edhoc 1.3.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (759) hide show
  1. package/.clang-format +79 -0
  2. package/README.md +6 -5
  3. package/dist/cbor-utils.d.ts +30 -0
  4. package/dist/cbor-utils.d.ts.map +1 -0
  5. package/dist/cbor-utils.js +179 -0
  6. package/dist/cipher-suites.d.ts +13 -0
  7. package/dist/cipher-suites.d.ts.map +1 -0
  8. package/dist/cipher-suites.js +22 -0
  9. package/dist/edhoc.d.ts +85 -277
  10. package/dist/edhoc.d.ts.map +1 -1
  11. package/dist/edhoc.js +562 -34
  12. package/package.json +5 -19
  13. package/.gitmodules +0 -3
  14. package/binding.gyp +0 -66
  15. package/dist/bindings.d.ts +0 -5
  16. package/dist/bindings.d.ts.map +0 -1
  17. package/dist/bindings.js +0 -10
  18. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_decode.h +0 -35
  19. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_encode.h +0 -35
  20. package/external/libedhoc/backends/cbor/include/backend_cbor_bstr_type_types.h +0 -34
  21. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_decode.h +0 -35
  22. package/external/libedhoc/backends/cbor/include/backend_cbor_ead_encode.h +0 -35
  23. package/external/libedhoc/backends/cbor/include/backend_cbor_edhoc_types.h +0 -102
  24. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_decode.h +0 -35
  25. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_encode.h +0 -35
  26. package/external/libedhoc/backends/cbor/include/backend_cbor_enc_structure_types.h +0 -37
  27. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_decode.h +0 -35
  28. package/external/libedhoc/backends/cbor/include/backend_cbor_id_cred_x_encode.h +0 -35
  29. package/external/libedhoc/backends/cbor/include/backend_cbor_info_decode.h +0 -35
  30. package/external/libedhoc/backends/cbor/include/backend_cbor_info_encode.h +0 -35
  31. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_decode.h +0 -35
  32. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_encode.h +0 -35
  33. package/external/libedhoc/backends/cbor/include/backend_cbor_int_type_types.h +0 -34
  34. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_decode.h +0 -35
  35. package/external/libedhoc/backends/cbor/include/backend_cbor_message_1_encode.h +0 -35
  36. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_decode.h +0 -35
  37. package/external/libedhoc/backends/cbor/include/backend_cbor_message_2_encode.h +0 -35
  38. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_decode.h +0 -35
  39. package/external/libedhoc/backends/cbor/include/backend_cbor_message_3_encode.h +0 -35
  40. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_decode.h +0 -35
  41. package/external/libedhoc/backends/cbor/include/backend_cbor_message_4_encode.h +0 -35
  42. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_decode.h +0 -35
  43. package/external/libedhoc/backends/cbor/include/backend_cbor_message_error_encode.h +0 -35
  44. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_decode.h +0 -35
  45. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_2_encode.h +0 -35
  46. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_decode.h +0 -35
  47. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_3_encode.h +0 -35
  48. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_decode.h +0 -35
  49. package/external/libedhoc/backends/cbor/include/backend_cbor_plaintext_4_encode.h +0 -35
  50. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_decode.h +0 -35
  51. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_encode.h +0 -35
  52. package/external/libedhoc/backends/cbor/include/backend_cbor_sig_structure_types.h +0 -38
  53. package/external/libedhoc/backends/cbor/include/backend_cbor_x509_types.h +0 -180
  54. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_decode.c +0 -50
  55. package/external/libedhoc/backends/cbor/src/backend_cbor_bstr_type_encode.c +0 -50
  56. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_decode.c +0 -69
  57. package/external/libedhoc/backends/cbor/src/backend_cbor_ead_encode.c +0 -69
  58. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_decode.c +0 -53
  59. package/external/libedhoc/backends/cbor/src/backend_cbor_enc_structure_encode.c +0 -53
  60. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_decode.c +0 -152
  61. package/external/libedhoc/backends/cbor/src/backend_cbor_id_cred_x_encode.c +0 -152
  62. package/external/libedhoc/backends/cbor/src/backend_cbor_info_decode.c +0 -52
  63. package/external/libedhoc/backends/cbor/src/backend_cbor_info_encode.c +0 -52
  64. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_decode.c +0 -50
  65. package/external/libedhoc/backends/cbor/src/backend_cbor_int_type_encode.c +0 -50
  66. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_decode.c +0 -115
  67. package/external/libedhoc/backends/cbor/src/backend_cbor_message_1_encode.c +0 -115
  68. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_decode.c +0 -50
  69. package/external/libedhoc/backends/cbor/src/backend_cbor_message_2_encode.c +0 -50
  70. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_decode.c +0 -50
  71. package/external/libedhoc/backends/cbor/src/backend_cbor_message_3_encode.c +0 -50
  72. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_decode.c +0 -50
  73. package/external/libedhoc/backends/cbor/src/backend_cbor_message_4_encode.c +0 -50
  74. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_decode.c +0 -92
  75. package/external/libedhoc/backends/cbor/src/backend_cbor_message_error_encode.c +0 -92
  76. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_decode.c +0 -216
  77. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_2_encode.c +0 -217
  78. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_decode.c +0 -212
  79. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_3_encode.c +0 -212
  80. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_decode.c +0 -87
  81. package/external/libedhoc/backends/cbor/src/backend_cbor_plaintext_4_encode.c +0 -87
  82. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_decode.c +0 -54
  83. package/external/libedhoc/backends/cbor/src/backend_cbor_sig_structure_encode.c +0 -54
  84. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.c +0 -31
  85. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode.h +0 -10
  86. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.c +0 -18
  87. package/external/libedhoc/externals/Unity/examples/example_1/src/ProductionCode2.h +0 -9
  88. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode.c +0 -69
  89. package/external/libedhoc/externals/Unity/examples/example_1/test/TestProductionCode2.c +0 -38
  90. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode2_Runner.c +0 -53
  91. package/external/libedhoc/externals/Unity/examples/example_1/test/test_runners/TestProductionCode_Runner.c +0 -57
  92. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.c +0 -31
  93. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode.h +0 -10
  94. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.c +0 -18
  95. package/external/libedhoc/externals/Unity/examples/example_2/src/ProductionCode2.h +0 -9
  96. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode.c +0 -71
  97. package/external/libedhoc/externals/Unity/examples/example_2/test/TestProductionCode2.c +0 -40
  98. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode2_Runner.c +0 -16
  99. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/TestProductionCode_Runner.c +0 -18
  100. package/external/libedhoc/externals/Unity/examples/example_2/test/test_runners/all_tests.c +0 -19
  101. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.c +0 -17
  102. package/external/libedhoc/externals/Unity/examples/example_3/helper/UnityHelper.h +0 -19
  103. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.c +0 -31
  104. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode.h +0 -10
  105. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.c +0 -18
  106. package/external/libedhoc/externals/Unity/examples/example_3/src/ProductionCode2.h +0 -9
  107. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode.c +0 -69
  108. package/external/libedhoc/externals/Unity/examples/example_3/test/TestProductionCode2.c +0 -38
  109. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.c +0 -31
  110. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode.h +0 -10
  111. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.c +0 -18
  112. package/external/libedhoc/externals/Unity/examples/example_4/src/ProductionCode2.h +0 -9
  113. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode.c +0 -70
  114. package/external/libedhoc/externals/Unity/examples/example_4/test/TestProductionCode2.c +0 -42
  115. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode2_Runner.c +0 -53
  116. package/external/libedhoc/externals/Unity/examples/example_4/test/test_runners/TestProductionCode_Runner.c +0 -57
  117. package/external/libedhoc/externals/Unity/examples/unity_config.h +0 -251
  118. package/external/libedhoc/externals/Unity/extras/bdd/src/unity_bdd.h +0 -44
  119. package/external/libedhoc/externals/Unity/extras/bdd/test/test_bdd.c +0 -129
  120. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.c +0 -310
  121. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture.h +0 -95
  122. package/external/libedhoc/externals/Unity/extras/fixture/src/unity_fixture_internals.h +0 -51
  123. package/external/libedhoc/externals/Unity/extras/fixture/test/main/AllTests.c +0 -20
  124. package/external/libedhoc/externals/Unity/extras/fixture/test/template_fixture_tests.c +0 -40
  125. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_Test.c +0 -246
  126. package/external/libedhoc/externals/Unity/extras/fixture/test/unity_fixture_TestRunner.c +0 -33
  127. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.c +0 -203
  128. package/external/libedhoc/externals/Unity/extras/memory/src/unity_memory.h +0 -61
  129. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_Test.c +0 -326
  130. package/external/libedhoc/externals/Unity/extras/memory/test/unity_memory_TestRunner.c +0 -50
  131. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.c +0 -57
  132. package/external/libedhoc/externals/Unity/extras/memory/test/unity_output_Spy.h +0 -17
  133. package/external/libedhoc/externals/Unity/src/unity.c +0 -2501
  134. package/external/libedhoc/externals/Unity/src/unity.h +0 -698
  135. package/external/libedhoc/externals/Unity/src/unity_internals.h +0 -1183
  136. package/external/libedhoc/externals/Unity/test/expectdata/testsample_cmd.c +0 -61
  137. package/external/libedhoc/externals/Unity/test/expectdata/testsample_def.c +0 -57
  138. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.c +0 -55
  139. package/external/libedhoc/externals/Unity/test/expectdata/testsample_head1.h +0 -15
  140. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_cmd.c +0 -80
  141. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_def.c +0 -76
  142. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.c +0 -75
  143. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_head1.h +0 -13
  144. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new1.c +0 -89
  145. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_new2.c +0 -89
  146. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_param.c +0 -77
  147. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run1.c +0 -89
  148. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_run2.c +0 -89
  149. package/external/libedhoc/externals/Unity/test/expectdata/testsample_mock_yaml.c +0 -90
  150. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new1.c +0 -67
  151. package/external/libedhoc/externals/Unity/test/expectdata/testsample_new2.c +0 -70
  152. package/external/libedhoc/externals/Unity/test/expectdata/testsample_param.c +0 -58
  153. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run1.c +0 -67
  154. package/external/libedhoc/externals/Unity/test/expectdata/testsample_run2.c +0 -70
  155. package/external/libedhoc/externals/Unity/test/expectdata/testsample_yaml.c +0 -71
  156. package/external/libedhoc/externals/Unity/test/testdata/CException.h +0 -18
  157. package/external/libedhoc/externals/Unity/test/testdata/Defs.h +0 -16
  158. package/external/libedhoc/externals/Unity/test/testdata/cmock.h +0 -21
  159. package/external/libedhoc/externals/Unity/test/testdata/mockMock.h +0 -20
  160. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGenerator.c +0 -204
  161. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorSmall.c +0 -73
  162. package/external/libedhoc/externals/Unity/test/testdata/testRunnerGeneratorWithMocks.c +0 -200
  163. package/external/libedhoc/externals/Unity/test/tests/self_assessment_utils.h +0 -151
  164. package/external/libedhoc/externals/Unity/test/tests/test_unity_arrays.c +0 -2941
  165. package/external/libedhoc/externals/Unity/test/tests/test_unity_core.c +0 -375
  166. package/external/libedhoc/externals/Unity/test/tests/test_unity_doubles.c +0 -1285
  167. package/external/libedhoc/externals/Unity/test/tests/test_unity_floats.c +0 -1395
  168. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers.c +0 -2863
  169. package/external/libedhoc/externals/Unity/test/tests/test_unity_integers_64.c +0 -783
  170. package/external/libedhoc/externals/Unity/test/tests/test_unity_memory.c +0 -82
  171. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterized.c +0 -309
  172. package/external/libedhoc/externals/Unity/test/tests/test_unity_parameterizedDemo.c +0 -28
  173. package/external/libedhoc/externals/Unity/test/tests/test_unity_strings.c +0 -330
  174. package/external/libedhoc/externals/Unity/test/tests/types_for_test.h +0 -21
  175. package/external/libedhoc/externals/compact25519/src/c25519/c25519.c +0 -126
  176. package/external/libedhoc/externals/compact25519/src/c25519/c25519.h +0 -49
  177. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.c +0 -323
  178. package/external/libedhoc/externals/compact25519/src/c25519/ed25519.h +0 -84
  179. package/external/libedhoc/externals/compact25519/src/c25519/edsign.c +0 -171
  180. package/external/libedhoc/externals/compact25519/src/c25519/edsign.h +0 -53
  181. package/external/libedhoc/externals/compact25519/src/c25519/f25519.c +0 -330
  182. package/external/libedhoc/externals/compact25519/src/c25519/f25519.h +0 -98
  183. package/external/libedhoc/externals/compact25519/src/c25519/fprime.c +0 -226
  184. package/external/libedhoc/externals/compact25519/src/c25519/fprime.h +0 -81
  185. package/external/libedhoc/externals/compact25519/src/c25519/sha512.c +0 -230
  186. package/external/libedhoc/externals/compact25519/src/c25519/sha512.h +0 -54
  187. package/external/libedhoc/externals/compact25519/src/compact_ed25519.c +0 -46
  188. package/external/libedhoc/externals/compact25519/src/compact_ed25519.h +0 -110
  189. package/external/libedhoc/externals/compact25519/src/compact_wipe.c +0 -12
  190. package/external/libedhoc/externals/compact25519/src/compact_wipe.h +0 -14
  191. package/external/libedhoc/externals/compact25519/src/compact_x25519.c +0 -68
  192. package/external/libedhoc/externals/compact25519/src/compact_x25519.h +0 -101
  193. package/external/libedhoc/externals/compact25519/test/pcg_random.h +0 -25
  194. package/external/libedhoc/externals/compact25519/test/run-all.c +0 -178
  195. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/Hacl_Curve25519.h +0 -21
  196. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/everest.h +0 -234
  197. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h +0 -124
  198. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h +0 -280
  199. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlib.h +0 -29
  200. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/c_endianness.h +0 -204
  201. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/builtin.h +0 -16
  202. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/callconv.h +0 -46
  203. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/compat.h +0 -34
  204. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/debug.h +0 -57
  205. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/target.h +0 -102
  206. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/types.h +0 -61
  207. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h +0 -5
  208. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h +0 -21
  209. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/inttypes.h +0 -36
  210. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/vs2013/stdbool.h +0 -31
  211. package/external/libedhoc/externals/mbedtls/3rdparty/everest/include/everest/x25519.h +0 -190
  212. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519.c +0 -760
  213. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/Hacl_Curve25519_joined.c +0 -50
  214. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/everest.c +0 -102
  215. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c +0 -413
  216. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c +0 -100
  217. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/legacy/Hacl_Curve25519.c +0 -805
  218. package/external/libedhoc/externals/mbedtls/3rdparty/everest/library/x25519.c +0 -186
  219. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.c +0 -1514
  220. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m/p256-m.h +0 -135
  221. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.c +0 -312
  222. package/external/libedhoc/externals/mbedtls/3rdparty/p256-m/p256-m_driver_entrypoints.h +0 -219
  223. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-dtls1_2.h +0 -92
  224. package/external/libedhoc/externals/mbedtls/configs/config-ccm-psk-tls1_2.h +0 -83
  225. package/external/libedhoc/externals/mbedtls/configs/config-no-entropy.h +0 -73
  226. package/external/libedhoc/externals/mbedtls/configs/config-suite-b.h +0 -106
  227. package/external/libedhoc/externals/mbedtls/configs/config-symmetric-only.h +0 -77
  228. package/external/libedhoc/externals/mbedtls/configs/config-thread.h +0 -76
  229. package/external/libedhoc/externals/mbedtls/configs/crypto-config-ccm-aes-sha256.h +0 -25
  230. package/external/libedhoc/externals/mbedtls/configs/crypto_config_profile_medium.h +0 -136
  231. package/external/libedhoc/externals/mbedtls/configs/tfm_mbedcrypto_config_profile_medium.h +0 -609
  232. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_encdec.h +0 -54
  233. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_hashing.h +0 -30
  234. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_mainpage.h +0 -19
  235. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_rng.h +0 -27
  236. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_ssltls.h +0 -37
  237. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_tcpip.h +0 -32
  238. package/external/libedhoc/externals/mbedtls/doxygen/input/doc_x509.h +0 -31
  239. package/external/libedhoc/externals/mbedtls/include/mbedtls/aes.h +0 -627
  240. package/external/libedhoc/externals/mbedtls/include/mbedtls/aria.h +0 -341
  241. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1.h +0 -641
  242. package/external/libedhoc/externals/mbedtls/include/mbedtls/asn1write.h +0 -389
  243. package/external/libedhoc/externals/mbedtls/include/mbedtls/base64.h +0 -82
  244. package/external/libedhoc/externals/mbedtls/include/mbedtls/bignum.h +0 -1084
  245. package/external/libedhoc/externals/mbedtls/include/mbedtls/build_info.h +0 -146
  246. package/external/libedhoc/externals/mbedtls/include/mbedtls/camellia.h +0 -303
  247. package/external/libedhoc/externals/mbedtls/include/mbedtls/ccm.h +0 -518
  248. package/external/libedhoc/externals/mbedtls/include/mbedtls/chacha20.h +0 -202
  249. package/external/libedhoc/externals/mbedtls/include/mbedtls/chachapoly.h +0 -342
  250. package/external/libedhoc/externals/mbedtls/include/mbedtls/check_config.h +0 -1206
  251. package/external/libedhoc/externals/mbedtls/include/mbedtls/cipher.h +0 -1183
  252. package/external/libedhoc/externals/mbedtls/include/mbedtls/cmac.h +0 -246
  253. package/external/libedhoc/externals/mbedtls/include/mbedtls/compat-2.x.h +0 -46
  254. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h +0 -183
  255. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h +0 -877
  256. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h +0 -334
  257. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h +0 -142
  258. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_ssl.h +0 -76
  259. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_adjust_x509.h +0 -25
  260. package/external/libedhoc/externals/mbedtls/include/mbedtls/config_psa.h +0 -55
  261. package/external/libedhoc/externals/mbedtls/include/mbedtls/constant_time.h +0 -36
  262. package/external/libedhoc/externals/mbedtls/include/mbedtls/ctr_drbg.h +0 -564
  263. package/external/libedhoc/externals/mbedtls/include/mbedtls/debug.h +0 -308
  264. package/external/libedhoc/externals/mbedtls/include/mbedtls/des.h +0 -385
  265. package/external/libedhoc/externals/mbedtls/include/mbedtls/dhm.h +0 -972
  266. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdh.h +0 -441
  267. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecdsa.h +0 -671
  268. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecjpake.h +0 -298
  269. package/external/libedhoc/externals/mbedtls/include/mbedtls/ecp.h +0 -1362
