From 8897c070756e66b9b01441ea282470ae4f958714 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 12 Aug 2022 13:56:53 +0800 Subject: [PATCH 01/24] Add server only guards for psk callback Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ++++ library/ssl_tls.c | 3 +++ tests/suites/test_suite_ssl.function | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index eda6bc2f21..5a02182c0e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1390,10 +1390,12 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_SRV_C) /** Callback to retrieve PSK key from identity */ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */ #endif +#endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a cookie for ClientHello verification */ @@ -3415,6 +3417,7 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, mbedtls_svc_key_id_t psk ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_SSL_SRV_C) /** * \brief Set the PSK callback (server-side only). * @@ -3457,6 +3460,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_psk ); +#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0615ea7d1..616df07de8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1795,6 +1795,7 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_SSL_SRV_C) void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), @@ -1803,6 +1804,8 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, conf->f_psk = f_psk; conf->p_psk = p_psk; } +#endif /* MBEDTLS_SSL_SRV_C */ + #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f24d1a4933..7b5743ece6 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2184,8 +2184,9 @@ void perform_handshake( handshake_test_options *options ) options->psk_str->len, (const unsigned char *) psk_identity, strlen( psk_identity ) ) == 0 ); - +#if defined(MBEDTLS_SSL_SRV_C) mbedtls_ssl_conf_psk_cb( &server.conf, psk_dummy_callback, NULL ); +#endif } #endif #if defined(MBEDTLS_SSL_RENEGOTIATION) From 0c6105bc9ed69a02706abd28b9ec92eec4796e4b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 12 Aug 2022 17:26:40 +0800 Subject: [PATCH 02/24] empty pre_shared_key functions To easy review Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 365 ++++--------------------------------- 1 file changed, 39 insertions(+), 326 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 40e3cfd70d..645479b830 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -665,56 +665,6 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, return ( 0 ); } -/* Check if we have any PSK to offer, returns 0 if a PSK is available. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_psk_to_offer( - const mbedtls_ssl_context *ssl, - int *psk_type, - const unsigned char **psk, size_t *psk_len, - const unsigned char **psk_identity, size_t *psk_identity_len ) -{ - *psk = NULL; - *psk_len = 0; - *psk_identity = NULL; - *psk_identity_len = 0; - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - /* Check if a ticket has been configured. */ - if( ssl->session_negotiate != NULL && - ssl->session_negotiate->ticket != NULL ) - { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t now = mbedtls_time( NULL ); - if( ssl->session_negotiate->ticket_received <= now && - (uint64_t)( now - ssl->session_negotiate->ticket_received ) - <= ssl->session_negotiate->ticket_lifetime ) - { - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; - *psk = ssl->session_negotiate->resumption_key; - *psk_len = ssl->session_negotiate->resumption_key_len; - *psk_identity = ssl->session_negotiate->ticket; - *psk_identity_len = ssl->session_negotiate->ticket_len; - return( 0 ); - } -#endif /* MBEDTLS_HAVE_TIME */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) ); - } -#endif - - /* Check if an external PSK has been configured. */ - if( ssl->conf->psk != NULL ) - { - *psk = ssl->conf->psk; - *psk_len = ssl->conf->psk_len; - *psk_identity = ssl->conf->psk_identity; - *psk_identity_len = ssl->conf->psk_identity_len; - return( 0 ); - } - - return( MBEDTLS_ERR_ERROR_GENERIC_ERROR ); -} - /* * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: * @@ -743,204 +693,53 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( unsigned char *buf, unsigned char *end, size_t *out_len, size_t *binders_len ) { - unsigned char *p = buf; - const unsigned char *psk; - size_t psk_len; - const unsigned char *psk_identity; - size_t psk_identity_len; - int psk_type; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - const int *ciphersuites; - psa_algorithm_t psa_hash_alg; - int hash_len = 0; - size_t identities_len, l_binders_len; - uint32_t obfuscated_ticket_age = 0; - - *out_len = 0; - *binders_len = 0; - - /* Check if we have any PSKs to offer. If so, return the first. - * - * NOTE: Ultimately, we want to be able to offer multiple PSKs, - * in which case we want to iterate over them here. - * - * As it stands, however, we only ever offer one, chosen - * by the following heuristic: - * - If a ticket has been configured, offer the corresponding PSK. - * - If no ticket has been configured by an external PSK has been - * configured, offer that. - * - Otherwise, skip the PSK extension. - */ - if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len, - &psk_identity, &psk_identity_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) ); - return( 0 ); - } - - if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) - { - /* - * Ciphersuite list - */ - ciphersuites = ssl->conf->ciphersuite_list; - for( int i = 0; ciphersuites[i] != 0; i++ ) - { - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( - ciphersuites[i] ); - - if( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, - MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) - continue; - - /* In this implementation we only add one pre-shared-key - * extension. - */ - ssl->session_negotiate->ciphersuite = ciphersuites[i]; - break; - } - } - else -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) - { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t now = mbedtls_time( NULL ); - - obfuscated_ticket_age = - ( (uint32_t)( now - ssl->session_negotiate->ticket_received ) * 1000 ) - + ssl->session_negotiate->ticket_age_add; -#endif - } - else -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "write_identities_of_pre_shared_key_ext: " - "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ); - /* No suitable ciphersuite for the PSK */ - if( ciphersuite_info == NULL ) - return( 0 ); - - psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); - hash_len = PSA_HASH_LENGTH( psa_hash_alg ); - if( hash_len == -1 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - /* Check if we have space to write the extension, binder included. - * - extension_type (2 bytes) - * - extension_data_len (2 bytes) - * - identities_len (2 bytes) - * - identity_len (2 bytes) - * - identity (psk_identity_len bytes) - * - obfuscated_ticket_age (4 bytes) - * - binders_len (2 bytes) - * - binder_len (1 byte) - * - binder (hash_len bytes) - */ - - identities_len = 6 + psk_identity_len; - l_binders_len = 1 + hash_len; - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding pre_shared_key extension, " - "omitting PSK binder list" ) ); - - /* Extension header */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 8 ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0 ); - MBEDTLS_PUT_UINT16_BE( 2 + identities_len + 2 + l_binders_len , p, 2 ); - - MBEDTLS_PUT_UINT16_BE( identities_len, p, 4 ); - MBEDTLS_PUT_UINT16_BE( psk_identity_len, p, 6 ); - p += 8; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, psk_identity_len ); - memcpy( p, psk_identity, psk_identity_len ); - p += psk_identity_len; - - /* add obfuscated ticket age */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, p, 0 ); - p += 4; - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 + l_binders_len ); - *out_len = ( p - buf ) + l_binders_len + 2; - *binders_len = l_binders_len + 2; - - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - + ((void) ssl); + ((void) buf); + ((void) end); + ((void) out_len); + ((void) binders_len); return( 0 ); } int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end ) + mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - const unsigned char *psk_identity; - size_t psk_identity_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - psa_algorithm_t psa_hash_alg; - int hash_len = 0; - const unsigned char *psk = NULL; - size_t psk_len = 0; - int psk_type; - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; - size_t transcript_len; - - if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len, - &psk_identity, &psk_identity_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ); - if( ciphersuite_info == NULL ) - return( 0 ); - - psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); - hash_len = PSA_HASH_LENGTH( psa_hash_alg ); - if( ( hash_len == -1 ) || ( ( end - buf ) != 3 + hash_len ) ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding PSK binder list" ) ); - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 + hash_len ); - /* 2 bytes length field for array of psk binders */ - MBEDTLS_PUT_UINT16_BE( hash_len + 1, p, 0 ); - p += 2; - - /* 1 bytes length field for next psk binder */ - *p++ = MBEDTLS_BYTE_0( hash_len ); - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( ssl, ciphersuite_info->mac, - transcript, sizeof( transcript ), - &transcript_len ); - if( ret != 0 ) - return( ret ); - - ret = mbedtls_ssl_tls13_create_psk_binder( ssl, - mbedtls_psa_translate_md( ciphersuite_info->mac ), - psk, psk_len, psk_type, - transcript, p ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); - return( ret ); - } + ((void) ssl); + ((void) buf); + ((void) end); return( 0 ); } + +/* + * struct { + * opaque identity<1..2^16-1>; + * uint32 obfuscated_ticket_age; + * } PskIdentity; + * + * opaque PskBinderEntry<32..255>; + * + * struct { + * + * select (Handshake.msg_type) { + * ... + * case server_hello: uint16 selected_identity; + * }; + * + * } PreSharedKeyExtension; + * + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + return( 0 ); +} + #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, @@ -1299,92 +1098,6 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss return( 0 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -/* - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * - * select (Handshake.msg_type) { - * ... - * case server_hello: uint16 selected_identity; - * }; - * - * } PreSharedKeyExtension; - * - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end ) -{ - int ret = 0; - size_t selected_identity; - - int psk_type; - const unsigned char *psk; - size_t psk_len; - const unsigned char *psk_identity; - size_t psk_identity_len; - - /* Check which PSK we've offered. - * - * NOTE: Ultimately, we want to offer multiple PSKs, and in this - * case, we need to iterate over them here. - */ - if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len, - &psk_identity, &psk_identity_len ) != 0 ) - { - /* If we haven't offered a PSK, the server must not send - * a PSK identity extension. */ - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 ); - - /* We have offered only one PSK, so the only valid choice - * for the server is PSK index 0. - * - * This will change once we support multiple PSKs. */ - if( selected_identity > 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server's chosen PSK identity out of range" ) ); - - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ) ) != 0 ) - { - return( ret ); - } - - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - - /* Set the chosen PSK - * - * TODO: We don't have to do this in case we offered 0-RTT and the - * server accepted it, because in this case we've already - * set the handshake PSK. */ - ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret ); - return( ret ); - } - - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( 0 ); -} - -#endif - /* Parse ServerHello message and configure context * * struct { From f7c125917c56026bc80c9ae87d22ba63c08d65c5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 28 Sep 2022 22:09:38 +0800 Subject: [PATCH 03/24] Add identites writer Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 219 ++++++++++++++++++++++++++++++++++++- 1 file changed, 214 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 645479b830..547651d971 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -665,6 +665,74 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, return ( 0 ); } +static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, + int ciphersuite ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); + + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, + MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 ) + { + return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); + } + return( PSA_ALG_NONE ); +} + +static int ssl_tls13_has_configured_psk( mbedtls_ssl_context *ssl ) +{ + return( ssl->conf->psk != NULL && + ssl->conf->psk_len != 0 && + ssl->conf->psk_identity != NULL && + ssl->conf->psk_identity_len != 0 ); +} + +static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) +{ + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_session *session = ssl->session_negotiate; + return( session != NULL && + session->ticket != NULL && + ssl_tls13_ciphersuite_to_alg( ssl, + ssl->session_negotiate->ciphersuite ) != PSA_ALG_NONE ); +#else + ((void) ssl); + return( 0 ); +#endif +} + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_session_tickets_get_identity( + mbedtls_ssl_context *ssl, psa_algorithm_t *psa_alg, + const unsigned char **identity, size_t *identity_len ) +{ + mbedtls_ssl_session *session = ssl->session_negotiate; + *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); + *identity = session->ticket; + *identity_len = session->ticket_len; + return( 0 ); +} + +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, + psa_algorithm_t *psa_alg, + const unsigned char **identity, + size_t *identity_len ) +{ + + *psa_alg = PSA_ALG_SHA_256; + *identity = ssl->conf->psk_identity; + *identity_len = ssl->conf->psk_identity_len; + return( 0 ); +} + /* * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: * @@ -688,16 +756,157 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, * } PreSharedKeyExtension; * */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + int psk_type, + size_t *out_len, + size_t *binder_len ) +{ + unsigned char *p = buf; + psa_algorithm_t psa_alg; + const unsigned char *identity; + size_t identity_len; + uint32_t obfuscated_ticket_age = 0; + int hash_len; + + *out_len = 0; + *binder_len = 0; + + switch( psk_type ) + { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + if( ssl_tls13_session_tickets_get_identity( + ssl, &psa_alg, &identity, &identity_len ) == 0 ) + { +#if defined(MBEDTLS_HAVE_TIME) + mbedtls_time_t now = mbedtls_time( NULL ); + mbedtls_ssl_session *session = ssl->session_negotiate; + obfuscated_ticket_age = + (uint32_t)( now - session->ticket_received ); + obfuscated_ticket_age *= 1000; + obfuscated_ticket_age += session->ticket_age_add ; +#endif /* MBEDTLS_HAVE_TIME */ + } + else + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + break; +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + if( ssl_tls13_psk_get_identity( + ssl, &psa_alg, &identity, &identity_len ) != 0 ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + break; + default: + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + hash_len = PSA_HASH_LENGTH( psa_alg ); + if( hash_len == -1 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* + * - identity_len (2 bytes) + * - identity (psk_identity_len bytes) + * - obfuscated_ticket_age (4 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + identity_len ); + + MBEDTLS_PUT_UINT16_BE( identity_len, p, 0 ); + memcpy( p + 2, identity, identity_len ); + MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, p, 2 + identity_len ); + + MBEDTLS_SSL_DEBUG_BUF( 4, "write identity", p, 6 + identity_len ); + + *out_len = 6 + identity_len; + *binder_len = 1 + hash_len; + + return( 0 ); +} + int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *out_len, size_t *binders_len ) { - ((void) ssl); - ((void) buf); - ((void) end); - ((void) out_len); - ((void) binders_len); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + size_t l_binders_len = 0; + + *out_len = 0; + *binders_len = 0; + + /* Check if we have any PSKs to offer. If no, skip pre_shared_key */ + if( !ssl_tls13_has_configured_psk( ssl ) && + !ssl_tls13_has_configured_ticket( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) ); + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Pre-configured PSK number = %d", + ssl_tls13_has_configured_psk( ssl ) + + ssl_tls13_has_configured_ticket( ssl ) ) ); + /* Check if we have space to write the extension, binders included. + * - extension_type (2 bytes) + * - extension_data_len (2 bytes) + * - identities_len (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + if( ssl_tls13_has_configured_ticket( ssl ) ) + { + size_t output_len, binder_len; + ret = ssl_tls13_write_identity( ssl, p, end, + MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, + &output_len, &binder_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + l_binders_len += binder_len; + } + + if( ssl_tls13_has_configured_psk( ssl ) ) + { + size_t output_len, binder_len; + ret = ssl_tls13_write_identity( ssl, p, end, + MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, + &output_len, &binder_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + l_binders_len += binder_len; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding pre_shared_key extension, " + "omitting PSK binder list" ) ); + /* + * - extension_type (2 bytes) + * - extension_data_len (2 bytes) + * - identities_len (2 bytes) + */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0 ); + MBEDTLS_PUT_UINT16_BE( p - buf - 4 + 2 + l_binders_len , buf, 2 ); + MBEDTLS_PUT_UINT16_BE( p - buf - 6 , buf, 4 ); + + /* Check if there are enough space for binders */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, l_binders_len + 2 ); + + *out_len = ( p - buf ) + l_binders_len + 2; + *binders_len = l_binders_len + 2; + + MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf ); + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + return( 0 ); } From 1a0a0f4416944ff93717be268304e540ca520592 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 28 Sep 2022 22:11:02 +0800 Subject: [PATCH 04/24] Add binders writer Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 146 ++++++++++++++++++++++++++++++++++++- 1 file changed, 143 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 547651d971..babbbbdc63 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -718,6 +718,22 @@ static int ssl_tls13_session_tickets_get_identity( return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_session_tickets_get_psk( mbedtls_ssl_context *ssl, + psa_algorithm_t *psa_alg, + const unsigned char **psk, + size_t *psk_len ) +{ + + mbedtls_ssl_session *session = ssl->session_negotiate; + + *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); + *psk = session->resumption_key; + *psk_len = session->resumption_key_len; + + return( 0 ); +} + #endif /* MBEDTLS_SSL_SESSION_TICKETS */ MBEDTLS_CHECK_RETURN_CRITICAL @@ -733,6 +749,18 @@ static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl, + psa_algorithm_t *psa_alg, + const unsigned char **psk, + size_t *psk_len ) +{ + *psa_alg = PSA_ALG_SHA_256; + *psk = ssl->conf->psk; + *psk_len = ssl->conf->psk_len; + return( 0 ); +} + /* * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: * @@ -910,12 +938,124 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( return( 0 ); } +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + int psk_type, + size_t *out_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + const unsigned char *psk; + psa_algorithm_t psa_alg = PSA_ALG_NONE; + size_t psk_len; + unsigned char binder_len; + unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + size_t transcript_len = 0; + + *out_len = 0; + + switch( psk_type ) + { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + if( ssl_tls13_session_tickets_get_psk( + ssl, &psa_alg, &psk, &psk_len ) != 0 ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + break; +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/ + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + break; + default: + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + binder_len = PSA_HASH_LENGTH( psa_alg ); + if( binder_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* + * - binder_len (1 bytes) + * - binder (binder_len bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len ); + + p[0] = binder_len; + + /* Get current state of handshake transcript. */ + ret = mbedtls_ssl_get_handshake_transcript( + ssl, mbedtls_hash_info_md_from_psa( psa_alg ), + transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len ); + if( ret != 0 ) + return( ret ); + + + + ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg, + psk, psk_len, psk_type, + transcript, p + 1 ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); + return( ret ); + } + MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len ); + + *out_len = 1 + binder_len; + + return( ret ); +} + int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ) { - ((void) ssl); - ((void) buf); - ((void) end); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + + /* Check if we have space to write binders_len. + * - binders_len (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + p += 2; + + if( ssl_tls13_has_configured_ticket( ssl ) ) + { + size_t output_len; + ret = ssl_tls13_write_binder( ssl, p, end, + MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, + &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + } + + if( ssl_tls13_has_configured_psk( ssl ) ) + { + size_t output_len; + ret = ssl_tls13_write_binder( ssl, p, end, + MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, + &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding PSK binder list." ) ); + + /* + * - binders_len (2 bytes) + */ + MBEDTLS_PUT_UINT16_BE( p - buf - 2, buf, 0 ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf ); return( 0 ); } From b300e3c5be3f1a749b73fd89e1a089b957f31bca Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 28 Sep 2022 22:12:07 +0800 Subject: [PATCH 05/24] add selected_identity parser Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 88 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index babbbbdc63..67ecdc9591 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1083,10 +1083,90 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { - ((void) ssl); - ((void) buf); - ((void) end); - return( 0 ); + int ret = 0; + int selected_identity; + int psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; + const unsigned char *psk; + size_t psk_len; + psa_algorithm_t psa_alg; + + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) ); + + if( ssl_tls13_has_configured_psk( ssl ) && + ssl_tls13_has_configured_ticket( ssl ) ) + { + if( selected_identity >= 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); + goto exit; + } + switch( selected_identity ) + { + case 0: + psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; + break; + case 1: + psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; + break; + } + } + else if( ssl_tls13_has_configured_psk( ssl ) || + ssl_tls13_has_configured_ticket( ssl ) ) + { + if( selected_identity >= 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); + goto exit; + } + + if( ssl_tls13_has_configured_psk( ssl ) ) + psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; + else if( ssl_tls13_has_configured_ticket( ssl ) ) + psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + switch( psk_type ) + { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + ret = ssl_tls13_session_tickets_get_psk( + ssl, &psa_alg, &psk, &psk_len ); + break; +#endif + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + ret = ssl_tls13_psk_get_psk( + ssl, &psa_alg, &psk, &psk_len ); + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret ); + } + else + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + + return( ret ); + +exit: + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "Invalid chosen PSK identity." ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ From 25ab65478123884ab9222fe3a3949929bbbfb7a2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 15 Sep 2022 18:32:34 +0800 Subject: [PATCH 06/24] Add dummy ticket support Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 5 +- programs/ssl/ssl_server2.c | 119 +++++++++++-- tests/opt-testcases/tls13-kex-modes.sh | 227 +++++++++++++++++++++++++ tests/ssl-opt.sh | 1 - 4 files changed, 339 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6591ecba00..6e754a3f81 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -186,8 +186,9 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if( now < session->start ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket expired: now=%" MBEDTLS_PRINTF_LONGLONG - ", start=%" MBEDTLS_PRINTF_LONGLONG, + 3, ( "Ticket expired: start is in future " + "( now=%" MBEDTLS_PRINTF_LONGLONG + ", start=%" MBEDTLS_PRINTF_LONGLONG " )", (long long)now, (long long)session->start ) ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7526bc6cf5..25565d13b7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -120,6 +120,7 @@ int main( void ) #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED +#define DFL_DUMMY_TICKET 0 #define DFL_TICKET_ROTATE 0 #define DFL_TICKET_TIMEOUT 86400 #define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM @@ -638,6 +639,7 @@ struct options unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* accept truncated hmac? */ int tickets; /* enable / disable session tickets */ + int dummy_ticket; /* enable / disable dummy ticket generator */ int ticket_rotate; /* session ticket rotate (code coverage) */ int ticket_timeout; /* session ticket lifetime */ int ticket_aead; /* session ticket protection */ @@ -1351,6 +1353,79 @@ int report_cid_usage( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_HAVE_TIME) +/* Functions for session ticket tests + * + */ +int dummy_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *ticket_lifetime ) +{ + int ret; + unsigned char *p = start; + size_t clear_len; + ((void) p_ticket); + + if( end - p < 4 ) + { + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + *((uint32_t *)p) = 7 * 24 * 3600; + *ticket_lifetime = 7 * 24 * 3600; + p += 4; + + /* Dump session state */ + if( ( ret = mbedtls_ssl_session_save( session, p, end - p, + &clear_len ) ) != 0 ) + { + return( ret ); + } + + *tlen = 4 + clear_len; + + return( 0 ); +} + +int dummy_ticket_parse( void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len ) +{ + int ret; + ((void) p_ticket); + + if( ( ret = mbedtls_ssl_session_load( session, buf + 4, len - 4 ) ) != 0 ) + return( ret ); + + switch( opt.dummy_ticket % 7 ) + { + case 1: + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + case 2: + return( MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED ); + case 3: + session->start = mbedtls_time( NULL ) + 10; + break; + case 4: + session->start = mbedtls_time( NULL ) - 10 - 7 * 24 * 3600; + break; + case 5: + session->start = mbedtls_time( NULL ) - 10; + break; + case 6: + session->start = mbedtls_time( NULL ); + session->ticket_age_add -= 1000; + break; + default: + break; + } + + return( ret ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_HAVE_TIME */ + int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; @@ -1607,6 +1682,7 @@ int main( int argc, char *argv[] ) opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.tickets = DFL_TICKETS; + opt.dummy_ticket = DFL_DUMMY_TICKET; opt.ticket_rotate = DFL_TICKET_ROTATE; opt.ticket_timeout = DFL_TICKET_TIMEOUT; opt.ticket_aead = DFL_TICKET_AEAD; @@ -2002,6 +2078,12 @@ int main( int argc, char *argv[] ) if( opt.tickets < 0 ) goto usage; } + else if( strcmp( p, "dummy_ticket" ) == 0 ) + { + opt.dummy_ticket = atoi( q ); + if( opt.dummy_ticket < 0 ) + goto usage; + } else if( strcmp( p, "ticket_rotate" ) == 0 ) { opt.ticket_rotate = atoi( q ); @@ -2919,19 +3001,36 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) { - if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, - rng_get, &rng, - opt.ticket_aead, - opt.ticket_timeout ) ) != 0 ) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_HAVE_TIME) + if( opt.dummy_ticket ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret ); - goto exit; + mbedtls_ssl_conf_session_tickets_cb( &conf, + dummy_ticket_write, + dummy_ticket_parse, + NULL ); + } + else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_HAVE_TIME */ + { + if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, + rng_get, &rng, + opt.ticket_aead, + opt.ticket_timeout ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret ); + goto exit; + } + + mbedtls_ssl_conf_session_tickets_cb( &conf, + mbedtls_ssl_ticket_write, + mbedtls_ssl_ticket_parse, + &ticket_ctx ); } - mbedtls_ssl_conf_session_tickets_cb( &conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_conf_new_session_tickets( &conf, opt.tickets ); #endif diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 3487026206..a6bbd082ba 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -66,6 +66,233 @@ run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ -s "Found PSK KEX MODE" \ -s "No matched ciphersuite" +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, auth fail, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -s "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, auth fail, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -s "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, expired, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=2" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "ticket is not authentic" \ + -s "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, expired, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "ticket is not authentic" \ + -s "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, future start, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=3" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -s "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, future start, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -s "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, out of max age, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=4" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -s "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, out of max age, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -s "Ticket expired: Ticket age exceed limitation" \ + -S "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, negative tolerance exceed, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=5" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -s "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, negative tolerance exceed, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -s "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, tolerance exceed, m->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=6" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -s "Ticket expired: Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: NewSessionTicket: ephemeral, tolerance exceed, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Ticket expired: start is in future" \ + -S "Ticket expired: Ticket age exceed limitation" \ + -s "Ticket expired: Ticket age outside tolerance window" requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 67e9cfb9f9..48dd89e357 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12842,7 +12842,6 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C From 19ae6f62c7a4e6cf14bf61fcb6ea070d34e70f2a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 30 Sep 2022 09:22:21 +0800 Subject: [PATCH 07/24] move ciphersuite validation to set_session Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 ++++ library/ssl_tls.c | 9 +++++++++ library/ssl_tls13_client.c | 22 +++++++++++----------- library/ssl_tls13_generic.c | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 11 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index afacb76f01..0450b3d77f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1911,6 +1911,10 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( size_t *out_len ); #endif /* MBEDTLS_ECDH_C */ +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, + int ciphersuite, + psa_algorithm_t *psa_alg ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 616df07de8..892a868482 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1373,6 +1373,15 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl->handshake->resume == 1 ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ( ( ret = mbedtls_ssl_tls13_ciphersuite_to_alg( + ssl, session->ciphersuite, NULL ) ) != 0 ) ) + { + return( ret ); + } +#endif + if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) return( ret ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 67ecdc9591..8f932d9394 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -668,17 +668,19 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, int ciphersuite ) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, - MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 ) + psa_algorithm_t psa_alg; + if( mbedtls_ssl_tls13_ciphersuite_to_alg( + ssl, ciphersuite, &psa_alg ) != 0 ) { - return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); + /* ciphersuite is `ssl->session_negotiate->ciphersuite` or + * PSA_ALG_SHA256, both are validated before writting pre_shared_key. + */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); + return( PSA_ALG_NONE ); } - return( PSA_ALG_NONE ); + + return( psa_alg ); } static int ssl_tls13_has_configured_psk( mbedtls_ssl_context *ssl ) @@ -695,9 +697,7 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session *session = ssl->session_negotiate; return( session != NULL && - session->ticket != NULL && - ssl_tls13_ciphersuite_to_alg( ssl, - ssl->session_negotiate->ciphersuite ) != PSA_ALG_NONE ); + session->ticket != NULL ); #else ((void) ssl); return( 0 ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index abb7a14816..56841c4ed1 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,4 +1485,36 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, + int ciphersuite, + psa_algorithm_t *psa_alg ) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + psa_algorithm_t alg; + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); + if( psa_alg ) + *psa_alg = PSA_ALG_NONE; + + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, + MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + } + + alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + if( alg == PSA_ALG_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + } + + if( psa_alg ) + *psa_alg = alg; + return( 0 ); +} + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ From 8b41e893a2515f92b6aa1eb1746556de628da3c3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 30 Sep 2022 10:00:20 +0800 Subject: [PATCH 08/24] fix various issues - Re-order code and comments - move comment above `write_identities` - move `write_binder` above `write_identities`. - Add has_{psk,identity} into {ticket,psk}_get_{psk,identity} - rename `*_session_tickets_*` to `_ticket_` Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 244 ++++++++++++++++++++----------------- 1 file changed, 135 insertions(+), 109 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8f932d9394..96a1e27b1e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -707,11 +707,20 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_tickets_get_identity( - mbedtls_ssl_context *ssl, psa_algorithm_t *psa_alg, - const unsigned char **identity, size_t *identity_len ) +static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, + psa_algorithm_t *psa_alg, + const unsigned char **identity, + size_t *identity_len ) { mbedtls_ssl_session *session = ssl->session_negotiate; + + *psa_alg = PSA_ALG_NONE; + *identity = NULL; + *identity_len = 0; + + if( !ssl_tls13_has_configured_ticket( ssl ) ) + return( -1 ); + *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); *identity = session->ticket; *identity_len = session->ticket_len; @@ -719,14 +728,21 @@ static int ssl_tls13_session_tickets_get_identity( } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_tickets_get_psk( mbedtls_ssl_context *ssl, - psa_algorithm_t *psa_alg, - const unsigned char **psk, - size_t *psk_len ) +static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, + psa_algorithm_t *psa_alg, + const unsigned char **psk, + size_t *psk_len ) { mbedtls_ssl_session *session = ssl->session_negotiate; + *psa_alg = PSA_ALG_NONE; + *psk = NULL; + *psk_len = 0; + + if( !ssl_tls13_has_configured_ticket( ssl ) ) + return( -1 ); + *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); *psk = session->resumption_key; *psk_len = session->resumption_key_len; @@ -742,6 +758,12 @@ static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, const unsigned char **identity, size_t *identity_len ) { + *psa_alg = PSA_ALG_NONE; + *identity = NULL; + *identity_len = 0; + + if( !ssl_tls13_has_configured_psk( ssl ) ) + return( -1 ); *psa_alg = PSA_ALG_SHA_256; *identity = ssl->conf->psk_identity; @@ -755,35 +777,19 @@ static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl, const unsigned char **psk, size_t *psk_len ) { + *psa_alg = PSA_ALG_NONE; + *psk = NULL; + *psk_len = 0; + + if( !ssl_tls13_has_configured_psk( ssl ) ) + return( -1 ); + *psa_alg = PSA_ALG_SHA_256; *psk = ssl->conf->psk; *psk_len = ssl->conf->psk_len; return( 0 ); } -/* - * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: - * - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * PskIdentity identities<7..2^16-1>; - * PskBinderEntry binders<33..2^16-1>; - * } OfferedPsks; - * - * struct { - * select (Handshake.msg_type) { - * case client_hello: OfferedPsks; - * ... - * }; - * } PreSharedKeyExtension; - * - */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -806,7 +812,7 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - if( ssl_tls13_session_tickets_get_identity( + if( ssl_tls13_ticket_get_identity( ssl, &psa_alg, &identity, &identity_len ) == 0 ) { #if defined(MBEDTLS_HAVE_TIME) @@ -858,6 +864,103 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, return( 0 ); } + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + int psk_type, + size_t *out_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + const unsigned char *psk; + psa_algorithm_t psa_alg = PSA_ALG_NONE; + size_t psk_len; + unsigned char binder_len; + unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + size_t transcript_len = 0; + + *out_len = 0; + + switch( psk_type ) + { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + if( ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + break; +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/ + case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: + if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + break; + default: + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + binder_len = PSA_HASH_LENGTH( psa_alg ); + if( binder_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* + * - binder_len (1 bytes) + * - binder (binder_len bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len ); + + p[0] = binder_len; + + /* Get current state of handshake transcript. */ + ret = mbedtls_ssl_get_handshake_transcript( + ssl, mbedtls_hash_info_md_from_psa( psa_alg ), + transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len ); + if( ret != 0 ) + return( ret ); + + + + ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg, + psk, psk_len, psk_type, + transcript, p + 1 ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); + return( ret ); + } + MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len ); + + *out_len = 1 + binder_len; + + return( ret ); +} + +/* + * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: + * + * struct { + * opaque identity<1..2^16-1>; + * uint32 obfuscated_ticket_age; + * } PskIdentity; + * + * opaque PskBinderEntry<32..255>; + * + * struct { + * PskIdentity identities<7..2^16-1>; + * PskBinderEntry binders<33..2^16-1>; + * } OfferedPsks; + * + * struct { + * select (Handshake.msg_type) { + * case client_hello: OfferedPsks; + * ... + * }; + * } PreSharedKeyExtension; + * + */ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, @@ -938,82 +1041,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( return( 0 ); } -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - int psk_type, - size_t *out_len ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - const unsigned char *psk; - psa_algorithm_t psa_alg = PSA_ALG_NONE; - size_t psk_len; - unsigned char binder_len; - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; - size_t transcript_len = 0; - - *out_len = 0; - - switch( psk_type ) - { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - if( ssl_tls13_session_tickets_get_psk( - ssl, &psa_alg, &psk, &psk_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/ - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - break; - default: - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - binder_len = PSA_HASH_LENGTH( psa_alg ); - if( binder_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* - * - binder_len (1 bytes) - * - binder (binder_len bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len ); - - p[0] = binder_len; - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa( psa_alg ), - transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len ); - if( ret != 0 ) - return( ret ); - - - - ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg, - psk, psk_len, psk_type, - transcript, p + 1 ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); - return( ret ); - } - MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len ); - - *out_len = 1 + binder_len; - - return( ret ); -} - int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ) { @@ -1135,8 +1162,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - ret = ssl_tls13_session_tickets_get_psk( - ssl, &psa_alg, &psk, &psk_len ); + ret = ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ); break; #endif case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: From f75364bee13a27b0e855a5379ce8344e457af459 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 30 Sep 2022 10:30:31 +0800 Subject: [PATCH 09/24] Re-organize identities writer Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 165 ++++++++++++++++++------------------- 1 file changed, 81 insertions(+), 84 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 96a1e27b1e..c757c6cbaa 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -683,29 +683,14 @@ static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, return( psa_alg ); } -static int ssl_tls13_has_configured_psk( mbedtls_ssl_context *ssl ) -{ - return( ssl->conf->psk != NULL && - ssl->conf->psk_len != 0 && - ssl->conf->psk_identity != NULL && - ssl->conf->psk_identity_len != 0 ); -} +#if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) { - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session *session = ssl->session_negotiate; - return( session != NULL && - session->ticket != NULL ); -#else - ((void) ssl); - return( 0 ); -#endif + return( session != NULL && session->ticket != NULL ); } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *psa_alg, @@ -752,6 +737,14 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +static int ssl_tls13_has_configured_psk( mbedtls_ssl_context *ssl ) +{ + return( ssl->conf->psk != NULL && + ssl->conf->psk_len != 0 && + ssl->conf->psk_identity != NULL && + ssl->conf->psk_identity_len != 0 ); +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *psa_alg, @@ -790,60 +783,37 @@ static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl, return( 0 ); } +static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl ) +{ + int configured_psk_count = 0; +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if( ssl_tls13_has_configured_ticket( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) ); + configured_psk_count++; + } +#endif + if( ssl_tls13_has_configured_psk( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK is configured" ) ); + configured_psk_count++; + } + return( configured_psk_count ); +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - int psk_type, - size_t *out_len, - size_t *binder_len ) + const unsigned char *identity, + size_t identity_len, + uint32_t obfuscated_ticket_age, + size_t *out_len ) { unsigned char *p = buf; - psa_algorithm_t psa_alg; - const unsigned char *identity; - size_t identity_len; - uint32_t obfuscated_ticket_age = 0; - int hash_len; + ((void) ssl); *out_len = 0; - *binder_len = 0; - - switch( psk_type ) - { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - if( ssl_tls13_ticket_get_identity( - ssl, &psa_alg, &identity, &identity_len ) == 0 ) - { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t now = mbedtls_time( NULL ); - mbedtls_ssl_session *session = ssl->session_negotiate; - obfuscated_ticket_age = - (uint32_t)( now - session->ticket_received ); - obfuscated_ticket_age *= 1000; - obfuscated_ticket_age += session->ticket_age_add ; -#endif /* MBEDTLS_HAVE_TIME */ - } - else - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - if( ssl_tls13_psk_get_identity( - ssl, &psa_alg, &identity, &identity_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - break; - default: - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - hash_len = PSA_HASH_LENGTH( psa_alg ); - if( hash_len == -1 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); /* * - identity_len (2 bytes) @@ -859,12 +829,10 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "write identity", p, 6 + identity_len ); *out_len = 6 + identity_len; - *binder_len = 1 + hash_len; return( 0 ); } - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -962,28 +930,35 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, * */ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end, - size_t *out_len, size_t *binders_len ) + mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, + size_t *out_len, size_t *binders_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int configured_psk_count = 0; unsigned char *p = buf; + psa_algorithm_t hash_alg; + const unsigned char *identity; + size_t identity_len; + uint32_t obfuscated_ticket_age = 0; + int hash_len; size_t l_binders_len = 0; + size_t output_len; *out_len = 0; *binders_len = 0; + /* Check if we have any PSKs to offer. If no, skip pre_shared_key */ - if( !ssl_tls13_has_configured_psk( ssl ) && - !ssl_tls13_has_configured_ticket( ssl ) ) + configured_psk_count = ssl_tls13_get_configured_psk_count( ssl ); + if( configured_psk_count == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) ); return( 0 ); } MBEDTLS_SSL_DEBUG_MSG( 4, ( "Pre-configured PSK number = %d", - ssl_tls13_has_configured_psk( ssl ) + - ssl_tls13_has_configured_ticket( ssl ) ) ); + configured_psk_count ) ); + /* Check if we have space to write the extension, binders included. * - extension_type (2 bytes) * - extension_data_len (2 bytes) @@ -992,28 +967,50 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); p += 6; - if( ssl_tls13_has_configured_ticket( ssl ) ) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if( ssl_tls13_ticket_get_identity( + ssl, &hash_alg, &identity, &identity_len ) == 0 ) { - size_t output_len, binder_len; +#if defined(MBEDTLS_HAVE_TIME) + mbedtls_time_t now = mbedtls_time( NULL ); + mbedtls_ssl_session *session = ssl->session_negotiate; + obfuscated_ticket_age = (uint32_t)( now - session->ticket_received ); + obfuscated_ticket_age *= 1000; + obfuscated_ticket_age += session->ticket_age_add; +#endif /* MBEDTLS_HAVE_TIME */ ret = ssl_tls13_write_identity( ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, - &output_len, &binder_len ); + identity, identity_len, + obfuscated_ticket_age, + &output_len ); if( ret != 0 ) return( ret ); - p += output_len; - l_binders_len += binder_len; - } - if( ssl_tls13_has_configured_psk( ssl ) ) + hash_len = PSA_HASH_LENGTH( hash_alg ); + if( hash_len == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + p += output_len; + l_binders_len += 1 + hash_len; + } +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + + if( ssl_tls13_psk_get_identity( + ssl, &hash_alg, &identity, &identity_len ) == 0 ) { - size_t output_len, binder_len; + ret = ssl_tls13_write_identity( ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, - &output_len, &binder_len ); + identity, identity_len, + obfuscated_ticket_age, + &output_len ); if( ret != 0 ) return( ret ); + + hash_len = PSA_HASH_LENGTH( hash_alg ); + if( hash_len == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + p += output_len; - l_binders_len += binder_len; + l_binders_len += 1 + hash_len; } MBEDTLS_SSL_DEBUG_MSG( 3, From 6183cc7470ff31a16cd2c92988c686d57fddd350 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 30 Sep 2022 11:08:57 +0800 Subject: [PATCH 10/24] Re-org binders writer Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 46 +++++++++++++++----------------------- 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c757c6cbaa..bca7f9e298 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -838,36 +838,20 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, int psk_type, + psa_algorithm_t hash_alg, + const unsigned char *psk, + size_t psk_len, size_t *out_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; - const unsigned char *psk; - psa_algorithm_t psa_alg = PSA_ALG_NONE; - size_t psk_len; unsigned char binder_len; unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; size_t transcript_len = 0; *out_len = 0; - switch( psk_type ) - { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - if( ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/ - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - break; - default: - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - binder_len = PSA_HASH_LENGTH( psa_alg ); + binder_len = PSA_HASH_LENGTH( hash_alg ); if( binder_len == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) ); @@ -884,14 +868,12 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa( psa_alg ), + ssl, mbedtls_hash_info_md_from_psa( hash_alg ), transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len ); if( ret != 0 ) return( ret ); - - - ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg, + ret = mbedtls_ssl_tls13_create_psk_binder( ssl, hash_alg, psk, psk_len, psk_type, transcript, p + 1 ); if( ret != 0 ) @@ -1043,6 +1025,10 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; + psa_algorithm_t hash_alg = PSA_ALG_NONE; + const unsigned char *psk; + size_t psk_len; + size_t output_len; /* Check if we have space to write binders_len. * - binders_len (2 bytes) @@ -1050,22 +1036,26 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); p += 2; - if( ssl_tls13_has_configured_ticket( ssl ) ) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if( ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ) == 0 ) { - size_t output_len; + ret = ssl_tls13_write_binder( ssl, p, end, MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, + hash_alg, psk, psk_len, &output_len ); if( ret != 0 ) return( ret ); p += output_len; } +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - if( ssl_tls13_has_configured_psk( ssl ) ) + if( ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len ) == 0 ) { - size_t output_len; + ret = ssl_tls13_write_binder( ssl, p, end, MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, + hash_alg, psk, psk_len, &output_len ); if( ret != 0 ) return( ret ); From 4a698341c91b2e944b9ea64d555a3b8162670e20 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 30 Sep 2022 12:22:01 +0800 Subject: [PATCH 11/24] Re-org selected_identity parser Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 69 +++++++++----------------------------- 1 file changed, 16 insertions(+), 53 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bca7f9e298..7b85c70e57 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1099,7 +1099,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, { int ret = 0; int selected_identity; - int psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; const unsigned char *psk; size_t psk_len; psa_algorithm_t psa_alg; @@ -1107,59 +1106,31 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) ); - - if( ssl_tls13_has_configured_psk( ssl ) && - ssl_tls13_has_configured_ticket( ssl ) ) + if( selected_identity >= ssl_tls13_get_configured_psk_count( ssl ) ) { - if( selected_identity >= 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); - goto exit; - } - switch( selected_identity ) - { - case 0: - psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; - break; - case 1: - psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - break; - } + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid chosen PSK identity." ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - else if( ssl_tls13_has_configured_psk( ssl ) || - ssl_tls13_has_configured_ticket( ssl ) ) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) ) { - if( selected_identity >= 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); - goto exit; - } - - if( ssl_tls13_has_configured_psk( ssl ) ) - psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - else if( ssl_tls13_has_configured_ticket( ssl ) ) - psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; + ret = ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ); + } + else +#endif + if( ssl_tls13_has_configured_psk( ssl ) ) + { + ret = ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ); } else { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - switch( psk_type ) - { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - ret = ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ); - break; -#endif - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - ret = ssl_tls13_psk_get_psk( - ssl, &psa_alg, &psk, &psk_len ); - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } if( ret != 0 ) return( ret ); @@ -1172,14 +1143,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; return( ret ); - -exit: - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "Invalid chosen PSK identity." ) ); - - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ From 379b91a393b8d81e25408458a7573e026e1d80b6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 10:21:15 +0800 Subject: [PATCH 12/24] add ticket age check Remove ticket if it is expired. Signed-off-by: Jerry Yu --- library/ssl_client.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/ssl_client.c b/library/ssl_client.c index e7453d5730..2a9868a601 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -843,6 +843,32 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) } } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_HAVE_TIME) + /* Check if a tls13 ticket has been configured. */ + if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ssl->session_negotiate != NULL && + ssl->session_negotiate->ticket != NULL ) + { + mbedtls_time_t now = mbedtls_time( NULL ); + if( ssl->session_negotiate->ticket_received > now || + (uint64_t)( now - ssl->session_negotiate->ticket_received ) + > ssl->session_negotiate->ticket_lifetime ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) ); + mbedtls_platform_zeroize( ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len ); + mbedtls_free( ssl->session_negotiate->ticket ); + ssl->session_negotiate->ticket = NULL; + ssl->session_negotiate->ticket_len = 0; + } + + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_HAVE_TIME */ + return( 0 ); } From 21f9095fa8fe7cd0badd2573595807d1143d2773 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 10:30:53 +0800 Subject: [PATCH 13/24] Revert "move ciphersuite validation to set_session" This reverts commit 19ae6f62c7a4e6cf14bf61fcb6ea070d34e70f2a. Signed-off-by: Jerry Yu --- library/ssl_client.c | 1 + library/ssl_misc.h | 4 ---- library/ssl_tls.c | 9 --------- library/ssl_tls13_client.c | 18 ++++++++---------- library/ssl_tls13_generic.c | 32 -------------------------------- 5 files changed, 9 insertions(+), 55 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 2a9868a601..73a854d61b 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -848,6 +848,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) defined(MBEDTLS_HAVE_TIME) /* Check if a tls13 ticket has been configured. */ if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ssl->handshake->resume != 0 && ssl->session_negotiate != NULL && ssl->session_negotiate->ticket != NULL ) { diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0450b3d77f..afacb76f01 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1911,10 +1911,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( size_t *out_len ); #endif /* MBEDTLS_ECDH_C */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, - int ciphersuite, - psa_algorithm_t *psa_alg ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 892a868482..616df07de8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1373,15 +1373,6 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl->handshake->resume == 1 ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ( ( ret = mbedtls_ssl_tls13_ciphersuite_to_alg( - ssl, session->ciphersuite, NULL ) ) != 0 ) ) - { - return( ret ); - } -#endif - if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) return( ret ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7b85c70e57..b0c2a3fb35 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -668,19 +668,17 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, int ciphersuite ) { + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - psa_algorithm_t psa_alg; - if( mbedtls_ssl_tls13_ciphersuite_to_alg( - ssl, ciphersuite, &psa_alg ) != 0 ) + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, + MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 ) { - /* ciphersuite is `ssl->session_negotiate->ciphersuite` or - * PSA_ALG_SHA256, both are validated before writting pre_shared_key. - */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); - return( PSA_ALG_NONE ); + return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); } - - return( psa_alg ); + return( PSA_ALG_NONE ); } #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 56841c4ed1..abb7a14816 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,36 +1485,4 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ -int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, - int ciphersuite, - psa_algorithm_t *psa_alg ) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - psa_algorithm_t alg; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( psa_alg ) - *psa_alg = PSA_ALG_NONE; - - if( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, - MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - - alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); - if( alg == PSA_ALG_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - - if( psa_alg ) - *psa_alg = alg; - return( 0 ); -} - #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ From 40afab61a87fe5bcc7c7cde7e10c2bf72fe49e5b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 10:42:13 +0800 Subject: [PATCH 14/24] Add ciphersuite check in set_session Signed-off-by: Jerry Yu --- library/ssl_tls.