Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
Remove duplicate function for writing supported_groups extension
This commit is contained in:
commit
188ed19456
7 changed files with 279 additions and 289 deletions
|
@ -302,68 +302,6 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
unsigned char *elliptic_curve_list = p + 6;
|
||||
size_t elliptic_curve_len = 0;
|
||||
const mbedtls_ecp_curve_info *info;
|
||||
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
|
||||
*olen = 0;
|
||||
|
||||
/* Check there is room for header */
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "client hello, adding supported_elliptic_curves extension" ) );
|
||||
|
||||
if( group_list == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
for( ; *group_list != 0; group_list++ )
|
||||
{
|
||||
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
|
||||
if( info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "invalid curve in ssl configuration" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
}
|
||||
|
||||
/* Check there is room for another curve */
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
|
||||
elliptic_curve_len += 2;
|
||||
|
||||
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "malformed supported_elliptic_curves extension in config" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
}
|
||||
}
|
||||
|
||||
/* Empty elliptic curve list, this is a configuration error. */
|
||||
if( elliptic_curve_len == 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
|
||||
p += 2;
|
||||
|
||||
*olen = 6 + elliptic_curve_len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
|
@ -1206,10 +1144,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( uses_ec )
|
||||
{
|
||||
if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
|
||||
end, &olen ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_write_supported_groups_ext( ssl, p + 2 + ext_len,
|
||||
end, &olen ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_groups_ext", ret );
|
||||
return( ret );
|
||||
}
|
||||
ext_len += olen;
|
||||
|
|
|
@ -1489,6 +1489,7 @@ static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf
|
|||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
@ -1503,8 +1504,43 @@ static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf
|
|||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 &&
|
||||
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_4 )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
return( 0 );
|
||||
#else
|
||||
((void) conf);
|
||||
return( 0 );
|
||||
#endif
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
|
||||
conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||
conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
return( 0 );
|
||||
#else
|
||||
((void) conf);
|
||||
return( 0 );
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
|
@ -1626,23 +1662,6 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper functions for NamedGroup.
|
||||
*/
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
|
||||
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
|
||||
}
|
||||
|
||||
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_states state )
|
||||
|
@ -1743,4 +1762,55 @@ static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl
|
|||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper functions for NamedGroup.
|
||||
*/
|
||||
static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
|
||||
{
|
||||
/*
|
||||
* RFC 8422 section 5.1.1
|
||||
*/
|
||||
return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
|
||||
/* Below deprected curves should be removed with notice to users */
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
|
||||
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len );
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
|
||||
MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#endif /* ssl_misc.h */
|
||||
|
|
|
@ -317,9 +317,48 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
/*
|
||||
* Function for parsing a supported groups (TLS 1.3) or supported elliptic
|
||||
* curves (TLS 1.2) extension.
|
||||
*
|
||||
* The "extension_data" field of a supported groups extension contains a
|
||||
* "NamedGroupList" value (TLS 1.3 RFC8446):
|
||||
* enum {
|
||||
* secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
|
||||
* x25519(0x001D), x448(0x001E),
|
||||
* ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
|
||||
* ffdhe6144(0x0103), ffdhe8192(0x0104),
|
||||
* ffdhe_private_use(0x01FC..0x01FF),
|
||||
* ecdhe_private_use(0xFE00..0xFEFF),
|
||||
* (0xFFFF)
|
||||
* } NamedGroup;
|
||||
* struct {
|
||||
* NamedGroup named_group_list<2..2^16-1>;
|
||||
* } NamedGroupList;
|
||||
*
|
||||
* The "extension_data" field of a supported elliptic curves extension contains
|
||||
* a "NamedCurveList" value (TLS 1.2 RFC 8422):
|
||||
* enum {
|
||||
* deprecated(1..22),
|
||||
* secp256r1 (23), secp384r1 (24), secp521r1 (25),
|
||||
* x25519(29), x448(30),
|
||||
* reserved (0xFE00..0xFEFF),
|
||||
* deprecated(0xFF01..0xFF02),
|
||||
* (0xFFFF)
|
||||
* } NamedCurve;
|
||||
* struct {
|
||||
* NamedCurve named_curve_list<2..2^16-1>
|
||||
* } NamedCurveList;
|
||||
*
|
||||
* The TLS 1.3 supported groups extension was defined to be a compatible
|
||||
* generalization of the TLS 1.2 supported elliptic curves extension. They both
|
||||
* share the same extension identifier.
|
||||
*
|
||||
* DHE groups are not supported yet.
|
||||
*/
|
||||
static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
size_t list_size, our_size;
|
||||
const unsigned char *p;
|
||||
|
@ -1646,10 +1685,10 @@ read_record_header:
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
|
||||
|
||||
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
|
||||
ret = ssl_parse_supported_groups_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
|
|
|
@ -7195,4 +7195,129 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
|
||||
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* Function for writing a supported groups (TLS 1.3) or supported elliptic
|
||||
* curves (TLS 1.2) extension.
|
||||
*
|
||||
* The "extension_data" field of a supported groups extension contains a
|
||||
* "NamedGroupList" value (TLS 1.3 RFC8446):
|
||||
* enum {
|
||||
* secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
|
||||
* x25519(0x001D), x448(0x001E),
|
||||
* ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
|
||||
* ffdhe6144(0x0103), ffdhe8192(0x0104),
|
||||
* ffdhe_private_use(0x01FC..0x01FF),
|
||||
* ecdhe_private_use(0xFE00..0xFEFF),
|
||||
* (0xFFFF)
|
||||
* } NamedGroup;
|
||||
* struct {
|
||||
* NamedGroup named_group_list<2..2^16-1>;
|
||||
* } NamedGroupList;
|
||||
*
|
||||
* The "extension_data" field of a supported elliptic curves extension contains
|
||||
* a "NamedCurveList" value (TLS 1.2 RFC 8422):
|
||||
* enum {
|
||||
* deprecated(1..22),
|
||||
* secp256r1 (23), secp384r1 (24), secp521r1 (25),
|
||||
* x25519(29), x448(30),
|
||||
* reserved (0xFE00..0xFEFF),
|
||||
* deprecated(0xFF01..0xFF02),
|
||||
* (0xFFFF)
|
||||
* } NamedCurve;
|
||||
* struct {
|
||||
* NamedCurve named_curve_list<2..2^16-1>
|
||||
* } NamedCurveList;
|
||||
*
|
||||
* The TLS 1.3 supported groups extension was defined to be a compatible
|
||||
* generalization of the TLS 1.2 supported elliptic curves extension. They both
|
||||
* share the same extension identifier.
|
||||
*
|
||||
* DHE groups are not supported yet.
|
||||
*/
|
||||
int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
unsigned char *p = buf ;
|
||||
unsigned char *named_group_list; /* Start of named_group_list */
|
||||
size_t named_group_list_len; /* Length of named_group_list */
|
||||
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
|
||||
|
||||
*out_len = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
|
||||
|
||||
/* Check if we have space for header and length fields:
|
||||
* - extension_type (2 bytes)
|
||||
* - extension_data_length (2 bytes)
|
||||
* - named_group_list_length (2 bytes)
|
||||
*/
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
|
||||
p += 6;
|
||||
|
||||
named_group_list = p;
|
||||
|
||||
if( group_list == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
for( ; *group_list != 0; group_list++ )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got supported group(%04x)", *group_list ) );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( ( mbedtls_ssl_conf_is_tls13_enabled( ssl->conf ) &&
|
||||
mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) ||
|
||||
( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
|
||||
mbedtls_ssl_tls12_named_group_is_ecdhe( *group_list ) ) )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
|
||||
if( curve_info == NULL )
|
||||
continue;
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||
MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
|
||||
p += 2;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
|
||||
curve_info->name, *group_list ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
/* Add DHE groups here */
|
||||
|
||||
}
|
||||
|
||||
/* Length of named_group_list */
|
||||
named_group_list_len = p - named_group_list;
|
||||
if( named_group_list_len == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/* Write extension_type */
|
||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
|
||||
/* Write extension_data_length */
|
||||
MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
|
||||
/* Write length of named_group_list */
|
||||
MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension",
|
||||
buf + 4, named_group_list_len + 2 );
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
|
||||
MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
|
|
@ -115,163 +115,6 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/*
|
||||
* Functions for writing supported_groups extension.
|
||||
*
|
||||
* Stucture of supported_groups:
|
||||
* enum {
|
||||
* secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
|
||||
* x25519(0x001D), x448(0x001E),
|
||||
* ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
|
||||
* ffdhe6144(0x0103), ffdhe8192(0x0104),
|
||||
* ffdhe_private_use(0x01FC..0x01FF),
|
||||
* ecdhe_private_use(0xFE00..0xFEFF),
|
||||
* (0xFFFF)
|
||||
* } NamedGroup;
|
||||
* struct {
|
||||
* NamedGroup named_group_list<2..2^16-1>;
|
||||
* } NamedGroupList;
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
/*
|
||||
* In versions of TLS prior to TLS 1.3, this extension was named
|
||||
* 'elliptic_curves' and only contained elliptic curve groups.
|
||||
*/
|
||||
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
|
||||
*out_len = 0;
|
||||
|
||||
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
|
||||
|
||||
if( group_list == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
|
||||
|
||||
for ( ; *group_list != 0; group_list++ )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
|
||||
if( curve_info == NULL )
|
||||
continue;
|
||||
|
||||
if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
|
||||
continue;
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
|
||||
MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
|
||||
curve_info->name, *group_list ) );
|
||||
}
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
((void) ssl);
|
||||
((void) buf);
|
||||
((void) end);
|
||||
*out_len = 0;
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
((void) ssl);
|
||||
((void) buf);
|
||||
((void) end);
|
||||
*out_len = 0;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len )
|
||||
{
|
||||
unsigned char *p = buf ;
|
||||
unsigned char *named_group_list; /* Start of named_group_list */
|
||||
size_t named_group_list_len; /* Length of named_group_list */
|
||||
size_t output_len = 0;
|
||||
int ret_ecdhe, ret_dhe;
|
||||
|
||||
*out_len = 0;
|
||||
|
||||
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
|
||||
return( 0 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
|
||||
|
||||
/* Check if we have space for header and length fields:
|
||||
* - extension_type (2 bytes)
|
||||
* - extension_data_length (2 bytes)
|
||||
* - named_group_list_length (2 bytes)
|
||||
*/
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
|
||||
p += 6;
|
||||
|
||||
named_group_list = p;
|
||||
ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
|
||||
if( ret_ecdhe != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
|
||||
}
|
||||
p += output_len;
|
||||
|
||||
ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
|
||||
if( ret_dhe != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
|
||||
}
|
||||
p += output_len;
|
||||
|
||||
/* Both ECDHE and DHE failed. */
|
||||
if( ret_ecdhe != 0 && ret_dhe != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/* Length of named_group_list*/
|
||||
named_group_list_len = p - named_group_list;
|
||||
if( named_group_list_len == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/* Write extension_type */
|
||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
|
||||
/* Write extension_data_length */
|
||||
MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
|
||||
/* Write length of named_group_list */
|
||||
MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
|
||||
|
||||
*out_len = p - buf;
|
||||
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Functions for writing key_share extension.
|
||||
*/
|
||||
|
@ -376,9 +219,6 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*out_len = 0;
|
||||
|
||||
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
|
||||
return( 0 );
|
||||
|
||||
/* Check if we have space for header and length fields:
|
||||
* - extension_type (2 bytes)
|
||||
* - extension_data_length (2 bytes)
|
||||
|
@ -773,40 +613,28 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
|
|||
p += output_len;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* Write supported_groups extension
|
||||
*
|
||||
* It is REQUIRED for ECDHE cipher_suites.
|
||||
*/
|
||||
ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
|
||||
/* Write key_share extension
|
||||
*
|
||||
* We need to send the key shares under three conditions:
|
||||
* 1) A certificate-based ciphersuite is being offered. In this case
|
||||
* supported_groups and supported_signature extensions have been
|
||||
* successfully added.
|
||||
* 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
|
||||
* psk_key_exchange_modes has been added as the last extension.
|
||||
* 3) Or, in case all ciphers are supported ( which includes #1 and #2
|
||||
* from above )
|
||||
/*
|
||||
* Add the extensions related to (EC)DHE ephemeral key establishment only if
|
||||
* enabled as per the configuration.
|
||||
*/
|
||||
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
|
||||
{
|
||||
ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
|
||||
/* Write signature_algorithms extension
|
||||
*
|
||||
* It is REQUIRED for certificate authenticated cipher_suites.
|
||||
*/
|
||||
ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
|
||||
ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
p += output_len;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
|
|
|
@ -165,16 +165,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*out_len = 0;
|
||||
|
||||
/* Skip the extension on the client if all allowed key exchanges
|
||||
* are PSK-based. */
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
||||
!mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
|
||||
|
||||
/* Check if we have space for header and length field:
|
||||
|
|
|
@ -6585,7 +6585,7 @@ run_test "Force a non ECC ciphersuite in the client side" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-C "client hello, adding supported_elliptic_curves extension" \
|
||||
-C "client hello, adding supported_groups extension" \
|
||||
-C "client hello, adding supported_point_formats extension" \
|
||||
-S "found supported elliptic curves extension" \
|
||||
-S "found supported point formats extension"
|
||||
|
@ -6609,7 +6609,7 @@ run_test "Force an ECC ciphersuite in the client side" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-c "client hello, adding supported_elliptic_curves extension" \
|
||||
-c "client hello, adding supported_groups extension" \
|
||||
-c "client hello, adding supported_point_formats extension" \
|
||||
-s "found supported elliptic curves extension" \
|
||||
-s "found supported point formats extension"
|
||||
|
|
Loading…
Reference in a new issue