diff --git a/CMakeLists.txt b/CMakeLists.txt index 694d5094..afa98f3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -764,7 +764,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.2.0-dev.1055") +set(CPACK_PACKAGE_VERSION "3.2.0-dev.1056") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/version.h b/include/gmssl/version.h index 1f31d6fa..447237c4 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30200 -#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1055" +#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1056" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/tls13.c b/src/tls13.c index 09f14d13..4017f49c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1222,7 +1222,6 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s const uint8_t *iv; uint8_t *seq_num; size_t padding_len = 0; - size_t record_datalen; int request_update = 0; @@ -1275,9 +1274,14 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s tls13_padding_len_rand(&padding_len); - if (tls13_gcm_encrypt(key, iv, - seq_num, TLS_record_application_data, data, datalen, padding_len, - conn->record + 5, &record_datalen) != 1) { + if (tls_record_set_application_data(conn->plain_record, &conn->plain_recordlen, + data, datalen) != 1) { + error_print(); + return -1; + } + if (tls13_record_encrypt(conn->cipher_suite, key, iv, + seq_num, conn->plain_record, conn->plain_recordlen, padding_len, + conn->record, &conn->recordlen) != 1) { error_print(); return -1; } @@ -1285,11 +1289,6 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s ret = 1; - tls_record_set_type(conn->record, TLS_record_application_data); - tls_record_set_protocol(conn->record, TLS_protocol_tls12); - tls_record_set_data_length(conn->record, record_datalen); - - conn->recordlen = 5 + record_datalen; conn->record_offset = 0; conn->send_state = TLS_state_send_record; diff --git a/tests/tls13test.c b/tests/tls13test.c index e9c9aaf7..208e9a1e 100644 --- a/tests/tls13test.c +++ b/tests/tls13test.c @@ -97,9 +97,11 @@ static int test_tls13_gcm(void) return 1; } -#ifdef ENABLE_AES_CCM +#if defined(ENABLE_AES_CCM) || defined(ENABLE_SM4_CCM) static int test_tls13_ccm(void) { + const BLOCK_CIPHER *cipher; + int cipher_suite; BLOCK_CIPHER_KEY block_key; uint8_t key[16]; uint8_t iv[12]; @@ -116,6 +118,14 @@ static int test_tls13_ccm(void) rand_bytes(iv, sizeof(iv)); rand_bytes(record + 5, 40); +#ifdef ENABLE_AES_CCM + cipher = BLOCK_CIPHER_aes128(); + cipher_suite = TLS_cipher_aes_128_ccm_sha256; +#else + cipher = BLOCK_CIPHER_sm4(); + cipher_suite = TLS_cipher_sm4_ccm_sm3; +#endif + record[0] = TLS_record_handshake; record[1] = TLS_protocol_tls12 >> 8; record[2] = TLS_protocol_tls12 & 0xff; @@ -123,16 +133,16 @@ static int test_tls13_ccm(void) record[4] = 40; recordlen = 5 + 40; - if (block_cipher_set_encrypt_key(&block_key, BLOCK_CIPHER_aes128(), key) != 1) { + if (block_cipher_set_encrypt_key(&block_key, cipher, key) != 1) { error_print(); return -1; } - if (tls13_record_encrypt(TLS_cipher_aes_128_ccm_sha256, &block_key, iv, + if (tls13_record_encrypt(cipher_suite, &block_key, iv, seq_num, record, recordlen, padding_len, enced_record, &enced_recordlen) != 1) { error_print(); return -1; } - if (tls13_record_decrypt(TLS_cipher_aes_128_ccm_sha256, &block_key, iv, + if (tls13_record_decrypt(cipher_suite, &block_key, iv, seq_num, enced_record, enced_recordlen, buf, &buflen) != 1) { error_print(); return -1; @@ -142,6 +152,71 @@ static int test_tls13_ccm(void) return -1; } +#ifndef WIN32 + { + TLS_CTX ctx; + TLS_CONNECT conn; + tls_socket_t fds[2]; + uint8_t data[40]; + size_t sentlen; + uint8_t recv_record[256]; + size_t recv_recordlen; + uint8_t decrypt_seq_num[8] = {0}; + const uint8_t *decrypt_data; + size_t decrypt_datalen; + tls_ret_t n; + + memset(&ctx, 0, sizeof(ctx)); + memset(&conn, 0, sizeof(conn)); + rand_bytes(data, sizeof(data)); + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != 0) { + error_print(); + return -1; + } + conn.ctx = &ctx; + conn.is_client = 1; + conn.sock = fds[0]; + conn.cipher_suite = cipher_suite; + memcpy(conn.client_write_iv, iv, sizeof(iv)); + if (block_cipher_set_encrypt_key(&conn.client_write_key, cipher, key) != 1) { + error_print(); + return -1; + } + if (tls13_send(&conn, data, sizeof(data), &sentlen) != 1 || sentlen != sizeof(data)) { + error_print(); + return -1; + } + if ((n = tls_socket_recv(fds[1], recv_record, TLS_RECORD_HEADER_SIZE, 0)) != TLS_RECORD_HEADER_SIZE) { + error_print(); + return -1; + } + recv_recordlen = tls_record_length(recv_record); + if (recv_recordlen > sizeof(recv_record)) { + error_print(); + return -1; + } + if ((n = tls_socket_recv(fds[1], recv_record + TLS_RECORD_HEADER_SIZE, + recv_recordlen - TLS_RECORD_HEADER_SIZE, 0)) != (tls_ret_t)(recv_recordlen - TLS_RECORD_HEADER_SIZE)) { + error_print(); + return -1; + } + if (tls13_record_decrypt(cipher_suite, &block_key, iv, + decrypt_seq_num, recv_record, recv_recordlen, buf, &buflen) != 1) { + error_print(); + return -1; + } + if (tls_record_get_application_data(buf, &decrypt_data, &decrypt_datalen) != 1 + || decrypt_datalen != sizeof(data) + || memcmp(decrypt_data, data, decrypt_datalen) != 0) { + error_print(); + return -1; + } + tls_socket_close(fds[0]); + tls_socket_close(fds[1]); + } +#endif + printf("%s() ok\n", __FUNCTION__); return 1; } @@ -711,7 +786,7 @@ int main(void) { if (test_tls_ext() != 1) goto err; if (test_tls13_gcm() != 1) goto err; -#ifdef ENABLE_AES_CCM +#if defined(ENABLE_AES_CCM) || defined(ENABLE_SM4_CCM) if (test_tls13_ccm() != 1) goto err; #endif if (test_tls13_supported_versions_ext() != 1) goto err;