL 13:f67a6c6013ca 16897 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 16898
wolfSSL 13:f67a6c6013ca 16899
wolfSSL 13:f67a6c6013ca 16900 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 16901
wolfSSL 13:f67a6c6013ca 16902 static int CheckCurveId(int tlsCurveId)
wolfSSL 13:f67a6c6013ca 16903 {
wolfSSL 13:f67a6c6013ca 16904 int ret = ECC_CURVE_ERROR;
wolfSSL 13:f67a6c6013ca 16905
wolfSSL 13:f67a6c6013ca 16906 switch (tlsCurveId) {
wolfSSL 13:f67a6c6013ca 16907 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16908 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16909 case WOLFSSL_ECC_SECP160R1: return ECC_SECP160R1_OID;
wolfSSL 13:f67a6c6013ca 16910 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16911 #ifdef HAVE_ECC_SECPR2
wolfSSL 13:f67a6c6013ca 16912 case WOLFSSL_ECC_SECP160R2: return ECC_SECP160R2_OID;
wolfSSL 13:f67a6c6013ca 16913 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 13:f67a6c6013ca 16914 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 16915 case WOLFSSL_ECC_SECP160K1: return ECC_SECP160K1_OID;
wolfSSL 13:f67a6c6013ca 16916 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 16917 #endif
wolfSSL 13:f67a6c6013ca 16918 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16919 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16920 case WOLFSSL_ECC_SECP192R1: return ECC_SECP192R1_OID;
wolfSSL 13:f67a6c6013ca 16921 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16922 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 16923 case WOLFSSL_ECC_SECP192K1: return ECC_SECP192K1_OID;
wolfSSL 13:f67a6c6013ca 16924 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 16925 #endif
wolfSSL 13:f67a6c6013ca 16926 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16927 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16928 case WOLFSSL_ECC_SECP224R1: return ECC_SECP224R1_OID;
wolfSSL 13:f67a6c6013ca 16929 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16930 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 16931 case WOLFSSL_ECC_SECP224K1: return ECC_SECP224K1_OID;
wolfSSL 13:f67a6c6013ca 16932 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 16933 #endif
wolfSSL 13:f67a6c6013ca 16934 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16935 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 16936 case WOLFSSL_ECC_X25519: return ECC_X25519_OID;
wolfSSL 13:f67a6c6013ca 16937 #endif
wolfSSL 13:f67a6c6013ca 16938 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16939 case WOLFSSL_ECC_SECP256R1: return ECC_SECP256R1_OID;
wolfSSL 13:f67a6c6013ca 16940 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16941 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 16942 case WOLFSSL_ECC_SECP256K1: return ECC_SECP256K1_OID;
wolfSSL 13:f67a6c6013ca 16943 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 16944 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 16945 case WOLFSSL_ECC_BRAINPOOLP256R1: return ECC_BRAINPOOLP256R1_OID;
wolfSSL 13:f67a6c6013ca 16946 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 16947 #endif
wolfSSL 13:f67a6c6013ca 16948 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16949 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16950 case WOLFSSL_ECC_SECP384R1: return ECC_SECP384R1_OID;
wolfSSL 13:f67a6c6013ca 16951 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16952 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 16953 case WOLFSSL_ECC_BRAINPOOLP384R1: return ECC_BRAINPOOLP384R1_OID;
wolfSSL 13:f67a6c6013ca 16954 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 16955 #endif
wolfSSL 13:f67a6c6013ca 16956 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16957 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 16958 case WOLFSSL_ECC_BRAINPOOLP512R1: return ECC_BRAINPOOLP512R1_OID;
wolfSSL 13:f67a6c6013ca 16959 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 16960 #endif
wolfSSL 13:f67a6c6013ca 16961 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 16962 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 16963 case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
wolfSSL 13:f67a6c6013ca 16964 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 16965 #endif
wolfSSL 13:f67a6c6013ca 16966 }
wolfSSL 13:f67a6c6013ca 16967
wolfSSL 13:f67a6c6013ca 16968 return ret;
wolfSSL 13:f67a6c6013ca 16969 }
wolfSSL 13:f67a6c6013ca 16970
wolfSSL 13:f67a6c6013ca 16971 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 16972
wolfSSL 13:f67a6c6013ca 16973
wolfSSL 13:f67a6c6013ca 16974 /* Persistable DoServerKeyExchange arguments */
wolfSSL 13:f67a6c6013ca 16975 typedef struct DskeArgs {
wolfSSL 13:f67a6c6013ca 16976 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 16977 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 16978 byte* verifySig;
wolfSSL 13:f67a6c6013ca 16979 #endif
wolfSSL 13:f67a6c6013ca 16980 word32 idx;
wolfSSL 13:f67a6c6013ca 16981 word32 begin;
wolfSSL 13:f67a6c6013ca 16982 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 16983 word16 verifySigSz;
wolfSSL 13:f67a6c6013ca 16984 #endif
wolfSSL 13:f67a6c6013ca 16985 word16 sigSz;
wolfSSL 13:f67a6c6013ca 16986 byte sigAlgo;
wolfSSL 13:f67a6c6013ca 16987 byte hashAlgo;
wolfSSL 13:f67a6c6013ca 16988 } DskeArgs;
wolfSSL 13:f67a6c6013ca 16989
wolfSSL 13:f67a6c6013ca 16990 static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 16991 {
wolfSSL 13:f67a6c6013ca 16992 DskeArgs* args = (DskeArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 16993
wolfSSL 13:f67a6c6013ca 16994 (void)ssl;
wolfSSL 13:f67a6c6013ca 16995 (void)args;
wolfSSL 13:f67a6c6013ca 16996
wolfSSL 13:f67a6c6013ca 16997 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 16998 if (args->verifySig) {
wolfSSL 13:f67a6c6013ca 16999 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 17000 args->verifySig = NULL;
wolfSSL 13:f67a6c6013ca 17001 }
wolfSSL 13:f67a6c6013ca 17002 #endif
wolfSSL 13:f67a6c6013ca 17003 }
wolfSSL 13:f67a6c6013ca 17004
wolfSSL 13:f67a6c6013ca 17005 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wolfSSL 13:f67a6c6013ca 17006 word32* inOutIdx, word32 size)
wolfSSL 13:f67a6c6013ca 17007 {
wolfSSL 13:f67a6c6013ca 17008 int ret = 0;
wolfSSL 13:f67a6c6013ca 17009 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 17010 DskeArgs* args = (DskeArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 17011 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 17012 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 17013 #else
wolfSSL 13:f67a6c6013ca 17014 DskeArgs args[1];
wolfSSL 13:f67a6c6013ca 17015 #endif
wolfSSL 13:f67a6c6013ca 17016
wolfSSL 13:f67a6c6013ca 17017 WOLFSSL_ENTER("DoServerKeyExchange");
wolfSSL 13:f67a6c6013ca 17018
wolfSSL 13:f67a6c6013ca 17019 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 17020 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 17021 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 17022 /* Check for error */
wolfSSL 13:f67a6c6013ca 17023 if (ret < 0)
wolfSSL 13:f67a6c6013ca 17024 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17025 }
wolfSSL 13:f67a6c6013ca 17026 else
wolfSSL 13:f67a6c6013ca 17027 #endif
wolfSSL 13:f67a6c6013ca 17028 {
wolfSSL 13:f67a6c6013ca 17029 /* Reset state */
wolfSSL 13:f67a6c6013ca 17030 ret = 0;
wolfSSL 13:f67a6c6013ca 17031 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 17032 XMEMSET(args, 0, sizeof(DskeArgs));
wolfSSL 13:f67a6c6013ca 17033 args->idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 17034 args->begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 17035 args->sigAlgo = ssl->specs.sig_algo;
wolfSSL 13:f67a6c6013ca 17036 args->hashAlgo = sha_mac;
wolfSSL 13:f67a6c6013ca 17037 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 17038 ssl->async.freeArgs = FreeDskeArgs;
wolfSSL 13:f67a6c6013ca 17039 #endif
wolfSSL 13:f67a6c6013ca 17040 }
wolfSSL 13:f67a6c6013ca 17041
wolfSSL 13:f67a6c6013ca 17042 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 17043 {
wolfSSL 13:f67a6c6013ca 17044 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 17045 {
wolfSSL 13:f67a6c6013ca 17046 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 17047 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 17048 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 17049 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 17050 AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 17051 #endif
wolfSSL 13:f67a6c6013ca 17052
wolfSSL 13:f67a6c6013ca 17053 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 17054 {
wolfSSL 13:f67a6c6013ca 17055 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 17056 case psk_kea:
wolfSSL 13:f67a6c6013ca 17057 {
wolfSSL 13:f67a6c6013ca 17058 int srvHintLen;
wolfSSL 13:f67a6c6013ca 17059 word16 length;
wolfSSL 13:f67a6c6013ca 17060
wolfSSL 13:f67a6c6013ca 17061 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17062 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17063 }
wolfSSL 13:f67a6c6013ca 17064
wolfSSL 13:f67a6c6013ca 17065 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17066 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17067
wolfSSL 13:f67a6c6013ca 17068 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17069 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17070 }
wolfSSL 13:f67a6c6013ca 17071
wolfSSL 13:f67a6c6013ca 17072 /* get PSK server hint from the wire */
wolfSSL 13:f67a6c6013ca 17073 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 13:f67a6c6013ca 17074 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 13:f67a6c6013ca 17075 srvHintLen);
wolfSSL 13:f67a6c6013ca 17076 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 17077 args->idx += length;
wolfSSL 13:f67a6c6013ca 17078 break;
wolfSSL 13:f67a6c6013ca 17079 }
wolfSSL 13:f67a6c6013ca 17080 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 17081 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 17082 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17083 {
wolfSSL 13:f67a6c6013ca 17084 word16 length;
wolfSSL 13:f67a6c6013ca 17085
wolfSSL 13:f67a6c6013ca 17086 /* p */
wolfSSL 13:f67a6c6013ca 17087 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17088 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17089 }
wolfSSL 13:f67a6c6013ca 17090
wolfSSL 13:f67a6c6013ca 17091 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17092 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17093
wolfSSL 13:f67a6c6013ca 17094 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17095 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17096 }
wolfSSL 13:f67a6c6013ca 17097
wolfSSL 13:f67a6c6013ca 17098 if (length < ssl->options.minDhKeySz) {
wolfSSL 13:f67a6c6013ca 17099 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 13:f67a6c6013ca 17100 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 13:f67a6c6013ca 17101 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17102 }
wolfSSL 13:f67a6c6013ca 17103
wolfSSL 13:f67a6c6013ca 17104 ssl->buffers.serverDH_P.buffer =
wolfSSL 13:f67a6c6013ca 17105 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17106 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 13:f67a6c6013ca 17107 ssl->buffers.serverDH_P.length = length;
wolfSSL 13:f67a6c6013ca 17108 }
wolfSSL 13:f67a6c6013ca 17109 else {
wolfSSL 13:f67a6c6013ca 17110 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17111 }
wolfSSL 13:f67a6c6013ca 17112
wolfSSL 13:f67a6c6013ca 17113 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17114 length);
wolfSSL 13:f67a6c6013ca 17115 args->idx += length;
wolfSSL 13:f67a6c6013ca 17116
wolfSSL 13:f67a6c6013ca 17117 ssl->options.dhKeySz = length;
wolfSSL 13:f67a6c6013ca 17118
wolfSSL 13:f67a6c6013ca 17119 /* g */
wolfSSL 13:f67a6c6013ca 17120 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17121 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17122 }
wolfSSL 13:f67a6c6013ca 17123
wolfSSL 13:f67a6c6013ca 17124 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17125 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17126
wolfSSL 13:f67a6c6013ca 17127 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17128 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17129 }
wolfSSL 13:f67a6c6013ca 17130
wolfSSL 13:f67a6c6013ca 17131 ssl->buffers.serverDH_G.buffer =
wolfSSL 13:f67a6c6013ca 17132 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17133 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 13:f67a6c6013ca 17134 ssl->buffers.serverDH_G.length = length;
wolfSSL 13:f67a6c6013ca 17135 }
wolfSSL 13:f67a6c6013ca 17136 else {
wolfSSL 13:f67a6c6013ca 17137 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17138 }
wolfSSL 13:f67a6c6013ca 17139
wolfSSL 13:f67a6c6013ca 17140 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17141 length);
wolfSSL 13:f67a6c6013ca 17142 args->idx += length;
wolfSSL 13:f67a6c6013ca 17143
wolfSSL 13:f67a6c6013ca 17144 /* pub */
wolfSSL 13:f67a6c6013ca 17145 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17146 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17147 }
wolfSSL 13:f67a6c6013ca 17148
wolfSSL 13:f67a6c6013ca 17149 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17150 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17151
wolfSSL 13:f67a6c6013ca 17152 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17153 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17154 }
wolfSSL 13:f67a6c6013ca 17155
wolfSSL 13:f67a6c6013ca 17156 ssl->buffers.serverDH_Pub.buffer =
wolfSSL 13:f67a6c6013ca 17157 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17158 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 13:f67a6c6013ca 17159 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 13:f67a6c6013ca 17160 }
wolfSSL 13:f67a6c6013ca 17161 else {
wolfSSL 13:f67a6c6013ca 17162 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17163 }
wolfSSL 13:f67a6c6013ca 17164
wolfSSL 13:f67a6c6013ca 17165 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17166 length);
wolfSSL 13:f67a6c6013ca 17167 args->idx += length;
wolfSSL 13:f67a6c6013ca 17168 break;
wolfSSL 13:f67a6c6013ca 17169 }
wolfSSL 13:f67a6c6013ca 17170 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 17171 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 17172 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17173 {
wolfSSL 13:f67a6c6013ca 17174 byte b;
wolfSSL 13:f67a6c6013ca 17175 int curveId, curveOid;
wolfSSL 13:f67a6c6013ca 17176 word16 length;
wolfSSL 13:f67a6c6013ca 17177
wolfSSL 13:f67a6c6013ca 17178 if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL 13:f67a6c6013ca 17179 OPAQUE8_LEN > size) {
wolfSSL 13:f67a6c6013ca 17180 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17181 }
wolfSSL 13:f67a6c6013ca 17182
wolfSSL 13:f67a6c6013ca 17183 b = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17184 if (b != named_curve) {
wolfSSL 13:f67a6c6013ca 17185 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17186 }
wolfSSL 13:f67a6c6013ca 17187
wolfSSL 13:f67a6c6013ca 17188 args->idx += 1; /* curve type, eat leading 0 */
wolfSSL 13:f67a6c6013ca 17189 b = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17190 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 13:f67a6c6013ca 17191 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17192 }
wolfSSL 13:f67a6c6013ca 17193 ssl->ecdhCurveOID = curveOid;
wolfSSL 13:f67a6c6013ca 17194
wolfSSL 13:f67a6c6013ca 17195 length = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17196 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17197 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17198 }
wolfSSL 13:f67a6c6013ca 17199
wolfSSL 13:f67a6c6013ca 17200 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 17201 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 17202 if (ssl->peerX25519Key == NULL) {
wolfSSL 13:f67a6c6013ca 17203 ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 17204 (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 17205 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17206 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17207 }
wolfSSL 13:f67a6c6013ca 17208 } else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 17209 ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 17210 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 17211 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 17212 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17213 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17214 }
wolfSSL 13:f67a6c6013ca 17215 }
wolfSSL 13:f67a6c6013ca 17216
wolfSSL 13:f67a6c6013ca 17217 if (wc_curve25519_import_public_ex(input + args->idx,
wolfSSL 13:f67a6c6013ca 17218 length, ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 17219 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 13:f67a6c6013ca 17220 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17221 }
wolfSSL 13:f67a6c6013ca 17222
wolfSSL 13:f67a6c6013ca 17223 args->idx += length;
wolfSSL 13:f67a6c6013ca 17224 ssl->peerX25519KeyPresent = 1;
wolfSSL 13:f67a6c6013ca 17225 break;
wolfSSL 13:f67a6c6013ca 17226 }
wolfSSL 13:f67a6c6013ca 17227 #endif
wolfSSL 13:f67a6c6013ca 17228 if (ssl->peerEccKey == NULL) {
wolfSSL 13:f67a6c6013ca 17229 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 17230 (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 17231 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17232 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17233 }
wolfSSL 13:f67a6c6013ca 17234 } else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 17235 ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 17236 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 17237 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17238 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17239 }
wolfSSL 13:f67a6c6013ca 17240 }
wolfSSL 13:f67a6c6013ca 17241
wolfSSL 13:f67a6c6013ca 17242 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 13:f67a6c6013ca 17243 if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL 13:f67a6c6013ca 17244 ssl->peerEccKey, curveId) != 0) {
wolfSSL 13:f67a6c6013ca 17245 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17246 }
wolfSSL 13:f67a6c6013ca 17247
wolfSSL 13:f67a6c6013ca 17248 args->idx += length;
wolfSSL 13:f67a6c6013ca 17249 ssl->peerEccKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 17250 break;
wolfSSL 13:f67a6c6013ca 17251 }
wolfSSL 13:f67a6c6013ca 17252 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17253 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 17254 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17255 {
wolfSSL 13:f67a6c6013ca 17256 int srvHintLen;
wolfSSL 13:f67a6c6013ca 17257 word16 length;
wolfSSL 13:f67a6c6013ca 17258
wolfSSL 13:f67a6c6013ca 17259 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17260 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17261 }
wolfSSL 13:f67a6c6013ca 17262
wolfSSL 13:f67a6c6013ca 17263 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17264 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17265
wolfSSL 13:f67a6c6013ca 17266 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17267 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17268 }
wolfSSL 13:f67a6c6013ca 17269
wolfSSL 13:f67a6c6013ca 17270 /* get PSK server hint from the wire */
wolfSSL 13:f67a6c6013ca 17271 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 13:f67a6c6013ca 17272 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 13:f67a6c6013ca 17273 srvHintLen);
wolfSSL 13:f67a6c6013ca 17274 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 17275 args->idx += length;
wolfSSL 13:f67a6c6013ca 17276
wolfSSL 13:f67a6c6013ca 17277 /* p */
wolfSSL 13:f67a6c6013ca 17278 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17279 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17280 }
wolfSSL 13:f67a6c6013ca 17281
wolfSSL 13:f67a6c6013ca 17282 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17283 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17284
wolfSSL 13:f67a6c6013ca 17285 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17286 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17287 }
wolfSSL 13:f67a6c6013ca 17288
wolfSSL 13:f67a6c6013ca 17289 if (length < ssl->options.minDhKeySz) {
wolfSSL 13:f67a6c6013ca 17290 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 13:f67a6c6013ca 17291 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 13:f67a6c6013ca 17292 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17293 }
wolfSSL 13:f67a6c6013ca 17294
wolfSSL 13:f67a6c6013ca 17295 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length,
wolfSSL 13:f67a6c6013ca 17296 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17297 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 13:f67a6c6013ca 17298 ssl->buffers.serverDH_P.length = length;
wolfSSL 13:f67a6c6013ca 17299 }
wolfSSL 13:f67a6c6013ca 17300 else {
wolfSSL 13:f67a6c6013ca 17301 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17302 }
wolfSSL 13:f67a6c6013ca 17303
wolfSSL 13:f67a6c6013ca 17304 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17305 length);
wolfSSL 13:f67a6c6013ca 17306 args->idx += length;
wolfSSL 13:f67a6c6013ca 17307
wolfSSL 13:f67a6c6013ca 17308 ssl->options.dhKeySz = length;
wolfSSL 13:f67a6c6013ca 17309
wolfSSL 13:f67a6c6013ca 17310 /* g */
wolfSSL 13:f67a6c6013ca 17311 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17312 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17313 }
wolfSSL 13:f67a6c6013ca 17314
wolfSSL 13:f67a6c6013ca 17315 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17316 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17317
wolfSSL 13:f67a6c6013ca 17318 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17319 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17320 }
wolfSSL 13:f67a6c6013ca 17321
wolfSSL 13:f67a6c6013ca 17322 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length,
wolfSSL 13:f67a6c6013ca 17323 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17324 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 13:f67a6c6013ca 17325 ssl->buffers.serverDH_G.length = length;
wolfSSL 13:f67a6c6013ca 17326 }
wolfSSL 13:f67a6c6013ca 17327 else {
wolfSSL 13:f67a6c6013ca 17328 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17329 }
wolfSSL 13:f67a6c6013ca 17330
wolfSSL 13:f67a6c6013ca 17331 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17332 length);
wolfSSL 13:f67a6c6013ca 17333 args->idx += length;
wolfSSL 13:f67a6c6013ca 17334
wolfSSL 13:f67a6c6013ca 17335 /* pub */
wolfSSL 13:f67a6c6013ca 17336 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17337 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17338 }
wolfSSL 13:f67a6c6013ca 17339
wolfSSL 13:f67a6c6013ca 17340 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17341 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17342
wolfSSL 13:f67a6c6013ca 17343 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17344 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17345 }
wolfSSL 13:f67a6c6013ca 17346
wolfSSL 13:f67a6c6013ca 17347 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length,
wolfSSL 13:f67a6c6013ca 17348 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 17349 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 13:f67a6c6013ca 17350 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 13:f67a6c6013ca 17351 }
wolfSSL 13:f67a6c6013ca 17352 else {
wolfSSL 13:f67a6c6013ca 17353 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17354 }
wolfSSL 13:f67a6c6013ca 17355
wolfSSL 13:f67a6c6013ca 17356 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
wolfSSL 13:f67a6c6013ca 17357 length);
wolfSSL 13:f67a6c6013ca 17358 args->idx += length;
wolfSSL 13:f67a6c6013ca 17359 break;
wolfSSL 13:f67a6c6013ca 17360 }
wolfSSL 13:f67a6c6013ca 17361 #endif /* !NO_DH || !NO_PSK */
wolfSSL 13:f67a6c6013ca 17362 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 17363 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17364 {
wolfSSL 13:f67a6c6013ca 17365 byte b;
wolfSSL 13:f67a6c6013ca 17366 int curveOid, curveId;
wolfSSL 13:f67a6c6013ca 17367 int srvHintLen;
wolfSSL 13:f67a6c6013ca 17368 word16 length;
wolfSSL 13:f67a6c6013ca 17369
wolfSSL 13:f67a6c6013ca 17370 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17371 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17372 }
wolfSSL 13:f67a6c6013ca 17373
wolfSSL 13:f67a6c6013ca 17374 ato16(input + args->idx, &length);
wolfSSL 13:f67a6c6013ca 17375 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17376
wolfSSL 13:f67a6c6013ca 17377 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17378 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17379 }
wolfSSL 13:f67a6c6013ca 17380
wolfSSL 13:f67a6c6013ca 17381 /* get PSK server hint from the wire */
wolfSSL 13:f67a6c6013ca 17382 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 13:f67a6c6013ca 17383 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 13:f67a6c6013ca 17384 srvHintLen);
wolfSSL 13:f67a6c6013ca 17385 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 17386
wolfSSL 13:f67a6c6013ca 17387 args->idx += length;
wolfSSL 13:f67a6c6013ca 17388
wolfSSL 13:f67a6c6013ca 17389 if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL 13:f67a6c6013ca 17390 OPAQUE8_LEN > size) {
wolfSSL 13:f67a6c6013ca 17391 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17392 }
wolfSSL 13:f67a6c6013ca 17393
wolfSSL 13:f67a6c6013ca 17394 /* Check curve name and ID */
wolfSSL 13:f67a6c6013ca 17395 b = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17396 if (b != named_curve) {
wolfSSL 13:f67a6c6013ca 17397 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17398 }
wolfSSL 13:f67a6c6013ca 17399
wolfSSL 13:f67a6c6013ca 17400 args->idx += 1; /* curve type, eat leading 0 */
wolfSSL 13:f67a6c6013ca 17401 b = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17402 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 13:f67a6c6013ca 17403 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17404 }
wolfSSL 13:f67a6c6013ca 17405
wolfSSL 13:f67a6c6013ca 17406 length = input[args->idx++];
wolfSSL 13:f67a6c6013ca 17407 if ((args->idx - args->begin) + length > size) {
wolfSSL 13:f67a6c6013ca 17408 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17409 }
wolfSSL 13:f67a6c6013ca 17410
wolfSSL 13:f67a6c6013ca 17411 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 17412 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 17413 if (ssl->peerX25519Key == NULL) {
wolfSSL 13:f67a6c6013ca 17414 ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 17415 (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 17416 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17417 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17418 }
wolfSSL 13:f67a6c6013ca 17419 } else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 17420 ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 17421 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 17422 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 17423 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17424 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17425 }
wolfSSL 13:f67a6c6013ca 17426 }
wolfSSL 13:f67a6c6013ca 17427
wolfSSL 13:f67a6c6013ca 17428 if (wc_curve25519_import_public_ex(input + args->idx,
wolfSSL 13:f67a6c6013ca 17429 length, ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 17430 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 13:f67a6c6013ca 17431 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17432 }
wolfSSL 13:f67a6c6013ca 17433
wolfSSL 13:f67a6c6013ca 17434 args->idx += length;
wolfSSL 13:f67a6c6013ca 17435 ssl->peerX25519KeyPresent = 1;
wolfSSL 13:f67a6c6013ca 17436 break;
wolfSSL 13:f67a6c6013ca 17437 }
wolfSSL 13:f67a6c6013ca 17438 #endif
wolfSSL 13:f67a6c6013ca 17439
wolfSSL 13:f67a6c6013ca 17440 if (ssl->peerEccKey == NULL) {
wolfSSL 13:f67a6c6013ca 17441 AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 17442 (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 17443 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17444 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17445 }
wolfSSL 13:f67a6c6013ca 17446 } else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 17447 ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 17448 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 17449 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17450 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17451 }
wolfSSL 13:f67a6c6013ca 17452 }
wolfSSL 13:f67a6c6013ca 17453
wolfSSL 13:f67a6c6013ca 17454 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 13:f67a6c6013ca 17455 if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL 13:f67a6c6013ca 17456 ssl->peerEccKey, curveId) != 0) {
wolfSSL 13:f67a6c6013ca 17457 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17458 }
wolfSSL 13:f67a6c6013ca 17459
wolfSSL 13:f67a6c6013ca 17460 args->idx += length;
wolfSSL 13:f67a6c6013ca 17461 ssl->peerEccKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 17462 break;
wolfSSL 13:f67a6c6013ca 17463 }
wolfSSL 13:f67a6c6013ca 17464 #endif /* HAVE_ECC || !NO_PSK */
wolfSSL 13:f67a6c6013ca 17465 default:
wolfSSL 13:f67a6c6013ca 17466 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 17467 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 17468
wolfSSL 13:f67a6c6013ca 17469 /* Check for error */
wolfSSL 13:f67a6c6013ca 17470 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17471 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17472 }
wolfSSL 13:f67a6c6013ca 17473
wolfSSL 13:f67a6c6013ca 17474 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 17475 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 17476 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 17477 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 17478
wolfSSL 13:f67a6c6013ca 17479 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 17480 {
wolfSSL 13:f67a6c6013ca 17481 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 17482 {
wolfSSL 13:f67a6c6013ca 17483 case psk_kea:
wolfSSL 13:f67a6c6013ca 17484 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17485 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17486 {
wolfSSL 13:f67a6c6013ca 17487 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 17488 break;
wolfSSL 13:f67a6c6013ca 17489 }
wolfSSL 13:f67a6c6013ca 17490
wolfSSL 13:f67a6c6013ca 17491 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17492 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17493 {
wolfSSL 13:f67a6c6013ca 17494 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 17495 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 13:f67a6c6013ca 17496 #else
wolfSSL 13:f67a6c6013ca 17497 enum wc_HashType hashType;
wolfSSL 13:f67a6c6013ca 17498 word16 verifySz;
wolfSSL 13:f67a6c6013ca 17499
wolfSSL 13:f67a6c6013ca 17500 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 17501 break;
wolfSSL 13:f67a6c6013ca 17502 }
wolfSSL 13:f67a6c6013ca 17503
wolfSSL 13:f67a6c6013ca 17504 verifySz = (word16)(args->idx - args->begin);
wolfSSL 13:f67a6c6013ca 17505 if (verifySz > MAX_DH_SZ) {
wolfSSL 13:f67a6c6013ca 17506 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17507 }
wolfSSL 13:f67a6c6013ca 17508
wolfSSL 13:f67a6c6013ca 17509 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 17510 if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN >
wolfSSL 13:f67a6c6013ca 17511 size) {
wolfSSL 13:f67a6c6013ca 17512 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17513 }
wolfSSL 13:f67a6c6013ca 17514
wolfSSL 13:f67a6c6013ca 17515 DecodeSigAlg(&input[args->idx], &args->hashAlgo,
wolfSSL 13:f67a6c6013ca 17516 &args->sigAlgo);
wolfSSL 13:f67a6c6013ca 17517 args->idx += 2;
wolfSSL 13:f67a6c6013ca 17518 hashType = HashAlgoToType(args->hashAlgo);
wolfSSL 13:f67a6c6013ca 17519 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 13:f67a6c6013ca 17520 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17521 }
wolfSSL 13:f67a6c6013ca 17522 } else {
wolfSSL 13:f67a6c6013ca 17523 /* only using sha and md5 for rsa */
wolfSSL 13:f67a6c6013ca 17524 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 17525 hashType = WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 17526 if (args->sigAlgo == rsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 17527 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 13:f67a6c6013ca 17528 }
wolfSSL 13:f67a6c6013ca 17529 #else
wolfSSL 13:f67a6c6013ca 17530 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17531 #endif
wolfSSL 13:f67a6c6013ca 17532 }
wolfSSL 13:f67a6c6013ca 17533
wolfSSL 13:f67a6c6013ca 17534 /* signature */
wolfSSL 13:f67a6c6013ca 17535 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 17536 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17537 }
wolfSSL 13:f67a6c6013ca 17538
wolfSSL 13:f67a6c6013ca 17539 ato16(input + args->idx, &args->verifySigSz);
wolfSSL 13:f67a6c6013ca 17540 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17541
wolfSSL 13:f67a6c6013ca 17542 if ((args->idx - args->begin) + args->verifySigSz > size) {
wolfSSL 13:f67a6c6013ca 17543 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17544 }
wolfSSL 13:f67a6c6013ca 17545
wolfSSL 13:f67a6c6013ca 17546 /* buffer for signature */
wolfSSL 13:f67a6c6013ca 17547 ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
wolfSSL 13:f67a6c6013ca 17548 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 17549 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 17550 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17551 }
wolfSSL 13:f67a6c6013ca 17552 ssl->buffers.sig.length = SEED_LEN + verifySz;
wolfSSL 13:f67a6c6013ca 17553
wolfSSL 13:f67a6c6013ca 17554 /* build message to hash */
wolfSSL 13:f67a6c6013ca 17555 XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 17556 ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 17557 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN],
wolfSSL 13:f67a6c6013ca 17558 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 17559 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2],
wolfSSL 13:f67a6c6013ca 17560 input + args->begin, verifySz); /* message */
wolfSSL 13:f67a6c6013ca 17561
wolfSSL 13:f67a6c6013ca 17562 if (args->sigAlgo != ed25519_sa_algo) {
wolfSSL 13:f67a6c6013ca 17563 /* buffer for hash */
wolfSSL 13:f67a6c6013ca 17564 ssl->buffers.digest.length =
wolfSSL 13:f67a6c6013ca 17565 wc_HashGetDigestSize(hashType);
wolfSSL 13:f67a6c6013ca 17566 ssl->buffers.digest.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 17567 ssl->buffers.digest.length, ssl->heap,
wolfSSL 13:f67a6c6013ca 17568 DYNAMIC_TYPE_DIGEST);
wolfSSL 13:f67a6c6013ca 17569 if (ssl->buffers.digest.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 17570 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17571 }
wolfSSL 13:f67a6c6013ca 17572
wolfSSL 13:f67a6c6013ca 17573 /* Perform hash */
wolfSSL 13:f67a6c6013ca 17574 ret = wc_Hash(hashType, ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 17575 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 17576 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 17577 ssl->buffers.digest.length);
wolfSSL 13:f67a6c6013ca 17578 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17579 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17580 }
wolfSSL 13:f67a6c6013ca 17581 }
wolfSSL 13:f67a6c6013ca 17582
wolfSSL 13:f67a6c6013ca 17583 switch (args->sigAlgo)
wolfSSL 13:f67a6c6013ca 17584 {
wolfSSL 13:f67a6c6013ca 17585 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 17586 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 17587 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 17588 #endif
wolfSSL 13:f67a6c6013ca 17589 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17590 {
wolfSSL 13:f67a6c6013ca 17591 if (ssl->peerRsaKey == NULL ||
wolfSSL 13:f67a6c6013ca 17592 !ssl->peerRsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 17593 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 13:f67a6c6013ca 17594 }
wolfSSL 13:f67a6c6013ca 17595 break;
wolfSSL 13:f67a6c6013ca 17596 }
wolfSSL 13:f67a6c6013ca 17597 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 17598 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 17599 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17600 {
wolfSSL 13:f67a6c6013ca 17601 if (!ssl->peerEccDsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 17602 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 13:f67a6c6013ca 17603 }
wolfSSL 13:f67a6c6013ca 17604 break;
wolfSSL 13:f67a6c6013ca 17605 }
wolfSSL 13:f67a6c6013ca 17606 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17607 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 17608 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 17609 {
wolfSSL 13:f67a6c6013ca 17610 if (!ssl->peerEd25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 17611 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 13:f67a6c6013ca 17612 }
wolfSSL 13:f67a6c6013ca 17613 break;
wolfSSL 13:f67a6c6013ca 17614 }
wolfSSL 13:f67a6c6013ca 17615 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17616
wolfSSL 13:f67a6c6013ca 17617 default:
wolfSSL 13:f67a6c6013ca 17618 ret = ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 17619 } /* switch (args->sigAlgo) */
wolfSSL 13:f67a6c6013ca 17620
wolfSSL 13:f67a6c6013ca 17621 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17622 break;
wolfSSL 13:f67a6c6013ca 17623 }
wolfSSL 13:f67a6c6013ca 17624 default:
wolfSSL 13:f67a6c6013ca 17625 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 17626 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 17627
wolfSSL 13:f67a6c6013ca 17628 /* Check for error */
wolfSSL 13:f67a6c6013ca 17629 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17630 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17631 }
wolfSSL 13:f67a6c6013ca 17632
wolfSSL 13:f67a6c6013ca 17633 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 17634 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 17635 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 17636 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 17637
wolfSSL 13:f67a6c6013ca 17638 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 17639 {
wolfSSL 13:f67a6c6013ca 17640 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 17641 {
wolfSSL 13:f67a6c6013ca 17642 case psk_kea:
wolfSSL 13:f67a6c6013ca 17643 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17644 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17645 {
wolfSSL 13:f67a6c6013ca 17646 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 17647 break;
wolfSSL 13:f67a6c6013ca 17648 }
wolfSSL 13:f67a6c6013ca 17649
wolfSSL 13:f67a6c6013ca 17650 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17651 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17652 {
wolfSSL 13:f67a6c6013ca 17653 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 17654 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 13:f67a6c6013ca 17655 #else
wolfSSL 13:f67a6c6013ca 17656 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 17657 break;
wolfSSL 13:f67a6c6013ca 17658 }
wolfSSL 13:f67a6c6013ca 17659
wolfSSL 13:f67a6c6013ca 17660 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 17661 args->verifySig = (byte*)XMALLOC(args->verifySigSz,
wolfSSL 13:f67a6c6013ca 17662 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 17663 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 17664 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17665 }
wolfSSL 13:f67a6c6013ca 17666 XMEMCPY(args->verifySig, input + args->idx,
wolfSSL 13:f67a6c6013ca 17667 args->verifySigSz);
wolfSSL 13:f67a6c6013ca 17668 }
wolfSSL 13:f67a6c6013ca 17669
wolfSSL 13:f67a6c6013ca 17670 switch (args->sigAlgo)
wolfSSL 13:f67a6c6013ca 17671 {
wolfSSL 13:f67a6c6013ca 17672 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 17673 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 17674 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 17675 #endif
wolfSSL 13:f67a6c6013ca 17676 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17677 {
wolfSSL 13:f67a6c6013ca 17678 ret = RsaVerify(ssl,
wolfSSL 13:f67a6c6013ca 17679 args->verifySig, args->verifySigSz,
wolfSSL 13:f67a6c6013ca 17680 &args->output,
wolfSSL 13:f67a6c6013ca 17681 args->sigAlgo, args->hashAlgo,
wolfSSL 13:f67a6c6013ca 17682 ssl->peerRsaKey,
wolfSSL 13:f67a6c6013ca 17683 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 17684 ssl->buffers.peerRsaKey.buffer,
wolfSSL 13:f67a6c6013ca 17685 ssl->buffers.peerRsaKey.length,
wolfSSL 13:f67a6c6013ca 17686 ssl->RsaVerifyCtx
wolfSSL 13:f67a6c6013ca 17687 #else
wolfSSL 13:f67a6c6013ca 17688 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 17689 #endif
wolfSSL 13:f67a6c6013ca 17690 );
wolfSSL 13:f67a6c6013ca 17691
wolfSSL 13:f67a6c6013ca 17692 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 17693 args->sigSz = (word16)ret;
wolfSSL 13:f67a6c6013ca 17694 ret = 0;
wolfSSL 13:f67a6c6013ca 17695 }
wolfSSL 13:f67a6c6013ca 17696 break;
wolfSSL 13:f67a6c6013ca 17697 }
wolfSSL 13:f67a6c6013ca 17698 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 17699 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 17700 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17701 {
wolfSSL 13:f67a6c6013ca 17702 ret = EccVerify(ssl,
wolfSSL 13:f67a6c6013ca 17703 args->verifySig, args->verifySigSz,
wolfSSL 13:f67a6c6013ca 17704 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 17705 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 17706 ssl->peerEccDsaKey,
wolfSSL 13:f67a6c6013ca 17707 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 17708 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 13:f67a6c6013ca 17709 ssl->buffers.peerEccDsaKey.length,
wolfSSL 13:f67a6c6013ca 17710 ssl->EccVerifyCtx
wolfSSL 13:f67a6c6013ca 17711 #else
wolfSSL 13:f67a6c6013ca 17712 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 17713 #endif
wolfSSL 13:f67a6c6013ca 17714 );
wolfSSL 13:f67a6c6013ca 17715
wolfSSL 13:f67a6c6013ca 17716 break;
wolfSSL 13:f67a6c6013ca 17717 }
wolfSSL 13:f67a6c6013ca 17718 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17719 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 17720 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 17721 {
wolfSSL 13:f67a6c6013ca 17722 ret = Ed25519Verify(ssl,
wolfSSL 13:f67a6c6013ca 17723 args->verifySig, args->verifySigSz,
wolfSSL 13:f67a6c6013ca 17724 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 17725 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 17726 ssl->peerEd25519Key,
wolfSSL 13:f67a6c6013ca 17727 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 17728 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 13:f67a6c6013ca 17729 ssl->buffers.peerEccDsaKey.length,
wolfSSL 13:f67a6c6013ca 17730 ssl->Ed25519VerifyCtx
wolfSSL 13:f67a6c6013ca 17731 #else
wolfSSL 13:f67a6c6013ca 17732 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 17733 #endif
wolfSSL 13:f67a6c6013ca 17734 );
wolfSSL 13:f67a6c6013ca 17735
wolfSSL 13:f67a6c6013ca 17736 break;
wolfSSL 13:f67a6c6013ca 17737 }
wolfSSL 13:f67a6c6013ca 17738 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17739
wolfSSL 13:f67a6c6013ca 17740 default:
wolfSSL 13:f67a6c6013ca 17741 ret = ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 17742 } /* switch (sigAlgo) */
wolfSSL 13:f67a6c6013ca 17743 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17744 break;
wolfSSL 13:f67a6c6013ca 17745 }
wolfSSL 13:f67a6c6013ca 17746 default:
wolfSSL 13:f67a6c6013ca 17747 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 17748 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 17749
wolfSSL 13:f67a6c6013ca 17750 /* Check for error */
wolfSSL 13:f67a6c6013ca 17751 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17752 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17753 }
wolfSSL 13:f67a6c6013ca 17754
wolfSSL 13:f67a6c6013ca 17755 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 17756 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 17757 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 17758 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 17759
wolfSSL 13:f67a6c6013ca 17760 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 17761 {
wolfSSL 13:f67a6c6013ca 17762 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 17763 {
wolfSSL 13:f67a6c6013ca 17764 case psk_kea:
wolfSSL 13:f67a6c6013ca 17765 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17766 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 17767 {
wolfSSL 13:f67a6c6013ca 17768 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 17769 break;
wolfSSL 13:f67a6c6013ca 17770 }
wolfSSL 13:f67a6c6013ca 17771
wolfSSL 13:f67a6c6013ca 17772 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17773 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 17774 {
wolfSSL 13:f67a6c6013ca 17775 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 17776 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 13:f67a6c6013ca 17777 #else
wolfSSL 13:f67a6c6013ca 17778 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 17779 break;
wolfSSL 13:f67a6c6013ca 17780 }
wolfSSL 13:f67a6c6013ca 17781
wolfSSL 13:f67a6c6013ca 17782 /* increment index after verify is done */
wolfSSL 13:f67a6c6013ca 17783 args->idx += args->verifySigSz;
wolfSSL 13:f67a6c6013ca 17784
wolfSSL 13:f67a6c6013ca 17785 switch(args->sigAlgo)
wolfSSL 13:f67a6c6013ca 17786 {
wolfSSL 13:f67a6c6013ca 17787 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 17788 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 17789 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 17790 ret = wc_RsaPSS_CheckPadding(
wolfSSL 13:f67a6c6013ca 17791 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 17792 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 17793 args->output, args->sigSz,
wolfSSL 13:f67a6c6013ca 17794 HashAlgoToType(args->hashAlgo));
wolfSSL 13:f67a6c6013ca 17795 if (ret != 0)
wolfSSL 13:f67a6c6013ca 17796 return ret;
wolfSSL 13:f67a6c6013ca 17797 break;
wolfSSL 13:f67a6c6013ca 17798 #endif
wolfSSL 13:f67a6c6013ca 17799 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17800 {
wolfSSL 13:f67a6c6013ca 17801 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 17802 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 17803 byte* encodedSig = NULL;
wolfSSL 13:f67a6c6013ca 17804 #else
wolfSSL 13:f67a6c6013ca 17805 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 13:f67a6c6013ca 17806 #endif
wolfSSL 13:f67a6c6013ca 17807 word32 encSigSz;
wolfSSL 13:f67a6c6013ca 17808
wolfSSL 13:f67a6c6013ca 17809 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 17810 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL 13:f67a6c6013ca 17811 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 17812 if (encodedSig == NULL) {
wolfSSL 13:f67a6c6013ca 17813 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 13:f67a6c6013ca 17814 }
wolfSSL 13:f67a6c6013ca 17815 #endif
wolfSSL 13:f67a6c6013ca 17816
wolfSSL 13:f67a6c6013ca 17817 encSigSz = wc_EncodeSignature(encodedSig,
wolfSSL 13:f67a6c6013ca 17818 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 17819 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 17820 TypeHash(args->hashAlgo));
wolfSSL 13:f67a6c6013ca 17821 if (encSigSz != args->sigSz || !args->output ||
wolfSSL 13:f67a6c6013ca 17822 XMEMCMP(args->output, encodedSig,
wolfSSL 13:f67a6c6013ca 17823 min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 13:f67a6c6013ca 17824 ret = VERIFY_SIGN_ERROR;
wolfSSL 13:f67a6c6013ca 17825 }
wolfSSL 13:f67a6c6013ca 17826 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 17827 XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 17828 #endif
wolfSSL 13:f67a6c6013ca 17829 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17830 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17831 }
wolfSSL 13:f67a6c6013ca 17832 }
wolfSSL 13:f67a6c6013ca 17833 else if (args->sigSz != FINISHED_SZ ||
wolfSSL 13:f67a6c6013ca 17834 !args->output ||
wolfSSL 13:f67a6c6013ca 17835 XMEMCMP(args->output,
wolfSSL 13:f67a6c6013ca 17836 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 17837 FINISHED_SZ) != 0) {
wolfSSL 13:f67a6c6013ca 17838 ERROR_OUT(VERIFY_SIGN_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17839 }
wolfSSL 13:f67a6c6013ca 17840 break;
wolfSSL 13:f67a6c6013ca 17841 }
wolfSSL 13:f67a6c6013ca 17842 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 17843 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 17844 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 17845 /* Nothing to do in this algo */
wolfSSL 13:f67a6c6013ca 17846 break;
wolfSSL 13:f67a6c6013ca 17847 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17848 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 17849 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 17850 /* Nothing to do in this algo */
wolfSSL 13:f67a6c6013ca 17851 break;
wolfSSL 13:f67a6c6013ca 17852 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17853 default:
wolfSSL 13:f67a6c6013ca 17854 ret = ALGO_ID_E;
wolfSSL 13:f67a6c6013ca 17855 } /* switch (sigAlgo) */
wolfSSL 13:f67a6c6013ca 17856 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 13:f67a6c6013ca 17857 break;
wolfSSL 13:f67a6c6013ca 17858 }
wolfSSL 13:f67a6c6013ca 17859 default:
wolfSSL 13:f67a6c6013ca 17860 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 17861 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 17862
wolfSSL 13:f67a6c6013ca 17863 /* Check for error */
wolfSSL 13:f67a6c6013ca 17864 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 17865 goto exit_dske;
wolfSSL 13:f67a6c6013ca 17866 }
wolfSSL 13:f67a6c6013ca 17867
wolfSSL 13:f67a6c6013ca 17868 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 17869 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 17870 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 17871 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 17872
wolfSSL 13:f67a6c6013ca 17873 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 17874 {
wolfSSL 13:f67a6c6013ca 17875 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 17876 args->idx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 17877 }
wolfSSL 13:f67a6c6013ca 17878
wolfSSL 13:f67a6c6013ca 17879 /* QSH extensions */
wolfSSL 13:f67a6c6013ca 17880 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 17881 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 17882 word16 name;
wolfSSL 13:f67a6c6013ca 17883 int qshSz;
wolfSSL 13:f67a6c6013ca 17884
wolfSSL 13:f67a6c6013ca 17885 /* extension name */
wolfSSL 13:f67a6c6013ca 17886 ato16(input + args->idx, &name);
wolfSSL 13:f67a6c6013ca 17887 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 17888
wolfSSL 13:f67a6c6013ca 17889 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 13:f67a6c6013ca 17890 /* if qshSz is larger than 0 it is the length of
wolfSSL 13:f67a6c6013ca 17891 buffer used */
wolfSSL 13:f67a6c6013ca 17892 if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + args->idx,
wolfSSL 13:f67a6c6013ca 17893 size, 0)) < 0) {
wolfSSL 13:f67a6c6013ca 17894 ERROR_OUT(qshSz, exit_dske);
wolfSSL 13:f67a6c6013ca 17895 }
wolfSSL 13:f67a6c6013ca 17896 args->idx += qshSz;
wolfSSL 13:f67a6c6013ca 17897 }
wolfSSL 13:f67a6c6013ca 17898 else {
wolfSSL 13:f67a6c6013ca 17899 /* unknown extension sent server ignored handshake */
wolfSSL 13:f67a6c6013ca 17900 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 13:f67a6c6013ca 17901 }
wolfSSL 13:f67a6c6013ca 17902 }
wolfSSL 13:f67a6c6013ca 17903 #endif
wolfSSL 13:f67a6c6013ca 17904
wolfSSL 13:f67a6c6013ca 17905 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 17906 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 17907 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 17908 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 17909
wolfSSL 13:f67a6c6013ca 17910 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 17911 {
wolfSSL 13:f67a6c6013ca 17912 /* return index */
wolfSSL 13:f67a6c6013ca 17913 *inOutIdx = args->idx;
wolfSSL 13:f67a6c6013ca 17914
wolfSSL 13:f67a6c6013ca 17915 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 17916 break;
wolfSSL 13:f67a6c6013ca 17917 }
wolfSSL 13:f67a6c6013ca 17918 default:
wolfSSL 13:f67a6c6013ca 17919 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 17920 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 17921
wolfSSL 13:f67a6c6013ca 17922 exit_dske:
wolfSSL 13:f67a6c6013ca 17923
wolfSSL 13:f67a6c6013ca 17924 WOLFSSL_LEAVE("DoServerKeyExchange", ret);
wolfSSL 13:f67a6c6013ca 17925
wolfSSL 13:f67a6c6013ca 17926 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 17927 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 17928 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 17929 /* Mark message as not recevied so it can process again */
wolfSSL 13:f67a6c6013ca 17930 ssl->msgsReceived.got_server_key_exchange = 0;
wolfSSL 13:f67a6c6013ca 17931
wolfSSL 13:f67a6c6013ca 17932 return ret;
wolfSSL 13:f67a6c6013ca 17933 }
wolfSSL 13:f67a6c6013ca 17934 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 17935
wolfSSL 13:f67a6c6013ca 17936 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 17937 FreeDskeArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 17938 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 17939
wolfSSL 13:f67a6c6013ca 17940 return ret;
wolfSSL 13:f67a6c6013ca 17941 }
wolfSSL 13:f67a6c6013ca 17942
wolfSSL 13:f67a6c6013ca 17943
wolfSSL 13:f67a6c6013ca 17944 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 17945
wolfSSL 13:f67a6c6013ca 17946 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 17947 /* Encrypt a byte array using ntru
wolfSSL 13:f67a6c6013ca 17948 key a struct containing the public key to use
wolfSSL 13:f67a6c6013ca 17949 bufIn array to be encrypted
wolfSSL 13:f67a6c6013ca 17950 inSz size of bufIn array
wolfSSL 13:f67a6c6013ca 17951 bufOut cipher text out
wolfSSL 13:f67a6c6013ca 17952 outSz will be set to the new size of cipher text
wolfSSL 13:f67a6c6013ca 17953 */
wolfSSL 13:f67a6c6013ca 17954 static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 13:f67a6c6013ca 17955 byte* bufOut, word16* outSz)
wolfSSL 13:f67a6c6013ca 17956 {
wolfSSL 13:f67a6c6013ca 17957 int ret;
wolfSSL 13:f67a6c6013ca 17958 DRBG_HANDLE drbg;
wolfSSL 13:f67a6c6013ca 17959
wolfSSL 13:f67a6c6013ca 17960 /* sanity checks on input arguments */
wolfSSL 13:f67a6c6013ca 17961 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 13:f67a6c6013ca 17962 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 17963
wolfSSL 13:f67a6c6013ca 17964 if (key->pub.buffer == NULL)
wolfSSL 13:f67a6c6013ca 17965 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 17966
wolfSSL 13:f67a6c6013ca 17967 switch (key->name) {
wolfSSL 13:f67a6c6013ca 17968 case WOLFSSL_NTRU_EESS439:
wolfSSL 13:f67a6c6013ca 17969 case WOLFSSL_NTRU_EESS593:
wolfSSL 13:f67a6c6013ca 17970 case WOLFSSL_NTRU_EESS743:
wolfSSL 13:f67a6c6013ca 17971 break;
wolfSSL 13:f67a6c6013ca 17972 default:
wolfSSL 13:f67a6c6013ca 17973 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 13:f67a6c6013ca 17974 return -1;
wolfSSL 13:f67a6c6013ca 17975 }
wolfSSL 13:f67a6c6013ca 17976
wolfSSL 13:f67a6c6013ca 17977 /* set up ntru drbg */
wolfSSL 13:f67a6c6013ca 17978 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 13:f67a6c6013ca 17979 if (ret != DRBG_OK)
wolfSSL 13:f67a6c6013ca 17980 return NTRU_DRBG_ERROR;
wolfSSL 13:f67a6c6013ca 17981
wolfSSL 13:f67a6c6013ca 17982 /* encrypt the byte array */
wolfSSL 13:f67a6c6013ca 17983 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
wolfSSL 13:f67a6c6013ca 17984 inSz, bufIn, outSz, bufOut);
wolfSSL 13:f67a6c6013ca 17985 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 13:f67a6c6013ca 17986 if (ret != NTRU_OK)
wolfSSL 13:f67a6c6013ca 17987 return NTRU_ENCRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 17988
wolfSSL 13:f67a6c6013ca 17989 return ret;
wolfSSL 13:f67a6c6013ca 17990 }
wolfSSL 13:f67a6c6013ca 17991
wolfSSL 13:f67a6c6013ca 17992 /* Decrypt a byte array using ntru
wolfSSL 13:f67a6c6013ca 17993 key a struct containing the private key to use
wolfSSL 13:f67a6c6013ca 17994 bufIn array to be decrypted
wolfSSL 13:f67a6c6013ca 17995 inSz size of bufIn array
wolfSSL 13:f67a6c6013ca 17996 bufOut plain text out
wolfSSL 13:f67a6c6013ca 17997 outSz will be set to the new size of plain text
wolfSSL 13:f67a6c6013ca 17998 */
wolfSSL 13:f67a6c6013ca 17999
wolfSSL 13:f67a6c6013ca 18000 static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 13:f67a6c6013ca 18001 byte* bufOut, word16* outSz)
wolfSSL 13:f67a6c6013ca 18002 {
wolfSSL 13:f67a6c6013ca 18003 int ret;
wolfSSL 13:f67a6c6013ca 18004 DRBG_HANDLE drbg;
wolfSSL 13:f67a6c6013ca 18005
wolfSSL 13:f67a6c6013ca 18006 /* sanity checks on input arguments */
wolfSSL 13:f67a6c6013ca 18007 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 13:f67a6c6013ca 18008 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 18009
wolfSSL 13:f67a6c6013ca 18010 if (key->pri.buffer == NULL)
wolfSSL 13:f67a6c6013ca 18011 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 18012
wolfSSL 13:f67a6c6013ca 18013 switch (key->name) {
wolfSSL 13:f67a6c6013ca 18014 case WOLFSSL_NTRU_EESS439:
wolfSSL 13:f67a6c6013ca 18015 case WOLFSSL_NTRU_EESS593:
wolfSSL 13:f67a6c6013ca 18016 case WOLFSSL_NTRU_EESS743:
wolfSSL 13:f67a6c6013ca 18017 break;
wolfSSL 13:f67a6c6013ca 18018 default:
wolfSSL 13:f67a6c6013ca 18019 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 13:f67a6c6013ca 18020 return -1;
wolfSSL 13:f67a6c6013ca 18021 }
wolfSSL 13:f67a6c6013ca 18022
wolfSSL 13:f67a6c6013ca 18023
wolfSSL 13:f67a6c6013ca 18024 /* set up drbg */
wolfSSL 13:f67a6c6013ca 18025 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 13:f67a6c6013ca 18026 if (ret != DRBG_OK)
wolfSSL 13:f67a6c6013ca 18027 return NTRU_DRBG_ERROR;
wolfSSL 13:f67a6c6013ca 18028
wolfSSL 13:f67a6c6013ca 18029 /* decrypt cipher text */
wolfSSL 13:f67a6c6013ca 18030 ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
wolfSSL 13:f67a6c6013ca 18031 inSz, bufIn, outSz, bufOut);
wolfSSL 13:f67a6c6013ca 18032 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 13:f67a6c6013ca 18033 if (ret != NTRU_OK)
wolfSSL 13:f67a6c6013ca 18034 return NTRU_ENCRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 18035
wolfSSL 13:f67a6c6013ca 18036 return ret;
wolfSSL 13:f67a6c6013ca 18037 }
wolfSSL 13:f67a6c6013ca 18038 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 18039
wolfSSL 13:f67a6c6013ca 18040 int QSH_Init(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 18041 {
wolfSSL 13:f67a6c6013ca 18042 /* check so not initialising twice when running DTLS */
wolfSSL 13:f67a6c6013ca 18043 if (ssl->QSH_secret != NULL)
wolfSSL 13:f67a6c6013ca 18044 return 0;
wolfSSL 13:f67a6c6013ca 18045
wolfSSL 13:f67a6c6013ca 18046 /* malloc memory for holding generated secret information */
wolfSSL 13:f67a6c6013ca 18047 if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
wolfSSL 13:f67a6c6013ca 18048 DYNAMIC_TYPE_QSH)) == NULL)
wolfSSL 13:f67a6c6013ca 18049 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 18050
wolfSSL 13:f67a6c6013ca 18051 ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 13:f67a6c6013ca 18052 DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 18053 if (ssl->QSH_secret->CliSi == NULL)
wolfSSL 13:f67a6c6013ca 18054 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 18055
wolfSSL 13:f67a6c6013ca 18056 ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 13:f67a6c6013ca 18057 DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 18058 if (ssl->QSH_secret->SerSi == NULL)
wolfSSL 13:f67a6c6013ca 18059 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 18060
wolfSSL 13:f67a6c6013ca 18061 /* initialize variables */
wolfSSL 13:f67a6c6013ca 18062 ssl->QSH_secret->list = NULL;
wolfSSL 13:f67a6c6013ca 18063 ssl->QSH_secret->CliSi->length = 0;
wolfSSL 13:f67a6c6013ca 18064 ssl->QSH_secret->CliSi->buffer = NULL;
wolfSSL 13:f67a6c6013ca 18065 ssl->QSH_secret->SerSi->length = 0;
wolfSSL 13:f67a6c6013ca 18066 ssl->QSH_secret->SerSi->buffer = NULL;
wolfSSL 13:f67a6c6013ca 18067
wolfSSL 13:f67a6c6013ca 18068 return 0;
wolfSSL 13:f67a6c6013ca 18069 }
wolfSSL 13:f67a6c6013ca 18070
wolfSSL 13:f67a6c6013ca 18071
wolfSSL 13:f67a6c6013ca 18072 static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL 13:f67a6c6013ca 18073 byte* out, word32* szOut)
wolfSSL 13:f67a6c6013ca 18074 {
wolfSSL 13:f67a6c6013ca 18075 int ret = 0;
wolfSSL 13:f67a6c6013ca 18076 word16 size = *szOut;
wolfSSL 13:f67a6c6013ca 18077
wolfSSL 13:f67a6c6013ca 18078 (void)in;
wolfSSL 13:f67a6c6013ca 18079 (void)szIn;
wolfSSL 13:f67a6c6013ca 18080 (void)out;
wolfSSL 13:f67a6c6013ca 18081 (void)szOut;
wolfSSL 13:f67a6c6013ca 18082
wolfSSL 13:f67a6c6013ca 18083 WOLFSSL_MSG("Encrypting QSH key material");
wolfSSL 13:f67a6c6013ca 18084
wolfSSL 13:f67a6c6013ca 18085 switch (key->name) {
wolfSSL 13:f67a6c6013ca 18086 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18087 case WOLFSSL_NTRU_EESS439:
wolfSSL 13:f67a6c6013ca 18088 case WOLFSSL_NTRU_EESS593:
wolfSSL 13:f67a6c6013ca 18089 case WOLFSSL_NTRU_EESS743:
wolfSSL 13:f67a6c6013ca 18090 ret = NtruSecretEncrypt(key, in, szIn, out, &size);
wolfSSL 13:f67a6c6013ca 18091 break;
wolfSSL 13:f67a6c6013ca 18092 #endif
wolfSSL 13:f67a6c6013ca 18093 default:
wolfSSL 13:f67a6c6013ca 18094 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 13:f67a6c6013ca 18095 return -1;
wolfSSL 13:f67a6c6013ca 18096 }
wolfSSL 13:f67a6c6013ca 18097
wolfSSL 13:f67a6c6013ca 18098 *szOut = size;
wolfSSL 13:f67a6c6013ca 18099
wolfSSL 13:f67a6c6013ca 18100 return ret;
wolfSSL 13:f67a6c6013ca 18101 }
wolfSSL 13:f67a6c6013ca 18102
wolfSSL 13:f67a6c6013ca 18103
wolfSSL 13:f67a6c6013ca 18104 /* Decrypt using Quantum Safe Handshake algorithms */
wolfSSL 13:f67a6c6013ca 18105 int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, byte* out, word16* szOut)
wolfSSL 13:f67a6c6013ca 18106 {
wolfSSL 13:f67a6c6013ca 18107 int ret = 0;
wolfSSL 13:f67a6c6013ca 18108 word16 size = *szOut;
wolfSSL 13:f67a6c6013ca 18109
wolfSSL 13:f67a6c6013ca 18110 (void)in;
wolfSSL 13:f67a6c6013ca 18111 (void)szIn;
wolfSSL 13:f67a6c6013ca 18112 (void)out;
wolfSSL 13:f67a6c6013ca 18113 (void)szOut;
wolfSSL 13:f67a6c6013ca 18114
wolfSSL 13:f67a6c6013ca 18115 WOLFSSL_MSG("Decrypting QSH key material");
wolfSSL 13:f67a6c6013ca 18116
wolfSSL 13:f67a6c6013ca 18117 switch (key->name) {
wolfSSL 13:f67a6c6013ca 18118 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18119 case WOLFSSL_NTRU_EESS439:
wolfSSL 13:f67a6c6013ca 18120 case WOLFSSL_NTRU_EESS593:
wolfSSL 13:f67a6c6013ca 18121 case WOLFSSL_NTRU_EESS743:
wolfSSL 13:f67a6c6013ca 18122 ret = NtruSecretDecrypt(key, in, szIn, out, &size);
wolfSSL 13:f67a6c6013ca 18123 break;
wolfSSL 13:f67a6c6013ca 18124 #endif
wolfSSL 13:f67a6c6013ca 18125 default:
wolfSSL 13:f67a6c6013ca 18126 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 13:f67a6c6013ca 18127 return -1;
wolfSSL 13:f67a6c6013ca 18128 }
wolfSSL 13:f67a6c6013ca 18129
wolfSSL 13:f67a6c6013ca 18130 *szOut = size;
wolfSSL 13:f67a6c6013ca 18131
wolfSSL 13:f67a6c6013ca 18132 return ret;
wolfSSL 13:f67a6c6013ca 18133 }
wolfSSL 13:f67a6c6013ca 18134
wolfSSL 13:f67a6c6013ca 18135
wolfSSL 13:f67a6c6013ca 18136 /* Get the max cipher text for corresponding encryption scheme
wolfSSL 13:f67a6c6013ca 18137 (encrypting 48 or max plain text whichever is smaller)
wolfSSL 13:f67a6c6013ca 18138 */
wolfSSL 13:f67a6c6013ca 18139 static word32 QSH_MaxSecret(QSHKey* key)
wolfSSL 13:f67a6c6013ca 18140 {
wolfSSL 13:f67a6c6013ca 18141 int ret = 0;
wolfSSL 13:f67a6c6013ca 18142 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18143 byte isNtru = 0;
wolfSSL 13:f67a6c6013ca 18144 word16 inSz = 48;
wolfSSL 13:f67a6c6013ca 18145 word16 outSz;
wolfSSL 13:f67a6c6013ca 18146 DRBG_HANDLE drbg = 0;
wolfSSL 13:f67a6c6013ca 18147 byte bufIn[48];
wolfSSL 13:f67a6c6013ca 18148 #endif
wolfSSL 13:f67a6c6013ca 18149
wolfSSL 13:f67a6c6013ca 18150 if (key == NULL || key->pub.length == 0)
wolfSSL 13:f67a6c6013ca 18151 return 0;
wolfSSL 13:f67a6c6013ca 18152
wolfSSL 13:f67a6c6013ca 18153 switch(key->name) {
wolfSSL 13:f67a6c6013ca 18154 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18155 case WOLFSSL_NTRU_EESS439:
wolfSSL 13:f67a6c6013ca 18156 isNtru = 1;
wolfSSL 13:f67a6c6013ca 18157 break;
wolfSSL 13:f67a6c6013ca 18158 case WOLFSSL_NTRU_EESS593:
wolfSSL 13:f67a6c6013ca 18159 isNtru = 1;
wolfSSL 13:f67a6c6013ca 18160 break;
wolfSSL 13:f67a6c6013ca 18161 case WOLFSSL_NTRU_EESS743:
wolfSSL 13:f67a6c6013ca 18162 isNtru = 1;
wolfSSL 13:f67a6c6013ca 18163 break;
wolfSSL 13:f67a6c6013ca 18164 #endif
wolfSSL 13:f67a6c6013ca 18165 default:
wolfSSL 13:f67a6c6013ca 18166 WOLFSSL_MSG("Unknown QSH encryption scheme size!");
wolfSSL 13:f67a6c6013ca 18167 return 0;
wolfSSL 13:f67a6c6013ca 18168 }
wolfSSL 13:f67a6c6013ca 18169
wolfSSL 13:f67a6c6013ca 18170 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18171 if (isNtru) {
wolfSSL 13:f67a6c6013ca 18172 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 13:f67a6c6013ca 18173 if (ret != DRBG_OK)
wolfSSL 13:f67a6c6013ca 18174 return NTRU_DRBG_ERROR;
wolfSSL 13:f67a6c6013ca 18175 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
wolfSSL 13:f67a6c6013ca 18176 key->pub.buffer, inSz, bufIn, &outSz, NULL);
wolfSSL 13:f67a6c6013ca 18177 if (ret != NTRU_OK) {
wolfSSL 13:f67a6c6013ca 18178 return NTRU_ENCRYPT_ERROR;
wolfSSL 13:f67a6c6013ca 18179 }
wolfSSL 13:f67a6c6013ca 18180 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 13:f67a6c6013ca 18181 ret = outSz;
wolfSSL 13:f67a6c6013ca 18182 }
wolfSSL 13:f67a6c6013ca 18183 #endif
wolfSSL 13:f67a6c6013ca 18184
wolfSSL 13:f67a6c6013ca 18185 return ret;
wolfSSL 13:f67a6c6013ca 18186 }
wolfSSL 13:f67a6c6013ca 18187
wolfSSL 13:f67a6c6013ca 18188 /* Generate the secret byte material for pms
wolfSSL 13:f67a6c6013ca 18189 returns length on success and -1 on fail
wolfSSL 13:f67a6c6013ca 18190 */
wolfSSL 13:f67a6c6013ca 18191 static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
wolfSSL 13:f67a6c6013ca 18192 {
wolfSSL 13:f67a6c6013ca 18193 int sz = 0;
wolfSSL 13:f67a6c6013ca 18194 int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
wolfSSL 13:f67a6c6013ca 18195 int offset = 0;
wolfSSL 13:f67a6c6013ca 18196 word32 tmpSz = 0;
wolfSSL 13:f67a6c6013ca 18197 buffer* buf;
wolfSSL 13:f67a6c6013ca 18198 QSHKey* current = ssl->peerQSHKey;
wolfSSL 13:f67a6c6013ca 18199 QSHScheme* schmPre = NULL;
wolfSSL 13:f67a6c6013ca 18200 QSHScheme* schm = NULL;
wolfSSL 13:f67a6c6013ca 18201
wolfSSL 13:f67a6c6013ca 18202 if (ssl == NULL)
wolfSSL 13:f67a6c6013ca 18203 return -1;
wolfSSL 13:f67a6c6013ca 18204
wolfSSL 13:f67a6c6013ca 18205 WOLFSSL_MSG("Generating QSH secret key material");
wolfSSL 13:f67a6c6013ca 18206
wolfSSL 13:f67a6c6013ca 18207 /* get size of buffer needed */
wolfSSL 13:f67a6c6013ca 18208 while (current) {
wolfSSL 13:f67a6c6013ca 18209 if (current->pub.length != 0) {
wolfSSL 13:f67a6c6013ca 18210 sz += plainSz;
wolfSSL 13:f67a6c6013ca 18211 }
wolfSSL 13:f67a6c6013ca 18212 current = (QSHKey*)current->next;
wolfSSL 13:f67a6c6013ca 18213 }
wolfSSL 13:f67a6c6013ca 18214
wolfSSL 13:f67a6c6013ca 18215 /* allocate memory for buffer */
wolfSSL 13:f67a6c6013ca 18216 if (isServer) {
wolfSSL 13:f67a6c6013ca 18217 buf = ssl->QSH_secret->SerSi;
wolfSSL 13:f67a6c6013ca 18218 }
wolfSSL 13:f67a6c6013ca 18219 else {
wolfSSL 13:f67a6c6013ca 18220 buf = ssl->QSH_secret->CliSi;
wolfSSL 13:f67a6c6013ca 18221 }
wolfSSL 13:f67a6c6013ca 18222 buf->length = sz;
wolfSSL 13:f67a6c6013ca 18223 buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 18224 if (buf->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 18225 WOLFSSL_ERROR(MEMORY_E);
wolfSSL 13:f67a6c6013ca 18226 }
wolfSSL 13:f67a6c6013ca 18227
wolfSSL 13:f67a6c6013ca 18228 /* create secret information */
wolfSSL 13:f67a6c6013ca 18229 sz = 0;
wolfSSL 13:f67a6c6013ca 18230 current = ssl->peerQSHKey;
wolfSSL 13:f67a6c6013ca 18231 while (current) {
wolfSSL 13:f67a6c6013ca 18232 schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
wolfSSL 13:f67a6c6013ca 18233 DYNAMIC_TYPE_QSH);
wolfSSL 13:f67a6c6013ca 18234 if (schm == NULL)
wolfSSL 13:f67a6c6013ca 18235 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 18236
wolfSSL 13:f67a6c6013ca 18237 /* initialize variables */
wolfSSL 13:f67a6c6013ca 18238 schm->name = 0;
wolfSSL 13:f67a6c6013ca 18239 schm->PK = NULL;
wolfSSL 13:f67a6c6013ca 18240 schm->PKLen = 0;
wolfSSL 13:f67a6c6013ca 18241 schm->next = NULL;
wolfSSL 13:f67a6c6013ca 18242 if (ssl->QSH_secret->list == NULL) {
wolfSSL 13:f67a6c6013ca 18243 ssl->QSH_secret->list = schm;
wolfSSL 13:f67a6c6013ca 18244 }
wolfSSL 13:f67a6c6013ca 18245 else {
wolfSSL 13:f67a6c6013ca 18246 if (schmPre)
wolfSSL 13:f67a6c6013ca 18247 schmPre->next = schm;
wolfSSL 13:f67a6c6013ca 18248 }
wolfSSL 13:f67a6c6013ca 18249
wolfSSL 13:f67a6c6013ca 18250 tmpSz = QSH_MaxSecret(current);
wolfSSL 13:f67a6c6013ca 18251
wolfSSL 13:f67a6c6013ca 18252 if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 18253 DYNAMIC_TYPE_SECRET)) == NULL)
wolfSSL 13:f67a6c6013ca 18254 return -1;
wolfSSL 13:f67a6c6013ca 18255
wolfSSL 13:f67a6c6013ca 18256 /* store info for writing extension */
wolfSSL 13:f67a6c6013ca 18257 schm->name = current->name;
wolfSSL 13:f67a6c6013ca 18258
wolfSSL 13:f67a6c6013ca 18259 /* no key to use for encryption */
wolfSSL 13:f67a6c6013ca 18260 if (tmpSz == 0) {
wolfSSL 13:f67a6c6013ca 18261 current = (QSHKey*)current->next;
wolfSSL 13:f67a6c6013ca 18262 continue;
wolfSSL 13:f67a6c6013ca 18263 }
wolfSSL 13:f67a6c6013ca 18264
wolfSSL 13:f67a6c6013ca 18265 if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
wolfSSL 13:f67a6c6013ca 18266 != 0) {
wolfSSL 13:f67a6c6013ca 18267 return -1;
wolfSSL 13:f67a6c6013ca 18268 }
wolfSSL 13:f67a6c6013ca 18269 if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
wolfSSL 13:f67a6c6013ca 18270 &tmpSz) != 0) {
wolfSSL 13:f67a6c6013ca 18271 return -1;
wolfSSL 13:f67a6c6013ca 18272 }
wolfSSL 13:f67a6c6013ca 18273 schm->PKLen = tmpSz;
wolfSSL 13:f67a6c6013ca 18274
wolfSSL 13:f67a6c6013ca 18275 sz += tmpSz;
wolfSSL 13:f67a6c6013ca 18276 offset += plainSz;
wolfSSL 13:f67a6c6013ca 18277 schmPre = schm;
wolfSSL 13:f67a6c6013ca 18278 current = (QSHKey*)current->next;
wolfSSL 13:f67a6c6013ca 18279 }
wolfSSL 13:f67a6c6013ca 18280
wolfSSL 13:f67a6c6013ca 18281 return sz;
wolfSSL 13:f67a6c6013ca 18282 }
wolfSSL 13:f67a6c6013ca 18283
wolfSSL 13:f67a6c6013ca 18284
wolfSSL 13:f67a6c6013ca 18285 static word32 QSH_KeyGetSize(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 18286 {
wolfSSL 13:f67a6c6013ca 18287 word32 sz = 0;
wolfSSL 13:f67a6c6013ca 18288 QSHKey* current = ssl->peerQSHKey;
wolfSSL 13:f67a6c6013ca 18289
wolfSSL 13:f67a6c6013ca 18290 if (ssl == NULL)
wolfSSL 13:f67a6c6013ca 18291 return -1;
wolfSSL 13:f67a6c6013ca 18292
wolfSSL 13:f67a6c6013ca 18293 sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
wolfSSL 13:f67a6c6013ca 18294 sz += OPAQUE24_LEN;
wolfSSL 13:f67a6c6013ca 18295 /* get size of buffer needed */
wolfSSL 13:f67a6c6013ca 18296 while (current) {
wolfSSL 13:f67a6c6013ca 18297 sz += OPAQUE16_LEN; /* scheme id */
wolfSSL 13:f67a6c6013ca 18298 sz += OPAQUE16_LEN; /* encrypted key len*/
wolfSSL 13:f67a6c6013ca 18299 sz += QSH_MaxSecret(current);
wolfSSL 13:f67a6c6013ca 18300 current = (QSHKey*)current->next;
wolfSSL 13:f67a6c6013ca 18301 }
wolfSSL 13:f67a6c6013ca 18302
wolfSSL 13:f67a6c6013ca 18303 return sz;
wolfSSL 13:f67a6c6013ca 18304 }
wolfSSL 13:f67a6c6013ca 18305
wolfSSL 13:f67a6c6013ca 18306
wolfSSL 13:f67a6c6013ca 18307 /* handle QSH key Exchange
wolfSSL 13:f67a6c6013ca 18308 return 0 on success
wolfSSL 13:f67a6c6013ca 18309 */
wolfSSL 13:f67a6c6013ca 18310 static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
wolfSSL 13:f67a6c6013ca 18311 {
wolfSSL 13:f67a6c6013ca 18312 int ret = 0;
wolfSSL 13:f67a6c6013ca 18313
wolfSSL 13:f67a6c6013ca 18314 WOLFSSL_ENTER("QSH KeyExchange");
wolfSSL 13:f67a6c6013ca 18315
wolfSSL 13:f67a6c6013ca 18316 ret = QSH_GenerateSerCliSecret(ssl, isServer);
wolfSSL 13:f67a6c6013ca 18317 if (ret < 0)
wolfSSL 13:f67a6c6013ca 18318 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 18319
wolfSSL 13:f67a6c6013ca 18320 return 0;
wolfSSL 13:f67a6c6013ca 18321 }
wolfSSL 13:f67a6c6013ca 18322
wolfSSL 13:f67a6c6013ca 18323 #endif /* HAVE_QSH */
wolfSSL 13:f67a6c6013ca 18324
wolfSSL 13:f67a6c6013ca 18325
wolfSSL 13:f67a6c6013ca 18326 typedef struct SckeArgs {
wolfSSL 13:f67a6c6013ca 18327 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 18328 byte* encSecret;
wolfSSL 13:f67a6c6013ca 18329 byte* input;
wolfSSL 13:f67a6c6013ca 18330 word32 encSz;
wolfSSL 13:f67a6c6013ca 18331 word32 length;
wolfSSL 13:f67a6c6013ca 18332 int sendSz;
wolfSSL 13:f67a6c6013ca 18333 int inputSz;
wolfSSL 13:f67a6c6013ca 18334 } SckeArgs;
wolfSSL 13:f67a6c6013ca 18335
wolfSSL 13:f67a6c6013ca 18336 static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 18337 {
wolfSSL 13:f67a6c6013ca 18338 SckeArgs* args = (SckeArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 18339
wolfSSL 13:f67a6c6013ca 18340 (void)ssl;
wolfSSL 13:f67a6c6013ca 18341
wolfSSL 13:f67a6c6013ca 18342 if (args->encSecret) {
wolfSSL 13:f67a6c6013ca 18343 XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 18344 args->encSecret = NULL;
wolfSSL 13:f67a6c6013ca 18345 }
wolfSSL 13:f67a6c6013ca 18346 if (args->input) {
wolfSSL 13:f67a6c6013ca 18347 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 18348 args->input = NULL;
wolfSSL 13:f67a6c6013ca 18349 }
wolfSSL 13:f67a6c6013ca 18350 }
wolfSSL 13:f67a6c6013ca 18351
wolfSSL 13:f67a6c6013ca 18352 int SendClientKeyExchange(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 18353 {
wolfSSL 13:f67a6c6013ca 18354 int ret = 0;
wolfSSL 13:f67a6c6013ca 18355 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 18356 SckeArgs* args = (SckeArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 18357 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 18358 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 18359 #else
wolfSSL 13:f67a6c6013ca 18360 SckeArgs args[1];
wolfSSL 13:f67a6c6013ca 18361 #endif
wolfSSL 13:f67a6c6013ca 18362
wolfSSL 13:f67a6c6013ca 18363 WOLFSSL_ENTER("SendClientKeyExchange");
wolfSSL 13:f67a6c6013ca 18364
wolfSSL 13:f67a6c6013ca 18365 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 18366 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 18367 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 18368 /* Check for error */
wolfSSL 13:f67a6c6013ca 18369 if (ret < 0)
wolfSSL 13:f67a6c6013ca 18370 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18371 }
wolfSSL 13:f67a6c6013ca 18372 else
wolfSSL 13:f67a6c6013ca 18373 #endif
wolfSSL 13:f67a6c6013ca 18374 {
wolfSSL 13:f67a6c6013ca 18375 /* Reset state */
wolfSSL 13:f67a6c6013ca 18376 ret = 0;
wolfSSL 13:f67a6c6013ca 18377 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 18378 XMEMSET(args, 0, sizeof(SckeArgs));
wolfSSL 13:f67a6c6013ca 18379 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 18380 ssl->async.freeArgs = FreeSckeArgs;
wolfSSL 13:f67a6c6013ca 18381 #endif
wolfSSL 13:f67a6c6013ca 18382 }
wolfSSL 13:f67a6c6013ca 18383
wolfSSL 13:f67a6c6013ca 18384 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 18385 {
wolfSSL 13:f67a6c6013ca 18386 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 18387 {
wolfSSL 13:f67a6c6013ca 18388 switch (ssl->specs.kea) {
wolfSSL 13:f67a6c6013ca 18389 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 18390 case rsa_kea:
wolfSSL 13:f67a6c6013ca 18391 if (ssl->peerRsaKey == NULL ||
wolfSSL 13:f67a6c6013ca 18392 ssl->peerRsaKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 18393 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18394 }
wolfSSL 13:f67a6c6013ca 18395 break;
wolfSSL 13:f67a6c6013ca 18396 #endif
wolfSSL 13:f67a6c6013ca 18397 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 18398 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18399 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 13:f67a6c6013ca 18400 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 13:f67a6c6013ca 18401 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 18402 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18403 }
wolfSSL 13:f67a6c6013ca 18404 break;
wolfSSL 13:f67a6c6013ca 18405 #endif /* NO_DH */
wolfSSL 13:f67a6c6013ca 18406 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 18407 case psk_kea:
wolfSSL 13:f67a6c6013ca 18408 /* sanity check that PSK client callback has been set */
wolfSSL 13:f67a6c6013ca 18409 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 18410 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 13:f67a6c6013ca 18411 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18412 }
wolfSSL 13:f67a6c6013ca 18413 break;
wolfSSL 13:f67a6c6013ca 18414 #endif /* NO_PSK */
wolfSSL 13:f67a6c6013ca 18415 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18416 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18417 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 13:f67a6c6013ca 18418 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 13:f67a6c6013ca 18419 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 18420 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18421 }
wolfSSL 13:f67a6c6013ca 18422
wolfSSL 13:f67a6c6013ca 18423 /* sanity check that PSK client callback has been set */
wolfSSL 13:f67a6c6013ca 18424 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 18425 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 13:f67a6c6013ca 18426 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18427 }
wolfSSL 13:f67a6c6013ca 18428 break;
wolfSSL 13:f67a6c6013ca 18429 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18430 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18431 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18432 /* sanity check that PSK client callback has been set */
wolfSSL 13:f67a6c6013ca 18433 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 18434 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 13:f67a6c6013ca 18435 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18436 }
wolfSSL 13:f67a6c6013ca 18437
wolfSSL 13:f67a6c6013ca 18438 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18439 if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 18440 /* Check client ECC public key */
wolfSSL 13:f67a6c6013ca 18441 if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
wolfSSL 13:f67a6c6013ca 18442 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18443 }
wolfSSL 13:f67a6c6013ca 18444
wolfSSL 13:f67a6c6013ca 18445 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18446 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18447 if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18448 break;
wolfSSL 13:f67a6c6013ca 18449 }
wolfSSL 13:f67a6c6013ca 18450 #endif
wolfSSL 13:f67a6c6013ca 18451
wolfSSL 13:f67a6c6013ca 18452 /* create private key */
wolfSSL 13:f67a6c6013ca 18453 ssl->hsType = DYNAMIC_TYPE_CURVE25519;
wolfSSL 13:f67a6c6013ca 18454 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 18455 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18456 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18457 }
wolfSSL 13:f67a6c6013ca 18458
wolfSSL 13:f67a6c6013ca 18459 ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18460 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 18461 break;
wolfSSL 13:f67a6c6013ca 18462 }
wolfSSL 13:f67a6c6013ca 18463 #endif
wolfSSL 13:f67a6c6013ca 18464 /* Check client ECC public key */
wolfSSL 13:f67a6c6013ca 18465 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 13:f67a6c6013ca 18466 !ssl->peerEccKey->dp) {
wolfSSL 13:f67a6c6013ca 18467 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18468 }
wolfSSL 13:f67a6c6013ca 18469
wolfSSL 13:f67a6c6013ca 18470 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18471 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18472 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18473 break;
wolfSSL 13:f67a6c6013ca 18474 }
wolfSSL 13:f67a6c6013ca 18475 #endif
wolfSSL 13:f67a6c6013ca 18476
wolfSSL 13:f67a6c6013ca 18477 /* create private key */
wolfSSL 13:f67a6c6013ca 18478 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 13:f67a6c6013ca 18479 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 18480 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18481 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18482 }
wolfSSL 13:f67a6c6013ca 18483
wolfSSL 13:f67a6c6013ca 18484 ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 18485
wolfSSL 13:f67a6c6013ca 18486 break;
wolfSSL 13:f67a6c6013ca 18487 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18488 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18489 case ntru_kea:
wolfSSL 13:f67a6c6013ca 18490 if (ssl->peerNtruKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 18491 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18492 }
wolfSSL 13:f67a6c6013ca 18493 break;
wolfSSL 13:f67a6c6013ca 18494 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 18495 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 18496 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18497 {
wolfSSL 13:f67a6c6013ca 18498 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 18499 ecc_key* peerKey;
wolfSSL 13:f67a6c6013ca 18500 #endif
wolfSSL 13:f67a6c6013ca 18501
wolfSSL 13:f67a6c6013ca 18502 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18503 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18504 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18505 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 18506 if (ssl->ctx->X25519SharedSecretCb != NULL)
wolfSSL 13:f67a6c6013ca 18507 break;
wolfSSL 13:f67a6c6013ca 18508 }
wolfSSL 13:f67a6c6013ca 18509 else
wolfSSL 13:f67a6c6013ca 18510 #endif
wolfSSL 13:f67a6c6013ca 18511 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18512 break;
wolfSSL 13:f67a6c6013ca 18513 }
wolfSSL 13:f67a6c6013ca 18514 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 13:f67a6c6013ca 18515
wolfSSL 13:f67a6c6013ca 18516 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18517 if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 18518 if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
wolfSSL 13:f67a6c6013ca 18519 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18520 }
wolfSSL 13:f67a6c6013ca 18521
wolfSSL 13:f67a6c6013ca 18522 /* create private key */
wolfSSL 13:f67a6c6013ca 18523 ssl->hsType = DYNAMIC_TYPE_CURVE25519;
wolfSSL 13:f67a6c6013ca 18524 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 18525 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18526 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18527 }
wolfSSL 13:f67a6c6013ca 18528
wolfSSL 13:f67a6c6013ca 18529 ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18530 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 18531 break;
wolfSSL 13:f67a6c6013ca 18532 }
wolfSSL 13:f67a6c6013ca 18533 #endif
wolfSSL 13:f67a6c6013ca 18534 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 18535 if (ssl->specs.static_ecdh) {
wolfSSL 13:f67a6c6013ca 18536 /* TODO: EccDsa is really fixed Ecc change naming */
wolfSSL 13:f67a6c6013ca 18537 if (!ssl->peerEccDsaKey ||
wolfSSL 13:f67a6c6013ca 18538 !ssl->peerEccDsaKeyPresent ||
wolfSSL 13:f67a6c6013ca 18539 !ssl->peerEccDsaKey->dp) {
wolfSSL 13:f67a6c6013ca 18540 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18541 }
wolfSSL 13:f67a6c6013ca 18542 peerKey = ssl->peerEccDsaKey;
wolfSSL 13:f67a6c6013ca 18543 }
wolfSSL 13:f67a6c6013ca 18544 else {
wolfSSL 13:f67a6c6013ca 18545 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 13:f67a6c6013ca 18546 !ssl->peerEccKey->dp) {
wolfSSL 13:f67a6c6013ca 18547 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18548 }
wolfSSL 13:f67a6c6013ca 18549 peerKey = ssl->peerEccKey;
wolfSSL 13:f67a6c6013ca 18550 }
wolfSSL 13:f67a6c6013ca 18551 if (peerKey == NULL) {
wolfSSL 13:f67a6c6013ca 18552 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 13:f67a6c6013ca 18553 }
wolfSSL 13:f67a6c6013ca 18554
wolfSSL 13:f67a6c6013ca 18555 /* create private key */
wolfSSL 13:f67a6c6013ca 18556 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 13:f67a6c6013ca 18557 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 18558 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18559 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18560 }
wolfSSL 13:f67a6c6013ca 18561
wolfSSL 13:f67a6c6013ca 18562 ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey);
wolfSSL 13:f67a6c6013ca 18563 #endif
wolfSSL 13:f67a6c6013ca 18564
wolfSSL 13:f67a6c6013ca 18565 break;
wolfSSL 13:f67a6c6013ca 18566 }
wolfSSL 13:f67a6c6013ca 18567 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 18568
wolfSSL 13:f67a6c6013ca 18569 default:
wolfSSL 13:f67a6c6013ca 18570 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 18571 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 18572
wolfSSL 13:f67a6c6013ca 18573 /* Check for error */
wolfSSL 13:f67a6c6013ca 18574 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18575 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18576 }
wolfSSL 13:f67a6c6013ca 18577
wolfSSL 13:f67a6c6013ca 18578 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 18579 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 18580 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 18581 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 18582
wolfSSL 13:f67a6c6013ca 18583 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 18584 {
wolfSSL 13:f67a6c6013ca 18585 args->encSz = MAX_ENCRYPT_SZ;
wolfSSL 13:f67a6c6013ca 18586 args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 18587 DYNAMIC_TYPE_SECRET);
wolfSSL 13:f67a6c6013ca 18588 if (args->encSecret == NULL) {
wolfSSL 13:f67a6c6013ca 18589 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 18590 }
wolfSSL 13:f67a6c6013ca 18591
wolfSSL 13:f67a6c6013ca 18592 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 18593 {
wolfSSL 13:f67a6c6013ca 18594 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 18595 case rsa_kea:
wolfSSL 13:f67a6c6013ca 18596 {
wolfSSL 13:f67a6c6013ca 18597 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 13:f67a6c6013ca 18598 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 18599 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18600 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18601 }
wolfSSL 13:f67a6c6013ca 18602
wolfSSL 13:f67a6c6013ca 18603 ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL 13:f67a6c6013ca 18604 ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL 13:f67a6c6013ca 18605 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 13:f67a6c6013ca 18606 break;
wolfSSL 13:f67a6c6013ca 18607 }
wolfSSL 13:f67a6c6013ca 18608 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 18609 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 18610 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18611 {
wolfSSL 13:f67a6c6013ca 18612 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 18613 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 13:f67a6c6013ca 18614 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 18615 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 18616 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 18617 }
wolfSSL 13:f67a6c6013ca 18618
wolfSSL 13:f67a6c6013ca 18619 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 13:f67a6c6013ca 18620 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 18621 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18622 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18623 }
wolfSSL 13:f67a6c6013ca 18624
wolfSSL 13:f67a6c6013ca 18625 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18626 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 18627 ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 18628 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 18629 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 18630 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18631 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18632 }
wolfSSL 13:f67a6c6013ca 18633
wolfSSL 13:f67a6c6013ca 18634 /* for DH, encSecret is Yc, agree is pre-master */
wolfSSL 13:f67a6c6013ca 18635 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18636 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 18637 args->encSecret, &args->encSz);
wolfSSL 13:f67a6c6013ca 18638
wolfSSL 13:f67a6c6013ca 18639 /* set the max agree result size */
wolfSSL 13:f67a6c6013ca 18640 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 18641 break;
wolfSSL 13:f67a6c6013ca 18642 }
wolfSSL 13:f67a6c6013ca 18643 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 18644 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 18645 case psk_kea:
wolfSSL 13:f67a6c6013ca 18646 {
wolfSSL 13:f67a6c6013ca 18647 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 18648 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 18649 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 18650 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 18651 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 18652 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 18653 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18654 }
wolfSSL 13:f67a6c6013ca 18655 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 18656 args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 13:f67a6c6013ca 18657 if (args->encSz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 18658 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18659 }
wolfSSL 13:f67a6c6013ca 18660 XMEMCPY(args->encSecret, ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 18661 args->encSz);
wolfSSL 13:f67a6c6013ca 18662
wolfSSL 13:f67a6c6013ca 18663 /* make psk pre master secret */
wolfSSL 13:f67a6c6013ca 18664 /* length of key + length 0s + length of key + key */
wolfSSL 13:f67a6c6013ca 18665 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 18666 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18667 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 18668 pms += ssl->arrays->psk_keySz;
wolfSSL 13:f67a6c6013ca 18669 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 18670 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18671 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 18672 ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
wolfSSL 13:f67a6c6013ca 18673 (2 * OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 18674 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 18675 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 13:f67a6c6013ca 18676 break;
wolfSSL 13:f67a6c6013ca 18677 }
wolfSSL 13:f67a6c6013ca 18678 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 18679 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18680 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18681 {
wolfSSL 13:f67a6c6013ca 18682 word32 esSz = 0;
wolfSSL 13:f67a6c6013ca 18683 args->output = args->encSecret;
wolfSSL 13:f67a6c6013ca 18684
wolfSSL 13:f67a6c6013ca 18685 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 18686 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 18687 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 18688 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 18689 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 18690 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18691 }
wolfSSL 13:f67a6c6013ca 18692 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 18693 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 13:f67a6c6013ca 18694
wolfSSL 13:f67a6c6013ca 18695 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 18696 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18697 }
wolfSSL 13:f67a6c6013ca 18698
wolfSSL 13:f67a6c6013ca 18699 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 18700 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 13:f67a6c6013ca 18701 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 18702 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 18703 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 18704 }
wolfSSL 13:f67a6c6013ca 18705
wolfSSL 13:f67a6c6013ca 18706 c16toa((word16)esSz, args->output);
wolfSSL 13:f67a6c6013ca 18707 args->output += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18708 XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL 13:f67a6c6013ca 18709 args->output += esSz;
wolfSSL 13:f67a6c6013ca 18710 args->encSz = esSz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18711
wolfSSL 13:f67a6c6013ca 18712 args->length = 0;
wolfSSL 13:f67a6c6013ca 18713
wolfSSL 13:f67a6c6013ca 18714 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 13:f67a6c6013ca 18715 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 18716 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18717 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18718 }
wolfSSL 13:f67a6c6013ca 18719
wolfSSL 13:f67a6c6013ca 18720 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18721 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 18722 ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 18723 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 18724 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 18725 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18726 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18727 }
wolfSSL 13:f67a6c6013ca 18728
wolfSSL 13:f67a6c6013ca 18729 /* for DH, encSecret is Yc, agree is pre-master */
wolfSSL 13:f67a6c6013ca 18730 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18731 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 18732 args->output + OPAQUE16_LEN, &args->length);
wolfSSL 13:f67a6c6013ca 18733 break;
wolfSSL 13:f67a6c6013ca 18734 }
wolfSSL 13:f67a6c6013ca 18735 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18736 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18737 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18738 {
wolfSSL 13:f67a6c6013ca 18739 word32 esSz = 0;
wolfSSL 13:f67a6c6013ca 18740 args->output = args->encSecret;
wolfSSL 13:f67a6c6013ca 18741
wolfSSL 13:f67a6c6013ca 18742 /* Send PSK client identity */
wolfSSL 13:f67a6c6013ca 18743 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 18744 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 18745 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 18746 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 18747 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 18748 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18749 }
wolfSSL 13:f67a6c6013ca 18750 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 18751 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 13:f67a6c6013ca 18752 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 18753 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18754 }
wolfSSL 13:f67a6c6013ca 18755
wolfSSL 13:f67a6c6013ca 18756 /* place size and identity in output buffer sz:identity */
wolfSSL 13:f67a6c6013ca 18757 c16toa((word16)esSz, args->output);
wolfSSL 13:f67a6c6013ca 18758 args->output += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18759 XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL 13:f67a6c6013ca 18760 args->output += esSz;
wolfSSL 13:f67a6c6013ca 18761 args->encSz = esSz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18762
wolfSSL 13:f67a6c6013ca 18763 /* length is used for public key size */
wolfSSL 13:f67a6c6013ca 18764 args->length = MAX_ENCRYPT_SZ;
wolfSSL 13:f67a6c6013ca 18765
wolfSSL 13:f67a6c6013ca 18766 /* Create shared ECC key leaving room at the begining
wolfSSL 13:f67a6c6013ca 18767 of buffer for size of shared key. */
wolfSSL 13:f67a6c6013ca 18768 ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 18769
wolfSSL 13:f67a6c6013ca 18770 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18771 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 18772 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18773 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18774 if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18775 break;
wolfSSL 13:f67a6c6013ca 18776 }
wolfSSL 13:f67a6c6013ca 18777 #endif
wolfSSL 13:f67a6c6013ca 18778
wolfSSL 13:f67a6c6013ca 18779 ret = wc_curve25519_export_public_ex(
wolfSSL 13:f67a6c6013ca 18780 (curve25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18781 args->output + OPAQUE8_LEN, &args->length,
wolfSSL 13:f67a6c6013ca 18782 EC25519_LITTLE_ENDIAN);
wolfSSL 13:f67a6c6013ca 18783 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18784 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18785 }
wolfSSL 13:f67a6c6013ca 18786
wolfSSL 13:f67a6c6013ca 18787 break;
wolfSSL 13:f67a6c6013ca 18788 }
wolfSSL 13:f67a6c6013ca 18789 #endif
wolfSSL 13:f67a6c6013ca 18790 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18791 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18792 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18793 break;
wolfSSL 13:f67a6c6013ca 18794 }
wolfSSL 13:f67a6c6013ca 18795 #endif
wolfSSL 13:f67a6c6013ca 18796
wolfSSL 13:f67a6c6013ca 18797 /* Place ECC key in output buffer, leaving room for size */
wolfSSL 13:f67a6c6013ca 18798 ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18799 args->output + OPAQUE8_LEN, &args->length);
wolfSSL 13:f67a6c6013ca 18800 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18801 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18802 }
wolfSSL 13:f67a6c6013ca 18803
wolfSSL 13:f67a6c6013ca 18804 break;
wolfSSL 13:f67a6c6013ca 18805 }
wolfSSL 13:f67a6c6013ca 18806 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18807 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18808 case ntru_kea:
wolfSSL 13:f67a6c6013ca 18809 {
wolfSSL 13:f67a6c6013ca 18810 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 13:f67a6c6013ca 18811 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 18812 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18813 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18814 }
wolfSSL 13:f67a6c6013ca 18815
wolfSSL 13:f67a6c6013ca 18816 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 13:f67a6c6013ca 18817 args->encSz = MAX_ENCRYPT_SZ;
wolfSSL 13:f67a6c6013ca 18818 break;
wolfSSL 13:f67a6c6013ca 18819 }
wolfSSL 13:f67a6c6013ca 18820 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 18821 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 18822 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18823 {
wolfSSL 13:f67a6c6013ca 18824 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 18825
wolfSSL 13:f67a6c6013ca 18826 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18827 if (ssl->hsType == DYNAMIC_TYPE_CURVE25519) {
wolfSSL 13:f67a6c6013ca 18828 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18829 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18830 if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18831 break;
wolfSSL 13:f67a6c6013ca 18832 }
wolfSSL 13:f67a6c6013ca 18833 #endif
wolfSSL 13:f67a6c6013ca 18834
wolfSSL 13:f67a6c6013ca 18835 ret = wc_curve25519_export_public_ex(
wolfSSL 13:f67a6c6013ca 18836 (curve25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18837 args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL 13:f67a6c6013ca 18838 EC25519_LITTLE_ENDIAN);
wolfSSL 13:f67a6c6013ca 18839 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18840 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18841 }
wolfSSL 13:f67a6c6013ca 18842
wolfSSL 13:f67a6c6013ca 18843 break;
wolfSSL 13:f67a6c6013ca 18844 }
wolfSSL 13:f67a6c6013ca 18845 #endif
wolfSSL 13:f67a6c6013ca 18846 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 18847 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18848 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 18849 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 18850 break;
wolfSSL 13:f67a6c6013ca 18851 }
wolfSSL 13:f67a6c6013ca 18852 #endif
wolfSSL 13:f67a6c6013ca 18853
wolfSSL 13:f67a6c6013ca 18854 /* Place ECC key in buffer, leaving room for size */
wolfSSL 13:f67a6c6013ca 18855 ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 18856 args->encSecret + OPAQUE8_LEN, &args->encSz);
wolfSSL 13:f67a6c6013ca 18857 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18858 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18859 }
wolfSSL 13:f67a6c6013ca 18860 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 18861 break;
wolfSSL 13:f67a6c6013ca 18862 }
wolfSSL 13:f67a6c6013ca 18863 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 18864
wolfSSL 13:f67a6c6013ca 18865 default:
wolfSSL 13:f67a6c6013ca 18866 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 18867 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 18868
wolfSSL 13:f67a6c6013ca 18869 /* Check for error */
wolfSSL 13:f67a6c6013ca 18870 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 18871 goto exit_scke;
wolfSSL 13:f67a6c6013ca 18872 }
wolfSSL 13:f67a6c6013ca 18873
wolfSSL 13:f67a6c6013ca 18874 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 18875 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 18876 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 18877 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 18878
wolfSSL 13:f67a6c6013ca 18879 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 18880 {
wolfSSL 13:f67a6c6013ca 18881 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 18882 {
wolfSSL 13:f67a6c6013ca 18883 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 18884 case rsa_kea:
wolfSSL 13:f67a6c6013ca 18885 {
wolfSSL 13:f67a6c6013ca 18886 ret = RsaEnc(ssl,
wolfSSL 13:f67a6c6013ca 18887 ssl->arrays->preMasterSecret, SECRET_LEN,
wolfSSL 13:f67a6c6013ca 18888 args->encSecret, &args->encSz,
wolfSSL 13:f67a6c6013ca 18889 ssl->peerRsaKey,
wolfSSL 13:f67a6c6013ca 18890 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 18891 ssl->buffers.peerRsaKey.buffer,
wolfSSL 13:f67a6c6013ca 18892 ssl->buffers.peerRsaKey.length,
wolfSSL 13:f67a6c6013ca 18893 ssl->RsaEncCtx
wolfSSL 13:f67a6c6013ca 18894 #else
wolfSSL 13:f67a6c6013ca 18895 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 18896 #endif
wolfSSL 13:f67a6c6013ca 18897 );
wolfSSL 13:f67a6c6013ca 18898
wolfSSL 13:f67a6c6013ca 18899 break;
wolfSSL 13:f67a6c6013ca 18900 }
wolfSSL 13:f67a6c6013ca 18901 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 18902 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 18903 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18904 {
wolfSSL 13:f67a6c6013ca 18905 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18906 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 18907 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 13:f67a6c6013ca 18908 ssl->buffers.serverDH_Pub.length,
wolfSSL 13:f67a6c6013ca 18909 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 18910 &ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 18911 break;
wolfSSL 13:f67a6c6013ca 18912 }
wolfSSL 13:f67a6c6013ca 18913 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 18914 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 18915 case psk_kea:
wolfSSL 13:f67a6c6013ca 18916 {
wolfSSL 13:f67a6c6013ca 18917 break;
wolfSSL 13:f67a6c6013ca 18918 }
wolfSSL 13:f67a6c6013ca 18919 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 18920 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18921 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18922 {
wolfSSL 13:f67a6c6013ca 18923 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 18924 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 18925 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 13:f67a6c6013ca 18926 ssl->buffers.serverDH_Pub.length,
wolfSSL 13:f67a6c6013ca 18927 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 18928 &ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 18929 break;
wolfSSL 13:f67a6c6013ca 18930 }
wolfSSL 13:f67a6c6013ca 18931 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18932 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 18933 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 18934 {
wolfSSL 13:f67a6c6013ca 18935 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 18936 if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 18937 ret = X25519SharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 18938 (curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 18939 args->output + OPAQUE8_LEN, &args->length,
wolfSSL 13:f67a6c6013ca 18940 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 18941 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 18942 WOLFSSL_CLIENT_END,
wolfSSL 13:f67a6c6013ca 18943 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18944 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 18945 #else
wolfSSL 13:f67a6c6013ca 18946 NULL
wolfSSL 13:f67a6c6013ca 18947 #endif
wolfSSL 13:f67a6c6013ca 18948 );
wolfSSL 13:f67a6c6013ca 18949 break;
wolfSSL 13:f67a6c6013ca 18950 }
wolfSSL 13:f67a6c6013ca 18951 #endif
wolfSSL 13:f67a6c6013ca 18952 ret = EccSharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 18953 (ecc_key*)ssl->hsKey, ssl->peerEccKey,
wolfSSL 13:f67a6c6013ca 18954 args->output + OPAQUE8_LEN, &args->length,
wolfSSL 13:f67a6c6013ca 18955 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 18956 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 18957 WOLFSSL_CLIENT_END,
wolfSSL 13:f67a6c6013ca 18958 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 18959 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 18960 #else
wolfSSL 13:f67a6c6013ca 18961 NULL
wolfSSL 13:f67a6c6013ca 18962 #endif
wolfSSL 13:f67a6c6013ca 18963 );
wolfSSL 13:f67a6c6013ca 18964 break;
wolfSSL 13:f67a6c6013ca 18965 }
wolfSSL 13:f67a6c6013ca 18966 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
wolfSSL 13:f67a6c6013ca 18967 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 18968 case ntru_kea:
wolfSSL 13:f67a6c6013ca 18969 {
wolfSSL 13:f67a6c6013ca 18970 word32 rc;
wolfSSL 13:f67a6c6013ca 18971 word16 tmpEncSz = (word16)args->encSz;
wolfSSL 13:f67a6c6013ca 18972 DRBG_HANDLE drbg;
wolfSSL 13:f67a6c6013ca 18973
wolfSSL 13:f67a6c6013ca 18974 rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 13:f67a6c6013ca 18975 if (rc != DRBG_OK) {
wolfSSL 13:f67a6c6013ca 18976 ERROR_OUT(NTRU_DRBG_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18977 }
wolfSSL 13:f67a6c6013ca 18978 rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL 13:f67a6c6013ca 18979 ssl->peerNtruKey,
wolfSSL 13:f67a6c6013ca 18980 ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 18981 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 18982 &tmpEncSz,
wolfSSL 13:f67a6c6013ca 18983 args->encSecret);
wolfSSL 13:f67a6c6013ca 18984 args->encSz = tmpEncSz;
wolfSSL 13:f67a6c6013ca 18985 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 13:f67a6c6013ca 18986 if (rc != NTRU_OK) {
wolfSSL 13:f67a6c6013ca 18987 ERROR_OUT(NTRU_ENCRYPT_ERROR, exit_scke);
wolfSSL 13:f67a6c6013ca 18988 }
wolfSSL 13:f67a6c6013ca 18989 ret = 0;
wolfSSL 13:f67a6c6013ca 18990 break;
wolfSSL 13:f67a6c6013ca 18991 }
wolfSSL 13:f67a6c6013ca 18992 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 18993 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 18994 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 18995 {
wolfSSL 13:f67a6c6013ca 18996 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 18997 ecc_key* peerKey;
wolfSSL 13:f67a6c6013ca 18998 #endif
wolfSSL 13:f67a6c6013ca 18999
wolfSSL 13:f67a6c6013ca 19000 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 19001 if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 19002 ret = X25519SharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 19003 (curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 19004 args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL 13:f67a6c6013ca 19005 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 19006 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 19007 WOLFSSL_CLIENT_END,
wolfSSL 13:f67a6c6013ca 19008 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 19009 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 19010 #else
wolfSSL 13:f67a6c6013ca 19011 NULL
wolfSSL 13:f67a6c6013ca 19012 #endif
wolfSSL 13:f67a6c6013ca 19013 );
wolfSSL 13:f67a6c6013ca 19014 break;
wolfSSL 13:f67a6c6013ca 19015 }
wolfSSL 13:f67a6c6013ca 19016 #endif
wolfSSL 13:f67a6c6013ca 19017 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19018 peerKey = (ssl->specs.static_ecdh) ?
wolfSSL 13:f67a6c6013ca 19019 ssl->peerEccDsaKey : ssl->peerEccKey;
wolfSSL 13:f67a6c6013ca 19020
wolfSSL 13:f67a6c6013ca 19021 ret = EccSharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 19022 (ecc_key*)ssl->hsKey, peerKey,
wolfSSL 13:f67a6c6013ca 19023 args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL 13:f67a6c6013ca 19024 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 19025 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 19026 WOLFSSL_CLIENT_END,
wolfSSL 13:f67a6c6013ca 19027 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 19028 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 19029 #else
wolfSSL 13:f67a6c6013ca 19030 NULL
wolfSSL 13:f67a6c6013ca 19031 #endif
wolfSSL 13:f67a6c6013ca 19032 );
wolfSSL 13:f67a6c6013ca 19033 #endif
wolfSSL 13:f67a6c6013ca 19034
wolfSSL 13:f67a6c6013ca 19035 break;
wolfSSL 13:f67a6c6013ca 19036 }
wolfSSL 13:f67a6c6013ca 19037 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 19038
wolfSSL 13:f67a6c6013ca 19039 default:
wolfSSL 13:f67a6c6013ca 19040 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 19041 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 19042
wolfSSL 13:f67a6c6013ca 19043 /* Check for error */
wolfSSL 13:f67a6c6013ca 19044 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19045 goto exit_scke;
wolfSSL 13:f67a6c6013ca 19046 }
wolfSSL 13:f67a6c6013ca 19047
wolfSSL 13:f67a6c6013ca 19048 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19049 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 19050 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 19051 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19052
wolfSSL 13:f67a6c6013ca 19053 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 19054 {
wolfSSL 13:f67a6c6013ca 19055 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 19056 {
wolfSSL 13:f67a6c6013ca 19057 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19058 case rsa_kea:
wolfSSL 13:f67a6c6013ca 19059 {
wolfSSL 13:f67a6c6013ca 19060 break;
wolfSSL 13:f67a6c6013ca 19061 }
wolfSSL 13:f67a6c6013ca 19062 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19063 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 19064 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 19065 {
wolfSSL 13:f67a6c6013ca 19066 break;
wolfSSL 13:f67a6c6013ca 19067 }
wolfSSL 13:f67a6c6013ca 19068 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 19069 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 19070 case psk_kea:
wolfSSL 13:f67a6c6013ca 19071 {
wolfSSL 13:f67a6c6013ca 19072 break;
wolfSSL 13:f67a6c6013ca 19073 }
wolfSSL 13:f67a6c6013ca 19074 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 19075 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 19076 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 19077 {
wolfSSL 13:f67a6c6013ca 19078 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 19079
wolfSSL 13:f67a6c6013ca 19080 /* validate args */
wolfSSL 13:f67a6c6013ca 19081 if (args->output == NULL || args->length == 0) {
wolfSSL 13:f67a6c6013ca 19082 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 13:f67a6c6013ca 19083 }
wolfSSL 13:f67a6c6013ca 19084
wolfSSL 13:f67a6c6013ca 19085 c16toa((word16)args->length, args->output);
wolfSSL 13:f67a6c6013ca 19086 args->encSz += args->length + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19087 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 13:f67a6c6013ca 19088 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19089 pms += ssl->arrays->preMasterSz;
wolfSSL 13:f67a6c6013ca 19090
wolfSSL 13:f67a6c6013ca 19091 /* make psk pre master secret */
wolfSSL 13:f67a6c6013ca 19092 /* length of key + length 0s + length of key + key */
wolfSSL 13:f67a6c6013ca 19093 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 19094 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19095 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 19096 ssl->arrays->preMasterSz +=
wolfSSL 13:f67a6c6013ca 19097 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19098 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 19099 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 13:f67a6c6013ca 19100 break;
wolfSSL 13:f67a6c6013ca 19101 }
wolfSSL 13:f67a6c6013ca 19102 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 19103 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 19104 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 19105 {
wolfSSL 13:f67a6c6013ca 19106 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 19107
wolfSSL 13:f67a6c6013ca 19108 /* validate args */
wolfSSL 13:f67a6c6013ca 19109 if (args->output == NULL || args->length > ENCRYPT_LEN) {
wolfSSL 13:f67a6c6013ca 19110 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 13:f67a6c6013ca 19111 }
wolfSSL 13:f67a6c6013ca 19112
wolfSSL 13:f67a6c6013ca 19113 /* place size of public key in output buffer */
wolfSSL 13:f67a6c6013ca 19114 *args->output = (byte)args->length;
wolfSSL 13:f67a6c6013ca 19115 args->encSz += args->length + OPAQUE8_LEN;
wolfSSL 13:f67a6c6013ca 19116
wolfSSL 13:f67a6c6013ca 19117 /* Create pre master secret is the concatination of
wolfSSL 13:f67a6c6013ca 19118 eccSize + eccSharedKey + pskSize + pskKey */
wolfSSL 13:f67a6c6013ca 19119 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 13:f67a6c6013ca 19120 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19121 pms += ssl->arrays->preMasterSz;
wolfSSL 13:f67a6c6013ca 19122
wolfSSL 13:f67a6c6013ca 19123 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 19124 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19125 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 19126 ssl->arrays->preMasterSz +=
wolfSSL 13:f67a6c6013ca 19127 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19128
wolfSSL 13:f67a6c6013ca 19129 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 19130 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 13:f67a6c6013ca 19131 break;
wolfSSL 13:f67a6c6013ca 19132 }
wolfSSL 13:f67a6c6013ca 19133 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 19134 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 19135 case ntru_kea:
wolfSSL 13:f67a6c6013ca 19136 {
wolfSSL 13:f67a6c6013ca 19137 break;
wolfSSL 13:f67a6c6013ca 19138 }
wolfSSL 13:f67a6c6013ca 19139 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 19140 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19141 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 19142 {
wolfSSL 13:f67a6c6013ca 19143 /* place size of public key in buffer */
wolfSSL 13:f67a6c6013ca 19144 *args->encSecret = (byte)args->encSz;
wolfSSL 13:f67a6c6013ca 19145 args->encSz += OPAQUE8_LEN;
wolfSSL 13:f67a6c6013ca 19146 break;
wolfSSL 13:f67a6c6013ca 19147 }
wolfSSL 13:f67a6c6013ca 19148 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 19149
wolfSSL 13:f67a6c6013ca 19150 default:
wolfSSL 13:f67a6c6013ca 19151 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 19152 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 19153
wolfSSL 13:f67a6c6013ca 19154 /* Check for error */
wolfSSL 13:f67a6c6013ca 19155 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19156 goto exit_scke;
wolfSSL 13:f67a6c6013ca 19157 }
wolfSSL 13:f67a6c6013ca 19158
wolfSSL 13:f67a6c6013ca 19159 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19160 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 19161 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 19162 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19163
wolfSSL 13:f67a6c6013ca 19164 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 19165 {
wolfSSL 13:f67a6c6013ca 19166 word32 tlsSz = 0;
wolfSSL 13:f67a6c6013ca 19167 word32 idx = 0;
wolfSSL 13:f67a6c6013ca 19168
wolfSSL 13:f67a6c6013ca 19169 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 19170 word32 qshSz = 0;
wolfSSL 13:f67a6c6013ca 19171 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 19172 qshSz = QSH_KeyGetSize(ssl);
wolfSSL 13:f67a6c6013ca 19173 }
wolfSSL 13:f67a6c6013ca 19174 #endif
wolfSSL 13:f67a6c6013ca 19175
wolfSSL 13:f67a6c6013ca 19176 if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) {
wolfSSL 13:f67a6c6013ca 19177 tlsSz = 2;
wolfSSL 13:f67a6c6013ca 19178 }
wolfSSL 13:f67a6c6013ca 19179
wolfSSL 13:f67a6c6013ca 19180 if (ssl->specs.kea == ecc_diffie_hellman_kea ||
wolfSSL 13:f67a6c6013ca 19181 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 13:f67a6c6013ca 19182 ssl->specs.kea == ecdhe_psk_kea) { /* always off */
wolfSSL 13:f67a6c6013ca 19183 tlsSz = 0;
wolfSSL 13:f67a6c6013ca 19184 }
wolfSSL 13:f67a6c6013ca 19185
wolfSSL 13:f67a6c6013ca 19186 idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 19187 args->sendSz = args->encSz + tlsSz + idx;
wolfSSL 13:f67a6c6013ca 19188
wolfSSL 13:f67a6c6013ca 19189 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19190 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 19191 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 19192 args->sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 13:f67a6c6013ca 19193 }
wolfSSL 13:f67a6c6013ca 19194 #endif
wolfSSL 13:f67a6c6013ca 19195
wolfSSL 13:f67a6c6013ca 19196 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19197 args->sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 19198 }
wolfSSL 13:f67a6c6013ca 19199
wolfSSL 13:f67a6c6013ca 19200 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 19201 args->encSz += qshSz;
wolfSSL 13:f67a6c6013ca 19202 args->sendSz += qshSz;
wolfSSL 13:f67a6c6013ca 19203 #endif
wolfSSL 13:f67a6c6013ca 19204
wolfSSL 13:f67a6c6013ca 19205 /* check for available size */
wolfSSL 13:f67a6c6013ca 19206 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 19207 goto exit_scke;
wolfSSL 13:f67a6c6013ca 19208 }
wolfSSL 13:f67a6c6013ca 19209
wolfSSL 13:f67a6c6013ca 19210 /* get output buffer */
wolfSSL 13:f67a6c6013ca 19211 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 19212 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 19213
wolfSSL 13:f67a6c6013ca 19214 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 19215 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 19216 byte idxSave = idx;
wolfSSL 13:f67a6c6013ca 19217 idx = args->sendSz - qshSz;
wolfSSL 13:f67a6c6013ca 19218
wolfSSL 13:f67a6c6013ca 19219 if (QSH_KeyExchangeWrite(ssl, 0) != 0) {
wolfSSL 13:f67a6c6013ca 19220 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 19221 }
wolfSSL 13:f67a6c6013ca 19222
wolfSSL 13:f67a6c6013ca 19223 /* extension type */
wolfSSL 13:f67a6c6013ca 19224 c16toa(TLSX_QUANTUM_SAFE_HYBRID, args->output + idx);
wolfSSL 13:f67a6c6013ca 19225 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19226
wolfSSL 13:f67a6c6013ca 19227 /* write to output and check amount written */
wolfSSL 13:f67a6c6013ca 19228 if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL 13:f67a6c6013ca 19229 args->output + idx) > qshSz - OPAQUE16_LEN) {
wolfSSL 13:f67a6c6013ca 19230 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 19231 }
wolfSSL 13:f67a6c6013ca 19232
wolfSSL 13:f67a6c6013ca 19233 idx = idxSave;
wolfSSL 13:f67a6c6013ca 19234 }
wolfSSL 13:f67a6c6013ca 19235 #endif
wolfSSL 13:f67a6c6013ca 19236
wolfSSL 13:f67a6c6013ca 19237 AddHeaders(args->output, args->encSz + tlsSz, client_key_exchange, ssl);
wolfSSL 13:f67a6c6013ca 19238
wolfSSL 13:f67a6c6013ca 19239 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 19240 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 19241 args->encSz -= qshSz;
wolfSSL 13:f67a6c6013ca 19242 }
wolfSSL 13:f67a6c6013ca 19243 #endif
wolfSSL 13:f67a6c6013ca 19244 if (tlsSz) {
wolfSSL 13:f67a6c6013ca 19245 c16toa((word16)args->encSz, &args->output[idx]);
wolfSSL 13:f67a6c6013ca 19246 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19247 }
wolfSSL 13:f67a6c6013ca 19248 XMEMCPY(args->output + idx, args->encSecret, args->encSz);
wolfSSL 13:f67a6c6013ca 19249 idx += args->encSz;
wolfSSL 13:f67a6c6013ca 19250
wolfSSL 13:f67a6c6013ca 19251 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19252 args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */
wolfSSL 13:f67a6c6013ca 19253 args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 19254 DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 19255 if (args->input == NULL) {
wolfSSL 13:f67a6c6013ca 19256 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 13:f67a6c6013ca 19257 }
wolfSSL 13:f67a6c6013ca 19258
wolfSSL 13:f67a6c6013ca 19259 XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 19260 args->inputSz);
wolfSSL 13:f67a6c6013ca 19261 }
wolfSSL 13:f67a6c6013ca 19262
wolfSSL 13:f67a6c6013ca 19263 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19264 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 19265 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 19266 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19267
wolfSSL 13:f67a6c6013ca 19268 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 19269 {
wolfSSL 13:f67a6c6013ca 19270 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19271 ret = BuildMessage(ssl, args->output, args->sendSz,
wolfSSL 13:f67a6c6013ca 19272 args->input, args->inputSz, handshake, 1, 0, 0);
wolfSSL 13:f67a6c6013ca 19273 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 19274 args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL 13:f67a6c6013ca 19275
wolfSSL 13:f67a6c6013ca 19276 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 19277 args->sendSz = ret;
wolfSSL 13:f67a6c6013ca 19278 ret = 0;
wolfSSL 13:f67a6c6013ca 19279 }
wolfSSL 13:f67a6c6013ca 19280 }
wolfSSL 13:f67a6c6013ca 19281 else {
wolfSSL 13:f67a6c6013ca 19282 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19283 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 19284 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 19285 #endif
wolfSSL 13:f67a6c6013ca 19286 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 13:f67a6c6013ca 19287 }
wolfSSL 13:f67a6c6013ca 19288
wolfSSL 13:f67a6c6013ca 19289 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19290 goto exit_scke;
wolfSSL 13:f67a6c6013ca 19291 }
wolfSSL 13:f67a6c6013ca 19292
wolfSSL 13:f67a6c6013ca 19293 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19294 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 19295 if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 19296 goto exit_scke;
wolfSSL 13:f67a6c6013ca 19297 }
wolfSSL 13:f67a6c6013ca 19298 }
wolfSSL 13:f67a6c6013ca 19299 #endif
wolfSSL 13:f67a6c6013ca 19300
wolfSSL 13:f67a6c6013ca 19301 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 19302 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 19303 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 19304 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 19305 AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
wolfSSL 13:f67a6c6013ca 19306 args->output, args->sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 19307 #endif
wolfSSL 13:f67a6c6013ca 19308
wolfSSL 13:f67a6c6013ca 19309 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 13:f67a6c6013ca 19310
wolfSSL 13:f67a6c6013ca 19311 if (!ssl->options.groupMessages) {
wolfSSL 13:f67a6c6013ca 19312 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 19313 }
wolfSSL 13:f67a6c6013ca 19314 if (ret == 0 || ret == WANT_WRITE) {
wolfSSL 13:f67a6c6013ca 19315 int tmpRet = MakeMasterSecret(ssl);
wolfSSL 13:f67a6c6013ca 19316 if (tmpRet != 0) {
wolfSSL 13:f67a6c6013ca 19317 ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL 13:f67a6c6013ca 19318 }
wolfSSL 13:f67a6c6013ca 19319 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 19320 }
wolfSSL 13:f67a6c6013ca 19321 break;
wolfSSL 13:f67a6c6013ca 19322 }
wolfSSL 13:f67a6c6013ca 19323 default:
wolfSSL 13:f67a6c6013ca 19324 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 19325 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 19326
wolfSSL 13:f67a6c6013ca 19327 exit_scke:
wolfSSL 13:f67a6c6013ca 19328
wolfSSL 13:f67a6c6013ca 19329 WOLFSSL_LEAVE("SendClientKeyExchange", ret);
wolfSSL 13:f67a6c6013ca 19330
wolfSSL 13:f67a6c6013ca 19331 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19332 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 19333 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 19334 return ret;
wolfSSL 13:f67a6c6013ca 19335 #endif
wolfSSL 13:f67a6c6013ca 19336
wolfSSL 13:f67a6c6013ca 19337 /* No further need for PMS */
wolfSSL 13:f67a6c6013ca 19338 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 19339 ssl->arrays->preMasterSz = 0;
wolfSSL 13:f67a6c6013ca 19340
wolfSSL 13:f67a6c6013ca 19341 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 19342 FreeSckeArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 19343 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 19344
wolfSSL 13:f67a6c6013ca 19345 return ret;
wolfSSL 13:f67a6c6013ca 19346 }
wolfSSL 13:f67a6c6013ca 19347
wolfSSL 13:f67a6c6013ca 19348
wolfSSL 13:f67a6c6013ca 19349 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 19350 /* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object.
wolfSSL 13:f67a6c6013ca 19351 * The signature type is set as well.
wolfSSL 13:f67a6c6013ca 19352 * The maximum length of a signature is returned.
wolfSSL 13:f67a6c6013ca 19353 *
wolfSSL 13:f67a6c6013ca 19354 * ssl The SSL/TLS object.
wolfSSL 13:f67a6c6013ca 19355 * length The length of a signature.
wolfSSL 13:f67a6c6013ca 19356 * returns 0 on success, otherwise failure.
wolfSSL 13:f67a6c6013ca 19357 */
wolfSSL 13:f67a6c6013ca 19358 int DecodePrivateKey(WOLFSSL *ssl, word16* length)
wolfSSL 13:f67a6c6013ca 19359 {
wolfSSL 13:f67a6c6013ca 19360 int ret;
wolfSSL 13:f67a6c6013ca 19361 int keySz;
wolfSSL 13:f67a6c6013ca 19362 word32 idx;
wolfSSL 13:f67a6c6013ca 19363
wolfSSL 13:f67a6c6013ca 19364 /* make sure private key exists */
wolfSSL 13:f67a6c6013ca 19365 if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 19366 WOLFSSL_MSG("Private key missing!");
wolfSSL 13:f67a6c6013ca 19367 ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
wolfSSL 13:f67a6c6013ca 19368 }
wolfSSL 13:f67a6c6013ca 19369
wolfSSL 13:f67a6c6013ca 19370 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19371 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 13:f67a6c6013ca 19372 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19373 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19374 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19375 }
wolfSSL 13:f67a6c6013ca 19376
wolfSSL 13:f67a6c6013ca 19377 WOLFSSL_MSG("Trying RSA private key");
wolfSSL 13:f67a6c6013ca 19378
wolfSSL 13:f67a6c6013ca 19379 /* Set start of data to beginning of buffer. */
wolfSSL 13:f67a6c6013ca 19380 idx = 0;
wolfSSL 13:f67a6c6013ca 19381 /* Decode the key assuming it is an RSA private key. */
wolfSSL 13:f67a6c6013ca 19382 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL 13:f67a6c6013ca 19383 (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 19384 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 19385 WOLFSSL_MSG("Using RSA private key");
wolfSSL 13:f67a6c6013ca 19386
wolfSSL 13:f67a6c6013ca 19387 /* It worked so check it meets minimum key size requirements. */
wolfSSL 13:f67a6c6013ca 19388 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19389 if (keySz < 0) { /* check if keySz has error case */
wolfSSL 13:f67a6c6013ca 19390 ERROR_OUT(keySz, exit_dpk);
wolfSSL 13:f67a6c6013ca 19391 }
wolfSSL 13:f67a6c6013ca 19392
wolfSSL 13:f67a6c6013ca 19393 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 19394 WOLFSSL_MSG("RSA key size too small");
wolfSSL 13:f67a6c6013ca 19395 ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
wolfSSL 13:f67a6c6013ca 19396 }
wolfSSL 13:f67a6c6013ca 19397
wolfSSL 13:f67a6c6013ca 19398 /* Return the maximum signature length. */
wolfSSL 13:f67a6c6013ca 19399 *length = (word16)keySz;
wolfSSL 13:f67a6c6013ca 19400
wolfSSL 13:f67a6c6013ca 19401 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19402 }
wolfSSL 13:f67a6c6013ca 19403 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19404
wolfSSL 13:f67a6c6013ca 19405 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19406 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19407 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19408 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19409
wolfSSL 13:f67a6c6013ca 19410 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 13:f67a6c6013ca 19411 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19412 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19413 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19414 }
wolfSSL 13:f67a6c6013ca 19415
wolfSSL 13:f67a6c6013ca 19416 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19417 WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
wolfSSL 13:f67a6c6013ca 19418 #else
wolfSSL 13:f67a6c6013ca 19419 WOLFSSL_MSG("Trying ECC private key");
wolfSSL 13:f67a6c6013ca 19420 #endif
wolfSSL 13:f67a6c6013ca 19421
wolfSSL 13:f67a6c6013ca 19422 /* Set start of data to beginning of buffer. */
wolfSSL 13:f67a6c6013ca 19423 idx = 0;
wolfSSL 13:f67a6c6013ca 19424 /* Decode the key assuming it is an ECC private key. */
wolfSSL 13:f67a6c6013ca 19425 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL 13:f67a6c6013ca 19426 (ecc_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 19427 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 19428 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 19429 WOLFSSL_MSG("Using ECC private key");
wolfSSL 13:f67a6c6013ca 19430
wolfSSL 13:f67a6c6013ca 19431 /* Check it meets the minimum ECC key size requirements. */
wolfSSL 13:f67a6c6013ca 19432 keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19433 if (keySz < ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 19434 WOLFSSL_MSG("ECC key size too small");
wolfSSL 13:f67a6c6013ca 19435 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL 13:f67a6c6013ca 19436 }
wolfSSL 13:f67a6c6013ca 19437
wolfSSL 13:f67a6c6013ca 19438 /* Return the maximum signature length. */
wolfSSL 13:f67a6c6013ca 19439 *length = wc_ecc_sig_size((ecc_key*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19440
wolfSSL 13:f67a6c6013ca 19441 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19442 }
wolfSSL 13:f67a6c6013ca 19443 #endif
wolfSSL 13:f67a6c6013ca 19444 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 19445 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 19446 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19447 #endif
wolfSSL 13:f67a6c6013ca 19448
wolfSSL 13:f67a6c6013ca 19449 ssl->hsType = DYNAMIC_TYPE_ED25519;
wolfSSL 13:f67a6c6013ca 19450 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 19451 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19452 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19453 }
wolfSSL 13:f67a6c6013ca 19454
wolfSSL 13:f67a6c6013ca 19455 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19456 WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
wolfSSL 13:f67a6c6013ca 19457 #elif !defined(NO_RSA)
wolfSSL 13:f67a6c6013ca 19458 WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
wolfSSL 13:f67a6c6013ca 19459 #else
wolfSSL 13:f67a6c6013ca 19460 WOLFSSL_MSG("Trying ED25519 private key");
wolfSSL 13:f67a6c6013ca 19461 #endif
wolfSSL 13:f67a6c6013ca 19462
wolfSSL 13:f67a6c6013ca 19463 /* Set start of data to beginning of buffer. */
wolfSSL 13:f67a6c6013ca 19464 idx = 0;
wolfSSL 13:f67a6c6013ca 19465 /* Decode the key assuming it is an ED25519 private key. */
wolfSSL 13:f67a6c6013ca 19466 ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL 13:f67a6c6013ca 19467 (ed25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 19468 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 19469 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 19470 WOLFSSL_MSG("Using ED25519 private key");
wolfSSL 13:f67a6c6013ca 19471
wolfSSL 13:f67a6c6013ca 19472 /* Check it meets the minimum ECC key size requirements. */
wolfSSL 13:f67a6c6013ca 19473 if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 19474 WOLFSSL_MSG("ED25519 key size too small");
wolfSSL 13:f67a6c6013ca 19475 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL 13:f67a6c6013ca 19476 }
wolfSSL 13:f67a6c6013ca 19477
wolfSSL 13:f67a6c6013ca 19478 /* Return the maximum signature length. */
wolfSSL 13:f67a6c6013ca 19479 *length = ED25519_SIG_SIZE;
wolfSSL 13:f67a6c6013ca 19480
wolfSSL 13:f67a6c6013ca 19481 goto exit_dpk;
wolfSSL 13:f67a6c6013ca 19482 }
wolfSSL 13:f67a6c6013ca 19483 #endif
wolfSSL 13:f67a6c6013ca 19484
wolfSSL 13:f67a6c6013ca 19485 exit_dpk:
wolfSSL 13:f67a6c6013ca 19486 return ret;
wolfSSL 13:f67a6c6013ca 19487 }
wolfSSL 13:f67a6c6013ca 19488
wolfSSL 13:f67a6c6013ca 19489
wolfSSL 13:f67a6c6013ca 19490 typedef struct ScvArgs {
wolfSSL 13:f67a6c6013ca 19491 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 19492 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19493 byte* verifySig;
wolfSSL 13:f67a6c6013ca 19494 #endif
wolfSSL 13:f67a6c6013ca 19495 byte* verify; /* not allocated */
wolfSSL 13:f67a6c6013ca 19496 byte* input;
wolfSSL 13:f67a6c6013ca 19497 word32 idx;
wolfSSL 13:f67a6c6013ca 19498 word32 extraSz;
wolfSSL 13:f67a6c6013ca 19499 word32 sigSz;
wolfSSL 13:f67a6c6013ca 19500 int sendSz;
wolfSSL 13:f67a6c6013ca 19501 int inputSz;
wolfSSL 13:f67a6c6013ca 19502 word16 length;
wolfSSL 13:f67a6c6013ca 19503 byte sigAlgo;
wolfSSL 13:f67a6c6013ca 19504 } ScvArgs;
wolfSSL 13:f67a6c6013ca 19505
wolfSSL 13:f67a6c6013ca 19506 static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 19507 {
wolfSSL 13:f67a6c6013ca 19508 ScvArgs* args = (ScvArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 19509
wolfSSL 13:f67a6c6013ca 19510 (void)ssl;
wolfSSL 13:f67a6c6013ca 19511
wolfSSL 13:f67a6c6013ca 19512 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19513 if (args->verifySig) {
wolfSSL 13:f67a6c6013ca 19514 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 19515 args->verifySig = NULL;
wolfSSL 13:f67a6c6013ca 19516 }
wolfSSL 13:f67a6c6013ca 19517 #endif
wolfSSL 13:f67a6c6013ca 19518 if (args->input) {
wolfSSL 13:f67a6c6013ca 19519 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 19520 args->input = NULL;
wolfSSL 13:f67a6c6013ca 19521 }
wolfSSL 13:f67a6c6013ca 19522 }
wolfSSL 13:f67a6c6013ca 19523
wolfSSL 13:f67a6c6013ca 19524 int SendCertificateVerify(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 19525 {
wolfSSL 13:f67a6c6013ca 19526 int ret = 0;
wolfSSL 13:f67a6c6013ca 19527 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19528 ScvArgs* args = (ScvArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 19529 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 19530 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 19531 #else
wolfSSL 13:f67a6c6013ca 19532 ScvArgs args[1];
wolfSSL 13:f67a6c6013ca 19533 #endif
wolfSSL 13:f67a6c6013ca 19534
wolfSSL 13:f67a6c6013ca 19535 WOLFSSL_ENTER("SendCertificateVerify");
wolfSSL 13:f67a6c6013ca 19536
wolfSSL 13:f67a6c6013ca 19537 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19538 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 19539 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 19540 /* Check for error */
wolfSSL 13:f67a6c6013ca 19541 if (ret < 0)
wolfSSL 13:f67a6c6013ca 19542 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19543 }
wolfSSL 13:f67a6c6013ca 19544 else
wolfSSL 13:f67a6c6013ca 19545 #endif
wolfSSL 13:f67a6c6013ca 19546 {
wolfSSL 13:f67a6c6013ca 19547 /* Reset state */
wolfSSL 13:f67a6c6013ca 19548 ret = 0;
wolfSSL 13:f67a6c6013ca 19549 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 19550 XMEMSET(args, 0, sizeof(ScvArgs));
wolfSSL 13:f67a6c6013ca 19551 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19552 ssl->async.freeArgs = FreeScvArgs;
wolfSSL 13:f67a6c6013ca 19553 #endif
wolfSSL 13:f67a6c6013ca 19554 }
wolfSSL 13:f67a6c6013ca 19555
wolfSSL 13:f67a6c6013ca 19556 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 19557 {
wolfSSL 13:f67a6c6013ca 19558 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 19559 {
wolfSSL 13:f67a6c6013ca 19560 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 13:f67a6c6013ca 19561 return 0; /* sent blank cert, can't verify */
wolfSSL 13:f67a6c6013ca 19562 }
wolfSSL 13:f67a6c6013ca 19563
wolfSSL 13:f67a6c6013ca 19564 args->sendSz = MAX_CERT_VERIFY_SZ;
wolfSSL 13:f67a6c6013ca 19565 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19566 args->sendSz += MAX_MSG_EXTRA;
wolfSSL 13:f67a6c6013ca 19567 }
wolfSSL 13:f67a6c6013ca 19568
wolfSSL 13:f67a6c6013ca 19569 /* check for available size */
wolfSSL 13:f67a6c6013ca 19570 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 19571 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19572 }
wolfSSL 13:f67a6c6013ca 19573
wolfSSL 13:f67a6c6013ca 19574 /* get output buffer */
wolfSSL 13:f67a6c6013ca 19575 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 19576 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 19577
wolfSSL 13:f67a6c6013ca 19578 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19579 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 19580 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 19581 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19582
wolfSSL 13:f67a6c6013ca 19583 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 19584 {
wolfSSL 13:f67a6c6013ca 19585 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 13:f67a6c6013ca 19586 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19587 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19588 }
wolfSSL 13:f67a6c6013ca 19589
wolfSSL 13:f67a6c6013ca 19590 /* Decode private key. */
wolfSSL 13:f67a6c6013ca 19591 ret = DecodePrivateKey(ssl, &args->length);
wolfSSL 13:f67a6c6013ca 19592 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19593 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19594 }
wolfSSL 13:f67a6c6013ca 19595
wolfSSL 13:f67a6c6013ca 19596 /* idx is used to track verify pointer offset to output */
wolfSSL 13:f67a6c6013ca 19597 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 19598 args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
wolfSSL 13:f67a6c6013ca 19599 args->extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL 13:f67a6c6013ca 19600
wolfSSL 13:f67a6c6013ca 19601 /* build encoded signature buffer */
wolfSSL 13:f67a6c6013ca 19602 ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
wolfSSL 13:f67a6c6013ca 19603 ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 19604 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 19605 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 19606 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 13:f67a6c6013ca 19607 }
wolfSSL 13:f67a6c6013ca 19608
wolfSSL 13:f67a6c6013ca 19609 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19610 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 19611 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 19612 args->verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 19613 }
wolfSSL 13:f67a6c6013ca 19614 #endif
wolfSSL 13:f67a6c6013ca 19615
wolfSSL 13:f67a6c6013ca 19616 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 19617 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 19618 /* old tls default */
wolfSSL 13:f67a6c6013ca 19619 SetDigest(ssl, sha_mac);
wolfSSL 13:f67a6c6013ca 19620 #endif
wolfSSL 13:f67a6c6013ca 19621 #else
wolfSSL 13:f67a6c6013ca 19622 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 19623 /* new tls default */
wolfSSL 13:f67a6c6013ca 19624 SetDigest(ssl, sha256_mac);
wolfSSL 13:f67a6c6013ca 19625 #endif
wolfSSL 13:f67a6c6013ca 19626 #endif /* !NO_OLD_TLS */
wolfSSL 13:f67a6c6013ca 19627
wolfSSL 13:f67a6c6013ca 19628 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 13:f67a6c6013ca 19629 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 19630 if (IsAtLeastTLSv1_2(ssl) &&
wolfSSL 13:f67a6c6013ca 19631 (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) {
wolfSSL 13:f67a6c6013ca 19632 args->sigAlgo = rsa_pss_sa_algo;
wolfSSL 13:f67a6c6013ca 19633 }
wolfSSL 13:f67a6c6013ca 19634 else
wolfSSL 13:f67a6c6013ca 19635 #endif
wolfSSL 13:f67a6c6013ca 19636 args->sigAlgo = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 19637 }
wolfSSL 13:f67a6c6013ca 19638 else if (ssl->hsType == DYNAMIC_TYPE_ECC)
wolfSSL 13:f67a6c6013ca 19639 args->sigAlgo = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 19640 else if (ssl->hsType == DYNAMIC_TYPE_ED25519)
wolfSSL 13:f67a6c6013ca 19641 args->sigAlgo = ed25519_sa_algo;
wolfSSL 13:f67a6c6013ca 19642
wolfSSL 13:f67a6c6013ca 19643 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 19644 EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo,
wolfSSL 13:f67a6c6013ca 19645 args->verify);
wolfSSL 13:f67a6c6013ca 19646 args->extraSz = HASH_SIG_SIZE;
wolfSSL 13:f67a6c6013ca 19647 SetDigest(ssl, ssl->suites->hashAlgo);
wolfSSL 13:f67a6c6013ca 19648 }
wolfSSL 13:f67a6c6013ca 19649 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 19650 else {
wolfSSL 13:f67a6c6013ca 19651 /* if old TLS load MD5 and SHA hash as value to sign */
wolfSSL 13:f67a6c6013ca 19652 XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 19653 (byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
wolfSSL 13:f67a6c6013ca 19654 }
wolfSSL 13:f67a6c6013ca 19655 #endif
wolfSSL 13:f67a6c6013ca 19656
wolfSSL 13:f67a6c6013ca 19657 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19658 if (args->sigAlgo == rsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 19659 ssl->buffers.sig.length = FINISHED_SZ;
wolfSSL 13:f67a6c6013ca 19660 args->sigSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 19661
wolfSSL 13:f67a6c6013ca 19662 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 19663 ssl->buffers.sig.length = wc_EncodeSignature(
wolfSSL 13:f67a6c6013ca 19664 ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 19665 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 19666 TypeHash(ssl->suites->hashAlgo));
wolfSSL 13:f67a6c6013ca 19667 }
wolfSSL 13:f67a6c6013ca 19668
wolfSSL 13:f67a6c6013ca 19669 /* prepend hdr */
wolfSSL 13:f67a6c6013ca 19670 c16toa(args->length, args->verify + args->extraSz);
wolfSSL 13:f67a6c6013ca 19671 }
wolfSSL 13:f67a6c6013ca 19672 else if (args->sigAlgo == rsa_pss_sa_algo) {
wolfSSL 13:f67a6c6013ca 19673 XMEMCPY(ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 19674 ssl->buffers.digest.length);
wolfSSL 13:f67a6c6013ca 19675 ssl->buffers.sig.length = ssl->buffers.digest.length;
wolfSSL 13:f67a6c6013ca 19676 args->sigSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 19677
wolfSSL 13:f67a6c6013ca 19678 /* prepend hdr */
wolfSSL 13:f67a6c6013ca 19679 c16toa(args->length, args->verify + args->extraSz);
wolfSSL 13:f67a6c6013ca 19680 }
wolfSSL 13:f67a6c6013ca 19681 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19682
wolfSSL 13:f67a6c6013ca 19683 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19684 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 19685 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 19686 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19687
wolfSSL 13:f67a6c6013ca 19688 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 19689 {
wolfSSL 13:f67a6c6013ca 19690 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19691 if (ssl->hsType == DYNAMIC_TYPE_ECC) {
wolfSSL 13:f67a6c6013ca 19692 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 19693
wolfSSL 13:f67a6c6013ca 19694 ret = EccSign(ssl,
wolfSSL 13:f67a6c6013ca 19695 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 19696 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 19697 key,
wolfSSL 13:f67a6c6013ca 19698 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 19699 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 19700 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 19701 ssl->EccSignCtx
wolfSSL 13:f67a6c6013ca 19702 #else
wolfSSL 13:f67a6c6013ca 19703 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 19704 #endif
wolfSSL 13:f67a6c6013ca 19705 );
wolfSSL 13:f67a6c6013ca 19706 }
wolfSSL 13:f67a6c6013ca 19707 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 19708 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 19709 if (ssl->hsType == DYNAMIC_TYPE_ED25519) {
wolfSSL 13:f67a6c6013ca 19710 ed25519_key* key = (ed25519_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 19711
wolfSSL 13:f67a6c6013ca 19712 ret = Ed25519Sign(ssl,
wolfSSL 13:f67a6c6013ca 19713 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 19714 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 19715 key,
wolfSSL 13:f67a6c6013ca 19716 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 19717 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 19718 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 19719 ssl->Ed25519SignCtx
wolfSSL 13:f67a6c6013ca 19720 #else
wolfSSL 13:f67a6c6013ca 19721 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 19722 #endif
wolfSSL 13:f67a6c6013ca 19723 );
wolfSSL 13:f67a6c6013ca 19724 }
wolfSSL 13:f67a6c6013ca 19725 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 19726 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19727 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 13:f67a6c6013ca 19728 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 19729
wolfSSL 13:f67a6c6013ca 19730 /* restore verify pointer */
wolfSSL 13:f67a6c6013ca 19731 args->verify = &args->output[args->idx];
wolfSSL 13:f67a6c6013ca 19732
wolfSSL 13:f67a6c6013ca 19733 ret = RsaSign(ssl,
wolfSSL 13:f67a6c6013ca 19734 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 19735 args->verify + args->extraSz + VERIFY_HEADER, &args->sigSz,
wolfSSL 13:f67a6c6013ca 19736 args->sigAlgo, ssl->suites->hashAlgo, key,
wolfSSL 13:f67a6c6013ca 19737 ssl->buffers.key->buffer, ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 19738 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 19739 ssl->RsaSignCtx
wolfSSL 13:f67a6c6013ca 19740 #else
wolfSSL 13:f67a6c6013ca 19741 NULL
wolfSSL 13:f67a6c6013ca 19742 #endif
wolfSSL 13:f67a6c6013ca 19743 );
wolfSSL 13:f67a6c6013ca 19744 }
wolfSSL 13:f67a6c6013ca 19745 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19746
wolfSSL 13:f67a6c6013ca 19747 /* Check for error */
wolfSSL 13:f67a6c6013ca 19748 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19749 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19750 }
wolfSSL 13:f67a6c6013ca 19751
wolfSSL 13:f67a6c6013ca 19752 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19753 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 19754 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 19755 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19756
wolfSSL 13:f67a6c6013ca 19757 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 19758 {
wolfSSL 13:f67a6c6013ca 19759 /* restore verify pointer */
wolfSSL 13:f67a6c6013ca 19760 args->verify = &args->output[args->idx];
wolfSSL 13:f67a6c6013ca 19761
wolfSSL 13:f67a6c6013ca 19762 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19763 if (ssl->hsType == DYNAMIC_TYPE_ECC) {
wolfSSL 13:f67a6c6013ca 19764 args->length = (word16)ssl->buffers.sig.length;
wolfSSL 13:f67a6c6013ca 19765 /* prepend hdr */
wolfSSL 13:f67a6c6013ca 19766 c16toa(args->length, args->verify + args->extraSz);
wolfSSL 13:f67a6c6013ca 19767 XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
wolfSSL 13:f67a6c6013ca 19768 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 13:f67a6c6013ca 19769 }
wolfSSL 13:f67a6c6013ca 19770 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 19771 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 19772 if (ssl->hsType == DYNAMIC_TYPE_ED25519) {
wolfSSL 13:f67a6c6013ca 19773 args->length = (word16)ssl->buffers.sig.length;
wolfSSL 13:f67a6c6013ca 19774 /* prepend hdr */
wolfSSL 13:f67a6c6013ca 19775 c16toa(args->length, args->verify + args->extraSz);
wolfSSL 13:f67a6c6013ca 19776 XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
wolfSSL 13:f67a6c6013ca 19777 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 13:f67a6c6013ca 19778 }
wolfSSL 13:f67a6c6013ca 19779 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 19780 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 19781 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 13:f67a6c6013ca 19782 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 19783
wolfSSL 13:f67a6c6013ca 19784 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 19785 args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 19786 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 19787 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 19788 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 13:f67a6c6013ca 19789 }
wolfSSL 13:f67a6c6013ca 19790 XMEMCPY(args->verifySig, args->verify + args->extraSz +
wolfSSL 13:f67a6c6013ca 19791 VERIFY_HEADER, args->sigSz);
wolfSSL 13:f67a6c6013ca 19792 }
wolfSSL 13:f67a6c6013ca 19793
wolfSSL 13:f67a6c6013ca 19794 /* check for signature faults */
wolfSSL 13:f67a6c6013ca 19795 ret = VerifyRsaSign(ssl,
wolfSSL 13:f67a6c6013ca 19796 args->verifySig, args->sigSz,
wolfSSL 13:f67a6c6013ca 19797 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 19798 args->sigAlgo, ssl->suites->hashAlgo, key
wolfSSL 13:f67a6c6013ca 19799 );
wolfSSL 13:f67a6c6013ca 19800 }
wolfSSL 13:f67a6c6013ca 19801 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 19802
wolfSSL 13:f67a6c6013ca 19803 /* Check for error */
wolfSSL 13:f67a6c6013ca 19804 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19805 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19806 }
wolfSSL 13:f67a6c6013ca 19807
wolfSSL 13:f67a6c6013ca 19808 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19809 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 19810 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 19811 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19812
wolfSSL 13:f67a6c6013ca 19813 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 19814 {
wolfSSL 13:f67a6c6013ca 19815 if (args->output == NULL) {
wolfSSL 13:f67a6c6013ca 19816 ERROR_OUT(BUFFER_ERROR, exit_scv);
wolfSSL 13:f67a6c6013ca 19817 }
wolfSSL 13:f67a6c6013ca 19818 AddHeaders(args->output, (word32)args->length + args->extraSz +
wolfSSL 13:f67a6c6013ca 19819 VERIFY_HEADER, certificate_verify, ssl);
wolfSSL 13:f67a6c6013ca 19820
wolfSSL 13:f67a6c6013ca 19821 args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
wolfSSL 13:f67a6c6013ca 19822 (word32)args->length + args->extraSz + VERIFY_HEADER;
wolfSSL 13:f67a6c6013ca 19823
wolfSSL 13:f67a6c6013ca 19824 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19825 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 19826 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 19827 }
wolfSSL 13:f67a6c6013ca 19828 #endif
wolfSSL 13:f67a6c6013ca 19829
wolfSSL 13:f67a6c6013ca 19830 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19831 args->inputSz = args->sendSz - RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 19832 /* build msg adds rec hdr */
wolfSSL 13:f67a6c6013ca 19833 args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 19834 DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 19835 if (args->input == NULL) {
wolfSSL 13:f67a6c6013ca 19836 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 13:f67a6c6013ca 19837 }
wolfSSL 13:f67a6c6013ca 19838
wolfSSL 13:f67a6c6013ca 19839 XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL 13:f67a6c6013ca 19840 args->inputSz);
wolfSSL 13:f67a6c6013ca 19841 }
wolfSSL 13:f67a6c6013ca 19842
wolfSSL 13:f67a6c6013ca 19843 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 19844 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 19845 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 19846 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 19847
wolfSSL 13:f67a6c6013ca 19848 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 19849 {
wolfSSL 13:f67a6c6013ca 19850 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 13:f67a6c6013ca 19851 ret = BuildMessage(ssl, args->output,
wolfSSL 13:f67a6c6013ca 19852 MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
wolfSSL 13:f67a6c6013ca 19853 args->input, args->inputSz, handshake,
wolfSSL 13:f67a6c6013ca 19854 1, 0, 1);
wolfSSL 13:f67a6c6013ca 19855 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19856 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 19857 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19858 #endif
wolfSSL 13:f67a6c6013ca 19859
wolfSSL 13:f67a6c6013ca 19860 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 13:f67a6c6013ca 19861 args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL 13:f67a6c6013ca 19862
wolfSSL 13:f67a6c6013ca 19863 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 19864 args->sendSz = ret;
wolfSSL 13:f67a6c6013ca 19865 ret = 0;
wolfSSL 13:f67a6c6013ca 19866 }
wolfSSL 13:f67a6c6013ca 19867 }
wolfSSL 13:f67a6c6013ca 19868 else {
wolfSSL 13:f67a6c6013ca 19869 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19870 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 19871 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 19872 #endif
wolfSSL 13:f67a6c6013ca 19873 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 13:f67a6c6013ca 19874 }
wolfSSL 13:f67a6c6013ca 19875
wolfSSL 13:f67a6c6013ca 19876 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 19877 goto exit_scv;
wolfSSL 13:f67a6c6013ca 19878 }
wolfSSL 13:f67a6c6013ca 19879
wolfSSL 13:f67a6c6013ca 19880 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 19881 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 19882 ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz);
wolfSSL 13:f67a6c6013ca 19883 }
wolfSSL 13:f67a6c6013ca 19884 #endif
wolfSSL 13:f67a6c6013ca 19885
wolfSSL 13:f67a6c6013ca 19886
wolfSSL 13:f67a6c6013ca 19887 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 19888 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 19889 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 19890 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 19891 AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
wolfSSL 13:f67a6c6013ca 19892 args->output, args->sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 19893 #endif
wolfSSL 13:f67a6c6013ca 19894
wolfSSL 13:f67a6c6013ca 19895 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 13:f67a6c6013ca 19896
wolfSSL 13:f67a6c6013ca 19897 if (!ssl->options.groupMessages) {
wolfSSL 13:f67a6c6013ca 19898 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 19899 }
wolfSSL 13:f67a6c6013ca 19900 break;
wolfSSL 13:f67a6c6013ca 19901 }
wolfSSL 13:f67a6c6013ca 19902 default:
wolfSSL 13:f67a6c6013ca 19903 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 19904 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 19905
wolfSSL 13:f67a6c6013ca 19906 exit_scv:
wolfSSL 13:f67a6c6013ca 19907
wolfSSL 13:f67a6c6013ca 19908 WOLFSSL_LEAVE("SendCertificateVerify", ret);
wolfSSL 13:f67a6c6013ca 19909
wolfSSL 13:f67a6c6013ca 19910 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 19911 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 19912 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 19913 return ret;
wolfSSL 13:f67a6c6013ca 19914 }
wolfSSL 13:f67a6c6013ca 19915 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 19916
wolfSSL 13:f67a6c6013ca 19917 /* Digest is not allocated, so do this to prevent free */
wolfSSL 13:f67a6c6013ca 19918 ssl->buffers.digest.buffer = NULL;
wolfSSL 13:f67a6c6013ca 19919 ssl->buffers.digest.length = 0;
wolfSSL 13:f67a6c6013ca 19920
wolfSSL 13:f67a6c6013ca 19921 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 19922 FreeScvArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 19923 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 19924
wolfSSL 13:f67a6c6013ca 19925 return ret;
wolfSSL 13:f67a6c6013ca 19926 }
wolfSSL 13:f67a6c6013ca 19927
wolfSSL 13:f67a6c6013ca 19928 #endif /* NO_CERTS */
wolfSSL 13:f67a6c6013ca 19929
wolfSSL 13:f67a6c6013ca 19930
wolfSSL 13:f67a6c6013ca 19931 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 19932 int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
wolfSSL 13:f67a6c6013ca 19933 {
wolfSSL 13:f67a6c6013ca 19934 /* Free old dynamic ticket if we already had one */
wolfSSL 13:f67a6c6013ca 19935 if (ssl->session.isDynamic) {
wolfSSL 13:f67a6c6013ca 19936 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 13:f67a6c6013ca 19937 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 13:f67a6c6013ca 19938 ssl->session.isDynamic = 0;
wolfSSL 13:f67a6c6013ca 19939 }
wolfSSL 13:f67a6c6013ca 19940
wolfSSL 13:f67a6c6013ca 19941 if (length > sizeof(ssl->session.staticTicket)) {
wolfSSL 13:f67a6c6013ca 19942 byte* sessionTicket =
wolfSSL 13:f67a6c6013ca 19943 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 13:f67a6c6013ca 19944 if (sessionTicket == NULL)
wolfSSL 13:f67a6c6013ca 19945 return MEMORY_E;
wolfSSL 13:f67a6c6013ca 19946 ssl->session.ticket = sessionTicket;
wolfSSL 13:f67a6c6013ca 19947 ssl->session.isDynamic = 1;
wolfSSL 13:f67a6c6013ca 19948 }
wolfSSL 13:f67a6c6013ca 19949 ssl->session.ticketLen = length;
wolfSSL 13:f67a6c6013ca 19950
wolfSSL 13:f67a6c6013ca 19951 if (length > 0) {
wolfSSL 13:f67a6c6013ca 19952 XMEMCPY(ssl->session.ticket, ticket, length);
wolfSSL 13:f67a6c6013ca 19953 if (ssl->session_ticket_cb != NULL) {
wolfSSL 13:f67a6c6013ca 19954 ssl->session_ticket_cb(ssl,
wolfSSL 13:f67a6c6013ca 19955 ssl->session.ticket, ssl->session.ticketLen,
wolfSSL 13:f67a6c6013ca 19956 ssl->session_ticket_ctx);
wolfSSL 13:f67a6c6013ca 19957 }
wolfSSL 13:f67a6c6013ca 19958 /* Create a fake sessionID based on the ticket, this will
wolfSSL 13:f67a6c6013ca 19959 * supercede the existing session cache info. */
wolfSSL 13:f67a6c6013ca 19960 ssl->options.haveSessionId = 1;
wolfSSL 13:f67a6c6013ca 19961 XMEMCPY(ssl->arrays->sessionID,
wolfSSL 13:f67a6c6013ca 19962 ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL 13:f67a6c6013ca 19963 }
wolfSSL 13:f67a6c6013ca 19964
wolfSSL 13:f67a6c6013ca 19965 return 0;
wolfSSL 13:f67a6c6013ca 19966 }
wolfSSL 13:f67a6c6013ca 19967
wolfSSL 13:f67a6c6013ca 19968 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 19969 word32 size)
wolfSSL 13:f67a6c6013ca 19970 {
wolfSSL 13:f67a6c6013ca 19971 word32 begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 19972 word32 lifetime;
wolfSSL 13:f67a6c6013ca 19973 word16 length;
wolfSSL 13:f67a6c6013ca 19974 int ret;
wolfSSL 13:f67a6c6013ca 19975
wolfSSL 13:f67a6c6013ca 19976 if (ssl->expect_session_ticket == 0) {
wolfSSL 13:f67a6c6013ca 19977 WOLFSSL_MSG("Unexpected session ticket");
wolfSSL 13:f67a6c6013ca 19978 return SESSION_TICKET_EXPECT_E;
wolfSSL 13:f67a6c6013ca 19979 }
wolfSSL 13:f67a6c6013ca 19980
wolfSSL 13:f67a6c6013ca 19981 if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
wolfSSL 13:f67a6c6013ca 19982 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 19983
wolfSSL 13:f67a6c6013ca 19984 ato32(input + *inOutIdx, &lifetime);
wolfSSL 13:f67a6c6013ca 19985 *inOutIdx += OPAQUE32_LEN;
wolfSSL 13:f67a6c6013ca 19986
wolfSSL 13:f67a6c6013ca 19987 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 13:f67a6c6013ca 19988 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 19989
wolfSSL 13:f67a6c6013ca 19990 ato16(input + *inOutIdx, &length);
wolfSSL 13:f67a6c6013ca 19991 *inOutIdx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 19992
wolfSSL 13:f67a6c6013ca 19993 if ((*inOutIdx - begin) + length > size)
wolfSSL 13:f67a6c6013ca 19994 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 19995
wolfSSL 13:f67a6c6013ca 19996 if ((ret = SetTicket(ssl, input + *inOutIdx, length)) != 0)
wolfSSL 13:f67a6c6013ca 19997 return ret;
wolfSSL 13:f67a6c6013ca 19998 *inOutIdx += length;
wolfSSL 13:f67a6c6013ca 19999 if (length > 0) {
wolfSSL 13:f67a6c6013ca 20000 ssl->timeout = lifetime;
wolfSSL 13:f67a6c6013ca 20001 #ifndef NO_SESSION_CACHE
wolfSSL 13:f67a6c6013ca 20002 AddSession(ssl);
wolfSSL 13:f67a6c6013ca 20003 #endif
wolfSSL 13:f67a6c6013ca 20004 }
wolfSSL 13:f67a6c6013ca 20005
wolfSSL 13:f67a6c6013ca 20006 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 13:f67a6c6013ca 20007 *inOutIdx += ssl->keys.padSz;
wolfSSL 13:f67a6c6013ca 20008 }
wolfSSL 13:f67a6c6013ca 20009
wolfSSL 13:f67a6c6013ca 20010 ssl->expect_session_ticket = 0;
wolfSSL 13:f67a6c6013ca 20011
wolfSSL 13:f67a6c6013ca 20012 return 0;
wolfSSL 13:f67a6c6013ca 20013 }
wolfSSL 13:f67a6c6013ca 20014 #endif /* HAVE_SESSION_TICKET */
wolfSSL 13:f67a6c6013ca 20015
wolfSSL 13:f67a6c6013ca 20016 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 13:f67a6c6013ca 20017
wolfSSL 13:f67a6c6013ca 20018 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 20019
wolfSSL 13:f67a6c6013ca 20020 int SendServerHello(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 20021 {
wolfSSL 13:f67a6c6013ca 20022 byte *output;
wolfSSL 13:f67a6c6013ca 20023 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20024 int sendSz;
wolfSSL 13:f67a6c6013ca 20025 int ret;
wolfSSL 13:f67a6c6013ca 20026 byte sessIdSz = ID_LEN;
wolfSSL 13:f67a6c6013ca 20027 byte echoId = 0; /* ticket echo id flag */
wolfSSL 13:f67a6c6013ca 20028 byte cacheOff = 0; /* session cache off flag */
wolfSSL 13:f67a6c6013ca 20029
wolfSSL 13:f67a6c6013ca 20030 length = VERSION_SZ + RAN_LEN
wolfSSL 13:f67a6c6013ca 20031 + ID_LEN + ENUM_LEN
wolfSSL 13:f67a6c6013ca 20032 + SUITE_LEN
wolfSSL 13:f67a6c6013ca 20033 + ENUM_LEN;
wolfSSL 13:f67a6c6013ca 20034
wolfSSL 13:f67a6c6013ca 20035 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 20036 length += TLSX_GetResponseSize(ssl, server_hello);
wolfSSL 13:f67a6c6013ca 20037 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 20038 if (ssl->options.useTicket) {
wolfSSL 13:f67a6c6013ca 20039 /* echo session id sz can be 0,32 or bogus len inbetween */
wolfSSL 13:f67a6c6013ca 20040 sessIdSz = ssl->arrays->sessionIDSz;
wolfSSL 13:f67a6c6013ca 20041 if (sessIdSz > ID_LEN) {
wolfSSL 13:f67a6c6013ca 20042 WOLFSSL_MSG("Bad bogus session id len");
wolfSSL 13:f67a6c6013ca 20043 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 20044 }
wolfSSL 13:f67a6c6013ca 20045 if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL 13:f67a6c6013ca 20046 length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
wolfSSL 13:f67a6c6013ca 20047 echoId = 1;
wolfSSL 13:f67a6c6013ca 20048 }
wolfSSL 13:f67a6c6013ca 20049 #endif /* HAVE_SESSION_TICKET */
wolfSSL 13:f67a6c6013ca 20050 #else
wolfSSL 13:f67a6c6013ca 20051 if (ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 20052 length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
wolfSSL 13:f67a6c6013ca 20053 }
wolfSSL 13:f67a6c6013ca 20054 #endif
wolfSSL 13:f67a6c6013ca 20055
wolfSSL 13:f67a6c6013ca 20056 /* is the session cahce off at build or runtime */
wolfSSL 13:f67a6c6013ca 20057 #ifdef NO_SESSION_CACHE
wolfSSL 13:f67a6c6013ca 20058 cacheOff = 1;
wolfSSL 13:f67a6c6013ca 20059 #else
wolfSSL 13:f67a6c6013ca 20060 if (ssl->options.sessionCacheOff == 1) {
wolfSSL 13:f67a6c6013ca 20061 cacheOff = 1;
wolfSSL 13:f67a6c6013ca 20062 }
wolfSSL 13:f67a6c6013ca 20063 #endif
wolfSSL 13:f67a6c6013ca 20064
wolfSSL 13:f67a6c6013ca 20065 /* if no session cache don't send a session ID unless we're echoing
wolfSSL 13:f67a6c6013ca 20066 * an ID as part of session tickets */
wolfSSL 13:f67a6c6013ca 20067 if (echoId == 0 && cacheOff == 1) {
wolfSSL 13:f67a6c6013ca 20068 length -= ID_LEN; /* adjust ID_LEN assumption */
wolfSSL 13:f67a6c6013ca 20069 sessIdSz = 0;
wolfSSL 13:f67a6c6013ca 20070 }
wolfSSL 13:f67a6c6013ca 20071
wolfSSL 13:f67a6c6013ca 20072 /* check for avalaible size */
wolfSSL 13:f67a6c6013ca 20073 if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
wolfSSL 13:f67a6c6013ca 20074 return ret;
wolfSSL 13:f67a6c6013ca 20075
wolfSSL 13:f67a6c6013ca 20076 /* get output buffer */
wolfSSL 13:f67a6c6013ca 20077 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 20078 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 20079
wolfSSL 13:f67a6c6013ca 20080 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20081 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20082 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20083 /* Server Hello should use the same sequence number as the
wolfSSL 13:f67a6c6013ca 20084 * Client Hello. */
wolfSSL 13:f67a6c6013ca 20085 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 13:f67a6c6013ca 20086 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 13:f67a6c6013ca 20087 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20088 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20089 }
wolfSSL 13:f67a6c6013ca 20090 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 20091 AddHeaders(output, length, server_hello, ssl);
wolfSSL 13:f67a6c6013ca 20092
wolfSSL 13:f67a6c6013ca 20093 /* now write to output */
wolfSSL 13:f67a6c6013ca 20094 /* first version */
wolfSSL 13:f67a6c6013ca 20095 output[idx++] = ssl->version.major;
wolfSSL 13:f67a6c6013ca 20096 output[idx++] = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 20097
wolfSSL 13:f67a6c6013ca 20098 /* then random and session id */
wolfSSL 13:f67a6c6013ca 20099 if (!ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 20100 /* generate random part and session id */
wolfSSL 13:f67a6c6013ca 20101 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
wolfSSL 13:f67a6c6013ca 20102 RAN_LEN + sizeof(sessIdSz) + sessIdSz);
wolfSSL 13:f67a6c6013ca 20103 if (ret != 0)
wolfSSL 13:f67a6c6013ca 20104 return ret;
wolfSSL 13:f67a6c6013ca 20105
wolfSSL 13:f67a6c6013ca 20106 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 20107 if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
wolfSSL 13:f67a6c6013ca 20108 /* TLS v1.3 capable server downgraded. */
wolfSSL 13:f67a6c6013ca 20109 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL 13:f67a6c6013ca 20110 tls13Downgrade, TLS13_DOWNGRADE_SZ);
wolfSSL 13:f67a6c6013ca 20111 output[idx + RAN_LEN - 1] = IsAtLeastTLSv1_2(ssl);
wolfSSL 13:f67a6c6013ca 20112 }
wolfSSL 13:f67a6c6013ca 20113 else
wolfSSL 13:f67a6c6013ca 20114 #endif
wolfSSL 13:f67a6c6013ca 20115 if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
wolfSSL 13:f67a6c6013ca 20116 ssl->ctx->method->version.minor == TLSv1_2_MINOR &&
wolfSSL 13:f67a6c6013ca 20117 !IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 20118 /* TLS v1.2 capable server downgraded. */
wolfSSL 13:f67a6c6013ca 20119 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL 13:f67a6c6013ca 20120 tls13Downgrade, TLS13_DOWNGRADE_SZ);
wolfSSL 13:f67a6c6013ca 20121 output[idx + RAN_LEN - 1] = 0;
wolfSSL 13:f67a6c6013ca 20122 }
wolfSSL 13:f67a6c6013ca 20123
wolfSSL 13:f67a6c6013ca 20124 /* store info in SSL for later */
wolfSSL 13:f67a6c6013ca 20125 XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
wolfSSL 13:f67a6c6013ca 20126 idx += RAN_LEN;
wolfSSL 13:f67a6c6013ca 20127 output[idx++] = sessIdSz;
wolfSSL 13:f67a6c6013ca 20128 XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
wolfSSL 13:f67a6c6013ca 20129 ssl->arrays->sessionIDSz = sessIdSz;
wolfSSL 13:f67a6c6013ca 20130 }
wolfSSL 13:f67a6c6013ca 20131 else {
wolfSSL 13:f67a6c6013ca 20132 /* If resuming, use info from SSL */
wolfSSL 13:f67a6c6013ca 20133 XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 20134 idx += RAN_LEN;
wolfSSL 13:f67a6c6013ca 20135 output[idx++] = sessIdSz;
wolfSSL 13:f67a6c6013ca 20136 XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
wolfSSL 13:f67a6c6013ca 20137 }
wolfSSL 13:f67a6c6013ca 20138 idx += sessIdSz;
wolfSSL 13:f67a6c6013ca 20139
wolfSSL 13:f67a6c6013ca 20140 #ifdef SHOW_SECRETS
wolfSSL 13:f67a6c6013ca 20141 {
wolfSSL 13:f67a6c6013ca 20142 int j;
wolfSSL 13:f67a6c6013ca 20143 printf("server random: ");
wolfSSL 13:f67a6c6013ca 20144 for (j = 0; j < RAN_LEN; j++)
wolfSSL 13:f67a6c6013ca 20145 printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL 13:f67a6c6013ca 20146 printf("\n");
wolfSSL 13:f67a6c6013ca 20147 }
wolfSSL 13:f67a6c6013ca 20148 #endif
wolfSSL 13:f67a6c6013ca 20149
wolfSSL 13:f67a6c6013ca 20150 /* then cipher suite */
wolfSSL 13:f67a6c6013ca 20151 output[idx++] = ssl->options.cipherSuite0;
wolfSSL 13:f67a6c6013ca 20152 output[idx++] = ssl->options.cipherSuite;
wolfSSL 13:f67a6c6013ca 20153
wolfSSL 13:f67a6c6013ca 20154 /* then compression */
wolfSSL 13:f67a6c6013ca 20155 if (ssl->options.usingCompression)
wolfSSL 13:f67a6c6013ca 20156 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 13:f67a6c6013ca 20157 else
wolfSSL 13:f67a6c6013ca 20158 output[idx++] = NO_COMPRESSION;
wolfSSL 13:f67a6c6013ca 20159
wolfSSL 13:f67a6c6013ca 20160 /* last, extensions */
wolfSSL 13:f67a6c6013ca 20161 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 20162 TLSX_WriteResponse(ssl, output + idx, server_hello);
wolfSSL 13:f67a6c6013ca 20163 #else
wolfSSL 13:f67a6c6013ca 20164 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 13:f67a6c6013ca 20165 if (ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 20166 c16toa(HELLO_EXT_SZ, output + idx);
wolfSSL 13:f67a6c6013ca 20167 idx += HELLO_EXT_SZ_SZ;
wolfSSL 13:f67a6c6013ca 20168
wolfSSL 13:f67a6c6013ca 20169 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 13:f67a6c6013ca 20170 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 13:f67a6c6013ca 20171 c16toa(0, output + idx);
wolfSSL 13:f67a6c6013ca 20172 /*idx += HELLO_EXT_SZ_SZ;*/
wolfSSL 13:f67a6c6013ca 20173 /* idx is not used after this point. uncomment the line above
wolfSSL 13:f67a6c6013ca 20174 * if adding any more extentions in the future. */
wolfSSL 13:f67a6c6013ca 20175 }
wolfSSL 13:f67a6c6013ca 20176 #endif
wolfSSL 13:f67a6c6013ca 20177 #endif
wolfSSL 13:f67a6c6013ca 20178
wolfSSL 13:f67a6c6013ca 20179 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 20180 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20181 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 20182 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 20183 return ret;
wolfSSL 13:f67a6c6013ca 20184 }
wolfSSL 13:f67a6c6013ca 20185
wolfSSL 13:f67a6c6013ca 20186 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20187 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 20188 }
wolfSSL 13:f67a6c6013ca 20189 #endif
wolfSSL 13:f67a6c6013ca 20190
wolfSSL 13:f67a6c6013ca 20191 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 20192 if (ret != 0)
wolfSSL 13:f67a6c6013ca 20193 return ret;
wolfSSL 13:f67a6c6013ca 20194
wolfSSL 13:f67a6c6013ca 20195
wolfSSL 13:f67a6c6013ca 20196 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 20197 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 20198 AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 20199 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 20200 AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 20201 ssl->heap);
wolfSSL 13:f67a6c6013ca 20202 #endif
wolfSSL 13:f67a6c6013ca 20203
wolfSSL 13:f67a6c6013ca 20204 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 13:f67a6c6013ca 20205
wolfSSL 13:f67a6c6013ca 20206 if (ssl->options.groupMessages)
wolfSSL 13:f67a6c6013ca 20207 return 0;
wolfSSL 13:f67a6c6013ca 20208 else
wolfSSL 13:f67a6c6013ca 20209 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 20210 }
wolfSSL 13:f67a6c6013ca 20211
wolfSSL 13:f67a6c6013ca 20212
wolfSSL 13:f67a6c6013ca 20213 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 20214
wolfSSL 13:f67a6c6013ca 20215 static byte SetCurveId(ecc_key* key)
wolfSSL 13:f67a6c6013ca 20216 {
wolfSSL 13:f67a6c6013ca 20217 if (key == NULL || key->dp == NULL) {
wolfSSL 13:f67a6c6013ca 20218 WOLFSSL_MSG("SetCurveId: Invalid key!");
wolfSSL 13:f67a6c6013ca 20219 return 0;
wolfSSL 13:f67a6c6013ca 20220 }
wolfSSL 13:f67a6c6013ca 20221
wolfSSL 13:f67a6c6013ca 20222 switch(key->dp->oidSum) {
wolfSSL 13:f67a6c6013ca 20223 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20224 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20225 case ECC_SECP160R1_OID:
wolfSSL 13:f67a6c6013ca 20226 return WOLFSSL_ECC_SECP160R1;
wolfSSL 13:f67a6c6013ca 20227 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20228 #ifdef HAVE_ECC_SECPR2
wolfSSL 13:f67a6c6013ca 20229 case ECC_SECP160R2_OID:
wolfSSL 13:f67a6c6013ca 20230 return WOLFSSL_ECC_SECP160R2;
wolfSSL 13:f67a6c6013ca 20231 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 13:f67a6c6013ca 20232 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 20233 case ECC_SECP160K1_OID:
wolfSSL 13:f67a6c6013ca 20234 return WOLFSSL_ECC_SECP160K1;
wolfSSL 13:f67a6c6013ca 20235 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 20236 #endif
wolfSSL 13:f67a6c6013ca 20237 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20238 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20239 case ECC_SECP192R1_OID:
wolfSSL 13:f67a6c6013ca 20240 return WOLFSSL_ECC_SECP192R1;
wolfSSL 13:f67a6c6013ca 20241 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20242 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 20243 case ECC_SECP192K1_OID:
wolfSSL 13:f67a6c6013ca 20244 return WOLFSSL_ECC_SECP192K1;
wolfSSL 13:f67a6c6013ca 20245 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 20246 #endif
wolfSSL 13:f67a6c6013ca 20247 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20248 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20249 case ECC_SECP224R1_OID:
wolfSSL 13:f67a6c6013ca 20250 return WOLFSSL_ECC_SECP224R1;
wolfSSL 13:f67a6c6013ca 20251 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20252 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 20253 case ECC_SECP224K1_OID:
wolfSSL 13:f67a6c6013ca 20254 return WOLFSSL_ECC_SECP224K1;
wolfSSL 13:f67a6c6013ca 20255 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 20256 #endif
wolfSSL 13:f67a6c6013ca 20257 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20258 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20259 case ECC_SECP256R1_OID:
wolfSSL 13:f67a6c6013ca 20260 return WOLFSSL_ECC_SECP256R1;
wolfSSL 13:f67a6c6013ca 20261 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20262 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 13:f67a6c6013ca 20263 case ECC_SECP256K1_OID:
wolfSSL 13:f67a6c6013ca 20264 return WOLFSSL_ECC_SECP256K1;
wolfSSL 13:f67a6c6013ca 20265 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 13:f67a6c6013ca 20266 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 20267 case ECC_BRAINPOOLP256R1_OID:
wolfSSL 13:f67a6c6013ca 20268 return WOLFSSL_ECC_BRAINPOOLP256R1;
wolfSSL 13:f67a6c6013ca 20269 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 20270 #endif
wolfSSL 13:f67a6c6013ca 20271 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20272 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20273 case ECC_X25519_OID:
wolfSSL 13:f67a6c6013ca 20274 return WOLFSSL_ECC_X25519;
wolfSSL 13:f67a6c6013ca 20275 #endif
wolfSSL 13:f67a6c6013ca 20276 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20277 case ECC_SECP384R1_OID:
wolfSSL 13:f67a6c6013ca 20278 return WOLFSSL_ECC_SECP384R1;
wolfSSL 13:f67a6c6013ca 20279 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20280 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 20281 case ECC_BRAINPOOLP384R1_OID:
wolfSSL 13:f67a6c6013ca 20282 return WOLFSSL_ECC_BRAINPOOLP384R1;
wolfSSL 13:f67a6c6013ca 20283 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 20284 #endif
wolfSSL 13:f67a6c6013ca 20285 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20286 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 13:f67a6c6013ca 20287 case ECC_BRAINPOOLP512R1_OID:
wolfSSL 13:f67a6c6013ca 20288 return WOLFSSL_ECC_BRAINPOOLP512R1;
wolfSSL 13:f67a6c6013ca 20289 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 13:f67a6c6013ca 20290 #endif
wolfSSL 13:f67a6c6013ca 20291 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 13:f67a6c6013ca 20292 #ifndef NO_ECC_SECP
wolfSSL 13:f67a6c6013ca 20293 case ECC_SECP521R1_OID:
wolfSSL 13:f67a6c6013ca 20294 return WOLFSSL_ECC_SECP521R1;
wolfSSL 13:f67a6c6013ca 20295 #endif /* !NO_ECC_SECP */
wolfSSL 13:f67a6c6013ca 20296 #endif
wolfSSL 13:f67a6c6013ca 20297 default:
wolfSSL 13:f67a6c6013ca 20298 return 0;
wolfSSL 13:f67a6c6013ca 20299 }
wolfSSL 13:f67a6c6013ca 20300 }
wolfSSL 13:f67a6c6013ca 20301
wolfSSL 13:f67a6c6013ca 20302 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 20303
wolfSSL 13:f67a6c6013ca 20304 typedef struct SskeArgs {
wolfSSL 13:f67a6c6013ca 20305 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 20306 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 13:f67a6c6013ca 20307 byte* sigDataBuf;
wolfSSL 13:f67a6c6013ca 20308 #endif
wolfSSL 13:f67a6c6013ca 20309 #if defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 20310 byte* exportBuf;
wolfSSL 13:f67a6c6013ca 20311 #endif
wolfSSL 13:f67a6c6013ca 20312 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 20313 byte* verifySig;
wolfSSL 13:f67a6c6013ca 20314 #endif
wolfSSL 13:f67a6c6013ca 20315 word32 idx;
wolfSSL 13:f67a6c6013ca 20316 word32 tmpSigSz;
wolfSSL 13:f67a6c6013ca 20317 word32 length;
wolfSSL 13:f67a6c6013ca 20318 word32 sigSz;
wolfSSL 13:f67a6c6013ca 20319 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 13:f67a6c6013ca 20320 word32 sigDataSz;
wolfSSL 13:f67a6c6013ca 20321 #endif
wolfSSL 13:f67a6c6013ca 20322 #if defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 20323 word32 exportSz;
wolfSSL 13:f67a6c6013ca 20324 #endif
wolfSSL 13:f67a6c6013ca 20325 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20326 word32 qshSz;
wolfSSL 13:f67a6c6013ca 20327 #endif
wolfSSL 13:f67a6c6013ca 20328 int sendSz;
wolfSSL 13:f67a6c6013ca 20329 } SskeArgs;
wolfSSL 13:f67a6c6013ca 20330
wolfSSL 13:f67a6c6013ca 20331 static void FreeSskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 20332 {
wolfSSL 13:f67a6c6013ca 20333 SskeArgs* args = (SskeArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 20334
wolfSSL 13:f67a6c6013ca 20335 (void)ssl;
wolfSSL 13:f67a6c6013ca 20336
wolfSSL 13:f67a6c6013ca 20337 #if defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 20338 if (args->exportBuf) {
wolfSSL 13:f67a6c6013ca 20339 XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL 13:f67a6c6013ca 20340 args->exportBuf = NULL;
wolfSSL 13:f67a6c6013ca 20341 }
wolfSSL 13:f67a6c6013ca 20342 #endif
wolfSSL 13:f67a6c6013ca 20343 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 13:f67a6c6013ca 20344 if (args->sigDataBuf) {
wolfSSL 13:f67a6c6013ca 20345 XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 20346 args->sigDataBuf = NULL;
wolfSSL 13:f67a6c6013ca 20347 }
wolfSSL 13:f67a6c6013ca 20348 #endif
wolfSSL 13:f67a6c6013ca 20349 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 20350 if (args->verifySig) {
wolfSSL 13:f67a6c6013ca 20351 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 20352 args->verifySig = NULL;
wolfSSL 13:f67a6c6013ca 20353 }
wolfSSL 13:f67a6c6013ca 20354 #endif
wolfSSL 13:f67a6c6013ca 20355 (void)args;
wolfSSL 13:f67a6c6013ca 20356 }
wolfSSL 13:f67a6c6013ca 20357
wolfSSL 13:f67a6c6013ca 20358 int SendServerKeyExchange(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 20359 {
wolfSSL 13:f67a6c6013ca 20360 int ret;
wolfSSL 13:f67a6c6013ca 20361 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 20362 SskeArgs* args = (SskeArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 20363 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 20364 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 20365 #else
wolfSSL 13:f67a6c6013ca 20366 SskeArgs args[1];
wolfSSL 13:f67a6c6013ca 20367 #endif
wolfSSL 13:f67a6c6013ca 20368
wolfSSL 13:f67a6c6013ca 20369 WOLFSSL_ENTER("SendServerKeyExchange");
wolfSSL 13:f67a6c6013ca 20370
wolfSSL 13:f67a6c6013ca 20371 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 20372 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 20373 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 20374 /* Check for error */
wolfSSL 13:f67a6c6013ca 20375 if (ret < 0)
wolfSSL 13:f67a6c6013ca 20376 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20377 }
wolfSSL 13:f67a6c6013ca 20378 else
wolfSSL 13:f67a6c6013ca 20379 #endif
wolfSSL 13:f67a6c6013ca 20380 {
wolfSSL 13:f67a6c6013ca 20381 /* Reset state */
wolfSSL 13:f67a6c6013ca 20382 ret = 0;
wolfSSL 13:f67a6c6013ca 20383 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 20384 XMEMSET(args, 0, sizeof(SskeArgs));
wolfSSL 13:f67a6c6013ca 20385 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 20386 ssl->async.freeArgs = FreeSskeArgs;
wolfSSL 13:f67a6c6013ca 20387 #endif
wolfSSL 13:f67a6c6013ca 20388 }
wolfSSL 13:f67a6c6013ca 20389
wolfSSL 13:f67a6c6013ca 20390 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 20391 {
wolfSSL 13:f67a6c6013ca 20392 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 20393 {
wolfSSL 13:f67a6c6013ca 20394 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20395 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 20396 args->qshSz = QSH_KeyGetSize(ssl);
wolfSSL 13:f67a6c6013ca 20397 }
wolfSSL 13:f67a6c6013ca 20398 #endif
wolfSSL 13:f67a6c6013ca 20399
wolfSSL 13:f67a6c6013ca 20400 /* Do some checks / debug msgs */
wolfSSL 13:f67a6c6013ca 20401 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 20402 {
wolfSSL 13:f67a6c6013ca 20403 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 20404 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 20405 {
wolfSSL 13:f67a6c6013ca 20406 WOLFSSL_MSG("Using ephemeral ECDH PSK");
wolfSSL 13:f67a6c6013ca 20407 break;
wolfSSL 13:f67a6c6013ca 20408 }
wolfSSL 13:f67a6c6013ca 20409 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 20410 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 20411 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 20412 {
wolfSSL 13:f67a6c6013ca 20413 if (ssl->specs.static_ecdh) {
wolfSSL 13:f67a6c6013ca 20414 WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange");
wolfSSL 13:f67a6c6013ca 20415 ERROR_OUT(0, exit_sske);
wolfSSL 13:f67a6c6013ca 20416 }
wolfSSL 13:f67a6c6013ca 20417
wolfSSL 13:f67a6c6013ca 20418 /* make sure private key exists */
wolfSSL 13:f67a6c6013ca 20419 if (ssl->buffers.key == NULL ||
wolfSSL 13:f67a6c6013ca 20420 ssl->buffers.key->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20421 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 13:f67a6c6013ca 20422 }
wolfSSL 13:f67a6c6013ca 20423
wolfSSL 13:f67a6c6013ca 20424 WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL 13:f67a6c6013ca 20425 break;
wolfSSL 13:f67a6c6013ca 20426 }
wolfSSL 13:f67a6c6013ca 20427 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 20428 }
wolfSSL 13:f67a6c6013ca 20429
wolfSSL 13:f67a6c6013ca 20430 /* Preparing keys */
wolfSSL 13:f67a6c6013ca 20431 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 20432 {
wolfSSL 13:f67a6c6013ca 20433 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 20434 case psk_kea:
wolfSSL 13:f67a6c6013ca 20435 {
wolfSSL 13:f67a6c6013ca 20436 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 20437 break;
wolfSSL 13:f67a6c6013ca 20438 }
wolfSSL 13:f67a6c6013ca 20439 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 20440 #if !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA))
wolfSSL 13:f67a6c6013ca 20441 #if !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 20442 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 20443 #endif
wolfSSL 13:f67a6c6013ca 20444 #if !defined(NO_RSA)
wolfSSL 13:f67a6c6013ca 20445 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 20446 #endif
wolfSSL 13:f67a6c6013ca 20447 {
wolfSSL 13:f67a6c6013ca 20448 /* Allocate DH key buffers and generate key */
wolfSSL 13:f67a6c6013ca 20449 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 13:f67a6c6013ca 20450 ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20451 ERROR_OUT(NO_DH_PARAMS, exit_sske);
wolfSSL 13:f67a6c6013ca 20452 }
wolfSSL 13:f67a6c6013ca 20453
wolfSSL 13:f67a6c6013ca 20454 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20455 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 13:f67a6c6013ca 20456 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 20457 ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 20458 ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 13:f67a6c6013ca 20459 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20460 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 20461 }
wolfSSL 13:f67a6c6013ca 20462 }
wolfSSL 13:f67a6c6013ca 20463
wolfSSL 13:f67a6c6013ca 20464 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20465 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 13:f67a6c6013ca 20466 ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 20467 ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 20468 ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 13:f67a6c6013ca 20469 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 20470 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 20471 }
wolfSSL 13:f67a6c6013ca 20472 }
wolfSSL 13:f67a6c6013ca 20473
wolfSSL 13:f67a6c6013ca 20474 ssl->options.dhKeySz =
wolfSSL 13:f67a6c6013ca 20475 (word16)ssl->buffers.serverDH_P.length;
wolfSSL 13:f67a6c6013ca 20476
wolfSSL 13:f67a6c6013ca 20477 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 13:f67a6c6013ca 20478 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 20479 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20480 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20481 }
wolfSSL 13:f67a6c6013ca 20482
wolfSSL 13:f67a6c6013ca 20483 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 20484 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 20485 ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 20486 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 20487 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 20488 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20489 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20490 }
wolfSSL 13:f67a6c6013ca 20491
wolfSSL 13:f67a6c6013ca 20492 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 20493 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 13:f67a6c6013ca 20494 &ssl->buffers.serverDH_Priv.length,
wolfSSL 13:f67a6c6013ca 20495 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 13:f67a6c6013ca 20496 &ssl->buffers.serverDH_Pub.length);
wolfSSL 13:f67a6c6013ca 20497 break;
wolfSSL 13:f67a6c6013ca 20498 }
wolfSSL 13:f67a6c6013ca 20499 #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */
wolfSSL 13:f67a6c6013ca 20500 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 20501 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 20502 /* Fall through to create temp ECC key */
wolfSSL 13:f67a6c6013ca 20503 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 20504 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 20505 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 20506 {
wolfSSL 13:f67a6c6013ca 20507 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20508 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 20509 /* need ephemeral key now, create it if missing */
wolfSSL 13:f67a6c6013ca 20510 if (ssl->eccTempKey == NULL) {
wolfSSL 13:f67a6c6013ca 20511 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 20512 ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 20513 (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 20514 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20515 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20516 }
wolfSSL 13:f67a6c6013ca 20517 }
wolfSSL 13:f67a6c6013ca 20518
wolfSSL 13:f67a6c6013ca 20519 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 20520 ret = X25519MakeKey(ssl,
wolfSSL 13:f67a6c6013ca 20521 (curve25519_key*)ssl->eccTempKey, NULL);
wolfSSL 13:f67a6c6013ca 20522 if (ret == 0 || ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 20523 ssl->eccTempKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 20524 }
wolfSSL 13:f67a6c6013ca 20525 }
wolfSSL 13:f67a6c6013ca 20526 break;
wolfSSL 13:f67a6c6013ca 20527 }
wolfSSL 13:f67a6c6013ca 20528 #endif
wolfSSL 13:f67a6c6013ca 20529 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 20530 /* need ephemeral key now, create it if missing */
wolfSSL 13:f67a6c6013ca 20531 if (ssl->eccTempKey == NULL) {
wolfSSL 13:f67a6c6013ca 20532 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 20533 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 20534 (void**)&ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 20535 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20536 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20537 }
wolfSSL 13:f67a6c6013ca 20538 }
wolfSSL 13:f67a6c6013ca 20539
wolfSSL 13:f67a6c6013ca 20540 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 20541 /* TODO: Need to first do wc_EccPrivateKeyDecode,
wolfSSL 13:f67a6c6013ca 20542 then we know curve dp */
wolfSSL 13:f67a6c6013ca 20543 ret = EccMakeKey(ssl, ssl->eccTempKey, NULL);
wolfSSL 13:f67a6c6013ca 20544 if (ret == 0 || ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 20545 ssl->eccTempKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 20546 }
wolfSSL 13:f67a6c6013ca 20547 }
wolfSSL 13:f67a6c6013ca 20548 #endif
wolfSSL 13:f67a6c6013ca 20549 break;
wolfSSL 13:f67a6c6013ca 20550 }
wolfSSL 13:f67a6c6013ca 20551 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 20552 default:
wolfSSL 13:f67a6c6013ca 20553 /* Skip ServerKeyExchange */
wolfSSL 13:f67a6c6013ca 20554 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20555 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 20556
wolfSSL 13:f67a6c6013ca 20557 /* Check for error */
wolfSSL 13:f67a6c6013ca 20558 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20559 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20560 }
wolfSSL 13:f67a6c6013ca 20561
wolfSSL 13:f67a6c6013ca 20562 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 20563 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 20564 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 20565 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 20566
wolfSSL 13:f67a6c6013ca 20567 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 20568 {
wolfSSL 13:f67a6c6013ca 20569 #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 20570 word32 preSigSz, preSigIdx;
wolfSSL 13:f67a6c6013ca 20571 #endif
wolfSSL 13:f67a6c6013ca 20572
wolfSSL 13:f67a6c6013ca 20573 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 20574 {
wolfSSL 13:f67a6c6013ca 20575 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 20576 case psk_kea:
wolfSSL 13:f67a6c6013ca 20577 {
wolfSSL 13:f67a6c6013ca 20578 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20579
wolfSSL 13:f67a6c6013ca 20580 if (ssl->arrays->server_hint[0] == 0) {
wolfSSL 13:f67a6c6013ca 20581 ERROR_OUT(0, exit_sske); /* don't send */
wolfSSL 13:f67a6c6013ca 20582 }
wolfSSL 13:f67a6c6013ca 20583
wolfSSL 13:f67a6c6013ca 20584 /* include size part */
wolfSSL 13:f67a6c6013ca 20585 args->length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 13:f67a6c6013ca 20586 if (args->length > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 20587 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20588 }
wolfSSL 13:f67a6c6013ca 20589
wolfSSL 13:f67a6c6013ca 20590 args->length += HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20591 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 13:f67a6c6013ca 20592 RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20593
wolfSSL 13:f67a6c6013ca 20594 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20595 args->length += args->qshSz;
wolfSSL 13:f67a6c6013ca 20596 args->sendSz += args->qshSz;
wolfSSL 13:f67a6c6013ca 20597 #endif
wolfSSL 13:f67a6c6013ca 20598
wolfSSL 13:f67a6c6013ca 20599 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20600 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20601 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20602 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20603 }
wolfSSL 13:f67a6c6013ca 20604 #endif
wolfSSL 13:f67a6c6013ca 20605 /* check for available size */
wolfSSL 13:f67a6c6013ca 20606 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 20607 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20608 }
wolfSSL 13:f67a6c6013ca 20609
wolfSSL 13:f67a6c6013ca 20610 /* get ouput buffer */
wolfSSL 13:f67a6c6013ca 20611 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 20612 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 20613
wolfSSL 13:f67a6c6013ca 20614 AddHeaders(args->output, args->length,
wolfSSL 13:f67a6c6013ca 20615 server_key_exchange, ssl);
wolfSSL 13:f67a6c6013ca 20616
wolfSSL 13:f67a6c6013ca 20617 /* key data */
wolfSSL 13:f67a6c6013ca 20618 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20619 c16toa((word16)(args->length - args->qshSz -
wolfSSL 13:f67a6c6013ca 20620 HINT_LEN_SZ), args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20621 #else
wolfSSL 13:f67a6c6013ca 20622 c16toa((word16)(args->length - HINT_LEN_SZ),
wolfSSL 13:f67a6c6013ca 20623 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20624 #endif
wolfSSL 13:f67a6c6013ca 20625
wolfSSL 13:f67a6c6013ca 20626 args->idx += HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20627 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20628 ssl->arrays->server_hint,
wolfSSL 13:f67a6c6013ca 20629 args->length - HINT_LEN_SZ);
wolfSSL 13:f67a6c6013ca 20630 break;
wolfSSL 13:f67a6c6013ca 20631 }
wolfSSL 13:f67a6c6013ca 20632 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 20633 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 20634 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 20635 {
wolfSSL 13:f67a6c6013ca 20636 word32 hintLen;
wolfSSL 13:f67a6c6013ca 20637
wolfSSL 13:f67a6c6013ca 20638 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20639 args->length = LENGTH_SZ * 3 + /* p, g, pub */
wolfSSL 13:f67a6c6013ca 20640 ssl->buffers.serverDH_P.length +
wolfSSL 13:f67a6c6013ca 20641 ssl->buffers.serverDH_G.length +
wolfSSL 13:f67a6c6013ca 20642 ssl->buffers.serverDH_Pub.length;
wolfSSL 13:f67a6c6013ca 20643
wolfSSL 13:f67a6c6013ca 20644 /* include size part */
wolfSSL 13:f67a6c6013ca 20645 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 13:f67a6c6013ca 20646 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 20647 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20648 }
wolfSSL 13:f67a6c6013ca 20649 args->length += hintLen + HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20650 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 13:f67a6c6013ca 20651 RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20652
wolfSSL 13:f67a6c6013ca 20653 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20654 args->length += args->qshSz;
wolfSSL 13:f67a6c6013ca 20655 args->sendSz += args->qshSz;
wolfSSL 13:f67a6c6013ca 20656 #endif
wolfSSL 13:f67a6c6013ca 20657 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20658 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20659 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20660 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20661 }
wolfSSL 13:f67a6c6013ca 20662 #endif
wolfSSL 13:f67a6c6013ca 20663
wolfSSL 13:f67a6c6013ca 20664 /* check for available size */
wolfSSL 13:f67a6c6013ca 20665 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 20666 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20667 }
wolfSSL 13:f67a6c6013ca 20668
wolfSSL 13:f67a6c6013ca 20669 /* get ouput buffer */
wolfSSL 13:f67a6c6013ca 20670 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 20671 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 20672
wolfSSL 13:f67a6c6013ca 20673 AddHeaders(args->output, args->length,
wolfSSL 13:f67a6c6013ca 20674 server_key_exchange, ssl);
wolfSSL 13:f67a6c6013ca 20675
wolfSSL 13:f67a6c6013ca 20676 /* key data */
wolfSSL 13:f67a6c6013ca 20677 c16toa((word16)hintLen, args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20678 args->idx += HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20679 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20680 ssl->arrays->server_hint, hintLen);
wolfSSL 13:f67a6c6013ca 20681 args->idx += hintLen;
wolfSSL 13:f67a6c6013ca 20682
wolfSSL 13:f67a6c6013ca 20683 /* add p, g, pub */
wolfSSL 13:f67a6c6013ca 20684 c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 20685 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20686 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 20687 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20688 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 20689 ssl->buffers.serverDH_P.length);
wolfSSL 13:f67a6c6013ca 20690 args->idx += ssl->buffers.serverDH_P.length;
wolfSSL 13:f67a6c6013ca 20691
wolfSSL 13:f67a6c6013ca 20692 /* g */
wolfSSL 13:f67a6c6013ca 20693 c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL 13:f67a6c6013ca 20694 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20695 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 20696 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20697 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 20698 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 20699 args->idx += ssl->buffers.serverDH_G.length;
wolfSSL 13:f67a6c6013ca 20700
wolfSSL 13:f67a6c6013ca 20701 /* pub */
wolfSSL 13:f67a6c6013ca 20702 c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL 13:f67a6c6013ca 20703 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20704 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 20705 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20706 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 13:f67a6c6013ca 20707 ssl->buffers.serverDH_Pub.length);
wolfSSL 13:f67a6c6013ca 20708 /* No need to update idx, since sizes are already set */
wolfSSL 13:f67a6c6013ca 20709 /* args->idx += ssl->buffers.serverDH_Pub.length; */
wolfSSL 13:f67a6c6013ca 20710 break;
wolfSSL 13:f67a6c6013ca 20711 }
wolfSSL 13:f67a6c6013ca 20712 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 13:f67a6c6013ca 20713 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 20714 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 20715 {
wolfSSL 13:f67a6c6013ca 20716 word32 hintLen;
wolfSSL 13:f67a6c6013ca 20717
wolfSSL 13:f67a6c6013ca 20718 /* curve type, named curve, length(1) */
wolfSSL 13:f67a6c6013ca 20719 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20720 args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 13:f67a6c6013ca 20721
wolfSSL 13:f67a6c6013ca 20722 args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 13:f67a6c6013ca 20723 args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL 13:f67a6c6013ca 20724 ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL 13:f67a6c6013ca 20725 if (args->exportBuf == NULL) {
wolfSSL 13:f67a6c6013ca 20726 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 20727 }
wolfSSL 13:f67a6c6013ca 20728 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20729 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 20730 if (wc_curve25519_export_public_ex(
wolfSSL 13:f67a6c6013ca 20731 (curve25519_key*)ssl->eccTempKey,
wolfSSL 13:f67a6c6013ca 20732 args->exportBuf, &args->exportSz,
wolfSSL 13:f67a6c6013ca 20733 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 13:f67a6c6013ca 20734 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20735 }
wolfSSL 13:f67a6c6013ca 20736 }
wolfSSL 13:f67a6c6013ca 20737 else
wolfSSL 13:f67a6c6013ca 20738 #endif
wolfSSL 13:f67a6c6013ca 20739 {
wolfSSL 13:f67a6c6013ca 20740 if (wc_ecc_export_x963(ssl->eccTempKey,
wolfSSL 13:f67a6c6013ca 20741 args->exportBuf, &args->exportSz) != 0) {
wolfSSL 13:f67a6c6013ca 20742 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20743 }
wolfSSL 13:f67a6c6013ca 20744 }
wolfSSL 13:f67a6c6013ca 20745 args->length += args->exportSz;
wolfSSL 13:f67a6c6013ca 20746
wolfSSL 13:f67a6c6013ca 20747 /* include size part */
wolfSSL 13:f67a6c6013ca 20748 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 13:f67a6c6013ca 20749 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 20750 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20751 }
wolfSSL 13:f67a6c6013ca 20752 args->length += hintLen + HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20753 args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20754
wolfSSL 13:f67a6c6013ca 20755 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20756 args->length += args->qshSz;
wolfSSL 13:f67a6c6013ca 20757 args->sendSz += args->qshSz;
wolfSSL 13:f67a6c6013ca 20758 #endif
wolfSSL 13:f67a6c6013ca 20759 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20760 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20761 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20762 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20763 }
wolfSSL 13:f67a6c6013ca 20764 #endif
wolfSSL 13:f67a6c6013ca 20765 /* check for available size */
wolfSSL 13:f67a6c6013ca 20766 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 20767 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20768 }
wolfSSL 13:f67a6c6013ca 20769
wolfSSL 13:f67a6c6013ca 20770 /* get output buffer */
wolfSSL 13:f67a6c6013ca 20771 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 20772 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 20773
wolfSSL 13:f67a6c6013ca 20774 /* key data */
wolfSSL 13:f67a6c6013ca 20775 c16toa((word16)hintLen, args->output + args->idx);
wolfSSL 13:f67a6c6013ca 20776 args->idx += HINT_LEN_SZ;
wolfSSL 13:f67a6c6013ca 20777 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 20778 ssl->arrays->server_hint, hintLen);
wolfSSL 13:f67a6c6013ca 20779 args->idx += hintLen;
wolfSSL 13:f67a6c6013ca 20780
wolfSSL 13:f67a6c6013ca 20781 /* ECC key exchange data */
wolfSSL 13:f67a6c6013ca 20782 args->output[args->idx++] = named_curve;
wolfSSL 13:f67a6c6013ca 20783 args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL 13:f67a6c6013ca 20784 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20785 if (ssl->ecdhCurveOID == ECC_X25519_OID)
wolfSSL 13:f67a6c6013ca 20786 args->output[args->idx++] = WOLFSSL_ECC_X25519;
wolfSSL 13:f67a6c6013ca 20787 else
wolfSSL 13:f67a6c6013ca 20788 #endif
wolfSSL 13:f67a6c6013ca 20789 {
wolfSSL 13:f67a6c6013ca 20790 args->output[args->idx++] =
wolfSSL 13:f67a6c6013ca 20791 SetCurveId(ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 20792 }
wolfSSL 13:f67a6c6013ca 20793 args->output[args->idx++] = (byte)args->exportSz;
wolfSSL 13:f67a6c6013ca 20794 XMEMCPY(args->output + args->idx, args->exportBuf,
wolfSSL 13:f67a6c6013ca 20795 args->exportSz);
wolfSSL 13:f67a6c6013ca 20796 break;
wolfSSL 13:f67a6c6013ca 20797 }
wolfSSL 13:f67a6c6013ca 20798 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 20799 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 20800 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 20801 {
wolfSSL 13:f67a6c6013ca 20802 enum wc_HashType hashType;
wolfSSL 13:f67a6c6013ca 20803
wolfSSL 13:f67a6c6013ca 20804 /* curve type, named curve, length(1) */
wolfSSL 13:f67a6c6013ca 20805 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20806 args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 13:f67a6c6013ca 20807
wolfSSL 13:f67a6c6013ca 20808 /* Export temp ECC key and add to length */
wolfSSL 13:f67a6c6013ca 20809 args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 13:f67a6c6013ca 20810 args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL 13:f67a6c6013ca 20811 ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL 13:f67a6c6013ca 20812 if (args->exportBuf == NULL) {
wolfSSL 13:f67a6c6013ca 20813 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 20814 }
wolfSSL 13:f67a6c6013ca 20815 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20816 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 20817 if (wc_curve25519_export_public_ex(
wolfSSL 13:f67a6c6013ca 20818 (curve25519_key*)ssl->eccTempKey,
wolfSSL 13:f67a6c6013ca 20819 args->exportBuf, &args->exportSz,
wolfSSL 13:f67a6c6013ca 20820 EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL 13:f67a6c6013ca 20821 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20822 }
wolfSSL 13:f67a6c6013ca 20823 }
wolfSSL 13:f67a6c6013ca 20824 else
wolfSSL 13:f67a6c6013ca 20825 #endif
wolfSSL 13:f67a6c6013ca 20826 {
wolfSSL 13:f67a6c6013ca 20827 if (wc_ecc_export_x963(ssl->eccTempKey,
wolfSSL 13:f67a6c6013ca 20828 args->exportBuf, &args->exportSz) != 0) {
wolfSSL 13:f67a6c6013ca 20829 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 20830 }
wolfSSL 13:f67a6c6013ca 20831 }
wolfSSL 13:f67a6c6013ca 20832 args->length += args->exportSz;
wolfSSL 13:f67a6c6013ca 20833
wolfSSL 13:f67a6c6013ca 20834 preSigSz = args->length;
wolfSSL 13:f67a6c6013ca 20835 preSigIdx = args->idx;
wolfSSL 13:f67a6c6013ca 20836
wolfSSL 13:f67a6c6013ca 20837 switch(ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 20838 {
wolfSSL 13:f67a6c6013ca 20839 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 20840 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 20841 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 20842 #endif
wolfSSL 13:f67a6c6013ca 20843 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 20844 {
wolfSSL 13:f67a6c6013ca 20845 word32 i = 0;
wolfSSL 13:f67a6c6013ca 20846 int keySz;
wolfSSL 13:f67a6c6013ca 20847
wolfSSL 13:f67a6c6013ca 20848 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 13:f67a6c6013ca 20849 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 20850 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20851 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20852 }
wolfSSL 13:f67a6c6013ca 20853
wolfSSL 13:f67a6c6013ca 20854 ret = wc_RsaPrivateKeyDecode(
wolfSSL 13:f67a6c6013ca 20855 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 20856 &i,
wolfSSL 13:f67a6c6013ca 20857 (RsaKey*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 20858 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 20859 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20860 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20861 }
wolfSSL 13:f67a6c6013ca 20862 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 20863 if (keySz < 0) { /* test if keySz has error */
wolfSSL 13:f67a6c6013ca 20864 ERROR_OUT(keySz, exit_sske);
wolfSSL 13:f67a6c6013ca 20865 }
wolfSSL 13:f67a6c6013ca 20866
wolfSSL 13:f67a6c6013ca 20867 args->tmpSigSz = (word32)keySz;
wolfSSL 13:f67a6c6013ca 20868 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 20869 WOLFSSL_MSG("RSA signature key size too small");
wolfSSL 13:f67a6c6013ca 20870 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 13:f67a6c6013ca 20871 }
wolfSSL 13:f67a6c6013ca 20872 break;
wolfSSL 13:f67a6c6013ca 20873 }
wolfSSL 13:f67a6c6013ca 20874 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 20875 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 20876 {
wolfSSL 13:f67a6c6013ca 20877 word32 i = 0;
wolfSSL 13:f67a6c6013ca 20878
wolfSSL 13:f67a6c6013ca 20879 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 13:f67a6c6013ca 20880 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 20881 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20882 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20883 }
wolfSSL 13:f67a6c6013ca 20884
wolfSSL 13:f67a6c6013ca 20885 ret = wc_EccPrivateKeyDecode(
wolfSSL 13:f67a6c6013ca 20886 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 20887 &i,
wolfSSL 13:f67a6c6013ca 20888 (ecc_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 20889 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 20890 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20891 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20892 }
wolfSSL 13:f67a6c6013ca 20893 /* worst case estimate */
wolfSSL 13:f67a6c6013ca 20894 args->tmpSigSz = wc_ecc_sig_size(
wolfSSL 13:f67a6c6013ca 20895 (ecc_key*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 20896
wolfSSL 13:f67a6c6013ca 20897 /* check the minimum ECC key size */
wolfSSL 13:f67a6c6013ca 20898 if (wc_ecc_size((ecc_key*)ssl->hsKey) <
wolfSSL 13:f67a6c6013ca 20899 ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 20900 WOLFSSL_MSG("ECC key size too small");
wolfSSL 13:f67a6c6013ca 20901 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 20902 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20903 }
wolfSSL 13:f67a6c6013ca 20904 break;
wolfSSL 13:f67a6c6013ca 20905 }
wolfSSL 13:f67a6c6013ca 20906 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 20907 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 20908 {
wolfSSL 13:f67a6c6013ca 20909 word32 i = 0;
wolfSSL 13:f67a6c6013ca 20910
wolfSSL 13:f67a6c6013ca 20911 ssl->hsType = DYNAMIC_TYPE_ED25519;
wolfSSL 13:f67a6c6013ca 20912 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 20913 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20914 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20915 }
wolfSSL 13:f67a6c6013ca 20916
wolfSSL 13:f67a6c6013ca 20917 ret = wc_Ed25519PrivateKeyDecode(
wolfSSL 13:f67a6c6013ca 20918 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 20919 &i,
wolfSSL 13:f67a6c6013ca 20920 (ed25519_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 20921 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 20922 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 20923 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20924 }
wolfSSL 13:f67a6c6013ca 20925 /* worst case estimate */
wolfSSL 13:f67a6c6013ca 20926 args->tmpSigSz = ED25519_SIG_SIZE;
wolfSSL 13:f67a6c6013ca 20927
wolfSSL 13:f67a6c6013ca 20928 /* check the minimum ECC key size */
wolfSSL 13:f67a6c6013ca 20929 if (ED25519_KEY_SIZE <
wolfSSL 13:f67a6c6013ca 20930 ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 20931 WOLFSSL_MSG("Ed25519 key size too small");
wolfSSL 13:f67a6c6013ca 20932 ret = ECC_KEY_SIZE_E;
wolfSSL 13:f67a6c6013ca 20933 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20934 }
wolfSSL 13:f67a6c6013ca 20935 break;
wolfSSL 13:f67a6c6013ca 20936 }
wolfSSL 13:f67a6c6013ca 20937 #endif
wolfSSL 13:f67a6c6013ca 20938 default:
wolfSSL 13:f67a6c6013ca 20939 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 13:f67a6c6013ca 20940 } /* switch(ssl->specs.sig_algo) */
wolfSSL 13:f67a6c6013ca 20941
wolfSSL 13:f67a6c6013ca 20942 /* sig length */
wolfSSL 13:f67a6c6013ca 20943 args->length += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 20944 args->length += args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 20945
wolfSSL 13:f67a6c6013ca 20946 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 20947 args->length += HASH_SIG_SIZE;
wolfSSL 13:f67a6c6013ca 20948 }
wolfSSL 13:f67a6c6013ca 20949
wolfSSL 13:f67a6c6013ca 20950 args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 20951
wolfSSL 13:f67a6c6013ca 20952 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 20953 args->length += args->qshSz;
wolfSSL 13:f67a6c6013ca 20954 args->sendSz += args->qshSz;
wolfSSL 13:f67a6c6013ca 20955 #endif
wolfSSL 13:f67a6c6013ca 20956 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 20957 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 20958 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20959 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 20960 preSigIdx = args->idx;
wolfSSL 13:f67a6c6013ca 20961 }
wolfSSL 13:f67a6c6013ca 20962 #endif
wolfSSL 13:f67a6c6013ca 20963 /* check for available size */
wolfSSL 13:f67a6c6013ca 20964 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 20965 goto exit_sske;
wolfSSL 13:f67a6c6013ca 20966 }
wolfSSL 13:f67a6c6013ca 20967
wolfSSL 13:f67a6c6013ca 20968 /* get ouput buffer */
wolfSSL 13:f67a6c6013ca 20969 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 20970 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 20971
wolfSSL 13:f67a6c6013ca 20972 /* record and message headers will be added below, when we're sure
wolfSSL 13:f67a6c6013ca 20973 of the sig length */
wolfSSL 13:f67a6c6013ca 20974
wolfSSL 13:f67a6c6013ca 20975 /* key exchange data */
wolfSSL 13:f67a6c6013ca 20976 args->output[args->idx++] = named_curve;
wolfSSL 13:f67a6c6013ca 20977 args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL 13:f67a6c6013ca 20978 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 20979 if (ssl->ecdhCurveOID == ECC_X25519_OID)
wolfSSL 13:f67a6c6013ca 20980 args->output[args->idx++] = WOLFSSL_ECC_X25519;
wolfSSL 13:f67a6c6013ca 20981 else
wolfSSL 13:f67a6c6013ca 20982 #endif
wolfSSL 13:f67a6c6013ca 20983 {
wolfSSL 13:f67a6c6013ca 20984 args->output[args->idx++] =
wolfSSL 13:f67a6c6013ca 20985 SetCurveId(ssl->eccTempKey);
wolfSSL 13:f67a6c6013ca 20986 }
wolfSSL 13:f67a6c6013ca 20987 args->output[args->idx++] = (byte)args->exportSz;
wolfSSL 13:f67a6c6013ca 20988 XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz);
wolfSSL 13:f67a6c6013ca 20989 args->idx += args->exportSz;
wolfSSL 13:f67a6c6013ca 20990
wolfSSL 13:f67a6c6013ca 20991 /* Determine hash type */
wolfSSL 13:f67a6c6013ca 20992 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 20993 EncodeSigAlg(ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 20994 ssl->suites->sigAlgo,
wolfSSL 13:f67a6c6013ca 20995 &args->output[args->idx]);
wolfSSL 13:f67a6c6013ca 20996 args->idx += 2;
wolfSSL 13:f67a6c6013ca 20997
wolfSSL 13:f67a6c6013ca 20998 hashType = HashAlgoToType(ssl->suites->hashAlgo);
wolfSSL 13:f67a6c6013ca 20999 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 13:f67a6c6013ca 21000 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21001 }
wolfSSL 13:f67a6c6013ca 21002
wolfSSL 13:f67a6c6013ca 21003 } else {
wolfSSL 13:f67a6c6013ca 21004 /* only using sha and md5 for rsa */
wolfSSL 13:f67a6c6013ca 21005 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 21006 hashType = WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 21007 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 21008 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 13:f67a6c6013ca 21009 }
wolfSSL 13:f67a6c6013ca 21010 #else
wolfSSL 13:f67a6c6013ca 21011 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21012 #endif
wolfSSL 13:f67a6c6013ca 21013 }
wolfSSL 13:f67a6c6013ca 21014
wolfSSL 13:f67a6c6013ca 21015 /* Signtaure length will be written later, when we're sure what it is */
wolfSSL 13:f67a6c6013ca 21016
wolfSSL 13:f67a6c6013ca 21017 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 21018 if (ssl->fuzzerCb) {
wolfSSL 13:f67a6c6013ca 21019 ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL 13:f67a6c6013ca 21020 preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 21021 }
wolfSSL 13:f67a6c6013ca 21022 #endif
wolfSSL 13:f67a6c6013ca 21023
wolfSSL 13:f67a6c6013ca 21024 /* Assemble buffer to hash for signature */
wolfSSL 13:f67a6c6013ca 21025 args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 13:f67a6c6013ca 21026 args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL 13:f67a6c6013ca 21027 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21028 if (args->sigDataBuf == NULL) {
wolfSSL 13:f67a6c6013ca 21029 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21030 }
wolfSSL 13:f67a6c6013ca 21031 XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL 13:f67a6c6013ca 21032 RAN_LEN);
wolfSSL 13:f67a6c6013ca 21033 XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL 13:f67a6c6013ca 21034 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 21035 XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL 13:f67a6c6013ca 21036 args->output + preSigIdx, preSigSz);
wolfSSL 13:f67a6c6013ca 21037
wolfSSL 13:f67a6c6013ca 21038 if (ssl->suites->sigAlgo != ed25519_sa_algo) {
wolfSSL 13:f67a6c6013ca 21039 ssl->buffers.sig.length =
wolfSSL 13:f67a6c6013ca 21040 wc_HashGetDigestSize(hashType);
wolfSSL 13:f67a6c6013ca 21041 ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21042 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21043 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21044 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 21045 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21046 }
wolfSSL 13:f67a6c6013ca 21047
wolfSSL 13:f67a6c6013ca 21048 /* Perform hash */
wolfSSL 13:f67a6c6013ca 21049 ret = wc_Hash(hashType, args->sigDataBuf,
wolfSSL 13:f67a6c6013ca 21050 args->sigDataSz,
wolfSSL 13:f67a6c6013ca 21051 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21052 ssl->buffers.sig.length);
wolfSSL 13:f67a6c6013ca 21053 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21054 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21055 }
wolfSSL 13:f67a6c6013ca 21056 }
wolfSSL 13:f67a6c6013ca 21057
wolfSSL 13:f67a6c6013ca 21058 args->sigSz = args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21059
wolfSSL 13:f67a6c6013ca 21060 /* Sign hash to create signature */
wolfSSL 13:f67a6c6013ca 21061 switch (ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21062 {
wolfSSL 13:f67a6c6013ca 21063 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21064 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21065 {
wolfSSL 13:f67a6c6013ca 21066 /* For TLS 1.2 re-encode signature */
wolfSSL 13:f67a6c6013ca 21067 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 21068 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21069 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 13:f67a6c6013ca 21070 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21071 if (encodedSig == NULL) {
wolfSSL 13:f67a6c6013ca 21072 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21073 }
wolfSSL 13:f67a6c6013ca 21074
wolfSSL 13:f67a6c6013ca 21075 ssl->buffers.sig.length =
wolfSSL 13:f67a6c6013ca 21076 wc_EncodeSignature(encodedSig,
wolfSSL 13:f67a6c6013ca 21077 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21078 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21079 TypeHash(ssl->suites->hashAlgo));
wolfSSL 13:f67a6c6013ca 21080
wolfSSL 13:f67a6c6013ca 21081 /* Replace sig buffer with new one */
wolfSSL 13:f67a6c6013ca 21082 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 21083 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21084 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 13:f67a6c6013ca 21085 }
wolfSSL 13:f67a6c6013ca 21086
wolfSSL 13:f67a6c6013ca 21087 /* write sig size here */
wolfSSL 13:f67a6c6013ca 21088 c16toa((word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 21089 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21090 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21091 break;
wolfSSL 13:f67a6c6013ca 21092 }
wolfSSL 13:f67a6c6013ca 21093 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 21094 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 21095 /* write sig size here */
wolfSSL 13:f67a6c6013ca 21096 c16toa((word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 21097 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21098 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21099 break;
wolfSSL 13:f67a6c6013ca 21100 #endif
wolfSSL 13:f67a6c6013ca 21101 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 21102 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 21103 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 21104 #endif
wolfSSL 13:f67a6c6013ca 21105 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21106 {
wolfSSL 13:f67a6c6013ca 21107 break;
wolfSSL 13:f67a6c6013ca 21108 }
wolfSSL 13:f67a6c6013ca 21109 } /* switch(ssl->specs.sig_algo) */
wolfSSL 13:f67a6c6013ca 21110 break;
wolfSSL 13:f67a6c6013ca 21111 }
wolfSSL 13:f67a6c6013ca 21112 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 21113 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 13:f67a6c6013ca 21114 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 21115 {
wolfSSL 13:f67a6c6013ca 21116 enum wc_HashType hashType;
wolfSSL 13:f67a6c6013ca 21117
wolfSSL 13:f67a6c6013ca 21118 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 21119 args->length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL 13:f67a6c6013ca 21120 args->length += ssl->buffers.serverDH_P.length +
wolfSSL 13:f67a6c6013ca 21121 ssl->buffers.serverDH_G.length +
wolfSSL 13:f67a6c6013ca 21122 ssl->buffers.serverDH_Pub.length;
wolfSSL 13:f67a6c6013ca 21123
wolfSSL 13:f67a6c6013ca 21124 preSigIdx = args->idx;
wolfSSL 13:f67a6c6013ca 21125 preSigSz = args->length;
wolfSSL 13:f67a6c6013ca 21126
wolfSSL 13:f67a6c6013ca 21127 if (!ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 21128 word32 i = 0;
wolfSSL 13:f67a6c6013ca 21129 int keySz;
wolfSSL 13:f67a6c6013ca 21130
wolfSSL 13:f67a6c6013ca 21131 /* make sure private key exists */
wolfSSL 13:f67a6c6013ca 21132 if (ssl->buffers.key == NULL ||
wolfSSL 13:f67a6c6013ca 21133 ssl->buffers.key->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 21134 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 13:f67a6c6013ca 21135 }
wolfSSL 13:f67a6c6013ca 21136
wolfSSL 13:f67a6c6013ca 21137 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 13:f67a6c6013ca 21138 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 21139 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21140 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21141 }
wolfSSL 13:f67a6c6013ca 21142
wolfSSL 13:f67a6c6013ca 21143 /* sig length */
wolfSSL 13:f67a6c6013ca 21144 args->length += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21145
wolfSSL 13:f67a6c6013ca 21146 ret = wc_RsaPrivateKeyDecode(
wolfSSL 13:f67a6c6013ca 21147 ssl->buffers.key->buffer, &i,
wolfSSL 13:f67a6c6013ca 21148 (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 21149 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21150 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21151 }
wolfSSL 13:f67a6c6013ca 21152 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 21153 if (keySz < 0) { /* test if keySz has error */
wolfSSL 13:f67a6c6013ca 21154 ERROR_OUT(keySz, exit_sske);
wolfSSL 13:f67a6c6013ca 21155 }
wolfSSL 13:f67a6c6013ca 21156 args->tmpSigSz = (word32)keySz;
wolfSSL 13:f67a6c6013ca 21157 args->length += args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21158
wolfSSL 13:f67a6c6013ca 21159 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 21160 WOLFSSL_MSG("RSA key size too small");
wolfSSL 13:f67a6c6013ca 21161 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21162 }
wolfSSL 13:f67a6c6013ca 21163
wolfSSL 13:f67a6c6013ca 21164 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 21165 args->length += HASH_SIG_SIZE;
wolfSSL 13:f67a6c6013ca 21166 }
wolfSSL 13:f67a6c6013ca 21167 }
wolfSSL 13:f67a6c6013ca 21168
wolfSSL 13:f67a6c6013ca 21169 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 13:f67a6c6013ca 21170 RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 21171
wolfSSL 13:f67a6c6013ca 21172 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 21173 args->length += args->qshSz;
wolfSSL 13:f67a6c6013ca 21174 args->sendSz += args->qshSz;
wolfSSL 13:f67a6c6013ca 21175 #endif
wolfSSL 13:f67a6c6013ca 21176 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 21177 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 21178 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 21179 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 21180 preSigIdx = args->idx;
wolfSSL 13:f67a6c6013ca 21181 }
wolfSSL 13:f67a6c6013ca 21182 #endif
wolfSSL 13:f67a6c6013ca 21183
wolfSSL 13:f67a6c6013ca 21184 /* check for available size */
wolfSSL 13:f67a6c6013ca 21185 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 21186 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21187 }
wolfSSL 13:f67a6c6013ca 21188
wolfSSL 13:f67a6c6013ca 21189 /* get ouput buffer */
wolfSSL 13:f67a6c6013ca 21190 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 21191 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 21192
wolfSSL 13:f67a6c6013ca 21193 AddHeaders(args->output, args->length,
wolfSSL 13:f67a6c6013ca 21194 server_key_exchange, ssl);
wolfSSL 13:f67a6c6013ca 21195
wolfSSL 13:f67a6c6013ca 21196 /* add p, g, pub */
wolfSSL 13:f67a6c6013ca 21197 c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 21198 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21199 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21200 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 21201 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 21202 ssl->buffers.serverDH_P.length);
wolfSSL 13:f67a6c6013ca 21203 args->idx += ssl->buffers.serverDH_P.length;
wolfSSL 13:f67a6c6013ca 21204
wolfSSL 13:f67a6c6013ca 21205 /* g */
wolfSSL 13:f67a6c6013ca 21206 c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL 13:f67a6c6013ca 21207 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21208 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21209 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 21210 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 21211 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 21212 args->idx += ssl->buffers.serverDH_G.length;
wolfSSL 13:f67a6c6013ca 21213
wolfSSL 13:f67a6c6013ca 21214 /* pub */
wolfSSL 13:f67a6c6013ca 21215 c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL 13:f67a6c6013ca 21216 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21217 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21218 XMEMCPY(args->output + args->idx,
wolfSSL 13:f67a6c6013ca 21219 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 13:f67a6c6013ca 21220 ssl->buffers.serverDH_Pub.length);
wolfSSL 13:f67a6c6013ca 21221 args->idx += ssl->buffers.serverDH_Pub.length;
wolfSSL 13:f67a6c6013ca 21222
wolfSSL 13:f67a6c6013ca 21223 #ifdef HAVE_FUZZER
wolfSSL 13:f67a6c6013ca 21224 if (ssl->fuzzerCb) {
wolfSSL 13:f67a6c6013ca 21225 ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL 13:f67a6c6013ca 21226 preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 13:f67a6c6013ca 21227 }
wolfSSL 13:f67a6c6013ca 21228 #endif
wolfSSL 13:f67a6c6013ca 21229
wolfSSL 13:f67a6c6013ca 21230 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 21231 break;
wolfSSL 13:f67a6c6013ca 21232 }
wolfSSL 13:f67a6c6013ca 21233
wolfSSL 13:f67a6c6013ca 21234 /* Determine hash type */
wolfSSL 13:f67a6c6013ca 21235 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 21236 EncodeSigAlg(ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 21237 ssl->suites->sigAlgo,
wolfSSL 13:f67a6c6013ca 21238 &args->output[args->idx]);
wolfSSL 13:f67a6c6013ca 21239 args->idx += 2;
wolfSSL 13:f67a6c6013ca 21240
wolfSSL 13:f67a6c6013ca 21241 hashType = HashAlgoToType(ssl->suites->hashAlgo);
wolfSSL 13:f67a6c6013ca 21242 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 13:f67a6c6013ca 21243 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21244 }
wolfSSL 13:f67a6c6013ca 21245 } else {
wolfSSL 13:f67a6c6013ca 21246 /* only using sha and md5 for rsa */
wolfSSL 13:f67a6c6013ca 21247 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 21248 hashType = WC_HASH_TYPE_SHA;
wolfSSL 13:f67a6c6013ca 21249 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 21250 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 13:f67a6c6013ca 21251 }
wolfSSL 13:f67a6c6013ca 21252 #else
wolfSSL 13:f67a6c6013ca 21253 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21254 #endif
wolfSSL 13:f67a6c6013ca 21255 }
wolfSSL 13:f67a6c6013ca 21256
wolfSSL 13:f67a6c6013ca 21257 /* signature size */
wolfSSL 13:f67a6c6013ca 21258 c16toa((word16)args->tmpSigSz, args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21259 args->idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 21260
wolfSSL 13:f67a6c6013ca 21261 /* Assemble buffer to hash for signature */
wolfSSL 13:f67a6c6013ca 21262 args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 13:f67a6c6013ca 21263 args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL 13:f67a6c6013ca 21264 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21265 if (args->sigDataBuf == NULL) {
wolfSSL 13:f67a6c6013ca 21266 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21267 }
wolfSSL 13:f67a6c6013ca 21268 XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL 13:f67a6c6013ca 21269 RAN_LEN);
wolfSSL 13:f67a6c6013ca 21270 XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL 13:f67a6c6013ca 21271 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 13:f67a6c6013ca 21272 XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL 13:f67a6c6013ca 21273 args->output + preSigIdx, preSigSz);
wolfSSL 13:f67a6c6013ca 21274
wolfSSL 13:f67a6c6013ca 21275 if (ssl->suites->sigAlgo != ed25519_sa_algo) {
wolfSSL 13:f67a6c6013ca 21276 ssl->buffers.sig.length =
wolfSSL 13:f67a6c6013ca 21277 wc_HashGetDigestSize(hashType);
wolfSSL 13:f67a6c6013ca 21278 ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21279 ssl->buffers.sig.length, ssl->heap,
wolfSSL 13:f67a6c6013ca 21280 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21281 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 13:f67a6c6013ca 21282 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21283 }
wolfSSL 13:f67a6c6013ca 21284
wolfSSL 13:f67a6c6013ca 21285 /* Perform hash */
wolfSSL 13:f67a6c6013ca 21286 ret = wc_Hash(hashType, args->sigDataBuf,
wolfSSL 13:f67a6c6013ca 21287 args->sigDataSz,
wolfSSL 13:f67a6c6013ca 21288 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21289 ssl->buffers.sig.length);
wolfSSL 13:f67a6c6013ca 21290 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21291 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21292 }
wolfSSL 13:f67a6c6013ca 21293 }
wolfSSL 13:f67a6c6013ca 21294
wolfSSL 13:f67a6c6013ca 21295 args->sigSz = args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21296
wolfSSL 13:f67a6c6013ca 21297 /* Sign hash to create signature */
wolfSSL 13:f67a6c6013ca 21298 switch (ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21299 {
wolfSSL 13:f67a6c6013ca 21300 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21301 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21302 {
wolfSSL 13:f67a6c6013ca 21303 /* For TLS 1.2 re-encode signature */
wolfSSL 13:f67a6c6013ca 21304 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 21305 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21306 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 13:f67a6c6013ca 21307 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21308 if (encodedSig == NULL) {
wolfSSL 13:f67a6c6013ca 21309 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21310 }
wolfSSL 13:f67a6c6013ca 21311
wolfSSL 13:f67a6c6013ca 21312 ssl->buffers.sig.length =
wolfSSL 13:f67a6c6013ca 21313 wc_EncodeSignature(encodedSig,
wolfSSL 13:f67a6c6013ca 21314 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21315 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21316 TypeHash(ssl->suites->hashAlgo));
wolfSSL 13:f67a6c6013ca 21317
wolfSSL 13:f67a6c6013ca 21318 /* Replace sig buffer with new one */
wolfSSL 13:f67a6c6013ca 21319 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 13:f67a6c6013ca 21320 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21321 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 13:f67a6c6013ca 21322 }
wolfSSL 13:f67a6c6013ca 21323 break;
wolfSSL 13:f67a6c6013ca 21324 }
wolfSSL 13:f67a6c6013ca 21325 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 21326 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 13:f67a6c6013ca 21327 break;
wolfSSL 13:f67a6c6013ca 21328 }
wolfSSL 13:f67a6c6013ca 21329 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 13:f67a6c6013ca 21330 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 21331
wolfSSL 13:f67a6c6013ca 21332 /* Check for error */
wolfSSL 13:f67a6c6013ca 21333 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21334 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21335 }
wolfSSL 13:f67a6c6013ca 21336
wolfSSL 13:f67a6c6013ca 21337 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 21338 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 21339 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 21340 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 21341
wolfSSL 13:f67a6c6013ca 21342 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 21343 {
wolfSSL 13:f67a6c6013ca 21344 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 21345 {
wolfSSL 13:f67a6c6013ca 21346 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 21347 case psk_kea:
wolfSSL 13:f67a6c6013ca 21348 {
wolfSSL 13:f67a6c6013ca 21349 break;
wolfSSL 13:f67a6c6013ca 21350 }
wolfSSL 13:f67a6c6013ca 21351 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 21352 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 21353 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 21354 {
wolfSSL 13:f67a6c6013ca 21355 break;
wolfSSL 13:f67a6c6013ca 21356 }
wolfSSL 13:f67a6c6013ca 21357 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 13:f67a6c6013ca 21358 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 21359 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 21360 {
wolfSSL 13:f67a6c6013ca 21361 break;
wolfSSL 13:f67a6c6013ca 21362 }
wolfSSL 13:f67a6c6013ca 21363 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 21364 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 21365 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 21366 {
wolfSSL 13:f67a6c6013ca 21367 /* Sign hash to create signature */
wolfSSL 13:f67a6c6013ca 21368 switch (ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21369 {
wolfSSL 13:f67a6c6013ca 21370 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21371 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 21372 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 21373 #endif
wolfSSL 13:f67a6c6013ca 21374 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21375 {
wolfSSL 13:f67a6c6013ca 21376 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21377
wolfSSL 13:f67a6c6013ca 21378 ret = RsaSign(ssl,
wolfSSL 13:f67a6c6013ca 21379 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21380 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21381 args->output + args->idx,
wolfSSL 13:f67a6c6013ca 21382 &args->sigSz,
wolfSSL 13:f67a6c6013ca 21383 ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 21384 key,
wolfSSL 13:f67a6c6013ca 21385 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 21386 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 21387 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 21388 ssl->RsaSignCtx
wolfSSL 13:f67a6c6013ca 21389 #else
wolfSSL 13:f67a6c6013ca 21390 NULL
wolfSSL 13:f67a6c6013ca 21391 #endif
wolfSSL 13:f67a6c6013ca 21392 );
wolfSSL 13:f67a6c6013ca 21393 break;
wolfSSL 13:f67a6c6013ca 21394 }
wolfSSL 13:f67a6c6013ca 21395 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 21396 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21397 {
wolfSSL 13:f67a6c6013ca 21398 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21399
wolfSSL 13:f67a6c6013ca 21400 ret = EccSign(ssl,
wolfSSL 13:f67a6c6013ca 21401 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21402 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21403 args->output + LENGTH_SZ + args->idx,
wolfSSL 13:f67a6c6013ca 21404 &args->sigSz,
wolfSSL 13:f67a6c6013ca 21405 key,
wolfSSL 13:f67a6c6013ca 21406 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 21407 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 21408 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 21409 ssl->EccSignCtx
wolfSSL 13:f67a6c6013ca 21410 #else
wolfSSL 13:f67a6c6013ca 21411 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 21412 #endif
wolfSSL 13:f67a6c6013ca 21413 );
wolfSSL 13:f67a6c6013ca 21414 break;
wolfSSL 13:f67a6c6013ca 21415 }
wolfSSL 13:f67a6c6013ca 21416 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 21417 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 21418 {
wolfSSL 13:f67a6c6013ca 21419 ed25519_key* key = (ed25519_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21420
wolfSSL 13:f67a6c6013ca 21421 ret = Ed25519Sign(ssl,
wolfSSL 13:f67a6c6013ca 21422 args->sigDataBuf, args->sigDataSz,
wolfSSL 13:f67a6c6013ca 21423 args->output + LENGTH_SZ + args->idx,
wolfSSL 13:f67a6c6013ca 21424 &args->sigSz,
wolfSSL 13:f67a6c6013ca 21425 key,
wolfSSL 13:f67a6c6013ca 21426 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 21427 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 21428 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 21429 ssl->Ed25519SignCtx
wolfSSL 13:f67a6c6013ca 21430 #else
wolfSSL 13:f67a6c6013ca 21431 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 21432 #endif
wolfSSL 13:f67a6c6013ca 21433 );
wolfSSL 13:f67a6c6013ca 21434 break;
wolfSSL 13:f67a6c6013ca 21435 }
wolfSSL 13:f67a6c6013ca 21436 #endif
wolfSSL 13:f67a6c6013ca 21437 } /* switch(ssl->specs.sig_algo) */
wolfSSL 13:f67a6c6013ca 21438 break;
wolfSSL 13:f67a6c6013ca 21439 }
wolfSSL 13:f67a6c6013ca 21440 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 21441 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 13:f67a6c6013ca 21442 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 21443 {
wolfSSL 13:f67a6c6013ca 21444 /* Sign hash to create signature */
wolfSSL 13:f67a6c6013ca 21445 switch (ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21446 {
wolfSSL 13:f67a6c6013ca 21447 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21448 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 21449 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 21450 #endif
wolfSSL 13:f67a6c6013ca 21451 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21452 {
wolfSSL 13:f67a6c6013ca 21453 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21454
wolfSSL 13:f67a6c6013ca 21455 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 21456 break;
wolfSSL 13:f67a6c6013ca 21457 }
wolfSSL 13:f67a6c6013ca 21458
wolfSSL 13:f67a6c6013ca 21459 ret = RsaSign(ssl,
wolfSSL 13:f67a6c6013ca 21460 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21461 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21462 args->output + args->idx,
wolfSSL 13:f67a6c6013ca 21463 &args->sigSz,
wolfSSL 13:f67a6c6013ca 21464 ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 21465 key,
wolfSSL 13:f67a6c6013ca 21466 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 21467 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 21468 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 21469 ssl->RsaSignCtx
wolfSSL 13:f67a6c6013ca 21470 #else
wolfSSL 13:f67a6c6013ca 21471 NULL
wolfSSL 13:f67a6c6013ca 21472 #endif
wolfSSL 13:f67a6c6013ca 21473 );
wolfSSL 13:f67a6c6013ca 21474 break;
wolfSSL 13:f67a6c6013ca 21475 }
wolfSSL 13:f67a6c6013ca 21476 #endif /* NO_RSA */
wolfSSL 13:f67a6c6013ca 21477 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 13:f67a6c6013ca 21478
wolfSSL 13:f67a6c6013ca 21479 break;
wolfSSL 13:f67a6c6013ca 21480 }
wolfSSL 13:f67a6c6013ca 21481 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 13:f67a6c6013ca 21482 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 21483
wolfSSL 13:f67a6c6013ca 21484 /* Check for error */
wolfSSL 13:f67a6c6013ca 21485 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21486 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21487 }
wolfSSL 13:f67a6c6013ca 21488
wolfSSL 13:f67a6c6013ca 21489 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 21490 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 21491 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 21492 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 21493
wolfSSL 13:f67a6c6013ca 21494 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 21495 {
wolfSSL 13:f67a6c6013ca 21496 switch(ssl->specs.kea)
wolfSSL 13:f67a6c6013ca 21497 {
wolfSSL 13:f67a6c6013ca 21498 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 21499 case psk_kea:
wolfSSL 13:f67a6c6013ca 21500 {
wolfSSL 13:f67a6c6013ca 21501 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 21502 break;
wolfSSL 13:f67a6c6013ca 21503 }
wolfSSL 13:f67a6c6013ca 21504 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 21505 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 21506 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 21507 {
wolfSSL 13:f67a6c6013ca 21508 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 21509 break;
wolfSSL 13:f67a6c6013ca 21510 }
wolfSSL 13:f67a6c6013ca 21511 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 13:f67a6c6013ca 21512 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 21513 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 21514 {
wolfSSL 13:f67a6c6013ca 21515 /* Nothing to do in this sub-state */
wolfSSL 13:f67a6c6013ca 21516 break;
wolfSSL 13:f67a6c6013ca 21517 }
wolfSSL 13:f67a6c6013ca 21518 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 21519 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 21520 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 21521 {
wolfSSL 13:f67a6c6013ca 21522 switch(ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21523 {
wolfSSL 13:f67a6c6013ca 21524 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21525 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 21526 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 21527 #endif
wolfSSL 13:f67a6c6013ca 21528 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21529 {
wolfSSL 13:f67a6c6013ca 21530 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21531
wolfSSL 13:f67a6c6013ca 21532 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 21533 if (args->sigSz == 0) {
wolfSSL 13:f67a6c6013ca 21534 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21535 }
wolfSSL 13:f67a6c6013ca 21536 args->verifySig = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21537 args->sigSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 21538 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21539 if (!args->verifySig) {
wolfSSL 13:f67a6c6013ca 21540 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21541 }
wolfSSL 13:f67a6c6013ca 21542 XMEMCPY(args->verifySig,
wolfSSL 13:f67a6c6013ca 21543 args->output + args->idx, args->sigSz);
wolfSSL 13:f67a6c6013ca 21544 }
wolfSSL 13:f67a6c6013ca 21545
wolfSSL 13:f67a6c6013ca 21546 /* check for signature faults */
wolfSSL 13:f67a6c6013ca 21547 ret = VerifyRsaSign(ssl,
wolfSSL 13:f67a6c6013ca 21548 args->verifySig, args->sigSz,
wolfSSL 13:f67a6c6013ca 21549 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21550 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21551 ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 21552 key
wolfSSL 13:f67a6c6013ca 21553 );
wolfSSL 13:f67a6c6013ca 21554 break;
wolfSSL 13:f67a6c6013ca 21555 }
wolfSSL 13:f67a6c6013ca 21556 #endif
wolfSSL 13:f67a6c6013ca 21557 case ecc_dsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21558 {
wolfSSL 13:f67a6c6013ca 21559 /* Now that we know the real sig size, write it. */
wolfSSL 13:f67a6c6013ca 21560 c16toa((word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 21561 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21562
wolfSSL 13:f67a6c6013ca 21563 /* And adjust length and sendSz from estimates */
wolfSSL 13:f67a6c6013ca 21564 args->length += args->sigSz - args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21565 args->sendSz += args->sigSz - args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21566 break;
wolfSSL 13:f67a6c6013ca 21567 }
wolfSSL 13:f67a6c6013ca 21568 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 21569 case ed25519_sa_algo:
wolfSSL 13:f67a6c6013ca 21570 {
wolfSSL 13:f67a6c6013ca 21571 /* Now that we know the real sig size, write it. */
wolfSSL 13:f67a6c6013ca 21572 c16toa((word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 21573 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21574
wolfSSL 13:f67a6c6013ca 21575 /* And adjust length and sendSz from estimates */
wolfSSL 13:f67a6c6013ca 21576 args->length += args->sigSz - args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21577 args->sendSz += args->sigSz - args->tmpSigSz;
wolfSSL 13:f67a6c6013ca 21578 break;
wolfSSL 13:f67a6c6013ca 21579 }
wolfSSL 13:f67a6c6013ca 21580 #endif
wolfSSL 13:f67a6c6013ca 21581 default:
wolfSSL 13:f67a6c6013ca 21582 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 13:f67a6c6013ca 21583 } /* switch(ssl->specs.sig_algo) */
wolfSSL 13:f67a6c6013ca 21584 break;
wolfSSL 13:f67a6c6013ca 21585 }
wolfSSL 13:f67a6c6013ca 21586 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 21587 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 13:f67a6c6013ca 21588 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 21589 {
wolfSSL 13:f67a6c6013ca 21590 switch (ssl->suites->sigAlgo)
wolfSSL 13:f67a6c6013ca 21591 {
wolfSSL 13:f67a6c6013ca 21592 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 21593 #ifndef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 21594 case rsa_pss_sa_algo:
wolfSSL 13:f67a6c6013ca 21595 #endif
wolfSSL 13:f67a6c6013ca 21596 case rsa_sa_algo:
wolfSSL 13:f67a6c6013ca 21597 {
wolfSSL 13:f67a6c6013ca 21598 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 21599
wolfSSL 13:f67a6c6013ca 21600 if (ssl->options.usingAnon_cipher) {
wolfSSL 13:f67a6c6013ca 21601 break;
wolfSSL 13:f67a6c6013ca 21602 }
wolfSSL 13:f67a6c6013ca 21603
wolfSSL 13:f67a6c6013ca 21604 if (args->verifySig == NULL) {
wolfSSL 13:f67a6c6013ca 21605 if (args->sigSz == 0) {
wolfSSL 13:f67a6c6013ca 21606 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21607 }
wolfSSL 13:f67a6c6013ca 21608 args->verifySig = (byte*)XMALLOC(
wolfSSL 13:f67a6c6013ca 21609 args->sigSz, ssl->heap,
wolfSSL 13:f67a6c6013ca 21610 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 21611 if (!args->verifySig) {
wolfSSL 13:f67a6c6013ca 21612 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21613 }
wolfSSL 13:f67a6c6013ca 21614 XMEMCPY(args->verifySig,
wolfSSL 13:f67a6c6013ca 21615 args->output + args->idx, args->sigSz);
wolfSSL 13:f67a6c6013ca 21616 }
wolfSSL 13:f67a6c6013ca 21617
wolfSSL 13:f67a6c6013ca 21618 /* check for signature faults */
wolfSSL 13:f67a6c6013ca 21619 ret = VerifyRsaSign(ssl,
wolfSSL 13:f67a6c6013ca 21620 args->verifySig, args->sigSz,
wolfSSL 13:f67a6c6013ca 21621 ssl->buffers.sig.buffer,
wolfSSL 13:f67a6c6013ca 21622 ssl->buffers.sig.length,
wolfSSL 13:f67a6c6013ca 21623 ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL 13:f67a6c6013ca 21624 key
wolfSSL 13:f67a6c6013ca 21625 );
wolfSSL 13:f67a6c6013ca 21626 break;
wolfSSL 13:f67a6c6013ca 21627 }
wolfSSL 13:f67a6c6013ca 21628 #endif
wolfSSL 13:f67a6c6013ca 21629 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 13:f67a6c6013ca 21630 break;
wolfSSL 13:f67a6c6013ca 21631 }
wolfSSL 13:f67a6c6013ca 21632 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 13:f67a6c6013ca 21633 } /* switch(ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 21634
wolfSSL 13:f67a6c6013ca 21635 /* Check for error */
wolfSSL 13:f67a6c6013ca 21636 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21637 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21638 }
wolfSSL 13:f67a6c6013ca 21639
wolfSSL 13:f67a6c6013ca 21640 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 21641 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 21642 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 21643 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 21644
wolfSSL 13:f67a6c6013ca 21645 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 21646 {
wolfSSL 13:f67a6c6013ca 21647 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 21648 if (ssl->peerQSHKeyPresent) {
wolfSSL 13:f67a6c6013ca 21649 if (args->qshSz > 0) {
wolfSSL 13:f67a6c6013ca 21650 args->idx = args->sendSz - args->qshSz;
wolfSSL 13:f67a6c6013ca 21651 if (QSH_KeyExchangeWrite(ssl, 1) != 0) {
wolfSSL 13:f67a6c6013ca 21652 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21653 }
wolfSSL 13:f67a6c6013ca 21654
wolfSSL 13:f67a6c6013ca 21655 /* extension type */
wolfSSL 13:f67a6c6013ca 21656 c16toa(TLSX_QUANTUM_SAFE_HYBRID,
wolfSSL 13:f67a6c6013ca 21657 args->output + args->idx);
wolfSSL 13:f67a6c6013ca 21658 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 21659
wolfSSL 13:f67a6c6013ca 21660 /* write to output and check amount written */
wolfSSL 13:f67a6c6013ca 21661 if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL 13:f67a6c6013ca 21662 args->output + args->idx) >
wolfSSL 13:f67a6c6013ca 21663 args->qshSz - OPAQUE16_LEN) {
wolfSSL 13:f67a6c6013ca 21664 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 13:f67a6c6013ca 21665 }
wolfSSL 13:f67a6c6013ca 21666 }
wolfSSL 13:f67a6c6013ca 21667 }
wolfSSL 13:f67a6c6013ca 21668 #endif
wolfSSL 13:f67a6c6013ca 21669
wolfSSL 13:f67a6c6013ca 21670 #if defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 21671 if (ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 13:f67a6c6013ca 21672 ssl->specs.kea == ecc_diffie_hellman_kea) {
wolfSSL 13:f67a6c6013ca 21673 /* Check output to make sure it was set */
wolfSSL 13:f67a6c6013ca 21674 if (args->output) {
wolfSSL 13:f67a6c6013ca 21675 AddHeaders(args->output, args->length,
wolfSSL 13:f67a6c6013ca 21676 server_key_exchange, ssl);
wolfSSL 13:f67a6c6013ca 21677 }
wolfSSL 13:f67a6c6013ca 21678 else {
wolfSSL 13:f67a6c6013ca 21679 ERROR_OUT(BUFFER_ERROR, exit_sske);
wolfSSL 13:f67a6c6013ca 21680 }
wolfSSL 13:f67a6c6013ca 21681 }
wolfSSL 13:f67a6c6013ca 21682 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 21683
wolfSSL 13:f67a6c6013ca 21684 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 21685 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 21686 if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) {
wolfSSL 13:f67a6c6013ca 21687 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21688 }
wolfSSL 13:f67a6c6013ca 21689 }
wolfSSL 13:f67a6c6013ca 21690
wolfSSL 13:f67a6c6013ca 21691 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 21692 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 21693 #endif
wolfSSL 13:f67a6c6013ca 21694
wolfSSL 13:f67a6c6013ca 21695 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 13:f67a6c6013ca 21696 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 21697 goto exit_sske;
wolfSSL 13:f67a6c6013ca 21698 }
wolfSSL 13:f67a6c6013ca 21699
wolfSSL 13:f67a6c6013ca 21700 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 21701 if (ssl->hsInfoOn) {
wolfSSL 13:f67a6c6013ca 21702 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 21703 }
wolfSSL 13:f67a6c6013ca 21704 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 21705 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL 13:f67a6c6013ca 21706 args->output, args->sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 21707 }
wolfSSL 13:f67a6c6013ca 21708 #endif
wolfSSL 13:f67a6c6013ca 21709
wolfSSL 13:f67a6c6013ca 21710 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 21711 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 21712 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 21713 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 21714
wolfSSL 13:f67a6c6013ca 21715 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 21716 {
wolfSSL 13:f67a6c6013ca 21717 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 13:f67a6c6013ca 21718 if (!ssl->options.groupMessages) {
wolfSSL 13:f67a6c6013ca 21719 ret = SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 21720 }
wolfSSL 13:f67a6c6013ca 21721
wolfSSL 13:f67a6c6013ca 21722 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 21723 break;
wolfSSL 13:f67a6c6013ca 21724 }
wolfSSL 13:f67a6c6013ca 21725 default:
wolfSSL 13:f67a6c6013ca 21726 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 21727 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 21728
wolfSSL 13:f67a6c6013ca 21729 exit_sske:
wolfSSL 13:f67a6c6013ca 21730
wolfSSL 13:f67a6c6013ca 21731 WOLFSSL_LEAVE("SendServerKeyExchange", ret);
wolfSSL 13:f67a6c6013ca 21732
wolfSSL 13:f67a6c6013ca 21733 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 21734 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 21735 if (ret == WC_PENDING_E)
wolfSSL 13:f67a6c6013ca 21736 return ret;
wolfSSL 13:f67a6c6013ca 21737 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 21738
wolfSSL 13:f67a6c6013ca 21739 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 21740 FreeSskeArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 21741 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 21742
wolfSSL 13:f67a6c6013ca 21743 return ret;
wolfSSL 13:f67a6c6013ca 21744 }
wolfSSL 13:f67a6c6013ca 21745
wolfSSL 13:f67a6c6013ca 21746 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 13:f67a6c6013ca 21747
wolfSSL 13:f67a6c6013ca 21748 /* search suites for specific one, idx on success, negative on error */
wolfSSL 13:f67a6c6013ca 21749 static int FindSuite(Suites* suites, byte first, byte second)
wolfSSL 13:f67a6c6013ca 21750 {
wolfSSL 13:f67a6c6013ca 21751 int i;
wolfSSL 13:f67a6c6013ca 21752
wolfSSL 13:f67a6c6013ca 21753 if (suites == NULL || suites->suiteSz == 0) {
wolfSSL 13:f67a6c6013ca 21754 WOLFSSL_MSG("Suites pointer error or suiteSz 0");
wolfSSL 13:f67a6c6013ca 21755 return SUITES_ERROR;
wolfSSL 13:f67a6c6013ca 21756 }
wolfSSL 13:f67a6c6013ca 21757
wolfSSL 13:f67a6c6013ca 21758 for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
wolfSSL 13:f67a6c6013ca 21759 if (suites->suites[i] == first &&
wolfSSL 13:f67a6c6013ca 21760 suites->suites[i+1] == second )
wolfSSL 13:f67a6c6013ca 21761 return i;
wolfSSL 13:f67a6c6013ca 21762 }
wolfSSL 13:f67a6c6013ca 21763
wolfSSL 13:f67a6c6013ca 21764 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 21765 }
wolfSSL 13:f67a6c6013ca 21766
wolfSSL 13:f67a6c6013ca 21767 #endif
wolfSSL 13:f67a6c6013ca 21768
wolfSSL 13:f67a6c6013ca 21769 /* Make sure server cert/key are valid for this suite, true on success */
wolfSSL 13:f67a6c6013ca 21770 static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
wolfSSL 13:f67a6c6013ca 21771 {
wolfSSL 13:f67a6c6013ca 21772 int haveRSA = !ssl->options.haveStaticECC;
wolfSSL 13:f67a6c6013ca 21773 int havePSK = 0;
wolfSSL 13:f67a6c6013ca 21774 byte first;
wolfSSL 13:f67a6c6013ca 21775 byte second;
wolfSSL 13:f67a6c6013ca 21776
wolfSSL 13:f67a6c6013ca 21777 WOLFSSL_ENTER("VerifyServerSuite");
wolfSSL 13:f67a6c6013ca 21778
wolfSSL 13:f67a6c6013ca 21779 if (ssl->suites == NULL) {
wolfSSL 13:f67a6c6013ca 21780 WOLFSSL_MSG("Suites pointer error");
wolfSSL 13:f67a6c6013ca 21781 return 0;
wolfSSL 13:f67a6c6013ca 21782 }
wolfSSL 13:f67a6c6013ca 21783
wolfSSL 13:f67a6c6013ca 21784 first = ssl->suites->suites[idx];
wolfSSL 13:f67a6c6013ca 21785 second = ssl->suites->suites[idx+1];
wolfSSL 13:f67a6c6013ca 21786
wolfSSL 13:f67a6c6013ca 21787 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 21788 havePSK = ssl->options.havePSK;
wolfSSL 13:f67a6c6013ca 21789 #endif
wolfSSL 13:f67a6c6013ca 21790
wolfSSL 13:f67a6c6013ca 21791 if (ssl->options.haveNTRU)
wolfSSL 13:f67a6c6013ca 21792 haveRSA = 0;
wolfSSL 13:f67a6c6013ca 21793
wolfSSL 13:f67a6c6013ca 21794 if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL 13:f67a6c6013ca 21795 WOLFSSL_MSG("Requires RSA");
wolfSSL 13:f67a6c6013ca 21796 if (haveRSA == 0) {
wolfSSL 13:f67a6c6013ca 21797 WOLFSSL_MSG("Don't have RSA");
wolfSSL 13:f67a6c6013ca 21798 return 0;
wolfSSL 13:f67a6c6013ca 21799 }
wolfSSL 13:f67a6c6013ca 21800 }
wolfSSL 13:f67a6c6013ca 21801
wolfSSL 13:f67a6c6013ca 21802 if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL 13:f67a6c6013ca 21803 WOLFSSL_MSG("Requires DHE");
wolfSSL 13:f67a6c6013ca 21804 if (ssl->options.haveDH == 0) {
wolfSSL 13:f67a6c6013ca 21805 WOLFSSL_MSG("Don't have DHE");
wolfSSL 13:f67a6c6013ca 21806 return 0;
wolfSSL 13:f67a6c6013ca 21807 }
wolfSSL 13:f67a6c6013ca 21808 }
wolfSSL 13:f67a6c6013ca 21809
wolfSSL 13:f67a6c6013ca 21810 if (CipherRequires(first, second, REQUIRES_ECC)) {
wolfSSL 13:f67a6c6013ca 21811 WOLFSSL_MSG("Requires ECC");
wolfSSL 13:f67a6c6013ca 21812 if (ssl->options.haveECC == 0) {
wolfSSL 13:f67a6c6013ca 21813 WOLFSSL_MSG("Don't have ECC");
wolfSSL 13:f67a6c6013ca 21814 return 0;
wolfSSL 13:f67a6c6013ca 21815 }
wolfSSL 13:f67a6c6013ca 21816 }
wolfSSL 13:f67a6c6013ca 21817
wolfSSL 13:f67a6c6013ca 21818 if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL 13:f67a6c6013ca 21819 WOLFSSL_MSG("Requires static ECC");
wolfSSL 13:f67a6c6013ca 21820 if (ssl->options.haveStaticECC == 0) {
wolfSSL 13:f67a6c6013ca 21821 WOLFSSL_MSG("Don't have static ECC");
wolfSSL 13:f67a6c6013ca 21822 return 0;
wolfSSL 13:f67a6c6013ca 21823 }
wolfSSL 13:f67a6c6013ca 21824 }
wolfSSL 13:f67a6c6013ca 21825
wolfSSL 13:f67a6c6013ca 21826 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 13:f67a6c6013ca 21827 WOLFSSL_MSG("Requires PSK");
wolfSSL 13:f67a6c6013ca 21828 if (havePSK == 0) {
wolfSSL 13:f67a6c6013ca 21829 WOLFSSL_MSG("Don't have PSK");
wolfSSL 13:f67a6c6013ca 21830 return 0;
wolfSSL 13:f67a6c6013ca 21831 }
wolfSSL 13:f67a6c6013ca 21832 }
wolfSSL 13:f67a6c6013ca 21833
wolfSSL 13:f67a6c6013ca 21834 if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL 13:f67a6c6013ca 21835 WOLFSSL_MSG("Requires NTRU");
wolfSSL 13:f67a6c6013ca 21836 if (ssl->options.haveNTRU == 0) {
wolfSSL 13:f67a6c6013ca 21837 WOLFSSL_MSG("Don't have NTRU");
wolfSSL 13:f67a6c6013ca 21838 return 0;
wolfSSL 13:f67a6c6013ca 21839 }
wolfSSL 13:f67a6c6013ca 21840 }
wolfSSL 13:f67a6c6013ca 21841
wolfSSL 13:f67a6c6013ca 21842 if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL 13:f67a6c6013ca 21843 WOLFSSL_MSG("Requires RSA Signature");
wolfSSL 13:f67a6c6013ca 21844 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 13:f67a6c6013ca 21845 ssl->options.haveECDSAsig == 1) {
wolfSSL 13:f67a6c6013ca 21846 WOLFSSL_MSG("Don't have RSA Signature");
wolfSSL 13:f67a6c6013ca 21847 return 0;
wolfSSL 13:f67a6c6013ca 21848 }
wolfSSL 13:f67a6c6013ca 21849 }
wolfSSL 13:f67a6c6013ca 21850
wolfSSL 13:f67a6c6013ca 21851 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 13:f67a6c6013ca 21852 if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
wolfSSL 13:f67a6c6013ca 21853 WOLFSSL_MSG("Don't have matching curves");
wolfSSL 13:f67a6c6013ca 21854 return 0;
wolfSSL 13:f67a6c6013ca 21855 }
wolfSSL 13:f67a6c6013ca 21856 #endif
wolfSSL 13:f67a6c6013ca 21857
wolfSSL 13:f67a6c6013ca 21858 /* ECCDHE is always supported if ECC on */
wolfSSL 13:f67a6c6013ca 21859
wolfSSL 13:f67a6c6013ca 21860 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 21861 /* need to negotiate a classic suite in addition to TLS_QSH */
wolfSSL 13:f67a6c6013ca 21862 if (first == QSH_BYTE && second == TLS_QSH) {
wolfSSL 13:f67a6c6013ca 21863 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 13:f67a6c6013ca 21864 ssl->options.haveQSH = 1; /* matched TLS_QSH */
wolfSSL 13:f67a6c6013ca 21865 }
wolfSSL 13:f67a6c6013ca 21866 else {
wolfSSL 13:f67a6c6013ca 21867 WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
wolfSSL 13:f67a6c6013ca 21868 }
wolfSSL 13:f67a6c6013ca 21869 return 0;
wolfSSL 13:f67a6c6013ca 21870 }
wolfSSL 13:f67a6c6013ca 21871 #endif
wolfSSL 13:f67a6c6013ca 21872
wolfSSL 13:f67a6c6013ca 21873 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 21874 if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL 13:f67a6c6013ca 21875 ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 21876 /* Try to establish a key share. */
wolfSSL 13:f67a6c6013ca 21877 int ret = TLSX_KeyShare_Establish(ssl);
wolfSSL 13:f67a6c6013ca 21878 if (ret == KEY_SHARE_ERROR)
wolfSSL 13:f67a6c6013ca 21879 ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST;
wolfSSL 13:f67a6c6013ca 21880 else if (ret != 0)
wolfSSL 13:f67a6c6013ca 21881 return 0;
wolfSSL 13:f67a6c6013ca 21882 }
wolfSSL 13:f67a6c6013ca 21883 #endif
wolfSSL 13:f67a6c6013ca 21884
wolfSSL 13:f67a6c6013ca 21885 return 1;
wolfSSL 13:f67a6c6013ca 21886 }
wolfSSL 13:f67a6c6013ca 21887
wolfSSL 13:f67a6c6013ca 21888 #ifndef NO_WOLFSSL_SERVER
wolfSSL 13:f67a6c6013ca 21889 static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i,
wolfSSL 13:f67a6c6013ca 21890 word16 j)
wolfSSL 13:f67a6c6013ca 21891 {
wolfSSL 13:f67a6c6013ca 21892 if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL 13:f67a6c6013ca 21893 ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL 13:f67a6c6013ca 21894
wolfSSL 13:f67a6c6013ca 21895 if (VerifyServerSuite(ssl, i)) {
wolfSSL 13:f67a6c6013ca 21896 int result;
wolfSSL 13:f67a6c6013ca 21897 WOLFSSL_MSG("Verified suite validity");
wolfSSL 13:f67a6c6013ca 21898 ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL 13:f67a6c6013ca 21899 ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL 13:f67a6c6013ca 21900 result = SetCipherSpecs(ssl);
wolfSSL 13:f67a6c6013ca 21901 if (result == 0)
wolfSSL 13:f67a6c6013ca 21902 PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL 13:f67a6c6013ca 21903 peerSuites->hashSigAlgoSz);
wolfSSL 13:f67a6c6013ca 21904 return result;
wolfSSL 13:f67a6c6013ca 21905 }
wolfSSL 13:f67a6c6013ca 21906 else {
wolfSSL 13:f67a6c6013ca 21907 WOLFSSL_MSG("Could not verify suite validity, continue");
wolfSSL 13:f67a6c6013ca 21908 }
wolfSSL 13:f67a6c6013ca 21909 }
wolfSSL 13:f67a6c6013ca 21910
wolfSSL 13:f67a6c6013ca 21911 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 21912 }
wolfSSL 13:f67a6c6013ca 21913
wolfSSL 13:f67a6c6013ca 21914 int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
wolfSSL 13:f67a6c6013ca 21915 {
wolfSSL 13:f67a6c6013ca 21916 int ret;
wolfSSL 13:f67a6c6013ca 21917 word16 i, j;
wolfSSL 13:f67a6c6013ca 21918
wolfSSL 13:f67a6c6013ca 21919 WOLFSSL_ENTER("MatchSuite");
wolfSSL 13:f67a6c6013ca 21920
wolfSSL 13:f67a6c6013ca 21921 /* & 0x1 equivalent % 2 */
wolfSSL 13:f67a6c6013ca 21922 if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
wolfSSL 13:f67a6c6013ca 21923 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 21924
wolfSSL 13:f67a6c6013ca 21925 if (ssl->suites == NULL)
wolfSSL 13:f67a6c6013ca 21926 return SUITES_ERROR;
wolfSSL 13:f67a6c6013ca 21927
wolfSSL 13:f67a6c6013ca 21928 if (!ssl->options.useClientOrder) {
wolfSSL 13:f67a6c6013ca 21929 /* Server order */
wolfSSL 13:f67a6c6013ca 21930 for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL 13:f67a6c6013ca 21931 for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL 13:f67a6c6013ca 21932 ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL 13:f67a6c6013ca 21933 if (ret != MATCH_SUITE_ERROR)
wolfSSL 13:f67a6c6013ca 21934 return ret;
wolfSSL 13:f67a6c6013ca 21935 }
wolfSSL 13:f67a6c6013ca 21936 }
wolfSSL 13:f67a6c6013ca 21937 }
wolfSSL 13:f67a6c6013ca 21938 else {
wolfSSL 13:f67a6c6013ca 21939 /* Client order */
wolfSSL 13:f67a6c6013ca 21940 for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL 13:f67a6c6013ca 21941 for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL 13:f67a6c6013ca 21942 ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL 13:f67a6c6013ca 21943 if (ret != MATCH_SUITE_ERROR)
wolfSSL 13:f67a6c6013ca 21944 return ret;
wolfSSL 13:f67a6c6013ca 21945 }
wolfSSL 13:f67a6c6013ca 21946 }
wolfSSL 13:f67a6c6013ca 21947 }
wolfSSL 13:f67a6c6013ca 21948
wolfSSL 13:f67a6c6013ca 21949 return MATCH_SUITE_ERROR;
wolfSSL 13:f67a6c6013ca 21950 }
wolfSSL 13:f67a6c6013ca 21951 #endif
wolfSSL 13:f67a6c6013ca 21952
wolfSSL 13:f67a6c6013ca 21953 #ifdef OLD_HELLO_ALLOWED
wolfSSL 13:f67a6c6013ca 21954
wolfSSL 13:f67a6c6013ca 21955 /* process old style client hello, deprecate? */
wolfSSL 13:f67a6c6013ca 21956 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 21957 word32 inSz, word16 sz)
wolfSSL 13:f67a6c6013ca 21958 {
wolfSSL 13:f67a6c6013ca 21959 word32 idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 21960 word16 sessionSz;
wolfSSL 13:f67a6c6013ca 21961 word16 randomSz;
wolfSSL 13:f67a6c6013ca 21962 word16 i, j;
wolfSSL 13:f67a6c6013ca 21963 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 21964 Suites clSuites;
wolfSSL 13:f67a6c6013ca 21965
wolfSSL 13:f67a6c6013ca 21966 (void)inSz;
wolfSSL 13:f67a6c6013ca 21967 WOLFSSL_MSG("Got old format client hello");
wolfSSL 13:f67a6c6013ca 21968 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 21969 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 21970 AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 21971 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 21972 AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 21973 #endif
wolfSSL 13:f67a6c6013ca 21974
wolfSSL 13:f67a6c6013ca 21975 /* manually hash input since different format */
wolfSSL 13:f67a6c6013ca 21976 #ifndef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 21977 #ifndef NO_MD5
wolfSSL 13:f67a6c6013ca 21978 wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
wolfSSL 13:f67a6c6013ca 21979 #endif
wolfSSL 13:f67a6c6013ca 21980 #ifndef NO_SHA
wolfSSL 13:f67a6c6013ca 21981 wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
wolfSSL 13:f67a6c6013ca 21982 #endif
wolfSSL 13:f67a6c6013ca 21983 #endif
wolfSSL 13:f67a6c6013ca 21984 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 21985 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 21986 int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
wolfSSL 13:f67a6c6013ca 21987 input + idx, sz);
wolfSSL 13:f67a6c6013ca 21988 if (shaRet != 0)
wolfSSL 13:f67a6c6013ca 21989 return shaRet;
wolfSSL 13:f67a6c6013ca 21990 }
wolfSSL 13:f67a6c6013ca 21991 #endif
wolfSSL 13:f67a6c6013ca 21992
wolfSSL 13:f67a6c6013ca 21993 /* does this value mean client_hello? */
wolfSSL 13:f67a6c6013ca 21994 idx++;
wolfSSL 13:f67a6c6013ca 21995
wolfSSL 13:f67a6c6013ca 21996 /* version */
wolfSSL 13:f67a6c6013ca 21997 pv.major = input[idx++];
wolfSSL 13:f67a6c6013ca 21998 pv.minor = input[idx++];
wolfSSL 13:f67a6c6013ca 21999 ssl->chVersion = pv; /* store */
wolfSSL 13:f67a6c6013ca 22000
wolfSSL 13:f67a6c6013ca 22001 if (ssl->version.minor > pv.minor) {
wolfSSL 13:f67a6c6013ca 22002 byte haveRSA = 0;
wolfSSL 13:f67a6c6013ca 22003 byte havePSK = 0;
wolfSSL 13:f67a6c6013ca 22004 if (!ssl->options.downgrade) {
wolfSSL 13:f67a6c6013ca 22005 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 13:f67a6c6013ca 22006 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 22007 }
wolfSSL 13:f67a6c6013ca 22008 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 13:f67a6c6013ca 22009 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 13:f67a6c6013ca 22010 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 22011 }
wolfSSL 13:f67a6c6013ca 22012 if (pv.minor == SSLv3_MINOR) {
wolfSSL 13:f67a6c6013ca 22013 /* turn off tls */
wolfSSL 13:f67a6c6013ca 22014 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 13:f67a6c6013ca 22015 ssl->options.tls = 0;
wolfSSL 13:f67a6c6013ca 22016 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 22017 ssl->version.minor = SSLv3_MINOR;
wolfSSL 13:f67a6c6013ca 22018 }
wolfSSL 13:f67a6c6013ca 22019 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 13:f67a6c6013ca 22020 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 13:f67a6c6013ca 22021 /* turn off tls 1.1+ */
wolfSSL 13:f67a6c6013ca 22022 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 22023 ssl->version.minor = TLSv1_MINOR;
wolfSSL 13:f67a6c6013ca 22024 }
wolfSSL 13:f67a6c6013ca 22025 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 13:f67a6c6013ca 22026 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 13:f67a6c6013ca 22027 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 13:f67a6c6013ca 22028 }
wolfSSL 13:f67a6c6013ca 22029 else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL 13:f67a6c6013ca 22030 WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL 13:f67a6c6013ca 22031 ssl->version.minor = TLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 22032 }
wolfSSL 13:f67a6c6013ca 22033 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 22034 haveRSA = 1;
wolfSSL 13:f67a6c6013ca 22035 #endif
wolfSSL 13:f67a6c6013ca 22036 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 22037 havePSK = ssl->options.havePSK;
wolfSSL 13:f67a6c6013ca 22038 #endif
wolfSSL 13:f67a6c6013ca 22039
wolfSSL 13:f67a6c6013ca 22040 InitSuites(ssl->suites, ssl->version, ssl->keySz, haveRSA, havePSK,
wolfSSL 13:f67a6c6013ca 22041 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 13:f67a6c6013ca 22042 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 13:f67a6c6013ca 22043 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 13:f67a6c6013ca 22044 }
wolfSSL 13:f67a6c6013ca 22045
wolfSSL 13:f67a6c6013ca 22046 /* suite size */
wolfSSL 13:f67a6c6013ca 22047 ato16(&input[idx], &clSuites.suiteSz);
wolfSSL 13:f67a6c6013ca 22048 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22049
wolfSSL 13:f67a6c6013ca 22050 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 13:f67a6c6013ca 22051 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22052 clSuites.hashSigAlgoSz = 0;
wolfSSL 13:f67a6c6013ca 22053
wolfSSL 13:f67a6c6013ca 22054 /* session size */
wolfSSL 13:f67a6c6013ca 22055 ato16(&input[idx], &sessionSz);
wolfSSL 13:f67a6c6013ca 22056 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22057
wolfSSL 13:f67a6c6013ca 22058 if (sessionSz > ID_LEN)
wolfSSL 13:f67a6c6013ca 22059 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22060
wolfSSL 13:f67a6c6013ca 22061 /* random size */
wolfSSL 13:f67a6c6013ca 22062 ato16(&input[idx], &randomSz);
wolfSSL 13:f67a6c6013ca 22063 idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22064
wolfSSL 13:f67a6c6013ca 22065 if (randomSz > RAN_LEN)
wolfSSL 13:f67a6c6013ca 22066 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22067
wolfSSL 13:f67a6c6013ca 22068 /* suites */
wolfSSL 13:f67a6c6013ca 22069 for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL 13:f67a6c6013ca 22070 byte first = input[idx++];
wolfSSL 13:f67a6c6013ca 22071 if (!first) { /* implicit: skip sslv2 type */
wolfSSL 13:f67a6c6013ca 22072 XMEMCPY(&clSuites.suites[j], &input[idx], SUITE_LEN);
wolfSSL 13:f67a6c6013ca 22073 j += SUITE_LEN;
wolfSSL 13:f67a6c6013ca 22074 }
wolfSSL 13:f67a6c6013ca 22075 idx += SUITE_LEN;
wolfSSL 13:f67a6c6013ca 22076 }
wolfSSL 13:f67a6c6013ca 22077 clSuites.suiteSz = j;
wolfSSL 13:f67a6c6013ca 22078
wolfSSL 13:f67a6c6013ca 22079 /* session id */
wolfSSL 13:f67a6c6013ca 22080 if (sessionSz) {
wolfSSL 13:f67a6c6013ca 22081 XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL 13:f67a6c6013ca 22082 ssl->arrays->sessionIDSz = (byte)sessionSz;
wolfSSL 13:f67a6c6013ca 22083 idx += sessionSz;
wolfSSL 13:f67a6c6013ca 22084 ssl->options.resuming = 1;
wolfSSL 13:f67a6c6013ca 22085 }
wolfSSL 13:f67a6c6013ca 22086
wolfSSL 13:f67a6c6013ca 22087 /* random */
wolfSSL 13:f67a6c6013ca 22088 if (randomSz < RAN_LEN)
wolfSSL 13:f67a6c6013ca 22089 XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL 13:f67a6c6013ca 22090 XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL 13:f67a6c6013ca 22091 randomSz);
wolfSSL 13:f67a6c6013ca 22092 idx += randomSz;
wolfSSL 13:f67a6c6013ca 22093
wolfSSL 13:f67a6c6013ca 22094 if (ssl->options.usingCompression)
wolfSSL 13:f67a6c6013ca 22095 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 13:f67a6c6013ca 22096
wolfSSL 13:f67a6c6013ca 22097 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 13:f67a6c6013ca 22098 *inOutIdx = idx;
wolfSSL 13:f67a6c6013ca 22099
wolfSSL 13:f67a6c6013ca 22100 ssl->options.haveSessionId = 1;
wolfSSL 13:f67a6c6013ca 22101 /* DoClientHello uses same resume code */
wolfSSL 13:f67a6c6013ca 22102 if (ssl->options.resuming) { /* let's try */
wolfSSL 13:f67a6c6013ca 22103 int ret = -1;
wolfSSL 13:f67a6c6013ca 22104 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 13:f67a6c6013ca 22105 ssl->arrays->masterSecret, 1);
wolfSSL 13:f67a6c6013ca 22106 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 22107 if (ssl->options.useTicket == 1) {
wolfSSL 13:f67a6c6013ca 22108 session = &ssl->session;
wolfSSL 13:f67a6c6013ca 22109 }
wolfSSL 13:f67a6c6013ca 22110 #endif
wolfSSL 13:f67a6c6013ca 22111
wolfSSL 13:f67a6c6013ca 22112 if (!session) {
wolfSSL 13:f67a6c6013ca 22113 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 13:f67a6c6013ca 22114 ssl->options.resuming = 0;
wolfSSL 13:f67a6c6013ca 22115 } else {
wolfSSL 13:f67a6c6013ca 22116 #ifdef HAVE_EXT_CACHE
wolfSSL 13:f67a6c6013ca 22117 wolfSSL_SESSION_free(session);
wolfSSL 13:f67a6c6013ca 22118 #endif
wolfSSL 13:f67a6c6013ca 22119 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 13:f67a6c6013ca 22120 WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL 13:f67a6c6013ca 22121 return UNSUPPORTED_SUITE;
wolfSSL 13:f67a6c6013ca 22122 }
wolfSSL 13:f67a6c6013ca 22123
wolfSSL 13:f67a6c6013ca 22124 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 13:f67a6c6013ca 22125 RAN_LEN);
wolfSSL 13:f67a6c6013ca 22126 if (ret != 0)
wolfSSL 13:f67a6c6013ca 22127 return ret;
wolfSSL 13:f67a6c6013ca 22128
wolfSSL 13:f67a6c6013ca 22129 #ifdef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 22130 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 22131 #else
wolfSSL 13:f67a6c6013ca 22132 #ifndef NO_TLS
wolfSSL 13:f67a6c6013ca 22133 if (ssl->options.tls)
wolfSSL 13:f67a6c6013ca 22134 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 22135 #endif
wolfSSL 13:f67a6c6013ca 22136 if (!ssl->options.tls)
wolfSSL 13:f67a6c6013ca 22137 ret = DeriveKeys(ssl);
wolfSSL 13:f67a6c6013ca 22138 #endif
wolfSSL 13:f67a6c6013ca 22139 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 22140
wolfSSL 13:f67a6c6013ca 22141 return ret;
wolfSSL 13:f67a6c6013ca 22142 }
wolfSSL 13:f67a6c6013ca 22143 }
wolfSSL 13:f67a6c6013ca 22144
wolfSSL 13:f67a6c6013ca 22145 return MatchSuite(ssl, &clSuites);
wolfSSL 13:f67a6c6013ca 22146 }
wolfSSL 13:f67a6c6013ca 22147
wolfSSL 13:f67a6c6013ca 22148 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 13:f67a6c6013ca 22149
wolfSSL 13:f67a6c6013ca 22150
wolfSSL 13:f67a6c6013ca 22151 int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 22152 word32 helloSz)
wolfSSL 13:f67a6c6013ca 22153 {
wolfSSL 13:f67a6c6013ca 22154 byte b;
wolfSSL 13:f67a6c6013ca 22155 byte bogusID = 0; /* flag for a bogus session id */
wolfSSL 13:f67a6c6013ca 22156 ProtocolVersion pv;
wolfSSL 13:f67a6c6013ca 22157 Suites clSuites;
wolfSSL 13:f67a6c6013ca 22158 word32 i = *inOutIdx;
wolfSSL 13:f67a6c6013ca 22159 word32 begin = i;
wolfSSL 13:f67a6c6013ca 22160 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22161 Hmac cookieHmac;
wolfSSL 13:f67a6c6013ca 22162 byte peerCookie[MAX_COOKIE_LEN];
wolfSSL 13:f67a6c6013ca 22163 byte peerCookieSz = 0;
wolfSSL 13:f67a6c6013ca 22164 byte cookieType;
wolfSSL 13:f67a6c6013ca 22165 byte cookieSz = 0;
wolfSSL 13:f67a6c6013ca 22166
wolfSSL 13:f67a6c6013ca 22167 XMEMSET(&cookieHmac, 0, sizeof(Hmac));
wolfSSL 13:f67a6c6013ca 22168 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22169
wolfSSL 13:f67a6c6013ca 22170 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 22171 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 22172 if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 22173 #endif
wolfSSL 13:f67a6c6013ca 22174
wolfSSL 13:f67a6c6013ca 22175 /* protocol version, random and session id length check */
wolfSSL 13:f67a6c6013ca 22176 if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 22177 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22178
wolfSSL 13:f67a6c6013ca 22179 /* protocol version */
wolfSSL 13:f67a6c6013ca 22180 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 22181 ssl->chVersion = pv; /* store */
wolfSSL 13:f67a6c6013ca 22182 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22183 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22184 int ret;
wolfSSL 13:f67a6c6013ca 22185 #if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 13:f67a6c6013ca 22186 #error "DTLS needs either SHA or SHA-256"
wolfSSL 13:f67a6c6013ca 22187 #endif /* NO_SHA && NO_SHA256 */
wolfSSL 13:f67a6c6013ca 22188
wolfSSL 13:f67a6c6013ca 22189 #if !defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 13:f67a6c6013ca 22190 cookieType = SHA;
wolfSSL 13:f67a6c6013ca 22191 cookieSz = SHA_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 22192 #endif /* NO_SHA */
wolfSSL 13:f67a6c6013ca 22193 #ifndef NO_SHA256
wolfSSL 13:f67a6c6013ca 22194 cookieType = SHA256;
wolfSSL 13:f67a6c6013ca 22195 cookieSz = SHA256_DIGEST_SIZE;
wolfSSL 13:f67a6c6013ca 22196 #endif /* NO_SHA256 */
wolfSSL 13:f67a6c6013ca 22197 ret = wc_HmacSetKey(&cookieHmac, cookieType,
wolfSSL 13:f67a6c6013ca 22198 ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 13:f67a6c6013ca 22199 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 13:f67a6c6013ca 22200 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22201 ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 13:f67a6c6013ca 22202 (const byte*)ssl->buffers.dtlsCtx.peer.sa,
wolfSSL 13:f67a6c6013ca 22203 ssl->buffers.dtlsCtx.peer.sz);
wolfSSL 13:f67a6c6013ca 22204 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22205 ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 22206 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22207 }
wolfSSL 13:f67a6c6013ca 22208 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22209 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22210
wolfSSL 13:f67a6c6013ca 22211 if ((!ssl->options.dtls && ssl->version.minor > pv.minor) ||
wolfSSL 13:f67a6c6013ca 22212 (ssl->options.dtls && ssl->version.minor != DTLS_MINOR
wolfSSL 13:f67a6c6013ca 22213 && ssl->version.minor != DTLSv1_2_MINOR && pv.minor != DTLS_MINOR
wolfSSL 13:f67a6c6013ca 22214 && pv.minor != DTLSv1_2_MINOR)) {
wolfSSL 13:f67a6c6013ca 22215
wolfSSL 13:f67a6c6013ca 22216 word16 haveRSA = 0;
wolfSSL 13:f67a6c6013ca 22217 word16 havePSK = 0;
wolfSSL 13:f67a6c6013ca 22218 int keySz = 0;
wolfSSL 13:f67a6c6013ca 22219
wolfSSL 13:f67a6c6013ca 22220 if (!ssl->options.downgrade) {
wolfSSL 13:f67a6c6013ca 22221 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 13:f67a6c6013ca 22222 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 22223 }
wolfSSL 13:f67a6c6013ca 22224 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 13:f67a6c6013ca 22225 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 13:f67a6c6013ca 22226 return VERSION_ERROR;
wolfSSL 13:f67a6c6013ca 22227 }
wolfSSL 13:f67a6c6013ca 22228
wolfSSL 13:f67a6c6013ca 22229 if (pv.minor == SSLv3_MINOR) {
wolfSSL 13:f67a6c6013ca 22230 /* turn off tls */
wolfSSL 13:f67a6c6013ca 22231 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 13:f67a6c6013ca 22232 ssl->options.tls = 0;
wolfSSL 13:f67a6c6013ca 22233 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 22234 ssl->version.minor = SSLv3_MINOR;
wolfSSL 13:f67a6c6013ca 22235 }
wolfSSL 13:f67a6c6013ca 22236 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 13:f67a6c6013ca 22237 /* turn off tls 1.1+ */
wolfSSL 13:f67a6c6013ca 22238 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 13:f67a6c6013ca 22239 ssl->options.tls1_1 = 0;
wolfSSL 13:f67a6c6013ca 22240 ssl->version.minor = TLSv1_MINOR;
wolfSSL 13:f67a6c6013ca 22241 }
wolfSSL 13:f67a6c6013ca 22242 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 13:f67a6c6013ca 22243 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 13:f67a6c6013ca 22244 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 13:f67a6c6013ca 22245 }
wolfSSL 13:f67a6c6013ca 22246 else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL 13:f67a6c6013ca 22247 WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL 13:f67a6c6013ca 22248 ssl->version.minor = TLSv1_2_MINOR;
wolfSSL 13:f67a6c6013ca 22249 }
wolfSSL 13:f67a6c6013ca 22250 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 22251 haveRSA = 1;
wolfSSL 13:f67a6c6013ca 22252 #endif
wolfSSL 13:f67a6c6013ca 22253 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 22254 havePSK = ssl->options.havePSK;
wolfSSL 13:f67a6c6013ca 22255 #endif
wolfSSL 13:f67a6c6013ca 22256 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 22257 keySz = ssl->buffers.keySz;
wolfSSL 13:f67a6c6013ca 22258 #endif
wolfSSL 13:f67a6c6013ca 22259 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 13:f67a6c6013ca 22260 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 13:f67a6c6013ca 22261 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 13:f67a6c6013ca 22262 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 13:f67a6c6013ca 22263 }
wolfSSL 13:f67a6c6013ca 22264
wolfSSL 13:f67a6c6013ca 22265 /* random */
wolfSSL 13:f67a6c6013ca 22266 XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL 13:f67a6c6013ca 22267 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22268 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22269 int ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
wolfSSL 13:f67a6c6013ca 22270 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22271 }
wolfSSL 13:f67a6c6013ca 22272 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22273 i += RAN_LEN;
wolfSSL 13:f67a6c6013ca 22274
wolfSSL 13:f67a6c6013ca 22275 #ifdef SHOW_SECRETS
wolfSSL 13:f67a6c6013ca 22276 {
wolfSSL 13:f67a6c6013ca 22277 int j;
wolfSSL 13:f67a6c6013ca 22278 printf("client random: ");
wolfSSL 13:f67a6c6013ca 22279 for (j = 0; j < RAN_LEN; j++)
wolfSSL 13:f67a6c6013ca 22280 printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL 13:f67a6c6013ca 22281 printf("\n");
wolfSSL 13:f67a6c6013ca 22282 }
wolfSSL 13:f67a6c6013ca 22283 #endif
wolfSSL 13:f67a6c6013ca 22284
wolfSSL 13:f67a6c6013ca 22285 /* session id */
wolfSSL 13:f67a6c6013ca 22286 b = input[i++];
wolfSSL 13:f67a6c6013ca 22287
wolfSSL 13:f67a6c6013ca 22288 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 22289 if (b > 0 && b < ID_LEN) {
wolfSSL 13:f67a6c6013ca 22290 bogusID = 1;
wolfSSL 13:f67a6c6013ca 22291 WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
wolfSSL 13:f67a6c6013ca 22292 }
wolfSSL 13:f67a6c6013ca 22293 #endif
wolfSSL 13:f67a6c6013ca 22294
wolfSSL 13:f67a6c6013ca 22295 if (b == ID_LEN || bogusID) {
wolfSSL 13:f67a6c6013ca 22296 if ((i - begin) + b > helloSz)
wolfSSL 13:f67a6c6013ca 22297 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22298
wolfSSL 13:f67a6c6013ca 22299 XMEMCPY(ssl->arrays->sessionID, input + i, b);
wolfSSL 13:f67a6c6013ca 22300 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22301 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22302 int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 13:f67a6c6013ca 22303 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22304 }
wolfSSL 13:f67a6c6013ca 22305 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22306 ssl->arrays->sessionIDSz = b;
wolfSSL 13:f67a6c6013ca 22307 i += b;
wolfSSL 13:f67a6c6013ca 22308 ssl->options.resuming = 1; /* client wants to resume */
wolfSSL 13:f67a6c6013ca 22309 WOLFSSL_MSG("Client wants to resume session");
wolfSSL 13:f67a6c6013ca 22310 }
wolfSSL 13:f67a6c6013ca 22311 else if (b) {
wolfSSL 13:f67a6c6013ca 22312 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 13:f67a6c6013ca 22313 return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL 13:f67a6c6013ca 22314 }
wolfSSL 13:f67a6c6013ca 22315
wolfSSL 13:f67a6c6013ca 22316 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22317 /* cookie */
wolfSSL 13:f67a6c6013ca 22318 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 22319
wolfSSL 13:f67a6c6013ca 22320 if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 22321 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22322
wolfSSL 13:f67a6c6013ca 22323 peerCookieSz = input[i++];
wolfSSL 13:f67a6c6013ca 22324
wolfSSL 13:f67a6c6013ca 22325 if (peerCookieSz) {
wolfSSL 13:f67a6c6013ca 22326 if (peerCookieSz > MAX_COOKIE_LEN)
wolfSSL 13:f67a6c6013ca 22327 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22328
wolfSSL 13:f67a6c6013ca 22329 if ((i - begin) + peerCookieSz > helloSz)
wolfSSL 13:f67a6c6013ca 22330 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22331
wolfSSL 13:f67a6c6013ca 22332 XMEMCPY(peerCookie, input + i, peerCookieSz);
wolfSSL 13:f67a6c6013ca 22333
wolfSSL 13:f67a6c6013ca 22334 i += peerCookieSz;
wolfSSL 13:f67a6c6013ca 22335 }
wolfSSL 13:f67a6c6013ca 22336 }
wolfSSL 13:f67a6c6013ca 22337 #endif
wolfSSL 13:f67a6c6013ca 22338
wolfSSL 13:f67a6c6013ca 22339 /* suites */
wolfSSL 13:f67a6c6013ca 22340 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 22341 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22342
wolfSSL 13:f67a6c6013ca 22343 ato16(&input[i], &clSuites.suiteSz);
wolfSSL 13:f67a6c6013ca 22344 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22345
wolfSSL 13:f67a6c6013ca 22346 /* suites and compression length check */
wolfSSL 13:f67a6c6013ca 22347 if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 22348 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22349
wolfSSL 13:f67a6c6013ca 22350 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 13:f67a6c6013ca 22351 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22352
wolfSSL 13:f67a6c6013ca 22353 XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL 13:f67a6c6013ca 22354
wolfSSL 13:f67a6c6013ca 22355 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 13:f67a6c6013ca 22356 /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
wolfSSL 13:f67a6c6013ca 22357 if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
wolfSSL 13:f67a6c6013ca 22358 int ret = 0;
wolfSSL 13:f67a6c6013ca 22359
wolfSSL 13:f67a6c6013ca 22360 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
wolfSSL 13:f67a6c6013ca 22361 if (ret != SSL_SUCCESS)
wolfSSL 13:f67a6c6013ca 22362 return ret;
wolfSSL 13:f67a6c6013ca 22363 }
wolfSSL 13:f67a6c6013ca 22364 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 13:f67a6c6013ca 22365
wolfSSL 13:f67a6c6013ca 22366 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22367 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22368 int ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 13:f67a6c6013ca 22369 input + i - OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 22370 clSuites.suiteSz + OPAQUE16_LEN);
wolfSSL 13:f67a6c6013ca 22371 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22372 }
wolfSSL 13:f67a6c6013ca 22373 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22374 i += clSuites.suiteSz;
wolfSSL 13:f67a6c6013ca 22375 clSuites.hashSigAlgoSz = 0;
wolfSSL 13:f67a6c6013ca 22376
wolfSSL 13:f67a6c6013ca 22377 /* compression length */
wolfSSL 13:f67a6c6013ca 22378 b = input[i++];
wolfSSL 13:f67a6c6013ca 22379
wolfSSL 13:f67a6c6013ca 22380 if ((i - begin) + b > helloSz)
wolfSSL 13:f67a6c6013ca 22381 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22382
wolfSSL 13:f67a6c6013ca 22383 if (b == 0) {
wolfSSL 13:f67a6c6013ca 22384 WOLFSSL_MSG("No compression types in list");
wolfSSL 13:f67a6c6013ca 22385 return COMPRESSION_ERROR;
wolfSSL 13:f67a6c6013ca 22386 }
wolfSSL 13:f67a6c6013ca 22387
wolfSSL 13:f67a6c6013ca 22388 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22389 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22390 byte newCookie[MAX_COOKIE_LEN];
wolfSSL 13:f67a6c6013ca 22391 int ret;
wolfSSL 13:f67a6c6013ca 22392
wolfSSL 13:f67a6c6013ca 22393 ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 13:f67a6c6013ca 22394 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22395 ret = wc_HmacFinal(&cookieHmac, newCookie);
wolfSSL 13:f67a6c6013ca 22396 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22397
wolfSSL 13:f67a6c6013ca 22398 /* If a cookie callback is set, call it to overwrite the cookie.
wolfSSL 13:f67a6c6013ca 22399 * This should be deprecated. The code now calculates the cookie
wolfSSL 13:f67a6c6013ca 22400 * using an HMAC as expected. */
wolfSSL 13:f67a6c6013ca 22401 if (ssl->ctx->CBIOCookie != NULL &&
wolfSSL 13:f67a6c6013ca 22402 ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
wolfSSL 13:f67a6c6013ca 22403 ssl->IOCB_CookieCtx) != cookieSz) {
wolfSSL 13:f67a6c6013ca 22404 return COOKIE_ERROR;
wolfSSL 13:f67a6c6013ca 22405 }
wolfSSL 13:f67a6c6013ca 22406
wolfSSL 13:f67a6c6013ca 22407 /* Check the cookie, see if we progress the state machine. */
wolfSSL 13:f67a6c6013ca 22408 if (peerCookieSz != cookieSz ||
wolfSSL 13:f67a6c6013ca 22409 XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
wolfSSL 13:f67a6c6013ca 22410
wolfSSL 13:f67a6c6013ca 22411 /* Send newCookie to client in a HelloVerifyRequest message
wolfSSL 13:f67a6c6013ca 22412 * and let the state machine alone. */
wolfSSL 13:f67a6c6013ca 22413 ssl->msgsReceived.got_client_hello = 0;
wolfSSL 13:f67a6c6013ca 22414 ssl->keys.dtls_handshake_number = 0;
wolfSSL 13:f67a6c6013ca 22415 ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL 13:f67a6c6013ca 22416 *inOutIdx += helloSz;
wolfSSL 13:f67a6c6013ca 22417 return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
wolfSSL 13:f67a6c6013ca 22418 }
wolfSSL 13:f67a6c6013ca 22419
wolfSSL 13:f67a6c6013ca 22420 /* This was skipped in the DTLS case so we could handle the hello
wolfSSL 13:f67a6c6013ca 22421 * verify request. */
wolfSSL 13:f67a6c6013ca 22422 ret = HashInput(ssl, input + *inOutIdx, helloSz);
wolfSSL 13:f67a6c6013ca 22423 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 22424 }
wolfSSL 13:f67a6c6013ca 22425 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 22426
wolfSSL 13:f67a6c6013ca 22427 {
wolfSSL 13:f67a6c6013ca 22428 /* copmression match types */
wolfSSL 13:f67a6c6013ca 22429 int matchNo = 0;
wolfSSL 13:f67a6c6013ca 22430 int matchZlib = 0;
wolfSSL 13:f67a6c6013ca 22431
wolfSSL 13:f67a6c6013ca 22432 while (b--) {
wolfSSL 13:f67a6c6013ca 22433 byte comp = input[i++];
wolfSSL 13:f67a6c6013ca 22434
wolfSSL 13:f67a6c6013ca 22435 if (comp == NO_COMPRESSION) {
wolfSSL 13:f67a6c6013ca 22436 matchNo = 1;
wolfSSL 13:f67a6c6013ca 22437 }
wolfSSL 13:f67a6c6013ca 22438 if (comp == ZLIB_COMPRESSION) {
wolfSSL 13:f67a6c6013ca 22439 matchZlib = 1;
wolfSSL 13:f67a6c6013ca 22440 }
wolfSSL 13:f67a6c6013ca 22441 }
wolfSSL 13:f67a6c6013ca 22442
wolfSSL 13:f67a6c6013ca 22443 if (ssl->options.usingCompression == 0 && matchNo) {
wolfSSL 13:f67a6c6013ca 22444 WOLFSSL_MSG("Matched No Compression");
wolfSSL 13:f67a6c6013ca 22445 } else if (ssl->options.usingCompression && matchZlib) {
wolfSSL 13:f67a6c6013ca 22446 WOLFSSL_MSG("Matched zlib Compression");
wolfSSL 13:f67a6c6013ca 22447 } else if (ssl->options.usingCompression && matchNo) {
wolfSSL 13:f67a6c6013ca 22448 WOLFSSL_MSG("Could only match no compression, turning off");
wolfSSL 13:f67a6c6013ca 22449 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 13:f67a6c6013ca 22450 } else {
wolfSSL 13:f67a6c6013ca 22451 WOLFSSL_MSG("Could not match compression");
wolfSSL 13:f67a6c6013ca 22452 return COMPRESSION_ERROR;
wolfSSL 13:f67a6c6013ca 22453 }
wolfSSL 13:f67a6c6013ca 22454 }
wolfSSL 13:f67a6c6013ca 22455
wolfSSL 13:f67a6c6013ca 22456 *inOutIdx = i;
wolfSSL 13:f67a6c6013ca 22457
wolfSSL 13:f67a6c6013ca 22458 /* tls extensions */
wolfSSL 13:f67a6c6013ca 22459 if ((i - begin) < helloSz) {
wolfSSL 13:f67a6c6013ca 22460 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 22461 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 22462 QSH_Init(ssl);
wolfSSL 13:f67a6c6013ca 22463 #endif
wolfSSL 13:f67a6c6013ca 22464 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 13:f67a6c6013ca 22465 int ret = 0;
wolfSSL 13:f67a6c6013ca 22466 #else
wolfSSL 13:f67a6c6013ca 22467 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 22468 #endif
wolfSSL 13:f67a6c6013ca 22469 /* Process the hello extension. Skip unsupported. */
wolfSSL 13:f67a6c6013ca 22470 word16 totalExtSz;
wolfSSL 13:f67a6c6013ca 22471
wolfSSL 13:f67a6c6013ca 22472 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 22473 /* auto populate extensions supported unless user defined */
wolfSSL 13:f67a6c6013ca 22474 if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
wolfSSL 13:f67a6c6013ca 22475 return ret;
wolfSSL 13:f67a6c6013ca 22476 #endif
wolfSSL 13:f67a6c6013ca 22477
wolfSSL 13:f67a6c6013ca 22478 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 13:f67a6c6013ca 22479 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22480
wolfSSL 13:f67a6c6013ca 22481 ato16(&input[i], &totalExtSz);
wolfSSL 13:f67a6c6013ca 22482 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22483
wolfSSL 13:f67a6c6013ca 22484 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 13:f67a6c6013ca 22485 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22486
wolfSSL 13:f67a6c6013ca 22487 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 13:f67a6c6013ca 22488 /* tls extensions */
wolfSSL 13:f67a6c6013ca 22489 if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz,
wolfSSL 13:f67a6c6013ca 22490 client_hello, &clSuites)))
wolfSSL 13:f67a6c6013ca 22491 return ret;
wolfSSL 13:f67a6c6013ca 22492 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 22493 if (TLSX_Find(ssl->extensions,
wolfSSL 13:f67a6c6013ca 22494 TLSX_SUPPORTED_VERSIONS) != NULL) {
wolfSSL 13:f67a6c6013ca 22495 TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL 13:f67a6c6013ca 22496 ssl->extensions = NULL;
wolfSSL 13:f67a6c6013ca 22497 ssl->version.minor = TLSv1_3_MINOR;
wolfSSL 13:f67a6c6013ca 22498 *inOutIdx = begin;
wolfSSL 13:f67a6c6013ca 22499 if ((ret = InitHandshakeHashes(ssl)) != 0)
wolfSSL 13:f67a6c6013ca 22500 return ret;
wolfSSL 13:f67a6c6013ca 22501 return DoTls13ClientHello(ssl, input, inOutIdx, helloSz);
wolfSSL 13:f67a6c6013ca 22502 }
wolfSSL 13:f67a6c6013ca 22503 #endif
wolfSSL 13:f67a6c6013ca 22504 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 22505 if((ret=SNI_Callback(ssl)))
wolfSSL 13:f67a6c6013ca 22506 return ret;
wolfSSL 13:f67a6c6013ca 22507 ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL 13:f67a6c6013ca 22508 #endif /*HAVE_STUNNEL*/
wolfSSL 13:f67a6c6013ca 22509
wolfSSL 13:f67a6c6013ca 22510 i += totalExtSz;
wolfSSL 13:f67a6c6013ca 22511 #else
wolfSSL 13:f67a6c6013ca 22512 while (totalExtSz) {
wolfSSL 13:f67a6c6013ca 22513 word16 extId, extSz;
wolfSSL 13:f67a6c6013ca 22514
wolfSSL 13:f67a6c6013ca 22515 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 13:f67a6c6013ca 22516 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22517
wolfSSL 13:f67a6c6013ca 22518 ato16(&input[i], &extId);
wolfSSL 13:f67a6c6013ca 22519 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22520 ato16(&input[i], &extSz);
wolfSSL 13:f67a6c6013ca 22521 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22522
wolfSSL 13:f67a6c6013ca 22523 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 13:f67a6c6013ca 22524 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22525
wolfSSL 13:f67a6c6013ca 22526 if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL 13:f67a6c6013ca 22527 ato16(&input[i], &clSuites.hashSigAlgoSz);
wolfSSL 13:f67a6c6013ca 22528 i += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22529
wolfSSL 13:f67a6c6013ca 22530 if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
wolfSSL 13:f67a6c6013ca 22531 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22532
wolfSSL 13:f67a6c6013ca 22533 XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL 13:f67a6c6013ca 22534 min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
wolfSSL 13:f67a6c6013ca 22535 i += clSuites.hashSigAlgoSz;
wolfSSL 13:f67a6c6013ca 22536
wolfSSL 13:f67a6c6013ca 22537 if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
wolfSSL 13:f67a6c6013ca 22538 clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
wolfSSL 13:f67a6c6013ca 22539 }
wolfSSL 13:f67a6c6013ca 22540 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 13:f67a6c6013ca 22541 else if (extId == HELLO_EXT_EXTMS)
wolfSSL 13:f67a6c6013ca 22542 ssl->options.haveEMS = 1;
wolfSSL 13:f67a6c6013ca 22543 #endif
wolfSSL 13:f67a6c6013ca 22544 else
wolfSSL 13:f67a6c6013ca 22545 i += extSz;
wolfSSL 13:f67a6c6013ca 22546
wolfSSL 13:f67a6c6013ca 22547 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 13:f67a6c6013ca 22548 }
wolfSSL 13:f67a6c6013ca 22549 #endif
wolfSSL 13:f67a6c6013ca 22550 *inOutIdx = i;
wolfSSL 13:f67a6c6013ca 22551 }
wolfSSL 13:f67a6c6013ca 22552 else
wolfSSL 13:f67a6c6013ca 22553 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 13:f67a6c6013ca 22554 }
wolfSSL 13:f67a6c6013ca 22555
wolfSSL 13:f67a6c6013ca 22556 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 13:f67a6c6013ca 22557 ssl->options.haveSessionId = 1;
wolfSSL 13:f67a6c6013ca 22558
wolfSSL 13:f67a6c6013ca 22559 /* ProcessOld uses same resume code */
wolfSSL 13:f67a6c6013ca 22560 if (ssl->options.resuming) {
wolfSSL 13:f67a6c6013ca 22561 int ret = -1;
wolfSSL 13:f67a6c6013ca 22562 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 13:f67a6c6013ca 22563 ssl->arrays->masterSecret, 1);
wolfSSL 13:f67a6c6013ca 22564 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 22565 if (ssl->options.useTicket == 1) {
wolfSSL 13:f67a6c6013ca 22566 session = &ssl->session;
wolfSSL 13:f67a6c6013ca 22567 } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
wolfSSL 13:f67a6c6013ca 22568 WOLFSSL_MSG("Bogus session ID without session ticket");
wolfSSL 13:f67a6c6013ca 22569 return BUFFER_ERROR;
wolfSSL 13:f67a6c6013ca 22570 }
wolfSSL 13:f67a6c6013ca 22571 #endif
wolfSSL 13:f67a6c6013ca 22572
wolfSSL 13:f67a6c6013ca 22573 if (!session) {
wolfSSL 13:f67a6c6013ca 22574 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 13:f67a6c6013ca 22575 ssl->options.resuming = 0;
wolfSSL 13:f67a6c6013ca 22576 }
wolfSSL 13:f67a6c6013ca 22577 else if (session->haveEMS != ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 22578 /* RFC 7627, 5.3, server-side */
wolfSSL 13:f67a6c6013ca 22579 /* if old sess didn't have EMS, but new does, full handshake */
wolfSSL 13:f67a6c6013ca 22580 if (!session->haveEMS && ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 22581 WOLFSSL_MSG("Attempting to resume a session that didn't "
wolfSSL 13:f67a6c6013ca 22582 "use EMS with a new session with EMS. Do full "
wolfSSL 13:f67a6c6013ca 22583 "handshake.");
wolfSSL 13:f67a6c6013ca 22584 ssl->options.resuming = 0;
wolfSSL 13:f67a6c6013ca 22585 }
wolfSSL 13:f67a6c6013ca 22586 /* if old sess used EMS, but new doesn't, MUST abort */
wolfSSL 13:f67a6c6013ca 22587 else if (session->haveEMS && !ssl->options.haveEMS) {
wolfSSL 13:f67a6c6013ca 22588 WOLFSSL_MSG("Trying to resume a session with EMS without "
wolfSSL 13:f67a6c6013ca 22589 "using EMS");
wolfSSL 13:f67a6c6013ca 22590 return EXT_MASTER_SECRET_NEEDED_E;
wolfSSL 13:f67a6c6013ca 22591 }
wolfSSL 13:f67a6c6013ca 22592 #ifdef HAVE_EXT_CACHE
wolfSSL 13:f67a6c6013ca 22593 wolfSSL_SESSION_free(session);
wolfSSL 13:f67a6c6013ca 22594 #endif
wolfSSL 13:f67a6c6013ca 22595 }
wolfSSL 13:f67a6c6013ca 22596 else {
wolfSSL 13:f67a6c6013ca 22597 #ifdef HAVE_EXT_CACHE
wolfSSL 13:f67a6c6013ca 22598 wolfSSL_SESSION_free(session);
wolfSSL 13:f67a6c6013ca 22599 #endif
wolfSSL 13:f67a6c6013ca 22600 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 13:f67a6c6013ca 22601 WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL 13:f67a6c6013ca 22602 return UNSUPPORTED_SUITE;
wolfSSL 13:f67a6c6013ca 22603 }
wolfSSL 13:f67a6c6013ca 22604
wolfSSL 13:f67a6c6013ca 22605 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 13:f67a6c6013ca 22606 RAN_LEN);
wolfSSL 13:f67a6c6013ca 22607 if (ret != 0)
wolfSSL 13:f67a6c6013ca 22608 return ret;
wolfSSL 13:f67a6c6013ca 22609
wolfSSL 13:f67a6c6013ca 22610 #ifdef NO_OLD_TLS
wolfSSL 13:f67a6c6013ca 22611 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 22612 #else
wolfSSL 13:f67a6c6013ca 22613 #ifndef NO_TLS
wolfSSL 13:f67a6c6013ca 22614 if (ssl->options.tls)
wolfSSL 13:f67a6c6013ca 22615 ret = DeriveTlsKeys(ssl);
wolfSSL 13:f67a6c6013ca 22616 #endif
wolfSSL 13:f67a6c6013ca 22617 if (!ssl->options.tls)
wolfSSL 13:f67a6c6013ca 22618 ret = DeriveKeys(ssl);
wolfSSL 13:f67a6c6013ca 22619 #endif
wolfSSL 13:f67a6c6013ca 22620 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 22621
wolfSSL 13:f67a6c6013ca 22622 return ret;
wolfSSL 13:f67a6c6013ca 22623 }
wolfSSL 13:f67a6c6013ca 22624 }
wolfSSL 13:f67a6c6013ca 22625 return MatchSuite(ssl, &clSuites);
wolfSSL 13:f67a6c6013ca 22626 }
wolfSSL 13:f67a6c6013ca 22627
wolfSSL 13:f67a6c6013ca 22628
wolfSSL 13:f67a6c6013ca 22629 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 13:f67a6c6013ca 22630
wolfSSL 13:f67a6c6013ca 22631 typedef struct DcvArgs {
wolfSSL 13:f67a6c6013ca 22632 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 22633 word32 sendSz;
wolfSSL 13:f67a6c6013ca 22634 word16 sz;
wolfSSL 13:f67a6c6013ca 22635 word32 sigSz;
wolfSSL 13:f67a6c6013ca 22636 word32 idx;
wolfSSL 13:f67a6c6013ca 22637 word32 begin;
wolfSSL 13:f67a6c6013ca 22638 byte hashAlgo;
wolfSSL 13:f67a6c6013ca 22639 byte sigAlgo;
wolfSSL 13:f67a6c6013ca 22640 } DcvArgs;
wolfSSL 13:f67a6c6013ca 22641
wolfSSL 13:f67a6c6013ca 22642 static void FreeDcvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 22643 {
wolfSSL 13:f67a6c6013ca 22644 DcvArgs* args = (DcvArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 22645
wolfSSL 13:f67a6c6013ca 22646 (void)ssl;
wolfSSL 13:f67a6c6013ca 22647 (void)args;
wolfSSL 13:f67a6c6013ca 22648 }
wolfSSL 13:f67a6c6013ca 22649
wolfSSL 13:f67a6c6013ca 22650 static int DoCertificateVerify(WOLFSSL* ssl, byte* input,
wolfSSL 13:f67a6c6013ca 22651 word32* inOutIdx, word32 size)
wolfSSL 13:f67a6c6013ca 22652 {
wolfSSL 13:f67a6c6013ca 22653 int ret = 0;
wolfSSL 13:f67a6c6013ca 22654 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 22655 DcvArgs* args = (DcvArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 22656 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 22657 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 22658 #else
wolfSSL 13:f67a6c6013ca 22659 DcvArgs args[1];
wolfSSL 13:f67a6c6013ca 22660 #endif
wolfSSL 13:f67a6c6013ca 22661
wolfSSL 13:f67a6c6013ca 22662 WOLFSSL_ENTER("DoCertificateVerify");
wolfSSL 13:f67a6c6013ca 22663
wolfSSL 13:f67a6c6013ca 22664 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 22665 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 22666 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 22667 /* Check for error */
wolfSSL 13:f67a6c6013ca 22668 if (ret < 0)
wolfSSL 13:f67a6c6013ca 22669 goto exit_dcv;
wolfSSL 13:f67a6c6013ca 22670 }
wolfSSL 13:f67a6c6013ca 22671 else
wolfSSL 13:f67a6c6013ca 22672 #endif
wolfSSL 13:f67a6c6013ca 22673 {
wolfSSL 13:f67a6c6013ca 22674 /* Reset state */
wolfSSL 13:f67a6c6013ca 22675 ret = 0;
wolfSSL 13:f67a6c6013ca 22676 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 22677 XMEMSET(args, 0, sizeof(DcvArgs));
wolfSSL 13:f67a6c6013ca 22678 args->hashAlgo = sha_mac;
wolfSSL 13:f67a6c6013ca 22679 args->sigAlgo = anonymous_sa_algo;
wolfSSL 13:f67a6c6013ca 22680 args->idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 22681 args->begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 22682 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 22683 ssl->async.freeArgs = FreeDcvArgs;
wolfSSL 13:f67a6c6013ca 22684 #endif
wolfSSL 13:f67a6c6013ca 22685 }
wolfSSL 13:f67a6c6013ca 22686
wolfSSL 13:f67a6c6013ca 22687 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 22688 {
wolfSSL 13:f67a6c6013ca 22689 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 22690 {
wolfSSL 13:f67a6c6013ca 22691 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 22692 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 22693 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 22694 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 22695 AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 22696 #endif
wolfSSL 13:f67a6c6013ca 22697
wolfSSL 13:f67a6c6013ca 22698 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 22699 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 22700 } /* case TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 22701 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 22702
wolfSSL 13:f67a6c6013ca 22703 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 22704 {
wolfSSL 13:f67a6c6013ca 22705 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 22706 if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL 13:f67a6c6013ca 22707 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 13:f67a6c6013ca 22708 }
wolfSSL 13:f67a6c6013ca 22709
wolfSSL 13:f67a6c6013ca 22710 DecodeSigAlg(&input[args->idx], &args->hashAlgo,
wolfSSL 13:f67a6c6013ca 22711 &args->sigAlgo);
wolfSSL 13:f67a6c6013ca 22712 args->idx += 2;
wolfSSL 13:f67a6c6013ca 22713 }
wolfSSL 13:f67a6c6013ca 22714 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 22715 else if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0)
wolfSSL 13:f67a6c6013ca 22716 args->sigAlgo = rsa_sa_algo;
wolfSSL 13:f67a6c6013ca 22717 #endif
wolfSSL 13:f67a6c6013ca 22718 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 22719 else if (ssl->peerEccDsaKeyPresent)
wolfSSL 13:f67a6c6013ca 22720 args->sigAlgo = ecc_dsa_sa_algo;
wolfSSL 13:f67a6c6013ca 22721 #endif
wolfSSL 13:f67a6c6013ca 22722 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 22723 else if (ssl->peerEd25519KeyPresent)
wolfSSL 13:f67a6c6013ca 22724 args->sigAlgo = ed25519_sa_algo;
wolfSSL 13:f67a6c6013ca 22725 #endif
wolfSSL 13:f67a6c6013ca 22726
wolfSSL 13:f67a6c6013ca 22727 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 22728 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 13:f67a6c6013ca 22729 }
wolfSSL 13:f67a6c6013ca 22730
wolfSSL 13:f67a6c6013ca 22731 ato16(input + args->idx, &args->sz);
wolfSSL 13:f67a6c6013ca 22732 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 22733
wolfSSL 13:f67a6c6013ca 22734 if ((args->idx - args->begin) + args->sz > size ||
wolfSSL 13:f67a6c6013ca 22735 args->sz > ENCRYPT_LEN) {
wolfSSL 13:f67a6c6013ca 22736 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 13:f67a6c6013ca 22737 }
wolfSSL 13:f67a6c6013ca 22738
wolfSSL 13:f67a6c6013ca 22739 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 22740 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 22741
wolfSSL 13:f67a6c6013ca 22742 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 13:f67a6c6013ca 22743
wolfSSL 13:f67a6c6013ca 22744 /* make sure a default is defined */
wolfSSL 13:f67a6c6013ca 22745 #if !defined(NO_SHA)
wolfSSL 13:f67a6c6013ca 22746 SetDigest(ssl, sha_mac);
wolfSSL 13:f67a6c6013ca 22747 #elif !defined(NO_SHA256)
wolfSSL 13:f67a6c6013ca 22748 SetDigest(ssl, sha256_mac);
wolfSSL 13:f67a6c6013ca 22749 #elif defined(WOLFSSL_SHA384)
wolfSSL 13:f67a6c6013ca 22750 SetDigest(ssl, sha384_mac);
wolfSSL 13:f67a6c6013ca 22751 #elif defined(WOLFSSL_SHA512)
wolfSSL 13:f67a6c6013ca 22752 SetDigest(ssl, sha512_mac);
wolfSSL 13:f67a6c6013ca 22753 #else
wolfSSL 13:f67a6c6013ca 22754 #error No digest enabled for ECC sig verify
wolfSSL 13:f67a6c6013ca 22755 #endif
wolfSSL 13:f67a6c6013ca 22756
wolfSSL 13:f67a6c6013ca 22757 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 22758 if (args->sigAlgo != ecc_dsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 22759 WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL 13:f67a6c6013ca 22760 }
wolfSSL 13:f67a6c6013ca 22761
wolfSSL 13:f67a6c6013ca 22762 SetDigest(ssl, args->hashAlgo);
wolfSSL 13:f67a6c6013ca 22763 }
wolfSSL 13:f67a6c6013ca 22764 }
wolfSSL 13:f67a6c6013ca 22765 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 22766 #ifdef HAVE_ED25519
wolfSSL 13:f67a6c6013ca 22767 if (ssl->peerEd25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 22768 WOLFSSL_MSG("Doing ED25519 peer cert verify");
wolfSSL 13:f67a6c6013ca 22769 if (IsAtLeastTLSv1_2(ssl) &&
wolfSSL 13:f67a6c6013ca 22770 args->sigAlgo != ed25519_sa_algo) {
wolfSSL 13:f67a6c6013ca 22771 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 22772 "Oops, peer sent ED25519 key but not in verify");
wolfSSL 13:f67a6c6013ca 22773 }
wolfSSL 13:f67a6c6013ca 22774 }
wolfSSL 13:f67a6c6013ca 22775 #endif /* HAVE_ED25519 */
wolfSSL 13:f67a6c6013ca 22776
wolfSSL 13:f67a6c6013ca 22777 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 22778 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 22779 } /* case TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 22780 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 22781
wolfSSL 13:f67a6c6013ca 22782 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 22783 {
wolfSSL 13:f67a6c6013ca 22784 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 22785 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 13:f67a6c6013ca 22786 WOLFSSL_MSG("Doing RSA peer cert verify");
wolfSSL 13:f67a6c6013ca 22787
wolfSSL 13:f67a6c6013ca 22788 ret = RsaVerify(ssl,
wolfSSL 13:f67a6c6013ca 22789 input + args->idx,
wolfSSL 13:f67a6c6013ca 22790 args->sz,
wolfSSL 13:f67a6c6013ca 22791 &args->output,
wolfSSL 13:f67a6c6013ca 22792 args->sigAlgo, args->hashAlgo,
wolfSSL 13:f67a6c6013ca 22793 ssl->peerRsaKey,
wolfSSL 13:f67a6c6013ca 22794 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 22795 ssl->buffers.peerRsaKey.buffer,
wolfSSL 13:f67a6c6013ca 22796 ssl->buffers.peerRsaKey.length,
wolfSSL 13:f67a6c6013ca 22797 ssl->RsaVerifyCtx
wolfSSL 13:f67a6c6013ca 22798 #else
wolfSSL 13:f67a6c6013ca 22799 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 22800 #endif
wolfSSL 13:f67a6c6013ca 22801 );
wolfSSL 13:f67a6c6013ca 22802 if (ret >= 0) {
wolfSSL 13:f67a6c6013ca 22803 if (args->sigAlgo == rsa_sa_algo)
wolfSSL 13:f67a6c6013ca 22804 args->sendSz = ret;
wolfSSL 13:f67a6c6013ca 22805 else {
wolfSSL 13:f67a6c6013ca 22806 args->sigSz = ret;
wolfSSL 13:f67a6c6013ca 22807 args->sendSz = ssl->buffers.digest.length;
wolfSSL 13:f67a6c6013ca 22808 }
wolfSSL 13:f67a6c6013ca 22809 ret = 0;
wolfSSL 13:f67a6c6013ca 22810 }
wolfSSL 13:f67a6c6013ca 22811 }
wolfSSL 13:f67a6c6013ca 22812 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 22813 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 22814 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 13:f67a6c6013ca 22815 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 13:f67a6c6013ca 22816
wolfSSL 13:f67a6c6013ca 22817 ret = EccVerify(ssl,
wolfSSL 13:f67a6c6013ca 22818 input + args->idx, args->sz,
wolfSSL 13:f67a6c6013ca 22819 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 22820 ssl->peerEccDsaKey,
wolfSSL 13:f67a6c6013ca 22821 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 22822 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 13:f67a6c6013ca 22823 ssl->buffers.peerEccDsaKey.length,
wolfSSL 13:f67a6c6013ca 22824 ssl->EccVerifyCtx
wolfSSL 13:f67a6c6013ca 22825 #else
wolfSSL 13:f67a6c6013ca 22826 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 22827 #endif
wolfSSL 13:f67a6c6013ca 22828 );
wolfSSL 13:f67a6c6013ca 22829 }
wolfSSL 13:f67a6c6013ca 22830 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 22831
wolfSSL 13:f67a6c6013ca 22832 /* Check for error */
wolfSSL 13:f67a6c6013ca 22833 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 22834 goto exit_dcv;
wolfSSL 13:f67a6c6013ca 22835 }
wolfSSL 13:f67a6c6013ca 22836
wolfSSL 13:f67a6c6013ca 22837 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 22838 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 22839 } /* case TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 22840 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 22841
wolfSSL 13:f67a6c6013ca 22842 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 22843 {
wolfSSL 13:f67a6c6013ca 22844 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 22845 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 13:f67a6c6013ca 22846 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 13:f67a6c6013ca 22847 #ifdef WC_RSA_PSS
wolfSSL 13:f67a6c6013ca 22848 if (args->sigAlgo == rsa_pss_sa_algo) {
wolfSSL 13:f67a6c6013ca 22849 SetDigest(ssl, args->hashAlgo);
wolfSSL 13:f67a6c6013ca 22850
wolfSSL 13:f67a6c6013ca 22851 ret = wc_RsaPSS_CheckPadding(
wolfSSL 13:f67a6c6013ca 22852 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 22853 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 22854 args->output, args->sigSz,
wolfSSL 13:f67a6c6013ca 22855 HashAlgoToType(args->hashAlgo));
wolfSSL 13:f67a6c6013ca 22856 if (ret != 0)
wolfSSL 13:f67a6c6013ca 22857 return ret;
wolfSSL 13:f67a6c6013ca 22858 }
wolfSSL 13:f67a6c6013ca 22859 else
wolfSSL 13:f67a6c6013ca 22860 #endif
wolfSSL 13:f67a6c6013ca 22861 {
wolfSSL 13:f67a6c6013ca 22862 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 22863 byte* encodedSig = NULL;
wolfSSL 13:f67a6c6013ca 22864 #else
wolfSSL 13:f67a6c6013ca 22865 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 13:f67a6c6013ca 22866 #endif
wolfSSL 13:f67a6c6013ca 22867
wolfSSL 13:f67a6c6013ca 22868 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 22869 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL 13:f67a6c6013ca 22870 ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 22871 if (encodedSig == NULL) {
wolfSSL 13:f67a6c6013ca 22872 ERROR_OUT(MEMORY_E, exit_dcv);
wolfSSL 13:f67a6c6013ca 22873 }
wolfSSL 13:f67a6c6013ca 22874 #endif
wolfSSL 13:f67a6c6013ca 22875
wolfSSL 13:f67a6c6013ca 22876 if (args->sigAlgo != rsa_sa_algo) {
wolfSSL 13:f67a6c6013ca 22877 WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
wolfSSL 13:f67a6c6013ca 22878 }
wolfSSL 13:f67a6c6013ca 22879
wolfSSL 13:f67a6c6013ca 22880 SetDigest(ssl, args->hashAlgo);
wolfSSL 13:f67a6c6013ca 22881
wolfSSL 13:f67a6c6013ca 22882 args->sigSz = wc_EncodeSignature(encodedSig,
wolfSSL 13:f67a6c6013ca 22883 ssl->buffers.digest.buffer,
wolfSSL 13:f67a6c6013ca 22884 ssl->buffers.digest.length,
wolfSSL 13:f67a6c6013ca 22885 TypeHash(args->hashAlgo));
wolfSSL 13:f67a6c6013ca 22886
wolfSSL 13:f67a6c6013ca 22887 if (args->sendSz != args->sigSz || !args->output ||
wolfSSL 13:f67a6c6013ca 22888 XMEMCMP(args->output, encodedSig,
wolfSSL 13:f67a6c6013ca 22889 min(args->sigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 13:f67a6c6013ca 22890 ret = VERIFY_CERT_ERROR;
wolfSSL 13:f67a6c6013ca 22891 }
wolfSSL 13:f67a6c6013ca 22892
wolfSSL 13:f67a6c6013ca 22893 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 13:f67a6c6013ca 22894 XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 13:f67a6c6013ca 22895 #endif
wolfSSL 13:f67a6c6013ca 22896 }
wolfSSL 13:f67a6c6013ca 22897 }
wolfSSL 13:f67a6c6013ca 22898 else {
wolfSSL 13:f67a6c6013ca 22899 if (args->sendSz != FINISHED_SZ || !args->output ||
wolfSSL 13:f67a6c6013ca 22900 XMEMCMP(args->output,
wolfSSL 13:f67a6c6013ca 22901 &ssl->hsHashes->certHashes, FINISHED_SZ) != 0) {
wolfSSL 13:f67a6c6013ca 22902 ret = VERIFY_CERT_ERROR;
wolfSSL 13:f67a6c6013ca 22903 }
wolfSSL 13:f67a6c6013ca 22904 }
wolfSSL 13:f67a6c6013ca 22905 }
wolfSSL 13:f67a6c6013ca 22906 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 22907
wolfSSL 13:f67a6c6013ca 22908 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 22909 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 22910 } /* case TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 22911 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 22912
wolfSSL 13:f67a6c6013ca 22913 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 22914 {
wolfSSL 13:f67a6c6013ca 22915 ssl->options.havePeerVerify = 1;
wolfSSL 13:f67a6c6013ca 22916
wolfSSL 13:f67a6c6013ca 22917 /* Set final index */
wolfSSL 13:f67a6c6013ca 22918 args->idx += args->sz;
wolfSSL 13:f67a6c6013ca 22919 *inOutIdx = args->idx;
wolfSSL 13:f67a6c6013ca 22920
wolfSSL 13:f67a6c6013ca 22921 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 22922 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 22923 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 22924
wolfSSL 13:f67a6c6013ca 22925 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 22926 {
wolfSSL 13:f67a6c6013ca 22927 break;
wolfSSL 13:f67a6c6013ca 22928 }
wolfSSL 13:f67a6c6013ca 22929 default:
wolfSSL 13:f67a6c6013ca 22930 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 22931 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 22932
wolfSSL 13:f67a6c6013ca 22933 exit_dcv:
wolfSSL 13:f67a6c6013ca 22934
wolfSSL 13:f67a6c6013ca 22935 WOLFSSL_LEAVE("DoCertificateVerify", ret);
wolfSSL 13:f67a6c6013ca 22936
wolfSSL 13:f67a6c6013ca 22937 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 22938 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 22939 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 22940 /* Mark message as not recevied so it can process again */
wolfSSL 13:f67a6c6013ca 22941 ssl->msgsReceived.got_certificate_verify = 0;
wolfSSL 13:f67a6c6013ca 22942
wolfSSL 13:f67a6c6013ca 22943 return ret;
wolfSSL 13:f67a6c6013ca 22944 }
wolfSSL 13:f67a6c6013ca 22945 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 22946
wolfSSL 13:f67a6c6013ca 22947 /* Digest is not allocated, so do this to prevent free */
wolfSSL 13:f67a6c6013ca 22948 ssl->buffers.digest.buffer = NULL;
wolfSSL 13:f67a6c6013ca 22949 ssl->buffers.digest.length = 0;
wolfSSL 13:f67a6c6013ca 22950
wolfSSL 13:f67a6c6013ca 22951 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 22952 FreeDcvArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 22953 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 22954
wolfSSL 13:f67a6c6013ca 22955 return ret;
wolfSSL 13:f67a6c6013ca 22956 }
wolfSSL 13:f67a6c6013ca 22957
wolfSSL 13:f67a6c6013ca 22958 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 13:f67a6c6013ca 22959
wolfSSL 13:f67a6c6013ca 22960 int SendServerHelloDone(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 22961 {
wolfSSL 13:f67a6c6013ca 22962 byte* output;
wolfSSL 13:f67a6c6013ca 22963 int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 22964 int ret;
wolfSSL 13:f67a6c6013ca 22965
wolfSSL 13:f67a6c6013ca 22966 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22967 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 22968 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 22969 #endif
wolfSSL 13:f67a6c6013ca 22970
wolfSSL 13:f67a6c6013ca 22971 /* check for available size */
wolfSSL 13:f67a6c6013ca 22972 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 22973 return ret;
wolfSSL 13:f67a6c6013ca 22974
wolfSSL 13:f67a6c6013ca 22975 /* get output buffer */
wolfSSL 13:f67a6c6013ca 22976 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 22977 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 22978
wolfSSL 13:f67a6c6013ca 22979 AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL 13:f67a6c6013ca 22980
wolfSSL 13:f67a6c6013ca 22981 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 22982 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 13:f67a6c6013ca 22983 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 22984 return 0;
wolfSSL 13:f67a6c6013ca 22985 }
wolfSSL 13:f67a6c6013ca 22986
wolfSSL 13:f67a6c6013ca 22987 if (ssl->options.dtls)
wolfSSL 13:f67a6c6013ca 22988 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 22989 #endif
wolfSSL 13:f67a6c6013ca 22990
wolfSSL 13:f67a6c6013ca 22991 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 22992 if (ret != 0)
wolfSSL 13:f67a6c6013ca 22993 return ret;
wolfSSL 13:f67a6c6013ca 22994
wolfSSL 13:f67a6c6013ca 22995 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 22996 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 22997 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 22998 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 22999 AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
wolfSSL 13:f67a6c6013ca 23000 ssl->heap);
wolfSSL 13:f67a6c6013ca 23001 #endif
wolfSSL 13:f67a6c6013ca 23002 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 13:f67a6c6013ca 23003
wolfSSL 13:f67a6c6013ca 23004 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 23005
wolfSSL 13:f67a6c6013ca 23006 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 23007 }
wolfSSL 13:f67a6c6013ca 23008
wolfSSL 13:f67a6c6013ca 23009
wolfSSL 13:f67a6c6013ca 23010 #ifdef HAVE_SESSION_TICKET
wolfSSL 13:f67a6c6013ca 23011
wolfSSL 13:f67a6c6013ca 23012 #define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
wolfSSL 13:f67a6c6013ca 23013 WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
wolfSSL 13:f67a6c6013ca 23014 #define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
wolfSSL 13:f67a6c6013ca 23015
wolfSSL 13:f67a6c6013ca 23016 /* our ticket format */
wolfSSL 13:f67a6c6013ca 23017 typedef struct InternalTicket {
wolfSSL 13:f67a6c6013ca 23018 ProtocolVersion pv; /* version when ticket created */
wolfSSL 13:f67a6c6013ca 23019 byte suite[SUITE_LEN]; /* cipher suite when created */
wolfSSL 13:f67a6c6013ca 23020 byte msecret[SECRET_LEN]; /* master secret */
wolfSSL 13:f67a6c6013ca 23021 word32 timestamp; /* born on */
wolfSSL 13:f67a6c6013ca 23022 word16 haveEMS; /* have extended master secret */
wolfSSL 13:f67a6c6013ca 23023 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 23024 word32 ageAdd; /* Obfuscation of age */
wolfSSL 13:f67a6c6013ca 23025 byte namedGroup; /* Named group used */
wolfSSL 13:f67a6c6013ca 23026 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 23027 word32 maxEarlyDataSz; /* Max size of early data */
wolfSSL 13:f67a6c6013ca 23028 #endif
wolfSSL 13:f67a6c6013ca 23029 #endif
wolfSSL 13:f67a6c6013ca 23030 } InternalTicket;
wolfSSL 13:f67a6c6013ca 23031
wolfSSL 13:f67a6c6013ca 23032 /* fit within SESSION_TICKET_LEN */
wolfSSL 13:f67a6c6013ca 23033 typedef struct ExternalTicket {
wolfSSL 13:f67a6c6013ca 23034 byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
wolfSSL 13:f67a6c6013ca 23035 byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
wolfSSL 13:f67a6c6013ca 23036 byte enc_len[LENGTH_SZ]; /* encrypted length */
wolfSSL 13:f67a6c6013ca 23037 byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
wolfSSL 13:f67a6c6013ca 23038 byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
wolfSSL 13:f67a6c6013ca 23039 /* !! if add to structure, add to TICKET_FIXED_SZ !! */
wolfSSL 13:f67a6c6013ca 23040 } ExternalTicket;
wolfSSL 13:f67a6c6013ca 23041
wolfSSL 13:f67a6c6013ca 23042 /* create a new session ticket, 0 on success */
wolfSSL 13:f67a6c6013ca 23043 int CreateTicket(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 23044 {
wolfSSL 13:f67a6c6013ca 23045 InternalTicket it;
wolfSSL 13:f67a6c6013ca 23046 ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
wolfSSL 13:f67a6c6013ca 23047 int encLen;
wolfSSL 13:f67a6c6013ca 23048 int ret;
wolfSSL 13:f67a6c6013ca 23049 byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
wolfSSL 13:f67a6c6013ca 23050
wolfSSL 13:f67a6c6013ca 23051 XMEMSET(&it, 0, sizeof(it));
wolfSSL 13:f67a6c6013ca 23052
wolfSSL 13:f67a6c6013ca 23053 /* build internal */
wolfSSL 13:f67a6c6013ca 23054 it.pv.major = ssl->version.major;
wolfSSL 13:f67a6c6013ca 23055 it.pv.minor = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 23056
wolfSSL 13:f67a6c6013ca 23057 it.suite[0] = ssl->options.cipherSuite0;
wolfSSL 13:f67a6c6013ca 23058 it.suite[1] = ssl->options.cipherSuite;
wolfSSL 13:f67a6c6013ca 23059
wolfSSL 13:f67a6c6013ca 23060 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 23061 it.maxEarlyDataSz = ssl->options.maxEarlyDataSz;
wolfSSL 13:f67a6c6013ca 23062 #endif
wolfSSL 13:f67a6c6013ca 23063
wolfSSL 13:f67a6c6013ca 23064 if (!ssl->options.tls1_3) {
wolfSSL 13:f67a6c6013ca 23065 XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 23066 c32toa(LowResTimer(), (byte*)&it.timestamp);
wolfSSL 13:f67a6c6013ca 23067 it.haveEMS = ssl->options.haveEMS;
wolfSSL 13:f67a6c6013ca 23068 }
wolfSSL 13:f67a6c6013ca 23069 else {
wolfSSL 13:f67a6c6013ca 23070 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 23071 /* Client adds to ticket age to obfuscate. */
wolfSSL 13:f67a6c6013ca 23072 ret = wc_RNG_GenerateBlock(ssl->rng, (byte*)&it.ageAdd,
wolfSSL 13:f67a6c6013ca 23073 sizeof(it.ageAdd));
wolfSSL 13:f67a6c6013ca 23074 if (ret != 0)
wolfSSL 13:f67a6c6013ca 23075 return BAD_TICKET_ENCRYPT;
wolfSSL 13:f67a6c6013ca 23076 ssl->session.ticketAdd = it.ageAdd;
wolfSSL 13:f67a6c6013ca 23077 it.namedGroup = ssl->session.namedGroup;
wolfSSL 13:f67a6c6013ca 23078 it.timestamp = TimeNowInMilliseconds();
wolfSSL 13:f67a6c6013ca 23079 /* Resumption master secret. */
wolfSSL 13:f67a6c6013ca 23080 XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 23081 #endif
wolfSSL 13:f67a6c6013ca 23082 }
wolfSSL 13:f67a6c6013ca 23083
wolfSSL 13:f67a6c6013ca 23084 /* build external */
wolfSSL 13:f67a6c6013ca 23085 XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
wolfSSL 13:f67a6c6013ca 23086
wolfSSL 13:f67a6c6013ca 23087 /* encrypt */
wolfSSL 13:f67a6c6013ca 23088 encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
wolfSSL 13:f67a6c6013ca 23089 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
wolfSSL 13:f67a6c6013ca 23090 et->enc_ticket, sizeof(InternalTicket),
wolfSSL 13:f67a6c6013ca 23091 &encLen, ssl->ctx->ticketEncCtx);
wolfSSL 13:f67a6c6013ca 23092 if (ret == WOLFSSL_TICKET_RET_OK) {
wolfSSL 13:f67a6c6013ca 23093 if (encLen < (int)sizeof(InternalTicket) ||
wolfSSL 13:f67a6c6013ca 23094 encLen > WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 13:f67a6c6013ca 23095 WOLFSSL_MSG("Bad user ticket encrypt size");
wolfSSL 13:f67a6c6013ca 23096 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 13:f67a6c6013ca 23097 }
wolfSSL 13:f67a6c6013ca 23098
wolfSSL 13:f67a6c6013ca 23099 /* sanity checks on encrypt callback */
wolfSSL 13:f67a6c6013ca 23100
wolfSSL 13:f67a6c6013ca 23101 /* internal ticket can't be the same if encrypted */
wolfSSL 13:f67a6c6013ca 23102 if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
wolfSSL 13:f67a6c6013ca 23103 WOLFSSL_MSG("User ticket encrypt didn't encrypt");
wolfSSL 13:f67a6c6013ca 23104 return BAD_TICKET_ENCRYPT;
wolfSSL 13:f67a6c6013ca 23105 }
wolfSSL 13:f67a6c6013ca 23106
wolfSSL 13:f67a6c6013ca 23107 XMEMSET(zeros, 0, sizeof(zeros));
wolfSSL 13:f67a6c6013ca 23108
wolfSSL 13:f67a6c6013ca 23109 /* name */
wolfSSL 13:f67a6c6013ca 23110 if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
wolfSSL 13:f67a6c6013ca 23111 WOLFSSL_MSG("User ticket encrypt didn't set name");
wolfSSL 13:f67a6c6013ca 23112 return BAD_TICKET_ENCRYPT;
wolfSSL 13:f67a6c6013ca 23113 }
wolfSSL 13:f67a6c6013ca 23114
wolfSSL 13:f67a6c6013ca 23115 /* iv */
wolfSSL 13:f67a6c6013ca 23116 if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
wolfSSL 13:f67a6c6013ca 23117 WOLFSSL_MSG("User ticket encrypt didn't set iv");
wolfSSL 13:f67a6c6013ca 23118 return BAD_TICKET_ENCRYPT;
wolfSSL 13:f67a6c6013ca 23119 }
wolfSSL 13:f67a6c6013ca 23120
wolfSSL 13:f67a6c6013ca 23121 /* mac */
wolfSSL 13:f67a6c6013ca 23122 if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
wolfSSL 13:f67a6c6013ca 23123 WOLFSSL_MSG("User ticket encrypt didn't set mac");
wolfSSL 13:f67a6c6013ca 23124 return BAD_TICKET_ENCRYPT;
wolfSSL 13:f67a6c6013ca 23125 }
wolfSSL 13:f67a6c6013ca 23126
wolfSSL 13:f67a6c6013ca 23127 /* set size */
wolfSSL 13:f67a6c6013ca 23128 c16toa((word16)encLen, et->enc_len);
wolfSSL 13:f67a6c6013ca 23129 ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
wolfSSL 13:f67a6c6013ca 23130 if (encLen < WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 13:f67a6c6013ca 23131 /* move mac up since whole enc buffer not used */
wolfSSL 13:f67a6c6013ca 23132 XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
wolfSSL 13:f67a6c6013ca 23133 }
wolfSSL 13:f67a6c6013ca 23134 }
wolfSSL 13:f67a6c6013ca 23135
wolfSSL 13:f67a6c6013ca 23136 return ret;
wolfSSL 13:f67a6c6013ca 23137 }
wolfSSL 13:f67a6c6013ca 23138
wolfSSL 13:f67a6c6013ca 23139
wolfSSL 13:f67a6c6013ca 23140 /* Parse ticket sent by client, returns callback return value */
wolfSSL 13:f67a6c6013ca 23141 int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
wolfSSL 13:f67a6c6013ca 23142 {
wolfSSL 13:f67a6c6013ca 23143 ExternalTicket* et;
wolfSSL 13:f67a6c6013ca 23144 InternalTicket* it;
wolfSSL 13:f67a6c6013ca 23145 int ret;
wolfSSL 13:f67a6c6013ca 23146 int outLen;
wolfSSL 13:f67a6c6013ca 23147 word16 inLen;
wolfSSL 13:f67a6c6013ca 23148
wolfSSL 13:f67a6c6013ca 23149 if (len > SESSION_TICKET_LEN ||
wolfSSL 13:f67a6c6013ca 23150 len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 13:f67a6c6013ca 23151 return BAD_TICKET_MSG_SZ;
wolfSSL 13:f67a6c6013ca 23152 }
wolfSSL 13:f67a6c6013ca 23153
wolfSSL 13:f67a6c6013ca 23154 et = (ExternalTicket*)input;
wolfSSL 13:f67a6c6013ca 23155 it = (InternalTicket*)et->enc_ticket;
wolfSSL 13:f67a6c6013ca 23156
wolfSSL 13:f67a6c6013ca 23157 /* decrypt */
wolfSSL 13:f67a6c6013ca 23158 ato16(et->enc_len, &inLen);
wolfSSL 13:f67a6c6013ca 23159 if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 13:f67a6c6013ca 23160 return BAD_TICKET_MSG_SZ;
wolfSSL 13:f67a6c6013ca 23161 }
wolfSSL 13:f67a6c6013ca 23162 outLen = inLen; /* may be reduced by user padding */
wolfSSL 13:f67a6c6013ca 23163 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
wolfSSL 13:f67a6c6013ca 23164 et->enc_ticket + inLen, 0,
wolfSSL 13:f67a6c6013ca 23165 et->enc_ticket, inLen, &outLen,
wolfSSL 13:f67a6c6013ca 23166 ssl->ctx->ticketEncCtx);
wolfSSL 13:f67a6c6013ca 23167 if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
wolfSSL 13:f67a6c6013ca 23168 if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
wolfSSL 13:f67a6c6013ca 23169 WOLFSSL_MSG("Bad user ticket decrypt len");
wolfSSL 13:f67a6c6013ca 23170 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 13:f67a6c6013ca 23171 }
wolfSSL 13:f67a6c6013ca 23172
wolfSSL 13:f67a6c6013ca 23173 /* get master secret */
wolfSSL 13:f67a6c6013ca 23174 if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 13:f67a6c6013ca 23175 if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL 13:f67a6c6013ca 23176 XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 23177 /* Copy the haveExtendedMasterSecret property from the ticket to
wolfSSL 13:f67a6c6013ca 23178 * the saved session, so the property may be checked later. */
wolfSSL 13:f67a6c6013ca 23179 ssl->session.haveEMS = it->haveEMS;
wolfSSL 13:f67a6c6013ca 23180 }
wolfSSL 13:f67a6c6013ca 23181 else {
wolfSSL 13:f67a6c6013ca 23182 #ifdef WOLFSSL_TLS13
wolfSSL 13:f67a6c6013ca 23183 /* Restore information to renegotiate. */
wolfSSL 13:f67a6c6013ca 23184 ssl->session.ticketSeen = it->timestamp;
wolfSSL 13:f67a6c6013ca 23185 ssl->session.ticketAdd = it->ageAdd;
wolfSSL 13:f67a6c6013ca 23186 ssl->session.cipherSuite0 = it->suite[0];
wolfSSL 13:f67a6c6013ca 23187 ssl->session.cipherSuite = it->suite[1];
wolfSSL 13:f67a6c6013ca 23188 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 13:f67a6c6013ca 23189 ssl->session.maxEarlyDataSz = it->maxEarlyDataSz;
wolfSSL 13:f67a6c6013ca 23190 #endif
wolfSSL 13:f67a6c6013ca 23191 /* Resumption master secret. */
wolfSSL 13:f67a6c6013ca 23192 XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 23193 ssl->session.namedGroup = it->namedGroup;
wolfSSL 13:f67a6c6013ca 23194 #endif
wolfSSL 13:f67a6c6013ca 23195 }
wolfSSL 13:f67a6c6013ca 23196 }
wolfSSL 13:f67a6c6013ca 23197
wolfSSL 13:f67a6c6013ca 23198 return ret;
wolfSSL 13:f67a6c6013ca 23199 }
wolfSSL 13:f67a6c6013ca 23200
wolfSSL 13:f67a6c6013ca 23201
wolfSSL 13:f67a6c6013ca 23202 /* send Session Ticket */
wolfSSL 13:f67a6c6013ca 23203 int SendTicket(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 23204 {
wolfSSL 13:f67a6c6013ca 23205 byte* output;
wolfSSL 13:f67a6c6013ca 23206 int ret;
wolfSSL 13:f67a6c6013ca 23207 int sendSz;
wolfSSL 13:f67a6c6013ca 23208 word32 length = SESSION_HINT_SZ + LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 23209 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 23210
wolfSSL 13:f67a6c6013ca 23211 if (ssl->options.createTicket) {
wolfSSL 13:f67a6c6013ca 23212 ret = CreateTicket(ssl);
wolfSSL 13:f67a6c6013ca 23213 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 23214 }
wolfSSL 13:f67a6c6013ca 23215
wolfSSL 13:f67a6c6013ca 23216 length += ssl->session.ticketLen;
wolfSSL 13:f67a6c6013ca 23217 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 23218
wolfSSL 13:f67a6c6013ca 23219 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 23220 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 23221 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 23222 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 13:f67a6c6013ca 23223 }
wolfSSL 13:f67a6c6013ca 23224 #endif
wolfSSL 13:f67a6c6013ca 23225 /* check for available size */
wolfSSL 13:f67a6c6013ca 23226 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 23227 return ret;
wolfSSL 13:f67a6c6013ca 23228
wolfSSL 13:f67a6c6013ca 23229 /* get output buffer */
wolfSSL 13:f67a6c6013ca 23230 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 23231 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 23232
wolfSSL 13:f67a6c6013ca 23233 AddHeaders(output, length, session_ticket, ssl);
wolfSSL 13:f67a6c6013ca 23234
wolfSSL 13:f67a6c6013ca 23235 /* hint */
wolfSSL 13:f67a6c6013ca 23236 c32toa(ssl->ctx->ticketHint, output + idx);
wolfSSL 13:f67a6c6013ca 23237 idx += SESSION_HINT_SZ;
wolfSSL 13:f67a6c6013ca 23238
wolfSSL 13:f67a6c6013ca 23239 /* length */
wolfSSL 13:f67a6c6013ca 23240 c16toa(ssl->session.ticketLen, output + idx);
wolfSSL 13:f67a6c6013ca 23241 idx += LENGTH_SZ;
wolfSSL 13:f67a6c6013ca 23242
wolfSSL 13:f67a6c6013ca 23243 /* ticket */
wolfSSL 13:f67a6c6013ca 23244 XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 13:f67a6c6013ca 23245 /* idx += ssl->session.ticketLen; */
wolfSSL 13:f67a6c6013ca 23246
wolfSSL 13:f67a6c6013ca 23247 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 23248 if (ssl->options.dtls) {
wolfSSL 13:f67a6c6013ca 23249 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 23250 return ret;
wolfSSL 13:f67a6c6013ca 23251
wolfSSL 13:f67a6c6013ca 23252 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 13:f67a6c6013ca 23253 }
wolfSSL 13:f67a6c6013ca 23254 #endif
wolfSSL 13:f67a6c6013ca 23255
wolfSSL 13:f67a6c6013ca 23256 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 13:f67a6c6013ca 23257 if (ret != 0) return ret;
wolfSSL 13:f67a6c6013ca 23258 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 23259
wolfSSL 13:f67a6c6013ca 23260 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 23261 }
wolfSSL 13:f67a6c6013ca 23262
wolfSSL 13:f67a6c6013ca 23263 #endif /* HAVE_SESSION_TICKET */
wolfSSL 13:f67a6c6013ca 23264
wolfSSL 13:f67a6c6013ca 23265
wolfSSL 13:f67a6c6013ca 23266 #ifdef WOLFSSL_DTLS
wolfSSL 13:f67a6c6013ca 23267 static int SendHelloVerifyRequest(WOLFSSL* ssl,
wolfSSL 13:f67a6c6013ca 23268 const byte* cookie, byte cookieSz)
wolfSSL 13:f67a6c6013ca 23269 {
wolfSSL 13:f67a6c6013ca 23270 byte* output;
wolfSSL 13:f67a6c6013ca 23271 int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL 13:f67a6c6013ca 23272 int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 13:f67a6c6013ca 23273 int sendSz = length + idx;
wolfSSL 13:f67a6c6013ca 23274 int ret;
wolfSSL 13:f67a6c6013ca 23275
wolfSSL 13:f67a6c6013ca 23276 /* check for available size */
wolfSSL 13:f67a6c6013ca 23277 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 13:f67a6c6013ca 23278 return ret;
wolfSSL 13:f67a6c6013ca 23279
wolfSSL 13:f67a6c6013ca 23280 /* get output buffer */
wolfSSL 13:f67a6c6013ca 23281 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 13:f67a6c6013ca 23282 ssl->buffers.outputBuffer.length;
wolfSSL 13:f67a6c6013ca 23283
wolfSSL 13:f67a6c6013ca 23284 /* Hello Verify Request should use the same sequence number as the
wolfSSL 13:f67a6c6013ca 23285 * Client Hello. */
wolfSSL 13:f67a6c6013ca 23286 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 13:f67a6c6013ca 23287 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 13:f67a6c6013ca 23288 AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL 13:f67a6c6013ca 23289
wolfSSL 13:f67a6c6013ca 23290 #ifdef OPENSSL_EXTRA
wolfSSL 13:f67a6c6013ca 23291 output[idx++] = DTLS_MAJOR;
wolfSSL 13:f67a6c6013ca 23292 output[idx++] = DTLS_MINOR;
wolfSSL 13:f67a6c6013ca 23293 #else
wolfSSL 13:f67a6c6013ca 23294 output[idx++] = ssl->version.major;
wolfSSL 13:f67a6c6013ca 23295 output[idx++] = ssl->version.minor;
wolfSSL 13:f67a6c6013ca 23296 #endif
wolfSSL 13:f67a6c6013ca 23297
wolfSSL 13:f67a6c6013ca 23298 output[idx++] = cookieSz;
wolfSSL 13:f67a6c6013ca 23299 if (cookie == NULL || cookieSz == 0)
wolfSSL 13:f67a6c6013ca 23300 return COOKIE_ERROR;
wolfSSL 13:f67a6c6013ca 23301
wolfSSL 13:f67a6c6013ca 23302 XMEMCPY(output + idx, cookie, cookieSz);
wolfSSL 13:f67a6c6013ca 23303
wolfSSL 13:f67a6c6013ca 23304 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 23305 if (ssl->hsInfoOn)
wolfSSL 13:f67a6c6013ca 23306 AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 23307 if (ssl->toInfoOn)
wolfSSL 13:f67a6c6013ca 23308 AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
wolfSSL 13:f67a6c6013ca 23309 sendSz, ssl->heap);
wolfSSL 13:f67a6c6013ca 23310 #endif
wolfSSL 13:f67a6c6013ca 23311
wolfSSL 13:f67a6c6013ca 23312 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 13:f67a6c6013ca 23313
wolfSSL 13:f67a6c6013ca 23314 return SendBuffered(ssl);
wolfSSL 13:f67a6c6013ca 23315 }
wolfSSL 13:f67a6c6013ca 23316 #endif /* WOLFSSL_DTLS */
wolfSSL 13:f67a6c6013ca 23317
wolfSSL 13:f67a6c6013ca 23318 typedef struct DckeArgs {
wolfSSL 13:f67a6c6013ca 23319 byte* output; /* not allocated */
wolfSSL 13:f67a6c6013ca 23320 word32 length;
wolfSSL 13:f67a6c6013ca 23321 word32 idx;
wolfSSL 13:f67a6c6013ca 23322 word32 begin;
wolfSSL 13:f67a6c6013ca 23323 word32 sigSz;
wolfSSL 13:f67a6c6013ca 23324 } DckeArgs;
wolfSSL 13:f67a6c6013ca 23325
wolfSSL 13:f67a6c6013ca 23326 static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 13:f67a6c6013ca 23327 {
wolfSSL 13:f67a6c6013ca 23328 DckeArgs* args = (DckeArgs*)pArgs;
wolfSSL 13:f67a6c6013ca 23329
wolfSSL 13:f67a6c6013ca 23330 (void)ssl;
wolfSSL 13:f67a6c6013ca 23331 (void)args;
wolfSSL 13:f67a6c6013ca 23332 }
wolfSSL 13:f67a6c6013ca 23333
wolfSSL 13:f67a6c6013ca 23334 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 13:f67a6c6013ca 23335 word32 size)
wolfSSL 13:f67a6c6013ca 23336 {
wolfSSL 13:f67a6c6013ca 23337 int ret;
wolfSSL 13:f67a6c6013ca 23338 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 23339 DckeArgs* args = (DckeArgs*)ssl->async.args;
wolfSSL 13:f67a6c6013ca 23340 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 13:f67a6c6013ca 23341 (void)sizeof(args_test);
wolfSSL 13:f67a6c6013ca 23342 #else
wolfSSL 13:f67a6c6013ca 23343 DckeArgs args[1];
wolfSSL 13:f67a6c6013ca 23344 #endif
wolfSSL 13:f67a6c6013ca 23345
wolfSSL 13:f67a6c6013ca 23346 WOLFSSL_ENTER("DoClientKeyExchange");
wolfSSL 13:f67a6c6013ca 23347
wolfSSL 13:f67a6c6013ca 23348 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 23349 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 13:f67a6c6013ca 23350 if (ret != WC_NOT_PENDING_E) {
wolfSSL 13:f67a6c6013ca 23351 /* Check for error */
wolfSSL 13:f67a6c6013ca 23352 if (ret < 0)
wolfSSL 13:f67a6c6013ca 23353 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23354 }
wolfSSL 13:f67a6c6013ca 23355 else
wolfSSL 13:f67a6c6013ca 23356 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 23357 {
wolfSSL 13:f67a6c6013ca 23358 /* Reset state */
wolfSSL 13:f67a6c6013ca 23359 ret = 0;
wolfSSL 13:f67a6c6013ca 23360 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 13:f67a6c6013ca 23361 XMEMSET(args, 0, sizeof(DckeArgs));
wolfSSL 13:f67a6c6013ca 23362 args->idx = *inOutIdx;
wolfSSL 13:f67a6c6013ca 23363 args->begin = *inOutIdx;
wolfSSL 13:f67a6c6013ca 23364 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 23365 ssl->async.freeArgs = FreeDckeArgs;
wolfSSL 13:f67a6c6013ca 23366 #endif
wolfSSL 13:f67a6c6013ca 23367 }
wolfSSL 13:f67a6c6013ca 23368
wolfSSL 13:f67a6c6013ca 23369 /* Do Client Key Exchange State Machine */
wolfSSL 13:f67a6c6013ca 23370 switch(ssl->options.asyncState)
wolfSSL 13:f67a6c6013ca 23371 {
wolfSSL 13:f67a6c6013ca 23372 case TLS_ASYNC_BEGIN:
wolfSSL 13:f67a6c6013ca 23373 {
wolfSSL 13:f67a6c6013ca 23374 /* Sanity checks */
wolfSSL 13:f67a6c6013ca 23375 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 13:f67a6c6013ca 23376 WOLFSSL_MSG("Client received client keyexchange, attack?");
wolfSSL 13:f67a6c6013ca 23377 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 13:f67a6c6013ca 23378 ERROR_OUT(SSL_FATAL_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23379 }
wolfSSL 13:f67a6c6013ca 23380
wolfSSL 13:f67a6c6013ca 23381 if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL 13:f67a6c6013ca 23382 WOLFSSL_MSG("Client sending keyexchange at wrong time");
wolfSSL 13:f67a6c6013ca 23383 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 13:f67a6c6013ca 23384 ERROR_OUT(OUT_OF_ORDER_E, exit_dcke);
wolfSSL 13:f67a6c6013ca 23385 }
wolfSSL 13:f67a6c6013ca 23386
wolfSSL 13:f67a6c6013ca 23387 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 23388 if (ssl->options.verifyPeer && ssl->options.failNoCert) {
wolfSSL 13:f67a6c6013ca 23389 if (!ssl->options.havePeerCert) {
wolfSSL 13:f67a6c6013ca 23390 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 13:f67a6c6013ca 23391 ERROR_OUT(NO_PEER_CERT, exit_dcke);
wolfSSL 13:f67a6c6013ca 23392 }
wolfSSL 13:f67a6c6013ca 23393 }
wolfSSL 13:f67a6c6013ca 23394
wolfSSL 13:f67a6c6013ca 23395 if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) {
wolfSSL 13:f67a6c6013ca 23396 if (!ssl->options.havePeerCert &&
wolfSSL 13:f67a6c6013ca 23397 !ssl->options.usingPSK_cipher) {
wolfSSL 13:f67a6c6013ca 23398 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 13:f67a6c6013ca 23399 return NO_PEER_CERT;
wolfSSL 13:f67a6c6013ca 23400 }
wolfSSL 13:f67a6c6013ca 23401 }
wolfSSL 13:f67a6c6013ca 23402 #endif /* !NO_CERTS */
wolfSSL 13:f67a6c6013ca 23403
wolfSSL 13:f67a6c6013ca 23404 #ifdef WOLFSSL_CALLBACKS
wolfSSL 13:f67a6c6013ca 23405 if (ssl->hsInfoOn) {
wolfSSL 13:f67a6c6013ca 23406 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 13:f67a6c6013ca 23407 }
wolfSSL 13:f67a6c6013ca 23408 if (ssl->toInfoOn) {
wolfSSL 13:f67a6c6013ca 23409 AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL 13:f67a6c6013ca 23410 }
wolfSSL 13:f67a6c6013ca 23411 #endif
wolfSSL 13:f67a6c6013ca 23412
wolfSSL 13:f67a6c6013ca 23413 switch (ssl->specs.kea) {
wolfSSL 13:f67a6c6013ca 23414 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 23415 case rsa_kea:
wolfSSL 13:f67a6c6013ca 23416 {
wolfSSL 13:f67a6c6013ca 23417 /* make sure private key exists */
wolfSSL 13:f67a6c6013ca 23418 if (ssl->buffers.key == NULL ||
wolfSSL 13:f67a6c6013ca 23419 ssl->buffers.key->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 23420 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 13:f67a6c6013ca 23421 }
wolfSSL 13:f67a6c6013ca 23422 break;
wolfSSL 13:f67a6c6013ca 23423 } /* rsa_kea */
wolfSSL 13:f67a6c6013ca 23424 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 23425 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 23426 case psk_kea:
wolfSSL 13:f67a6c6013ca 23427 {
wolfSSL 13:f67a6c6013ca 23428 /* sanity check that PSK server callback has been set */
wolfSSL 13:f67a6c6013ca 23429 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 23430 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 13:f67a6c6013ca 23431 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23432 }
wolfSSL 13:f67a6c6013ca 23433 break;
wolfSSL 13:f67a6c6013ca 23434 }
wolfSSL 13:f67a6c6013ca 23435 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 23436 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 23437 case ntru_kea:
wolfSSL 13:f67a6c6013ca 23438 {
wolfSSL 13:f67a6c6013ca 23439 /* make sure private key exists */
wolfSSL 13:f67a6c6013ca 23440 if (ssl->buffers.key == NULL ||
wolfSSL 13:f67a6c6013ca 23441 ssl->buffers.key->buffer == NULL) {
wolfSSL 13:f67a6c6013ca 23442 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 13:f67a6c6013ca 23443 }
wolfSSL 13:f67a6c6013ca 23444 break;
wolfSSL 13:f67a6c6013ca 23445 }
wolfSSL 13:f67a6c6013ca 23446 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 23447 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 23448 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 23449 {
wolfSSL 13:f67a6c6013ca 23450 break;
wolfSSL 13:f67a6c6013ca 23451 }
wolfSSL 13:f67a6c6013ca 23452 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 23453 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 23454 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 23455 {
wolfSSL 13:f67a6c6013ca 23456 break;
wolfSSL 13:f67a6c6013ca 23457 }
wolfSSL 13:f67a6c6013ca 23458 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 23459 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 23460 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 23461 {
wolfSSL 13:f67a6c6013ca 23462 /* sanity check that PSK server callback has been set */
wolfSSL 13:f67a6c6013ca 23463 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 23464 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 13:f67a6c6013ca 23465 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23466 }
wolfSSL 13:f67a6c6013ca 23467 break;
wolfSSL 13:f67a6c6013ca 23468 }
wolfSSL 13:f67a6c6013ca 23469 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 23470 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 23471 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 23472 {
wolfSSL 13:f67a6c6013ca 23473 /* sanity check that PSK server callback has been set */
wolfSSL 13:f67a6c6013ca 23474 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 13:f67a6c6013ca 23475 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 13:f67a6c6013ca 23476 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23477 }
wolfSSL 13:f67a6c6013ca 23478 break;
wolfSSL 13:f67a6c6013ca 23479 }
wolfSSL 13:f67a6c6013ca 23480 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 23481 default:
wolfSSL 13:f67a6c6013ca 23482 WOLFSSL_MSG("Bad kea type");
wolfSSL 13:f67a6c6013ca 23483 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 23484 } /* switch (ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 23485
wolfSSL 13:f67a6c6013ca 23486 /* Check for error */
wolfSSL 13:f67a6c6013ca 23487 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23488 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23489 }
wolfSSL 13:f67a6c6013ca 23490
wolfSSL 13:f67a6c6013ca 23491 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 23492 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 13:f67a6c6013ca 23493 } /* TLS_ASYNC_BEGIN */
wolfSSL 13:f67a6c6013ca 23494 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 23495
wolfSSL 13:f67a6c6013ca 23496 case TLS_ASYNC_BUILD:
wolfSSL 13:f67a6c6013ca 23497 {
wolfSSL 13:f67a6c6013ca 23498 switch (ssl->specs.kea) {
wolfSSL 13:f67a6c6013ca 23499 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 23500 case rsa_kea:
wolfSSL 13:f67a6c6013ca 23501 {
wolfSSL 13:f67a6c6013ca 23502 word32 i = 0;
wolfSSL 13:f67a6c6013ca 23503 int keySz;
wolfSSL 13:f67a6c6013ca 23504
wolfSSL 13:f67a6c6013ca 23505 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 13:f67a6c6013ca 23506 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 23507 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23508 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23509 }
wolfSSL 13:f67a6c6013ca 23510
wolfSSL 13:f67a6c6013ca 23511 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 23512 &i, (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 23513 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23514 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23515 }
wolfSSL 13:f67a6c6013ca 23516 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 13:f67a6c6013ca 23517 if (keySz < 0) { /* test if keySz has error */
wolfSSL 13:f67a6c6013ca 23518 ERROR_OUT(keySz, exit_dcke);
wolfSSL 13:f67a6c6013ca 23519 }
wolfSSL 13:f67a6c6013ca 23520 args->length = (word32)keySz;
wolfSSL 13:f67a6c6013ca 23521
wolfSSL 13:f67a6c6013ca 23522 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 13:f67a6c6013ca 23523 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 13:f67a6c6013ca 23524 ERROR_OUT(RSA_KEY_SIZE_E, exit_dcke);
wolfSSL 13:f67a6c6013ca 23525 }
wolfSSL 13:f67a6c6013ca 23526 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 13:f67a6c6013ca 23527
wolfSSL 13:f67a6c6013ca 23528 if (ssl->options.tls) {
wolfSSL 13:f67a6c6013ca 23529 word16 check;
wolfSSL 13:f67a6c6013ca 23530
wolfSSL 13:f67a6c6013ca 23531 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23532 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23533 }
wolfSSL 13:f67a6c6013ca 23534
wolfSSL 13:f67a6c6013ca 23535 ato16(input + args->idx, &check);
wolfSSL 13:f67a6c6013ca 23536 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23537
wolfSSL 13:f67a6c6013ca 23538 if ((word32)check != args->length) {
wolfSSL 13:f67a6c6013ca 23539 WOLFSSL_MSG("RSA explicit size doesn't match");
wolfSSL 13:f67a6c6013ca 23540 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23541 }
wolfSSL 13:f67a6c6013ca 23542 }
wolfSSL 13:f67a6c6013ca 23543
wolfSSL 13:f67a6c6013ca 23544 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 13:f67a6c6013ca 23545 WOLFSSL_MSG("RSA message too big");
wolfSSL 13:f67a6c6013ca 23546 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23547 }
wolfSSL 13:f67a6c6013ca 23548
wolfSSL 13:f67a6c6013ca 23549 args->output = NULL;
wolfSSL 13:f67a6c6013ca 23550 break;
wolfSSL 13:f67a6c6013ca 23551 } /* rsa_kea */
wolfSSL 13:f67a6c6013ca 23552 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 23553 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 23554 case psk_kea:
wolfSSL 13:f67a6c6013ca 23555 {
wolfSSL 13:f67a6c6013ca 23556 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 23557 word16 ci_sz;
wolfSSL 13:f67a6c6013ca 23558
wolfSSL 13:f67a6c6013ca 23559 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23560 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23561 }
wolfSSL 13:f67a6c6013ca 23562
wolfSSL 13:f67a6c6013ca 23563 ato16(input + args->idx, &ci_sz);
wolfSSL 13:f67a6c6013ca 23564 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23565
wolfSSL 13:f67a6c6013ca 23566 if (ci_sz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 23567 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23568 }
wolfSSL 13:f67a6c6013ca 23569
wolfSSL 13:f67a6c6013ca 23570 if ((args->idx - args->begin) + ci_sz > size) {
wolfSSL 13:f67a6c6013ca 23571 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23572 }
wolfSSL 13:f67a6c6013ca 23573
wolfSSL 13:f67a6c6013ca 23574 XMEMCPY(ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 23575 input + args->idx, ci_sz);
wolfSSL 13:f67a6c6013ca 23576 args->idx += ci_sz;
wolfSSL 13:f67a6c6013ca 23577
wolfSSL 13:f67a6c6013ca 23578 ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 23579 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 23580 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 13:f67a6c6013ca 23581 MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 23582
wolfSSL 13:f67a6c6013ca 23583 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 23584 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 23585 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23586 }
wolfSSL 13:f67a6c6013ca 23587
wolfSSL 13:f67a6c6013ca 23588 /* make psk pre master secret */
wolfSSL 13:f67a6c6013ca 23589 /* length of key + length 0s + length of key + key */
wolfSSL 13:f67a6c6013ca 23590 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 23591 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23592
wolfSSL 13:f67a6c6013ca 23593 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 23594 pms += ssl->arrays->psk_keySz;
wolfSSL 13:f67a6c6013ca 23595
wolfSSL 13:f67a6c6013ca 23596 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 23597 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23598
wolfSSL 13:f67a6c6013ca 23599 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 23600 ssl->arrays->preMasterSz =
wolfSSL 13:f67a6c6013ca 23601 (ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
wolfSSL 13:f67a6c6013ca 23602 break;
wolfSSL 13:f67a6c6013ca 23603 }
wolfSSL 13:f67a6c6013ca 23604 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 23605 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 23606 case ntru_kea:
wolfSSL 13:f67a6c6013ca 23607 {
wolfSSL 13:f67a6c6013ca 23608 word16 cipherLen;
wolfSSL 13:f67a6c6013ca 23609 word16 plainLen = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 23610
wolfSSL 13:f67a6c6013ca 23611 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23612 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23613 }
wolfSSL 13:f67a6c6013ca 23614
wolfSSL 13:f67a6c6013ca 23615 ato16(input + args->idx, &cipherLen);
wolfSSL 13:f67a6c6013ca 23616 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23617
wolfSSL 13:f67a6c6013ca 23618 if (cipherLen > MAX_NTRU_ENCRYPT_SZ) {
wolfSSL 13:f67a6c6013ca 23619 ERROR_OUT(NTRU_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23620 }
wolfSSL 13:f67a6c6013ca 23621
wolfSSL 13:f67a6c6013ca 23622 if ((args->idx - args->begin) + cipherLen > size) {
wolfSSL 13:f67a6c6013ca 23623 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23624 }
wolfSSL 13:f67a6c6013ca 23625
wolfSSL 13:f67a6c6013ca 23626 if (NTRU_OK != ntru_crypto_ntru_decrypt(
wolfSSL 13:f67a6c6013ca 23627 (word16) ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 23628 ssl->buffers.key->buffer, cipherLen,
wolfSSL 13:f67a6c6013ca 23629 input + args->idx, &plainLen,
wolfSSL 13:f67a6c6013ca 23630 ssl->arrays->preMasterSecret)) {
wolfSSL 13:f67a6c6013ca 23631 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23632 }
wolfSSL 13:f67a6c6013ca 23633
wolfSSL 13:f67a6c6013ca 23634 if (plainLen != SECRET_LEN) {
wolfSSL 13:f67a6c6013ca 23635 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23636 }
wolfSSL 13:f67a6c6013ca 23637
wolfSSL 13:f67a6c6013ca 23638 args->idx += cipherLen;
wolfSSL 13:f67a6c6013ca 23639 ssl->arrays->preMasterSz = plainLen;
wolfSSL 13:f67a6c6013ca 23640 break;
wolfSSL 13:f67a6c6013ca 23641 }
wolfSSL 13:f67a6c6013ca 23642 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 23643 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 23644 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 23645 {
wolfSSL 13:f67a6c6013ca 23646 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 23647 ecc_key* private_key = ssl->eccTempKey;
wolfSSL 13:f67a6c6013ca 23648
wolfSSL 13:f67a6c6013ca 23649 /* handle static private key */
wolfSSL 13:f67a6c6013ca 23650 if (ssl->specs.static_ecdh &&
wolfSSL 13:f67a6c6013ca 23651 ssl->ecdhCurveOID != ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 23652 word32 i = 0;
wolfSSL 13:f67a6c6013ca 23653
wolfSSL 13:f67a6c6013ca 23654 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 13:f67a6c6013ca 23655 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 13:f67a6c6013ca 23656 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23657 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23658 }
wolfSSL 13:f67a6c6013ca 23659
wolfSSL 13:f67a6c6013ca 23660 ret = wc_EccPrivateKeyDecode(
wolfSSL 13:f67a6c6013ca 23661 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 23662 &i,
wolfSSL 13:f67a6c6013ca 23663 (ecc_key*)ssl->hsKey,
wolfSSL 13:f67a6c6013ca 23664 ssl->buffers.key->length);
wolfSSL 13:f67a6c6013ca 23665 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 23666 private_key = (ecc_key*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 23667 if (wc_ecc_size(private_key) <
wolfSSL 13:f67a6c6013ca 23668 ssl->options.minEccKeySz) {
wolfSSL 13:f67a6c6013ca 23669 WOLFSSL_MSG("ECC key too small");
wolfSSL 13:f67a6c6013ca 23670 ERROR_OUT(ECC_KEY_SIZE_E, exit_dcke);
wolfSSL 13:f67a6c6013ca 23671 }
wolfSSL 13:f67a6c6013ca 23672 }
wolfSSL 13:f67a6c6013ca 23673 }
wolfSSL 13:f67a6c6013ca 23674 #endif
wolfSSL 13:f67a6c6013ca 23675
wolfSSL 13:f67a6c6013ca 23676 /* import peer ECC key */
wolfSSL 13:f67a6c6013ca 23677 if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL 13:f67a6c6013ca 23678 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23679 }
wolfSSL 13:f67a6c6013ca 23680
wolfSSL 13:f67a6c6013ca 23681 args->length = input[args->idx++];
wolfSSL 13:f67a6c6013ca 23682
wolfSSL 13:f67a6c6013ca 23683 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 13:f67a6c6013ca 23684 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23685 }
wolfSSL 13:f67a6c6013ca 23686
wolfSSL 13:f67a6c6013ca 23687 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 23688
wolfSSL 13:f67a6c6013ca 23689 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 23690 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 23691 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 23692 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 23693 if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 23694 break;
wolfSSL 13:f67a6c6013ca 23695 }
wolfSSL 13:f67a6c6013ca 23696 #endif
wolfSSL 13:f67a6c6013ca 23697 if (ssl->peerX25519Key == NULL) {
wolfSSL 13:f67a6c6013ca 23698 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 23699 ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 23700 (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 23701 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23702 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23703 }
wolfSSL 13:f67a6c6013ca 23704 } else if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 23705 ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 23706 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 23707 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 23708 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23709 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23710 }
wolfSSL 13:f67a6c6013ca 23711 }
wolfSSL 13:f67a6c6013ca 23712
wolfSSL 13:f67a6c6013ca 23713 if (wc_curve25519_import_public_ex(
wolfSSL 13:f67a6c6013ca 23714 input + args->idx, args->length,
wolfSSL 13:f67a6c6013ca 23715 ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 23716 EC25519_LITTLE_ENDIAN)) {
wolfSSL 13:f67a6c6013ca 23717 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23718 }
wolfSSL 13:f67a6c6013ca 23719
wolfSSL 13:f67a6c6013ca 23720 ssl->peerX25519KeyPresent = 1;
wolfSSL 13:f67a6c6013ca 23721
wolfSSL 13:f67a6c6013ca 23722 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23723 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23724 }
wolfSSL 13:f67a6c6013ca 23725 break;
wolfSSL 13:f67a6c6013ca 23726 }
wolfSSL 13:f67a6c6013ca 23727 #endif
wolfSSL 13:f67a6c6013ca 23728 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 23729 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 23730 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 23731 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 23732 break;
wolfSSL 13:f67a6c6013ca 23733 }
wolfSSL 13:f67a6c6013ca 23734 #endif
wolfSSL 13:f67a6c6013ca 23735
wolfSSL 13:f67a6c6013ca 23736 if (!ssl->specs.static_ecdh &&
wolfSSL 13:f67a6c6013ca 23737 ssl->eccTempKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 23738 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 13:f67a6c6013ca 23739 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23740 }
wolfSSL 13:f67a6c6013ca 23741
wolfSSL 13:f67a6c6013ca 23742 if (ssl->peerEccKey == NULL) {
wolfSSL 13:f67a6c6013ca 23743 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 23744 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 23745 (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 23746 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23747 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23748 }
wolfSSL 13:f67a6c6013ca 23749 } else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 23750 ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 23751 ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 23752 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 23753 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23754 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23755 }
wolfSSL 13:f67a6c6013ca 23756 }
wolfSSL 13:f67a6c6013ca 23757
wolfSSL 13:f67a6c6013ca 23758 if (wc_ecc_import_x963_ex(input + args->idx, args->length,
wolfSSL 13:f67a6c6013ca 23759 ssl->peerEccKey, private_key->dp->id)) {
wolfSSL 13:f67a6c6013ca 23760 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23761 }
wolfSSL 13:f67a6c6013ca 23762
wolfSSL 13:f67a6c6013ca 23763 ssl->peerEccKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 23764 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 23765
wolfSSL 13:f67a6c6013ca 23766 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23767 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23768 }
wolfSSL 13:f67a6c6013ca 23769 break;
wolfSSL 13:f67a6c6013ca 23770 }
wolfSSL 13:f67a6c6013ca 23771 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 23772 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 23773 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 23774 {
wolfSSL 13:f67a6c6013ca 23775 word16 clientPubSz;
wolfSSL 13:f67a6c6013ca 23776
wolfSSL 13:f67a6c6013ca 23777 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23778 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23779 }
wolfSSL 13:f67a6c6013ca 23780
wolfSSL 13:f67a6c6013ca 23781 ato16(input + args->idx, &clientPubSz);
wolfSSL 13:f67a6c6013ca 23782 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23783
wolfSSL 13:f67a6c6013ca 23784 if ((args->idx - args->begin) + clientPubSz > size) {
wolfSSL 13:f67a6c6013ca 23785 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23786 }
wolfSSL 13:f67a6c6013ca 23787
wolfSSL 13:f67a6c6013ca 23788 args->sigSz = clientPubSz;
wolfSSL 13:f67a6c6013ca 23789
wolfSSL 13:f67a6c6013ca 23790 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 13:f67a6c6013ca 23791 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 23792 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23793 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23794 }
wolfSSL 13:f67a6c6013ca 23795
wolfSSL 13:f67a6c6013ca 23796 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 23797 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 23798 ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 23799 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 23800 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 23801
wolfSSL 13:f67a6c6013ca 23802 /* set the max agree result size */
wolfSSL 13:f67a6c6013ca 23803 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 13:f67a6c6013ca 23804 break;
wolfSSL 13:f67a6c6013ca 23805 }
wolfSSL 13:f67a6c6013ca 23806 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 23807 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 23808 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 23809 {
wolfSSL 13:f67a6c6013ca 23810 word16 clientSz;
wolfSSL 13:f67a6c6013ca 23811
wolfSSL 13:f67a6c6013ca 23812 /* Read in the PSK hint */
wolfSSL 13:f67a6c6013ca 23813 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23814 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23815 }
wolfSSL 13:f67a6c6013ca 23816
wolfSSL 13:f67a6c6013ca 23817 ato16(input + args->idx, &clientSz);
wolfSSL 13:f67a6c6013ca 23818 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23819 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 23820 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23821 }
wolfSSL 13:f67a6c6013ca 23822
wolfSSL 13:f67a6c6013ca 23823 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 13:f67a6c6013ca 23824 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23825 }
wolfSSL 13:f67a6c6013ca 23826
wolfSSL 13:f67a6c6013ca 23827 XMEMCPY(ssl->arrays->client_identity, input + args->idx,
wolfSSL 13:f67a6c6013ca 23828 clientSz);
wolfSSL 13:f67a6c6013ca 23829 args->idx += clientSz;
wolfSSL 13:f67a6c6013ca 23830 ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 23831
wolfSSL 13:f67a6c6013ca 23832 /* Read in the DHE business */
wolfSSL 13:f67a6c6013ca 23833 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23834 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23835 }
wolfSSL 13:f67a6c6013ca 23836
wolfSSL 13:f67a6c6013ca 23837 ato16(input + args->idx, &clientSz);
wolfSSL 13:f67a6c6013ca 23838 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23839
wolfSSL 13:f67a6c6013ca 23840 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 13:f67a6c6013ca 23841 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23842 }
wolfSSL 13:f67a6c6013ca 23843
wolfSSL 13:f67a6c6013ca 23844 args->sigSz = clientSz;
wolfSSL 13:f67a6c6013ca 23845
wolfSSL 13:f67a6c6013ca 23846 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 13:f67a6c6013ca 23847 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 13:f67a6c6013ca 23848 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23849 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23850 }
wolfSSL 13:f67a6c6013ca 23851
wolfSSL 13:f67a6c6013ca 23852 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 23853 ssl->buffers.serverDH_P.buffer,
wolfSSL 13:f67a6c6013ca 23854 ssl->buffers.serverDH_P.length,
wolfSSL 13:f67a6c6013ca 23855 ssl->buffers.serverDH_G.buffer,
wolfSSL 13:f67a6c6013ca 23856 ssl->buffers.serverDH_G.length);
wolfSSL 13:f67a6c6013ca 23857
wolfSSL 13:f67a6c6013ca 23858 break;
wolfSSL 13:f67a6c6013ca 23859 }
wolfSSL 13:f67a6c6013ca 23860 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 23861 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 23862 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 23863 {
wolfSSL 13:f67a6c6013ca 23864 word16 clientSz;
wolfSSL 13:f67a6c6013ca 23865
wolfSSL 13:f67a6c6013ca 23866 /* Read in the PSK hint */
wolfSSL 13:f67a6c6013ca 23867 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 13:f67a6c6013ca 23868 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23869 }
wolfSSL 13:f67a6c6013ca 23870
wolfSSL 13:f67a6c6013ca 23871 ato16(input + args->idx, &clientSz);
wolfSSL 13:f67a6c6013ca 23872 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23873 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 13:f67a6c6013ca 23874 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23875 }
wolfSSL 13:f67a6c6013ca 23876 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 13:f67a6c6013ca 23877 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23878 }
wolfSSL 13:f67a6c6013ca 23879
wolfSSL 13:f67a6c6013ca 23880 XMEMCPY(ssl->arrays->client_identity,
wolfSSL 13:f67a6c6013ca 23881 input + args->idx, clientSz);
wolfSSL 13:f67a6c6013ca 23882 args->idx += clientSz;
wolfSSL 13:f67a6c6013ca 23883 ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL 13:f67a6c6013ca 23884
wolfSSL 13:f67a6c6013ca 23885 /* import peer ECC key */
wolfSSL 13:f67a6c6013ca 23886 if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL 13:f67a6c6013ca 23887 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23888 }
wolfSSL 13:f67a6c6013ca 23889
wolfSSL 13:f67a6c6013ca 23890 args->length = input[args->idx++];
wolfSSL 13:f67a6c6013ca 23891
wolfSSL 13:f67a6c6013ca 23892 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 13:f67a6c6013ca 23893 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23894 }
wolfSSL 13:f67a6c6013ca 23895
wolfSSL 13:f67a6c6013ca 23896 args->sigSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 23897
wolfSSL 13:f67a6c6013ca 23898 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 23899 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 23900 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 23901 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 23902 if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 23903 break;
wolfSSL 13:f67a6c6013ca 23904 }
wolfSSL 13:f67a6c6013ca 23905 #endif
wolfSSL 13:f67a6c6013ca 23906
wolfSSL 13:f67a6c6013ca 23907 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 23908 WOLFSSL_MSG(
wolfSSL 13:f67a6c6013ca 23909 "X25519 ephemeral key not made correctly");
wolfSSL 13:f67a6c6013ca 23910 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23911 }
wolfSSL 13:f67a6c6013ca 23912
wolfSSL 13:f67a6c6013ca 23913 if (ssl->peerX25519Key == NULL) {
wolfSSL 13:f67a6c6013ca 23914 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 23915 ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 23916 (void**)&ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 23917 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23918 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23919 }
wolfSSL 13:f67a6c6013ca 23920 } else if (ssl->peerX25519KeyPresent) {
wolfSSL 13:f67a6c6013ca 23921 ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL 13:f67a6c6013ca 23922 ssl->peerX25519Key);
wolfSSL 13:f67a6c6013ca 23923 ssl->peerX25519KeyPresent = 0;
wolfSSL 13:f67a6c6013ca 23924 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23925 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23926 }
wolfSSL 13:f67a6c6013ca 23927 }
wolfSSL 13:f67a6c6013ca 23928
wolfSSL 13:f67a6c6013ca 23929 if (wc_curve25519_import_public_ex(
wolfSSL 13:f67a6c6013ca 23930 input + args->idx, args->length,
wolfSSL 13:f67a6c6013ca 23931 ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 23932 EC25519_LITTLE_ENDIAN)) {
wolfSSL 13:f67a6c6013ca 23933 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23934 }
wolfSSL 13:f67a6c6013ca 23935
wolfSSL 13:f67a6c6013ca 23936 ssl->peerX25519KeyPresent = 1;
wolfSSL 13:f67a6c6013ca 23937
wolfSSL 13:f67a6c6013ca 23938 break;
wolfSSL 13:f67a6c6013ca 23939 }
wolfSSL 13:f67a6c6013ca 23940 #endif
wolfSSL 13:f67a6c6013ca 23941 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 23942 /* if callback then use it for shared secret */
wolfSSL 13:f67a6c6013ca 23943 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 13:f67a6c6013ca 23944 break;
wolfSSL 13:f67a6c6013ca 23945 }
wolfSSL 13:f67a6c6013ca 23946 #endif
wolfSSL 13:f67a6c6013ca 23947
wolfSSL 13:f67a6c6013ca 23948 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 13:f67a6c6013ca 23949 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 13:f67a6c6013ca 23950 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23951 }
wolfSSL 13:f67a6c6013ca 23952
wolfSSL 13:f67a6c6013ca 23953 if (ssl->peerEccKey == NULL) {
wolfSSL 13:f67a6c6013ca 23954 /* alloc/init on demand */
wolfSSL 13:f67a6c6013ca 23955 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 23956 (void**)&ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 23957 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23958 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23959 }
wolfSSL 13:f67a6c6013ca 23960 }
wolfSSL 13:f67a6c6013ca 23961 else if (ssl->peerEccKeyPresent) {
wolfSSL 13:f67a6c6013ca 23962 ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 13:f67a6c6013ca 23963 ssl->peerEccKey);
wolfSSL 13:f67a6c6013ca 23964 ssl->peerEccKeyPresent = 0;
wolfSSL 13:f67a6c6013ca 23965 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23966 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23967 }
wolfSSL 13:f67a6c6013ca 23968 }
wolfSSL 13:f67a6c6013ca 23969 if (wc_ecc_import_x963_ex(input + args->idx, args->length,
wolfSSL 13:f67a6c6013ca 23970 ssl->peerEccKey, ssl->eccTempKey->dp->id)) {
wolfSSL 13:f67a6c6013ca 23971 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 23972 }
wolfSSL 13:f67a6c6013ca 23973
wolfSSL 13:f67a6c6013ca 23974 ssl->peerEccKeyPresent = 1;
wolfSSL 13:f67a6c6013ca 23975 break;
wolfSSL 13:f67a6c6013ca 23976 }
wolfSSL 13:f67a6c6013ca 23977 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
wolfSSL 13:f67a6c6013ca 23978 default:
wolfSSL 13:f67a6c6013ca 23979 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 23980 } /* switch (ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 23981
wolfSSL 13:f67a6c6013ca 23982 /* Check for error */
wolfSSL 13:f67a6c6013ca 23983 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 23984 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 23985 }
wolfSSL 13:f67a6c6013ca 23986
wolfSSL 13:f67a6c6013ca 23987 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 23988 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 13:f67a6c6013ca 23989 } /* TLS_ASYNC_BUILD */
wolfSSL 13:f67a6c6013ca 23990 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 23991
wolfSSL 13:f67a6c6013ca 23992 case TLS_ASYNC_DO:
wolfSSL 13:f67a6c6013ca 23993 {
wolfSSL 13:f67a6c6013ca 23994 switch (ssl->specs.kea) {
wolfSSL 13:f67a6c6013ca 23995 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 23996 case rsa_kea:
wolfSSL 13:f67a6c6013ca 23997 {
wolfSSL 13:f67a6c6013ca 23998 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 13:f67a6c6013ca 23999 ret = RsaDec(ssl,
wolfSSL 13:f67a6c6013ca 24000 input + args->idx,
wolfSSL 13:f67a6c6013ca 24001 args->length,
wolfSSL 13:f67a6c6013ca 24002 &args->output,
wolfSSL 13:f67a6c6013ca 24003 &args->sigSz,
wolfSSL 13:f67a6c6013ca 24004 key,
wolfSSL 13:f67a6c6013ca 24005 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 13:f67a6c6013ca 24006 ssl->buffers.key->buffer,
wolfSSL 13:f67a6c6013ca 24007 ssl->buffers.key->length,
wolfSSL 13:f67a6c6013ca 24008 ssl->RsaDecCtx
wolfSSL 13:f67a6c6013ca 24009 #else
wolfSSL 13:f67a6c6013ca 24010 NULL, 0, NULL
wolfSSL 13:f67a6c6013ca 24011 #endif
wolfSSL 13:f67a6c6013ca 24012 );
wolfSSL 13:f67a6c6013ca 24013 break;
wolfSSL 13:f67a6c6013ca 24014 } /* rsa_kea */
wolfSSL 13:f67a6c6013ca 24015 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 24016 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 24017 case psk_kea:
wolfSSL 13:f67a6c6013ca 24018 {
wolfSSL 13:f67a6c6013ca 24019 break;
wolfSSL 13:f67a6c6013ca 24020 }
wolfSSL 13:f67a6c6013ca 24021 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 24022 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 24023 case ntru_kea:
wolfSSL 13:f67a6c6013ca 24024 {
wolfSSL 13:f67a6c6013ca 24025 break;
wolfSSL 13:f67a6c6013ca 24026 }
wolfSSL 13:f67a6c6013ca 24027 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 24028 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
wolfSSL 13:f67a6c6013ca 24029 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 24030 {
wolfSSL 13:f67a6c6013ca 24031 void* private_key = ssl->eccTempKey;
wolfSSL 13:f67a6c6013ca 24032
wolfSSL 13:f67a6c6013ca 24033 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 24034 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 24035 ret = X25519SharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 24036 (curve25519_key*)private_key,
wolfSSL 13:f67a6c6013ca 24037 ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 24038 input + args->idx, &args->length,
wolfSSL 13:f67a6c6013ca 24039 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 24040 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 24041 WOLFSSL_SERVER_END,
wolfSSL 13:f67a6c6013ca 24042 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 24043 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 24044 #else
wolfSSL 13:f67a6c6013ca 24045 NULL
wolfSSL 13:f67a6c6013ca 24046 #endif
wolfSSL 13:f67a6c6013ca 24047 );
wolfSSL 13:f67a6c6013ca 24048 break;
wolfSSL 13:f67a6c6013ca 24049 }
wolfSSL 13:f67a6c6013ca 24050 #endif
wolfSSL 13:f67a6c6013ca 24051 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 24052 if (ssl->specs.static_ecdh) {
wolfSSL 13:f67a6c6013ca 24053 private_key = ssl->hsKey;
wolfSSL 13:f67a6c6013ca 24054 }
wolfSSL 13:f67a6c6013ca 24055
wolfSSL 13:f67a6c6013ca 24056 /* Generate shared secret */
wolfSSL 13:f67a6c6013ca 24057 ret = EccSharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 24058 (ecc_key*)private_key, ssl->peerEccKey,
wolfSSL 13:f67a6c6013ca 24059 input + args->idx, &args->length,
wolfSSL 13:f67a6c6013ca 24060 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 24061 &ssl->arrays->preMasterSz,
wolfSSL 13:f67a6c6013ca 24062 WOLFSSL_SERVER_END,
wolfSSL 13:f67a6c6013ca 24063 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 24064 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 24065 #else
wolfSSL 13:f67a6c6013ca 24066 NULL
wolfSSL 13:f67a6c6013ca 24067 #endif
wolfSSL 13:f67a6c6013ca 24068 );
wolfSSL 13:f67a6c6013ca 24069 #endif
wolfSSL 13:f67a6c6013ca 24070 break;
wolfSSL 13:f67a6c6013ca 24071 }
wolfSSL 13:f67a6c6013ca 24072 #endif /* HAVE_ECC || HAVE_CURVE25519 */
wolfSSL 13:f67a6c6013ca 24073 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 24074 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 24075 {
wolfSSL 13:f67a6c6013ca 24076 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 24077 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 13:f67a6c6013ca 24078 ssl->buffers.serverDH_Priv.length,
wolfSSL 13:f67a6c6013ca 24079 input + args->idx,
wolfSSL 13:f67a6c6013ca 24080 (word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 24081 ssl->arrays->preMasterSecret,
wolfSSL 13:f67a6c6013ca 24082 &ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 24083 break;
wolfSSL 13:f67a6c6013ca 24084 }
wolfSSL 13:f67a6c6013ca 24085 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 24086 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 24087 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 24088 {
wolfSSL 13:f67a6c6013ca 24089 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 13:f67a6c6013ca 24090 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 13:f67a6c6013ca 24091 ssl->buffers.serverDH_Priv.length,
wolfSSL 13:f67a6c6013ca 24092 input + args->idx,
wolfSSL 13:f67a6c6013ca 24093 (word16)args->sigSz,
wolfSSL 13:f67a6c6013ca 24094 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 24095 &ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 24096 break;
wolfSSL 13:f67a6c6013ca 24097 }
wolfSSL 13:f67a6c6013ca 24098 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 24099 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 24100 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 24101 {
wolfSSL 13:f67a6c6013ca 24102 #ifdef HAVE_CURVE25519
wolfSSL 13:f67a6c6013ca 24103 if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL 13:f67a6c6013ca 24104 ret = X25519SharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 24105 (curve25519_key*)ssl->eccTempKey,
wolfSSL 13:f67a6c6013ca 24106 ssl->peerX25519Key,
wolfSSL 13:f67a6c6013ca 24107 input + args->idx, &args->length,
wolfSSL 13:f67a6c6013ca 24108 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 24109 &args->sigSz,
wolfSSL 13:f67a6c6013ca 24110 WOLFSSL_SERVER_END,
wolfSSL 13:f67a6c6013ca 24111 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 24112 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 24113 #else
wolfSSL 13:f67a6c6013ca 24114 NULL
wolfSSL 13:f67a6c6013ca 24115 #endif
wolfSSL 13:f67a6c6013ca 24116 );
wolfSSL 13:f67a6c6013ca 24117 break;
wolfSSL 13:f67a6c6013ca 24118 }
wolfSSL 13:f67a6c6013ca 24119 #endif
wolfSSL 13:f67a6c6013ca 24120 /* Generate shared secret */
wolfSSL 13:f67a6c6013ca 24121 ret = EccSharedSecret(ssl,
wolfSSL 13:f67a6c6013ca 24122 ssl->eccTempKey, ssl->peerEccKey,
wolfSSL 13:f67a6c6013ca 24123 input + args->idx, &args->length,
wolfSSL 13:f67a6c6013ca 24124 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 13:f67a6c6013ca 24125 &args->sigSz,
wolfSSL 13:f67a6c6013ca 24126 WOLFSSL_SERVER_END,
wolfSSL 13:f67a6c6013ca 24127 #ifdef HAVE_PK_CALLBACKS
wolfSSL 13:f67a6c6013ca 24128 ssl->EccSharedSecretCtx
wolfSSL 13:f67a6c6013ca 24129 #else
wolfSSL 13:f67a6c6013ca 24130 NULL
wolfSSL 13:f67a6c6013ca 24131 #endif
wolfSSL 13:f67a6c6013ca 24132 );
wolfSSL 13:f67a6c6013ca 24133 break;
wolfSSL 13:f67a6c6013ca 24134 }
wolfSSL 13:f67a6c6013ca 24135 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
wolfSSL 13:f67a6c6013ca 24136 default:
wolfSSL 13:f67a6c6013ca 24137 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 24138 } /* switch (ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 24139
wolfSSL 13:f67a6c6013ca 24140 /* Check for error */
wolfSSL 13:f67a6c6013ca 24141 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 24142 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 24143 }
wolfSSL 13:f67a6c6013ca 24144
wolfSSL 13:f67a6c6013ca 24145 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 24146 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 13:f67a6c6013ca 24147 } /* TLS_ASYNC_DO */
wolfSSL 13:f67a6c6013ca 24148 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 24149
wolfSSL 13:f67a6c6013ca 24150 case TLS_ASYNC_VERIFY:
wolfSSL 13:f67a6c6013ca 24151 {
wolfSSL 13:f67a6c6013ca 24152 switch (ssl->specs.kea) {
wolfSSL 13:f67a6c6013ca 24153 #ifndef NO_RSA
wolfSSL 13:f67a6c6013ca 24154 case rsa_kea:
wolfSSL 13:f67a6c6013ca 24155 {
wolfSSL 13:f67a6c6013ca 24156 /* Add the signature length to idx */
wolfSSL 13:f67a6c6013ca 24157 args->idx += args->length;
wolfSSL 13:f67a6c6013ca 24158
wolfSSL 13:f67a6c6013ca 24159 if (args->sigSz == SECRET_LEN && args->output != NULL) {
wolfSSL 13:f67a6c6013ca 24160 XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN);
wolfSSL 13:f67a6c6013ca 24161 if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||
wolfSSL 13:f67a6c6013ca 24162 ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {
wolfSSL 13:f67a6c6013ca 24163 ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 24164 }
wolfSSL 13:f67a6c6013ca 24165 }
wolfSSL 13:f67a6c6013ca 24166 else {
wolfSSL 13:f67a6c6013ca 24167 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 24168 }
wolfSSL 13:f67a6c6013ca 24169 break;
wolfSSL 13:f67a6c6013ca 24170 } /* rsa_kea */
wolfSSL 13:f67a6c6013ca 24171 #endif /* !NO_RSA */
wolfSSL 13:f67a6c6013ca 24172 #ifndef NO_PSK
wolfSSL 13:f67a6c6013ca 24173 case psk_kea:
wolfSSL 13:f67a6c6013ca 24174 {
wolfSSL 13:f67a6c6013ca 24175 break;
wolfSSL 13:f67a6c6013ca 24176 }
wolfSSL 13:f67a6c6013ca 24177 #endif /* !NO_PSK */
wolfSSL 13:f67a6c6013ca 24178 #ifdef HAVE_NTRU
wolfSSL 13:f67a6c6013ca 24179 case ntru_kea:
wolfSSL 13:f67a6c6013ca 24180 {
wolfSSL 13:f67a6c6013ca 24181 break;
wolfSSL 13:f67a6c6013ca 24182 }
wolfSSL 13:f67a6c6013ca 24183 #endif /* HAVE_NTRU */
wolfSSL 13:f67a6c6013ca 24184 #ifdef HAVE_ECC
wolfSSL 13:f67a6c6013ca 24185 case ecc_diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 24186 {
wolfSSL 13:f67a6c6013ca 24187 /* skip past the imported peer key */
wolfSSL 13:f67a6c6013ca 24188 args->idx += args->length;
wolfSSL 13:f67a6c6013ca 24189 break;
wolfSSL 13:f67a6c6013ca 24190 }
wolfSSL 13:f67a6c6013ca 24191 #endif /* HAVE_ECC */
wolfSSL 13:f67a6c6013ca 24192 #ifndef NO_DH
wolfSSL 13:f67a6c6013ca 24193 case diffie_hellman_kea:
wolfSSL 13:f67a6c6013ca 24194 {
wolfSSL 13:f67a6c6013ca 24195 args->idx += (word16)args->sigSz;
wolfSSL 13:f67a6c6013ca 24196 break;
wolfSSL 13:f67a6c6013ca 24197 }
wolfSSL 13:f67a6c6013ca 24198 #endif /* !NO_DH */
wolfSSL 13:f67a6c6013ca 24199 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 24200 case dhe_psk_kea:
wolfSSL 13:f67a6c6013ca 24201 {
wolfSSL 13:f67a6c6013ca 24202 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 24203 word16 clientSz = (word16)args->sigSz;
wolfSSL 13:f67a6c6013ca 24204
wolfSSL 13:f67a6c6013ca 24205 args->idx += clientSz;
wolfSSL 13:f67a6c6013ca 24206 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 13:f67a6c6013ca 24207 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24208 pms += ssl->arrays->preMasterSz;
wolfSSL 13:f67a6c6013ca 24209
wolfSSL 13:f67a6c6013ca 24210 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 13:f67a6c6013ca 24211 * preMasterSecret here. */
wolfSSL 13:f67a6c6013ca 24212 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 24213 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 13:f67a6c6013ca 24214 MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 24215
wolfSSL 13:f67a6c6013ca 24216 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 24217 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 24218 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 24219 }
wolfSSL 13:f67a6c6013ca 24220
wolfSSL 13:f67a6c6013ca 24221 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 24222 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24223
wolfSSL 13:f67a6c6013ca 24224 XMEMCPY(pms, ssl->arrays->psk_key,
wolfSSL 13:f67a6c6013ca 24225 ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 24226 ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
wolfSSL 13:f67a6c6013ca 24227 OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24228 break;
wolfSSL 13:f67a6c6013ca 24229 }
wolfSSL 13:f67a6c6013ca 24230 #endif /* !NO_DH && !NO_PSK */
wolfSSL 13:f67a6c6013ca 24231 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 13:f67a6c6013ca 24232 case ecdhe_psk_kea:
wolfSSL 13:f67a6c6013ca 24233 {
wolfSSL 13:f67a6c6013ca 24234 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 13:f67a6c6013ca 24235 word16 clientSz = (word16)args->sigSz;
wolfSSL 13:f67a6c6013ca 24236
wolfSSL 13:f67a6c6013ca 24237 /* skip past the imported peer key */
wolfSSL 13:f67a6c6013ca 24238 args->idx += args->length;
wolfSSL 13:f67a6c6013ca 24239
wolfSSL 13:f67a6c6013ca 24240 /* Add preMasterSecret */
wolfSSL 13:f67a6c6013ca 24241 c16toa(clientSz, pms);
wolfSSL 13:f67a6c6013ca 24242 ssl->arrays->preMasterSz += OPAQUE16_LEN + clientSz;
wolfSSL 13:f67a6c6013ca 24243 pms += ssl->arrays->preMasterSz;
wolfSSL 13:f67a6c6013ca 24244
wolfSSL 13:f67a6c6013ca 24245 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 13:f67a6c6013ca 24246 * preMasterSecret here. */
wolfSSL 13:f67a6c6013ca 24247 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 13:f67a6c6013ca 24248 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 13:f67a6c6013ca 24249 MAX_PSK_KEY_LEN);
wolfSSL 13:f67a6c6013ca 24250
wolfSSL 13:f67a6c6013ca 24251 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 13:f67a6c6013ca 24252 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 13:f67a6c6013ca 24253 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 24254 }
wolfSSL 13:f67a6c6013ca 24255
wolfSSL 13:f67a6c6013ca 24256 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 13:f67a6c6013ca 24257 pms += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24258
wolfSSL 13:f67a6c6013ca 24259 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 13:f67a6c6013ca 24260 ssl->arrays->preMasterSz +=
wolfSSL 13:f67a6c6013ca 24261 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24262 break;
wolfSSL 13:f67a6c6013ca 24263 }
wolfSSL 13:f67a6c6013ca 24264 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 13:f67a6c6013ca 24265 default:
wolfSSL 13:f67a6c6013ca 24266 ret = BAD_KEA_TYPE_E;
wolfSSL 13:f67a6c6013ca 24267 } /* switch (ssl->specs.kea) */
wolfSSL 13:f67a6c6013ca 24268
wolfSSL 13:f67a6c6013ca 24269 /* Check for error */
wolfSSL 13:f67a6c6013ca 24270 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 24271 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 24272 }
wolfSSL 13:f67a6c6013ca 24273
wolfSSL 13:f67a6c6013ca 24274 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 24275 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 13:f67a6c6013ca 24276 } /* TLS_ASYNC_VERIFY */
wolfSSL 13:f67a6c6013ca 24277 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 24278
wolfSSL 13:f67a6c6013ca 24279 case TLS_ASYNC_FINALIZE:
wolfSSL 13:f67a6c6013ca 24280 {
wolfSSL 13:f67a6c6013ca 24281 #ifdef HAVE_QSH
wolfSSL 13:f67a6c6013ca 24282 word16 name;
wolfSSL 13:f67a6c6013ca 24283
wolfSSL 13:f67a6c6013ca 24284 if (ssl->options.haveQSH) {
wolfSSL 13:f67a6c6013ca 24285 /* extension name */
wolfSSL 13:f67a6c6013ca 24286 ato16(input + args->idx, &name);
wolfSSL 13:f67a6c6013ca 24287 args->idx += OPAQUE16_LEN;
wolfSSL 13:f67a6c6013ca 24288
wolfSSL 13:f67a6c6013ca 24289 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 13:f67a6c6013ca 24290 int qshSz;
wolfSSL 13:f67a6c6013ca 24291 /* if qshSz is larger than 0 it is the
wolfSSL 13:f67a6c6013ca 24292 length of buffer used */
wolfSSL 13:f67a6c6013ca 24293 if ((qshSz = TLSX_QSHCipher_Parse(ssl,
wolfSSL 13:f67a6c6013ca 24294 input + args->idx,
wolfSSL 13:f67a6c6013ca 24295 size - args->idx + args->begin, 1)) < 0) {
wolfSSL 13:f67a6c6013ca 24296 ERROR_OUT(qshSz, exit_dcke);
wolfSSL 13:f67a6c6013ca 24297 }
wolfSSL 13:f67a6c6013ca 24298 args->idx += qshSz;
wolfSSL 13:f67a6c6013ca 24299 }
wolfSSL 13:f67a6c6013ca 24300 else {
wolfSSL 13:f67a6c6013ca 24301 /* unknown extension sent client ignored handshake */
wolfSSL 13:f67a6c6013ca 24302 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 13:f67a6c6013ca 24303 }
wolfSSL 13:f67a6c6013ca 24304 }
wolfSSL 13:f67a6c6013ca 24305 #endif /* HAVE_QSH */
wolfSSL 13:f67a6c6013ca 24306 ret = MakeMasterSecret(ssl);
wolfSSL 13:f67a6c6013ca 24307
wolfSSL 13:f67a6c6013ca 24308 /* Check for error */
wolfSSL 13:f67a6c6013ca 24309 if (ret != 0) {
wolfSSL 13:f67a6c6013ca 24310 goto exit_dcke;
wolfSSL 13:f67a6c6013ca 24311 }
wolfSSL 13:f67a6c6013ca 24312
wolfSSL 13:f67a6c6013ca 24313 /* Advance state and proceed */
wolfSSL 13:f67a6c6013ca 24314 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 13:f67a6c6013ca 24315 } /* TLS_ASYNC_FINALIZE */
wolfSSL 13:f67a6c6013ca 24316 FALL_THROUGH;
wolfSSL 13:f67a6c6013ca 24317
wolfSSL 13:f67a6c6013ca 24318 case TLS_ASYNC_END:
wolfSSL 13:f67a6c6013ca 24319 {
wolfSSL 13:f67a6c6013ca 24320 /* Set final index */
wolfSSL 13:f67a6c6013ca 24321 *inOutIdx = args->idx;
wolfSSL 13:f67a6c6013ca 24322
wolfSSL 13:f67a6c6013ca 24323 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 13:f67a6c6013ca 24324 #ifndef NO_CERTS
wolfSSL 13:f67a6c6013ca 24325 if (ssl->options.verifyPeer) {
wolfSSL 13:f67a6c6013ca 24326 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 13:f67a6c6013ca 24327 }
wolfSSL 13:f67a6c6013ca 24328 #endif
wolfSSL 13:f67a6c6013ca 24329 break;
wolfSSL 13:f67a6c6013ca 24330 } /* TLS_ASYNC_END */
wolfSSL 13:f67a6c6013ca 24331 default:
wolfSSL 13:f67a6c6013ca 24332 ret = INPUT_CASE_ERROR;
wolfSSL 13:f67a6c6013ca 24333 } /* switch(ssl->options.asyncState) */
wolfSSL 13:f67a6c6013ca 24334
wolfSSL 13:f67a6c6013ca 24335 exit_dcke:
wolfSSL 13:f67a6c6013ca 24336
wolfSSL 13:f67a6c6013ca 24337 WOLFSSL_LEAVE("DoClientKeyExchange", ret);
wolfSSL 13:f67a6c6013ca 24338
wolfSSL 13:f67a6c6013ca 24339 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 24340 /* Handle async operation */
wolfSSL 13:f67a6c6013ca 24341 if (ret == WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 24342 /* Mark message as not recevied so it can process again */
wolfSSL 13:f67a6c6013ca 24343 ssl->msgsReceived.got_client_key_exchange = 0;
wolfSSL 13:f67a6c6013ca 24344
wolfSSL 13:f67a6c6013ca 24345 return ret;
wolfSSL 13:f67a6c6013ca 24346 }
wolfSSL 13:f67a6c6013ca 24347 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 24348
wolfSSL 13:f67a6c6013ca 24349 /* Cleanup PMS */
wolfSSL 13:f67a6c6013ca 24350 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 13:f67a6c6013ca 24351 ssl->arrays->preMasterSz = 0;
wolfSSL 13:f67a6c6013ca 24352
wolfSSL 13:f67a6c6013ca 24353 /* Final cleanup */
wolfSSL 13:f67a6c6013ca 24354 FreeDckeArgs(ssl, args);
wolfSSL 13:f67a6c6013ca 24355 FreeKeyExchange(ssl);
wolfSSL 13:f67a6c6013ca 24356
wolfSSL 13:f67a6c6013ca 24357 return ret;
wolfSSL 13:f67a6c6013ca 24358 }
wolfSSL 13:f67a6c6013ca 24359
wolfSSL 13:f67a6c6013ca 24360
wolfSSL 13:f67a6c6013ca 24361 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 13:f67a6c6013ca 24362 int SNI_Callback(WOLFSSL* ssl)
wolfSSL 13:f67a6c6013ca 24363 {
wolfSSL 13:f67a6c6013ca 24364 /* Stunnel supports a custom sni callback to switch an SSL's ctx
wolfSSL 13:f67a6c6013ca 24365 * when SNI is received. Call it now if exists */
wolfSSL 13:f67a6c6013ca 24366 if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
wolfSSL 13:f67a6c6013ca 24367 WOLFSSL_MSG("Calling custom sni callback");
wolfSSL 13:f67a6c6013ca 24368 if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
wolfSSL 13:f67a6c6013ca 24369 == alert_fatal) {
wolfSSL 13:f67a6c6013ca 24370 WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
wolfSSL 13:f67a6c6013ca 24371 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 13:f67a6c6013ca 24372 return FATAL_ERROR;
wolfSSL 13:f67a6c6013ca 24373 }
wolfSSL 13:f67a6c6013ca 24374 }
wolfSSL 13:f67a6c6013ca 24375 return 0;
wolfSSL 13:f67a6c6013ca 24376 }
wolfSSL 13:f67a6c6013ca 24377 #endif /* HAVE_STUNNEL || WOLGSSL_NGINX */
wolfSSL 13:f67a6c6013ca 24378 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 13:f67a6c6013ca 24379
wolfSSL 13:f67a6c6013ca 24380
wolfSSL 13:f67a6c6013ca 24381 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 24382 int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
wolfSSL 13:f67a6c6013ca 24383 {
wolfSSL 13:f67a6c6013ca 24384 int ret = 0;
wolfSSL 13:f67a6c6013ca 24385 WC_ASYNC_DEV* asyncDev;
wolfSSL 13:f67a6c6013ca 24386 WOLF_EVENT* event;
wolfSSL 13:f67a6c6013ca 24387
wolfSSL 13:f67a6c6013ca 24388 if (ssl == NULL) {
wolfSSL 13:f67a6c6013ca 24389 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 24390 }
wolfSSL 13:f67a6c6013ca 24391
wolfSSL 13:f67a6c6013ca 24392 /* check for pending async */
wolfSSL 13:f67a6c6013ca 24393 asyncDev = ssl->async.dev;
wolfSSL 13:f67a6c6013ca 24394 if (asyncDev) {
wolfSSL 13:f67a6c6013ca 24395 /* grab event pointer */
wolfSSL 13:f67a6c6013ca 24396 event = &asyncDev->event;
wolfSSL 13:f67a6c6013ca 24397
wolfSSL 13:f67a6c6013ca 24398 ret = wolfAsync_EventPop(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL);
wolfSSL 13:f67a6c6013ca 24399 if (ret != WC_NOT_PENDING_E && ret != WC_PENDING_E) {
wolfSSL 13:f67a6c6013ca 24400
wolfSSL 13:f67a6c6013ca 24401 /* advance key share state if doesn't need called again */
wolfSSL 13:f67a6c6013ca 24402 if (state && (asyncDev->event.flags & WC_ASYNC_FLAG_CALL_AGAIN) == 0) {
wolfSSL 13:f67a6c6013ca 24403 (*state)++;
wolfSSL 13:f67a6c6013ca 24404 }
wolfSSL 13:f67a6c6013ca 24405
wolfSSL 13:f67a6c6013ca 24406 /* clear event */
wolfSSL 13:f67a6c6013ca 24407 XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT));
wolfSSL 13:f67a6c6013ca 24408
wolfSSL 13:f67a6c6013ca 24409 /* clear async dev */
wolfSSL 13:f67a6c6013ca 24410 ssl->async.dev = NULL;
wolfSSL 13:f67a6c6013ca 24411 }
wolfSSL 13:f67a6c6013ca 24412 }
wolfSSL 13:f67a6c6013ca 24413 else {
wolfSSL 13:f67a6c6013ca 24414 ret = WC_NOT_PENDING_E;
wolfSSL 13:f67a6c6013ca 24415 }
wolfSSL 13:f67a6c6013ca 24416
wolfSSL 13:f67a6c6013ca 24417 WOLFSSL_LEAVE("wolfSSL_AsyncPop", ret);
wolfSSL 13:f67a6c6013ca 24418
wolfSSL 13:f67a6c6013ca 24419 return ret;
wolfSSL 13:f67a6c6013ca 24420 }
wolfSSL 13:f67a6c6013ca 24421
wolfSSL 13:f67a6c6013ca 24422 int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags)
wolfSSL 13:f67a6c6013ca 24423 {
wolfSSL 13:f67a6c6013ca 24424 int ret;
wolfSSL 13:f67a6c6013ca 24425 WOLF_EVENT* event;
wolfSSL 13:f67a6c6013ca 24426
wolfSSL 13:f67a6c6013ca 24427 if (ssl == NULL || asyncDev == NULL) {
wolfSSL 13:f67a6c6013ca 24428 return BAD_FUNC_ARG;
wolfSSL 13:f67a6c6013ca 24429 }
wolfSSL 13:f67a6c6013ca 24430
wolfSSL 13:f67a6c6013ca 24431 /* grab event pointer */
wolfSSL 13:f67a6c6013ca 24432 event = &asyncDev->event;
wolfSSL 13:f67a6c6013ca 24433
wolfSSL 13:f67a6c6013ca 24434 /* init event */
wolfSSL 13:f67a6c6013ca 24435 ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, ssl, flags);
wolfSSL 13:f67a6c6013ca 24436 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 24437 ssl->async.dev = asyncDev;
wolfSSL 13:f67a6c6013ca 24438
wolfSSL 13:f67a6c6013ca 24439 /* place event into queue */
wolfSSL 13:f67a6c6013ca 24440 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, event);
wolfSSL 13:f67a6c6013ca 24441 }
wolfSSL 13:f67a6c6013ca 24442
wolfSSL 13:f67a6c6013ca 24443 /* success means return WC_PENDING_E */
wolfSSL 13:f67a6c6013ca 24444 if (ret == 0) {
wolfSSL 13:f67a6c6013ca 24445 ret = WC_PENDING_E;
wolfSSL 13:f67a6c6013ca 24446 }
wolfSSL 13:f67a6c6013ca 24447
wolfSSL 13:f67a6c6013ca 24448 WOLFSSL_LEAVE("wolfSSL_AsyncPush", ret);
wolfSSL 13:f67a6c6013ca 24449
wolfSSL 13:f67a6c6013ca 24450 return ret;
wolfSSL 13:f67a6c6013ca 24451 }
wolfSSL 13:f67a6c6013ca 24452
wolfSSL 13:f67a6c6013ca 24453 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 13:f67a6c6013ca 24454
wolfSSL 13:f67a6c6013ca 24455
wolfSSL 13:f67a6c6013ca 24456 #undef ERROR_OUT
wolfSSL 13:f67a6c6013ca 24457
wolfSSL 13:f67a6c6013ca 24458 #endif /* WOLFCRYPT_ONLY */
wolfSSL 13:f67a6c6013ca 24459