feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

added basic hello extension support for TLSv1.2, renumbered the algorithm enumerations to match RFC

Browse Source
This commit is contained in:
John Safranek
2012-07-09 10:02:34 -07:00
parent 56d2180cf3
commit 1ac6db9d1d
2 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cyassl/internal.h
View File

@ -341,6 +341,7 @@ enum Misc {
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
NO_COMPRESSION = 0, NO_COMPRESSION = 0,
ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */ ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
SECRET_LEN = 48, /* pre RSA and all master */ SECRET_LEN = 48, /* pre RSA and all master */
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
SIZEOF_SENDER = 4, /* clnt or srvr */ SIZEOF_SENDER = 4, /* clnt or srvr */
@ -380,6 +381,7 @@ enum Misc {
CERT_HEADER_SZ = 3, /* always 3 bytes */ CERT_HEADER_SZ = 3, /* always 3 bytes */
REQ_HEADER_SZ = 2, /* cert request header sz */ REQ_HEADER_SZ = 2, /* cert request header sz */
HINT_LEN_SZ = 2, /* length of hint size field */ HINT_LEN_SZ = 2, /* length of hint size field */
HELLO_EXT_SZ = 14, /* length of the lazy hello extensions */
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
@ -841,7 +843,7 @@ enum BulkCipherAlgorithm {
/* Supported Message Authentication Codes from page 43 */ /* Supported Message Authentication Codes from page 43 */
enum MACAlgorithm { enum MACAlgorithm {
no_mac = 10, no_mac = 0,
md5_mac, md5_mac,
sha_mac, sha_mac,
sha224_mac, sha224_mac,
@ -854,7 +856,7 @@ enum MACAlgorithm {
/* Supported Key Exchange Protocols */ /* Supported Key Exchange Protocols */
enum KeyExchangeAlgorithm { enum KeyExchangeAlgorithm {
no_kea = 20, no_kea = 0,
rsa_kea, rsa_kea,
diffie_hellman_kea, diffie_hellman_kea,
fortezza_kea, fortezza_kea,
@ -867,7 +869,7 @@ enum KeyExchangeAlgorithm {
/* Supported Authentication Schemes */ /* Supported Authentication Schemes */
enum SignatureAlgorithm { enum SignatureAlgorithm {
anonymous_sa_algo = 30, anonymous_sa_algo = 0,
rsa_sa_algo, rsa_sa_algo,
dsa_sa_algo, dsa_sa_algo,
ecc_dsa_sa_algo ecc_dsa_sa_algo

37
src/internal.c
View File

@ -55,7 +55,7 @@
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*); static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerHello(CYASSL* ssl, const byte* input, word32*); static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*); static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*); static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
#endif #endif
@ -2125,7 +2125,7 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
case server_hello: case server_hello:
CYASSL_MSG("processing server hello"); CYASSL_MSG("processing server hello");
ret = DoServerHello(ssl, input, inOutIdx); ret = DoServerHello(ssl, input, inOutIdx, size);
break; break;
case certificate_request: case certificate_request:
@ -4386,6 +4386,9 @@ int SetCipherList(Suites* s, const char* list)
+ ssl->suites.suiteSz + SUITE_LEN + ssl->suites.suiteSz + SUITE_LEN
+ COMP_LEN + ENUM_LEN; + COMP_LEN + ENUM_LEN;
if (IsAtLeastTLSv1_2(ssl))
length += HELLO_EXT_SZ;
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
@ -4451,6 +4454,27 @@ int SetCipherList(Suites* s, const char* list)
else else
output[idx++] = NO_COMPRESSION; output[idx++] = NO_COMPRESSION;
if (IsAtLeastTLSv1_2(ssl))
{
/* add in the extensions length */
c16toa(HELLO_EXT_SZ-2, output + idx);
idx += 2;
c16toa(HELLO_EXT_SIG_ALGO, output + idx);
idx += 2;
c16toa(HELLO_EXT_SZ-6, output + idx);
idx += 2;
c16toa(HELLO_EXT_SZ-8, output + idx);
idx += 2;
output[idx++] = sha_mac;
output[idx++] = rsa_sa_algo;
output[idx++] = sha_mac;
output[idx++] = dsa_sa_algo;
output[idx++] = sha_mac;
output[idx++] = ecc_dsa_sa_algo;
}
HashOutput(ssl, output, sendSz, 0); HashOutput(ssl, output, sendSz, 0);
ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.clientState = CLIENT_HELLO_COMPLETE;
@ -4492,12 +4516,15 @@ int SetCipherList(Suites* s, const char* list)
} }
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx) static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 helloSz)
{ {
byte b; byte b;
byte compression; byte compression;
ProtocolVersion pv; ProtocolVersion pv;
word16 extSz;
word32 i = *inOutIdx; word32 i = *inOutIdx;
word32 begin = i;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
@ -4550,6 +4577,10 @@ int SetCipherList(Suites* s, const char* list)
ssl->options.usingCompression = 0; /* turn off if server refused */ ssl->options.usingCompression = 0; /* turn off if server refused */
} }
*inOutIdx = i;
if ( (i - begin) < helloSz)
*inOutIdx = begin + helloSz; /* skip extensions */
ssl->options.serverState = SERVER_HELLO_COMPLETE; ssl->options.serverState = SERVER_HELLO_COMPLETE;
*inOutIdx = i; *inOutIdx = i;