From 9cfc64d34b3896b2712e6b4c9b0e814e2bd34607 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 4 Feb 2024 11:40:58 +0800 Subject: [PATCH] Change tls_named_curve_name to tls_curve_name --- include/gmssl/tls.h | 2 +- src/tls12.c | 10 ++-------- src/tls_ext.c | 38 ++++++++++++++++++++++++++++---------- src/tls_trace.c | 13 +++++-------- 4 files changed, 36 insertions(+), 27 deletions(-) diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index 4c694d07..fee27c3b 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -271,7 +271,7 @@ typedef enum { TLS_curve_sm2p256v1 = 41, // GmSSLv2: 30 } TLS_NAMED_CURVE; -const char *tls_named_curve_name(int curve); +const char *tls_curve_name(int curve); typedef enum { diff --git a/src/tls12.c b/src/tls12.c index f9bf6f98..9238df10 100644 --- a/src/tls12.c +++ b/src/tls12.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2024 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -31,12 +31,6 @@ static const int tls12_ciphers[] = { static const size_t tls12_ciphers_count = sizeof(tls12_ciphers)/sizeof(tls12_ciphers[0]); -static const uint8_t tls12_exts[] = { - /* supported_groups */ 0x00,0x0A, 0x00,0x04, 0x00,0x02, 0x00,30,//0x29, // curveSM2 - /* ec_point_formats */ 0x00,0x0B, 0x00,0x02, 0x01, 0x00, // uncompressed - /* signature_algors */ 0x00,0x0D, 0x00,0x04, 0x00,0x02, 0x07,0x07,//0x08, // sm2sig_sm3 -}; - int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent) { @@ -55,7 +49,7 @@ int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t * uint8_t *p = server_ecdh_params + 69; size_t len = 69; - if (!record || !recordlen || !tls_named_curve_name(curve) || !point + if (!record || !recordlen || !tls_curve_name(curve) || !point || !sig || !siglen || siglen > TLS_MAX_SIGNATURE_SIZE) { error_print(); return -1; diff --git a/src/tls_ext.c b/src/tls_ext.c index cfb08c16..408434c4 100644 --- a/src/tls_ext.c +++ b/src/tls_ext.c @@ -30,6 +30,13 @@ ec_point_formats struct { ECPointFormat ec_point_format_list<1..2^8-1> } ECPointFormatList; + +Example: + ext_type: 0x00,0x0B (ec_point_formats) + ext_length: 0x00,0x02 + ec_point_format_list_len: 0x01 + ec_point_format_list: 0x00 (uncompressed) + */ int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt, uint8_t **out, size_t *outlen) @@ -133,6 +140,13 @@ supported_groups struct { NamedGroup named_group_list<2..2^16-1>; } NamedGroupList; + +Example: + 0x00,0x0A, // ext_type = supported_groups + 0x00,0x04, // ext_length + 0x00,0x02, // named_group_list_length + 0x00,0x30, // named_group_list = [ curveSM2 ] + */ int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt, uint8_t **out, size_t *outlen) @@ -162,7 +176,7 @@ int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt, tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen); tls_uint16_to_bytes((uint16_t)named_group_list_len, out, outlen); for (i = 0; i < groups_cnt; i++) { - if (!tls_named_curve_name(groups[i])) { + if (!tls_curve_name(groups[i])) { error_print(); return -1; } @@ -190,7 +204,7 @@ int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_data error_print(); return -1; } - if (!tls_named_curve_name(group)) { + if (!tls_curve_name(group)) { error_print(); return -1; } @@ -243,6 +257,13 @@ signature_algorithms_cert struct { SignatureScheme supported_signature_algorithms<2..2^16-2>; } SignatureSchemeList; + +Example: + 0x00,0x0D, // ext_type = signature_algors + 0x00,0x04, // ext_length + 0x00,0x02, // supported_signature_algorithms_length + 0x07,0x07, // supported_signature_algorithms = [ sm2sig_sm3 ] + */ int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt, uint8_t **out, size_t *outlen) @@ -320,13 +341,10 @@ int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_ error_print(); return -1; } - /* - // GmSSL不识别所有的算法! if (!tls_signature_scheme_name(alg)) { - error_print(); - return -1; + error_print_msg("unknown TLS signature scheme %04x\n", alg); + continue; } - */ if (alg == shared_algs[0]) { shared_algs_cnt = 1; break; @@ -581,7 +599,7 @@ int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, co ind += 4; while (client_shares_len) { if (tls_uint16_from_bytes(&group, &client_shares, &client_shares_len) != 1) goto err; - format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group); + format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_curve_name(group), group); if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &client_shares, &client_shares_len) != 1) goto err; format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len); } @@ -590,7 +608,7 @@ int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, co format_print(fp, fmt, ind, "server_share\n"); ind += 4; if (tls_uint16_from_bytes(&group, &data, &datalen) != 1) goto err; - format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group); + format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_curve_name(group), group); if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &data, &datalen) != 1) goto err; format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len); break; @@ -712,7 +730,7 @@ int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen, error_print(); return -1; } - if (!tls_named_curve_name(group)) { + if (!tls_curve_name(group)) { error_print(); return -1; } diff --git a/src/tls_trace.c b/src/tls_trace.c index c0012cc2..372d2237 100644 --- a/src/tls_trace.c +++ b/src/tls_trace.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2024 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -11,7 +11,6 @@ #include #include #include -//#include #include #include #include @@ -271,9 +270,7 @@ const char *tls_curve_type_name(int type) return NULL; } - -// FIXME: 是否应该将函数名改为 tls_curve_name() 这样和 TLS_curve_xxx 保持一致 -const char *tls_named_curve_name(int curve) +const char *tls_curve_name(int curve) { switch (curve) { case TLS_curve_secp256k1: return "secp256k1"; @@ -382,7 +379,7 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen, uint16_t curve; tls_uint16_from_bytes(&curve, &p, &len); format_print(fp, format, indent, "%s (%d)\n", - tls_named_curve_name(curve), curve); + tls_curve_name(curve), curve); } break; case TLS_extension_ec_point_formats: @@ -428,7 +425,7 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen, error_print(); return -1; } - format_print(fp, format, indent, "group: %s (%d)\n", tls_named_curve_name(group), group); + format_print(fp, format, indent, "group: %s (%d)\n", tls_curve_name(group), group); format_bytes(fp, format, indent, "key_exchange", key_exch, key_exch_len); } break; @@ -669,7 +666,7 @@ int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t da return -1; } format_print(fp, format, indent + 8, "named_curve: %s (%d)\n", - tls_named_curve_name(curve), curve); + tls_curve_name(curve), curve); if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) { error_print(); return -1;