diff options
Diffstat (limited to 'lib/ssl/tls13exthandle.c')
-rw-r--r-- | lib/ssl/tls13exthandle.c | 82 |
1 files changed, 79 insertions, 3 deletions
diff --git a/lib/ssl/tls13exthandle.c b/lib/ssl/tls13exthandle.c index 91f96b933..4d24b37d6 100644 --- a/lib/ssl/tls13exthandle.c +++ b/lib/ssl/tls13exthandle.c @@ -154,6 +154,29 @@ tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, return SECFailure; } } + + /* GREASE KeyShareEntry: + * [The client] MAY also send KeyShareEntry values for a subset of those + * selected in the "key_share" extension. For each of these, the + * "key_exchange" field MAY be any value [RFC8701, Section 3.1]. + * + * By default we do not send KeyShares for every NamedGroup so the + * ServerKeyShare handshake message / additional round-trip is not + * triggered by sending GREASE KeyShareEntries. */ + if (ss->opt.enableGrease) { + rv = sslBuffer_AppendNumber(buf, ss->ssl3.hs.grease->idx[grease_group], 2); + if (rv != SECSuccess) + return rv; + /* Entry length */ + rv = sslBuffer_AppendNumber(buf, 2, 2); + if (rv != SECSuccess) + return rv; + /* Entry value */ + rv = sslBuffer_AppendNumber(buf, 0xCD, 2); + if (rv != SECSuccess) + return rv; + } + rv = sslBuffer_InsertLength(buf, lengthOffset, 2); if (rv != SECSuccess) { return SECFailure; @@ -877,6 +900,16 @@ tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnD } } + /* GREASE SupportedVersions: + * A client MAY select one or more GREASE version values and advertise them + * in the "supported_versions" extension, if sent [RFC8701, Section 3.1]. */ + if (ss->opt.enableGrease) { + rv = sslBuffer_AppendNumber(buf, ss->ssl3.hs.grease->idx[grease_version], 2); + if (rv != SECSuccess) { + return SECFailure; + } + } + rv = sslBuffer_InsertLength(buf, lengthOffset, 1); if (rv != SECSuccess) { return SECFailure; @@ -1045,7 +1078,6 @@ SECStatus tls13_ClientSendPskModesXtn(const sslSocket *ss, TLSExtensionData *xtnData, sslBuffer *buf, PRBool *added) { - static const PRUint8 ke_modes[] = { tls13_psk_dh_ke }; SECStatus rv; if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3 || @@ -1056,7 +1088,15 @@ tls13_ClientSendPskModesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SSL_TRC(3, ("%d: TLS13[%d]: send psk key exchange modes extension", SSL_GETPID(), ss->fd)); - rv = sslBuffer_AppendVariable(buf, ke_modes, sizeof(ke_modes), 1); + /* GREASE PskKeyExchangeMode: + * A client MAY select one or more GREASE PskKeyExchangeMode values and + * advertise them in the "psk_key_exchange_modes" extension, if sent + * [RFC8701, Section 3.1]. */ + if (ss->opt.enableGrease) { + rv = sslBuffer_AppendVariable(buf, (PRUint8[]){ tls13_psk_dh_ke, ss->ssl3.hs.grease->pskKem }, 2, 1); + } else { + rv = sslBuffer_AppendVariable(buf, (PRUint8[]){ tls13_psk_dh_ke }, 1, 1); + } if (rv != SECSuccess) { return SECFailure; } @@ -1341,7 +1381,8 @@ tls13_ClientSendDelegatedCredentialsXtn(const sslSocket *ss, return SECSuccess; } - rv = ssl3_EncodeFilteredSigAlgs(ss, filtered, filteredCount, buf); + rv = ssl3_EncodeFilteredSigAlgs(ss, filtered, filteredCount, + PR_FALSE /* GREASE */, buf); if (rv != SECSuccess) { return SECFailure; } @@ -1715,3 +1756,38 @@ alert_loser: PORT_SetError(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION); return SECFailure; } + +SECStatus +tls13_SendEmptyGreaseXtn(const sslSocket *ss, + TLSExtensionData *xtnData, + sslBuffer *buf, PRBool *added) +{ + if (!ss->opt.enableGrease || + (!ss->sec.isServer && ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) || + (ss->sec.isServer && ss->version < SSL_LIBRARY_VERSION_TLS_1_3)) { + return SECSuccess; + } + + *added = PR_TRUE; + return SECSuccess; +} + +SECStatus +tls13_SendGreaseXtn(const sslSocket *ss, + TLSExtensionData *xtnData, + sslBuffer *buf, PRBool *added) +{ + if (!ss->opt.enableGrease || + (!ss->sec.isServer && ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) || + (ss->sec.isServer && ss->version < SSL_LIBRARY_VERSION_TLS_1_3)) { + return SECSuccess; + } + + SECStatus rv = sslBuffer_AppendVariable(buf, (PRUint8[]){ 0x00 }, 1, 2); + if (rv != SECSuccess) { + return SECFailure; + } + + *added = PR_TRUE; + return SECSuccess; +} |