X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_common.t0;h=aa67ee8f818264c103c0a11ff58dceed165cccb3;hp=da6fc8adef39dc4128796067488c5cddf3e29669;hb=c1d1306e276005428778c669a149f2a4cbc50c85;hpb=e61ad42191511226309bad2cbde8cd9e8cc743cb diff --git a/src/ssl/ssl_hs_common.t0 b/src/ssl/ssl_hs_common.t0 index da6fc8a..aa67ee8 100644 --- a/src/ssl/ssl_hs_common.t0 +++ b/src/ssl/ssl_hs_common.t0 @@ -157,6 +157,8 @@ addr-eng: pad addr-eng: action addr-eng: alert addr-eng: close_received +addr-eng: protocol_names_num +addr-eng: selected_protocol \ Similar to 'addr-eng:', for fields in the 'session' substructure. : addr-session-field: @@ -467,7 +469,7 @@ cc: read-chunk-native ( addr len -- addr len ) { \ no_renegotiation has value 100, and we treat it \ as a fatal alert. dup 100 = if 256 + fail then - 0= ret + 0= endof \ Fatal alert implies context termination. drop 256 + fail @@ -903,8 +905,14 @@ hexb| 0000 | \ List terminator. then endof - \ ChaCha20/Poly1305 - \ 5 of endof + \ ChaCha20+Poly1305 + 5 of drop + for-input if + switch-chapol-in + else + switch-chapol-out + then + endof ERR_BAD_PARAM fail endcase @@ -958,6 +966,22 @@ cc: switch-aesgcm-in ( is_client prf_id cipher_key_len -- ) { ENG->iaes_ctr, cipher_key_len); } +cc: switch-chapol-out ( is_client prf_id -- ) { + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id); +} + +cc: switch-chapol-in ( is_client prf_id -- ) { + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id); +} + \ Write Finished message. : write-Finished ( from_client -- ) compute-Finished @@ -1038,13 +1062,22 @@ cc: compute-Finished-inner ( from_client prf_id -- ) { read16 open-elt begin dup while read8 { hash } read8 { sign } - \ We keep the value if the signature is either 1 (RSA) - \ or 3 (ECDSA), and the hash is one of the SHA-* functions - \ (2 to 6, from SHA-1 to SHA-512); we reject MD5. - hash 2 >= hash 6 <= and - sign 1 = sign 3 = or - and if - hashes 1 sign 1- 2 << hash + << or >hashes + + \ If hash is 0x08 then this is a "new algorithm" identifier, + \ and we set the corresponding bit if it is in the 0..15 + \ range. Otherwise, we keep the value only if the signature + \ is either 1 (RSA) or 3 (ECDSA), and the hash is one of the + \ SHA-* functions (2 to 6). Note that we reject MD5. + hash 8 = if + sign 15 <= if + 1 sign 16 + << hashes or >hashes + then + else + hash 2 >= hash 6 <= and + sign 1 = sign 3 = or + and if + hashes 1 sign 1- 2 << hash + << or >hashes + then then repeat close-elt @@ -1213,3 +1246,33 @@ cc: get-key-type-usages ( -- key-type-usages ) { \ Return key type and usages. get-key-type-usages ; + +\ ======================================================================= + +\ Copy a specific protocol name from the list to the pad. The byte +\ length is returned. +cc: copy-protocol-name ( idx -- len ) { + size_t idx = T0_POP(); + size_t len = strlen(ENG->protocol_names[idx]); + memcpy(ENG->pad, ENG->protocol_names[idx], len); + T0_PUSH(len); +} + +\ Compare name in pad with the configured list of protocol names. +\ If a match is found, then the index is returned; otherwise, -1 +\ is returned. +cc: test-protocol-name ( len -- n ) { + size_t len = T0_POP(); + size_t u; + + for (u = 0; u < ENG->protocol_names_num; u ++) { + const char *name; + + name = ENG->protocol_names[u]; + if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) { + T0_PUSH(u); + T0_RET(); + } + } + T0_PUSHi(-1); +}