mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add ext id and utilities

Browse Source 
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-10-31 13:08:18 +08:00
parent c4bf5d658e
commit 7a485c1fdf
3 changed files with 134 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
library/ssl_misc.h
View File

@ -75,33 +75,46 @@
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
/*
* Mask of TLS 1.3 handshake extensions used in extensions_present
* of mbedtls_ssl_handshake_params.
* Inernal identity of handshake extensions
*/
#define MBEDTLS_SSL_EXT_NONE 0
#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0
#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1
#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1
#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2
#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4
#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5
#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6
#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7
#define MBEDTLS_SSL_EXT_ID_ALPN 8
#define MBEDTLS_SSL_EXT_ID_SCT 9
#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10
#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11
#define MBEDTLS_SSL_EXT_ID_PADDING 12
#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13
#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15
#define MBEDTLS_SSL_EXT_ID_COOKIE 16
#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17
#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18
#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19
#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20
#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21
#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22
#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23
#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24
#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25
#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26
#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 )
#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 )
#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 )
#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 )
#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 )
#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 )
#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 )
#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 )
#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 )
#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 )
#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 )
#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 )
#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 )
#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 )
#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 )
#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 )
#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 )
#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 )
#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 )
#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 )
#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 )
#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 )
/* Utility for translating IANA extension type. */
uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type );
uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
/* Macros used to define mask constants */
#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) )
/* Reset value of extension mask */
#define MBEDTLS_SSL_EXT_MASK_NONE 0
/* In messages containing extension requests, we should ignore unrecognized
* extensions. In messages containing extension responses, unrecognized
@ -1930,8 +1943,6 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
* Helper functions for extensions checking and convert.
*/
uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_check_received_extension(
mbedtls_ssl_context *ssl,
@ -1943,7 +1954,7 @@ static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask(
mbedtls_ssl_context *ssl, unsigned int extension_type )
{
ssl->handshake->sent_extensions |=
mbedtls_tls13_get_extension_mask( extension_type );
mbedtls_ssl_get_extension_mask( extension_type );
}
/*

95
library/ssl_tls.c
View File

@ -521,6 +521,101 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type )
{
switch( extension_type )
{
case MBEDTLS_TLS_EXT_SERVERNAME:
return( MBEDTLS_SSL_EXT_ID_SERVERNAME );
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH );
case MBEDTLS_TLS_EXT_STATUS_REQUEST:
return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST );
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS );
case MBEDTLS_TLS_EXT_SIG_ALG:
return( MBEDTLS_SSL_EXT_ID_SIG_ALG );
case MBEDTLS_TLS_EXT_USE_SRTP:
return( MBEDTLS_SSL_EXT_ID_USE_SRTP );
case MBEDTLS_TLS_EXT_HEARTBEAT:
return( MBEDTLS_SSL_EXT_ID_HEARTBEAT );
case MBEDTLS_TLS_EXT_ALPN:
return( MBEDTLS_SSL_EXT_ID_ALPN );
case MBEDTLS_TLS_EXT_SCT:
return( MBEDTLS_SSL_EXT_ID_SCT );
case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE );
case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE );
case MBEDTLS_TLS_EXT_PADDING:
return( MBEDTLS_SSL_EXT_ID_PADDING );
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY );
case MBEDTLS_TLS_EXT_EARLY_DATA:
return( MBEDTLS_SSL_EXT_ID_EARLY_DATA );
case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS );
case MBEDTLS_TLS_EXT_COOKIE:
return( MBEDTLS_SSL_EXT_ID_COOKIE );
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES );
case MBEDTLS_TLS_EXT_CERT_AUTH:
return( MBEDTLS_SSL_EXT_ID_CERT_AUTH );
case MBEDTLS_TLS_EXT_OID_FILTERS:
return( MBEDTLS_SSL_EXT_ID_OID_FILTERS );
case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH );
case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT );
case MBEDTLS_TLS_EXT_KEY_SHARE:
return( MBEDTLS_SSL_EXT_ID_KEY_SHARE );
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC );
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS );
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC );
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET );
case MBEDTLS_TLS_EXT_SESSION_TICKET:
return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET );
}
return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED );
}
uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type )
{
return( 1 << mbedtls_ssl_get_extension_id( extension_type ) );
}
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
{

74
library/ssl_tls13_generic.c
View File

@ -1529,80 +1529,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
}
#endif /* MBEDTLS_ECDH_C */
uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type )
{
switch( extension_type )
{
case MBEDTLS_TLS_EXT_SERVERNAME:
return( MBEDTLS_SSL_EXT_SERVERNAME );
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
return( MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH );
case MBEDTLS_TLS_EXT_STATUS_REQUEST:
return( MBEDTLS_SSL_EXT_STATUS_REQUEST );
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
return( MBEDTLS_SSL_EXT_SUPPORTED_GROUPS );
case MBEDTLS_TLS_EXT_SIG_ALG:
return( MBEDTLS_SSL_EXT_SIG_ALG );
case MBEDTLS_TLS_EXT_USE_SRTP:
return( MBEDTLS_SSL_EXT_USE_SRTP );
case MBEDTLS_TLS_EXT_HEARTBEAT:
return( MBEDTLS_SSL_EXT_HEARTBEAT );
case MBEDTLS_TLS_EXT_ALPN:
return( MBEDTLS_SSL_EXT_ALPN );
case MBEDTLS_TLS_EXT_SCT:
return( MBEDTLS_SSL_EXT_SCT );
case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
return( MBEDTLS_SSL_EXT_CLI_CERT_TYPE );
case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
return( MBEDTLS_SSL_EXT_SERV_CERT_TYPE );
case MBEDTLS_TLS_EXT_PADDING:
return( MBEDTLS_SSL_EXT_PADDING );
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
return( MBEDTLS_SSL_EXT_PRE_SHARED_KEY );
case MBEDTLS_TLS_EXT_EARLY_DATA:
return( MBEDTLS_SSL_EXT_EARLY_DATA );
case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
return( MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS );
case MBEDTLS_TLS_EXT_COOKIE:
return( MBEDTLS_SSL_EXT_COOKIE );
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
return( MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES );
case MBEDTLS_TLS_EXT_CERT_AUTH:
return( MBEDTLS_SSL_EXT_CERT_AUTH );
case MBEDTLS_TLS_EXT_OID_FILTERS:
return( MBEDTLS_SSL_EXT_OID_FILTERS );
case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
return( MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH );
case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
return( MBEDTLS_SSL_EXT_SIG_ALG_CERT );
case MBEDTLS_TLS_EXT_KEY_SHARE:
return( MBEDTLS_SSL_EXT_KEY_SHARE );
};
return( MBEDTLS_SSL_EXT_UNRECOGNIZED );
}
#if defined(MBEDTLS_DEBUG_C)
const char *mbedtls_tls13_get_extension_name( uint16_t extension_type )
{