abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLS 1.3 state machine

Browse Source
This commit is contained in:
Zhi Guan
2026-03-17 16:51:12 +08:00
parent 3322a5fc7b
commit ead4caecb7
10 changed files with 5543 additions and 1847 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
include/gmssl/tls.h
View File

@@ -107,6 +107,9 @@ int tls_cipher_suites_select(const uint8_t *client_ciphers, size_t client_cipher
int tls_cipher_suite_in_list(int cipher, const int *list, size_t list_count);
int tls_cipher_suite_support_protocol(int cipher, int protocol);
int tls_type_is_in_list(int cipher, const int *list, size_t list_count);
typedef enum {
TLS_compression_null = 0,
TLS_compression_default = 1,
@@ -274,7 +277,7 @@ typedef enum {
const char *tls_named_curve_name(int named_curve);
int tls_named_curve_oid(int named_curve);
int tls_named_curve_from_oid(int oid);
typedef enum {
TLS_sig_rsa_pkcs1_sha1 = 0x0201,
@@ -288,7 +291,7 @@ typedef enum {
TLS_sig_rsa_pkcs1_sha512 = 0x0601,
TLS_sig_ecdsa_secp521r1_sha512 = 0x0603,
TLS_sig_rsa_pkcs1_sha512_legacy = 0x0620,
TLS_sig_sm2sig_sm3 = 0x0708, // GmSSLv2: 0x0707
TLS_sig_sm2sig_sm3 = 0x0708,
TLS_sig_rsa_pss_rsae_sha256 = 0x0804,
TLS_sig_rsa_pss_rsae_sha384 = 0x0805,
TLS_sig_rsa_pss_rsae_sha512 = 0x0806,
@@ -303,7 +306,7 @@ typedef enum {
} TLS_SIGNATURE_SCHEME;
const char *tls_signature_scheme_name(int scheme);
int tls_signature_scheme_match_cipher_suite(int sig_alg, int cipher_suite);
int tls_signature_scheme_match_cipher_suite(int sig_alg, int cipher_suite);
typedef enum {
@@ -345,6 +348,7 @@ typedef enum {
TLS_alert_internal_error = 80,
TLS_alert_user_canceled = 90,
TLS_alert_no_renegotiation = 100,
TLS_alert_missing_extension = 109, // 查以下RFC
TLS_alert_unsupported_extension = 110,
TLS_alert_unsupported_site2site = 200,
TLS_alert_no_area = 201,
@@ -442,6 +446,8 @@ typedef struct {
//#define tls_handshake_data_length(p)
int tls_record_set_handshake_header(uint8_t *record, size_t *recordlen,
int type, int length);
int tls_record_set_handshake(uint8_t *record, size_t *recordlen,
int type, const uint8_t *data, size_t datalen);
int tls_record_get_handshake(const uint8_t *record,
@@ -483,22 +489,33 @@ int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_data
uint8_t **out, size_t *outlen);
int tls_process_server_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen);
int tls_supported_groups_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt,
uint8_t **out, size_t *outlen);
int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen);
int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_datalen);
int tls_process_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
const int *local_groups, size_t local_groups_cnt,
int *common_groups, size_t *common_groups_cnt, size_t max_cnt);
// 这里有个问题,为什么这里面我们都不给出名字呢?
int tls_signature_algorithms_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt,
uint8_t **out, size_t *outlen);
int tls_signature_algorithms_ext_to_bytes(const int *algs, size_t algs_cnt,
uint8_t **out, size_t *outlen);
int tls13_signature_algorithms_cert_ext_to_bytes(const int *algs, size_t algs_cnt,
uint8_t **out, size_t *outlen);
int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen);
int tls_process_server_signature_algors(const uint8_t *ext_data, size_t ext_datalen);
int tls_process_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen,
const int *local_sig_algs, size_t local_sig_algs_cnt,
int *common_sig_algs, size_t *common_sig_algs_cnt, size_t max_cnt);
/*
int tls13_supported_versions_ext_to_bytes(int handshake_type, const int *protos, size_t protos_cnt,
uint8_t **out, size_t *outlen);
int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen,
@@ -517,6 +534,7 @@ int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen,
int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len,
uint8_t **out, size_t *outlen);
*/
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen);
int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen);
@@ -694,19 +712,45 @@ enum {
typedef struct {
int protocol;
int is_client;
int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT];
size_t cipher_suites_cnt;
uint8_t *cacerts;
size_t cacertslen;
uint8_t *certs;
size_t certslen;
// extensions
int supported_versions[4];
size_t supported_versions_cnt;
int supported_groups[32];
size_t supported_groups_cnt;
int signature_algorithms[2];
size_t signature_algorithms_cnt;
int protocols[4];
size_t protocols_cnt;
X509_KEY signkey;
X509_KEY kenckey;
int verify_depth;
// 这个应该是和服务器证书相关的
const uint8_t *certificate_status;
size_t certificate_status_len;
const uint8_t *signed_certificate_timestamp;
size_t signed_certificate_timestamp_len;
int quiet;
} TLS_CTX;
@@ -744,6 +788,7 @@ enum {
TLS_state_handshake_init = 0,
TLS_state_client_hello,
TLS_state_server_hello,
TLS_state_encrypted_extensions,
TLS_state_server_certificate,
TLS_state_server_key_exchange,
TLS_state_certificate_request,
@@ -751,6 +796,7 @@ enum {
TLS_state_client_certificate,
TLS_state_client_key_exchange,
TLS_state_certificate_verify,
TLS_state_client_certificate_verify,
TLS_state_generate_keys,
TLS_state_client_change_cipher_spec,
TLS_state_client_finished,
@@ -785,7 +831,8 @@ typedef struct {
int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT];
size_t cipher_suites_cnt;
int cipher_suite;
const DIGEST *digest;
const BLOCK_CIPHER *cipher;
tls_socket_t sock;
@@ -796,10 +843,14 @@ typedef struct {
uint8_t record[TLS_MAX_RECORD_SIZE];
size_t record_offset; // offset of processed record
size_t recordlen;
uint8_t plain_record[TLS_MAX_RECORD_SIZE];
size_t plain_recordlen;
int record_state;
size_t recordlen;
uint8_t databuf[TLS_MAX_RECORD_SIZE];
uint8_t *data;
@@ -819,9 +870,9 @@ typedef struct {
X509_KEY server_enc_key;
int verify_result;
uint8_t pre_master_secret[48]; // 是否可以重用master_secret作为pre_master_secret呢
uint8_t master_secret[48];
uint8_t key_block[96];
SM3_HMAC_CTX client_write_mac_ctx;
SM3_HMAC_CTX server_write_mac_ctx;
@@ -840,7 +891,14 @@ typedef struct {
// handshake state for state machine
int state;
SM3_CTX sm3_ctx;
DIGEST_CTX dgst_ctx;
SM2_SIGN_CTX sign_ctx;
TLS_CLIENT_VERIFY_CTX client_verify_ctx;
uint8_t client_random[32];
@@ -861,14 +919,45 @@ typedef struct {
uint16_t ecdh_named_curve;
X509_KEY ecdh_keys[2];
size_t ecdh_keys_cnt;
X509_KEY ecdh_key;
int peer_group;
uint8_t peer_ecdh_point[65];
size_t peer_ecdh_point_len;
// tls13 需要提前生成每一种曲线的密钥
SM2_KEY sm2_ecdhe;
SECP256R1_KEY p256_ecdhe;
uint8_t peer_sm2_ecdhe[65];
uint8_t peer_p256_ecdhe[65];
int client_certificate_verify; // 是否验证客户端证书
int verify_depth; // 这个可能没有被设置
const TLS_CTX *ctx;
uint8_t pre_master_secret[48]; // 是否可以重用master_secret作为pre_master_secret呢
uint8_t master_secret[48];
uint8_t key_block[96];
uint8_t early_secret[32];
uint8_t handshake_secret[32];
uint8_t client_handshake_traffic_secret[32];
uint8_t server_handshake_traffic_secret[32];
uint8_t client_application_traffic_secret[32];
uint8_t server_application_traffic_secret[32];
int hello_retry_request;
int key_exchange_group;
} TLS_CONNECT;
@@ -876,6 +965,9 @@ typedef struct {
int tls_send_record(TLS_CONNECT *conn);
int tls_recv_record(TLS_CONNECT *conn);
int tls_send_client_hello(TLS_CONNECT *conn);
int tls_recv_client_hello(TLS_CONNECT *conn);
@@ -1000,13 +1092,43 @@ int tls_encrypted_record_print(FILE *fp, const uint8_t *record, size_t recordle
// supported_groups
int tls13_client_supported_versions_ext_to_bytes(const int *versions, size_t versions_cnt,
uint8_t **out, size_t *outlen);
int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen,
const int *server_versions, size_t server_versions_cnt,
int *common_versions, size_t *common_versions_cnt, size_t max_cnt);
int tls13_client_supported_versions_print(FILE *fp, int fmt, int ind,
const uint8_t *ext_data, size_t ext_datalen);
int tls13_server_supported_versions_ext_to_bytes(int selected_version, uint8_t **out, size_t *outlen);
int tls13_server_supported_versions_from_bytes(int *selected_version, const uint8_t *ext_data, size_t ext_datalen);
int tls13_process_server_supported_versions(const int *client_versions, size_t client_versions_cnt,
const uint8_t *server_ext_data, size_t server_ext_datalen,
int *selected_version);
int tls13_server_supported_versions_print(FILE *fp, int fmt, int ind,
const uint8_t *ext_data, size_t ext_datalen);
// key_share
int tls13_key_share_entry_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen);
int tls13_key_share_entry_from_bytes(int *group, const uint8_t **key_exchange, size_t *key_exchange_len,
const uint8_t **in, size_t *inlen);
int tls13_key_share_client_hello_ext_to_bytes(const X509_KEY *keys, size_t keys_cnt, uint8_t **out, size_t *outlen);
int tls13_process_key_share_client_hello(const uint8_t *ext_data, size_t ext_datalen,
const int *common_groups, size_t common_groups_cnt,
int *group, const uint8_t **key_exchange, size_t *key_exchange_len);
int tls13_key_share_client_hello_print(FILE *fp, int fmt, int ind,
const uint8_t *data, size_t datalen);
int tls13_key_share_server_hello_ext_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen);
int tls13_key_share_server_hello_from_bytes(int *group, const uint8_t **key_exchange, size_t *key_exchange_len,
const uint8_t *ext_data, size_t ext_datalen);
int tls13_key_share_server_hello_print(FILE *fp, int fmt, int ind,
const uint8_t *data, size_t datalen);
int tls13_signature_algorithms_cert_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
#ifdef __cplusplus

2
include/gmssl/x509_key.h
View File

@@ -186,7 +186,7 @@ typedef struct {
/*
algor:
OID_sm2sign_with_sm3
OID_ecdss_with_sha256
OID_ecdsa_with_sha256
OID_lms_hashsig
OID_hss_lms_hashsig
OID_xmss_hashsig

3
src/tlcp.c
View File

@@ -244,11 +244,14 @@ int _tlcp_do_connect(TLS_CONNECT *conn)
error_print();
goto end;
}
/*
if (tls_cipher_suite_in_list(cipher_suite, tlcp_ciphers, tlcp_ciphers_count) != 1) {
tls_send_alert(conn, TLS_alert_handshake_failure);
error_print();
goto end;
}
*/
if (exts) {
error_print();
tls_send_alert(conn, TLS_alert_unexpected_message);

172
src/tls.c
View File

@@ -630,6 +630,16 @@ int tls_record_set_handshake(uint8_t *record, size_t *recordlen,
return 1;
}
int tls_record_set_handshake_header(uint8_t *record, size_t *recordlen,
int type, int length)
{
if (tls_record_set_handshake(record, recordlen, type, NULL, length) != 1) {
error_print();
return -1;
}
return 1;
}
int tls_record_get_handshake(const uint8_t *record,
int *type, const uint8_t **data, size_t *datalen)
{
@@ -893,6 +903,13 @@ int tls_record_set_handshake_server_hello(uint8_t *record, size_t *recordlen,
return 1;
}
/*
如果报文的结构正确但是数据不合法的时候应该返回TLS_alert_illegal_parameter
例如服务器的选择不在ClientHello提供的列表中
因此涉及到语义错误的,应该返回这个错误。
如果语义我们不能理解,但是格式正确,那么应该忽略
*/
int tls_record_get_handshake_server_hello(const uint8_t *record,
int *protocol, const uint8_t **random, const uint8_t **session_id, size_t *session_id_len,
int *cipher_suite, const uint8_t **exts, size_t *exts_len)
@@ -915,7 +932,7 @@ int tls_record_get_handshake_server_hello(const uint8_t *record,
}
if (type != TLS_handshake_server_hello) {
error_print();
return -1;
return 0;
}
if (tls_uint16_from_bytes(&ver, &p, &len) != 1
|| tls_array_from_bytes(random, 32, &p, &len) != 1
@@ -951,6 +968,7 @@ int tls_record_get_handshake_server_hello(const uint8_t *record,
}
*cipher_suite = cipher;
// 这个值应该返回给上一层,这样上面才能够返回正确的错误值
if (comp_meth != TLS_compression_null) {
error_print();
return -1;
@@ -1056,6 +1074,13 @@ int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs,
return 1;
}
/*
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; // 可能缺少这个参数
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
*/
int tls_record_set_handshake_certificate_request(uint8_t *record, size_t *recordlen,
const uint8_t *cert_types, size_t cert_types_len,
const uint8_t *ca_names, size_t ca_names_len)
@@ -1291,6 +1316,7 @@ int tls_record_set_handshake_finished(uint8_t *record, size_t *recordlen,
return 1;
}
// 这个应该改为只支持TLS 1.2的12字节长度判断
int tls_record_get_handshake_finished(const uint8_t *record, const uint8_t **verify_data, size_t *verify_data_len)
{
int type;
@@ -1440,13 +1466,9 @@ int tls_record_get_application_data(uint8_t *record,
return 1;
}
int tls_cipher_suite_in_list(int cipher, const int *list, size_t list_count)
int tls_type_is_in_list(int cipher, const int *list, size_t list_count)
{
size_t i;
if (!list || !list_count) {
error_print();
return -1;
}
for (i = 0; i < list_count; i++) {
if (cipher == list[i]) {
return 1;
@@ -1455,6 +1477,15 @@ int tls_cipher_suite_in_list(int cipher, const int *list, size_t list_count)
return 0;
}
static const int tlcp_ciphers[] = {
TLS_cipher_ecc_sm4_cbc_sm3,
TLS_cipher_ecc_sm4_gcm_sm3,
@@ -1496,10 +1527,13 @@ int tls_cipher_suite_support_protocol(int cipher, int protocol)
return -1;
}
/*
if (!tls_cipher_suite_in_list(cipher, ciphers, ciphers_cnt)) {
error_print();
return 0;
}
*/
return 1;
}
@@ -2082,6 +2116,8 @@ void tls_client_verify_cleanup(TLS_CLIENT_VERIFY_CTX *ctx)
}
}
// 这个函数不对啊,应该以服务器优先来选择参数
int tls_cipher_suites_select(const uint8_t *client_ciphers, size_t client_ciphers_len,
const int *server_ciphers, size_t server_ciphers_cnt,
int *selected_cipher)
@@ -2121,8 +2157,118 @@ void tls_ctx_cleanup(TLS_CTX *ctx)
}
}
int tls_ctx_set_supported_versions(TLS_CTX *ctx, const int *versions, size_t versions_cnt)
{
size_t i;
if (!ctx || !versions || !versions_cnt) {
error_print();
return -1;
}
if (versions_cnt > sizeof(ctx->supported_versions)/sizeof(ctx->supported_versions[0])) {
error_print();
return -1;
}
for (i = 0; i < versions_cnt; i++) {
switch (versions[i]) {
case TLS_protocol_tls13:
case TLS_protocol_tls12:
case TLS_protocol_tlcp:
break;
default:
error_print();
return -1;
}
ctx->supported_versions[i] = versions[i];
}
ctx->supported_versions_cnt = versions_cnt;
return 1;
}
int tls_ctx_set_supported_groups(TLS_CTX *ctx, const int *groups, size_t groups_cnt)
{
size_t i;
if (!ctx || !groups || !groups_cnt) {
error_print();
return -1;
}
if (groups_cnt > sizeof(ctx->supported_groups)/sizeof(ctx->supported_groups[0])) {
error_print();
return -1;
}
for (i = 0; i < groups_cnt; i++) {
switch (groups[i]) {
case TLS_curve_sm2p256v1:
case TLS_curve_secp256r1:
break;
default:
error_print();
return -1;
}
ctx->supported_groups[i] = groups[i];
}
ctx->supported_groups_cnt = groups_cnt;
return 1;
}
int tls_ctx_set_signature_algorithms(TLS_CTX *ctx, const int *sig_algs, size_t sig_algs_cnt)
{
size_t i;
if (!ctx || !sig_algs || !sig_algs_cnt) {
error_print();
return -1;
}
if (sig_algs_cnt > sizeof(ctx->signature_algorithms)/sizeof(ctx->signature_algorithms[0])) {
error_print();
return -1;
}
for (i = 0; i < sig_algs_cnt; i++) {
switch (sig_algs[i]) {
case TLS_sig_sm2sig_sm3:
case TLS_sig_ecdsa_secp256r1_sha256:
break;
default:
error_print();
return -1;
}
ctx->signature_algorithms[i] = sig_algs[i];
}
ctx->signature_algorithms_cnt = sig_algs_cnt;
return 1;
}
int tls_ctx_init(TLS_CTX *ctx, int protocol, int is_client)
{
const int supported_versions[] = {
TLS_protocol_tls13,
TLS_protocol_tls12,
TLS_protocol_tlcp,
};
size_t supported_versions_cnt = sizeof(supported_versions)/sizeof(supported_versions[0]);
const int supported_groups[] = {
TLS_curve_sm2p256v1,
TLS_curve_secp256r1,
};
size_t supported_groups_cnt = sizeof(supported_groups)/sizeof(supported_groups[0]);
const int signature_algorithms[] = {
TLS_sig_sm2sig_sm3,
TLS_sig_ecdsa_secp256r1_sha256,
};
size_t signature_algorithms_cnt = sizeof(signature_algorithms)/sizeof(signature_algorithms[0]);
if (!ctx) {
error_print();
return -1;
@@ -2142,10 +2288,22 @@ int tls_ctx_init(TLS_CTX *ctx, int protocol, int is_client)
ctx->is_client = is_client ? 1 : 0;
if (tls_ctx_set_supported_versions(ctx, supported_versions, supported_versions_cnt) != 1
|| tls_ctx_set_supported_groups(ctx, supported_groups, supported_groups_cnt) != 1
|| tls_ctx_set_signature_algorithms(ctx, signature_algorithms, signature_algorithms_cnt) != 1) {
error_print();
return -1;
}
ctx->verify_depth = 5;
return 1;
}
int tls_ctx_set_cipher_suites(TLS_CTX *ctx, const int *cipher_suites, size_t cipher_suites_cnt)
{
size_t i;
@@ -2407,6 +2565,8 @@ int tls_init(TLS_CONNECT *conn, const TLS_CTX *ctx)
conn->verify_depth = ctx->verify_depth;
conn->ctx = ctx;
return 1;
}

28
src/tls12.c
View File

@@ -1,4 +1,4 @@
/*
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
@@ -197,8 +197,6 @@ int tls_named_curve_from_oid(int oid)
// 这个是必选的
const int ec_point_formats[] = { TLS_point_uncompressed };
size_t ec_point_formats_cnt = sizeof(ec_point_formats)/sizeof(ec_point_formats[0]);
@@ -352,6 +350,8 @@ int tls_handshake_init(TLS_CONNECT *conn)
{
sm3_init(&conn->sm3_ctx);
digest_init(&conn->dgst_ctx, DIGEST_sm3());
if (conn->client_certs_len) {
//sm2_sign_init(&conn->sign_ctx, &conn->sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
@@ -476,6 +476,16 @@ int tlcp_send_client_hello(TLS_CONNECT *conn)
return 1;
}
int tlcp_recv_client_hello(TLS_CONNECT *conn)
{
int ret;
@@ -493,7 +503,7 @@ int tlcp_recv_client_hello(TLS_CONNECT *conn)
const uint8_t *client_exts;
size_t client_exts_len;
sm3_init(&conn->sm3_ctx);
//sm3_init(&conn->sm3_ctx);
// 服务器端如果设置了CA
@@ -785,11 +795,14 @@ int tls_recv_server_hello(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_protocol_version);
return -1;
}
/*
if (tls_cipher_suite_in_list(cipher_suite, conn->cipher_suites, conn->cipher_suites_cnt) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_handshake_failure);
return -1;
}
*/
/*
对于扩展的处理
@@ -2402,6 +2415,9 @@ int tls_recv_server_finished(TLS_CONNECT *conn)
Application Data <-------> Application Data
*/
int tls12_do_client_handshake(TLS_CONNECT *conn)
@@ -2671,6 +2687,9 @@ int tls12_do_connect(TLS_CONNECT *conn)
conn->state = TLS_state_client_hello;
sm3_init(&conn->sm3_ctx);
digest_init(&conn->dgst_ctx, DIGEST_sm3());
while (1) {
ret = tls12_client_handshake(conn);
@@ -2707,6 +2726,7 @@ int tls12_do_accept(TLS_CONNECT *conn)
conn->state = TLS_state_client_hello;
sm3_init(&conn->sm3_ctx);
digest_init(&conn->dgst_ctx, DIGEST_sm3());
while (1) {

5736
src/tls13.c
View File

File diff suppressed because it is too large Load Diff

675
src/tls_ext.c
View File

@@ -1,4 +1,4 @@
/*
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
@@ -38,6 +38,7 @@ Example:
ec_point_format_list: 0x00 (uncompressed)
*/
int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt,
uint8_t **out, size_t *outlen)
{
@@ -70,6 +71,7 @@ int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt,
return 1;
}
// 似乎不应该保留process函数
int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen)
{
@@ -185,22 +187,61 @@ int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt,
return 1;
}
int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen)
int tls_supported_groups_from_bytes(int *groups, size_t *groups_cnt, size_t max_cnt,
const uint8_t *ext_data, size_t ext_datalen)
{
int shared_groups[] = { TLS_curve_sm2p256v1 };
size_t shared_groups_cnt = 0;
const uint8_t *p;
size_t len;
const uint8_t *named_group_list;
size_t named_group_list_len;
size_t i = 0;
if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
if (tls_uint16array_from_bytes(&named_group_list, &named_group_list_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
while (len) {
if (named_group_list_len < 2) {
error_print();
return -1;
}
while (named_group_list_len) {
uint16_t group;
if (tls_uint16_from_bytes(&group, &p, &len) != 1) {
if (tls_uint16_from_bytes(&group, &named_group_list, &named_group_list_len) != 1) {
error_print();
return -1;
}
if (!tls_named_curve_name(group)) {
warning_print();
}
if (i < max_cnt) {
groups[i] = group;
i++;
}
}
*groups_cnt = i;
return 1;
}
int tls_process_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
const int *local_groups, size_t local_groups_cnt,
int *common_groups, size_t *common_groups_cnt, size_t max_cnt)
{
const uint8_t *named_group_list;
size_t named_group_list_len;
const uint8_t *cp;
size_t len;
uint16_t group;
size_t i, j = 0;
if (tls_uint16array_from_bytes(&named_group_list, &named_group_list_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
cp = named_group_list;
len = named_group_list_len;
while (len) {
if (tls_uint16_from_bytes(&group, &cp, &len) != 1) {
error_print();
return -1;
}
@@ -208,38 +249,51 @@ int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_data
error_print();
return -1;
}
if (group == shared_groups[0]) {
shared_groups_cnt = 1;
if (group == local_groups[0] && j < max_cnt) {
common_groups[j++] = group;
}
}
if (!shared_groups_cnt) {
error_print();
return -1;
for (i = 1; i < local_groups_cnt && j < max_cnt; i++) {
cp = named_group_list;
len = named_group_list_len;
while (len) {
tls_uint16_from_bytes(&group, &cp, &len);
if (group == local_groups[i]) {
common_groups[j++] = group;
break;
}
}
}
if (tls_supported_groups_ext_to_bytes(shared_groups, shared_groups_cnt, out, outlen) != 1) {
error_print();
return -1;
*common_groups_cnt = j;
if (*common_groups_cnt == 0) {
return 0;
}
return 1;
}
int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_datalen)
int tls_supported_groups_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
const uint8_t *p;
size_t len;
uint16_t group;
const uint8_t *groups;
size_t groups_len;
if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
format_print(fp, fmt, ind, "named_group_list\n");
ind += 4;
if (tls_uint16array_from_bytes(&groups, &groups_len, &d, &dlen) != 1) {
error_print();
return -1;
}
if (tls_uint16_from_bytes(&group, &p, &len) != 1
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
while (groups_len) {
uint16_t group;
if (tls_uint16_from_bytes(&group, &groups, &groups_len) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "%s (%04x)\n", tls_named_curve_name(group), group);
}
if (group != TLS_curve_sm2p256v1) {
if (dlen) {
error_print();
return -1;
}
@@ -248,6 +302,7 @@ int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_data
#define TLS_MAX_SIGNATURE_ALGORS_COUNT 64
/*
@@ -264,7 +319,67 @@ Example:
0x00,0x02, // supported_signature_algorithms_length
0x07,0x07, // supported_signature_algorithms = [ sm2sig_sm3 ]
在tls12中只有ClientHello可以包含这个扩展ServerHello不允许包含这个扩展
服务器在接收到这个扩展之后,如果
在 TLS 1.2 中,如果服务器收到客户端的 signature_algorithms 扩展,但发现其中没有自己支持的算法
服务器必须中止握手,并返回一个致命的 handshake_failure 警报
*/
int tls_signature_algorithms_print_ex(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
{
const uint8_t *sig_algs;
size_t sig_algs_len;
if (tls_uint16array_from_bytes(&sig_algs, &sig_algs_len, &d, &dlen) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "supported_signature_algorithms\n");
ind += 4;
while (sig_algs_len) {
uint16_t sig_alg;
if (tls_uint16_from_bytes(&sig_alg, &sig_algs, &sig_algs_len) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "%s (%04x)\n", tls_signature_scheme_name(sig_alg), sig_alg);
}
if (dlen) {
error_print();
return -1;
}
return 1;
}
int tls_signature_algorithms_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
if (tls_signature_algorithms_print_ex(fp, fmt, ind, "signature_algorithms", d, dlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls13_signature_algorithms_cert_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen)
{
if (tls_signature_algorithms_print_ex(fp, fmt, ind, "signature_algorithms_cert", d, dlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt,
uint8_t **out, size_t *outlen)
{
@@ -318,342 +433,120 @@ int tls13_signature_algorithms_cert_ext_to_bytes(const int *algs, size_t algs_cn
return 1;
}
int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen)
int tls_process_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen,
const int *local_sig_algs, size_t local_sig_algs_cnt,
int *common_sig_algs, size_t *common_sig_algs_cnt, size_t max_cnt)
{
int shared_algs[1] = { TLS_sig_sm2sig_sm3 };
size_t shared_algs_cnt = 0;
const uint8_t *p;
const uint8_t *supported_sig_algs;
size_t supported_sig_algs_len;
const uint8_t *cp;
size_t len;
uint16_t sig_alg;
size_t i, j = 0;
if (!ext_data || !ext_datalen || !outlen) {
if (!common_sig_algs || !common_sig_algs_cnt || !max_cnt) {
error_print();
return -1;
}
if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
if (tls_uint16array_from_bytes(&supported_sig_algs, &supported_sig_algs_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (supported_sig_algs_len < 2) {
error_print();
return -1;
}
cp = supported_sig_algs;
len = supported_sig_algs_len;
while (len) {
if (tls_uint16_from_bytes(&sig_alg, &cp, &len) != 1) {
error_print();
return -1;
}
if (!tls_signature_scheme_name(sig_alg)) {
error_print();
return -1;
}
if (sig_alg == local_sig_algs[0] && j < max_cnt) {
common_sig_algs[j++] = sig_alg;
}
}
for (i = 1; i < local_sig_algs_cnt && j < max_cnt; i++) {
cp = supported_sig_algs;
len = supported_sig_algs_len;
while (len) {
tls_uint16_from_bytes(&sig_alg, &cp, &len);
if (sig_alg == local_sig_algs[i]) {
common_sig_algs[j++] = sig_alg;
break;
}
}
}
*common_sig_algs_cnt = j;
if (!(*common_sig_algs_cnt)) {
warning_print();
return 0;
}
return 1;
}
int tls_signature_algorithms_ext_from_bytes(int *algs, size_t *algs_cnt, size_t max_cnt,
const uint8_t *ext_data, size_t ext_datalen)
{
const uint8_t *cp;
size_t len;
size_t i;
if (tls_uint16array_from_bytes(&cp, &len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
for (i = 0; i < max_cnt && len; i++) {
uint16_t alg;
if (tls_uint16_from_bytes(&alg, &p, &len) != 1) {
if (tls_uint16_from_bytes(&alg, &cp, &len) != 1) {
error_print();
return -1;
}
if (!tls_signature_scheme_name(alg)) {
error_print_msg("unknown TLS signature scheme %04x\n", alg);
continue;
}
if (alg == shared_algs[0]) {
shared_algs_cnt = 1;
break;
}
}
if (!shared_algs_cnt) {
error_print();
return -1;
}
if (tls_signature_algorithms_ext_to_bytes(shared_algs, shared_algs_cnt, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls_process_server_signature_algors(const uint8_t *ext_data, size_t ext_datalen)
{
const uint8_t *p;
size_t len;
uint16_t alg;
if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (tls_uint16_from_bytes(&alg, &p, &len) != 1
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
}
if (alg != TLS_sig_sm2sig_sm3) {
error_print();
return -1;
}
return 1;
}
/*
supported_versions
struct {
select (Handshake.msg_type) {
case client_hello:
ProtocolVersion versions<2..254>;
case server_hello: -- and HelloRetryRequest
ProtocolVersion selected_version;
};
} SupportedVersions;
*/
int tls13_supported_versions_ext_print(FILE *fp, int fmt, int ind,
int handshake_type, const uint8_t *data, size_t datalen)
{
const uint8_t *versions;
size_t versions_len;
uint16_t version;
switch (handshake_type) {
case TLS_handshake_client_hello:
format_print(fp, fmt, ind, "versions\n");
ind += 4;
if (tls_uint8array_from_bytes(&versions, &versions_len, &data, &datalen) != 1) {
error_print();
return -1;
}
if (versions_len < 2 || versions_len > 254) {
error_print();
return -1;
}
while (versions_len) {
if (tls_uint16_from_bytes(&version, &versions, &versions_len) != 1) {
error_print();
return -1;
algs[i] = alg;
}
*algs_cnt = i;
return 1;
}
static int tls_server_parameter_select(const int *server_params, size_t server_params_cnt,
const int *client_params, size_t client_params_cnt,
int *selected)
{
size_t i, j;
for (i = 0; i < server_params_cnt; i++) {
*selected = server_params[i];
for (j = 0; j < client_params_cnt; j++) {
if (client_params[j] == *selected) {
return 1;
}
format_print(fp, fmt, ind, "%s (0x%04x)\n", tls_protocol_name(version), version);
}
break;
case TLS_handshake_server_hello:
case TLS_handshake_hello_retry_request:
if (tls_uint16_from_bytes(&version, &data, &datalen) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "selected_version: %s (0x%04x)\n", tls_protocol_name(version), version);
break;
default:
error_print();
return -1;
}
if (datalen) {
error_print();
return -1;
}
return 1;
}
int tls13_supported_versions_ext_to_bytes(int handshake_type, const int *protos, size_t protos_cnt,
uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_supported_versions;
size_t ext_datalen;
size_t i;
if (!protos || !protos_cnt || !outlen) {
error_print();
return -1;
}
switch (handshake_type) {
case TLS_handshake_client_hello:
{
size_t versions_len;
if (protos_cnt > 254/2) {
error_print();
return -1;
}
versions_len = tls_uint16_size() * protos_cnt;
ext_datalen = tls_uint8_size() + versions_len;
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
tls_uint8_to_bytes((uint8_t)versions_len, out, outlen);
for (i = 0; i < protos_cnt; i++) {
if (!tls_protocol_name(protos[i])) {
error_print();
return -1;
}
tls_uint16_to_bytes((uint16_t)protos[i], out, outlen);
}
break;
}
case TLS_handshake_server_hello:
case TLS_handshake_hello_retry_request:
{
uint16_t selected_version;
if (protos_cnt > 1) {
error_print();
return -1;
}
selected_version = protos[0];
ext_datalen = tls_uint16_size();
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
tls_uint16_to_bytes(selected_version, out, outlen);
break;
}
default:
error_print();
return -1;
}
return 1;
}
int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen,
uint8_t **out, size_t *outlen)
{
const uint8_t *versions;
size_t versions_len;
int selected_version = -1;
if (tls_uint8array_from_bytes(&versions, &versions_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (versions_len < 2 || versions_len > 254) {
error_print();
return -1;
}
while (versions_len) {
uint16_t proto;
if (tls_uint16_from_bytes(&proto, &versions, &versions_len) != 1) {
error_print();
return -1;
}
if (!tls_protocol_name(proto)) {
error_print();
return -1;
}
if (proto == TLS_protocol_tls13) {
selected_version = proto;
}
}
if (selected_version < 0) {
error_print();
return -1;
}
if (tls13_supported_versions_ext_to_bytes(TLS_handshake_server_hello, &selected_version, 1, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int tls13_process_server_supported_versions(const uint8_t *ext_data, size_t ext_datalen)
{
uint16_t selected_version;
if (tls_uint16_from_bytes(&selected_version, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (selected_version != TLS_protocol_tls13) {
error_print();
return -1;
}
return 1;
}
/*
key_share
实际上这个 key_share 也存在相同的问题
struct {
NamedGroup group;
opaque key_exchange<1..2^16-1>;
} KeyShareEntry;
struct {
KeyShareEntry client_shares<0..2^16-1>;
} KeyShareClientHello;
struct {
KeyShareEntry server_share;
} KeyShareServerHello;
*/
int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen)
{
const uint8_t *client_shares;
size_t client_shares_len;
uint16_t group;
const uint8_t *key_exchange;
size_t key_exchange_len;
switch (handshake_type) {
case TLS_handshake_client_hello:
format_print(fp, fmt, ind, "client_shares\n");
ind += 4;
if (tls_uint16array_from_bytes(&client_shares, &client_shares_len, &data, &datalen) != 1) {
error_print();
return -1;
}
format_print(fp, fmt, ind, "KeyShareEntry\n");
ind += 4;
while (client_shares_len) {
if (tls_uint16_from_bytes(&group, &client_shares, &client_shares_len) != 1) goto err;
format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group);
if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &client_shares, &client_shares_len) != 1) goto err;
format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len);
}
break;
case TLS_handshake_server_hello:
format_print(fp, fmt, ind, "server_share\n");
ind += 4;
if (tls_uint16_from_bytes(&group, &data, &datalen) != 1) goto err;
format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group);
if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &data, &datalen) != 1) goto err;
format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len);
break;
default:
error_print();
return -1;
}
if (tls_length_is_zero(datalen) != 1) goto err;
return 1;
err:
error_print();
return -1;
return 0;
}
int tls13_key_share_entry_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t group = TLS_curve_sm2p256v1;
uint8_t key_exchange[65];
if (!point || !outlen) {
error_print();
return -1;
}
sm2_z256_point_to_uncompressed_octets(point, key_exchange);
tls_uint16_to_bytes(group, out, outlen);
tls_uint16array_to_bytes(key_exchange, 65, out, outlen);
return 1;
}
int tls13_server_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_key_share;
size_t ext_datalen = 0;
if (!point || !outlen) {
error_print();
return -1;
}
tls13_key_share_entry_to_bytes(point, NULL, &ext_datalen);
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
tls13_key_share_entry_to_bytes(point, out, outlen);
return 1;
}
/*
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_Z256_POINT *point)
{
uint16_t group;
@@ -685,29 +578,16 @@ int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen,
return 1;
}
int tls13_client_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_key_share;
size_t ext_datalen;
size_t client_shares_len = 0;
*/
if (!point || !outlen) {
error_print();
return -1;
}
tls13_key_share_entry_to_bytes(point, NULL, &client_shares_len);
ext_datalen = tls_uint16_size() + client_shares_len;
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen); // FIXME: do we need to check length < UINT16_MAX?
tls_uint16_to_bytes((uint16_t)client_shares_len, out, outlen);
tls13_key_share_entry_to_bytes(point, out, outlen);
return 1;
}
int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
const SM2_KEY *server_ecdhe_key, SM2_KEY *client_ecdhe_public,
uint8_t **out, size_t *outlen)
/*
如果客户端提供的key_share满足服务器支持的group那么就缓存这个key_share任务完成
否则如果客户端的groups和服务器的groups找到了共同的group那么服务器可以发送HelloRetryRequest
*/
/*
int tls13_process_client_key_share(const int *server_groups, size_t server_groups_cnt,
const uint8_t *client_ext_data, size_t client_ext_datalen,
int *client_group, uint8_t *client_key_exchange, size_t client_key_exchange_len)
{
const uint8_t *client_shares;
size_t client_shares_len;
@@ -758,54 +638,8 @@ int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
error_print();
return -1;
}
/*
certificate_authorities
opaque DistinguishedName<1..2^16-1>;
struct {
DistinguishedName authorities<3..2^16-1>;
} CertificateAuthoritiesExtension;
*/
int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len,
uint8_t **out, size_t *outlen)
{
int ext_type = TLS_extension_certificate_authorities;
size_t ext_datalen;
size_t authorities_len;
const uint8_t *name;
size_t namelen;
const uint8_t *p;
size_t len;
p = ca_names;
len = ca_names_len;
authorities_len = 0;
while (len) {
if (x509_name_from_der(&name, &namelen, &p, &len) != 1) {
error_print();
return -1;
}
tls_uint16array_to_bytes(name, namelen, NULL, &authorities_len);
}
if (authorities_len < 3 || authorities_len > (1 << 16) - 1) {
error_print();
return -1;
}
ext_datalen = tls_uint16_size() + authorities_len;
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
tls_uint16_to_bytes((uint16_t)authorities_len, out, outlen);
while (ca_names_len) {
x509_name_from_der(&name, &namelen, &ca_names, &ca_names_len);
tls_uint16array_to_bytes(name, namelen, out, outlen);
}
return 1;
}
int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen)
{
@@ -843,6 +677,7 @@ int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *
}
break;
case TLS_extension_signature_algorithms:
/*
if (tls_process_client_signature_algorithms(data, datalen, &out, outlen) != 1) {
error_print();
return -1;
@@ -853,6 +688,7 @@ int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *
error_print();
return -1;
}
*/
break;
default:
error_print();
@@ -888,6 +724,8 @@ int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen,
*ec_point_format = TLS_point_uncompressed;
break;
case TLS_extension_signature_algorithms:
/*
if (tls_process_server_signature_algors(data, datalen) != 1) {
error_print();
return -1;
@@ -899,6 +737,7 @@ int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen,
error_print();
return -1;
}
*/
*signature_algor = TLS_sig_sm2sig_sm3;
break;
default:
@@ -955,31 +794,3 @@ static int tls13_hello_retry_request_exts[] = {
};

207
src/tls_trace.c
View File

@@ -1,4 +1,4 @@
/*
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
@@ -454,61 +454,6 @@ int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen,
return 1;
}
int tls13_extension_print(FILE *fp, int fmt, int ind,
int handshake_type, int ext_type, const uint8_t *ext_data, size_t ext_datalen)
{
switch (ext_type) {
case TLS_extension_supported_groups:
case TLS_extension_ec_point_formats:
case TLS_extension_signature_algorithms:
return tls_extension_print(fp, ext_type, ext_data, ext_datalen, fmt, ind);
}
format_print(fp, fmt, ind, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
ind += 4;
switch (ext_type) {
case TLS_extension_supported_versions:
tls13_supported_versions_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
break;
case TLS_extension_key_share:
tls13_key_share_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
break;
default:
format_bytes(fp, fmt, ind, "raw_data", ext_data, ext_datalen);
}
return 1;
}
int tls13_extensions_print(FILE *fp, int fmt, int ind,
int handshake_type, const uint8_t *exts, size_t extslen)
{
uint16_t ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
if (!exts) {
format_print(fp, fmt, ind, "Extensions: (null)\n");
return 1;
}
format_print(fp, fmt, ind, "Extensions\n");
ind += 4;
while (extslen > 0) {
if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
|| tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
error_print();
return -1;
}
if (tls13_extension_print(fp, fmt, ind, handshake_type, ext_type, ext_data, ext_datalen) != 1) {
error_print();
return -1;
}
}
return 1;
}
int tls_extensions_print(FILE *fp, const uint8_t *exts, size_t extslen, int format, int indent)
{
uint16_t ext_type;
@@ -581,9 +526,27 @@ int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
}
if (datalen > 0) {
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto end;
//tls_extensions_print(fp, exts, exts_len, format, indent);
tls13_extensions_print(fp, format, indent, TLS_handshake_client_hello, exts, exts_len);
format_print(fp, format, indent, "Extensions\n");
indent += 4;
}
// 打印扩展
while (exts_len > 0) {
uint16_t ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
if (tls_uint16_from_bytes(&ext_type, &exts, &exts_len) != 1
|| tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &exts_len) != 1) {
error_print();
return -1;
}
format_print(fp, format, indent, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
indent += 4;
tls_extensions_print(fp, exts, exts_len, format, indent);
}
if (datalen > 0) {
error_print();
return -1;
@@ -593,6 +556,23 @@ end:
return ret;
}
int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
{
int ret = -1;
@@ -622,7 +602,7 @@ int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int fo
if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto bad;
//format_bytes(fp, format, indent, "Extensions : ", exts, exts_len); // FIXME: extensions_print
//tls_extensions_print(fp, exts, exts_len, format, indent);
tls13_extensions_print(fp, format, indent, TLS_handshake_server_hello, exts, exts_len);
//tls13_extensions_print(fp, format, indent, TLS_handshake_server_hello, exts, exts_len);
}
return 1;
bad:
@@ -854,6 +834,13 @@ int tls_client_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen,
return 1;
}
// 这个格式似乎是不对的
/*
struct {
SignatureAndHashAlgorithm algorithm;
opaque signature<0..2^16-1>;
} DigitallySigned;
*/
int tls_certificate_verify_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
{
format_print(fp, format, indent, "CertificateVerify\n");
@@ -869,43 +856,6 @@ int tls_finished_print(FILE *fp, const uint8_t *data, size_t datalen, int format
return 1;
}
// FIXME: 应该将这个函数融合到 tls_handshake_print 中
int tls13_handshake_print(FILE *fp, int fmt, int ind, const uint8_t *handshake, size_t handshake_len)
{
const uint8_t *p = handshake;
size_t len = handshake_len;
uint8_t type;
const uint8_t *data;
size_t datalen;
if (tls_uint8_from_bytes(&type, &handshake, &handshake_len) != 1
|| tls_uint24array_from_bytes(&data, &datalen, &handshake, &handshake_len) != 1
|| tls_length_is_zero(handshake_len) != 1) {
error_print();
return -1;
}
switch (type) {
case TLS_handshake_certificate:
case TLS_handshake_certificate_request:
case TLS_handshake_certificate_verify:
format_print(fp, fmt, ind, "Handshake\n");
ind += 4;
format_print(fp, fmt, ind, "Type: %s (%d)\n", tls_handshake_type_name(type), type);
format_print(fp, fmt, ind, "Length: %zu\n", datalen);
break;
}
switch (type) {
case TLS_handshake_certificate:
return tls13_certificate_print(fp, fmt, ind, data, datalen);
case TLS_handshake_certificate_request:
return tls13_certificate_request_print(fp, fmt, ind, data, datalen);
case TLS_handshake_certificate_verify:
return tls13_certificate_verify_print(fp, fmt, ind, data, datalen);
}
return tls_handshake_print(fp, p, len, fmt, ind);
}
// 这个是有问题的因为TLS 1.3的证书和TLS 1.2是不一样的
int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent)
@@ -1006,75 +956,10 @@ int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, in
return 1;
}
int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen)
{
const uint8_t *data;
size_t datalen;
int protocol;
format |= TLS_cipher_sm4_gcm_sm3 << 8;
if (!fp || !record || recordlen < 5) {
error_print();
return -1;
}
protocol = tls_record_protocol(record);
format_print(fp, format, indent, "Record\n"); indent += 4;
format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
format_print(fp, format, indent, "Version: %s (%d.%d)\n", tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
data = tls_record_data(record);
datalen = tls_record_data_length(record);
if (recordlen < tls_record_length(record)) {
error_print();
return -1;
}
// 最高字节设置后强制打印记录原始数据
if (format >> 24) {
format_bytes(fp, format, indent, "Data", data, datalen);
fprintf(fp, "\n");
return 1;
}
switch (record[0]) {
case TLS_record_handshake:
tls13_handshake_print(fp, format, indent, data, datalen);
break;
case TLS_record_alert:
if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
case TLS_record_change_cipher_spec:
if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
case TLS_record_application_data:
if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
recordlen -= tls_record_length(record);
if (recordlen) {
format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen);
}
fprintf(fp, "\n");
return 1;
}
// FIXME: 根据RFC来考虑这个函数的参数,从底向上逐步修改每个函数的接口参数

416
tests/tls13test.c
View File

@@ -69,10 +69,426 @@ static int test_tls13_gcm(void)
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_tls13_supported_versions_ext(void)
{
const int client_versions[] = { TLS_protocol_tls13, TLS_protocol_tls12, TLS_protocol_tlcp };
const int server_versions[] = { TLS_protocol_tls12, TLS_protocol_tls13, TLS_protocol_tlcp };
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
int ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
int common_versions[2];
size_t common_versions_cnt;
int selected_version;
// server => client
if (tls13_client_supported_versions_ext_to_bytes(client_versions,
sizeof(client_versions)/sizeof(client_versions[0]), &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| ext_type != TLS_extension_supported_versions
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "ClientHello.exts.supported_versions\n");
tls13_client_supported_versions_print(stderr, 0, 8, ext_data, ext_datalen);
// client process
if (tls13_process_client_supported_versions(ext_data, ext_datalen,
server_versions, sizeof(server_versions)/sizeof(server_versions[0]),
common_versions, &common_versions_cnt,
sizeof(common_versions)/sizeof(common_versions[0])) != 1) {
error_print();
return -1;
}
if (common_versions[0] != TLS_protocol_tls12
|| common_versions[1] != TLS_protocol_tls13
|| common_versions_cnt != 2) {
error_print();
return -1;
}
// client => server
if (tls13_server_supported_versions_ext_to_bytes(common_versions[0], &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| ext_type != TLS_extension_supported_versions
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "ServerHello.exts.supported_versions\n");
tls13_server_supported_versions_print(stderr, 0, 8, ext_data, ext_datalen);
// server process
if (tls13_process_server_supported_versions(
client_versions, sizeof(client_versions)/sizeof(client_versions[0]),
ext_data, ext_datalen, &selected_version) != 1) {
error_print();
return -1;
}
if (selected_version != TLS_protocol_tls12) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_tls13_key_share_ext(void)
{
const int curve_oid[] = {
OID_sm2,
OID_secp256r1,
};
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
int ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
X509_KEY x509_key[2];
int group;
const uint8_t *key_exchange;
size_t key_exchange_len;
int common_groups[] = {
TLS_curve_secp256r1,
TLS_curve_sm2p256v1,
};
size_t i;
for (i = 0; i < sizeof(curve_oid)/sizeof(curve_oid[0]); i++) {
if (x509_key_generate(&x509_key[i], OID_ec_public_key,
&curve_oid[i], sizeof(curve_oid[i])) != 1) {
error_print();
return -1;
}
}
// KeyShareEntry
if (tls13_key_share_entry_to_bytes(&x509_key[0], &p, &len) != 1) {
error_print();
return -1;
}
if (tls13_key_share_entry_from_bytes(&group, &key_exchange, &key_exchange_len, &cp, &len) != 1
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
}
if (group != tls_named_curve_from_oid(curve_oid[0])
|| !key_exchange || key_exchange_len != 65) {
error_print();
return -1;
}
// KeyShareClientHello
if (tls13_key_share_client_hello_ext_to_bytes(x509_key,
sizeof(curve_oid)/sizeof(curve_oid[0]), &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| tls_length_is_zero(len) != 1) {
error_print();
return -1;
}
tls13_key_share_client_hello_print(stderr, 0, 4, ext_data, ext_datalen);
if (tls13_process_key_share_client_hello(ext_data, ext_datalen,
common_groups, sizeof(common_groups)/sizeof(common_groups[0]),
&group, &key_exchange, &key_exchange_len) != 1) {
error_print();
return -1;
}
if (group != common_groups[0]) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "group: %s\n", tls_named_curve_name(group));
format_bytes(stderr, 0, 4, "key_exchange", key_exchange, key_exchange_len);
// KeyShareServerHello
X509_KEY server_key;
int server_curve;
server_curve = tls_named_curve_oid(group);
if (server_curve == OID_undef) {
error_print();
return -1;
}
if (x509_key_generate(&server_key, OID_ec_public_key, &server_curve, sizeof(server_curve)) != 1) {
error_print();
return -1;
}
if (tls13_key_share_server_hello_ext_to_bytes(&server_key, &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| tls_length_is_zero(len) != 1
|| ext_type != TLS_extension_key_share) {
error_print();
return -1;
}
tls13_key_share_server_hello_print(stderr, 0, 4, ext_data, ext_datalen);
if (tls13_key_share_server_hello_from_bytes(&group, &key_exchange, &key_exchange_len,
ext_data, ext_datalen) != 1) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_tls13_certificate_authorities_ext(void)
{
// 首先生成多个证书并且将证书写入到一个PEM文件中
// 从证书文件中读取名字
// 然后生成这个扩展
return 1;
}
static int test_tls_supported_groups_ext(void)
{
const int client_groups[] = {
TLS_curve_sm2p256v1,
TLS_curve_secp256r1,
};
const size_t client_groups_cnt = sizeof(client_groups)/sizeof(client_groups[0]);
const int server_groups[] = {
TLS_curve_secp256r1,
TLS_curve_sm2p256v1,
};
const size_t server_groups_cnt = sizeof(server_groups)/sizeof(server_groups[0]);
int common_groups[2];
size_t common_groups_cnt;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
int ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
size_t i;
if (tls_supported_groups_ext_to_bytes(client_groups, client_groups_cnt, &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| tls_length_is_zero(len) != 1
|| ext_type != TLS_extension_supported_groups) {
error_print();
return -1;
}
tls_supported_groups_print(stderr, 0, 4, ext_data, ext_datalen);
if (tls_process_supported_groups(ext_data, ext_datalen,
server_groups, server_groups_cnt, common_groups, &common_groups_cnt,
sizeof(common_groups)/sizeof(common_groups[0])) != 1) {
error_print();
return -1;
}
format_print(stderr, 0, 4, "common_groups\n");
for (i = 0; i < common_groups_cnt; i++) {
format_print(stderr, 0, 8, "%s\n", tls_named_curve_name(common_groups[i]));
}
if (common_groups[0] != server_groups[0]) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_tls_signature_algorithms_ext(void)
{
const int server_sig_algs[] = {
TLS_sig_sm2sig_sm3,
TLS_sig_ecdsa_secp256r1_sha256,
};
const size_t server_sig_algs_cnt = sizeof(server_sig_algs)/sizeof(server_sig_algs[0]);
const int client_sig_algs[] = {
TLS_sig_sm2sig_sm3,
TLS_sig_ecdsa_secp256r1_sha256,
};
const size_t client_sig_algs_cnt = sizeof(client_sig_algs)/sizeof(client_sig_algs[0]);
int common_sig_algs[2];
size_t common_sig_algs_cnt;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
int ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
size_t i;
if (tls_signature_algorithms_ext_to_bytes(client_sig_algs, client_sig_algs_cnt, &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| tls_length_is_zero(len) != 1
|| ext_type != TLS_extension_signature_algorithms) {
error_print();
return -1;
}
tls_signature_algorithms_print(stderr, 0, 4, ext_data, ext_datalen);
if (tls_process_signature_algorithms(ext_data, ext_datalen,
server_sig_algs, server_sig_algs_cnt,
common_sig_algs, &common_sig_algs_cnt,
sizeof(common_sig_algs)/sizeof(common_sig_algs[0])) != 1) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_tls13_signature_algorithms_cert_ext(void)
{
const int server_sig_algs[] = {
TLS_sig_sm2sig_sm3,
TLS_sig_ecdsa_secp256r1_sha256,
};
const size_t server_sig_algs_cnt = sizeof(server_sig_algs)/sizeof(server_sig_algs[0]);
const int client_sig_algs[] = {
TLS_sig_sm2sig_sm3,
TLS_sig_ecdsa_secp256r1_sha256,
};
const size_t client_sig_algs_cnt = sizeof(client_sig_algs)/sizeof(client_sig_algs[0]);
int common_sig_algs[2];
size_t common_sig_algs_cnt;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
int ext_type;
const uint8_t *ext_data;
size_t ext_datalen;
size_t i;
if (tls13_signature_algorithms_cert_ext_to_bytes(
client_sig_algs, client_sig_algs_cnt, &p, &len) != 1) {
error_print();
return -1;
}
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &cp, &len) != 1
|| tls_length_is_zero(len) != 1
|| ext_type != TLS_extension_signature_algorithms_cert) {
error_print();
return -1;
}
tls13_signature_algorithms_cert_print(stderr, 0, 4, ext_data, ext_datalen);
if (tls_process_signature_algorithms(ext_data, ext_datalen,
server_sig_algs, server_sig_algs_cnt,
common_sig_algs, &common_sig_algs_cnt,
sizeof(common_sig_algs)/sizeof(common_sig_algs[0])) != 1) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int main(void)
{
if (test_tls13_gcm() != 1) goto err;
if (test_tls13_supported_versions_ext() != 1) goto err;
if (test_tls13_key_share_ext() != 1) goto err;
if (test_tls_supported_groups_ext() != 1) goto err;
if (test_tls_signature_algorithms_ext() != 1) goto err;
if (test_tls13_signature_algorithms_cert_ext() != 1) goto err;
printf("%s all tests passed\n", __FILE__);
return 0;
err:

1
tools/tls13_server.c
View File

@@ -143,7 +143,6 @@ bad:
}
}
if (tls_socket_create(&sock, AF_INET, SOCK_STREAM, 0) != 1) {
fprintf(stderr, "%s: socket create error\n", prog);
goto end;