nx_secure/src/nx_secure_tls_send_clienthello_extensions.c (netxduo)

Outline

...

#define NX_SECURE_SOURCE_CODE

#include "nx_secure_tls.h"

...

_nx_secure_tls_send_clienthello_extensions(NX_SECURE_TLS_SESSION *, UCHAR *, ULONG *, ULONG *, ULONG)

...

_nx_secure_tls_send_clienthello_sig_extension(NX_SECURE_TLS_SESSION *, UCHAR *, ULONG *, USHORT *, ULONG)

_nx_secure_tls_get_signature_algorithm(NX_SECURE_TLS_SESSION *, NX_SECURE_X509_CRYPTO *, USHORT *)

...

_nx_secure_tls_send_clienthello_sni_extension(NX_SECURE_TLS_SESSION *, UCHAR *, ULONG *, USHORT *, ULONG)

...

_nx_secure_tls_send_clienthello_sec_reneg_extension(NX_SECURE_TLS_SESSION *, UCHAR *, ULONG *, USHORT *, ULONG)

...

_nx_secure_tls_send_clienthello_sec_spf_extensions(NX_SECURE_TLS_SESSION *, UCHAR *, ULONG *, USHORT *, ULONG)

Files

SourceVuSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_tls_send_clienthello_extensions.c

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

763

764

765

766

767

768

769

770

771

772

773

774

775

776

777

778

779

780

781

782

783

784

785

786

787

788

789

790

791

792

793

794

795

796

797

798

799

800

801

802

803

804

805

806

807

808

809

810

811

812

813

814

815

816

817

818

819

820

821

822

823

824

825

826

827

828

829

830

831

832

833

834

835

836

837

838

839

840

841

842

843

844

845

846

847

848

849

850

851

852

853

854

855

856

857

858

859

860

861

862

863

864

865

866

867

868

869

870

871

872

873

874

875

876

877

878

879

880

881

882

883

884

885

886

887

888

889

890

891

892

893

894

895

896

897

898

899

900

901

902

903

904

905

906

907

908

909

910

911

912

913

914

915

916

917

918

919

920

921

922

923

924

925

926

927

928

929

930

931

932

933

934

935

936

937

938

939

940

941

942

943

944

945

946

947

948

949

950

951

952

953

954

955

956

957

958

959

960

961

962

963

964

965

966

967

968

969

970

971

972

973

974

975

976

977

978

979

980

981

982

983

984

985

986

987

988

989

990

991

992

993

994

995

996

997

998

999

1000

1001

1002

1003

1004

1005

1006

1007

1008

1009

1010

1011

1012

1013

1014

1015

1016

1017

1018

1019

1020

1021

1022

1023

1024

1025

1026

1027

1028

1029

1030

1031

1032

1033

1034

1035

1036

1037

1038

1039

1040

1041

1042

1043

1044

1045

1046

1047

1048

1049

1050

1051

1052

1053

1054

1055

1056

1057

1058

1059

1060

1061

1062

1063

1064

1065

1066

1067

1068

1069

1070

1071

1072

1073

1074

1075

1076

1077

1078

1079

1080

1081

1082

1083

1084

1085

1086

1087

1088

1089

1090

1091

1092

1093

1094

1095

1096

1097

1098

1099

1100

1101

1102

1103

1104

1105

1106

1107

1108

1109

1110

1111

1112

1113

1114

1115

1116

1117

1118

1119

1120

1121

1122

1123

1124

1125

1126

1127

1128

1129

1130

1131

1132

1133

1134

1135

1136

1137

1138

1139

1140

1141

1142

1143

1144

1145

1146

1147

1148

1149

1150

1151

1152

1153

1154

1155

1156

1157

1158

1159

1160

1161

1162

1163

1164

1165

1166

1167

1168

1169

1170

1171

1172

1173

1174

1175

1176

1177

1178

1179

1180

1181

1182

1183

1184

1185

1186

1187

1188

1189

1190

1191

1192

1193

1194

1195

1196

1197

1198

1199

1200

1201

1202

1203

1204

1205

1206

1207

1208

1209

1210

1211

1212

1213

1214

1215

1216

1217

1218

1219

1220

1221

1222

1223

1224

1225

1226

1227

1228

1229

1230

1231

1232

1233

1234

1235

1236

1237

1238

1239

1240

1241

1242

1243

1244

1245

1246

1247

1248

1249

1250

1251

1252

1253

1254

1255

1256

1257

1258

1259

1260

1261

1262

1263

1264

1265

1266

1267

1268

1269

1270

1271

1272

1273

1274

1275

1276

1277

1278

1279

1280

1281

1282

1283

1284

1285

1286

1287

1288

1289

1290

1291

1292

1293

1294

1295

1296

1297

1298

1299

1300

1301

1302

1303

1304

1305

1306

1307

1308

1309

1310

1311

1312

1313

1314

1315

1316

1317

1318

1319

1320

1321

1322

1323

1324

1325

1326

1327

1328

1329

1330

1331

1332

1333

1334

1335

1336

1337

1338

1339

1340

1341

1342

1343

1344

1345

1346

1347

1348

1349

1350

1351

1352

1353

1354

1355

1356

1357

1358

1359

1360

1361

1362

1363

1364

1365

1366

1367

1368

1369

1370

1371

1372

1373

1374

1375

1376

1377

1378

1379

1380

1381

1382

1383

1384

1385

1386

1387

1388

1389

1390

1391

1392

1393

1394

1395

1396

1397

1398

1399

1400

1401

1402

1403

1404

1405

1406

1407

1408

1409

1410

1411

1412

1413

1414

1415

1416

1417

1418

1419

1420

1421

1422

1423

1424

1425

1426

1427

1428

1429

1430

1431

1432

1433

1434

1435

1436

1437

1438

1439

1440

1441

1442

1443

1444

1445

1446

1447

1448

1449

1450

1451

1452

1453

1454

1455

1456

1457

1458

1459

1460

1461

1462

1463

1464

1465

1466

1467

1468

1469

1470

1471

1472

1473

1474

1475

1476

1477

1478

1479

1480

1481

1482

1483

1484

1485

1486

1487

1488

1489

1490

1491

1492

1493

1494

1495

1496

1497

1498

1499

1500

1501

1502

1503

1504

1505

1506

1507

1508

1509

1510

1511

1512

1513

1514

1515

1516

1517

1518

1519

1520

1521

1522

1523

1524

1525

1526

1527

1528

1529

1530

1531

1532

1533

1534

1535

1536

1537

1538

1539

1540

1541

1542

1543

1544

1545

1546

1547

1548

1549

1550

1551

1552

1553

1554

1555

1556

1557

1558

1559

1560

1561

1562

1563

1564

1565

1566

1567

1568

1569

1570

1571

1572

1573

1574

1575

1576

1577

1578

1579

1580

1581

1582

1583

1584

1585

1586

1587

1588

1589

1590

1591

1592

1593

1594

1595

1596

1597

1598

1599

1600

1601

1602

1603

1604

1605

1606

1607

1608

1609

1610

1611

1612

1613

1614

1615

1616

1617

1618

1619

1620

1621

1622

1623

1624

1625

1626

1627

1628

1629

1630

1631

1632

1633

1634

1635

1636

1637

1638

1639

1640

1641

1642

1643

1644

1645

1646

1647

1648

1649

1650

1651

1652

1653

1654

1655

1656

1657

1658

1659

1660

1661

1662

1663

1664

1665

1666

1667

1668

1669

1670

1671

1672

1673

1674

1675

1676

1677

1678

1679

1680

1681

1682

1683

1684

1685

1686

1687

1688

1689

1690

1691

1692

1693

1694

1695

1696

1697

1698

1699

1700

1701

1702

1703

1704

1705

1706

1707

1708

1709

1710

1711

1712

1713

1714

1715

1716

1717

1718

1719

1720

1721

1722

1723

1724

1725

1726

1727

1728

1729

1730

1731

1732

1733

1734

1735

1736

1737

/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */ /**************************************************************************/ /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** Transport Layer Security (TLS) */ /** */ /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_tls.h" #ifndef NX_SECURE_TLS_CLIENT_DISABLED static VOID _nx_secure_tls_get_signature_algorithm(NX_SECURE_TLS_SESSION *tls_session, NX_SECURE_X509_CRYPTO *crypto_method, USHORT *signature_algorithm); static UINT _nx_secure_tls_send_clienthello_sig_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); static UINT _nx_secure_tls_send_clienthello_sni_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE static UINT _nx_secure_tls_send_clienthello_sec_spf_extensions(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); #endif #if (NX_SECURE_TLS_TLS_1_3_ENABLED) static UINT _nx_secure_tls_send_clienthello_supported_versions_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); static UINT _nx_secure_tls_send_clienthello_key_share_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); static UINT _nx_secure_tls_send_clienthello_psk_kem_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_length, USHORT *extension_length); /* Note: PSK extension generation is called directly, so not static. */ UINT _nx_secure_tls_send_clienthello_psk_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_length, ULONG extension_length_offset, ULONG total_extensions_length, ULONG *extension_length, ULONG available_size); #endif #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION static UINT _nx_secure_tls_send_clienthello_sec_reneg_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size); #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_extensions PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function populates an NX_PACKET with ClientHello extensions, */ /* which provide additional information to the remote host for the */ /* initial handshake negotiations. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet */ /* packet_offset Offset into packet buffer */ /* extensions_length Return total extension length */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* _nx_secure_tls_send_clienthello_sec_reneg_extension */ /* Send ClientHello Renegotiation*/ /* extension */ /* _nx_secure_tls_send_clienthello_sig_extension */ /* Send ClientHello Signature */ /* extension */ /* _nx_secure_tls_send_clienthello_sni_extension */ /* Send ClientHello SNI extension*/ /* _nx_secure_tls_send_clienthello_ec_extension */ /* Send ClientHello EC extension */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello Send TLS ClientHello */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* fixed renegotiation bug, */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ UINT _nx_secure_tls_send_clienthello_extensions(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, ULONG *extensions_length, ULONG available_size) { ULONG length = *packet_offset; USHORT extension_length = 0, total_extensions_length; UINT status; total_extensions_length = 0; #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE status = _nx_secure_tls_send_clienthello_sec_spf_extensions(tls_session, packet_buffer, &length, &extension_length, available_size); total_extensions_length = (USHORT)(total_extensions_length + extension_length); #endif #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION /* We have to add renegotiation extensions in both initial sessions and renegotiating sessions. */ if (tls_session -> nx_secure_tls_renegotation_enabled == NX_TRUE) { status = _nx_secure_tls_send_clienthello_sec_reneg_extension(tls_session, packet_buffer, &length, &extension_length, available_size); if(status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); } #endif /* We can't do TLS 1.3 without ECC. */ #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if(tls_session->nx_secure_tls_1_3) { /* Send supported TLS versions extensions (for TLS 1.3). */ status = _nx_secure_tls_send_clienthello_supported_versions_extension(tls_session, packet_buffer, &length, &extension_length, available_size); if(status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); /* Send KeyShare extension (for TLS 1.3). */ _nx_secure_tls_send_clienthello_key_share_extension(tls_session, packet_buffer, &length, &extension_length, available_size); if(status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); /* Including a "cookie" extension if one was provided in the HelloRetryRequest. */ if ((tls_session -> nx_secure_tls_client_state == NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY) && (tls_session -> nx_secure_tls_cookie_length != 0)) { /* Add Extension Type. */ packet_buffer[length] = (UCHAR)((NX_SECURE_TLS_EXTENSION_COOKIE) >> 8); packet_buffer[length + 1] = (UCHAR)(NX_SECURE_TLS_EXTENSION_COOKIE); length += 2; /* Add Extension Length. */ extension_length = (USHORT)(tls_session -> nx_secure_tls_cookie_length + 2); packet_buffer[length] = (UCHAR)(extension_length >> 8); packet_buffer[length + 1] = (UCHAR)(extension_length); length += 2; /* Add Cookie Length. */ packet_buffer[length] = (UCHAR)(tls_session -> nx_secure_tls_cookie_length >> 8); packet_buffer[length + 1] = (UCHAR)(tls_session -> nx_secure_tls_cookie_length); length += 2; /* Add Cookie. */ NX_SECURE_MEMCPY(&packet_buffer[length], tls_session -> nx_secure_tls_cookie, tls_session -> nx_secure_tls_cookie_length); /* Use case of memcpy is verified. */ length += (tls_session -> nx_secure_tls_cookie_length); /* Update total extensions length and reset the stored cookie length. */ total_extensions_length = (USHORT)(total_extensions_length + extension_length + 4); tls_session -> nx_secure_tls_cookie_length = 0; } } #endif /* RFC 5246 7.4.1.4.1 Signature Algorithm: Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. */ if (tls_session -> nx_secure_tls_protocol_version == NX_SECURE_TLS_VERSION_TLS_1_2) { /* Send the available signature algorithms extension. */ status = _nx_secure_tls_send_clienthello_sig_extension(tls_session, packet_buffer, &length, &extension_length, available_size); if (status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); } #ifndef NX_SECURE_TLS_SNI_EXTENSION_DISABLED /* Send the server name indication extension. */ status = _nx_secure_tls_send_clienthello_sni_extension(tls_session, packet_buffer, &length, &extension_length, available_size); if(status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); #endif #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if(tls_session->nx_secure_tls_1_3 && tls_session->nx_secure_tls_credentials.nx_secure_tls_psk_count > 0) { status = _nx_secure_tls_send_clienthello_psk_kem_extension(tls_session, packet_buffer, &length, &extension_length); if (status != NX_SUCCESS) { return(status); } total_extensions_length = (USHORT)(total_extensions_length + extension_length); } #endif *extensions_length = total_extensions_length; *packet_offset = length; return(NX_SUCCESS); } /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_sig_extension PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Signature Algorithms extension to an */ /* outgoing ClientHello record. See RFC 5246 section 7.4.1.4.1. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ static UINT _nx_secure_tls_send_clienthello_sig_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset, ext_pos; USHORT ext_len, sig_len, sighash_len, ext; UINT i; USHORT signature_algorithm; NX_SECURE_X509_CRYPTO *cipher_table; /* Signature Extensions structure: * | 2 | 2 | 2 | <SigHash Len> | * | Ext Type | Sig Len | SigHash Len | SigHash Algos | * * Each algorithm pair has a hash ID and a public key operation ID represented * by a single octet. Therefore each entry in the list is 2 bytes long. */ if (available_size < (*packet_offset + 6u + (ULONG)(tls_session -> nx_secure_tls_crypto_table -> nx_secure_tls_x509_cipher_table_size << 1))) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Start with our passed-in packet offset. */ offset = *packet_offset; ext_pos = offset; offset += 6; ext_len = sighash_len = 0; cipher_table = tls_session -> nx_secure_tls_crypto_table -> nx_secure_tls_x509_cipher_table; /* Loop the x509 cipher table to add signature algorithms. */ for (i = 0; i < tls_session -> nx_secure_tls_crypto_table -> nx_secure_tls_x509_cipher_table_size; i++) { /* Map crypto method to signature algorithm. */ _nx_secure_tls_get_signature_algorithm(tls_session, &cipher_table[i], &signature_algorithm); if (signature_algorithm == 0) { continue; } packet_buffer[offset] = (UCHAR)((signature_algorithm & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(signature_algorithm & 0x00FF); offset += 2; sighash_len = (USHORT)(sighash_len + 2); } ext = NX_SECURE_TLS_EXTENSION_SIGNATURE_ALGORITHMS; /* Signature algorithms */ ext_len = (USHORT)(ext_len + 2); sig_len = 2; ext_len = (USHORT)(ext_len + 2); sig_len = (USHORT)(sig_len + sighash_len); ext_len = (USHORT)(ext_len + sig_len); packet_buffer[ext_pos] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[ext_pos + 1] = (UCHAR)(ext & 0x00FF); ext_pos += 2; packet_buffer[ext_pos] = (UCHAR)((sig_len & 0xFF00) >> 8); packet_buffer[ext_pos + 1] = (UCHAR)(sig_len & 0x00FF); ext_pos += 2; packet_buffer[ext_pos] = (UCHAR)((sighash_len & 0xFF00) >> 8); packet_buffer[ext_pos + 1] = (UCHAR)(sighash_len & 0x00FF); ext_pos += 2; /* Return our updated packet offset. */ *extension_length = ext_len; *packet_offset = offset; return(NX_SUCCESS); } VOID _nx_secure_tls_get_signature_algorithm(NX_SECURE_TLS_SESSION *tls_session, NX_SECURE_X509_CRYPTO *crypto_method, USHORT *signature_algorithm) { #if (NX_SECURE_TLS_TLS_1_3_ENABLED) UINT j; #endif /* (NX_SECURE_TLS_TLS_1_3_ENABLED) */ USHORT named_curve = 0; UCHAR hash_algo = 0; UCHAR sig_algo = 0; *signature_algorithm = 0; switch (crypto_method -> nx_secure_x509_public_cipher_method -> nx_crypto_algorithm) { case NX_CRYPTO_KEY_EXCHANGE_RSA: sig_algo = NX_SECURE_TLS_SIGNATURE_ALGORITHM_RSA; break; case NX_CRYPTO_DIGITAL_SIGNATURE_DSA: sig_algo = NX_SECURE_TLS_SIGNATURE_ALGORITHM_DSA; break; case NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA: sig_algo = NX_SECURE_TLS_SIGNATURE_ALGORITHM_ECDSA; break; default: return; } switch (crypto_method -> nx_secure_x509_hash_method -> nx_crypto_algorithm) { case NX_CRYPTO_HASH_MD5: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_MD5; break; case NX_CRYPTO_HASH_SHA1: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_SHA1; break; case NX_CRYPTO_HASH_SHA224: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_SHA224; break; case NX_CRYPTO_HASH_SHA256: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_SHA256; named_curve = (USHORT)NX_CRYPTO_EC_SECP256R1; break; case NX_CRYPTO_HASH_SHA384: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_SHA384; named_curve = (USHORT)NX_CRYPTO_EC_SECP384R1; break; case NX_CRYPTO_HASH_SHA512: hash_algo = NX_SECURE_TLS_HASH_ALGORITHM_SHA512; named_curve = (USHORT)NX_CRYPTO_EC_SECP521R1; break; default: return; } #if (NX_SECURE_TLS_TLS_1_3_ENABLED) /* TLS 1.3 deprecates MD5, and SHA-1 is obsolete. Remove them from the signing list. */ if(tls_session -> nx_secure_tls_1_3) { if((hash_algo == NX_SECURE_TLS_HASH_ALGORITHM_MD5) || (hash_algo == NX_SECURE_TLS_HASH_ALGORITHM_SHA1)) { *signature_algorithm = 0; return; } } /* In TLS 1.3, the signing curve is constrained. */ if (tls_session -> nx_secure_tls_1_3 && (named_curve != 0) && (sig_algo == NX_SECURE_TLS_SIGNATURE_ALGORITHM_ECDSA)) { for (j = 0; j < tls_session->nx_secure_tls_ecc.nx_secure_tls_ecc_supported_groups_count; j++) { if (named_curve == tls_session->nx_secure_tls_ecc.nx_secure_tls_ecc_supported_groups[j]) { *signature_algorithm = (USHORT)((hash_algo << 8) + sig_algo); return; } } } else #else NX_PARAMETER_NOT_USED(named_curve); NX_PARAMETER_NOT_USED(tls_session); #endif { *signature_algorithm = (USHORT)((hash_algo << 8) + sig_algo); } } /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_supported_versions_extension */ /* PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Supported Versions extension, added in TLS */ /* v1.3. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #if (NX_SECURE_TLS_TLS_1_3_ENABLED) /* We need to access the supported versions table located in nx_secure_tls_check_protocol_version.c. */ extern const NX_SECURE_VERSIONS_LIST nx_secure_supported_versions_list[]; static UINT _nx_secure_tls_send_clienthello_supported_versions_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset; USHORT ext; UINT data_length; UINT id = NX_SECURE_TLS; USHORT protocol_version; INT i; /* Supported Versions Extension structure: * | 2 | 2 | 1 | <list length> | * | Ext Type | Extension length | List Length | TLS Versions | */ NX_PARAMETER_NOT_USED(tls_session); if (available_size < (*packet_offset + 7u + (nx_secure_supported_versions_list[id].nx_secure_versions_list_count << 1))) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Start with our passed-in packet offset. */ offset = *packet_offset; /* The extension identifier. */ ext = NX_SECURE_TLS_EXTENSION_SUPPORTED_VERSIONS; /* Put the extension ID into the packet. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; /* Fill in the supported versions first. */ offset += 3; data_length = 0; /* Add TLS 1.3 (0x0304) which is not in legacy supported versions list. */ packet_buffer[offset] = (UCHAR)NX_SECURE_TLS_VERSION_MAJOR_3; packet_buffer[offset + 1] = (UCHAR)NX_SECURE_TLS_VERSION_MINOR_1_3; data_length += 2; offset += 2; #ifndef NX_SECURE_TLS_DISABLE_PROTOCOL_VERSION_DOWNGRADE /* Loop through the supported versions to see if the passed-in version is one that is enabled. */ for (i = (INT)(nx_secure_supported_versions_list[id].nx_secure_versions_list_count - 1); i >= 0; --i) { /* See if it is supported. */ if (nx_secure_supported_versions_list[id].nx_secure_versions_list[i].nx_secure_tls_is_supported) { /* Set the version value. */ protocol_version = nx_secure_supported_versions_list[id].nx_secure_versions_list[i].nx_secure_tls_protocol_version; packet_buffer[offset] = (UCHAR)((protocol_version & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(protocol_version & 0x00FF); data_length += 2; offset += 2; } else { break; } } #endif /* NX_SECURE_TLS_DISABLE_PROTOCOL_VERSION_DOWNGRADE */ /* Fill in list length and extension length. */ packet_buffer[*packet_offset + 4] = (UCHAR)(data_length & 0xFF); data_length++; packet_buffer[*packet_offset + 2] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[*packet_offset + 3] = (UCHAR)(data_length & 0x00FF); /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_offset); /* Return our updated packet offset. */ *packet_offset = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_key_share_extension PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Key Share extension, added in TLS */ /* v1.3. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #if (NX_SECURE_TLS_TLS_1_3_ENABLED) static UINT _nx_secure_tls_send_clienthello_key_share_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset; ULONG length_offset; USHORT ext; UINT entry_index; UINT entry_length; UINT key_length; UINT data_length; NX_SECURE_TLS_ECDHE_HANDSHAKE_DATA *ecdhe_data; USHORT named_curve; /* Key Share Extension structure (From TLS 1.3 RFC Draft #28): * struct { * NamedGroup group; * opaque key_exchange<1..2^16-1>; * } KeyShareEntry; * * struct { * KeyShareEntry client_shares<0..2^16-1>; * } KeyShareClientHello; * * Diffie-Hellman [DH] parameters for both clients and servers are * encoded in the opaque key_exchange field of a KeyShareEntry in a * KeyShare structure. The opaque value contains the Diffie-Hellman * public value (Y = g^X mod p) for the specified group (see [RFC7919] * for group definitions) encoded as a big-endian integer and padded to * the left with zeros to the size of p in bytes. * * ECDHE structure for key_exchange (For secp256r1, secp384r1 and secp521r1) * struct { * uint8 legacy_form = 4; * opaque X[coordinate_length]; * opaque Y[coordinate_length]; * } UncompressedPointRepresentation; * * X and Y respectively are the binary representations of the x and y * values in network byte order. There are no internal length markers, * so each number representation occupies as many octets as implied by * the curve parameters. For P-256 this means that each of X and Y use * 32 octets, padded on the left by zeros if necessary. For P-384 they * take 48 octets each, and for P-521 they take 66 octets each. * * The X,Y point is the public key (Q) which is generated using the following: * - The public key to put into the KeyShareEntry.key_exchange * structure is the result of applying the ECDH scalar multiplication * function to the secret key of appropriate length (into scalar * input) and the standard public basepoint (into u-coordinate point * input). * * - The ECDH shared secret is the result of applying the ECDH scalar * multiplication function to the secret key (into scalar input) and * the peer's public key (into u-coordinate point input). The output * is used raw, with no processing. * * NamedGroup examples: secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019) * | <list length> | * | 2 | 2 | <| 2 | 2 | <Key len> |> | * | Ext Type | Extension length | <| Named Group | Key len | key_exchange data |> | */ if (tls_session == NX_NULL) { return(NX_PTR_ERROR); } if (tls_session -> nx_secure_tls_client_state == NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY) { entry_index = tls_session -> nx_secure_tls_key_material.nx_secure_tls_ecc_key_data_selected; } else { /* Select default entry is based on the actual curves we support. */ entry_index = 0; } /* Get the ECDHE structure for our key data. */ ecdhe_data = &tls_session -> nx_secure_tls_key_material.nx_secure_tls_ecc_key_data[entry_index]; /* Get the curve for the key we are sending. */ named_curve = (USHORT)ecdhe_data->nx_secure_tls_ecdhe_named_curve; /* Key length will differ for each curve. For p256, 32 octets per coordinate, plus the "legacy_form" byte. */ key_length = ecdhe_data->nx_secure_tls_ecdhe_public_key_length; if (available_size < (*packet_offset + 10u + key_length)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Start with our passed-in packet offset. */ offset = *packet_offset; /* The extension identifier. */ ext = NX_SECURE_TLS_EXTENSION_KEY_SHARE; /* Put the extension ID into the packet. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; /* Add Total Length (2 bytes) and List length (2 bytes) to packet after we fill in the key data. */ length_offset = offset; data_length = 0; offset += 4; /* Entry is named group(2) + key len(2) + key data(key len). */ entry_length = 2 + 2 + key_length; /* Set the named group. */ packet_buffer[offset] = (UCHAR)((named_curve & 0xFF00) >> 8);; packet_buffer[offset + 1] = (UCHAR)(named_curve & 0x00FF); offset += 2; /* Set the key length. */ packet_buffer[offset] = (UCHAR)((key_length & 0xFF00) >> 8);; packet_buffer[offset + 1] = (UCHAR)(key_length & 0x00FF); offset += 2; /* Set the key data from our already-generated ECC keys. */ NX_SECURE_MEMCPY(&packet_buffer[offset], &tls_session -> nx_secure_tls_key_material.nx_secure_tls_ecc_key_data[entry_index].nx_secure_tls_ecdhe_public_key[0], key_length); /* Use case of memcpy is verified. */ offset += (key_length); /* Get the length of the entire extension. */ data_length = data_length + (UINT)(entry_length); /* Go back and set the total extension length. */ data_length = data_length + 2; packet_buffer[length_offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[length_offset + 1] = (UCHAR)(data_length & 0x00FF); length_offset += 2; data_length = data_length - 2; /* Finally, put the list length into the packet. */ packet_buffer[length_offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[length_offset + 1] = (UCHAR)(data_length & 0x00FF); /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_offset); /* Return our updated packet offset. */ *packet_offset = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_psk_extension PORTABLE C */ /* 6.1.8 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the pre_shared_key extension, added in TLS */ /* v1.3. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_length Length of data in packet */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* resulting in version 6.1 */ /* 08-02-2021 Timothy Stapko Modified comment(s), added */ /* hash clone and cleanup, */ /* resulting in version 6.1.8 */ /* */ /**************************************************************************/ #if (NX_SECURE_TLS_TLS_1_3_ENABLED) UINT _nx_secure_tls_send_clienthello_psk_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_length, ULONG extension_length_offset, ULONG total_extensions_length, ULONG *extension_length, ULONG available_size) { ULONG offset; ULONG length_offset; USHORT ext; UINT i; UINT num_ids; UINT data_length; UINT ids_total; UINT id_len; UINT age; UCHAR *id; UINT binder_len = 0; UCHAR *binder; UINT num_binders; UINT binder_offset; UINT binder_total; UINT status; UINT partial_client_hello_len; NX_SECURE_TLS_PSK_STORE *psk_store; /* Key Share Extension structure (From TLS 1.3 RFC 8446): struct { opaque identity<1..2^16-1>; uint32 obfuscated_ticket_age; } PskIdentity; opaque PskBinderEntry<32..255>; struct { PskIdentity identities<7..2^16-1>; PskBinderEntry binders<33..2^16-1>; } OfferedPsks; struct { select (Handshake.msg_type) { case client_hello: OfferedPsks; case server_hello: uint16 selected_identity; }; } PreSharedKeyExtension; identity: A label for a key. For instance, a ticket (as defined in Appendix B.3.4) or a label for a pre-shared key established externally. obfuscated_ticket_age: An obfuscated version of the age of the key. Section 4.2.11.1 describes how to form this value for identities established via the NewSessionTicket message. For identities established externally, an obfuscated_ticket_age of 0 SHOULD be used, and servers MUST ignore the value. identities: A list of the identities that the client is willing to negotiate with the server. If sent alongside the "early_data" extension (see Section 4.2.10), the first identity is the one used for 0-RTT data. binders: A series of HMAC values, one for each value in the identities list and in the same order, computed as described below. selected_identity: The server's chosen identity expressed as a (0-based) index into the identities in the client's list. ClientHello extension layout: | 2 | 2 | 2 | <ID list len> | 2 | <binders len> | | Ext Type | Extension length | ID list len | <|<ID len> | ID | age |> | binders len | <len> | binder | */ NX_PARAMETER_NOT_USED(tls_session); /* Start with our passed-in packet offset. */ offset = *packet_length; /* The extension identifier. */ ext = NX_SECURE_TLS_EXTENSION_PRE_SHARED_KEY; if (tls_session == NX_NULL) { return(NX_PTR_ERROR); } if (available_size < (offset + 6u)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Put the extension ID into the packet. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; /* Add Total Length (2 bytes) and List length (2 bytes) to packet after we fill in the key data. */ length_offset = offset; data_length = 4; offset += 4; /* Get our PSK store for easy access. */ psk_store = tls_session->nx_secure_tls_credentials.nx_secure_tls_psk_store; num_ids = tls_session->nx_secure_tls_credentials.nx_secure_tls_psk_count; ids_total = 0; binder_total = 0; /* Loop through all IDs. */ for(i = 0; i < num_ids; ++i) { /* Setup the ID list. */ id_len = psk_store[i].nx_secure_tls_psk_id_size; id = psk_store[i].nx_secure_tls_psk_id; if (available_size < (offset + 6u + id_len)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } packet_buffer[offset] = (UCHAR)((id_len & 0xFF00) >> 8);; packet_buffer[offset + 1] = (UCHAR)(id_len & 0x00FF); offset += 2; /* Put the ID data into our packet. */ NX_SECURE_MEMCPY(&packet_buffer[offset], id, id_len); /* Use case of memcpy is verified. */ offset += (UINT)(id_len); /* Set the obfuscated PSK age. */ age = 0; packet_buffer[offset] = (UCHAR)((age & 0xFF000000) >> 24); packet_buffer[offset + 1] = (UCHAR)((age & 0x00FF0000) >> 16); packet_buffer[offset + 2] = (UCHAR)((age & 0x0000FF00) >> 8); packet_buffer[offset + 3] = (UCHAR) (age & 0x000000FF); offset += 4; /* Update the length with the ID length (id_len), length field (2), and age field (4). */ ids_total = ids_total + (UINT)(id_len + 2 + 4); /* Caclulate the length of the binder list - binder for each PSK + the length field. */ binder_total += (UINT)(1 + binder_len); } /* Put the list length into the packet - the list length is the 16-bit field following the total length field (16-bits). */ packet_buffer[length_offset + 2] = (UCHAR)((ids_total & 0xFF00) >> 8); packet_buffer[length_offset + 3] = (UCHAR)(ids_total & 0x00FF); data_length += ids_total; /* Get the length of the ClientHello to this point, plus the length field that comes next. */ partial_client_hello_len = (UINT)(*packet_length) + data_length + 2; /* Update the total length of the extension with the anticipated size of the binders - this is used in generating the binder hashes. */ // printf(">>>Binder list length: %d\n", binder_total); binder_total = 33; data_length += binder_total; /* Extension length. */ packet_buffer[length_offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[length_offset + 1] = (UCHAR)(data_length & 0x00FF); /* IMPORTANT: We also need to update the total extensions length field using the passed-in parameters. Failure to to so will invalidate the transcript hash we do next. */ total_extensions_length += data_length + 4; packet_buffer[extension_length_offset] = (UCHAR)((total_extensions_length & 0xFF00) >> 8); packet_buffer[extension_length_offset + 1] = (UCHAR)(total_extensions_length & 0x00FF); /* Now calculate the binders for this session. The binder is an HMAC hash of the entire ClientHello * up to and including the pre_shared_key extension with the IDs added above but NOT the binders. * The Length fields for the extension, however, are set to a value that matches the complete extension * with assumed correct binder lengths. * * Binders are calculated using the following (ClientHello1 is the first ClientHello, * and "Truncate" removes the binder data which is being generated): * Transcript-Hash(Truncate(ClientHello1)) * * Each PSK is associated with a single Hash algorithm. For PSKs * established via the ticket mechanism (Section 4.6.1), this is the KDF * Hash algorithm on the connection where the ticket was established. * For externally established PSKs, the Hash algorithm MUST be set when * the PSK is established or default to SHA-256 if no such algorithm is * defined. The server MUST ensure that it selects a compatible PSK * (if any) and cipher suite. */ /* If nx_secure_tls_client_state is IDLE, it means this is ClientHello1, need to initialize the handshake hash. If not, it means this is ClientHello2, need to save the metadata(ClientHello1 and HelloRetryRequest) to sratch buffer. */ if (tls_session -> nx_secure_tls_client_state == NX_SECURE_TLS_CLIENT_STATE_IDLE) { /* Initialize the handshake hash to hash the ClientHello up to now. */ _nx_secure_tls_handshake_hash_init(tls_session); } else { /* Save the handshake hash state. */ NX_SECURE_HASH_METADATA_CLONE(tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_scratch, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata_size); /* Use case of memcpy is verified. */ } /* Hash the ClientHello up to its current point. */ /* The Transcript hash needs to include the handshake record header which means we need to calculate the full length of the expected ClientHello (with expected binder list length) and fill in the header appropriately. */ UCHAR header[] = { 0x01, 0x00, 0x01, 0x30 }; header[2] = (UCHAR)((partial_client_hello_len + binder_total + 2) >> 8); header[3] = (UCHAR)((partial_client_hello_len + binder_total + 2) & 0xFF); _nx_secure_tls_handshake_hash_update(tls_session, header, sizeof(header)); _nx_secure_tls_handshake_hash_update(tls_session, packet_buffer, partial_client_hello_len); /* Save the transcript hash for the ClientHello, which is used in generating the PSK binders. */ status = _nx_secure_tls_1_3_transcript_hash_save(tls_session, NX_SECURE_TLS_TRANSCRIPT_IDX_CLIENTHELLO, NX_FALSE); if (status != NX_SUCCESS) { if (tls_session -> nx_secure_tls_client_state != NX_SECURE_TLS_CLIENT_STATE_IDLE) { NX_SECURE_HASH_CLONE_CLEANUP(tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_scratch, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata_size); } return(status); } /* Restore the original metadata(ClientHello1 and HelloRetryRequest) from scratch buffer. */ if (tls_session -> nx_secure_tls_client_state != NX_SECURE_TLS_CLIENT_STATE_IDLE) { NX_SECURE_HASH_CLONE_CLEANUP(tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata_size); NX_SECURE_HASH_METADATA_CLONE(tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_scratch, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata_size); /* Use case of memcpy is verified. */ NX_SECURE_HASH_CLONE_CLEANUP(tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_scratch, tls_session -> nx_secure_tls_handshake_hash.nx_secure_tls_handshake_hash_sha256_metadata_size); } /* Loop through all IDs and set the binders accordingly. */ for(i = 0; i < num_ids; ++i) { _nx_secure_tls_psk_binder_generate(tls_session, &psk_store[i]); } if (available_size < (offset + 2u)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Now add in the PSK binders. Skip the list length and fill in after. */ binder_offset = offset; offset += 2; binder_total = 0; num_binders = num_ids; for(i = 0; i < num_binders; ++i) { binder_len = psk_store[i].nx_secure_tls_psk_binder_size; binder = psk_store[i].nx_secure_tls_psk_binder; if (available_size < (offset + 1u + binder_len)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Add in the length of the binder. */ packet_buffer[offset] = (UCHAR)(binder_len); offset += (UINT)(1); /* Put the binder data into the packet. */ NX_SECURE_MEMCPY(&packet_buffer[offset], binder, binder_len); /* Use case of memcpy is verified. */ offset += (UINT)(binder_len); /* Update our total with the binder length (binder_len) and length field(1). */ binder_total += (UINT)(1 + binder_len); } /* Binder list length - this was set above, but overwrite it here. */ packet_buffer[binder_offset] = (UCHAR)((binder_total & 0xFF00) >> 8);; packet_buffer[binder_offset + 1] = (UCHAR)(binder_total & 0x00FF); /* Go back and set the total extension length. */ packet_buffer[length_offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[length_offset + 1] = (UCHAR)(data_length & 0x00FF); /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_length); /* Return our updated packet offset. */ *packet_length = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_psk_kem_extension PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the psk_key_exchange_mode extension, added in TLS*/ /* v1.3. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_length Length of data in packet */ /* extension_length Return length of data */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #if (NX_SECURE_TLS_TLS_1_3_ENABLED) static UINT _nx_secure_tls_send_clienthello_psk_kem_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_length, USHORT *extension_length) { ULONG offset; USHORT length; /* PSK Key Exchange Modes Extension structure (From TLS 1.3 RFC 8446): enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; struct { PskKeyExchangeMode ke_modes<1..255>; } PskKeyExchangeModes; psk_ke: PSK-only key establishment. In this mode, the server MUST NOT supply a "key_share" value. psk_dhe_ke: PSK with (EC)DHE key establishment. In this mode, the client and server MUST supply "key_share" values as described in Section 4.2.8. ClientHello extension layout: | 2 | 2 | 1 | <PSK Key Exchange Modes list len> | | Ext Type | Extension length | PSK Key Exchange Modes list len | PSK Key Exchange Modes list | */ NX_PARAMETER_NOT_USED(tls_session); offset = *packet_length; /* Add extension type. */ packet_buffer[offset] = (UCHAR)((NX_SECURE_TLS_EXTENSION_PSK_KEY_EXCHANGE_MODES) >> 8); packet_buffer[offset + 1] = (UCHAR)(NX_SECURE_TLS_EXTENSION_PSK_KEY_EXCHANGE_MODES); offset += 2; /* Add extension length. */ length = 3; packet_buffer[offset] = (UCHAR)(length >> 8); packet_buffer[offset + 1] = (UCHAR)(length); offset += 2; /* Add PSK Key Exchange Modes Length. */ packet_buffer[offset++] = 2; /* Add PSK Key Exchange Mode. */ /* psk_ke : 0, psk_dhe_ke : 1. */ packet_buffer[offset++] = 1; packet_buffer[offset++] = 0; /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_length); /* Return our updated packet offset. */ *packet_length = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_sni_extension PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Server Name Indication extension to an */ /* outgoing ClientHello record if a server name has been set by the */ /* application. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #ifndef NX_SECURE_TLS_SNI_EXTENSION_DISABLED static UINT _nx_secure_tls_send_clienthello_sni_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset; USHORT ext; UINT data_length; /* Server Name Indication Extension structure: * | 2 | 2 | 1 | 2 | <name length> | * | Ext Type | list length | name type | name length | Host name string | */ /* From RFC 6066: struct { NameType name_type; select (name_type) { case host_name: HostName; } name; } ServerName; enum { host_name(0), (255) } NameType; opaque HostName<1..2^16-1>; struct { ServerName server_name_list<1..2^16-1> } ServerNameList; The contents of this extension are specified as follows. - The ServerNameList MUST NOT contain more than one name of the same name_type. - Currently, the only server names supported are DNS hostnames. */ /* If there is no SNI server name, just return. */ if (tls_session -> nx_secure_tls_sni_extension_server_name == NX_NULL) { *extension_length = 0; return(NX_SUCCESS); } /* Start with our passed-in packet offset. */ offset = *packet_offset; if (available_size < (offset + 9u + tls_session -> nx_secure_tls_sni_extension_server_name -> nx_secure_x509_dns_name_length)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* The extension identifier. */ ext = NX_SECURE_TLS_EXTENSION_SERVER_NAME_INDICATION; /* Put the extension ID into the packet. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; /* Get the length of the entire extension. In this case it is a single name entry. Add 2 for the list length, plus 1 for the name_type field and 2 for the name length field (name type and length would be duplicated for all entries). */ data_length = (UINT)(tls_session -> nx_secure_tls_sni_extension_server_name -> nx_secure_x509_dns_name_length + 5); /* Set the total extension length. */ packet_buffer[offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(data_length & 0x00FF); offset += 2; data_length -= 2; /* Remove list length. */ /* Set the name list length. */ packet_buffer[offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(data_length & 0x00FF); offset += 2; data_length -= 3; /* Remove name type and name length. */ /* Set the name type. */ packet_buffer[offset] = NX_SECURE_TLS_SNI_NAME_TYPE_DNS; offset++; /* Set the name length. */ packet_buffer[offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(data_length & 0x00FF); offset += 2; /* Write the name into the packet. */ NX_SECURE_MEMCPY(&packet_buffer[offset], tls_session -> nx_secure_tls_sni_extension_server_name -> nx_secure_x509_dns_name, data_length); /* Use case of memcpy is verified. */ offset += data_length; /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_offset); /* Return our updated packet offset. */ *packet_offset = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_sec_reneg_extension PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Secure Renegotiation Indication extension */ /* to an outgoing ClientHello record if the ClientHello is part of a */ /* renegotiation handshake (the extension should be empty for the */ /* initial handshake. See RFC 5746 for more information. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* fixed renegotiation bug, */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION static UINT _nx_secure_tls_send_clienthello_sec_reneg_extension(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset; USHORT ext; UINT data_length; /* Secure Renegotiation Indication Extensions structure: * | 2 | 12 | * | Ext Type | client_verify_data | */ /* From RFC 5746: struct { opaque renegotiated_connection<0..255>; } RenegotiationInfo; The contents of this extension are specified as follows. - If this is the initial handshake for a connection, then the "renegotiated_connection" field is of zero length in both the ClientHello and the ServerHello. Thus, the entire encoding of the extension is ff 01 00 01 00. The first two octets represent the extension type, the third and fourth octets the length of the extension itself, and the final octet the zero length byte for the "renegotiated_connection" field. - For ClientHellos that are renegotiating, this field contains the "client_verify_data" specified in Section 3.1. - For ServerHellos that are renegotiating, this field contains the concatenation of client_verify_data and server_verify_data. For current versions of TLS, this will be a 24-byte value (for SSLv3, it will be a 72-byte value). */ #ifdef NX_SECURE_TLS_USE_SCSV_CIPHPERSUITE /* If we are using the SCSV ciphersuite for TLS 1.0 compatibility and the session is not yet active (first handshake, not a renegotiation), then don't send the empty extension below, just return with no offset adjustments. */ if (!tls_session -> nx_secure_tls_local_session_active) { *extension_length = 0; return(NX_SUCCESS); } #endif /* Start with our passed-in packet offset. */ offset = *packet_offset; if (available_size < (offset + 2u)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* The extension identifier. */ ext = NX_SECURE_TLS_EXTENSION_SECURE_RENEGOTIATION; /* Put the extension ID into the packet. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; if (!tls_session -> nx_secure_tls_local_session_active) { /* The extension has zero data because this is an initial handshake. Send the encoded extension as documented in the RFC. */ if (available_size < (offset + 3u)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Fill in the length of current extension. */ packet_buffer[offset] = 0x00; packet_buffer[offset + 1] = 0x01; /* Fill in the length of renegotiated connection field. */ packet_buffer[offset + 2] = 0x00; offset += 3; } else { /* Fill in the length of current extension. */ if (available_size < (offset + 3u + NX_SECURE_TLS_FINISHED_HASH_SIZE)) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } data_length = NX_SECURE_TLS_FINISHED_HASH_SIZE + 1; packet_buffer[offset] = (UCHAR)((data_length & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(data_length & 0x00FF); offset += 2; /* The extension actually has a second length field of 1 byte that needs to be populated. */ /* Fill in the length of renegotiated connection field. */ packet_buffer[offset] = (UCHAR)(NX_SECURE_TLS_FINISHED_HASH_SIZE & 0x00FF); offset++; /* Copy the verify data into the packet. */ NX_SECURE_MEMCPY(&packet_buffer[offset], tls_session -> nx_secure_tls_local_verify_data, NX_SECURE_TLS_FINISHED_HASH_SIZE); /* Use case of memcpy is verified. */ offset += NX_SECURE_TLS_FINISHED_HASH_SIZE; } /* Return the amount of data we wrote. */ *extension_length = (USHORT)(offset - *packet_offset); /* Return our updated packet offset. */ *packet_offset = offset; return(NX_SUCCESS); } #endif /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_clienthello_sec_spf_extensions PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function adds the Supported Elliptic Curves extension and the */ /* Supported Point Formats extension to an outgoing ClientHello */ /* record. See RFC 4492 section 5.1. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Outgoing TLS packet buffer */ /* packet_offset Offset into packet buffer */ /* extension_length Return length of data */ /* available_size Available size of buffer */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* None */ /* */ /* CALLED BY */ /* */ /* _nx_secure_tls_send_clienthello_extensions */ /* Send TLS ClientHello extension*/ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* */ /**************************************************************************/ #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE static UINT _nx_secure_tls_send_clienthello_sec_spf_extensions(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, ULONG *packet_offset, USHORT *extension_length, ULONG available_size) { ULONG offset; USHORT ext_len, list_len, ext, i; NX_SECURE_TLS_ECC *ecc_info; ecc_info = &(tls_session -> nx_secure_tls_ecc); if (ecc_info -> nx_secure_tls_ecc_supported_groups_count == 0) { *extension_length = 0; return(NX_SUCCESS); } /* Start with our passed-in packet offset. */ offset = *packet_offset; if (available_size < (offset + 12u + (ULONG)(ecc_info -> nx_secure_tls_ecc_supported_groups_count << 1))) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); } /* Supported Elliptic Curves Extension. */ ext = NX_SECURE_TLS_EXTENSION_EC_GROUPS; /* Supported Groups */ list_len = (USHORT)(ecc_info -> nx_secure_tls_ecc_supported_groups_count * sizeof(USHORT)); ext_len = (USHORT)(list_len + 2); packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; packet_buffer[offset] = (UCHAR)((ext_len & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext_len & 0x00FF); offset += 2; packet_buffer[offset] = (UCHAR)((list_len & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(list_len & 0x00FF); offset += 2; for (i = 0; i < ecc_info -> nx_secure_tls_ecc_supported_groups_count; i++) { packet_buffer[offset] = (UCHAR)((ecc_info -> nx_secure_tls_ecc_supported_groups[i] & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ecc_info -> nx_secure_tls_ecc_supported_groups[i] & 0x00FF); offset += 2; } /* ec_point_formats Extension. */ ext = NX_SECURE_TLS_EXTENSION_EC_POINT_FORMATS; ext_len = 2; /* ec_point_formats Length: 2. */ packet_buffer[offset] = (UCHAR)((ext & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext & 0x00FF); offset += 2; packet_buffer[offset] = (UCHAR)((ext_len & 0xFF00) >> 8); packet_buffer[offset + 1] = (UCHAR)(ext_len & 0x00FF); offset += 2; packet_buffer[offset] = 1; offset += 1; packet_buffer[offset] = 0; offset += 1; /* Return our updated packet offset. */ *extension_length = (USHORT)(offset - *packet_offset); *packet_offset = offset; return(NX_SUCCESS); } #endif /* NX_SECURE_ENABLE_ECC_CIPHERSUITE */ #endif /* NX_SECURE_TLS_CLIENT_DISABLED */

Details