search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected typos
[gnutls.git] / lib / gnutls_extensions.c
blob28a852b7d238ebb9ca3763de52c790408fbb348d
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos, Simon Josefsson
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* Functions that relate to the TLS hello extension parsing.
24 * Hello extensions are packets appended in the TLS hello packet, and
25 * allow for extra functionality.
26 */
27
28 #include "gnutls_int.h"
29 #include "gnutls_extensions.h"
30 #include "gnutls_errors.h"
31 #include "ext/max_record.h"
32 #include <ext/cert_type.h>
33 #include <ext/server_name.h>
34 #include <ext/srp.h>
35 #include <ext/heartbeat.h>
36 #include <ext/session_ticket.h>
37 #include <ext/safe_renegotiation.h>
38 #include <ext/signature.h>
39 #include <ext/safe_renegotiation.h>
40 #include <ext/ecc.h>
41 #include <ext/status_request.h>
42 #include <ext/srtp.h>
43 #include <gnutls_num.h>
44
45
46 static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
47 uint16_t type);
48
49
50 static size_t extfunc_size = 0;
51 static extension_entry_st *extfunc = NULL;
52
53 static gnutls_ext_parse_type_t
54 _gnutls_ext_parse_type (uint16_t type)
55 {
56 size_t i;
57
58 for (i = 0; i < extfunc_size; i++)
59 {
60 if (extfunc[i].type == type)
61 return extfunc[i].parse_type;
62 }
63
64 return GNUTLS_EXT_NONE;
65 }
66
67 static gnutls_ext_recv_func
68 _gnutls_ext_func_recv (uint16_t type, gnutls_ext_parse_type_t parse_type)
69 {
70 size_t i;
71
72 for (i = 0; i < extfunc_size; i++)
73 if (extfunc[i].type == type)
74 if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type)
75 return extfunc[i].recv_func;
76
77 return NULL;
78 }
79
80 static gnutls_ext_deinit_data_func
81 _gnutls_ext_func_deinit (uint16_t type)
82 {
83 size_t i;
84
85 for (i = 0; i < extfunc_size; i++)
86 if (extfunc[i].type == type)
87 return extfunc[i].deinit_func;
88
89 return NULL;
90 }
91
92 static gnutls_ext_unpack_func
93 _gnutls_ext_func_unpack (uint16_t type)
94 {
95 size_t i;
96
97 for (i = 0; i < extfunc_size; i++)
98 if (extfunc[i].type == type)
99 return extfunc[i].unpack_func;
100
101 return NULL;
102 }
103
104
105 static const char *
106 _gnutls_extension_get_name (uint16_t type)
107 {
108 size_t i;
109
110 for (i = 0; i < extfunc_size; i++)
111 if (extfunc[i].type == type)
112 return extfunc[i].name;
113
114 return NULL;
115 }
116
117 /* Checks if the extension we just received is one of the
118 * requested ones. Otherwise it's a fatal error.
119 */
120 static int
121 _gnutls_extension_list_check (gnutls_session_t session, uint16_t type)
122 {
123 if (session->security_parameters.entity == GNUTLS_CLIENT)
124 {
125 int i;
126
127 for (i = 0; i < session->internals.extensions_sent_size; i++)
128 {
129 if (type == session->internals.extensions_sent[i])
130 return 0; /* ok found */
131 }
132
133 return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
134 }
135
136 return 0;
137 }
138
139 int
140 _gnutls_parse_extensions (gnutls_session_t session,
141 gnutls_ext_parse_type_t parse_type,
142 const uint8_t * data, int data_size)
143 {
144 int next, ret;
145 int pos = 0;
146 uint16_t type;
147 const uint8_t *sdata;
148 gnutls_ext_recv_func ext_recv;
149 uint16_t size;
150
151 #ifdef DEBUG
152 int i;
153
154 if (session->security_parameters.entity == GNUTLS_CLIENT)
155 for (i = 0; i < session->internals.extensions_sent_size; i++)
156 {
157 _gnutls_handshake_log ("EXT[%d]: expecting extension '%s'\n",
158 session,
159 _gnutls_extension_get_name
160 (session->internals.extensions_sent[i]));
161 }
162 #endif
163
164 DECR_LENGTH_RET (data_size, 2, 0);
165 next = _gnutls_read_uint16 (data);
166 pos += 2;
167
168 DECR_LENGTH_RET (data_size, next, 0);
169
170 do
171 {
172 DECR_LENGTH_RET (next, 2, 0);
173 type = _gnutls_read_uint16 (&data[pos]);
174 pos += 2;
175
176 if ((ret = _gnutls_extension_list_check (session, type)) < 0)
177 {
178 gnutls_assert ();
179 return ret;
180 }
181
182 DECR_LENGTH_RET (next, 2, 0);
183 size = _gnutls_read_uint16 (&data[pos]);
184 pos += 2;
185
186 DECR_LENGTH_RET (next, size, 0);
187 sdata = &data[pos];
188 pos += size;
189
190 ext_recv = _gnutls_ext_func_recv (type, parse_type);
191 if (ext_recv == NULL)
192 {
193 _gnutls_handshake_log ("EXT[%p]: Found extension '%s/%d'\n", session,
194 _gnutls_extension_get_name (type), type);
195
196 continue;
197 }
198
199 _gnutls_handshake_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
200 session, _gnutls_extension_get_name (type), type,
201 size);
202
203 if ((ret = ext_recv (session, sdata, size)) < 0)
204 {
205 gnutls_assert ();
206 return ret;
207 }
208
209 }
210 while (next > 2);
211
212 return 0;
213
214 }
215
216 /* Adds the extension we want to send in the extensions list.
217 * This list is used to check whether the (later) received
218 * extensions are the ones we requested.
219 */
220 void
221 _gnutls_extension_list_add (gnutls_session_t session, uint16_t type)
222 {
223
224 if (session->security_parameters.entity == GNUTLS_CLIENT)
225 {
226 if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
227 {
228 session->internals.extensions_sent[session->internals.
229 extensions_sent_size] = type;
230 session->internals.extensions_sent_size++;
231 }
232 else
233 {
234 _gnutls_handshake_log ("extensions: Increase MAX_EXT_TYPES\n");
235 }
236 }
237 }
238
239 int
240 _gnutls_gen_extensions (gnutls_session_t session, gnutls_buffer_st * extdata,
241 gnutls_ext_parse_type_t parse_type)
242 {
243 int size;
244 int pos, size_pos, ret;
245 size_t i, init_size = extdata->length;
246
247 pos = extdata->length; /* we will store length later on */
248 _gnutls_buffer_append_prefix( extdata, 16, 0);
249
250 for (i = 0; i < extfunc_size; i++)
251 {
252 extension_entry_st *p = &extfunc[i];
253
254 if (p->send_func == NULL)
255 continue;
256
257 if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
258 continue;
259
260 ret = _gnutls_buffer_append_prefix( extdata, 16, p->type);
261 if (ret < 0)
262 return gnutls_assert_val(ret);
263
264 size_pos = extdata->length;
265 ret = _gnutls_buffer_append_prefix (extdata, 16, 0);
266 if (ret < 0)
267 return gnutls_assert_val(ret);
268
269 size = p->send_func (session, extdata);
270 /* returning GNUTLS_E_INT_RET_0 means to send an empty
271 * extension of this type.
272 */
273 if (size > 0 || size == GNUTLS_E_INT_RET_0)
274 {
275 if (size == GNUTLS_E_INT_RET_0)
276 size = 0;
277
278 /* write the real size */
279 _gnutls_write_uint16(size, &extdata->data[size_pos]);
280
281 /* add this extension to the extension list
282 */
283 _gnutls_extension_list_add (session, p->type);
284
285 _gnutls_handshake_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
286 session, p->name, size);
287 }
288 else if (size < 0)
289 {
290 gnutls_assert ();
291 return size;
292 }
293 else if (size == 0)
294 extdata->length -= 4; /* reset type and size */
295 }
296
297 /* remove any initial data, and the size of the header */
298 size = extdata->length - init_size - 2;
299
300 if ( size > 0)
301 _gnutls_write_uint16(size, &extdata->data[pos]);
302 else if (size == 0) extdata->length -= 2; /* the length bytes */
303
304 return size;
305 }
306
307 int
308 _gnutls_ext_init (void)
309 {
310 int ret;
311
312 ret = _gnutls_ext_register (&ext_mod_max_record_size);
313 if (ret != GNUTLS_E_SUCCESS)
314 return ret;
315
316 ret = _gnutls_ext_register (&ext_mod_status_request);
317 if (ret != GNUTLS_E_SUCCESS)
318 return ret;
319
320 ret = _gnutls_ext_register (&ext_mod_cert_type);
321 if (ret != GNUTLS_E_SUCCESS)
322 return ret;
323
324 ret = _gnutls_ext_register (&ext_mod_server_name);
325 if (ret != GNUTLS_E_SUCCESS)
326 return ret;
327
328 ret = _gnutls_ext_register (&ext_mod_sr);
329 if (ret != GNUTLS_E_SUCCESS)
330 return ret;
331
332 #ifdef ENABLE_SRP
333 ret = _gnutls_ext_register (&ext_mod_srp);
334 if (ret != GNUTLS_E_SUCCESS)
335 return ret;
336 #endif
337
338 ret = _gnutls_ext_register (&ext_mod_heartbeat);
339 if (ret != GNUTLS_E_SUCCESS)
340 return ret;
341
342 ret = _gnutls_ext_register (&ext_mod_session_ticket);
343 if (ret != GNUTLS_E_SUCCESS)
344 return ret;
345
346 ret = _gnutls_ext_register (&ext_mod_supported_ecc);
347 if (ret != GNUTLS_E_SUCCESS)
348 return ret;
349
350 ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
351 if (ret != GNUTLS_E_SUCCESS)
352 return ret;
353
354 ret = _gnutls_ext_register (&ext_mod_sig);
355 if (ret != GNUTLS_E_SUCCESS)
356 return ret;
357
358 ret = _gnutls_ext_register (&ext_mod_srtp);
359 if (ret != GNUTLS_E_SUCCESS)
360 return ret;
361
362 return GNUTLS_E_SUCCESS;
363 }
364
365 void
366 _gnutls_ext_deinit (void)
367 {
368 gnutls_free (extfunc);
369 extfunc = NULL;
370 extfunc_size = 0;
371 }
372
373 int
374 _gnutls_ext_register (extension_entry_st * mod)
375 {
376 extension_entry_st *p;
377
378 p = gnutls_realloc (extfunc, sizeof (*extfunc) * (extfunc_size + 1));
379 if (!p)
380 {
381 gnutls_assert ();
382 return GNUTLS_E_MEMORY_ERROR;
383 }
384
385 extfunc = p;
386
387 memcpy (&extfunc[extfunc_size], mod, sizeof (*mod));
388
389 extfunc_size++;
390
391 return GNUTLS_E_SUCCESS;
392 }
393
394 int
395 _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed)
396 {
397 unsigned int i;
398 int ret;
399 extension_priv_data_t data;
400 int cur_size;
401 int size_offset;
402 int total_exts_pos;
403 int exts = 0;
404
405 total_exts_pos = packed->length;
406 BUFFER_APPEND_NUM (packed, 0);
407
408 for (i = 0; i < extfunc_size; i++)
409 {
410 ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
411 if (ret >= 0 && extfunc[i].pack_func != NULL)
412 {
413 BUFFER_APPEND_NUM (packed, extfunc[i].type);
414
415 size_offset = packed->length;
416 BUFFER_APPEND_NUM (packed, 0);
417
418 cur_size = packed->length;
419
420 ret = extfunc[i].pack_func (data, packed);
421 if (ret < 0)
422 {
423 gnutls_assert ();
424 return ret;
425 }
426
427 exts++;
428 /* write the actual size */
429 _gnutls_write_uint32 (packed->length - cur_size,
430 packed->data + size_offset);
431 }
432 }
433
434 _gnutls_write_uint32 (exts, packed->data + total_exts_pos);
435
436 return 0;
437
438 }
439
440 void
441 _gnutls_ext_restore_resumed_session (gnutls_session_t session)
442 {
443 int i;
444
445
446 /* clear everything except MANDATORY extensions */
447 for (i = 0; i < MAX_EXT_TYPES; i++)
448 {
449 if (session->internals.extension_int_data[i].set != 0 &&
450 _gnutls_ext_parse_type (session->internals.
451 extension_int_data[i].type) !=
452 GNUTLS_EXT_MANDATORY)
453 {
454 _gnutls_ext_unset_session_data (session,
455 session->
456 internals.extension_int_data[i].
457 type);
458 }
459 }
460
461 /* copy resumed to main */
462 for (i = 0; i < MAX_EXT_TYPES; i++)
463 {
464 if (session->internals.resumed_extension_int_data[i].set != 0 &&
465 _gnutls_ext_parse_type (session->
466 internals.resumed_extension_int_data[i].
467 type) != GNUTLS_EXT_MANDATORY)
468 {
469 _gnutls_ext_set_session_data (session,
470 session->
471 internals.resumed_extension_int_data
472 [i].type,
473 session->
474 internals.resumed_extension_int_data
475 [i].priv);
476 session->internals.resumed_extension_int_data[i].set = 0;
477 }
478 }
479
480 }
481
482
483 static void
484 _gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
485 extension_priv_data_t data)
486 {
487 int i;
488
489 for (i = 0; i < MAX_EXT_TYPES; i++)
490 {
491 if (session->internals.resumed_extension_int_data[i].type == type
492 || session->internals.resumed_extension_int_data[i].set == 0)
493 {
494
495 if (session->internals.resumed_extension_int_data[i].set != 0)
496 _gnutls_ext_unset_resumed_session_data (session, type);
497
498 session->internals.resumed_extension_int_data[i].type = type;
499 session->internals.resumed_extension_int_data[i].priv = data;
500 session->internals.resumed_extension_int_data[i].set = 1;
501 return;
502 }
503 }
504 }
505
506 int
507 _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed)
508 {
509 int i, ret;
510 extension_priv_data_t data;
511 gnutls_ext_unpack_func unpack;
512 int max_exts = 0;
513 uint16_t type;
514 int size_for_type, cur_pos;
515
516
517 BUFFER_POP_NUM (packed, max_exts);
518 for (i = 0; i < max_exts; i++)
519 {
520 BUFFER_POP_NUM (packed, type);
521 BUFFER_POP_NUM (packed, size_for_type);
522
523 cur_pos = packed->length;
524
525 unpack = _gnutls_ext_func_unpack (type);
526 if (unpack == NULL)
527 {
528 gnutls_assert ();
529 return GNUTLS_E_PARSING_ERROR;
530 }
531
532 ret = unpack (packed, &data);
533 if (ret < 0)
534 {
535 gnutls_assert ();
536 return ret;
537 }
538
539 /* verify that unpack read the correct bytes */
540 cur_pos = cur_pos - packed->length;
541 if (cur_pos /* read length */ != size_for_type)
542 {
543 gnutls_assert ();
544 return GNUTLS_E_PARSING_ERROR;
545 }
546
547 _gnutls_ext_set_resumed_session_data (session, type, data);
548 }
549
550 return 0;
551
552 error:
553 return ret;
554 }
555
556 void
557 _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type)
558 {
559 gnutls_ext_deinit_data_func deinit;
560 extension_priv_data_t data;
561 int ret, i;
562
563 deinit = _gnutls_ext_func_deinit (type);
564 ret = _gnutls_ext_get_session_data (session, type, &data);
565
566 if (ret >= 0 && deinit != NULL)
567 {
568 deinit (data);
569 }
570
571 for (i = 0; i < MAX_EXT_TYPES; i++)
572 {
573 if (session->internals.extension_int_data[i].type == type)
574 {
575 session->internals.extension_int_data[i].set = 0;
576 return;
577 }
578 }
579
580 }
581
582 static void
583 _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
584 uint16_t type)
585 {
586 gnutls_ext_deinit_data_func deinit;
587 extension_priv_data_t data;
588 int ret, i;
589
590 deinit = _gnutls_ext_func_deinit (type);
591 ret = _gnutls_ext_get_resumed_session_data (session, type, &data);
592
593 if (ret >= 0 && deinit != NULL)
594 {
595 deinit (data);
596 }
597
598 for (i = 0; i < MAX_EXT_TYPES; i++)
599 {
600 if (session->internals.resumed_extension_int_data[i].type == type)
601 {
602 session->internals.resumed_extension_int_data[i].set = 0;
603 return;
604 }
605 }
606
607 }
608
609 /* Deinitializes all data that are associated with TLS extensions.
610 */
611 void
612 _gnutls_ext_free_session_data (gnutls_session_t session)
613 {
614 unsigned int i;
615
616 for (i = 0; i < extfunc_size; i++)
617 {
618 _gnutls_ext_unset_session_data (session, extfunc[i].type);
619 }
620
621 for (i = 0; i < extfunc_size; i++)
622 {
623 _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type);
624 }
625
626 }
627
628 /* This function allows and extension to store data in the current session
629 * and retrieve them later on. We use functions instead of a pointer to a
630 * private pointer, to allow API additions by individual extensions.
631 */
632 void
633 _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
634 extension_priv_data_t data)
635 {
636 unsigned int i;
637 gnutls_ext_deinit_data_func deinit;
638
639 deinit = _gnutls_ext_func_deinit (type);
640
641 for (i = 0; i < MAX_EXT_TYPES; i++)
642 {
643 if (session->internals.extension_int_data[i].type == type
644 || session->internals.extension_int_data[i].set == 0)
645 {
646 if (session->internals.extension_int_data[i].set != 0)
647 {
648 if (deinit)
649 deinit (session->internals.extension_int_data[i].priv);
650 }
651 session->internals.extension_int_data[i].type = type;
652 session->internals.extension_int_data[i].priv = data;
653 session->internals.extension_int_data[i].set = 1;
654 return;
655 }
656 }
657 }
658
659 int
660 _gnutls_ext_get_session_data (gnutls_session_t session,
661 uint16_t type, extension_priv_data_t * data)
662 {
663 int i;
664
665 for (i = 0; i < MAX_EXT_TYPES; i++)
666 {
667 if (session->internals.extension_int_data[i].set != 0 &&
668 session->internals.extension_int_data[i].type == type)
669 {
670 *data = session->internals.extension_int_data[i].priv;
671 return 0;
672 }
673 }
674 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
675 }
676
677 int
678 _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
679 uint16_t type,
680 extension_priv_data_t * data)
681 {
682 int i;
683
684 for (i = 0; i < MAX_EXT_TYPES; i++)
685 {
686 if (session->internals.resumed_extension_int_data[i].set != 0 &&
687 session->internals.resumed_extension_int_data[i].type == type)
688 {
689 *data = session->internals.resumed_extension_int_data[i].priv;
690 return 0;
691 }
692 }
693 return GNUTLS_E_INVALID_REQUEST;
694 }
Implementation of the SSL/TLS protocol