Split combined ECC extensions into different files.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
if (kx_algorithm == p->kx_algorithm &&
cipher_algorithm == p->block_algorithm
&& mac_algorithm == p->mac_algorithm) {
- ret = p;
+ ret = p;
break;
}
);
* by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
* ciphersuites */
if (!version->tls13_sem && session->internals.cand_ec_group == NULL &&
- !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_ECC)) {
+ !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_GROUPS)) {
session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
}
* @sidx: internal index of cipher suite to get information about.
*
* Provides the internal ciphersuite index to be used with
- * gnutls_cipher_suite_info(). The index @idx provided is an
+ * gnutls_cipher_suite_info(). The index @idx provided is an
* index kept at the priorities structure. It might be that a valid
- * priorities index does not correspond to a ciphersuite and in
- * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned.
- * Once the last available index is crossed then
+ * priorities index does not correspond to a ciphersuite and in
+ * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned.
+ * Once the last available index is crossed then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
* Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
#include "mpi.h"
#include <state.h>
#include <auth/ecdhe.h>
-#include <ext/ecc.h>
+#include <ext/supported_groups.h>
static int gen_anon_ecdh_server_kx(gnutls_session_t, gnutls_buffer_st *);
static int proc_anon_ecdh_client_kx(gnutls_session_t, uint8_t *, size_t);
#include <x509.h>
#include <auth/ecdhe.h>
#include <ecc.h>
-#include <ext/ecc.h>
+#include <ext/supported_groups.h>
#include <algorithms.h>
#include <auth/psk.h>
#include <auth/cert.h>
server_name.c signature.c safe_renegotiation.c \
max_record.h server_name.h srp.h \
session_ticket.h signature.h safe_renegotiation.h \
- session_ticket.c srp.c ecc.c ecc.h heartbeat.c heartbeat.h \
+ session_ticket.c srp.c heartbeat.c heartbeat.h \
status_request.h status_request.c dumbfw.c dumbfw.h \
ext_master_secret.c ext_master_secret.h etm.h etm.c \
supported_versions.c supported_versions.h \
post_handshake.c post_handshake.h key_share.c key_share.h \
cookie.c cookie.h \
- psk_ke_modes.c psk_ke_modes.h pre_shared_key.c pre_shared_key.h
+ psk_ke_modes.c psk_ke_modes.h pre_shared_key.c pre_shared_key.h \
+ supported_groups.c supported_groups.h \
+ ec_point_formats.c ec_point_formats.h
if ENABLE_ALPN
libgnutls_ext_la_SOURCES += alpn.c alpn.h
--- /dev/null
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains the code for the Elliptic Curve Point Formats extension.
+ */
+
+#include "ext/ec_point_formats.h"
+#include "str.h"
+#include "state.h"
+#include <gnutls/gnutls.h>
+
+
+static int _gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_supported_ec_point_formats_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+
+
+const hello_ext_entry_st ext_mod_supported_ec_point_formats = {
+ .name = "Supported EC Point Formats",
+ .tls_id = 11,
+ .gid = GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS,
+ .parse_type = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_supported_ec_point_formats_recv_params,
+ .send_func = _gnutls_supported_ec_point_formats_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
+};
+
+
+/* Receive point formats
+ */
+static int
+_gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t _data_size)
+{
+ int len, i;
+ int uncompressed = 0;
+ int data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ len = data[0];
+ if (len < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ DECR_LEN(data_size, len + 1);
+
+ for (i = 1; i <= len; i++)
+ if (data[i] == 0) { /* uncompressed */
+ uncompressed = 1;
+ break;
+ }
+
+ if (uncompressed == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ } else {
+ /* only sanity check here. We only support uncompressed points
+ * and a client must support it thus nothing to check.
+ */
+ if (_data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+ }
+
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_supported_ec_point_formats_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
+{
+ const uint8_t p[2] = { 0x01, 0x00 }; /* only support uncompressed point format */
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && !_gnutls_session_is_ecc(session))
+ return 0;
+
+ if (session->internals.priorities->groups.size > 0) {
+ ret = _gnutls_buffer_append_data(extdata, p, 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 2;
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+#ifndef EXT_EC_POINT_FORMATS_H
+#define EXT_EC_POINT_FORMATS_H
+
+#include <hello_ext.h>
+
+extern const hello_ext_entry_st ext_mod_supported_ec_point_formats;
+
+#endif
#include "gnutls_int.h"
#include "errors.h"
#include "num.h"
-#include <ext/ecc.h>
+#include "ext/supported_groups.h"
#include <state.h>
#include <num.h>
#include <algorithms.h>
*
*/
-/* This file contains the code the Negotiated groups TLS 1.3, or
- * Elliptic curves TLS 1.2 extension.
+/* This file contains the code for the Supported Groups extension (rfc7919).
+ * This extension was previously named Supported Elliptic Curves under TLS 1.2.
*/
-#include "gnutls_int.h"
-#include "errors.h"
+#include "ext/supported_groups.h"
+#include "str.h"
#include "num.h"
-#include <ext/ecc.h>
-#include <state.h>
-#include <num.h>
-#include <algorithms.h>
#include "auth/psk.h"
#include "auth/cert.h"
#include "auth/anon.h"
+#include "algorithms.h"
+#include <gnutls/gnutls.h>
-static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
+
+static int _gnutls_supported_groups_recv_params(gnutls_session_t session,
const uint8_t * data,
size_t data_size);
-static int _gnutls_supported_ecc_send_params(gnutls_session_t session,
+static int _gnutls_supported_groups_send_params(gnutls_session_t session,
gnutls_buffer_st * extdata);
-static int _gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
- gnutls_buffer_st *
- extdata);
-const hello_ext_entry_st ext_mod_supported_ecc = {
- .name = "Negotiated Groups",
+const hello_ext_entry_st ext_mod_supported_groups = {
+ .name = "Supported Groups",
.tls_id = 10,
- .gid = GNUTLS_EXTENSION_SUPPORTED_ECC,
+ .gid = GNUTLS_EXTENSION_SUPPORTED_GROUPS,
.parse_type = GNUTLS_EXT_TLS,
.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
- .recv_func = _gnutls_supported_ecc_recv_params,
- .send_func = _gnutls_supported_ecc_send_params,
+ .recv_func = _gnutls_supported_groups_recv_params,
+ .send_func = _gnutls_supported_groups_send_params,
.pack_func = NULL,
.unpack_func = NULL,
.deinit_func = NULL,
.cannot_be_overriden = 1
};
-const hello_ext_entry_st ext_mod_supported_ecc_pf = {
- .name = "Supported ECC Point Formats",
- .tls_id = 11,
- .gid = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
- .parse_type = GNUTLS_EXT_TLS,
- .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
- GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
- .recv_func = _gnutls_supported_ecc_pf_recv_params,
- .send_func = _gnutls_supported_ecc_pf_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
-};
static unsigned get_min_dh(gnutls_session_t session)
{
return 0;
}
-/*
- * In case of a server: if a SUPPORTED_ECC extension type is received then it stores
+/*
+ * In case of a server: if a SUPPORTED_GROUPS extension type is received then it stores
* into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
* to access it.
*
- * In case of a client: If a supported_eccs have been specified then we send the extension.
+ * In case of a client: If supported_eccs have been specified then we send the extension.
*
*/
static int
-_gnutls_supported_ecc_recv_params(gnutls_session_t session,
+_gnutls_supported_groups_recv_params(gnutls_session_t session,
const uint8_t * data, size_t _data_size)
{
int i;
* possible to read that message under TLS1.3 as an encrypted
* extension. */
return 0;
- } else { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
+ } else { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
*/
if (data_size < 2)
return
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_supported_ecc_send_params(gnutls_session_t session,
+_gnutls_supported_groups_send_params(gnutls_session_t session,
gnutls_buffer_st * extdata)
{
unsigned len, i;
for (i = 0; i < len; i++) {
p = session->internals.priorities->groups.entry[i]->tls_id;
- _gnutls_handshake_log("EXT[%p]: sent group %s (0x%x)\n", session,
+ _gnutls_handshake_log("EXT[%p]: Sent group %s (0x%x)\n", session,
session->internals.priorities->groups.entry[i]->name, (unsigned)p);
ret =
return 0;
}
-/*
- * In case of a server: if a SUPPORTED_ECC extension type is received then it stores
- * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
- * to access it.
- *
- * In case of a client: If a supported_eccs have been specified then we send the extension.
- *
- */
-static int
-_gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
- const uint8_t * data,
- size_t _data_size)
-{
- int len, i;
- int uncompressed = 0;
- int data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if (data_size < 1)
- return
- gnutls_assert_val
- (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- len = data[0];
- if (len < 1)
- return
- gnutls_assert_val
- (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- DECR_LEN(data_size, len + 1);
-
- for (i = 1; i <= len; i++)
- if (data[i] == 0) { /* uncompressed */
- uncompressed = 1;
- break;
- }
-
- if (uncompressed == 0)
- return
- gnutls_assert_val
- (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- } else {
- /* only sanity check here. We only support uncompressed points
- * and a client must support it thus nothing to check.
- */
- if (_data_size < 1)
- return
- gnutls_assert_val
- (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
- }
-
- return 0;
-}
-
-/* returns data_size or a negative number on failure
- */
-static int
-_gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
- gnutls_buffer_st * extdata)
-{
- const uint8_t p[2] = { 0x01, 0x00 }; /* only support uncompressed point format */
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_SERVER
- && !_gnutls_session_is_ecc(session))
- return 0;
-
- if (session->internals.priorities->groups.size > 0) {
- ret = _gnutls_buffer_append_data(extdata, p, 2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 2;
- }
- return 0;
-}
-
-
/* Returns 0 if the given ECC curve is allowed in the current
* session. A negative error value is returned otherwise.
*/
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
-#ifndef EXT_ECC_H
-#define EXT_ECC_H
+#ifndef EXT_SUPPORTED_GROUPS_H
+#define EXT_SUPPORTED_GROUPS_H
#include <hello_ext.h>
-extern const hello_ext_entry_st ext_mod_supported_ecc;
-extern const hello_ext_entry_st ext_mod_supported_ecc_pf;
+extern const hello_ext_entry_st ext_mod_supported_groups;
int
_gnutls_session_supports_group(gnutls_session_t session,
*/
#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
-/* The maximum digest size of hash algorithms.
+/* The maximum digest size of hash algorithms.
*/
#define MAX_FILENAME 512
#define MAX_HASH_SIZE 64
GNUTLS_EXTENSION_MAX_RECORD_SIZE = 0,
GNUTLS_EXTENSION_STATUS_REQUEST,
GNUTLS_EXTENSION_CERT_TYPE,
- GNUTLS_EXTENSION_SUPPORTED_ECC,
- GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+ GNUTLS_EXTENSION_SUPPORTED_GROUPS,
+ GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS,
GNUTLS_EXTENSION_SRP,
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
GNUTLS_EXTENSION_SRTP,
size_t byte_length;
} mbuffer_head_st;
-/* Store & Retrieve functions defines:
+/* Store & Retrieve functions defines:
*/
typedef struct auth_cred_st {
/* The key to encrypt and decrypt session tickets */
uint8_t session_ticket_key[TICKET_MASTER_KEY_SIZE];
- /* this is used to hold the peers authentication data
+ /* this is used to hold the peers authentication data
*/
- /* auth_info_t structures SHOULD NOT contain malloced
+ /* auth_info_t structures SHOULD NOT contain malloced
* elements. Check gnutls_session_pack.c, and gnutls_auth.c.
* Remember that this should be calloced!
*/
void *auth_info;
gnutls_credentials_type_t auth_info_type;
- int auth_info_size; /* needed in order to store to db for restoring
+ int auth_info_size; /* needed in order to store to db for restoring
*/
auth_cred_st *cred; /* used to specify keys/certificates etc */
};
bool only_extension; /* negotiated only with an extension */
bool post_handshake_auth; /* Supports the TLS 1.3 post handshake auth */
bool key_shares; /* TLS 1.3 key share key exchange */
- /*
+ /*
* TLS versions modify the semantics of signature algorithms. This number
* is there to distinguish signature algorithms semantics between versions
* (maps to sign_algorithm_st->tls_sem)
#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
-/* auth_info_t structures now MAY contain malloced
+/* auth_info_t structures now MAY contain malloced
* elements.
*/
/* This structure and auth_info_t, are stored in the resume database,
* and are restored, in case of resume.
- * Holds all the required parameters to resume the current
+ * Holds all the required parameters to resume the current
* session.
*/
/* The epoch at index 0 of record_parameters. */
uint16_t epoch_min;
- /* this is the ciphersuite we are going to use
+ /* this is the ciphersuite we are going to use
* moved here from internals in order to be restored
* on resume;
*/
unsigned int hsk_hello_verify_requests;
- /* The actual retrans_timeout for the next message (e.g. doubled or so)
+ /* The actual retrans_timeout for the next message (e.g. doubled or so)
*/
unsigned int actual_retrans_timeout_ms;
* the server finished message */
unsigned handshake_hash_buffer_client_finished_len;/* if non-zero it is the length of data until the
* the client finished message */
- gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
+ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
* message */
bool resumable; /* TRUE or FALSE - if we can resume that session */
/* this buffer holds a record packet -mostly used for
* non blocking IO.
*/
- mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
+ mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
* being received */
mbuffer_head_st record_send_buffer; /* holds cached data
* for the gnutls_io_write_buffered()
/* this is the highest version available
* to the peer. (advertized version).
- * This is obtained by the Handshake Client Hello
+ * This is obtained by the Handshake Client Hello
* message. (some implementations read the Record version)
*/
uint8_t adv_version_major;
};
-/* functions
+/* functions
*/
void _gnutls_free_auth_info(gnutls_session_t session);
#include <ext/safe_renegotiation.h>
#include <ext/signature.h>
#include <ext/safe_renegotiation.h>
-#include <ext/ecc.h>
+#include "ext/supported_groups.h"
+#include "ext/ec_point_formats.h"
#include <ext/status_request.h>
#include <ext/ext_master_secret.h>
#include <ext/supported_versions.h>
[GNUTLS_EXTENSION_HEARTBEAT] = &ext_mod_heartbeat,
#endif
[GNUTLS_EXTENSION_SESSION_TICKET] = &ext_mod_session_ticket,
- [GNUTLS_EXTENSION_SUPPORTED_ECC] = &ext_mod_supported_ecc,
- [GNUTLS_EXTENSION_SUPPORTED_ECC_PF] = &ext_mod_supported_ecc_pf,
+ [GNUTLS_EXTENSION_SUPPORTED_GROUPS] = &ext_mod_supported_groups,
+ [GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS] = &ext_mod_supported_ec_point_formats,
[GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS] = &ext_mod_sig,
[GNUTLS_EXTENSION_KEY_SHARE] = &ext_mod_key_share,
[GNUTLS_EXTENSION_COOKIE] = &ext_mod_cookie,
*
* Since: 3.4.0
**/
-int
+int
gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type,
- gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
gnutls_ext_unpack_func unpack_func)
{
*
* Since: 3.5.5
**/
-int
+int
gnutls_session_ext_register(gnutls_session_t session,
const char *name, int id, gnutls_ext_parse_type_t parse_type,
- gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
gnutls_ext_unpack_func unpack_func, unsigned flags)
{
#ifndef GNUTLS_EXTENSIONS_H
#define GNUTLS_EXTENSIONS_H
+#include "gnutls_int.h"
#include <gnutls/gnutls.h>
+#include "str.h"
/* Functions for hello extension parsing.
*/
gnutls_ext_send_func send_func;
gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
- * internal data
+ * internal data
*/
gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
projects / thirdparty / gnutls.git / commitdiff
