edhoc 1.3.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (759) hide show
  1. package/.clang-format +79 -0
  2. package/README.md +6 -5
  3. package/dist/cbor-utils.d.ts +30 -0
  4. package/dist/cbor-utils.d.ts.map +1 -0
  5. package/dist/cbor-utils.js +179 -0
  6. package/dist/cipher-suites.d.ts +13 -0
  7. package/dist/cipher-suites.d.ts.map +1 -0
  8. package/dist/cipher-suites.js +22 -0
  9. package/dist/edhoc.d.ts +85 -277
  10. package/dist/edhoc.d.ts.map +1 -1
  11. package/dist/edhoc.js +562 -34
  12. package/package.json +5 -19
  13. package/.gitmodules +0 -3
  14. package/binding.gyp +0 -66
  15. package/dist/bindings.d.ts +0 -5
  16. package/dist/bindings.d.ts.map +0 -1
  17. package/dist/bindings.js +0 -10
  18. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_decode.h +0 -35
  19. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_encode.h +0 -35
  20. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_types.h +0 -34
  21. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_decode.h +0 -35
  22. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_encode.h +0 -35
  23. package/external/libedhoc/backends/cbor/include/backend_cbor_edhoc_types.h +0 -102
  24. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_decode.h +0 -35
  25. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_encode.h +0 -35
  26. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_types.h +0 -37
  27. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_decode.h +0 -35
  28. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_encode.h +0 -35
  29. package/external/libedhoc/backends/cbor/include/backend_cbor_info_decode.h +0 -35
  30. package/external/libedhoc/backends/cbor/include/backend_cbor_info_encode.h +0 -35
  31. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_decode.h +0 -35
  32. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_encode.h +0 -35
  33. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_types.h +0 -34
  34. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_decode.h +0 -35
  35. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_encode.h +0 -35
  36. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_decode.h +0 -35
  37. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_encode.h +0 -35
  38. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_decode.h +0 -35
  39. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_encode.h +0 -35
  40. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_decode.h +0 -35
  41. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_encode.h +0 -35
  42. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_decode.h +0 -35
  43. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_encode.h +0 -35
  44. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_decode.h +0 -35
  45. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_encode.h +0 -35
  46. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_decode.h +0 -35
  47. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_encode.h +0 -35
  48. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_decode.h +0 -35
  49. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_encode.h +0 -35
  50. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_decode.h +0 -35
  51. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_encode.h +0 -35
  52. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_types.h +0 -38
  53. package/external/libedhoc/backends/cbor/include/backend_cbor_x509_types.h +0 -180
  54. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_decode.c +0 -50
  55. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_encode.c +0 -50
  56. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_decode.c +0 -69
  57. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_encode.c +0 -69
  58. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_decode.c +0 -53
  59. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_encode.c +0 -53
  60. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_decode.c +0 -152
  61. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_encode.c +0 -152
  62. package/external/libedhoc/backends/cbor/src/backend_cbor_info_decode.c +0 -52
  63. package/external/libedhoc/backends/cbor/src/backend_cbor_info_encode.c +0 -52
  64. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_decode.c +0 -50
  65. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_encode.c +0 -50
  66. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_decode.c +0 -115
  67. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_encode.c +0 -115
  68. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_decode.c +0 -50
  69. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_encode.c +0 -50
  70. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_decode.c +0 -50
  71. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_encode.c +0 -50
  72. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_decode.c +0 -50
  73. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_encode.c +0 -50
  74. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_decode.c +0 -92
  75. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_encode.c +0 -92
  76. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_decode.c +0 -216
  77. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_encode.c +0 -217
  78. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_decode.c +0 -212
  79. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_encode.c +0 -212
  80. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_decode.c +0 -87
  81. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_encode.c +0 -87
  82. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_decode.c +0 -54
  83. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_encode.c +0 -54
  84. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.c +0 -31
  85. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.h +0 -10
  86. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.c +0 -18
  87. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.h +0 -9
  88. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode.c +0 -69
  89. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode2.c +0 -38
  90. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode2_Runner.c +0 -53
  91. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode_Runner.c +0 -57
  92. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.c +0 -31
  93. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.h +0 -10
  94. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.c +0 -18
  95. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.h +0 -9
  96. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode.c +0 -71
  97. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode2.c +0 -40
  98. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode2_Runner.c +0 -16
  99. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode_Runner.c +0 -18
  100. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/all_tests.c +0 -19
  101. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.c +0 -17
  102. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.h +0 -19
  103. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.c +0 -31
  104. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.h +0 -10
  105. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.c +0 -18
  106. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.h +0 -9
  107. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode.c +0 -69
  108. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode2.c +0 -38
  109. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.c +0 -31
  110. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.h +0 -10
  111. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.c +0 -18
  112. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.h +0 -9
  113. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode.c +0 -70
  114. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode2.c +0 -42
  115. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode2_Runner.c +0 -53
  116. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode_Runner.c +0 -57
  117. package/external/libedhoc/externals/Unity/examples/unity_config.h +0 -251
  118. package/external/libedhoc/externals/Unity/extras/bdd/src/unity_bdd.h +0 -44
  119. package/external/libedhoc/externals/Unity/extras/bdd/test/test_bdd.c +0 -129
  120. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.c +0 -310
  121. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.h +0 -95
  122. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture_internals.h +0 -51
  123. package/external/libedhoc/externals/Unity/extras/fixture/test/main/AllTests.c +0 -20
  124. package/external/libedhoc/externals/Unity/extras/fixture/test/template_fixture_tests.c +0 -40
  125. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_Test.c +0 -246
  126. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_TestRunner.c +0 -33
  127. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.c +0 -203
  128. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.h +0 -61
  129. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_Test.c +0 -326
  130. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_TestRunner.c +0 -50
  131. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.c +0 -57
  132. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.h +0 -17
  133. package/external/libedhoc/externals/Unity/src/unity.c +0 -2501
  134. package/external/libedhoc/externals/Unity/src/unity.h +0 -698
  135. package/external/libedhoc/externals/Unity/src/unity_internals.h +0 -1183
  136. package/external/libedhoc/externals/Unity/test/expectdata/testsample_cmd.c +0 -61
  137. package/external/libedhoc/externals/Unity/test/expectdata/testsample_def.c +0 -57
  138. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.c +0 -55
  139. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.h +0 -15
  140. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_cmd.c +0 -80
  141. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_def.c +0 -76
  142. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.c +0 -75
  143. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.h +0 -13
  144. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new1.c +0 -89
  145. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new2.c +0 -89
  146. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_param.c +0 -77
  147. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run1.c +0 -89
  148. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run2.c +0 -89
  149. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_yaml.c +0 -90
  150. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new1.c +0 -67
  151. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new2.c +0 -70
  152. package/external/libedhoc/externals/Unity/test/expectdata/testsample_param.c +0 -58
  153. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run1.c +0 -67
  154. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run2.c +0 -70
  155. package/external/libedhoc/externals/Unity/test/expectdata/testsample_yaml.c +0 -71
  156. package/external/libedhoc/externals/Unity/test/testdata/CException.h +0 -18
  157. package/external/libedhoc/externals/Unity/test/testdata/Defs.h +0 -16
  158. package/external/libedhoc/externals/Unity/test/testdata/cmock.h +0 -21
  159. package/external/libedhoc/externals/Unity/test/testdata/mockMock.h +0 -20
  160. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGenerator.c +0 -204
  161. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorSmall.c +0 -73
  162. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorWithMocks.c +0 -200
  163. package/external/libedhoc/externals/Unity/test/tests/self_assessment_utils.h +0 -151
  164. package/external/libedhoc/externals/Unity/test/tests/test_unity_arrays.c +0 -2941
  165. package/external/libedhoc/externals/Unity/test/tests/test_unity_core.c +0 -375
  166. package/external/libedhoc/externals/Unity/test/tests/test_unity_doubles.c +0 -1285
  167. package/external/libedhoc/externals/Unity/test/tests/test_unity_floats.c +0 -1395
  168. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers.c +0 -2863
  169. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers_64.c +0 -783
  170. package/external/libedhoc/externals/Unity/test/tests/test_unity_memory.c +0 -82
  171. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterized.c +0 -309
  172. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterizedDemo.c +0 -28
  173. package/external/libedhoc/externals/Unity/test/tests/test_unity_strings.c +0 -330
  174. package/external/libedhoc/externals/Unity/test/tests/types_for_test.h +0 -21
  175. package/external/libedhoc/externals/compact25519/src/c25519/c25519.c +0 -126
  176. package/external/libedhoc/externals/compact25519/src/c25519/c25519.h +0 -49
  177. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.c +0 -323
  178. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.h +0 -84
  179. package/external/libedhoc/externals/compact25519/src/c25519/edsign.c +0 -171
  180. package/external/libedhoc/externals/compact25519/src/c25519/edsign.h +0 -53
  181. package/external/libedhoc/externals/compact25519/src/c25519/f25519.c +0 -330
  182. package/external/libedhoc/externals/compact25519/src/c25519/f25519.h +0 -98
  183. package/external/libedhoc/externals/compact25519/src/c25519/fprime.c +0 -226
  184. package/external/libedhoc/externals/compact25519/src/c25519/fprime.h +0 -81
  185. package/external/libedhoc/externals/compact25519/src/c25519/sha512.c +0 -230
  186. package/external/libedhoc/externals/compact25519/src/c25519/sha512.h +0 -54
  187. package/external/libedhoc/externals/compact25519/src/compact_ed25519.c +0 -46
  188. package/external/libedhoc/externals/compact25519/src/compact_ed25519.h +0 -110
  189. package/external/libedhoc/externals/compact25519/src/compact_wipe.c +0 -12
  190. package/external/libedhoc/externals/compact25519/src/compact_wipe.h +0 -14
  191. package/external/libedhoc/externals/compact25519/src/compact_x25519.c +0 -68
  192. package/external/libedhoc/externals/compact25519/src/compact_x25519.h +0 -101
  193. package/external/libedhoc/externals/compact25519/test/pcg_random.h +0 -25
  194. package/external/libedhoc/externals/compact25519/test/run-all.c +0 -178
  195. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h +0 -21
  196. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/everest.h +0 -234
  197. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h +0 -124
  198. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h +0 -280
  199. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib.h +0 -29
  200. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h +0 -204
  201. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h +0 -16
  202. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h +0 -46
  203. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h +0 -34
  204. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h +0 -57
  205. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h +0 -102
  206. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h +0 -61
  207. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h +0 -5
  208. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h +0 -21
  209. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/inttypes.h +0 -36
  210. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/stdbool.h +0 -31
  211. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/x25519.h +0 -190
  212. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c +0 -760
  213. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c +0 -50
  214. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/everest.c +0 -102
  215. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c +0 -413
  216. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c +0 -100
  217. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c +0 -805
  218. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/x25519.c +0 -186
  219. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.c +0 -1514
  220. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.h +0 -135
  221. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.c +0 -312
  222. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.h +0 -219
  223. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-dtls1_2.h +0 -92
  224. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-tls1_2.h +0 -83
  225. package/external/libedhoc/externals/mbedtls/configs/config-no-entropy.h +0 -73
  226. package/external/libedhoc/externals/mbedtls/configs/config-suite-b.h +0 -106
  227. package/external/libedhoc/externals/mbedtls/configs/config-symmetric-only.h +0 -77
  228. package/external/libedhoc/externals/mbedtls/configs/config-thread.h +0 -76
  229. package/external/libedhoc/externals/mbedtls/configs/crypto-config-ccm-aes-sha256.h +0 -25
  230. package/external/libedhoc/externals/mbedtls/configs/crypto_config_profile_medium.h +0 -136
  231. package/external/libedhoc/externals/mbedtls/configs/tfm_mbedcrypto_config_profile_medium.h +0 -609
  232. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_encdec.h +0 -54
  233. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_hashing.h +0 -30
  234. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_mainpage.h +0 -19
  235. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_rng.h +0 -27
  236. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_ssltls.h +0 -37
  237. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_tcpip.h +0 -32
  238. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_x509.h +0 -31
  239. package/external/libedhoc/externals/mbedtls/include/mbedtls/aes.h +0 -627
  240. package/external/libedhoc/externals/mbedtls/include/mbedtls/aria.h +0 -341
  241. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1.h +0 -641
  242. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1write.h +0 -389
  243. package/external/libedhoc/externals/mbedtls/include/mbedtls/base64.h +0 -82
  244. package/external/libedhoc/externals/mbedtls/include/mbedtls/bignum.h +0 -1084
  245. package/external/libedhoc/externals/mbedtls/include/mbedtls/build_info.h +0 -146
  246. package/external/libedhoc/externals/mbedtls/include/mbedtls/camellia.h +0 -303
  247. package/external/libedhoc/externals/mbedtls/include/mbedtls/ccm.h +0 -518
  248. package/external/libedhoc/externals/mbedtls/include/mbedtls/chacha20.h +0 -202
  249. package/external/libedhoc/externals/mbedtls/include/mbedtls/chachapoly.h +0 -342
  250. package/external/libedhoc/externals/mbedtls/include/mbedtls/check_config.h +0 -1206
  251. package/external/libedhoc/externals/mbedtls/include/mbedtls/cipher.h +0 -1183
  252. package/external/libedhoc/externals/mbedtls/include/mbedtls/cmac.h +0 -246
  253. package/external/libedhoc/externals/mbedtls/include/mbedtls/compat-2.x.h +0 -46
  254. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h +0 -183
  255. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h +0 -877
  256. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h +0 -334
  257. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h +0 -142
  258. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_ssl.h +0 -76
  259. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_x509.h +0 -25
  260. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_psa.h +0 -55
  261. package/external/libedhoc/externals/mbedtls/include/mbedtls/constant_time.h +0 -36
  262. package/external/libedhoc/externals/mbedtls/include/mbedtls/ctr_drbg.h +0 -564
  263. package/external/libedhoc/externals/mbedtls/include/mbedtls/debug.h +0 -308
  264. package/external/libedhoc/externals/mbedtls/include/mbedtls/des.h +0 -385
  265. package/external/libedhoc/externals/mbedtls/include/mbedtls/dhm.h +0 -972
  266. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdh.h +0 -441
  267. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdsa.h +0 -671
  268. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecjpake.h +0 -298
  269. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecp.h +0 -1362
  270. package/external/libedhoc/externals/mbedtls/include/mbedtls/entropy.h +0 -273
  271. package/external/libedhoc/externals/mbedtls/include/mbedtls/error.h +0 -201
  272. package/external/libedhoc/externals/mbedtls/include/mbedtls/gcm.h +0 -370
  273. package/external/libedhoc/externals/mbedtls/include/mbedtls/hkdf.h +0 -124
  274. package/external/libedhoc/externals/mbedtls/include/mbedtls/hmac_drbg.h +0 -434
  275. package/external/libedhoc/externals/mbedtls/include/mbedtls/lms.h +0 -440
  276. package/external/libedhoc/externals/mbedtls/include/mbedtls/mbedtls_config.h +0 -4116
  277. package/external/libedhoc/externals/mbedtls/include/mbedtls/md.h +0 -640
  278. package/external/libedhoc/externals/mbedtls/include/mbedtls/md5.h +0 -190
  279. package/external/libedhoc/externals/mbedtls/include/mbedtls/memory_buffer_alloc.h +0 -142
  280. package/external/libedhoc/externals/mbedtls/include/mbedtls/net_sockets.h +0 -299