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 616df07de8..d32d58e2df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1361,6 +1361,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; if( ssl == NULL || session == NULL || @@ -1373,6 +1374,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl->handshake->resume == 1 ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite ); + if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, + session->tls_version, + session->tls_version ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid ciphersuite.", + session->ciphersuite ) ); + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + } + if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) return( ret ); From a99cbfa2d3bbb4d2c4948ad3ccf8705c03873995 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 11:17:14 +0800 Subject: [PATCH 15/24] fix various issues - rename function and variable - change signature of `ssl_tls13_has_configured_psk` - remove unnecessary statements - remove unnecessary local variables - wrong variable initial value - improve output message Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 145 +++++++++++++++---------------------- library/ssl_tls13_server.c | 8 +- 2 files changed, 61 insertions(+), 92 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b0c2a3fb35..f90e66ea7d 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -665,19 +665,14 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, return ( 0 ); } -static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl, - int ciphersuite ) +static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, - MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 ) - { - return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); - } + if( ciphersuite_info != NULL ) + return( mbedtls_psa_translate_md( ciphersuite_info->mac ) ); + return( PSA_ALG_NONE ); } @@ -691,20 +686,16 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, - psa_algorithm_t *psa_alg, + psa_algorithm_t *hash_alg, const unsigned char **identity, size_t *identity_len ) { mbedtls_ssl_session *session = ssl->session_negotiate; - *psa_alg = PSA_ALG_NONE; - *identity = NULL; - *identity_len = 0; - if( !ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); - *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); + *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); *identity = session->ticket; *identity_len = session->ticket_len; return( 0 ); @@ -712,21 +703,17 @@ static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, - psa_algorithm_t *psa_alg, + psa_algorithm_t *hash_alg, const unsigned char **psk, size_t *psk_len ) { mbedtls_ssl_session *session = ssl->session_negotiate; - *psa_alg = PSA_ALG_NONE; - *psk = NULL; - *psk_len = 0; - if( !ssl_tls13_has_configured_ticket( ssl ) ) return( -1 ); - *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); + *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite ); *psk = session->resumption_key; *psk_len = session->resumption_key_len; @@ -735,28 +722,22 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -static int ssl_tls13_has_configured_psk( mbedtls_ssl_context *ssl ) +static int ssl_tls13_has_configured_psk( const mbedtls_ssl_config *conf ) { - return( ssl->conf->psk != NULL && - ssl->conf->psk_len != 0 && - ssl->conf->psk_identity != NULL && - ssl->conf->psk_identity_len != 0 ); + return( conf->psk != NULL && conf->psk_identity != NULL ); } MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, - psa_algorithm_t *psa_alg, + psa_algorithm_t *hash_alg, const unsigned char **identity, size_t *identity_len ) { - *psa_alg = PSA_ALG_NONE; - *identity = NULL; - *identity_len = 0; - if( !ssl_tls13_has_configured_psk( ssl ) ) + if( !ssl_tls13_has_configured_psk( ssl->conf ) ) return( -1 ); - *psa_alg = PSA_ALG_SHA_256; + *hash_alg = PSA_ALG_SHA_256; *identity = ssl->conf->psk_identity; *identity_len = ssl->conf->psk_identity_len; return( 0 ); @@ -764,18 +745,15 @@ static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl, - psa_algorithm_t *psa_alg, + psa_algorithm_t *hash_alg, const unsigned char **psk, size_t *psk_len ) { - *psa_alg = PSA_ALG_NONE; - *psk = NULL; - *psk_len = 0; - if( !ssl_tls13_has_configured_psk( ssl ) ) + if( !ssl_tls13_has_configured_psk( ssl->conf ) ) return( -1 ); - *psa_alg = PSA_ALG_SHA_256; + *hash_alg = PSA_ALG_SHA_256; *psk = ssl->conf->psk; *psk_len = ssl->conf->psk_len; return( 0 ); @@ -791,7 +769,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl ) configured_psk_count++; } #endif - if( ssl_tls13_has_configured_psk( ssl ) ) + if( ssl_tls13_has_configured_psk( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK is configured" ) ); configured_psk_count++; @@ -808,8 +786,6 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, uint32_t obfuscated_ticket_age, size_t *out_len ) { - unsigned char *p = buf; - ((void) ssl); *out_len = 0; @@ -818,13 +794,13 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, * - identity (psk_identity_len bytes) * - obfuscated_ticket_age (4 bytes) */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + identity_len ); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 6 + identity_len ); - MBEDTLS_PUT_UINT16_BE( identity_len, p, 0 ); - memcpy( p + 2, identity, identity_len ); - MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, p, 2 + identity_len ); + MBEDTLS_PUT_UINT16_BE( identity_len, buf, 0 ); + memcpy( buf + 2, identity, identity_len ); + MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, buf, 2 + identity_len ); - MBEDTLS_SSL_DEBUG_BUF( 4, "write identity", p, 6 + identity_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "write identity", buf, 6 + identity_len ); *out_len = 6 + identity_len; @@ -842,27 +818,21 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, size_t *out_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; unsigned char binder_len; - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + unsigned char transcript[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; size_t transcript_len = 0; *out_len = 0; binder_len = PSA_HASH_LENGTH( hash_alg ); - if( binder_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } /* * - binder_len (1 bytes) * - binder (binder_len bytes) */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len ); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 + binder_len ); - p[0] = binder_len; + buf[0] = binder_len; /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( @@ -873,13 +843,13 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_create_psk_binder( ssl, hash_alg, psk, psk_len, psk_type, - transcript, p + 1 ); + transcript, buf + 1 ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); return( ret ); } - MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", buf, 1 + binder_len ); *out_len = 1 + binder_len; @@ -919,15 +889,12 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( psa_algorithm_t hash_alg; const unsigned char *identity; size_t identity_len; - uint32_t obfuscated_ticket_age = 0; - int hash_len; size_t l_binders_len = 0; size_t output_len; *out_len = 0; *binders_len = 0; - /* Check if we have any PSKs to offer. If no, skip pre_shared_key */ configured_psk_count = ssl_tls13_get_configured_psk_count( ssl ); if( configured_psk_count == 0 ) @@ -951,26 +918,29 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( if( ssl_tls13_ticket_get_identity( ssl, &hash_alg, &identity, &identity_len ) == 0 ) { + #if defined(MBEDTLS_HAVE_TIME) + uint32_t obfuscated_ticket_age = 0; mbedtls_time_t now = mbedtls_time( NULL ); mbedtls_ssl_session *session = ssl->session_negotiate; obfuscated_ticket_age = (uint32_t)( now - session->ticket_received ); + obfuscated_ticket_age *= 1000; obfuscated_ticket_age += session->ticket_age_add; -#endif /* MBEDTLS_HAVE_TIME */ + ret = ssl_tls13_write_identity( ssl, p, end, identity, identity_len, obfuscated_ticket_age, &output_len ); +#else + ret = ssl_tls13_write_identity( ssl, p, end, identity, identity_len, + 0, &output_len ); +#endif /* MBEDTLS_HAVE_TIME */ if( ret != 0 ) return( ret ); - hash_len = PSA_HASH_LENGTH( hash_alg ); - if( hash_len == 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - p += output_len; - l_binders_len += 1 + hash_len; + l_binders_len += 1 + PSA_HASH_LENGTH( hash_alg ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -978,38 +948,35 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( ssl, &hash_alg, &identity, &identity_len ) == 0 ) { - ret = ssl_tls13_write_identity( ssl, p, end, - identity, identity_len, - obfuscated_ticket_age, + ret = ssl_tls13_write_identity( ssl, p, end, identity, identity_len, 0, &output_len ); if( ret != 0 ) return( ret ); - hash_len = PSA_HASH_LENGTH( hash_alg ); - if( hash_len == 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - p += output_len; - l_binders_len += 1 + hash_len; + l_binders_len += 1 + PSA_HASH_LENGTH( hash_alg ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding pre_shared_key extension, " "omitting PSK binder list" ) ); + + /* Take into account the two bytes for the length of the binders. */ + l_binders_len += 2; + /* Check if there are enough space for binders */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, l_binders_len ); + /* * - extension_type (2 bytes) * - extension_data_len (2 bytes) * - identities_len (2 bytes) */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0 ); - MBEDTLS_PUT_UINT16_BE( p - buf - 4 + 2 + l_binders_len , buf, 2 ); + MBEDTLS_PUT_UINT16_BE( p - buf - 4 + l_binders_len , buf, 2 ); MBEDTLS_PUT_UINT16_BE( p - buf - 6 , buf, 4 ); - /* Check if there are enough space for binders */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, l_binders_len + 2 ); - - *out_len = ( p - buf ) + l_binders_len + 2; - *binders_len = l_binders_len + 2; + *out_len = ( p - buf ) + l_binders_len; + *binders_len = l_binders_len; MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf ); @@ -1095,34 +1062,36 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { - int ret = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int selected_identity; const unsigned char *psk; size_t psk_len; - psa_algorithm_t psa_alg; + psa_algorithm_t hash_alg; - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 ); selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) ); + if( selected_identity >= ssl_tls13_get_configured_psk_count( ssl ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) ); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid chosen PSK identity." ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid PSK identity." ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } + #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) ) { - ret = ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ); + ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ); } else #endif - if( ssl_tls13_has_configured_psk( ssl ) ) + if( ssl_tls13_has_configured_psk( ssl->conf ) ) { - ret = ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ); + ret = ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len ); } else { diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6e754a3f81..08f48b8735 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -186,10 +186,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if( now < session->start ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket expired: start is in future " - "( now=%" MBEDTLS_PRINTF_LONGLONG - ", start=%" MBEDTLS_PRINTF_LONGLONG " )", - (long long)now, (long long)session->start ) ); + 3, ( "Ticket expired: Invalid ticket start time " + "( now=%" MBEDTLS_PRINTF_LONGLONG + ", start=%" MBEDTLS_PRINTF_LONGLONG " )", + (long long)now, (long long)session->start ) ); goto exit; } From 03b8f9d29939959a958641a784fcfbcc7374ebfa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 12:40:33 +0800 Subject: [PATCH 16/24] Adjust guards for `dummy_tickets` Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 25565d13b7..a209eef33d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1353,12 +1353,9 @@ int report_cid_usage( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_HAVE_TIME) -/* Functions for session ticket tests - * - */ +/* Functions for session ticket tests */ int dummy_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *ticket_lifetime ) @@ -1403,6 +1400,7 @@ int dummy_ticket_parse( void *p_ticket, mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_INVALID_MAC ); case 2: return( MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED ); +#if defined(MBEDTLS_HAVE_TIME) case 3: session->start = mbedtls_time( NULL ) + 10; break; @@ -1414,16 +1412,18 @@ int dummy_ticket_parse( void *p_ticket, mbedtls_ssl_session *session, break; case 6: session->start = mbedtls_time( NULL ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) session->ticket_age_add -= 1000; +#endif break; +#endif default: break; } return( ret ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ int main( int argc, char *argv[] ) @@ -3001,9 +3001,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_HAVE_TIME) if( opt.dummy_ticket ) { mbedtls_ssl_conf_session_tickets_cb( &conf, @@ -3012,9 +3010,7 @@ int main( int argc, char *argv[] ) NULL ); } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_HAVE_TIME */ +#endif /* MBEDTLS_HAVE_TIME */ { if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, rng_get, &rng, From 63b06ea06ec75795b9fcef24a0da243bf7c4b419 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 8 Oct 2022 14:24:46 +0800 Subject: [PATCH 17/24] Update test cases Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 158 +++++++------------------ 1 file changed, 45 insertions(+), 113 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index a6bbd082ba..dd907c1d41 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -72,18 +72,33 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, auth fail, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 0" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -S "ticket is not authentic" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 2" \ -s "sent selected_identity: 1" \ -s "key exchange mode: psk_ephemeral" \ - -s "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -s "ticket is not authentic" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -91,35 +106,18 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, auth fail, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: authentication failed" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -s "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, expired, m->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=2" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "ticket is not authentic" \ - -s "ticket is expired" \ - -S "Ticket expired: start is in future" \ + -S "Ticket expired: Invalid ticket start time" \ -S "Ticket expired: Ticket age exceed limitation" \ -S "Ticket expired: Ticket age outside tolerance window" @@ -129,35 +127,18 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, expired, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: ticket expired, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -s "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, future start, m->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=3" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -s "Ticket expired: start is in future" \ + -S "Ticket expired: Invalid ticket start time" \ -S "Ticket expired: Ticket age exceed limitation" \ -S "Ticket expired: Ticket age outside tolerance window" @@ -167,111 +148,60 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, future start, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: Invalid start time check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -s "Ticket expired: start is in future" \ + -s "Ticket expired: Invalid ticket start time" \ -S "Ticket expired: Ticket age exceed limitation" \ -S "Ticket expired: Ticket age outside tolerance window" -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, out of max age, m->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=4" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -s "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" - requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, out of max age, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: Max age check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ + -S "Ticket expired: Invalid ticket start time" \ -s "Ticket expired: Ticket age exceed limitation" \ -S "Ticket expired: Ticket age outside tolerance window" -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, negative tolerance exceed, m->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=5" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -s "Ticket expired: Ticket age outside tolerance window" - requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, negative tolerance exceed, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window bottom check." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -s "Ticket expired: Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: psk_ephemeral, tolerance exceed, m->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=6" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ + -S "Ticket expired: Invalid ticket start time" \ -S "Ticket expired: Ticket age exceed limitation" \ -s "Ticket expired: Ticket age outside tolerance window" @@ -281,16 +211,18 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3: NewSessionTicket: ephemeral, tolerance exceed, m->m" \ +run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window top check." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ -S "sent selected_identity:" \ -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: start is in future" \ + -S "Ticket expired: Invalid ticket start time" \ -S "Ticket expired: Ticket age exceed limitation" \ -s "Ticket expired: Ticket age outside tolerance window" From 21092062f39d23287e6d3875dcd4d6d6f1639309 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 10 Oct 2022 21:21:31 +0800 Subject: [PATCH 18/24] Restrict cipher suite validation to TLS1.3 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d32d58e2df..9741a6ef5f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1361,7 +1361,6 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; if( ssl == NULL || session == NULL || @@ -1374,15 +1373,22 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl->handshake->resume == 1 ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite ); - if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info, - session->tls_version, - session->tls_version ) != 0 ) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid ciphersuite.", - session->ciphersuite ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( session->ciphersuite ); + + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid TLS 1.3 ciphersuite.", + session->ciphersuite ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) From 6916e7052112e1bbef36bf3bedcae621446bb4d0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 10 Oct 2022 21:33:51 +0800 Subject: [PATCH 19/24] fix various issues - adjust guards. Remove duplicate guards and adjust format. - Return success at function end. Not `ret` - change input len Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 18 +++++++++--------- programs/ssl/ssl_server2.c | 8 ++------ 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f90e66ea7d..ee4c24d213 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -837,7 +837,7 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( ssl, mbedtls_hash_info_md_from_psa( hash_alg ), - transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len ); + transcript, sizeof( transcript ), &transcript_len ); if( ret != 0 ) return( ret ); @@ -853,7 +853,7 @@ static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl, *out_len = 1 + binder_len; - return( ret ); + return( 0 ); } /* @@ -918,12 +918,11 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( if( ssl_tls13_ticket_get_identity( ssl, &hash_alg, &identity, &identity_len ) == 0 ) { - #if defined(MBEDTLS_HAVE_TIME) - uint32_t obfuscated_ticket_age = 0; mbedtls_time_t now = mbedtls_time( NULL ); mbedtls_ssl_session *session = ssl->session_negotiate; - obfuscated_ticket_age = (uint32_t)( now - session->ticket_received ); + uint32_t obfuscated_ticket_age = + (uint32_t)( now - session->ticket_received ); obfuscated_ticket_age *= 1000; obfuscated_ticket_age += session->ticket_age_add; @@ -963,7 +962,7 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( /* Take into account the two bytes for the length of the binders. */ l_binders_len += 2; - /* Check if there are enough space for binders */ + /* Check if there is enough space for binders */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, l_binders_len ); /* @@ -1105,11 +1104,12 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret ); + return( ret ); } - else - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( ret ); + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a209eef33d..a68136c171 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1353,8 +1353,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) /* Functions for session ticket tests */ int dummy_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, @@ -1400,7 +1399,6 @@ int dummy_ticket_parse( void *p_ticket, mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_INVALID_MAC ); case 2: return( MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED ); -#if defined(MBEDTLS_HAVE_TIME) case 3: session->start = mbedtls_time( NULL ) + 10; break; @@ -1416,15 +1414,13 @@ int dummy_ticket_parse( void *p_ticket, mbedtls_ssl_session *session, session->ticket_age_add -= 1000; #endif break; -#endif default: break; } return( ret ); } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_HAVE_TIME */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ int main( int argc, char *argv[] ) { From 03aa174d7c42e02c1a122c5ee6b43af2965319f5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 10 Oct 2022 21:48:37 +0800 Subject: [PATCH 20/24] Improve test message and title Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 9 +++-- tests/opt-testcases/tls13-kex-modes.sh | 48 +++++++++++++------------- 2 files changed, 28 insertions(+), 29 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 08f48b8735..cc65703182 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -186,8 +186,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if( now < session->start ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket expired: Invalid ticket start time " - "( now=%" MBEDTLS_PRINTF_LONGLONG + 3, ( "Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG ", start=%" MBEDTLS_PRINTF_LONGLONG " )", (long long)now, (long long)session->start ) ); goto exit; @@ -209,7 +208,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if( age_in_s > 604800 ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket expired: Ticket age exceed limitation ticket_age=%lu", + 3, ( "Ticket age exceed limitation ticket_age=%lu", (long unsigned int)age_in_s ) ); goto exit; } @@ -232,8 +231,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket expired: Ticket age outside tolerance window " - "( diff=%d )", (int)age_diff_in_ms ) ); + 3, ( "Ticket age outside tolerance window ( diff=%d )", + (int)age_diff_in_ms ) ); goto exit; } diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index dd907c1d41..6c0489af0b 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -106,7 +106,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: authentication failed" \ +run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -117,9 +117,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: authentication failed" \ -S "key exchange mode: psk$" \ -s "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: Invalid ticket start time" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" + -S "Invalid ticket start time" \ + -S "Ticket age exceed limitation" \ + -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -127,7 +127,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: ticket expired, m->m" \ +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -138,9 +138,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: ticket expired, m->m" \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -s "ticket is expired" \ - -S "Ticket expired: Invalid ticket start time" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" + -S "Invalid ticket start time" \ + -S "Ticket age exceed limitation" \ + -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -148,7 +148,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: Invalid start time check, m->m" \ +run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -159,9 +159,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: Invalid start time check, m->m" \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -s "Ticket expired: Invalid ticket start time" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" + -s "Invalid ticket start time" \ + -S "Ticket age exceed limitation" \ + -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -169,7 +169,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: Max age check, m->m" \ +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -180,9 +180,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: Max age check, m->m" \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: Invalid ticket start time" \ - -s "Ticket expired: Ticket age exceed limitation" \ - -S "Ticket expired: Ticket age outside tolerance window" + -S "Invalid ticket start time" \ + -s "Ticket age exceed limitation" \ + -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -190,7 +190,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window bottom check." \ +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -201,9 +201,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window bottom check." \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: Invalid ticket start time" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -s "Ticket expired: Ticket age outside tolerance window" + -S "Invalid ticket start time" \ + -S "Ticket age exceed limitation" \ + -s "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME @@ -211,7 +211,7 @@ requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHAN MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window top check." \ +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 0 \ @@ -222,9 +222,9 @@ run_test "TLS 1.3 m->m: Multiple PSKs: Tolerance window top check." \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Ticket expired: Invalid ticket start time" \ - -S "Ticket expired: Ticket age exceed limitation" \ - -s "Ticket expired: Ticket age outside tolerance window" + -S "Invalid ticket start time" \ + -S "Ticket age exceed limitation" \ + -s "Ticket age outside tolerance window" requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C From 4f77ecf40957aca1ad8519b5ccf05caf4043b8bc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 10 Oct 2022 22:10:08 +0800 Subject: [PATCH 21/24] disable session resumption when ticket expired Signed-off-by: Jerry Yu --- library/ssl_client.c | 51 ++++++++++++++++++-------------------- library/ssl_tls13_client.c | 3 ++- 2 files changed, 26 insertions(+), 28 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 73a854d61b..2ed6ce6853 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -720,6 +720,30 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) int ret; size_t session_id_len; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_HAVE_TIME) + /* Check if a tls13 ticket has been configured. */ + if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + ssl->handshake->resume != 0 && + ssl->session_negotiate != NULL && + ssl->session_negotiate->ticket != NULL ) + { + mbedtls_time_t now = mbedtls_time( NULL ); + if( ssl->session_negotiate->ticket_received > now || + (uint64_t)( now - ssl->session_negotiate->ticket_received ) + > ssl->session_negotiate->ticket_lifetime ) + { + /* Without valid ticket, disable session resumption.*/ + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "Ticket expired, disable session resumption" ) ); + ssl->handshake->resume = 0; + } + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_HAVE_TIME */ + if( ssl->conf->f_rng == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); @@ -843,33 +867,6 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) } } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_HAVE_TIME) - /* Check if a tls13 ticket has been configured. */ - if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ssl->handshake->resume != 0 && - ssl->session_negotiate != NULL && - ssl->session_negotiate->ticket != NULL ) - { - mbedtls_time_t now = mbedtls_time( NULL ); - if( ssl->session_negotiate->ticket_received > now || - (uint64_t)( now - ssl->session_negotiate->ticket_received ) - > ssl->session_negotiate->ticket_lifetime ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) ); - mbedtls_platform_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); - mbedtls_free( ssl->session_negotiate->ticket ); - ssl->session_negotiate->ticket = NULL; - ssl->session_negotiate->ticket_len = 0; - } - - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_HAVE_TIME */ - return( 0 ); } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ee4c24d213..6227f3d0b0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -681,7 +681,8 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) { mbedtls_ssl_session *session = ssl->session_negotiate; - return( session != NULL && session->ticket != NULL ); + return( ssl->handshake->resume && + session != NULL && session->ticket != NULL ); } MBEDTLS_CHECK_RETURN_CRITICAL From c2bfaf00d955ec09dc337c95e720c0637d39ba89 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 11 Oct 2022 15:55:52 +0800 Subject: [PATCH 22/24] fix wrong typo Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- tests/opt-testcases/tls13-kex-modes.sh | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index cc65703182..61a1bad578 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -208,7 +208,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if( age_in_s > 604800 ) { MBEDTLS_SSL_DEBUG_MSG( - 3, ( "Ticket age exceed limitation ticket_age=%lu", + 3, ( "Ticket age exceeds limitation ticket_age=%lu", (long unsigned int)age_in_s ) ); goto exit; } diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 6c0489af0b..c8586d2c27 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -118,7 +118,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed -s "ticket is not authentic" \ -S "ticket is expired" \ -S "Invalid ticket start time" \ - -S "Ticket age exceed limitation" \ + -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ @@ -139,7 +139,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ -S "ticket is not authentic" \ -s "ticket is expired" \ -S "Invalid ticket start time" \ - -S "Ticket age exceed limitation" \ + -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ @@ -160,7 +160,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ -S "ticket is not authentic" \ -S "ticket is expired" \ -s "Invalid ticket start time" \ - -S "Ticket age exceed limitation" \ + -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ @@ -181,7 +181,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ -S "ticket is not authentic" \ -S "ticket is expired" \ -S "Invalid ticket start time" \ - -s "Ticket age exceed limitation" \ + -s "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ @@ -202,7 +202,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window -S "ticket is not authentic" \ -S "ticket is expired" \ -S "Invalid ticket start time" \ - -S "Ticket age exceed limitation" \ + -S "Ticket age exceeds limitation" \ -s "Ticket age outside tolerance window" requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ @@ -223,7 +223,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window -S "ticket is not authentic" \ -S "ticket is expired" \ -S "Invalid ticket start time" \ - -S "Ticket age exceed limitation" \ + -S "Ticket age exceeds limitation" \ -s "Ticket age outside tolerance window" requires_gnutls_tls1_3 From 22c18c14320b171ca3cc11eb022891f265fa09c5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 11 Oct 2022 15:58:51 +0800 Subject: [PATCH 23/24] Add NULL check in prepare hello `session_negotiate` is used directly in `ssl_prepare_client_hello` without NULL check. Add the check in the beggining to avoid segment fault. Signed-off-by: Jerry Yu --- library/ssl_client.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 2ed6ce6853..1b591253f8 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -713,26 +713,29 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len ); return( ret ); } - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) { int ret; size_t session_id_len; + mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; + + if( session_negotiate == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_HAVE_TIME) + /* Check if a tls13 ticket has been configured. */ - if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ssl->handshake->resume != 0 && - ssl->session_negotiate != NULL && - ssl->session_negotiate->ticket != NULL ) + if( ssl->handshake->resume != 0 && + session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && + session_negotiate->ticket != NULL ) { mbedtls_time_t now = mbedtls_time( NULL ); - if( ssl->session_negotiate->ticket_received > now || - (uint64_t)( now - ssl->session_negotiate->ticket_received ) - > ssl->session_negotiate->ticket_lifetime ) + uint64_t age = (uint64_t)( now - session_negotiate->ticket_received ); + if( session_negotiate->ticket_received > now || + age > session_negotiate->ticket_lifetime ) { /* Without valid ticket, disable session resumption.*/ MBEDTLS_SSL_DEBUG_MSG( @@ -761,7 +764,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) { if( ssl->handshake->resume ) { - ssl->tls_version = ssl->session_negotiate->tls_version; + ssl->tls_version = session_negotiate->tls_version; ssl->handshake->min_tls_version = ssl->tls_version; } else @@ -795,7 +798,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) * to zero, except in the case of a TLS 1.2 session renegotiation or * session resumption. */ - session_id_len = ssl->session_negotiate->id_len; + session_id_len = session_negotiate->id_len; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) @@ -818,8 +821,8 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { - if( ( ssl->session_negotiate->ticket != NULL ) && - ( ssl->session_negotiate->ticket_len != 0 ) ) + if( ( session_negotiate->ticket != NULL ) && + ( session_negotiate->ticket_len != 0 ) ) { session_id_len = 32; } @@ -851,13 +854,13 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - if( session_id_len != ssl->session_negotiate->id_len ) + if( session_id_len != session_negotiate->id_len ) { - ssl->session_negotiate->id_len = session_id_len; + session_negotiate->id_len = session_id_len; if( session_id_len > 0 ) { ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->session_negotiate->id, + session_negotiate->id, session_id_len ); if( ret != 0 ) { @@ -869,7 +872,6 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) return( 0 ); } - /* * Write ClientHello handshake message. * Handler for MBEDTLS_SSL_CLIENT_HELLO From c79742303d5aea0c94cc922452da2e7bfa267aa0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 11 Oct 2022 21:22:33 +0800 Subject: [PATCH 24/24] Remove unnecessary empty line and fix format issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 -- programs/ssl/ssl_server2.c | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 6227f3d0b0..2b59b4aae1 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -677,7 +677,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite ) } #if defined(MBEDTLS_SSL_SESSION_TICKETS) - static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl ) { mbedtls_ssl_session *session = ssl->session_negotiate; @@ -720,7 +719,6 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, return( 0 ); } - #endif /* MBEDTLS_SSL_SESSION_TICKETS */ static int ssl_tls13_has_configured_psk( const mbedtls_ssl_config *conf ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a68136c171..6242e6eeb9 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3013,7 +3013,9 @@ int main( int argc, char *argv[] ) opt.ticket_aead, opt.ticket_timeout ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret ); + mbedtls_printf( + " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", + ret ); goto exit; }