abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-13 08:23:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLS 1.3 HelloRetryRequest, add CipherCipherSpec

Browse Source 
Use same handshake type of ServerHello, add ChangeCipherSpec, compatible with OpeNSSL
This commit is contained in:
Zhi Guan
2026-05-24 20:17:43 +08:00
parent 020896dbd0
commit 828a93e907
6 changed files with 1276 additions and 1491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
include/gmssl/tls.h
View File

@@ -228,7 +228,7 @@ typedef enum {
TLS_extension_early_data = 42,
TLS_extension_supported_versions = 43,
TLS_extension_cookie = 44,
TLS_extension_psk_key_exchange_modes = 46,
TLS_extension_psk_key_exchange_modes = 45,
TLS_extension_certificate_authorities = 47,
TLS_extension_oid_filters = 48,
TLS_extension_post_handshake_auth = 49,
@@ -278,6 +278,13 @@ typedef enum {
TLS_curve_brainpoolp384r1tls13 = 32,
TLS_curve_brainpoolp512r1tls13 = 33,
TLS_curve_sm2p256v1 = 41, // GmSSLv2: 30
TLS_curve_ffdhe2048 = 256,
TLS_curve_ffdhe3072 = 257,
TLS_curve_ffdhe4096 = 258,
TLS_curve_secp256r1mlkem768 = 4587,
TLS_curve_x25519mlkem768 = 4588,
TLS_curve_secp384r1mlkem1024 = 4589,
TLS_curve_sm22mlkem768 = 4590,
} TLS_NAMED_CURVE;
const char *tls_named_curve_name(int named_curve);
@@ -308,6 +315,9 @@ typedef enum {
TLS_sig_ecdsa_brainpoolP256r1tls13_sha256 = 0x081A,
TLS_sig_ecdsa_brainpoolP384r1tls13_sha384 = 0x081B,
TLS_sig_ecdsa_brainpoolP512r1tls13_sha512 = 0x081C,
TLS_sig_mldsa44 = 0x0904,
TLS_sig_mldsa65 = 0x0905,
TLS_sig_mldsa87 = 0x0906,
} TLS_SIGNATURE_SCHEME;
const char *tls_signature_scheme_name(int scheme);
@@ -339,7 +349,6 @@ typedef enum {
const char *tls_alert_level_name(int level);
typedef enum {
TLS_alert_close_notify = 0,
TLS_alert_unexpected_message = 10,
@@ -363,11 +372,17 @@ typedef enum {
TLS_alert_protocol_version = 70,
TLS_alert_insufficient_security = 71,
TLS_alert_internal_error = 80,
TLS_alert_inappropriate_fallback = 86,
TLS_alert_user_canceled = 90,
TLS_alert_no_renegotiation = 100,
TLS_alert_missing_extension = 109,
TLS_alert_unsupported_extension = 110,
TLS_alert_certificate_unobtainable = 111,
TLS_alert_certificate_unobtainable = 111,
TLS_alert_unrecognized_name = 112,
TLS_alert_bad_certificate_status_response = 113,
TLS_alert_unknown_psk_identity = 115,
TLS_alert_certificate_required = 116,
TLS_alert_no_application_protocol = 120,
TLS_alert_unsupported_site2site = 200,
TLS_alert_no_area = 201,
TLS_alert_unsupported_areatype = 202,
@@ -559,11 +574,13 @@ int tls_server_hello_print(FILE *fp, const uint8_t *server_hello, size_t len, in
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen);
int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen);
int tls_process_server_exts(const uint8_t *exts, size_t extslen,
int *ec_point_format, int *supported_group, int *signature_algor);
// Certificate
int tls_record_set_handshake_certificate(uint8_t *record, size_t *recordlen,
const uint8_t *certs, size_t certslen);
@@ -770,9 +787,14 @@ typedef struct {
size_t cacertslen;
int verify_depth;
// ChangeCipherSpec in TLS 1.3
int change_cipher_spec;
// CertificateRequest
int certificate_request;
int client_certificate_optional; // if empty client Certificate is allowed
// TODO: 还没有设置的函数
// NewSessionTicket
int new_session_ticket;
@@ -829,7 +851,7 @@ typedef struct {
int cookie;
SM4_KEY cookie_key;
// 46. psk_key_exchange_modes
// 45. psk_key_exchange_modes
int psk_key_exchange_modes;
// 47. certificate_authorities
@@ -1162,7 +1184,7 @@ typedef struct {
uint8_t cookie_buf[256];
size_t cookie_len;
// 46. psk_key_exchange_modes
// 45. psk_key_exchange_modes
// in ClientHello;
// 47. certificate_authorities
@@ -1777,6 +1799,7 @@ int tls_process_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
// 11. ec_point_format
int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt,
uint8_t **out, size_t *outlen);
int tls_ec_point_formats_print(FILE *fp, int fmt, int ind, const uint8_t *ext_data, size_t ext_datalen);
int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen);
int tls_process_server_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen);
@@ -1903,7 +1926,7 @@ int tls13_cookie_print(FILE *fp, int fmt, int ind, const uint8_t *ext_data, size
int tls13_ctx_set_cookie_key(TLS_CTX *ctx, const uint8_t *cookie_key, size_t cookie_key_len);
// 46. psk_key_exchange_modes
// 45. psk_key_exchange_modes
enum {
TLS_psk_ke = 0,

28
src/tls.c
View File

@@ -2265,6 +2265,9 @@ int tls_ctx_init(TLS_CTX *ctx, int protocol, int is_client)
ctx->key_exchanges_cnt = TLS_DEFAULT_KEY_EXCHANGES_CNT;
ctx->change_cipher_spec = 1;
return 1;
}
@@ -2962,4 +2965,29 @@ int tls_uint16array_from_file(uint8_t *arr, size_t *arrlen, size_t maxlen, FILE
}
int tls_key_exchange_modes_print(FILE *fp, int fmt, int ind, const char *label, int modes)
{
int first = 1;
format_print(fp, fmt, ind, "%s:", label);
if (modes & TLS_KE_CERT_DHE) {
fprintf(fp, " CERT_DHE");
first = 0;
}
if (modes & TLS_KE_PSK_DHE) {
if (first)
fprintf(fp, " PSK_DHE");
else fprintf(fp, "|PSK_DHE");
first = 0;
}
if (modes & TLS_KE_PSK) {
if (first)
fprintf(fp, " PSK");
else fprintf(fp, "|PSK");
}
fprintf(fp, "\n");
return 1;
}

2408
src/tls13.c
View File

File diff suppressed because it is too large Load Diff

269
src/tls_ext.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -24,21 +24,79 @@
#include <gmssl/tls.h>
/*
ec_point_formats
int tls_ext_to_bytes(int ext_type, const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen)
{
if (!tls_extension_name(ext_type)) {
error_print();
return -1;
}
struct {
if (!outlen) {
error_print();
return -1;
}
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16array_to_bytes(ext_data, ext_datalen, out, outlen);
return 1;
}
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen)
{
uint16_t ext_type;
if (!type || !data || !datalen || !in || !(*in) || !inlen) {
error_print();
return -1;
}
if (tls_uint16_from_bytes(&ext_type, in, inlen) != 1
|| tls_uint16array_from_bytes(data, datalen, in, inlen) != 1) {
error_print();
return -1;
}
if (!tls_extension_name(ext_type)) {
warning_print();
}
*type = ext_type;
return 1;
}
/*
11. ec_point_formats
struct {
ECPointFormat ec_point_format_list<1..2^8-1>
} ECPointFormatList;
} ECPointFormatList;
Example:
ext_type: 0x00,0x0B (ec_point_formats)
ext_length: 0x00,0x02
ec_point_format_list_len: 0x01
ec_point_format_list: 0x00 (uncompressed)
*/
int tls_ec_point_formats_print(FILE *fp, int fmt, int ind, const uint8_t *ext_data, size_t ext_datalen)
{
const uint8_t *ec_point_format_list;
size_t ec_point_format_list_len;
size_t i;
format_print(fp, fmt, ind, "ec_point_format_list\n");
ind += 4;
if (tls_uint8array_from_bytes(&ec_point_format_list, &ec_point_format_list_len, &ext_data, &ext_datalen) != 1) {
error_print();
return -1;
}
for (i = 0; i < ec_point_format_list_len; i++) {
format_print(fp, fmt, ind, "%s (%d)\n",
tls_ec_point_format_name(ec_point_format_list[i]), ec_point_format_list[i]);
}
return 1;
}
int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt,
uint8_t **out, size_t *outlen)
{
@@ -287,11 +345,16 @@ int tls_supported_groups_print(FILE *fp, int fmt, int ind, const uint8_t *d, siz
}
while (groups_len) {
uint16_t group;
const char *name;
if (tls_uint16_from_bytes(&group, &groups, &groups_len) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "%s (%04x)\n", tls_named_curve_name(group), group);
name = tls_named_curve_name(group);
if (!name) {
name = "(unknown)";
}
format_print(fp, fmt, ind, "%s (%04x)\n", name, group);
}
if (dlen) {
error_print();
@@ -370,33 +433,6 @@ int tls_enable_signature_algorithms_cert(TLS_CONNECT *conn)
return 1;
}
/*
int tls_signature_algorithms_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
if (tls_signature_algorithms_print_ex(fp, fmt, ind, "signature_algorithms", d, dlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls13_signature_algorithms_cert_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
if (tls_signature_algorithms_print_ex(fp, fmt, ind, "signature_algorithms_cert", d, dlen) != 1) {
error_print();
return -1;
}
return 1;
}
*/
int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt,
uint8_t **out, size_t *outlen)
{
@@ -558,124 +594,6 @@ static int tls_server_parameter_select(const int *server_params, size_t server_p
return 0;
}
/*
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_Z256_POINT *point)
{
uint16_t group;
const uint8_t *key_exchange;
size_t key_exchange_len;
if (!point) {
error_print();
return -1;
}
if (tls_uint16_from_bytes(&group, &ext_data, &ext_datalen) != 1
|| tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (group != TLS_curve_sm2p256v1) {
error_print();
return -1;
}
if (key_exchange_len != 65) {
error_print();
return -1;
}
if (sm2_z256_point_from_octets(point, key_exchange, key_exchange_len) != 1) {
error_print();
return -1;
}
return 1;
}
*/
/*
如果客户端提供的key_share满足服务器支持的group那么就缓存这个key_share任务完成
否则如果客户端的groups和服务器的groups找到了共同的group那么服务器可以发送HelloRetryRequest
*/
/*
int tls13_process_client_key_share(const int *server_groups, size_t server_groups_cnt,
const uint8_t *client_ext_data, size_t client_ext_datalen,
int *client_group, uint8_t *client_key_exchange, size_t client_key_exchange_len)
{
const uint8_t *client_shares;
size_t client_shares_len;
uint16_t group;
const uint8_t *key_exchange;
size_t key_exchange_len;
if (!server_ecdhe_key || !client_ecdhe_public || !outlen) {
error_print();
return -1;
}
if (tls_uint16array_from_bytes(&client_shares, &client_shares_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
while (client_shares_len) {
if (tls_uint16_from_bytes(&group, &client_shares, &client_shares_len) != 1
|| tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &client_shares, &client_shares_len) != 1) {
error_print();
return -1;
}
if (!tls_named_curve_name(group)) {
error_print();
return -1;
}
if (!key_exchange) {
error_print();
return -1;
}
if (group == TLS_curve_sm2p256v1) {
if (key_exchange_len != 65) {
error_print();
return -1;
}
memset(client_ecdhe_public, 0, sizeof(SM2_KEY));
if (sm2_z256_point_from_octets(&client_ecdhe_public->public_key, key_exchange, key_exchange_len) != 1) {
error_print();
return -1;
}
if (tls13_server_key_share_ext_to_bytes(&server_ecdhe_key->public_key, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
}
error_print();
return -1;
}
*/
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen)
{
uint16_t ext_type;
if (tls_uint16_from_bytes(&ext_type, in, inlen) != 1
|| tls_uint16array_from_bytes(data, datalen, in, inlen) != 1) {
error_print();
return -1;
}
*type = ext_type;
// FIXME: handle unkonwn ext
if (!tls_extension_name(ext_type)) {
warning_print();
//return -1;
}
return 1;
}
int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen)
{
int type;
@@ -766,50 +684,3 @@ int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen,
}
return 1;
}
static int tls13_server_hello_exts[] = {
TLS_extension_key_share,
TLS_extension_pre_shared_key,
TLS_extension_supported_versions,
};
/*
struct {
Extension extensions<0..2^16-1>;
} EncryptedExtensions;
*/
static int tls13_encrypted_extensions_exts[] = {
TLS_extension_server_name,
TLS_extension_max_fragment_length,
TLS_extension_supported_groups, // 必须放在EE中不能放在SH中
TLS_extension_use_srtp,
TLS_extension_heartbeat,
TLS_extension_application_layer_protocol_negotiation,
TLS_extension_client_certificate_type,
TLS_extension_server_certificate_type,
TLS_extension_early_data,
};
static int tls13_certificate_exts[] = {
TLS_extension_status_request,
TLS_extension_signed_certificate_timestamp,
};
static int tls13_certificate_request_exts[] = {
TLS_extension_status_request,
TLS_extension_signature_algorithms,
TLS_extension_signed_certificate_timestamp,
TLS_extension_certificate_authorities,
TLS_extension_oid_filters,
TLS_extension_signature_algorithms_cert,
};
static int tls13_hello_retry_request_exts[] = {
TLS_extension_key_share,
TLS_extension_cookie,
TLS_extension_supported_versions,
};

17
src/tls_trace.c
View File

@@ -259,9 +259,16 @@ const char *tls_alert_description_text(int description)
case TLS_alert_protocol_version: return "protocol_version";
case TLS_alert_insufficient_security: return "insufficient_security";
case TLS_alert_internal_error: return "internal_error";
case TLS_alert_inappropriate_fallback: return "inappropriate_fallback";
case TLS_alert_user_canceled: return "user_canceled";
case TLS_alert_no_renegotiation: return "no_renegotiation";
case TLS_alert_unsupported_extension: return "unsupported_extension";
case TLS_alert_certificate_unobtainable: return "certificate_unobtainable";
case TLS_alert_unrecognized_name: return "unrecognized_name";
case TLS_alert_bad_certificate_status_response: return "bad_certificate_status_response";
case TLS_alert_unknown_psk_identity: return "unknown_psk_identity";
case TLS_alert_certificate_required: return "certificate_required";
case TLS_alert_no_application_protocol: return "no_application_protocol";
case TLS_alert_unsupported_site2site: return "unsupported_site2site";
case TLS_alert_no_area: return "no_area";
case TLS_alert_unsupported_areatype: return "unsupported_areatype";
@@ -318,6 +325,13 @@ const char *tls_named_curve_name(int curve)
case TLS_curve_brainpoolp384r1tls13: return "brainpoolp384r1tls13";
case TLS_curve_brainpoolp512r1tls13: return "brainpoolp512r1tls13";
case TLS_curve_sm2p256v1: return "sm2p256v1";
case TLS_curve_secp256r1mlkem768: return "SecP256r1MLKEM768";
case TLS_curve_x25519mlkem768: return "X25519MLKEM768";
case TLS_curve_secp384r1mlkem1024: return "SecP384r1MLKEM1024";
case TLS_curve_sm22mlkem768: return "curveSM2MLKEM768";
case TLS_curve_ffdhe2048: return "ffdhe2048";
case TLS_curve_ffdhe3072: return "ffdhe3072";
case TLS_curve_ffdhe4096: return "ffdhe4096";
}
return NULL;
}
@@ -362,6 +376,9 @@ const char *tls_signature_scheme_name(int scheme)
case TLS_sig_ecdsa_brainpoolP256r1tls13_sha256: return "ecdsa_brainpoolP256r1tls13_sha256";
case TLS_sig_ecdsa_brainpoolP384r1tls13_sha384: return "ecdsa_brainpoolP384r1tls13_sha384";
case TLS_sig_ecdsa_brainpoolP512r1tls13_sha512: return "ecdsa_brainpoolP512r1tls13_sha512";
case TLS_sig_mldsa44: return "mldsa44";
case TLS_sig_mldsa65: return "mldsa65";
case TLS_sig_mldsa87: return "mldsa87";
}
return NULL;
}

8
tools/tls13_server.c
View File

@@ -151,7 +151,7 @@ static const char *help =
"\n"
" /usr/local/bin/openssl s_server -accept 4430 -cert p256signcert.pem -cert_chain p256cacert.pem -key p256signkey.exp \\\n"
" -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -named_curve prime256v1 \\\n"
" -trace -keylogfile sslkeys.log\n"
" -trace\n"
"\n"
" /usr/local/bin/openssl s_client -connect 127.0.0.1:4430 -tls1_3 -CAfile p256rootcacert.pem -groups prime256v1 -trace\n"
"\n"
@@ -364,18 +364,12 @@ int tls13_server_main(int argc , char **argv)
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
certfile = *(++argv);
error_print();
if (certfiles_cnt >= sizeof(certfiles)/sizeof(certfiles[0])) {
error_print();
return -1;
}
certfiles[certfiles_cnt++] = certfile;
fprintf(stderr, "111certfiles_cnt = %zu\n", certfiles_cnt);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);