tls_client_extensions.c
Go to the documentation of this file.
1 /**
2  * @file tls_client_extensions.c
3  * @brief Formatting and parsing of extensions (TLS client)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include <string.h>
36 #include "tls.h"
37 #include "tls_cipher_suites.h"
38 #include "tls_client_extensions.h"
39 #include "tls_extensions.h"
40 #include "tls_ffdhe.h"
41 #include "tls_misc.h"
42 #include "debug.h"
43 
44 //Check TLS library configuration
45 #if (TLS_SUPPORT == ENABLED && TLS_CLIENT_SUPPORT == ENABLED)
46 
47 //List of supported ECDHE or FFDHE groups
48 const uint16_t tlsSupportedGroups[] =
49 {
73 };
74 
75 
76 /**
77  * @brief Format SupportedVersions extension
78  * @param[in] context Pointer to the TLS context
79  * @param[in] p Output stream where to write the SupportedVersions extension
80  * @param[out] written Total number of bytes that have been written
81  * @return Error code
82  **/
83 
85  uint8_t *p, size_t *written)
86 {
87  size_t n = 0;
88 
89 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
90  //In TLS 1.2, the client can indicate its version preferences in the
91  //SupportedVersions extension, in preference to the legacy_version field
92  //of the ClientHello
93  if(context->versionMax >= TLS_VERSION_1_2)
94  {
95  TlsExtension *extension;
96  TlsSupportedVersionList *supportedVersionList;
97 
98  //Add the SupportedVersions extension
99  extension = (TlsExtension *) p;
100  //Type of the extension
101  extension->type = HTONS(TLS_EXT_SUPPORTED_VERSIONS);
102 
103  //Point to the extension data field
104  supportedVersionList = (TlsSupportedVersionList *) extension->value;
105 
106  //The extension contains a list of supported versions in preference
107  //order, with the most preferred version first
108  n = 0;
109 
110 #if (DTLS_SUPPORT == ENABLED)
111  //DTLS protocol?
112  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
113  {
114  //Check whether DTLS 1.2 is supported
115  if(context->versionMax >= TLS_VERSION_1_2 && context->versionMin <= TLS_VERSION_1_2)
116  supportedVersionList->value[n++] = HTONS(DTLS_VERSION_1_2);
117 
118  //Check whether DTLS 1.0 is supported
119  if(context->versionMax >= TLS_VERSION_1_1 && context->versionMin <= TLS_VERSION_1_1)
120  supportedVersionList->value[n++] = HTONS(DTLS_VERSION_1_0);
121  }
122  else
123 #endif
124  //TLS protocol?
125  {
126  //Check whether TLS 1.3 is supported
127  if(context->versionMax >= TLS_VERSION_1_3 && context->versionMin <= TLS_VERSION_1_3)
128  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_3);
129 
130  //Check whether TLS 1.2 is supported
131  if(context->versionMax >= TLS_VERSION_1_2 && context->versionMin <= TLS_VERSION_1_2)
132  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_2);
133 
134  //Check whether TLS 1.1 is supported
135  if(context->versionMax >= TLS_VERSION_1_1 && context->versionMin <= TLS_VERSION_1_1)
136  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_1);
137 
138  //Check whether TLS 1.0 is supported
139  if(context->versionMax >= TLS_VERSION_1_0 && context->versionMin <= TLS_VERSION_1_0)
140  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_0);
141 
142  //Check whether SSL 3.0 is supported
143  if(context->versionMax >= SSL_VERSION_3_0 && context->versionMin <= SSL_VERSION_3_0)
144  supportedVersionList->value[n++] = HTONS(SSL_VERSION_3_0);
145  }
146 
147  //Compute the length, in bytes, of the list
148  n *= sizeof(uint16_t);
149  //Fix the length of the list
150  supportedVersionList->length = (uint8_t) n;
151 
152  //Consider the length field that precedes the list
153  n += sizeof(TlsSupportedVersionList);
154  //Fix the length of the extension
155  extension->length = htons(n);
156 
157  //Compute the length, in bytes, of the SupportedVersions extension
158  n += sizeof(TlsExtension);
159  }
160 #endif
161 
162  //Total number of bytes that have been written
163  *written = n;
164 
165  //Successful processing
166  return NO_ERROR;
167 }
168 
169 
170 /**
171  * @brief Format SNI extension
172  * @param[in] context Pointer to the TLS context
173  * @param[in] p Output stream where to write the ServerName extension
174  * @param[out] written Total number of bytes that have been written
175  * @return Error code
176  **/
177 
179  uint8_t *p, size_t *written)
180 {
181  size_t n = 0;
182 
183 #if (TLS_SNI_SUPPORT == ENABLED)
184  //In order to provide the server name, clients may include a ServerName
185  //extension
186  if(context->serverName != NULL)
187  {
188  //Determine the length of the server name
189  n = strlen(context->serverName);
190 
191  //The server name must be a valid DNS hostname
192  if(tlsCheckDnsHostname(context->serverName, n))
193  {
194  TlsExtension *extension;
195  TlsServerNameList *serverNameList;
196  TlsServerName *serverName;
197 
198  //Add SNI (Server Name Indication) extension
199  extension = (TlsExtension *) p;
200  //Type of the extension
201  extension->type = HTONS(TLS_EXT_SERVER_NAME);
202 
203  //Point to the list of server names
204  serverNameList = (TlsServerNameList *) extension->value;
205  //In practice, current client implementations only send one name
206  serverName = (TlsServerName *) serverNameList->value;
207 
208  //Fill in the type and the length fields
209  serverName->type = TLS_NAME_TYPE_HOSTNAME;
210  serverName->length = htons(n);
211  //Copy server name
212  memcpy(serverName->hostname, context->serverName, n);
213 
214  //Compute the length, in byte, of the structure
215  n += sizeof(TlsServerName);
216  //Fix the length of the list
217  serverNameList->length = htons(n);
218 
219  //Consider the 2-byte length field that precedes the list
220  n += sizeof(TlsServerNameList);
221  //Fix the length of the extension
222  extension->length = htons(n);
223 
224  //Compute the length, in bytes, of the ServerName extension
225  n += sizeof(TlsExtension);
226  }
227  else
228  {
229  //The server name is not a valid DNS hostname
230  n = 0;
231  }
232  }
233 #endif
234 
235  //Total number of bytes that have been written
236  *written = n;
237 
238  //Successful processing
239  return NO_ERROR;
