mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge branch 'development' into pr3431
This commit is contained in:
Bence Szépkúti
@ -252,6 +252,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
|
||||
memcpy( Y, &T, sizeof( mbedtls_mpi ) );
|
||||
}
|
||||
|
||||
static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
|
||||
{
|
||||
if( z >= 0 )
|
||||
return( z );
|
||||
/* Take care to handle the most negative value (-2^(biL-1)) correctly.
|
||||
* A naive -z would have undefined behavior.
|
||||
* Write this in a way that makes popular compilers happy (GCC, Clang,
|
||||
* MSVC). */
|
||||
return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
|
||||
}
|
||||
|
||||
/*
|
||||
* Set value from integer
|
||||
*/
|
||||
@ -263,7 +274,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
|
||||
memset( X->p, 0, X->n * ciL );
|
||||
|
||||
X->p[0] = ( z < 0 ) ? -z : z;
|
||||
X->p[0] = mpi_sint_abs( z );
|
||||
X->s = ( z < 0 ) ? -1 : 1;
|
||||
|
||||
cleanup:
|
||||
@ -853,7 +864,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
|
||||
*p = ( z < 0 ) ? -z : z;
|
||||
*p = mpi_sint_abs( z );
|
||||
Y.s = ( z < 0 ) ? -1 : 1;
|
||||
Y.n = 1;
|
||||
Y.p = p;
|
||||
@ -889,6 +900,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
||||
if( B->p[j - 1] != 0 )
|
||||
break;
|
||||
|
||||
/* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
|
||||
* and B is 0 (of any size). */
|
||||
if( j == 0 )
|
||||
return( 0 );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
|
||||
|
||||
/* j is the number of non-zero limbs of B. Add those to X. */
|
||||
@ -972,10 +988,12 @@ cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Signed addition: X = A + B
|
||||
/* Common function for signed addition and subtraction.
|
||||
* Calculate A + B * flip_B where flip_B is 1 or -1.
|
||||
*/
|
||||
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
static int add_sub_mpi( mbedtls_mpi *X,
|
||||
const mbedtls_mpi *A, const mbedtls_mpi *B,
|
||||
int flip_B )
|
||||
{
|
||||
int ret, s;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
@ -983,16 +1001,21 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
s = A->s;
|
||||
if( A->s * B->s < 0 )
|
||||
if( A->s * B->s * flip_B < 0 )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
|
||||
int cmp = mbedtls_mpi_cmp_abs( A, B );
|
||||
if( cmp >= 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
|
||||
X->s = s;
|
||||
/* If |A| = |B|, the result is 0 and we must set the sign bit
|
||||
* to +1 regardless of which of A or B was negative. Otherwise,
|
||||
* since |A| > |B|, the sign is the sign of A. */
|
||||
X->s = cmp == 0 ? 1 : s;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
|
||||
/* Since |A| < |B|, the sign is the opposite of A. */
|
||||
X->s = -s;
|
||||
}
|
||||
}
|
||||
@ -1007,39 +1030,20 @@ cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Signed addition: X = A + B
|
||||
*/
|
||||
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
{
|
||||
return( add_sub_mpi( X, A, B, 1 ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Signed subtraction: X = A - B
|
||||
*/
|
||||
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
|
||||
{
|
||||
int ret, s;
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
MPI_VALIDATE_RET( B != NULL );
|
||||
|
||||
s = A->s;
|
||||
if( A->s * B->s > 0 )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
|
||||
X->s = s;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
|
||||
X->s = -s;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
|
||||
X->s = s;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
return( ret );
|
||||
return( add_sub_mpi( X, A, B, -1 ) );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1052,7 +1056,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
p[0] = mpi_sint_abs( b );
|
||||
B.s = ( b < 0 ) ? -1 : 1;
|
||||
B.n = 1;
|
||||
B.p = p;
|
||||
@ -1070,7 +1074,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
|
||||
MPI_VALIDATE_RET( X != NULL );
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
p[0] = mpi_sint_abs( b );
|
||||
B.s = ( b < 0 ) ? -1 : 1;
|
||||
B.n = 1;
|
||||
B.p = p;
|
||||
@ -1408,7 +1412,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
|
||||
mbedtls_mpi_uint p[1];
|
||||
MPI_VALIDATE_RET( A != NULL );
|
||||
|
||||
p[0] = ( b < 0 ) ? -b : b;
|
||||
p[0] = mpi_sint_abs( b );
|
||||
B.s = ( b < 0 ) ? -1 : 1;
|
||||
B.n = 1;
|
||||
B.p = p;
|
||||
|
||||
@ -127,7 +127,40 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A,
|
||||
/* END MERGE SLOT 6 */
|
||||
|
||||
/* BEGIN MERGE SLOT 7 */
|
||||
int mbedtls_mpi_mod_raw_to_mont_rep( mbedtls_mpi_uint *X,
|
||||
const mbedtls_mpi_mod_modulus *m )
|
||||
{
|
||||
mbedtls_mpi_uint *T;
|
||||
const size_t t_limbs = m->limbs * 2 + 1;
|
||||
|
||||
if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
mbedtls_mpi_core_montmul( X, X, m->rep.mont.rr, m->limbs, m->p, m->limbs,
|
||||
m->rep.mont.mm, T );
|
||||
|
||||
mbedtls_platform_zeroize( T, t_limbs * ciL );
|
||||
mbedtls_free( T );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_mpi_mod_raw_from_mont_rep( mbedtls_mpi_uint *X,
|
||||
const mbedtls_mpi_mod_modulus *m )
|
||||
{
|
||||
const mbedtls_mpi_uint one = 1;
|
||||
const size_t t_limbs = m->limbs * 2 + 1;
|
||||
mbedtls_mpi_uint *T;
|
||||
|
||||
if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
mbedtls_mpi_core_montmul( X, X, &one, 1, m->p, m->limbs,
|
||||
m->rep.mont.mm, T );
|
||||
|
||||
mbedtls_platform_zeroize( T, t_limbs * ciL );
|
||||
mbedtls_free( T );
|
||||
return( 0 );
|
||||
}
|
||||
/* END MERGE SLOT 7 */
|
||||
|
||||
/* BEGIN MERGE SLOT 8 */
|
||||
|
||||
@ -163,7 +163,29 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A,
|
||||
/* END MERGE SLOT 6 */
|
||||
|
||||
/* BEGIN MERGE SLOT 7 */
|
||||
/** Convert an MPI into Montgomery form.
|
||||
*
|
||||
* \param X The address of the MPI.
|
||||
* Must have the same number of limbs as \p m.
|
||||
* \param m The address of the modulus, which gives the size of
|
||||
* the base `R` = 2^(biL*m->limbs).
