Home Explore Help
Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 6b6ad38e4f
Branches Tags
wolfssl
/
src
/
dtls.c

dtls.c 18 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708 
  1. /* dtls.c
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2023 wolfSSL Inc.
    4. 

  4.  *
    5. 

  5.  * This file is part of wolfSSL.
    6. 

  6.  *
    7. 

  7.  * wolfSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * wolfSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    20. 

  20.  */
    21. 

  21. 

  22. /*
    23. 

  23.  * WOLFSSL_DTLS_NO_HVR_ON_RESUME
    24. 

  24.  *     If defined, a DTLS server will not do a cookie exchange on successful
    25. 

  25.  *     client resumption: the resumption will be faster (one RTT less) and
    26. 

  26.  *     will consume less bandwidth (one ClientHello and one HelloVerifyRequest
    27. 

  27.  *     less). On the other hand, if a valid SessionID is collected, forged
    28. 

  28.  *     clientHello messages will consume resources on the server.
    29. 

  29.  */
    30. 

  30. 

  31. #ifdef HAVE_CONFIG_H
    32. 

  32. #include <config.h>
    33. 

  33. #endif
    34. 

  34. 

  35. #include <wolfssl/wolfcrypt/settings.h>
    36. 

  36. 

  37. #ifndef WOLFCRYPT_ONLY
    38. 

  38. 

  39. #include <wolfssl/error-ssl.h>
    40. 

  40. #include <wolfssl/internal.h>
    41. 

  41. #include <wolfssl/ssl.h>
    42. 

  42. #ifdef NO_INLINE
    43. 

  43.     #include <wolfssl/wolfcrypt/misc.h>
    44. 

  44. #else
    45. 

  45.     #define WOLFSSL_MISC_INCLUDED
    46. 

  46.     #include <wolfcrypt/src/misc.c>
    47. 

  47. #endif
    48. 

  48. 

  49. #ifdef WOLFSSL_DTLS
    50. 

  50. 

  51. void DtlsResetState(WOLFSSL* ssl)
    52. 

  52. {
    53. 

  53.     /* Reset the state so that we can statelessly await the
    54. 

  54.      * ClientHello that contains the cookie. Don't gate on IsAtLeastTLSv1_3
    55. 

  55.      * to handle the edge case when the peer wants a lower version. */
    56. 

  56. 

  57. #ifdef WOLFSSL_SEND_HRR_COOKIE
    58. 

  58.     /* Remove cookie so that it will get computed again */
    59. 

  59.     TLSX_Remove(&ssl->extensions, TLSX_COOKIE, ssl->heap);
    60. 

  60. #endif
    61. 

  61. 

  62.     /* Reset DTLS window */
    63. 

  63. #ifdef WOLFSSL_DTLS13
    64. 

  64.     w64Zero(&ssl->dtls13Epochs[0].nextSeqNumber);
    65. 

  65.     w64Zero(&ssl->dtls13Epochs[0].nextPeerSeqNumber);
    66. 

  66.     XMEMSET(ssl->dtls13Epochs[0].window, 0,
    67. 

  67.         sizeof(ssl->dtls13Epochs[0].window));
    68. 

  68.     Dtls13FreeFsmResources(ssl);
    69. 

  69. #endif
    70. 

  70.     ssl->keys.dtls_expected_peer_handshake_number = 0;
    71. 

  71.     ssl->keys.dtls_handshake_number = 0;
    72. 

  72. 

  73.     /* Reset states */
    74. 

  74.     ssl->options.serverState = NULL_STATE;
    75. 

  75.     ssl->options.clientState = NULL_STATE;
    76. 

  76.     ssl->options.connectState = CONNECT_BEGIN;
    77. 

  77.     ssl->options.acceptState = ACCEPT_BEGIN;
    78. 

  78.     ssl->options.handShakeState = NULL_STATE;
    79. 

  79.     ssl->msgsReceived.got_client_hello = 0;
    80. 

  80.     ssl->keys.dtls_handshake_number = 0;
    81. 

  81.     ssl->keys.dtls_expected_peer_handshake_number = 0;
    82. 

  82.     ssl->options.clientState = 0;
    83. 

  83.     XMEMSET(ssl->keys.peerSeq->window, 0, sizeof(ssl->keys.peerSeq->window));
    84. 

  84.     XMEMSET(ssl->keys.peerSeq->prevWindow, 0,
    85. 

  85.         sizeof(ssl->keys.peerSeq->prevWindow));
    86. 

  86. }
    87. 

  87. 

  88. #if !defined(NO_WOLFSSL_SERVER)
    89. 

  89. 

  90. #if defined(NO_SHA) && defined(NO_SHA256)
    91. 

  91. #error "DTLS needs either SHA or SHA-256"
    92. 

  92. #endif /* NO_SHA && NO_SHA256 */
    93. 

  93. 

  94. #if !defined(NO_SHA) && defined(NO_SHA256)
    95. 

  95. #define DTLS_COOKIE_TYPE WC_SHA
    96. 

  96. #define DTLS_COOKIE_SZ WC_SHA_DIGEST_SIZE
    97. 

  97. #endif /* !NO_SHA && NO_SHA256 */
    98. 

  98. 

  99. #ifndef NO_SHA256
    100. 

  100. #define DTLS_COOKIE_TYPE WC_SHA256
    101. 

  101. #define DTLS_COOKIE_SZ WC_SHA256_DIGEST_SIZE
    102. 

  102. #endif /* !NO_SHA256 */
    103. 

  103. 

  104. typedef struct WolfSSL_ConstVector {
    105. 

  105.     word32 size;
    106. 

  106.     const byte* elements;
    107. 

  107. } WolfSSL_ConstVector;
    108. 

  108. 

  109. typedef struct WolfSSL_CH {
    110. 

  110.     ProtocolVersion* pv;
    111. 

  111.     const byte* random;
    112. 

  112.     WolfSSL_ConstVector sessionId;
    113. 

  113.     WolfSSL_ConstVector cookie;
    114. 

  114.     WolfSSL_ConstVector cipherSuite;
    115. 

  115.     WolfSSL_ConstVector compression;
    116. 

  116.     WolfSSL_ConstVector extension;
    117. 

  117.     word32 length;
    118. 

  118. } WolfSSL_CH;
    119. 

  119. 

  120. static int ReadVector8(const byte* input, WolfSSL_ConstVector* v)
    121. 

  121. {
    122. 

  122.     v->size = *input;
    123. 

  123.     v->elements = input + OPAQUE8_LEN;
    124. 

  124.     return v->size + OPAQUE8_LEN;
    125. 

  125. }
    126. 

  126. 

  127. static int ReadVector16(const byte* input, WolfSSL_ConstVector* v)
    128. 

  128. {
    129. 

  129.     word16 size16;
    130. 

  130.     ato16(input, &size16);
    131. 

  131.     v->size = (word32)size16;
    132. 

  132.     v->elements = input + OPAQUE16_LEN;
    133. 

  133.     return v->size + OPAQUE16_LEN;
    134. 

  134. }
    135. 

  135. 

  136. static int CreateDtlsCookie(WOLFSSL* ssl, const WolfSSL_CH* ch, byte* cookie)
    137. 

  137. {
    138. 

  138.     Hmac cookieHmac;
    139. 

  139.     int ret;
    140. 

  140. 

  141.     ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
    142. 

  142.     if (ret != 0)
    143. 

  143.         return ret;
    144. 

  144.     ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE,
    145. 

  145.         ssl->buffers.dtlsCookieSecret.buffer,
    146. 

  146.         ssl->buffers.dtlsCookieSecret.length);
    147. 

  147.     if (ret != 0)
    148. 

  148.         goto out;
    149. 

  149.     ret = wc_HmacUpdate(&cookieHmac, (const byte*)ssl->buffers.dtlsCtx.peer.sa,
    150. 

  150.         ssl->buffers.dtlsCtx.peer.sz);
    151. 

  151.     if (ret != 0)
    152. 

  152.         goto out;
    153. 

  153.     ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->pv, OPAQUE16_LEN);
    154. 

  154.     if (ret != 0)
    155. 

  155.         goto out;
    156. 

  156.     ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->random, RAN_LEN);
    157. 

  157.     if (ret != 0)
    158. 

  158.         goto out;
    159. 

  159.     ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->sessionId.elements,
    160. 

  160.         ch->sessionId.size);
    161. 

  161.     if (ret != 0)
    162. 

  162.         goto out;
    163. 

  163.     ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->cipherSuite.elements,
    164. 

  164.         ch->cipherSuite.size);
    165. 

  165.     if (ret != 0)
    166. 

  166.         goto out;
    167. 

  167.     ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->compression.elements,
    168. 

  168.         ch->compression.size);
    169. 

  169.     if (ret != 0)
    170. 

  170.         goto out;
    171. 

  171.     ret = wc_HmacFinal(&cookieHmac, cookie);
    172. 

  172. 

  173. out:
    174. 

  174.     wc_HmacFree(&cookieHmac);
    175. 

  175.     return ret;
    176. 

  176. }
    177. 

  177. 

  178. static int ParseClientHello(const byte* input, word32 helloSz, WolfSSL_CH* ch)
    179. 

  179. {
    180. 

  180.     word32 idx = 0;
    181. 

  181. 

  182.     /* protocol version, random and session id length check */
    183. 

  183.     if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
    184. 

  184.         return BUFFER_ERROR;
    185. 

  185. 

  186.     ch->pv = (ProtocolVersion*)(input + idx);
    187. 

  187.     idx += OPAQUE16_LEN;
    188. 

  188.     ch->random = (byte*)(input + idx);
    189. 

  189.     idx += RAN_LEN;
    190. 

  190.     idx += ReadVector8(input + idx, &ch->sessionId);
    191. 

  191.     if (idx > helloSz - OPAQUE8_LEN)
    192. 

  192.         return BUFFER_ERROR;
    193. 

  193.     idx += ReadVector8(input + idx, &ch->cookie);
    194. 

  194.     if (idx > helloSz - OPAQUE16_LEN)
    195. 

  195.         return BUFFER_ERROR;
    196. 

  196.     idx += ReadVector16(input + idx, &ch->cipherSuite);
    197. 

  197.     if (idx > helloSz - OPAQUE8_LEN)
    198. 

  198.         return BUFFER_ERROR;
    199. 

  199.     idx += ReadVector8(input + idx, &ch->compression);
    200. 

  200.     if (idx > helloSz - OPAQUE16_LEN)
    201. 

  201.         return BUFFER_ERROR;
    202. 

  202.     idx += ReadVector16(input + idx, &ch->extension);
    203. 

  203.     if (idx > helloSz)
    204. 

  204.         return BUFFER_ERROR;
    205. 

  205.     ch->length = idx;
    206. 

  206.     return 0;
    207. 

  207. }
    208. 

  208. 

  209. #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
    210. 

  210. #ifdef HAVE_SESSION_TICKET
    211. 

  211. static int TlsxFindByType(WolfSSL_ConstVector* ret, word16 extType,
    212. 

  212.     WolfSSL_ConstVector exts)
    213. 

  213. {
    214. 

  214.     word32 len, idx = 0;
    215. 

  215.     word16 type;
    216. 

  216.     WolfSSL_ConstVector ext;
    217. 

  217. 

  218.     XMEMSET(ret, 0, sizeof(*ret));
    219. 

  219.     len = exts.size;
    220. 

  220.     /* type + len */
    221. 

  221.     while (len >= OPAQUE16_LEN + OPAQUE16_LEN) {
    222. 

  222.         ato16(exts.elements + idx, &type);
    223. 

  223.         idx += OPAQUE16_LEN;
    224. 

  224.         idx += ReadVector16(exts.elements + idx, &ext);
    225. 

  225.         if (idx > exts.size)
    226. 

  226.             return BUFFER_ERROR;
    227. 

  227.         if (type == extType) {
    228. 

  228.             XMEMCPY(ret, &ext, sizeof(ext));
    229. 

  229.             return 0;
    230. 

  230.         }
    231. 

  231.         len = exts.size - idx;
    232. 

  232.     }
    233. 

  233.     return 0;
    234. 

  234. }
    235. 

  235. 

  236. static int TlsTicketIsValid(WOLFSSL* ssl, WolfSSL_ConstVector exts,
    237. 

  237.     byte* isValid)
    238. 

  238. {
    239. 

  239.     WolfSSL_ConstVector tlsxSessionTicket;
    240. 

  240.     byte tempTicket[SESSION_TICKET_LEN];
    241. 

  241.     InternalTicket* it;
    242. 

  242.     int ret;
    243. 

  243. 

  244.     *isValid = 0;
    245. 

  245.     ret = TlsxFindByType(&tlsxSessionTicket, TLSX_SESSION_TICKET, exts);
    246. 

  246.     if (ret != 0)
    247. 

  247.         return ret;
    248. 

  248.     if (tlsxSessionTicket.size == 0)
    249. 

  249.         return 0;
    250. 

  250.     if (tlsxSessionTicket.size > SESSION_TICKET_LEN)
    251. 

  251.         return 0;
    252. 

  252.     XMEMCPY(tempTicket, tlsxSessionTicket.elements, tlsxSessionTicket.size);
    253. 

  253.     ret = DoDecryptTicket(ssl, tempTicket, (word32)tlsxSessionTicket.size, &it);
    254. 

  254.     if (ret != WOLFSSL_TICKET_RET_OK && ret != WOLFSSL_TICKET_RET_CREATE)
    255. 

  255.         return 0;
    256. 

  256.     ForceZero(it, sizeof(InternalTicket));
    257. 

  257.     *isValid = 1;
    258. 

  258.     return 0;
    259. 

  259. }
    260. 

  260. #endif /* HAVE_SESSION_TICKET */
    261. 

  261. 

  262. static int TlsSessionIdIsValid(WOLFSSL* ssl, WolfSSL_ConstVector sessionID,
    263. 

  263.     byte* isValid)
    264. 

  264. {
    265. 

  265.     WOLFSSL_SESSION* sess;
    266. 

  266.     word32 sessRow;
    267. 

  267.     int ret;
    268. 

  268. 

  269.     *isValid = 0;
    270. 

  270.     if (ssl->options.sessionCacheOff)
    271. 

  271.         return 0;
    272. 

  272.     if (sessionID.size != ID_LEN)
    273. 

  273.         return 0;
    274. 

  274. #ifdef HAVE_EXT_CACHE
    275. 

  275.     {
    276. 

  276. 

  277.         if (ssl->ctx->get_sess_cb != NULL) {
    278. 

  278.             int unused;
    279. 

  279.             sess =
    280. 

  280.                 ssl->ctx->get_sess_cb(ssl, sessionID.elements, ID_LEN, &unused);
    281. 

  281.             if (sess != NULL) {
    282. 

  282.                 *isValid = 1;
    283. 

  283.                 wolfSSL_FreeSession(ssl->ctx, sess);
    284. 

  284.                 return 0;
    285. 

  285.             }
    286. 

  286.         }
    287. 

  287.         if (ssl->ctx->internalCacheLookupOff)
    288. 

  288.             return 0;
    289. 

  289.     }
    290. 

  290. #endif
    291. 

  291.     ret = TlsSessionCacheGetAndLock(sessionID.elements, &sess, &sessRow);
    292. 

  292.     if (ret == 0 && sess != NULL) {
    293. 

  293.         *isValid = 1;
    294. 

  294.         TlsSessionCacheUnlockRow(sessRow);
    295. 

  295.     }
    296. 

  296. 

  297.     return 0;
    298. 

  298. }
    299. 

  299. 

  300. static int TlsResumptionIsValid(WOLFSSL* ssl, WolfSSL_CH* ch, byte* isValid)
    301. 

  301. {
    302. 

  302.     int ret;
    303. 

  303. 

  304.     *isValid = 0;
    305. 

  305. #ifdef HAVE_SESSION_TICKET
    306. 

  306.     ret = TlsTicketIsValid(ssl, ch->extension, isValid);
    307. 

  307.     if (ret != 0)
    308. 

  308.         return ret;
    309. 

  309.     if (*isValid)
    310. 

  310.         return 0;
    311. 

  311. #endif /* HAVE_SESSION_TICKET */
    312. 

  312.     ret = TlsSessionIdIsValid(ssl, ch->sessionId, isValid);
    313. 

  313.     return ret;
    314. 

  314. }
    315. 

  315. #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
    316. 

  316. 

  317. int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    318. 

  318.     word32 helloSz, byte* process)
    319. 

  319. {
    320. 

  320.     byte cookie[DTLS_COOKIE_SZ];
    321. 

  321.     int ret;
    322. 

  322.     WolfSSL_CH ch;
    323. 

  323. 

  324.     *process = 1;
    325. 

  325.     ret = ParseClientHello(input + *inOutIdx, helloSz, &ch);
    326. 

  326.     if (ret != 0)
    327. 

  327.         return ret;
    328. 

  328. 

  329. #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
    330. 

  330.     {
    331. 

  331.         byte isValid = 0;
    332. 

  332.         ret = TlsResumptionIsValid(ssl, &ch, &isValid);
    333. 

  333.         if (ret != 0)
    334. 

  334.             return ret;
    335. 

  335.         if (isValid)
    336. 

  336.             return 0;
    337. 

  337.     }
    338. 

  338. #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
    339. 

  339. 

  340.     ret = CreateDtlsCookie(ssl, &ch, cookie);
    341. 

  341.     if (ret != 0)
    342. 

  342.         return ret;
    343. 

  343.     if (ch.cookie.size != DTLS_COOKIE_SZ ||
    344. 

  344.         XMEMCMP(ch.cookie.elements, cookie, DTLS_COOKIE_SZ) != 0) {
    345. 

  345.         *process = 0;
    346. 

  346.         ret = SendHelloVerifyRequest(ssl, cookie, DTLS_COOKIE_SZ);
    347. 

  347.     }
    348. 

  348. 

  349.     return ret;
    350. 

  350. }
    351. 

  351. #endif /* !defined(NO_WOLFSSL_SERVER) */
    352. 

  352. 

  353. #if defined(WOLFSSL_DTLS_CID)
    354. 

  354. 

  355. typedef struct ConnectionID {
    356. 

  356.     byte length;
    357. 

  357. /* Ignore "nonstandard extension used : zero-sized array in struct/union"
    358. 

  358.  * MSVC warning */
    359. 

  359. #ifdef _MSC_VER
    360. 

  360. #pragma warning(disable: 4200)
    361. 

  361. #endif
    362. 

  362.     byte id[];
    363. 

  363. } ConnectionID;
    364. 

  364. 

  365. typedef struct CIDInfo {
    366. 

  366.     ConnectionID* tx;
    367. 

  367.     ConnectionID* rx;
    368. 

  368.     byte negotiated : 1;
    369. 

  369. } CIDInfo;
    370. 

  370. 

  371. static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
    372. 

  372. {
    373. 

  373.     ConnectionID* ret;
    374. 

  374. 

  375.     ret = (ConnectionID*)XMALLOC(sizeof(ConnectionID) + size, heap,
    376. 

  376.         DYNAMIC_TYPE_TLSX);
    377. 

  377.     if (ret == NULL)
    378. 

  378.         return NULL;
    379. 

  379. 

  380.     ret->length = size;
    381. 

  381.     XMEMCPY(ret->id, cid, size);
    382. 

  382. 

  383.     return ret;
    384. 

  384. }
    385. 

  385. 

  386. static WC_INLINE CIDInfo* DtlsCidGetInfo(WOLFSSL* ssl)
    387. 

  387. {
    388. 

  388.     return ssl->dtlsCidInfo;
    389. 

  389. }
    390. 

  390. 

  391. static int DtlsCidGetSize(WOLFSSL* ssl, unsigned int* size, int rx)
    392. 

  392. {
    393. 

  393.     ConnectionID* id;
    394. 

  394.     CIDInfo* info;
    395. 

  395. 

  396.     if (ssl == NULL || size == NULL)
    397. 

  397.         return BAD_FUNC_ARG;
    398. 

  398. 

  399.     info = DtlsCidGetInfo(ssl);
    400. 

  400.     if (info == NULL)
    401. 

  401.         return WOLFSSL_FAILURE;
    402. 

  402. 

  403.     id = rx ? info->rx : info->tx;
    404. 

  404.     if (id == NULL) {
    405. 

  405.         *size = 0;
    406. 

  406.         return WOLFSSL_SUCCESS;
    407. 

  407.     }
    408. 

  408. 

  409.     *size = id->length;
    410. 

  410.     return WOLFSSL_SUCCESS;
    411. 

  411. }
    412. 

  412. 

  413. static int DtlsCidGet(WOLFSSL* ssl, unsigned char* buf, int bufferSz, int rx)
    414. 

  414. {
    415. 

  415.     ConnectionID* id;
    416. 

  416.     CIDInfo* info;
    417. 

  417. 

  418.     if (ssl == NULL || buf == NULL)
    419. 

  419.         return BAD_FUNC_ARG;
    420. 

  420. 

  421.     info = DtlsCidGetInfo(ssl);
    422. 

  422.     if (info == NULL)
    423. 

  423.         return WOLFSSL_FAILURE;
    424. 

  424. 

  425.     id = rx ? info->rx : info->tx;
    426. 

  426.     if (id == NULL || id->length == 0)
    427. 

  427.         return WOLFSSL_SUCCESS;
    428. 

  428. 

  429.     if (id->length > bufferSz)
    430. 

  430.         return LENGTH_ERROR;
    431. 

  431. 

  432.     XMEMCPY(buf, id->id, id->length);
    433. 

  433.     return WOLFSSL_SUCCESS;
    434. 

  434. }
    435. 

  435. 

  436. static CIDInfo* DtlsCidGetInfoFromExt(byte* ext)
    437. 

  437. {
    438. 

  438.     WOLFSSL** sslPtr;
    439. 

  439.     WOLFSSL* ssl;
    440. 

  440. 

  441.     if (ext == NULL)
    442. 

  442.         return NULL;
    443. 

  443.     sslPtr = (WOLFSSL**)ext;
    444. 

  444.     ssl = *sslPtr;
    445. 

  445.     if (ssl == NULL)
    446. 

  446.         return NULL;
    447. 

  447.     return ssl->dtlsCidInfo;
    448. 

  448. }
    449. 

  449. 

  450. static void DtlsCidUnsetInfoFromExt(byte* ext)
    451. 

  451. {
    452. 

  452.     WOLFSSL** sslPtr;
    453. 

  453.     WOLFSSL* ssl;
    454. 

  454. 

  455.     if (ext == NULL)
    456. 

  456.         return;
    457. 

  457.     sslPtr = (WOLFSSL**)ext;
    458. 

  458.     ssl = *sslPtr;
    459. 

  459.     if (ssl == NULL)
    460. 

  460.         return;
    461. 

  461.     ssl->dtlsCidInfo = NULL;
    462. 

  462. }
    463. 

  463. 

  464. void TLSX_ConnectionID_Free(byte* ext, void* heap)
    465. 

  465. {
    466. 

  466.     CIDInfo* info;
    467. 

  467.     (void)heap;
    468. 

  468. 

  469.     info = DtlsCidGetInfoFromExt(ext);
    470. 

  470.     if (info == NULL)
    471. 

  471.         return;
    472. 

  472.     if (info->rx != NULL)
    473. 

  473.         XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX);
    474. 

  474.     if (info->tx != NULL)
    475. 

  475.         XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX);
    476. 

  476.     XFREE(info, heap, DYNAMIC_TYPE_TLSX);
    477. 

  477.     DtlsCidUnsetInfoFromExt(ext);
    478. 

  478.     XFREE(ext, heap, DYNAMIC_TYPE_TLSX);
    479. 

  479. }
    480. 

  480. 

  481. word16 TLSX_ConnectionID_Write(byte* ext, byte* output)
    482. 

  482. {
    483. 

  483.     CIDInfo* info;
    484. 

  484. 

  485.     info = DtlsCidGetInfoFromExt(ext);
    486. 

  486.     if (info == NULL)
    487. 

  487.         return 0;
    488. 

  488. 

  489.     /* empty CID */
    490. 

  490.     if (info->rx == NULL) {
    491. 

  491.         *output = 0;
    492. 

  492.         return OPAQUE8_LEN;
    493. 

  493.     }
    494. 

  494. 

  495.     *output = info->rx->length;
    496. 

  496.     XMEMCPY(output + OPAQUE8_LEN, info->rx->id, info->rx->length);
    497. 

  497.     return OPAQUE8_LEN + info->rx->length;
    498. 

  498. }
    499. 

  499. 

  500. word16 TLSX_ConnectionID_GetSize(byte* ext)
    501. 

  501. {
    502. 

  502.     CIDInfo* info = DtlsCidGetInfoFromExt(ext);
    503. 

  503.     if (info == NULL)
    504. 

  504.         return 0;
    505. 

  505.     return info->rx == NULL ? OPAQUE8_LEN : OPAQUE8_LEN + info->rx->length;
    506. 

  506. }
    507. 

  507. 

  508. int TLSX_ConnectionID_Use(WOLFSSL* ssl)
    509. 

  509. {
    510. 

  510.     CIDInfo* info;
    511. 

  511.     WOLFSSL** ext;
    512. 

  512.     int ret;
    513. 

  513. 

  514.     ext = (WOLFSSL**)TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
    515. 

  515.     if (ext != NULL)
    516. 

  516.         return 0;
    517. 

  517. 

  518.     info = (CIDInfo*)XMALLOC(sizeof(CIDInfo), ssl->heap, DYNAMIC_TYPE_TLSX);
    519. 

  519.     if (info == NULL)
    520. 

  520.         return MEMORY_ERROR;
    521. 

  521.     ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL**), ssl->heap, DYNAMIC_TYPE_TLSX);
    522. 

  522.     if (ext == NULL) {
    523. 

  523.         XFREE(info, ssl->heap, DYNAMIC_TYPE_TLSX);
    524. 

  524.         return MEMORY_ERROR;
    525. 

  525.     }
    526. 

  526.     XMEMSET(info, 0, sizeof(CIDInfo));
    527. 

  527.     /* CIDInfo needs to be accessed every time we send or receive a record. To
    528. 

  528.      * avoid the cost of the extension lookup save a pointer to the structure
    529. 

  529.      * inside the SSL object itself, and save a pointer to the SSL object in the
    530. 

  530.      * extension. The extension freeing routine uses te pointer to the SSL
    531. 

  531.      * object to find the structure and to set ssl->dtlsCidInfo pointer to NULL
    532. 

  532.      * after freeing the structure. */
    533. 

  533.     ssl->dtlsCidInfo = info;
    534. 

  534.     *ext = ssl;
    535. 

  535.     ret =
    536. 

  536.         TLSX_Push(&ssl->extensions, TLSX_CONNECTION_ID, (void*)ext, ssl->heap);
    537. 

  537.     if (ret != 0) {
    538. 

  538.         XFREE(info, ssl->heap, DYNAMIC_TYPE_TLSX);
    539. 

  539.         XFREE(ext, ssl->heap, DYNAMIC_TYPE_TLSX);
    540. 

  540.         ssl->dtlsCidInfo = NULL;
    541. 

  541.         return ret;
    542. 

  542.     }
    543. 

  543. 

  544.     return 0;
    545. 

  545. }
    546. 

  546. 

  547. int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
    548. 

  548.     byte isRequest)
    549. 

  549. {
    550. 

  550.     ConnectionID* id;
    551. 

  551.     CIDInfo* info;
    552. 

  552.     byte cidSize;
    553. 

  553.     TLSX* ext;
    554. 

  554. 

  555.     ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
    556. 

  556.     if (ext == NULL) {
    557. 

  557.         /* CID not enabled */
    558. 

  558.         if (isRequest) {
    559. 

  559.             WOLFSSL_MSG("Received CID ext but it's not enabled, ignoring");
    560. 

  560.             return 0;
    561. 

  561.         }
    562. 

  562.         else {
    563. 

  563.             WOLFSSL_MSG("CID ext not requested by the Client, aborting");
    564. 

  564.             return UNSUPPORTED_EXTENSION;
    565. 

  565.         }
    566. 

  566.     }
    567. 

  567. 

  568.     info = DtlsCidGetInfo(ssl);
    569. 

  569.     if (info == NULL)
    570. 

  570.         return BAD_STATE_E;
    571. 

  571. 

  572.     /* it may happen if we process two ClientHello because the server sent an
    573. 

  573.      * HRR request */
    574. 

  574.     if (info->tx != NULL) {
    575. 

  575.         if (ssl->options.side != WOLFSSL_SERVER_END &&
    576. 

  576.             ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
    577. 

  577.             return BAD_STATE_E;
    578. 

  578. 

  579.         XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
    580. 

  580.         info->tx = NULL;
    581. 

  581.     }
    582. 

  582. 

  583.     if (length < OPAQUE8_LEN)
    584. 

  584.         return BUFFER_ERROR;
    585. 

  585. 

  586.     cidSize = *input;
    587. 

  587.     if (cidSize + OPAQUE8_LEN > length)
    588. 

  588.         return BUFFER_ERROR;
    589. 

  589. 

  590.     if (cidSize > 0) {
    591. 

  591.         id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap,
    592. 

  592.             DYNAMIC_TYPE_TLSX);
    593. 

  593.         if (id == NULL)
    594. 

  594.             return MEMORY_ERROR;
    595. 

  595.         XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize);
    596. 

  596.         id->length = cidSize;
    597. 

  597.         info->tx = id;
    598. 

  598.     }
    599. 

  599. 

  600.     info->negotiated = 1;
    601. 

  601.     if (isRequest)
    602. 

  602.         ext->resp = 1;
    603. 

  603. 

  604.     return 0;
    605. 

  605. }
    606. 

  606. 

  607. void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl)
    608. 

  608. {
    609. 

  609.     CIDInfo* info;
    610. 

  610. 

  611.     info = DtlsCidGetInfo(ssl);
    612. 

  612.     if (info == NULL)
    613. 

  613.         return;
    614. 

  614. 

  615.     if (!info->negotiated) {
    616. 

  616.         TLSX_Remove(&ssl->extensions, TLSX_CONNECTION_ID, ssl->heap);
    617. 

  617.         return;
    618. 

  618.     }
    619. 

  619. }
    620. 

  620. 

  621. byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, word16 inputSize)
    622. 

  622. {
    623. 

  623.     CIDInfo* info;
    624. 

  624.     info = DtlsCidGetInfo(ssl);
    625. 

  625.     if (info == NULL || info->rx == NULL || info->rx->length == 0)
    626. 

  626.         return 0;
    627. 

  627.     if (inputSize < info->rx->length)
    628. 

  628.         return 0;
    629. 

  629.     return XMEMCMP(input, info->rx->id, info->rx->length) == 0;
    630. 

  630. }
    631. 

  631. 

  632. int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
    633. 

  633. {
    634. 

  634.     int ret;
    635. 

  635. 

  636.     /* CID is supported on DTLSv1.3 only */
    637. 

  637.     if (!IsAtLeastTLSv1_3(ssl->version))
    638. 

  638.         return WOLFSSL_FAILURE;
    639. 

  639. 

  640.     ssl->options.useDtlsCID = 1;
    641. 

  641.     ret = TLSX_ConnectionID_Use(ssl);
    642. 

  642.     if (ret != 0)
    643. 

  643.         return ret;
    644. 

  644.     return WOLFSSL_SUCCESS;
    645. 

  645. }
    646. 

  646. 

  647. int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl)
    648. 

  648. {
    649. 

  649.     return DtlsCidGetInfo(ssl) != NULL;
    650. 

  650. }
    651. 

  651. 

  652. int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
    653. 

  653. {
    654. 

  654.     ConnectionID* newCid;
    655. 

  655.     CIDInfo* cidInfo;
    656. 

  656. 

  657.     if (!ssl->options.useDtlsCID)
    658. 

  658.         return WOLFSSL_FAILURE;
    659. 

  659. 

  660.     cidInfo = DtlsCidGetInfo(ssl);
    661. 

  661.     if (cidInfo == NULL)
    662. 

  662.         return WOLFSSL_FAILURE;
    663. 

  663. 

  664.     if (cidInfo->rx != NULL) {
    665. 

  665.         XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
    666. 

  666.         cidInfo->rx = NULL;
    667. 

  667.     }
    668. 

  668. 

  669.     /* empty CID */
    670. 

  670.     if (size == 0)
    671. 

  671.         return WOLFSSL_SUCCESS;
    672. 

  672. 

  673.     if (size > DTLS_CID_MAX_SIZE)
    674. 

  674.         return LENGTH_ERROR;
    675. 

  675. 

  676.     newCid = DtlsCidNew(cid, (byte)size, ssl->heap);
    677. 

  677.     if (newCid == NULL)
    678. 

  678.         return MEMORY_ERROR;
    679. 

  679.     cidInfo->rx = newCid;
    680. 

  680.     return WOLFSSL_SUCCESS;
    681. 

  681. }
    682. 

  682. 

  683. int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl, unsigned int* size)
    684. 

  684. {
    685. 

  685.     return DtlsCidGetSize(ssl, size, 1);
    686. 

  686. }
    687. 

  687. 

  688. int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buf,
    689. 

  689.     unsigned int bufferSz)
    690. 

  690. {
    691. 

  691.     return DtlsCidGet(ssl, buf, bufferSz, 1);
    692. 

  692. }
    693. 

  693. 

  694. int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size)
    695. 

  695. {
    696. 

  696.     return DtlsCidGetSize(ssl, size, 0);
    697. 

  697. }
    698. 

  698. 

  699. int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
    700. 

  700.     unsigned int bufferSz)
    701. 

  701. {
    702. 

  702.     return DtlsCidGet(ssl, buf, bufferSz, 0);
    703. 

  703. }
    704. 

  704. 

  705. #endif /* WOLFSSL_DTLS_CID */
    706. 

  706. #endif /* WOLFSSL_DTLS */
    707. 

  707. 

  708. #endif /* WOLFCRYPT_ONLY */
    709.