abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3465d79c55e037873b305f078210d9b37aaf0f1c
GmSSL/src/tls_cookie.c
Zhi Guan 931c5e39e8 Update TLS 1.3
2026-05-26 21:50:13 +08:00

124 lines
2.8 KiB
C
Raw Blame History

/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <time.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gmssl/rand.h>
#include <gmssl/x509.h>
#include <gmssl/error.h>
#include <gmssl/sm2.h>
#include <gmssl/sm3.h>
#include <gmssl/sm4.h>
#include <gmssl/pem.h>
#include <gmssl/mem.h>
#include <gmssl/tls.h>
/*
44. cookie
* server HelloRetryReqeust
* client ClientHello (again)
struct {
opaque cookie<1..2^16-1>;
} Cookie;
*/
int tls13_cookie_generate(const SM4_KEY *cookie_key, // server_ctx->cookie_key
const uint8_t *client_info, size_t client_info_len,
uint8_t *cookie, size_t *cookie_len)
{
rand_bytes(cookie, 32);
*cookie_len = 32;
return 1;
}
int tls13_cookie_verify(const SM4_KEY *cookie_key, // server_ctx->cookie_key
const uint8_t *client_info, size_t client_info_len,
const uint8_t *cookie, size_t cookie_len)
{
return 1;
}
int tls13_cookie_ext_to_bytes(const uint8_t *cookie, size_t cookielen, uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_cookie;
size_t ext_datalen;
if (!cookie || !cookielen || cookielen > 65535) {
error_print();
return -1;
}
ext_datalen = 2 + cookielen;
if (ext_datalen > 65535) {
error_print();
return -1;
}
tls_uint16_to_bytes(ext_type, out, outlen);
tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
tls_uint16array_to_bytes(cookie, cookielen, out, outlen);
return 1;
}
int tls13_cookie_from_bytes(const uint8_t **cookie, size_t *cookielen, const uint8_t *ext_data, size_t ext_datalen)
{
if (tls_uint16array_from_bytes(cookie, cookielen, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (!(*cookie) || !(*cookielen)) {
error_print();
return -1;
}
return 1;
}
int tls13_cookie_print(FILE *fp, int fmt, int ind, const uint8_t *ext_data, size_t ext_datalen)
{
const uint8_t *cookie;
size_t cookielen;
if (tls_uint16array_from_bytes(&cookie, &cookielen, &ext_data, &ext_datalen) != 1) {
error_print();
return -1;
}
format_bytes(fp, fmt, ind, "cookie", cookie, cookielen);
if (ext_datalen) {
error_print();
return -1;
}
return 1;
}
// if server send cookie in HelloRetryRequest, client must return cookie in ClientHello2
// so server conn follows cookie setting from ctx, client conn behaves passively
int tls13_ctx_set_cookie_key(TLS_CTX *ctx, const uint8_t *cookie_key, size_t cookie_key_len)
{
if (!ctx || !cookie_key || !cookie_key_len) {
error_print();
return -1;
}
if (cookie_key_len != SM4_KEY_SIZE) {
error_print();
return -1;
}
sm4_set_encrypt_key(&ctx->cookie_key, cookie_key);
ctx->cookie = 1;
return 1;
}
Reference in New Issue View Git Blame Copy Permalink