74
74
#define PTLS_EXTENSION_TYPE_PSK_KEY_EXCHANGE_MODES 45
75
75
#define PTLS_EXTENSION_TYPE_KEY_SHARE 51
76
76
77
- #define PTLS_PROTOCOL_VERSION_DRAFT23 0x7f17
77
+ #define PTLS_PROTOCOL_VERSION_DRAFT26 0x7f1a
78
+ #define PTLS_PROTOCOL_VERSION_DRAFT27 0x7f1b
79
+ #define PTLS_PROTOCOL_VERSION_DRAFT28 0x7f1c
78
80
79
81
#define PTLS_SERVER_NAME_TYPE_HOSTNAME 0
80
82
95
97
#define PTLS_MEMORY_DEBUG 0
96
98
#endif
97
99
100
+ /**
101
+ * list of supported versions in the preferred order
102
+ */
103
+ static const uint16_t supported_versions [] = {PTLS_PROTOCOL_VERSION_DRAFT28 , PTLS_PROTOCOL_VERSION_DRAFT27 ,
104
+ PTLS_PROTOCOL_VERSION_DRAFT26 };
105
+
98
106
static const uint8_t hello_retry_random [PTLS_HELLO_RANDOM_SIZE ] = {0xCF , 0x21 , 0xAD , 0x74 , 0xE5 , 0x9A , 0x61 , 0x11 , 0xBE , 0x1D , 0x8C ,
99
107
0x02 , 0x1E , 0x65 , 0xB8 , 0x91 , 0xC2 , 0xA2 , 0x11 , 0x16 , 0x7A , 0xBB ,
100
108
0x8C , 0x5E , 0x07 , 0x9E , 0x09 , 0xE2 , 0xC8 , 0xA8 , 0x33 , 0x9C };
@@ -301,6 +309,15 @@ struct st_ptls_extension_bitmap_t {
301
309
302
310
static uint8_t zeroes_of_max_digest_size [PTLS_MAX_DIGEST_SIZE ] = {0 };
303
311
312
+ static int is_supported_version (uint16_t v )
313
+ {
314
+ size_t i ;
315
+ for (i = 0 ; i != sizeof (supported_versions ) / sizeof (supported_versions [0 ]); ++ i )
316
+ if (supported_versions [i ] == v )
317
+ return 1 ;
318
+ return 0 ;
319
+ }
320
+
304
321
static inline int extension_bitmap_is_set (struct st_ptls_extension_bitmap_t * bitmap , uint16_t id )
305
322
{
306
323
if (id < sizeof (bitmap -> bits ) * 8 )
@@ -475,12 +492,23 @@ int ptls_buffer_push_asn1_ubigint(ptls_buffer_t *buf, const void *bignum, size_t
475
492
return ret ;
476
493
}
477
494
495
+ static void build_aad (uint8_t aad [5 ], size_t reclen )
496
+ {
497
+ aad [0 ] = PTLS_CONTENT_TYPE_APPDATA ;
498
+ aad [1 ] = PTLS_RECORD_VERSION_MAJOR ;
499
+ aad [2 ] = PTLS_RECORD_VERSION_MINOR ;
500
+ aad [3 ] = (uint8_t )(reclen >> 8 );
501
+ aad [4 ] = (uint8_t )reclen ;
502
+ }
503
+
478
504
static size_t aead_encrypt (struct st_ptls_traffic_protection_t * ctx , void * output , const void * input , size_t inlen ,
479
505
uint8_t content_type )
480
506
{
507
+ uint8_t aad [5 ];
481
508
size_t off = 0 ;
482
509
483
- ptls_aead_encrypt_init (ctx -> aead , ctx -> seq ++ , NULL , 0 );
510
+ build_aad (aad , inlen + 1 + ctx -> aead -> algo -> tag_size );
511
+ ptls_aead_encrypt_init (ctx -> aead , ctx -> seq ++ , aad , sizeof (aad ));
484
512
off += ptls_aead_encrypt_update (ctx -> aead , ((uint8_t * )output ) + off , input , inlen );
485
513
off += ptls_aead_encrypt_update (ctx -> aead , ((uint8_t * )output ) + off , & content_type , 1 );
486
514
off += ptls_aead_encrypt_final (ctx -> aead , ((uint8_t * )output ) + off );
@@ -490,7 +518,10 @@ static size_t aead_encrypt(struct st_ptls_traffic_protection_t *ctx, void *outpu
490
518
491
519
static int aead_decrypt (struct st_ptls_traffic_protection_t * ctx , void * output , size_t * outlen , const void * input , size_t inlen )
492
520
{
493
- if ((* outlen = ptls_aead_decrypt (ctx -> aead , output , input , inlen , ctx -> seq , NULL , 0 )) == SIZE_MAX )
521
+ uint8_t aad [5 ];
522
+
523
+ build_aad (aad , inlen );
524
+ if ((* outlen = ptls_aead_decrypt (ctx -> aead , output , input , inlen , ctx -> seq , aad , sizeof (aad ))) == SIZE_MAX )
494
525
return PTLS_ALERT_BAD_RECORD_MAC ;
495
526
++ ctx -> seq ;
496
527
return 0 ;
@@ -1341,7 +1372,11 @@ static int send_client_hello(ptls_t *tls, ptls_buffer_t *sendbuf, ptls_handshake
1341
1372
});
1342
1373
}
1343
1374
buffer_push_extension (sendbuf , PTLS_EXTENSION_TYPE_SUPPORTED_VERSIONS , {
1344
- ptls_buffer_push_block (sendbuf , 1 , { ptls_buffer_push16 (sendbuf , PTLS_PROTOCOL_VERSION_DRAFT23 ); });
1375
+ ptls_buffer_push_block (sendbuf , 1 , {
1376
+ size_t i ;
1377
+ for (i = 0 ; i != sizeof (supported_versions ) / sizeof (supported_versions [0 ]); ++ i )
1378
+ ptls_buffer_push16 (sendbuf , supported_versions [i ]);
1379
+ });
1345
1380
});
1346
1381
buffer_push_extension (sendbuf , PTLS_EXTENSION_TYPE_SIGNATURE_ALGORITHMS , {
1347
1382
ptls_buffer_push_block (sendbuf , 2 , {
@@ -1567,7 +1602,7 @@ static int decode_server_hello(ptls_t *tls, struct st_ptls_server_hello_t *sh, c
1567
1602
}
1568
1603
});
1569
1604
1570
- if (found_version != PTLS_PROTOCOL_VERSION_DRAFT23 ) {
1605
+ if (! is_supported_version ( found_version ) ) {
1571
1606
ret = PTLS_ALERT_ILLEGAL_PARAMETER ;
1572
1607
goto Exit ;
1573
1608
}
@@ -2154,13 +2189,21 @@ static int decode_client_hello(ptls_t *tls, struct st_ptls_client_hello_t *ch, c
2154
2189
break ;
2155
2190
case PTLS_EXTENSION_TYPE_SUPPORTED_VERSIONS :
2156
2191
ptls_decode_block (src , end , 1 , {
2192
+ size_t selected_index = sizeof (supported_versions ) / sizeof (supported_versions [0 ]);
2157
2193
do {
2194
+ size_t i ;
2158
2195
uint16_t v ;
2159
2196
if ((ret = ptls_decode16 (& v , & src , end )) != 0 )
2160
2197
goto Exit ;
2161
- if (ch -> selected_version == 0 && v == PTLS_PROTOCOL_VERSION_DRAFT23 )
2162
- ch -> selected_version = v ;
2198
+ for (i = 0 ; i != selected_index ; ++ i ) {
2199
+ if (supported_versions [i ] == v ) {
2200
+ selected_index = i ;
2201
+ break ;
2202
+ }
2203
+ }
2163
2204
} while (src != end );
2205
+ if (selected_index != sizeof (supported_versions ) / sizeof (supported_versions [0 ]))
2206
+ ch -> selected_version = supported_versions [selected_index ];
2164
2207
});
2165
2208
break ;
2166
2209
case PTLS_EXTENSION_TYPE_COOKIE :
@@ -2258,8 +2301,7 @@ static int decode_client_hello(ptls_t *tls, struct st_ptls_client_hello_t *ch, c
2258
2301
});
2259
2302
2260
2303
/* check if client hello make sense */
2261
- switch (ch -> selected_version ) {
2262
- case PTLS_PROTOCOL_VERSION_DRAFT23 :
2304
+ if (is_supported_version (ch -> selected_version )) {
2263
2305
if (!(ch -> compression_methods .count == 1 && ch -> compression_methods .ids [0 ] == 0 )) {
2264
2306
ret = PTLS_ALERT_ILLEGAL_PARAMETER ;
2265
2307
goto Exit ;
@@ -2277,8 +2319,7 @@ static int decode_client_hello(ptls_t *tls, struct st_ptls_client_hello_t *ch, c
2277
2319
goto Exit ;
2278
2320
}
2279
2321
}
2280
- break ;
2281
- default :
2322
+ } else {
2282
2323
ret = PTLS_ALERT_PROTOCOL_VERSION ;
2283
2324
goto Exit ;
2284
2325
}
@@ -2447,7 +2488,7 @@ static int server_handle_hello(ptls_t *tls, ptls_buffer_t *sendbuf, ptls_iovec_t
2447
2488
ptls_buffer_push (sendbuf , 0 ); \
2448
2489
ptls_buffer_push_block (sendbuf , 2 , { \
2449
2490
buffer_push_extension (sendbuf , PTLS_EXTENSION_TYPE_SUPPORTED_VERSIONS , \
2450
- { ptls_buffer_push16 (sendbuf , PTLS_PROTOCOL_VERSION_DRAFT23 ); }); \
2491
+ { ptls_buffer_push16 (sendbuf , ch . selected_version ); }); \
2451
2492
do { \
2452
2493
extensions \
2453
2494
} while (0 ); \
0 commit comments