diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 9f1df736bd..07e8c7103f 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -45,4 +45,25 @@ const char *mbedtls_ssl_named_group_to_str( uint16_t in ); #endif /* MBEDTLS_DEBUG_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_DEBUG_C) + +const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ); + +void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + const char *hs_msg_name, + uint32_t extensions_present ); + +#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) \ + mbedtls_ssl_tls13_print_extensions( \ + ssl, level, __FILE__, __LINE__, hs_msg_name, extensions_present ) +#else + +#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) + +#endif + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #endif /* SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 48e3675820..662e6f4c81 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,4 +1485,130 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( "server_name" ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( "max_fragment_length" ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( "status_request" ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( "supported_groups" ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( "signature_algorithms" ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( "use_srtp" ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( "heartbeat" ); + + case MBEDTLS_TLS_EXT_ALPN: + return( "application_layer_protocol_negotiation" ); + + case MBEDTLS_TLS_EXT_SCT: + return( "signed_certificate_timestamp" ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( "client_certificate_type" ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( "server_certificate_type" ); + + case MBEDTLS_TLS_EXT_PADDING: + return( "padding" ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( "pre_shared_key" ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( "early_data" ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( "supported_versions" ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( "cookie" ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( "psk_key_exchange_modes" ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( "certificate_authorities" ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( "oid_filters" ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( "post_handshake_auth" ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( "signature_algorithms_cert" ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( "key_share" ); + }; + + return( "unknown" ); +} + +void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + const char *hs_msg_name, + uint32_t extensions_present ) +{ + static const struct{ + uint32_t extension_mask; + const char *extension_name; + } mask_to_str_table[] = { + { MBEDTLS_SSL_EXT_SERVERNAME, "server_name" }, + { MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH, "max_fragment_length" }, + { MBEDTLS_SSL_EXT_STATUS_REQUEST, "status_request" }, + { MBEDTLS_SSL_EXT_SUPPORTED_GROUPS, "supported_groups" }, + { MBEDTLS_SSL_EXT_SIG_ALG, "signature_algorithms" }, + { MBEDTLS_SSL_EXT_USE_SRTP, "use_srtp" }, + { MBEDTLS_SSL_EXT_HEARTBEAT, "heartbeat" }, + { MBEDTLS_SSL_EXT_ALPN, "application_layer_protocol_negotiation" }, + { MBEDTLS_SSL_EXT_SCT, "signed_certificate_timestamp" }, + { MBEDTLS_SSL_EXT_CLI_CERT_TYPE, "client_certificate_type" }, + { MBEDTLS_SSL_EXT_SERV_CERT_TYPE, "server_certificate_type" }, + { MBEDTLS_SSL_EXT_PADDING, "padding" }, + { MBEDTLS_SSL_EXT_PRE_SHARED_KEY, "pre_shared_key" }, + { MBEDTLS_SSL_EXT_EARLY_DATA, "early_data" }, + { MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS, "supported_versions" }, + { MBEDTLS_SSL_EXT_COOKIE, "cookie" }, + { MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, + { MBEDTLS_SSL_EXT_CERT_AUTH, "certificate_authorities" }, + { MBEDTLS_SSL_EXT_OID_FILTERS, "oid_filters" }, + { MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" }, + { MBEDTLS_SSL_EXT_SIG_ALG_CERT, "signature_algorithms_cert" }, + { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } }; + + mbedtls_debug_print_msg( ssl, level, file, line, + "extension list of %s:", hs_msg_name ); + + for( unsigned i = 0; + i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] ); + i++ ) + { + const char *extension_name = mask_to_str_table[i].extension_name; + uint32_t is_present = extensions_present & + mask_to_str_table[i].extension_mask; + + mbedtls_debug_print_msg( ssl, level, file, line, + "- %s extension ( %s )", extension_name, + is_present ? "true" : "false" ); + } +} + +#endif /* MBEDTLS_DEBUG_C */ + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3762393b96..b24aa4a8c5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -926,56 +926,6 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C */ -#if defined(MBEDTLS_DEBUG_C) -static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl ) -{ - ((void) ssl); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- KEY_SHARE_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PRE_SHARED_KEY_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_GROUPS_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_VERSION_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SERVERNAME_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined ( MBEDTLS_SSL_ALPN ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- ALPN_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_ALPN */ -} -#endif /* MBEDTLS_DEBUG_C */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, int exts_mask ) @@ -1655,18 +1605,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, default: MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %ud ( ignoring )", - extension_type ) ); + ( "client hello: received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); } p += extension_data_len; } -#if defined(MBEDTLS_DEBUG_C) - /* List all the extensions we have received */ - ssl_tls13_debug_print_client_hello_exts( ssl ); -#endif /* MBEDTLS_DEBUG_C */ - mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf );