From 65dd2ccfe696d6cfaecfc376038db1d71dc1c28e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 18 Aug 2021 16:38:40 +0800
Subject: [PATCH] Add dummy stages for `client_hello_process`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
library/CMakeLists.txt | 1 +
library/Makefile | 1 +
library/ssl_misc.h | 37 ++++++++++++++++++++
library/ssl_tls13_client.c | 54 ++++++++++++++++++++++++++++++
library/ssl_tls13_generic.c | 67 +++++++++++++++++++++++++++++++++++++
5 files changed, 160 insertions(+)
create mode 100644 library/ssl_tls13_generic.c
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 5adc128c96..a5d692cbe4 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -106,6 +106,7 @@ set(src_tls
ssl_tls13_keys.c
ssl_tls13_server.c
ssl_tls13_client.c
+ ssl_tls13_generic.c
)
if(CMAKE_COMPILER_IS_GNUCC)
diff --git a/library/Makefile b/library/Makefile
index 8c58fb8501..13cd7db0c6 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -169,6 +169,7 @@ OBJS_TLS= \
ssl_tls13_keys.o \
ssl_tls13_client.o \
ssl_tls13_server.o \
+ ssl_tls13_generic.o \
# This line is intentionally left blank
.SILENT:
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 36754a3237..4c3f6c0d5e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -26,6 +26,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
+#include "mbedtls/debug.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
@@ -102,6 +103,30 @@
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
+#define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__
+
+#define MBEDTLS_SSL_PROC_CHK( fn, args ) \
+ do { \
+ ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \
+ if( ret != 0 ) \
+ { \
+ if( ret > 0 ) \
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; \
+ MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \
+ goto cleanup; \
+ } \
+ } while( 0 )
+
+#define MBEDTLS_SSL_PROC_CHK_NEG( fn, args ) \
+ do { \
+ ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \
+ if( ret < 0 ) \
+ { \
+ MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \
+ goto cleanup; \
+ } \
+ } while( 0 )
+
/*
* DTLS retransmission states, see RFC 6347 4.2.4
*
@@ -1331,6 +1356,18 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl,
ssl->state = state;
}
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buflen );
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len,
+ size_t msg_len );
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len );
+
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d619d80ed9..46c071b6bb 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -28,6 +28,7 @@
#include "ssl_misc.h"
#include <mbedtls/debug.h>
+/* Main entry point; orchestrates the other functions */
static int ssl_client_hello_process( mbedtls_ssl_context* ssl );
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
@@ -66,20 +67,73 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl )
return( ret );
}
+
+static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl );
+static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
+ unsigned char* buf, size_t buflen,
+ size_t* len_without_binders,
+ size_t* len_with_binders );
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl );
+
static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
{
int ret = 0;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+ size_t len_without_binders = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl,
+ MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len,
+ &len_without_binders,
+ &msg_len ) );
+
+ mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ msg_len );
+ ssl->handshake->update_checksum( ssl, buf, len_without_binders );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+cleanup:
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
/* client_hello_process haven't finished */
ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
return ret;
}
+static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
+{
+ ((void) ssl);
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
+ unsigned char* buf, size_t buflen,
+ size_t* len_without_binders,
+ size_t* len_with_binders )
+{
+ ((void) ssl);
+ ((void) buf);
+ ((void) buflen);
+ ((void) len_without_binders);
+ ((void) len_with_binders);
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
+{
+ ((void) ssl);
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
#endif /* MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
new file mode 100644
index 0000000000..51c8fe3bd5
--- /dev/null
+++ b/library/ssl_tls13_generic.c
@@ -0,0 +1,67 @@
+/*
+ * TLS 1.3 functionality shared between client and server
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_SSL_TLS_C)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+#include "ssl_misc.h"
+
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buflen )
+{
+ ((void) ssl);
+ ((void) hs_type);
+ ((void) buf);
+ ((void) buflen);
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len,
+ size_t msg_len )
+{
+ ((void) ssl);
+ ((void) buf_len);
+ ((void) msg_len);
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len )
+{
+ unsigned char hs_hdr[4];
+
+ /* Build HS header for checksum update. */
+ hs_hdr[0] = hs_type;
+ hs_hdr[1] = (unsigned char)( total_hs_len >> 16 );
+ hs_hdr[2] = (unsigned char)( total_hs_len >> 8 );
+ hs_hdr[3] = (unsigned char)( total_hs_len >> 0 );
+
+ ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
+#endif /* MBEDTLS_SSL_TLS_C */