diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c index 2fd81fe2a..608a32457 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/client.c @@ -469,7 +469,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #ifdef HAVE_SNI if (sniHostName) - if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) + if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) + != SSL_SUCCESS) err_sys("UseSNI failed"); #endif diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c index 88a6064b4..aeecd62fb 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/server.c @@ -419,7 +419,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef HAVE_SNI if (sniHostName) { if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, - XSTRLEN(sniHostName))) + XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); else CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME, diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/client.c b/IDE/MDK5-ARM/Projects/SimpleClient/client.c index 07cf20bea..e6f6a56e3 100644 --- a/IDE/MDK5-ARM/Projects/SimpleClient/client.c +++ b/IDE/MDK5-ARM/Projects/SimpleClient/client.c @@ -471,7 +471,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #ifdef HAVE_SNI if (sniHostName) - if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) + if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) + != SSL_SUCCESS) err_sys("UseSNI failed"); #endif diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/server.c b/IDE/MDK5-ARM/Projects/SimpleServer/server.c index de53738e8..ecc9b510b 100644 --- a/IDE/MDK5-ARM/Projects/SimpleServer/server.c +++ b/IDE/MDK5-ARM/Projects/SimpleServer/server.c @@ -418,7 +418,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef HAVE_SNI if (sniHostName) { if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, - XSTRLEN(sniHostName))) + XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); else CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME, diff --git a/configure.ac b/configure.ac index eda0bd416..a558b69f9 100644 --- a/configure.ac +++ b/configure.ac @@ -1105,6 +1105,20 @@ fi AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) +if test "$ENABLED_OCSP" = "yes" +then + # check openssl command tool for testing ocsp + AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) + + if test "$HAVE_OPENSSL_CMD" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" + else + AC_MSG_WARN([openssl command line tool not available for testing ocsp]) + fi +fi + + # CRL AC_ARG_ENABLE([crl], [ --enable-crl Enable CRL (default: disabled)], @@ -1212,6 +1226,18 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION" fi +# Supported Elliptic Curves Extensions +AC_ARG_ENABLE([supportedcurves], + [ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)], + [ ENABLED_SUPPORTED_CURVES=$enableval ], + [ ENABLED_SUPPORTED_CURVES=no ] + ) + +if test "x$ENABLED_SUPPORTED_CURVES" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES" +fi + # TLS Extensions AC_ARG_ENABLE([tlsx], [ --enable-tlsx Enable all TLS Extensions (default: disabled)], @@ -1225,7 +1251,8 @@ then ENABLED_MAX_FRAGMENT=yes ENABLED_TRUNCATED_HMAC=yes ENABLED_RENEGOTIATION_INDICATION=yes - AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION" + ENABLED_SUPPORTED_CURVES=yes + AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_SUPPORTED_CURVES" fi # PKCS7 @@ -1662,6 +1689,7 @@ echo " * SNI: $ENABLED_SNI" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" +echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" echo " * All TLS Extensions: $ENABLED_TLSX" echo " * PKCS#7 $ENABLED_PKCS7" echo " * wolfSCEP $ENABLED_WOLFSCEP" diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 1dc9eef9d..1e7d0e5a0 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1323,10 +1323,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->extAuthKeyIdSz = 0; cert->extSubjKeyIdSrc = NULL; cert->extSubjKeyIdSz = 0; - #ifdef HAVE_ECC - cert->pkCurveOID = 0; - #endif /* HAVE_ECC */ #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_ECC + cert->pkCurveOID = 0; +#endif /* HAVE_ECC */ #ifdef CYASSL_SEP cert->deviceTypeSz = 0; cert->deviceType = NULL; @@ -1522,7 +1522,6 @@ static int GetKey(DecodedCert* cert) #ifdef HAVE_ECC case ECDSAk: { - word32 oid = 0; int oidSz = 0; byte b = cert->source[cert->srcIdx++]; @@ -1533,12 +1532,10 @@ static int GetKey(DecodedCert* cert) return ASN_PARSE_E; while(oidSz--) - oid += cert->source[cert->srcIdx++]; - if (CheckCurve(oid) < 0) + cert->pkCurveOID += cert->source[cert->srcIdx++]; + + if (CheckCurve(cert->pkCurveOID) < 0) return ECC_CURVE_OID_E; - #ifdef OPENSSL_EXTRA - cert->pkCurveOID = oid; - #endif /* OPENSSL_EXTRA */ /* key header */ b = cert->source[cert->srcIdx++]; diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index da5c5e0ab..db7ab2932 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -348,10 +348,10 @@ struct DecodedCert { word32 extAuthKeyIdSz; byte* extSubjKeyIdSrc; word32 extSubjKeyIdSz; - #ifdef HAVE_ECC - word32 pkCurveOID; /* Public Key's curve OID */ - #endif /* HAVE_ECC */ #endif +#ifdef HAVE_ECC + word32 pkCurveOID; /* Public Key's curve OID */ +#endif /* HAVE_ECC */ byte* beforeDate; int beforeDateLen; byte* afterDate; diff --git a/cyassl/internal.h b/cyassl/internal.h index 2154087cd..989947acd 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1110,11 +1110,8 @@ typedef struct CYASSL_DTLS_CTX { typedef enum { SERVER_NAME_INDICATION = 0, MAX_FRAGMENT_LENGTH = 1, - /*CLIENT_CERTIFICATE_URL = 2, - TRUSTED_CA_KEYS = 3,*/ TRUNCATED_HMAC = 4, - /*STATUS_REQUEST = 5, - SIGNATURE_ALGORITHMS = 13,*/ + ELLIPTIC_CURVES = 10 } TLSX_Type; typedef struct TLSX { @@ -1181,6 +1178,23 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); #endif /* HAVE_TRUNCATED_HMAC */ +#ifdef HAVE_SUPPORTED_CURVES + +typedef struct EllipticCurve { + word16 name; /* CurveNames */ + struct EllipticCurve* next; /* List Behavior */ + +} EllipticCurve; + +CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); + +#ifndef NO_CYASSL_SERVER +CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, + byte second); +#endif + +#endif /* HAVE_SUPPORTED_CURVES */ + #endif /* HAVE_TLS_EXTENSIONS */ /* CyaSSL context type */ @@ -1222,6 +1236,7 @@ struct CYASSL_CTX { word32 timeout; /* session timeout */ #ifdef HAVE_ECC word16 eccTempKeySz; /* in octets 20 - 66 */ + word32 pkCurveOID; /* curve Ecc_Sum */ #endif #ifndef NO_PSK byte havePSK; /* psk key set by user */ @@ -1841,6 +1856,7 @@ struct CYASSL { ecc_key* eccTempKey; /* private ECDHE key */ ecc_key* eccDsaKey; /* private ECDSA key */ word16 eccTempKeySz; /* in octets 20 - 66 */ + word32 pkCurveOID; /* curve Ecc_Sum */ byte peerEccKeyPresent; byte peerEccDsaKeyPresent; byte eccTempKeyPresent; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 049e0d5eb..9013e5345 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1231,6 +1231,7 @@ CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl); #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_MAX_FRAGMENT */ +/* Truncated HMAC */ #ifdef HAVE_TRUNCATED_HMAC #ifndef NO_CYASSL_CLIENT @@ -1240,6 +1241,27 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx); #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_TRUNCATED_HMAC */ +/* Elliptic Curves */ +#ifdef HAVE_SUPPORTED_CURVES + +enum { + CYASSL_ECC_SECP160R1 = 0x10, + CYASSL_ECC_SECP192R1 = 0x13, + CYASSL_ECC_SECP224R1 = 0x15, + CYASSL_ECC_SECP256R1 = 0x17, + CYASSL_ECC_SECP384R1 = 0x18, + CYASSL_ECC_SECP521R1 = 0x19 +}; + +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name); +CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, + unsigned short name); + +#endif /* NO_CYASSL_CLIENT */ +#endif /* HAVE_SUPPORTED_CURVES */ + #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ diff --git a/examples/client/client.c b/examples/client/client.c index ff0e9848f..ac6f935a8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -550,17 +550,18 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #ifdef HAVE_SNI if (sniHostName) - if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))) + if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) + != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) - if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment)) + if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) - if (CyaSSL_CTX_UseTruncatedHMAC(ctx)) + if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif diff --git a/examples/server/server.c b/examples/server/server.c index 365418d5d..f99be0aa2 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -443,7 +443,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, - XSTRLEN(sniHostName))) + XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif diff --git a/src/internal.c b/src/internal.c index 0f438dd1b..e56d49d37 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1282,6 +1282,9 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag) x509->altNamesNext = NULL; x509->dynamicMemory = (byte)dynamicFlag; x509->isCa = 0; +#ifdef HAVE_ECC + x509->pkCurveOID = 0; +#endif /* HAVE_ECC */ #ifdef OPENSSL_EXTRA x509->pathLength = 0; x509->basicConstSet = 0; @@ -1300,9 +1303,6 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag) x509->keyUsageSet = 0; x509->keyUsageCrit = 0; x509->keyUsage = 0; - #ifdef HAVE_ECC - x509->pkCurveOID = 0; - #endif /* HAVE_ECC */ #ifdef CYASSL_SEP x509->certPolicySet = 0; x509->certPolicyCrit = 0; @@ -1400,6 +1400,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #ifdef HAVE_ECC ssl->eccTempKeySz = ctx->eccTempKeySz; + ssl->pkCurveOID = ctx->pkCurveOID; ssl->peerEccKeyPresent = 0; ssl->peerEccDsaKeyPresent = 0; ssl->eccDsaKeyPresent = 0; @@ -3224,14 +3225,14 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) } x509->keyUsageSet = dCert->extKeyUsageSet; x509->keyUsageCrit = dCert->extKeyUsageCrit; - #ifdef HAVE_ECC - x509->pkCurveOID = dCert->pkCurveOID; - #endif /* HAVE_ECC */ #ifdef CYASSL_SEP x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; #endif /* CYASSL_SEP */ #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_ECC + x509->pkCurveOID = dCert->pkCurveOID; +#endif /* HAVE_ECC */ return ret; } @@ -9764,6 +9765,13 @@ static void PickHashSigAlgo(CYASSL* ssl, } } +#ifdef HAVE_SUPPORTED_CURVES + if (!TLSX_ValidateEllipticCurves(ssl, first, second)) { + CYASSL_MSG("Don't have matching curves"); + return 0; + } +#endif + /* ECCDHE is always supported if ECC on */ return 1; diff --git a/src/ssl.c b/src/ssl.c index e12e66f9e..55a3488a7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -622,6 +622,30 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx) #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_TRUNCATED_HMAC */ +/* Elliptic Curves */ +#ifdef HAVE_SUPPORTED_CURVES +#ifndef NO_CYASSL_CLIENT + +int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + return TLSX_UseSupportedCurve(&ssl->extensions, name); +} + +int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + return TLSX_UseSupportedCurve(&ctx->extensions, name); +} + +#endif /* NO_CYASSL_CLIENT */ +#endif /* HAVE_SUPPORTED_CURVES */ + + #ifndef CYASSL_LEANPSK int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) { @@ -2113,6 +2137,13 @@ int CyaSSL_Init(void) break; } +#ifdef HAVE_ECC + if (ctx) + ctx->pkCurveOID = cert.pkCurveOID; + if (ssl) + ssl->pkCurveOID = cert.pkCurveOID; +#endif + FreeDecodedCert(&cert); } diff --git a/src/tls.c b/src/tls.c index 482271ba6..f4445fb7b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -515,6 +515,12 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, #ifdef HAVE_TLS_EXTENSIONS +#define IS_OFF(semaphore, light) \ + ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) + +#define TURN_ON(semaphore, light) \ + ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) + static int TLSX_Append(TLSX** list, TLSX_Type type) { TLSX* extension; @@ -536,7 +542,9 @@ static int TLSX_Append(TLSX** list, TLSX_Type type) #ifndef NO_CYASSL_SERVER -static void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type) +void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type); + +void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type) { TLSX *ext = TLSX_Find(ssl->extensions, type); @@ -768,7 +776,7 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length, int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size); - if (r) return r; /* throw error */ + if (r != SSL_SUCCESS) return r; /* throw error */ TLSX_SNI_SetStatus(ssl->extensions, type, matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH); @@ -834,7 +842,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) } } while ((sni = sni->next)); - return 0; + return SSL_SUCCESS; } #ifndef NO_CYASSL_SERVER @@ -1039,7 +1047,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length, if (isRequest) { int r = TLSX_UseMaxFragment(&ssl->extensions, *input); - if (r) return r; /* throw error */ + if (r != SSL_SUCCESS) return r; /* throw error */ TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH); } @@ -1089,7 +1097,7 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) } } while ((extension = extension->next)); - return 0; + return SSL_SUCCESS; } @@ -1120,7 +1128,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions) if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0) return ret; - return 0; + return SSL_SUCCESS; } static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, @@ -1133,7 +1141,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, if (isRequest) { int r = TLSX_UseTruncatedHMAC(&ssl->extensions); - if (r) return r; /* throw error */ + if (r != SSL_SUCCESS) return r; /* throw error */ TLSX_SetResponse(ssl, TRUNCATED_HMAC); } @@ -1152,6 +1160,304 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length, #endif /* HAVE_TRUNCATED_HMAC */ +#ifdef HAVE_SUPPORTED_CURVES + +#ifndef HAVE_ECC +#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \ +Use --enable-ecc in the configure script or define HAVE_ECC." +#endif + +static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) +{ + EllipticCurve* curve; + + while ((curve = list)) { + list = curve->next; + XFREE(curve, 0, DYNAMIC_TYPE_TLSX); + } +} + +static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name) +{ + EllipticCurve* curve; + + if (list == NULL) + return BAD_FUNC_ARG; + + if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL) + return MEMORY_E; + + curve->name = name; + curve->next = *list; + + *list = curve; + + return 