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
*/
|
||||
int mbedtls_mpi_mod_raw_to_mont_rep( mbedtls_mpi_uint *X,
|
||||
const mbedtls_mpi_mod_modulus *m );
|
||||
|
||||
/** Convert an MPI back from Montgomery representation.
|
||||
*
|
||||
* \param X The address of the MPI.
|
||||
* Must have the same number of limbs as \p m.
|
||||
* \param m The address of the modulus, which gives the size of
|
||||
* the base `R`= 2^(biL*m->limbs).
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
*/
|
||||
int mbedtls_mpi_mod_raw_from_mont_rep( mbedtls_mpi_uint *X,
|
||||
const mbedtls_mpi_mod_modulus *m );
|
||||
/* END MERGE SLOT 7 */
|
||||
|
||||
/* BEGIN MERGE SLOT 8 */
|
||||
|
||||
@ -877,20 +877,7 @@ static psa_status_t psa_restrict_key_policy(
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/** Get the description of a key given its identifier and policy constraints
|
||||
* and lock it.
|
||||
*
|
||||
* The key must have allow all the usage flags set in \p usage. If \p alg is
|
||||
* nonzero, the key must allow operations with this algorithm. If \p alg is
|
||||
* zero, the algorithm is not checked.
|
||||
*
|
||||
* In case of a persistent key, the function loads the description of the key
|
||||
* into a key slot if not already done.
|
||||
*
|
||||
* On success, the returned key slot is locked. It is the responsibility of
|
||||
* the caller to unlock the key slot when it does not access it anymore.
|
||||
*/
|
||||
static psa_status_t psa_get_and_lock_key_slot_with_policy(
|
||||
psa_status_t psa_get_and_lock_key_slot_with_policy(
|
||||
mbedtls_svc_key_id_t key,
|
||||
psa_key_slot_t **p_slot,
|
||||
psa_key_usage_t usage,
|
||||
|
||||
@ -183,6 +183,24 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
|
||||
}
|
||||
#endif
|
||||
|
||||
/** Get the description of a key given its identifier and policy constraints
|
||||
* and lock it.
|
||||
*
|
||||
* The key must have allow all the usage flags set in \p usage. If \p alg is
|
||||
* nonzero, the key must allow operations with this algorithm. If \p alg is
|
||||
* zero, the algorithm is not checked.
|
||||
*
|
||||
* In case of a persistent key, the function loads the description of the key
|
||||
* into a key slot if not already done.
|
||||
*
|
||||
* On success, the returned key slot is locked. It is the responsibility of
|
||||
* the caller to unlock the key slot when it does not access it anymore.
|
||||
*/
|
||||
psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key,
|
||||
psa_key_slot_t **p_slot,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
/** Completely wipe a slot in memory, including its policy.
|
||||
*
|
||||
* Persistent storage is not affected.
|
||||
|
||||
@ -248,6 +248,7 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
|
||||
psa_key_attributes_t attributes = psa_key_attributes_init();
|
||||
psa_key_type_t type;
|
||||
psa_key_usage_t usage;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
|
||||
if( operation->alg == PSA_ALG_NONE ||
|
||||
operation->state != PSA_PAKE_STATE_SETUP )
|
||||
@ -273,7 +274,27 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
|
||||
if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
operation->password = password;
|
||||
if( operation->password != NULL )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
status = psa_get_and_lock_key_slot_with_policy( password, &slot,
|
||||
PSA_KEY_USAGE_DERIVE,
|
||||
PSA_ALG_JPAKE );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
operation->password = mbedtls_calloc( 1, slot->key.bytes );
|
||||
if( operation->password == NULL )
|
||||
{
|
||||
psa_unlock_key_slot( slot );
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
}
|
||||
memcpy( operation->password, slot->key.data, slot->key.bytes );
|
||||
operation->password_len = slot->key.bytes;
|
||||
|
||||
status = psa_unlock_key_slot( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
@ -348,9 +369,7 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
|
||||
static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_ecjpake_role role;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
|
||||
if( operation->role == PSA_PAKE_ROLE_CLIENT )
|
||||
role = MBEDTLS_ECJPAKE_CLIENT;
|
||||
@ -359,22 +378,20 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
|
||||
else
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
if( psa_is_valid_key_id( operation->password, 1 ) == 0 )
|
||||
if( operation->password_len == 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
status = psa_get_and_lock_key_slot( operation->password, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
|
||||
ret = mbedtls_ecjpake_setup( &operation->ctx.ecjpake,
|
||||
role,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
slot->key.data, slot->key.bytes );
|
||||
operation->password,
|
||||
operation->password_len );
|
||||
|
||||
psa_unlock_key_slot( slot );
|
||||
slot = NULL;
|
||||
mbedtls_platform_zeroize( operation->password, operation->password_len );
|
||||
mbedtls_free( operation->password );
|
||||
operation->password = NULL;
|
||||
operation->password_len = 0;
|
||||
|
||||
if( ret != 0 )
|
||||
return( mbedtls_ecjpake_to_psa_error( ret ) );
|
||||
@ -840,7 +857,11 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation)
|
||||
{
|
||||
operation->input_step = PSA_PAKE_STEP_INVALID;
|
||||
operation->output_step = PSA_PAKE_STEP_INVALID;
|
||||
operation->password = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
if( operation->password_len > 0 )
|
||||
mbedtls_platform_zeroize( operation->password, operation->password_len );
|
||||
mbedtls_free( operation->password );
|
||||
operation->password = NULL;
|
||||
operation->password_len = 0;
|
||||
operation->role = PSA_PAKE_ROLE_NONE;
|
||||
mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
|
||||
operation->buffer_length = 0;
|
||||
|
||||
@ -106,6 +106,9 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*olen = hostname_len + 9;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
@ -177,6 +180,9 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
/* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
|
||||
MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
@ -296,7 +302,8 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
||||
*out_len = p - buf;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
return( 0 );
|
||||
@ -557,7 +564,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/* Keeping track of the included extensions */
|
||||
handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
||||
handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
#endif
|
||||
|
||||
/* First write extensions, then the total length */
|
||||
@ -667,6 +674,11 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
||||
p_extensions_len, extensions_len );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions );
|
||||
#endif
|
||||
|
||||
*out_len = p - buf;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -43,6 +43,32 @@ const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
|
||||
|
||||
const char *mbedtls_ssl_named_group_to_str( uint16_t in );
|
||||
|
||||
const char *mbedtls_ssl_get_extension_name( unsigned int extension_type );
|
||||
|
||||
void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
|
||||
int level, const char *file, int line,
|
||||
int hs_msg_type, uint32_t extensions_mask,
|
||||
const char *extra );
|
||||
|
||||
void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
|
||||
int level, const char *file, int line,
|
||||
int hs_msg_type, unsigned int extension_type,
|
||||
const char *extra_msg0, const char *extra_msg1 );
|
||||
|
||||
#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extensions_mask ) \
|
||||
mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \
|
||||
hs_msg_type, extensions_mask, NULL )
|
||||
|
||||
#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \
|
||||
mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \
|
||||
hs_msg_type, extension_type, \
|
||||
extra, NULL )
|
||||
#else
|
||||
|
||||
#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask )
|
||||
|
||||
#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra )
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
#endif /* SSL_DEBUG_HELPERS_H */
|
||||
#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */
|
||||
|
||||
@ -74,34 +74,147 @@
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
||||
|
||||
/*
|
||||
* Mask of TLS 1.3 handshake extensions used in extensions_present
|
||||
* of mbedtls_ssl_handshake_params.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXT_NONE 0
|
||||
/* Faked handshake message identity for HelloRetryRequest. */
|
||||
#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO )
|
||||
|
||||
#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 )
|
||||
#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 )
|
||||
#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 )
|
||||
#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 )
|
||||
#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 )
|
||||
#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 )
|
||||
#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 )
|
||||
#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 )
|
||||
#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 )
|
||||
#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 )
|
||||
#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 )
|
||||
#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 )
|
||||
#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 )
|
||||
#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 )
|
||||
#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 )
|
||||
#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 )
|
||||
#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 )
|
||||
#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 )
|
||||
#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 )
|
||||
#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 )
|
||||
#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 )
|
||||
#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 )
|
||||
/*
|
||||
* Internal identity of handshake extensions
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0
|
||||
#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1
|
||||
#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1
|
||||
#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2
|
||||
#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3
|
||||
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4
|
||||
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4
|
||||
#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5
|
||||
#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6
|
||||
#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7
|
||||
#define MBEDTLS_SSL_EXT_ID_ALPN 8
|
||||
#define MBEDTLS_SSL_EXT_ID_SCT 9
|
||||
#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10
|
||||
#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11
|
||||
#define MBEDTLS_SSL_EXT_ID_PADDING 12
|
||||
#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13
|
||||
#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14
|
||||
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15
|
||||
#define MBEDTLS_SSL_EXT_ID_COOKIE 16
|
||||
#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17
|
||||
#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18
|
||||
#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19
|
||||
#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20
|
||||
#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21
|
||||
#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22
|
||||
#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23
|
||||
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24
|
||||
#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25
|
||||
#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26
|
||||
#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
|
||||
|
||||
/* Utility for translating IANA extension type. */
|
||||
uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type );
|
||||
uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
|
||||
/* Macros used to define mask constants */
|
||||
#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) )
|
||||
/* Reset value of extension mask */
|
||||
#define MBEDTLS_SSL_EXT_MASK_NONE 0
|
||||
|
||||
/* In messages containing extension requests, we should ignore unrecognized
|
||||
* extensions. In messages containing extension responses, unrecognized
|
||||
* extensions should result in handshake abortion. Messages containing
|
||||
* extension requests include ClientHello, CertificateRequest and
|
||||
* NewSessionTicket. Messages containing extension responses include
|
||||
* ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate.
|
||||
*
|
||||
* RFC 8446 section 4.1.3
|
||||
*
|
||||
* The ServerHello MUST only include extensions which are required to establish
|
||||
* the cryptographic context and negotiate the protocol version.
|
||||
*
|
||||
* RFC 8446 section 4.2
|
||||
*
|
||||
* If an implementation receives an extension which it recognizes and which is
|
||||
* not specified for the message in which it appears, it MUST abort the handshake
|
||||
* with an "illegal_parameter" alert.
|
||||
*/
|
||||
|
||||
/* Extensions that are not recognized by TLS 1.3 */
|
||||
#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \
|
||||
( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for ClienHello */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \
|
||||
( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( ALPN ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SCT ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( PADDING ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
|
||||
MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \
|
||||
( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( ALPN ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \
|
||||
( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SCT ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
|
||||
MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for Certificate */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \
|
||||
( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SCT ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for ServerHello */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \
|
||||
( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \
|
||||
( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
|
||||
|
||||
/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */
|
||||
#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \
|
||||
( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
|
||||
MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
|
||||
|
||||
/*
|
||||
* Helper macros for function call with return check.
|
||||
@ -858,9 +971,8 @@ struct mbedtls_ssl_handshake_params
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
int extensions_present; /*!< extension presence; Each bitfield
|
||||
represents an extension and defined
|
||||
as \c MBEDTLS_SSL_EXT_XXX */
|
||||
uint32_t sent_extensions; /*!< extensions sent by endpoint */
|
||||
uint32_t received_extensions; /*!< extensions received by endpoint */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
unsigned char certificate_request_context_len;
|
||||
@ -1838,6 +1950,24 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
|
||||
#endif /* MBEDTLS_SSL_SRV_C &&
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
|
||||
/*
|
||||
* Helper functions for extensions checking.
|
||||
*/
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_check_received_extension(
|
||||
mbedtls_ssl_context *ssl,
|
||||
int hs_msg_type,
|
||||
unsigned int received_extension_type,
|
||||
uint32_t hs_msg_allowed_extensions_mask );
|
||||
|
||||
static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
mbedtls_ssl_context *ssl, unsigned int extension_type )
|
||||
{
|
||||
ssl->handshake->sent_extensions |=
|
||||
mbedtls_ssl_get_extension_mask( extension_type );
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper functions to check the selected key exchange mode.
|
||||
*/
|
||||
@ -1916,6 +2046,12 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
size_t *out_len );
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len );
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
||||
@ -521,6 +521,245 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type )
|
||||
{
|
||||
switch( extension_type )
|
||||
{
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
return( MBEDTLS_SSL_EXT_ID_SERVERNAME );
|
||||
|
||||
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
|
||||
return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH );
|
||||
|
||||
case MBEDTLS_TLS_EXT_STATUS_REQUEST:
|
||||
return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
|
||||
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
return( MBEDTLS_SSL_EXT_ID_SIG_ALG );
|
||||
|
||||
case MBEDTLS_TLS_EXT_USE_SRTP:
|
||||
return( MBEDTLS_SSL_EXT_ID_USE_SRTP );
|
||||
|
||||
case MBEDTLS_TLS_EXT_HEARTBEAT:
|
||||
return( MBEDTLS_SSL_EXT_ID_HEARTBEAT );
|
||||
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
return( MBEDTLS_SSL_EXT_ID_ALPN );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SCT:
|
||||
return( MBEDTLS_SSL_EXT_ID_SCT );
|
||||
|
||||
case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
|
||||
return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
|
||||
return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE );
|
||||
|
||||
case MBEDTLS_TLS_EXT_PADDING:
|
||||
return( MBEDTLS_SSL_EXT_ID_PADDING );
|
||||
|
||||
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
|
||||
return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY );
|
||||
|
||||
case MBEDTLS_TLS_EXT_EARLY_DATA:
|
||||
return( MBEDTLS_SSL_EXT_ID_EARLY_DATA );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
|
||||
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS );
|
||||
|
||||
case MBEDTLS_TLS_EXT_COOKIE:
|
||||
return( MBEDTLS_SSL_EXT_ID_COOKIE );
|
||||
|
||||
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
|
||||
return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES );
|
||||
|
||||
case MBEDTLS_TLS_EXT_CERT_AUTH:
|
||||
return( MBEDTLS_SSL_EXT_ID_CERT_AUTH );
|
||||
|
||||
case MBEDTLS_TLS_EXT_OID_FILTERS:
|
||||
return( MBEDTLS_SSL_EXT_ID_OID_FILTERS );
|
||||
|
||||
case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
|
||||
return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
|
||||
return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT );
|
||||
|
||||
case MBEDTLS_TLS_EXT_KEY_SHARE:
|
||||
return( MBEDTLS_SSL_EXT_ID_KEY_SHARE );
|
||||
|
||||
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
|
||||
return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS );
|
||||
|
||||
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
|
||||
return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC );
|
||||
|
||||
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
|
||||
return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET );
|
||||
|
||||
case MBEDTLS_TLS_EXT_SESSION_TICKET:
|
||||
return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET );
|
||||
|
||||
}
|
||||
|
||||
return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED );
|
||||
}
|
||||
|
||||
uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type )
|
||||
{
|
||||
return( 1 << mbedtls_ssl_get_extension_id( extension_type ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
static const char *extension_name_table[] = {
|
||||
[MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized",
|
||||
[MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name",
|
||||
[MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length",
|
||||
[MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request",
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups",
|
||||
[MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms",
|
||||
[MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp",
|
||||
[MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat",
|
||||
[MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation",
|
||||
[MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp",
|
||||
[MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type",
|
||||
[MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type",
|
||||
[MBEDTLS_SSL_EXT_ID_PADDING] = "padding",
|
||||
[MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key",
|
||||
[MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data",
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions",
|
||||
[MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie",
|
||||
[MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes",
|
||||
[MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities",
|
||||
[MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters",
|
||||
[MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth",
|
||||
[MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert",
|
||||
[MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share",
|
||||
[MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac",
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats",
|
||||
[MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac",
|
||||
[MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret",
|
||||
[MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket"
|
||||
};
|
||||
|
||||
static unsigned int extension_type_table[]={
|
||||
[MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
|
||||
[MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
|
||||
[MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
|
||||
[MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST,
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS,
|
||||
[MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG,
|
||||
[MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP,
|
||||
[MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT,
|
||||
[MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN,
|
||||
[MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT,
|
||||
[MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE,
|
||||
[MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE,
|
||||
[MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING,
|
||||
[MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY,
|
||||
[MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA,
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS,
|
||||
[MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE,
|
||||
[MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES,
|
||||
[MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH,
|
||||
[MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS,
|
||||
[MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH,
|
||||
[MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT,
|
||||
[MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE,
|
||||
[MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC,
|
||||
[MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS,
|
||||
[MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC,
|
||||
[MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET,
|
||||
[MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET
|
||||
};
|
||||
|
||||
const char *mbedtls_ssl_get_extension_name( unsigned int extension_type )
|
||||
{
|
||||
return( extension_name_table[
|
||||
mbedtls_ssl_get_extension_id( extension_type ) ] );
|
||||
}
|
||||
|
||||
static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type )
|
||||
{
|
||||
switch( hs_msg_type )
|
||||
{
|
||||
case MBEDTLS_SSL_HS_CLIENT_HELLO:
|
||||
return( "ClientHello" );
|
||||
case MBEDTLS_SSL_HS_SERVER_HELLO:
|
||||
return( "ServerHello" );
|
||||
case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
|
||||
return( "HelloRetryRequest" );
|
||||
case MBEDTLS_SSL_HS_NEW_SESSION_TICKET:
|
||||
return( "NewSessionTicket" );
|
||||
case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
|
||||
return( "EncryptedExtensions" );
|
||||
case MBEDTLS_SSL_HS_CERTIFICATE:
|
||||
return( "Certificate" );
|
||||
case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
|
||||
return( "CertificateRequest" );
|
||||
}
|
||||
return( "Unknown" );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
|
||||
int level, const char *file, int line,
|
||||
int hs_msg_type, unsigned int extension_type,
|
||||
const char *extra_msg0, const char *extra_msg1 )
|
||||
{
|
||||
const char *extra_msg;
|
||||
if( extra_msg0 && extra_msg1 )
|
||||
{
|
||||
mbedtls_debug_print_msg(
|
||||
ssl, level, file, line,
|
||||
"%s: %s(%u) extension %s %s.",
|
||||
ssl_tls13_get_hs_msg_name( hs_msg_type ),
|
||||
mbedtls_ssl_get_extension_name( extension_type ),
|
||||
extension_type,
|
||||
extra_msg0, extra_msg1 );
|
||||
return;
|
||||
}
|
||||
|
||||
extra_msg = extra_msg0 ? extra_msg0 : extra_msg1;
|
||||
if( extra_msg )
|
||||
{
|
||||
mbedtls_debug_print_msg(
|
||||
ssl, level, file, line,
|
||||
"%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
|
||||
mbedtls_ssl_get_extension_name( extension_type ), extension_type,
|
||||
extra_msg );
|
||||
return;
|
||||
}
|
||||
|
||||
mbedtls_debug_print_msg(
|
||||
ssl, level, file, line,
|
||||
"%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
|
||||
mbedtls_ssl_get_extension_name( extension_type ), extension_type );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
|
||||
int level, const char *file, int line,
|
||||
int hs_msg_type, uint32_t extensions_mask,
|
||||
const char *extra )
|
||||
{
|
||||
|
||||
for( unsigned i = 0;
|
||||
i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] );
|
||||
i++ )
|
||||
{
|
||||
mbedtls_ssl_print_extension(
|
||||
ssl, level, file, line, hs_msg_type, extension_type_table[i],
|
||||
extensions_mask & ( 1 << i ) ? "exists" : "does not exist", extra );
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
|
||||
{
|
||||
@ -8744,8 +8983,9 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
|
||||
*out_len = p - buf;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
@ -8944,6 +9184,11 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
p[6] = MBEDTLS_BYTE_0( protocol_name_len );
|
||||
|
||||
memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
|
||||
#endif
|
||||
|
||||
return ( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
@ -2654,7 +2654,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
for( size_t i = 0; i < sig_alg_len; i += 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "Supported Signature Algorithm found: %d,%d",
|
||||
( "Supported Signature Algorithm found: %02x %02x",
|
||||
sig_alg[i], sig_alg[i + 1] ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -2531,10 +2531,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
|
||||
continue;
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
|
||||
/* Write elements at offsets starting from 1 (offset 0 is for the
|
||||
* length). Thus the offset of each element is the length of the
|
||||
* partial list including that element. */
|
||||
sa_len += 2;
|
||||
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
|
||||
|
||||
}
|
||||
|
||||
/* Fill in list length. */
|
||||
MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
|
||||
sa_len += 2;
|
||||
p += sa_len;
|
||||
|
||||
@ -32,6 +32,7 @@
|
||||
#include "ssl_misc.h"
|
||||
#include "ssl_client.h"
|
||||
#include "ssl_tls13_keys.h"
|
||||
#include "ssl_debug_helpers.h"
|
||||
|
||||
/* Write extensions */
|
||||
|
||||
@ -89,6 +90,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = 5 + versions_len;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -359,7 +363,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len );
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
|
||||
|
||||
cleanup:
|
||||
|
||||
@ -512,7 +516,6 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
else
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -600,6 +603,8 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = handshake->hrr_cookie_len + 6;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -669,7 +674,10 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
|
||||
buf[4] = ke_modes_len;
|
||||
|
||||
*out_len = p - buf;
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES );
|
||||
|
||||
return ( 0 );
|
||||
}
|
||||
|
||||
@ -692,6 +700,19 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
|
||||
session != NULL && session->ticket != NULL );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||
return( ssl->handshake->resume &&
|
||||
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
||||
( session->ticket_flags &
|
||||
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) &&
|
||||
mbedtls_ssl_tls13_cipher_suite_is_offered(
|
||||
ssl, session->ciphersuite ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
|
||||
psa_algorithm_t *hash_alg,
|
||||
@ -981,8 +1002,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf );
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -1037,6 +1056,9 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf );
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -1109,8 +1131,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
@ -1153,6 +1173,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
|
||||
ssl_tls13_early_data_has_valid_ticket( ssl ) &&
|
||||
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
|
||||
{
|
||||
ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += ext_len;
|
||||
|
||||
/* Initializes the status to `indication sent`. It will be updated to
|
||||
* `accepted` or `rejected` depending on whether the EncryptedExtension
|
||||
* message will contain an early data indication extension or not.
|
||||
*/
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
/* For PSK-based key exchange we need the pre_shared_key extension
|
||||
* and the psk_key_exchange_modes extension.
|
||||
@ -1388,7 +1431,7 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl,
|
||||
ssl->session_negotiate->tls_version = ssl->tls_version;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
ret = ssl_server_hello_is_hrr( ssl, buf, end );
|
||||
switch( ret )
|
||||
@ -1498,6 +1541,9 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
uint16_t cipher_suite;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
int fatal_alert = 0;
|
||||
uint32_t allowed_extensions_mask;
|
||||
int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
|
||||
MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||
|
||||
/*
|
||||
* Check there is space for minimal fields
|
||||
@ -1640,6 +1686,11 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
|
||||
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
allowed_extensions_mask = is_hrr ?
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
|
||||
|
||||
while( p < extensions_end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
@ -1654,16 +1705,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
|
||||
extension_data_end = p + extension_data_len;
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, hs_msg_type, extension_type, allowed_extensions_mask );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
case MBEDTLS_TLS_EXT_COOKIE:
|
||||
|
||||
if( !is_hrr )
|
||||
{
|
||||
fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = ssl_tls13_parse_cookie_ext( ssl,
|
||||
p, extension_data_end );
|
||||
if( ret != 0 )
|
||||
@ -1686,11 +1736,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
|
||||
if( is_hrr )
|
||||
{
|
||||
fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext(
|
||||
ssl, p, extension_data_end ) ) != 0 )
|
||||
@ -1726,18 +1771,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
break;
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3,
|
||||
( "unknown extension found: %u ( ignoring )",
|
||||
extension_type ) );
|
||||
|
||||
fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, hs_msg_type, handshake->received_extensions );
|
||||
|
||||
cleanup:
|
||||
|
||||
if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )
|
||||
@ -1786,21 +1828,21 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
|
||||
* 3) If only the key_share extension was received then the key
|
||||
* exchange mode is EPHEMERAL-only.
|
||||
*/
|
||||
switch( handshake->extensions_present &
|
||||
( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
|
||||
switch( handshake->received_extensions &
|
||||
( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ) )
|
||||
{
|
||||
/* Only the pre_shared_key extension was received */
|
||||
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
|
||||
case MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ):
|
||||
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
break;
|
||||
|
||||
/* Only the key_share extension was received */
|
||||
case MBEDTLS_SSL_EXT_KEY_SHARE:
|
||||
case MBEDTLS_SSL_EXT_MASK( KEY_SHARE ):
|
||||
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
|
||||
break;
|
||||
|
||||
/* Both the pre_shared_key and key_share extensions were received */
|
||||
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
|
||||
case ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ):
|
||||
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
break;
|
||||
|
||||
@ -1969,6 +2011,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||
size_t extensions_len;
|
||||
const unsigned char *p = buf;
|
||||
const unsigned char *extensions_end;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
|
||||
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
@ -1978,6 +2021,8 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
|
||||
extensions_end = p + extensions_len;
|
||||
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
while( p < extensions_end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
@ -1996,22 +2041,14 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
|
||||
|
||||
/* The client MUST check EncryptedExtensions for the
|
||||
* presence of any forbidden extensions and if any are found MUST abort
|
||||
* the handshake with an "unsupported_extension" alert.
|
||||
*/
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type,
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) );
|
||||
|
||||
/* The server_name extension should be an empty extension */
|
||||
|
||||
break;
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||
@ -2024,17 +2061,18 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ( "unsupported extension found: %u ", extension_type) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
|
||||
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
|
||||
extension_type, "( ignored )" );
|
||||
break;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
|
||||
handshake->received_extensions );
|
||||
|
||||
/* Check that we consumed all the message. */
|
||||
if( p != end )
|
||||
{
|
||||
@ -2140,7 +2178,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
size_t certificate_request_context_len = 0;
|
||||
size_t extensions_len = 0;
|
||||
const unsigned char *extensions_end;
|
||||
unsigned char sig_alg_ext_found = 0;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
|
||||
/* ...
|
||||
* opaque certificate_request_context<0..2^8-1>
|
||||
@ -2156,7 +2194,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context",
|
||||
p, certificate_request_context_len );
|
||||
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
handshake->certificate_request_context =
|
||||
mbedtls_calloc( 1, certificate_request_context_len );
|
||||
if( handshake->certificate_request_context == NULL )
|
||||
@ -2180,6 +2217,8 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
|
||||
extensions_end = p + extensions_len;
|
||||
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
while( p < extensions_end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
@ -2192,6 +2231,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type,
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
@ -2201,25 +2246,22 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
p + extension_data_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
if( ! sig_alg_ext_found )
|
||||
sig_alg_ext_found = 1;
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "Duplicate signature algorithms extensions found" ) );
|
||||
goto decode_error;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3,
|
||||
( "unknown extension found: %u ( ignoring )",
|
||||
extension_type ) );
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
|
||||
extension_type, "( ignored )" );
|
||||
break;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
|
||||
handshake->received_extensions );
|
||||
|
||||
/* Check that we consumed all the message. */
|
||||
if( p != end )
|
||||
{
|
||||
@ -2227,8 +2269,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
||||
( "CertificateRequest misaligned" ) );
|
||||
goto decode_error;
|
||||
}
|
||||
/* Check that we found signature algorithms extension */
|
||||
if( ! sig_alg_ext_found )
|
||||
|
||||
/* RFC 8446 section 4.3.2
|
||||
*
|
||||
* The "signature_algorithms" extension MUST be specified
|
||||
*/
|
||||
if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "no signature algorithms extension found" ) );
|
||||
@ -2468,14 +2514,17 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
const unsigned char *p = buf;
|
||||
|
||||
((void) ssl);
|
||||
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
while( p < end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
size_t extension_data_len;
|
||||
int ret;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
|
||||
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
@ -2484,18 +2533,44 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type,
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
case MBEDTLS_TLS_EXT_EARLY_DATA:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
|
||||
if( extension_data_len != 4 )
|
||||
{
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
if( ssl->session != NULL )
|
||||
{
|
||||
ssl->session->ticket_flags |=
|
||||
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
|
||||
}
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
|
||||
extension_type, "( ignored )" );
|
||||
break;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
|
||||
handshake->received_extensions );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
||||
@ -398,6 +398,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
|
||||
size_t certificate_list_len = 0;
|
||||
const unsigned char *p = buf;
|
||||
const unsigned char *certificate_list_end;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
|
||||
certificate_request_context_len = p[0];
|
||||
@ -447,6 +448,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
|
||||
while( p < certificate_list_end )
|
||||
{
|
||||
size_t cert_data_len, extensions_len;
|
||||
const unsigned char *extensions_end;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
|
||||
cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
|
||||
@ -504,7 +506,48 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
|
||||
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
p += 2;
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
|
||||
p += extensions_len;
|
||||
|
||||
extensions_end = p + extensions_len;
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
while( p < extensions_end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
size_t extension_data_len;
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* ExtensionType extension_type; (2 bytes)
|
||||
* opaque extension_data<0..2^16-1>;
|
||||
* } Extension;
|
||||
*/
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
|
||||
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
|
||||
p += 4;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
default:
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, MBEDTLS_SSL_HS_CERTIFICATE,
|
||||
extension_type, "( ignored )" );
|
||||
break;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE,
|
||||
handshake->received_extensions );
|
||||
}
|
||||
|
||||
exit:
|
||||
@ -512,7 +555,7 @@ exit:
|
||||
if( p != end )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
@ -843,6 +886,9 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -1328,6 +1374,39 @@ cleanup:
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
|
||||
/* Early Data Indication Extension
|
||||
*
|
||||
* struct {
|
||||
* select ( Handshake.msg_type ) {
|
||||
* ...
|
||||
* case client_hello: Empty;
|
||||
* case encrypted_extensions: Empty;
|
||||
* };
|
||||
* } EarlyDataIndication;
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
*out_len = 0;
|
||||
((void) ssl);
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
|
||||
MBEDTLS_PUT_UINT16_BE( 0, p, 2 );
|
||||
|
||||
*out_len = 4;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_EARLY_DATA );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
/* Reset SSL context and update hash for handling HRR.
|
||||
*
|
||||
* Replace Transcript-Hash(X) by
|
||||
@ -1485,4 +1564,61 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
/* RFC 8446 section 4.2
|
||||
*
|
||||
* If an implementation receives an extension which it recognizes and which is
|
||||
* not specified for the message in which it appears, it MUST abort the handshake
|
||||
* with an "illegal_parameter" alert.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_tls13_check_received_extension(
|
||||
mbedtls_ssl_context *ssl,
|
||||
int hs_msg_type,
|
||||
unsigned int received_extension_type,
|
||||
uint32_t hs_msg_allowed_extensions_mask )
|
||||
{
|
||||
uint32_t extension_mask = mbedtls_ssl_get_extension_mask(
|
||||
received_extension_type );
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, hs_msg_type, received_extension_type, "received" );
|
||||
|
||||
if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, hs_msg_type, received_extension_type, "is illegal" );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
}
|
||||
|
||||
ssl->handshake->received_extensions |= extension_mask;
|
||||
/*
|
||||
* If it is a message containing extension responses, check that we
|
||||
* previously sent the extension.
|
||||
*/
|
||||
switch( hs_msg_type )
|
||||
{
|
||||
case MBEDTLS_SSL_HS_SERVER_HELLO:
|
||||
case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
|
||||
case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
|
||||
case MBEDTLS_SSL_HS_CERTIFICATE:
|
||||
/* Check if the received extension is sent by peer message.*/
|
||||
if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 )
|
||||
return( 0 );
|
||||
break;
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, hs_msg_type, received_extension_type, "is unsupported" );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
|
||||
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
||||
@ -700,6 +700,8 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u",
|
||||
ssl->handshake->selected_identity ) );
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -926,110 +928,69 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
((void) ssl);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- KEY_SHARE_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ?
|
||||
"TRUE" : "FALSE" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- PRE_SHARED_KEY_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- SUPPORTED_GROUPS_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ?
|
||||
"TRUE" : "FALSE" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- SUPPORTED_VERSION_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ?
|
||||
"TRUE" : "FALSE" ) );
|
||||
#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- SERVERNAME_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
|
||||
"TRUE" : "FALSE" ) );
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#if defined ( MBEDTLS_SSL_ALPN )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "- ALPN_EXTENSION ( %s )",
|
||||
( ( ssl->handshake->extensions_present
|
||||
& MBEDTLS_SSL_EXT_ALPN ) > 0 ) ?
|
||||
"TRUE" : "FALSE" ) );
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
}
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
|
||||
int exts_mask )
|
||||
{
|
||||
int masked = ssl->handshake->extensions_present & exts_mask;
|
||||
int masked = ssl->handshake->received_extensions & exts_mask;
|
||||
return( masked == exts_mask );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
|
||||
mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ssl_tls13_client_hello_has_exts(
|
||||
ssl,
|
||||
MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
|
||||
MBEDTLS_SSL_EXT_KEY_SHARE |
|
||||
MBEDTLS_SSL_EXT_SIG_ALG ) );
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) |
|
||||
MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) |
|
||||
MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange(
|
||||
mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ssl_tls13_client_hello_has_exts(
|
||||
ssl,
|
||||
MBEDTLS_SSL_EXT_PRE_SHARED_KEY |
|
||||
MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) );
|
||||
MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) |
|
||||
MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
|
||||
mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ssl_tls13_client_hello_has_exts(
|
||||
ssl,
|
||||
MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
|
||||
MBEDTLS_SSL_EXT_KEY_SHARE |
|
||||
MBEDTLS_SSL_EXT_PRE_SHARED_KEY |
|
||||
MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) );
|
||||
MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) |
|
||||
MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) |
|
||||
MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) |
|
||||
MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
return( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) &&
|
||||
ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) );
|
||||
#else
|
||||
((void) ssl);
|
||||
return( 0 );
|
||||
#endif
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
|
||||
return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) &&
|
||||
mbedtls_ssl_tls13_psk_enabled( ssl ) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) );
|
||||
@ -1042,7 +1003,7 @@ static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
||||
return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) &&
|
||||
mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) );
|
||||
@ -1289,6 +1250,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cipher_suites_end;
|
||||
size_t extensions_len;
|
||||
const unsigned char *extensions_end;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
int hrr_required = 0;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
@ -1297,8 +1259,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *pre_shared_key_ext_end = NULL;
|
||||
#endif
|
||||
|
||||
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
||||
|
||||
/*
|
||||
* ClientHello layout:
|
||||
* 0 . 1 protocol version
|
||||
@ -1356,7 +1316,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
|
||||
p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
|
||||
|
||||
memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
|
||||
memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
|
||||
p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
|
||||
|
||||
/* ...
|
||||
@ -1426,13 +1386,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
continue;
|
||||
|
||||
ssl->session_negotiate->ciphersuite = cipher_suite;
|
||||
ssl->handshake->ciphersuite_info = ciphersuite_info;
|
||||
handshake->ciphersuite_info = ciphersuite_info;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s",
|
||||
cipher_suite,
|
||||
ciphersuite_info->name ) );
|
||||
}
|
||||
|
||||
if( ssl->handshake->ciphersuite_info == NULL )
|
||||
if( handshake->ciphersuite_info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
@ -1468,27 +1428,29 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
|
||||
|
||||
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
while( p < extensions_end )
|
||||
{
|
||||
unsigned int extension_type;
|
||||
size_t extension_data_len;
|
||||
const unsigned char *extension_data_end;
|
||||
|
||||
/* RFC 8446, page 57
|
||||
/* RFC 8446, section 4.2.11
|
||||
*
|
||||
* The "pre_shared_key" extension MUST be the last extension in the
|
||||
* ClientHello (this facilitates implementation as described below).
|
||||
* Servers MUST check that it is the last extension and otherwise fail
|
||||
* the handshake with an "illegal_parameter" alert.
|
||||
*/
|
||||
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
|
||||
if( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ( "pre_shared_key is not last extension." ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
|
||||
@ -1499,6 +1461,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
|
||||
extension_data_end = p + extension_data_len;
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_received_extension(
|
||||
ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
|
||||
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
switch( extension_type )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
@ -1512,7 +1480,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
1, "mbedtls_ssl_parse_servername_ext", ret );
|
||||
return( ret );
|
||||
}
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
@ -1535,7 +1502,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
@ -1565,7 +1531,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
@ -1580,7 +1545,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
( "ssl_tls13_parse_supported_versions_ext" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
@ -1596,19 +1560,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
|
||||
if( ( ssl->handshake->extensions_present &
|
||||
MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 )
|
||||
if( ( handshake->received_extensions &
|
||||
MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
/* Delay processing of the PSK identity once we have
|
||||
@ -1617,8 +1580,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
pre_shared_key_ext = p;
|
||||
pre_shared_key_ext_end = extension_data_end;
|
||||
#endif
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
@ -1632,7 +1594,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
1, ( "mbedtls_ssl_parse_alpn_ext" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
@ -1649,23 +1610,21 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
ret ) );
|
||||
return( ret );
|
||||
}
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "unknown extension found: %ud ( ignoring )",
|
||||
extension_type ) );
|
||||
MBEDTLS_SSL_PRINT_EXT(
|
||||
3, MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
extension_type, "( ignored )" );
|
||||
break;
|
||||
}
|
||||
|
||||
p += extension_data_len;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
/* List all the extensions we have received */
|
||||
ssl_tls13_debug_print_client_hello_exts( ssl );
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
handshake->received_extensions );
|
||||
|
||||
mbedtls_ssl_add_hs_hdr_to_checksum( ssl,
|
||||
MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
@ -1679,9 +1638,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
|
||||
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) &&
|
||||
mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
|
||||
( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) )
|
||||
( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) )
|
||||
{
|
||||
ssl->handshake->update_checksum( ssl, buf,
|
||||
handshake->update_checksum( ssl, buf,
|
||||
pre_shared_key_ext - buf );
|
||||
ret = ssl_tls13_parse_pre_shared_key_ext( ssl,
|
||||
pre_shared_key_ext,
|
||||
@ -1690,26 +1649,26 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
cipher_suites_end );
|
||||
if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
|
||||
{
|
||||
ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
|
||||
handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY );
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_tls13_parse_pre_shared_key_ext" ),
|
||||
ret );
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
1, "ssl_tls13_parse_pre_shared_key_ext" , ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
{
|
||||
ssl->handshake->update_checksum( ssl, buf, p - buf );
|
||||
handshake->update_checksum( ssl, buf, p - buf );
|
||||
}
|
||||
|
||||
ret = ssl_tls13_determine_key_exchange_mode( ssl );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
|
||||
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
||||
mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info );
|
||||
|
||||
return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
|
||||
}
|
||||
@ -1856,6 +1815,9 @@ static int ssl_tls13_write_server_hello_supported_versions_ext(
|
||||
|
||||
*out_len = 6;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
|
||||
ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -1962,6 +1924,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -2026,6 +1990,8 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = 6;
|
||||
|
||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -2054,6 +2020,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
|
||||
size_t output_len;
|
||||
|
||||
*out_len = 0;
|
||||
ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
/* ...
|
||||
* ProtocolVersion legacy_version = 0x0303; // TLS 1.2
|
||||
@ -2179,6 +2146,11 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len );
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
|
||||
MBEDTLS_SSL_HS_SERVER_HELLO,
|
||||
ssl->handshake->sent_extensions );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -2363,6 +2335,9 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len );
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -2492,6 +2467,9 @@ static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -2877,6 +2855,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl,
|
||||
* Note: We currently don't have any extensions.
|
||||
* Set length to zero.
|
||||
*/
|
||||
ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||
MBEDTLS_PUT_UINT16_BE( 0, p, 0 );
|
||||
p += 2;
|
||||
@ -2885,6 +2865,9 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
|
||||
|
||||
MBEDTLS_SSL_PRINT_EXTS(
|
||||
3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user