tls_client_extensions.c
Go to the documentation of this file.
1 /**
2  * @file tls_client_extensions.c
3  * @brief Formatting and parsing of extensions (TLS client)
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 //Switch to the appropriate trace level
30 #define TRACE_LEVEL TLS_TRACE_LEVEL
31 
32 //Dependencies
33 #include <string.h>
34 #include "tls.h"
35 #include "tls_cipher_suites.h"
36 #include "tls_client_extensions.h"
37 #include "tls_extensions.h"
38 #include "tls_ffdhe.h"
39 #include "tls_misc.h"
40 #include "debug.h"
41 
42 //Check TLS library configuration
43 #if (TLS_SUPPORT == ENABLED && TLS_CLIENT_SUPPORT == ENABLED)
44 
45 //List of supported ECDHE or FFDHE groups
46 const uint16_t tlsSupportedGroups[] =
47 {
68 };
69 
70 
71 /**
72  * @brief Format SupportedVersions extension
73  * @param[in] context Pointer to the TLS context
74  * @param[in] p Output stream where to write the SupportedVersions extension
75  * @param[out] written Total number of bytes that have been written
76  * @return Error code
77  **/
78 
80  uint8_t *p, size_t *written)
81 {
82  size_t n = 0;
83 
84 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
85  //In TLS 1.2, the client can indicate its version preferences in the
86  //SupportedVersions extension, in preference to the legacy_version field
87  //of the ClientHello
88  if(context->versionMax >= TLS_VERSION_1_2)
89  {
90  TlsExtension *extension;
91  TlsSupportedVersionList *supportedVersionList;
92 
93  //Add the SupportedVersions extension
94  extension = (TlsExtension *) p;
95  //Type of the extension
96  extension->type = HTONS(TLS_EXT_SUPPORTED_VERSIONS);
97 
98  //Point to the extension data field
99  supportedVersionList = (TlsSupportedVersionList *) extension->value;
100 
101  //The extension contains a list of supported versions in preference
102  //order, with the most preferred version first
103  n = 0;
104 
105 #if (DTLS_SUPPORT == ENABLED)
106  //DTLS protocol?
107  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
108  {
109  //Check whether DTLS 1.2 is supported
110  if(context->versionMax >= TLS_VERSION_1_2 && context->versionMin <= TLS_VERSION_1_2)
111  supportedVersionList->value[n++] = HTONS(DTLS_VERSION_1_2);
112 
113  //Check whether DTLS 1.0 is supported
114  if(context->versionMax >= TLS_VERSION_1_1 && context->versionMin <= TLS_VERSION_1_1)
115  supportedVersionList->value[n++] = HTONS(DTLS_VERSION_1_0);
116  }
117  else
118 #endif
119  //TLS protocol?
120  {
121  //Check whether TLS 1.3 is supported
122  if(context->versionMax >= TLS_VERSION_1_3 && context->versionMin <= TLS_VERSION_1_3)
123  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_3);
124 
125  //Check whether TLS 1.2 is supported
126  if(context->versionMax >= TLS_VERSION_1_2 && context->versionMin <= TLS_VERSION_1_2)
127  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_2);
128 
129  //Check whether TLS 1.1 is supported
130  if(context->versionMax >= TLS_VERSION_1_1 && context->versionMin <= TLS_VERSION_1_1)
131  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_1);
132 
133  //Check whether TLS 1.0 is supported
134  if(context->versionMax >= TLS_VERSION_1_0 && context->versionMin <= TLS_VERSION_1_0)
135  supportedVersionList->value[n++] = HTONS(TLS_VERSION_1_0);
136 
137  //Check whether SSL 3.0 is supported
138  if(context->versionMax >= SSL_VERSION_3_0 && context->versionMin <= SSL_VERSION_3_0)
139  supportedVersionList->value[n++] = HTONS(SSL_VERSION_3_0);
140  }
141 
142  //Compute the length, in bytes, of the list
143  n *= sizeof(uint16_t);
144  //Fix the length of the list
145  supportedVersionList->length = (uint8_t) n;
146 
147  //Consider the length field that precedes the list
148  n += sizeof(TlsSupportedVersionList);
149  //Fix the length of the extension
150  extension->length = htons(n);
151 
152  //Compute the length, in bytes, of the SupportedVersions extension
153  n += sizeof(TlsExtension);
154  }
155 #endif
156 
157  //Total number of bytes that have been written
158  *written = n;
159 
160  //Successful processing
161  return NO_ERROR;
162 }
163 
164 
165 /**
166  * @brief Format SNI extension
167  * @param[in] context Pointer to the TLS context
168  * @param[in] p Output stream where to write the ServerName extension
169  * @param[out] written Total number of bytes that have been written
170  * @return Error code
171  **/
172 
174  uint8_t *p, size_t *written)
175 {
176  size_t n = 0;
177 
178 #if (TLS_SNI_SUPPORT == ENABLED)
179  //In order to provide the server name, clients may include a ServerName
180  //extension
181  if(context->serverName != NULL)
182  {
183  TlsExtension *extension;
184  TlsServerNameList *serverNameList;
185  TlsServerName *serverName;
186 
187  //Determine the length of the server name
188  n = strlen(context->serverName);
189 
190  //Add SNI (Server Name Indication) extension
191  extension = (TlsExtension *) p;
192  //Type of the extension
193  extension->type = HTONS(TLS_EXT_SERVER_NAME);
194 
195  //Point to the list of server names
196  serverNameList = (TlsServerNameList *) extension->value;
197 
198  //Point to the server name
199  serverName = (TlsServerName *) serverNameList->value;
200  //Fill in the type and the length fields
201  serverName->type = TLS_NAME_TYPE_HOSTNAME;
202  serverName->length = htons(n);
203  //Copy server name
204  memcpy(serverName->hostname, context->serverName, n);
205 
206  //Compute the length, in byte, of the structure
207  n += sizeof(TlsServerName);
208  //Fix the length of the list
209  serverNameList->length = htons(n);
210 
211  //Consider the 2-byte length field that precedes the list
212  n += sizeof(TlsServerNameList);
213  //Fix the length of the extension
214  extension->length = htons(n);
215 
216  //Compute the length, in bytes, of the ServerName extension
217  n += sizeof(TlsExtension);
218  }
219 #endif
220 
221  //Total number of bytes that have been written
222  *written = n;
223 
224  //Successful processing
225  return NO_ERROR;
226 }
227 
228 
229 /**
230  * @brief Format MaxFragmentLength extension
231  * @param[in] context Pointer to the TLS context
232  * @param[in] p Output stream where to write the MaxFragmentLength extension
233  * @param[out] written Total number of bytes that have been written
234  * @return Error code
235  **/
236 
238  uint8_t *p, size_t *written)
239 {
240  size_t n = 0;
241 
242 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
243  //In order to negotiate smaller maximum fragment lengths, clients may
244  //include a MaxFragmentLength extension
245  if(context->maxFragLen == 512 || context->maxFragLen == 1024 ||
246  context->maxFragLen == 2048 || context->maxFragLen == 4096)
247  {
248  TlsExtension *extension;
249 
250  //Add the MaxFragmentLength extension
251  extension = (TlsExtension *) p;
252  //Type of the extension
253  extension->type = HTONS(TLS_EXT_MAX_FRAGMENT_LENGTH);
254 
255  //Set the maximum fragment length
256  switch(context->maxFragLen)
257  {
258  case 512:
259  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_512;
260  break;
261  case 1024:
262  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_1024;
263  break;
264  case 2048:
265  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_2048;
266  break;
267  default:
268  extension->value[0] = TLS_MAX_FRAGMENT_LENGTH_4096;
269  break;
270  }
271 
272  //The extension data field contains a single byte
273  n = sizeof(uint8_t);
274  //Fix the length of the extension
275  extension->length = htons(n);
276 
277  //Compute the length, in bytes, of the MaxFragmentLength extension
278  n += sizeof(TlsExtension);
279  }
280 #endif
281 
282  //Total number of bytes that have been written
283  *written = n;
284 
285  //Successful processing
286  return NO_ERROR;
287 }
288 
289 
290 /**
291  * @brief Format RecordSizeLimit extension
292  * @param[in] context Pointer to the TLS context
293  * @param[in] p Output stream where to write the RecordSizeLimit extension
294  * @param[out] written Total number of bytes that have been written
295  * @return Error code
296  **/
297 
299  uint8_t *p, size_t *written)
300 {
301  size_t n = 0;
302 
303 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
304  size_t recordSizeLimit;
305  TlsExtension *extension;
306 
307  //Add the RecordSizeLimit extension
308  extension = (TlsExtension *) p;
309  //Type of the extension
310  extension->type = HTONS(TLS_EXT_RECORD_SIZE_LIMIT);
311 
312  //An endpoint must not send a value higher than the protocol-defined
313  //maximum record size (refer to RFC 8449, section 4)
314  recordSizeLimit = MIN(context->rxBufferMaxLen, TLS_MAX_RECORD_LENGTH);
315 
316 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
317  //Check whether TLS 1.3 is supported
318  if(context->versionMax >= TLS_VERSION_1_3 &&
319  context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
320  {
321  //The value includes the content type and padding added in TLS 1.3
322  recordSizeLimit++;
323  }
324 #endif
325 
326  //The value of RecordSizeLimit is the maximum size of record in octets
327  //that the endpoint is willing to receive
328  STORE16BE(recordSizeLimit, extension->value);
329 
330  //The extension data field contains a 16-bit unsigned integer
331  n = sizeof(uint16_t);
332  //Fix the length of the extension
333  extension->length = htons(n);
334 
335  //Compute the length, in bytes, of the RecordSizeLimit extension
336  n += sizeof(TlsExtension);
337 #endif
338 
339  //Total number of bytes that have been written
340  *written = n;
341 
342  //Successful processing
343  return NO_ERROR;
344 }
345 
346 
347 /**
348  * @brief Format SupportedGroups extension
349  * @param[in] context Pointer to the TLS context
350  * @param[in] cipherSuiteTypes Types of cipher suites proposed by the client
351  * @param[in] p Output stream where to write the SupportedGroups extension
352  * @param[out] written Total number of bytes that have been written
353  * @return Error code
354  **/
355 
357  uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
358 {
359  size_t n = 0;
360 
361 #if (TLS_ECDH_SUPPORT == ENABLED || TLS_FFDHE_SUPPORT == ENABLED)
362  uint_t i;
363  uint_t numSupportedGroups;
364  const uint16_t *supportedGroups;
365  TlsExtension *extension;
366  TlsSupportedGroupList *supportedGroupList;
367 
368  //Add the SupportedGroups extension
369  extension = (TlsExtension *) p;
370  //Type of the extension
371  extension->type = HTONS(TLS_EXT_SUPPORTED_GROUPS);
372 
373  //Point to the list of supported groups
374  supportedGroupList = (TlsSupportedGroupList *) extension->value;
375  //The groups are ordered according to client's preferences
376  n = 0;
377 
378  //Any preferred ECDHE or FFDHE groups?
379  if(context->numSupportedGroups > 0)
380  {
381  //Point to the list of preferred named groups
382  supportedGroups = context->supportedGroups;
383  numSupportedGroups = context->numSupportedGroups;
384  }
385  else
386  {
387  //Point to the list of default named groups
388  supportedGroups = tlsSupportedGroups;
389  numSupportedGroups = arraysize(tlsSupportedGroups);
390  }
391 
392  //Loop through the list of named groups
393  for(i = 0; i < numSupportedGroups; i++)
394  {
395 #if (TLS_ECDH_SUPPORT == ENABLED)
396  //Elliptic curve group?
397  if(tlsGetCurveInfo(context, supportedGroups[i]) != NULL)
398  {
399  //Any ECC cipher suite proposed by the client?
400  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECC) != 0 ||
401  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
402  {
403  //Add the current named group to the list
404  supportedGroupList->value[n++] = htons(supportedGroups[i]);
405  }
406  }
407  else
408 #endif
409 #if (TLS_FFDHE_SUPPORT == ENABLED)
410  //Finite field group?
411  if(tlsGetFfdheGroup(context, supportedGroups[i]) != NULL)
412  {
413  //Any FFDHE cipher suite proposed by the client?
414  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_FFDHE) != 0 ||
415  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
416  {
417  //Add the current named group to the list
418  supportedGroupList->value[n++] = htons(supportedGroups[i]);
419  }
420  }
421  else
422 #endif
423  //Unknown group?
424  {
425  //Discard current named group
426  }
427  }
428 
429  //If the client supports and wants ECDHE and FFDHE key exchanges, it must
430  //use a single SupportedGroups extension to include all supported groups
431  //(both ECDHE and FFDHE groups)
432  if(n != 0)
433  {
434  //Compute the length, in bytes, of the list
435  n *= 2;
436  //Fix the length of the list
437  supportedGroupList->length = htons(n);
438 
439  //Consider the 2-byte length field that precedes the list
440  n += sizeof(TlsSupportedGroupList);
441  //Fix the length of the extension
442  extension->length = htons(n);
443 
444  //Compute the length, in bytes, of the SupportedGroups extension
445  n += sizeof(TlsExtension);
446  }
447 #endif
448 
449  //Total number of bytes that have been written
450  *written = n;
451 
452  //Successful processing
453  return NO_ERROR;
454 }
455 
456 
457 /**
458  * @brief Format EcPointFormats extension
459  * @param[in] context Pointer to the TLS context
460  * @param[in] cipherSuiteTypes Types of cipher suites proposed by the client
461  * @param[in] p Output stream where to write the EcPointFormats extension
462  * @param[out] written Total number of bytes that have been written
463  * @return Error code
464  **/
465 
467  uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
468 {
469  size_t n = 0;
470 
471 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
472  //TLS 1.3 has removed point format negotiation in favor of a single point
473  //format for each curve (refer to RFC 8446, section 1.2)
474  if(context->versionMin <= TLS_VERSION_1_2)
475  {
476 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
477  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
478  //A client that proposes ECC cipher suites in its ClientHello message
479  //should send the EcPointFormats extension
480  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECC) != 0)
481  {
482  TlsExtension *extension;
483  TlsEcPointFormatList *ecPointFormatList;
484 
485  //Add the EcPointFormats extension
486  extension = (TlsExtension *) p;
487  //Type of the extension
488  extension->type = HTONS(TLS_EXT_EC_POINT_FORMATS);
489 
490  //Point to the list of supported EC point formats
491  ecPointFormatList = (TlsEcPointFormatList *) extension->value;
492  //Items in the list are ordered according to client's preferences
493  n = 0;
494 
495  //The client can parse only the uncompressed point format...
496  ecPointFormatList->value[n++] = TLS_EC_POINT_FORMAT_UNCOMPRESSED;
497  //Fix the length of the list
498  ecPointFormatList->length = (uint8_t) n;
499 
500  //Consider the length field that precedes the list
501  n += sizeof(TlsEcPointFormatList);
502  //Fix the length of the extension
503  extension->length = htons(n);
504 
505  //Compute the length, in bytes, of the EcPointFormats extension
506  n += sizeof(TlsExtension);
507  }
508 #endif
509  }
510 #endif
511 
512  //Total number of bytes that have been written
513  *written = n;
514 
515  //Successful processing
516  return NO_ERROR;
517 }
518 
519 
520 /**
521  * @brief Format ALPN extension
522  * @param[in] context Pointer to the TLS context
523  * @param[in] p Output stream where to write the ALPN extension
524  * @param[out] written Total number of bytes that have been written
525  * @return Error code
526  **/
527 
529  uint8_t *p, size_t *written)
530 {
531  size_t n = 0;
532 
533 #if (TLS_ALPN_SUPPORT == ENABLED)
534  //The ALPN extension contains the list of protocols advertised by the
535  //client, in descending order of preference
536  if(context->protocolList != NULL)
537  {
538  uint_t i;
539  uint_t j;
540  TlsExtension *extension;
541  TlsProtocolName *protocolName;
542  TlsProtocolNameList *protocolNameList;
543 
544  //Add ALPN (Application-Layer Protocol Negotiation) extension
545  extension = (TlsExtension *) p;
546  //Type of the extension
547  extension->type = HTONS(TLS_EXT_ALPN);
548 
549  //Point to the list of protocol names
550  protocolNameList = (TlsProtocolNameList *) extension->value;
551 
552  //Move back to the beginning of the list
553  i = 0;
554  j = 0;
555  n = 0;
556 
557  //Parse the list of supported protocols
558  do
559  {
560  //Delimiter character found?
561  if(context->protocolList[i] == ',' || context->protocolList[i] == '\0')
562  {
563  //Discard empty tokens
564  if((i - j) > 0)
565  {
566  //Point to the protocol name
567  protocolName = (TlsProtocolName *) (protocolNameList->value + n);
568 
569  //Fill in the length field
570  protocolName->length = i - j;
571  //Copy protocol name
572  memcpy(protocolName->value, context->protocolList + j, i - j);
573 
574  //Adjust the length of the list
575  n += sizeof(TlsProtocolName) + i - j;
576  }
577 
578  //Move to the next token
579  j = i + 1;
580  }
581 
582  //Loop until the NULL character is reached
583  } while(context->protocolList[i++] != '\0');
584 
585  //Fix the length of the list
586  protocolNameList->length = htons(n);
587 
588  //Consider the 2-byte length field that precedes the list
589  n += sizeof(TlsProtocolNameList);
590  //Fix the length of the extension
591  extension->length = htons(n);
592 
593  //Compute the length, in bytes, of the ALPN extension
594  n += sizeof(TlsExtension);
595  }
596 #endif
597 
598  //Total number of bytes that have been written
599  *written = n;
600 
601  //Successful processing
602  return NO_ERROR;
603 }
604 
605 
606 /**
607  * @brief Format ClientCertType extension
608  * @param[in] context Pointer to the TLS context
609  * @param[in] p Output stream where to write the ClientCertType extension
610  * @param[out] written Total number of bytes that have been written
611  * @return Error code
612  **/
613 
615  uint8_t *p, size_t *written)
616 {
617  size_t n = 0;
618 
619 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
620  TlsExtension *extension;
621  TlsCertTypeList *clientCertTypeList;
622 
623  //Add the ClientCertType extension
624  extension = (TlsExtension *) p;
625  //Type of the extension
626  extension->type = HTONS(TLS_EXT_CLIENT_CERT_TYPE);
627 
628  //The ClientCertType extension in the ClientHello indicates the certificate
629  //types the client is able to provide to the server, when requested using a
630  //CertificateRequest message
631  clientCertTypeList = (TlsCertTypeList *) extension->value;
632 
633  //The ClientCertType extension carries a list of supported certificate
634  //types, sorted by client preference
635  n = 0;
636 
637  //Raw public key type
638  clientCertTypeList->value[n++] = TLS_CERT_FORMAT_RAW_PUBLIC_KEY;
639  //X.509 certificate type
640  clientCertTypeList->value[n++] = TLS_CERT_FORMAT_X509;
641 
642  //Fix the length of the list
643  clientCertTypeList->length = (uint8_t) n;
644 
645  //Consider the length field that precedes the list
646  n += sizeof(TlsCertTypeList);
647  //Fix the length of the extension
648  extension->length = htons(n);
649 
650  //Compute the length, in bytes, of the ClientCertType extension
651  n += sizeof(TlsExtension);
652 #endif
653 
654  //Total number of bytes that have been written
655  *written = n;
656 
657  //Successful processing
658  return NO_ERROR;
659 }
660 
661 
662 /**
663  * @brief Format ServerCertType extension
664  * @param[in] context Pointer to the TLS context
665  * @param[in] p Output stream where to write the ServerCertType extension
666  * @param[out] written Total number of bytes that have been written
667  * @return Error code
668  **/
669 
671  uint8_t *p, size_t *written)
672 {
673  size_t n = 0;
674 
675 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
676  //Ensure the client is able to process raw public keys
677  if(context->rpkVerifyCallback != NULL)
678  {
679  TlsExtension *extension;
680  TlsCertTypeList *serverCertTypeList;
681 
682  //Add the ServerCertType extension
683  extension = (TlsExtension *) p;
684  //Type of the extension
685  extension->type = HTONS(TLS_EXT_SERVER_CERT_TYPE);
686 
687  //The ServerCertType extension in the ClientHello indicates the types of
688  //certificates the client is able to process when provided by the server
689  //in a subsequent certificate payload
690  serverCertTypeList = (TlsCertTypeList *) extension->value;
691 
692  //The ServerCertType extension carries a list of supported certificate
693  //types, sorted by client preference
694  n = 0;
695 
696  //Raw public key type
697  serverCertTypeList->value[n++] = TLS_CERT_FORMAT_RAW_PUBLIC_KEY;
698  //X.509 certificate type
699  serverCertTypeList->value[n++] = TLS_CERT_FORMAT_X509;
700 
701  //Fix the length of the list
702  serverCertTypeList->length = (uint8_t) n;
703 
704  //Consider the length field that precedes the list
705  n += sizeof(TlsCertTypeList);
706  //Fix the length of the extension
707  extension->length = htons(n);
708 
709  //Compute the length, in bytes, of the ServerCertType extension
710  n += sizeof(TlsExtension);
711  }
712 #endif
713 
714  //Total number of bytes that have been written
715  *written = n;
716 
717  //Successful processing
718  return NO_ERROR;
719 }
720 
721 
722 /**
723  * @brief Format ExtendedMasterSecret extension
724  * @param[in] context Pointer to the TLS context
725  * @param[in] p Output stream where to write the ExtendedMasterSecret extension
726  * @param[out] written Total number of bytes that have been written
727  * @return Error code
728  **/
729 
731  uint8_t *p, size_t *written)
732 {
733  size_t n = 0;
734 
735 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
736  //Implementations which support both TLS 1.3 and earlier versions should
737  //indicate the use of the ExtendedMasterSecret extension whenever TLS 1.3
738  //is used (refer to RFC 8446, appendix D)
739  if(context->versionMax >= TLS_VERSION_1_0 &&
740  context->versionMin <= TLS_VERSION_1_2)
741  {
742 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
743  TlsExtension *extension;
744 
745  //Add the ExtendedMasterSecret extension
746  extension = (TlsExtension *) p;
747  //Type of the extension
748  extension->type = HTONS(TLS_EXT_EXTENDED_MASTER_SECRET);
749 
750  //The extension data field of this extension is empty
751  extension->length = HTONS(0);
752 
753  //Compute the length, in bytes, of the ExtendedMasterSecret extension
754  n = sizeof(TlsExtension);
755 #endif
756  }
757 #endif
758 
759  //Total number of bytes that have been written
760  *written = n;
761 
762  //Successful processing
763  return NO_ERROR;
764 }
765 
766 
767 /**
768  * @brief Format RenegotiationInfo extension
769  * @param[in] context Pointer to the TLS context
770  * @param[in] p Output stream where to write the RenegotiationInfo extension
771  * @param[out] written Total number of bytes that have been written
772  * @return Error code
773  **/
774 
776  uint8_t *p, size_t *written)
777 {
778  size_t n = 0;
779 
780 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
781  //TLS 1.3 forbids renegotiation
782  if(context->versionMin <= TLS_VERSION_1_2)
783  {
784 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
785  //Check whether secure renegotiation is enabled
786  if(context->secureRenegoEnabled)
787  {
788  //During secure renegotiation, the client must include the
789  //RenegotiationInfo extension containing the saved client_verify_data
790  if(context->secureRenegoFlag)
791  {
792  TlsExtension *extension;
793  TlsRenegoInfo *renegoInfo;
794 
795  //Determine the length of the verify data
796  n = context->clientVerifyDataLen;
797 
798  //Add the RenegotiationInfo extension
799  extension = (TlsExtension *) p;
800  //Type of the extension
801  extension->type = HTONS(TLS_EXT_RENEGOTIATION_INFO);
802 
803  //Point to the renegotiated_connection field
804  renegoInfo = (TlsRenegoInfo *) extension->value;
805  //Set the length of the verify data
806  renegoInfo->length = (uint8_t) n;
807 
808  //Copy the verify data from the Finished message sent by the client
809  //on the immediately previous handshake
810  memcpy(renegoInfo->value, context->clientVerifyData, n);
811 
812  //Consider the length field that precedes the renegotiated_connection
813  //field
814  n += sizeof(TlsRenegoInfo);
815  //Fix the length of the extension
816  extension->length = htons(n);
817 
818  //Compute the length, in bytes, of the RenegotiationInfo extension
819  n += sizeof(TlsExtension);
820  }
821  }
822 #endif
823  }
824 #endif
825 
826  //Total number of bytes that have been written
827  *written = n;
828 
829  //Successful processing
830  return NO_ERROR;
831 }
832 
833 
834 /**
835  * @brief Format ClientHello Padding extension
836  * @param[in] context Pointer to the TLS context
837  * @param[in] clientHelloLen Actual length of the ClientHello message
838  * @param[in] p Output stream where to write the ClientHello Padding extension
839  * @param[out] written Total number of bytes that have been written
840  * @return Error code
841  **/
842 
844  size_t clientHelloLen, uint8_t *p, size_t *written)
845 {
846  size_t n = 0;
847 
848 #if (TLS_CLIENT_HELLO_PADDING_SUPPORT == ENABLED)
849  //TLS protocol?
850  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
851  {
852  TlsExtension *extension;
853 
854  //After building a ClientHello as normal, the client can add four bytes
855  //to the length and test whether the resulting length falls into the
856  //range 256 to 511 (refer to RFC 7685, section 4)
857  clientHelloLen += sizeof(TlsHandshake);
858 
859  //Check the resulting length
860  if(clientHelloLen >= 256 && clientHelloLen < 512)
861  {
862  //The ClientHello Padding extension will be added in order to push
863  //the length to (at least) 512 bytes
864  extension = (TlsExtension *) p;
865 
866  //Type of the extension
867  extension->type = HTONS(TLS_EXT_PADDING);
868 
869  //Calculate the length of the padding
870  if((clientHelloLen + sizeof(TlsExtension)) < 512)
871  n = 512 - sizeof(TlsExtension) - clientHelloLen;
872  else
873  n = 0;
874 
875  //The padding string consists of an arbitrary number of zero bytes
876  memset(extension->value, 0, n);
877  //Set the length of the extension
878  extension->length = htons(n);
879 
880  //Compute the length, in bytes, of the padding extension
881  n += sizeof(TlsExtension);
882  }
883  }
884 #endif
885 
886  //Total number of bytes that have been written
887  *written = n;
888 
889  //Successful processing
890  return NO_ERROR;
891 }
892 
893 
894 /**
895  * @brief Parse SNI extension
896  * @param[in] context Pointer to the TLS context
897  * @param[in] serverNameList Pointer to the ServerName extension
898  * @return Error code
899  **/
900 
902  const TlsServerNameList *serverNameList)
903 {
904 #if (TLS_SNI_SUPPORT == ENABLED)
905  //SNI extension found?
906  if(serverNameList != NULL)
907  {
908  //If a client receives an extension type in the ServerHello that it did
909  //not request in the associated ClientHello, it must abort the handshake
910  //with an unsupported_extension fatal alert
911  if(context->serverName == NULL)
913  }
914 #endif
915 
916  //Successful processing
917  return NO_ERROR;
918 }
919 
920 
921 /**
922  * @brief Parse MaxFragmentLength extension
923  * @param[in] context Pointer to the TLS context
924  * @param[in] maxFragLen Pointer to the MaxFragmentLength extension
925  * @return Error code
926  **/
927 
929  const uint8_t *maxFragLen)
930 {
931 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
932  //MaxFragmentLength extension found?
933  if(maxFragLen != NULL)
934  {
935  size_t n;
936 
937  //Retrieve the value advertised by the server
938  switch(*maxFragLen)
939  {
941  n = 512;
942  break;
944  n = 1024;
945  break;
947  n = 2048;
948  break;
950  n = 4096;
951  break;
952  default:
953  n = 0;
954  break;
955  }
956 
957  //If a client receives a maximum fragment length negotiation response
958  //that differs from the length it requested, it must also abort the
959  //handshake with an illegal_parameter alert
960  if(n != context->maxFragLen)
962  }
963 #endif
964 
965  //Successful processing
966  return NO_ERROR;
967 }
968 
969 
970 /**
971  * @brief Parse RecordSizeLimit extension
972  * @param[in] context Pointer to the TLS context
973  * @param[in] recordSizeLimit Pointer to the RecordSizeLimit extension
974  * @return Error code
975  **/
976 
978  const uint8_t *recordSizeLimit)
979 {
980  error_t error;
981 
982  //Initialize status code
983  error = NO_ERROR;
984 
985 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
986  //RecordSizeLimit extension found?
987  if(recordSizeLimit != NULL)
988  {
989  uint16_t n;
990 
991  //The value of RecordSizeLimit is the maximum size of record in octets
992  //that the peer is willing to receive
993  n = LOAD16BE(recordSizeLimit);
994 
995  //Endpoints must not send a RecordSizeLimit extension with a value
996  //smaller than 64
997  if(n < 64)
998  {
999  //An endpoint must treat receipt of a smaller value as a fatal error
1000  //and generate an illegal_parameter alert
1001  error = ERROR_ILLEGAL_PARAMETER;
1002  }
1003  else
1004  {
1005 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1006  //TLS 1.3 currently selected?
1007  if(context->version == TLS_VERSION_1_3)
1008  {
1009  //The value includes the content type and padding added in TLS 1.3
1010  n--;
1011  }
1012 #endif
1013  //The peer can include any limit up to the protocol-defined limit for
1014  //maximum record size. Even if a larger value is provided by a peer, an
1015  //endpoint must not send records larger than the protocol-defined limit
1016  context->recordSizeLimit = MIN(n, TLS_MAX_RECORD_LENGTH);
1017  }
1018  }
1019 #endif
1020 
1021  //Return status code
1022  return error;
1023 }
1024 
1025 
1026 /**
1027  * @brief Parse EcPointFormats extension
1028  * @param[in] context Pointer to the TLS context
1029  * @param[in] ecPointFormatList Pointer to the EcPointFormats extension
1030  * @return Error code
1031  **/
1032 
1034  const TlsEcPointFormatList *ecPointFormatList)
1035 {
1036  error_t error;
1037 
1038  //Initialize status code
1039  error = NO_ERROR;
1040 
1041 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
1042  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
1043  //EcPointFormats extension found?
1044  if(ecPointFormatList != NULL)
1045  {
1046  uint_t i;
1047 
1048  //Loop through the list of supported EC point formats
1049  for(i = 0; i < ecPointFormatList->length; i++)
1050  {
1051  //Uncompressed point format?
1052  if(ecPointFormatList->value[i] == TLS_EC_POINT_FORMAT_UNCOMPRESSED)
1053  {
1054  break;
1055  }
1056  }
1057 
1058  //If the EcPointFormats extension is sent, it must contain the value 0
1059  //as one of the items in the list of point formats (refer to RFC 4492,
1060  //section 5.2)
1061  if(i >= ecPointFormatList->length)
1062  {
1063  //Report an error
1064  error = ERROR_ILLEGAL_PARAMETER;
1065  }
1066  }
1067 #endif
1068 
1069  //Return status code
1070  return error;
1071 }
1072 
1073 
1074 /**
1075  * @brief Parse ALPN extension
1076  * @param[in] context Pointer to the TLS context
1077  * @param[in] protocolNameList Pointer to the ALPN extension
1078  * @return Error code
1079  **/
1080 
1082  const TlsProtocolNameList *protocolNameList)
1083 {
1084 #if (TLS_ALPN_SUPPORT == ENABLED)
1085  //ALPN extension found?
1086  if(protocolNameList != NULL)
1087  {
1088  size_t length;
1089  const TlsProtocolName *protocolName;
1090 
1091  //If a client receives an extension type in the ServerHello that it
1092  //did not request in the associated ClientHello, it must abort the
1093  //handshake with an unsupported_extension fatal alert
1094  if(context->protocolList == NULL)
1096 
1097  //Retrieve the length of the list
1098  length = ntohs(protocolNameList->length);
1099 
1100  //The list must not be be empty
1101  if(length == 0)
1102  return ERROR_DECODING_FAILED;
1103 
1104  //Point to the selected protocol
1105  protocolName = (TlsProtocolName *) protocolNameList->value;
1106 
1107  //The list must contain exactly one protocol name
1108  if(length < sizeof(TlsProtocolName))
1109  return ERROR_DECODING_FAILED;
1110  if(length != (sizeof(TlsProtocolName) + protocolName->length))
1111  return ERROR_DECODING_FAILED;
1112 
1113  //Retrieve the length of the protocol name
1114  length -= sizeof(TlsProtocolName);
1115 
1116  //Empty strings must not be included in the list
1117  if(length == 0)
1118  return ERROR_DECODING_FAILED;
1119 
1120  //Check whether the protocol is supported by the client
1121  if(!tlsIsAlpnProtocolSupported(context, protocolName->value, length))
1122  {
1123  //Report an error if unknown ALPN protocols are disallowed
1124  if(!context->unknownProtocolsAllowed)
1125  return ERROR_ILLEGAL_PARAMETER;
1126  }
1127 
1128  //Sanity check
1129  if(context->selectedProtocol != NULL)
1130  {
1131  //Release memory
1132  tlsFreeMem(context->selectedProtocol);
1133  context->selectedProtocol = NULL;
1134  }
1135 
1136  //Allocate a memory block to hold the protocol name
1137  context->selectedProtocol = tlsAllocMem(length + 1);
1138  //Failed to allocate memory?
1139  if(context->selectedProtocol == NULL)
1140  return ERROR_OUT_OF_MEMORY;
1141 
1142  //Save protocol name
1143  memcpy(context->selectedProtocol, protocolName->value, length);
1144  //Properly terminate the string with a NULL character
1145  context->selectedProtocol[length] = '\0';
1146  }
1147 #endif
1148 
1149  //Successful processing
1150  return NO_ERROR;
1151 }
1152 
1153 
1154 /**
1155  * @brief Parse ClientCertType extension
1156  * @param[in] context Pointer to the TLS context
1157  * @param[in] clientCertType Pointer to the ClientCertType extension
1158  * @return Error code
1159  **/
1160 
1162  const uint8_t *clientCertType)
1163 {
1164 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1165  //ClientCertType extension found?
1166  if(clientCertType != NULL)
1167  {
1168  //The value conveyed in the extension must be selected from one of the
1169  //values provided in the ClientCertType extension sent in the ClientHello
1170  if(*clientCertType != TLS_CERT_FORMAT_X509 &&
1171  *clientCertType != TLS_CERT_FORMAT_RAW_PUBLIC_KEY)
1172  {
1173  return ERROR_ILLEGAL_PARAMETER;
1174  }
1175 
1176  //The ClientCertType extension in the ServerHello indicates the type
1177  //of certificates the client is requested to provide in a subsequent
1178  //certificate payload
1179  context->certFormat = (TlsCertificateFormat) *clientCertType;
1180  }
1181 #endif
1182 
1183  //Successful processing
1184  return NO_ERROR;
1185 }
1186 
1187 
1188 /**
1189  * @brief Parse ServerCertType extension
1190  * @param[in] context Pointer to the TLS context
1191  * @param[in] serverCertType Pointer to the ServerCertType extension
1192  * @return Error code
1193  **/
1194 
1196  const uint8_t *serverCertType)
1197 {
1198 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1199  //ServerCertType extension found?
1200  if(serverCertType != NULL)
1201  {
1202  //If a client receives an extension type in the ServerHello that it did
1203  //not request in the associated ClientHello, it must abort the handshake
1204  //with an unsupported_extension fatal alert
1205  if(context->rpkVerifyCallback == NULL &&
1206  *serverCertType != TLS_CERT_FORMAT_X509)
1207  {
1209  }
1210 
1211  //The value conveyed in the extension must be selected from one of the
1212  //values provided in the ServerCertType extension sent in the ClientHello
1213  if(*serverCertType != TLS_CERT_FORMAT_X509 &&
1214  *serverCertType != TLS_CERT_FORMAT_RAW_PUBLIC_KEY)
1215  {
1216  return ERROR_ILLEGAL_PARAMETER;
1217  }
1218 
1219  //With the ServerCertType extension in the ServerHello, the TLS server
1220  //indicates the certificate type carried in the certificate payload
1221  context->peerCertFormat = (TlsCertificateFormat) *serverCertType;
1222  }
1223 #endif
1224 
1225  //Successful processing
1226  return NO_ERROR;
1227 }
1228 
1229 
1230 /**
1231  * @brief Parse ExtendedMasterSecret extension
1232  * @param[in] context Pointer to the TLS context
1233  * @param[in] extendedMasterSecret Pointer to the ExtendedMasterSecret extension
1234  * @return Error code
1235  **/
1236 
1238  const uint8_t *extendedMasterSecret)
1239 {
1240 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1241  //ExtendedMasterSecret extension found?
1242  if(extendedMasterSecret != NULL)
1243  {
1244  //The countermeasure described in RFC 7627 cannot be used with SSL 3.0
1245  if(context->version == SSL_VERSION_3_0)
1247 
1248  //Abbreviated handshake?
1249  if(context->resume)
1250  {
1251  //If the original session did not use the ExtendedMasterSecret
1252  //extension but the new ServerHello contains the extension, the
1253  //client must abort the handshake
1254  if(!context->extendedMasterSecretExtReceived)
1255  return ERROR_HANDSHAKE_FAILED;
1256  }
1257 
1258  //A valid ExtendedMasterSecret extension has been received
1259  context->extendedMasterSecretExtReceived = TRUE;
1260  }
1261  else
1262  {
1263  //Abbreviated handshake?
1264  if(context->resume)
1265  {
1266  //If the original session used the ExtendedMasterSecret extension
1267  //but the new ServerHello does not contain the extension, the client
1268  //must abort the handshake
1269  if(context->extendedMasterSecretExtReceived)
1270  return ERROR_HANDSHAKE_FAILED;
1271  }
1272 
1273  //The ServerHello does not contain any ExtendedMasterSecret extension
1274  context->extendedMasterSecretExtReceived = FALSE;
1275  }
1276 #endif
1277 
1278  //Successful processing
1279  return NO_ERROR;
1280 }
1281 
1282 
1283 /**
1284  * @brief Parse RenegotiationInfo extension
1285  * @param[in] context Pointer to the TLS context
1286  * @param[in] extensions ServerHello extensions offered by the server
1287  * @return Error code
1288  **/
1289 
1292 {
1293 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
1294  //Initial handshake?
1295  if(context->clientVerifyDataLen == 0)
1296  {
1297  //RenegotiationInfo extension found?
1298  if(extensions->renegoInfo != NULL)
1299  {
1300  //If the extension is present, set the secure_renegotiation flag to TRUE
1301  context->secureRenegoFlag = TRUE;
1302 
1303  //Verify that the length of the renegotiated_connection field is zero
1304  if(extensions->renegoInfo->length != 0)
1305  {
1306  //If it is not, the client must abort the handshake by sending a
1307  //fatal handshake failure alert
1308  return ERROR_HANDSHAKE_FAILED;
1309  }
1310  }
1311  else
1312  {
1313  //If the extension is not present, the server does not support secure
1314  //renegotiation
1315  context->secureRenegoFlag = FALSE;
1316  }
1317  }
1318  //Secure renegotiation?
1319  else
1320  {
1321  //RenegotiationInfo extension found?
1322  if(extensions->renegoInfo != NULL)
1323  {
1324  //Check the length of the renegotiated_connection field
1325  if(extensions->renegoInfo->length != (context->clientVerifyDataLen +
1326  context->serverVerifyDataLen))
1327  {
1328  //The client must abort the handshake
1329  return ERROR_HANDSHAKE_FAILED;
1330  }
1331 
1332  //The client must verify that the first half of the field is equal to
1333  //the saved client_verify_data value
1334  if(memcmp(extensions->renegoInfo->value, context->clientVerifyData,
1335  context->clientVerifyDataLen))
1336  {
1337  //If it is not, the client must abort the handshake
1338  return ERROR_HANDSHAKE_FAILED;
1339  }
1340 
1341  //The client must verify that the second half of the field is equal to
1342  //the saved server_verify_data value
1343  if(memcmp(extensions->renegoInfo->value + context->clientVerifyDataLen,
1344  context->serverVerifyData, context->serverVerifyDataLen))
1345  {
1346  //If it is not, the client must abort the handshake
1347  return ERROR_HANDSHAKE_FAILED;
1348  }
1349 
1350 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1351  //ExtendedMasterSecret extension found?
1352  if(extensions->extendedMasterSecret != NULL)
1353  {
1354  //If the initial handshake did not use the ExtendedMasterSecret
1355  //extension but the new ServerHello contains the extension, the
1356  //client must abort the handshake
1357  if(!context->extendedMasterSecretExtReceived)
1358  return ERROR_HANDSHAKE_FAILED;
1359  }
1360  else
1361  {
1362  //If the initial handshake used the ExtendedMasterSecret extension
1363  //but the new ServerHello does not contain the extension, the
1364  //client must abort the handshake
1365  if(context->extendedMasterSecretExtReceived)
1366  return ERROR_HANDSHAKE_FAILED;
1367  }
1368 #endif
1369  }
1370  else
1371  {
1372  //If the RenegotiationInfo extension is not present, the client
1373  //must abort the handshake
1374  return ERROR_HANDSHAKE_FAILED;
1375  }
1376  }
1377 #endif
1378 
1379  //Successful processing
1380  return NO_ERROR;
1381 }
1382 
1383 #endif
TLS (Transport Layer Security)
__start_packed struct @78 TlsRenegoInfo
Renegotiated connection.
const uint16_t tlsSupportedGroups[]
__start_packed struct @73 TlsProtocolName
Protocol name.
FFDHE key exchange.
Debugging facilities.
#define tlsFreeMem(p)
Definition: tls.h:760
error_t tlsFormatClientEmsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ExtendedMasterSecret extension.
uint8_t p
Definition: ndp.h:295
error_t tlsParseServerEcPointFormatsExtension(TlsContext *context, const TlsEcPointFormatList *ecPointFormatList)
Parse EcPointFormats extension.
TlsCertificateFormat
Certificate formats.
Definition: tls.h:1052
error_t tlsFormatClientCertTypeListExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ClientCertType extension.
#define TLS_VERSION_1_3
Definition: tls.h:90
#define htons(value)
Definition: cpu_endian.h:390
__start_packed struct @74 TlsProtocolNameList
List of protocol names.
__start_packed struct @84 TlsHandshake
TLS handshake message.
#define DTLS_SUPPORT
Definition: dtls_misc.h:38
#define DTLS_VERSION_1_0
Definition: dtls_misc.h:33
#define HTONS(value)
Definition: cpu_endian.h:388
#define ENABLED
Definition: os_port.h:35
error_t tlsParseServerRenegoInfoExtension(TlsContext *context, const TlsHelloExtensions *extensions)
Parse RenegotiationInfo extension.
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
#define TRUE
Definition: os_port.h:48
#define TLS_MAX_RECORD_LENGTH
Definition: tls.h:828
error_t tlsFormatClientRenegoInfoExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RenegotiationInfo extension.
#define arraysize(a)
Definition: os_port.h:68
Parsing and checking of TLS extensions.
TLS helper functions.
__start_packed struct @68 TlsExtension
TLS extension.
#define ntohs(value)
Definition: cpu_endian.h:396
error_t tlsFormatClientSniExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SNI extension.
__start_packed struct @70 TlsSupportedVersionList
List of supported versions.
Formatting and parsing of extensions (TLS client)
__start_packed struct @76 TlsEcPointFormatList
List of supported EC point formats.
error_t tlsParseServerAlpnExtension(TlsContext *context, const TlsProtocolNameList *protocolNameList)
Parse ALPN extension.
const TlsFfdheGroup * tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
Get the FFDHE parameters that match the specified named group.
Definition: tls_ffdhe.c:313
#define LOAD16BE(p)
Definition: cpu_endian.h:168
error_t tlsParseServerCertTypeExtension(TlsContext *context, const uint8_t *serverCertType)
Parse ServerCertType extension.
#define MIN(a, b)
Definition: os_port.h:60
error_t tlsParseClientCertTypeExtension(TlsContext *context, const uint8_t *clientCertType)
Parse ClientCertType extension.
error_t tlsParseServerSniExtension(TlsContext *context, const TlsServerNameList *serverNameList)
Parse SNI extension.
#define TLS_VERSION_1_2
Definition: tls.h:83
#define TLS_VERSION_1_1
Definition: tls.h:82
TLS cipher suites.
Success.
Definition: error.h:42
error_t tlsFormatClientMaxFragLenExtension(TlsContext *context, uint8_t *p, size_t *written)
Format MaxFragmentLength extension.
error_t tlsParseServerRecordSizeLimitExtension(TlsContext *context, const uint8_t *recordSizeLimit)
Parse RecordSizeLimit extension.
error_t
Error codes.
Definition: error.h:40
__start_packed struct @71 TlsServerName
Server name.
error_t tlsParseServerMaxFragLenExtension(TlsContext *context, const uint8_t *maxFragLen)
Parse MaxFragmentLength extension.
uint8_t extensions[]
Definition: tls13_misc.h:322
unsigned int uint_t
Definition: compiler_port.h:43
#define STORE16BE(a, p)
Definition: cpu_endian.h:244
error_t tlsFormatClientSupportedVersionsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SupportedVersions extension.
#define TLS_VERSION_1_0
Definition: tls.h:81
error_t tlsFormatSupportedGroupsExtension(TlsContext *context, uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
Format SupportedGroups extension.
Hello extensions.
Definition: tls.h:1878
error_t tlsFormatClientHelloPaddingExtension(TlsContext *context, size_t clientHelloLen, uint8_t *p, size_t *written)
Format ClientHello Padding extension.
__start_packed struct @72 TlsServerNameList
List of server names.
__start_packed struct @77 TlsCertTypeList
List of supported certificate types.
#define tlsAllocMem(size)
Definition: tls.h:755
error_t tlsFormatClientEcPointFormatsExtension(TlsContext *context, uint_t cipherSuiteTypes, uint8_t *p, size_t *written)
Format EcPointFormats extension.
uint8_t length
Definition: dtls_misc.h:140
uint8_t n
#define DTLS_VERSION_1_2
Definition: dtls_misc.h:34
const EcCurveInfo * tlsGetCurveInfo(TlsContext *context, uint16_t namedCurve)
Get the EC domain parameters that match the specified named curve.
Definition: tls_misc.c:897
error_t tlsFormatClientAlpnExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ALPN extension.
bool_t tlsIsAlpnProtocolSupported(TlsContext *context, const char_t *protocol, size_t length)
Check whether the specified ALPN protocol is supported.
#define FALSE
Definition: os_port.h:44
#define TlsContext
Definition: tls.h:34
error_t tlsFormatClientRecordSizeLimitExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RecordSizeLimit extension.
error_t tlsFormatServerCertTypeListExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ServerCertType extension.
error_t tlsParseServerEmsExtension(TlsContext *context, const uint8_t *extendedMasterSecret)
Parse ExtendedMasterSecret extension.
#define SSL_VERSION_3_0
Definition: tls.h:80