From 1ac6db9d1d61c973e0ecd29de14dbe677fda92df Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Mon, 9 Jul 2012 10:02:34 -0700
Subject: [PATCH] added basic hello extension support for TLSv1.2, renumbered
 the algorithm enumerations to match RFC

---
 cyassl/internal.h |  8 +++++---
 src/internal.c    | 43 +++++++++++++++++++++++++++++++++++++------
 2 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/cyassl/internal.h b/cyassl/internal.h
index 9df65fab5..b8d322568 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -341,6 +341,7 @@ enum Misc {
     TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
     NO_COMPRESSION  =  0,
     ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
+    HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
     SECRET_LEN      = 48,       /* pre RSA and all master */
     ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
     SIZEOF_SENDER   =  4,       /* clnt or srvr           */
@@ -380,6 +381,7 @@ enum Misc {
     CERT_HEADER_SZ      = 3,   /* always 3 bytes          */
     REQ_HEADER_SZ       = 2,   /* cert request header sz  */
     HINT_LEN_SZ         = 2,   /* length of hint size field */
+    HELLO_EXT_SZ        = 14,  /* length of the lazy hello extensions */
 
     DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
     DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
@@ -841,7 +843,7 @@ enum BulkCipherAlgorithm {
 
 /* Supported Message Authentication Codes from page 43 */
 enum MACAlgorithm { 
-    no_mac = 10,
+    no_mac = 0,
     md5_mac,
     sha_mac,
     sha224_mac,
@@ -854,7 +856,7 @@ enum MACAlgorithm {
 
 /* Supported Key Exchange Protocols */
 enum KeyExchangeAlgorithm { 
-    no_kea = 20,
+    no_kea = 0,
     rsa_kea, 
     diffie_hellman_kea, 
     fortezza_kea,
@@ -867,7 +869,7 @@ enum KeyExchangeAlgorithm {
 
 /* Supported Authentication Schemes */
 enum SignatureAlgorithm {
-    anonymous_sa_algo = 30,
+    anonymous_sa_algo = 0,
     rsa_sa_algo,
     dsa_sa_algo,
     ecc_dsa_sa_algo
diff --git a/src/internal.c b/src/internal.c
index d77f2a6f9..98db54346 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -55,7 +55,7 @@
 
 #ifndef NO_CYASSL_CLIENT
     static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
-    static int DoServerHello(CYASSL* ssl, const byte* input, word32*);
+    static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
     static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
     static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
 #endif
@@ -2125,7 +2125,7 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
             
     case server_hello:
         CYASSL_MSG("processing server hello");
-        ret = DoServerHello(ssl, input, inOutIdx);
+        ret = DoServerHello(ssl, input, inOutIdx, size);
         break;
 
     case certificate_request:
@@ -4384,7 +4384,10 @@ int SetCipherList(Suites* s, const char* list)
         length = sizeof(ProtocolVersion) + RAN_LEN
                + idSz + ENUM_LEN                      
                + ssl->suites.suiteSz + SUITE_LEN
-               + COMP_LEN  + ENUM_LEN;
+               + COMP_LEN + ENUM_LEN;
+
+        if (IsAtLeastTLSv1_2(ssl))
+            length += HELLO_EXT_SZ;
 
         sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
@@ -4450,7 +4453,28 @@ int SetCipherList(Suites* s, const char* list)
             output[idx++] = ZLIB_COMPRESSION;
         else
             output[idx++] = NO_COMPRESSION;
-            
+
+        if (IsAtLeastTLSv1_2(ssl))
+        {
+            /* add in the extensions length */
+            c16toa(HELLO_EXT_SZ-2, output + idx);
+            idx += 2;
+
+            c16toa(HELLO_EXT_SIG_ALGO, output + idx);
+            idx += 2;
+            c16toa(HELLO_EXT_SZ-6, output + idx);
+            idx += 2;
+
+            c16toa(HELLO_EXT_SZ-8, output + idx);
+            idx += 2;
+            output[idx++] = sha_mac;
+            output[idx++] = rsa_sa_algo;
+            output[idx++] = sha_mac;
+            output[idx++] = dsa_sa_algo;
+            output[idx++] = sha_mac;
+            output[idx++] = ecc_dsa_sa_algo;
+        }
+
         HashOutput(ssl, output, sendSz, 0);
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
@@ -4492,12 +4516,15 @@ int SetCipherList(Suites* s, const char* list)
     }
 
 
-    static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx)
+    static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
+                             word32 helloSz)
     {
         byte b;
         byte compression;
         ProtocolVersion pv;
+        word16 extSz;
         word32 i = *inOutIdx;
+        word32 begin = i;
 
 #ifdef CYASSL_CALLBACKS
         if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
@@ -4549,7 +4576,11 @@ int SetCipherList(Suites* s, const char* list)
             CYASSL_MSG("Server refused compression, turning off"); 
             ssl->options.usingCompression = 0;  /* turn off if server refused */
         }
-        
+
+        *inOutIdx = i;
+        if ( (i - begin) < helloSz)
+            *inOutIdx = begin + helloSz;  /* skip extensions */
+
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
         *inOutIdx = i;