240 }
241 
242 
243 /**
244  * @brief Format MaxFragmentLength extension
245  * @param[in] context Pointer to the TLS context
246  * @param[in] p Output stream where to write the MaxFragmentLength extension
247  * @param[out] written Total number of bytes that have been written
248  * @return Error code
249  **/
250 
252  uint8_t *p, size_t *written)
253 {
254  size_t n = 0;
255 
256 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
257  //In order to negotiate smaller maximum fragment lengths, clients may
258  //include a MaxFragmentLength extension
259  if(context->maxFragLen == 512 || context->maxFragLen == 1024 ||
260  context->maxFragLen == 2048 || context->maxFragLen == 4096)
261  {
262  TlsExtension *extension;
263 
264  //Add the MaxFragmentLength extension
265  extension = (TlsExtension *) p;
266  //Type of the extension
267  extension->type = HTONS(TLS_EXT_MAX_FRAGMENT_LENGTH);
268 
269  //Set the maximum fragment length
270  switch(context->maxFragLen)
271  {
272  case 512:
273  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_512;
274  break;
275  case 1024:
276  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_1024;
277  break;
278  case 2048:
279  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_2048;
280  break;
281  default:
282  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_4096;
283  break;
284  }
285 
286  //The extension data field contains a single byte
287  n = sizeof(uint8_t);
288  //Fix the length of the extension
289  extension->length = htons(n);
290 
291  //Compute the length, in bytes, of the MaxFragmentLength extension
292  n += sizeof(TlsExtension);
293  }
294 #endif
295 
296  //Total number of bytes that have been written
297  *written = n;
298 
299  //Successful processing
300  return NO_ERROR;
301 }
302 
303 
304 /**
305  * @brief Format RecordSizeLimit extension
306  * @param[in] context Pointer to the TLS context
307  * @param[in] p Output stream where to write the RecordSizeLimit extension
308  * @param[out] written Total number of bytes that have been written
309  * @return Error code
310  **/
311 
313  uint8_t *p, size_t *written)
314 {
315  size_t n = 0;
316 
317 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
318  size_t recordSizeLimit;
319  TlsExtension *extension;
320 
321  //Add the RecordSizeLimit extension
322  extension = (TlsExtension *) p;
323  //Type of the extension
324  extension->type = HTONS(TLS_EXT_RECORD_SIZE_LIMIT);
325 
326  //An endpoint must not send a value higher than the protocol-defined
327  //maximum record size (refer to RFC 8449, section 4)
328  recordSizeLimit = MIN(context->rxBufferMaxLen, TLS_MAX_RECORD_LENGTH);
329 
330  //Check whether TLS 1.3 is supported
331  if(context->versionMax >= TLS_VERSION_1_3 &&
332  context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
333  {
334  //The value includes the content type and padding added in TLS 1.3
335  recordSizeLimit++;
336  }
337 
338  //The value of RecordSizeLimit is the maximum size of record in octets
339  //that the endpoint is willing to receive
340  STORE16BE(recordSizeLimit, extension->value);
341 
342  //The extension data field contains a 16-bit unsigned integer
343  n = sizeof(uint16_t);
344  //Fix the length of the extension
345  extension->length = htons(n);
346 
347  //Compute the length, in bytes, of the RecordSizeLimit extension
348  n += sizeof(TlsExtension);
349 #endif
350 
351  //Total number of bytes that have been written
352  *written = n;
353 
354  //Successful processing
355  return NO_ERROR;
356 }
357 
358 
359 /**
360  * @brief Format SupportedGroups extension
361  * @param[in] context Pointer to the TLS context
362  * @param[in] cipherSuiteTypes Types of cipher suites proposed by the client
363  * @param[in] p Output stream where to write the SupportedGroups extension
364  * @param[out] written Total number of bytes that have been written
365  * @return Error code
366  **/
367 
369  uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
370 {
371  size_t n = 0;
372 
373 #if (TLS_ECDH_SUPPORT == ENABLED || TLS_FFDHE_SUPPORT == ENABLED)
374  uint_t i;
375  uint_t numSupportedGroups;
376  const uint16_t *supportedGroups;
377  TlsExtension *extension;
378  TlsSupportedGroupList *supportedGroupList;
379 
380  //Add the SupportedGroups extension
381  extension = (TlsExtension *) p;
382  //Type of the extension
383  extension->type = HTONS(TLS_EXT_SUPPORTED_GROUPS);
384 
385  //Point to the list of supported groups
386  supportedGroupList = (TlsSupportedGroupList *) extension->value;
387  //The groups are ordered according to client's preferences
388  n = 0;
389 
390  //Any preferred ECDHE or FFDHE groups?
391  if(context->numSupportedGroups > 0)
392  {
393  //Point to the list of preferred named groups
394  supportedGroups = context->supportedGroups;
395  numSupportedGroups = context->numSupportedGroups;
396  }
397  else
398  {
399  //Point to the list of default named groups
400  supportedGroups = tlsSupportedGroups;
401  numSupportedGroups = arraysize(tlsSupportedGroups);
402  }
403 
404  //Loop through the list of named groups
405  for(i = 0; i < numSupportedGroups; i++)
406  {
407 #if (TLS_ECDH_SUPPORT == ENABLED)
408  //Elliptic curve group?
409  if(tlsGetCurveInfo(context, supportedGroups[i]) != NULL)
410  {
411  //Any ECC cipher suite proposed by the client?
412  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECC) != 0 ||
413  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
414  {
415  //Add the current named group to the list
416  supportedGroupList->value[n++] = htons(supportedGroups[i]);
417  }
418  }
419  else
420 #endif
421 #if (TLS_FFDHE_SUPPORT == ENABLED)
422  //Finite field group?
423  if(tlsGetFfdheGroup(context, supportedGroups[i]) != NULL)
424  {
425  //Any FFDHE cipher suite proposed by the client?
426  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_FFDHE) != 0 ||
427  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
428  {
429  //Add the current named group to the list
430  supportedGroupList->value[n++] = htons(supportedGroups[i]);
431  }
432  }
433  else
434 #endif
435  //Unknown group?