  270. package/external/libedhoc/externals/mbedtls/include/mbedtls/entropy.h +0 -273
  271. package/external/libedhoc/externals/mbedtls/include/mbedtls/error.h +0 -201
  272. package/external/libedhoc/externals/mbedtls/include/mbedtls/gcm.h +0 -370
  273. package/external/libedhoc/externals/mbedtls/include/mbedtls/hkdf.h +0 -124
  274. package/external/libedhoc/externals/mbedtls/include/mbedtls/hmac_drbg.h +0 -434
  275. package/external/libedhoc/externals/mbedtls/include/mbedtls/lms.h +0 -440
  276. package/external/libedhoc/externals/mbedtls/include/mbedtls/mbedtls_config.h +0 -4116
  277. package/external/libedhoc/externals/mbedtls/include/mbedtls/md.h +0 -640
  278. package/external/libedhoc/externals/mbedtls/include/mbedtls/md5.h +0 -190
  279. package/external/libedhoc/externals/mbedtls/include/mbedtls/memory_buffer_alloc.h +0 -142
  280. package/external/libedhoc/externals/mbedtls/include/mbedtls/net_sockets.h +0 -299
  281. package/external/libedhoc/externals/mbedtls/include/mbedtls/nist_kw.h +0 -166
  282. package/external/libedhoc/externals/mbedtls/include/mbedtls/oid.h +0 -722
  283. package/external/libedhoc/externals/mbedtls/include/mbedtls/pem.h +0 -160
  284. package/external/libedhoc/externals/mbedtls/include/mbedtls/pk.h +0 -1091
  285. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs12.h +0 -186
  286. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs5.h +0 -197
  287. package/external/libedhoc/externals/mbedtls/include/mbedtls/pkcs7.h +0 -241
  288. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform.h +0 -485
  289. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_time.h +0 -79
  290. package/external/libedhoc/externals/mbedtls/include/mbedtls/platform_util.h +0 -201
  291. package/external/libedhoc/externals/mbedtls/include/mbedtls/poly1305.h +0 -168
  292. package/external/libedhoc/externals/mbedtls/include/mbedtls/private_access.h +0 -20
  293. package/external/libedhoc/externals/mbedtls/include/mbedtls/psa_util.h +0 -104
  294. package/external/libedhoc/externals/mbedtls/include/mbedtls/ripemd160.h +0 -136
  295. package/external/libedhoc/externals/mbedtls/include/mbedtls/rsa.h +0 -1143
  296. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha1.h +0 -219
  297. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha256.h +0 -198
  298. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha3.h +0 -172
  299. package/external/libedhoc/externals/mbedtls/include/mbedtls/sha512.h +0 -208
  300. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl.h +0 -5369
  301. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cache.h +0 -187
  302. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ciphersuites.h +0 -616
  303. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_cookie.h +0 -106
  304. package/external/libedhoc/externals/mbedtls/include/mbedtls/ssl_ticket.h +0 -181
  305. package/external/libedhoc/externals/mbedtls/include/mbedtls/threading.h +0 -105
  306. package/external/libedhoc/externals/mbedtls/include/mbedtls/timing.h +0 -94
  307. package/external/libedhoc/externals/mbedtls/include/mbedtls/version.h +0 -78
  308. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509.h +0 -550
  309. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crl.h +0 -184
  310. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_crt.h +0 -1196
  311. package/external/libedhoc/externals/mbedtls/include/mbedtls/x509_csr.h +0 -319
  312. package/external/libedhoc/externals/mbedtls/include/psa/build_info.h +0 -20
  313. package/external/libedhoc/externals/mbedtls/include/psa/crypto.h +0 -4685
  314. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_auto_enabled.h +0 -21
  315. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h +0 -91
  316. package/external/libedhoc/externals/mbedtls/include/psa/crypto_adjust_config_synonyms.h +0 -45
  317. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_composites.h +0 -210
  318. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_key_derivation.h +0 -118
  319. package/external/libedhoc/externals/mbedtls/include/psa/crypto_builtin_primitives.h +0 -114
  320. package/external/libedhoc/externals/mbedtls/include/psa/crypto_compat.h +0 -153
  321. package/external/libedhoc/externals/mbedtls/include/psa/crypto_config.h +0 -153
  322. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_common.h +0 -44
  323. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_composites.h +0 -151
  324. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h +0 -52
  325. package/external/libedhoc/externals/mbedtls/include/psa/crypto_driver_contexts_primitives.h +0 -105
  326. package/external/libedhoc/externals/mbedtls/include/psa/crypto_extra.h +0 -2064
  327. package/external/libedhoc/externals/mbedtls/include/psa/crypto_legacy.h +0 -88
  328. package/external/libedhoc/externals/mbedtls/include/psa/crypto_platform.h +0 -92
  329. package/external/libedhoc/externals/mbedtls/include/psa/crypto_se_driver.h +0 -1383
  330. package/external/libedhoc/externals/mbedtls/include/psa/crypto_sizes.h +0 -1282
  331. package/external/libedhoc/externals/mbedtls/include/psa/crypto_struct.h +0 -460
  332. package/external/libedhoc/externals/mbedtls/include/psa/crypto_types.h +0 -453
  333. package/external/libedhoc/externals/mbedtls/include/psa/crypto_values.h +0 -2756
  334. package/external/libedhoc/externals/mbedtls/library/aes.c +0 -2315
  335. package/external/libedhoc/externals/mbedtls/library/aesce.c +0 -503
  336. package/external/libedhoc/externals/mbedtls/library/aesce.h +0 -121
  337. package/external/libedhoc/externals/mbedtls/library/aesni.c +0 -802
  338. package/external/libedhoc/externals/mbedtls/library/aesni.h +0 -158
  339. package/external/libedhoc/externals/mbedtls/library/alignment.h +0 -509
  340. package/external/libedhoc/externals/mbedtls/library/aria.c +0 -991
  341. package/external/libedhoc/externals/mbedtls/library/asn1parse.c +0 -467
  342. package/external/libedhoc/externals/mbedtls/library/asn1write.c +0 -436
  343. package/external/libedhoc/externals/mbedtls/library/base64.c +0 -299
  344. package/external/libedhoc/externals/mbedtls/library/base64_internal.h +0 -45
  345. package/external/libedhoc/externals/mbedtls/library/bignum.c +0 -2806
  346. package/external/libedhoc/externals/mbedtls/library/bignum_core.c +0 -894
  347. package/external/libedhoc/externals/mbedtls/library/bignum_core.h +0 -763
  348. package/external/libedhoc/externals/mbedtls/library/bignum_mod.c +0 -394
  349. package/external/libedhoc/externals/mbedtls/library/bignum_mod.h +0 -452
  350. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.c +0 -276
  351. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw.h +0 -416
  352. package/external/libedhoc/externals/mbedtls/library/bignum_mod_raw_invasive.h +0 -34
  353. package/external/libedhoc/externals/mbedtls/library/bn_mul.h +0 -1094
  354. package/external/libedhoc/externals/mbedtls/library/camellia.c +0 -1044
  355. package/external/libedhoc/externals/mbedtls/library/ccm.c +0 -712
  356. package/external/libedhoc/externals/mbedtls/library/chacha20.c +0 -497
  357. package/external/libedhoc/externals/mbedtls/library/chachapoly.c +0 -478
  358. package/external/libedhoc/externals/mbedtls/library/check_crypto_config.h +0 -141
  359. package/external/libedhoc/externals/mbedtls/library/cipher.c +0 -1664
  360. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.c +0 -2422
  361. package/external/libedhoc/externals/mbedtls/library/cipher_wrap.h +0 -132
  362. package/external/libedhoc/externals/mbedtls/library/cmac.c +0 -1067
  363. package/external/libedhoc/externals/mbedtls/library/common.h +0 -325
  364. package/external/libedhoc/externals/mbedtls/library/constant_time.c +0 -261
  365. package/external/libedhoc/externals/mbedtls/library/constant_time_impl.h +0 -554
  366. package/external/libedhoc/externals/mbedtls/library/constant_time_internal.h +0 -579
  367. package/external/libedhoc/externals/mbedtls/library/ctr_drbg.c +0 -881
  368. package/external/libedhoc/externals/mbedtls/library/debug.c +0 -465
  369. package/external/libedhoc/externals/mbedtls/library/des.c +0 -1042
  370. package/external/libedhoc/externals/mbedtls/library/dhm.c +0 -712
  371. package/external/libedhoc/externals/mbedtls/library/ecdh.c +0 -685
  372. package/external/libedhoc/externals/mbedtls/library/ecdsa.c +0 -867
  373. package/external/libedhoc/externals/mbedtls/library/ecjpake.c +0 -1216
  374. package/external/libedhoc/externals/mbedtls/library/ecp.c +0 -3631
  375. package/external/libedhoc/externals/mbedtls/library/ecp_curves.c +0 -5467
  376. package/external/libedhoc/externals/mbedtls/library/ecp_curves_new.c +0 -6043
  377. package/external/libedhoc/externals/mbedtls/library/ecp_internal_alt.h +0 -287
  378. package/external/libedhoc/externals/mbedtls/library/ecp_invasive.h +0 -325
  379. package/external/libedhoc/externals/mbedtls/library/entropy.c +0 -676
  380. package/external/libedhoc/externals/mbedtls/library/entropy_poll.c +0 -229
  381. package/external/libedhoc/externals/mbedtls/library/entropy_poll.h +0 -64
  382. package/external/libedhoc/externals/mbedtls/library/error.c +0 -878
  383. package/external/libedhoc/externals/mbedtls/library/gcm.c +0 -1168
  384. package/external/libedhoc/externals/mbedtls/library/hkdf.c +0 -161
  385. package/external/libedhoc/externals/mbedtls/library/hmac_drbg.c +0 -633
  386. package/external/libedhoc/externals/mbedtls/library/lmots.c +0 -821
  387. package/external/libedhoc/externals/mbedtls/library/lmots.h +0 -311
  388. package/external/libedhoc/externals/mbedtls/library/lms.c +0 -779
  389. package/external/libedhoc/externals/mbedtls/library/md.c +0 -1108
  390. package/external/libedhoc/externals/mbedtls/library/md5.c +0 -426
  391. package/external/libedhoc/externals/mbedtls/library/md_psa.h +0 -63
  392. package/external/libedhoc/externals/mbedtls/library/md_wrap.h +0 -46
  393. package/external/libedhoc/externals/mbedtls/library/memory_buffer_alloc.c +0 -745
  394. package/external/libedhoc/externals/mbedtls/library/mps_common.h +0 -181
  395. package/external/libedhoc/externals/mbedtls/library/mps_error.h +0 -89
  396. package/external/libedhoc/externals/mbedtls/library/mps_reader.c +0 -538
  397. package/external/libedhoc/externals/mbedtls/library/mps_reader.h +0 -366
  398. package/external/libedhoc/externals/mbedtls/library/mps_trace.c +0 -112
  399. package/external/libedhoc/externals/mbedtls/library/mps_trace.h +0 -154
  400. package/external/libedhoc/externals/mbedtls/library/net_sockets.c +0 -696
  401. package/external/libedhoc/externals/mbedtls/library/nist_kw.c +0 -725
  402. package/external/libedhoc/externals/mbedtls/library/oid.c +0 -1154
  403. package/external/libedhoc/externals/mbedtls/library/padlock.c +0 -155
  404. package/external/libedhoc/externals/mbedtls/library/padlock.h +0 -111
  405. package/external/libedhoc/externals/mbedtls/library/pem.c +0 -520
  406. package/external/libedhoc/externals/mbedtls/library/pk.c +0 -970
  407. package/external/libedhoc/externals/mbedtls/library/pk_internal.h +0 -118
  408. package/external/libedhoc/externals/mbedtls/library/pk_wrap.c +0 -1834
  409. package/external/libedhoc/externals/mbedtls/library/pk_wrap.h +0 -156
  410. package/external/libedhoc/externals/mbedtls/library/pkcs12.c +0 -447
  411. package/external/libedhoc/externals/mbedtls/library/pkcs5.c +0 -496
  412. package/external/libedhoc/externals/mbedtls/library/pkcs7.c +0 -773
  413. package/external/libedhoc/externals/mbedtls/library/pkparse.c +0 -1845
  414. package/external/libedhoc/externals/mbedtls/library/pkwrite.c +0 -836
  415. package/external/libedhoc/externals/mbedtls/library/pkwrite.h +0 -112
  416. package/external/libedhoc/externals/mbedtls/library/platform.c +0 -402
  417. package/external/libedhoc/externals/mbedtls/library/platform_util.c +0 -285
  418. package/external/libedhoc/externals/mbedtls/library/poly1305.c +0 -492
  419. package/external/libedhoc/externals/mbedtls/library/psa_crypto.c +0 -8432
  420. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.c +0 -653
  421. package/external/libedhoc/externals/mbedtls/library/psa_crypto_aead.h +0 -499
  422. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.c +0 -590
  423. package/external/libedhoc/externals/mbedtls/library/psa_crypto_cipher.h +0 -293
  424. package/external/libedhoc/externals/mbedtls/library/psa_crypto_client.c +0 -67
  425. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core.h +0 -838
  426. package/external/libedhoc/externals/mbedtls/library/psa_crypto_core_common.h +0 -52
  427. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers.h +0 -2871
  428. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.c +0 -256
  429. package/external/libedhoc/externals/mbedtls/library/psa_crypto_driver_wrappers_no_static.h +0 -31
  430. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.c +0 -561
  431. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ecp.h +0 -267
  432. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.c +0 -295
  433. package/external/libedhoc/externals/mbedtls/library/psa_crypto_ffdh.h +0 -132
  434. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.c +0 -470
  435. package/external/libedhoc/externals/mbedtls/library/psa_crypto_hash.h +0 -211
  436. package/external/libedhoc/externals/mbedtls/library/psa_crypto_invasive.h +0 -70
  437. package/external/libedhoc/externals/mbedtls/library/psa_crypto_its.h +0 -131
  438. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.c +0 -496
  439. package/external/libedhoc/externals/mbedtls/library/psa_crypto_mac.h +0 -264
  440. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.c +0 -571
  441. package/external/libedhoc/externals/mbedtls/library/psa_crypto_pake.h +0 -159
  442. package/external/libedhoc/externals/mbedtls/library/psa_crypto_random_impl.h +0 -192
  443. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.c +0 -727
  444. package/external/libedhoc/externals/mbedtls/library/psa_crypto_rsa.h +0 -317
  445. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.c +0 -373
  446. package/external/libedhoc/externals/mbedtls/library/psa_crypto_se.h +0 -185
  447. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.c +0 -559
  448. package/external/libedhoc/externals/mbedtls/library/psa_crypto_slot_management.h +0 -213
  449. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.c +0 -481
  450. package/external/libedhoc/externals/mbedtls/library/psa_crypto_storage.h +0 -384
  451. package/external/libedhoc/externals/mbedtls/library/psa_its_file.c +0 -259
  452. package/external/libedhoc/externals/mbedtls/library/psa_util.c +0 -160
  453. package/external/libedhoc/externals/mbedtls/library/psa_util_internal.h +0 -96
  454. package/external/libedhoc/externals/mbedtls/library/ripemd160.c +0 -490
  455. package/external/libedhoc/externals/mbedtls/library/rsa.c +0 -2640
  456. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.c +0 -447
  457. package/external/libedhoc/externals/mbedtls/library/rsa_alt_helpers.h +0 -208
  458. package/external/libedhoc/externals/mbedtls/library/sha1.c +0 -480
  459. package/external/libedhoc/externals/mbedtls/library/sha256.c +0 -946
  460. package/external/libedhoc/externals/mbedtls/library/sha3.c +0 -626
  461. package/external/libedhoc/externals/mbedtls/library/sha512.c +0 -1111
  462. package/external/libedhoc/externals/mbedtls/library/ssl_cache.c +0 -410
  463. package/external/libedhoc/externals/mbedtls/library/ssl_ciphersuites.c +0 -2050
  464. package/external/libedhoc/externals/mbedtls/library/ssl_client.c +0 -1017
  465. package/external/libedhoc/externals/mbedtls/library/ssl_client.h +0 -22
  466. package/external/libedhoc/externals/mbedtls/library/ssl_cookie.c +0 -380
  467. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers.h +0 -78
  468. package/external/libedhoc/externals/mbedtls/library/ssl_debug_helpers_generated.c +0 -234
  469. package/external/libedhoc/externals/mbedtls/library/ssl_misc.h +0 -2847
  470. package/external/libedhoc/externals/mbedtls/library/ssl_msg.c +0 -6155
  471. package/external/libedhoc/externals/mbedtls/library/ssl_ticket.c +0 -540
  472. package/external/libedhoc/externals/mbedtls/library/ssl_tls.c +0 -9577
  473. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_client.c +0 -3607
  474. package/external/libedhoc/externals/mbedtls/library/ssl_tls12_server.c +0 -4403
  475. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_client.c +0 -3046
  476. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_generic.c +0 -1740
  477. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_invasive.h +0 -23
  478. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.c +0 -1897
  479. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_keys.h +0 -651
  480. package/external/libedhoc/externals/mbedtls/library/ssl_tls13_server.c +0 -3146
  481. package/external/libedhoc/externals/mbedtls/library/threading.c +0 -181
  482. package/external/libedhoc/externals/mbedtls/library/timing.c +0 -154
  483. package/external/libedhoc/externals/mbedtls/library/version.c +0 -32
  484. package/external/libedhoc/externals/mbedtls/library/version_features.c +0 -826
  485. package/external/libedhoc/externals/mbedtls/library/x509.c +0 -1776
  486. package/external/libedhoc/externals/mbedtls/library/x509_create.c +0 -557
  487. package/external/libedhoc/externals/mbedtls/library/x509_crl.c +0 -712
  488. package/external/libedhoc/externals/mbedtls/library/x509_crt.c +0 -3292
  489. package/external/libedhoc/externals/mbedtls/library/x509_csr.c +0 -574
  490. package/external/libedhoc/externals/mbedtls/library/x509write.c +0 -174
  491. package/external/libedhoc/externals/mbedtls/library/x509write_crt.c +0 -681
  492. package/external/libedhoc/externals/mbedtls/library/x509write_csr.c +0 -331
  493. package/external/libedhoc/externals/mbedtls/programs/aes/crypt_and_hash.c +0 -573
  494. package/external/libedhoc/externals/mbedtls/programs/cipher/cipher_aead_demo.c +0 -259
  495. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.c +0 -105
  496. package/external/libedhoc/externals/mbedtls/programs/fuzz/common.h +0 -25
  497. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_client.c +0 -195
  498. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsclient.c +0 -138
  499. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_dtlsserver.c +0 -183
  500. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pkcs7.c +0 -20
  501. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_privkey.c +0 -106
  502. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_pubkey.c +0 -86
  503. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_server.c +0 -218
  504. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crl.c +0 -41
  505. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509crt.c +0 -41
  506. package/external/libedhoc/externals/mbedtls/programs/fuzz/fuzz_x509csr.c +0 -41
  507. package/external/libedhoc/externals/mbedtls/programs/fuzz/onefile.c +0 -69
  508. package/external/libedhoc/externals/mbedtls/programs/hash/generic_sum.c +0 -209
  509. package/external/libedhoc/externals/mbedtls/programs/hash/hello.c +0 -45
  510. package/external/libedhoc/externals/mbedtls/programs/hash/md_hmac_demo.c +0 -136
  511. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_client.c +0 -274
  512. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_genprime.c +0 -161
  513. package/external/libedhoc/externals/mbedtls/programs/pkey/dh_server.c +0 -296
  514. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdh_curve25519.c +0 -189
  515. package/external/libedhoc/externals/mbedtls/programs/pkey/ecdsa.c +0 -217
  516. package/external/libedhoc/externals/mbedtls/programs/pkey/gen_key.c +0 -419
  517. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app.c +0 -316
  518. package/external/libedhoc/externals/mbedtls/programs/pkey/key_app_writer.c +0 -435
  519. package/external/libedhoc/externals/mbedtls/programs/pkey/mpi_demo.c +0 -84
  520. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_decrypt.c +0 -153
  521. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_encrypt.c +0 -154
  522. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_sign.c +0 -155
  523. package/external/libedhoc/externals/mbedtls/programs/pkey/pk_verify.c +0 -128
  524. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_decrypt.c +0 -172
  525. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_encrypt.c +0 -149
  526. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_genkey.c +0 -141
  527. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign.c +0 -155
  528. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_sign_pss.c +0 -161
  529. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify.c +0 -131
  530. package/external/libedhoc/externals/mbedtls/programs/pkey/rsa_verify_pss.c +0 -136
  531. package/external/libedhoc/externals/mbedtls/programs/psa/aead_demo.c +0 -281
  532. package/external/libedhoc/externals/mbedtls/programs/psa/crypto_examples.c +0 -321
  533. package/external/libedhoc/externals/mbedtls/programs/psa/hmac_demo.c +0 -159
  534. package/external/libedhoc/externals/mbedtls/programs/psa/key_ladder_demo.c +0 -691
  535. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names.c +0 -310
  536. package/external/libedhoc/externals/mbedtls/programs/psa/psa_constant_names_generated.c +0 -474
  537. package/external/libedhoc/externals/mbedtls/programs/random/gen_entropy.c +0 -75
  538. package/external/libedhoc/externals/mbedtls/programs/random/gen_random_ctr_drbg.c +0 -107
  539. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_client.c +0 -342
  540. package/external/libedhoc/externals/mbedtls/programs/ssl/dtls_server.c +0 -408
  541. package/external/libedhoc/externals/mbedtls/programs/ssl/mini_client.c +0 -274
  542. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client1.c +0 -288
  543. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_client2.c +0 -3118
  544. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_context_info.c +0 -1009
  545. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_fork_server.c +0 -381
  546. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_mail_client.c +0 -804
  547. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_pthread_server.c +0 -489
  548. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server.c +0 -362
  549. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_server2.c +0 -4268
  550. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_common_source.c +0 -375
  551. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.c +0 -601
  552. package/external/libedhoc/externals/mbedtls/programs/ssl/ssl_test_lib.h +0 -306
  553. package/external/libedhoc/externals/mbedtls/programs/test/benchmark.c +0 -1284
  554. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package/cmake_package.c +0 -27
  555. package/external/libedhoc/externals/mbedtls/programs/test/cmake_package_install/cmake_package_install.c +0 -28
  556. package/external/libedhoc/externals/mbedtls/programs/test/cmake_subproject/cmake_subproject.c +0 -28
  557. package/external/libedhoc/externals/mbedtls/programs/test/dlopen.c +0 -92
  558. package/external/libedhoc/externals/mbedtls/programs/test/query_compile_time_config.c +0 -66
  559. package/external/libedhoc/externals/mbedtls/programs/test/query_config.c +0 -5137
  560. package/external/libedhoc/externals/mbedtls/programs/test/query_config.h +0 -34
  561. package/external/libedhoc/externals/mbedtls/programs/test/query_included_headers.c +0 -29
  562. package/external/libedhoc/externals/mbedtls/programs/test/selftest.c +0 -583
  563. package/external/libedhoc/externals/mbedtls/programs/test/udp_proxy.c +0 -967
  564. package/external/libedhoc/externals/mbedtls/programs/test/zeroize.c +0 -72
  565. package/external/libedhoc/externals/mbedtls/programs/util/pem2der.c +0 -265
  566. package/external/libedhoc/externals/mbedtls/programs/util/strerror.c +0 -61
  567. package/external/libedhoc/externals/mbedtls/programs/wince_main.c +0 -31
  568. package/external/libedhoc/externals/mbedtls/programs/x509/cert_app.c +0 -456
  569. package/external/libedhoc/externals/mbedtls/programs/x509/cert_req.c +0 -509
  570. package/external/libedhoc/externals/mbedtls/programs/x509/cert_write.c +0 -1012
  571. package/external/libedhoc/externals/mbedtls/programs/x509/crl_app.c +0 -132
  572. package/external/libedhoc/externals/mbedtls/programs/x509/load_roots.c +0 -165
  573. package/external/libedhoc/externals/mbedtls/programs/x509/req_app.c +0 -132
  574. package/external/libedhoc/externals/mbedtls/tests/configs/tls13-only.h +0 -31
  575. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-for-test.h +0 -89
  576. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-malloc-0-null.h +0 -22
  577. package/external/libedhoc/externals/mbedtls/tests/configs/user-config-zeroize-memset.h +0 -17
  578. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aes_alt.h +0 -23
  579. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/aria_alt.h +0 -16
  580. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/camellia_alt.h +0 -16
  581. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ccm_alt.h +0 -16
  582. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chacha20_alt.h +0 -16
  583. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/chachapoly_alt.h +0 -18
  584. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/cmac_alt.h +0 -15
  585. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/des_alt.h +0 -22
  586. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/dhm_alt.h +0 -16
  587. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecjpake_alt.h +0 -15
  588. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ecp_alt.h +0 -22
  589. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/gcm_alt.h +0 -16
  590. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/md5_alt.h +0 -16
  591. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/nist_kw_alt.h +0 -15
  592. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/platform_alt.h +0 -16
  593. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/poly1305_alt.h +0 -16
  594. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/ripemd160_alt.h +0 -16
  595. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/rsa_alt.h +0 -16
  596. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha1_alt.h +0 -16
  597. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha256_alt.h +0 -16
  598. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/sha512_alt.h +0 -16
  599. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/threading_alt.h +0 -14
  600. package/external/libedhoc/externals/mbedtls/tests/include/alt-dummy/timing_alt.h +0 -19
  601. package/external/libedhoc/externals/mbedtls/tests/include/alt-extra/psa/crypto.h +0 -7
  602. package/external/libedhoc/externals/mbedtls/tests/include/baremetal-override/time.h +0 -6
  603. package/external/libedhoc/externals/mbedtls/tests/include/spe/crypto_spe.h +0 -131
  604. package/external/libedhoc/externals/mbedtls/tests/include/test/arguments.h +0 -26
  605. package/external/libedhoc/externals/mbedtls/tests/include/test/asn1_helpers.h +0 -38
  606. package/external/libedhoc/externals/mbedtls/tests/include/test/bignum_helpers.h +0 -106
  607. package/external/libedhoc/externals/mbedtls/tests/include/test/certs.h +0 -234
  608. package/external/libedhoc/externals/mbedtls/tests/include/test/constant_flow.h +0 -71
  609. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/aead.h +0 -121
  610. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/asymmetric_encryption.h +0 -67
  611. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/cipher.h +0 -130
  612. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/config_test_driver.h +0 -44
  613. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/crypto_config_test_driver_extension.h +0 -430
  614. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/hash.h +0 -64
  615. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_agreement.h +0 -62
  616. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/key_management.h +0 -123
  617. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/mac.h +0 -125
  618. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/pake.h +0 -75
  619. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/signature.h +0 -112
  620. package/external/libedhoc/externals/mbedtls/tests/include/test/drivers/test_driver.h +0 -32
  621. package/external/libedhoc/externals/mbedtls/tests/include/test/fake_external_rng_for_test.h +0 -40
  622. package/external/libedhoc/externals/mbedtls/tests/include/test/helpers.h +0 -268
  623. package/external/libedhoc/externals/mbedtls/tests/include/test/macros.h +0 -250
  624. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_crypto_helpers.h +0 -398
  625. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_exercise_key.h +0 -223
  626. package/external/libedhoc/externals/mbedtls/tests/include/test/psa_helpers.h +0 -24
  627. package/external/libedhoc/externals/mbedtls/tests/include/test/random.h +0 -91
  628. package/external/libedhoc/externals/mbedtls/tests/include/test/ssl_helpers.h +0 -628
  629. package/external/libedhoc/externals/mbedtls/tests/src/asn1_helpers.c +0 -62
  630. package/external/libedhoc/externals/mbedtls/tests/src/bignum_helpers.c +0 -145
  631. package/external/libedhoc/externals/mbedtls/tests/src/certs.c +0 -480
  632. package/external/libedhoc/externals/mbedtls/tests/src/drivers/hash.c +0 -199
  633. package/external/libedhoc/externals/mbedtls/tests/src/drivers/platform_builtin_keys.c +0 -78
  634. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_aead.c +0 -462
  635. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_asymmetric_encryption.c +0 -151
  636. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_cipher.c +0 -424
  637. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_agreement.c +0 -147
  638. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_key_management.c +0 -783
  639. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_mac.c +0 -422
  640. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_pake.c +0 -202
  641. package/external/libedhoc/externals/mbedtls/tests/src/drivers/test_driver_signature.c +0 -405
  642. package/external/libedhoc/externals/mbedtls/tests/src/fake_external_rng_for_test.c +0 -45
  643. package/external/libedhoc/externals/mbedtls/tests/src/helpers.c +0 -353
  644. package/external/libedhoc/externals/mbedtls/tests/src/psa_crypto_helpers.c +0 -196
  645. package/external/libedhoc/externals/mbedtls/tests/src/psa_exercise_key.c +0 -989
  646. package/external/libedhoc/externals/mbedtls/tests/src/random.c +0 -136
  647. package/external/libedhoc/externals/mbedtls/tests/src/test_certs.h +0 -1226
  648. package/external/libedhoc/externals/mbedtls/tests/src/test_helpers/ssl_helpers.c +0 -2292
  649. package/external/libedhoc/externals/mbedtls/tests/src/threading_helpers.c +0 -210
  650. package/external/libedhoc/externals/zcbor/include/zcbor_common.h +0 -509
  651. package/external/libedhoc/externals/zcbor/include/zcbor_decode.h +0 -447
  652. package/external/libedhoc/externals/zcbor/include/zcbor_encode.h +0 -240
  653. package/external/libedhoc/externals/zcbor/include/zcbor_print.h +0 -165
  654. package/external/libedhoc/externals/zcbor/include/zcbor_tags.h +0 -94
  655. package/external/libedhoc/externals/zcbor/samples/hello_world/src/main.c +0 -41
  656. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_decode.h +0 -39
  657. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_encode.h +0 -39
  658. package/external/libedhoc/externals/zcbor/samples/pet/include/pet_types.h +0 -47
  659. package/external/libedhoc/externals/zcbor/samples/pet/src/main.c +0 -128
  660. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_decode.c +0 -60
  661. package/external/libedhoc/externals/zcbor/samples/pet/src/pet_encode.c +0 -61
  662. package/external/libedhoc/externals/zcbor/src/zcbor_common.c +0 -430
  663. package/external/libedhoc/externals/zcbor/src/zcbor_decode.c +0 -1567
  664. package/external/libedhoc/externals/zcbor/src/zcbor_encode.c +0 -609
  665. package/external/libedhoc/externals/zcbor/tests/decode/test1_suit_old_formats/src/main.c +0 -367
  666. package/external/libedhoc/externals/zcbor/tests/decode/test2_suit/src/main.c +0 -189
  667. package/external/libedhoc/externals/zcbor/tests/decode/test3_simple/src/main.c +0 -528
  668. package/external/libedhoc/externals/zcbor/tests/decode/test5_corner_cases/src/main.c +0 -2154
  669. package/external/libedhoc/externals/zcbor/tests/decode/test7_suit9_simple/src/main.c +0 -134
  670. package/external/libedhoc/externals/zcbor/tests/decode/test8_suit12/src/main.c +0 -862
  671. package/external/libedhoc/externals/zcbor/tests/decode/test9_manifest14/src/main.c +0 -363
  672. package/external/libedhoc/externals/zcbor/tests/encode/test1_suit/src/main.c +0 -453
  673. package/external/libedhoc/externals/zcbor/tests/encode/test2_simple/src/main.c +0 -122
  674. package/external/libedhoc/externals/zcbor/tests/encode/test3_corner_cases/src/main.c +0 -1554
  675. package/external/libedhoc/externals/zcbor/tests/encode/test4_senml/src/main.c +0 -65
  676. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_everything.c +0 -12
  677. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_manifest12.c +0 -136
  678. package/external/libedhoc/externals/zcbor/tests/fuzz/fuzz_pet.c +0 -12
  679. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.c +0 -60
  680. package/external/libedhoc/externals/zcbor/tests/fuzz/main_entry.h +0 -5
  681. package/external/libedhoc/externals/zcbor/tests/unit/test1_unit_tests/src/main.c +0 -1437
  682. package/external/libedhoc/externals/zcbor/tests/unit/test3_float16/src/main.c +0 -203
  683. package/external/libedhoc/include/edhoc.h +0 -687
  684. package/external/libedhoc/include/edhoc_common.h +0 -289
  685. package/external/libedhoc/include/edhoc_context.h +0 -343
  686. package/external/libedhoc/include/edhoc_credentials.h +0 -265
  687. package/external/libedhoc/include/edhoc_crypto.h +0 -331
  688. package/external/libedhoc/include/edhoc_ead.h +0 -102
  689. package/external/libedhoc/include/edhoc_macros.h +0 -60
  690. package/external/libedhoc/include/edhoc_values.h +0 -181
  691. package/external/libedhoc/library/edhoc.c +0 -253
  692. package/external/libedhoc/library/edhoc_common.c +0 -1314
  693. package/external/libedhoc/library/edhoc_exporter.c +0 -542
  694. package/external/libedhoc/library/edhoc_message_1.c +0 -474
  695. package/external/libedhoc/library/edhoc_message_2.c +0 -1697
  696. package/external/libedhoc/library/edhoc_message_3.c +0 -1467
  697. package/external/libedhoc/library/edhoc_message_4.c +0 -828
  698. package/external/libedhoc/library/edhoc_message_error.c +0 -238
  699. package/external/libedhoc/tests/include/cipher_suite_0.h +0 -131
  700. package/external/libedhoc/tests/include/cipher_suite_2.h +0 -139
  701. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_2.h +0 -786
  702. package/external/libedhoc/tests/include/test_vector_rfc9529_chapter_3.h +0 -529
  703. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_0.h +0 -137
  704. package/external/libedhoc/tests/include/test_vector_x5chain_sign_keys_suite_2.h +0 -168
  705. package/external/libedhoc/tests/include/test_vector_x5chain_static_dh_keys_suite_2.h +0 -162
  706. package/external/libedhoc/tests/include/test_vector_x5t_sign_keys_suite_2.h +0 -180
  707. package/external/libedhoc/tests/src/cipher_suite_0.c +0 -445
  708. package/external/libedhoc/tests/src/cipher_suite_2.c +0 -600
  709. package/external/libedhoc/tests/src/module_test_api.c +0 -430
  710. package/external/libedhoc/tests/src/module_test_cipher_suite_0.c +0 -395
  711. package/external/libedhoc/tests/src/module_test_cipher_suite_2.c +0 -392
  712. package/external/libedhoc/tests/src/module_test_error_message.c +0 -251
  713. package/external/libedhoc/tests/src/module_test_main.c +0 -49
  714. package/external/libedhoc/tests/src/module_test_rfc9528_suites_negotiation.c +0 -541
  715. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_2.c +0 -2681
  716. package/external/libedhoc/tests/src/module_test_rfc9529_chapter_3.c +0 -1635
  717. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_0.c +0 -1135
  718. package/external/libedhoc/tests/src/module_test_x5chain_sign_keys_suite_2.c +0 -1249
  719. package/external/libedhoc/tests/src/module_test_x5chain_static_dh_keys_suite_2.c +0 -798
  720. package/external/libedhoc/tests/src/module_test_x5t_sign_keys_suite_2.c +0 -956
  721. package/include/Binding.h +0 -348
  722. package/include/EdhocComposeAsyncWorker.h +0 -49
  723. package/include/EdhocCredentialManager.h +0 -89
  724. package/include/EdhocCryptoManager.h +0 -495
  725. package/include/EdhocEadManager.h +0 -147
  726. package/include/EdhocExportOscoreAsyncWorker.h +0 -57
  727. package/include/EdhocKeyExporterAsyncWorker.h +0 -56
  728. package/include/EdhocKeyUpdateAsyncWorker.h +0 -55
  729. package/include/EdhocProcessAsyncWorker.h +0 -55
  730. package/include/RunningContext.h +0 -102
  731. package/include/Suites.h +0 -27
  732. package/include/Utils.h +0 -71
  733. package/patches/prebuildify-cross+5.1.0.dev.patch +0 -26
  734. package/patches/prebuildify-cross+5.1.1.dev.patch +0 -26
  735. package/prebuilds/android-arm/edhoc.armv7.node +0 -0
  736. package/prebuilds/android-arm64/edhoc.armv8.node +0 -0
  737. package/prebuilds/darwin-arm64/edhoc.node +0 -0
  738. package/prebuilds/darwin-x64/edhoc.node +0 -0
  739. package/prebuilds/linux-arm/edhoc.armv6.node +0 -0
  740. package/prebuilds/linux-arm/edhoc.armv7.node +0 -0
  741. package/prebuilds/linux-arm64/edhoc.armv8.node +0 -0
  742. package/prebuilds/linux-x64/edhoc.glibc.node +0 -0
  743. package/prebuilds/linux-x64/edhoc.musl.node +0 -0
  744. package/prebuilds/win32-ia32/edhoc.node +0 -0
  745. package/prebuilds/win32-x64/edhoc.node +0 -0
  746. package/src/Binding.cpp +0 -434
  747. package/src/EdhocComposeAsyncWorker.cpp +0 -60
  748. package/src/EdhocCredentialManager.cpp +0 -314
  749. package/src/EdhocCryptoManager.cpp +0 -593
  750. package/src/EdhocEadManager.cpp +0 -148
  751. package/src/EdhocExportOscoreAsyncWorker.cpp +0 -67
  752. package/src/EdhocKeyExporterAsyncWorker.cpp +0 -39
  753. package/src/EdhocKeyUpdateAsyncWorker.cpp +0 -31
  754. package/src/EdhocProcessAsyncWorker.cpp +0 -120
  755. package/src/RunningContext.cpp +0 -95
  756. package/src/Suites.cpp +0 -120
  757. package/src/Utils.cpp +0 -54
  758. package/test/basic.test.ts +0 -118
  759. package/test/vectors.test.ts +0 -111
package/external/libedhoc/externals/mbedtls/library/ssl_tls13_server.c DELETED
@@ -1,3146 +0,0 @@
1
- /*
2
- * TLS 1.3 server-side functions
3
- *
4
- * Copyright The Mbed TLS Contributors
5
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
- */
7
-
8
- #include "common.h"
9
-
10
- #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
11
-
12
- #include "mbedtls/debug.h"
13
- #include "mbedtls/error.h"
14
- #include "mbedtls/platform.h"
15
- #include "mbedtls/constant_time.h"
16
- #include "mbedtls/oid.h"
17
- #include "md_psa.h"
18
-
19
- #include "ssl_misc.h"
20
- #include "ssl_tls13_keys.h"
21
- #include "ssl_debug_helpers.h"
22
-
23
-
24
- static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
25
- mbedtls_ssl_context *ssl,
26
- unsigned int cipher_suite)
27
- {
28
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
29
- if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) {
30
- return NULL;
31
- }
32
-
33
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
34
- if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
35
- ssl->tls_version,
36
- ssl->tls_version) != 0)) {
37
- return NULL;
38
- }
39
- return ciphersuite_info;
40
- }
41
-
42
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
43
- /* From RFC 8446:
44
- *
45
- * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
46
- * struct {
47
- * PskKeyExchangeMode ke_modes<1..255>;
48
- * } PskKeyExchangeModes;
49
- */
50
- MBEDTLS_CHECK_RETURN_CRITICAL
51
- static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
52
- const unsigned char *buf,
53
- const unsigned char *end)
54
- {
55
- const unsigned char *p = buf;
56
- size_t ke_modes_len;
57
- int ke_modes = 0;
58
-
59
- /* Read ke_modes length (1 Byte) */
60
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
61
- ke_modes_len = *p++;
62
- /* Currently, there are only two PSK modes, so even without looking
63
- * at the content, something's wrong if the list has more than 2 items. */
64
- if (ke_modes_len > 2) {
65
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
66
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
67
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
68
- }
69
-
70
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ke_modes_len);
71
-
72
- while (ke_modes_len-- != 0) {
73
- switch (*p++) {
74
- case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE:
75
- ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
76
- MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK KEX MODE"));
77
- break;
78
- case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE:
79
- ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
80
- MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK_EPHEMERAL KEX MODE"));
81
- break;
82
- default:
83
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
84
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
85
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
86
- }
87
- }
88
-
89
- ssl->handshake->tls13_kex_modes = ke_modes;
90
- return 0;
91
- }
92
-
93
- #define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1
94
- #define SSL_TLS1_3_OFFERED_PSK_MATCH 0
95
-
96
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
97
-
98
- MBEDTLS_CHECK_RETURN_CRITICAL
99
- static int ssl_tls13_offered_psks_check_identity_match_ticket(
100
- mbedtls_ssl_context *ssl,
101
- const unsigned char *identity,
102
- size_t identity_len,
103
- uint32_t obfuscated_ticket_age,
104
- mbedtls_ssl_session *session)
105
- {
106
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
107
- unsigned char *ticket_buffer;
108
- #if defined(MBEDTLS_HAVE_TIME)
109
- mbedtls_time_t now;
110
- uint64_t age_in_s;
111
- int64_t age_diff_in_ms;
112
- #endif
113
-
114
- ((void) obfuscated_ticket_age);
115
-
116
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> check_identity_match_ticket"));
117
-
118
- /* Ticket parser is not configured, Skip */
119
- if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
120
- return 0;
121
- }
122
-
123
- /* We create a copy of the encrypted ticket since the ticket parsing
124
- * function is allowed to use its input buffer as an output buffer
125
- * (in-place decryption). We do, however, need the original buffer for
126
- * computing the PSK binder value.
127
- */
128
- ticket_buffer = mbedtls_calloc(1, identity_len);
129
- if (ticket_buffer == NULL) {
130
- MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
131
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
132
- }
133
- memcpy(ticket_buffer, identity, identity_len);
134
-
135
- if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
136
- session,
137
- ticket_buffer, identity_len)) != 0) {
138
- if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
139
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
140
- } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
141
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
142
- } else {
143
- MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret);
144
- }
145
- }
146
-
147
- /* We delete the temporary buffer */
148
- mbedtls_free(ticket_buffer);
149
-
150
- if (ret != 0) {
151
- goto exit;
152
- }
153
-
154
- /* RFC 8446 section 4.2.9
155
- *
156
- * Servers SHOULD NOT send NewSessionTicket with tickets that are not
157
- * compatible with the advertised modes; however, if a server does so,
158
- * the impact will just be that the client's attempts at resumption fail.
159
- *
160
- * We regard the ticket with incompatible key exchange modes as not match.
161
- */
162
- ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
163
- MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
164
- session->ticket_flags);
165
- if (mbedtls_ssl_tls13_check_kex_modes(
166
- ssl,
167
- mbedtls_ssl_session_get_ticket_flags(
168
- session,
169
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
170
- MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
171
- goto exit;
172
- }
173
-
174
- ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
175
- #if defined(MBEDTLS_HAVE_TIME)
176
- now = mbedtls_time(NULL);
177
-
178
- if (now < session->start) {
179
- MBEDTLS_SSL_DEBUG_MSG(
180
- 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG
181
- ", start=%" MBEDTLS_PRINTF_LONGLONG " )",
182
- (long long) now, (long long) session->start));
183
- goto exit;
184
- }
185
-
186
- age_in_s = (uint64_t) (now - session->start);
187
-
188
- /* RFC 8446 section 4.6.1
189
- *
190
- * Servers MUST NOT use any value greater than 604800 seconds (7 days).
191
- *
192
- * RFC 8446 section 4.2.11.1
193
- *
194
- * Clients MUST NOT attempt to use tickets which have ages greater than
195
- * the "ticket_lifetime" value which was provided with the ticket.
196
- *
197
- * For time being, the age MUST be less than 604800 seconds (7 days).
198
- */
199
- if (age_in_s > 604800) {
200
- MBEDTLS_SSL_DEBUG_MSG(
201
- 3, ("Ticket age exceeds limitation ticket_age=%lu",
202
- (long unsigned int) age_in_s));
203
- goto exit;
204
- }
205
-
206
- /* RFC 8446 section 4.2.10
207
- *
208
- * For PSKs provisioned via NewSessionTicket, a server MUST validate that
209
- * the ticket age for the selected PSK identity (computed by subtracting
210
- * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is
211
- * within a small tolerance of the time since the ticket was issued.
212
- *
213
- * NOTE: When `now == session->start`, `age_diff_in_ms` may be negative
214
- * as the age units are different on the server (s) and in the
215
- * client (ms) side. Add a -1000 ms tolerance window to take this
216
- * into account.
217
- */
218
- age_diff_in_ms = age_in_s * 1000;
219
- age_diff_in_ms -= (obfuscated_ticket_age - session->ticket_age_add);
220
- if (age_diff_in_ms <= -1000 ||
221
- age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) {
222
- MBEDTLS_SSL_DEBUG_MSG(
223
- 3, ("Ticket age outside tolerance window ( diff=%d )",
224
- (int) age_diff_in_ms));
225
- goto exit;
226
- }
227
-
228
- ret = 0;
229
-
230
- #endif /* MBEDTLS_HAVE_TIME */
231
-
232
- exit:
233
- if (ret != 0) {
234
- mbedtls_ssl_session_free(session);
235
- }
236
-
237
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= check_identity_match_ticket"));
238
- return ret;
239
- }
240
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
241
-
242
- MBEDTLS_CHECK_RETURN_CRITICAL
243
- static int ssl_tls13_offered_psks_check_identity_match(
244
- mbedtls_ssl_context *ssl,
245
- const unsigned char *identity,
246
- size_t identity_len,
247
- uint32_t obfuscated_ticket_age,
248
- int *psk_type,
249
- mbedtls_ssl_session *session)
250
- {
251
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
252
-
253
- ((void) session);
254
- ((void) obfuscated_ticket_age);
255
- *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
256
-
257
- MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len);
258
- ssl->handshake->resume = 0;
259
-
260
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
261
- if (ssl_tls13_offered_psks_check_identity_match_ticket(
262
- ssl, identity, identity_len, obfuscated_ticket_age,
263
- session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
264
- ssl->handshake->resume = 1;
265
- *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
266
- ret = mbedtls_ssl_set_hs_psk(ssl,
267
- session->resumption_key,
268
- session->resumption_key_len);
269
- if (ret != 0) {
270
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
271
- return ret;
272
- }
273
-
274
- MBEDTLS_SSL_DEBUG_BUF(4, "Ticket-resumed PSK:",
275
- session->resumption_key,
276
- session->resumption_key_len);
277
- MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u",
278
- (unsigned) obfuscated_ticket_age));
279
- return SSL_TLS1_3_OFFERED_PSK_MATCH;
280
- }
281
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
282
-
283
- /* Check identity with external configured function */
284
- if (ssl->conf->f_psk != NULL) {
285
- if (ssl->conf->f_psk(
286
- ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
287
- return SSL_TLS1_3_OFFERED_PSK_MATCH;
288
- }
289
- return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
290
- }
291
-
292
- MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len);
293
- /* Check identity with pre-configured psk */
294
- if (ssl->conf->psk_identity != NULL &&
295
- identity_len == ssl->conf->psk_identity_len &&
296
- mbedtls_ct_memcmp(ssl->conf->psk_identity,
297
- identity, identity_len) == 0) {
298
- ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len);
299
- if (ret != 0) {
300
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
301
- return ret;
302
- }
303
- return SSL_TLS1_3_OFFERED_PSK_MATCH;
304
- }
305
-
306
- return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
307
- }
308
-
309
- MBEDTLS_CHECK_RETURN_CRITICAL
310
- static int ssl_tls13_offered_psks_check_binder_match(
311
- mbedtls_ssl_context *ssl,
312
- const unsigned char *binder, size_t binder_len,
313
- int psk_type, psa_algorithm_t psk_hash_alg)
314
- {
315
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
316
-
317
- unsigned char transcript[PSA_HASH_MAX_SIZE];
318
- size_t transcript_len;
319
- unsigned char *psk;
320
- size_t psk_len;
321
- unsigned char server_computed_binder[PSA_HASH_MAX_SIZE];
322
-
323
- /* Get current state of handshake transcript. */
324
- ret = mbedtls_ssl_get_handshake_transcript(
325
- ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg),
326
- transcript, sizeof(transcript), &transcript_len);
327
- if (ret != 0) {
328
- return ret;
329
- }
330
-
331
- ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
332
- if (ret != 0) {
333
- return ret;
334
- }
335
-
336
- ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg,
337
- psk, psk_len, psk_type,
338
- transcript,
339
- server_computed_binder);
340
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
341
- mbedtls_free((void *) psk);
342
- #endif
343
- if (ret != 0) {
344
- MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
345
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
346
- }
347
-
348
- MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( computed ): ",
349
- server_computed_binder, transcript_len);
350
- MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len);
351
-
352
- if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) {
353
- return SSL_TLS1_3_OFFERED_PSK_MATCH;
354
- }
355
-
356
- mbedtls_platform_zeroize(server_computed_binder,
357
- sizeof(server_computed_binder));
358
- return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
359
- }
360
-
361
- MBEDTLS_CHECK_RETURN_CRITICAL
362
- static int ssl_tls13_select_ciphersuite_for_psk(
363
- mbedtls_ssl_context *ssl,
364
- const unsigned char *cipher_suites,
365
- const unsigned char *cipher_suites_end,
366
- uint16_t *selected_ciphersuite,
367
- const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
368
- {
369
- psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
370
-
371
- *selected_ciphersuite = 0;
372
- *selected_ciphersuite_info = NULL;
373
-
374
- /* RFC 8446, page 55.
375
- *
376
- * For externally established PSKs, the Hash algorithm MUST be set when the
377
- * PSK is established or default to SHA-256 if no such algorithm is defined.
378
- *
379
- */
380
-
381
- /*
382
- * Search for a matching ciphersuite
383
- */
384
- for (const unsigned char *p = cipher_suites;
385
- p < cipher_suites_end; p += 2) {
386
- uint16_t cipher_suite;
387
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
388
-
389
- cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
390
- ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
391
- cipher_suite);
392
- if (ciphersuite_info == NULL) {
393
- continue;
394
- }
395
-
396
- /* MAC of selected ciphersuite MUST be same with PSK binder if exist.
397
- * Otherwise, client should reject.
398
- */
399
- if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) {
400
- *selected_ciphersuite = cipher_suite;
401
- *selected_ciphersuite_info = ciphersuite_info;
402
- return 0;
403
- }
404
- }
405
- MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite"));
406
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
407
- }
408
-
409
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
410
- MBEDTLS_CHECK_RETURN_CRITICAL
411
- static int ssl_tls13_select_ciphersuite_for_resumption(
412
- mbedtls_ssl_context *ssl,
413
- const unsigned char *cipher_suites,
414
- const unsigned char *cipher_suites_end,
415
- mbedtls_ssl_session *session,
416
- uint16_t *selected_ciphersuite,
417
- const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
418
- {
419
-
420
- *selected_ciphersuite = 0;
421
- *selected_ciphersuite_info = NULL;
422
- for (const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2) {
423
- uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
424
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
425
-
426
- if (cipher_suite != session->ciphersuite) {
427
- continue;
428
- }
429
-
430
- ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
431
- cipher_suite);
432
- if (ciphersuite_info == NULL) {
433
- continue;
434
- }
435
-
436
- *selected_ciphersuite = cipher_suite;
437
- *selected_ciphersuite_info = ciphersuite_info;
438
-
439
- return 0;
440
- }
441
-
442
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
443
- }
444
-
445
- MBEDTLS_CHECK_RETURN_CRITICAL
446
- static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
447
- const mbedtls_ssl_session *src)
448
- {
449
- dst->ticket_age_add = src->ticket_age_add;
450
- dst->ticket_flags = src->ticket_flags;
451
- dst->resumption_key_len = src->resumption_key_len;
452
- if (src->resumption_key_len == 0) {
453
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
454
- }
455
- memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len);
456
-
457
- return 0;
458
- }
459
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
460
-
461
- /* Parser for pre_shared_key extension in client hello
462
- * struct {
463
- * opaque identity<1..2^16-1>;
464
- * uint32 obfuscated_ticket_age;
465
- * } PskIdentity;
466
- *
467
- * opaque PskBinderEntry<32..255>;
468
- *
469
- * struct {
470
- * PskIdentity identities<7..2^16-1>;
471
- * PskBinderEntry binders<33..2^16-1>;
472
- * } OfferedPsks;
473
- *
474
- * struct {
475
- * select (Handshake.msg_type) {
476
- * case client_hello: OfferedPsks;
477
- * ....
478
- * };
479
- * } PreSharedKeyExtension;
480
- */
481
- MBEDTLS_CHECK_RETURN_CRITICAL
482
- static int ssl_tls13_parse_pre_shared_key_ext(
483
- mbedtls_ssl_context *ssl,
484
- const unsigned char *pre_shared_key_ext,
485
- const unsigned char *pre_shared_key_ext_end,
486
- const unsigned char *ciphersuites,
487
- const unsigned char *ciphersuites_end)
488
- {
489
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
490
- const unsigned char *identities = pre_shared_key_ext;
491
- const unsigned char *p_identity_len;
492
- size_t identities_len;
493
- const unsigned char *identities_end;
494
- const unsigned char *binders;
495
- const unsigned char *p_binder_len;
496
- size_t binders_len;
497
- const unsigned char *binders_end;
498
- int matched_identity = -1;
499
- int identity_id = -1;
500
-
501
- MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key extension",
502
- pre_shared_key_ext,
503
- pre_shared_key_ext_end - pre_shared_key_ext);
504
-
505
- /* identities_len 2 bytes
506
- * identities_data >= 7 bytes
507
- */
508
- MBEDTLS_SSL_CHK_BUF_READ_PTR(identities, pre_shared_key_ext_end, 7 + 2);
509
- identities_len = MBEDTLS_GET_UINT16_BE(identities, 0);
510
- p_identity_len = identities + 2;
511
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, pre_shared_key_ext_end,
512
- identities_len);
513
- identities_end = p_identity_len + identities_len;
514
-
515
- /* binders_len 2 bytes
516
- * binders >= 33 bytes
517
- */
518
- binders = identities_end;
519
- MBEDTLS_SSL_CHK_BUF_READ_PTR(binders, pre_shared_key_ext_end, 33 + 2);
520
- binders_len = MBEDTLS_GET_UINT16_BE(binders, 0);
521
- p_binder_len = binders + 2;
522
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
523
- binders_end = p_binder_len + binders_len;
524
-
525
- ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
526
- identities_end - pre_shared_key_ext);
527
- if (0 != ret) {
528
- MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
529
- return ret;
530
- }
531
-
532
- while (p_identity_len < identities_end && p_binder_len < binders_end) {
533
- const unsigned char *identity;
534
- size_t identity_len;
535
- uint32_t obfuscated_ticket_age;
536
- const unsigned char *binder;
537
- size_t binder_len;
538
- int psk_type;
539
- uint16_t cipher_suite;
540
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
541
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
542
- mbedtls_ssl_session session;
543
- mbedtls_ssl_session_init(&session);
544
- #endif
545
-
546
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4);
547
- identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0);
548
- identity = p_identity_len + 2;
549
- MBEDTLS_SSL_CHK_BUF_READ_PTR(identity, identities_end, identity_len + 4);
550
- obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE(identity, identity_len);
551
- p_identity_len += identity_len + 6;
552
-
553
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, binders_end, 1 + 32);
554
- binder_len = *p_binder_len;
555
- binder = p_binder_len + 1;
556
- MBEDTLS_SSL_CHK_BUF_READ_PTR(binder, binders_end, binder_len);
557
- p_binder_len += binder_len + 1;
558
-
559
- identity_id++;
560
- if (matched_identity != -1) {
561
- continue;
562
- }
563
-
564
- ret = ssl_tls13_offered_psks_check_identity_match(
565
- ssl, identity, identity_len, obfuscated_ticket_age,
566
- &psk_type, &session);
567
- if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
568
- continue;
569
- }
570
-
571
- MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity"));
572
- switch (psk_type) {
573
- case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
574
- ret = ssl_tls13_select_ciphersuite_for_psk(
575
- ssl, ciphersuites, ciphersuites_end,
576
- &cipher_suite, &ciphersuite_info);
577
- break;
578
- case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
579
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
580
- ret = ssl_tls13_select_ciphersuite_for_resumption(
581
- ssl, ciphersuites, ciphersuites_end, &session,
582
- &cipher_suite, &ciphersuite_info);
583
- if (ret != 0) {
584
- mbedtls_ssl_session_free(&session);
585
- }
586
- #else
587
- ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
588
- #endif
589
- break;
590
- default:
591
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
592
- }
593
- if (ret != 0) {
594
- /* See below, no cipher_suite available, abort handshake */
595
- MBEDTLS_SSL_PEND_FATAL_ALERT(
596
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
597
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
598
- MBEDTLS_SSL_DEBUG_RET(
599
- 2, "ssl_tls13_select_ciphersuite", ret);
600
- return ret;
601
- }
602
-
603
- ret = ssl_tls13_offered_psks_check_binder_match(
604
- ssl, binder, binder_len, psk_type,
605
- mbedtls_md_psa_alg_from_type(ciphersuite_info->mac));
606
- if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
607
- /* For security reasons, the handshake should be aborted when we
608
- * fail to validate a binder value. See RFC 8446 section 4.2.11.2
609
- * and appendix E.6. */
610
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
611
- mbedtls_ssl_session_free(&session);
612
- #endif
613
- MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder."));
614
- MBEDTLS_SSL_DEBUG_RET(
615
- 1, "ssl_tls13_offered_psks_check_binder_match", ret);
616
- MBEDTLS_SSL_PEND_FATAL_ALERT(
617
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
618
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
619
- return ret;
620
- }
621
-
622
- matched_identity = identity_id;
623
-
624
- /* Update handshake parameters */
625
- ssl->handshake->ciphersuite_info = ciphersuite_info;
626
- ssl->session_negotiate->ciphersuite = cipher_suite;
627
- MBEDTLS_SSL_DEBUG_MSG(2, ("overwrite ciphersuite: %04x - %s",
628
- cipher_suite, ciphersuite_info->name));
629
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
630
- if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
631
- ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate,
632
- &session);
633
- mbedtls_ssl_session_free(&session);
634
- if (ret != 0) {
635
- return ret;
636
- }
637
- }
638
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
639
- }
640
-
641
- if (p_identity_len != identities_end || p_binder_len != binders_end) {
642
- MBEDTLS_SSL_DEBUG_MSG(3, ("pre_shared_key extension decode error"));
643
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
644
- MBEDTLS_ERR_SSL_DECODE_ERROR);
645
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
646
- }
647
-
648
- /* Update the handshake transcript with the binder list. */
649
- ret = ssl->handshake->update_checksum(
650
- ssl, identities_end, (size_t) (binders_end - identities_end));
651
- if (0 != ret) {
652
- MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
653
- return ret;
654
- }
655
- if (matched_identity == -1) {
656
- MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
657
- return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
658
- }
659
-
660
- ssl->handshake->selected_identity = (uint16_t) matched_identity;
661
- MBEDTLS_SSL_DEBUG_MSG(3, ("Pre shared key found"));
662
-
663
- return 0;
664
- }
665
-
666
- /*
667
- * struct {
668
- * select ( Handshake.msg_type ) {
669
- * ....
670
- * case server_hello:
671
- * uint16 selected_identity;
672
- * }
673
- * } PreSharedKeyExtension;
674
- */
675
- static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
676
- unsigned char *buf,
677
- unsigned char *end,
678
- size_t *olen)
679
- {
680
- unsigned char *p = (unsigned char *) buf;
681
-
682
- *olen = 0;
683
-
684
- int not_using_psk = 0;
685
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
686
- not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
687
- #else
688
- not_using_psk = (ssl->handshake->psk == NULL);
689
- #endif
690
- if (not_using_psk) {
691
- /* We shouldn't have called this extension writer unless we've
692
- * chosen to use a PSK. */
693
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
694
- }
695
-
696
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding pre_shared_key extension"));
697
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
698
-
699
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0);
700
- MBEDTLS_PUT_UINT16_BE(2, p, 2);
701
-
702
- MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4);
703
-
704
- *olen = 6;
705
-
706
- MBEDTLS_SSL_DEBUG_MSG(4, ("sent selected_identity: %u",
707
- ssl->handshake->selected_identity));
708
-
709
- mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY);
710
-
711
- return 0;
712
- }
713
-
714
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
715
-
716
- /* From RFC 8446:
717
- * struct {
718
- * ProtocolVersion versions<2..254>;
719
- * } SupportedVersions;
720
- */
721
- MBEDTLS_CHECK_RETURN_CRITICAL
722
- static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
723
- const unsigned char *buf,
724
- const unsigned char *end)
725
- {
726
- const unsigned char *p = buf;
727
- size_t versions_len;
728
- const unsigned char *versions_end;
729
- uint16_t tls_version;
730
- int found_supported_version = 0;
731
-
732
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
733
- versions_len = p[0];
734
- p += 1;
735
-
736
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, versions_len);
737
- versions_end = p + versions_len;
738
- while (p < versions_end) {
739
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, versions_end, 2);
740
- tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
741
- p += 2;
742
-
743
- if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
744
- found_supported_version = 1;
745
- break;
746
- }
747
-
748
- if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
749
- mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
750
- found_supported_version = 1;
751
- break;
752
- }
753
- }
754
-
755
- if (!found_supported_version) {
756
- MBEDTLS_SSL_DEBUG_MSG(1, ("No supported version found."));
757
-
758
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
759
- MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
760
- return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
761
- }
762
-
763
- MBEDTLS_SSL_DEBUG_MSG(1, ("Negotiated version: [%04x]",
764
- (unsigned int) tls_version));
765
-
766
- return (int) tls_version;
767
- }
768
-
769
- #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
770
- /*
771
- *
772
- * From RFC 8446:
773
- * enum {
774
- * ... (0xFFFF)
775
- * } NamedGroup;
776
- * struct {
777
- * NamedGroup named_group_list<2..2^16-1>;
778
- * } NamedGroupList;
779
- */
780
- MBEDTLS_CHECK_RETURN_CRITICAL
781
- static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
782
- const unsigned char *buf,
783
- const unsigned char *end)
784
- {
785
- const unsigned char *p = buf;
786
- size_t named_group_list_len;
787
- const unsigned char *named_group_list_end;
788
-
789
- MBEDTLS_SSL_DEBUG_BUF(3, "supported_groups extension", p, end - buf);
790
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
791
- named_group_list_len = MBEDTLS_GET_UINT16_BE(p, 0);
792
- p += 2;
793
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, named_group_list_len);
794
- named_group_list_end = p + named_group_list_len;
795
- ssl->handshake->hrr_selected_group = 0;
796
-
797
- while (p < named_group_list_end) {
798
- uint16_t named_group;
799
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, named_group_list_end, 2);
800
- named_group = MBEDTLS_GET_UINT16_BE(p, 0);
801
- p += 2;
802
-
803
- MBEDTLS_SSL_DEBUG_MSG(2,
804
- ("got named group: %s(%04x)",
805
- mbedtls_ssl_named_group_to_str(named_group),
806
- named_group));
807
-
808
- if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) ||
809
- !mbedtls_ssl_named_group_is_supported(named_group) ||
810
- ssl->handshake->hrr_selected_group != 0) {
811
- continue;
812
- }
813
-
814
- MBEDTLS_SSL_DEBUG_MSG(2,
815
- ("add named group %s(%04x) into received list.",
816
- mbedtls_ssl_named_group_to_str(named_group),
817
- named_group));
818
-
819
- ssl->handshake->hrr_selected_group = named_group;
820
- }
821
-
822
- return 0;
823
-
824
- }
825
- #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
826
-
827
- #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
828
-
829
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
830
- /*
831
- * ssl_tls13_parse_key_shares_ext() verifies whether the information in the
832
- * extension is correct and stores the first acceptable key share and its
833
- * associated group.
834
- *
835
- * Possible return values are:
836
- * - 0: Successful processing of the client provided key share extension.
837
- * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by
838
- * the client does not match a group supported by the server. A
839
- * HelloRetryRequest will be needed.
840
- * - A negative value for fatal errors.
841
- */
842
- MBEDTLS_CHECK_RETURN_CRITICAL
843
- static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
844
- const unsigned char *buf,
845
- const unsigned char *end)
846
- {
847
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
848
- unsigned char const *p = buf;
849
- unsigned char const *client_shares_end;
850
- size_t client_shares_len;
851
-
852
- /* From RFC 8446:
853
- *
854
- * struct {
855
- * KeyShareEntry client_shares<0..2^16-1>;
856
- * } KeyShareClientHello;
857
- *
858
- */
859
-
860
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
861
- client_shares_len = MBEDTLS_GET_UINT16_BE(p, 0);
862
- p += 2;
863
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, client_shares_len);
864
-
865
- ssl->handshake->offered_group_id = 0;
866
- client_shares_end = p + client_shares_len;
867
-
868
- /* We try to find a suitable key share entry and copy it to the
869
- * handshake context. Later, we have to find out whether we can do
870
- * something with the provided key share or whether we have to
871
- * dismiss it and send a HelloRetryRequest message.
872
- */
873
-
874
- while (p < client_shares_end) {
875
- uint16_t group;
876
- size_t key_exchange_len;
877
- const unsigned char *key_exchange;
878
-
879
- /*
880
- * struct {
881
- * NamedGroup group;
882
- * opaque key_exchange<1..2^16-1>;
883
- * } KeyShareEntry;
884
- */
885
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, 4);
886
- group = MBEDTLS_GET_UINT16_BE(p, 0);
887
- key_exchange_len = MBEDTLS_GET_UINT16_BE(p, 2);
888
- p += 4;
889
- key_exchange = p;
890
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, key_exchange_len);
891
- p += key_exchange_len;
892
-
893
- /* Continue parsing even if we have already found a match,
894
- * for input validation purposes.
895
- */
896
- if (!mbedtls_ssl_named_group_is_offered(ssl, group) ||
897
- !mbedtls_ssl_named_group_is_supported(group) ||
898
- ssl->handshake->offered_group_id != 0) {
899
- continue;
900
- }
901
-
902
- /*
903
- * ECDHE and FFDHE groups are supported
904
- */
905
- if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
906
- mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
907
- MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)",
908
- mbedtls_ssl_named_group_to_str(group),
909
- group));
910
- ret = mbedtls_ssl_tls13_read_public_xxdhe_share(
911
- ssl, key_exchange - 2, key_exchange_len + 2);
912
- if (ret != 0) {
913
- return ret;
914
- }
915
-
916
- } else {
917
- MBEDTLS_SSL_DEBUG_MSG(4, ("Unrecognized NamedGroup %u",
918
- (unsigned) group));
919
- continue;
920
- }
921
-
922
- ssl->handshake->offered_group_id = group;
923
- }
924
-
925
-
926
- if (ssl->handshake->offered_group_id == 0) {
927
- MBEDTLS_SSL_DEBUG_MSG(1, ("no matching key share"));
928
- return SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH;
929
- }
930
- return 0;
931
- }
932
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
933
-
934
- MBEDTLS_CHECK_RETURN_CRITICAL
935
- static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl,
936
- int exts_mask)
937
- {
938
- int masked = ssl->handshake->received_extensions & exts_mask;
939
- return masked == exts_mask;
940
- }
941
-
942
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
943
- MBEDTLS_CHECK_RETURN_CRITICAL
944
- static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
945
- mbedtls_ssl_context *ssl)
946
- {
947
- return ssl_tls13_client_hello_has_exts(
948
- ssl,
949
- MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) |
950
- MBEDTLS_SSL_EXT_MASK(KEY_SHARE) |
951
- MBEDTLS_SSL_EXT_MASK(SIG_ALG));
952
- }
953
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
954
-
955
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
956
- MBEDTLS_CHECK_RETURN_CRITICAL
957
- static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange(
958
- mbedtls_ssl_context *ssl)
959
- {
960
- return ssl_tls13_client_hello_has_exts(
961
- ssl,
962
- MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) |
963
- MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES));
964
- }
965
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
966
-
967
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
968
- MBEDTLS_CHECK_RETURN_CRITICAL
969
- static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
970
- mbedtls_ssl_context *ssl)
971
- {
972
- return ssl_tls13_client_hello_has_exts(
973
- ssl,
974
- MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) |
975
- MBEDTLS_SSL_EXT_MASK(KEY_SHARE) |
976
- MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) |
977
- MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES));
978
- }
979
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
980
-
981
- MBEDTLS_CHECK_RETURN_CRITICAL
982
- static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
983
- {
984
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
985
- return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) &&
986
- ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl);
987
- #else
988
- ((void) ssl);
989
- return 0;
990
- #endif
991
- }
992
-
993
- MBEDTLS_CHECK_RETURN_CRITICAL
994
- static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
995
- {
996
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
997
- return mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
998
- mbedtls_ssl_tls13_psk_enabled(ssl) &&
999
- ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
1000
- #else
1001
- ((void) ssl);
1002
- return 0;
1003
- #endif
1004
- }
1005
-
1006
- MBEDTLS_CHECK_RETURN_CRITICAL
1007
- static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
1008
- {
1009
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
1010
- return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
1011
- mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
1012
- ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
1013
- #else
1014
- ((void) ssl);
1015
- return 0;
1016
- #endif
1017
- }
1018
-
1019
- static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
1020
- {
1021
- /*
1022
- * Determine the key exchange algorithm to use.
1023
- * There are three types of key exchanges supported in TLS 1.3:
1024
- * - (EC)DH with ECDSA,
1025
- * - (EC)DH with PSK,
1026
- * - plain PSK.
1027
- *
1028
- * The PSK-based key exchanges may additionally be used with 0-RTT.
1029
- *
1030
- * Our built-in order of preference is
1031
- * 1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
1032
- * 2 ) Certificate Mode ( ephemeral )
1033
- * 3 ) Plain PSK Mode ( psk )
1034
- */
1035
-
1036
- ssl->handshake->key_exchange_mode =
1037
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
1038
-
1039
- if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
1040
- ssl->handshake->key_exchange_mode =
1041
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1042
- MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
1043
- } else
1044
- if (ssl_tls13_check_ephemeral_key_exchange(ssl)) {
1045
- ssl->handshake->key_exchange_mode =
1046
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1047
- MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
1048
- } else
1049
- if (ssl_tls13_check_psk_key_exchange(ssl)) {
1050
- ssl->handshake->key_exchange_mode =
1051
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1052
- MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
1053
- } else {
1054
- MBEDTLS_SSL_DEBUG_MSG(
1055
- 1,
1056
- ("ClientHello message misses mandatory extensions."));
1057
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
1058
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
1059
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1060
- }
1061
-
1062
- return 0;
1063
-
1064
- }
1065
-
1066
- #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
1067
- defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
1068
-
1069
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
1070
- static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
1071
- {
1072
- switch (sig_alg) {
1073
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
1074
- return PSA_ALG_ECDSA(PSA_ALG_SHA_256);
1075
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
1076
- return PSA_ALG_ECDSA(PSA_ALG_SHA_384);
1077
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
1078
- return PSA_ALG_ECDSA(PSA_ALG_SHA_512);
1079
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
1080
- return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
1081
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
1082
- return PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
1083
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
1084
- return PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
1085
- case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
1086
- return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256);
1087
- case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
1088
- return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384);
1089
- case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
1090
- return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512);
1091
- default:
1092
- return PSA_ALG_NONE;
1093
- }
1094
- }
1095
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
1096
-
1097
- /*
1098
- * Pick best ( private key, certificate chain ) pair based on the signature
1099
- * algorithms supported by the client.
1100
- */
1101
- MBEDTLS_CHECK_RETURN_CRITICAL
1102
- static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
1103
- {
1104
- mbedtls_ssl_key_cert *key_cert, *key_cert_list;
1105
- const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
1106
-
1107
- #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
1108
- if (ssl->handshake->sni_key_cert != NULL) {
1109
- key_cert_list = ssl->handshake->sni_key_cert;
1110
- } else
1111
- #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
1112
- key_cert_list = ssl->conf->key_cert;
1113
-
1114
- if (key_cert_list == NULL) {
1115
- MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate"));
1116
- return -1;
1117
- }
1118
-
1119
- for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) {
1120
- if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) {
1121
- continue;
1122
- }
1123
-
1124
- if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) {
1125
- continue;
1126
- }
1127
-
1128
- for (key_cert = key_cert_list; key_cert != NULL;
1129
- key_cert = key_cert->next) {
1130
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
1131
- psa_algorithm_t psa_alg = PSA_ALG_NONE;
1132
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
1133
-
1134
- MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
1135
- key_cert->cert);
1136
-
1137
- /*
1138
- * This avoids sending the client a cert it'll reject based on
1139
- * keyUsage or other extensions.
1140
- */
1141
- if (mbedtls_x509_crt_check_key_usage(
1142
- key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0 ||
1143
- mbedtls_x509_crt_check_extended_key_usage(
1144
- key_cert->cert, MBEDTLS_OID_SERVER_AUTH,
1145
- MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) != 0) {
1146
- MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
1147
- "(extended) key usage extension"));
1148
- continue;
1149
- }
1150
-
1151
- MBEDTLS_SSL_DEBUG_MSG(3,
1152
- ("ssl_tls13_pick_key_cert:"
1153
- "check signature algorithm %s [%04x]",
1154
- mbedtls_ssl_sig_alg_to_str(*sig_alg),
1155
- *sig_alg));
1156
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
1157
- psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
1158
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
1159
-
1160
- if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
1161
- *sig_alg, &key_cert->cert->pk)
1162
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
1163
- && psa_alg != PSA_ALG_NONE &&
1164
- mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
1165
- PSA_KEY_USAGE_SIGN_HASH) == 1
1166
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
1167
- ) {
1168
- ssl->handshake->key_cert = key_cert;
1169
- MBEDTLS_SSL_DEBUG_MSG(3,
1170
- ("ssl_tls13_pick_key_cert:"
1171
- "selected signature algorithm"
1172
- " %s [%04x]",
1173
- mbedtls_ssl_sig_alg_to_str(*sig_alg),
1174
- *sig_alg));
1175
- MBEDTLS_SSL_DEBUG_CRT(
1176
- 3, "selected certificate (chain)",
1177
- ssl->handshake->key_cert->cert);
1178
- return 0;
1179
- }
1180
- }
1181
- }
1182
-
1183
- MBEDTLS_SSL_DEBUG_MSG(2, ("ssl_tls13_pick_key_cert:"
1184
- "no suitable certificate found"));
1185
- return -1;
1186
- }
1187
- #endif /* MBEDTLS_X509_CRT_PARSE_C &&
1188
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
1189
-
1190
- /*
1191
- *
1192
- * STATE HANDLING: ClientHello
1193
- *
1194
- * There are three possible classes of outcomes when parsing the ClientHello:
1195
- *
1196
- * 1) The ClientHello was well-formed and matched the server's configuration.
1197
- *
1198
- * In this case, the server progresses to sending its ServerHello.
1199
- *
1200
- * 2) The ClientHello was well-formed but didn't match the server's
1201
- * configuration.
1202
- *
1203
- * For example, the client might not have offered a key share which
1204
- * the server supports, or the server might require a cookie.
1205
- *
1206
- * In this case, the server sends a HelloRetryRequest.
1207
- *
1208
- * 3) The ClientHello was ill-formed
1209
- *
1210
- * In this case, we abort the handshake.
1211
- *
1212
- */
1213
-
1214
- /*
1215
- * Structure of this message:
1216
- *
1217
- * uint16 ProtocolVersion;
1218
- * opaque Random[32];
1219
- * uint8 CipherSuite[2]; // Cryptographic suite selector
1220
- *
1221
- * struct {
1222
- * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
1223
- * Random random;
1224
- * opaque legacy_session_id<0..32>;
1225
- * CipherSuite cipher_suites<2..2^16-2>;
1226
- * opaque legacy_compression_methods<1..2^8-1>;
1227
- * Extension extensions<8..2^16-1>;
1228
- * } ClientHello;
1229
- */
1230
-
1231
- #define SSL_CLIENT_HELLO_OK 0
1232
- #define SSL_CLIENT_HELLO_HRR_REQUIRED 1
1233
- #define SSL_CLIENT_HELLO_TLS1_2 2
1234
-
1235
- MBEDTLS_CHECK_RETURN_CRITICAL
1236
- static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
1237
- const unsigned char *buf,
1238
- const unsigned char *end)
1239
- {
1240
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1241
- const unsigned char *p = buf;
1242
- const unsigned char *random;
1243
- size_t legacy_session_id_len;
1244
- const unsigned char *legacy_session_id;
1245
- size_t cipher_suites_len;
1246
- const unsigned char *cipher_suites;
1247
- const unsigned char *cipher_suites_end;
1248
- size_t extensions_len;
1249
- const unsigned char *extensions_end;
1250
- const unsigned char *supported_versions_data;
1251
- const unsigned char *supported_versions_data_end;
1252
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1253
- int hrr_required = 0;
1254
- int no_usable_share_for_key_agreement = 0;
1255
-
1256
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
1257
- const unsigned char *pre_shared_key_ext = NULL;
1258
- const unsigned char *pre_shared_key_ext_end = NULL;
1259
- #endif
1260
-
1261
- /*
1262
- * ClientHello layout:
1263
- * 0 . 1 protocol version
1264
- * 2 . 33 random bytes
1265
- * 34 . 34 session id length ( 1 byte )
1266
- * 35 . 34+x session id
1267
- * .. . .. ciphersuite list length ( 2 bytes )
1268
- * .. . .. ciphersuite list
1269
- * .. . .. compression alg. list length ( 1 byte )
1270
- * .. . .. compression alg. list
1271
- * .. . .. extensions length ( 2 bytes, optional )
1272
- * .. . .. extensions ( optional )
1273
- */
1274
-
1275
- /*
1276
- * Minimal length ( with everything empty and extensions omitted ) is
1277
- * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
1278
- * read at least up to session id length without worrying.
1279
- */
1280
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 38);
1281
-
1282
- /* ...
1283
- * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
1284
- * ...
1285
- * with ProtocolVersion defined as:
1286
- * uint16 ProtocolVersion;
1287
- */
1288
- if (mbedtls_ssl_read_version(p, ssl->conf->transport) !=
1289
- MBEDTLS_SSL_VERSION_TLS1_2) {
1290
- MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS."));
1291
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
1292
- MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
1293
- return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
1294
- }
1295
- p += 2;
1296
-
1297
- /* ...
1298
- * Random random;
1299
- * ...
1300
- * with Random defined as:
1301
- * opaque Random[32];
1302
- */
1303
- random = p;
1304
- p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
1305
-
1306
- /* ...
1307
- * opaque legacy_session_id<0..32>;
1308
- * ...
1309
- */
1310
- legacy_session_id_len = *(p++);
1311
- legacy_session_id = p;
1312
-
1313
- /*
1314
- * Check we have enough data for the legacy session identifier
1315
- * and the ciphersuite list length.
1316
- */
1317
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_len + 2);
1318
- p += legacy_session_id_len;
1319
-
1320
- /* ...
1321
- * CipherSuite cipher_suites<2..2^16-2>;
1322
- * ...
1323
- * with CipherSuite defined as:
1324
- * uint8 CipherSuite[2];
1325
- */
1326
- cipher_suites_len = MBEDTLS_GET_UINT16_BE(p, 0);
1327
- p += 2;
1328
- cipher_suites = p;
1329
-
1330
- /*
1331
- * The length of the ciphersuite list has to be even.
1332
- */
1333
- if (cipher_suites_len & 1) {
1334
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
1335
- MBEDTLS_ERR_SSL_DECODE_ERROR);
1336
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1337
- }
1338
-
1339
- /* Check we have enough data for the ciphersuite list, the legacy
1340
- * compression methods and the length of the extensions.
1341
- *
1342
- * cipher_suites cipher_suites_len bytes
1343
- * legacy_compression_methods 2 bytes
1344
- * extensions_len 2 bytes
1345
- */
1346
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 2 + 2);
1347
- p += cipher_suites_len;
1348
- cipher_suites_end = p;
1349
-
1350
- /*
1351
- * Search for the supported versions extension and parse it to determine
1352
- * if the client supports TLS 1.3.
1353
- */
1354
- ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts(
1355
- ssl, p + 2, end,
1356
- &supported_versions_data, &supported_versions_data_end);
1357
- if (ret < 0) {
1358
- MBEDTLS_SSL_DEBUG_RET(1,
1359
- ("mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts"), ret);
1360
- return ret;
1361
- }
1362
-
1363
- if (ret == 0) {
1364
- return SSL_CLIENT_HELLO_TLS1_2;
1365
- }
1366
-
1367
- if (ret == 1) {
1368
- ret = ssl_tls13_parse_supported_versions_ext(ssl,
1369
- supported_versions_data,
1370
- supported_versions_data_end);
1371
- if (ret < 0) {
1372
- MBEDTLS_SSL_DEBUG_RET(1,
1373
- ("ssl_tls13_parse_supported_versions_ext"), ret);
1374
- return ret;
1375
- }
1376
-
1377
- /*
1378
- * The supported versions extension was parsed successfully as the
1379
- * value returned by ssl_tls13_parse_supported_versions_ext() is
1380
- * positive. The return value is then equal to
1381
- * MBEDTLS_SSL_VERSION_TLS1_2 or MBEDTLS_SSL_VERSION_TLS1_3, defining
1382
- * the TLS version to negotiate.
1383
- */
1384
- if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) {
1385
- return SSL_CLIENT_HELLO_TLS1_2;
1386
- }
1387
- }
1388
-
1389
- /*
1390
- * We negotiate TLS 1.3.
1391
- */
1392
- ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1393
-
1394
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1395
- /* Store minor version for later use with ticket serialization. */
1396
- ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
1397
- ssl->session_negotiate->endpoint = ssl->conf->endpoint;
1398
- #endif
1399
-
1400
- /*
1401
- * We are negotiating the version 1.3 of the protocol. Do what we have
1402
- * postponed: copy of the client random bytes, copy of the legacy session
1403
- * identifier and selection of the TLS 1.3 cipher suite.
1404
- */
1405
- MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes",
1406
- random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
1407
- memcpy(&handshake->randbytes[0], random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
1408
-
1409
- if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) {
1410
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
1411
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
1412
- }
1413
- ssl->session_negotiate->id_len = legacy_session_id_len;
1414
- MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id",
1415
- legacy_session_id, legacy_session_id_len);
1416
- memcpy(&ssl->session_negotiate->id[0],
1417
- legacy_session_id, legacy_session_id_len);
1418
-
1419
- /*
1420
- * Search for a matching ciphersuite
1421
- */
1422
- MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites",
1423
- cipher_suites, cipher_suites_len);
1424
- for (const unsigned char *cipher_suites_p = cipher_suites;
1425
- cipher_suites_p < cipher_suites_end; cipher_suites_p += 2) {
1426
- uint16_t cipher_suite;
1427
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1428
-
1429
- /*
1430
- * "cipher_suites_end - cipher_suites_p is even" is an invariant of the
1431
- * loop. As cipher_suites_end - cipher_suites_p > 0, we have
1432
- * cipher_suites_end - cipher_suites_p >= 2 and it is thus safe to read
1433
- * two bytes.
1434
- */
1435
- cipher_suite = MBEDTLS_GET_UINT16_BE(cipher_suites_p, 0);
1436
- ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
1437
- ssl, cipher_suite);
1438
- if (ciphersuite_info == NULL) {
1439
- continue;
1440
- }
1441
-
1442
- ssl->session_negotiate->ciphersuite = cipher_suite;
1443
- handshake->ciphersuite_info = ciphersuite_info;
1444
- MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
1445
- cipher_suite,
1446
- ciphersuite_info->name));
1447
- break;
1448
- }
1449
-
1450
- if (handshake->ciphersuite_info == NULL) {
1451
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
1452
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
1453
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
1454
- }
1455
-
1456
- /* ...
1457
- * opaque legacy_compression_methods<1..2^8-1>;
1458
- * ...
1459
- */
1460
- if (p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL) {
1461
- MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method"));
1462
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
1463
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
1464
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1465
- }
1466
- p += 2;
1467
-
1468
- /* ...
1469
- * Extension extensions<8..2^16-1>;
1470
- * ...
1471
- * with Extension defined as:
1472
- * struct {
1473
- * ExtensionType extension_type;
1474
- * opaque extension_data<0..2^16-1>;
1475
- * } Extension;
1476
- */
1477
- extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
1478
- p += 2;
1479
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
1480
- extensions_end = p + extensions_len;
1481
-
1482
- MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", p, extensions_len);
1483
- handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
1484
-
1485
- while (p < extensions_end) {
1486
- unsigned int extension_type;
1487
- size_t extension_data_len;
1488
- const unsigned char *extension_data_end;
1489
-
1490
- /* RFC 8446, section 4.2.11
1491
- *
1492
- * The "pre_shared_key" extension MUST be the last extension in the
1493
- * ClientHello (this facilitates implementation as described below).
1494
- * Servers MUST check that it is the last extension and otherwise fail
1495
- * the handshake with an "illegal_parameter" alert.
1496
- */
1497
- if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
1498
- MBEDTLS_SSL_DEBUG_MSG(
1499
- 3, ("pre_shared_key is not last extension."));
1500
- MBEDTLS_SSL_PEND_FATAL_ALERT(
1501
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
1502
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
1503
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1504
- }
1505
-
1506
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
1507
- extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
1508
- extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
1509
- p += 4;
1510
-
1511
- MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
1512
- extension_data_end = p + extension_data_len;
1513
-
1514
- ret = mbedtls_ssl_tls13_check_received_extension(
1515
- ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
1516
- MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH);
1517
- if (ret != 0) {
1518
- return ret;
1519
- }
1520
-
1521
- switch (extension_type) {
1522
- #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
1523
- case MBEDTLS_TLS_EXT_SERVERNAME:
1524
- MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension"));
1525
- ret = mbedtls_ssl_parse_server_name_ext(ssl, p,
1526
- extension_data_end);
1527
- if (ret != 0) {
1528
- MBEDTLS_SSL_DEBUG_RET(
1529
- 1, "mbedtls_ssl_parse_servername_ext", ret);
1530
- return ret;
1531
- }
1532
- break;
1533
- #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
1534
-
1535
- #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
1536
- case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
1537
- MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension"));
1538
-
1539
- /* Supported Groups Extension
1540
- *
1541
- * When sent by the client, the "supported_groups" extension
1542
- * indicates the named groups which the client supports,
1543
- * ordered from most preferred to least preferred.
1544
- */
1545
- ret = ssl_tls13_parse_supported_groups_ext(
1546
- ssl, p, extension_data_end);
1547
- if (ret != 0) {
1548
- MBEDTLS_SSL_DEBUG_RET(
1549
- 1, "ssl_tls13_parse_supported_groups_ext", ret);
1550
- return ret;
1551
- }
1552
-
1553
- break;
1554
- #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/
1555
-
1556
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
1557
- case MBEDTLS_TLS_EXT_KEY_SHARE:
1558
- MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension"));
1559
-
1560
- /*
1561
- * Key Share Extension
1562
- *
1563
- * When sent by the client, the "key_share" extension
1564
- * contains the endpoint's cryptographic parameters for
1565
- * ECDHE/DHE key establishment methods.
1566
- */
1567
- ret = ssl_tls13_parse_key_shares_ext(
1568
- ssl, p, extension_data_end);
1569
- if (ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH) {
1570
- MBEDTLS_SSL_DEBUG_MSG(2, ("No usable share for key agreement."));
1571
- no_usable_share_for_key_agreement = 1;
1572
- }
1573
-
1574
- if (ret < 0) {
1575
- MBEDTLS_SSL_DEBUG_RET(
1576
- 1, "ssl_tls13_parse_key_shares_ext", ret);
1577
- return ret;
1578
- }
1579
-
1580
- break;
1581
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
1582
-
1583
- case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
1584
- /* Already parsed */
1585
- break;
1586
-
1587
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
1588
- case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
1589
- MBEDTLS_SSL_DEBUG_MSG(
1590
- 3, ("found psk key exchange modes extension"));
1591
-
1592
- ret = ssl_tls13_parse_key_exchange_modes_ext(
1593
- ssl, p, extension_data_end);
1594
- if (ret != 0) {
1595
- MBEDTLS_SSL_DEBUG_RET(
1596
- 1, "ssl_tls13_parse_key_exchange_modes_ext", ret);
1597
- return ret;
1598
- }
1599
-
1600
- break;
1601
- #endif
1602
-
1603
- case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
1604
- MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension"));
1605
- if ((handshake->received_extensions &
1606
- MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)) == 0) {
1607
- MBEDTLS_SSL_PEND_FATAL_ALERT(
1608
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
1609
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
1610
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
1611
- }
1612
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
1613
- /* Delay processing of the PSK identity once we have
1614
- * found out which algorithms to use. We keep a pointer
1615
- * to the buffer and the size for later processing.
1616
- */
1617
- pre_shared_key_ext = p;
1618
- pre_shared_key_ext_end = extension_data_end;
1619
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
1620
- break;
1621
-
1622
- #if defined(MBEDTLS_SSL_ALPN)
1623
- case MBEDTLS_TLS_EXT_ALPN:
1624
- MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
1625
-
1626
- ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end);
1627
- if (ret != 0) {
1628
- MBEDTLS_SSL_DEBUG_RET(
1629
- 1, ("mbedtls_ssl_parse_alpn_ext"), ret);
1630
- return ret;
1631
- }
1632
- break;
1633
- #endif /* MBEDTLS_SSL_ALPN */
1634
-
1635
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
1636
- case MBEDTLS_TLS_EXT_SIG_ALG:
1637
- MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension"));
1638
-
1639
- ret = mbedtls_ssl_parse_sig_alg_ext(
1640
- ssl, p, extension_data_end);
1641
- if (ret != 0) {
1642
- MBEDTLS_SSL_DEBUG_RET(
1643
- 1, "mbedtls_ssl_parse_sig_alg_ext", ret);
1644
- return ret;
1645
- }
1646
- break;
1647
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
1648
-
1649
- #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
1650
- case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
1651
- MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
1652
-
1653
- ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
1654
- ssl, p, extension_data_end);
1655
-
1656
- /*
1657
- * TODO: Return unconditionally here until we handle the record
1658
- * size limit correctly.
1659
- * Once handled correctly, only return in case of errors.
1660
- */
1661
- return ret;
1662
-
1663
- break;
1664
- #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
1665
-
1666
- default:
1667
- MBEDTLS_SSL_PRINT_EXT(
1668
- 3, MBEDTLS_SSL_HS_CLIENT_HELLO,
1669
- extension_type, "( ignored )");
1670
- break;
1671
- }
1672
-
1673
- p += extension_data_len;
1674
- }
1675
-
1676
- MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
1677
- handshake->received_extensions);
1678
-
1679
- ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
1680
- MBEDTLS_SSL_HS_CLIENT_HELLO,
1681
- p - buf);
1682
- if (0 != ret) {
1683
- MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret);
1684
- return ret;
1685
- }
1686
-
1687
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
1688
- /* Update checksum with either
1689
- * - The entire content of the CH message, if no PSK extension is present
1690
- * - The content up to but excluding the PSK extension, if present.
1691
- */
1692
- /* If we've settled on a PSK-based exchange, parse PSK identity ext */
1693
- if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
1694
- mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
1695
- (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
1696
- ret = handshake->update_checksum(ssl, buf,
1697
- pre_shared_key_ext - buf);
1698
- if (0 != ret) {
1699
- MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
1700
- return ret;
1701
- }
1702
- ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
1703
- pre_shared_key_ext,
1704
- pre_shared_key_ext_end,
1705
- cipher_suites,
1706
- cipher_suites_end);
1707
- if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
1708
- handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY);
1709
- } else if (ret != 0) {
1710
- MBEDTLS_SSL_DEBUG_RET(
1711
- 1, "ssl_tls13_parse_pre_shared_key_ext", ret);
1712
- return ret;
1713
- }
1714
- } else
1715
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
1716
- {
1717
- ret = handshake->update_checksum(ssl, buf, p - buf);
1718
- if (0 != ret) {
1719
- MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
1720
- return ret;
1721
- }
1722
- }
1723
-
1724
- ret = ssl_tls13_determine_key_exchange_mode(ssl);
1725
- if (ret < 0) {
1726
- return ret;
1727
- }
1728
-
1729
- if (ssl->handshake->key_exchange_mode !=
1730
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) {
1731
- hrr_required = (no_usable_share_for_key_agreement != 0);
1732
- }
1733
-
1734
- mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info);
1735
-
1736
- return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK;
1737
- }
1738
-
1739
- /* Update the handshake state machine */
1740
-
1741
- MBEDTLS_CHECK_RETURN_CRITICAL
1742
- static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
1743
- {
1744
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1745
-
1746
- /*
1747
- * Server certificate selection
1748
- */
1749
- if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) {
1750
- MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret);
1751
- return ret;
1752
- }
1753
- #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
1754
- ssl->handshake->sni_name = NULL;
1755
- ssl->handshake->sni_name_len = 0;
1756
- #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
1757
-
1758
- ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
1759
- if (ret != 0) {
1760
- MBEDTLS_SSL_DEBUG_RET(1,
1761
- "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret);
1762
- return ret;
1763
- }
1764
-
1765
- return 0;
1766
-
1767
- }
1768
-
1769
- /*
1770
- * Main entry point from the state machine; orchestrates the otherfunctions.
1771
- */
1772
-
1773
- MBEDTLS_CHECK_RETURN_CRITICAL
1774
- static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
1775
- {
1776
-
1777
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1778
- unsigned char *buf = NULL;
1779
- size_t buflen = 0;
1780
- int parse_client_hello_ret;
1781
-
1782
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello"));
1783
-
1784
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
1785
- ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
1786
- &buf, &buflen));
1787
-
1788
- MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf,
1789
- buf + buflen));
1790
- parse_client_hello_ret = ret; /* Store positive return value of
1791
- * parse_client_hello,
1792
- * as negative error codes are handled
1793
- * by MBEDTLS_SSL_PROC_CHK_NEG. */
1794
-
1795
- /*
1796
- * Version 1.2 of the protocol has been chosen, set the
1797
- * ssl->keep_current_message flag for the ClientHello to be kept and parsed
1798
- * as a TLS 1.2 ClientHello. We also change ssl->tls_version to
1799
- * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step()
1800
- * will dispatch to the TLS 1.2 state machine.
1801
- */
1802
- if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) {
1803
- ssl->keep_current_message = 1;
1804
- ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
1805
- return 0;
1806
- }
1807
-
1808
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl));
1809
-
1810
- if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) {
1811
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
1812
- } else {
1813
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST);
1814
- }
1815
-
1816
- cleanup:
1817
-
1818
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello"));
1819
- return ret;
1820
- }
1821
-
1822
- /*
1823
- * Handler for MBEDTLS_SSL_SERVER_HELLO
1824
- */
1825
- MBEDTLS_CHECK_RETURN_CRITICAL
1826
- static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl)
1827
- {
1828
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1829
- unsigned char *server_randbytes =
1830
- ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
1831
- if (ssl->conf->f_rng == NULL) {
1832
- MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
1833
- return MBEDTLS_ERR_SSL_NO_RNG;
1834
- }
1835
-
1836
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
1837
- MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
1838
- MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
1839
- return ret;
1840
- }
1841
-
1842
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", server_randbytes,
1843
- MBEDTLS_SERVER_HELLO_RANDOM_LEN);
1844
-
1845
- #if defined(MBEDTLS_HAVE_TIME)
1846
- ssl->session_negotiate->start = mbedtls_time(NULL);
1847
- #endif /* MBEDTLS_HAVE_TIME */
1848
-
1849
- return ret;
1850
- }
1851
-
1852
- /*
1853
- * ssl_tls13_write_server_hello_supported_versions_ext ():
1854
- *
1855
- * struct {
1856
- * ProtocolVersion selected_version;
1857
- * } SupportedVersions;
1858
- */
1859
- MBEDTLS_CHECK_RETURN_CRITICAL
1860
- static int ssl_tls13_write_server_hello_supported_versions_ext(
1861
- mbedtls_ssl_context *ssl,
1862
- unsigned char *buf,
1863
- unsigned char *end,
1864
- size_t *out_len)
1865
- {
1866
- *out_len = 0;
1867
-
1868
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, write selected version"));
1869
-
1870
- /* Check if we have space to write the extension:
1871
- * - extension_type (2 bytes)
1872
- * - extension_data_length (2 bytes)
1873
- * - selected_version (2 bytes)
1874
- */
1875
- MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6);
1876
-
1877
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0);
1878
-
1879
- MBEDTLS_PUT_UINT16_BE(2, buf, 2);
1880
-
1881
- mbedtls_ssl_write_version(buf + 4,
1882
- ssl->conf->transport,
1883
- ssl->tls_version);
1884
-
1885
- MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [%04x]",
1886
- ssl->tls_version));
1887
-
1888
- *out_len = 6;
1889
-
1890
- mbedtls_ssl_tls13_set_hs_sent_ext_mask(
1891
- ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS);
1892
-
1893
- return 0;
1894
- }
1895
-
1896
-
1897
-
1898
- /* Generate and export a single key share. For hybrid KEMs, this can
1899
- * be called multiple times with the different components of the hybrid. */
1900
- MBEDTLS_CHECK_RETURN_CRITICAL
1901
- static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
1902
- uint16_t named_group,
1903
- unsigned char *buf,
1904
- unsigned char *end,
1905
- size_t *out_len)
1906
- {
1907
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1908
-
1909
- *out_len = 0;
1910
-
1911
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
1912
- if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) ||
1913
- mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
1914
- ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
1915
- ssl, named_group, buf, end, out_len);
1916
- if (ret != 0) {
1917
- MBEDTLS_SSL_DEBUG_RET(
1918
- 1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange",
1919
- ret);
1920
- return ret;
1921
- }
1922
- } else
1923
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
1924
- if (0 /* Other kinds of KEMs */) {
1925
- } else {
1926
- ((void) ssl);
1927
- ((void) named_group);
1928
- ((void) buf);
1929
- ((void) end);
1930
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
1931
- }
1932
-
1933
- return ret;
1934
- }
1935
-
1936
- /*
1937
- * ssl_tls13_write_key_share_ext
1938
- *
1939
- * Structure of key_share extension in ServerHello:
1940
- *
1941
- * struct {
1942
- * NamedGroup group;
1943
- * opaque key_exchange<1..2^16-1>;
1944
- * } KeyShareEntry;
1945
- * struct {
1946
- * KeyShareEntry server_share;
1947
- * } KeyShareServerHello;
1948
- */
1949
- MBEDTLS_CHECK_RETURN_CRITICAL
1950
- static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
1951
- unsigned char *buf,
1952
- unsigned char *end,
1953
- size_t *out_len)
1954
- {
1955
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1956
- unsigned char *p = buf;
1957
- uint16_t group = ssl->handshake->offered_group_id;
1958
- unsigned char *server_share = buf + 4;
1959
- size_t key_exchange_length;
1960
-
1961
- *out_len = 0;
1962
-
1963
- MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding key share extension"));
1964
-
1965
- MBEDTLS_SSL_DEBUG_MSG(2, ("server hello, write selected_group: %s (%04x)",
1966
- mbedtls_ssl_named_group_to_str(group),
1967
- group));
1968
-
1969
- /* Check if we have space for header and length fields:
1970
- * - extension_type (2 bytes)
1971
- * - extension_data_length (2 bytes)
1972
- * - group (2 bytes)
1973
- * - key_exchange_length (2 bytes)
1974
- */
1975
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8);
1976
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, p, 0);
1977
- MBEDTLS_PUT_UINT16_BE(group, server_share, 0);
1978
- p += 8;
1979
-
1980
- /* When we introduce PQC-ECDHE hybrids, we'll want to call this
1981
- * function multiple times. */
1982
- ret = ssl_tls13_generate_and_write_key_share(
1983
- ssl, group, server_share + 4, end, &key_exchange_length);
1984
- if (ret != 0) {
1985
- return ret;
1986
- }
1987
- p += key_exchange_length;
1988
-
1989
- MBEDTLS_PUT_UINT16_BE(key_exchange_length, server_share + 2, 0);
1990
-
1991
- MBEDTLS_PUT_UINT16_BE(p - server_share, buf, 2);
1992
-
1993
- *out_len = p - buf;
1994
-
1995
- mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
1996
-
1997
- return 0;
1998
- }
1999
-
2000
- MBEDTLS_CHECK_RETURN_CRITICAL
2001
- static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl,
2002
- unsigned char *buf,
2003
- unsigned char *end,
2004
- size_t *out_len)
2005
- {
2006
- uint16_t selected_group = ssl->handshake->hrr_selected_group;
2007
- /* key_share Extension
2008
- *
2009
- * struct {
2010
- * select (Handshake.msg_type) {
2011
- * ...
2012
- * case hello_retry_request:
2013
- * NamedGroup selected_group;
2014
- * ...
2015
- * };
2016
- * } KeyShare;
2017
- */
2018
-
2019
- *out_len = 0;
2020
-
2021
- /*
2022
- * For a pure PSK key exchange, there is no group to agree upon. The purpose
2023
- * of the HRR is then to transmit a cookie to force the client to demonstrate
2024
- * reachability at their apparent network address (primarily useful for DTLS).
2025
- */
2026
- if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
2027
- return 0;
2028
- }
2029
-
2030
- /* We should only send the key_share extension if the client's initial
2031
- * key share was not acceptable. */
2032
- if (ssl->handshake->offered_group_id != 0) {
2033
- MBEDTLS_SSL_DEBUG_MSG(4, ("Skip key_share extension in HRR"));
2034
- return 0;
2035
- }
2036
-
2037
- if (selected_group == 0) {
2038
- MBEDTLS_SSL_DEBUG_MSG(1, ("no matching named group found"));
2039
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
2040
- }
2041
-
2042
- /* Check if we have enough space:
2043
- * - extension_type (2 bytes)
2044
- * - extension_data_length (2 bytes)
2045
- * - selected_group (2 bytes)
2046
- */
2047
- MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6);
2048
-
2049
- MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0);
2050
- MBEDTLS_PUT_UINT16_BE(2, buf, 2);
2051
- MBEDTLS_PUT_UINT16_BE(selected_group, buf, 4);
2052
-
2053
- MBEDTLS_SSL_DEBUG_MSG(3,
2054
- ("HRR selected_group: %s (%x)",
2055
- mbedtls_ssl_named_group_to_str(selected_group),
2056
- selected_group));
2057
-
2058
- *out_len = 6;
2059
-
2060
- mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
2061
-
2062
- return 0;
2063
- }
2064
-
2065
- /*
2066
- * Structure of ServerHello message:
2067
- *
2068
- * struct {
2069
- * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
2070
- * Random random;
2071
- * opaque legacy_session_id_echo<0..32>;
2072
- * CipherSuite cipher_suite;
2073
- * uint8 legacy_compression_method = 0;
2074
- * Extension extensions<6..2^16-1>;
2075
- * } ServerHello;
2076
- */
2077
- MBEDTLS_CHECK_RETURN_CRITICAL
2078
- static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl,
2079
- unsigned char *buf,
2080
- unsigned char *end,
2081
- size_t *out_len,
2082
- int is_hrr)
2083
- {
2084
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2085
- unsigned char *p = buf;
2086
- unsigned char *p_extensions_len;
2087
- size_t output_len;
2088
-
2089
- *out_len = 0;
2090
- ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
2091
-
2092
- /* ...
2093
- * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
2094
- * ...
2095
- * with ProtocolVersion defined as:
2096
- * uint16 ProtocolVersion;
2097
- */
2098
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
2099
- MBEDTLS_PUT_UINT16_BE(0x0303, p, 0);
2100
- p += 2;
2101
-
2102
- /* ...
2103
- * Random random;
2104
- * ...
2105
- * with Random defined as:
2106
- * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
2107
- */
2108
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN);
2109
- if (is_hrr) {
2110
- memcpy(p, mbedtls_ssl_tls13_hello_retry_request_magic,
2111
- MBEDTLS_SERVER_HELLO_RANDOM_LEN);
2112
- } else {
2113
- memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
2114
- MBEDTLS_SERVER_HELLO_RANDOM_LEN);
2115
- }
2116
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes",
2117
- p, MBEDTLS_SERVER_HELLO_RANDOM_LEN);
2118
- p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
2119
-
2120
- /* ...
2121
- * opaque legacy_session_id_echo<0..32>;
2122
- * ...
2123
- */
2124
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len);
2125
- *p++ = (unsigned char) ssl->session_negotiate->id_len;
2126
- if (ssl->session_negotiate->id_len > 0) {
2127
- memcpy(p, &ssl->session_negotiate->id[0],
2128
- ssl->session_negotiate->id_len);
2129
- p += ssl->session_negotiate->id_len;
2130
-
2131
- MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id,
2132
- ssl->session_negotiate->id_len);
2133
- }
2134
-
2135
- /* ...
2136
- * CipherSuite cipher_suite;
2137
- * ...
2138
- * with CipherSuite defined as:
2139
- * uint8 CipherSuite[2];
2140
- */
2141
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
2142
- MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0);
2143
- p += 2;
2144
- MBEDTLS_SSL_DEBUG_MSG(3,
2145
- ("server hello, chosen ciphersuite: %s ( id=%d )",
2146
- mbedtls_ssl_get_ciphersuite_name(
2147
- ssl->session_negotiate->ciphersuite),
2148
- ssl->session_negotiate->ciphersuite));
2149
-
2150
- /* ...
2151
- * uint8 legacy_compression_method = 0;
2152
- * ...
2153
- */
2154
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1);
2155
- *p++ = MBEDTLS_SSL_COMPRESS_NULL;
2156
-
2157
- /* ...
2158
- * Extension extensions<6..2^16-1>;
2159
- * ...
2160
- * struct {
2161
- * ExtensionType extension_type; (2 bytes)
2162
- * opaque extension_data<0..2^16-1>;
2163
- * } Extension;
2164
- */
2165
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
2166
- p_extensions_len = p;
2167
- p += 2;
2168
-
2169
- if ((ret = ssl_tls13_write_server_hello_supported_versions_ext(
2170
- ssl, p, end, &output_len)) != 0) {
2171
- MBEDTLS_SSL_DEBUG_RET(
2172
- 1, "ssl_tls13_write_server_hello_supported_versions_ext", ret);
2173
- return ret;
2174
- }
2175
- p += output_len;
2176
-
2177
- if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
2178
- if (is_hrr) {
2179
- ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len);
2180
- } else {
2181
- ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len);
2182
- }
2183
- if (ret != 0) {
2184
- return ret;
2185
- }
2186
- p += output_len;
2187
- }
2188
-
2189
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
2190
- if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
2191
- ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len);
2192
- if (ret != 0) {
2193
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_server_pre_shared_key_ext",
2194
- ret);
2195
- return ret;
2196
- }
2197
- p += output_len;
2198
- }
2199
- #endif
2200
-
2201
- MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
2202
-
2203
- MBEDTLS_SSL_DEBUG_BUF(4, "server hello extensions",
2204
- p_extensions_len, p - p_extensions_len);
2205
-
2206
- *out_len = p - buf;
2207
-
2208
- MBEDTLS_SSL_DEBUG_BUF(3, "server hello", buf, *out_len);
2209
-
2210
- MBEDTLS_SSL_PRINT_EXTS(
2211
- 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
2212
- MBEDTLS_SSL_HS_SERVER_HELLO,
2213
- ssl->handshake->sent_extensions);
2214
-
2215
- return ret;
2216
- }
2217
-
2218
- MBEDTLS_CHECK_RETURN_CRITICAL
2219
- static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl)
2220
- {
2221
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2222
- ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl);
2223
- if (ret != 0) {
2224
- MBEDTLS_SSL_DEBUG_RET(1,
2225
- "mbedtls_ssl_tls13_compute_handshake_transform",
2226
- ret);
2227
- return ret;
2228
- }
2229
-
2230
- return ret;
2231
- }
2232
-
2233
- MBEDTLS_CHECK_RETURN_CRITICAL
2234
- static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
2235
- {
2236
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2237
- unsigned char *buf;
2238
- size_t buf_len, msg_len;
2239
-
2240
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello"));
2241
-
2242
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl));
2243
-
2244
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
2245
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len));
2246
-
2247
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
2248
- buf + buf_len,
2249
- &msg_len,
2250
- 0));
2251
-
2252
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
2253
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
2254
-
2255
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
2256
- ssl, buf_len, msg_len));
2257
-
2258
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl));
2259
-
2260
- #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
2261
- /* The server sends a dummy change_cipher_spec record immediately
2262
- * after its first handshake message. This may either be after
2263
- * a ServerHello or a HelloRetryRequest.
2264
- */
2265
- mbedtls_ssl_handshake_set_state(
2266
- ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO);
2267
- #else
2268
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
2269
- #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
2270
-
2271
- cleanup:
2272
-
2273
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
2274
- return ret;
2275
- }
2276
-
2277
-
2278
- /*
2279
- * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
2280
- */
2281
- MBEDTLS_CHECK_RETURN_CRITICAL
2282
- static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl)
2283
- {
2284
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2285
- if (ssl->handshake->hello_retry_request_count > 0) {
2286
- MBEDTLS_SSL_DEBUG_MSG(1, ("Too many HRRs"));
2287
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
2288
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
2289
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
2290
- }
2291
-
2292
- /*
2293
- * Create stateless transcript hash for HRR
2294
- */
2295
- MBEDTLS_SSL_DEBUG_MSG(4, ("Reset transcript for HRR"));
2296
- ret = mbedtls_ssl_reset_transcript_for_hrr(ssl);
2297
- if (ret != 0) {
2298
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_transcript_for_hrr", ret);
2299
- return ret;
2300
- }
2301
- mbedtls_ssl_session_reset_msg_layer(ssl, 0);
2302
-
2303
- return 0;
2304
- }
2305
-
2306
- MBEDTLS_CHECK_RETURN_CRITICAL
2307
- static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
2308
- {
2309
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2310
- unsigned char *buf;
2311
- size_t buf_len, msg_len;
2312
-
2313
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello retry request"));
2314
-
2315
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl));
2316
-
2317
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
2318
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
2319
- &buf, &buf_len));
2320
-
2321
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
2322
- buf + buf_len,
2323
- &msg_len,
2324
- 1));
2325
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
2326
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
2327
-
2328
-
2329
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
2330
- msg_len));
2331
-
2332
- ssl->handshake->hello_retry_request_count++;
2333
-
2334
- #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
2335
- /* The server sends a dummy change_cipher_spec record immediately
2336
- * after its first handshake message. This may either be after
2337
- * a ServerHello or a HelloRetryRequest.
2338
- */
2339
- mbedtls_ssl_handshake_set_state(
2340
- ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST);
2341
- #else
2342
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
2343
- #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
2344
-
2345
- cleanup:
2346
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello retry request"));
2347
- return ret;
2348
- }
2349
-
2350
- /*
2351
- * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
2352
- */
2353
-
2354
- /*
2355
- * struct {
2356
- * Extension extensions<0..2 ^ 16 - 1>;
2357
- * } EncryptedExtensions;
2358
- *
2359
- */
2360
- MBEDTLS_CHECK_RETURN_CRITICAL
2361
- static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
2362
- unsigned char *buf,
2363
- unsigned char *end,
2364
- size_t *out_len)
2365
- {
2366
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2367
- unsigned char *p = buf;
2368
- size_t extensions_len = 0;
2369
- unsigned char *p_extensions_len;
2370
- size_t output_len;
2371
-
2372
- *out_len = 0;
2373
-
2374
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
2375
- p_extensions_len = p;
2376
- p += 2;
2377
-
2378
- ((void) ssl);
2379
- ((void) ret);
2380
- ((void) output_len);
2381
-
2382
- #if defined(MBEDTLS_SSL_ALPN)
2383
- ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len);
2384
- if (ret != 0) {
2385
- return ret;
2386
- }
2387
- p += output_len;
2388
- #endif /* MBEDTLS_SSL_ALPN */
2389
-
2390
- extensions_len = (p - p_extensions_len) - 2;
2391
- MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
2392
-
2393
- *out_len = p - buf;
2394
-
2395
- MBEDTLS_SSL_DEBUG_BUF(4, "encrypted extensions", buf, *out_len);
2396
-
2397
- MBEDTLS_SSL_PRINT_EXTS(
2398
- 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions);
2399
-
2400
- return 0;
2401
- }
2402
-
2403
- MBEDTLS_CHECK_RETURN_CRITICAL
2404
- static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
2405
- {
2406
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2407
- unsigned char *buf;
2408
- size_t buf_len, msg_len;
2409
-
2410
- mbedtls_ssl_set_outbound_transform(ssl,
2411
- ssl->handshake->transform_handshake);
2412
- MBEDTLS_SSL_DEBUG_MSG(
2413
- 3, ("switching to handshake transform for outbound data"));
2414
-
2415
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions"));
2416
-
2417
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
2418
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
2419
- &buf, &buf_len));
2420
-
2421
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
2422
- ssl, buf, buf + buf_len, &msg_len));
2423
-
2424
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
2425
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
2426
- buf, msg_len));
2427
-
2428
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
2429
- ssl, buf_len, msg_len));
2430
-
2431
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
2432
- if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
2433
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2434
- } else {
2435
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
2436
- }
2437
- #else
2438
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2439
- #endif
2440
-
2441
- cleanup:
2442
-
2443
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write encrypted extensions"));
2444
- return ret;
2445
- }
2446
-
2447
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
2448
- #define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
2449
- #define SSL_CERTIFICATE_REQUEST_SKIP 1
2450
- /* Coordination:
2451
- * Check whether a CertificateRequest message should be written.
2452
- * Returns a negative code on failure, or
2453
- * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST
2454
- * - SSL_CERTIFICATE_REQUEST_SKIP
2455
- * indicating if the writing of the CertificateRequest
2456
- * should be skipped or not.
2457
- */
2458
- MBEDTLS_CHECK_RETURN_CRITICAL
2459
- static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl)
2460
- {
2461
- int authmode;
2462
-
2463
- #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
2464
- if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
2465
- authmode = ssl->handshake->sni_authmode;
2466
- } else
2467
- #endif
2468
- authmode = ssl->conf->authmode;
2469
-
2470
- if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
2471
- ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
2472
- return SSL_CERTIFICATE_REQUEST_SKIP;
2473
- }
2474
-
2475
- ssl->handshake->certificate_request_sent = 1;
2476
-
2477
- return SSL_CERTIFICATE_REQUEST_SEND_REQUEST;
2478
- }
2479
-
2480
- /*
2481
- * struct {
2482
- * opaque certificate_request_context<0..2^8-1>;
2483
- * Extension extensions<2..2^16-1>;
2484
- * } CertificateRequest;
2485
- *
2486
- */
2487
- MBEDTLS_CHECK_RETURN_CRITICAL
2488
- static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl,
2489
- unsigned char *buf,
2490
- const unsigned char *end,
2491
- size_t *out_len)
2492
- {
2493
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2494
- unsigned char *p = buf;
2495
- size_t output_len = 0;
2496
- unsigned char *p_extensions_len;
2497
-
2498
- *out_len = 0;
2499
-
2500
- /* Check if we have enough space:
2501
- * - certificate_request_context (1 byte)
2502
- * - extensions length (2 bytes)
2503
- */
2504
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3);
2505
-
2506
- /*
2507
- * Write certificate_request_context
2508
- */
2509
- /*
2510
- * We use a zero length context for the normal handshake
2511
- * messages. For post-authentication handshake messages
2512
- * this request context would be set to a non-zero value.
2513
- */
2514
- *p++ = 0x0;
2515
-
2516
- /*
2517
- * Write extensions
2518
- */
2519
- /* The extensions must contain the signature_algorithms. */
2520
- p_extensions_len = p;
2521
- p += 2;
2522
- ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
2523
- if (ret != 0) {
2524
- return ret;
2525
- }
2526
-
2527
- p += output_len;
2528
- MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
2529
-
2530
- *out_len = p - buf;
2531
-
2532
- MBEDTLS_SSL_PRINT_EXTS(
2533
- 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions);
2534
-
2535
- return 0;
2536
- }
2537
-
2538
- MBEDTLS_CHECK_RETURN_CRITICAL
2539
- static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
2540
- {
2541
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2542
-
2543
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
2544
-
2545
- MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl));
2546
-
2547
- if (ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST) {
2548
- unsigned char *buf;
2549
- size_t buf_len, msg_len;
2550
-
2551
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
2552
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
2553
- &buf, &buf_len));
2554
-
2555
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
2556
- ssl, buf, buf + buf_len, &msg_len));
2557
-
2558
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
2559
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
2560
- buf, msg_len));
2561
-
2562
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
2563
- ssl, buf_len, msg_len));
2564
- } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
2565
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
2566
- ret = 0;
2567
- } else {
2568
- MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
2569
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2570
- goto cleanup;
2571
- }
2572
-
2573
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE);
2574
- cleanup:
2575
-
2576
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request"));
2577
- return ret;
2578
- }
2579
-
2580
- /*
2581
- * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
2582
- */
2583
- MBEDTLS_CHECK_RETURN_CRITICAL
2584
- static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl)
2585
- {
2586
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2587
-
2588
- #if defined(MBEDTLS_X509_CRT_PARSE_C)
2589
- if ((ssl_tls13_pick_key_cert(ssl) != 0) ||
2590
- mbedtls_ssl_own_cert(ssl) == NULL) {
2591
- MBEDTLS_SSL_DEBUG_MSG(2, ("No certificate available."));
2592
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
2593
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
2594
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
2595
- }
2596
- #endif /* MBEDTLS_X509_CRT_PARSE_C */
2597
-
2598
- ret = mbedtls_ssl_tls13_write_certificate(ssl);
2599
- if (ret != 0) {
2600
- return ret;
2601
- }
2602
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY);
2603
- return 0;
2604
- }
2605
-
2606
- /*
2607
- * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
2608
- */
2609
- MBEDTLS_CHECK_RETURN_CRITICAL
2610
- static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl)
2611
- {
2612
- int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl);
2613
- if (ret != 0) {
2614
- return ret;
2615
- }
2616
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
2617
- return 0;
2618
- }
2619
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
2620
-
2621
- /*
2622
- * Handler for MBEDTLS_SSL_SERVER_FINISHED
2623
- */
2624
- MBEDTLS_CHECK_RETURN_CRITICAL
2625
- static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
2626
- {
2627
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2628
-
2629
- ret = mbedtls_ssl_tls13_write_finished_message(ssl);
2630
- if (ret != 0) {
2631
- return ret;
2632
- }
2633
-
2634
- ret = mbedtls_ssl_tls13_compute_application_transform(ssl);
2635
- if (ret != 0) {
2636
- MBEDTLS_SSL_PEND_FATAL_ALERT(
2637
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
2638
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
2639
- return ret;
2640
- }
2641
-
2642
- MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
2643
- mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake);
2644
-
2645
- if (ssl->handshake->certificate_request_sent) {
2646
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
2647
- } else {
2648
- MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate"));
2649
- MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
2650
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
2651
- }
2652
-
2653
- return 0;
2654
- }
2655
-
2656
- /*
2657
- * Handler for MBEDTLS_SSL_CLIENT_FINISHED
2658
- */
2659
- MBEDTLS_CHECK_RETURN_CRITICAL
2660
- static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl)
2661
- {
2662
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2663
-
2664
- ret = mbedtls_ssl_tls13_process_finished_message(ssl);
2665
- if (ret != 0) {
2666
- return ret;
2667
- }
2668
-
2669
- ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
2670
- if (ret != 0) {
2671
- MBEDTLS_SSL_DEBUG_RET(
2672
- 1, "mbedtls_ssl_tls13_compute_resumption_master_secret", ret);
2673
- }
2674
-
2675
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
2676
- return 0;
2677
- }
2678
-
2679
- /*
2680
- * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
2681
- */
2682
- MBEDTLS_CHECK_RETURN_CRITICAL
2683
- static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
2684
- {
2685
- MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
2686
-
2687
- mbedtls_ssl_tls13_handshake_wrapup(ssl);
2688
-
2689
- #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
2690
- defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
2691
- /* TODO: Remove the check of SOME_PSK_ENABLED since SESSION_TICKETS requires
2692
- * SOME_PSK_ENABLED to be enabled. Here is just to make CI happy. It is
2693
- * expected to be resolved with issue#6395.
2694
- */
2695
- /* Sent NewSessionTicket message only when client supports PSK */
2696
- if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
2697
- mbedtls_ssl_handshake_set_state(
2698
- ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
2699
- } else
2700
- #endif
2701
- {
2702
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
2703
- }
2704
- return 0;
2705
- }
2706
-
2707
- /*
2708
- * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
2709
- */
2710
- #define SSL_NEW_SESSION_TICKET_SKIP 0
2711
- #define SSL_NEW_SESSION_TICKET_WRITE 1
2712
- MBEDTLS_CHECK_RETURN_CRITICAL
2713
- static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl)
2714
- {
2715
- /* Check whether the use of session tickets is enabled */
2716
- if (ssl->conf->f_ticket_write == NULL) {
2717
- MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled,"
2718
- " callback is not set"));
2719
- return SSL_NEW_SESSION_TICKET_SKIP;
2720
- }
2721
- if (ssl->conf->new_session_tickets_count == 0) {
2722
- MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled,"
2723
- " configured count is zero"));
2724
- return SSL_NEW_SESSION_TICKET_SKIP;
2725
- }
2726
-
2727
- if (ssl->handshake->new_session_tickets_count == 0) {
2728
- MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: all tickets have "
2729
- "been sent."));
2730
- return SSL_NEW_SESSION_TICKET_SKIP;
2731
- }
2732
-
2733
- return SSL_NEW_SESSION_TICKET_WRITE;
2734
- }
2735
-
2736
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2737
- MBEDTLS_CHECK_RETURN_CRITICAL
2738
- static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
2739
- unsigned char *ticket_nonce,
2740
- size_t ticket_nonce_size)
2741
- {
2742
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2743
- mbedtls_ssl_session *session = ssl->session;
2744
- mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2745
- psa_algorithm_t psa_hash_alg;
2746
- int hash_length;
2747
-
2748
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg"));
2749
-
2750
- #if defined(MBEDTLS_HAVE_TIME)
2751
- session->start = mbedtls_time(NULL);
2752
- #endif
2753
-
2754
- /* Set ticket_flags depends on the advertised psk key exchange mode */
2755
- mbedtls_ssl_session_clear_ticket_flags(
2756
- session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
2757
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
2758
- mbedtls_ssl_session_set_ticket_flags(
2759
- session, ssl->handshake->tls13_kex_modes);
2760
- #endif
2761
- MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
2762
-
2763
- /* Generate ticket_age_add */
2764
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
2765
- (unsigned char *) &session->ticket_age_add,
2766
- sizeof(session->ticket_age_add)) != 0)) {
2767
- MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
2768
- return ret;
2769
- }
2770
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u",
2771
- (unsigned int) session->ticket_age_add));
2772
-
2773
- /* Generate ticket_nonce */
2774
- ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
2775
- if (ret != 0) {
2776
- MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
2777
- return ret;
2778
- }
2779
- MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:",
2780
- ticket_nonce, ticket_nonce_size);
2781
-
2782
- ciphersuite_info =
2783
- (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
2784
- psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
2785
- hash_length = PSA_HASH_LENGTH(psa_hash_alg);
2786
- if (hash_length == -1 ||
2787
- (size_t) hash_length > sizeof(session->resumption_key)) {
2788
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
2789
- }
2790
-
2791
- /* In this code the psk key length equals the length of the hash */
2792
- session->resumption_key_len = hash_length;
2793
- session->ciphersuite = ciphersuite_info->id;
2794
-
2795
- /* Compute resumption key
2796
- *
2797
- * HKDF-Expand-Label( resumption_master_secret,
2798
- * "resumption", ticket_nonce, Hash.length )
2799
- */
2800
- ret = mbedtls_ssl_tls13_hkdf_expand_label(
2801
- psa_hash_alg,
2802
- session->app_secrets.resumption_master_secret,
2803
- hash_length,
2804
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption),
2805
- ticket_nonce,
2806
- ticket_nonce_size,
2807
- session->resumption_key,
2808
- hash_length);
2809
-
2810
- if (ret != 0) {
2811
- MBEDTLS_SSL_DEBUG_RET(2,
2812
- "Creating the ticket-resumed PSK failed",
2813
- ret);
2814
- return ret;
2815
- }
2816
- MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK",
2817
- session->resumption_key,
2818
- session->resumption_key_len);
2819
-
2820
- MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret",
2821
- session->app_secrets.resumption_master_secret,
2822
- hash_length);
2823
-
2824
- return 0;
2825
- }
2826
-
2827
- /* This function creates a NewSessionTicket message in the following format:
2828
- *
2829
- * struct {
2830
- * uint32 ticket_lifetime;
2831
- * uint32 ticket_age_add;
2832
- * opaque ticket_nonce<0..255>;
2833
- * opaque ticket<1..2^16-1>;
2834
- * Extension extensions<0..2^16-2>;
2835
- * } NewSessionTicket;
2836
- *
2837
- * The ticket inside the NewSessionTicket message is an encrypted container
2838
- * carrying the necessary information so that the server is later able to
2839
- * re-start the communication.
2840
- *
2841
- * The following fields are placed inside the ticket by the
2842
- * f_ticket_write() function:
2843
- *
2844
- * - creation time (start)
2845
- * - flags (flags)
2846
- * - age add (ticket_age_add)
2847
- * - key (key)
2848
- * - key length (key_len)
2849
- * - ciphersuite (ciphersuite)
2850
- */
2851
- MBEDTLS_CHECK_RETURN_CRITICAL
2852
- static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
2853
- unsigned char *buf,
2854
- unsigned char *end,
2855
- size_t *out_len,
2856
- unsigned char *ticket_nonce,
2857
- size_t ticket_nonce_size)
2858
- {
2859
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2860
- unsigned char *p = buf;
2861
- mbedtls_ssl_session *session = ssl->session;
2862
- size_t ticket_len;
2863
- uint32_t ticket_lifetime;
2864
-
2865
- *out_len = 0;
2866
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg"));
2867
-
2868
- /*
2869
- * ticket_lifetime 4 bytes
2870
- * ticket_age_add 4 bytes
2871
- * ticket_nonce 1 + ticket_nonce_size bytes
2872
- * ticket >=2 bytes
2873
- */
2874
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2);
2875
-
2876
- /* Generate ticket and ticket_lifetime */
2877
- ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
2878
- session,
2879
- p + 9 + ticket_nonce_size + 2,
2880
- end,
2881
- &ticket_len,
2882
- &ticket_lifetime);
2883
- if (ret != 0) {
2884
- MBEDTLS_SSL_DEBUG_RET(1, "write_ticket", ret);
2885
- return ret;
2886
- }
2887
- /* RFC 8446 4.6.1
2888
- * ticket_lifetime: Indicates the lifetime in seconds as a 32-bit
2889
- * unsigned integer in network byte order from the time of ticket
2890
- * issuance. Servers MUST NOT use any value greater than
2891
- * 604800 seconds (7 days). The value of zero indicates that the
2892
- * ticket should be discarded immediately. Clients MUST NOT cache
2893
- * tickets for longer than 7 days, regardless of the ticket_lifetime,
2894
- * and MAY delete tickets earlier based on local policy. A server
2895
- * MAY treat a ticket as valid for a shorter period of time than what
2896
- * is stated in the ticket_lifetime.
2897
- */
2898
- if (ticket_lifetime > 604800) {
2899
- ticket_lifetime = 604800;
2900
- }
2901
- MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0);
2902
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u",
2903
- (unsigned int) ticket_lifetime));
2904
-
2905
- /* Write ticket_age_add */
2906
- MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 4);
2907
- MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u",
2908
- (unsigned int) session->ticket_age_add));
2909
-
2910
- /* Write ticket_nonce */
2911
- p[8] = (unsigned char) ticket_nonce_size;
2912
- if (ticket_nonce_size > 0) {
2913
- memcpy(p + 9, ticket_nonce, ticket_nonce_size);
2914
- }
2915
- p += 9 + ticket_nonce_size;
2916
-
2917
- /* Write ticket */
2918
- MBEDTLS_PUT_UINT16_BE(ticket_len, p, 0);
2919
- p += 2;
2920
- MBEDTLS_SSL_DEBUG_BUF(4, "ticket", p, ticket_len);
2921
- p += ticket_len;
2922
-
2923
- /* Ticket Extensions
2924
- *
2925
- * Note: We currently don't have any extensions.
2926
- * Set length to zero.
2927
- */
2928
- ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
2929
-
2930
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
2931
- MBEDTLS_PUT_UINT16_BE(0, p, 0);
2932
- p += 2;
2933
-
2934
- *out_len = p - buf;
2935
- MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len);
2936
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
2937
-
2938
- MBEDTLS_SSL_PRINT_EXTS(
2939
- 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions);
2940
-
2941
- return 0;
2942
- }
2943
-
2944
- /*
2945
- * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
2946
- */
2947
- static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl)
2948
- {
2949
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2950
-
2951
- MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl));
2952
-
2953
- if (ret == SSL_NEW_SESSION_TICKET_WRITE) {
2954
- unsigned char ticket_nonce[MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH];
2955
- unsigned char *buf;
2956
- size_t buf_len, msg_len;
2957
-
2958
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket(
2959
- ssl, ticket_nonce, sizeof(ticket_nonce)));
2960
-
2961
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
2962
- ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
2963
- &buf, &buf_len));
2964
-
2965
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body(
2966
- ssl, buf, buf + buf_len, &msg_len,
2967
- ticket_nonce, sizeof(ticket_nonce)));
2968
-
2969
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
2970
- ssl, buf_len, msg_len));
2971
-
2972
- /* Limit session tickets count to one when resumption connection.
2973
- *
2974
- * See document of mbedtls_ssl_conf_new_session_tickets.
2975
- */
2976
- if (ssl->handshake->resume == 1) {
2977
- ssl->handshake->new_session_tickets_count = 0;
2978
- } else {
2979
- ssl->handshake->new_session_tickets_count--;
2980
- }
2981
-
2982
- mbedtls_ssl_handshake_set_state(
2983
- ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH);
2984
- } else {
2985
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
2986
- }
2987
-
2988
- cleanup:
2989
-
2990
- return ret;
2991
- }
2992
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
2993
-
2994
- /*
2995
- * TLS 1.3 State Machine -- server side
2996
- */
2997
- int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
2998
- {
2999
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3000
-
3001
- if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
3002
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
3003
- }
3004
-
3005
- MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)",
3006
- mbedtls_ssl_states_str(ssl->state),
3007
- ssl->state));
3008
-
3009
- switch (ssl->state) {
3010
- /* start state */
3011
- case MBEDTLS_SSL_HELLO_REQUEST:
3012
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
3013
- ret = 0;
3014
- break;
3015
-
3016
- case MBEDTLS_SSL_CLIENT_HELLO:
3017
- ret = ssl_tls13_process_client_hello(ssl);
3018
- if (ret != 0) {
3019
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_process_client_hello", ret);
3020
- }
3021
- break;
3022
-
3023
- case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
3024
- ret = ssl_tls13_write_hello_retry_request(ssl);
3025
- if (ret != 0) {
3026
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_hello_retry_request", ret);
3027
- return ret;
3028
- }
3029
- break;
3030
-
3031
- case MBEDTLS_SSL_SERVER_HELLO:
3032
- ret = ssl_tls13_write_server_hello(ssl);
3033
- break;
3034
-
3035
- case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
3036
- ret = ssl_tls13_write_encrypted_extensions(ssl);
3037
- if (ret != 0) {
3038
- MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_encrypted_extensions", ret);
3039
- return ret;
3040
- }
3041
- break;
3042
-
3043
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
3044
- case MBEDTLS_SSL_CERTIFICATE_REQUEST:
3045
- ret = ssl_tls13_write_certificate_request(ssl);
3046
- break;
3047
-
3048
- case MBEDTLS_SSL_SERVER_CERTIFICATE:
3049
- ret = ssl_tls13_write_server_certificate(ssl);
3050
- break;
3051
-
3052
- case MBEDTLS_SSL_CERTIFICATE_VERIFY:
3053
- ret = ssl_tls13_write_certificate_verify(ssl);
3054
- break;
3055
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
3056
-
3057
- /*
3058
- * Injection of dummy-CCS's for middlebox compatibility
3059
- */
3060
- #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
3061
- case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST:
3062
- ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
3063
- if (ret == 0) {
3064
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
3065
- }
3066
- break;
3067
-
3068
- case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:
3069
- ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
3070
- if (ret == 0) {
3071
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
3072
- }
3073
- break;
3074
- #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
3075
-
3076
- case MBEDTLS_SSL_SERVER_FINISHED:
3077
- ret = ssl_tls13_write_server_finished(ssl);
3078
- break;
3079
-
3080
- case MBEDTLS_SSL_CLIENT_FINISHED:
3081
- ret = ssl_tls13_process_client_finished(ssl);
3082
- break;
3083
-
3084
- case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
3085
- ret = ssl_tls13_handshake_wrapup(ssl);
3086
- break;
3087
-
3088
- #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
3089
- case MBEDTLS_SSL_CLIENT_CERTIFICATE:
3090
- ret = mbedtls_ssl_tls13_process_certificate(ssl);
3091
- if (ret == 0) {
3092
- if (ssl->session_negotiate->peer_cert != NULL) {
3093
- mbedtls_ssl_handshake_set_state(
3094
- ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY);
3095
- } else {
3096
- MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
3097
- mbedtls_ssl_handshake_set_state(
3098
- ssl, MBEDTLS_SSL_CLIENT_FINISHED);
3099
- }
3100
- }
3101
- break;
3102
-
3103
- case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
3104
- ret = mbedtls_ssl_tls13_process_certificate_verify(ssl);
3105
- if (ret == 0) {
3106
- mbedtls_ssl_handshake_set_state(
3107
- ssl, MBEDTLS_SSL_CLIENT_FINISHED);
3108
- }
3109
- break;
3110
- #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
3111
-
3112
- #if defined(MBEDTLS_SSL_SESSION_TICKETS)
3113
- case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET:
3114
- ret = ssl_tls13_write_new_session_ticket(ssl);
3115
- if (ret != 0) {
3116
- MBEDTLS_SSL_DEBUG_RET(1,
3117
- "ssl_tls13_write_new_session_ticket ",
3118
- ret);
3119
- }
3120
- break;
3121
- case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:
3122
- /* This state is necessary to do the flush of the New Session
3123
- * Ticket message written in MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
3124
- * as part of ssl_prepare_handshake_step.
3125
- */
3126
- ret = 0;
3127
-
3128
- if (ssl->handshake->new_session_tickets_count == 0) {
3129
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
3130
- } else {
3131
- mbedtls_ssl_handshake_set_state(
3132
- ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
3133
- }
3134
- break;
3135
-
3136
- #endif /* MBEDTLS_SSL_SESSION_TICKETS */
3137
-
3138
- default:
3139
- MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
3140
- return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
3141
- }
3142
-
3143
- return ret;
3144
- }
3145
-
3146
- #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */