abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-25 22:53:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

TLS 1.3 server auth only

Browse Source
This commit is contained in:
Zhi Guan
2022-07-20 16:42:32 +08:00
parent 48e0178837
commit 89f57327aa
25 changed files with 5208 additions and 1102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2573
src/bak_tls13.c Normal file
View File

File diff suppressed because it is too large Load Diff

28
src/gcm.c
View File

@@ -122,14 +122,17 @@ int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
uint8_t *out, size_t taglen, uint8_t *tag)
{
if (key->cipher == BLOCK_CIPHER_sm4()) {
sm4_gcm_encrypt(&(key->u.sm4_key), iv, ivlen, aad, aadlen, in, inlen, out, taglen, tag);
return 1;
if (sm4_gcm_encrypt(&(key->u.sm4_key), iv, ivlen, aad, aadlen, in, inlen, out, taglen, tag) != 1) {
error_print();
return -1;
}
} else if (key->cipher == BLOCK_CIPHER_aes128()) {
aes_gcm_encrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, out, taglen, tag);
return 1;
if (aes_gcm_encrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, out, taglen, tag) != 1) {
error_print();
return -1;
}
}
error_print();
return -1;
return 1;
}
int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
@@ -137,10 +140,15 @@ int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *tag, size_t taglen, uint8_t *out)
{
if (key->cipher == BLOCK_CIPHER_sm4()) {
sm4_gcm_decrypt(&(key->u.sm4_key), iv, ivlen, aad, aadlen, in, inlen, tag, taglen, out);
if (sm4_gcm_decrypt(&(key->u.sm4_key), iv, ivlen, aad, aadlen, in, inlen, tag, taglen, out) != 1) {
error_print();
return -1;
}
} else if (key->cipher == BLOCK_CIPHER_aes128()) {
aes_gcm_decrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, tag, taglen, out);
if (aes_gcm_decrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, tag, taglen, out) != 1) {
error_print();
return -1;
}
}
error_print();
return -1;
return 1;
}

99
src/gf128.c
View File

@@ -58,6 +58,7 @@
#include <gmssl/hex.h>
#include <gmssl/gf128.h>
#include <gmssl/endian.h>
#include <gmssl/error.h>
gf128_t gf128_zero(void)
@@ -84,7 +85,6 @@ int gf128_equ_hex(gf128_t a, const char *s)
return memcmp(bin1, bin2, sizeof(bin1)) == 0;
}
// FIXME: 这个函数不支持struct
void gf128_print_bits(gf128_t a)
{
int i;
@@ -104,27 +104,47 @@ int gf128_print(FILE *fp, int fmt, int ind, const char *label, gf128_t a)
uint8_t be[16];
int i;
printf("%s", label);
printf("%s: ", label);
gf128_to_bytes(a, be);
for (i = 0; i < 16; i++) {
printf("%02X", be[i]);
printf("%02x", be[i]);
}
printf("\n");
return 1;
}
static uint64_t reverse_bits(uint64_t a)
{
uint64_t r = 0;
int i;
for (i = 0; i < 63; i++) {
r |= a & 1;
r <<= 1;
a >>= 1;
}
r |= a & 1;
return r;
}
gf128_t gf128_from_bytes(const uint8_t p[16])
{
gf128_t r;
r.hi = GETU64(p);
r.lo = GETU64(p + 8);
r.lo = GETU64(p);
r.hi = GETU64(p + 8);
r.lo = reverse_bits(r.lo);
r.hi = reverse_bits(r.hi);
return r;
}
void gf128_to_bytes(gf128_t a, uint8_t p[16])
{
PUTU64(p, a.hi);
PUTU64(p + 8, a.lo);
a.lo = reverse_bits(a.lo);
a.hi = reverse_bits(a.hi);
PUTU64(p, a.lo);
PUTU64(p + 8, a.hi);
}
gf128_t gf128_add(gf128_t a, gf128_t b)
@@ -193,68 +213,3 @@ gf128_t gf128_mul2(gf128_t a)
return r;
}
/*
gf128_t gf128_mul(gf128_t a, gf128_t b)
{
const gf128_t mask = (gf128_t)1 << 127;
gf128_t r = 0;
int i;
for (i = 0; i < 128; i++) {
// r = r * 2
if (r & mask)
r = (r << 1) ^ 0x87;
else r <<= 1;
// if b[127-i] == 1, r = r + a
if (b & mask)
r ^= a;
b <<= 1;
}
return r;
}
gf128_t gf128_add(gf128_t a, gf128_t b)
{
return a ^ b;
}
gf128_t gf128_mul2(gf128_t a)
{
if (a & ((gf128_t)1 << 127))
return (a << 1) ^ 0x87;
else return (a << 1);
}
gf128_t gf128_reverse(gf128_t a)
{
gf128_t r = 0;
int i;
for (i = 0; i < 128; i++) {
r = (r << 1) | (a & 1);
a >>= 1;
}
return r;
}
gf128_t gf128_from_bytes(const uint8_t p[16])
{
uint64_t hi = GETU64(p);
uint64_t lo = GETU64(p + 8);
gf128_t r = (gf128_t)hi << 64 | lo;
r = gf128_reverse(r);
return r;
}
void gf128_to_bytes(gf128_t a, uint8_t p[16])
{
a = gf128_reverse(a);
uint64_t hi = a >> 64;
uint64_t lo = a;
PUTU64(p, hi);
PUTU64(p + 8, lo);
}
*/

124
src/gf128_gcc.c Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (c) 2014 - 2020 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
* A + B mod f(x) = a xor b
* A * 2 mod f(x)
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/hex.h>
#include <gmssl/gf128.h>
#include <gmssl/endian.h>
gf128_t gf128_mul(gf128_t a, gf128_t b)
{
const gf128_t mask = (gf128_t)1 << 127;
gf128_t r = 0;
int i;
for (i = 0; i < 128; i++) {
// r = r * 2
if (r & mask)
r = (r << 1) ^ 0x87;
else r <<= 1;
// if b[127-i] == 1, r = r + a
if (b & mask)
r ^= a;
b <<= 1;
}
return r;
}
gf128_t gf128_add(gf128_t a, gf128_t b)
{
return a ^ b;
}
gf128_t gf128_mul2(gf128_t a)
{
if (a & ((gf128_t)1 << 127))
return (a << 1) ^ 0x87;
else return (a << 1);
}
gf128_t gf128_reverse(gf128_t a)
{
gf128_t r = 0;
int i;
for (i = 0; i < 128; i++) {
r = (r << 1) | (a & 1);
a >>= 1;
}
return r;
}
gf128_t gf128_from_bytes(const uint8_t p[16])
{
uint64_t hi = GETU64(p);
uint64_t lo = GETU64(p + 8);
gf128_t r = (gf128_t)hi << 64 | lo;
r = gf128_reverse(r);
return r;
}
void gf128_to_bytes(gf128_t a, uint8_t p[16])
{
a = gf128_reverse(a);
uint64_t hi = a >> 64;
uint64_t lo = a;
PUTU64(p, hi);
PUTU64(p + 8, lo);
}

4
src/sm2_lib.c
View File

@@ -69,6 +69,8 @@ int sm2_do_sign_ex(const SM2_KEY *key, int fixed_outlen, const uint8_t dgst[32],
SM2_BN r;
SM2_BN s;
format_bytes(stderr, 0, 0, "sm2_do_sign_ex dgst", dgst, 32);
retry:
sm2_bn_from_bytes(d, key->private_key);
@@ -143,6 +145,8 @@ int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATUR
SM2_BN x;
SM2_BN t;
format_bytes(stderr, 0, 0, "sm2_do_verify dgst", dgst, 32);
// parse signature values
sm2_bn_from_bytes(r, sig->r); //print_bn("r", r);
sm2_bn_from_bytes(s, sig->s); //print_bn("s", s);

10
src/tls.c
View File

@@ -118,6 +118,13 @@ void tls_array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size
*outlen += datalen;
}
/*
这几个函数要区分data = NULL, datalen = 0 和 data = NULL, datalen != 0的情况
前者意味着数据为空,因此输出的就是一个长度
后者意味着数据不为空,只是我们不想输出数据,只输出头部的长度,并且更新整个的输出长度。 这种情况应该避免!
*/
void tls_uint8array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen)
{
tls_uint8_to_bytes((uint8_t)datalen, out, outlen);
@@ -637,7 +644,6 @@ int tls_record_set_handshake(uint8_t *record, size_t *recordlen,
error_print();
return -1;
}
if (!tls_protocol_name(tls_record_protocol(record))) {
error_print();
return -1;
@@ -2310,11 +2316,9 @@ int tls_do_handshake(TLS_CONNECT *conn)
case TLS_protocol_tls12:
if (conn->is_client) return tls12_do_connect(conn);
else return tls12_do_accept(conn);
/*
case TLS_protocol_tls13:
if (conn->is_client) return tls13_do_connect(conn);
else return tls13_do_accept(conn);
*/
}
error_print();
return -1;

30
src/tls12.c
View File

@@ -203,6 +203,27 @@ int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM
return 1;
}
/*
Client Server
ClientHello -------->
ServerHello
Certificate
ServerKeyExchange
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
*/
int tls12_do_connect(TLS_CONNECT *conn)
{
int ret = -1;
@@ -275,9 +296,14 @@ int tls12_do_connect(TLS_CONNECT *conn)
size_t signature_algors_cnt = 1;
client_exts_len = 0;
/*
tls_exts_add_ec_point_formats(client_exts, &client_exts_len, sizeof(client_exts), ec_point_formats, ec_point_formats_cnt);
tls_exts_add_supported_groups(client_exts, &client_exts_len, sizeof(client_exts), supported_groups, supported_groups_cnt);
tls_exts_add_signature_algors(client_exts, &client_exts_len, sizeof(client_exts), signature_algors, signature_algors_cnt);
*/
if (tls_record_set_handshake_client_hello(record, &recordlen,
conn->protocol, client_random, NULL, 0,
@@ -332,7 +358,7 @@ int tls12_do_connect(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_unexpected_message);
goto end;
}
if (tls_process_server_exts(server_exts, server_exts_len, &ec_point_format, &supported_group, &signature_algor) != 1
if (tls_process_server_hello_exts(server_exts, server_exts_len, &ec_point_format, &supported_group, &signature_algor) != 1
|| ec_point_format < 0
|| supported_group < 0
|| signature_algor < 0) {
@@ -780,7 +806,7 @@ int tls12_do_accept(TLS_CONNECT *conn)
server_exts_len = 0;
curve = TLS_curve_sm2p256v1;
tls_process_client_exts(client_exts, client_exts_len, server_exts, &server_exts_len, sizeof(server_exts));
tls_process_client_hello_exts(client_exts, client_exts_len, server_exts, &server_exts_len, sizeof(server_exts));

1364
src/tls13.c
View File

File diff suppressed because it is too large Load Diff

874
src/tls_ext.c
View File

File diff suppressed because it is too large Load Diff

266
src/tls_trace.c
View File

@@ -86,19 +86,27 @@ const char *tls_protocol_name(int protocol)
const char *tls_cipher_suite_name(int cipher)
{
switch (cipher) {
case TLS_cipher_ecdhe_sm4_cbc_sm3: return "ECDHE_SM4_CBC_SM3";
case TLS_cipher_ecdhe_sm4_gcm_sm3: return "ECDHE_SM4_GCM_SM3";
case TLS_cipher_ecc_sm4_cbc_sm3: return "ECC_SM4_CBC_SM3";
case TLS_cipher_ecc_sm4_gcm_sm3: return "ECC_SM4_GCM_SM3";
case TLS_cipher_ibsdh_sm4_cbc_sm3: return "IBSDH_SM4_CBC_SM3";
case TLS_cipher_ibsdh_sm4_gcm_sm3: return "IBSDH_SM4_GCM_SM3";
case TLS_cipher_ibc_sm4_cbc_sm3: return "IBC_SM4_CBC_SM3";
case TLS_cipher_ibc_sm4_gcm_sm3: return "IBC_SM4_GCM_SM3";
case TLS_cipher_rsa_sm4_cbc_sm3: return "RSA_SM4_CBC_SM3";
case TLS_cipher_rsa_sm4_gcm_sm3: return "RSA_SM4_GCM_SM3";
case TLS_cipher_rsa_sm4_cbc_sha256: return "RSA_SM4_CBC_SHA256";
case TLS_cipher_rsa_sm4_gcm_sha256: return "RSA_SM4_GCM_SHA256";
case TLS_cipher_empty_renegotiation_info_scsv: return "EMPTY_RENEGOTIATION_INFO_SCSV";
case TLS_cipher_null_with_null_null: return "TLS_NULL_WITH_NULL_NULL";
case TLS_cipher_sm4_gcm_sm3: return "TLS_SM4_GCM_SM3";
case TLS_cipher_sm4_ccm_sm3: return "TLS_SM4_CCM_SM3";
case TLS_cipher_ecdhe_sm4_cbc_sm3: return "TLS_ECDHE_SM4_CBC_SM3";
case TLS_cipher_ecdhe_sm4_gcm_sm3: return "TLS_ECDHE_SM4_GCM_SM3";
case TLS_cipher_ecc_sm4_cbc_sm3: return "TLS_ECC_SM4_CBC_SM3";
case TLS_cipher_ecc_sm4_gcm_sm3: return "TLS_ECC_SM4_GCM_SM3";
case TLS_cipher_ibsdh_sm4_cbc_sm3: return "TLS_IBSDH_SM4_CBC_SM3";
case TLS_cipher_ibsdh_sm4_gcm_sm3: return "TLS_IBSDH_SM4_GCM_SM3";
case TLS_cipher_ibc_sm4_cbc_sm3: return "TLS_IBC_SM4_CBC_SM3";
case TLS_cipher_ibc_sm4_gcm_sm3: return "TLS_IBC_SM4_GCM_SM3";
case TLS_cipher_rsa_sm4_cbc_sm3: return "TLS_RSA_SM4_CBC_SM3";
case TLS_cipher_rsa_sm4_gcm_sm3: return "TLS_RSA_SM4_GCM_SM3";
case TLS_cipher_rsa_sm4_cbc_sha256: return "TLS_RSA_SM4_CBC_SHA256";
case TLS_cipher_rsa_sm4_gcm_sha256: return "TLS_RSA_SM4_GCM_SHA256";
case TLS_cipher_aes_128_gcm_sha256: return "TLS_AES_128_GCM_SHA256";
case TLS_cipher_aes_256_gcm_sha384: return "TLS_AES_256_GCM_SHA384";
case TLS_cipher_chacha20_poly1305_sha256: return "TLS_CHACHA20_POLY1305_SHA256";
case TLS_cipher_aes_128_ccm_sha256: return "TLS_AES_128_CCM_SHA256";
case TLS_cipher_aes_128_ccm_8_sha256: return "TLS_AES_128_CCM_8_SHA256";
case TLS_cipher_empty_renegotiation_info_scsv: return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
}
return NULL;
}
@@ -156,7 +164,7 @@ const char *tls_extension_name(int ext)
case TLS_extension_supported_ekt_ciphers: return "supported_ekt_ciphers";
case TLS_extension_pre_shared_key: return "pre_shared_key";
case TLS_extension_early_data: return "early_data";
case TLS_extension_supported_protocols: return "supported_protocols";
case TLS_extension_supported_versions: return "supported_versions";
case TLS_extension_cookie: return "cookie";
case TLS_extension_psk_key_exchange_modes: return "psk_key_exchange_modes";
case TLS_extension_certificate_authorities: return "certificate_authorities";
@@ -201,13 +209,25 @@ const char *tls_handshake_type_name(int type)
case TLS_handshake_hello_request: return "HelloRequest";
case TLS_handshake_client_hello: return "ClientHello";
case TLS_handshake_server_hello: return "ServerHello";
case TLS_handshake_hello_verify_request: return "HelloVerifyRequest";
case TLS_handshake_new_session_ticket: return "NewSessionTicket";
case TLS_handshake_end_of_early_data: return "EndOfEarlyData";
case TLS_handshake_hello_retry_request: return "HelloRetryRequest";
case TLS_handshake_encrypted_extensions: return "EncryptedExtensions";
case TLS_handshake_certificate: return "Certificate";
case TLS_handshake_server_key_exchange: return "ServerKeyExchange";
case TLS_handshake_certificate_request: return "CertificateRequest";
case TLS_handshake_server_hello_done: return "ServerHelloDone";
case TLS_handshake_certificate_verify: return "CertificateRequest";
case TLS_handshake_certificate_verify: return "CertificateVerify";
case TLS_handshake_client_key_exchange: return "ClientKeyExchange";
case TLS_handshake_finished: return "Finished";
case TLS_handshake_certificate_url: return "CertificateUrl";
case TLS_handshake_certificate_status: return "CertificateStatus";
case TLS_handshake_supplemental_data: return "SupplementalData";
case TLS_handshake_key_update: return "KeyUpdate";
case TLS_handshake_compressed_certificate: return "CompressedCertificate";
case TLS_handshake_ekt_key: return "EktKey";
case TLS_handshake_message_hash: return "MessageHash";
}
return NULL;
}
@@ -366,6 +386,7 @@ int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], i
return 1;
}
// supported_versions 的格式还受到 handshake_type 影响
int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen, int format, int indent)
{
const uint8_t *p;
@@ -375,6 +396,20 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
indent += 4;
switch (type) {
case TLS_extension_supported_versions:
if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
|| tls_length_is_zero(datalen) != 1
|| len % 2) {
error_print();
return -1;
}
while (len) {
uint16_t proto;
tls_uint16_from_bytes(&proto, &p, &len);
format_print(fp, format, indent, "%s (0x%04x)\n",
tls_protocol_name(proto), proto);
}
break;
case TLS_extension_supported_groups:
if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
|| datalen
@@ -443,6 +478,56 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
return 1;
}
int tls13_extension_print(FILE *fp, int fmt, int ind,
int handshake_type, int ext_type, const uint8_t *ext_data, size_t ext_datalen)
{
switch (ext_type) {
case TLS_extension_supported_groups:
case TLS_extension_ec_point_formats:
case TLS_extension_signature_algorithms:
return tls_extension_print(fp, ext_type, ext_data, ext_datalen, fmt, ind);
}
format_print(fp, fmt, ind, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
ind += 4;
switch (ext_type) {
case TLS_extension_supported_versions:
tls13_supported_versions_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
break;
case TLS_extension_key_share:
tls13_key_share_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
break;
default:
error_print();
return -1;
}
return 1;
}
int tls13_extensions_print(FILE *fp, int fmt, int ind,
int handshake_type, const uint8_t *exts, size_t extslen)
{
uint16_t ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
format_print(fp, fmt, ind, "Extensions\n");
ind += 4;
while (extslen > 0) {
if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
|| tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
error_print();
return -1;
}
if (tls13_extension_print(fp, fmt, ind, handshake_type, ext_type, ext_data, ext_datalen) != 1) {
error_print();
return -1;
}
}
return 1;
}
int tls_extensions_print(FILE *fp, const uint8_t *exts, size_t extslen, int format, int indent)
{
uint16_t ext_type;
@@ -516,7 +601,8 @@ int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
}
if (datalen > 0) {
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto end;
tls_extensions_print(fp, exts, exts_len, format, indent);
//tls_extensions_print(fp, exts, exts_len, format, indent);
tls13_extensions_print(fp, format, indent, TLS_handshake_client_hello, exts, exts_len);
}
if (datalen > 0) {
error_print();
@@ -556,7 +642,8 @@ int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
if (datalen > 0) {
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto bad;
//format_bytes(fp, format, indent, "Extensions : ", exts, exts_len); // FIXME: extensions_print
tls_extensions_print(fp, exts, exts_len, format, indent);
//tls_extensions_print(fp, exts, exts_len, format, indent);
tls13_extensions_print(fp, format, indent, TLS_handshake_server_hello, exts, exts_len);
}
return 1;
bad:
@@ -572,8 +659,7 @@ int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int for
const uint8_t *der;
size_t derlen;
if (tls_uint24array_from_bytes(&certs, &certslen, &data, &datalen) != 1
|| datalen > 0) {
if (tls_uint24array_from_bytes(&certs, &certslen, &data, &datalen) != 1) {
error_print();
return -1;
}
@@ -585,6 +671,11 @@ int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int for
(void)x509_cert_print(fp, format, indent, "Certificate", der, derlen);
(void)x509_cert_to_pem(der, derlen, fp);
}
if (datalen) {
error_print();
return -1;
}
return 1;
}
@@ -794,17 +885,41 @@ int tls_finished_print(FILE *fp, const uint8_t *data, size_t datalen, int format
return 1;
}
int tls13_handshake_print(FILE *fp, int fmt, int ind, const uint8_t *handshake, size_t handshake_len)
{
const uint8_t *p = handshake;
size_t len = handshake_len;
uint8_t type;
const uint8_t *data;
size_t datalen;
if (tls_uint8_from_bytes(&type, &handshake, &handshake_len) != 1
|| tls_uint24array_from_bytes(&data, &datalen, &handshake, &handshake_len) != 1
|| tls_length_is_zero(handshake_len) != 1) {
error_print();
return -1;
}
switch (type) {
case TLS_handshake_certificate:
return tls13_certificate_print(fp, fmt, ind, data, datalen);
}
return tls_handshake_print(fp, p, len, fmt, ind);
}
// 这个是有问题的因为TLS 1.3的证书和TLS 1.2是不一样的
int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent)
{
const uint8_t *cp = handshake;
int type;
uint8_t type;
const uint8_t *data;
size_t datalen = 0;
format_print(fp, format, indent, "Handshake\n");
indent += 4;
if (tls_uint8_from_bytes((uint8_t *)&type, &cp, &handshakelen) != 1) {
if (tls_uint8_from_bytes(&type, &cp, &handshakelen) != 1) {
error_print();
return -1;
}
@@ -829,6 +944,10 @@ int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen,
case TLS_handshake_server_hello:
if (tls_server_hello_print(fp, data, datalen, format, indent) != 1)
{ error_print(); return -1; } break;
case TLS_handshake_encrypted_extensions:
tls13_encrypted_extensions_print(fp, format, indent, data, datalen);
break;
case TLS_handshake_certificate:
if (tls_certificate_print(fp, data, datalen, format, indent) != 1)
{ error_print(); return -1; } break;
@@ -888,9 +1007,86 @@ int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, in
return 1;
}
int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen)
{
const uint8_t *data;
size_t datalen;
int protocol;
format |= TLS_cipher_sm4_gcm_sm3 << 8;
if (!fp || !record || recordlen < 5) {
error_print();
return -1;
}
protocol = tls_record_protocol(record);
format_print(fp, format, indent, "Record\n"); indent += 4;
format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
format_print(fp, format, indent, "Version: %s (%d.%d)\n", tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
data = tls_record_data(record);
datalen = tls_record_data_length(record);
if (recordlen < tls_record_length(record)) {
error_print();
return -1;
}
// 最高字节设置后强制打印记录原始数据
if (format >> 24) {
format_bytes(fp, format, indent, "Data", data, datalen);
fprintf(fp, "\n");
return 1;
}
switch (record[0]) {
case TLS_record_handshake:
tls13_handshake_print(fp, format, indent, data, datalen);
break;
case TLS_record_alert:
if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
case TLS_record_change_cipher_spec:
if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
case TLS_record_application_data:
if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
recordlen -= tls_record_length(record);
if (recordlen) {
format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen);
}
fprintf(fp, "\n");
return 1;
}
// 仅从record数据是不能判断这个record是TLS 1.2还是TLS 1.3
// 不同协议上,同名的握手消息,其格式也是不一样的。这真是太恶心了!!!!
// 当消息为ClientKeyExchange,ServerKeyExchange需要密码套件中的密钥交换算法信息
// 当消息为加密的Finished记录类型为Handshake但是记录负载数据中没有Handshake头
// 注意这里的recordlen 是冗余的要容忍recordlen的错误
//
// supported_versions 的格式由handshake_type 是否为ClientHello, ServerHello 决定
// record中是包含这个信息的但是在exts中没有这个信息
int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent)
{
const uint8_t *data;
@@ -959,6 +1155,34 @@ int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int for
fprintf(fp, "\n");
return 1;
}
int tls_secrets_print(FILE *fp,

50
src/x509_cer.c
View File

@@ -1507,6 +1507,43 @@ int x509_certs_get_cert_by_issuer_and_serial_number(
return 0;
}
int x509_cert_check(const uint8_t *cert, size_t certlen)
{
time_t not_before;
time_t not_after;
time_t now;
x509_cert_get_details(cert, certlen,
NULL, // version
NULL, NULL, // serial
NULL, // signature_algor
NULL, NULL, // issuer
&not_before, &not_after, // validity
NULL, NULL, // subject
NULL, // subject_public_key
NULL, NULL, // issuer_unique_id
NULL, NULL, // subject_unique_id
NULL, NULL, // extensions
NULL, // signature_algor
NULL, NULL); // signature
// not_before < now < not_after
time(&now);
if (not_before >= not_after) {
error_print();
return -1;
}
if (now < not_before) {
error_print();
return X509_verify_err_cert_not_yet_valid;
}
if (not_after < now) {
error_print();
return X509_verify_err_cert_has_expired;
}
return 1;
}
int x509_certs_verify(const uint8_t *certs, size_t certslen,
const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result)
@@ -1517,7 +1554,6 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen,
size_t cacertlen;
const uint8_t *name;
size_t namelen;
*verify_result = -1;
if (x509_cert_from_der(&cert, &certlen, &certs, &certslen) != 1) {
@@ -1525,6 +1561,11 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen,
return -1;
}
while (certslen) {
if ((*verify_result = x509_cert_check(cert, certlen)) < 0) {
error_print();
return -1;
}
if (x509_cert_from_der(&cacert, &cacertlen, &certs, &certslen) != 1) {
error_print();
return -1;
@@ -1582,6 +1623,10 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen,
// 要检查这两个证书的类型是否分别为签名和加密证书
// FIXME: 检查depth
while (certslen) {
if ((*verify_result = x509_cert_check(cert, certlen)) < 0) {
error_print();
return -1;
}
if (x509_cert_from_der(&cacert, &cacertlen, &certs, &certslen) != 1) {
error_print();
return -1;
@@ -1702,6 +1747,3 @@ end:
if (buf) free(buf);
return ret;
}