436  {
437  //Discard current named group
438  }
439  }
440 
441  //If the client supports and wants ECDHE and FFDHE key exchanges, it must
442  //use a single SupportedGroups extension to include all supported groups
443  //(both ECDHE and FFDHE groups)
444  if(n != 0)
445  {
446  //Compute the length, in bytes, of the list
447  n *= 2;
448  //Fix the length of the list
449  supportedGroupList->length = htons(n);
450 
451  //Consider the 2-byte length field that precedes the list
452  n += sizeof(TlsSupportedGroupList);
453  //Fix the length of the extension
454  extension->length = htons(n);
455 
456  //Compute the length, in bytes, of the SupportedGroups extension
457  n += sizeof(TlsExtension);
458  }
459 #endif
460 
461  //Total number of bytes that have been written
462  *written = n;
463 
464  //Successful processing
465  return NO_ERROR;
466 }
467 
468 
469 /**
470  * @brief Format EcPointFormats extension
471  * @param[in] context Pointer to the TLS context
472  * @param[in] cipherSuiteTypes Types of cipher suites proposed by the client
473  * @param[in] p Output stream where to write the EcPointFormats extension
474  * @param[out] written Total number of bytes that have been written
475  * @return Error code
476  **/
477 
479  uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
480 {
481  size_t n = 0;
482 
483 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
484  //TLS 1.3 has removed point format negotiation in favor of a single point
485  //format for each curve (refer to RFC 8446, section 1.2)
486  if(context->versionMin <= TLS_VERSION_1_2)
487  {
488 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
489  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
490  //A client that proposes ECC cipher suites in its ClientHello message
491  //should send the EcPointFormats extension
492  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECC) != 0)
493  {
494  TlsExtension *extension;
495  TlsEcPointFormatList *ecPointFormatList;
496 
497  //Add the EcPointFormats extension
498  extension = (TlsExtension *) p;
499  //Type of the extension
500  extension->type = HTONS(TLS_EXT_EC_POINT_FORMATS);
501 
502  //Point to the list of supported EC point formats
503  ecPointFormatList = (TlsEcPointFormatList *) extension->value;
504  //Items in the list are ordered according to client's preferences
505  n = 0;
506 
507  //The client can parse only the uncompressed point format...
508  ecPointFormatList->value[n++] = TLS_EC_POINT_FORMAT_UNCOMPRESSED;
509  //Fix the length of the list
510  ecPointFormatList->length = (uint8_t) n;
511 
512  //Consider the length field that precedes the list
513  n += sizeof(TlsEcPointFormatList);
514  //Fix the length of the extension
515  extension->length = htons(n);
516 
517  //Compute the length, in bytes, of the EcPointFormats extension
518  n += sizeof(TlsExtension);
519  }
520 #endif
521  }
522 #endif
523 
524  //Total number of bytes that have been written
525  *written = n;
526 
527  //Successful processing
528  return NO_ERROR;
529 }
530 
531 
532 /**
533  * @brief Format ALPN extension
534  * @param[in] context Pointer to the TLS context
535  * @param[in] p Output stream where to write the ALPN extension
536  * @param[out] written Total number of bytes that have been written
537  * @return Error code
538  **/
539 
541  uint8_t *p, size_t *written)
542 {
543  size_t n = 0;
544 
545 #if (TLS_ALPN_SUPPORT == ENABLED)
546  //The ALPN extension contains the list of protocols advertised by the
547  //client, in descending order of preference
548  if(context->protocolList != NULL)
549  {
550  uint_t i;
551  uint_t j;
552  TlsExtension *extension;
553  TlsProtocolName *protocolName;
554  TlsProtocolNameList *protocolNameList;
555 
556  //Add ALPN (Application-Layer Protocol Negotiation) extension
557  extension = (TlsExtension *) p;
558  //Type of the extension
559  extension->type = HTONS(TLS_EXT_ALPN);
560 
561  //Point to the list of protocol names
562  protocolNameList = (TlsProtocolNameList *) extension->value;
563 
564  //Move back to the beginning of the list
565  i = 0;
566  j = 0;
567  n = 0;
568 
569  //Parse the list of supported protocols
570  do
571  {
572  //Delimiter character found?
573  if(context->protocolList[i] == ',' || context->protocolList[i] == '\0')
574  {
575  //Discard empty tokens
576  if((i - j) > 0)
577  {
578  //Point to the protocol name
579  protocolName = (TlsProtocolName *) (protocolNameList->value + n);
580 
581  //Fill in the length field
582  protocolName->length = i - j;
583  //Copy protocol name
584  memcpy(protocolName->value, context->protocolList + j, i - j);
585 
586  //Adjust the length of the list
587  n += sizeof(TlsProtocolName) + i - j;
588  }
589 
590  //Move to the next token
591  j = i + 1;
592  }
593 
594  //Loop until the NULL character is reached
595  } while(context->protocolList[i++] != '\0');
596 
597  //Fix the length of the list
598  protocolNameList->length = htons(n);
599 
600  //Consider the 2-byte length field that precedes the list
601  n += sizeof(TlsProtocolNameList);
602  //Fix the length of the extension
603  extension->length = htons(n);
604 
605  //Compute the length, in bytes, of the ALPN extension
606  n += sizeof(TlsExtension);
607  }
608 #endif
609 
610  //Total number of bytes that have been written
611  *written = n;
612 
613  //Successful processing
614  return NO_ERROR;
615 }
616 
617 
618 /**
619  * @brief Format ClientCertType extension
620  * @param[in] context Pointer to the TLS context
621  * @param[in] p Output stream where to write the ClientCertType extension
622  * @param[out] written Total number of bytes that have been written
623  * @return Error code
624  **/
625 
627  uint8_t *p, size_t *written)
628 {
629  size_t n = 0;
630 
631 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
632  TlsExtension *extension;
633  TlsCertTypeList *clientCertTypeList;
634 
635  //Add the ClientCertType extension
636  extension = (TlsExtension *) p;
637  //Type of the extension
638  extension->type = HTONS(TLS_EXT_CLIENT_CERT_TYPE);
639 
640  //The ClientCertType extension in the ClientHello indicates the certificate
641  //types the client is able to provide to the server, when requested using a
642  //CertificateRequest message
643  clientCertTypeList = (TlsCertTypeList *) extension->value;
644 
645  //The ClientCertType extension carries a list of supported certificate
646  //types, sorted by client preference
647  n = 0;
648 
649  //Raw public key type
650  clientCertTypeList->value[n++] = TLS_CERT_FORMAT_RAW_PUBLIC_KEY;
651  //X.509 certificate type
652  clientCertTypeList->value[n++] = TLS_CERT_FORMAT_X509;
653 
654  //Fix the length of the list
655  clientCertTypeList->length = (uint8_t) n;
656 
657  //Consider the length field that precedes the list
658  n += sizeof(TlsCertTypeList);
659  //Fix the length of the extension
660  extension->length = htons(n);
661 
662  //Compute the length, in bytes, of the ClientCertType extension
663  n += sizeof(TlsExtension);
664 #endif
665 
666  //Total number of bytes that have been written
667  *written = n;
668 
669  //Successful processing
670  return NO_ERROR;
671 }
672 
673 
674 /**
675  * @brief Format ServerCertType extension
676  * @param[in] context Pointer to the TLS context
677  * @param[in] p Output stream where to write the ServerCertType extension
678  * @param[out] written Total number of bytes that have been written
679  * @return Error code
680  **/
681 
683  uint8_t *p, size_t *written)
684 {
685  size_t n = 0;
686 
687 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
688  //Ensure the client is able to process raw public keys
689  if(context->rpkVerifyCallback != NULL)
690  {
691  TlsExtension *extension;
692  TlsCertTypeList *serverCertTypeList;
693 
694  //Add the ServerCertType extension
695  extension = (TlsExtension *) p;
696  //Type of the extension
697  extension->type = HTONS(TLS_EXT_SERVER_CERT_TYPE);
698 
699  //The ServerCertType extension in the ClientHello indicates the types of
700  //certificates the client is able to process when provided by the server
701  //in a subsequent certificate payload
702  serverCertTypeList = (TlsCertTypeList *) extension->value;
703 
704  //The ServerCertType extension carries a list of supported certificate
705  //types, sorted by client preference
706  n = 0;
707 
708  //Raw public key type
709  serverCertTypeList->value[n++] = TLS_CERT_FORMAT_RAW_PUBLIC_KEY;
710  //X.509 certificate type
711  serverCertTypeList->value[n++] = TLS_CERT_FORMAT_X509;
712 
713  //Fix the length of the list
714  serverCertTypeList->length = (uint8_t) n;
715 
716  //Consider the length field that precedes the list
717  n += sizeof(TlsCertTypeList);
718  //Fix the length of the extension
719  extension->length = htons(n);
720 
721  //Compute the length, in bytes, of the ServerCertType extension
722  n += sizeof(TlsExtension);
723  }
724 #endif
725 
726  //Total number of bytes that have been written
727  *written = n;
728 
729  //Successful processing
730  return NO_ERROR;
731 }
732 
733 
734 /**
735  * @brief Format ExtendedMasterSecret extension
736  * @param[in] context Pointer to the TLS context
737  * @param[in] p Output stream where to write the ExtendedMasterSecret extension
738  * @param[out] written Total number of bytes that have been written
739  * @return Error code
740  **/
741 
743  uint8_t *p, size_t *written)
744 {
745  size_t n = 0;
746 
747 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
748  //Implementations which support both TLS 1.3 and earlier versions should
749  //indicate the use of the ExtendedMasterSecret extension whenever TLS 1.3
750  //is used (refer to RFC 8446, appendix D)
751  if(context->versionMax >= TLS_VERSION_1_0 &&
752  context->versionMin <= TLS_VERSION_1_2)
753  {
754 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
755  TlsExtension *extension;
756 
757  //Add the ExtendedMasterSecret extension
758  extension = (TlsExtension *) p;
759  //Type of the extension
760  extension->type = HTONS(TLS_EXT_EXTENDED_MASTER_SECRET);
761 
762  //The extension data field of this extension is empty
763  extension->length = HTONS(0);
764 
765  //Compute the length, in bytes, of the ExtendedMasterSecret extension
766  n = sizeof(TlsExtension);
767 #endif
768  }
769 #endif
770 
771  //Total number of bytes that have been written
772  *written = n;
773 
774  //Successful processing
775  return NO_ERROR;
776 }
777 
778 
779 /**
780  * @brief Format RenegotiationInfo extension
781  * @param[in] context Pointer to the TLS context
782  * @param[in] p Output stream where to write the RenegotiationInfo extension
783  * @param[out] written Total number of bytes that have been written
784  * @return Error code
785  **/
786 
788  uint8_t *p, size_t *written)
789 {
790  size_t n = 0;
791 
792 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
793  //TLS 1.3 forbids renegotiation
794  if(context->versionMin <= TLS_VERSION_1_2)
795  {
796 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
797  //Check whether secure renegotiation is enabled
798  if(context->secureRenegoEnabled)
799  {
800  //During secure renegotiation, the client must include the
801  //RenegotiationInfo extension containing the saved client_verify_data
802  if(context->secureRenegoFlag)
803  {
804  TlsExtension *extension;
805  TlsRenegoInfo *renegoInfo;
806 
807  //Determine the length of the verify data
808  n = context->clientVerifyDataLen;
809 
810  //Add the RenegotiationInfo extension
811  extension = (TlsExtension *) p;
812  //Type of the extension
813  extension->type = HTONS(TLS_EXT_RENEGOTIATION_INFO);
814 
815  //Point to the renegotiated_connection field
816  renegoInfo = (TlsRenegoInfo *) extension->value;
817  //Set the length of the verify data
818  renegoInfo->length = (uint8_t) n;
819 
820  //Copy the verify data from the Finished message sent by the client
821  //on the immediately previous handshake
822  memcpy(renegoInfo->value, context->clientVerifyData, n);
823 
824  //Consider the length field that precedes the renegotiated_connection
825  //field
826  n += sizeof(TlsRenegoInfo);
827  //Fix the length of the extension
828  extension->length = htons(n);
829 
830  //Compute the length, in bytes, of the RenegotiationInfo extension
831  n += sizeof(TlsExtension);
832  }
833  }
834 #endif
835  }
836 #endif
837 
838  //Total number of bytes that have been written
839  *written = n;
840 
841  //Successful processing
842  return NO_ERROR;
843 }
844 
845 
846 /**
847  * @brief Format ClientHello Padding extension
848  * @param[in] context Pointer to the TLS context
849  * @param[in] clientHelloLen Actual length of the ClientHello message
850  * @param[in] p Output stream where to write the ClientHello Padding extension
851  * @param[out] written Total number of bytes that have been written
852  * @return Error code
853  **/
854 
856  size_t clientHelloLen, uint8_t *p, size_t *written)
857 {
858  size_t n = 0;
859 
860 #if (TLS_CLIENT_HELLO_PADDING_SUPPORT == ENABLED)
861  //TLS protocol?
862  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
863  {
864  TlsExtension *extension;
865 
866  //After building a ClientHello as normal, the client can add four bytes
867  //to the length and test whether the resulting length falls into the
868  //range 256 to 511 (refer to RFC 7685, section 4)
869  clientHelloLen += sizeof(TlsHandshake);
870 
871  //Check the resulting length
872  if(clientHelloLen >= 256 && clientHelloLen < 512)
873  {
874  //The ClientHello Padding extension will be added in order to push
875  //the length to (at least) 512 bytes
876  extension = (TlsExtension *) p;
877 
878  //Type of the extension
879  extension->type = HTONS(TLS_EXT_PADDING);
880 
881  //Calculate the length of the padding
882  if((clientHelloLen + sizeof(TlsExtension)) < 512)
883  n = 512 - sizeof(TlsExtension) - clientHelloLen;
884  else
885  n = 0;
886 
887  //The padding string consists of an arbitrary number of zero bytes
888  memset(extension->value, 0, n);
889  //Set the length of the extension
890  extension->length = htons(n);
891 
892  //Compute the length, in bytes, of the padding extension
893  n += sizeof(TlsExtension);
894  }
895  }
896 #endif
897 
898  //Total number of bytes that have been written
899  *written = n;
900 
901  //Successful processing
902  return NO_ERROR;
903 }
904 
905 
906 /**
907  * @brief Parse SNI extension
908  * @param[in] context Pointer to the TLS context
909  * @param[in] serverNameList Pointer to the ServerName extension
910  * @return Error code
911  **/
912 
914  const TlsServerNameList *serverNameList)
915 {
916 #if (TLS_SNI_SUPPORT == ENABLED)
917  //SNI extension found?
918  if(serverNameList != NULL)
919  {
920  //If a client receives an extension type in the ServerHello that it did
921  //not request in the associated ClientHello, it must abort the handshake
922  //with an unsupported_extension fatal alert
923  if(context->serverName == NULL)
925  }
926 #endif
927 
928  //Successful processing
929  return NO_ERROR;
930 }
931 
932 
933 /**
934  * @brief Parse MaxFragmentLength extension
935  * @param[in] context Pointer to the TLS context
936  * @param[in] maxFragLen Pointer to the MaxFragmentLength extension
937  * @return Error code
938  **/
939 
941  const uint8_t *maxFragLen)
942 {
943 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
944  //MaxFragmentLength extension found?
945  if(maxFragLen != NULL)
946  {
947  size_t n;
948 
949  //Retrieve the value advertised by the server
950  switch(*maxFragLen)
951  {
953  n = 512;
954  break;
956  n = 1024;
957  break;
959  n = 2048;
960  break;
962  n = 4096;
963  break;
964  default:
965  n = 0;
966  break;
967  }
968 
969  //If a client receives a maximum fragment length negotiation response
970  //that differs from the length it requested, it must also abort the
971  //handshake with an illegal_parameter alert
972  if(n != context->maxFragLen)
974  }
975 #endif
976 
977  //Successful processing
978  return NO_ERROR;
979 }
980 
981 
982 /**
983  * @brief Parse RecordSizeLimit extension
984  * @param[in] context Pointer to the TLS context
985  * @param[in] recordSizeLimit Pointer to the RecordSizeLimit extension
986  * @return Error code
987  **/
988 
990  const uint8_t *recordSizeLimit)
991 {
992 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
993  //RecordSizeLimit extension found?
994  if(recordSizeLimit != NULL)
995  {
996  uint16_t n;
997 
998  //The value of RecordSizeLimit is the maximum size of record in octets
999  //that the peer is willing to receive
1000  n = LOAD16BE(recordSizeLimit);
1001 
1002  //Endpoints must not send a RecordSizeLimit extension with a value
1003  //smaller than 64
1004  if(n < 64)
1005  {
1006  //An endpoint must treat receipt of a smaller value as a fatal error
1007  //and generate an illegal_parameter alert
1008  return ERROR_ILLEGAL_PARAMETER;
1009  }
1010 
1011  //TLS 1.3 currently selected?
1012  if(context->version == TLS_VERSION_1_3)
1013  {
1014  //The value includes the content type and padding added in TLS 1.3
1015  n--;
1016  }
1017 
1018  //The peer can include any limit up to the protocol-defined limit for
1019  //maximum record size. Even if a larger value is provided by a peer, an
1020  //endpoint must not send records larger than the protocol-defined limit
1021  context->recordSizeLimit = MIN(n, TLS_MAX_RECORD_LENGTH);
1022 
1023  //The RecordSizeLimit extension has been successfully negotiated
1024  context->recordSizeLimitExtReceived = TRUE;
1025  }
1026  else
1027  {
1028  //If this extension is not negotiated, endpoints can send records of any
1029  //size permitted by the protocol or other negotiated extensions
1030  context->recordSizeLimit = TLS_MAX_RECORD_LENGTH;
1031 
1032  //The RecordSizeLimit extension is not supported by the server
1033  context->recordSizeLimitExtReceived = FALSE;
1034  }
1035 #endif
1036 
1037  //Successful processing
1038  return NO_ERROR;
1039 }
1040 
1041 
1042 /**
1043  * @brief Parse EcPointFormats extension
1044  * @param[in] context Pointer to the TLS context
1045  * @param[in] ecPointFormatList Pointer to the EcPointFormats extension
1046  * @return Error code
1047  **/
1048 
1050  const TlsEcPointFormatList *ecPointFormatList)
1051 {
1052  error_t error;
1053 
1054  //Initialize status code
1055  error = NO_ERROR;
1056 
1057 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
1058  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
1059  //EcPointFormats extension found?
1060  if(ecPointFormatList != NULL)
1061  {
1062  uint_t i;
1063 
1064  //Loop through the list of supported EC point formats
1065  for(i = 0; i < ecPointFormatList->length; i++)
1066  {
1067  //Uncompressed point format?
1068  if(ecPointFormatList->value[i] == TLS_EC_POINT_FORMAT_UNCOMPRESSED)
1069  {
1070  break;
1071  }
1072  }
1073 
1074  //If the EcPointFormats extension is sent, it must contain the value 0
1075  //as one of the items in the list of point formats (refer to RFC 4492,
1076  //section 5.2)
1077  if(i >= ecPointFormatList->length)
1078  {
1079  //Report an error
1080  error = ERROR_ILLEGAL_PARAMETER;
1081  }
1082  }
1083 #endif
1084 
1085  //Return status code
1086  return error;
1087 }
1088 
1089 
1090 /**
1091  * @brief Parse ALPN extension
1092  * @param[in] context Pointer to the TLS context
1093  * @param[in] protocolNameList Pointer to the ALPN extension
1094  * @return Error code
1095  **/
1096 
1098  const TlsProtocolNameList *protocolNameList)
1099 {
1100 #if (TLS_ALPN_SUPPORT == ENABLED)
1101  //ALPN extension found?
1102  if(protocolNameList != NULL)
1103  {
1104  size_t length;
1105  const TlsProtocolName *protocolName;
1106 
1107  //If a client receives an extension type in the ServerHello that it
1108  //did not request in the associated ClientHello, it must abort the
1109  //handshake with an unsupported_extension fatal alert
1110  if(context->protocolList == NULL)
1112 
1113  //Retrieve the length of the list
1114  length = ntohs(protocolNameList->length);
1115 
1116  //The list must not be be empty
1117  if(length == 0)
1118  return ERROR_DECODING_FAILED;
1119 
1120  //Point to the selected protocol
1121  protocolName = (TlsProtocolName *) protocolNameList->value;
1122 
1123  //The list must contain exactly one protocol name
1124  if(length < sizeof(TlsProtocolName))
1125  return ERROR_DECODING_FAILED;
1126  if(length != (sizeof(TlsProtocolName) + protocolName->length))
1127  return ERROR_DECODING_FAILED;
1128 
1129  //Retrieve the length of the protocol name
1130  length -= sizeof(TlsProtocolName);
1131 
1132  //Empty strings must not be included in the list
1133  if(length == 0)
1134  return ERROR_DECODING_FAILED;
1135 
1136  //Check whether the protocol is supported by the client
1137  if(!tlsIsAlpnProtocolSupported(context, protocolName->value, length))
1138  {
1139  //Report an error if unknown ALPN protocols are disallowed
1140  if(!context->unknownProtocolsAllowed)
1141  return ERROR_ILLEGAL_PARAMETER;
1142  }
1143 
1144  //Sanity check
1145  if(context->selectedProtocol != NULL)
1146  {
1147  //Release memory
1148  tlsFreeMem(context->selectedProtocol);
1149  context->selectedProtocol = NULL;
1150  }
1151 
1152  //Allocate a memory block to hold the protocol name
1153  context->selectedProtocol = tlsAllocMem(length + 1);
1154  //Failed to allocate memory?
1155  if(context->selectedProtocol == NULL)
1156  return ERROR_OUT_OF_MEMORY;
1157 
1158  //Save protocol name
1159  memcpy(context->selectedProtocol, protocolName->value, length);
1160  //Properly terminate the string with a NULL character
1161  context->selectedProtocol[length] = '\0';
1162  }
1163 #endif
1164 
1165  //Successful processing
1166  return NO_ERROR;
1167 }
1168 
1169 
1170 /**
1171  * @brief Parse ClientCertType extension
1172  * @param[in] context Pointer to the TLS context
1173  * @param[in] clientCertType Pointer to the ClientCertType extension
1174  * @return Error code
1175  **/
1176 
1178  const uint8_t *clientCertType)
1179 {
1180 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1181  //ClientCertType extension found?
1182  if(clientCertType != NULL)
1183  {
1184  //The value conveyed in the extension must be selected from one of the
1185  //values provided in the ClientCertType extension sent in the ClientHello
1186  if(*clientCertType != TLS_CERT_FORMAT_X509 &&
1187  *clientCertType != TLS_CERT_FORMAT_RAW_PUBLIC_KEY)
1188  {
1189  return ERROR_ILLEGAL_PARAMETER;
1190  }
1191 
1192  //The ClientCertType extension in the ServerHello indicates the type
1193  //of certificates the client is requested to provide in a subsequent
1194  //certificate payload
1195  context->certFormat = (TlsCertificateFormat) *clientCertType;
1196  }
1197 #endif
1198 
1199  //Successful processing
1200  return NO_ERROR;
1201 }
1202 
1203 
1204 /**
1205  * @brief Parse ServerCertType extension
1206  * @param[in] context Pointer to the TLS context
1207  * @param[in] serverCertType Pointer to the ServerCertType extension
1208  * @return Error code
1209  **/
1210 
1212  const uint8_t *serverCertType)
1213 {
1214 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1215  //ServerCertType extension found?
1216  if(serverCertType != NULL)
1217  {
1218  //If a client receives an extension type in the ServerHello that it did
1219  //not request in the associated ClientHello, it must abort the handshake
1220  //with an unsupported_extension fatal alert
1221  if(context->rpkVerifyCallback == NULL &&
1222  *serverCertType != TLS_CERT_FORMAT_X509)
1223  {
1225  }
1226 
1227  //The value conveyed in the extension must be selected from one of the
1228  //values provided in the ServerCertType extension sent in the ClientHello
1229  if(*serverCertType != TLS_CERT_FORMAT_X509 &&
1230  *serverCertType != TLS_CERT_FORMAT_RAW_PUBLIC_KEY)
1231  {
1232  return ERROR_ILLEGAL_PARAMETER;
1233  }
1234 
1235  //With the ServerCertType extension in the ServerHello, the TLS server
1236  //indicates the certificate type carried in the certificate payload
1237  context->peerCertFormat = (TlsCertificateFormat) *serverCertType;
1238  }
1239 #endif
1240 
1241  //Successful processing
1242  return NO_ERROR;
1243 }
1244 
1245 
1246 /**
1247  * @brief Parse ExtendedMasterSecret extension
1248  * @param[in] context Pointer to the TLS context
1249  * @param[in] extendedMasterSecret Pointer to the ExtendedMasterSecret extension
1250  * @return Error code
1251  **/
1252 
1254  const uint8_t *extendedMasterSecret)
1255 {
1256 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1257  //ExtendedMasterSecret extension found?
1258  if(extendedMasterSecret != NULL)
1259  {
1260  //The countermeasure described in RFC 7627 cannot be used with SSL 3.0
1261  if(context->version == SSL_VERSION_3_0)
1263 
1264  //Abbreviated handshake?
1265  if(context->resume)
1266  {
1267  //If the original session did not use the ExtendedMasterSecret
1268  //extension but the new ServerHello contains the extension, the
1269  //client must abort the handshake
1270  if(!context->extendedMasterSecretExtReceived)
1271  return ERROR_HANDSHAKE_FAILED;
1272  }
1273 
1274  //A valid ExtendedMasterSecret extension has been received
1275  context->extendedMasterSecretExtReceived = TRUE;
1276  }
1277  else
1278  {
1279  //Abbreviated handshake?
1280  if(context->resume)
1281  {
1282  //If the original session used the ExtendedMasterSecret extension
1283  //but the new ServerHello does not contain the extension, the client
1284  //must abort the handshake
1285  if(context->extendedMasterSecretExtReceived)
1286  return ERROR_HANDSHAKE_FAILED;
1287  }
1288 
1289  //The ServerHello does not contain any ExtendedMasterSecret extension
1290  context->extendedMasterSecretExtReceived = FALSE;
1291  }
1292 #endif
1293 
1294  //Successful processing
1295  return NO_ERROR;
1296 }
1297 
1298 
1299 /**
1300  * @brief Parse RenegotiationInfo extension
1301  * @param[in] context Pointer to the TLS context
1302  * @param[in] extensions ServerHello extensions offered by the server
1303  * @return Error code
1304  **/
1305 
1308 {
1309 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
1310  //Initial handshake?
1311  if(context->clientVerifyDataLen == 0)
1312  {
1313  //RenegotiationInfo extension found?
1314  if(extensions->renegoInfo != NULL)
1315  {
1316  //If the extension is present, set the secure_renegotiation flag to TRUE
1317  context->secureRenegoFlag = TRUE;
1318 
1319  //Verify that the length of the renegotiated_connection field is zero
1320  if(extensions->renegoInfo->length != 0)
1321  {
1322  //If it is not, the client must abort the handshake by sending a
1323  //fatal handshake failure alert
1324  return ERROR_HANDSHAKE_FAILED;
1325  }
1326  }
1327  else
1328  {
1329  //If the extension is not present, the server does not support secure
1330  //renegotiation
1331  context->secureRenegoFlag = FALSE;
1332  }
1333  }
1334  //Secure renegotiation?
1335  else
1336  {
1337  //RenegotiationInfo extension found?
1338  if(extensions->renegoInfo != NULL)
1339  {
1340  //Check the length of the renegotiated_connection field
1341  if(extensions->renegoInfo->length != (context->clientVerifyDataLen +
1342  context->serverVerifyDataLen))
1343  {
1344  //The client must abort the handshake
1345  return ERROR_HANDSHAKE_FAILED;
1346  }
1347 
1348  //The client must verify that the first half of the field is equal to
1349  //the saved client_verify_data value
1350  if(memcmp(extensions->renegoInfo->value, context->clientVerifyData,
1351  context->clientVerifyDataLen))
1352  {
1353  //If it is not, the client must abort the handshake
1354  return ERROR_HANDSHAKE_FAILED;
1355  }
1356 
1357  //The client must verify that the second half of the field is equal to
1358  //the saved server_verify_data value
1359  if(memcmp(extensions->renegoInfo->value + context->clientVerifyDataLen,
1360  context->serverVerifyData, context->serverVerifyDataLen))
1361  {
1362  //If it is not, the client must abort the handshake
1363  return ERROR_HANDSHAKE_FAILED;
1364  }
1365 
1366 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1367  //ExtendedMasterSecret extension found?
1368  if(extensions->extendedMasterSecret != NULL)
1369  {
1370  //If the initial handshake did not use the ExtendedMasterSecret
1371  //extension but the new ServerHello contains the extension, the
1372  //client must abort the handshake
1373  if(!context->extendedMasterSecretExtReceived)
1374  return ERROR_HANDSHAKE_FAILED;
1375  }
1376  else
1377  {
1378  //If the initial handshake used the ExtendedMasterSecret extension
1379  //but the new ServerHello does not contain the extension, the
1380  //client must abort the handshake
1381  if(context->extendedMasterSecretExtReceived)
1382  return ERROR_HANDSHAKE_FAILED;
1383  }
1384 #endif
1385  }
1386  else
1387  {
1388  //If the RenegotiationInfo extension is not present, the client
1389  //must abort the handshake
1390  return ERROR_HANDSHAKE_FAILED;
1391  }
1392  }
1393 #endif
1394 
1395  //Successful processing
1396  return NO_ERROR;
1397 }
1398 
1399 #endif
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
Definition: tls.h:1240
#define TLS_MAX_RECORD_LENGTH
Definition: tls.h:830
#define tlsAllocMem(size)
Definition: tls.h:757
@ TLS_EXT_MAX_FRAGMENT_LENGTH
Definition: tls.h:1138
#define htons(value)
Definition: cpu_endian.h:392
Parsing and checking of TLS extensions.
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
Definition: tls.h:1061
TLS helper functions.
uint8_t length
Definition: dtls_misc.h:149
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
Definition: tls.h:1238
@ TLS_GROUP_SECP160R2
Definition: tls.h:1224
TLS cipher suites.
error_t tlsFormatClientSupportedVersionsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SupportedVersions extension.
@ ERROR_ILLEGAL_PARAMETER
Definition: error.h:237
@ TLS_EXT_SUPPORTED_VERSIONS
Definition: tls.h:1166
uint8_t p
Definition: ndp.h:298
error_t tlsParseServerRecordSizeLimitExtension(TlsContext *context, const uint8_t *recordSizeLimit)
Parse RecordSizeLimit extension.
@ TLS_GROUP_SECP256K1
Definition: tls.h:1229
#define TRUE
Definition: os_port.h:50
error_t tlsFormatClientEcPointFormatsExtension(TlsContext *context, uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
Format EcPointFormats extension.
@ TLS_GROUP_SECP256R1
Definition: tls.h:1230
bool_t tlsIsAlpnProtocolSupported(TlsContext *context, const char_t *protocol, size_t length)
Check whether the specified ALPN protocol is supported.
@ TLS_GROUP_SECP224K1
Definition: tls.h:1227
@ TLS_CIPHER_SUITE_TYPE_ECC
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:851
error_t tlsParseServerCertTypeExtension(TlsContext *context, const uint8_t *serverCertType)
Parse ServerCertType extension.
@ ERROR_HANDSHAKE_FAILED
Definition: error.h:228
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
error_t tlsParseServerSniExtension(TlsContext *context, const TlsServerNameList *serverNameList)
Parse SNI extension.
error_t tlsParseServerEmsExtension(TlsContext *context, const uint8_t *extendedMasterSecret)
Parse ExtendedMasterSecret extension.
@ TLS_GROUP_BRAINPOOLP256R1
Definition: tls.h:1233
@ TLS_CIPHER_SUITE_TYPE_TLS13
@ TLS_GROUP_FFDHE6144
Definition: tls.h:1251
@ TLS_MAX_FRAGMENT_LENGTH_4096
Definition: tls.h:1197
error_t tlsFormatClientSniExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SNI extension.
#define DTLS_SUPPORT
Definition: dtls_misc.h:40
@ TLS_EXT_SERVER_NAME
Definition: tls.h:1137
#define DTLS_VERSION_1_0
Definition: dtls_misc.h:35
#define FALSE
Definition: os_port.h:46
@ ERROR_UNSUPPORTED_EXTENSION
Definition: error.h:239
@ TLS_GROUP_ECDH_X25519
Definition: tls.h:1236
TlsCertificateFormat
Certificate formats.
Definition: tls.h:1057
@ TLS_EXT_CLIENT_CERT_TYPE
Definition: tls.h:1156
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:42
@ TLS_EXT_EXTENDED_MASTER_SECRET
Definition: tls.h:1160
error_t tlsFormatClientRenegoInfoExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RenegotiationInfo extension.
__start_packed struct @71 TlsServerName
Server name.
@ TLS_EXT_SUPPORTED_GROUPS
Definition: tls.h:1147
#define TLS_VERSION_1_2
Definition: tls.h:94
@ TLS_EXT_RENEGOTIATION_INFO
Definition: tls.h:1174
#define STORE16BE(a, p)
Definition: cpu_endian.h:246
@ TLS_GROUP_FFDHE4096
Definition: tls.h:1250
bool_t tlsCheckDnsHostname(const char_t *name, size_t length)
DNS hostname verification.
Definition: tls_misc.c:1218
#define TLS_VERSION_1_3
Definition: tls.h:95
@ TLS_MAX_FRAGMENT_LENGTH_2048
Definition: tls.h:1196
@ TLS_GROUP_SECP384R1
Definition: tls.h:1231
@ TLS_GROUP_SECP192K1
Definition: tls.h:1225
error_t tlsFormatClientAlpnExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ALPN extension.
__start_packed struct @84 TlsHandshake
TLS handshake message.
#define SSL_VERSION_3_0
Definition: tls.h:91
error_t tlsParseServerEcPointFormatsExtension(TlsContext *context, const TlsEcPointFormatList *ecPointFormatList)
Parse EcPointFormats extension.
__start_packed struct @74 TlsProtocolNameList
List of protocol names.
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
Definition: tls.h:1265
@ TLS_GROUP_BRAINPOOLP512R1
Definition: tls.h:1235
@ TLS_GROUP_FFDHE2048
Definition: tls.h:1248
const TlsFfdheGroup * tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
Get the FFDHE parameters that match the specified named group.
Definition: tls_ffdhe.c:315
#define MIN(a, b)
Definition: os_port.h:62
__start_packed struct @68 TlsExtension
TLS extension.
#define ENABLED
Definition: os_port.h:37
@ TLS_EXT_EC_POINT_FORMATS
Definition: tls.h:1148
@ TLS_GROUP_SECP521R1
Definition: tls.h:1232
@ TLS_GROUP_SECP192R1
Definition: tls.h:1226
error_t tlsFormatSupportedGroupsExtension(TlsContext *context, uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
Format SupportedGroups extension.
@ TLS_EXT_ALPN
Definition: tls.h:1153
@ TLS_GROUP_FFDHE3072
Definition: tls.h:1249
Hello extensions.
Definition: tls.h:1894
@ TLS_GROUP_SECP160R1
Definition: tls.h:1223
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
Definition: tls.h:1239
Formatting and parsing of extensions (TLS client)
#define ntohs(value)
Definition: cpu_endian.h:398
error_t tlsFormatClientHelloPaddingExtension(TlsContext *context, size_t clientHelloLen, uint8_t *p, size_t *written)
Format ClientHello Padding extension.
@ TLS_GROUP_SECP224R1
Definition: tls.h:1228
#define TLS_VERSION_1_1
Definition: tls.h:93
error_t tlsParseClientCertTypeExtension(TlsContext *context, const uint8_t *clientCertType)
Parse ClientCertType extension.
@ TLS_EXT_PADDING
Definition: tls.h:1158
#define HTONS(value)
Definition: cpu_endian.h:390
uint8_t n
uint8_t extensions[]
Definition: tls13_misc.h:327
@ TLS_CIPHER_SUITE_TYPE_FFDHE
__start_packed struct @72 TlsServerNameList
List of server names.
__start_packed struct @77 TlsCertTypeList
List of supported certificate types.
__start_packed struct @70 TlsSupportedVersionList
List of supported versions.
#define TLS_VERSION_1_0
Definition: tls.h:92
error_t tlsFormatClientEmsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ExtendedMasterSecret extension.
@ TLS_EXT_SERVER_CERT_TYPE
Definition: tls.h:1157
@ TLS_NAME_TYPE_HOSTNAME
Definition: tls.h:1184
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
@ TLS_MAX_FRAGMENT_LENGTH_1024
Definition: tls.h:1195
const EcCurveInfo * tlsGetCurveInfo(TlsContext *context, uint16_t namedCurve)
Get the EC domain parameters that match the specified named curve.
Definition: tls_misc.c:890
const uint16_t tlsSupportedGroups[]
error_t tlsFormatClientCertTypeListExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ClientCertType extension.
TLS (Transport Layer Security)
@ TLS_TRANSPORT_PROTOCOL_STREAM
Definition: tls.h:850
error_t tlsParseServerRenegoInfoExtension(TlsContext *context, const TlsHelloExtensions *extensions)
Parse RenegotiationInfo extension.
error_t tlsFormatClientRecordSizeLimitExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RecordSizeLimit extension.
FFDHE key exchange.
error_t tlsParseServerAlpnExtension(TlsContext *context, const TlsProtocolNameList *protocolNameList)
Parse ALPN extension.
error_t tlsFormatServerCertTypeListExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ServerCertType extension.
@ ERROR_DECODING_FAILED
Definition: error.h:235
unsigned int uint_t
Definition: compiler_port.h:45
#define LOAD16BE(p)
Definition: cpu_endian.h:170
@ TLS_GROUP_ECDH_X448
Definition: tls.h:1237
#define tlsFreeMem(p)
Definition: tls.h:762
error_t tlsParseServerMaxFragLenExtension(TlsContext *context, const uint8_t *maxFragLen)
Parse MaxFragmentLength extension.
__start_packed struct @76 TlsEcPointFormatList
List of supported EC point formats.
#define DTLS_VERSION_1_2
Definition: dtls_misc.h:36
__start_packed struct @73 TlsProtocolName
Protocol name.
@ TLS_GROUP_FFDHE8192
Definition: tls.h:1252
__start_packed struct @78 TlsRenegoInfo
Renegotiated connection.
@ NO_ERROR
Success.
Definition: error.h:44
@ TLS_EXT_RECORD_SIZE_LIMIT
Definition: tls.h:1162
Debugging facilities.
@ TLS_CERT_FORMAT_X509
Definition: tls.h:1059
@ TLS_GROUP_BRAINPOOLP384R1
Definition: tls.h:1234
@ TLS_MAX_FRAGMENT_LENGTH_512
Definition: tls.h:1194
#define arraysize(a)
Definition: os_port.h:70
error_t tlsFormatClientMaxFragLenExtension(TlsContext *context, uint8_t *p, size_t *written)
Format MaxFragmentLength extension.