Refactor debug helpers for exts and hs message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 6b97bc6..8fce87a 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -43,27 +43,43 @@
const char *mbedtls_ssl_named_group_to_str( uint16_t in );
-#endif /* MBEDTLS_DEBUG_C */
+const char *mbedtls_ssl_get_extension_name( unsigned int extension_type );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_DEBUG_C)
+void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, uint32_t extensions_mask,
+ const char *extra );
-const char *mbedtls_tls13_get_extension_name( uint16_t extension_type );
+void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type,
+ unsigned int extension_type,
+ const char *extra_msg0,
+ const char *extra_msg1 );
-void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl,
- int level, const char *file, int line,
- int hs_msg_type,
- uint32_t extensions_present );
+#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) \
+ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \
+ hs_msg_type, \
+ ssl->handshake->sent_extensions, \
+ "sent" )
-#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_type, extensions_present ) \
- mbedtls_ssl_tls13_print_extensions( \
- ssl, level, __FILE__, __LINE__, hs_msg_type, extensions_present )
+#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) \
+ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \
+ hs_msg_type, \
+ ssl->handshake->received_extensions, \
+ "received" )
+
+#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra ) \
+ mbedtls_ssl_print_extension_type( ssl, level, __FILE__, __LINE__, \
+ hs_msg_type, extension_type, extra, NULL )
#else
-#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present )
+#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type )
-#endif
+#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type )
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra )
-#endif /* SSL_DEBUG_HELPERS_H */
+#endif /* MBEDTLS_DEBUG_C */
+
+#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8ffdccb..7c32969 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -74,6 +74,9 @@
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
+/* Faked handshake message identity for HelloRetryRequest. */
+#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO )
+
/*
* Inernal identity of handshake extensions
*/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b3210c4..7bc0a0c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -616,6 +616,152 @@
return( 1 << mbedtls_ssl_get_extension_id( extension_type ) );
}
+#if defined(MBEDTLS_DEBUG_C)
+static const char *extension_name_table[] = {
+ [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unreognized",
+ [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name",
+ [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length",
+ [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups",
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms",
+ [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp",
+ [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat",
+ [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation",
+ [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp",
+ [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type",
+ [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type",
+ [MBEDTLS_SSL_EXT_ID_PADDING] = "padding",
+ [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key",
+ [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions",
+ [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie",
+ [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes",
+ [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities",
+ [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters",
+ [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth",
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert",
+ [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share",
+ [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats",
+ [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac",
+ [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret",
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket"
+};
+
+static unsigned int extension_type_tbl[]={
+ [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
+ [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
+ [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
+ [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS,
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG,
+ [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP,
+ [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT,
+ [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN,
+ [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT,
+ [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE,
+ [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE,
+ [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING,
+ [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY,
+ [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS,
+ [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE,
+ [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES,
+ [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH,
+ [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS,
+ [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH,
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT,
+ [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE,
+ [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS,
+ [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC,
+ [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET,
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET
+};
+
+const char *mbedtls_ssl_get_extension_name( unsigned int extension_type )
+{
+ return( extension_name_table[
+ mbedtls_ssl_get_extension_id( extension_type ) ] );
+}
+
+static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type )
+{
+ switch( hs_msg_type )
+ {
+ case MBEDTLS_SSL_HS_CLIENT_HELLO:
+ return( "ClientHello" );
+ case MBEDTLS_SSL_HS_SERVER_HELLO:
+ return( "ServerHello" );
+ case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
+ return( "HelloRetryRequest" );
+ case MBEDTLS_SSL_HS_NEW_SESSION_TICKET:
+ return( "NewSessionTicket" );
+ case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
+ return( "EncryptedExtensions" );
+ case MBEDTLS_SSL_HS_CERTIFICATE:
+ return( "Certificate" );
+ case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
+ return( "CertificateRequest" );
+ }
+ return( NULL );
+}
+
+void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type,
+ unsigned int extension_type,
+ const char *extra_msg0,
+ const char *extra_msg1 )
+{
+ const char *extra_msg;
+ if( extra_msg0 && extra_msg1 )
+ {
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension %s %s.",
+ ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ),
+ extension_type,
+ extra_msg0, extra_msg1 );
+ return;
+ }
+
+ extra_msg = extra_msg0 ? extra_msg0 : extra_msg1;
+ if( extra_msg )
+ {
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ), extension_type,
+ extra_msg );
+ return;
+ }
+
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ), extension_type );
+}
+
+void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, uint32_t extensions_mask,
+ const char *extra )
+{
+
+ for( unsigned i = 0;
+ i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] );
+ i++ )
+ {
+ mbedtls_ssl_print_extension_type(
+ ssl, level, file, line, hs_msg_type, extension_type_tbl[i],
+ extensions_mask & ( 1 << i ) ? "was" : "was not", extra );
+ }
+}
+
+#endif /* MBEDTLS_DEBUG_C */
+
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
{
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1bbd7f0..a94bbef 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1529,155 +1529,6 @@
}
#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_DEBUG_C)
-const char *mbedtls_tls13_get_extension_name( uint16_t extension_type )
-{
- switch( extension_type )
- {
- case MBEDTLS_TLS_EXT_SERVERNAME:
- return( "server_name" );
-
- case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- return( "max_fragment_length" );
-
- case MBEDTLS_TLS_EXT_STATUS_REQUEST:
- return( "status_request" );
-
- case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
- return( "supported_groups" );
-
- case MBEDTLS_TLS_EXT_SIG_ALG:
- return( "signature_algorithms" );
-
- case MBEDTLS_TLS_EXT_USE_SRTP:
- return( "use_srtp" );
-
- case MBEDTLS_TLS_EXT_HEARTBEAT:
- return( "heartbeat" );
-
- case MBEDTLS_TLS_EXT_ALPN:
- return( "application_layer_protocol_negotiation" );
-
- case MBEDTLS_TLS_EXT_SCT:
- return( "signed_certificate_timestamp" );
-
- case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
- return( "client_certificate_type" );
-
- case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
- return( "server_certificate_type" );
-
- case MBEDTLS_TLS_EXT_PADDING:
- return( "padding" );
-
- case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
- return( "pre_shared_key" );
-
- case MBEDTLS_TLS_EXT_EARLY_DATA:
- return( "early_data" );
-
- case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
- return( "supported_versions" );
-
- case MBEDTLS_TLS_EXT_COOKIE:
- return( "cookie" );
-
- case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
- return( "psk_key_exchange_modes" );
-
- case MBEDTLS_TLS_EXT_CERT_AUTH:
- return( "certificate_authorities" );
-
- case MBEDTLS_TLS_EXT_OID_FILTERS:
- return( "oid_filters" );
-
- case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
- return( "post_handshake_auth" );
-
- case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
- return( "signature_algorithms_cert" );
-
- case MBEDTLS_TLS_EXT_KEY_SHARE:
- return( "key_share" );
- };
-
- return( "unknown" );
-}
-
-static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type )
-{
- switch( hs_msg_type )
- {
- case MBEDTLS_SSL_HS_CLIENT_HELLO:
- return( "ClientHello" );
- case MBEDTLS_SSL_HS_SERVER_HELLO:
- return( "ServerHello" );
- case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value.
- return( "HelloRetryRequest" );
- case MBEDTLS_SSL_HS_NEW_SESSION_TICKET:
- return( "NewSessionTicket" );
- case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
- return( "EncryptedExtensions" );
- case MBEDTLS_SSL_HS_CERTIFICATE:
- return( "Certificate" );
- case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
- return( "CertificateRequest" );
- }
- return( NULL );
-}
-
-void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl,
- int level, const char *file, int line,
- int hs_msg_type,
- uint32_t extensions_present )
-{
- static const struct{
- uint32_t extension_mask;
- const char *extension_name;
- } mask_to_str_table[] = {
- { MBEDTLS_SSL_EXT_SERVERNAME, "server_name" },
- { MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH, "max_fragment_length" },
- { MBEDTLS_SSL_EXT_STATUS_REQUEST, "status_request" },
- { MBEDTLS_SSL_EXT_SUPPORTED_GROUPS, "supported_groups" },
- { MBEDTLS_SSL_EXT_SIG_ALG, "signature_algorithms" },
- { MBEDTLS_SSL_EXT_USE_SRTP, "use_srtp" },
- { MBEDTLS_SSL_EXT_HEARTBEAT, "heartbeat" },
- { MBEDTLS_SSL_EXT_ALPN, "application_layer_protocol_negotiation" },
- { MBEDTLS_SSL_EXT_SCT, "signed_certificate_timestamp" },
- { MBEDTLS_SSL_EXT_CLI_CERT_TYPE, "client_certificate_type" },
- { MBEDTLS_SSL_EXT_SERV_CERT_TYPE, "server_certificate_type" },
- { MBEDTLS_SSL_EXT_PADDING, "padding" },
- { MBEDTLS_SSL_EXT_PRE_SHARED_KEY, "pre_shared_key" },
- { MBEDTLS_SSL_EXT_EARLY_DATA, "early_data" },
- { MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS, "supported_versions" },
- { MBEDTLS_SSL_EXT_COOKIE, "cookie" },
- { MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" },
- { MBEDTLS_SSL_EXT_CERT_AUTH, "certificate_authorities" },
- { MBEDTLS_SSL_EXT_OID_FILTERS, "oid_filters" },
- { MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" },
- { MBEDTLS_SSL_EXT_SIG_ALG_CERT, "signature_algorithms_cert" },
- { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } };
-
- mbedtls_debug_print_msg( ssl, level, file, line,
- "extension list of %s:",
- ssl_tls13_get_hs_msg_name( hs_msg_type ) );
-
- for( unsigned i = 0;
- i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] );
- i++ )
- {
- const char *extension_name = mask_to_str_table[i].extension_name;
- uint32_t is_present = extensions_present &
- mask_to_str_table[i].extension_mask;
-
- mbedtls_debug_print_msg( ssl, level, file, line,
- "- %s extension ( %s )", extension_name,
- is_present ? "true" : "false" );
- }
-}
-
-#endif /* MBEDTLS_DEBUG_C */
-
/* RFC 8446 section 4.2
*
* If an implementation receives an extension which it recognizes and which is