AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Cleanup client_hello body.

Browse Source 
cleanup `ssl_tls13_write_client_hello_body`, fix comments issues.
And move ciphersuites to separate function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-08-31 14:40:36 +08:00
parent 67d4ed5b22
commit 6a64310002
1 changed files with 89 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
library/ssl_tls13_client.c
View File

@ -115,8 +115,79 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/* Functions for writing ClientHello message */ /* Write ciphersuites
* CipherSuite cipher_suites<2..2^16-2>;
*/
static int ssl_tls13_write_client_hello_ciphersuites(
mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
{
/* Ciphersuite-related variables */
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
/* ciphersuite_start points to the start of
the ciphersuite list, i.e. to the length field*/
unsigned char *ciphersuite_start, *ciphersuite_iter;
size_t buf_len;
*olen = 0 ;
/*
* Ciphersuite list
*
* This is a list of the symmetric cipher options supported by
* the client, specifically the record protection algorithm
* ( including secret key length ) and a hash to be used with
* HKDF, in descending order of client preference.
*/
ciphersuites = ssl->conf->ciphersuite_list;
/* Check available spaces for ciphersuite */
MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
/* Write ciphersuites */
ciphersuite_start = buf + 2;
ciphersuite_iter = ciphersuite_start;
for ( size_t i = 0; ciphersuites[i] != 0; i++ )
{
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
if( ciphersuite_info == NULL )
continue;
if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
continue;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
(unsigned int) ciphersuites[i],
ciphersuite_info->name ) );
/* Check for available spaces */
MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0);
ciphersuite_iter += 2;
}
buf_len = ciphersuite_iter - ciphersuite_start;
/* write ciphersuite buf length */
MBEDTLS_PUT_UINT16_BE( buf_len, buf, 0 );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
buf_len/2 ) );
return( 0 );
}
/* Functions for writing ClientHello message */
static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
size_t buflen, size_t buflen,
@ -139,13 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
unsigned char *start = buf; unsigned char *start = buf;
unsigned char *end = buf + buflen; unsigned char *end = buf + buflen;
/* Ciphersuite-related variables */ *len_with_binders = 0;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
/* ciphersuite_start points to the start of
the ciphersuite list, i.e. to the length field*/
unsigned char *ciphersuite_start;
size_t ciphersuite_count;
/* Keeping track of the included extensions */ /* Keeping track of the included extensions */
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
@ -169,7 +234,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
ssl->major_ver = ssl->conf->min_major_ver; ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver; ssl->minor_ver = ssl->conf->min_minor_ver;
/* For TLS 1.3 we use the legacy version number {0x03, 0x03} /* Write legacy_version
* ProtocolVersion legacy_version = 0x0303; // TLS v1.2
* For TLS 1.3 we use the legacy version number {0x03, 0x03}
* instead of the true version number. * instead of the true version number.
* *
* For DTLS 1.3 we use the legacy version number * For DTLS 1.3 we use the legacy version number
@ -180,16 +247,16 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN );
MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0);
buf += CLIENT_HELLO_LEGACY_VERSION_LEN; buf += CLIENT_HELLO_LEGACY_VERSION_LEN;
buflen -= CLIENT_HELLO_LEGACY_VERSION_LEN;
/* Write random bytes */ /* Write random bytes
Random random
*/
MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN );
memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
buf, CLIENT_HELLO_RANDOM_LEN ); buf, CLIENT_HELLO_RANDOM_LEN );
buf += CLIENT_HELLO_RANDOM_LEN; buf += CLIENT_HELLO_RANDOM_LEN;
buflen -= CLIENT_HELLO_RANDOM_LEN;
/* Versions of TLS before TLS 1.3 supported a /* Versions of TLS before TLS 1.3 supported a
* "session resumption" feature which has been merged with pre-shared * "session resumption" feature which has been merged with pre-shared
@ -203,74 +270,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
* ossification ). Otherwise, it MUST be set as a zero-length vector * ossification ). Otherwise, it MUST be set as a zero-length vector
* ( i.e., a zero-valued single byte length field ). * ( i.e., a zero-valued single byte length field ).
*/ */
if( buflen < 1 ) MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
*buf++ = 0; /* session id length set to zero */ *buf++ = 0; /* session id length set to zero */
buflen -= 1;
/* /* Write ciphersuites */
* Ciphersuite list ret = ssl_tls13_write_client_hello_ciphersuites( ssl, buf, end, &cur_ext_len );
* if( ret != 0)
* This is a list of the symmetric cipher options supported by return( ret );
* the client, specifically the record protection algorithm buf += cur_ext_len;
* ( including secret key length ) and a hash to be used with
* HKDF, in descending order of client preference.
*/
ciphersuites = ssl->conf->ciphersuite_list;
if( buflen < 2 /* for ciphersuite list length */ )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
/* Skip writing ciphersuite length for now */
ciphersuite_count = 0;
ciphersuite_start = buf;
buf += 2;
buflen -= 2;
for ( size_t i = 0; ciphersuites[i] != 0; i++ )
{
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
if( ciphersuite_info == NULL )
continue;
if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ||
ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
continue;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
(unsigned int) ciphersuites[i],
ciphersuite_info->name ) );
ciphersuite_count++;
if( buflen < 2 /* for ciphersuite list length */ )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
MBEDTLS_PUT_UINT16_BE( ciphersuites[i], buf, 0);
buf += 2;
buflen -= 2;
}
/* write ciphersuite length now */
MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0 );
ciphersuite_start += 2;
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites",
ciphersuite_count ) );
/* For every TLS 1.3 ClientHello, this vector MUST contain exactly /* For every TLS 1.3 ClientHello, this vector MUST contain exactly
* one byte set to zero, which corresponds to the 'null' compression * one byte set to zero, which corresponds to the 'null' compression
@ -278,20 +285,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
* *
* For cTLS this field is elided. * For cTLS this field is elided.
*/ */
if( buflen < 2 /* for ciphersuite list length */ ) MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
*buf++ = 1; *buf++ = 1;
*buf++ = MBEDTLS_SSL_COMPRESS_NULL; *buf++ = MBEDTLS_SSL_COMPRESS_NULL;
buflen -= 2;
/* First write extensions, then the total length */ /* First write extensions, then the total length */
extension_start = buf; extension_start = buf;
total_ext_len = 0;
buf += 2; buf += 2;
/* Supported Versions Extension is mandatory with TLS 1.3. /* Supported Versions Extension is mandatory with TLS 1.3.
@ -302,7 +302,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
total_ext_len += cur_ext_len;
buf += cur_ext_len; buf += cur_ext_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@ -312,8 +311,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
total_ext_len += cur_ext_len;
buf += cur_ext_len; buf += cur_ext_len;
/* The supported_signature_algorithms extension is REQUIRED for /* The supported_signature_algorithms extension is REQUIRED for
@ -321,8 +318,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
total_ext_len += cur_ext_len;
buf += cur_ext_len; buf += cur_ext_len;
/* We need to send the key shares under three conditions: /* We need to send the key shares under three conditions:
@ -338,13 +333,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
total_ext_len += cur_ext_len;
buf += cur_ext_len; buf += cur_ext_len;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/* Add more extensions here */ /* Add more extensions here */
total_ext_len = buf - extension_start - 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
total_ext_len ) ); total_ext_len ) );
@ -354,7 +349,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 ); MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 );
extension_start += 2; extension_start += 2;
*len_with_binders = ( extension_start + total_ext_len ) - start; *len_with_binders = buf - start;
return( 0 ); return( 0 );
} }
@ -390,9 +385,6 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
* *
* Structure of this message: * Structure of this message:
* *
* uint16 ProtocolVersion;
* opaque Random[32];
* uint8 CipherSuite[2]; // Cryptographic suite selector
* struct { * struct {
* ProtocolVersion legacy_version = 0x0303; // TLS v1.2 * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
* Random random; * Random random;