lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

fix various issues

Browse Source 
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
2022-09-30 10:00:20 +08:00
parent 19ae6f62c7
commit 8b41e893a2
1 changed files with 135 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
library/ssl_tls13_client.c
View File

@ -707,11 +707,20 @@ static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_tickets_get_identity( static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl, psa_algorithm_t *psa_alg, psa_algorithm_t *psa_alg,
const unsigned char **identity, size_t *identity_len ) const unsigned char **identity,
size_t *identity_len )
{ {
mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_session *session = ssl->session_negotiate;
*psa_alg = PSA_ALG_NONE;
*identity = NULL;
*identity_len = 0;
if( !ssl_tls13_has_configured_ticket( ssl ) )
return( -1 );
*psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite );
*identity = session->ticket; *identity = session->ticket;
*identity_len = session->ticket_len; *identity_len = session->ticket_len;
@ -719,14 +728,21 @@ static int ssl_tls13_session_tickets_get_identity(
} }
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_tickets_get_psk( mbedtls_ssl_context *ssl, static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl,
psa_algorithm_t *psa_alg, psa_algorithm_t *psa_alg,
const unsigned char **psk, const unsigned char **psk,
size_t *psk_len ) size_t *psk_len )
{ {
mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_session *session = ssl->session_negotiate;
*psa_alg = PSA_ALG_NONE;
*psk = NULL;
*psk_len = 0;
if( !ssl_tls13_has_configured_ticket( ssl ) )
return( -1 );
*psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite ); *psa_alg = ssl_tls13_ciphersuite_to_alg( ssl, session->ciphersuite );
*psk = session->resumption_key; *psk = session->resumption_key;
*psk_len = session->resumption_key_len; *psk_len = session->resumption_key_len;
@ -742,6 +758,12 @@ static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl,
const unsigned char **identity, const unsigned char **identity,
size_t *identity_len ) size_t *identity_len )
{ {
*psa_alg = PSA_ALG_NONE;
*identity = NULL;
*identity_len = 0;
if( !ssl_tls13_has_configured_psk( ssl ) )
return( -1 );
*psa_alg = PSA_ALG_SHA_256; *psa_alg = PSA_ALG_SHA_256;
*identity = ssl->conf->psk_identity; *identity = ssl->conf->psk_identity;
@ -755,35 +777,19 @@ static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl,
const unsigned char **psk, const unsigned char **psk,
size_t *psk_len ) size_t *psk_len )
{ {
*psa_alg = PSA_ALG_NONE;
*psk = NULL;
*psk_len = 0;
if( !ssl_tls13_has_configured_psk( ssl ) )
return( -1 );
*psa_alg = PSA_ALG_SHA_256; *psa_alg = PSA_ALG_SHA_256;
*psk = ssl->conf->psk; *psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len; *psk_len = ssl->conf->psk_len;
return( 0 ); return( 0 );
} }
/*
* mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure:
*
* struct {
* opaque identity<1..2^16-1>;
* uint32 obfuscated_ticket_age;
* } PskIdentity;
*
* opaque PskBinderEntry<32..255>;
*
* struct {
* PskIdentity identities<7..2^16-1>;
* PskBinderEntry binders<33..2^16-1>;
* } OfferedPsks;
*
* struct {
* select (Handshake.msg_type) {
* case client_hello: OfferedPsks;
* ...
* };
* } PreSharedKeyExtension;
*
*/
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl, static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
@ -806,7 +812,7 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl,
{ {
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
if( ssl_tls13_session_tickets_get_identity( if( ssl_tls13_ticket_get_identity(
ssl, &psa_alg, &identity, &identity_len ) == 0 ) ssl, &psa_alg, &identity, &identity_len ) == 0 )
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
@ -858,6 +864,103 @@ static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
int psk_type,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
const unsigned char *psk;
psa_algorithm_t psa_alg = PSA_ALG_NONE;
size_t psk_len;
unsigned char binder_len;
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len = 0;
*out_len = 0;
switch( psk_type )
{
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME)
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
if( ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
break;
default:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
binder_len = PSA_HASH_LENGTH( psa_alg );
if( binder_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/*
* - binder_len (1 bytes)
* - binder (binder_len bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len );
p[0] = binder_len;
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
ssl, mbedtls_hash_info_md_from_psa( psa_alg ),
transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg,
psk, psk_len, psk_type,
transcript, p + 1 );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len );
*out_len = 1 + binder_len;
return( ret );
}
/*
* mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure:
*
* struct {
* opaque identity<1..2^16-1>;
* uint32 obfuscated_ticket_age;
* } PskIdentity;
*
* opaque PskBinderEntry<32..255>;
*
* struct {
* PskIdentity identities<7..2^16-1>;
* PskBinderEntry binders<33..2^16-1>;
* } OfferedPsks;
*
* struct {
* select (Handshake.msg_type) {
* case client_hello: OfferedPsks;
* ...
* };
* } PreSharedKeyExtension;
*
*/
int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end, unsigned char *buf, unsigned char *end,
@ -938,82 +1041,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
int psk_type,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
const unsigned char *psk;
psa_algorithm_t psa_alg = PSA_ALG_NONE;
size_t psk_len;
unsigned char binder_len;
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len = 0;
*out_len = 0;
switch( psk_type )
{
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME)
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
if( ssl_tls13_session_tickets_get_psk(
ssl, &psa_alg, &psk, &psk_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME*/
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
if( ssl_tls13_psk_get_psk( ssl, &psa_alg, &psk, &psk_len ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
break;
default:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
binder_len = PSA_HASH_LENGTH( psa_alg );
if( binder_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/*
* - binder_len (1 bytes)
* - binder (binder_len bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + binder_len );
p[0] = binder_len;
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
ssl, mbedtls_hash_info_md_from_psa( psa_alg ),
transcript, MBEDTLS_MD_MAX_SIZE, &transcript_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psa_alg,
psk, psk_len, psk_type,
transcript, p + 1 );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", p, 1 + binder_len );
*out_len = 1 + binder_len;
return( ret );
}
int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end ) mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end )
{ {
@ -1135,8 +1162,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
{ {
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
ret = ssl_tls13_session_tickets_get_psk( ret = ssl_tls13_ticket_get_psk( ssl, &psa_alg, &psk, &psk_len );
ssl, &psa_alg, &psk, &psk_len );
break; break;
#endif #endif
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: