2011-02-05 22:14:47 +03:00
|
|
|
/* tls.c
|
|
|
|
*
|
2013-02-06 00:44:17 +04:00
|
|
|
* Copyright (C) 2006-2013 wolfSSL Inc.
|
2011-02-05 22:14:47 +03:00
|
|
|
*
|
|
|
|
* This file is part of CyaSSL.
|
|
|
|
*
|
|
|
|
* CyaSSL is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* CyaSSL is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
|
|
*/
|
|
|
|
|
2011-08-25 03:37:16 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include <config.h>
|
|
|
|
#endif
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2013-04-10 22:04:29 +04:00
|
|
|
#include <cyassl/ctaocrypt/settings.h>
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
#include <cyassl/ssl.h>
|
2011-08-25 23:41:19 +04:00
|
|
|
#include <cyassl/internal.h>
|
|
|
|
#include <cyassl/error.h>
|
|
|
|
#include <cyassl/ctaocrypt/hmac.h>
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef NO_TLS
|
|
|
|
|
|
|
|
|
2012-06-02 02:37:51 +04:00
|
|
|
#ifndef min
|
|
|
|
|
|
|
|
static INLINE word32 min(word32 a, word32 b)
|
|
|
|
{
|
|
|
|
return a > b ? b : a;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* min */
|
|
|
|
|
|
|
|
|
2012-06-28 01:41:16 +04:00
|
|
|
#ifdef CYASSL_SHA384
|
|
|
|
#define PHASH_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
|
|
|
|
#else
|
|
|
|
#define PHASH_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
|
|
|
|
#endif
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2012-06-28 01:41:16 +04:00
|
|
|
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
|
2011-04-28 04:31:08 +04:00
|
|
|
static void p_hash(byte* result, word32 resLen, const byte* secret,
|
|
|
|
word32 secLen, const byte* seed, word32 seedLen, int hash)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2013-03-08 05:44:40 +04:00
|
|
|
word32 len = PHASH_MAX_DIGEST_SIZE;
|
2012-06-28 01:41:16 +04:00
|
|
|
word32 times;
|
|
|
|
word32 lastLen;
|
2011-02-05 22:14:47 +03:00
|
|
|
word32 lastTime;
|
|
|
|
word32 i;
|
|
|
|
word32 idx = 0;
|
2012-06-28 01:41:16 +04:00
|
|
|
byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
|
|
|
|
byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
Hmac hmac;
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
switch (hash) {
|
|
|
|
#ifndef NO_MD5
|
|
|
|
case md5_mac:
|
|
|
|
{
|
|
|
|
len = MD5_DIGEST_SIZE;
|
|
|
|
hash = MD5;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifndef NO_SHA256
|
|
|
|
case sha256_mac:
|
|
|
|
{
|
|
|
|
len = SHA256_DIGEST_SIZE;
|
|
|
|
hash = SHA256;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifdef CYASSL_SHA384
|
|
|
|
case sha384_mac:
|
|
|
|
{
|
|
|
|
len = SHA384_DIGEST_SIZE;
|
|
|
|
hash = SHA384;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
2013-03-08 05:44:40 +04:00
|
|
|
#ifndef NO_SHA
|
2012-11-27 06:40:43 +04:00
|
|
|
case sha_mac:
|
|
|
|
default:
|
|
|
|
{
|
|
|
|
len = SHA_DIGEST_SIZE;
|
|
|
|
hash = SHA;
|
|
|
|
}
|
|
|
|
break;
|
2013-03-08 05:44:40 +04:00
|
|
|
#endif
|
2012-06-28 01:41:16 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
times = resLen / len;
|
|
|
|
lastLen = resLen % len;
|
2011-02-05 22:14:47 +03:00
|
|
|
if (lastLen) times += 1;
|
|
|
|
lastTime = times - 1;
|
|
|
|
|
2012-06-28 01:41:16 +04:00
|
|
|
HmacSetKey(&hmac, hash, secret, secLen);
|
2011-02-05 22:14:47 +03:00
|
|
|
HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
|
|
|
|
HmacFinal(&hmac, previous); /* A1 */
|
|
|
|
|
|
|
|
for (i = 0; i < times; i++) {
|
|
|
|
HmacUpdate(&hmac, previous, len);
|
|
|
|
HmacUpdate(&hmac, seed, seedLen);
|
|
|
|
HmacFinal(&hmac, current);
|
|
|
|
|
|
|
|
if ( (i == lastTime) && lastLen)
|
2012-06-02 02:37:51 +04:00
|
|
|
XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
|
2011-02-05 22:14:47 +03:00
|
|
|
else {
|
|
|
|
XMEMCPY(&result[idx], current, len);
|
|
|
|
idx += len;
|
|
|
|
HmacUpdate(&hmac, previous, len);
|
|
|
|
HmacFinal(&hmac, previous);
|
|
|
|
}
|
|
|
|
}
|
2013-03-20 20:12:00 +04:00
|
|
|
XMEMSET(previous, 0, sizeof previous);
|
|
|
|
XMEMSET(current, 0, sizeof current);
|
|
|
|
XMEMSET(&hmac, 0, sizeof hmac);
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-03-08 05:44:40 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
2012-11-27 06:40:43 +04:00
|
|
|
|
|
|
|
/* calculate XOR for TLSv1 PRF */
|
|
|
|
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
|
|
|
|
{
|
|
|
|
word32 i;
|
|
|
|
|
|
|
|
for (i = 0; i < digLen; i++)
|
|
|
|
digest[i] = md5[i] ^ sha[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
/* compute TLSv1 PRF (pseudo random function using HMAC) */
|
2012-09-05 03:34:26 +04:00
|
|
|
static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
2012-09-05 23:30:51 +04:00
|
|
|
const byte* label, word32 labLen, const byte* seed, word32 seedLen)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
word32 half = (secLen + 1) / 2;
|
|
|
|
|
|
|
|
byte md5_half[MAX_PRF_HALF]; /* half is real size */
|
|
|
|
byte sha_half[MAX_PRF_HALF]; /* half is real size */
|
|
|
|
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
|
|
|
|
byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
|
|
|
|
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
|
|
|
|
|
|
|
|
if (half > MAX_PRF_HALF)
|
|
|
|
return;
|
|
|
|
if (labLen + seedLen > MAX_PRF_LABSEED)
|
|
|
|
return;
|
|
|
|
if (digLen > MAX_PRF_DIG)
|
|
|
|
return;
|
2013-03-27 23:32:22 +04:00
|
|
|
|
|
|
|
XMEMSET(md5_result, 0, digLen);
|
|
|
|
XMEMSET(sha_result, 0, digLen);
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
XMEMCPY(md5_half, secret, half);
|
|
|
|
XMEMCPY(sha_half, secret + half - secLen % 2, half);
|
|
|
|
|
|
|
|
XMEMCPY(labelSeed, label, labLen);
|
|
|
|
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
|
|
|
|
2012-09-05 03:34:26 +04:00
|
|
|
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen,
|
|
|
|
md5_mac);
|
|
|
|
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen,
|
|
|
|
sha_mac);
|
|
|
|
get_xor(digest, digLen, md5_result, sha_result);
|
|
|
|
}
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif
|
|
|
|
|
2012-09-05 03:34:26 +04:00
|
|
|
|
|
|
|
/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
|
|
|
|
use */
|
|
|
|
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
|
|
|
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
|
|
|
|
int useAtLeastSha256, int hash_type)
|
|
|
|
{
|
2012-06-28 01:41:16 +04:00
|
|
|
if (useAtLeastSha256) {
|
2012-09-05 03:34:26 +04:00
|
|
|
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
|
|
|
|
|
|
|
|
if (labLen + seedLen > MAX_PRF_LABSEED)
|
|
|
|
return;
|
|
|
|
|
|
|
|
XMEMCPY(labelSeed, label, labLen);
|
|
|
|
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
|
|
|
|
2012-06-28 01:41:16 +04:00
|
|
|
/* If a cipher suite wants an algorithm better than sha256, it
|
|
|
|
* should use better. */
|
|
|
|
if (hash_type < sha256_mac)
|
|
|
|
hash_type = sha256_mac;
|
2011-02-05 22:14:47 +03:00
|
|
|
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
|
2012-06-28 01:41:16 +04:00
|
|
|
hash_type);
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
2013-03-08 05:44:40 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
2012-09-05 03:34:26 +04:00
|
|
|
else
|
2012-09-05 23:30:51 +04:00
|
|
|
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen);
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-06-28 20:06:24 +04:00
|
|
|
#ifdef CYASSL_SHA384
|
|
|
|
#define HSHASH_SZ SHA384_DIGEST_SIZE
|
|
|
|
#else
|
|
|
|
#define HSHASH_SZ FINISHED_SZ
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
const byte* side;
|
2012-06-28 20:06:24 +04:00
|
|
|
byte handshake_hash[HSHASH_SZ];
|
2011-02-28 23:21:06 +03:00
|
|
|
word32 hashSz = FINISHED_SZ;
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2013-03-08 05:44:40 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
2011-02-05 22:14:47 +03:00
|
|
|
Md5Final(&ssl->hashMd5, handshake_hash);
|
|
|
|
ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif
|
|
|
|
|
2011-02-28 23:21:06 +03:00
|
|
|
if (IsAtLeastTLSv1_2(ssl)) {
|
2012-06-28 01:41:16 +04:00
|
|
|
#ifndef NO_SHA256
|
|
|
|
if (ssl->specs.mac_algorithm <= sha256_mac) {
|
|
|
|
Sha256Final(&ssl->hashSha256, handshake_hash);
|
|
|
|
hashSz = SHA256_DIGEST_SIZE;
|
|
|
|
}
|
2011-02-28 23:21:06 +03:00
|
|
|
#endif
|
2012-06-28 01:41:16 +04:00
|
|
|
#ifdef CYASSL_SHA384
|
|
|
|
if (ssl->specs.mac_algorithm == sha384_mac) {
|
|
|
|
Sha384Final(&ssl->hashSha384, handshake_hash);
|
|
|
|
hashSz = SHA384_DIGEST_SIZE;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
}
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
|
|
|
|
side = tls_client;
|
|
|
|
else
|
|
|
|
side = tls_server;
|
|
|
|
|
2013-02-19 02:36:50 +04:00
|
|
|
PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN,
|
2012-06-28 01:41:16 +04:00
|
|
|
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
|
|
|
|
ssl->specs.mac_algorithm);
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-11-28 10:17:25 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
ProtocolVersion MakeTLSv1(void)
|
|
|
|
{
|
|
|
|
ProtocolVersion pv;
|
|
|
|
pv.major = SSLv3_MAJOR;
|
|
|
|
pv.minor = TLSv1_MINOR;
|
|
|
|
|
|
|
|
return pv;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ProtocolVersion MakeTLSv1_1(void)
|
|
|
|
{
|
|
|
|
ProtocolVersion pv;
|
|
|
|
pv.major = SSLv3_MAJOR;
|
|
|
|
pv.minor = TLSv1_1_MINOR;
|
|
|
|
|
|
|
|
return pv;
|
|
|
|
}
|
|
|
|
|
2012-11-28 10:17:25 +04:00
|
|
|
#endif
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
ProtocolVersion MakeTLSv1_2(void)
|
|
|
|
{
|
|
|
|
ProtocolVersion pv;
|
|
|
|
pv.major = SSLv3_MAJOR;
|
|
|
|
pv.minor = TLSv1_2_MINOR;
|
|
|
|
|
|
|
|
return pv;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
|
|
|
|
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
int DeriveTlsKeys(CYASSL* ssl)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
int length = 2 * ssl->specs.hash_size +
|
|
|
|
2 * ssl->specs.key_size +
|
|
|
|
2 * ssl->specs.iv_size;
|
|
|
|
byte seed[SEED_LEN];
|
|
|
|
byte key_data[MAX_PRF_DIG];
|
|
|
|
|
2012-09-15 08:19:06 +04:00
|
|
|
XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
|
|
|
|
XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN);
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2012-09-15 08:19:06 +04:00
|
|
|
PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN, key_label,
|
2012-06-28 01:41:16 +04:00
|
|
|
KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
|
|
|
|
ssl->specs.mac_algorithm);
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
return StoreKeys(ssl, key_data);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
int MakeTlsMasterSecret(CYASSL* ssl)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
byte seed[SEED_LEN];
|
|
|
|
|
2012-09-15 08:19:06 +04:00
|
|
|
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
|
|
|
|
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2012-09-15 08:19:06 +04:00
|
|
|
PRF(ssl->arrays->masterSecret, SECRET_LEN,
|
|
|
|
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
|
2011-02-05 22:14:47 +03:00
|
|
|
master_label, MASTER_LABEL_SZ,
|
2012-06-28 01:41:16 +04:00
|
|
|
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
#ifdef SHOW_SECRETS
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
printf("master secret: ");
|
|
|
|
for (i = 0; i < SECRET_LEN; i++)
|
2012-09-15 08:19:06 +04:00
|
|
|
printf("%02x", ssl->arrays->masterSecret[i]);
|
2011-02-05 22:14:47 +03:00
|
|
|
printf("\n");
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return DeriveTlsKeys(ssl);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-03-22 22:30:12 +04:00
|
|
|
/* Used by EAP-TLS and EAP-TTLS to derive keying material from
|
|
|
|
* the master_secret. */
|
|
|
|
int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
|
|
|
|
const char* label)
|
|
|
|
{
|
|
|
|
byte seed[SEED_LEN];
|
|
|
|
|
|
|
|
/*
|
|
|
|
* As per RFC-5281, the order of the client and server randoms is reversed
|
|
|
|
* from that used by the TLS protocol to derive keys.
|
|
|
|
*/
|
|
|
|
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
|
|
|
|
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
|
|
|
|
|
2013-03-25 00:06:22 +04:00
|
|
|
PRF((byte*)msk, len,
|
2013-03-22 22:30:12 +04:00
|
|
|
ssl->arrays->masterSecret, SECRET_LEN,
|
|
|
|
(const byte *)label, (word32)strlen(label),
|
|
|
|
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-08-10 04:27:15 +04:00
|
|
|
/*** next for static INLINE s copied internal.c ***/
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
/* convert 16 bit integer to opaque */
|
2013-03-25 22:50:15 +04:00
|
|
|
static INLINE void c16toa(word16 u16, byte* c)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
c[0] = (u16 >> 8) & 0xff;
|
|
|
|
c[1] = u16 & 0xff;
|
|
|
|
}
|
|
|
|
|
2013-11-07 05:29:01 +04:00
|
|
|
#ifdef HAVE_TLS_EXTENSIONS
|
2013-05-22 01:37:50 +04:00
|
|
|
/* convert opaque to 16 bit integer */
|
|
|
|
static INLINE void ato16(const byte* c, word16* u16)
|
|
|
|
{
|
|
|
|
*u16 = (c[0] << 8) | (c[1]);
|
|
|
|
}
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
#ifdef HAVE_SNI
|
|
|
|
/* convert a 24 bit integer into a 32 bit one */
|
|
|
|
static INLINE void c24to32(const word24 u24, word32* u32)
|
|
|
|
{
|
|
|
|
*u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
|
|
|
|
}
|
|
|
|
#endif
|
2013-11-07 05:29:01 +04:00
|
|
|
#endif
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
/* convert 32 bit integer to opaque */
|
|
|
|
static INLINE void c32toa(word32 u32, byte* c)
|
|
|
|
{
|
|
|
|
c[0] = (u32 >> 24) & 0xff;
|
|
|
|
c[1] = (u32 >> 16) & 0xff;
|
|
|
|
c[2] = (u32 >> 8) & 0xff;
|
|
|
|
c[3] = u32 & 0xff;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
if (ssl->options.dtls) {
|
|
|
|
if (verify)
|
|
|
|
return ssl->keys.dtls_peer_sequence_number; /* explicit from peer */
|
|
|
|
else
|
|
|
|
return ssl->keys.dtls_sequence_number - 1; /* already incremented */
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
if (verify)
|
|
|
|
return ssl->keys.peer_sequence_number++;
|
|
|
|
else
|
|
|
|
return ssl->keys.sequence_number++;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
|
|
|
if (verify)
|
|
|
|
return ssl->keys.dtls_peer_epoch;
|
|
|
|
else
|
|
|
|
return ssl->keys.dtls_epoch;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CYASSL_DTLS */
|
|
|
|
|
|
|
|
|
|
|
|
/*** end copy ***/
|
|
|
|
|
|
|
|
|
2013-08-10 04:27:15 +04:00
|
|
|
/* return HMAC digest type in CyaSSL format */
|
|
|
|
int CyaSSL_GetHmacType(CYASSL* ssl)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2013-08-10 04:27:15 +04:00
|
|
|
if (ssl == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
switch (ssl->specs.mac_algorithm) {
|
|
|
|
#ifndef NO_MD5
|
|
|
|
case md5_mac:
|
|
|
|
{
|
2013-08-10 04:27:15 +04:00
|
|
|
return MD5;
|
2012-11-27 06:40:43 +04:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifndef NO_SHA256
|
|
|
|
case sha256_mac:
|
|
|
|
{
|
2013-08-10 04:27:15 +04:00
|
|
|
return SHA256;
|
2012-11-27 06:40:43 +04:00
|
|
|
}
|
|
|
|
#endif
|
2013-03-05 01:25:46 +04:00
|
|
|
#ifdef CYASSL_SHA384
|
|
|
|
case sha384_mac:
|
|
|
|
{
|
2013-08-10 04:27:15 +04:00
|
|
|
return SHA384;
|
2013-03-05 01:25:46 +04:00
|
|
|
}
|
2013-11-07 05:29:01 +04:00
|
|
|
|
2013-03-05 01:25:46 +04:00
|
|
|
#endif
|
2013-08-10 04:27:15 +04:00
|
|
|
#ifndef NO_SHA
|
2012-11-27 06:40:43 +04:00
|
|
|
case sha_mac:
|
|
|
|
{
|
2013-08-10 04:27:15 +04:00
|
|
|
return SHA;
|
2012-11-27 06:40:43 +04:00
|
|
|
}
|
2013-08-10 04:27:15 +04:00
|
|
|
#endif
|
2013-10-24 04:13:54 +04:00
|
|
|
#ifdef HAVE_BLAKE2
|
|
|
|
case blake2b_mac:
|
|
|
|
{
|
|
|
|
return BLAKE2B_ID;
|
|
|
|
}
|
|
|
|
#endif
|
2013-08-23 21:09:35 +04:00
|
|
|
default:
|
|
|
|
{
|
|
|
|
return SSL_FATAL_ERROR;
|
|
|
|
}
|
2012-11-27 06:40:43 +04:00
|
|
|
}
|
2013-08-10 04:27:15 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
|
|
|
|
int verify)
|
|
|
|
{
|
|
|
|
if (ssl == NULL || inner == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ);
|
|
|
|
|
|
|
|
#ifdef CYASSL_DTLS
|
|
|
|
if (ssl->options.dtls)
|
|
|
|
c16toa((word16)GetEpoch(ssl, verify), inner);
|
|
|
|
#endif
|
|
|
|
c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
|
|
|
|
inner[SEQ_SZ] = (byte)content;
|
|
|
|
inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
|
|
|
|
inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
|
|
|
|
c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* TLS type HMAC */
|
|
|
|
void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
|
|
|
|
int content, int verify)
|
|
|
|
{
|
|
|
|
Hmac hmac;
|
|
|
|
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2013-08-10 04:27:15 +04:00
|
|
|
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
|
|
|
|
|
|
|
|
HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify),
|
|
|
|
ssl->specs.hash_size);
|
|
|
|
HmacUpdate(&hmac, myInner, sizeof(myInner));
|
2011-05-25 21:25:05 +04:00
|
|
|
HmacUpdate(&hmac, in, sz); /* content */
|
2011-02-05 22:14:47 +03:00
|
|
|
HmacFinal(&hmac, digest);
|
|
|
|
}
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
#ifdef HAVE_TLS_EXTENSIONS
|
|
|
|
|
|
|
|
static int TLSX_Append(TLSX** list, TLSX_Type type)
|
|
|
|
{
|
|
|
|
TLSX* extension;
|
|
|
|
|
|
|
|
if (list == NULL) /* won't check type since this function is static */
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
if ((extension = XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX)) == NULL)
|
|
|
|
return MEMORY_E;
|
|
|
|
|
|
|
|
extension->type = type;
|
|
|
|
extension->data = NULL;
|
|
|
|
extension->resp = 0;
|
|
|
|
extension->next = *list;
|
|
|
|
*list = extension;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
|
|
|
|
static void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
|
|
|
|
{
|
|
|
|
TLSX *ext = TLSX_Find(ssl->extensions, type);
|
|
|
|
|
|
|
|
if (ext)
|
|
|
|
ext->resp = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* SNI - Server Name Indication */
|
|
|
|
|
|
|
|
#ifdef HAVE_SNI
|
|
|
|
|
|
|
|
static void TLSX_SNI_Free(SNI* sni)
|
|
|
|
{
|
|
|
|
if (sni) {
|
|
|
|
switch (sni->type) {
|
2013-05-30 22:22:38 +04:00
|
|
|
case CYASSL_SNI_HOST_NAME:
|
2013-05-22 01:37:50 +04:00
|
|
|
XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void TLSX_SNI_FreeAll(SNI* list)
|
|
|
|
{
|
|
|
|
SNI* sni;
|
|
|
|
|
|
|
|
while ((sni = list)) {
|
|
|
|
list = sni->next;
|
|
|
|
TLSX_SNI_Free(sni);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-05-30 22:22:38 +04:00
|
|
|
static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
|
2013-05-22 01:37:50 +04:00
|
|
|
{
|
|
|
|
SNI* sni;
|
|
|
|
|
|
|
|
if (list == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
|
|
|
|
return MEMORY_E;
|
|
|
|
|
|
|
|
switch (type) {
|
2013-05-30 22:22:38 +04:00
|
|
|
case CYASSL_SNI_HOST_NAME: {
|
2013-05-22 01:37:50 +04:00
|
|
|
sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
|
|
|
|
if (sni->data.host_name) {
|
|
|
|
XSTRNCPY(sni->data.host_name, (const char*) data, size);
|
|
|
|
sni->data.host_name[size] = 0;
|
|
|
|
} else {
|
|
|
|
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
return MEMORY_E;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
default: /* invalid type */
|
|
|
|
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
sni->type = type;
|
|
|
|
sni->next = *list;
|
2013-06-04 00:55:06 +04:00
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
2013-05-30 22:22:38 +04:00
|
|
|
sni->options = 0;
|
2013-06-19 22:45:06 +04:00
|
|
|
sni->status = CYASSL_SNI_NO_MATCH;
|
2013-06-04 00:55:06 +04:00
|
|
|
#endif
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
*list = sni;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static word16 TLSX_SNI_GetSize(SNI* list)
|
|
|
|
{
|
|
|
|
SNI* sni;
|
|
|
|
word16 length = OPAQUE16_LEN; /* list length */
|
|
|
|
|
|
|
|
while ((sni = list)) {
|
|
|
|
list = sni->next;
|
|
|
|
|
|
|
|
length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
|
|
|
|
|
|
|
|
switch (sni->type) {
|
2013-05-30 22:22:38 +04:00
|
|
|
case CYASSL_SNI_HOST_NAME:
|
2013-05-22 01:37:50 +04:00
|
|
|
length += XSTRLEN((char*) sni->data.host_name);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
static word16 TLSX_SNI_Write(SNI* list, byte* output)
|
|
|
|
{
|
|
|
|
SNI* sni;
|
|
|
|
word16 length = 0;
|
|
|
|
word16 offset = OPAQUE16_LEN; /* list length offset */
|
|
|
|
|
|
|
|
while ((sni = list)) {
|
|
|
|
list = sni->next;
|
|
|
|
|
|
|
|
output[offset++] = sni->type; /* sni type */
|
|
|
|
|
|
|
|
switch (sni->type) {
|
2013-05-30 22:22:38 +04:00
|
|
|
case CYASSL_SNI_HOST_NAME:
|
2013-05-22 01:37:50 +04:00
|
|
|
length = XSTRLEN((char*) sni->data.host_name);
|
|
|
|
|
|
|
|
c16toa(length, output + offset); /* sni length */
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
XMEMCPY(output + offset, sni->data.host_name, length);
|
|
|
|
|
|
|
|
offset += length;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2013-05-30 22:22:38 +04:00
|
|
|
static SNI* TLSX_SNI_Find(SNI *list, byte type)
|
2013-05-22 01:37:50 +04:00
|
|
|
{
|
|
|
|
SNI *sni = list;
|
|
|
|
|
|
|
|
while (sni && sni->type != type)
|
|
|
|
sni = sni->next;
|
|
|
|
|
|
|
|
return sni;
|
|
|
|
}
|
|
|
|
|
2013-06-04 00:55:06 +04:00
|
|
|
#ifndef NO_CYASSL_SERVER
|
2013-06-19 22:45:06 +04:00
|
|
|
static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
|
2013-06-04 00:55:06 +04:00
|
|
|
{
|
|
|
|
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
|
|
|
|
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
|
|
|
|
|
|
|
|
if (sni) {
|
2013-06-19 22:45:06 +04:00
|
|
|
sni->status = status;
|
2013-06-04 00:55:06 +04:00
|
|
|
CYASSL_MSG("SNI did match!");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
byte TLSX_SNI_Status(TLSX* extensions, byte type)
|
2013-06-04 00:55:06 +04:00
|
|
|
{
|
|
|
|
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
|
|
|
|
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
|
|
|
|
|
|
|
|
if (sni)
|
2013-06-19 22:45:06 +04:00
|
|
|
return sni->status;
|
2013-06-04 00:55:06 +04:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
|
|
|
|
byte isRequest)
|
|
|
|
{
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
word16 size = 0;
|
|
|
|
word16 offset = 0;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
|
|
|
|
|
|
|
|
if (!extension)
|
|
|
|
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
|
|
|
|
|
|
|
|
if (!extension || !extension->data) {
|
|
|
|
if (!isRequest) {
|
|
|
|
CYASSL_MSG("Unexpected SNI response from server");
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0; /* not using SNI */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isRequest) {
|
|
|
|
if (length) {
|
|
|
|
CYASSL_MSG("SNI response should be empty!");
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0; /* nothing to do */
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
|
|
|
|
if (OPAQUE16_LEN > length)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
ato16(input, &size);
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
/* validating sni list length */
|
|
|
|
if (length != OPAQUE16_LEN + size)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
for (size = 0; offset < length; offset += size) {
|
|
|
|
SNI *sni;
|
2013-05-30 22:22:38 +04:00
|
|
|
byte type = input[offset++];
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (offset + OPAQUE16_LEN > length)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
ato16(input + offset, &size);
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
if (offset + size > length)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
|
|
|
|
continue; /* not using this SNI type */
|
|
|
|
}
|
|
|
|
|
|
|
|
switch(type) {
|
2013-06-04 00:55:06 +04:00
|
|
|
case CYASSL_SNI_HOST_NAME: {
|
|
|
|
byte matched = (XSTRLEN(sni->data.host_name) == size)
|
|
|
|
&& (XSTRNCMP(sni->data.host_name,
|
|
|
|
(const char *) input + offset, size) == 0);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
2013-06-04 00:55:06 +04:00
|
|
|
if (matched || sni->options & CYASSL_SNI_ANSWER_ON_MISMATCH) {
|
2013-06-19 22:45:06 +04:00
|
|
|
int r = TLSX_UseSNI(&ssl->extensions,
|
|
|
|
type, input + offset, size);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (r) return r; /* throw error */
|
2013-06-04 00:55:06 +04:00
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
TLSX_SNI_SetStatus(ssl->extensions, type,
|
|
|
|
matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH);
|
|
|
|
|
2013-06-04 00:55:06 +04:00
|
|
|
} else if (!(sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)) {
|
|
|
|
SendAlert(ssl, alert_fatal, unrecognized_name);
|
|
|
|
|
|
|
|
return UNKNOWN_SNI_HOST_NAME_E;
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
break;
|
2013-06-04 00:55:06 +04:00
|
|
|
}
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
|
|
|
|
{
|
|
|
|
TLSX* extension = NULL;
|
|
|
|
SNI* sni = NULL;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (extensions == NULL || data == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
extension = *extensions;
|
|
|
|
|
|
|
|
/* find SNI extension if it already exists. */
|
|
|
|
while (extension && extension->type != SERVER_NAME_INDICATION)
|
|
|
|
extension = extension->next;
|
|
|
|
|
|
|
|
/* push new SNI extension if it doesn't exists. */
|
|
|
|
if (!extension) {
|
|
|
|
if ((ret = TLSX_Append(extensions, SERVER_NAME_INDICATION)) != 0) {
|
|
|
|
TLSX_SNI_Free(sni);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
extension = *extensions;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* push new SNI object to extension data. */
|
|
|
|
sni->next = (SNI*) extension->data;
|
|
|
|
extension->data = (void*) sni;
|
|
|
|
|
|
|
|
/* look for another server name of the same type to remove (replacement) */
|
2013-06-19 22:45:06 +04:00
|
|
|
do {
|
2013-05-22 01:37:50 +04:00
|
|
|
if (sni->next && sni->next->type == type) {
|
|
|
|
SNI *next = sni->next;
|
|
|
|
|
|
|
|
sni->next = next->next;
|
|
|
|
TLSX_SNI_Free(next);
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
2013-06-19 22:45:06 +04:00
|
|
|
} while ((sni = sni->next));
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-05-30 22:22:38 +04:00
|
|
|
#ifndef NO_CYASSL_SERVER
|
2013-06-19 22:45:06 +04:00
|
|
|
word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
|
|
|
|
{
|
|
|
|
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
|
|
|
|
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
|
|
|
|
|
|
|
|
if (sni && sni->status != CYASSL_SNI_NO_MATCH) {
|
|
|
|
switch (sni->type) {
|
|
|
|
case CYASSL_SNI_HOST_NAME:
|
|
|
|
*data = sni->data.host_name;
|
|
|
|
return XSTRLEN(*data);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-05-30 22:22:38 +04:00
|
|
|
void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
|
|
|
|
{
|
2013-06-04 00:55:06 +04:00
|
|
|
TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
|
|
|
|
SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
|
2013-05-30 22:22:38 +04:00
|
|
|
|
2013-06-04 00:55:06 +04:00
|
|
|
if (sni)
|
|
|
|
sni->options = options;
|
2013-05-30 22:22:38 +04:00
|
|
|
}
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
2013-11-20 00:13:32 +04:00
|
|
|
byte type, byte* sni, word32* inOutSz)
|
|
|
|
{
|
|
|
|
word32 offset = 0;
|
|
|
|
word32 len32 = 0;
|
|
|
|
word16 len16 = 0;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
|
2013-11-20 00:13:32 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
/* TLS record header */
|
2013-12-02 22:50:21 +04:00
|
|
|
if ((enum ContentType) clientHello[offset++] != handshake)
|
2013-11-26 04:05:40 +04:00
|
|
|
return BUFFER_ERROR;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (clientHello[offset++] != SSLv3_MAJOR)
|
2013-11-26 04:05:40 +04:00
|
|
|
return BUFFER_ERROR;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (clientHello[offset++] < TLSv1_MINOR)
|
2013-11-26 04:05:40 +04:00
|
|
|
return BUFFER_ERROR;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &len16);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (offset + len16 > helloSz)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
/* Handshake header */
|
2013-12-02 22:50:21 +04:00
|
|
|
if ((enum HandShakeType) clientHello[offset] != client_hello)
|
2013-11-26 04:05:40 +04:00
|
|
|
return BUFFER_ERROR;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
c24to32(clientHello + offset + 1, &len32);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += HANDSHAKE_HEADER_SZ;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (offset + len32 > helloSz)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
/* client hello */
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += VERSION_SZ + RAN_LEN; /* version, random */
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + clientHello[offset])
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
offset += ENUM_LEN + clientHello[offset]; /* skip session id */
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-11-20 01:01:09 +04:00
|
|
|
/* cypher suites */
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + OPAQUE16_LEN)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &len16);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + len16)
|
2013-11-20 00:13:32 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += len16; /* skip cypher suites */
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-11-20 01:01:09 +04:00
|
|
|
/* compression methods */
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + 1)
|
2013-11-20 00:13:32 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + clientHello[offset])
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-11-20 01:01:09 +04:00
|
|
|
/* extensions */
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + OPAQUE16_LEN)
|
2013-11-20 01:01:09 +04:00
|
|
|
return 0; /* no extensions in client hello. */
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &len16);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + len16)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
|
|
|
|
word16 extType;
|
|
|
|
word16 extLen;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &extType);
|
2013-11-20 00:13:32 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &extLen);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + extLen)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
if (extType != SERVER_NAME_INDICATION) {
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += extLen; /* skip extension */
|
2013-11-20 00:13:32 +04:00
|
|
|
} else {
|
|
|
|
word16 listLen;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &listLen);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + listLen)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
while (listLen > ENUM_LEN + OPAQUE16_LEN) {
|
2013-12-02 22:50:21 +04:00
|
|
|
byte sniType = clientHello[offset++];
|
2013-11-20 00:13:32 +04:00
|
|
|
word16 sniLen;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
ato16(clientHello + offset, &sniLen);
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
2013-12-02 22:50:21 +04:00
|
|
|
if (helloSz < offset + sniLen)
|
2013-11-26 04:05:40 +04:00
|
|
|
return INCOMPLETE_DATA;
|
2013-11-20 00:13:32 +04:00
|
|
|
|
|
|
|
if (sniType != type) {
|
2013-11-26 04:05:40 +04:00
|
|
|
offset += sniLen;
|
|
|
|
listLen -= MIN(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
|
2013-11-20 00:13:32 +04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
*inOutSz = min(sniLen, *inOutSz);
|
2013-12-02 22:50:21 +04:00
|
|
|
XMEMCPY(sni, clientHello + offset, *inOutSz);
|
2013-11-20 00:13:32 +04:00
|
|
|
|
2013-11-20 01:01:09 +04:00
|
|
|
return SSL_SUCCESS;
|
2013-11-20 00:13:32 +04:00
|
|
|
}
|
|
|
|
}
|
2013-11-26 04:05:40 +04:00
|
|
|
|
|
|
|
len16 -= MIN(2 * OPAQUE16_LEN + extLen, len16);
|
2013-11-20 00:13:32 +04:00
|
|
|
}
|
|
|
|
|
2013-11-20 01:01:09 +04:00
|
|
|
return len16 ? BUFFER_ERROR : 0;
|
2013-11-20 00:13:32 +04:00
|
|
|
}
|
2013-11-20 01:01:09 +04:00
|
|
|
|
2013-05-30 22:22:38 +04:00
|
|
|
#endif
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
#define SNI_FREE_ALL TLSX_SNI_FreeAll
|
|
|
|
#define SNI_GET_SIZE TLSX_SNI_GetSize
|
|
|
|
#define SNI_WRITE TLSX_SNI_Write
|
|
|
|
#define SNI_PARSE TLSX_SNI_Parse
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
#define SNI_FREE_ALL(list)
|
|
|
|
#define SNI_GET_SIZE(list) 0
|
|
|
|
#define SNI_WRITE(a, b) 0
|
|
|
|
#define SNI_PARSE(a, b, c, d) 0
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
#endif /* HAVE_SNI */
|
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
#ifdef HAVE_MAX_FRAGMENT
|
|
|
|
|
|
|
|
static word16 TLSX_MFL_Write(byte* data, byte* output)
|
|
|
|
{
|
|
|
|
output[0] = data[0];
|
|
|
|
|
|
|
|
return ENUM_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
|
|
|
|
byte isRequest)
|
|
|
|
{
|
|
|
|
if (length != ENUM_LEN)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
switch (*input) {
|
|
|
|
case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
|
|
|
|
case CYASSL_MFL_2_10: ssl->max_fragment = 1024; break;
|
|
|
|
case CYASSL_MFL_2_11: ssl->max_fragment = 2048; break;
|
|
|
|
case CYASSL_MFL_2_12: ssl->max_fragment = 4096; break;
|
|
|
|
case CYASSL_MFL_2_13: ssl->max_fragment = 8192; break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
SendAlert(ssl, alert_fatal, illegal_parameter);
|
|
|
|
|
|
|
|
return UNKNOWN_MAX_FRAG_LEN_E;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
if (isRequest) {
|
|
|
|
int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
|
|
|
|
|
|
|
|
if (r) return r; /* throw error */
|
|
|
|
|
|
|
|
TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
|
|
|
|
{
|
|
|
|
TLSX* extension = NULL;
|
|
|
|
byte* data = NULL;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (extensions == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
2013-06-19 23:38:57 +04:00
|
|
|
if (mfl < CYASSL_MFL_2_9 || CYASSL_MFL_2_13 < mfl)
|
2013-06-19 22:45:06 +04:00
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
2013-06-19 23:38:57 +04:00
|
|
|
if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL)
|
|
|
|
return MEMORY_E;
|
|
|
|
|
|
|
|
data[0] = mfl;
|
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
/* push new MFL extension. */
|
|
|
|
if ((ret = TLSX_Append(extensions, MAX_FRAGMENT_LENGTH)) != 0) {
|
|
|
|
XFREE(data, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* place new mfl to extension data. */
|
|
|
|
extension = *extensions;
|
|
|
|
extension->data = (void*) data;
|
|
|
|
|
|
|
|
/* remove duplicated extensions */
|
|
|
|
do {
|
|
|
|
if (extension->next && extension->next->type == MAX_FRAGMENT_LENGTH) {
|
|
|
|
TLSX *next = extension->next;
|
|
|
|
|
|
|
|
extension->next = next->next;
|
|
|
|
next->next = NULL;
|
|
|
|
|
|
|
|
TLSX_FreeAll(next);
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while ((extension = extension->next));
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
|
|
|
|
#define MFL_GET_SIZE(data) ENUM_LEN
|
|
|
|
#define MFL_WRITE TLSX_MFL_Write
|
|
|
|
#define MFL_PARSE TLSX_MFL_Parse
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
#define MFL_FREE_ALL(a)
|
|
|
|
#define MFL_GET_SIZE(a) 0
|
|
|
|
#define MFL_WRITE(a, b) 0
|
|
|
|
#define MFL_PARSE(a, b, c, d) 0
|
|
|
|
|
|
|
|
#endif /* HAVE_MAX_FRAGMENT */
|
|
|
|
|
2013-07-23 22:42:43 +04:00
|
|
|
#ifdef HAVE_TRUNCATED_HMAC
|
|
|
|
|
|
|
|
int TLSX_UseTruncatedHMAC(TLSX** extensions)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (extensions == NULL)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
if (!TLSX_Find(*extensions, TRUNCATED_HMAC))
|
|
|
|
if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
|
|
|
|
byte isRequest)
|
|
|
|
{
|
|
|
|
if (length != 0 || input == NULL)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
if (isRequest) {
|
|
|
|
int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
|
|
|
|
|
|
|
|
if (r) return r; /* throw error */
|
|
|
|
|
|
|
|
TLSX_SetResponse(ssl, TRUNCATED_HMAC);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
ssl->truncated_hmac = 1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define THM_PARSE TLSX_THM_Parse
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
#define THM_PARSE(a, b, c, d) 0
|
|
|
|
|
|
|
|
#endif /* HAVE_TRUNCATED_HMAC */
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
|
|
|
|
{
|
|
|
|
TLSX* extension = list;
|
|
|
|
|
|
|
|
while (extension && extension->type != type)
|
|
|
|
extension = extension->next;
|
|
|
|
|
|
|
|
return extension;
|
|
|
|
}
|
|
|
|
|
|
|
|
void TLSX_FreeAll(TLSX* list)
|
|
|
|
{
|
|
|
|
TLSX* extension;
|
|
|
|
|
|
|
|
while ((extension = list)) {
|
|
|
|
list = extension->next;
|
|
|
|
|
|
|
|
switch (extension->type) {
|
|
|
|
case SERVER_NAME_INDICATION:
|
|
|
|
SNI_FREE_ALL((SNI *) extension->data);
|
|
|
|
break;
|
2013-06-19 22:45:06 +04:00
|
|
|
|
|
|
|
case MAX_FRAGMENT_LENGTH:
|
|
|
|
MFL_FREE_ALL(extension->data);
|
|
|
|
break;
|
2013-07-23 22:42:43 +04:00
|
|
|
|
|
|
|
case TRUNCATED_HMAC:
|
2013-08-22 21:35:46 +04:00
|
|
|
/* Nothing to do. */
|
2013-07-23 22:42:43 +04:00
|
|
|
break;
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
#define IS_OFF(semaphore, light) \
|
|
|
|
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
|
2013-05-22 01:37:50 +04:00
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
#define TURN_ON(semaphore, light) \
|
|
|
|
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
|
2013-05-22 01:37:50 +04:00
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
|
2013-05-22 01:37:50 +04:00
|
|
|
{
|
|
|
|
TLSX* extension;
|
|
|
|
word16 length = 0;
|
|
|
|
|
|
|
|
while ((extension = list)) {
|
|
|
|
list = extension->next;
|
|
|
|
|
|
|
|
if (!isRequest && !extension->resp)
|
|
|
|
continue; /* skip! */
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
if (IS_OFF(semaphore, extension->type)) {
|
2013-05-22 01:37:50 +04:00
|
|
|
/* type + data length */
|
|
|
|
length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
|
|
|
|
|
|
|
|
switch (extension->type) {
|
|
|
|
case SERVER_NAME_INDICATION:
|
|
|
|
if (isRequest)
|
|
|
|
length += SNI_GET_SIZE((SNI *) extension->data);
|
|
|
|
break;
|
2013-06-19 22:45:06 +04:00
|
|
|
case MAX_FRAGMENT_LENGTH:
|
|
|
|
length += MFL_GET_SIZE(extension->data);
|
|
|
|
break;
|
2013-07-23 22:42:43 +04:00
|
|
|
|
|
|
|
case TRUNCATED_HMAC:
|
2013-08-22 21:35:46 +04:00
|
|
|
/* empty extension. */
|
2013-07-23 22:42:43 +04:00
|
|
|
break;
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
TURN_ON(semaphore, extension->type);
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
2013-05-22 01:37:50 +04:00
|
|
|
byte isRequest)
|
|
|
|
{
|
|
|
|
TLSX* extension;
|
|
|
|
word16 offset = 0;
|
|
|
|
word16 length_offset = 0;
|
|
|
|
|
|
|
|
while ((extension = list)) {
|
|
|
|
list = extension->next;
|
|
|
|
|
|
|
|
if (!isRequest && !extension->resp)
|
|
|
|
continue; /* skip! */
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
if (IS_OFF(semaphore, extension->type)) {
|
2013-05-22 01:37:50 +04:00
|
|
|
/* extension type */
|
|
|
|
c16toa(extension->type, output + offset);
|
|
|
|
offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
|
|
|
|
length_offset = offset;
|
|
|
|
|
|
|
|
/* extension data should be written internally */
|
|
|
|
switch (extension->type) {
|
|
|
|
case SERVER_NAME_INDICATION:
|
|
|
|
if (isRequest)
|
|
|
|
offset += SNI_WRITE((SNI *) extension->data,
|
|
|
|
output + offset);
|
|
|
|
break;
|
2013-06-19 22:45:06 +04:00
|
|
|
|
|
|
|
case MAX_FRAGMENT_LENGTH:
|
|
|
|
offset += MFL_WRITE((byte *) extension->data,
|
|
|
|
output + offset);
|
|
|
|
break;
|
2013-07-23 22:42:43 +04:00
|
|
|
|
|
|
|
case TRUNCATED_HMAC:
|
2013-08-22 21:35:46 +04:00
|
|
|
/* empty extension. */
|
2013-07-23 22:42:43 +04:00
|
|
|
break;
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* writing extension data length */
|
|
|
|
c16toa(offset - length_offset,
|
|
|
|
output + length_offset - OPAQUE16_LEN);
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
TURN_ON(semaphore, extension->type);
|
2013-05-22 01:37:50 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_CLIENT
|
|
|
|
|
|
|
|
word16 TLSX_GetRequestSize(CYASSL* ssl)
|
|
|
|
{
|
|
|
|
word16 length = 0;
|
|
|
|
|
|
|
|
if (ssl && IsTLS(ssl)) {
|
2013-05-24 00:02:39 +04:00
|
|
|
byte semaphore[16] = {0};
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (ssl->extensions)
|
2013-05-24 00:02:39 +04:00
|
|
|
length += TLSX_GetSize(ssl->extensions, semaphore, 1);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (ssl->ctx && ssl->ctx->extensions)
|
2013-05-24 00:02:39 +04:00
|
|
|
length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
|
|
|
|
length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (length)
|
|
|
|
length += OPAQUE16_LEN; /* for total length storage */
|
|
|
|
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
|
|
|
|
{
|
|
|
|
word16 offset = 0;
|
|
|
|
|
|
|
|
if (ssl && IsTLS(ssl) && output) {
|
2013-05-24 00:02:39 +04:00
|
|
|
byte semaphore[16] = {0};
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
offset += OPAQUE16_LEN; /* extensions length */
|
|
|
|
|
|
|
|
if (ssl->extensions)
|
|
|
|
offset += TLSX_Write(ssl->extensions, output + offset,
|
2013-05-24 00:02:39 +04:00
|
|
|
semaphore, 1);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (ssl->ctx && ssl->ctx->extensions)
|
|
|
|
offset += TLSX_Write(ssl->ctx->extensions, output + offset,
|
2013-05-24 00:02:39 +04:00
|
|
|
semaphore, 1);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
/* extension type */
|
|
|
|
c16toa(HELLO_EXT_SIG_ALGO, output + offset);
|
|
|
|
offset += HELLO_EXT_TYPE_SZ;
|
|
|
|
|
|
|
|
/* extension data length */
|
|
|
|
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
/* sig algos length */
|
|
|
|
c16toa(ssl->suites->hashSigAlgoSz, output + offset);
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
/* sig algos */
|
|
|
|
for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
|
|
|
|
output[offset] = ssl->suites->hashSigAlgo[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (offset > OPAQUE16_LEN)
|
|
|
|
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* NO_CYASSL_CLIENT */
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
|
|
|
|
word16 TLSX_GetResponseSize(CYASSL* ssl)
|
|
|
|
{
|
|
|
|
word16 length = 0;
|
2013-05-24 00:02:39 +04:00
|
|
|
byte semaphore[16] = {0};
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (ssl && IsTLS(ssl))
|
2013-05-24 00:02:39 +04:00
|
|
|
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
/* All the response data is set at the ssl object only, so no ctx here. */
|
|
|
|
|
|
|
|
if (length)
|
|
|
|
length += OPAQUE16_LEN; /* for total length storage */
|
|
|
|
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
word16 TLSX_WriteResponse(CYASSL *ssl, byte* output)
|
|
|
|
{
|
|
|
|
word16 offset = 0;
|
|
|
|
|
|
|
|
if (ssl && IsTLS(ssl) && output) {
|
2013-05-24 00:02:39 +04:00
|
|
|
byte semaphore[16] = {0};
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
offset += OPAQUE16_LEN; /* extensions length */
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
|
2013-05-22 01:37:50 +04:00
|
|
|
|
|
|
|
if (offset > OPAQUE16_LEN)
|
|
|
|
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* NO_CYASSL_SERVER */
|
|
|
|
|
|
|
|
int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|
|
|
|
Suites *suites)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
word16 offset = 0;
|
|
|
|
|
|
|
|
if (!ssl || !input || !suites)
|
|
|
|
return BAD_FUNC_ARG;
|
|
|
|
|
|
|
|
while (ret == 0 && offset < length) {
|
|
|
|
word16 type;
|
|
|
|
word16 size;
|
|
|
|
|
|
|
|
if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
ato16(input + offset, &type);
|
|
|
|
offset += HELLO_EXT_TYPE_SZ;
|
|
|
|
|
|
|
|
ato16(input + offset, &size);
|
|
|
|
offset += OPAQUE16_LEN;
|
|
|
|
|
|
|
|
if (offset + size > length)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case SERVER_NAME_INDICATION:
|
2013-06-04 00:55:06 +04:00
|
|
|
CYASSL_MSG("SNI extension received");
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
ret = SNI_PARSE(ssl, input + offset, size, isRequest);
|
|
|
|
break;
|
|
|
|
|
2013-06-19 22:45:06 +04:00
|
|
|
case MAX_FRAGMENT_LENGTH:
|
|
|
|
CYASSL_MSG("Max Fragment Length extension received");
|
|
|
|
|
|
|
|
ret = MFL_PARSE(ssl, input + offset, size, isRequest);
|
|
|
|
break;
|
|
|
|
|
2013-07-23 22:42:43 +04:00
|
|
|
case TRUNCATED_HMAC:
|
|
|
|
CYASSL_MSG("Truncated HMAC extension received");
|
|
|
|
|
|
|
|
ret = THM_PARSE(ssl, input + offset, size, isRequest);
|
|
|
|
break;
|
|
|
|
|
2013-05-22 01:37:50 +04:00
|
|
|
case HELLO_EXT_SIG_ALGO:
|
|
|
|
if (isRequest) {
|
|
|
|
/* do not mess with offset inside the switch! */
|
|
|
|
if (IsAtLeastTLSv1_2(ssl)) {
|
|
|
|
ato16(input + offset, &suites->hashSigAlgoSz);
|
|
|
|
|
|
|
|
if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
|
|
|
|
return INCOMPLETE_DATA;
|
|
|
|
|
|
|
|
XMEMCPY(suites->hashSigAlgo,
|
|
|
|
input + offset + OPAQUE16_LEN,
|
|
|
|
min(suites->hashSigAlgoSz,
|
|
|
|
HELLO_EXT_SIGALGO_MAX));
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
CYASSL_MSG("Servers MUST NOT send SIG ALGO extension.");
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* offset should be updated here! */
|
|
|
|
offset += size;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-05-24 00:02:39 +04:00
|
|
|
/* undefining semaphore macros */
|
2013-05-22 01:37:50 +04:00
|
|
|
#undef IS_OFF
|
|
|
|
#undef TURN_ON
|
|
|
|
|
|
|
|
#endif /* HAVE_TLS_EXTENSIONS */
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
|
|
|
|
#ifndef NO_CYASSL_CLIENT
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_client_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method)
|
|
|
|
InitSSL_Method(method, MakeTLSv1());
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_1_client_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method)
|
|
|
|
InitSSL_Method(method, MakeTLSv1_1());
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif /* !NO_OLD_TLS */
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2011-08-06 00:09:54 +04:00
|
|
|
#ifndef NO_SHA256 /* can't use without SHA256 */
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_2_client_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method)
|
|
|
|
InitSSL_Method(method, MakeTLSv1_2());
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
2011-08-06 00:09:54 +04:00
|
|
|
#endif
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaSSLv23_client_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-04-26 02:49:30 +04:00
|
|
|
if (method) {
|
2011-08-06 00:09:54 +04:00
|
|
|
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
|
2011-04-26 02:49:30 +04:00
|
|
|
InitSSL_Method(method, MakeTLSv1_2());
|
2011-08-06 00:09:54 +04:00
|
|
|
#else
|
|
|
|
InitSSL_Method(method, MakeTLSv1_1());
|
|
|
|
#endif
|
2012-11-27 06:40:43 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
2011-04-26 02:49:30 +04:00
|
|
|
method->downgrade = 1;
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif
|
2011-04-26 02:49:30 +04:00
|
|
|
}
|
2011-02-05 22:14:47 +03:00
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* NO_CYASSL_CLIENT */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef NO_CYASSL_SERVER
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_server_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method) {
|
|
|
|
InitSSL_Method(method, MakeTLSv1());
|
2013-08-10 04:27:15 +04:00
|
|
|
method->side = CYASSL_SERVER_END;
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_1_server_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method) {
|
|
|
|
InitSSL_Method(method, MakeTLSv1_1());
|
2013-08-10 04:27:15 +04:00
|
|
|
method->side = CYASSL_SERVER_END;
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif /* !NO_OLD_TLS */
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2011-08-06 00:09:54 +04:00
|
|
|
#ifndef NO_SHA256 /* can't use without SHA256 */
|
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaTLSv1_2_server_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method) {
|
|
|
|
InitSSL_Method(method, MakeTLSv1_2());
|
2013-08-10 04:27:15 +04:00
|
|
|
method->side = CYASSL_SERVER_END;
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
2011-08-06 00:09:54 +04:00
|
|
|
#endif
|
|
|
|
|
2011-02-05 22:14:47 +03:00
|
|
|
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* CyaSSLv23_server_method(void)
|
2011-02-05 22:14:47 +03:00
|
|
|
{
|
2011-08-27 01:40:51 +04:00
|
|
|
CYASSL_METHOD* method =
|
|
|
|
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
|
|
|
|
DYNAMIC_TYPE_METHOD);
|
2011-02-05 22:14:47 +03:00
|
|
|
if (method) {
|
2011-08-06 00:09:54 +04:00
|
|
|
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
|
2011-04-26 02:49:30 +04:00
|
|
|
InitSSL_Method(method, MakeTLSv1_2());
|
2011-08-06 00:09:54 +04:00
|
|
|
#else
|
|
|
|
InitSSL_Method(method, MakeTLSv1_1());
|
|
|
|
#endif
|
2013-08-10 04:27:15 +04:00
|
|
|
method->side = CYASSL_SERVER_END;
|
2012-11-27 06:40:43 +04:00
|
|
|
#ifndef NO_OLD_TLS
|
2011-02-05 22:14:47 +03:00
|
|
|
method->downgrade = 1;
|
2012-11-27 06:40:43 +04:00
|
|
|
#endif /* !NO_OLD_TLS */
|
2011-02-05 22:14:47 +03:00
|
|
|
}
|
|
|
|
return method;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* NO_CYASSL_SERVER */
|
|
|
|
#endif /* NO_TLS */
|
|
|
|
|