  281. package/external/libedhoc/externals/mbedtls/include/mbedtls/nist_kw.h +0 -166
  282. package/external/libedhoc/externals/mbedtls/include/mbedtls/oid.h +0 -722
  283. package/external/libedhoc/externals/mbedtls/include/mbedtls/pem.h +0 -160
  284. package/external/libedhoc/externals/mbedtls/include/mbedtls/pk.h +0 -1091
  285. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs12.h +0 -186
  286. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs5.h +0 -197
  287. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs7.h +0 -241
  288. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform.h +0 -485
  289. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_time.h +0 -79
  290. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_util.h +0 -201
  291. package/external/libedhoc/externals/mbedtls/include/mbedtls/poly1305.h +0 -168
  292. package/external/libedhoc/externals/mbedtls/include/mbedtls/private_access.h +0 -20
  293. package/external/libedhoc/externals/mbedtls/include/mbedtls/psa_util.h +0 -104
  294. package/external/libedhoc/externals/mbedtls/include/mbedtls/ripemd160.h +0 -136
  295. package/external/libedhoc/externals/mbedtls/include/mbedtls/rsa.h +0 -1143
  296. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha1.h +0 -219
  297. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha256.h +0 -198
  298. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha3.h +0 -172
  299. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha512.h +0 -208
  300. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl.h +0 -5369
  301. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cache.h +0 -187
  302. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ciphersuites.h +0 -616
  303. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cookie.h +0 -106
  304. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ticket.h +0 -181
  305. package/external/libedhoc/externals/mbedtls/include/mbedtls/threading.h +0 -105
  306. package/external/libedhoc/externals/mbedtls/include/mbedtls/timing.h +0 -94
  307. package/external/libedhoc/externals/mbedtls/include/mbedtls/version.h +0 -78
  308. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509.h +0 -550
  309. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crl.h +0 -184
  310. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crt.h +0 -1196
  311. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_csr.h +0 -319
  312. package/external/libedhoc/externals/mbedtls/include/psa/build_info.h +0 -20
  313. package/external/libedhoc/externals/mbedtls/include/psa/crypto.h +0 -4685
  314. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_auto_enabled.h +0 -21
  315. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h +0 -91
  316. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_synonyms.h +0 -45
  317. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_composites.h +0 -210
  318. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_key_derivation.h +0 -118
  319. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_primitives.h +0 -114
  320. package/external/libedhoc/externals/mbedtls/include/psa/crypto_compat.h +0 -153
  321. package/external/libedhoc/externals/mbedtls/include/psa/crypto_config.h +0 -153
  322. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_common.h +0 -44
  323. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_composites.h +0 -151
  324. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h +0 -52
  325. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_primitives.h +0 -105
  326. package/external/libedhoc/externals/mbedtls/include/psa/crypto_extra.h +0 -2064
  327. package/external/libedhoc/externals/mbedtls/include/psa/crypto_legacy.h +0 -88
  328. package/external/libedhoc/externals/mbedtls/include/psa/crypto_platform.h +0 -92
  329. package/external/libedhoc/externals/mbedtls/include/psa/crypto_se_driver.h +0 -1383
  330. package/external/libedhoc/externals/mbedtls/include/psa/crypto_sizes.h +0 -1282
  331. package/external/libedhoc/externals/mbedtls/include/psa/crypto_struct.h +0 -460
  332. package/external/libedhoc/externals/mbedtls/include/psa/crypto_types.h +0 -453
  333. package/external/libedhoc/externals/mbedtls/include/psa/crypto_values.h +0 -2756
  334. package/external/libedhoc/externals/mbedtls/library/aes.c +0 -2315
  335. package/external/libedhoc/externals/mbedtls/library/aesce.c +0 -503
  336. package/external/libedhoc/externals/mbedtls/library/aesce.h +0 -121
  337. package/external/libedhoc/externals/mbedtls/library/aesni.c +0 -802
  338. package/external/libedhoc/externals/mbedtls/library/aesni.h +0 -158
  339. package/external/libedhoc/externals/mbedtls/library/alignment.h +0 -509
  340. package/external/libedhoc/externals/mbedtls/library/aria.c +0 -991
  341. package/external/libedhoc/externals/mbedtls/library/asn1parse.c +0 -467
  342. package/external/libedhoc/externals/mbedtls/library/asn1write.c +0 -436
  343. package/external/libedhoc/externals/mbedtls/library/base64.c +0 -299
  344. package/external/libedhoc/externals/mbedtls/library/base64_internal.h +0 -45
  345. package/external/libedhoc/externals/mbedtls/library/bignum.c +0 -2806
  346. package/external/libedhoc/externals/mbedtls/library/bignum_core.c +0 -894
  347. package/external/libedhoc/externals/mbedtls/library/bignum_core.h +0 -763
  348. package/external/libedhoc/externals/mbedtls/library/bignum_mod.c +0 -394
  349. package/external/libedhoc/externals/mbedtls/library/bignum_mod.h +0 -452
  350. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.c +0 -276
  351. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.h +0 -416
  352. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw_invasive.h +0 -34
  353. package/external/libedhoc/externals/mbedtls/library/bn_mul.h +0 -1094
  354. package/external/libedhoc/externals/mbedtls/library/camellia.c +0 -1044
  355. package/external/libedhoc/externals/mbedtls/library/ccm.c +0 -712
  356. package/external/libedhoc/externals/mbedtls/library/chacha20.c +0 -497
  357. package/external/libedhoc/externals/mbedtls/library/chachapoly.c +0 -478
  358. package/external/libedhoc/externals/mbedtls/library/check_crypto_config.h +0 -141
  359. package/external/libedhoc/externals/mbedtls/library/cipher.c +0 -1664
  360. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.c +0 -2422
  361. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.h +0 -132
  362. package/external/libedhoc/externals/mbedtls/library/cmac.c +0 -1067
  363. package/external/libedhoc/externals/mbedtls/library/common.h +0 -325
  364. package/external/libedhoc/externals/mbedtls/library/constant_time.c +0 -261
  365. package/external/libedhoc/externals/mbedtls/library/constant_time_impl.h +0 -554
  366. package/external/libedhoc/externals/mbedtls/library/constant_time_internal.h +0 -579
  367. package/external/libedhoc/externals/mbedtls/library/ctr_drbg.c +0 -881
  368. package/external/libedhoc/externals/mbedtls/library/debug.c +0 -465
  369. package/external/libedhoc/externals/mbedtls/library/des.c +0 -1042
  370. package/external/libedhoc/externals/mbedtls/library/dhm.c +0 -712
  371. package/external/libedhoc/externals/mbedtls/library/ecdh.c +0 -685
  372. package/external/libedhoc/externals/mbedtls/library/ecdsa.c +0 -867
  373. package/external/libedhoc/externals/mbedtls/library/ecjpake.c +0 -1216
  374. package/external/libedhoc/externals/mbedtls/library/ecp.c +0 -3631
  375. package/external/libedhoc/externals/mbedtls/library/ecp_curves.c +0 -5467
  376. package/external/libedhoc/externals/mbedtls/library/ecp_curves_new.c +0 -6043
  377. package/external/libedhoc/externals/mbedtls/library/ecp_internal_alt.h +0 -287
  378. package/external/libedhoc/externals/mbedtls/library/ecp_invasive.h +0 -325
  379. package/external/libedhoc/externals/mbedtls/library/entropy.c +0 -676
  380. package/external/libedhoc/externals/mbedtls/library/entropy_poll.c +0 -229
  381. package/external/libedhoc/externals/mbedtls/library/entropy_poll.h +0 -64
  382. package/external/libedhoc/externals/mbedtls/library/error.c +0 -878
  383. package/external/libedhoc/externals/mbedtls/library/gcm.c +0 -1168
  384. package/external/libedhoc/externals/mbedtls/library/hkdf.c +0 -161
  385. package/external/libedhoc/externals/mbedtls/library/hmac_drbg.c +0 -633
  386. package/external/libedhoc/externals/mbedtls/library/lmots.c +0 -821
  387. package/external/libedhoc/externals/mbedtls/library/lmots.h +0 -311
  388. package/external/libedhoc/externals/mbedtls/library/lms.c +0 -779
  389. package/external/libedhoc/externals/mbedtls/library/md.c +0 -1108
  390. package/external/libedhoc/externals/mbedtls/library/md5.c +0 -426
  391. package/external/libedhoc/externals/mbedtls/library/md_psa.h +0 -63
  392. package/external/libedhoc/externals/mbedtls/library/md_wrap.h +0 -46
  393. package/external/libedhoc/externals/mbedtls/library/memory_buffer_alloc.c +0 -745
  394. package/external/libedhoc/externals/mbedtls/library/mps_common.h +0 -181
  395. package/external/libedhoc/externals/mbedtls/library/mps_error.h +0 -89
  396. package/external/libedhoc/externals/mbedtls/library/mps_reader.c +0 -538
  397. package/external/libedhoc/externals/mbedtls/library/mps_reader.h +0 -366
  398. package/external/libedhoc/externals/mbedtls/library/mps_trace.c +0 -112
  399. package/external/libedhoc/externals/mbedtls/library/mps_trace.h +0 -154
  400. package/external/libedhoc/externals/mbedtls/library/net_sockets.c +0 -696
  401. package/external/libedhoc/externals/mbedtls/library/nist_kw.c +0 -725
  402. package/external/libedhoc/externals/mbedtls/library/oid.c +0 -1154
  403. package/external/libedhoc/externals/mbedtls/library/padlock.c +0 -155
  404. package/external/libedhoc/externals/mbedtls/library/padlock.h +0 -111
  405. package/external/libedhoc/externals/mbedtls/library/pem.c +0 -520
  406. package/external/libedhoc/externals/mbedtls/library/pk.c +0 -970
  407. package/external/libedhoc/externals/mbedtls/library/pk_internal.h +0 -118
  408. package/external/libedhoc/externals/mbedtls/library/pk_wrap.c +0 -1834
  409. package/external/libedhoc/externals/mbedtls/library/pk_wrap.h +0 -156
  410. package/external/libedhoc/externals/mbedtls/library/pkcs12.c +0 -447
  411. package/external/libedhoc/externals/mbedtls/library/pkcs5.c +0 -496
  412. package/external/libedhoc/externals/mbedtls/library/pkcs7.c +0 -773
  413. package/external/libedhoc/externals/mbedtls/library/pkparse.c +0 -1845
  414. package/external/libedhoc/externals/mbedtls/library/pkwrite.c +0 -836
  415. package/external/libedhoc/externals/mbedtls/library/pkwrite.h +0 -112
  416. package/external/libedhoc/externals/mbedtls/library/platform.c +0 -402
  417. package/external/libedhoc/externals/mbedtls/library/platform_util.c +0 -285
  418. package/external/libedhoc/externals/mbedtls/library/poly1305.c +0 -492
  419. package/external/libedhoc/externals/mbedtls/library/psa_crypto.c +0 -8432
  420. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.c +0 -653
  421. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.h +0 -499
  422. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.c +0 -590
  423. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.h +0 -293
  424. package/external/libedhoc/externals/mbedtls/library/psa_crypto_client.c +0 -67
  425. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core.h +0 -838
  426. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core_common.h +0 -52
  427. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers.h +0 -2871
  428. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.c +0 -256
  429. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.h +0 -31
  430. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.c +0 -561
  431. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.h +0 -267
  432. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.c +0 -295
  433. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.h +0 -132
  434. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.c +0 -470
  435. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.h +0 -211
  436. package/external/libedhoc/externals/mbedtls/library/psa_crypto_invasive.h +0 -70
  437. package/external/libedhoc/externals/mbedtls/library/psa_crypto_its.h +0 -131
  438. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.c +0 -496
  439. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.h +0 -264
  440. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.c +0 -571
  441. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.h +0 -159
  442. package/external/libedhoc/externals/mbedtls/library/psa_crypto_random_impl.h +0 -192
  443. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.c +0 -727
  444. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.h +0 -317
  445. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.c +0 -373
  446. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.h +0 -185
  447. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.c +0 -559
  448. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.h +0 -213
  449. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.c +0 -481
  450. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.h +0 -384
  451. package/external/libedhoc/externals/mbedtls/library/psa_its_file.c +0 -259
  452. package/external/libedhoc/externals/mbedtls/library/psa_util.c +0 -160
  453. package/external/libedhoc/externals/mbedtls/library/psa_util_internal.h +0 -96
  454. package/external/libedhoc/externals/mbedtls/library/ripemd160.c +0 -490
  455. package/external/libedhoc/externals/mbedtls/library/rsa.c +0 -2640
  456. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.c +0 -447
  457. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.h +0 -208
  458. package/external/libedhoc/externals/mbedtls/library/sha1.c +0 -480
  459. package/external/libedhoc/externals/mbedtls/library/sha256.c +0 -946
  460. package/external/libedhoc/externals/mbedtls/library/sha3.c +0 -626
  461. package/external/libedhoc/externals/mbedtls/library/sha512.c +0 -1111
  462. package/external/libedhoc/externals/mbedtls/library/ssl_cache.c +0 -410
  463. package/external/libedhoc/externals/mbedtls/library/ssl_ciphersuites.c +0 -2050
  464. package/external/libedhoc/externals/mbedtls/library/ssl_client.c +0 -1017
  465. package/external/libedhoc/externals/mbedtls/library/ssl_client.h +0 -22
  466. package/external/libedhoc/externals/mbedtls/library/ssl_cookie.c +0 -380
  467. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers.h +0 -78
  468. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers_generated.c +0 -234
  469. package/external/libedhoc/externals/mbedtls/library/ssl_misc.h +0 -2847
  470. package/external/libedhoc/externals/mbedtls/library/ssl_msg.c +0 -6155
  471. package/external/libedhoc/externals/mbedtls/library/ssl_ticket.c +0 -540
  472. package/external/libedhoc/externals/mbedtls/library/ssl_tls.c +0 -9577
  473. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_client.c +0 -3607
  474. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_server.c +0 -4403
  475. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_client.c +0 -3046
  476. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_generic.c +0 -1740
  477. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_invasive.h +0 -23
  478. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.c +0 -1897
  479. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.h +0 -651
  480. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_server.c +0 -3146
  481. package/external/libedhoc/externals/mbedtls/library/threading.c +0 -181
  482. package/external/libedhoc/externals/mbedtls/library/timing.c +0 -154
  483. package/external/libedhoc/externals/mbedtls/library/version.c +0 -32
  484. package/external/libedhoc/externals/mbedtls/library/version_features.c +0 -826
  485. package/external/libedhoc/externals/mbedtls/library/x509.c +0 -1776
  486. package/external/libedhoc/externals/mbedtls/library/x509_create.c +0 -557
  487. package/external/libedhoc/externals/mbedtls/library/x509_crl.c +0 -712
  488. package/external/libedhoc/externals/mbedtls/library/x509_crt.c +0 -3292
  489. package/external/libedhoc/externals/mbedtls/library/x509_csr.c +0 -574
  490. package/external/libedhoc/externals/mbedtls/library/x509write.c +0 -174
  491. package/external/libedhoc/externals/mbedtls/library/x509write_crt.c +0 -681
  492. package/external/libedhoc/externals/mbedtls/library/x509write_csr.c +0 -331
  493. package/external/libedhoc/externals/mbedtls/programs/aes/crypt_and_hash.c +0 -573
  494. package/external/libedhoc/externals/mbedtls/programs/cipher/cipher_aead_demo.c +0 -259
  495. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.c +0 -105
  496. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.h +0 -25
  497. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_client.c +0 -195
  498. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsclient.c +0 -138
  499. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsserver.c +0 -183
  500. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pkcs7.c +0 -20
  501. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_privkey.c +0 -106
  502. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pubkey.c +0 -86
  503. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_server.c +0 -218
  504. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crl.c +0 -41
  505. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crt.c +0 -41
  506. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509csr.c +0 -41
  507. package/external/libedhoc/externals/mbedtls/programs/fuzz/onefile.c +0 -69
  508. package/external/libedhoc/externals/mbedtls/programs/hash/generic_sum.c +0 -209
  509. package/external/libedhoc/externals/mbedtls/programs/hash/hello.c +0 -45
  510. package/external/libedhoc/externals/mbedtls/programs/hash/md_hmac_demo.c +0 -136
  511. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_client.c +0 -274
  512. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_genprime.c +0 -161
  513. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_server.c +0 -296
  514. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdh_curve25519.c +0 -189
  515. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdsa.c +0 -217
  516. package/external/libedhoc/externals/mbedtls/programs/pkey/gen_key.c +0 -419
  517. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app.c +0 -316
  518. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app_writer.c +0 -435
  519. package/external/libedhoc/externals/mbedtls/programs/pkey/mpi_demo.c +0 -84
  520. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_decrypt.c +0 -153
  521. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_encrypt.c +0 -154
  522. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_sign.c +0 -155
  523. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_verify.c +0 -128
  524. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_decrypt.c +0 -172
  525. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_encrypt.c +0 -149
  526. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_genkey.c +0 -141
  527. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign.c +0 -155
  528. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign_pss.c +0 -161
  529. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify.c +0 -131
  530. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify_pss.c +0 -136
  531. package/external/libedhoc/externals/mbedtls/programs/psa/aead_demo.c +0 -281
  532. package/external/libedhoc/externals/mbedtls/programs/psa/crypto_examples.c +0 -321
  533. package/external/libedhoc/externals/mbedtls/programs/psa/hmac_demo.c +0 -159
  534. package/external/libedhoc/externals/mbedtls/programs/psa/key_ladder_demo.c +0 -691
  535. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names.c +0 -310
  536. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names_generated.c +0 -474
  537. package/external/libedhoc/externals/mbedtls/programs/random/gen_entropy.c +0 -75
  538. package/external/libedhoc/externals/mbedtls/programs/random/gen_random_ctr_drbg.c +0 -107
  539. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_client.c +0 -342
  540. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_server.c +0 -408
  541. package/external/libedhoc/externals/mbedtls/programs/ssl/mini_client.c +0 -274
  542. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client1.c +0 -288
  543. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client2.c +0 -3118
  544. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_context_info.c +0 -1009
  545. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_fork_server.c +0 -381
  546. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_mail_client.c +0 -804
  547. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_pthread_server.c +0 -489
  548. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server.c +0 -362
  549. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server2.c +0 -4268
  550. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_common_source.c +0 -375
  551. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.c +0 -601
  552. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.h +0 -306
  553. package/external/libedhoc/externals/mbedtls/programs/test/benchmark.c +0 -1284
  554. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package/cmake_package.c +0 -27
  555. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package_install/cmake_package_install.c +0 -28
  556. package/external/libedhoc/externals/mbedtls/programs/test/cmake_subproject/cmake_subproject.c +0 -28
  557. package/external/libedhoc/externals/mbedtls/programs/test/dlopen.c +0 -92
  558. package/external/libedhoc/externals/mbedtls/programs/test/query_compile_time_config.c +0 -66
  559. package/external/libedhoc/externals/mbedtls/programs/test/query_config.c +0 -5137
  560. package/external/libedhoc/externals/mbedtls/programs/test/query_config.h +0 -34
  561. package/external/libedhoc/externals/mbedtls/programs/test/query_included_headers.c +0 -29
  562. package/external/libedhoc/externals/mbedtls/programs/test/selftest.c +0 -583
  563. package/external/libedhoc/externals/mbedtls/programs/test/udp_proxy.c +0 -967
  564. package/external/libedhoc/externals/mbedtls/programs/test/zeroize.c +0 -72
  565. package/external/libedhoc/externals/mbedtls/programs/util/pem2der.c +0 -265
  566. package/external/libedhoc/externals/mbedtls/programs/util/strerror.c +0 -61
  567. package/external/libedhoc/externals/mbedtls/programs/wince_main.c +0 -31
  568. package/external/libedhoc/externals/mbedtls/programs/x509/cert_app.c +0 -456
  569. package/external/libedhoc/externals/mbedtls/programs/x509/cert_req.c +0 -509
  570. package/external/libedhoc/externals/mbedtls/programs/x509/cert_write.c +0 -1012
  571. package/external/libedhoc/externals/mbedtls/programs/x509/crl_app.c +0 -132
  572. package/external/libedhoc/externals/mbedtls/programs/x509/load_roots.c +0 -165
  573. package/external/libedhoc/externals/mbedtls/programs/x509/req_app.c +0 -132
  574. package/external/libedhoc/externals/mbedtls/tests/configs/tls13-only.h +0 -31
  575. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-for-test.h +0 -89
  576. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-malloc-0-null.h +0 -22
  577. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-zeroize-memset.h +0 -17
  578. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aes_alt.h +0 -23
  579. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aria_alt.h +0 -16
  580. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/camellia_alt.h +0 -16
  581. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ccm_alt.h +0 -16
  582. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chacha20_alt.h +0 -16
  583. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chachapoly_alt.h +0 -18
  584. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/cmac_alt.h +0 -15
  585. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/des_alt.h +0 -22
  586. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/dhm_alt.h +0 -16
  587. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecjpake_alt.h +0 -15
  588. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecp_alt.h +0 -22
  589. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/gcm_alt.h +0 -16
  590. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/md5_alt.h +0 -16
  591. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/nist_kw_alt.h +0 -15
  592. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/platform_alt.h +0 -16
  593. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/poly1305_alt.h +0 -16
  594. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ripemd160_alt.h +0 -16
  595. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/rsa_alt.h +0 -16
  596. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha1_alt.h +0 -16
  597. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha256_alt.h +0 -16
  598. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha512_alt.h +0 -16
  599. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/threading_alt.h +0 -14
  600. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/timing_alt.h +0 -19
  601. package/external/libedhoc/externals/mbedtls/tests/include/alt-extra/psa/crypto.h +0 -7
  602. package/external/libedhoc/externals/mbedtls/tests/include/baremetal-override/time.h +0 -6
  603. package/external/libedhoc/externals/mbedtls/tests/include/spe/crypto_spe.h +0 -131
  604. package/external/libedhoc/externals/mbedtls/tests/include/test/arguments.h +0 -26
  605. package/external/libedhoc/externals/mbedtls/tests/include/test/asn1_helpers.h +0 -38
  606. package/external/libedhoc/externals/mbedtls/tests/include/test/bignum_helpers.h +0 -106
  607. package/external/libedhoc/externals/mbedtls/tests/include/test/certs.h +0 -234
  608. package/external/libedhoc/externals/mbedtls/tests/include/test/constant_flow.h +0 -71
  609. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/aead.h +0 -121
  610. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/asymmetric_encryption.h +0 -67
  611. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/cipher.h +0 -130
  612. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/config_test_driver.h +0 -44
  613. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/crypto_config_test_driver_extension.h +0 -430
  614. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/hash.h +0 -64
  615. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_agreement.h +0 -62
  616. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_management.h +0 -123
  617. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/mac.h +0 -125
  618. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/pake.h +0 -75
  619. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/signature.h +0 -112
  620. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/test_driver.h +0 -32
  621. package/external/libedhoc/externals/mbedtls/tests/include/test/fake_external_rng_for_test.h +0 -40
  622. package/external/libedhoc/externals/mbedtls/tests/include/test/helpers.h +0 -268
  623. package/external/libedhoc/externals/mbedtls/tests/include/test/macros.h +0 -250
  624. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_crypto_helpers.h +0 -398
  625. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_exercise_key.h +0 -223
  626. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_helpers.h +0 -24
  627. package/external/libedhoc/externals/mbedtls/tests/include/test/random.h +0 -91
  628. package/external/libedhoc/externals/mbedtls/tests/include/test/ssl_helpers.h +0 -628
  629. package/external/libedhoc/externals/mbedtls/tests/src/asn1_helpers.c +0 -62
  630. package/external/libedhoc/externals/mbedtls/tests/src/bignum_helpers.c +0 -145
  631. package/external/libedhoc/externals/mbedtls/tests/src/certs.c +0 -480
  632. package/external/libedhoc/externals/mbedtls/tests/src/drivers/hash.c +0 -199
  633. package/external/libedhoc/externals/mbedtls/tests/src/drivers/platform_builtin_keys.c +0 -78
  634. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_aead.c +0 -462
  635. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_asymmetric_encryption.c +0 -151
  636. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_cipher.c +0 -424
  637. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_agreement.c +0 -147
  638. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_management.c +0 -783
  639. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_mac.c +0 -422
  640. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_pake.c +0 -202
  641. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_signature.c +0 -405
  642. package/external/libedhoc/externals/mbedtls/tests/src/fake_external_rng_for_test.c +0 -45
  643. package/external/libedhoc/externals/mbedtls/tests/src/helpers.c +0 -353
  644. package/external/libedhoc/externals/mbedtls/tests/src/psa_crypto_helpers.c +0 -196
  645. package/external/libedhoc/externals/mbedtls/tests/src/psa_exercise_key.c +0 -989
  646. package/external/libedhoc/externals/mbedtls/tests/src/random.c +0 -136
  647. package/external/libedhoc/externals/mbedtls/tests/src/test_certs.h +0 -1226
  648. package/external/libedhoc/externals/mbedtls/tests/src/test_helpers/ssl_helpers.c +0 -2292
  649. package/external/libedhoc/externals/mbedtls/tests/src/threading_helpers.c +0 -210
  650. package/external/libedhoc/externals/zcbor/include/zcbor_common.h +0 -509
  651. package/external/libedhoc/externals/zcbor/include/zcbor_decode.h +0 -447
  652. package/external/libedhoc/externals/zcbor/include/zcbor_encode.h +0 -240
  653. package/external/libedhoc/externals/zcbor/include/zcbor_print.h +0 -165
  654. package/external/libedhoc/externals/zcbor/include/zcbor_tags.h +0 -94
  655. package/external/libedhoc/externals/zcbor/samples/hello_world/src/main.c +0 -41
  656. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_decode.h +0 -39
  657. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_encode.h +0 -39
  658. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_types.h +0 -47
  659. package/external/libedhoc/externals/zcbor/samples/pet/src/main.c +0 -128
  660. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_decode.c +0 -60
  661. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_encode.c +0 -61
  662. package/external/libedhoc/externals/zcbor/src/zcbor_common.c +0 -430
  663. package/external/libedhoc/externals/zcbor/src/zcbor_decode.c +0 -1567
  664. package/external/libedhoc/externals/zcbor/src/zcbor_encode.c +0 -609
  665. package/external/libedhoc/externals/zcbor/tests/decode/test1_suit_old_formats/src/main.c +0 -367
  666. package/external/libedhoc/externals/zcbor/tests/decode/test2_suit/src/main.c +0 -189
  667. package/external/libedhoc/externals/zcbor/tests/decode/test3_simple/src/main.c +0 -528
  668. package/external/libedhoc/externals/zcbor/tests/decode/test5_corner_cases/src/main.c +0 -2154
  669. package/external/libedhoc/externals/zcbor/tests/decode/test7_suit9_simple/src/main.c +0 -134
  670. package/external/libedhoc/externals/zcbor/tests/decode/test8_suit12/src/main.c +0 -862
  671. package/external/libedhoc/externals/zcbor/tests/decode/test9_manifest14/src/main.c +0 -363
  672. package/external/libedhoc/externals/zcbor/tests/encode/test1_suit/src/main.c +0 -453
  673. package/external/libedhoc/externals/zcbor/tests/encode/test2_simple/src/main.c +0 -122
  674. package/external/libedhoc/externals/zcbor/tests/encode/test3_corner_cases/src/main.c +0 -1554
  675. package/external/libedhoc/externals/zcbor/tests/encode/test4_senml/src/main.c +0 -65
  676. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_everything.c +0 -12
  677. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_manifest12.c +0 -136
  678. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_pet.c +0 -12
  679. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.c +0 -60
  680. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.h +0 -5
  681. package/external/libedhoc/externals/zcbor/tests/unit/test1_unit_tests/src/main.c +0 -1437
  682. package/external/libedhoc/externals/zcbor/tests/unit/test3_float16/src/main.c +0 -203
  683. package/external/libedhoc/include/edhoc.h +0 -687
  684. package/external/libedhoc/include/edhoc_common.h +0 -289
  685. package/external/libedhoc/include/edhoc_context.h +0 -343
  686. package/external/libedhoc/include/edhoc_credentials.h +0 -265
  687. package/external/libedhoc/include/edhoc_crypto.h +0 -331
  688. package/external/libedhoc/include/edhoc_ead.h +0 -102
  689. package/external/libedhoc/include/edhoc_macros.h +0 -60
  690. package/external/libedhoc/include/edhoc_values.h +0 -181
  691. package/external/libedhoc/library/edhoc.c +0 -253
  692. package/external/libedhoc/library/edhoc_common.c +0 -1314
  693. package/external/libedhoc/library/edhoc_exporter.c +0 -542
  694. package/external/libedhoc/library/edhoc_message_1.c +0 -474
  695. package/external/libedhoc/library/edhoc_message_2.c +0 -1697
  696. package/external/libedhoc/library/edhoc_message_3.c +0 -1467
  697. package/external/libedhoc/library/edhoc_message_4.c +0 -828
  698. package/external/libedhoc/library/edhoc_message_error.c +0 -238
  699. package/external/libedhoc/tests/include/cipher_suite_0.h +0 -131
  700. package/external/libedhoc/tests/include/cipher_suite_2.h +0 -139
  701. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_2.h +0 -786
  702. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_3.h +0 -529
  703. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_0.h +0 -137
  704. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_2.h +0 -168
  705. package/external/libedhoc/tests/include/test_vector_x5chain_static_dh_keys_suite_2.h +0 -162
  706. package/external/libedhoc/tests/include/test_vector_x5t_sign_keys_suite_2.h +0 -180
  707. package/external/libedhoc/tests/src/cipher_suite_0.c +0 -445
  708. package/external/libedhoc/tests/src/cipher_suite_2.c +0 -600
  709. package/external/libedhoc/tests/src/module_test_api.c +0 -430
  710. package/external/libedhoc/tests/src/module_test_cipher_suite_0.c +0 -395
  711. package/external/libedhoc/tests/src/module_test_cipher_suite_2.c +0 -392
  712. package/external/libedhoc/tests/src/module_test_error_message.c +0 -251
  713. package/external/libedhoc/tests/src/module_test_main.c +0 -49
  714. package/external/libedhoc/tests/src/module_test_rfc9528_suites_negotiation.c +0 -541
  715. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_2.c +0 -2681
  716. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_3.c +0 -1635
  717. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_0.c +0 -1135
  718. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_2.c +0 -1249
  719. package/external/libedhoc/tests/src/module_test_x5chain_static_dh_keys_suite_2.c +0 -798
  720. package/external/libedhoc/tests/src/module_test_x5t_sign_keys_suite_2.c +0 -956
  721. package/include/Binding.h +0 -348
  722. package/include/EdhocComposeAsyncWorker.h +0 -49
  723. package/include/EdhocCredentialManager.h +0 -89
  724. package/include/EdhocCryptoManager.h +0 -495
  725. package/include/EdhocEadManager.h +0 -147
  726. package/include/EdhocExportOscoreAsyncWorker.h +0 -57
  727. package/include/EdhocKeyExporterAsyncWorker.h +0 -56
  728. package/include/EdhocKeyUpdateAsyncWorker.h +0 -55
  729. package/include/EdhocProcessAsyncWorker.h +0 -55
  730. package/include/RunningContext.h +0 -102
  731. package/include/Suites.h +0 -27
  732. package/include/Utils.h +0 -71
  733. package/patches/prebuildify-cross+5.1.0.dev.patch +0 -26
  734. package/patches/prebuildify-cross+5.1.1.dev.patch +0 -26
  735. package/prebuilds/android-arm/edhoc.armv7.node +0 -0
  736. package/prebuilds/android-arm64/edhoc.armv8.node +0 -0
  737. package/prebuilds/darwin-arm64/edhoc.node +0 -0
  738. package/prebuilds/darwin-x64/edhoc.node +0 -0
  739. package/prebuilds/linux-arm/edhoc.armv6.node +0 -0
  740. package/prebuilds/linux-arm/edhoc.armv7.node +0 -0
  741. package/prebuilds/linux-arm64/edhoc.armv8.node +0 -0
  742. package/prebuilds/linux-x64/edhoc.glibc.node +0 -0
  743. package/prebuilds/linux-x64/edhoc.musl.node +0 -0
  744. package/prebuilds/win32-ia32/edhoc.node +0 -0
  745. package/prebuilds/win32-x64/edhoc.node +0 -0
  746. package/src/Binding.cpp +0 -434
  747. package/src/EdhocComposeAsyncWorker.cpp +0 -60
  748. package/src/EdhocCredentialManager.cpp +0 -314
  749. package/src/EdhocCryptoManager.cpp +0 -593
  750. package/src/EdhocEadManager.cpp +0 -148
  751. package/src/EdhocExportOscoreAsyncWorker.cpp +0 -67
  752. package/src/EdhocKeyExporterAsyncWorker.cpp +0 -39
  753. package/src/EdhocKeyUpdateAsyncWorker.cpp +0 -31
  754. package/src/EdhocProcessAsyncWorker.cpp +0 -120
  755. package/src/RunningContext.cpp +0 -95
  756. package/src/Suites.cpp +0 -120
  757. package/src/Utils.cpp +0 -54
  758. package/test/basic.test.ts +0 -118
  759. package/test/vectors.test.ts +0 -111
package/external/libedhoc/externals/mbedtls/library/ssl_tls12_client.c DELETED
@@ -1,3607 +0,0 @@
1
- /*
2
- * TLS client-side functions
3
- *
4
- * Copyright The Mbed TLS Contributors
5
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
- */
7
-
8
- #include "common.h"
9
-
10
- #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
11
-
12
- #include "mbedtls/platform.h"
13
-
14
- #include "mbedtls/ssl.h"
15
- #include "ssl_client.h"
16
- #include "ssl_misc.h"
17
- #include "mbedtls/debug.h"
18
- #include "mbedtls/error.h"
19
- #include "mbedtls/constant_time.h"
20
-
21
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
22
- #include "psa_util_internal.h"
23
- #include "psa/crypto.h"
24
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
25
- /* Define a local translating function to save code size by not using too many
26
- * arguments in each translating place. */
27
- static int local_err_translation(psa_status_t status)
28
- {
29
- return psa_status_to_mbedtls(status, psa_to_ssl_errors,
30
- ARRAY_LENGTH(psa_to_ssl_errors),
31
- psa_generic_status_to_mbedtls);
32
- }
33
- #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
34
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
35
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
36
-
37
- #include <string.h>
38
-
39
- #include <stdint.h>
40
-
41
- #if defined(MBEDTLS_HAVE_TIME)
42
- #include "mbedtls/platform_time.h"
43
- #endif
44
-
45
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
46
- #include "mbedtls/platform_util.h"
47
- #endif
48
-
49
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
50
- MBEDTLS_CHECK_RETURN_CRITICAL
51
- static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
52
- unsigned char *buf,
53
- const unsigned char *end,
54
- size_t *olen)
55
- {
56
- unsigned char *p = buf;
57
-
58
- *olen = 0;
59
-
60
- /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
61
- * initial ClientHello, in which case also adding the renegotiation
62
- * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
63
- if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
64
- return 0;
65
- }
66
-
67
- MBEDTLS_SSL_DEBUG_MSG(3,
68
- ("client hello, adding renegotiation extension"));
69
-
70
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len);
71
-
72
- /*
73
- * Secure renegotiation
74
- */
75
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0);
76
- p += 2;
77
-
78
- *p++ = 0x00;
79
- *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1);
80
- *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len);
81
-
82
- memcpy(p, ssl->own_verify_data, ssl->verify_data_len);
83
-
84
- *olen = 5 + ssl->verify_data_len;
85
-
86
- return 0;
87
- }
88
- #endif /* MBEDTLS_SSL_RENEGOTIATION */
89
-
90
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
91
- defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
92
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
93
-
94
- MBEDTLS_CHECK_RETURN_CRITICAL
95
- static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
96
- unsigned char *buf,
97
- const unsigned char *end,
98
- size_t *olen)
99
- {
100
- unsigned char *p = buf;
101
- (void) ssl; /* ssl used for debugging only */
102
-
103
- *olen = 0;
104
-
105
- MBEDTLS_SSL_DEBUG_MSG(3,
106
- ("client hello, adding supported_point_formats extension"));
107
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
108
-
109
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0);
110
- p += 2;
111
-
112
- *p++ = 0x00;
113
- *p++ = 2;
114
-
115
- *p++ = 1;
116
- *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
117
-
118
- *olen = 6;
119
-
120
- return 0;
121
- }
122
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
123
- MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
124
- MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
125
-
126
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
127
- MBEDTLS_CHECK_RETURN_CRITICAL
128
- static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl,
129
- unsigned char *buf,
130
- const unsigned char *end,
131
- size_t *olen)
132
- {
133
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
134
- unsigned char *p = buf;
135
- size_t kkpp_len = 0;
136
-
137
- *olen = 0;
138
-
139
- /* Skip costly extension if we can't use EC J-PAKE anyway */
140
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
141
- if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
142
- return 0;
143
- }
144
- #else
145
- if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
146
- return 0;
147
- }
148
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
149
-
150
- MBEDTLS_SSL_DEBUG_MSG(3,
151
- ("client hello, adding ecjpake_kkpp extension"));
152
-
153
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
154
-
155
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
156
- p += 2;
157
-
158
- /*
159
- * We may need to send ClientHello multiple times for Hello verification.
160
- * We don't want to compute fresh values every time (both for performance
161
- * and consistency reasons), so cache the extension content.
162
- */
163
- if (ssl->handshake->ecjpake_cache == NULL ||
164
- ssl->handshake->ecjpake_cache_len == 0) {
165
- MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters"));
166
-
167
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
168
- ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
169
- p + 2, end - p - 2, &kkpp_len,
170
- MBEDTLS_ECJPAKE_ROUND_ONE);
171
- if (ret != 0) {
172
- psa_destroy_key(ssl->handshake->psa_pake_password);
173
- psa_pake_abort(&ssl->handshake->psa_pake_ctx);
174
- MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
175
- return ret;
176
- }
177
- #else
178
- ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
179
- p + 2, end - p - 2, &kkpp_len,
180
- ssl->conf->f_rng, ssl->conf->p_rng);
181
- if (ret != 0) {
182
- MBEDTLS_SSL_DEBUG_RET(1,
183
- "mbedtls_ecjpake_write_round_one", ret);
184
- return ret;
185
- }
186
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
187
-
188
- ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);
189
- if (ssl->handshake->ecjpake_cache == NULL) {
190
- MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed"));
191
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
192
- }
193
-
194
- memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len);
195
- ssl->handshake->ecjpake_cache_len = kkpp_len;
196
- } else {
197
- MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters"));
198
-
199
- kkpp_len = ssl->handshake->ecjpake_cache_len;
200
- MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len);
201
-
202
- memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len);
203
- }
204
-
205
- MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
206
- p += 2;
207
-
208
- *olen = kkpp_len + 4;
209
-
210
- return 0;
211
- }
212
- #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
213
-
214
- #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
215
- MBEDTLS_CHECK_RETURN_CRITICAL
216
- static int ssl_write_cid_ext(mbedtls_ssl_context *ssl,
217
- unsigned char *buf,
218
- const unsigned char *end,
219
- size_t *olen)
220
- {
221
- unsigned char *p = buf;
222
- size_t ext_len;
223
-
224
- /*
225
- * struct {
226
- * opaque cid<0..2^8-1>;
227
- * } ConnectionId;
228
- */
229
-
230
- *olen = 0;
231
- if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
232
- ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
233
- return 0;
234
- }
235
- MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension"));
236
-
237
- /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
238
- * which is at most 255, so the increment cannot overflow. */
239
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5));
240
-
241
- /* Add extension ID + size */
242
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0);
243
- p += 2;
244
- ext_len = (size_t) ssl->own_cid_len + 1;
245
- MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
246
- p += 2;
247
-
248
- *p++ = (uint8_t) ssl->own_cid_len;
249
- memcpy(p, ssl->own_cid, ssl->own_cid_len);
250
-
251
- *olen = ssl->own_cid_len + 5;
252
-
253
- return 0;
254
- }
255
- #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
256
-
257
- #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
258
- MBEDTLS_CHECK_RETURN_CRITICAL
259
- static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
260
- unsigned char *buf,
261
- const unsigned char *end,
262
- size_t *olen)
263
- {
264
- unsigned char *p = buf;
265
-
266
- *olen = 0;
267
-
268
- if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) {
269
- return 0;
270
- }
271
-
272
- MBEDTLS_SSL_DEBUG_MSG(3,
273
- ("client hello, adding max_fragment_length extension"));
274
-
275
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5);
276
-
277
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0);
278
- p += 2;
279
-
280
- *p++ = 0x00;
281
- *p++ = 1;
282
-
283
- *p++ = ssl->conf->mfl_code;
284
-
285
- *olen = 5;
286
-
287
- return 0;
288
- }
289
- #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
290
-
291
- #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
292
- MBEDTLS_CHECK_RETURN_CRITICAL
293
- static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
294
- unsigned char *buf,
295
- const unsigned char *end,
296
- size_t *olen)
297
- {
298
- unsigned char *p = buf;
299
-
300
- *olen = 0;
301
-
302
- if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) {
303
- return 0;
304
- }
305
-
306
- MBEDTLS_SSL_DEBUG_MSG(3,
307
- ("client hello, adding encrypt_then_mac extension"));
308
-
309
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
310
-
311
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0);
312
- p += 2;
313
-
314
- *p++ = 0x00;
315
- *p++ = 0x00;
316
-
317
- *olen = 4;
318
-
319
- return 0;
320
- }
321
- #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
322
-
323
- #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
324
- MBEDTLS_CHECK_RETURN_CRITICAL
325
- static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl,
326
- unsigned char *buf,
327
- const unsigned char *end,
328
- size_t *olen)
329
- {
330
- unsigned char *p = buf;
331
-
332
- *olen = 0;
333
-
334
- if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) {
335
- return 0;
336
- }
337
-
338
- MBEDTLS_SSL_DEBUG_MSG(3,
339
- ("client hello, adding extended_master_secret extension"));
340
-
341
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
342
-
343
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0);
344
- p += 2;
345
-
346
- *p++ = 0x00;
347
- *p++ = 0x00;
348
-
349
- *olen = 4;
350
-
351
- return 0;
352
- }
353
- #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
354
-
355
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
356
- MBEDTLS_CHECK_RETURN_CRITICAL
357
- static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
358
- unsigned char *buf,
359
- const unsigned char *end,
360
- size_t *olen)
361
- {
362
- unsigned char *p = buf;
363
- size_t tlen = ssl->session_negotiate->ticket_len;
364
-
365
- *olen = 0;
366
-
367
- if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
368
- return 0;
369
- }
370
-
371
- MBEDTLS_SSL_DEBUG_MSG(3,
372
- ("client hello, adding session ticket extension"));
373
-
374
- /* The addition is safe here since the ticket length is 16 bit. */
375
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen);
376
-
377
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0);
378
- p += 2;
379
-
380
- MBEDTLS_PUT_UINT16_BE(tlen, p, 0);
381
- p += 2;
382
-
383
- *olen = 4;
384
-
385
- if (ssl->session_negotiate->ticket == NULL || tlen == 0) {
386
- return 0;
387
- }
388
-
389
- MBEDTLS_SSL_DEBUG_MSG(3,
390
- ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen));
391
-
392
- memcpy(p, ssl->session_negotiate->ticket, tlen);
393
-
394
- *olen += tlen;
395
-
396
- return 0;
397
- }
398
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
399
-
400
- #if defined(MBEDTLS_SSL_DTLS_SRTP)
401
- MBEDTLS_CHECK_RETURN_CRITICAL
402
- static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl,
403
- unsigned char *buf,
404
- const unsigned char *end,
405
- size_t *olen)
406
- {
407
- unsigned char *p = buf;
408
- size_t protection_profiles_index = 0, ext_len = 0;
409
- uint16_t mki_len = 0, profile_value = 0;
410
-
411
- *olen = 0;
412
-
413
- if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
414
- (ssl->conf->dtls_srtp_profile_list == NULL) ||
415
- (ssl->conf->dtls_srtp_profile_list_len == 0)) {
416
- return 0;
417
- }
418
-
419
- /* RFC 5764 section 4.1.1
420
- * uint8 SRTPProtectionProfile[2];
421
- *
422
- * struct {
423
- * SRTPProtectionProfiles SRTPProtectionProfiles;
424
- * opaque srtp_mki<0..255>;
425
- * } UseSRTPData;
426
- * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
427
- */
428
- if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
429
- mki_len = ssl->dtls_srtp_info.mki_len;
430
- }
431
- /* Extension length = 2 bytes for profiles length,
432
- * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
433
- * 1 byte for srtp_mki vector length and the mki_len value
434
- */
435
- ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len;
436
-
437
- MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension"));
438
-
439
- /* Check there is room in the buffer for the extension + 4 bytes
440
- * - the extension tag (2 bytes)
441
- * - the extension length (2 bytes)
442
- */
443
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4);
444
-
445
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0);
446
- p += 2;
447
-
448
- MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
449
- p += 2;
450
-
451
- /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
452
- /* micro-optimization:
453
- * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH
454
- * which is lower than 127, so the upper byte of the length is always 0
455
- * For the documentation, the more generic code is left in comments
456
- * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
457
- * >> 8 ) & 0xFF );
458
- */
459
- *p++ = 0;
460
- *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len);
461
-
462
- for (protection_profiles_index = 0;
463
- protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
464
- protection_profiles_index++) {
465
- profile_value = mbedtls_ssl_check_srtp_profile_value
466
- (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]);
467
- if (profile_value != MBEDTLS_TLS_SRTP_UNSET) {
468
- MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x",
469
- profile_value));
470
- MBEDTLS_PUT_UINT16_BE(profile_value, p, 0);
471
- p += 2;
472
- } else {
473
- /*
474
- * Note: we shall never arrive here as protection profiles
475
- * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function
476
- */
477
- MBEDTLS_SSL_DEBUG_MSG(3,
478
- ("client hello, "
479
- "illegal DTLS-SRTP protection profile %d",
480
- ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
481
- ));
482
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
483
- }
484
- }
485
-
486
- *p++ = mki_len & 0xFF;
487
-
488
- if (mki_len != 0) {
489
- memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len);
490
- /*
491
- * Increment p to point to the current position.
492
- */
493
- p += mki_len;
494
- MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value,
495
- ssl->dtls_srtp_info.mki_len);
496
- }
497
-
498
- /*
499
- * total extension length: extension type (2 bytes)
500
- * + extension length (2 bytes)
501
- * + protection profile length (2 bytes)
502
- * + 2 * number of protection profiles
503
- * + srtp_mki vector length(1 byte)
504
- * + mki value
505
- */
506
- *olen = p - buf;
507
-
508
- return 0;
509
- }
510
- #endif /* MBEDTLS_SSL_DTLS_SRTP */
511
-
512
- int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
513
- unsigned char *buf,
514
- const unsigned char *end,
515
- int uses_ec,
516
- size_t *out_len)
517
- {
518
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
519
- unsigned char *p = buf;
520
- size_t ext_len = 0;
521
-
522
- (void) ssl;
523
- (void) end;
524
- (void) uses_ec;
525
- (void) ret;
526
- (void) ext_len;
527
-
528
- *out_len = 0;
529
-
530
- /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
531
- * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
532
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
533
- if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) {
534
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret);
535
- return ret;
536
- }
537
- p += ext_len;
538
- #endif
539
-
540
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
541
- defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
542
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
543
- if (uses_ec) {
544
- if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
545
- &ext_len)) != 0) {
546
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret);
547
- return ret;
548
- }
549
- p += ext_len;
550
- }
551
- #endif
552
-
553
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
554
- if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) {
555
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret);
556
- return ret;
557
- }
558
- p += ext_len;
559
- #endif
560
-
561
- #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
562
- if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) {
563
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret);
564
- return ret;
565
- }
566
- p += ext_len;
567
- #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
568
-
569
- #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
570
- if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end,
571
- &ext_len)) != 0) {
572
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret);
573
- return ret;
574
- }
575
- p += ext_len;
576
- #endif
577
-
578
- #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
579
- if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) {
580
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret);
581
- return ret;
582
- }
583
- p += ext_len;
584
- #endif
585
-
586
- #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
587
- if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) {
588
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret);
589
- return ret;
590
- }
591
- p += ext_len;
592
- #endif
593
-
594
- #if defined(MBEDTLS_SSL_DTLS_SRTP)
595
- if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) {
596
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret);
597
- return ret;
598
- }
599
- p += ext_len;
600
- #endif
601
-
602
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
603
- if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) {
604
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret);
605
- return ret;
606
- }
607
- p += ext_len;
608
- #endif
609
-
610
- *out_len = p - buf;
611
-
612
- return 0;
613
- }
614
-
615
- MBEDTLS_CHECK_RETURN_CRITICAL
616
- static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
617
- const unsigned char *buf,
618
- size_t len)
619
- {
620
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
621
- if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
622
- /* Check verify-data in constant-time. The length OTOH is no secret */
623
- if (len != 1 + ssl->verify_data_len * 2 ||
624
- buf[0] != ssl->verify_data_len * 2 ||
625
- mbedtls_ct_memcmp(buf + 1,
626
- ssl->own_verify_data, ssl->verify_data_len) != 0 ||
627
- mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len,
628
- ssl->peer_verify_data, ssl->verify_data_len) != 0) {
629
- MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info"));
630
- mbedtls_ssl_send_alert_message(
631
- ssl,
632
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
633
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
634
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
635
- }
636
- } else
637
- #endif /* MBEDTLS_SSL_RENEGOTIATION */
638
- {
639
- if (len != 1 || buf[0] != 0x00) {
640
- MBEDTLS_SSL_DEBUG_MSG(1,
641
- ("non-zero length renegotiation info"));
642
- mbedtls_ssl_send_alert_message(
643
- ssl,
644
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
645
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
646
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
647
- }
648
-
649
- ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
650
- }
651
-
652
- return 0;
653
- }
654
-
655
- #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
656
- MBEDTLS_CHECK_RETURN_CRITICAL
657
- static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl,
658
- const unsigned char *buf,
659
- size_t len)
660
- {
661
- /*
662
- * server should use the extension only if we did,
663
- * and if so the server's value should match ours (and len is always 1)
664
- */
665
- if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
666
- len != 1 ||
667
- buf[0] != ssl->conf->mfl_code) {
668
- MBEDTLS_SSL_DEBUG_MSG(1,
669
- ("non-matching max fragment length extension"));
670
- mbedtls_ssl_send_alert_message(
671
- ssl,
672
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
673
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
674
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
675
- }
676
-
677
- return 0;
678
- }
679
- #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
680
-
681
- #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
682
- MBEDTLS_CHECK_RETURN_CRITICAL
683
- static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl,
684
- const unsigned char *buf,
685
- size_t len)
686
- {
687
- size_t peer_cid_len;
688
-
689
- if ( /* CID extension only makes sense in DTLS */
690
- ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
691
- /* The server must only send the CID extension if we have offered it. */
692
- ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
693
- MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected"));
694
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
695
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
696
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
697
- }
698
-
699
- if (len == 0) {
700
- MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
701
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
702
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
703
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
704
- }
705
-
706
- peer_cid_len = *buf++;
707
- len--;
708
-
709
- if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) {
710
- MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
711
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
712
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
713
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
714
- }
715
-
716
- if (len != peer_cid_len) {
717
- MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
718
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
719
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
720
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
721
- }
722
-
723
- ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
724
- ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
725
- memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
726
-
727
- MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated"));
728
- MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len);
729
-
730
- return 0;
731
- }
732
- #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
733
-
734
- #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
735
- MBEDTLS_CHECK_RETURN_CRITICAL
736
- static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
737
- const unsigned char *buf,
738
- size_t len)
739
- {
740
- if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
741
- len != 0) {
742
- MBEDTLS_SSL_DEBUG_MSG(1,
743
- ("non-matching encrypt-then-MAC extension"));
744
- mbedtls_ssl_send_alert_message(
745
- ssl,
746
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
747
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
748
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
749
- }
750
-
751
- ((void) buf);
752
-
753
- ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
754
-
755
- return 0;
756
- }
757
- #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
758
-
759
- #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
760
- MBEDTLS_CHECK_RETURN_CRITICAL
761
- static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl,
762
- const unsigned char *buf,
763
- size_t len)
764
- {
765
- if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
766
- len != 0) {
767
- MBEDTLS_SSL_DEBUG_MSG(1,
768
- ("non-matching extended master secret extension"));
769
- mbedtls_ssl_send_alert_message(
770
- ssl,
771
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
772
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
773
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
774
- }
775
-
776
- ((void) buf);
777
-
778
- ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
779
-
780
- return 0;
781
- }
782
- #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
783
-
784
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
785
- MBEDTLS_CHECK_RETURN_CRITICAL
786
- static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
787
- const unsigned char *buf,
788
- size_t len)
789
- {
790
- if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
791
- len != 0) {
792
- MBEDTLS_SSL_DEBUG_MSG(1,
793
- ("non-matching session ticket extension"));
794
- mbedtls_ssl_send_alert_message(
795
- ssl,
796
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
797
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
798
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
799
- }
800
-
801
- ((void) buf);
802
-
803
- ssl->handshake->new_session_ticket = 1;
804
-
805
- return 0;
806
- }
807
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
808
-
809
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
810
- defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
811
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
812
- MBEDTLS_CHECK_RETURN_CRITICAL
813
- static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
814
- const unsigned char *buf,
815
- size_t len)
816
- {
817
- size_t list_size;
818
- const unsigned char *p;
819
-
820
- if (len == 0 || (size_t) (buf[0] + 1) != len) {
821
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
822
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
823
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
824
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
825
- }
826
- list_size = buf[0];
827
-
828
- p = buf + 1;
829
- while (list_size > 0) {
830
- if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
831
- p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
832
- #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
833
- defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
834
- ssl->handshake->ecdh_ctx.point_format = p[0];
835
- #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
836
- #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
837
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
838
- mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
839
- p[0]);
840
- #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
841
- MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
842
- return 0;
843
- }
844
-
845
- list_size--;
846
- p++;
847
- }
848
-
849
- MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common"));
850
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
851
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
852
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
853
- }
854
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
855
- MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
856
- MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
857
-
858
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
859
- MBEDTLS_CHECK_RETURN_CRITICAL
860
- static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl,
861
- const unsigned char *buf,
862
- size_t len)
863
- {
864
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
865
-
866
- if (ssl->handshake->ciphersuite_info->key_exchange !=
867
- MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
868
- MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
869
- return 0;
870
- }
871
-
872
- /* If we got here, we no longer need our cached extension */
873
- mbedtls_free(ssl->handshake->ecjpake_cache);
874
- ssl->handshake->ecjpake_cache = NULL;
875
- ssl->handshake->ecjpake_cache_len = 0;
876
-
877
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
878
- if ((ret = mbedtls_psa_ecjpake_read_round(
879
- &ssl->handshake->psa_pake_ctx, buf, len,
880
- MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
881
- psa_destroy_key(ssl->handshake->psa_pake_password);
882
- psa_pake_abort(&ssl->handshake->psa_pake_ctx);
883
-
884
- MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret);
885
- mbedtls_ssl_send_alert_message(
886
- ssl,
887
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
888
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
889
- return ret;
890
- }
891
-
892
- return 0;
893
- #else
894
- if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
895
- buf, len)) != 0) {
896
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
897
- mbedtls_ssl_send_alert_message(
898
- ssl,
899
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
900
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
901
- return ret;
902
- }
903
-
904
- return 0;
905
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
906
- }
907
- #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
908
-
909
- #if defined(MBEDTLS_SSL_ALPN)
910
- MBEDTLS_CHECK_RETURN_CRITICAL
911
- static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
912
- const unsigned char *buf, size_t len)
913
- {
914
- size_t list_len, name_len;
915
- const char **p;
916
-
917
- /* If we didn't send it, the server shouldn't send it */
918
- if (ssl->conf->alpn_list == NULL) {
919
- MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension"));
920
- mbedtls_ssl_send_alert_message(
921
- ssl,
922
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
923
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
924
- return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
925
- }
926
-
927
- /*
928
- * opaque ProtocolName<1..2^8-1>;
929
- *
930
- * struct {
931
- * ProtocolName protocol_name_list<2..2^16-1>
932
- * } ProtocolNameList;
933
- *
934
- * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
935
- */
936
-
937
- /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
938
- if (len < 4) {
939
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
940
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
941
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
942
- }
943
-
944
- list_len = (buf[0] << 8) | buf[1];
945
- if (list_len != len - 2) {
946
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
947
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
948
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
949
- }
950
-
951
- name_len = buf[2];
952
- if (name_len != list_len - 1) {
953
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
954
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
955
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
956
- }
957
-
958
- /* Check that the server chosen protocol was in our list and save it */
959
- for (p = ssl->conf->alpn_list; *p != NULL; p++) {
960
- if (name_len == strlen(*p) &&
961
- memcmp(buf + 3, *p, name_len) == 0) {
962
- ssl->alpn_chosen = *p;
963
- return 0;
964
- }
965
- }
966
-
967
- MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol"));
968
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
969
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
970
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
971
- }
972
- #endif /* MBEDTLS_SSL_ALPN */
973
-
974
- #if defined(MBEDTLS_SSL_DTLS_SRTP)
975
- MBEDTLS_CHECK_RETURN_CRITICAL
976
- static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
977
- const unsigned char *buf,
978
- size_t len)
979
- {
980
- mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET;
981
- size_t i, mki_len = 0;
982
- uint16_t server_protection_profile_value = 0;
983
-
984
- /* If use_srtp is not configured, just ignore the extension */
985
- if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
986
- (ssl->conf->dtls_srtp_profile_list == NULL) ||
987
- (ssl->conf->dtls_srtp_profile_list_len == 0)) {
988
- return 0;
989
- }
990
-
991
- /* RFC 5764 section 4.1.1
992
- * uint8 SRTPProtectionProfile[2];
993
- *
994
- * struct {
995
- * SRTPProtectionProfiles SRTPProtectionProfiles;
996
- * opaque srtp_mki<0..255>;
997
- * } UseSRTPData;
998
-
999
- * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
1000
- *
1001
- */
1002
- if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
1003
- mki_len = ssl->dtls_srtp_info.mki_len;
1004
- }
1005
-
1006
- /*
1007
- * Length is 5 + optional mki_value : one protection profile length (2 bytes)
1008
- * + protection profile (2 bytes)
1009
- * + mki_len(1 byte)
1010
- * and optional srtp_mki
1011
- */
1012
- if ((len < 5) || (len != (buf[4] + 5u))) {
1013
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1014
- }
1015
-
1016
- /*
1017
- * get the server protection profile
1018
- */
1019
-
1020
- /*
1021
- * protection profile length must be 0x0002 as we must have only
1022
- * one protection profile in server Hello
1023
- */
1024
- if ((buf[0] != 0) || (buf[1] != 2)) {
1025
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1026
- }
1027
-
1028
- server_protection_profile_value = (buf[2] << 8) | buf[3];
1029
- server_protection = mbedtls_ssl_check_srtp_profile_value(
1030
- server_protection_profile_value);
1031
- if (server_protection != MBEDTLS_TLS_SRTP_UNSET) {
1032
- MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s",
1033
- mbedtls_ssl_get_srtp_profile_as_string(
1034
- server_protection)));
1035
- }
1036
-
1037
- ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
1038
-
1039
- /*
1040
- * Check we have the server profile in our list
1041
- */
1042
- for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) {
1043
- if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
1044
- ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
1045
- MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s",
1046
- mbedtls_ssl_get_srtp_profile_as_string(
1047
- server_protection)));
1048
- break;
1049
- }
1050
- }
1051
-
1052
- /* If no match was found : server problem, it shall never answer with incompatible profile */
1053
- if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) {
1054
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1055
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1056
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1057
- }
1058
-
1059
- /* If server does not use mki in its reply, make sure the client won't keep
1060
- * one as negotiated */
1061
- if (len == 5) {
1062
- ssl->dtls_srtp_info.mki_len = 0;
1063
- }
1064
-
1065
- /*
1066
- * RFC5764:
1067
- * If the client detects a nonzero-length MKI in the server's response
1068
- * that is different than the one the client offered, then the client
1069
- * MUST abort the handshake and SHOULD send an invalid_parameter alert.
1070
- */
1071
- if (len > 5 && (buf[4] != mki_len ||
1072
- (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) {
1073
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1074
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
1075
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1076
- }
1077
- #if defined(MBEDTLS_DEBUG_C)
1078
- if (len > 5) {
1079
- MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value,
1080
- ssl->dtls_srtp_info.mki_len);
1081
- }
1082
- #endif
1083
- return 0;
1084
- }
1085
- #endif /* MBEDTLS_SSL_DTLS_SRTP */
1086
-
1087
- /*
1088
- * Parse HelloVerifyRequest. Only called after verifying the HS type.
1089
- */
1090
- #if defined(MBEDTLS_SSL_PROTO_DTLS)
1091
- MBEDTLS_CHECK_RETURN_CRITICAL
1092
- static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
1093
- {
1094
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
1095
- const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
1096
- uint16_t dtls_legacy_version;
1097
-
1098
- #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
1099
- uint8_t cookie_len;
1100
- #else
1101
- uint16_t cookie_len;
1102
- #endif
1103
-
1104
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request"));
1105
-
1106
- /* Check that there is enough room for:
1107
- * - 2 bytes of version
1108
- * - 1 byte of cookie_len
1109
- */
1110
- if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) {
1111
- MBEDTLS_SSL_DEBUG_MSG(1,
1112
- ("incoming HelloVerifyRequest message is too short"));
1113
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1114
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1115
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1116
- }
1117
-
1118
- /*
1119
- * struct {
1120
- * ProtocolVersion server_version;
1121
- * opaque cookie<0..2^8-1>;
1122
- * } HelloVerifyRequest;
1123
- */
1124
- MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2);
1125
- dtls_legacy_version = MBEDTLS_GET_UINT16_BE(p, 0);
1126
- p += 2;
1127
-
1128
- /*
1129
- * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff)
1130
- * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
1131
- * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
1132
- */
1133
- if (dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff) {
1134
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version"));
1135
-
1136
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1137
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
1138
-
1139
- return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
1140
- }
1141
-
1142
- cookie_len = *p++;
1143
- if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) {
1144
- MBEDTLS_SSL_DEBUG_MSG(1,
1145
- ("cookie length does not match incoming message size"));
1146
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1147
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1148
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1149
- }
1150
- MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len);
1151
-
1152
- mbedtls_free(ssl->handshake->cookie);
1153
-
1154
- ssl->handshake->cookie = mbedtls_calloc(1, cookie_len);
1155
- if (ssl->handshake->cookie == NULL) {
1156
- MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len));
1157
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
1158
- }
1159
-
1160
- memcpy(ssl->handshake->cookie, p, cookie_len);
1161
- ssl->handshake->cookie_len = cookie_len;
1162
-
1163
- /* Start over at ClientHello */
1164
- ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
1165
- ret = mbedtls_ssl_reset_checksum(ssl);
1166
- if (0 != ret) {
1167
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
1168
- return ret;
1169
- }
1170
-
1171
- mbedtls_ssl_recv_flight_completed(ssl);
1172
-
1173
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request"));
1174
-
1175
- return 0;
1176
- }
1177
- #endif /* MBEDTLS_SSL_PROTO_DTLS */
1178
-
1179
- MBEDTLS_CHECK_RETURN_CRITICAL
1180
- static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
1181
- {
1182
- int ret, i;
1183
- size_t n;
1184
- size_t ext_len;
1185
- unsigned char *buf, *ext;
1186
- unsigned char comp;
1187
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
1188
- int renegotiation_info_seen = 0;
1189
- #endif
1190
- int handshake_failure = 0;
1191
- const mbedtls_ssl_ciphersuite_t *suite_info;
1192
-
1193
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello"));
1194
-
1195
- if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
1196
- /* No alert on a read error. */
1197
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
1198
- return ret;
1199
- }
1200
-
1201
- buf = ssl->in_msg;
1202
-
1203
- if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
1204
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
1205
- if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
1206
- ssl->renego_records_seen++;
1207
-
1208
- if (ssl->conf->renego_max_records >= 0 &&
1209
- ssl->renego_records_seen > ssl->conf->renego_max_records) {
1210
- MBEDTLS_SSL_DEBUG_MSG(1,
1211
- ("renegotiation requested, but not honored by server"));
1212
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
1213
- }
1214
-
1215
- MBEDTLS_SSL_DEBUG_MSG(1,
1216
- ("non-handshake message during renegotiation"));
1217
-
1218
- ssl->keep_current_message = 1;
1219
- return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO;
1220
- }
1221
- #endif /* MBEDTLS_SSL_RENEGOTIATION */
1222
-
1223
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1224
- mbedtls_ssl_send_alert_message(
1225
- ssl,
1226
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1227
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
1228
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
1229
- }
1230
-
1231
- #if defined(MBEDTLS_SSL_PROTO_DTLS)
1232
- if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1233
- if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
1234
- MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request"));
1235
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
1236
- return ssl_parse_hello_verify_request(ssl);
1237
- } else {
1238
- /* We made it through the verification process */
1239
- mbedtls_free(ssl->handshake->cookie);
1240
- ssl->handshake->cookie = NULL;
1241
- ssl->handshake->cookie_len = 0;
1242
- }
1243
- }
1244
- #endif /* MBEDTLS_SSL_PROTO_DTLS */
1245
-
1246
- if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) ||
1247
- buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) {
1248
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1249
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1250
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1251
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1252
- }
1253
-
1254
- /*
1255
- * 0 . 1 server_version
1256
- * 2 . 33 random (maybe including 4 bytes of Unix time)
1257
- * 34 . 34 session_id length = n
1258
- * 35 . 34+n session_id
1259
- * 35+n . 36+n cipher_suite
1260
- * 37+n . 37+n compression_method
1261
- *
1262
- * 38+n . 39+n extensions length (optional)
1263
- * 40+n . .. extensions
1264
- */
1265
- buf += mbedtls_ssl_hs_hdr_len(ssl);
1266
-
1267
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf, 2);
1268
- ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf,
1269
- ssl->conf->transport);
1270
- ssl->session_negotiate->tls_version = ssl->tls_version;
1271
-
1272
- if (ssl->tls_version < ssl->conf->min_tls_version ||
1273
- ssl->tls_version > ssl->conf->max_tls_version) {
1274
- MBEDTLS_SSL_DEBUG_MSG(1,
1275
- (
1276
- "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]",
1277
- (unsigned) ssl->conf->min_tls_version,
1278
- (unsigned) ssl->tls_version,
1279
- (unsigned) ssl->conf->max_tls_version));
1280
-
1281
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1282
- MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
1283
-
1284
- return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
1285
- }
1286
-
1287
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu",
1288
- ((unsigned long) buf[2] << 24) |
1289
- ((unsigned long) buf[3] << 16) |
1290
- ((unsigned long) buf[4] << 8) |
1291
- ((unsigned long) buf[5])));
1292
-
1293
- memcpy(ssl->handshake->randbytes + 32, buf + 2, 32);
1294
-
1295
- n = buf[34];
1296
-
1297
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32);
1298
-
1299
- if (n > 32) {
1300
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1301
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1302
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1303
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1304
- }
1305
-
1306
- if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
1307
- ext_len = ((buf[38 + n] << 8)
1308
- | (buf[39 + n]));
1309
-
1310
- if ((ext_len > 0 && ext_len < 4) ||
1311
- ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
1312
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1313
- mbedtls_ssl_send_alert_message(
1314
- ssl,
1315
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1316
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1317
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1318
- }
1319
- } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) {
1320
- ext_len = 0;
1321
- } else {
1322
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1323
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1324
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1325
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1326
- }
1327
-
1328
- /* ciphersuite (used later) */
1329
- i = (buf[35 + n] << 8) | buf[36 + n];
1330
-
1331
- /*
1332
- * Read and check compression
1333
- */
1334
- comp = buf[37 + n];
1335
-
1336
- if (comp != MBEDTLS_SSL_COMPRESS_NULL) {
1337
- MBEDTLS_SSL_DEBUG_MSG(1,
1338
- ("server hello, bad compression: %d", comp));
1339
- mbedtls_ssl_send_alert_message(
1340
- ssl,
1341
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1342
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
1343
- return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
1344
- }
1345
-
1346
- /*
1347
- * Initialize update checksum functions
1348
- */
1349
- ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i);
1350
- if (ssl->handshake->ciphersuite_info == NULL) {
1351
- MBEDTLS_SSL_DEBUG_MSG(1,
1352
- ("ciphersuite info for %04x not found", (unsigned int) i));
1353
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1354
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
1355
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
1356
- }
1357
-
1358
- mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info);
1359
-
1360
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
1361
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n);
1362
-
1363
- /*
1364
- * Check if the session can be resumed
1365
- */
1366
- if (ssl->handshake->resume == 0 || n == 0 ||
1367
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
1368
- ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
1369
- #endif
1370
- ssl->session_negotiate->ciphersuite != i ||
1371
- ssl->session_negotiate->id_len != n ||
1372
- memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
1373
- ssl->state++;
1374
- ssl->handshake->resume = 0;
1375
- #if defined(MBEDTLS_HAVE_TIME)
1376
- ssl->session_negotiate->start = mbedtls_time(NULL);
1377
- #endif
1378
- ssl->session_negotiate->ciphersuite = i;
1379
- ssl->session_negotiate->id_len = n;
1380
- memcpy(ssl->session_negotiate->id, buf + 35, n);
1381
- } else {
1382
- ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
1383
- }
1384
-
1385
- MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
1386
- ssl->handshake->resume ? "a" : "no"));
1387
-
1388
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i));
1389
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d",
1390
- buf[37 + n]));
1391
-
1392
- /*
1393
- * Perform cipher suite validation in same way as in ssl_write_client_hello.
1394
- */
1395
- i = 0;
1396
- while (1) {
1397
- if (ssl->conf->ciphersuite_list[i] == 0) {
1398
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1399
- mbedtls_ssl_send_alert_message(
1400
- ssl,
1401
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1402
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
1403
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1404
- }
1405
-
1406
- if (ssl->conf->ciphersuite_list[i++] ==
1407
- ssl->session_negotiate->ciphersuite) {
1408
- break;
1409
- }
1410
- }
1411
-
1412
- suite_info = mbedtls_ssl_ciphersuite_from_id(
1413
- ssl->session_negotiate->ciphersuite);
1414
- if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version,
1415
- ssl->tls_version) != 0) {
1416
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1417
- mbedtls_ssl_send_alert_message(
1418
- ssl,
1419
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1420
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1421
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1422
- }
1423
-
1424
- MBEDTLS_SSL_DEBUG_MSG(3,
1425
- ("server hello, chosen ciphersuite: %s", suite_info->name));
1426
-
1427
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
1428
- if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
1429
- ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
1430
- ssl->handshake->ecrs_enabled = 1;
1431
- }
1432
- #endif
1433
-
1434
- if (comp != MBEDTLS_SSL_COMPRESS_NULL) {
1435
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1436
- mbedtls_ssl_send_alert_message(
1437
- ssl,
1438
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1439
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
1440
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1441
- }
1442
-
1443
- ext = buf + 40 + n;
1444
-
1445
- MBEDTLS_SSL_DEBUG_MSG(2,
1446
- ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
1447
- ext_len));
1448
-
1449
- while (ext_len) {
1450
- unsigned int ext_id = ((ext[0] << 8)
1451
- | (ext[1]));
1452
- unsigned int ext_size = ((ext[2] << 8)
1453
- | (ext[3]));
1454
-
1455
- if (ext_size + 4 > ext_len) {
1456
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1457
- mbedtls_ssl_send_alert_message(
1458
- ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1459
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
1460
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1461
- }
1462
-
1463
- switch (ext_id) {
1464
- case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
1465
- MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension"));
1466
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
1467
- renegotiation_info_seen = 1;
1468
- #endif
1469
-
1470
- if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4,
1471
- ext_size)) != 0) {
1472
- return ret;
1473
- }
1474
-
1475
- break;
1476
-
1477
- #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1478
- case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
1479
- MBEDTLS_SSL_DEBUG_MSG(3,
1480
- ("found max_fragment_length extension"));
1481
-
1482
- if ((ret = ssl_parse_max_fragment_length_ext(ssl,
1483
- ext + 4, ext_size)) != 0) {
1484
- return ret;
1485
- }
1486
-
1487
- break;
1488
- #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
1489
-
1490
- #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1491
- case MBEDTLS_TLS_EXT_CID:
1492
- MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension"));
1493
-
1494
- if ((ret = ssl_parse_cid_ext(ssl,
1495
- ext + 4,
1496
- ext_size)) != 0) {
1497
- return ret;
1498
- }
1499
-
1500
- break;
1501
- #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1502
-
1503
- #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1504
- case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
1505
- MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension"));
1506
-
1507
- if ((ret = ssl_parse_encrypt_then_mac_ext(ssl,
1508
- ext + 4, ext_size)) != 0) {
1509
- return ret;
1510
- }
1511
-
1512
- break;
1513
- #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
1514
-
1515
- #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1516
- case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
1517
- MBEDTLS_SSL_DEBUG_MSG(3,
1518
- ("found extended_master_secret extension"));
1519
-
1520
- if ((ret = ssl_parse_extended_ms_ext(ssl,
1521
- ext + 4, ext_size)) != 0) {
1522
- return ret;
1523
- }
1524
-
1525
- break;
1526
- #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
1527
-
1528
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1529
- case MBEDTLS_TLS_EXT_SESSION_TICKET:
1530
- MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension"));
1531
-
1532
- if ((ret = ssl_parse_session_ticket_ext(ssl,
1533
- ext + 4, ext_size)) != 0) {
1534
- return ret;
1535
- }
1536
-
1537
- break;
1538
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
1539
-
1540
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
1541
- defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
1542
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1543
- case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
1544
- MBEDTLS_SSL_DEBUG_MSG(3,
1545
- ("found supported_point_formats extension"));
1546
-
1547
- if ((ret = ssl_parse_supported_point_formats_ext(ssl,
1548
- ext + 4, ext_size)) != 0) {
1549
- return ret;
1550
- }
1551
-
1552
- break;
1553
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
1554
- MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
1555
- MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1556
-
1557
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1558
- case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
1559
- MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension"));
1560
-
1561
- if ((ret = ssl_parse_ecjpake_kkpp(ssl,
1562
- ext + 4, ext_size)) != 0) {
1563
- return ret;
1564
- }
1565
-
1566
- break;
1567
- #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1568
-
1569
- #if defined(MBEDTLS_SSL_ALPN)
1570
- case MBEDTLS_TLS_EXT_ALPN:
1571
- MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
1572
-
1573
- if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) {
1574
- return ret;
1575
- }
1576
-
1577
- break;
1578
- #endif /* MBEDTLS_SSL_ALPN */
1579
-
1580
- #if defined(MBEDTLS_SSL_DTLS_SRTP)
1581
- case MBEDTLS_TLS_EXT_USE_SRTP:
1582
- MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension"));
1583
-
1584
- if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) {
1585
- return ret;
1586
- }
1587
-
1588
- break;
1589
- #endif /* MBEDTLS_SSL_DTLS_SRTP */
1590
-
1591
- default:
1592
- MBEDTLS_SSL_DEBUG_MSG(3,
1593
- ("unknown extension found: %u (ignoring)", ext_id));
1594
- }
1595
-
1596
- ext_len -= 4 + ext_size;
1597
- ext += 4 + ext_size;
1598
-
1599
- if (ext_len > 0 && ext_len < 4) {
1600
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
1601
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1602
- }
1603
- }
1604
-
1605
- /*
1606
- * mbedtls_ssl_derive_keys() has to be called after the parsing of the
1607
- * extensions. It sets the transform data for the resumed session which in
1608
- * case of DTLS includes the server CID extracted from the CID extension.
1609
- */
1610
- if (ssl->handshake->resume) {
1611
- if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
1612
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
1613
- mbedtls_ssl_send_alert_message(
1614
- ssl,
1615
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1616
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
1617
- return ret;
1618
- }
1619
- }
1620
-
1621
- /*
1622
- * Renegotiation security checks
1623
- */
1624
- if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1625
- ssl->conf->allow_legacy_renegotiation ==
1626
- MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
1627
- MBEDTLS_SSL_DEBUG_MSG(1,
1628
- ("legacy renegotiation, breaking off handshake"));
1629
- handshake_failure = 1;
1630
- }
1631
- #if defined(MBEDTLS_SSL_RENEGOTIATION)
1632
- else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1633
- ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
1634
- renegotiation_info_seen == 0) {
1635
- MBEDTLS_SSL_DEBUG_MSG(1,
1636
- ("renegotiation_info extension missing (secure)"));
1637
- handshake_failure = 1;
1638
- } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1639
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1640
- ssl->conf->allow_legacy_renegotiation ==
1641
- MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) {
1642
- MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed"));
1643
- handshake_failure = 1;
1644
- } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
1645
- ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
1646
- renegotiation_info_seen == 1) {
1647
- MBEDTLS_SSL_DEBUG_MSG(1,
1648
- ("renegotiation_info extension present (legacy)"));
1649
- handshake_failure = 1;
1650
- }
1651
- #endif /* MBEDTLS_SSL_RENEGOTIATION */
1652
-
1653
- if (handshake_failure == 1) {
1654
- mbedtls_ssl_send_alert_message(
1655
- ssl,
1656
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
1657
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1658
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1659
- }
1660
-
1661
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
1662
-
1663
- return 0;
1664
- }
1665
-
1666
- #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
1667
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1668
- MBEDTLS_CHECK_RETURN_CRITICAL
1669
- static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl,
1670
- unsigned char **p,
1671
- unsigned char *end)
1672
- {
1673
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
1674
- size_t dhm_actual_bitlen;
1675
-
1676
- /*
1677
- * Ephemeral DH parameters:
1678
- *
1679
- * struct {
1680
- * opaque dh_p<1..2^16-1>;
1681
- * opaque dh_g<1..2^16-1>;
1682
- * opaque dh_Ys<1..2^16-1>;
1683
- * } ServerDHParams;
1684
- */
1685
- if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,
1686
- p, end)) != 0) {
1687
- MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret);
1688
- return ret;
1689
- }
1690
-
1691
- dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx);
1692
- if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) {
1693
- MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
1694
- dhm_actual_bitlen,
1695
- ssl->conf->dhm_min_bitlen));
1696
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1697
- }
1698
-
1699
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
1700
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
1701
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
1702
-
1703
- return ret;
1704
- }
1705
- #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
1706
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1707
-
1708
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
1709
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
1710
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
1711
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1712
- MBEDTLS_CHECK_RETURN_CRITICAL
1713
- static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
1714
- unsigned char **p,
1715
- unsigned char *end)
1716
- {
1717
- uint16_t tls_id;
1718
- size_t ecpoint_len;
1719
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1720
- psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
1721
- size_t ec_bits = 0;
1722
-
1723
- /*
1724
- * struct {
1725
- * ECParameters curve_params;
1726
- * ECPoint public;
1727
- * } ServerECDHParams;
1728
- *
1729
- * 1 curve_type (must be "named_curve")
1730
- * 2..3 NamedCurve
1731
- * 4 ECPoint.len
1732
- * 5+ ECPoint contents
1733
- */
1734
- if (end - *p < 4) {
1735
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1736
- }
1737
-
1738
- /* First byte is curve_type; only named_curve is handled */
1739
- if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) {
1740
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1741
- }
1742
-
1743
- /* Next two bytes are the namedcurve value */
1744
- tls_id = *(*p)++;
1745
- tls_id <<= 8;
1746
- tls_id |= *(*p)++;
1747
-
1748
- /* Check it's a curve we offered */
1749
- if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
1750
- MBEDTLS_SSL_DEBUG_MSG(2,
1751
- ("bad server key exchange message (ECDHE curve): %u",
1752
- (unsigned) tls_id));
1753
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1754
- }
1755
-
1756
- /* Convert EC's TLS ID to PSA key type. */
1757
- if (mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
1758
- &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
1759
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1760
- }
1761
- handshake->xxdh_psa_type = key_type;
1762
- handshake->xxdh_psa_bits = ec_bits;
1763
-
1764
- /* Keep a copy of the peer's public key */
1765
- ecpoint_len = *(*p)++;
1766
- if ((size_t) (end - *p) < ecpoint_len) {
1767
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1768
- }
1769
-
1770
- if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
1771
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1772
- }
1773
-
1774
- memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
1775
- handshake->xxdh_psa_peerkey_len = ecpoint_len;
1776
- *p += ecpoint_len;
1777
-
1778
- return 0;
1779
- }
1780
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
1781
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
1782
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1783
- #else
1784
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
1785
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
1786
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
1787
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
1788
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1789
- MBEDTLS_CHECK_RETURN_CRITICAL
1790
- static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
1791
- {
1792
- uint16_t tls_id;
1793
- mbedtls_ecp_group_id grp_id;
1794
- #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
1795
- grp_id = ssl->handshake->ecdh_ctx.grp.id;
1796
- #else
1797
- grp_id = ssl->handshake->ecdh_ctx.grp_id;
1798
- #endif
1799
-
1800
- tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
1801
- if (tls_id == 0) {
1802
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
1803
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
1804
- }
1805
-
1806
- MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
1807
- mbedtls_ssl_get_curve_name_from_tls_id(tls_id)));
1808
-
1809
- if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
1810
- return -1;
1811
- }
1812
-
1813
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
1814
- MBEDTLS_DEBUG_ECDH_QP);
1815
-
1816
- return 0;
1817
- }
1818
-
1819
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
1820
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
1821
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
1822
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
1823
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1824
-
1825
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
1826
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
1827
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1828
- MBEDTLS_CHECK_RETURN_CRITICAL
1829
- static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
1830
- unsigned char **p,
1831
- unsigned char *end)
1832
- {
1833
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
1834
-
1835
- /*
1836
- * Ephemeral ECDH parameters:
1837
- *
1838
- * struct {
1839
- * ECParameters curve_params;
1840
- * ECPoint public;
1841
- * } ServerECDHParams;
1842
- */
1843
- if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,
1844
- (const unsigned char **) p, end)) != 0) {
1845
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret);
1846
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
1847
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
1848
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
1849
- }
1850
- #endif
1851
- return ret;
1852
- }
1853
-
1854
- if (ssl_check_server_ecdh_params(ssl) != 0) {
1855
- MBEDTLS_SSL_DEBUG_MSG(1,
1856
- ("bad server key exchange message (ECDHE curve)"));
1857
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1858
- }
1859
-
1860
- return ret;
1861
- }
1862
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
1863
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
1864
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1865
- #endif /* !MBEDTLS_USE_PSA_CRYPTO */
1866
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1867
- MBEDTLS_CHECK_RETURN_CRITICAL
1868
- static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
1869
- unsigned char **p,
1870
- unsigned char *end)
1871
- {
1872
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
1873
- uint16_t len;
1874
- ((void) ssl);
1875
-
1876
- /*
1877
- * PSK parameters:
1878
- *
1879
- * opaque psk_identity_hint<0..2^16-1>;
1880
- */
1881
- if (end - (*p) < 2) {
1882
- MBEDTLS_SSL_DEBUG_MSG(1,
1883
- ("bad server key exchange message (psk_identity_hint length)"));
1884
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1885
- }
1886
- len = (*p)[0] << 8 | (*p)[1];
1887
- *p += 2;
1888
-
1889
- if (end - (*p) < len) {
1890
- MBEDTLS_SSL_DEBUG_MSG(1,
1891
- ("bad server key exchange message (psk_identity_hint length)"));
1892
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1893
- }
1894
-
1895
- /*
1896
- * Note: we currently ignore the PSK identity hint, as we only allow one
1897
- * PSK to be provisioned on the client. This could be changed later if
1898
- * someone needs that feature.
1899
- */
1900
- *p += len;
1901
- ret = 0;
1902
-
1903
- return ret;
1904
- }
1905
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1906
-
1907
- #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
1908
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1909
- /*
1910
- * Generate a pre-master secret and encrypt it with the server's RSA key
1911
- */
1912
- MBEDTLS_CHECK_RETURN_CRITICAL
1913
- static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
1914
- size_t offset, size_t *olen,
1915
- size_t pms_offset)
1916
- {
1917
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1918
- size_t len_bytes = 2;
1919
- unsigned char *p = ssl->handshake->premaster + pms_offset;
1920
- mbedtls_pk_context *peer_pk;
1921
-
1922
- if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
1923
- MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
1924
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
1925
- }
1926
-
1927
- /*
1928
- * Generate (part of) the pre-master as
1929
- * struct {
1930
- * ProtocolVersion client_version;
1931
- * opaque random[46];
1932
- * } PreMasterSecret;
1933
- */
1934
- mbedtls_ssl_write_version(p, ssl->conf->transport,
1935
- MBEDTLS_SSL_VERSION_TLS1_2);
1936
-
1937
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
1938
- MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
1939
- return ret;
1940
- }
1941
-
1942
- ssl->handshake->pmslen = 48;
1943
-
1944
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1945
- peer_pk = &ssl->handshake->peer_pubkey;
1946
- #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1947
- if (ssl->session_negotiate->peer_cert == NULL) {
1948
- /* Should never happen */
1949
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
1950
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
1951
- }
1952
- peer_pk = &ssl->session_negotiate->peer_cert->pk;
1953
- #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1954
-
1955
- /*
1956
- * Now write it out, encrypted
1957
- */
1958
- if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
1959
- MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
1960
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
1961
- }
1962
-
1963
- if ((ret = mbedtls_pk_encrypt(peer_pk,
1964
- p, ssl->handshake->pmslen,
1965
- ssl->out_msg + offset + len_bytes, olen,
1966
- MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
1967
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
1968
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
1969
- return ret;
1970
- }
1971
-
1972
- if (len_bytes == 2) {
1973
- MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
1974
- *olen += 2;
1975
- }
1976
-
1977
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1978
- /* We don't need the peer's public key anymore. Free it. */
1979
- mbedtls_pk_free(peer_pk);
1980
- #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1981
- return 0;
1982
- }
1983
- #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
1984
- MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1985
-
1986
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
1987
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1988
- MBEDTLS_CHECK_RETURN_CRITICAL
1989
- static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
1990
- {
1991
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1992
- mbedtls_pk_context *peer_pk;
1993
-
1994
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
1995
- peer_pk = &ssl->handshake->peer_pubkey;
1996
- #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
1997
- if (ssl->session_negotiate->peer_cert == NULL) {
1998
- /* Should never happen */
1999
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2000
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2001
- }
2002
- peer_pk = &ssl->session_negotiate->peer_cert->pk;
2003
- #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2004
-
2005
- /* This is a public key, so it can't be opaque, so can_do() is a good
2006
- * enough check to ensure pk_ec() is safe to use below. */
2007
- if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) {
2008
- MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
2009
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
2010
- }
2011
-
2012
- #if defined(MBEDTLS_ECP_C)
2013
- const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk);
2014
- #endif /* MBEDTLS_ECP_C */
2015
-
2016
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
2017
- uint16_t tls_id = 0;
2018
- psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
2019
- mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk);
2020
-
2021
- if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
2022
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
2023
- return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
2024
- }
2025
-
2026
- tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
2027
- if (tls_id == 0) {
2028
- MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported",
2029
- grp_id));
2030
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2031
- }
2032
-
2033
- /* If the above conversion to TLS ID was fine, then also this one will be,
2034
- so there is no need to check the return value here */
2035
- mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
2036
- &ssl->handshake->xxdh_psa_bits);
2037
-
2038
- ssl->handshake->xxdh_psa_type = key_type;
2039
-
2040
- /* Store peer's public key in psa format. */
2041
- #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
2042
- memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
2043
- ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;
2044
- ret = 0;
2045
- #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
2046
- size_t olen = 0;
2047
- ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
2048
- MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
2049
- ssl->handshake->xxdh_psa_peerkey,
2050
- sizeof(ssl->handshake->xxdh_psa_peerkey));
2051
-
2052
- if (ret != 0) {
2053
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
2054
- return ret;
2055
- }
2056
- ssl->handshake->xxdh_psa_peerkey_len = olen;
2057
- #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
2058
- #else /* MBEDTLS_USE_PSA_CRYPTO */
2059
- if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
2060
- MBEDTLS_ECDH_THEIRS)) != 0) {
2061
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
2062
- return ret;
2063
- }
2064
-
2065
- if (ssl_check_server_ecdh_params(ssl) != 0) {
2066
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
2067
- return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
2068
- }
2069
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
2070
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
2071
- /* We don't need the peer's public key anymore. Free it,
2072
- * so that more RAM is available for upcoming expensive
2073
- * operations like ECDHE. */
2074
- mbedtls_pk_free(peer_pk);
2075
- #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2076
-
2077
- return ret;
2078
- }
2079
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
2080
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
2081
-
2082
- MBEDTLS_CHECK_RETURN_CRITICAL
2083
- static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
2084
- {
2085
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2086
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
2087
- ssl->handshake->ciphersuite_info;
2088
- unsigned char *p = NULL, *end = NULL;
2089
-
2090
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
2091
-
2092
- #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
2093
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
2094
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
2095
- ssl->state++;
2096
- return 0;
2097
- }
2098
- ((void) p);
2099
- ((void) end);
2100
- #endif
2101
-
2102
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
2103
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
2104
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
2105
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
2106
- if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) {
2107
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
2108
- mbedtls_ssl_send_alert_message(
2109
- ssl,
2110
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2111
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2112
- return ret;
2113
- }
2114
-
2115
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
2116
- ssl->state++;
2117
- return 0;
2118
- }
2119
- ((void) p);
2120
- ((void) end);
2121
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
2122
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
2123
-
2124
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2125
- if (ssl->handshake->ecrs_enabled &&
2126
- ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {
2127
- goto start_processing;
2128
- }
2129
- #endif
2130
-
2131
- if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
2132
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
2133
- return ret;
2134
- }
2135
-
2136
- if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
2137
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2138
- mbedtls_ssl_send_alert_message(
2139
- ssl,
2140
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2141
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
2142
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
2143
- }
2144
-
2145
- /*
2146
- * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
2147
- * doesn't use a psk_identity_hint
2148
- */
2149
- if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
2150
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
2151
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
2152
- /* Current message is probably either
2153
- * CertificateRequest or ServerHelloDone */
2154
- ssl->keep_current_message = 1;
2155
- goto exit;
2156
- }
2157
-
2158
- MBEDTLS_SSL_DEBUG_MSG(1,
2159
- ("server key exchange message must not be skipped"));
2160
- mbedtls_ssl_send_alert_message(
2161
- ssl,
2162
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2163
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
2164
-
2165
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
2166
- }
2167
-
2168
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2169
- if (ssl->handshake->ecrs_enabled) {
2170
- ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
2171
- }
2172
-
2173
- start_processing:
2174
- #endif
2175
- p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
2176
- end = ssl->in_msg + ssl->in_hslen;
2177
- MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p);
2178
-
2179
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
2180
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
2181
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
2182
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
2183
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
2184
- if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
2185
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2186
- mbedtls_ssl_send_alert_message(
2187
- ssl,
2188
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2189
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2190
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2191
- }
2192
- } /* FALLTHROUGH */
2193
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2194
-
2195
- #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
2196
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
2197
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
2198
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
2199
- ; /* nothing more to do */
2200
- } else
2201
- #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
2202
- MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
2203
- #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
2204
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
2205
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
2206
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
2207
- if (ssl_parse_server_dh_params(ssl, &p, end) != 0) {
2208
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2209
- mbedtls_ssl_send_alert_message(
2210
- ssl,
2211
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2212
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
2213
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2214
- }
2215
- } else
2216
- #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
2217
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
2218
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
2219
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
2220
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
2221
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
2222
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
2223
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
2224
- if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) {
2225
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2226
- mbedtls_ssl_send_alert_message(
2227
- ssl,
2228
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2229
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
2230
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2231
- }
2232
- } else
2233
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
2234
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
2235
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
2236
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2237
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
2238
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
2239
- /*
2240
- * The first 3 bytes are:
2241
- * [0] MBEDTLS_ECP_TLS_NAMED_CURVE
2242
- * [1, 2] elliptic curve's TLS ID
2243
- *
2244
- * However since we only support secp256r1 for now, we check only
2245
- * that TLS ID here
2246
- */
2247
- uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1);
2248
- uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
2249
- MBEDTLS_ECP_DP_SECP256R1);
2250
-
2251
- if (exp_tls_id == 0) {
2252
- return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
2253
- }
2254
-
2255
- if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) ||
2256
- (read_tls_id != exp_tls_id)) {
2257
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2258
- }
2259
-
2260
- p += 3;
2261
-
2262
- if ((ret = mbedtls_psa_ecjpake_read_round(
2263
- &ssl->handshake->psa_pake_ctx, p, end - p,
2264
- MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
2265
- psa_destroy_key(ssl->handshake->psa_pake_password);
2266
- psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2267
-
2268
- MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret);
2269
- mbedtls_ssl_send_alert_message(
2270
- ssl,
2271
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2272
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2273
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
2274
- }
2275
- #else
2276
- ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
2277
- p, end - p);
2278
- if (ret != 0) {
2279
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
2280
- mbedtls_ssl_send_alert_message(
2281
- ssl,
2282
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2283
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2284
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
2285
- }
2286
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
2287
- } else
2288
- #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2289
- {
2290
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2291
