Add TLS-SRP (RFC 5054) support

net/third_party/nss/ssl/ssl3ext.c

 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 60 matching lines @@
     PRInt32 lenSize);
 static SECStatus ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss,
     PK11SymKey **aes_key, PK11SymKey **mac_key);
 static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
     PRUint32 *aes_key_length, const unsigned char **mac_key,
     PRUint32 *mac_key_length);
 static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
     PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, 
     PRUint16 ex_type, SECItem *data);
+static SECStatus ssl3_HandleSRPHelloXtn(sslSocket *ss, PRUint16 ext,
+    SECItem *data);
+PRInt32 ssl3_SendSRPHelloXtn(sslSocket * ss, PRBool append,
+    PRUint32 maxBytes);
+
 
 /*
  * Write bytes.  Using this function means the SECItem structure
  * cannot be freed.  The caller is expected to call this function
  * on a shallow copy of the structure.
  */
 static SECStatus
 ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
 {
     if (bytes > item->len)
@@ skipping 156 matching lines @@
     { ssl_session_ticket_xtn,     &ssl3_ClientHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_neg_xtn,     &ssl3_ClientHandleNextProtoNegoXtn },
     { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
     { ssl_snap_start_xtn,         &ssl3_ClientHandleSnapStartXtn },
     { -1, NULL }
 };
 
 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+    { ssl_srp_hello_xtn,          &ssl3_HandleSRPHelloXtn },
     { -1, NULL }
 };
 
 /* Tables of functions to format TLS hello extensions, one function per
  * extension.
  * These static tables are for the formatting of client hello extensions.
  * The server's table of hello senders is dynamic, in the socket struct,
  * and sender functions are registered there.
  */
 static const 
 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
     { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
 #ifdef NSS_ENABLE_ECC
     { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
     { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
 #endif
     { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
+    { ssl_srp_hello_xtn,          &ssl3_SendSRPHelloXtn },
     { ssl_next_proto_neg_xtn,     &ssl3_ClientSendNextProtoNegoXtn },
     { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
     { ssl_snap_start_xtn,         &ssl3_SendSnapStartXtn }
     /* NOTE: The Snap Start sender MUST be the last extension in the list. */
     /* any extra entries will appear as { 0, NULL }    */
 };
 
 static const 
 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
@@ skipping 1428 matching lines @@
     ss->peerRequestedProtection = 1;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     if (ss->sec.isServer) {
         /* prepare to send back the appropriate response */
         rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
                                              ssl3_SendRenegotiationInfoXtn);
     }
     return rv;
 }
 
+/* send user mapping indication using info from ss->sec.userlogin
+ * called from ssl3_CallHelloExtensionSenders */
+PRInt32
+ssl3_SendSRPHelloXtn(sslSocket * ss, PRBool append,
+                                         PRUint32 maxBytes)
+{
+    SECItem     * user = ss->sec.userName;
+ 
+    if (user == NULL)
+        return 0; /* no credentials, no extension */
+
+    if (append && maxBytes >= user->len + 5) {
+        SECStatus rv;
+        /* extension_type 6 */
+        rv = ssl3_AppendHandshakeNumber(ss, 12, 2);
+        if (rv != SECSuccess) return 0;
+        /* length of extension */
+        rv = ssl3_AppendHandshakeNumber(ss, user->len + 1, 2);
+        if (rv != SECSuccess) return 0;
+        /* length of data */
+        rv = ssl3_AppendHandshakeNumber(ss, user->len, 1);
+        if (rv != SECSuccess) return 0;
+        /* extension_data = srp user name */
+        rv = ssl3_AppendHandshake(ss, user->data, user->len);
+        if (rv != SECSuccess) return 0;
+    }
+    return user->len+5;
+}
+
+SECStatus
+ssl3_HandleSRPHelloXtn(sslSocket *ss, PRUint16 ext, SECItem *data)
+{
+    SECStatus       rv;
+    SECItem         username;
+    
+        rv = ssl3_ConsumeHandshakeVariable(ss, &username, 1, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return rv;
+
+    /* enforce SRP username length constrain */
+    if (data->len > MAX_SRP_USERNAME_LENGTH)
+        data->len = MAX_SRP_USERNAME_LENGTH;
+    
+    ss->sec.userName = PORT_ZAlloc(sizeof(SECItem));
+    if (!ss->sec.userName)
+        goto no_memory;
+
+    rv = SECITEM_CopyItem(NULL, ss->sec.userName, &username);
+    if (rv != SECSuccess)
+        goto no_memory;
+
+        return rv;
+no_memory:
+    ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+    return SECFailure;
+}