Add debug helpers to track extensions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 9f1df73..07e8c71 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -45,4 +45,25 @@
#endif /* MBEDTLS_DEBUG_C */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_DEBUG_C)
+
+const char *mbedtls_tls13_get_extension_name( uint16_t extension_type );
+
+void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ const char *hs_msg_name,
+ uint32_t extensions_present );
+
+#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) \
+ mbedtls_ssl_tls13_print_extensions( \
+ ssl, level, __FILE__, __LINE__, hs_msg_name, extensions_present )
+#else
+
+#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present )
+
+#endif
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
#endif /* SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 48e3675..662e6f4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1485,4 +1485,130 @@
}
#endif /* MBEDTLS_ECDH_C */
+#if defined(MBEDTLS_DEBUG_C)
+const char *mbedtls_tls13_get_extension_name( uint16_t extension_type )
+{
+ switch( extension_type )
+ {
+ case MBEDTLS_TLS_EXT_SERVERNAME:
+ return( "server_name" );
+
+ case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+ return( "max_fragment_length" );
+
+ case MBEDTLS_TLS_EXT_STATUS_REQUEST:
+ return( "status_request" );
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
+ return( "supported_groups" );
+
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ return( "signature_algorithms" );
+
+ case MBEDTLS_TLS_EXT_USE_SRTP:
+ return( "use_srtp" );
+
+ case MBEDTLS_TLS_EXT_HEARTBEAT:
+ return( "heartbeat" );
+
+ case MBEDTLS_TLS_EXT_ALPN:
+ return( "application_layer_protocol_negotiation" );
+
+ case MBEDTLS_TLS_EXT_SCT:
+ return( "signed_certificate_timestamp" );
+
+ case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
+ return( "client_certificate_type" );
+
+ case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
+ return( "server_certificate_type" );
+
+ case MBEDTLS_TLS_EXT_PADDING:
+ return( "padding" );
+
+ case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
+ return( "pre_shared_key" );
+
+ case MBEDTLS_TLS_EXT_EARLY_DATA:
+ return( "early_data" );
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
+ return( "supported_versions" );
+
+ case MBEDTLS_TLS_EXT_COOKIE:
+ return( "cookie" );
+
+ case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
+ return( "psk_key_exchange_modes" );
+
+ case MBEDTLS_TLS_EXT_CERT_AUTH:
+ return( "certificate_authorities" );
+
+ case MBEDTLS_TLS_EXT_OID_FILTERS:
+ return( "oid_filters" );
+
+ case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
+ return( "post_handshake_auth" );
+
+ case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
+ return( "signature_algorithms_cert" );
+
+ case MBEDTLS_TLS_EXT_KEY_SHARE:
+ return( "key_share" );
+ };
+
+ return( "unknown" );
+}
+
+void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ const char *hs_msg_name,
+ uint32_t extensions_present )
+{
+ static const struct{
+ uint32_t extension_mask;
+ const char *extension_name;
+ } mask_to_str_table[] = {
+ { MBEDTLS_SSL_EXT_SERVERNAME, "server_name" },
+ { MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH, "max_fragment_length" },
+ { MBEDTLS_SSL_EXT_STATUS_REQUEST, "status_request" },
+ { MBEDTLS_SSL_EXT_SUPPORTED_GROUPS, "supported_groups" },
+ { MBEDTLS_SSL_EXT_SIG_ALG, "signature_algorithms" },
+ { MBEDTLS_SSL_EXT_USE_SRTP, "use_srtp" },
+ { MBEDTLS_SSL_EXT_HEARTBEAT, "heartbeat" },
+ { MBEDTLS_SSL_EXT_ALPN, "application_layer_protocol_negotiation" },
+ { MBEDTLS_SSL_EXT_SCT, "signed_certificate_timestamp" },
+ { MBEDTLS_SSL_EXT_CLI_CERT_TYPE, "client_certificate_type" },
+ { MBEDTLS_SSL_EXT_SERV_CERT_TYPE, "server_certificate_type" },
+ { MBEDTLS_SSL_EXT_PADDING, "padding" },
+ { MBEDTLS_SSL_EXT_PRE_SHARED_KEY, "pre_shared_key" },
+ { MBEDTLS_SSL_EXT_EARLY_DATA, "early_data" },
+ { MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS, "supported_versions" },
+ { MBEDTLS_SSL_EXT_COOKIE, "cookie" },
+ { MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" },
+ { MBEDTLS_SSL_EXT_CERT_AUTH, "certificate_authorities" },
+ { MBEDTLS_SSL_EXT_OID_FILTERS, "oid_filters" },
+ { MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" },
+ { MBEDTLS_SSL_EXT_SIG_ALG_CERT, "signature_algorithms_cert" },
+ { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } };
+
+ mbedtls_debug_print_msg( ssl, level, file, line,
+ "extension list of %s:", hs_msg_name );
+
+ for( unsigned i = 0;
+ i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] );
+ i++ )
+ {
+ const char *extension_name = mask_to_str_table[i].extension_name;
+ uint32_t is_present = extensions_present &
+ mask_to_str_table[i].extension_mask;
+
+ mbedtls_debug_print_msg( ssl, level, file, line,
+ "- %s extension ( %s )", extension_name,
+ is_present ? "true" : "false" );
+ }
+}
+
+#endif /* MBEDTLS_DEBUG_C */
+
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 3762393..b24aa4a 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -926,56 +926,6 @@
}
#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_DEBUG_C)
-static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
-{
- ((void) ssl);
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- KEY_SHARE_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ?
- "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- PRE_SHARED_KEY_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SUPPORTED_GROUPS_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ?
- "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SUPPORTED_VERSION_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION )
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SERVERNAME_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#if defined ( MBEDTLS_SSL_ALPN )
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- ALPN_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#endif /* MBEDTLS_SSL_ALPN */
-}
-#endif /* MBEDTLS_DEBUG_C */
-
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
int exts_mask )
@@ -1655,18 +1605,14 @@
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown extension found: %ud ( ignoring )",
- extension_type ) );
+ ( "client hello: received %s(%u) extension ( ignored )",
+ mbedtls_tls13_get_extension_name( extension_type ),
+ extension_type ) );
}
p += extension_data_len;
}
-#if defined(MBEDTLS_DEBUG_C)
- /* List all the extensions we have received */
- ssl_tls13_debug_print_client_hello_exts( ssl );
-#endif /* MBEDTLS_DEBUG_C */
-
mbedtls_ssl_add_hs_hdr_to_checksum( ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf );