mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-20 03:44:15 +08:00
Clean TLS code
This commit is contained in:
Zhi Guan
@@ -764,7 +764,7 @@ endif()
|
|||||||
#
|
#
|
||||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1051")
|
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1052")
|
||||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|||||||
@@ -442,16 +442,16 @@ int tls_seq_num_incr(uint8_t seq_num[8]);
|
|||||||
void tls_seq_num_reset(uint8_t seq_num[8]);
|
void tls_seq_num_reset(uint8_t seq_num[8]);
|
||||||
|
|
||||||
int tls_random_generate(uint8_t random[32]);
|
int tls_random_generate(uint8_t random[32]);
|
||||||
int tls_random_print(FILE *fp, const uint8_t random[32], int format, int indent);
|
int tls_random_print(FILE *fp, const uint8_t random[32], int fmt, int ind);
|
||||||
int tls_pre_master_secret_generate(uint8_t pre_master_secret[48], int protocol);
|
int tls_pre_master_secret_generate(uint8_t pre_master_secret[48], int protocol);
|
||||||
int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int format, int indent);
|
int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int fmt, int ind);
|
||||||
|
|
||||||
int tls_secrets_print(FILE *fp,
|
int tls_secrets_print(FILE *fp,
|
||||||
const uint8_t *pre_master_secret, size_t pre_master_secret_len,
|
const uint8_t *pre_master_secret, size_t pre_master_secret_len,
|
||||||
const uint8_t client_random[32], const uint8_t server_random[32],
|
const uint8_t client_random[32], const uint8_t server_random[32],
|
||||||
const uint8_t master_secret[48],
|
const uint8_t master_secret[48],
|
||||||
const uint8_t *key_block, size_t key_block_len,
|
const uint8_t *key_block, size_t key_block_len,
|
||||||
int format, int indent);
|
int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
int tls13_hkdf_extract(const DIGEST *digest, const uint8_t salt[32], const uint8_t in[32], uint8_t out[32]);
|
int tls13_hkdf_extract(const DIGEST *digest, const uint8_t salt[32], const uint8_t in[32], uint8_t out[32]);
|
||||||
@@ -490,12 +490,10 @@ int tls_record_set_protocol(uint8_t *record, int protocol);
|
|||||||
int tls_record_set_data_length(uint8_t *record, size_t length);
|
int tls_record_set_data_length(uint8_t *record, size_t length);
|
||||||
int tls_record_set_data(uint8_t *record, const uint8_t *data, size_t datalen);
|
int tls_record_set_data(uint8_t *record, const uint8_t *data, size_t datalen);
|
||||||
|
|
||||||
|
int tls_record_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
// parse ServerKeyExchange, ClientKeyExchange depends on current cipher_suite
|
const uint8_t *record, size_t recordlen);
|
||||||
#define tls_format_set_cipher_suite(fmt,cipher) do {(fmt)|=((cipher)<<8);} while (0)
|
int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int fmt, int ind);
|
||||||
int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent);
|
int tlcp_record_print(FILE *fp, int fmt, int ind, const uint8_t *record, size_t recordlen);
|
||||||
int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent);
|
|
||||||
int tlcp_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen);
|
|
||||||
|
|
||||||
int tls_record_send(const uint8_t *record, size_t recordlen, tls_socket_t sock);
|
int tls_record_send(const uint8_t *record, size_t recordlen, tls_socket_t sock);
|
||||||
int tls_record_recv(uint8_t *record, size_t *recordlen, tls_socket_t sock);
|
int tls_record_recv(uint8_t *record, size_t *recordlen, tls_socket_t sock);
|
||||||
@@ -522,7 +520,8 @@ int tls_record_set_handshake(uint8_t *record, size_t *recordlen,
|
|||||||
int type, const uint8_t *data, size_t datalen);
|
int type, const uint8_t *data, size_t datalen);
|
||||||
int tls_record_get_handshake(const uint8_t *record,
|
int tls_record_get_handshake(const uint8_t *record,
|
||||||
int *type, const uint8_t **data, size_t *datalen);
|
int *type, const uint8_t **data, size_t *datalen);
|
||||||
int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent);
|
int tls_handshake_print(FILE *fp, int fmt, int ind, int protocol, int cipher_suite,
|
||||||
|
const uint8_t *handshake, size_t handshake_len);
|
||||||
|
|
||||||
|
|
||||||
// Alert
|
// Alert
|
||||||
@@ -535,7 +534,7 @@ typedef struct {
|
|||||||
|
|
||||||
int tls_record_set_alert(uint8_t *record, size_t *recordlen, int alert_level, int alert_description);
|
int tls_record_set_alert(uint8_t *record, size_t *recordlen, int alert_level, int alert_description);
|
||||||
int tls_record_get_alert(const uint8_t *record, int *alert_level, int *alert_description);
|
int tls_record_get_alert(const uint8_t *record, int *alert_level, int *alert_description);
|
||||||
int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
// ChangeCipherSpec
|
// ChangeCipherSpec
|
||||||
@@ -545,7 +544,7 @@ typedef struct {
|
|||||||
} TLS_CHANGE_CIPHER_SPEC;
|
} TLS_CHANGE_CIPHER_SPEC;
|
||||||
|
|
||||||
const char *tls_change_cipher_spec_text(int change_cipher_spec);
|
const char *tls_change_cipher_spec_text(int change_cipher_spec);
|
||||||
int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
int tls_record_set_change_cipher_spec(uint8_t *record, size_t *recordlen);
|
int tls_record_set_change_cipher_spec(uint8_t *record, size_t *recordlen);
|
||||||
int tls_record_get_change_cipher_spec(const uint8_t *record);
|
int tls_record_get_change_cipher_spec(const uint8_t *record);
|
||||||
|
|
||||||
@@ -556,13 +555,13 @@ int tls_record_set_application_data(uint8_t *record, size_t *recordlen,
|
|||||||
const uint8_t *data, size_t datalen);
|
const uint8_t *data, size_t datalen);
|
||||||
int tls_record_get_application_data(uint8_t *record,
|
int tls_record_get_application_data(uint8_t *record,
|
||||||
const uint8_t **data, size_t *datalen);
|
const uint8_t **data, size_t *datalen);
|
||||||
int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
// Handshakes
|
// Handshakes
|
||||||
|
|
||||||
// HelloRequest
|
// HelloRequest
|
||||||
int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
// ClientHello, ServerHello
|
// ClientHello, ServerHello
|
||||||
@@ -581,7 +580,7 @@ int tls_record_get_handshake_client_hello(const uint8_t *record,
|
|||||||
const uint8_t **session_id, size_t *session_id_len,
|
const uint8_t **session_id, size_t *session_id_len,
|
||||||
const uint8_t **cipher_suites, size_t *cipher_suites_len,
|
const uint8_t **cipher_suites, size_t *cipher_suites_len,
|
||||||
const uint8_t **exts, size_t *exts_len);
|
const uint8_t **exts, size_t *exts_len);
|
||||||
int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
// ServerHello
|
// ServerHello
|
||||||
@@ -592,13 +591,15 @@ int tls_record_set_handshake_server_hello(uint8_t *record, size_t *recordlen,
|
|||||||
int tls_record_get_handshake_server_hello(const uint8_t *record,
|
int tls_record_get_handshake_server_hello(const uint8_t *record,
|
||||||
int *protocol, const uint8_t **random, const uint8_t **session_id, size_t *session_id_len,
|
int *protocol, const uint8_t **random, const uint8_t **session_id, size_t *session_id_len,
|
||||||
int *cipher_suite, const uint8_t **exts, size_t *exts_len);
|
int *cipher_suite, const uint8_t **exts, size_t *exts_len);
|
||||||
int tls_server_hello_print(FILE *fp, const uint8_t *server_hello, size_t len, int format, int indent);
|
int tls_server_hello_print(FILE *fp, const uint8_t *server_hello, size_t len, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen);
|
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen);
|
||||||
|
int tls_extension_print(FILE *fp, int fmt, int ind, int handshake_type, int ext_type,
|
||||||
|
const uint8_t *ext_data, size_t ext_datalen);
|
||||||
|
|
||||||
int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen);
|
int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen);
|
||||||
int tls_process_server_exts(const uint8_t *exts, size_t extslen,
|
int tls_process_server_exts(const uint8_t *exts, size_t extslen,
|
||||||
@@ -628,7 +629,8 @@ int tls_server_ecdh_params_from_bytes(int *key_exchange_group,
|
|||||||
const uint8_t **key_exchange, size_t *key_exchange_len,
|
const uint8_t **key_exchange, size_t *key_exchange_len,
|
||||||
const uint8_t **in, size_t *inlen);
|
const uint8_t **in, size_t *inlen);
|
||||||
|
|
||||||
int tls_server_key_exchange_print(FILE *fp, const uint8_t *ske, size_t skelen, int format, int indent);
|
int tls_server_key_exchange_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
|
const uint8_t *ske, size_t skelen);
|
||||||
|
|
||||||
#define TLS_MAX_SIGNATURE_SIZE SM2_MAX_SIGNATURE_SIZE
|
#define TLS_MAX_SIGNATURE_SIZE SM2_MAX_SIGNATURE_SIZE
|
||||||
int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
|
int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
|
||||||
@@ -655,7 +657,7 @@ int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *
|
|||||||
int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
|
int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
|
||||||
int *curve, SM2_Z256_POINT *point, const uint8_t **sig, size_t *siglen);
|
int *curve, SM2_Z256_POINT *point, const uint8_t **sig, size_t *siglen);
|
||||||
int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
||||||
int format, int indent);
|
int fmt, int ind);
|
||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@@ -663,7 +665,7 @@ int tlcp_record_set_handshake_server_key_exchange_ecc(uint8_t *record, size_t *r
|
|||||||
const uint8_t *sig, size_t siglen);
|
const uint8_t *sig, size_t siglen);
|
||||||
int tlcp_record_get_handshake_server_key_exchange_ecc(const uint8_t *record,
|
int tlcp_record_get_handshake_server_key_exchange_ecc(const uint8_t *record,
|
||||||
const uint8_t **sig, size_t *siglen);
|
const uint8_t **sig, size_t *siglen);
|
||||||
int tlcp_server_key_exchange_ecc_print(FILE *fp, const uint8_t *sig, size_t siglen, int format, int indent);
|
int tlcp_server_key_exchange_ecc_print(FILE *fp, const uint8_t *sig, size_t siglen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -685,7 +687,7 @@ int tlcp_record_set_handshake_certificate_request(uint8_t *record, size_t *recor
|
|||||||
int tlcp_record_get_handshake_certificate_request(const uint8_t *record,
|
int tlcp_record_get_handshake_certificate_request(const uint8_t *record,
|
||||||
const uint8_t **cert_types, size_t *cert_types_len,
|
const uint8_t **cert_types, size_t *cert_types_len,
|
||||||
const uint8_t **ca_names, size_t *ca_names_len);
|
const uint8_t **ca_names, size_t *ca_names_len);
|
||||||
int tlcp_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tlcp_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
int tls12_record_set_handshake_certificate_request(uint8_t *record, size_t *recordlen,
|
int tls12_record_set_handshake_certificate_request(uint8_t *record, size_t *recordlen,
|
||||||
@@ -696,7 +698,7 @@ int tls12_record_get_handshake_certificate_request(const uint8_t *record,
|
|||||||
const uint8_t **cert_types, size_t *cert_types_len,
|
const uint8_t **cert_types, size_t *cert_types_len,
|
||||||
const uint8_t **sig_algs, size_t *sig_algs_len,
|
const uint8_t **sig_algs, size_t *sig_algs_len,
|
||||||
const uint8_t **ca_names, size_t *ca_names_len);
|
const uint8_t **ca_names, size_t *ca_names_len);
|
||||||
int tls12_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls12_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -704,7 +706,7 @@ int tls12_certificate_request_print(FILE *fp, const uint8_t *data, size_t datale
|
|||||||
|
|
||||||
int tls_record_set_handshake_server_hello_done(uint8_t *record, size_t *recordlen);
|
int tls_record_set_handshake_server_hello_done(uint8_t *record, size_t *recordlen);
|
||||||
int tls_record_get_handshake_server_hello_done(const uint8_t *record);
|
int tls_record_get_handshake_server_hello_done(const uint8_t *record);
|
||||||
int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent);
|
int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind);
|
||||||
|
|
||||||
// ClientKeyExchange
|
// ClientKeyExchange
|
||||||
|
|
||||||
@@ -712,14 +714,15 @@ int tls_record_set_handshake_client_key_exchange_pke(uint8_t *record, size_t *re
|
|||||||
const uint8_t *enced_pms, size_t enced_pms_len);
|
const uint8_t *enced_pms, size_t enced_pms_len);
|
||||||
int tls_record_get_handshake_client_key_exchange_pke(const uint8_t *record,
|
int tls_record_get_handshake_client_key_exchange_pke(const uint8_t *record,
|
||||||
const uint8_t **enced_pms, size_t *enced_pms_len);
|
const uint8_t **enced_pms, size_t *enced_pms_len);
|
||||||
int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent);
|
int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckelen, int fmt, int ind);
|
||||||
int tls_client_key_exchange_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent);
|
int tls_client_key_exchange_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
|
const uint8_t *cke, size_t ckelen);
|
||||||
|
|
||||||
int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
|
int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
|
||||||
const SM2_Z256_POINT *point); // shoulde we use SM2_Z256_POITN?
|
const SM2_Z256_POINT *point); // shoulde we use SM2_Z256_POITN?
|
||||||
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_Z256_POINT *point);
|
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_Z256_POINT *point);
|
||||||
int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
||||||
int format, int indent);
|
int fmt, int ind);
|
||||||
|
|
||||||
// CertificateVerify
|
// CertificateVerify
|
||||||
|
|
||||||
@@ -727,7 +730,7 @@ int tls_record_set_handshake_certificate_verify(uint8_t *record, size_t *recordl
|
|||||||
const uint8_t *sig, size_t siglen);
|
const uint8_t *sig, size_t siglen);
|
||||||
int tls_record_get_handshake_certificate_verify(const uint8_t *record,
|
int tls_record_get_handshake_certificate_verify(const uint8_t *record,
|
||||||
const uint8_t **sig, size_t *siglen);
|
const uint8_t **sig, size_t *siglen);
|
||||||
int tls_certificate_verify_print(FILE *fp, const uint8_t *p, size_t len, int format, int indent);
|
int tls_certificate_verify_print(FILE *fp, const uint8_t *p, size_t len, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -782,7 +785,7 @@ int tls_record_set_handshake_finished(uint8_t *record, size_t *recordlen,
|
|||||||
const uint8_t *verify_data, size_t verify_data_len);
|
const uint8_t *verify_data, size_t verify_data_len);
|
||||||
int tls_record_get_handshake_finished(const uint8_t *record,
|
int tls_record_get_handshake_finished(const uint8_t *record,
|
||||||
const uint8_t **verify_data, size_t *verify_data_len);
|
const uint8_t **verify_data, size_t *verify_data_len);
|
||||||
int tls_finished_print(FILE *fp, const uint8_t *a, size_t len, int format, int indent);
|
int tls_finished_print(FILE *fp, const uint8_t *a, size_t len, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1665,7 +1668,7 @@ int tls13_extensions_print(FILE *fp, int fmt, int ind,
|
|||||||
int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen);
|
int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen);
|
||||||
int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen);
|
int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen);
|
||||||
int tls13_certificate_verify_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
|
int tls13_certificate_verify_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
|
||||||
int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen);
|
int tls13_record_print(FILE *fp, int fmt, int ind, const uint8_t *record, size_t recordlen);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1685,7 +1688,7 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
|
|||||||
|
|
||||||
#ifdef ENABLE_TLS_DEBUG
|
#ifdef ENABLE_TLS_DEBUG
|
||||||
# define tls_trace(s) fprintf(stderr,(s))
|
# define tls_trace(s) fprintf(stderr,(s))
|
||||||
# define tls_record_trace(fp,rec,reclen,fmt,ind) tls_record_print(fp,rec,reclen,fmt,ind)
|
# define tls_record_trace(fp,rec,reclen,fmt,ind) tls_record_print(fp,fmt,ind,0,rec,reclen)
|
||||||
# define tls_encrypted_record_trace(fp,rec,reclen,fmt,ind) tls_encrypted_record_print(fp,rec,reclen,fmt,ind)
|
# define tls_encrypted_record_trace(fp,rec,reclen,fmt,ind) tls_encrypted_record_print(fp,rec,reclen,fmt,ind)
|
||||||
# define tlcp_record_trace(fp,rec,reclen,fmt,ind) tlcp_record_print(fp,fmt,ind,rec,reclen)
|
# define tlcp_record_trace(fp,rec,reclen,fmt,ind) tlcp_record_print(fp,fmt,ind,rec,reclen)
|
||||||
# define tls12_record_trace(fp,rec,reclen,fmt,ind) tls12_record_print(fp,rec,reclen,fmt,ind)
|
# define tls12_record_trace(fp,rec,reclen,fmt,ind) tls12_record_print(fp,rec,reclen,fmt,ind)
|
||||||
@@ -1699,7 +1702,7 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
|
|||||||
# define tls13_record_trace(fp,rec,reclen,fmt,ind)
|
# define tls13_record_trace(fp,rec,reclen,fmt,ind)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent);
|
int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int fmt, int ind);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ extern "C" {
|
|||||||
|
|
||||||
|
|
||||||
#define GMSSL_VERSION_NUM 30200
|
#define GMSSL_VERSION_NUM 30200
|
||||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1051"
|
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1052"
|
||||||
|
|
||||||
int gmssl_version_num(void);
|
int gmssl_version_num(void);
|
||||||
const char *gmssl_version_str(void);
|
const char *gmssl_version_str(void);
|
||||||
|
|||||||
26
src/tlcp.c
26
src/tlcp.c
@@ -44,12 +44,10 @@ const size_t tlcp_cipher_suites_cnt =
|
|||||||
sizeof(tlcp_cipher_suites)/sizeof(tlcp_cipher_suites[0]);
|
sizeof(tlcp_cipher_suites)/sizeof(tlcp_cipher_suites[0]);
|
||||||
|
|
||||||
|
|
||||||
int tlcp_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen)
|
int tlcp_record_print(FILE *fp, int fmt, int ind, const uint8_t *record, size_t recordlen)
|
||||||
{
|
{
|
||||||
// 目前只支持TLCP的ECC公钥加密套件,因此不论用CBC/GCM哪个套件解析都是一样的
|
return tls_record_print(fp, fmt, ind, tlcp_cipher_suites[0],
|
||||||
// 如果未来支持ECDHE套件,可以将函数改为宏,直接传入 (conn->cipher_suite << 8)
|
record, recordlen);
|
||||||
format |= tlcp_cipher_suites[0] << 8;
|
|
||||||
return tls_record_print(fp, record, recordlen, format, indent);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int tlcp_cipher_suite_get(int cipher_suite, const BLOCK_CIPHER **cipher, const DIGEST **digest)
|
static int tlcp_cipher_suite_get(int cipher_suite, const BLOCK_CIPHER **cipher, const DIGEST **digest)
|
||||||
@@ -207,18 +205,18 @@ static int tlcp_server_ecc_params_from_bytes(const uint8_t **server_enc_cert,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tlcp_server_key_exchange_ecc_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tlcp_server_key_exchange_ecc_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
const uint8_t *sig;
|
const uint8_t *sig;
|
||||||
size_t siglen;
|
size_t siglen;
|
||||||
|
|
||||||
format_print(fp, format, indent, "ServerKeyExchange\n");
|
format_print(fp, fmt, ind, "ServerKeyExchange\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
if (tls_uint16array_from_bytes(&sig, &siglen, &data, &datalen) != 1) {
|
if (tls_uint16array_from_bytes(&sig, &siglen, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_bytes(fp, format, indent, "signature", sig, siglen);
|
format_bytes(fp, fmt, ind, "signature", sig, siglen);
|
||||||
if (datalen) {
|
if (datalen) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -2284,7 +2282,7 @@ int tlcp_recv_client_finished(TLS_CONNECT *conn)
|
|||||||
if (tls_compute_verify_data(conn->digest, conn->master_secret, "client finished",
|
if (tls_compute_verify_data(conn->digest, conn->master_secret, "client finished",
|
||||||
&conn->dgst_ctx, local_verify_data) != 1) {
|
&conn->dgst_ctx, local_verify_data) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
tls_send_alert(conn, TLS_alert_internal_error);
|
tlcp_send_alert(conn, TLS_alert_internal_error);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2298,7 +2296,7 @@ int tlcp_recv_client_finished(TLS_CONNECT *conn)
|
|||||||
}
|
}
|
||||||
if (tls_record_protocol(conn->record) != conn->protocol) {
|
if (tls_record_protocol(conn->record) != conn->protocol) {
|
||||||
error_print();
|
error_print();
|
||||||
tls_send_alert(conn, TLS_alert_unexpected_message);
|
tlcp_send_alert(conn, TLS_alert_unexpected_message);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (tlcp_record_decrypt(conn->cipher_suite,
|
if (tlcp_record_decrypt(conn->cipher_suite,
|
||||||
@@ -2306,7 +2304,7 @@ int tlcp_recv_client_finished(TLS_CONNECT *conn)
|
|||||||
conn->client_seq_num, conn->record, conn->recordlen,
|
conn->client_seq_num, conn->record, conn->recordlen,
|
||||||
conn->plain_record, &conn->plain_recordlen) != 1) {
|
conn->plain_record, &conn->plain_recordlen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
tls_send_alert(conn, TLS_alert_bad_record_mac);
|
tlcp_send_alert(conn, TLS_alert_bad_record_mac);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
tls_seq_num_incr(conn->client_seq_num);
|
tls_seq_num_incr(conn->client_seq_num);
|
||||||
@@ -2315,13 +2313,13 @@ int tlcp_recv_client_finished(TLS_CONNECT *conn)
|
|||||||
|
|
||||||
if (tls_record_get_handshake_finished(conn->plain_record, &verify_data, &verify_data_len) != 1) {
|
if (tls_record_get_handshake_finished(conn->plain_record, &verify_data, &verify_data_len) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
tls_send_alert(conn, TLS_alert_unexpected_message);
|
tlcp_send_alert(conn, TLS_alert_unexpected_message);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (verify_data_len != sizeof(local_verify_data)
|
if (verify_data_len != sizeof(local_verify_data)
|
||||||
|| memcmp(verify_data, local_verify_data, sizeof(local_verify_data)) != 0) {
|
|| memcmp(verify_data, local_verify_data, sizeof(local_verify_data)) != 0) {
|
||||||
error_print();
|
error_print();
|
||||||
tls_send_alert(conn, TLS_alert_decrypt_error);
|
tlcp_send_alert(conn, TLS_alert_decrypt_error);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
21
src/tls12.c
21
src/tls12.c
@@ -58,12 +58,10 @@ const size_t tls12_cipher_suites_cnt =
|
|||||||
sizeof(tls12_cipher_suites)/sizeof(tls12_cipher_suites[0]);
|
sizeof(tls12_cipher_suites)/sizeof(tls12_cipher_suites[0]);
|
||||||
|
|
||||||
|
|
||||||
int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent)
|
int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
// 目前只支持TLCP的ECC公钥加密套件,因此不论用哪个套件解析都是一样的
|
return tls_record_print(fp, fmt, ind, tls12_cipher_suites[0],
|
||||||
// 如果未来支持ECDHE套件,可以将函数改为宏,直接传入 (conn->cipher_suite << 8)
|
record, recordlen);
|
||||||
format |= tls12_cipher_suites[0] << 8; // 应该是KeyExchange需要这个参数
|
|
||||||
return tls_record_print(fp, record, recordlen, format, indent);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -233,19 +231,6 @@ int tls12_record_get_handshake_certificate_request(const uint8_t *record,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void tls_clean_record(TLS_CONNECT *conn)
|
void tls_clean_record(TLS_CONNECT *conn)
|
||||||
{
|
{
|
||||||
conn->record_offset = 0;
|
conn->record_offset = 0;
|
||||||
|
|||||||
22
src/tls13.c
22
src/tls13.c
@@ -3846,23 +3846,23 @@ int tls13_handshake_print(FILE *fp, int fmt, int ind, const uint8_t *handshake,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen)
|
int tls13_record_print(FILE *fp, int fmt, int ind, const uint8_t *record, size_t recordlen)
|
||||||
{
|
{
|
||||||
const uint8_t *data;
|
const uint8_t *data;
|
||||||
size_t datalen;
|
size_t datalen;
|
||||||
int protocol;
|
int protocol;
|
||||||
|
|
||||||
format |= TLS_cipher_sm4_gcm_sm3 << 8;
|
fmt |= TLS_cipher_sm4_gcm_sm3 << 8;
|
||||||
|
|
||||||
if (!fp || !record || recordlen < 5) {
|
if (!fp || !record || recordlen < 5) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
protocol = tls_record_protocol(record);
|
protocol = tls_record_protocol(record);
|
||||||
format_print(fp, format, indent, "Record\n"); indent += 4;
|
format_print(fp, fmt, ind, "Record\n"); ind += 4;
|
||||||
format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
format_print(fp, fmt, ind, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
||||||
format_print(fp, format, indent, "Version: %s (%04x)\n", tls_protocol_name(protocol), protocol);
|
format_print(fp, fmt, ind, "Version: %s (%04x)\n", tls_protocol_name(protocol), protocol);
|
||||||
format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
|
format_print(fp, fmt, ind, "Length: %d\n", tls_record_data_length(record));
|
||||||
|
|
||||||
data = tls_record_data(record);
|
data = tls_record_data(record);
|
||||||
datalen = tls_record_data_length(record);
|
datalen = tls_record_data_length(record);
|
||||||
@@ -3872,27 +3872,27 @@ int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
//format_bytes(fp, format, indent, "RecordRawData", data, datalen);
|
//format_bytes(fp, fmt, ind, "RecordRawData", data, datalen);
|
||||||
|
|
||||||
switch (record[0]) {
|
switch (record[0]) {
|
||||||
case TLS_record_handshake:
|
case TLS_record_handshake:
|
||||||
tls13_handshake_print(fp, format, indent, data, datalen);
|
tls13_handshake_print(fp, fmt, ind, data, datalen);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_record_alert:
|
case TLS_record_alert:
|
||||||
if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_alert_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_record_change_cipher_spec:
|
case TLS_record_change_cipher_spec:
|
||||||
if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_change_cipher_spec_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_record_application_data:
|
case TLS_record_application_data:
|
||||||
if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_application_data_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
312
src/tls_trace.c
312
src/tls_trace.c
@@ -435,27 +435,27 @@ int tls_signature_scheme_group_oid(int sig_alg)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_random_print(FILE *fp, const uint8_t random[32], int format, int indent)
|
int tls_random_print(FILE *fp, const uint8_t random[32], int fmt, int ind)
|
||||||
{
|
{
|
||||||
time_t gmt_unix_time = 0;
|
time_t gmt_unix_time = 0;
|
||||||
const uint8_t *cp = random;
|
const uint8_t *cp = random;
|
||||||
size_t len = 4;
|
size_t len = 4;
|
||||||
|
|
||||||
tls_uint32_from_bytes((uint32_t *)&gmt_unix_time, &cp, &len);
|
tls_uint32_from_bytes((uint32_t *)&gmt_unix_time, &cp, &len);
|
||||||
format_print(fp, format, indent, "Random\n");
|
format_print(fp, fmt, ind, "Random\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_print(fp, format, indent, "gmt_unix_time : %s", ctime(&gmt_unix_time));
|
format_print(fp, fmt, ind, "gmt_unix_time : %s", ctime(&gmt_unix_time));
|
||||||
format_bytes(fp, format, indent, "random", random + 4, 28);
|
format_bytes(fp, fmt, ind, "random", random + 4, 28);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int format, int indent)
|
int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int fmt, int ind)
|
||||||
{
|
{
|
||||||
int protocol = ((int)pre_master_secret[0] << 8) | pre_master_secret[1];
|
int protocol = ((int)pre_master_secret[0] << 8) | pre_master_secret[1];
|
||||||
format_print(fp, format, indent, "PreMasterSecret\n");
|
format_print(fp, fmt, ind, "PreMasterSecret\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_print(fp, format, indent, "protocol : %s\n", tls_protocol_name(protocol));
|
format_print(fp, fmt, ind, "protocol : %s\n", tls_protocol_name(protocol));
|
||||||
format_bytes(fp, format, indent, "pre_master_secret", pre_master_secret, 48);
|
format_bytes(fp, fmt, ind, "pre_master_secret", pre_master_secret, 48);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -476,13 +476,16 @@ int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], i
|
|||||||
这个函数需要一个参数表示扩展是在ClientHello还是在ServerHello中
|
这个函数需要一个参数表示扩展是在ClientHello还是在ServerHello中
|
||||||
|
|
||||||
*/
|
*/
|
||||||
int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_extension_print(FILE *fp, int fmt, int ind, int handshake_type, int type,
|
||||||
|
const uint8_t *data, size_t datalen)
|
||||||
{
|
{
|
||||||
const uint8_t *p;
|
const uint8_t *p;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
format_print(fp, format, indent, "%s (%d)\n", tls_extension_name(type), type);
|
(void)handshake_type;
|
||||||
indent += 4;
|
|
||||||
|
format_print(fp, fmt, ind, "%s (%d)\n", tls_extension_name(type), type);
|
||||||
|
ind += 4;
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
// FIXME: 不支持ServerHello
|
// FIXME: 不支持ServerHello
|
||||||
@@ -496,7 +499,7 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
|
|||||||
while (len) {
|
while (len) {
|
||||||
uint16_t proto;
|
uint16_t proto;
|
||||||
tls_uint16_from_bytes(&proto, &p, &len);
|
tls_uint16_from_bytes(&proto, &p, &len);
|
||||||
format_print(fp, format, indent, "%s (%04x)\n",
|
format_print(fp, fmt, ind, "%s (%04x)\n",
|
||||||
tls_protocol_name(proto), proto);
|
tls_protocol_name(proto), proto);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -510,7 +513,7 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
|
|||||||
while (len) {
|
while (len) {
|
||||||
uint16_t curve;
|
uint16_t curve;
|
||||||
tls_uint16_from_bytes(&curve, &p, &len);
|
tls_uint16_from_bytes(&curve, &p, &len);
|
||||||
format_print(fp, format, indent, "%s (%d)\n",
|
format_print(fp, fmt, ind, "%s (%d)\n",
|
||||||
tls_named_curve_name(curve), curve);
|
tls_named_curve_name(curve), curve);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -523,16 +526,16 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
|
|||||||
while (len) {
|
while (len) {
|
||||||
uint8_t point_form;
|
uint8_t point_form;
|
||||||
tls_uint8_from_bytes(&point_form, &p, &len);
|
tls_uint8_from_bytes(&point_form, &p, &len);
|
||||||
format_print(fp, format, indent, "%s (%d)\n",
|
format_print(fp, fmt, ind, "%s (%d)\n",
|
||||||
tls_ec_point_format_name(point_form), point_form);
|
tls_ec_point_format_name(point_form), point_form);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_extension_trusted_ca_keys:
|
case TLS_extension_trusted_ca_keys:
|
||||||
if (datalen == 0) {
|
if (datalen == 0) {
|
||||||
format_bytes(fp, format, indent, "raw_data", data, datalen);
|
format_bytes(fp, fmt, ind, "raw_data", data, datalen);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (tls_trusted_authorities_print(fp, format, indent, data, datalen) != 1) {
|
if (tls_trusted_authorities_print(fp, fmt, ind, data, datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -547,7 +550,7 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
|
|||||||
while (len) {
|
while (len) {
|
||||||
uint16_t sig_alg;
|
uint16_t sig_alg;
|
||||||
tls_uint16_from_bytes(&sig_alg, &p, &len);
|
tls_uint16_from_bytes(&sig_alg, &p, &len);
|
||||||
format_print(fp, format, indent, "%s (%04x)\n",
|
format_print(fp, fmt, ind, "%s (%04x)\n",
|
||||||
tls_signature_scheme_name(sig_alg), sig_alg);
|
tls_signature_scheme_name(sig_alg), sig_alg);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -567,32 +570,34 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "group: %s (%d)\n", tls_named_curve_name(group), group);
|
format_print(fp, fmt, ind, "group: %s (%d)\n", tls_named_curve_name(group), group);
|
||||||
format_bytes(fp, format, indent, "key_exchange", key_exch, key_exch_len);
|
format_bytes(fp, fmt, ind, "key_exchange", key_exch, key_exch_len);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
format_bytes(fp, format, indent, "raw_data", data, datalen);
|
format_bytes(fp, fmt, ind, "raw_data", data, datalen);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_extensions_print(FILE *fp, const uint8_t *exts, size_t extslen, int format, int indent)
|
int tls_extensions_print(FILE *fp, int fmt, int ind, int handshake_type,
|
||||||
|
const uint8_t *exts, size_t extslen)
|
||||||
{
|
{
|
||||||
uint16_t ext_type;
|
uint16_t ext_type;
|
||||||
const uint8_t *ext_data;
|
const uint8_t *ext_data;
|
||||||
size_t ext_datalen;
|
size_t ext_datalen;
|
||||||
|
|
||||||
format_print(fp, format, indent, "Extensions\n");
|
format_print(fp, fmt, ind, "Extensions\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
while (extslen > 0) {
|
while (extslen > 0) {
|
||||||
if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
|
if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
|
||||||
|| tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
|
|| tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (tls_extension_print(fp, ext_type, ext_data, ext_datalen, format, indent) != 1) {
|
if (tls_extension_print(fp, fmt, ind, handshake_type,
|
||||||
|
ext_type, ext_data, ext_datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -600,9 +605,9 @@ int tls_extensions_print(FILE *fp, const uint8_t *exts, size_t extslen, int form
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
format_print(fp, format, indent, "HelloRequest\n");
|
format_print(fp, fmt, ind, "HelloRequest\n");
|
||||||
if (data || datalen > 0) {
|
if (data || datalen > 0) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -610,7 +615,7 @@ int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int f
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
uint16_t protocol;
|
uint16_t protocol;
|
||||||
@@ -622,20 +627,20 @@ int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
|
|||||||
size_t session_id_len, cipher_suites_len, comp_meths_len, exts_len;
|
size_t session_id_len, cipher_suites_len, comp_meths_len, exts_len;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
format_print(fp, format, indent, "ClientHello\n"); indent += 4;
|
format_print(fp, fmt, ind, "ClientHello\n"); ind += 4;
|
||||||
if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto end;
|
if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto end;
|
||||||
format_print(fp, format, indent, "Version: %s (%04x)\n",
|
format_print(fp, fmt, ind, "Version: %s (%04x)\n",
|
||||||
tls_protocol_name(protocol), protocol);
|
tls_protocol_name(protocol), protocol);
|
||||||
if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto end;
|
if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto end;
|
||||||
tls_random_print(fp, random, format, indent);
|
tls_random_print(fp, random, fmt, ind);
|
||||||
if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto end;
|
if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto end;
|
||||||
format_bytes(fp, format, indent, "SessionID", session_id, session_id_len);
|
format_bytes(fp, fmt, ind, "SessionID", session_id, session_id_len);
|
||||||
if (tls_uint16array_from_bytes(&cipher_suites, &cipher_suites_len, &data, &datalen) != 1) goto end;
|
if (tls_uint16array_from_bytes(&cipher_suites, &cipher_suites_len, &data, &datalen) != 1) goto end;
|
||||||
format_print(fp, format, indent, "CipherSuites\n");
|
format_print(fp, fmt, ind, "CipherSuites\n");
|
||||||
while (cipher_suites_len >= 2) {
|
while (cipher_suites_len >= 2) {
|
||||||
uint16_t cipher;
|
uint16_t cipher;
|
||||||
if (tls_uint16_from_bytes(&cipher, &cipher_suites, &cipher_suites_len) != 1) goto end;
|
if (tls_uint16_from_bytes(&cipher, &cipher_suites, &cipher_suites_len) != 1) goto end;
|
||||||
format_print(fp, format, indent + 4, "%s (%04x)\n",
|
format_print(fp, fmt, ind + 4, "%s (%04x)\n",
|
||||||
tls_cipher_suite_name(cipher), cipher);
|
tls_cipher_suite_name(cipher), cipher);
|
||||||
}
|
}
|
||||||
if (cipher_suites_len) {
|
if (cipher_suites_len) {
|
||||||
@@ -643,14 +648,14 @@ int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (tls_uint8array_from_bytes(&comp_meths, &comp_meths_len, &data, &datalen) != 1) goto end;
|
if (tls_uint8array_from_bytes(&comp_meths, &comp_meths_len, &data, &datalen) != 1) goto end;
|
||||||
format_print(fp, format, indent, "CompressionMethods\n");
|
format_print(fp, fmt, ind, "CompressionMethods\n");
|
||||||
for (i = 0; i < comp_meths_len; i++) {
|
for (i = 0; i < comp_meths_len; i++) {
|
||||||
format_print(fp, format, indent + 4, "%s (%d)\n",
|
format_print(fp, fmt, ind + 4, "%s (%d)\n",
|
||||||
tls_compression_method_name(comp_meths[i]), comp_meths[i]);
|
tls_compression_method_name(comp_meths[i]), comp_meths[i]);
|
||||||
}
|
}
|
||||||
if (datalen > 0) {
|
if (datalen > 0) {
|
||||||
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto end;
|
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto end;
|
||||||
tls_extensions_print(fp, exts, exts_len, format, indent);
|
tls_extensions_print(fp, fmt, ind, TLS_handshake_client_hello, exts, exts_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -665,7 +670,7 @@ int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
format_print(fp, format, indent, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
|
format_print(fp, fmt, ind, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
|
||||||
|
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
@@ -696,7 +701,7 @@ end:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
uint16_t protocol;
|
uint16_t protocol;
|
||||||
@@ -707,23 +712,23 @@ int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
|
|||||||
const uint8_t *exts;
|
const uint8_t *exts;
|
||||||
size_t session_id_len, exts_len;
|
size_t session_id_len, exts_len;
|
||||||
|
|
||||||
format_print(fp, format, indent, "ServerHello\n"); indent += 4;
|
format_print(fp, fmt, ind, "ServerHello\n"); ind += 4;
|
||||||
if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto bad;
|
if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto bad;
|
||||||
format_print(fp, format, indent, "Version: %s (%04x)\n",
|
format_print(fp, fmt, ind, "Version: %s (%04x)\n",
|
||||||
tls_protocol_name(protocol), protocol);
|
tls_protocol_name(protocol), protocol);
|
||||||
if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto bad;
|
if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto bad;
|
||||||
tls_random_print(fp, random, format, indent);
|
tls_random_print(fp, random, fmt, ind);
|
||||||
if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto bad;
|
if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto bad;
|
||||||
format_bytes(fp, format, indent, "SessionID", session_id, session_id_len);
|
format_bytes(fp, fmt, ind, "SessionID", session_id, session_id_len);
|
||||||
if (tls_uint16_from_bytes(&cipher_suite, &data, &datalen) != 1) goto bad;
|
if (tls_uint16_from_bytes(&cipher_suite, &data, &datalen) != 1) goto bad;
|
||||||
format_print(fp, format, indent, "CipherSuite: %s (%04x)\n",
|
format_print(fp, fmt, ind, "CipherSuite: %s (%04x)\n",
|
||||||
tls_cipher_suite_name(cipher_suite), cipher_suite);
|
tls_cipher_suite_name(cipher_suite), cipher_suite);
|
||||||
if (tls_uint8_from_bytes(&comp_meth, &data, &datalen) != 1) goto bad;
|
if (tls_uint8_from_bytes(&comp_meth, &data, &datalen) != 1) goto bad;
|
||||||
format_print(fp, format, indent, "CompressionMethod: %s (%d)\n",
|
format_print(fp, fmt, ind, "CompressionMethod: %s (%d)\n",
|
||||||
tls_compression_method_name(comp_meth), comp_meth);
|
tls_compression_method_name(comp_meth), comp_meth);
|
||||||
if (datalen > 0) {
|
if (datalen > 0) {
|
||||||
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto bad;
|
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto bad;
|
||||||
tls_extensions_print(fp, exts, exts_len, format, indent);
|
tls_extensions_print(fp, fmt, ind, TLS_handshake_server_hello, exts, exts_len);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
bad:
|
bad:
|
||||||
@@ -731,7 +736,7 @@ bad:
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
const uint8_t *certs;
|
const uint8_t *certs;
|
||||||
size_t certslen;
|
size_t certslen;
|
||||||
@@ -747,7 +752,7 @@ int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int for
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
(void)x509_cert_print(fp, format, indent, "Certificate", der, derlen);
|
(void)x509_cert_print(fp, fmt, ind, "Certificate", der, derlen);
|
||||||
(void)x509_cert_to_pem(der, derlen, fp);
|
(void)x509_cert_to_pem(der, derlen, fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -759,7 +764,7 @@ int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int for
|
|||||||
}
|
}
|
||||||
|
|
||||||
int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
||||||
int format, int indent)
|
int fmt, int ind)
|
||||||
{
|
{
|
||||||
uint8_t curve_type;
|
uint8_t curve_type;
|
||||||
uint16_t curve;
|
uint16_t curve;
|
||||||
@@ -769,38 +774,38 @@ int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t da
|
|||||||
const uint8_t *sig;
|
const uint8_t *sig;
|
||||||
size_t siglen;
|
size_t siglen;
|
||||||
|
|
||||||
format_print(fp, format, indent, "ServerKeyExchange\n");
|
format_print(fp, fmt, ind, "ServerKeyExchange\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_print(fp, format, indent, "ServerECDHParams\n");
|
format_print(fp, fmt, ind, "ServerECDHParams\n");
|
||||||
format_print(fp, format, indent + 4, "curve_params\n");
|
format_print(fp, fmt, ind + 4, "curve_params\n");
|
||||||
if (tls_uint8_from_bytes(&curve_type, &data, &datalen) != 1) {
|
if (tls_uint8_from_bytes(&curve_type, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent + 8, "curve_type: %s (%d)\n",
|
format_print(fp, fmt, ind + 8, "curve_type: %s (%d)\n",
|
||||||
tls_curve_type_name(curve_type), curve_type);
|
tls_curve_type_name(curve_type), curve_type);
|
||||||
if (tls_uint16_from_bytes(&curve, &data, &datalen) != 1) {
|
if (tls_uint16_from_bytes(&curve, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent + 8, "named_curve: %s (%d)\n",
|
format_print(fp, fmt, ind + 8, "named_curve: %s (%d)\n",
|
||||||
tls_named_curve_name(curve), curve);
|
tls_named_curve_name(curve), curve);
|
||||||
if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
|
if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_bytes(fp, format, indent + 4, "point", octets, octetslen);
|
format_bytes(fp, fmt, ind + 4, "point", octets, octetslen);
|
||||||
if (tls_uint16_from_bytes(&sig_alg, &data, &datalen) != 1) {
|
if (tls_uint16_from_bytes(&sig_alg, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "SignatureScheme: %s (%04x)\n",
|
format_print(fp, fmt, ind, "SignatureScheme: %s (%04x)\n",
|
||||||
tls_signature_scheme_name(sig_alg), sig_alg);
|
tls_signature_scheme_name(sig_alg), sig_alg);
|
||||||
if (tls_uint16array_from_bytes(&sig, &siglen, &data, &datalen) != 1) {
|
if (tls_uint16array_from_bytes(&sig, &siglen, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_bytes(fp, format, indent, "Siganture", sig, siglen);
|
format_bytes(fp, fmt, ind, "Siganture", sig, siglen);
|
||||||
if (datalen > 0) {
|
if (datalen > 0) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -810,18 +815,17 @@ int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t da
|
|||||||
|
|
||||||
//
|
//
|
||||||
// 这个函数依赖输入的cipher_suite,才能判断如何解析ServerKeyExchange
|
// 这个函数依赖输入的cipher_suite,才能判断如何解析ServerKeyExchange
|
||||||
// 显然这个信息无法通过基础的format提供了,并且这个底层的信息一直需要从最上层提供,这就非常不好了
|
// 显然这个信息无法通过基础的fmt提供了,并且这个底层的信息一直需要从最上层提供,这就非常不好了
|
||||||
// 目前来看,cipher_suite是否能够提供足够的信息呢?
|
// 目前来看,cipher_suite是否能够提供足够的信息呢?
|
||||||
// ServerKeyExchange, ClientKeyExchange的格式是由cipher_suite决定的
|
// ServerKeyExchange, ClientKeyExchange的格式是由cipher_suite决定的
|
||||||
|
|
||||||
int tls_server_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_server_key_exchange_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
|
const uint8_t *data, size_t datalen)
|
||||||
{
|
{
|
||||||
int cipher_suite = (format >> 8) & 0xffff;
|
|
||||||
|
|
||||||
switch (cipher_suite) {
|
switch (cipher_suite) {
|
||||||
case TLS_cipher_ecc_sm4_cbc_sm3:
|
case TLS_cipher_ecc_sm4_cbc_sm3:
|
||||||
case TLS_cipher_ecc_sm4_gcm_sm3:
|
case TLS_cipher_ecc_sm4_gcm_sm3:
|
||||||
if (tlcp_server_key_exchange_ecc_print(fp, data, datalen, format, indent) != 1) {
|
if (tlcp_server_key_exchange_ecc_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -830,7 +834,7 @@ int tls_server_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen,
|
|||||||
case TLS_cipher_ecdhe_sm4_gcm_sm3:
|
case TLS_cipher_ecdhe_sm4_gcm_sm3:
|
||||||
case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
|
case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
|
||||||
case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
|
case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
|
||||||
if (tls_server_key_exchange_ecdhe_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_server_key_exchange_ecdhe_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -868,21 +872,21 @@ int tls_certificate_subjects_print(FILE *fp, int fmt, int ind, const char *label
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
const uint8_t *cert_types;
|
const uint8_t *cert_types;
|
||||||
const uint8_t *ca_names;
|
const uint8_t *ca_names;
|
||||||
size_t cert_types_len, ca_names_len;
|
size_t cert_types_len, ca_names_len;
|
||||||
|
|
||||||
format_print(fp, format, indent, "CertificateRequest\n"); indent += 4;
|
format_print(fp, fmt, ind, "CertificateRequest\n"); ind += 4;
|
||||||
if (tls_uint8array_from_bytes(&cert_types, &cert_types_len, &data, &datalen) != 1) goto bad;
|
if (tls_uint8array_from_bytes(&cert_types, &cert_types_len, &data, &datalen) != 1) goto bad;
|
||||||
format_print(fp, format, indent, "cert_types\n");
|
format_print(fp, fmt, ind, "cert_types\n");
|
||||||
while (cert_types_len--) {
|
while (cert_types_len--) {
|
||||||
int cert_type = *cert_types++;
|
int cert_type = *cert_types++;
|
||||||
format_print(fp, format, indent + 4, "%s (%d)\n", tls_cert_type_name(cert_type), cert_type);
|
format_print(fp, fmt, ind + 4, "%s (%d)\n", tls_cert_type_name(cert_type), cert_type);
|
||||||
}
|
}
|
||||||
if (tls_uint16array_from_bytes(&ca_names, &ca_names_len, &data, &datalen) != 1) goto bad;
|
if (tls_uint16array_from_bytes(&ca_names, &ca_names_len, &data, &datalen) != 1) goto bad;
|
||||||
tls_certificate_subjects_print(fp, format, indent, "CAnames", ca_names, ca_names_len);
|
tls_certificate_subjects_print(fp, fmt, ind, "CAnames", ca_names, ca_names_len);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
bad:
|
bad:
|
||||||
@@ -890,7 +894,7 @@ bad:
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
if (datalen > 0) {
|
if (datalen > 0) {
|
||||||
error_print();
|
error_print();
|
||||||
@@ -899,7 +903,7 @@ int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, i
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
const uint8_t *enced_pms;
|
const uint8_t *enced_pms;
|
||||||
size_t enced_pms_len;
|
size_t enced_pms_len;
|
||||||
@@ -908,23 +912,23 @@ int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *data, size_t data
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_bytes(fp, format, indent, "EncryptedPreMasterSecret", enced_pms, enced_pms_len);
|
format_bytes(fp, fmt, ind, "EncryptedPreMasterSecret", enced_pms, enced_pms_len);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
|
||||||
int format, int indent)
|
int fmt, int ind)
|
||||||
{
|
{
|
||||||
const uint8_t *octets;
|
const uint8_t *octets;
|
||||||
size_t octetslen;
|
size_t octetslen;
|
||||||
|
|
||||||
format_print(fp, format, indent, "ClientKeyExchange\n");
|
format_print(fp, fmt, ind, "ClientKeyExchange\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
|
if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_bytes(fp, format, indent, "ecdh_Yc", octets, octetslen);
|
format_bytes(fp, fmt, ind, "ecdh_Yc", octets, octetslen);
|
||||||
if (datalen > 0) {
|
if (datalen > 0) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -932,13 +936,13 @@ int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t da
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_client_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_client_key_exchange_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
|
const uint8_t *data, size_t datalen)
|
||||||
{
|
{
|
||||||
int cipher_suite = (format >> 8) & 0xffff;
|
|
||||||
switch (cipher_suite) {
|
switch (cipher_suite) {
|
||||||
case TLS_cipher_ecc_sm4_cbc_sm3:
|
case TLS_cipher_ecc_sm4_cbc_sm3:
|
||||||
case TLS_cipher_ecc_sm4_gcm_sm3:
|
case TLS_cipher_ecc_sm4_gcm_sm3:
|
||||||
if (tls_client_key_exchange_pke_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_client_key_exchange_pke_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -947,7 +951,7 @@ int tls_client_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen,
|
|||||||
case TLS_cipher_ecdhe_sm4_gcm_sm3:
|
case TLS_cipher_ecdhe_sm4_gcm_sm3:
|
||||||
case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
|
case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
|
||||||
case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
|
case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
|
||||||
if (tls_client_key_exchange_ecdhe_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_client_key_exchange_ecdhe_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -966,43 +970,44 @@ struct {
|
|||||||
opaque signature<0..2^16-1>;
|
opaque signature<0..2^16-1>;
|
||||||
} DigitallySigned;
|
} DigitallySigned;
|
||||||
*/
|
*/
|
||||||
int tls_certificate_verify_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_certificate_verify_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
format_print(fp, format, indent, "CertificateVerify\n");
|
format_print(fp, fmt, ind, "CertificateVerify\n");
|
||||||
format_bytes(fp, format, indent + 4, "Signature", data, datalen);
|
format_bytes(fp, fmt, ind + 4, "Signature", data, datalen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_finished_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_finished_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
format_print(fp, format, indent, "Finished\n");
|
format_print(fp, fmt, ind, "Finished\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_bytes(fp, format, indent, "verify_data", data, datalen);
|
format_bytes(fp, fmt, ind, "verify_data", data, datalen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int tls_handshake_print(FILE *fp, int fmt, int ind, int protocol, int cipher_suite,
|
||||||
// 这个是有问题的,因为TLS 1.3的证书和TLS 1.2是不一样的
|
const uint8_t *handshake, size_t handshakelen)
|
||||||
int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent)
|
|
||||||
{
|
{
|
||||||
const uint8_t *cp = handshake;
|
const uint8_t *cp = handshake;
|
||||||
uint8_t type;
|
uint8_t type;
|
||||||
const uint8_t *data;
|
const uint8_t *data;
|
||||||
uint24_t datalen;
|
uint24_t datalen;
|
||||||
|
|
||||||
format_print(fp, format, indent, "Handshake\n");
|
(void)protocol;
|
||||||
indent += 4;
|
|
||||||
|
format_print(fp, fmt, ind, "Handshake\n");
|
||||||
|
ind += 4;
|
||||||
|
|
||||||
if (tls_uint8_from_bytes(&type, &cp, &handshakelen) != 1) {
|
if (tls_uint8_from_bytes(&type, &cp, &handshakelen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "Type: %s (%d)\n", tls_handshake_type_name(type), type);
|
format_print(fp, fmt, ind, "Type: %s (%d)\n", tls_handshake_type_name(type), type);
|
||||||
if (tls_uint24_from_bytes(&datalen, &cp, &handshakelen) != 1) {
|
if (tls_uint24_from_bytes(&datalen, &cp, &handshakelen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "Length: %"PRIu32"\n", datalen);
|
format_print(fp, fmt, ind, "Length: %"PRIu32"\n", datalen);
|
||||||
|
|
||||||
if (tls_array_from_bytes(&data, datalen, &cp, &handshakelen) != 1) {
|
if (tls_array_from_bytes(&data, datalen, &cp, &handshakelen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
@@ -1010,38 +1015,38 @@ int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen,
|
|||||||
}
|
}
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case TLS_handshake_hello_request:
|
case TLS_handshake_hello_request:
|
||||||
if (tls_hello_request_print(fp, data, datalen, format, indent) != 1)
|
if (tls_hello_request_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_client_hello:
|
case TLS_handshake_client_hello:
|
||||||
if (tls_client_hello_print(fp, data, datalen, format, indent) != 1)
|
if (tls_client_hello_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_server_hello:
|
case TLS_handshake_server_hello:
|
||||||
if (tls_server_hello_print(fp, data, datalen, format, indent) != 1)
|
if (tls_server_hello_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_encrypted_extensions:
|
case TLS_handshake_encrypted_extensions:
|
||||||
tls13_encrypted_extensions_print(fp, format, indent, data, datalen);
|
tls13_encrypted_extensions_print(fp, fmt, ind, data, datalen);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLS_handshake_certificate:
|
case TLS_handshake_certificate:
|
||||||
if (tls_certificate_print(fp, data, datalen, format, indent) != 1)
|
if (tls_certificate_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_server_key_exchange:
|
case TLS_handshake_server_key_exchange:
|
||||||
if (tls_server_key_exchange_print(fp, data, datalen, format, indent) != 1)
|
if (tls_server_key_exchange_print(fp, fmt, ind, cipher_suite, data, datalen) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_certificate_request:
|
case TLS_handshake_certificate_request:
|
||||||
if (tls_certificate_request_print(fp, data, datalen, format, indent) != 1)
|
if (tls_certificate_request_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_server_hello_done:
|
case TLS_handshake_server_hello_done:
|
||||||
if (tls_server_hello_done_print(fp, data, datalen, format, indent) != 1)
|
if (tls_server_hello_done_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_client_key_exchange:
|
case TLS_handshake_client_key_exchange:
|
||||||
if (tls_client_key_exchange_print(fp, data, datalen, format, indent) != 1)
|
if (tls_client_key_exchange_print(fp, fmt, ind, cipher_suite, data, datalen) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_certificate_verify:
|
case TLS_handshake_certificate_verify:
|
||||||
if (tls_certificate_verify_print(fp, data, datalen, format, indent) != 1)
|
if (tls_certificate_verify_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
case TLS_handshake_finished:
|
case TLS_handshake_finished:
|
||||||
if (tls_finished_print(fp, data, datalen, format, indent) != 1)
|
if (tls_finished_print(fp, data, datalen, fmt, ind) != 1)
|
||||||
{ error_print(); return -1; } break;
|
{ error_print(); return -1; } break;
|
||||||
default:
|
default:
|
||||||
error_print();
|
error_print();
|
||||||
@@ -1050,52 +1055,37 @@ int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
if (datalen != 2) {
|
if (datalen != 2) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "Alert:\n");
|
format_print(fp, fmt, ind, "Alert:\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_print(fp, format, indent, "Level: %s (%d)\n", tls_alert_level_name(data[0]), data[0]);
|
format_print(fp, fmt, ind, "Level: %s (%d)\n", tls_alert_level_name(data[0]), data[0]);
|
||||||
format_print(fp, format, indent, "Reason: %s (%d)\n", tls_alert_description_text(data[1]), data[1]);
|
format_print(fp, fmt, ind, "Reason: %s (%d)\n", tls_alert_description_text(data[1]), data[1]);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
if (datalen != 1) {
|
if (datalen != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
format_print(fp, format, indent, "ChangeCipherSpec\n");
|
format_print(fp, fmt, ind, "ChangeCipherSpec\n");
|
||||||
indent += 4;
|
ind += 4;
|
||||||
format_print(fp, format, indent, "type : %s (%d)\n", tls_change_cipher_spec_text(data[0]), data[0]);
|
format_print(fp, fmt, ind, "type : %s (%d)\n", tls_change_cipher_spec_text(data[0]), data[0]);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
|
int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
format_bytes(fp, format, indent, "ApplicationData", data, datalen);
|
format_bytes(fp, fmt, ind, "ApplicationData", data, datalen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// FIXME: 根据RFC来考虑这个函数的参数,从底向上逐步修改每个函数的接口参数
|
|
||||||
|
|
||||||
|
|
||||||
// 当消息为ClientKeyExchange,ServerKeyExchange,需要密码套件中的密钥交换算法信息
|
|
||||||
// 当消息为加密的Finished,记录类型为Handshake,但是记录负载数据中没有Handshake头
|
|
||||||
// 注意:这里的recordlen 是冗余的,要容忍recordlen的错误
|
|
||||||
//
|
|
||||||
// supported_versions 的格式由handshake_type 是否为ClientHello, ServerHello 决定
|
|
||||||
// record中是包含这个信息的,但是在exts中没有这个信息
|
|
||||||
|
|
||||||
int tls_connect_print(FILE *fp, int fmt, int ind, const char *label, const TLS_CONNECT *conn)
|
int tls_connect_print(FILE *fp, int fmt, int ind, const char *label, const TLS_CONNECT *conn)
|
||||||
{
|
{
|
||||||
const uint8_t *cert;
|
const uint8_t *cert;
|
||||||
@@ -1136,25 +1126,26 @@ int tls_connect_print(FILE *fp, int fmt, int ind, const char *label, const TLS_C
|
|||||||
|
|
||||||
int tls_print_record(FILE *fp, int fmt, int ind, const char *label, TLS_CONNECT *conn)
|
int tls_print_record(FILE *fp, int fmt, int ind, const char *label, TLS_CONNECT *conn)
|
||||||
{
|
{
|
||||||
tls_record_print(fp, conn->record, conn->recordlen, fmt, ind);
|
tls_record_print(fp, fmt, ind, conn->cipher_suite, conn->record, conn->recordlen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent)
|
int tls_record_print(FILE *fp, int fmt, int ind, int cipher_suite,
|
||||||
|
const uint8_t *record, size_t recordlen)
|
||||||
{
|
{
|
||||||
const uint8_t *data;
|
const uint8_t *data;
|
||||||
size_t datalen;
|
size_t datalen;
|
||||||
int protocol;
|
int record_protocol;
|
||||||
|
|
||||||
if (!fp || !record || recordlen < 5) {
|
if (!fp || !record || recordlen < 5) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
protocol = tls_record_protocol(record);
|
record_protocol = tls_record_protocol(record);
|
||||||
format_print(fp, format, indent, "Record\n"); indent += 4;
|
format_print(fp, fmt, ind, "Record\n"); ind += 4;
|
||||||
format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
format_print(fp, fmt, ind, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
||||||
format_print(fp, format, indent, "Version: %s (%04x)\n", tls_protocol_name(protocol), protocol);
|
format_print(fp, fmt, ind, "Version: %s (%04x)\n", tls_protocol_name(record_protocol), record_protocol);
|
||||||
format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
|
format_print(fp, fmt, ind, "Length: %d\n", tls_record_data_length(record));
|
||||||
|
|
||||||
data = tls_record_data(record);
|
data = tls_record_data(record);
|
||||||
datalen = tls_record_data_length(record);
|
datalen = tls_record_data_length(record);
|
||||||
@@ -1166,25 +1157,26 @@ int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int for
|
|||||||
|
|
||||||
switch (record[0]) {
|
switch (record[0]) {
|
||||||
case TLS_record_handshake:
|
case TLS_record_handshake:
|
||||||
if (tls_handshake_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_handshake_print(fp, fmt, ind, record_protocol,
|
||||||
|
cipher_suite, data, datalen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_record_alert:
|
case TLS_record_alert:
|
||||||
if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_alert_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_record_change_cipher_spec:
|
case TLS_record_change_cipher_spec:
|
||||||
if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_change_cipher_spec_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TLS_record_application_data:
|
case TLS_record_application_data:
|
||||||
if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
|
if (tls_application_data_print(fp, data, datalen, fmt, ind) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1208,25 +1200,25 @@ int tls_secrets_print(FILE *fp,
|
|||||||
const uint8_t client_random[32], const uint8_t server_random[32],
|
const uint8_t client_random[32], const uint8_t server_random[32],
|
||||||
const uint8_t master_secret[48],
|
const uint8_t master_secret[48],
|
||||||
const uint8_t *key_block, size_t key_block_len,
|
const uint8_t *key_block, size_t key_block_len,
|
||||||
int format, int indent)
|
int fmt, int ind)
|
||||||
{
|
{
|
||||||
// 应该检查一下key_block_len的值,判断是否支持,或者算法选择, 或者要求输入一个cipher_suite参数
|
// 应该检查一下key_block_len的值,判断是否支持,或者算法选择, 或者要求输入一个cipher_suite参数
|
||||||
// 这个函数不支持GCM模式套件,使用GCM模式时key_block_len更短
|
// 这个函数不支持GCM模式套件,使用GCM模式时key_block_len更短
|
||||||
// 可以考虑通过key_block_len判断CBC还是GCM,或者在参数上增加cipher_suite
|
// 可以考虑通过key_block_len判断CBC还是GCM,或者在参数上增加cipher_suite
|
||||||
// FIXME: 如果增加了GCM套件,需要更新这个函数
|
// FIXME: 如果增加了GCM套件,需要更新这个函数
|
||||||
format_bytes(stderr, format, indent, "pre_master_secret", pre_master_secret, pre_master_secret_len);
|
format_bytes(stderr, fmt, ind, "pre_master_secret", pre_master_secret, pre_master_secret_len);
|
||||||
format_bytes(stderr, format, indent, "client_random", client_random, 32);
|
format_bytes(stderr, fmt, ind, "client_random", client_random, 32);
|
||||||
format_bytes(stderr, format, indent, "server_random", server_random, 32);
|
format_bytes(stderr, fmt, ind, "server_random", server_random, 32);
|
||||||
format_bytes(stderr, format, indent, "master_secret", master_secret, 48);
|
format_bytes(stderr, fmt, ind, "master_secret", master_secret, 48);
|
||||||
format_bytes(stderr, format, indent, "client_write_mac_key", key_block, 32);
|
format_bytes(stderr, fmt, ind, "client_write_mac_key", key_block, 32);
|
||||||
format_bytes(stderr, format, indent, "server_write_mac_key", key_block + 32, 32);
|
format_bytes(stderr, fmt, ind, "server_write_mac_key", key_block + 32, 32);
|
||||||
format_bytes(stderr, format, indent, "client_write_enc_key", key_block + 64, 16);
|
format_bytes(stderr, fmt, ind, "client_write_enc_key", key_block + 64, 16);
|
||||||
format_bytes(stderr, format, indent, "server_write_enc_key", key_block + 80, 16);
|
format_bytes(stderr, fmt, ind, "server_write_enc_key", key_block + 80, 16);
|
||||||
format_print(stderr, format, indent, "\n");
|
format_print(stderr, fmt, ind, "\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent)
|
int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int fmt, int ind)
|
||||||
{
|
{
|
||||||
int protocol;
|
int protocol;
|
||||||
|
|
||||||
@@ -1236,11 +1228,11 @@ int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordle
|
|||||||
}
|
}
|
||||||
|
|
||||||
protocol = tls_record_protocol(record);
|
protocol = tls_record_protocol(record);
|
||||||
format_print(fp, format, indent, "EncryptedRecord\n"); indent += 4;
|
format_print(fp, fmt, ind, "EncryptedRecord\n"); ind += 4;
|
||||||
format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
format_print(fp, fmt, ind, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
|
||||||
format_print(fp, format, indent, "Version: %s (%04x)\n", tls_protocol_name(protocol), protocol);
|
format_print(fp, fmt, ind, "Version: %s (%04x)\n", tls_protocol_name(protocol), protocol);
|
||||||
format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
|
format_print(fp, fmt, ind, "Length: %d\n", tls_record_data_length(record));
|
||||||
format_bytes(fp, format, indent, "EncryptedData", tls_record_data(record), tls_record_data_length(record));
|
format_bytes(fp, fmt, ind, "EncryptedData", tls_record_data(record), tls_record_data_length(record));
|
||||||
|
|
||||||
fprintf(fp, "\n");
|
fprintf(fp, "\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
Reference in New Issue
Block a user