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2292
- }
2293
-
2294
- #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
2295
- if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
2296
- size_t sig_len, hashlen;
2297
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2298
-
2299
- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
2300
- mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
2301
- unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
2302
- size_t params_len = p - params;
2303
- void *rs_ctx = NULL;
2304
- uint16_t sig_alg;
2305
-
2306
- mbedtls_pk_context *peer_pk;
2307
-
2308
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
2309
- peer_pk = &ssl->handshake->peer_pubkey;
2310
- #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2311
- if (ssl->session_negotiate->peer_cert == NULL) {
2312
- /* Should never happen */
2313
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2314
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2315
- }
2316
- peer_pk = &ssl->session_negotiate->peer_cert->pk;
2317
- #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2318
-
2319
- /*
2320
- * Handle the digitally-signed structure
2321
- */
2322
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
2323
- sig_alg = MBEDTLS_GET_UINT16_BE(p, 0);
2324
- if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
2325
- sig_alg, &pk_alg, &md_alg) != 0 &&
2326
- !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) &&
2327
- !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) {
2328
- MBEDTLS_SSL_DEBUG_MSG(1,
2329
- ("bad server key exchange message"));
2330
- mbedtls_ssl_send_alert_message(
2331
- ssl,
2332
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2333
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
2334
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2335
- }
2336
- p += 2;
2337
-
2338
- if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
2339
- MBEDTLS_SSL_DEBUG_MSG(1,
2340
- ("bad server key exchange message"));
2341
- mbedtls_ssl_send_alert_message(
2342
- ssl,
2343
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2344
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
2345
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
2346
- }
2347
-
2348
- /*
2349
- * Read signature
2350
- */
2351
-
2352
- if (p > end - 2) {
2353
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2354
- mbedtls_ssl_send_alert_message(
2355
- ssl,
2356
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2357
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2358
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2359
- }
2360
- sig_len = (p[0] << 8) | p[1];
2361
- p += 2;
2362
-
2363
- if (p != end - sig_len) {
2364
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2365
- mbedtls_ssl_send_alert_message(
2366
- ssl,
2367
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2368
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2369
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2370
- }
2371
-
2372
- MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len);
2373
-
2374
- /*
2375
- * Compute the hash that has been signed
2376
- */
2377
- if (md_alg != MBEDTLS_MD_NONE) {
2378
- ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen,
2379
- params, params_len,
2380
- md_alg);
2381
- if (ret != 0) {
2382
- return ret;
2383
- }
2384
- } else {
2385
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2386
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2387
- }
2388
-
2389
- MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen);
2390
-
2391
- /*
2392
- * Verify signature
2393
- */
2394
- if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
2395
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
2396
- mbedtls_ssl_send_alert_message(
2397
- ssl,
2398
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2399
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2400
- return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
2401
- }
2402
-
2403
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2404
- if (ssl->handshake->ecrs_enabled) {
2405
- rs_ctx = &ssl->handshake->ecrs_ctx.pk;
2406
- }
2407
- #endif
2408
-
2409
- #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2410
- if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
2411
- mbedtls_pk_rsassa_pss_options rsassa_pss_options;
2412
- rsassa_pss_options.mgf1_hash_id = md_alg;
2413
- rsassa_pss_options.expected_salt_len =
2414
- mbedtls_md_get_size_from_type(md_alg);
2415
- if (rsassa_pss_options.expected_salt_len == 0) {
2416
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2417
- }
2418
-
2419
- ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options,
2420
- peer_pk,
2421
- md_alg, hash, hashlen,
2422
- p, sig_len);
2423
- } else
2424
- #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
2425
- ret = mbedtls_pk_verify_restartable(peer_pk,
2426
- md_alg, hash, hashlen, p, sig_len, rs_ctx);
2427
-
2428
- if (ret != 0) {
2429
- int send_alert_msg = 1;
2430
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2431
- send_alert_msg = (ret != MBEDTLS_ERR_ECP_IN_PROGRESS);
2432
- #endif
2433
- if (send_alert_msg) {
2434
- mbedtls_ssl_send_alert_message(
2435
- ssl,
2436
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2437
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR);
2438
- }
2439
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
2440
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2441
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2442
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
2443
- }
2444
- #endif
2445
- return ret;
2446
- }
2447
-
2448
- #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
2449
- /* We don't need the peer's public key anymore. Free it,
2450
- * so that more RAM is available for upcoming expensive
2451
- * operations like ECDHE. */
2452
- mbedtls_pk_free(peer_pk);
2453
- #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
2454
- }
2455
- #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
2456
-
2457
- exit:
2458
- ssl->state++;
2459
-
2460
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
2461
-
2462
- return 0;
2463
- }
2464
-
2465
- #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
2466
- MBEDTLS_CHECK_RETURN_CRITICAL
2467
- static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
2468
- {
2469
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
2470
- ssl->handshake->ciphersuite_info;
2471
-
2472
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
2473
-
2474
- if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
2475
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
2476
- ssl->state++;
2477
- return 0;
2478
- }
2479
-
2480
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2481
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2482
- }
2483
- #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
2484
- MBEDTLS_CHECK_RETURN_CRITICAL
2485
- static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
2486
- {
2487
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2488
- unsigned char *buf;
2489
- size_t n = 0;
2490
- size_t cert_type_len = 0, dn_len = 0;
2491
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
2492
- ssl->handshake->ciphersuite_info;
2493
- size_t sig_alg_len;
2494
- #if defined(MBEDTLS_DEBUG_C)
2495
- unsigned char *sig_alg;
2496
- unsigned char *dn;
2497
- #endif
2498
-
2499
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
2500
-
2501
- if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
2502
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
2503
- ssl->state++;
2504
- return 0;
2505
- }
2506
-
2507
- if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
2508
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
2509
- return ret;
2510
- }
2511
-
2512
- if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
2513
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2514
- mbedtls_ssl_send_alert_message(
2515
- ssl,
2516
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2517
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
2518
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
2519
- }
2520
-
2521
- ssl->state++;
2522
- ssl->handshake->client_auth =
2523
- (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
2524
-
2525
- MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request",
2526
- ssl->handshake->client_auth ? "a" : "no"));
2527
-
2528
- if (ssl->handshake->client_auth == 0) {
2529
- /* Current message is probably the ServerHelloDone */
2530
- ssl->keep_current_message = 1;
2531
- goto exit;
2532
- }
2533
-
2534
- /*
2535
- * struct {
2536
- * ClientCertificateType certificate_types<1..2^8-1>;
2537
- * SignatureAndHashAlgorithm
2538
- * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
2539
- * DistinguishedName certificate_authorities<0..2^16-1>;
2540
- * } CertificateRequest;
2541
- *
2542
- * Since we only support a single certificate on clients, let's just
2543
- * ignore all the information that's supposed to help us pick a
2544
- * certificate.
2545
- *
2546
- * We could check that our certificate matches the request, and bail out
2547
- * if it doesn't, but it's simpler to just send the certificate anyway,
2548
- * and give the server the opportunity to decide if it should terminate
2549
- * the connection when it doesn't like our certificate.
2550
- *
2551
- * Same goes for the hash in TLS 1.2's signature_algorithms: at this
2552
- * point we only have one hash available (see comments in
2553
- * write_certificate_verify), so let's just use what we have.
2554
- *
2555
- * However, we still minimally parse the message to check it is at least
2556
- * superficially sane.
2557
- */
2558
- buf = ssl->in_msg;
2559
-
2560
- /* certificate_types */
2561
- if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) {
2562
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2563
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2564
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2565
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2566
- }
2567
- cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)];
2568
- n = cert_type_len;
2569
-
2570
- /*
2571
- * In the subsequent code there are two paths that read from buf:
2572
- * * the length of the signature algorithms field (if minor version of
2573
- * SSL is 3),
2574
- * * distinguished name length otherwise.
2575
- * Both reach at most the index:
2576
- * ...hdr_len + 2 + n,
2577
- * therefore the buffer length at this point must be greater than that
2578
- * regardless of the actual code path.
2579
- */
2580
- if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) {
2581
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2582
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2583
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2584
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2585
- }
2586
-
2587
- /* supported_signature_algorithms */
2588
- sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
2589
- | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
2590
-
2591
- /*
2592
- * The furthest access in buf is in the loop few lines below:
2593
- * sig_alg[i + 1],
2594
- * where:
2595
- * sig_alg = buf + ...hdr_len + 3 + n,
2596
- * max(i) = sig_alg_len - 1.
2597
- * Therefore the furthest access is:
2598
- * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
2599
- * which reduces to:
2600
- * buf[...hdr_len + 3 + n + sig_alg_len],
2601
- * which is one less than we need the buf to be.
2602
- */
2603
- if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) {
2604
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2605
- mbedtls_ssl_send_alert_message(
2606
- ssl,
2607
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2608
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2609
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2610
- }
2611
-
2612
- #if defined(MBEDTLS_DEBUG_C)
2613
- sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n;
2614
- for (size_t i = 0; i < sig_alg_len; i += 2) {
2615
- MBEDTLS_SSL_DEBUG_MSG(3,
2616
- ("Supported Signature Algorithm found: %02x %02x",
2617
- sig_alg[i], sig_alg[i + 1]));
2618
- }
2619
- #endif
2620
-
2621
- n += 2 + sig_alg_len;
2622
-
2623
- /* certificate_authorities */
2624
- dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
2625
- | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
2626
-
2627
- n += dn_len;
2628
- if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
2629
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2630
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2631
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2632
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2633
- }
2634
-
2635
- #if defined(MBEDTLS_DEBUG_C)
2636
- dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len;
2637
- for (size_t i = 0, dni_len = 0; i < dn_len; i += 2 + dni_len) {
2638
- unsigned char *p = dn + i + 2;
2639
- mbedtls_x509_name name;
2640
- size_t asn1_len;
2641
- char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
2642
- memset(&name, 0, sizeof(name));
2643
- dni_len = MBEDTLS_GET_UINT16_BE(dn + i, 0);
2644
- if (dni_len > dn_len - i - 2 ||
2645
- mbedtls_asn1_get_tag(&p, p + dni_len, &asn1_len,
2646
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0 ||
2647
- mbedtls_x509_get_name(&p, p + asn1_len, &name) != 0) {
2648
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
2649
- mbedtls_ssl_send_alert_message(
2650
- ssl,
2651
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2652
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2653
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2654
- }
2655
- MBEDTLS_SSL_DEBUG_MSG(3,
2656
- ("DN hint: %.*s",
2657
- mbedtls_x509_dn_gets(s, sizeof(s), &name), s));
2658
- mbedtls_asn1_free_named_data_list_shallow(name.next);
2659
- }
2660
- #endif
2661
-
2662
- exit:
2663
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request"));
2664
-
2665
- return 0;
2666
- }
2667
- #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
2668
-
2669
- MBEDTLS_CHECK_RETURN_CRITICAL
2670
- static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl)
2671
- {
2672
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2673
-
2674
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done"));
2675
-
2676
- if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
2677
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
2678
- return ret;
2679
- }
2680
-
2681
- if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
2682
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
2683
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
2684
- }
2685
-
2686
- if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) ||
2687
- ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) {
2688
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
2689
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
2690
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
2691
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
2692
- }
2693
-
2694
- ssl->state++;
2695
-
2696
- #if defined(MBEDTLS_SSL_PROTO_DTLS)
2697
- if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2698
- mbedtls_ssl_recv_flight_completed(ssl);
2699
- }
2700
- #endif
2701
-
2702
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done"));
2703
-
2704
- return 0;
2705
- }
2706
-
2707
- MBEDTLS_CHECK_RETURN_CRITICAL
2708
- static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
2709
- {
2710
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2711
-
2712
- size_t header_len;
2713
- size_t content_len;
2714
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
2715
- ssl->handshake->ciphersuite_info;
2716
-
2717
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange"));
2718
-
2719
- #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
2720
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
2721
- /*
2722
- * DHM key exchange -- send G^X mod P
2723
- */
2724
- content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
2725
-
2726
- MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4);
2727
- header_len = 6;
2728
-
2729
- ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
2730
- (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
2731
- &ssl->out_msg[header_len], content_len,
2732
- ssl->conf->f_rng, ssl->conf->p_rng);
2733
- if (ret != 0) {
2734
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
2735
- return ret;
2736
- }
2737
-
2738
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
2739
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
2740
-
2741
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
2742
- ssl->handshake->premaster,
2743
- MBEDTLS_PREMASTER_SIZE,
2744
- &ssl->handshake->pmslen,
2745
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
2746
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
2747
- return ret;
2748
- }
2749
-
2750
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
2751
- } else
2752
- #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
2753
- #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
2754
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
2755
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
2756
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
2757
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
2758
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
2759
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
2760
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
2761
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
2762
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2763
- psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
2764
- psa_key_attributes_t key_attributes;
2765
-
2766
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
2767
-
2768
- header_len = 4;
2769
-
2770
- MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
2771
-
2772
- /*
2773
- * Generate EC private key for ECDHE exchange.
2774
- */
2775
-
2776
- /* The master secret is obtained from the shared ECDH secret by
2777
- * applying the TLS 1.2 PRF with a specific salt and label. While
2778
- * the PSA Crypto API encourages combining key agreement schemes
2779
- * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
2780
- * yet support the provisioning of salt + label to the KDF.
2781
- * For the time being, we therefore need to split the computation
2782
- * of the ECDH secret and the application of the TLS 1.2 PRF. */
2783
- key_attributes = psa_key_attributes_init();
2784
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
2785
- psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
2786
- psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
2787
- psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
2788
-
2789
- /* Generate ECDH private key. */
2790
- status = psa_generate_key(&key_attributes,
2791
- &handshake->xxdh_psa_privkey);
2792
- if (status != PSA_SUCCESS) {
2793
- return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2794
- }
2795
-
2796
- /* Export the public part of the ECDH private key from PSA.
2797
- * The export format is an ECPoint structure as expected by TLS,
2798
- * but we just need to add a length byte before that. */
2799
- unsigned char *own_pubkey = ssl->out_msg + header_len + 1;
2800
- unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
2801
- size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
2802
- size_t own_pubkey_len;
2803
-
2804
- status = psa_export_public_key(handshake->xxdh_psa_privkey,
2805
- own_pubkey, own_pubkey_max_len,
2806
- &own_pubkey_len);
2807
- if (status != PSA_SUCCESS) {
2808
- psa_destroy_key(handshake->xxdh_psa_privkey);
2809
- handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2810
- return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2811
- }
2812
-
2813
- ssl->out_msg[header_len] = (unsigned char) own_pubkey_len;
2814
- content_len = own_pubkey_len + 1;
2815
-
2816
- /* The ECDH secret is the premaster secret used for key derivation. */
2817
-
2818
- /* Compute ECDH shared secret. */
2819
- status = psa_raw_key_agreement(PSA_ALG_ECDH,
2820
- handshake->xxdh_psa_privkey,
2821
- handshake->xxdh_psa_peerkey,
2822
- handshake->xxdh_psa_peerkey_len,
2823
- ssl->handshake->premaster,
2824
- sizeof(ssl->handshake->premaster),
2825
- &ssl->handshake->pmslen);
2826
-
2827
- destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
2828
- handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2829
-
2830
- if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
2831
- return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2832
- }
2833
- #else
2834
- /*
2835
- * ECDH key exchange -- send client public value
2836
- */
2837
- header_len = 4;
2838
-
2839
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2840
- if (ssl->handshake->ecrs_enabled) {
2841
- if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {
2842
- goto ecdh_calc_secret;
2843
- }
2844
-
2845
- mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);
2846
- }
2847
- #endif
2848
-
2849
- ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
2850
- &content_len,
2851
- &ssl->out_msg[header_len], 1000,
2852
- ssl->conf->f_rng, ssl->conf->p_rng);
2853
- if (ret != 0) {
2854
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
2855
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2856
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2857
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
2858
- }
2859
- #endif
2860
- return ret;
2861
- }
2862
-
2863
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
2864
- MBEDTLS_DEBUG_ECDH_Q);
2865
-
2866
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2867
- if (ssl->handshake->ecrs_enabled) {
2868
- ssl->handshake->ecrs_n = content_len;
2869
- ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
2870
- }
2871
-
2872
- ecdh_calc_secret:
2873
- if (ssl->handshake->ecrs_enabled) {
2874
- content_len = ssl->handshake->ecrs_n;
2875
- }
2876
- #endif
2877
- if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
2878
- &ssl->handshake->pmslen,
2879
- ssl->handshake->premaster,
2880
- MBEDTLS_MPI_MAX_SIZE,
2881
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
2882
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
2883
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
2884
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2885
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
2886
- }
2887
- #endif
2888
- return ret;
2889
- }
2890
-
2891
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
2892
- MBEDTLS_DEBUG_ECDH_Z);
2893
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
2894
- } else
2895
- #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
2896
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
2897
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
2898
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
2899
- #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
2900
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
2901
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
2902
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2903
- psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
2904
- psa_key_attributes_t key_attributes;
2905
-
2906
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
2907
-
2908
- /*
2909
- * opaque psk_identity<0..2^16-1>;
2910
- */
2911
- if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
2912
- /* We don't offer PSK suites if we don't have a PSK,
2913
- * and we check that the server's choice is among the
2914
- * ciphersuites we offered, so this should never happen. */
2915
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2916
- }
2917
-
2918
- /* uint16 to store content length */
2919
- const size_t content_len_size = 2;
2920
-
2921
- header_len = 4;
2922
-
2923
- if (header_len + content_len_size + ssl->conf->psk_identity_len
2924
- > MBEDTLS_SSL_OUT_CONTENT_LEN) {
2925
- MBEDTLS_SSL_DEBUG_MSG(1,
2926
- ("psk identity too long or SSL buffer too short"));
2927
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
2928
- }
2929
-
2930
- unsigned char *p = ssl->out_msg + header_len;
2931
-
2932
- *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len);
2933
- *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len);
2934
- header_len += content_len_size;
2935
-
2936
- memcpy(p, ssl->conf->psk_identity,
2937
- ssl->conf->psk_identity_len);
2938
- p += ssl->conf->psk_identity_len;
2939
-
2940
- header_len += ssl->conf->psk_identity_len;
2941
-
2942
- MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
2943
-
2944
- /*
2945
- * Generate EC private key for ECDHE exchange.
2946
- */
2947
-
2948
- /* The master secret is obtained from the shared ECDH secret by
2949
- * applying the TLS 1.2 PRF with a specific salt and label. While
2950
- * the PSA Crypto API encourages combining key agreement schemes
2951
- * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
2952
- * yet support the provisioning of salt + label to the KDF.
2953
- * For the time being, we therefore need to split the computation
2954
- * of the ECDH secret and the application of the TLS 1.2 PRF. */
2955
- key_attributes = psa_key_attributes_init();
2956
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
2957
- psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
2958
- psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
2959
- psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
2960
-
2961
- /* Generate ECDH private key. */
2962
- status = psa_generate_key(&key_attributes,
2963
- &handshake->xxdh_psa_privkey);
2964
- if (status != PSA_SUCCESS) {
2965
- return PSA_TO_MBEDTLS_ERR(status);
2966
- }
2967
-
2968
- /* Export the public part of the ECDH private key from PSA.
2969
- * The export format is an ECPoint structure as expected by TLS,
2970
- * but we just need to add a length byte before that. */
2971
- unsigned char *own_pubkey = p + 1;
2972
- unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
2973
- size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
2974
- size_t own_pubkey_len = 0;
2975
-
2976
- status = psa_export_public_key(handshake->xxdh_psa_privkey,
2977
- own_pubkey, own_pubkey_max_len,
2978
- &own_pubkey_len);
2979
- if (status != PSA_SUCCESS) {
2980
- psa_destroy_key(handshake->xxdh_psa_privkey);
2981
- handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2982
- return PSA_TO_MBEDTLS_ERR(status);
2983
- }
2984
-
2985
- *p = (unsigned char) own_pubkey_len;
2986
- content_len = own_pubkey_len + 1;
2987
-
2988
- /* As RFC 5489 section 2, the premaster secret is formed as follows:
2989
- * - a uint16 containing the length (in octets) of the ECDH computation
2990
- * - the octet string produced by the ECDH computation
2991
- * - a uint16 containing the length (in octets) of the PSK
2992
- * - the PSK itself
2993
- */
2994
- unsigned char *pms = ssl->handshake->premaster;
2995
- const unsigned char * const pms_end = pms +
2996
- sizeof(ssl->handshake->premaster);
2997
- /* uint16 to store length (in octets) of the ECDH computation */
2998
- const size_t zlen_size = 2;
2999
- size_t zlen = 0;
3000
-
3001
- /* Perform ECDH computation after the uint16 reserved for the length */
3002
- status = psa_raw_key_agreement(PSA_ALG_ECDH,
3003
- handshake->xxdh_psa_privkey,
3004
- handshake->xxdh_psa_peerkey,
3005
- handshake->xxdh_psa_peerkey_len,
3006
- pms + zlen_size,
3007
- pms_end - (pms + zlen_size),
3008
- &zlen);
3009
-
3010
- destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
3011
- handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3012
-
3013
- if (status != PSA_SUCCESS) {
3014
- return PSA_TO_MBEDTLS_ERR(status);
3015
- } else if (destruction_status != PSA_SUCCESS) {
3016
- return PSA_TO_MBEDTLS_ERR(destruction_status);
3017
- }
3018
-
3019
- /* Write the ECDH computation length before the ECDH computation */
3020
- MBEDTLS_PUT_UINT16_BE(zlen, pms, 0);
3021
- pms += zlen_size + zlen;
3022
- } else
3023
- #endif /* MBEDTLS_USE_PSA_CRYPTO &&
3024
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
3025
- #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
3026
- if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) {
3027
- /*
3028
- * opaque psk_identity<0..2^16-1>;
3029
- */
3030
- if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
3031
- /* We don't offer PSK suites if we don't have a PSK,
3032
- * and we check that the server's choice is among the
3033
- * ciphersuites we offered, so this should never happen. */
3034
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
3035
- }
3036
-
3037
- header_len = 4;
3038
- content_len = ssl->conf->psk_identity_len;
3039
-
3040
- if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
3041
- MBEDTLS_SSL_DEBUG_MSG(1,
3042
- ("psk identity too long or SSL buffer too short"));
3043
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
3044
- }
3045
-
3046
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
3047
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
3048
-
3049
- memcpy(ssl->out_msg + header_len,
3050
- ssl->conf->psk_identity,
3051
- ssl->conf->psk_identity_len);
3052
- header_len += ssl->conf->psk_identity_len;
3053
-
3054
- #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
3055
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
3056
- content_len = 0;
3057
- } else
3058
- #endif
3059
- #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
3060
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
3061
- if ((ret = ssl_write_encrypted_pms(ssl, header_len,
3062
- &content_len, 2)) != 0) {
3063
- return ret;
3064
- }
3065
- } else
3066
- #endif
3067
- #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
3068
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
3069
- /*
3070
- * ClientDiffieHellmanPublic public (DHM send G^X mod P)
3071
- */
3072
- content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
3073
-
3074
- if (header_len + 2 + content_len >
3075
- MBEDTLS_SSL_OUT_CONTENT_LEN) {
3076
- MBEDTLS_SSL_DEBUG_MSG(1,
3077
- ("psk identity or DHM size too long or SSL buffer too short"));
3078
- return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
3079
- }
3080
-
3081
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
3082
- ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
3083
-
3084
- ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
3085
- (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
3086
- &ssl->out_msg[header_len], content_len,
3087
- ssl->conf->f_rng, ssl->conf->p_rng);
3088
- if (ret != 0) {
3089
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
3090
- return ret;
3091
- }
3092
-
3093
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
3094
- unsigned char *pms = ssl->handshake->premaster;
3095
- unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
3096
- size_t pms_len;
3097
-
3098
- /* Write length only when we know the actual value */
3099
- if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
3100
- pms + 2, pms_end - (pms + 2), &pms_len,
3101
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
3102
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
3103
- return ret;
3104
- }
3105
- MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0);
3106
- pms += 2 + pms_len;
3107
-
3108
- MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
3109
- #endif
3110
- } else
3111
- #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
3112
- #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
3113
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
3114
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
3115
- /*
3116
- * ClientECDiffieHellmanPublic public;
3117
- */
3118
- ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
3119
- &content_len,
3120
- &ssl->out_msg[header_len],
3121
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
3122
- ssl->conf->f_rng, ssl->conf->p_rng);
3123
- if (ret != 0) {
3124
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
3125
- return ret;
3126
- }
3127
-
3128
- MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
3129
- MBEDTLS_DEBUG_ECDH_Q);
3130
- } else
3131
- #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
3132
- {
3133
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
3134
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
3135
- }
3136
-
3137
- #if !defined(MBEDTLS_USE_PSA_CRYPTO)
3138
- if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
3139
- (mbedtls_key_exchange_type_t) ciphersuite_info->
3140
- key_exchange)) != 0) {
3141
- MBEDTLS_SSL_DEBUG_RET(1,
3142
- "mbedtls_ssl_psk_derive_premaster", ret);
3143
- return ret;
3144
- }
3145
- #endif /* !MBEDTLS_USE_PSA_CRYPTO */
3146
- } else
3147
- #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
3148
- #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
3149
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
3150
- header_len = 4;
3151
- if ((ret = ssl_write_encrypted_pms(ssl, header_len,
3152
- &content_len, 0)) != 0) {
3153
- return ret;
3154
- }
3155
- } else
3156
- #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
3157
- #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
3158
- if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
3159
- header_len = 4;
3160
-
3161
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
3162
- unsigned char *out_p = ssl->out_msg + header_len;
3163
- unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
3164
- header_len;
3165
- ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
3166
- out_p, end_p - out_p, &content_len,
3167
- MBEDTLS_ECJPAKE_ROUND_TWO);
3168
- if (ret != 0) {
3169
- psa_destroy_key(ssl->handshake->psa_pake_password);
3170
- psa_pake_abort(&ssl->handshake->psa_pake_ctx);
3171
- MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
3172
- return ret;
3173
- }
3174
- #else
3175
- ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,
3176
- ssl->out_msg + header_len,
3177
- MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
3178
- &content_len,
3179
- ssl->conf->f_rng, ssl->conf->p_rng);
3180
- if (ret != 0) {
3181
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
3182
- return ret;
3183
- }
3184
-
3185
- ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
3186
- ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
3187
- ssl->conf->f_rng, ssl->conf->p_rng);
3188
- if (ret != 0) {
3189
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
3190
- return ret;
3191
- }
3192
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
3193
- } else
3194
- #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
3195
- {
3196
- ((void) ciphersuite_info);
3197
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
3198
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
3199
- }
3200
-
3201
- ssl->out_msglen = header_len + content_len;
3202
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3203
- ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
3204
-
3205
- ssl->state++;
3206
-
3207
- if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
3208
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
3209
- return ret;
3210
- }
3211
-
3212
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange"));
3213
-
3214
- return 0;
3215
- }
3216
-
3217
- #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
3218
- MBEDTLS_CHECK_RETURN_CRITICAL
3219
- static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
3220
- {
3221
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
3222
- ssl->handshake->ciphersuite_info;
3223
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3224
-
3225
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
3226
-
3227
- if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
3228
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
3229
- return ret;
3230
- }
3231
-
3232
- if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
3233
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
3234
- ssl->state++;
3235
- return 0;
3236
- }
3237
-
3238
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
3239
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
3240
- }
3241
- #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
3242
- MBEDTLS_CHECK_RETURN_CRITICAL
3243
- static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
3244
- {
3245
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
3246
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
3247
- ssl->handshake->ciphersuite_info;
3248
- size_t n = 0, offset = 0;
3249
- unsigned char hash[48];
3250
- unsigned char *hash_start = hash;
3251
- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
3252
- size_t hashlen;
3253
- void *rs_ctx = NULL;
3254
- #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
3255
- size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf);
3256
- #else
3257
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf);
3258
- #endif
3259
-
3260
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
3261
-
3262
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
3263
- if (ssl->handshake->ecrs_enabled &&
3264
- ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) {
3265
- goto sign;
3266
- }
3267
- #endif
3268
-
3269
- if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
3270
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
3271
- return ret;
3272
- }
3273
-
3274
- if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
3275
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
3276
- ssl->state++;
3277
- return 0;
3278
- }
3279
-
3280
- if (ssl->handshake->client_auth == 0 ||
3281
- mbedtls_ssl_own_cert(ssl) == NULL) {
3282
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
3283
- ssl->state++;
3284
- return 0;
3285
- }
3286
-
3287
- if (mbedtls_ssl_own_key(ssl) == NULL) {
3288
- MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate"));
3289
- return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
3290
- }
3291
-
3292
- /*
3293
- * Make a signature of the handshake digests
3294
- */
3295
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
3296
- if (ssl->handshake->ecrs_enabled) {
3297
- ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
3298
- }
3299
-
3300
- sign:
3301
- #endif
3302
-
3303
- ret = ssl->handshake->calc_verify(ssl, hash, &hashlen);
3304
- if (0 != ret) {
3305
- MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret);
3306
- return ret;
3307
- }
3308
-
3309
- /*
3310
- * digitally-signed struct {
3311
- * opaque handshake_messages[handshake_messages_length];
3312
- * };
3313
- *
3314
- * Taking shortcut here. We assume that the server always allows the
3315
- * PRF Hash function and has sent it in the allowed signature
3316
- * algorithms list received in the Certificate Request message.
3317
- *
3318
- * Until we encounter a server that does not, we will take this
3319
- * shortcut.
3320
- *
3321
- * Reason: Otherwise we should have running hashes for SHA512 and
3322
- * SHA224 in order to satisfy 'weird' needs from the server
3323
- * side.
3324
- */
3325
- if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
3326
- md_alg = MBEDTLS_MD_SHA384;
3327
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
3328
- } else {
3329
- md_alg = MBEDTLS_MD_SHA256;
3330
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
3331
- }
3332
- ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl));
3333
-
3334
- /* Info from md_alg will be used instead */
3335
- hashlen = 0;
3336
- offset = 2;
3337
-
3338
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
3339
- if (ssl->handshake->ecrs_enabled) {
3340
- rs_ctx = &ssl->handshake->ecrs_ctx.pk;
3341
- }
3342
- #endif
3343
-
3344
- if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl),
3345
- md_alg, hash_start, hashlen,
3346
- ssl->out_msg + 6 + offset,
3347
- out_buf_len - 6 - offset,
3348
- &n,
3349
- ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
3350
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
3351
- #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
3352
- if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
3353
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
3354
- }
3355
- #endif
3356
- return ret;
3357
- }
3358
-
3359
- MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4);
3360
-
3361
- ssl->out_msglen = 6 + n + offset;
3362
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
3363
- ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
3364
-
3365
- ssl->state++;
3366
-
3367
- if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
3368
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
3369
- return ret;
3370
- }
3371
-
3372
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify"));
3373
-
3374
- return ret;
3375
- }
3376
- #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
3377
-
3378
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
3379
- MBEDTLS_CHECK_RETURN_CRITICAL
3380
- static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
3381
- {
3382
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3383
- uint32_t lifetime;
3384
- size_t ticket_len;
3385
- unsigned char *ticket;
3386
- const unsigned char *msg;
3387
-
3388
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket"));
3389
-
3390
- if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
3391
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
3392
- return ret;
3393
- }
3394
-
3395
- if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
3396
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
3397
- mbedtls_ssl_send_alert_message(
3398
- ssl,
3399
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
3400
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
3401
- return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
3402
- }
3403
-
3404
- /*
3405
- * struct {
3406
- * uint32 ticket_lifetime_hint;
3407
- * opaque ticket<0..2^16-1>;
3408
- * } NewSessionTicket;
3409
- *
3410
- * 0 . 3 ticket_lifetime_hint
3411
- * 4 . 5 ticket_len (n)
3412
- * 6 . 5+n ticket content
3413
- */
3414
- if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
3415
- ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) {
3416
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
3417
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
3418
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
3419
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
3420
- }
3421
-
3422
- msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
3423
-
3424
- lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
3425
- (msg[2] << 8) | (msg[3]);
3426
-
3427
- ticket_len = (msg[4] << 8) | (msg[5]);
3428
-
3429
- if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
3430
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
3431
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
3432
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
3433
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
3434
- }
3435
-
3436
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len));
3437
-
3438
- /* We're not waiting for a NewSessionTicket message any more */
3439
- ssl->handshake->new_session_ticket = 0;
3440
- ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
3441
-
3442
- /*
3443
- * Zero-length ticket means the server changed his mind and doesn't want
3444
- * to send a ticket after all, so just forget it
3445
- */
3446
- if (ticket_len == 0) {
3447
- return 0;
3448
- }
3449
-
3450
- if (ssl->session != NULL && ssl->session->ticket != NULL) {
3451
- mbedtls_zeroize_and_free(ssl->session->ticket,
3452
- ssl->session->ticket_len);
3453
- ssl->session->ticket = NULL;
3454
- ssl->session->ticket_len = 0;
3455
- }
3456
-
3457
- mbedtls_zeroize_and_free(ssl->session_negotiate->ticket,
3458
- ssl->session_negotiate->ticket_len);
3459
- ssl->session_negotiate->ticket = NULL;
3460
- ssl->session_negotiate->ticket_len = 0;
3461
-
3462
- if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) {
3463
- MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed"));
3464
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
3465
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
3466
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
3467
- }
3468
-
3469
- memcpy(ticket, msg + 6, ticket_len);
3470
-
3471
- ssl->session_negotiate->ticket = ticket;
3472
- ssl->session_negotiate->ticket_len = ticket_len;
3473
- ssl->session_negotiate->ticket_lifetime = lifetime;
3474
-
3475
- /*
3476
- * RFC 5077 section 3.4:
3477
- * "If the client receives a session ticket from the server, then it
3478
- * discards any Session ID that was sent in the ServerHello."
3479
- */
3480
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id"));
3481
- ssl->session_negotiate->id_len = 0;
3482
-
3483
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket"));
3484
-
3485
- return 0;
3486
- }
3487
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
3488
-
3489
- /*
3490
- * SSL handshake -- client side -- single step
3491
- */
3492
- int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
3493
- {
3494
- int ret = 0;
3495
-
3496
- /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
3497
- * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
3498
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
3499
- if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
3500
- ssl->handshake->new_session_ticket != 0) {
3501
- ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
3502
- }
3503
- #endif
3504
-
3505
- switch (ssl->state) {
3506
- case MBEDTLS_SSL_HELLO_REQUEST:
3507
- ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
3508
- break;
3509
-
3510
- /*
3511
- * ==> ClientHello
3512
- */
3513
- case MBEDTLS_SSL_CLIENT_HELLO:
3514
- ret = mbedtls_ssl_write_client_hello(ssl);
3515
- break;
3516
-
3517
- /*
3518
- * <== ServerHello
3519
- * Certificate
3520
- * ( ServerKeyExchange )
3521
- * ( CertificateRequest )
3522
- * ServerHelloDone
3523
- */
3524
- case MBEDTLS_SSL_SERVER_HELLO:
3525
- ret = ssl_parse_server_hello(ssl);
3526
- break;
3527
-
3528
- case MBEDTLS_SSL_SERVER_CERTIFICATE:
3529
- ret = mbedtls_ssl_parse_certificate(ssl);
3530
- break;
3531
-
3532
- case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
3533
- ret = ssl_parse_server_key_exchange(ssl);
3534
- break;
3535
-
3536
- case MBEDTLS_SSL_CERTIFICATE_REQUEST:
3537
- ret = ssl_parse_certificate_request(ssl);
3538
- break;
3539
-
3540
- case MBEDTLS_SSL_SERVER_HELLO_DONE:
3541
- ret = ssl_parse_server_hello_done(ssl);
3542
- break;
3543
-
3544
- /*
3545
- * ==> ( Certificate/Alert )
3546
- * ClientKeyExchange
3547
- * ( CertificateVerify )
3548
- * ChangeCipherSpec
3549
- * Finished
3550
- */
3551
- case MBEDTLS_SSL_CLIENT_CERTIFICATE:
3552
- ret = mbedtls_ssl_write_certificate(ssl);
3553
- break;
3554
-
3555
- case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
3556
- ret = ssl_write_client_key_exchange(ssl);
3557
- break;
3558
-
3559
- case MBEDTLS_SSL_CERTIFICATE_VERIFY:
3560
- ret = ssl_write_certificate_verify(ssl);
3561
- break;
3562
-
3563
- case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
3564
- ret = mbedtls_ssl_write_change_cipher_spec(ssl);
3565
- break;
3566
-
3567
- case MBEDTLS_SSL_CLIENT_FINISHED:
3568
- ret = mbedtls_ssl_write_finished(ssl);
3569
- break;
3570
-
3571
- /*
3572
- * <== ( NewSessionTicket )
3573
- * ChangeCipherSpec
3574
- * Finished
3575
- */
3576
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
3577
- case MBEDTLS_SSL_NEW_SESSION_TICKET:
3578
- ret = ssl_parse_new_session_ticket(ssl);
3579
- break;
3580
- #endif
3581
-
3582
- case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
3583
- ret = mbedtls_ssl_parse_change_cipher_spec(ssl);
3584
- break;
3585
-
3586
- case MBEDTLS_SSL_SERVER_FINISHED:
3587
- ret = mbedtls_ssl_parse_finished(ssl);
3588
- break;
3589
-
3590
- case MBEDTLS_SSL_FLUSH_BUFFERS:
3591
- MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
3592
- ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
3593
- break;
3594
-
3595
- case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
3596
- mbedtls_ssl_handshake_wrapup(ssl);
3597
- break;
3598
-
3599
- default:
3600
- MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
3601
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
3602
- }
3603
-
3604
- return ret;
3605
- }
3606
-
3607
- #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */