1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11
12 #include <time.h>
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <unistd.h>
17 #include <fcntl.h>
18 #include <sys/types.h>
19 #include <arpa/inet.h>
20 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <gmssl/rand.h>
23 #include <gmssl/x509.h>
24 #include <gmssl/error.h>
25 #include <gmssl/sm2.h>
26 #include <gmssl/sm3.h>
27 #include <gmssl/sm4.h>
28 #include <gmssl/pem.h>
29 #include <gmssl/tls.h>
30
31
32 /*
33 ec_point_formats
34
35 struct {
36 ECPointFormat ec_point_format_list<1..2^8-1>
37 } ECPointFormatList;
38 */
tls_ec_point_formats_ext_to_bytes(const int * formats,size_t formats_cnt,uint8_t ** out,size_t * outlen)39 int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt,
40 uint8_t **out, size_t *outlen)
41 {
42 uint16_t ext_type = TLS_extension_ec_point_formats;
43 size_t ext_datalen;
44 size_t ec_point_format_list_len;
45 size_t i;
46
47 if (!formats || !formats_cnt || !outlen) {
48 error_print();
49 return -1;
50 }
51 ec_point_format_list_len = tls_uint8_size() * formats_cnt;
52 if (ec_point_format_list_len < 1 || ec_point_format_list_len > 255) {
53 error_print();
54 return -1;
55 }
56 ext_datalen = tls_uint8_size() + ec_point_format_list_len;
57
58 tls_uint16_to_bytes(ext_type, out, outlen);
59 tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
60 tls_uint8_to_bytes((uint8_t)ec_point_format_list_len, out, outlen);
61 for (i = 0; i < formats_cnt; i++) {
62 if (!tls_ec_point_format_name(formats[i])) {
63 error_print();
64 return -1;
65 }
66 tls_uint8_to_bytes((uint8_t)formats[i], out, outlen);
67 }
68 return 1;
69 }
70
tls_process_client_ec_point_formats(const uint8_t * ext_data,size_t ext_datalen,uint8_t ** out,size_t * outlen)71 int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen,
72 uint8_t **out, size_t *outlen)
73 {
74 int shared_formats[] = { TLS_point_uncompressed };
75 size_t shared_formats_cnt = 0;
76 const uint8_t *p;
77 size_t len;
78
79 if (tls_uint8array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
80 || tls_length_is_zero(ext_datalen) != 1) {
81 error_print();
82 return -1;
83 }
84 while (len) {
85 uint8_t format;
86 if (tls_uint8_from_bytes(&format, &p, &len) != 1) {
87 error_print();
88 return -1;
89 }
90 if (!tls_ec_point_format_name(format)) {
91 error_print();
92 return -1;
93 }
94 if (format == shared_formats[0]) {
95 shared_formats_cnt = 1;
96 }
97 }
98 if (!shared_formats_cnt) {
99 error_print();
100 return -1;
101 }
102 if (tls_ec_point_formats_ext_to_bytes(shared_formats, shared_formats_cnt, out, outlen) != 1) {
103 error_print();
104 return -1;
105 }
106 return 1;
107 }
108
tls_process_server_ec_point_formats(const uint8_t * ext_data,size_t ext_datalen)109 int tls_process_server_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen)
110 {
111 const uint8_t *p;
112 size_t len;
113 uint8_t format;
114
115 if (tls_uint8array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
116 || tls_length_is_zero(ext_datalen) != 1) {
117 error_print();
118 return -1;
119 }
120 if (tls_uint8_from_bytes(&format, &p, &len) != 1
121 || tls_length_is_zero(len) != 1) {
122 error_print();
123 return -1;
124 }
125 if (format != TLS_point_uncompressed) {
126 error_print();
127 return -1;
128 }
129 return 1;
130 }
131
132 #define TLS_MAX_SUPPORTED_GROUPS_COUNT 64
133
134
135 /*
136 supported_groups
137
138 struct {
139 NamedGroup named_group_list<2..2^16-1>;
140 } NamedGroupList;
141 */
tls_supported_groups_ext_to_bytes(const int * groups,size_t groups_cnt,uint8_t ** out,size_t * outlen)142 int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt,
143 uint8_t **out, size_t *outlen)
144 {
145 uint16_t ext_type = TLS_extension_supported_groups;
146 size_t ext_datalen;
147 size_t named_group_list_len;
148 size_t i;
149
150 if (!groups || !groups_cnt) {
151 error_print();
152 return -1;
153 }
154 if (!outlen) {
155 error_print();
156 return -1;
157 }
158
159 if (groups_cnt > ((1<<16) - 1)/2) {
160 error_print();
161 return -1;
162 }
163 named_group_list_len = tls_uint16_size() * groups_cnt;
164 ext_datalen = tls_uint16_size() + named_group_list_len;
165
166 tls_uint16_to_bytes(ext_type, out, outlen);
167 tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
168 tls_uint16_to_bytes((uint16_t)named_group_list_len, out, outlen);
169 for (i = 0; i < groups_cnt; i++) {
170 if (!tls_named_curve_name(groups[i])) {
171 error_print();
172 return -1;
173 }
174 tls_uint16_to_bytes((uint16_t)groups[i], out, outlen);
175 }
176 return 1;
177 }
178
tls_process_client_supported_groups(const uint8_t * ext_data,size_t ext_datalen,uint8_t ** out,size_t * outlen)179 int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_datalen,
180 uint8_t **out, size_t *outlen)
181 {
182 int shared_groups[] = { TLS_curve_sm2p256v1 };
183 size_t shared_groups_cnt = 0;
184 const uint8_t *p;
185 size_t len;
186
187 if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
188 || tls_length_is_zero(ext_datalen) != 1) {
189 error_print();
190 return -1;
191 }
192 while (len) {
193 uint16_t group;
194 if (tls_uint16_from_bytes(&group, &p, &len) != 1) {
195 error_print();
196 return -1;
197 }
198 if (!tls_named_curve_name(group)) {
199 error_print();
200 return -1;
201 }
202 if (group == shared_groups[0]) {
203 shared_groups_cnt = 1;
204 }
205 }
206 if (!shared_groups_cnt) {
207 error_print();
208 return -1;
209 }
210 if (tls_supported_groups_ext_to_bytes(shared_groups, shared_groups_cnt, out, outlen) != 1) {
211 error_print();
212 return -1;
213 }
214 return 1;
215 }
216
tls_process_server_supported_groups(const uint8_t * ext_data,size_t ext_datalen)217 int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_datalen)
218 {
219 const uint8_t *p;
220 size_t len;
221 uint16_t group;
222
223 if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
224 || tls_length_is_zero(ext_datalen) != 1) {
225 error_print();
226 return -1;
227 }
228 if (tls_uint16_from_bytes(&group, &p, &len) != 1
229 || tls_length_is_zero(len) != 1) {
230 error_print();
231 return -1;
232 }
233 if (group != TLS_curve_sm2p256v1) {
234 error_print();
235 return -1;
236 }
237 return 1;
238 }
239
240
241
242 #define TLS_MAX_SIGNATURE_ALGORS_COUNT 64
243
244 /*
245 signature_algorithms
246 signature_algorithms_cert
247
248 struct {
249 SignatureScheme supported_signature_algorithms<2..2^16-2>;
250 } SignatureSchemeList;
251 */
tls_signature_algorithms_ext_to_bytes_ex(int ext_type,const int * algs,size_t algs_cnt,uint8_t ** out,size_t * outlen)252 int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt,
253 uint8_t **out, size_t *outlen)
254 {
255 size_t ext_datalen;
256 size_t supported_signature_algorithms_len;
257 size_t i;
258
259 if (!algs || !algs_cnt || !outlen) {
260 error_print();
261 return -1;
262 }
263 if (algs_cnt > ((1<<16) - 2)/2) {
264 error_print();
265 return -1;
266 }
267 supported_signature_algorithms_len = tls_uint16_size() * algs_cnt;
268 ext_datalen = tls_uint16_size() + supported_signature_algorithms_len;
269
270 tls_uint16_to_bytes((uint16_t)ext_type, out, outlen);
271 tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
272 tls_uint16_to_bytes((uint16_t)supported_signature_algorithms_len, out, outlen);
273 for (i = 0; i < algs_cnt; i++) {
274 if (!tls_signature_scheme_name(algs[i])) {
275 error_print();
276 return -1;
277 }
278 tls_uint16_to_bytes((uint16_t)algs[i], out, outlen);
279 }
280 return 1;
281 }
282
tls_signature_algorithms_ext_to_bytes(const int * algs,size_t algs_cnt,uint8_t ** out,size_t * outlen)283 int tls_signature_algorithms_ext_to_bytes(const int *algs, size_t algs_cnt,
284 uint8_t **out, size_t *outlen)
285 {
286 int ext_type = TLS_extension_signature_algorithms;
287 if (tls_signature_algorithms_ext_to_bytes_ex(ext_type, algs, algs_cnt, out, outlen) != 1) {
288 error_print();
289 return -1;
290 }
291 return 1;
292 }
293
tls13_signature_algorithms_cert_ext_to_bytes(const int * algs,size_t algs_cnt,uint8_t ** out,size_t * outlen)294 int tls13_signature_algorithms_cert_ext_to_bytes(const int *algs, size_t algs_cnt,
295 uint8_t **out, size_t *outlen)
296 {
297 int ext_type = TLS_extension_signature_algorithms_cert;
298 if (tls_signature_algorithms_ext_to_bytes_ex(ext_type, algs, algs_cnt, out, outlen) != 1) {
299 error_print();
300 return -1;
301 }
302 return 1;
303 }
304
tls_process_client_signature_algorithms(const uint8_t * ext_data,size_t ext_datalen,uint8_t ** out,size_t * outlen)305 int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen,
306 uint8_t **out, size_t *outlen)
307 {
308 int shared_algs[1] = { TLS_sig_sm2sig_sm3 };
309 size_t shared_algs_cnt = 0;
310 const uint8_t *p;
311 size_t len;
312
313 if (!ext_data || !ext_datalen || !outlen) {
314 error_print();
315 return -1;
316 }
317 if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
318 || tls_length_is_zero(ext_datalen) != 1) {
319 error_print();
320 return -1;
321 }
322 while (len) {
323 uint16_t alg;
324 if (tls_uint16_from_bytes(&alg, &p, &len) != 1) {
325 error_print();
326 return -1;
327 }
328 /*
329 // GmSSL不识别所有的算法!
330 if (!tls_signature_scheme_name(alg)) {
331 error_print();
332 return -1;
333 }
334 */
335 if (alg == shared_algs[0]) {
336 shared_algs_cnt = 1;
337 break;
338 }
339 }
340 if (!shared_algs_cnt) {
341 error_print();
342 return -1;
343 }
344 if (tls_signature_algorithms_ext_to_bytes(shared_algs, shared_algs_cnt, out, outlen) != 1) {
345 error_print();
346 return -1;
347 }
348 return 1;
349 }
350
tls_process_server_signature_algors(const uint8_t * ext_data,size_t ext_datalen)351 int tls_process_server_signature_algors(const uint8_t *ext_data, size_t ext_datalen)
352 {
353 const uint8_t *p;
354 size_t len;
355 uint16_t alg;
356
357 if (tls_uint16array_from_bytes(&p, &len, &ext_data, &ext_datalen) != 1
358 || tls_length_is_zero(ext_datalen) != 1) {
359 error_print();
360 return -1;
361 }
362 if (tls_uint16_from_bytes(&alg, &p, &len) != 1
363 || tls_length_is_zero(len) != 1) {
364 error_print();
365 return -1;
366 }
367 if (alg != TLS_sig_sm2sig_sm3) {
368 error_print();
369 return -1;
370 }
371 return 1;
372 }
373
374 /*
375 supported_versions
376
377 struct {
378 select (Handshake.msg_type) {
379 case client_hello:
380 ProtocolVersion versions<2..254>;
381 case server_hello: -- and HelloRetryRequest
382 ProtocolVersion selected_version;
383 };
384 } SupportedVersions;
385 */
386
tls13_supported_versions_ext_print(FILE * fp,int fmt,int ind,int handshake_type,const uint8_t * data,size_t datalen)387 int tls13_supported_versions_ext_print(FILE *fp, int fmt, int ind,
388 int handshake_type, const uint8_t *data, size_t datalen)
389 {
390 const uint8_t *versions;
391 size_t versions_len;
392 uint16_t version;
393
394 switch (handshake_type) {
395 case TLS_handshake_client_hello:
396 format_print(fp, fmt, ind, "versions\n");
397 ind += 4;
398
399 if (tls_uint8array_from_bytes(&versions, &versions_len, &data, &datalen) != 1) {
400 error_print();
401 return -1;
402 }
403 if (versions_len < 2 || versions_len > 254) {
404 error_print();
405 return -1;
406 }
407 while (versions_len) {
408 if (tls_uint16_from_bytes(&version, &versions, &versions_len) != 1) {
409 error_print();
410 return -1;
411 }
412 format_print(fp, fmt, ind, "%s (0x%04x)\n", tls_protocol_name(version), version);
413 }
414 break;
415
416 case TLS_handshake_server_hello:
417 case TLS_handshake_hello_retry_request:
418 if (tls_uint16_from_bytes(&version, &data, &datalen) != 1) {
419 error_print();
420 return -1;
421 }
422 format_print(fp, fmt, ind, "selected_version: %s (0x%04x)\n", tls_protocol_name(version), version);
423 break;
424
425 default:
426 error_print();
427 return -1;
428 }
429
430 if (datalen) {
431 error_print();
432 return -1;
433 }
434 return 1;
435 }
436
tls13_supported_versions_ext_to_bytes(int handshake_type,const int * protos,size_t protos_cnt,uint8_t ** out,size_t * outlen)437 int tls13_supported_versions_ext_to_bytes(int handshake_type, const int *protos, size_t protos_cnt,
438 uint8_t **out, size_t *outlen)
439 {
440 uint16_t ext_type = TLS_extension_supported_versions;
441 size_t ext_datalen;
442 size_t i;
443
444 if (!protos || !protos_cnt || !outlen) {
445 error_print();
446 return -1;
447 }
448 switch (handshake_type) {
449 case TLS_handshake_client_hello:
450 {
451 size_t versions_len;
452 if (protos_cnt > 254/2) {
453 error_print();
454 return -1;
455 }
456 versions_len = tls_uint16_size() * protos_cnt;
457 ext_datalen = tls_uint8_size() + versions_len;
458 tls_uint16_to_bytes(ext_type, out, outlen);
459 tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
460 tls_uint8_to_bytes((uint8_t)versions_len, out, outlen);
461 for (i = 0; i < protos_cnt; i++) {
462 if (!tls_protocol_name(protos[i])) {
463 error_print();
464 return -1;
465 }
466 tls_uint16_to_bytes((uint16_t)protos[i], out, outlen);
467 }
468 break;
469 }
470 case TLS_handshake_server_hello:
471 case TLS_handshake_hello_retry_request:
472 {
473 uint16_t selected_version;
474 if (protos_cnt > 1) {
475 error_print();
476 return -1;
477 }
478 selected_version = protos[0];
479 ext_datalen = tls_uint16_size();
480 tls_uint16_to_bytes(ext_type, out, outlen);
481 tls_uint16_to_bytes((uint16_t)ext_datalen, out, outlen);
482 tls_uint16_to_bytes(selected_version, out, outlen);
483 break;
484 }
485 default:
486 error_print();
487 return -1;
488 }
489 return 1;
490 }
491
tls13_process_client_supported_versions(const uint8_t * ext_data,size_t ext_datalen,uint8_t ** out,size_t * outlen)492 int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen,
493 uint8_t **out, size_t *outlen)
494 {
495 const uint8_t *versions;
496 size_t versions_len;
497 int selected_version = -1;
498 size_t len;
499
500 if (tls_uint8array_from_bytes(&versions, &versions_len, &ext_data, &ext_datalen) != 1
501 || tls_length_is_zero(ext_datalen) != 1) {
502 error_print();
503 return -1;
504 }
505 if (versions_len < 2 || versions_len > 254) {
506 error_print();
507 return -1;
508 }
509 while (versions_len) {
510 uint16_t proto;
511 if (tls_uint16_from_bytes(&proto, &versions, &versions_len) != 1) {
512 error_print();
513 return -1;
514 }
515 if (!tls_protocol_name(proto)) {
516 error_print();
517 return -1;
518 }
519 if (proto == TLS_protocol_tls13) {
520 selected_version = proto;
521 }
522 }
523 if (selected_version < 0) {
524 error_print();
525 return -1;
526 }
527 if (tls13_supported_versions_ext_to_bytes(TLS_handshake_server_hello, &selected_version, 1, out, outlen) != 1) {
528 error_print();
529 return -1;
530 }
531 return 1;
532 }
533
tls13_process_server_supported_versions(const uint8_t * ext_data,size_t ext_datalen)534 int tls13_process_server_supported_versions(const uint8_t *ext_data, size_t ext_datalen)
535 {
536 uint16_t selected_version;
537
538 if (tls_uint16_from_bytes(&selected_version, &ext_data, &ext_datalen) != 1
539 || tls_length_is_zero(ext_datalen) != 1) {
540 error_print();
541 return -1;
542 }
543 if (selected_version != TLS_protocol_tls13) {
544 error_print();
545 return -1;
546 }
547 return 1;
548 }
549
550 /*
551 key_share
552
553 实际上这个 key_share 也存在相同的问题
554
555
556 struct {
557 NamedGroup group;
558 opaque key_exchange<1..2^16-1>;
559 } KeyShareEntry;
560
561 struct {
562 KeyShareEntry client_shares<0..2^16-1>;
563 } KeyShareClientHello;
564
565 struct {
566 KeyShareEntry server_share;
567 } KeyShareServerHello;
568 */
569
tls13_key_share_ext_print(FILE * fp,int fmt,int ind,int handshake_type,const uint8_t * data,size_t datalen)570 int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen)
571 {
572 const uint8_t *client_shares;
573 size_t client_shares_len;
574 uint16_t group;
575 const uint8_t *key_exchange;
576 size_t key_exchange_len;
577
578 switch (handshake_type) {
579 case TLS_handshake_client_hello:
580 format_print(fp, fmt, ind, "client_shares\n");
581 ind += 4;
582 if (tls_uint16array_from_bytes(&client_shares, &client_shares_len, &data, &datalen) != 1) {
583 error_print();
584 return -1;
585 }
586 format_print(fp, fmt, ind, "KeyShareEntry\n");
587 ind += 4;
588 while (client_shares_len) {
589 if (tls_uint16_from_bytes(&group, &client_shares, &client_shares_len) != 1) goto err;
590 format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group);
591 if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &client_shares, &client_shares_len) != 1) goto err;
592 format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len);
593 }
594 break;
595 case TLS_handshake_server_hello:
596 format_print(fp, fmt, ind, "server_share\n");
597 ind += 4;
598 if (tls_uint16_from_bytes(&group, &data, &datalen) != 1) goto err;
599 format_print(fp, fmt, ind, "group: %s (0x%04x)\n", tls_named_curve_name(group), group);
600 if (tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &data, &datalen) != 1) goto err;
601 format_bytes(fp, fmt, ind, "key_exchange", key_exchange, key_exchange_len);
602 break;
603 default:
604 error_print();
605 return -1;
606 }
607 if (tls_length_is_zero(datalen) != 1) goto err;
608 return 1;
609 err:
610 error_print();
611 return -1;
612 }
613
tls13_key_share_entry_to_bytes(const SM2_POINT * point,uint8_t ** out,size_t * outlen)614 int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
615 {
616 uint16_t group = TLS_curve_sm2p256v1;
617 uint8_t key_exchange[65];
618
619 if (!point || !outlen) {
620 error_print();
621 return -1;
622 }
623 sm2_point_to_uncompressed_octets(point, key_exchange);
624 tls_uint16_to_bytes(group, out, outlen);
625 tls_uint16array_to_bytes(key_exchange, 65, out, outlen);
626 return 1;
627 }
628
tls13_server_key_share_ext_to_bytes(const SM2_POINT * point,uint8_t ** out,size_t * outlen)629 int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
630 {
631 uint16_t ext_type = TLS_extension_key_share;
632 size_t ext_datalen = 0;
633
634 if (!point || !outlen) {
635 error_print();
636 return -1;
637 }
638 tls13_key_share_entry_to_bytes(point, NULL, &ext_datalen);
639 tls_uint16_to_bytes(ext_type, out, outlen);
640 tls_uint16_to_bytes(ext_datalen, out, outlen);
641 tls13_key_share_entry_to_bytes(point, out, outlen);
642 return 1;
643 }
644
tls13_process_server_key_share(const uint8_t * ext_data,size_t ext_datalen,SM2_POINT * point)645 int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_POINT *point)
646 {
647 uint16_t group;
648 const uint8_t *key_exchange;
649 size_t key_exchange_len;
650
651 if (!point) {
652 error_print();
653 return -1;
654 }
655 if (tls_uint16_from_bytes(&group, &ext_data, &ext_datalen) != 1
656 || tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &ext_data, &ext_datalen) != 1
657 || tls_length_is_zero(ext_datalen) != 1) {
658 error_print();
659 return -1;
660 }
661 if (group != TLS_curve_sm2p256v1) {
662 error_print();
663 return -1;
664 }
665 if (key_exchange_len != 65) {
666 error_print();
667 return -1;
668 }
669 if (sm2_point_from_octets(point, key_exchange, key_exchange_len) != 1) {
670 error_print();
671 return -1;
672 }
673 return 1;
674 }
675
tls13_client_key_share_ext_to_bytes(const SM2_POINT * point,uint8_t ** out,size_t * outlen)676 int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
677 {
678 uint16_t ext_type = TLS_extension_key_share;
679 size_t ext_datalen;
680 size_t client_shares_len = 0;
681
682 if (!point || !outlen) {
683 error_print();
684 return -1;
685 }
686 tls13_key_share_entry_to_bytes(point, NULL, &client_shares_len);
687 ext_datalen = tls_uint16_size() + client_shares_len;
688
689 tls_uint16_to_bytes(ext_type, out, outlen);
690 tls_uint16_to_bytes(ext_datalen, out, outlen);
691 tls_uint16_to_bytes(client_shares_len, out, outlen);
692 tls13_key_share_entry_to_bytes(point, out, outlen);
693 return 1;
694 }
695
tls13_process_client_key_share(const uint8_t * ext_data,size_t ext_datalen,const SM2_KEY * server_ecdhe_key,SM2_POINT * client_ecdhe_public,uint8_t ** out,size_t * outlen)696 int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
697 const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public,
698 uint8_t **out, size_t *outlen)
699 {
700 const uint8_t *client_shares;
701 size_t client_shares_len;
702 uint16_t group;
703 const uint8_t *key_exchange;
704 size_t key_exchange_len;
705
706 if (!server_ecdhe_key || !client_ecdhe_public || !outlen) {
707 error_print();
708 return -1;
709 }
710 if (tls_uint16array_from_bytes(&client_shares, &client_shares_len, &ext_data, &ext_datalen) != 1
711 || tls_length_is_zero(ext_datalen) != 1) {
712 error_print();
713 return -1;
714 }
715 while (client_shares_len) {
716 if (tls_uint16_from_bytes(&group, &client_shares, &client_shares_len) != 1
717 || tls_uint16array_from_bytes(&key_exchange, &key_exchange_len, &client_shares, &client_shares_len) != 1) {
718 error_print();
719 return -1;
720 }
721 if (!tls_named_curve_name(group)) {
722 error_print();
723 return -1;
724 }
725 if (!key_exchange) {
726 error_print();
727 return -1;
728 }
729 if (group == TLS_curve_sm2p256v1) {
730 if (key_exchange_len != 65) {
731 error_print();
732 return -1;
733 }
734 if (sm2_point_from_octets(client_ecdhe_public, key_exchange, key_exchange_len) != 1) {
735 error_print();
736 return -1;
737 }
738 if (tls13_server_key_share_ext_to_bytes(&server_ecdhe_key->public_key, out, outlen) != 1) {
739 error_print();
740 return -1;
741 }
742 return 1;
743 }
744 }
745 error_print();
746 return -1;
747 }
748
749 /*
750 certificate_authorities
751
752 opaque DistinguishedName<1..2^16-1>;
753
754 struct {
755 DistinguishedName authorities<3..2^16-1>;
756 } CertificateAuthoritiesExtension;
757 */
758
tls13_certificate_authorities_ext_to_bytes(const uint8_t * ca_names,size_t ca_names_len,uint8_t ** out,size_t * outlen)759 int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len,
760 uint8_t **out, size_t *outlen)
761 {
762 int ext_type = TLS_extension_certificate_authorities;
763 size_t ext_datalen;
764 size_t authorities_len;
765 const uint8_t *name;
766 size_t namelen;
767 const uint8_t *p;
768 size_t len;
769
770 p = ca_names;
771 len = ca_names_len;
772 authorities_len = 0;
773 while (len) {
774 if (x509_name_from_der(&name, &namelen, &p, &len) != 1) {
775 error_print();
776 return -1;
777 }
778 tls_uint16array_to_bytes(name, namelen, NULL, &authorities_len);
779 }
780 if (authorities_len < 3 || authorities_len > (1 << 16) - 1) {
781 error_print();
782 return -1;
783 }
784 ext_datalen = tls_uint16_size() + authorities_len;
785
786 tls_uint16_to_bytes(ext_type, out, outlen);
787 tls_uint16_to_bytes(ext_datalen, out, outlen);
788 tls_uint16_to_bytes(authorities_len, out, outlen);
789 while (ca_names_len) {
790 x509_name_from_der(&name, &namelen, &ca_names, &ca_names_len);
791 tls_uint16array_to_bytes(name, namelen, out, outlen);
792 }
793 return 1;
794 }
795
796
tls_ext_from_bytes(int * type,const uint8_t ** data,size_t * datalen,const uint8_t ** in,size_t * inlen)797 int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen)
798 {
799 uint16_t ext_type;
800 if (tls_uint16_from_bytes(&ext_type, in, inlen) != 1
801 || tls_uint16array_from_bytes(data, datalen, in, inlen) != 1) {
802 error_print();
803 return -1;
804 }
805 *type = ext_type;
806 if (!tls_extension_name(ext_type)) {
807 error_print();
808 return -1;
809 }
810 return 1;
811 }
812
tls_process_client_hello_exts(const uint8_t * exts,size_t extslen,uint8_t * out,size_t * outlen,size_t maxlen)813 int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen)
814 {
815 int type;
816 const uint8_t *data;
817 size_t datalen;
818
819 while (extslen) {
820 if (tls_ext_from_bytes(&type, &data, &datalen, &exts, &extslen) != 1) {
821 error_print();
822 return -1;
823 }
824
825 switch (type) {
826 case TLS_extension_ec_point_formats:
827 if (tls_process_client_ec_point_formats(data, datalen, &out, outlen) != 1) {
828 error_print();
829 return -1;
830 }
831 break;
832 case TLS_extension_signature_algorithms:
833 if (tls_process_client_signature_algorithms(data, datalen, &out, outlen) != 1) {
834 error_print();
835 return -1;
836 }
837 break;
838 case TLS_extension_supported_groups:
839 if (tls_process_client_supported_groups(data, datalen, &out, outlen) != 1) {
840 error_print();
841 return -1;
842 }
843 break;
844 default:
845 error_print();
846 return -1;
847 }
848 }
849 return 1;
850 }
851
tls_process_server_hello_exts(const uint8_t * exts,size_t extslen,int * ec_point_format,int * supported_group,int * signature_algor)852 int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen,
853 int *ec_point_format, int *supported_group, int *signature_algor)
854 {
855 int type;
856 const uint8_t *data;
857 size_t datalen;
858
859 *ec_point_format = -1;
860 *supported_group = -1;
861 *signature_algor = -1;
862
863 while (extslen) {
864 if (tls_ext_from_bytes(&type, &data, &datalen, &exts, &extslen) != 1) {
865 error_print();
866 return -1;
867 }
868
869 switch (type) {
870 case TLS_extension_ec_point_formats:
871 if (tls_process_server_ec_point_formats(data, datalen) != 1) {
872 error_print();
873 return -1;
874 }
875 *ec_point_format = TLS_point_uncompressed;
876 break;
877 case TLS_extension_signature_algorithms:
878 if (tls_process_server_signature_algors(data, datalen) != 1) {
879 error_print();
880 return -1;
881 }
882 *supported_group = TLS_curve_sm2p256v1;
883 break;
884 case TLS_extension_supported_groups:
885 if (tls_process_server_supported_groups(data, datalen) != 1) {
886 error_print();
887 return -1;
888 }
889 *signature_algor = TLS_sig_sm2sig_sm3;
890 break;
891 default:
892 error_print();
893 return -1;
894 }
895 }
896 return 1;
897 }
898
899
900
901 static int tls13_server_hello_exts[] = {
902 TLS_extension_key_share,
903 TLS_extension_pre_shared_key,
904 TLS_extension_supported_versions,
905 };
906
907 /*
908 struct {
909 Extension extensions<0..2^16-1>;
910 } EncryptedExtensions;
911 */
912 static int tls13_encrypted_extensions_exts[] = {
913 TLS_extension_server_name,
914 TLS_extension_max_fragment_length,
915 TLS_extension_supported_groups, // 必须放在EE中,不能放在SH中
916 TLS_extension_use_srtp,
917 TLS_extension_heartbeat,
918 TLS_extension_application_layer_protocol_negotiation,
919 TLS_extension_client_certificate_type,
920 TLS_extension_server_certificate_type,
921 TLS_extension_early_data,
922 };
923
924 static int tls13_certificate_exts[] = {
925 TLS_extension_status_request,
926 TLS_extension_signed_certificate_timestamp,
927 };
928
929 static int tls13_certificate_request_exts[] = {
930 TLS_extension_status_request,
931 TLS_extension_signature_algorithms,
932 TLS_extension_signed_certificate_timestamp,
933 TLS_extension_certificate_authorities,
934 TLS_extension_oid_filters,
935 TLS_extension_signature_algorithms_cert,
936 };
937
938 static int tls13_hello_retry_request_exts[] = {
939 TLS_extension_key_share,
940 TLS_extension_cookie,
941 TLS_extension_supported_versions,
942 };
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973