0; +} + +#ifndef NO_CYASSL_CLIENT + +static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore) +{ + int i; + + for (i = 0; i < ssl->suites->suiteSz; i+= 2) + if (ssl->suites->suites[i] == ECC_BYTE) + return; + + /* No elliptic curve suite found */ + TURN_ON(semaphore, ELLIPTIC_CURVES); +} + +static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list) +{ + EllipticCurve* curve; + word16 length = OPAQUE16_LEN; /* list length */ + + while ((curve = list)) { + list = curve->next; + length += OPAQUE16_LEN; /* curve length */ + } + + return length; +} + +static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output); +static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output) +{ + word16 offset = 0; + + if (!curve) + return offset; + + offset = TLSX_EllipticCurve_WriteR(curve->next, output); + c16toa(curve->name, output + offset); + + return OPAQUE16_LEN + offset; +} + +static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output) +{ + word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN); + + c16toa(length, output); /* writing list length */ + + return OPAQUE16_LEN + length; +} + +#endif /* NO_CYASSL_CLIENT */ +#ifndef NO_CYASSL_SERVER + +static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length, + byte isRequest) +{ + word16 offset; + word16 name; + int r; + + (void) isRequest; /* shut up compiler! */ + + if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) + return INCOMPLETE_DATA; + + ato16(input, &offset); + + /* validating curve list length */ + if (length != OPAQUE16_LEN + offset) + return INCOMPLETE_DATA; + + while (offset) { + ato16(input + offset, &name); + offset -= OPAQUE16_LEN; + + r = TLSX_UseSupportedCurve(&ssl->extensions, name); + + if (r) return r; /* throw error */ + } + + return 0; +} + +int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) { + TLSX* extension = (first == ECC_BYTE) + ? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES) + : NULL; + EllipticCurve* curve = NULL; + word32 oid = 0; + word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */ + int sig = 0; /* valitade signature */ + int key = 0; /* validate key */ + + if (!extension) + return 1; /* no suite restriction */ + + for (curve = extension->data; curve && !(sig && key); curve = curve->next) { + + switch (curve->name) { + case CYASSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break; + case CYASSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break; + case CYASSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break; + case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break; + case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break; + case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break; + } + + switch (second) { +#ifndef NO_DSA + /* ECDHE_ECDSA */ + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: + sig |= ssl->pkCurveOID == oid; + key |= ssl->eccTempKeySz == octets; + break; + + /* ECDH_ECDSA */ + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: + case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: + sig |= ssl->pkCurveOID == oid; + key |= ssl->pkCurveOID == oid; + break; +#endif +#ifndef NO_RSA + /* ECDHE_RSA */ + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_RSA_WITH_RC4_128_SHA: + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: + sig = 1; + key |= ssl->eccTempKeySz == octets; + break; + + /* ECDH_RSA */ + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_RSA_WITH_RC4_128_SHA: + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: + case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: + sig = 1; + key |= ssl->pkCurveOID == oid; + break; +#endif + default: + sig = 1; + key = 1; + break; + } + } + + return sig && key; +} + +#endif /* NO_CYASSL_SERVER */ + +int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) +{ + TLSX* extension = NULL; + EllipticCurve* curve = NULL; + int ret = 0; + + if (extensions == NULL) + return BAD_FUNC_ARG; + + switch (name) { + case CYASSL_ECC_SECP160R1: + case CYASSL_ECC_SECP192R1: + case CYASSL_ECC_SECP224R1: + case CYASSL_ECC_SECP256R1: + case CYASSL_ECC_SECP384R1: + case CYASSL_ECC_SECP521R1: + break; + + default: + return BAD_FUNC_ARG; + } + + if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0) + return ret; + + extension = *extensions; + + /* find EllipticCurve extension if it already exists. */ + while (extension && extension->type != ELLIPTIC_CURVES) + extension = extension->next; + + /* push new EllipticCurve extension if it doesn't exists. */ + if (!extension) { + if ((ret = TLSX_Append(extensions, ELLIPTIC_CURVES)) != 0) { + XFREE(curve, 0, DYNAMIC_TYPE_TLSX); + return ret; + } + + extension = *extensions; + } + + /* push new EllipticCurve object to extension data. */ + curve->next = (EllipticCurve*) extension->data; + extension->data = (void*) curve; + + /* look for another curve of the same name to remove (replacement) */ + do { + if (curve->next && curve->next->name == name) { + EllipticCurve *next = curve->next; + + curve->next = next->next; + XFREE(next, 0, DYNAMIC_TYPE_TLSX); + + break; + } + } while ((curve = curve->next)); + + return SSL_SUCCESS; +} + +#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll +#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest + +#ifndef NO_CYASSL_CLIENT +#define EC_GET_SIZE TLSX_EllipticCurve_GetSize +#define EC_WRITE TLSX_EllipticCurve_Write +#else +#define EC_GET_SIZE(list) 0 +#define EC_WRITE(a, b) 0 +#endif + +#ifndef NO_CYASSL_SERVER +#define EC_PARSE TLSX_EllipticCurve_Parse +#else +#define EC_PARSE(a, b, c, d) 0 +#endif + +#else + +#define EC_FREE_ALL(list) +#define EC_GET_SIZE(list) 0 +#define EC_WRITE(a, b) 0 +#define EC_PARSE(a, b, c, d) 0 +#define EC_VALIDATE_REQUEST(a, b) + +#endif /* HAVE_SUPPORTED_CURVES */ + TLSX* TLSX_Find(TLSX* list, TLSX_Type type) { TLSX* extension = list; @@ -1181,18 +1487,16 @@ void TLSX_FreeAll(TLSX* list) case TRUNCATED_HMAC: /* Nothing to do. */ break; + + case ELLIPTIC_CURVES: + EC_FREE_ALL(extension->data); + break; } XFREE(extension, 0, DYNAMIC_TYPE_TLSX); } } -#define IS_OFF(semaphore, light) \ - ((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8))) - -#define TURN_ON(semaphore, light) \ - ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) - static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) { TLSX* extension; @@ -1220,6 +1524,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest) case TRUNCATED_HMAC: /* empty extension. */ break; + + case ELLIPTIC_CURVES: + length += EC_GET_SIZE((EllipticCurve *) extension->data); + break; } TURN_ON(semaphore, extension->type); @@ -1264,6 +1572,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore, case TRUNCATED_HMAC: /* empty extension. */ break; + + case ELLIPTIC_CURVES: + offset += EC_WRITE((EllipticCurve *) extension->data, + output + offset); + break; } /* writing extension data length */ @@ -1286,6 +1599,8 @@ word16 TLSX_GetRequestSize(CYASSL* ssl) if (ssl && IsTLS(ssl)) { byte semaphore[16] = {0}; + EC_VALIDATE_REQUEST(ssl, semaphore); + if (ssl->extensions) length += TLSX_GetSize(ssl->extensions, semaphore, 1); @@ -1311,6 +1626,8 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output) offset += OPAQUE16_LEN; /* extensions length */ + EC_VALIDATE_REQUEST(ssl, semaphore); + if (ssl->extensions) offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 1); @@ -1430,6 +1747,12 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, ret = THM_PARSE(ssl, input + offset, size, isRequest); break; + case ELLIPTIC_CURVES: + CYASSL_MSG("Elliptic Curves extension received"); + + ret = EC_PARSE(ssl, input + offset, size, isRequest); + break; + case HELLO_EXT_SIG_ALGO: if (isRequest) { /* do not mess with offset inside the switch! */ @@ -1462,6 +1785,13 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest, #undef IS_OFF #undef TURN_ON +#elif defined(HAVE_SNI) \ + || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUNCATED_HMAC) \ + || defined(HAVE_SUPPORTED_CURVES) + +#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined." + #endif /* HAVE_TLS_EXTENSIONS */ diff --git a/tests/api.c b/tests/api.c index 3dadad7a1..94a232f06 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56,6 +56,9 @@ static void test_CyaSSL_UseMaxFragment(void); #ifdef HAVE_TRUNCATED_HMAC static void test_CyaSSL_UseTruncatedHMAC(void); #endif /* HAVE_TRUNCATED_HMAC */ +#ifdef HAVE_SUPPORTED_CURVES +static void test_CyaSSL_UseSupportedCurve(void); +#endif /* HAVE_SUPPORTED_CURVES */ /* test function helpers */ static int test_method(CYASSL_METHOD *method, const char *name); @@ -116,6 +119,9 @@ int ApiTest(void) #ifdef HAVE_TRUNCATED_HMAC test_CyaSSL_UseTruncatedHMAC(); #endif /* HAVE_TRUNCATED_HMAC */ +#ifdef HAVE_SUPPORTED_CURVES + test_CyaSSL_UseSupportedCurve(); +#endif /* HAVE_SUPPORTED_CURVES */ test_CyaSSL_Cleanup(); printf(" End API Tests\n"); @@ -236,14 +242,13 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method) return TEST_SUCCESS; } -#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_SNI static void use_SNI_at_ctx(CYASSL_CTX* ctx) { byte type = CYASSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; - AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name))); } static void use_SNI_at_ssl(CYASSL* ssl) @@ -251,7 +256,7 @@ static void use_SNI_at_ssl(CYASSL* ssl) byte type = CYASSL_SNI_HOST_NAME; char name[] = "www.yassl.com"; - AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); } static void different_SNI_at_ssl(CYASSL* ssl) @@ -259,7 +264,7 @@ static void different_SNI_at_ssl(CYASSL* ssl) byte type = CYASSL_SNI_HOST_NAME; char name[] = "ww2.yassl.com"; - AssertIntEQ(0, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); + AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name))); } static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl) @@ -426,16 +431,16 @@ void test_CyaSSL_UseSNI(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(0, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntNE(0, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); - AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntNE(0, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); - AssertIntNE(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); - AssertIntNE(0, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); + AssertIntNE(1, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntNE(1, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntNE(1, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); + AssertIntNE(1, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); /* success case */ - AssertIntEQ(0, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); - AssertIntEQ(0, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); + AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); + AssertIntEQ(1, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -491,24 +496,24 @@ static void test_CyaSSL_UseMaxFragment(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); - AssertIntNE(0, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); - AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 0)); - AssertIntNE(0, CyaSSL_CTX_UseMaxFragment(ctx, 6)); - AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 0)); - AssertIntNE(0, CyaSSL_UseMaxFragment(ssl, 6)); + AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9)); + AssertIntNE(1, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9)); + AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 0)); + AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 6)); + AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 0)); + AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 6)); /* success case */ - AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); - AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); - AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); - AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); - AssertIntEQ(0, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); - AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); - AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); - AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); - AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); - AssertIntEQ(0, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); + AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9)); + AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10)); + AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11)); + AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12)); + AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13)); + AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9)); + AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10)); + AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11)); + AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12)); + AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -525,19 +530,44 @@ static void test_CyaSSL_UseTruncatedHMAC(void) AssertNotNull(ssl); /* error cases */ - AssertIntNE(0, CyaSSL_CTX_UseTruncatedHMAC(NULL)); - AssertIntNE(0, CyaSSL_UseTruncatedHMAC(NULL)); + AssertIntNE(1, CyaSSL_CTX_UseTruncatedHMAC(NULL)); + AssertIntNE(1, CyaSSL_UseTruncatedHMAC(NULL)); /* success case */ - AssertIntEQ(0, CyaSSL_CTX_UseTruncatedHMAC(ctx)); - AssertIntEQ(0, CyaSSL_UseTruncatedHMAC(ssl)); + AssertIntEQ(1, CyaSSL_CTX_UseTruncatedHMAC(ctx)); + AssertIntEQ(1, CyaSSL_UseTruncatedHMAC(ssl)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); } #endif /* HAVE_TRUNCATED_HMAC */ -#endif /* HAVE_TLS_EXTENSIONS */ +#ifdef HAVE_SUPPORTED_CURVES +static void test_CyaSSL_UseSupportedCurve(void) +{ + CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); + CYASSL *ssl = CyaSSL_new(ctx); + + AssertNotNull(ctx); + AssertNotNull(ssl); + +#ifndef NO_CYASSL_CLIENT + /* error cases */ + AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); + AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0)); + + AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1)); + AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0)); + + /* success case */ + AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1)); + AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1)); +#endif + + CyaSSL_free(ssl); + CyaSSL_CTX_free(ctx); +} +#endif /* HAVE_SUPPORTED_CURVES */ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) /* Helper for testing CyaSSL_CTX_use_certificate_file() */