From 471dee5a128a33da461eaf7e546188b99572f7bb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 16:33:14 +0800 Subject: [PATCH 01/33] Add debug helpers to track extensions Signed-off-by: Jerry Yu --- library/ssl_debug_helpers.h | 21 ++++++ library/ssl_tls13_generic.c | 126 ++++++++++++++++++++++++++++++++++++ library/ssl_tls13_server.c | 60 +---------------- 3 files changed, 150 insertions(+), 57 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 9f1df736bd..07e8c7103f 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -45,4 +45,25 @@ const char *mbedtls_ssl_named_group_to_str( uint16_t in ); #endif /* MBEDTLS_DEBUG_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_DEBUG_C) + +const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ); + +void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + const char *hs_msg_name, + uint32_t extensions_present ); + +#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) \ + mbedtls_ssl_tls13_print_extensions( \ + ssl, level, __FILE__, __LINE__, hs_msg_name, extensions_present ) +#else + +#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) + +#endif + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #endif /* SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 48e3675820..662e6f4c81 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,4 +1485,130 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( "server_name" ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( "max_fragment_length" ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( "status_request" ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( "supported_groups" ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( "signature_algorithms" ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( "use_srtp" ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( "heartbeat" ); + + case MBEDTLS_TLS_EXT_ALPN: + return( "application_layer_protocol_negotiation" ); + + case MBEDTLS_TLS_EXT_SCT: + return( "signed_certificate_timestamp" ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( "client_certificate_type" ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( "server_certificate_type" ); + + case MBEDTLS_TLS_EXT_PADDING: + return( "padding" ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( "pre_shared_key" ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( "early_data" ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( "supported_versions" ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( "cookie" ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( "psk_key_exchange_modes" ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( "certificate_authorities" ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( "oid_filters" ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( "post_handshake_auth" ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( "signature_algorithms_cert" ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( "key_share" ); + }; + + return( "unknown" ); +} + +void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + const char *hs_msg_name, + uint32_t extensions_present ) +{ + static const struct{ + uint32_t extension_mask; + const char *extension_name; + } mask_to_str_table[] = { + { MBEDTLS_SSL_EXT_SERVERNAME, "server_name" }, + { MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH, "max_fragment_length" }, + { MBEDTLS_SSL_EXT_STATUS_REQUEST, "status_request" }, + { MBEDTLS_SSL_EXT_SUPPORTED_GROUPS, "supported_groups" }, + { MBEDTLS_SSL_EXT_SIG_ALG, "signature_algorithms" }, + { MBEDTLS_SSL_EXT_USE_SRTP, "use_srtp" }, + { MBEDTLS_SSL_EXT_HEARTBEAT, "heartbeat" }, + { MBEDTLS_SSL_EXT_ALPN, "application_layer_protocol_negotiation" }, + { MBEDTLS_SSL_EXT_SCT, "signed_certificate_timestamp" }, + { MBEDTLS_SSL_EXT_CLI_CERT_TYPE, "client_certificate_type" }, + { MBEDTLS_SSL_EXT_SERV_CERT_TYPE, "server_certificate_type" }, + { MBEDTLS_SSL_EXT_PADDING, "padding" }, + { MBEDTLS_SSL_EXT_PRE_SHARED_KEY, "pre_shared_key" }, + { MBEDTLS_SSL_EXT_EARLY_DATA, "early_data" }, + { MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS, "supported_versions" }, + { MBEDTLS_SSL_EXT_COOKIE, "cookie" }, + { MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, + { MBEDTLS_SSL_EXT_CERT_AUTH, "certificate_authorities" }, + { MBEDTLS_SSL_EXT_OID_FILTERS, "oid_filters" }, + { MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" }, + { MBEDTLS_SSL_EXT_SIG_ALG_CERT, "signature_algorithms_cert" }, + { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } }; + + mbedtls_debug_print_msg( ssl, level, file, line, + "extension list of %s:", hs_msg_name ); + + for( unsigned i = 0; + i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] ); + i++ ) + { + const char *extension_name = mask_to_str_table[i].extension_name; + uint32_t is_present = extensions_present & + mask_to_str_table[i].extension_mask; + + mbedtls_debug_print_msg( ssl, level, file, line, + "- %s extension ( %s )", extension_name, + is_present ? "true" : "false" ); + } +} + +#endif /* MBEDTLS_DEBUG_C */ + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3762393b96..b24aa4a8c5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -926,56 +926,6 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C */ -#if defined(MBEDTLS_DEBUG_C) -static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl ) -{ - ((void) ssl); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- KEY_SHARE_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PRE_SHARED_KEY_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_GROUPS_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_VERSION_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SERVERNAME_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined ( MBEDTLS_SSL_ALPN ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- ALPN_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_ALPN */ -} -#endif /* MBEDTLS_DEBUG_C */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, int exts_mask ) @@ -1655,18 +1605,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, default: MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %ud ( ignoring )", - extension_type ) ); + ( "client hello: received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); } p += extension_data_len; } -#if defined(MBEDTLS_DEBUG_C) - /* List all the extensions we have received */ - ssl_tls13_debug_print_client_hello_exts( ssl ); -#endif /* MBEDTLS_DEBUG_C */ - mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf ); From e18dc7eb9ac8d4d4161dace796c436cb6a2ef225 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 16:29:22 +0800 Subject: [PATCH 02/33] Add forbidden extensions check for ClientHello Signed-off-by: Jerry Yu --- library/ssl_misc.h | 173 ++++++++++++++++++++++++++++++++++++- library/ssl_tls13_server.c | 57 +++++++++--- 2 files changed, 216 insertions(+), 14 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 41bb9c514d..cf3010a8fa 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,6 +103,93 @@ #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) +/* Except ServerHello, other message should ignore unrecognized extension. + * + * RFC 8446 page 31 + * + * The ServerHello MUST only include extensions which are required to establish + * the cryptographic context and negotiate the protocol version. + * + * RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which is + * not specified for the message in which it appears, it MUST abort the handshake + * with an "illegal_parameter" alert. + */ +#define MBEDTLS_SSL_EXT_UNRECOGNIZED ( 1U << 31 ) + +/* RFC 8446 page 36. Allowed extensions for ClienHello */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ + ( MBEDTLS_SSL_EXT_SERVERNAME | \ + MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ + MBEDTLS_SSL_EXT_STATUS_REQUEST | \ + MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | \ + MBEDTLS_SSL_EXT_SIG_ALG | \ + MBEDTLS_SSL_EXT_USE_SRTP | \ + MBEDTLS_SSL_EXT_HEARTBEAT | \ + MBEDTLS_SSL_EXT_ALPN | \ + MBEDTLS_SSL_EXT_SCT | \ + MBEDTLS_SSL_EXT_CLI_CERT_TYPE | \ + MBEDTLS_SSL_EXT_SERV_CERT_TYPE | \ + MBEDTLS_SSL_EXT_PADDING | \ + MBEDTLS_SSL_EXT_KEY_SHARE | \ + MBEDTLS_SSL_EXT_PRE_SHARED_KEY | \ + MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES | \ + MBEDTLS_SSL_EXT_EARLY_DATA | \ + MBEDTLS_SSL_EXT_COOKIE | \ + MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS | \ + MBEDTLS_SSL_EXT_CERT_AUTH | \ + MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH | \ + MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + +/* RFC 8446 page 36. Allowed extensions for EncryptedExtensions */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ + ( MBEDTLS_SSL_EXT_SERVERNAME | \ + MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ + MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | \ + MBEDTLS_SSL_EXT_USE_SRTP | \ + MBEDTLS_SSL_EXT_HEARTBEAT | \ + MBEDTLS_SSL_EXT_ALPN | \ + MBEDTLS_SSL_EXT_CLI_CERT_TYPE | \ + MBEDTLS_SSL_EXT_SERV_CERT_TYPE | \ + MBEDTLS_SSL_EXT_EARLY_DATA | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + +/* RFC 8446 page 36. Allowed extensions for CertificateRequest */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ + ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ + MBEDTLS_SSL_EXT_SIG_ALG | \ + MBEDTLS_SSL_EXT_SCT | \ + MBEDTLS_SSL_EXT_CERT_AUTH | \ + MBEDTLS_SSL_EXT_OID_FILTERS | \ + MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + +/* RFC 8446 page 36. Allowed extensions for Certificate */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ + ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ + MBEDTLS_SSL_EXT_SCT | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + +/* RFC 8446 page 36. Allowed extensions for ServerHello */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ + ( MBEDTLS_SSL_EXT_KEY_SHARE | \ + MBEDTLS_SSL_EXT_PRE_SHARED_KEY | \ + MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) + +/* RFC 8446 page 36. Allowed extensions for HelloRetryRequest */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ + ( MBEDTLS_SSL_EXT_KEY_SHARE | \ + MBEDTLS_SSL_EXT_COOKIE | \ + MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + +/* RFC 8446 page 36. Allowed extensions for NewSessionTicket */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ + ( MBEDTLS_SSL_EXT_EARLY_DATA | \ + MBEDTLS_SSL_EXT_UNRECOGNIZED ) + /* * Helper macros for function call with return check. */ @@ -858,7 +945,7 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int extensions_present; /*!< extension presence; Each bitfield + uint32_t extensions_present; /*!< extension presence; Each bitfield represents an extension and defined as \c MBEDTLS_SSL_EXT_XXX */ @@ -1838,6 +1925,90 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +/* + * Helper functions to check if the extension is allowed or forbiden + */ +static inline int mbedtls_ssl_tls13_has_extensions( mbedtls_ssl_context *ssl, + int extensions_mask ) +{ + int masked = ssl->handshake->extensions_present & extensions_mask; + return( masked != 0 ); +} + +static inline int mbedtls_tls13_get_extension_mask( uint16_t extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( MBEDTLS_SSL_EXT_SERVERNAME ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( MBEDTLS_SSL_EXT_STATUS_REQUEST ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( MBEDTLS_SSL_EXT_SIG_ALG ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( MBEDTLS_SSL_EXT_USE_SRTP ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( MBEDTLS_SSL_EXT_HEARTBEAT ); + + case MBEDTLS_TLS_EXT_ALPN: + return( MBEDTLS_SSL_EXT_ALPN ); + + case MBEDTLS_TLS_EXT_SCT: + return( MBEDTLS_SSL_EXT_SCT ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( MBEDTLS_SSL_EXT_CLI_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( MBEDTLS_SSL_EXT_SERV_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_PADDING: + return( MBEDTLS_SSL_EXT_PADDING ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( MBEDTLS_SSL_EXT_PRE_SHARED_KEY ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( MBEDTLS_SSL_EXT_EARLY_DATA ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( MBEDTLS_SSL_EXT_COOKIE ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( MBEDTLS_SSL_EXT_CERT_AUTH ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( MBEDTLS_SSL_EXT_OID_FILTERS ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( MBEDTLS_SSL_EXT_SIG_ALG_CERT ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( MBEDTLS_SSL_EXT_KEY_SHARE ); + }; + + return( MBEDTLS_SSL_EXT_UNRECOGNIZED ); +} + /* * Helper functions to check the selected key exchange mode. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b24aa4a8c5..32f64d73c9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1239,6 +1239,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *cipher_suites_end; size_t extensions_len; const unsigned char *extensions_end; + uint32_t extensions_present; int hrr_required = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1247,7 +1248,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *pre_shared_key_ext_end = NULL; #endif - ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + extensions_present = MBEDTLS_SSL_EXT_NONE; /* * ClientHello layout: @@ -1431,7 +1432,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) + if( extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); @@ -1449,6 +1450,27 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which + * is not specified for the message in which it appears, it MUST abort the + * handshake with an "illegal_parameter" alert. + */ + extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello : received %s(%u) extension", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "forbidden extension received." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + switch( extension_type ) { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -1462,7 +1484,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, 1, "mbedtls_ssl_parse_servername_ext", ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME; break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ @@ -1485,7 +1506,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; break; #endif /* MBEDTLS_ECDH_C */ @@ -1515,7 +1535,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; break; #endif /* MBEDTLS_ECDH_C */ @@ -1530,7 +1549,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ( "ssl_tls13_parse_supported_versions_ext" ), ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS; break; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1546,13 +1564,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; break; #endif case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( ( ssl->handshake->extensions_present & + if( ( extensions_present & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( @@ -1567,8 +1584,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, */ pre_shared_key_ext = p; pre_shared_key_ext_end = extension_data_end; -#endif - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ break; #if defined(MBEDTLS_SSL_ALPN) @@ -1582,7 +1598,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, 1, ( "mbedtls_ssl_parse_alpn_ext" ), ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN; break; #endif /* MBEDTLS_SSL_ALPN */ @@ -1599,7 +1614,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ret ) ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; break; #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ @@ -1613,6 +1627,22 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, p += extension_data_len; } + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "ClientHello", extensions_present ); + + /* RFC 8446 page 102 + * - "supported_versions" is REQUIRED for all ClientHello, ServerHello, and + * HelloRetryRequest messages. + */ + if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "client hello: supported_versions not found" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, p - buf ); @@ -1636,7 +1666,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; } else if( ret != 0 ) { @@ -1651,6 +1681,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum( ssl, buf, p - buf ); } + ssl->handshake->extensions_present = extensions_present; ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); From cbd082f396eabdba054c03215b6636c254275d87 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 16:55:10 +0800 Subject: [PATCH 03/33] Add extension check for EncryptedExtensions Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 40 +++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ac19f63081..db0eb44d75 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -32,6 +32,7 @@ #include "ssl_misc.h" #include "ssl_client.h" #include "ssl_tls13_keys.h" +#include "ssl_debug_helpers.h" /* Write extensions */ @@ -1969,6 +1970,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, size_t extensions_len; const unsigned char *p = buf; const unsigned char *extensions_end; + uint32_t extensions_present; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -1978,6 +1980,8 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; + extensions_present = MBEDTLS_SSL_EXT_NONE; + while( p < extensions_end ) { unsigned int extension_type; @@ -1996,10 +2000,27 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - /* The client MUST check EncryptedExtensions for the - * presence of any forbidden extensions and if any are found MUST abort - * the handshake with an "unsupported_extension" alert. + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which + * is not specified for the message in which it appears, it MUST abort the + * handshake with an "illegal_parameter" alert. */ + extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "encrypted extensions : received %s(%u) extension", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "forbidden extension received." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + switch( extension_type ) { case MBEDTLS_TLS_EXT_SERVERNAME: @@ -2024,17 +2045,18 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "unsupported extension found: %u ", extension_type) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); - return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "encrypted extensions: received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + break; } p += extension_data_len; } + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "EncrypedExtensions", extensions_present ); + /* Check that we consumed all the message. */ if( p != end ) { From c55a6af9eb9749cba60c67954b4d077e21e9d0ac Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 17:01:21 +0800 Subject: [PATCH 04/33] Add extensions check for CertificateRequest Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 66 +++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index db0eb44d75..599f488be5 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2162,7 +2162,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, size_t certificate_request_context_len = 0; size_t extensions_len = 0; const unsigned char *extensions_end; - unsigned char sig_alg_ext_found = 0; + uint32_t extensions_present; /* ... * opaque certificate_request_context<0..2^8-1> @@ -2202,10 +2202,13 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; + extensions_present = MBEDTLS_SSL_EXT_NONE; + while( p < extensions_end ) { unsigned int extension_type; size_t extension_data_len; + uint32_t extension_mask; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2214,6 +2217,38 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which + * is not specified for the message in which it appears, it MUST abort the + * handshake with an "illegal_parameter" alert. + */ + extension_mask = mbedtls_tls13_get_extension_mask( extension_type ); + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "encrypted extensions : received %s(%u) extension", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extension_mask & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "forbidden extension received." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + if( extensions_present & extension_mask ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Duplicate %s extensions found", + mbedtls_tls13_get_extension_name( extension_type ) ) ); + goto decode_error; + + } + extensions_present |= extension_mask; + switch( extension_type ) { case MBEDTLS_TLS_EXT_SIG_ALG: @@ -2223,25 +2258,22 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, p + extension_data_len ); if( ret != 0 ) return( ret ); - if( ! sig_alg_ext_found ) - sig_alg_ext_found = 1; - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Duplicate signature algorithms extensions found" ) ); - goto decode_error; - } + break; default: - MBEDTLS_SSL_DEBUG_MSG( - 3, - ( "unknown extension found: %u ( ignoring )", - extension_type ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "certificate request: received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); break; } + p += extension_data_len; } + + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "CertificateRequest", extensions_present ); + /* Check that we consumed all the message. */ if( p != end ) { @@ -2249,8 +2281,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, ( "CertificateRequest misaligned" ) ); goto decode_error; } - /* Check that we found signature algorithms extension */ - if( ! sig_alg_ext_found ) + + /* RFC 8446 page 60 + * + * The "signature_algorithms" extension MUST be specified + */ + if( ( extensions_present & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); From 2eaa76044b13e6ced8d828438629718c3221cc2f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 17:28:15 +0800 Subject: [PATCH 05/33] Add extension check for Certificate Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 59 ++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 662e6f4c81..bd56666a97 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -447,6 +447,8 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, while( p < certificate_list_end ) { size_t cert_data_len, extensions_len; + const unsigned char *extensions_end; + uint32_t extensions_present; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 ); cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 ); @@ -504,7 +506,62 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); - p += extensions_len; + + extensions_end = p + extensions_len; + extensions_present = MBEDTLS_SSL_EXT_NONE; + + while( p < extensions_end ) + { + unsigned int extension_type; + size_t extension_data_len; + + /* + * struct { + * ExtensionType extension_type; (2 bytes) + * opaque extension_data<0..2^16-1>; + * } Extension; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); + extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); + extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and + * which is not specified for the message in which it appears, it MUST + * abort the handshake with an "illegal_parameter" alert. + */ + extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "encrypted extensions : received %s(%u) extension", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "forbidden extension received." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + switch( extension_type ) + { + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Certificate: received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + break; + } + + p += extension_data_len; + } + + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "Certificate", extensions_present ); } exit: From 2c5363e58b92c245e03dd0ad3997622d6bedf320 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 17:42:49 +0800 Subject: [PATCH 06/33] Add extension check for ServerHello and HRR Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 50 +++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 599f488be5..f42e591bdc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1496,6 +1496,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, mbedtls_ssl_handshake_params *handshake = ssl->handshake; size_t extensions_len; const unsigned char *extensions_end; + uint32_t extensions_present, allowed_extension_mask; uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; int fatal_alert = 0; @@ -1641,6 +1642,11 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); + extensions_present = MBEDTLS_SSL_EXT_NONE; + allowed_extension_mask = is_hrr ? + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; + while( p < extensions_end ) { unsigned int extension_type; @@ -1655,6 +1661,24 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which + * is not specified for the message in which it appears, it MUST abort the + * handshake with an "illegal_parameter" alert. + */ + extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "%s: received %s(%u) extension", + is_hrr ? "hello retry request" : "server hello", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extensions_present & allowed_extension_mask ) == 0 ) + { + fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; + goto cleanup; + } + switch( extension_type ) { case MBEDTLS_TLS_EXT_COOKIE: @@ -1727,18 +1751,32 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_DEBUG_MSG( - 3, - ( "unknown extension found: %u ( ignoring )", + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "%s: ignore %s(%u) extension", + is_hrr ? "hello retry request" : "server hello", + mbedtls_tls13_get_extension_name( extension_type ), extension_type ) ); - - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; + break; } p += extension_data_len; } + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( + 3, is_hrr ? "HelloRetryRequest" : "ServerHello", extensions_present ); + + /* RFC 8446 page 102 + * - "supported_versions" is REQUIRED for all ClientHello, ServerHello, and + * HelloRetryRequest messages. + */ + if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "%s: supported_versions not found", + is_hrr ? "hello retry request" : "server hello" ) ); + fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; + } + cleanup: if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ) From 6ba9f1c959cdcb30e0da23c1a7ced1ceb85e73a6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 4 Aug 2022 17:53:25 +0800 Subject: [PATCH 07/33] Add extension check for NewSessionTicket Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f42e591bdc..1abe09e5ed 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2565,9 +2565,12 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *end ) { const unsigned char *p = buf; + uint32_t extensions_present; ((void) ssl); + extensions_present = MBEDTLS_SSL_EXT_NONE; + while( p < end ) { unsigned int extension_type; @@ -2580,6 +2583,27 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); + /* RFC 8446 page 35 + * + * If an implementation receives an extension which it recognizes and which + * is not specified for the message in which it appears, it MUST abort the + * handshake with an "illegal_parameter" alert. + */ + extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "NewSessionTicket : received %s(%u) extension", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); + if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "forbidden extension received." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + switch( extension_type ) { case MBEDTLS_TLS_EXT_EARLY_DATA: @@ -2587,11 +2611,18 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, break; default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "NewSessionTicket : received %s(%u) extension ( ignored )", + mbedtls_tls13_get_extension_name( extension_type ), + extension_type ) ); break; } + p += extension_data_len; } + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "NewSessionTicket", extensions_present ); + return( 0 ); } From d15992d3ce5aba001a843b0b832cbbf3a4cd8da5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 10:58:31 +0800 Subject: [PATCH 08/33] fix wrong setting of unrecognized ext Signed-off-by: Jerry Yu --- library/ssl_misc.h | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cf3010a8fa..aaa910fc81 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,14 +103,18 @@ #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) -/* Except ServerHello, other message should ignore unrecognized extension. +/* For request messages, we should just ignore unrecognized extension when + * parsing messages. For response messages, we should not ignore unrecognized + * extension when parsing messages. Request messages include ClientHello, + * Certificate and NewSessionTicket. Response messages include ServerHello, + * EncryptExtensions, Certificate and HelloRetryRequest. * - * RFC 8446 page 31 + * RFC 8446 section 4.1.3 * * The ServerHello MUST only include extensions which are required to establish * the cryptographic context and negotiate the protocol version. * - * RFC 8446 page 35 + * RFC 8446 section 4.2 * * If an implementation receives an extension which it recognizes and which is * not specified for the message in which it appears, it MUST abort the handshake @@ -118,7 +122,7 @@ */ #define MBEDTLS_SSL_EXT_UNRECOGNIZED ( 1U << 31 ) -/* RFC 8446 page 36. Allowed extensions for ClienHello */ +/* RFC 8446 section 4.2. Allowed extensions for ClienHello */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ ( MBEDTLS_SSL_EXT_SERVERNAME | \ MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ @@ -143,7 +147,7 @@ MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ MBEDTLS_SSL_EXT_UNRECOGNIZED ) -/* RFC 8446 page 36. Allowed extensions for EncryptedExtensions */ +/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ ( MBEDTLS_SSL_EXT_SERVERNAME | \ MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ @@ -153,10 +157,9 @@ MBEDTLS_SSL_EXT_ALPN | \ MBEDTLS_SSL_EXT_CLI_CERT_TYPE | \ MBEDTLS_SSL_EXT_SERV_CERT_TYPE | \ - MBEDTLS_SSL_EXT_EARLY_DATA | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + MBEDTLS_SSL_EXT_EARLY_DATA ) -/* RFC 8446 page 36. Allowed extensions for CertificateRequest */ +/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ MBEDTLS_SSL_EXT_SIG_ALG | \ @@ -166,26 +169,24 @@ MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ MBEDTLS_SSL_EXT_UNRECOGNIZED ) -/* RFC 8446 page 36. Allowed extensions for Certificate */ +/* RFC 8446 section 4.2. Allowed extensions for Certificate */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ - MBEDTLS_SSL_EXT_SCT | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + MBEDTLS_SSL_EXT_SCT ) -/* RFC 8446 page 36. Allowed extensions for ServerHello */ +/* RFC 8446 section 4.2. Allowed extensions for ServerHello */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ ( MBEDTLS_SSL_EXT_KEY_SHARE | \ MBEDTLS_SSL_EXT_PRE_SHARED_KEY | \ MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) -/* RFC 8446 page 36. Allowed extensions for HelloRetryRequest */ +/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ ( MBEDTLS_SSL_EXT_KEY_SHARE | \ MBEDTLS_SSL_EXT_COOKIE | \ - MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) -/* RFC 8446 page 36. Allowed extensions for NewSessionTicket */ +/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ ( MBEDTLS_SSL_EXT_EARLY_DATA | \ MBEDTLS_SSL_EXT_UNRECOGNIZED ) From 43ff252688c77568d3a19f43e75efa96effbee60 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 12:58:05 +0800 Subject: [PATCH 09/33] Remove unnecessary checks. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 1abe09e5ed..5b7a14a289 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1683,12 +1683,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, { case MBEDTLS_TLS_EXT_COOKIE: - if( !is_hrr ) - { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } - ret = ssl_tls13_parse_cookie_ext( ssl, p, extension_data_end ); if( ret != 0 ) @@ -1711,11 +1705,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( is_hrr ) - { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext( ssl, p, extension_data_end ) ) != 0 ) @@ -1765,18 +1754,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, is_hrr ? "HelloRetryRequest" : "ServerHello", extensions_present ); - /* RFC 8446 page 102 - * - "supported_versions" is REQUIRED for all ClientHello, ServerHello, and - * HelloRetryRequest messages. - */ - if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "%s: supported_versions not found", - is_hrr ? "hello retry request" : "server hello" ) ); - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - cleanup: if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ) @@ -2277,14 +2254,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - if( extensions_present & extension_mask ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Duplicate %s extensions found", - mbedtls_tls13_get_extension_name( extension_type ) ) ); - goto decode_error; - - } extensions_present |= extension_mask; switch( extension_type ) From 9872eb2d691602f51fae5629c2ff606666c25f80 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 13:42:01 +0800 Subject: [PATCH 10/33] change return type for unexpected extension Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 5b7a14a289..2e0599d008 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1740,12 +1740,13 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "%s: ignore %s(%u) extension", + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "%s: unexpected extension (%s(%u)) received .", is_hrr ? "hello retry request" : "server hello", mbedtls_tls13_get_extension_name( extension_type ), extension_type ) ); - break; + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto cleanup; } p += extension_data_len; From ffa15827933a9fcc5af5fb39155a4650e56bb48d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 15:19:42 +0800 Subject: [PATCH 11/33] move get_extension mask Signed-off-by: Jerry Yu --- library/ssl_misc.h | 81 +------------------------------------ library/ssl_tls13_generic.c | 74 +++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 79 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index aaa910fc81..10ebfff988 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1927,88 +1927,11 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* - * Helper functions to check if the extension is allowed or forbiden + * Helper functions for extensions checking and convert. */ -static inline int mbedtls_ssl_tls13_has_extensions( mbedtls_ssl_context *ssl, - int extensions_mask ) -{ - int masked = ssl->handshake->extensions_present & extensions_mask; - return( masked != 0 ); -} -static inline int mbedtls_tls13_get_extension_mask( uint16_t extension_type ) -{ - switch( extension_type ) - { - case MBEDTLS_TLS_EXT_SERVERNAME: - return( MBEDTLS_SSL_EXT_SERVERNAME ); +uint32_t mbedtls_tls13_get_extension_mask( uint16_t extension_type ); - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - return( MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ); - - case MBEDTLS_TLS_EXT_STATUS_REQUEST: - return( MBEDTLS_SSL_EXT_STATUS_REQUEST ); - - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - return( MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ); - - case MBEDTLS_TLS_EXT_SIG_ALG: - return( MBEDTLS_SSL_EXT_SIG_ALG ); - - case MBEDTLS_TLS_EXT_USE_SRTP: - return( MBEDTLS_SSL_EXT_USE_SRTP ); - - case MBEDTLS_TLS_EXT_HEARTBEAT: - return( MBEDTLS_SSL_EXT_HEARTBEAT ); - - case MBEDTLS_TLS_EXT_ALPN: - return( MBEDTLS_SSL_EXT_ALPN ); - - case MBEDTLS_TLS_EXT_SCT: - return( MBEDTLS_SSL_EXT_SCT ); - - case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: - return( MBEDTLS_SSL_EXT_CLI_CERT_TYPE ); - - case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: - return( MBEDTLS_SSL_EXT_SERV_CERT_TYPE ); - - case MBEDTLS_TLS_EXT_PADDING: - return( MBEDTLS_SSL_EXT_PADDING ); - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - return( MBEDTLS_SSL_EXT_PRE_SHARED_KEY ); - - case MBEDTLS_TLS_EXT_EARLY_DATA: - return( MBEDTLS_SSL_EXT_EARLY_DATA ); - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - return( MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ); - - case MBEDTLS_TLS_EXT_COOKIE: - return( MBEDTLS_SSL_EXT_COOKIE ); - - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - return( MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ); - - case MBEDTLS_TLS_EXT_CERT_AUTH: - return( MBEDTLS_SSL_EXT_CERT_AUTH ); - - case MBEDTLS_TLS_EXT_OID_FILTERS: - return( MBEDTLS_SSL_EXT_OID_FILTERS ); - - case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: - return( MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ); - - case MBEDTLS_TLS_EXT_SIG_ALG_CERT: - return( MBEDTLS_SSL_EXT_SIG_ALG_CERT ); - - case MBEDTLS_TLS_EXT_KEY_SHARE: - return( MBEDTLS_SSL_EXT_KEY_SHARE ); - }; - - return( MBEDTLS_SSL_EXT_UNRECOGNIZED ); -} /* * Helper functions to check the selected key exchange mode. diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index bd56666a97..5eac1f1b14 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1542,6 +1542,80 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +uint32_t mbedtls_tls13_get_extension_mask( uint16_t extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( MBEDTLS_SSL_EXT_SERVERNAME ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( MBEDTLS_SSL_EXT_STATUS_REQUEST ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( MBEDTLS_SSL_EXT_SIG_ALG ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( MBEDTLS_SSL_EXT_USE_SRTP ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( MBEDTLS_SSL_EXT_HEARTBEAT ); + + case MBEDTLS_TLS_EXT_ALPN: + return( MBEDTLS_SSL_EXT_ALPN ); + + case MBEDTLS_TLS_EXT_SCT: + return( MBEDTLS_SSL_EXT_SCT ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( MBEDTLS_SSL_EXT_CLI_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( MBEDTLS_SSL_EXT_SERV_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_PADDING: + return( MBEDTLS_SSL_EXT_PADDING ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( MBEDTLS_SSL_EXT_PRE_SHARED_KEY ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( MBEDTLS_SSL_EXT_EARLY_DATA ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( MBEDTLS_SSL_EXT_COOKIE ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( MBEDTLS_SSL_EXT_CERT_AUTH ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( MBEDTLS_SSL_EXT_OID_FILTERS ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( MBEDTLS_SSL_EXT_SIG_ALG_CERT ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( MBEDTLS_SSL_EXT_KEY_SHARE ); + }; + + return( MBEDTLS_SSL_EXT_UNRECOGNIZED ); +} + #if defined(MBEDTLS_DEBUG_C) const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) { From 0c354a211bed62b86e8c00b6eb806e16e0dc563a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 Aug 2022 15:25:36 +0800 Subject: [PATCH 12/33] introduce sent/recv extensions field And remove `extensions_present` Signed-off-by: Jerry Yu --- library/ssl_client.c | 24 ++++- library/ssl_debug_helpers.h | 6 +- library/ssl_misc.h | 17 +++- library/ssl_tls.c | 8 +- library/ssl_tls13_client.c | 189 +++++++++++++++--------------------- library/ssl_tls13_generic.c | 118 +++++++++++++++++----- library/ssl_tls13_server.c | 64 ++++-------- 7 files changed, 235 insertions(+), 191 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index d9c6781592..b0d2dcf3ca 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -106,6 +106,14 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, *olen = hostname_len + 9; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_SERVERNAME ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_SERVERNAME ) ) ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ @@ -177,6 +185,14 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */ MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_ALPN ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_ALPN ) ) ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -296,7 +312,11 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ) ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); @@ -557,7 +577,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* Keeping track of the included extensions */ - handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + handshake->sent_extensions = MBEDTLS_SSL_EXT_NONE; #endif /* First write extensions, then the total length */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 07e8c7103f..6b97bc6523 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -52,12 +52,12 @@ const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ); void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, int level, const char *file, int line, - const char *hs_msg_name, + int hs_msg_type, uint32_t extensions_present ); -#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) \ +#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_type, extensions_present ) \ mbedtls_ssl_tls13_print_extensions( \ - ssl, level, __FILE__, __LINE__, hs_msg_name, extensions_present ) + ssl, level, __FILE__, __LINE__, hs_msg_type, extensions_present ) #else #define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 10ebfff988..b7f1440bb8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -946,9 +946,8 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint32_t extensions_present; /*!< extension presence; Each bitfield - represents an extension and defined - as \c MBEDTLS_SSL_EXT_XXX */ + uint32_t sent_extensions; /*!< extensions sent by endpoint */ + uint32_t received_extensions; /*!< extensions received by endpoint */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) unsigned char certificate_request_context_len; @@ -1932,6 +1931,18 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) uint32_t mbedtls_tls13_get_extension_mask( uint16_t extension_type ); +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, + int hs_msg_type, + uint32_t extension_type, + uint32_t allowed_mask ); + +static inline void mbedtls_tls13_set_sent_ext_mask( mbedtls_ssl_context *ssl, + uint16_t extension_type ) +{ + ssl->handshake->sent_extensions |= + mbedtls_tls13_get_extension_mask( extension_type ); +} /* * Helper functions to check the selected key exchange mode. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a49f774ed1..9947d39d82 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8713,8 +8713,14 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_SIG_ALG ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_SIG_ALG ) ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + return( 0 ); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2e0599d008..c29b90ee33 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -89,7 +89,12 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, } *out_len = 5 + versions_len; - + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) ) ); return( 0 ); } @@ -360,7 +365,13 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_KEY_SHARE ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_KEY_SHARE ) ) ); cleanup: @@ -513,7 +524,6 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, else return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; return( ret ); } @@ -601,6 +611,13 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, *out_len = handshake->hrr_cookie_len + 6; + + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_COOKIE ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_COOKIE ) ) ); return( 0 ); } @@ -670,7 +687,13 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, buf[4] = ke_modes_len; *out_len = p - buf; - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; + + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ) ) ); return ( 0 ); } @@ -982,8 +1005,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( 0 ); } @@ -1038,6 +1059,13 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf ); + mbedtls_tls13_set_sent_ext_mask( ssl, + MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + MBEDTLS_SSL_DEBUG_MSG( + 4, ( "sent %s extension", + mbedtls_tls13_get_extension_name( + MBEDTLS_TLS_EXT_PRE_SHARED_KEY ) ) ); + return( 0 ); } @@ -1110,8 +1138,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( 0 ); } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ @@ -1389,7 +1415,7 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl, ssl->session_negotiate->tls_version = ssl->tls_version; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ - handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; ret = ssl_server_hello_is_hrr( ssl, buf, end ); switch( ret ) @@ -1496,10 +1522,10 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, mbedtls_ssl_handshake_params *handshake = ssl->handshake; size_t extensions_len; const unsigned char *extensions_end; - uint32_t extensions_present, allowed_extension_mask; uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; int fatal_alert = 0; + uint32_t allowed_extensions_mask; /* * Check there is space for minimal fields @@ -1642,8 +1668,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); - extensions_present = MBEDTLS_SSL_EXT_NONE; - allowed_extension_mask = is_hrr ? + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + allowed_extensions_mask = is_hrr ? MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; @@ -1661,23 +1687,14 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and which - * is not specified for the message in which it appears, it MUST abort the - * handshake with an "illegal_parameter" alert. - */ - extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "%s: received %s(%u) extension", - is_hrr ? "hello retry request" : "server hello", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extensions_present & allowed_extension_mask ) == 0 ) - { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - goto cleanup; - } + ret = mbedtls_tls13_check_received_extensions( + ssl, + is_hrr ? + -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, + extension_type, + allowed_extensions_mask ); + if( ret != 0 ) + return( ret ); switch( extension_type ) { @@ -1740,11 +1757,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "%s: unexpected extension (%s(%u)) received .", - is_hrr ? "hello retry request" : "server hello", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } @@ -1753,7 +1765,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, is_hrr ? "HelloRetryRequest" : "ServerHello", extensions_present ); + 3, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, + ssl->handshake->received_extensions ); cleanup: @@ -1803,7 +1816,7 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) * 3) If only the key_share extension was received then the key * exchange mode is EPHEMERAL-only. */ - switch( handshake->extensions_present & + switch( handshake->received_extensions & ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) ) { /* Only the pre_shared_key extension was received */ @@ -1986,7 +1999,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, size_t extensions_len; const unsigned char *p = buf; const unsigned char *extensions_end; - uint32_t extensions_present; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -1996,7 +2008,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - extensions_present = MBEDTLS_SSL_EXT_NONE; + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -2016,26 +2028,11 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and which - * is not specified for the message in which it appears, it MUST abort the - * handshake with an "illegal_parameter" alert. - */ - extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "encrypted extensions : received %s(%u) extension", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "forbidden extension received." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + ret = mbedtls_tls13_check_received_extensions( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ); + if( ret != 0 ) + return( ret ); switch( extension_type ) { @@ -2071,7 +2068,8 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "EncrypedExtensions", extensions_present ); + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + ssl->handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2178,7 +2176,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, size_t certificate_request_context_len = 0; size_t extensions_len = 0; const unsigned char *extensions_end; - uint32_t extensions_present; /* ... * opaque certificate_request_context<0..2^8-1> @@ -2218,13 +2215,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - extensions_present = MBEDTLS_SSL_EXT_NONE; + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { unsigned int extension_type; size_t extension_data_len; - uint32_t extension_mask; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2233,29 +2229,11 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and which - * is not specified for the message in which it appears, it MUST abort the - * handshake with an "illegal_parameter" alert. - */ - extension_mask = mbedtls_tls13_get_extension_mask( extension_type ); - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "encrypted extensions : received %s(%u) extension", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extension_mask & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "forbidden extension received." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - extensions_present |= extension_mask; + ret = mbedtls_tls13_check_received_extensions( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ); + if( ret != 0 ) + return( ret ); switch( extension_type ) { @@ -2280,7 +2258,9 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "CertificateRequest", extensions_present ); + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, + MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + ssl->handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2290,11 +2270,11 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, goto decode_error; } - /* RFC 8446 page 60 + /* RFC 8446 section 4.3.2 * * The "signature_algorithms" extension MUST be specified */ - if( ( extensions_present & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) + if( ( ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); @@ -2535,16 +2515,15 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *end ) { const unsigned char *p = buf; - uint32_t extensions_present; - ((void) ssl); - extensions_present = MBEDTLS_SSL_EXT_NONE; + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < end ) { unsigned int extension_type; size_t extension_data_len; + int ret; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2553,26 +2532,11 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and which - * is not specified for the message in which it appears, it MUST abort the - * handshake with an "illegal_parameter" alert. - */ - extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "NewSessionTicket : received %s(%u) extension", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "forbidden extension received." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + ret = mbedtls_tls13_check_received_extensions( + ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); + if( ret != 0 ) + return( ret ); switch( extension_type ) { @@ -2591,7 +2555,8 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "NewSessionTicket", extensions_present ); + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->received_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5eac1f1b14..7b66be1c73 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -448,7 +448,6 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, { size_t cert_data_len, extensions_len; const unsigned char *extensions_end; - uint32_t extensions_present; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 ); cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 ); @@ -508,7 +507,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); extensions_end = p + extensions_len; - extensions_present = MBEDTLS_SSL_EXT_NONE; + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -528,26 +527,12 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and - * which is not specified for the message in which it appears, it MUST - * abort the handshake with an "illegal_parameter" alert. - */ - extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "encrypted extensions : received %s(%u) extension", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "forbidden extension received." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + ret = mbedtls_tls13_check_received_extensions( + ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { default: @@ -561,7 +546,8 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "Certificate", extensions_present ); + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->received_extensions ); } exit: @@ -1691,9 +1677,31 @@ const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) return( "unknown" ); } +static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type ) +{ + switch( hs_msg_type ) + { + case MBEDTLS_SSL_HS_CLIENT_HELLO: + return( "ClientHello" ); + case MBEDTLS_SSL_HS_SERVER_HELLO: + return( "ServerHello" ); + case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. + return( "HelloRetryRequest" ); + case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: + return( "NewSessionTicket" ); + case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: + return( "EncryptedExtensions" ); + case MBEDTLS_SSL_HS_CERTIFICATE: + return( "Certificate" ); + case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: + return( "CertificateRequest" ); + } + return( NULL ); +} + void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, int level, const char *file, int line, - const char *hs_msg_name, + int hs_msg_type, uint32_t extensions_present ) { static const struct{ @@ -1724,7 +1732,8 @@ void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } }; mbedtls_debug_print_msg( ssl, level, file, line, - "extension list of %s:", hs_msg_name ); + "extension list of %s:", + ssl_tls13_get_hs_msg_name( hs_msg_type ) ); for( unsigned i = 0; i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] ); @@ -1742,4 +1751,63 @@ void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, #endif /* MBEDTLS_DEBUG_C */ +/* RFC 8446 section 4.2 + * + * If an implementation receives an extension which it recognizes and which is + * not specified for the message in which it appears, it MUST abort the handshake + * with an "illegal_parameter" alert. + * + */ + +int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, + int hs_msg_type, + uint32_t extension_type, + uint32_t allowed_mask ) +{ + uint32_t extension_mask; + +#if defined(MBEDTLS_DEBUG_C) + const char *hs_msg_name = ssl_tls13_get_hs_msg_name( hs_msg_type ); +#endif + + extension_mask = mbedtls_tls13_get_extension_mask( extension_type ); + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "%s : received %s(%x) extension", + hs_msg_name, + mbedtls_tls13_get_extension_name( extension_type ), + (unsigned int)extension_type ) ); + + if( ( extension_mask & allowed_mask ) == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "%s : forbidden extension received.", hs_msg_name ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + ssl->handshake->received_extensions |= extension_mask; + switch( hs_msg_type ) + { + case MBEDTLS_SSL_HS_SERVER_HELLO: + case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. + case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: + case MBEDTLS_SSL_HS_CERTIFICATE: + if( ( ~ssl->handshake->sent_extensions & extension_mask ) == 0 ) + return( 0 ); + break; + default: + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "%s : forbidden extension received.", hs_msg_name ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); +} + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 32f64d73c9..4fdd6ade8e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -930,7 +930,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, int exts_mask ) { - int masked = ssl->handshake->extensions_present & exts_mask; + int masked = ssl->handshake->received_extensions & exts_mask; return( masked == exts_mask ); } @@ -1239,7 +1239,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *cipher_suites_end; size_t extensions_len; const unsigned char *extensions_end; - uint32_t extensions_present; int hrr_required = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1248,8 +1247,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *pre_shared_key_ext_end = NULL; #endif - extensions_present = MBEDTLS_SSL_EXT_NONE; - /* * ClientHello layout: * 0 . 1 protocol version @@ -1419,20 +1416,23 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len ); + ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + while( p < extensions_end ) { unsigned int extension_type; size_t extension_data_len; const unsigned char *extension_data_end; - /* RFC 8446, page 57 + /* RFC 8446, section 4.2.11 * * The "pre_shared_key" extension MUST be the last extension in the * ClientHello (this facilitates implementation as described below). * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) + if( ssl->handshake->received_extensions & + mbedtls_tls13_get_extension_mask( MBEDTLS_TLS_EXT_PRE_SHARED_KEY ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); @@ -1450,26 +1450,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - /* RFC 8446 page 35 - * - * If an implementation receives an extension which it recognizes and which - * is not specified for the message in which it appears, it MUST abort the - * handshake with an "illegal_parameter" alert. - */ - extensions_present |= mbedtls_tls13_get_extension_mask( extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello : received %s(%u) extension", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); - if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "forbidden extension received." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + ret = mbedtls_tls13_check_received_extensions( + ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); + if( ret != 0 ) + return( ret ); switch( extension_type ) { @@ -1569,7 +1554,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( ( extensions_present & + if( ( ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( @@ -1622,26 +1607,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ( "client hello: received %s(%u) extension ( ignored )", mbedtls_tls13_get_extension_name( extension_type ), extension_type ) ); + break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "ClientHello", extensions_present ); - - /* RFC 8446 page 102 - * - "supported_versions" is REQUIRED for all ClientHello, ServerHello, and - * HelloRetryRequest messages. - */ - if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "client hello: supported_versions not found" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + MBEDTLS_SSL_TLS1_3_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -1655,7 +1628,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) + ( ssl->handshake->received_extensions & + MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) { ssl->handshake->update_checksum( ssl, buf, pre_shared_key_ext - buf ); @@ -1666,7 +1640,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + ssl->handshake->received_extensions &= + ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; } else if( ret != 0 ) { @@ -1681,7 +1656,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum( ssl, buf, p - buf ); } - ssl->handshake->extensions_present = extensions_present; ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); From 03112ae0228e2031eb01c8fc70a0df371ddb2191 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 30 Aug 2022 16:27:17 +0800 Subject: [PATCH 13/33] change input extension_type Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls13_generic.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b7f1440bb8..dad1c82a12 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1929,7 +1929,7 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) * Helper functions for extensions checking and convert. */ -uint32_t mbedtls_tls13_get_extension_mask( uint16_t extension_type ); +uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7b66be1c73..2fbcdf063c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1528,7 +1528,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ -uint32_t mbedtls_tls13_get_extension_mask( uint16_t extension_type ) +uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ) { switch( extension_type ) { From c4bf5d658e47f6b0d6b73e4ab851a074b92681ae Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Oct 2022 09:08:47 +0800 Subject: [PATCH 14/33] fix various issues - Signature of - mbedtls_tls13_set_hs_sent_ext_mask - check_received_extension and issues - Also fix comment issue. - improve readablity. Signed-off-by: Jerry Yu --- library/ssl_client.c | 9 ++---- library/ssl_misc.h | 24 ++++++++------- library/ssl_tls.c | 3 +- library/ssl_tls13_client.c | 58 +++++++++++++++---------------------- library/ssl_tls13_generic.c | 50 +++++++++++++++++--------------- library/ssl_tls13_server.c | 34 ++++++++++------------ 6 files changed, 84 insertions(+), 94 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index b0d2dcf3ca..16cef0204a 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -107,8 +107,7 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, *olen = hostname_len + 9; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SERVERNAME ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -186,8 +185,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_ALPN ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -312,8 +310,7 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ) ) ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dad1c82a12..3aeab0cd84 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,11 +103,12 @@ #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) -/* For request messages, we should just ignore unrecognized extension when - * parsing messages. For response messages, we should not ignore unrecognized - * extension when parsing messages. Request messages include ClientHello, - * Certificate and NewSessionTicket. Response messages include ServerHello, - * EncryptExtensions, Certificate and HelloRetryRequest. +/* In messages containing extension requests, we should ignore unrecognized + * extensions. In messages containing extension responses, unrecognized + * extensions should result in handshake abortion. Messages containing + * extension requests include ClientHello, CertificateRequest and + * NewSessionTicket. Messages containing extension responses include + * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate. * * RFC 8446 section 4.1.3 * @@ -1932,13 +1933,14 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, - int hs_msg_type, - uint32_t extension_type, - uint32_t allowed_mask ); +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ); -static inline void mbedtls_tls13_set_sent_ext_mask( mbedtls_ssl_context *ssl, - uint16_t extension_type ) +static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( + mbedtls_ssl_context *ssl, unsigned int extension_type ) { ssl->handshake->sent_extensions |= mbedtls_tls13_get_extension_mask( extension_type ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9947d39d82..3678ec0bd6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8713,8 +8713,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SIG_ALG ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c29b90ee33..27747a2097 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -89,8 +89,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, } *out_len = 5 + versions_len; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -365,8 +365,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_KEY_SHARE ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", @@ -612,8 +611,7 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, *out_len = handshake->hrr_cookie_len + 6; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_COOKIE ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -688,8 +686,8 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -1059,8 +1057,8 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf ); - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -1668,7 +1666,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; allowed_extensions_mask = is_hrr ? MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; @@ -1687,7 +1685,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, @@ -1766,7 +1764,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, - ssl->handshake->received_extensions ); + handshake->received_extensions ); cleanup: @@ -1999,6 +1997,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, size_t extensions_len; const unsigned char *p = buf; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2008,7 +2007,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -2028,7 +2027,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ); if( ret != 0 ) @@ -2036,16 +2035,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, switch( extension_type ) { - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) ); - - /* The server_name extension should be an empty extension */ - - break; - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) ); - break; - #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); @@ -2069,7 +2058,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2176,6 +2165,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, size_t certificate_request_context_len = 0; size_t extensions_len = 0; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; /* ... * opaque certificate_request_context<0..2^8-1> @@ -2191,7 +2181,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context", p, certificate_request_context_len ); - mbedtls_ssl_handshake_params *handshake = ssl->handshake; handshake->certificate_request_context = mbedtls_calloc( 1, certificate_request_context_len ); if( handshake->certificate_request_context == NULL ) @@ -2215,7 +2204,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -2229,7 +2218,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ); if( ret != 0 ) @@ -2260,7 +2249,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2274,7 +2263,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, * * The "signature_algorithms" extension MUST be specified */ - if( ( ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); @@ -2514,10 +2503,11 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { + mbedtls_ssl_handshake_params *handshake = ssl->handshake; const unsigned char *p = buf; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < end ) { @@ -2532,7 +2522,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); if( ret != 0 ) @@ -2556,7 +2546,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, handshake->received_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2fbcdf063c..21644ede43 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -398,6 +398,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, size_t certificate_list_len = 0; const unsigned char *p = buf; const unsigned char *certificate_list_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); certificate_request_context_len = p[0]; @@ -507,7 +508,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -527,9 +528,9 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); if( ret != 0 ) return( ret ); @@ -547,7 +548,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_CERTIFICATE, handshake->received_extensions ); } exit: @@ -555,7 +556,7 @@ exit: if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } @@ -1759,43 +1760,46 @@ void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, * */ -int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, - int hs_msg_type, - uint32_t extension_type, - uint32_t allowed_mask ) +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ) { - uint32_t extension_mask; - #if defined(MBEDTLS_DEBUG_C) const char *hs_msg_name = ssl_tls13_get_hs_msg_name( hs_msg_type ); #endif - - extension_mask = mbedtls_tls13_get_extension_mask( extension_type ); + uint32_t extension_mask = mbedtls_tls13_get_extension_mask( received_extension_type ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s : received %s(%x) extension", hs_msg_name, - mbedtls_tls13_get_extension_name( extension_type ), - (unsigned int)extension_type ) ); + mbedtls_tls13_get_extension_name( received_extension_type ), + (unsigned int)received_extension_type ) ); - if( ( extension_mask & allowed_mask ) == 0 ) + if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s : forbidden extension received.", hs_msg_name ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } ssl->handshake->received_extensions |= extension_mask; + /* + * If it is a message containing extension responses, check that we + * previously sent the extension. + */ switch( hs_msg_type ) { case MBEDTLS_SSL_HS_SERVER_HELLO: case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: case MBEDTLS_SSL_HS_CERTIFICATE: - if( ( ~ssl->handshake->sent_extensions & extension_mask ) == 0 ) + /* Check if the received extension is sent by peer message.*/ + if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 ) return( 0 ); break; default: @@ -1803,11 +1807,11 @@ int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_MSG( - 3, ( "%s : forbidden extension received.", hs_msg_name ) ); + 3, ( "%s : unexpected extension received.", hs_msg_name ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4fdd6ade8e..f0f06b81a7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1239,6 +1239,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *cipher_suites_end; size_t extensions_len; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; int hrr_required = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1304,7 +1305,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); - memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; /* ... @@ -1374,13 +1375,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, continue; ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; + handshake->ciphersuite_info = ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", cipher_suite, ciphersuite_info->name ) ); } - if( ssl->handshake->ciphersuite_info == NULL ) + if( handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); @@ -1416,7 +1417,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len ); - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -1431,8 +1432,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( ssl->handshake->received_extensions & - mbedtls_tls13_get_extension_mask( MBEDTLS_TLS_EXT_PRE_SHARED_KEY ) ) + if( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); @@ -1450,7 +1450,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); if( ret != 0 ) @@ -1554,13 +1554,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( ( ssl->handshake->received_extensions & + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Delay processing of the PSK identity once we have @@ -1614,7 +1614,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -1628,10 +1628,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( ssl->handshake->received_extensions & - MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) + ( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) { - ssl->handshake->update_checksum( ssl, buf, + handshake->update_checksum( ssl, buf, pre_shared_key_ext - buf ); ret = ssl_tls13_parse_pre_shared_key_ext( ssl, pre_shared_key_ext, @@ -1640,8 +1639,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - ssl->handshake->received_extensions &= - ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + handshake->received_extensions &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; } else if( ret != 0 ) { @@ -1653,14 +1651,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, else #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ { - ssl->handshake->update_checksum( ssl, buf, p - buf ); + handshake->update_checksum( ssl, buf, p - buf ); } ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); - mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info ); return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); } From 7a485c1fdf02b6370c1a96eec44700243c31dcee Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 13:08:18 +0800 Subject: [PATCH 15/33] Add ext id and utilities - Remove `MBEDTLS_SSL_EXT_*` - Add macros and functions for translating iana identifer. - Add internal identity for extension Signed-off-by: Jerry Yu --- library/ssl_misc.h | 67 +++++++++++++++----------- library/ssl_tls.c | 95 +++++++++++++++++++++++++++++++++++++ library/ssl_tls13_generic.c | 74 ----------------------------- 3 files changed, 134 insertions(+), 102 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 3aeab0cd84..8bd98b3c44 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -75,33 +75,46 @@ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ /* - * Mask of TLS 1.3 handshake extensions used in extensions_present - * of mbedtls_ssl_handshake_params. + * Inernal identity of handshake extensions */ -#define MBEDTLS_SSL_EXT_NONE 0 +#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 +#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 +#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1 +#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2 +#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4 +#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5 +#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6 +#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7 +#define MBEDTLS_SSL_EXT_ID_ALPN 8 +#define MBEDTLS_SSL_EXT_ID_SCT 9 +#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10 +#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11 +#define MBEDTLS_SSL_EXT_ID_PADDING 12 +#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13 +#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15 +#define MBEDTLS_SSL_EXT_ID_COOKIE 16 +#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17 +#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18 +#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19 +#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20 +#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21 +#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22 +#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24 +#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25 +#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26 +#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27 -#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 ) -#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 ) -#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) -#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 ) -#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 ) -#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) -#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) -#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) -#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 ) -#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 ) -#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) -#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) -#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 ) -#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 ) -#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 ) -#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 ) -#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 ) -#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 ) -#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) -#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) +/* Utility for translating IANA extension type. */ +uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type ); +uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); +/* Macros used to define mask constants */ +#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) ) +/* Reset value of extension mask */ +#define MBEDTLS_SSL_EXT_MASK_NONE 0 /* In messages containing extension requests, we should ignore unrecognized * extensions. In messages containing extension responses, unrecognized @@ -1930,8 +1943,6 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) * Helper functions for extensions checking and convert. */ -uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ); - MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_check_received_extension( mbedtls_ssl_context *ssl, @@ -1943,7 +1954,7 @@ static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( mbedtls_ssl_context *ssl, unsigned int extension_type ) { ssl->handshake->sent_extensions |= - mbedtls_tls13_get_extension_mask( extension_type ); + mbedtls_ssl_get_extension_mask( extension_type ); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3678ec0bd6..b3210c4155 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -521,6 +521,101 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( MBEDTLS_SSL_EXT_ID_SERVERNAME ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( MBEDTLS_SSL_EXT_ID_SIG_ALG ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( MBEDTLS_SSL_EXT_ID_USE_SRTP ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( MBEDTLS_SSL_EXT_ID_HEARTBEAT ); + + case MBEDTLS_TLS_EXT_ALPN: + return( MBEDTLS_SSL_EXT_ID_ALPN ); + + case MBEDTLS_TLS_EXT_SCT: + return( MBEDTLS_SSL_EXT_ID_SCT ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_PADDING: + return( MBEDTLS_SSL_EXT_ID_PADDING ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( MBEDTLS_SSL_EXT_ID_EARLY_DATA ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( MBEDTLS_SSL_EXT_ID_COOKIE ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( MBEDTLS_SSL_EXT_ID_CERT_AUTH ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( MBEDTLS_SSL_EXT_ID_OID_FILTERS ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( MBEDTLS_SSL_EXT_ID_KEY_SHARE ); + + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC ); + + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS ); + + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC ); + + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET ); + + case MBEDTLS_TLS_EXT_SESSION_TICKET: + return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET ); + + } + + return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED ); +} + +uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ) +{ + return( 1 << mbedtls_ssl_get_extension_id( extension_type ) ); +} + void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 21644ede43..a52b4ca696 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1529,80 +1529,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ -uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ) -{ - switch( extension_type ) - { - case MBEDTLS_TLS_EXT_SERVERNAME: - return( MBEDTLS_SSL_EXT_SERVERNAME ); - - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - return( MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ); - - case MBEDTLS_TLS_EXT_STATUS_REQUEST: - return( MBEDTLS_SSL_EXT_STATUS_REQUEST ); - - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - return( MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ); - - case MBEDTLS_TLS_EXT_SIG_ALG: - return( MBEDTLS_SSL_EXT_SIG_ALG ); - - case MBEDTLS_TLS_EXT_USE_SRTP: - return( MBEDTLS_SSL_EXT_USE_SRTP ); - - case MBEDTLS_TLS_EXT_HEARTBEAT: - return( MBEDTLS_SSL_EXT_HEARTBEAT ); - - case MBEDTLS_TLS_EXT_ALPN: - return( MBEDTLS_SSL_EXT_ALPN ); - - case MBEDTLS_TLS_EXT_SCT: - return( MBEDTLS_SSL_EXT_SCT ); - - case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: - return( MBEDTLS_SSL_EXT_CLI_CERT_TYPE ); - - case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: - return( MBEDTLS_SSL_EXT_SERV_CERT_TYPE ); - - case MBEDTLS_TLS_EXT_PADDING: - return( MBEDTLS_SSL_EXT_PADDING ); - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - return( MBEDTLS_SSL_EXT_PRE_SHARED_KEY ); - - case MBEDTLS_TLS_EXT_EARLY_DATA: - return( MBEDTLS_SSL_EXT_EARLY_DATA ); - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - return( MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ); - - case MBEDTLS_TLS_EXT_COOKIE: - return( MBEDTLS_SSL_EXT_COOKIE ); - - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - return( MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ); - - case MBEDTLS_TLS_EXT_CERT_AUTH: - return( MBEDTLS_SSL_EXT_CERT_AUTH ); - - case MBEDTLS_TLS_EXT_OID_FILTERS: - return( MBEDTLS_SSL_EXT_OID_FILTERS ); - - case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: - return( MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ); - - case MBEDTLS_TLS_EXT_SIG_ALG_CERT: - return( MBEDTLS_SSL_EXT_SIG_ALG_CERT ); - - case MBEDTLS_TLS_EXT_KEY_SHARE: - return( MBEDTLS_SSL_EXT_KEY_SHARE ); - }; - - return( MBEDTLS_SSL_EXT_UNRECOGNIZED ); -} - #if defined(MBEDTLS_DEBUG_C) const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) { From df0ad658a30e1a6a613852522fe322582666b49a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 13:20:57 +0800 Subject: [PATCH 16/33] tls13: Add allowed extesions constants. - And refactor check_received_extension Signed-off-by: Jerry Yu --- library/ssl_misc.h | 105 +++++++++++++++++++----------------- library/ssl_tls13_generic.c | 25 ++++----- 2 files changed, 66 insertions(+), 64 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8bd98b3c44..8ffdccb378 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -134,76 +134,83 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); * not specified for the message in which it appears, it MUST abort the handshake * with an "illegal_parameter" alert. */ -#define MBEDTLS_SSL_EXT_UNRECOGNIZED ( 1U << 31 ) + +/* Extensions that not recognized by TLS 1.3 */ +#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED \ + ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \ + MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \ + MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \ + MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \ + MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) ) /* RFC 8446 section 4.2. Allowed extensions for ClienHello */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ - ( MBEDTLS_SSL_EXT_SERVERNAME | \ - MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ - MBEDTLS_SSL_EXT_STATUS_REQUEST | \ - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | \ - MBEDTLS_SSL_EXT_SIG_ALG | \ - MBEDTLS_SSL_EXT_USE_SRTP | \ - MBEDTLS_SSL_EXT_HEARTBEAT | \ - MBEDTLS_SSL_EXT_ALPN | \ - MBEDTLS_SSL_EXT_SCT | \ - MBEDTLS_SSL_EXT_CLI_CERT_TYPE | \ - MBEDTLS_SSL_EXT_SERV_CERT_TYPE | \ - MBEDTLS_SSL_EXT_PADDING | \ - MBEDTLS_SSL_EXT_KEY_SHARE | \ - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | \ - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES | \ - MBEDTLS_SSL_EXT_EARLY_DATA | \ - MBEDTLS_SSL_EXT_COOKIE | \ - MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS | \ - MBEDTLS_SSL_EXT_CERT_AUTH | \ - MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH | \ - MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \ + MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \ + MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \ + MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \ + MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \ + MBEDTLS_SSL_EXT_MASK( ALPN ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) | \ + MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( PADDING ) | \ + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \ + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) | \ + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \ + MBEDTLS_SSL_EXT_MASK( COOKIE ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) | \ + MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) /* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ - ( MBEDTLS_SSL_EXT_SERVERNAME | \ - MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH | \ - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | \ - MBEDTLS_SSL_EXT_USE_SRTP | \ - MBEDTLS_SSL_EXT_HEARTBEAT | \ - MBEDTLS_SSL_EXT_ALPN | \ - MBEDTLS_SSL_EXT_CLI_CERT_TYPE | \ - MBEDTLS_SSL_EXT_SERV_CERT_TYPE | \ - MBEDTLS_SSL_EXT_EARLY_DATA ) + ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \ + MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \ + MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \ + MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \ + MBEDTLS_SSL_EXT_MASK( ALPN ) | \ + MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) /* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ - ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ - MBEDTLS_SSL_EXT_SIG_ALG | \ - MBEDTLS_SSL_EXT_SCT | \ - MBEDTLS_SSL_EXT_CERT_AUTH | \ - MBEDTLS_SSL_EXT_OID_FILTERS | \ - MBEDTLS_SSL_EXT_SIG_ALG_CERT | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) | \ + MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) /* RFC 8446 section 4.2. Allowed extensions for Certificate */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ - ( MBEDTLS_SSL_EXT_STATUS_REQUEST | \ - MBEDTLS_SSL_EXT_SCT ) + ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) ) /* RFC 8446 section 4.2. Allowed extensions for ServerHello */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ - ( MBEDTLS_SSL_EXT_KEY_SHARE | \ - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | \ - MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) + ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) ) /* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ - ( MBEDTLS_SSL_EXT_KEY_SHARE | \ - MBEDTLS_SSL_EXT_COOKIE | \ - MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) + ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( COOKIE ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) ) /* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ - ( MBEDTLS_SSL_EXT_EARLY_DATA | \ - MBEDTLS_SSL_EXT_UNRECOGNIZED ) + ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) /* * Helper macros for function call with return check. diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a52b4ca696..1bbd7f033b 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1685,28 +1685,22 @@ void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, * with an "illegal_parameter" alert. * */ - int mbedtls_ssl_tls13_check_received_extension( mbedtls_ssl_context *ssl, int hs_msg_type, unsigned int received_extension_type, uint32_t hs_msg_allowed_extensions_mask ) { -#if defined(MBEDTLS_DEBUG_C) - const char *hs_msg_name = ssl_tls13_get_hs_msg_name( hs_msg_type ); -#endif - uint32_t extension_mask = mbedtls_tls13_get_extension_mask( received_extension_type ); + uint32_t extension_mask = mbedtls_ssl_get_extension_mask( + received_extension_type ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "%s : received %s(%x) extension", - hs_msg_name, - mbedtls_tls13_get_extension_name( received_extension_type ), - (unsigned int)received_extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, hs_msg_type, received_extension_type, "received" ); if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "%s : forbidden extension received.", hs_msg_name ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, hs_msg_type, received_extension_type, "is illegal" ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); @@ -1721,7 +1715,7 @@ int mbedtls_ssl_tls13_check_received_extension( switch( hs_msg_type ) { case MBEDTLS_SSL_HS_SERVER_HELLO: - case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. + case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: case MBEDTLS_SSL_HS_CERTIFICATE: /* Check if the received extension is sent by peer message.*/ @@ -1732,8 +1726,8 @@ int mbedtls_ssl_tls13_check_received_extension( return( 0 ); } - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "%s : unexpected extension received.", hs_msg_name ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, hs_msg_type, received_extension_type, "is unsupported" ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); @@ -1741,3 +1735,4 @@ int mbedtls_ssl_tls13_check_received_extension( } #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ + From d25cab0327d40e05f5bd9ea84fb5cc61f820cdd8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 12:48:30 +0800 Subject: [PATCH 17/33] Refactor debug helpers for exts and hs message Signed-off-by: Jerry Yu --- library/ssl_debug_helpers.h | 46 +++++++---- library/ssl_misc.h | 3 + library/ssl_tls.c | 146 +++++++++++++++++++++++++++++++++++ library/ssl_tls13_generic.c | 149 ------------------------------------ 4 files changed, 180 insertions(+), 164 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 6b97bc6523..8fce87a985 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -43,27 +43,43 @@ const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ); const char *mbedtls_ssl_named_group_to_str( uint16_t in ); -#endif /* MBEDTLS_DEBUG_C */ +const char *mbedtls_ssl_get_extension_name( unsigned int extension_type ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_DEBUG_C) +void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, uint32_t extensions_mask, + const char *extra ); -const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ); +void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, + unsigned int extension_type, + const char *extra_msg0, + const char *extra_msg1 ); -void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, - uint32_t extensions_present ); +#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) \ + mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, \ + ssl->handshake->sent_extensions, \ + "sent" ) -#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_type, extensions_present ) \ - mbedtls_ssl_tls13_print_extensions( \ - ssl, level, __FILE__, __LINE__, hs_msg_type, extensions_present ) +#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) \ + mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, \ + ssl->handshake->received_extensions, \ + "received" ) + +#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra ) \ + mbedtls_ssl_print_extension_type( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, extension_type, extra, NULL ) #else -#define MBEDTLS_SSL_TLS1_3_PRINT_EXTS( level, hs_msg_name, extensions_present ) +#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) -#endif +#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra ) -#endif /* SSL_DEBUG_HELPERS_H */ +#endif /* MBEDTLS_DEBUG_C */ + +#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8ffdccb378..7c32969b2b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -74,6 +74,9 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ +/* Faked handshake message identity for HelloRetryRequest. */ +#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO ) + /* * Inernal identity of handshake extensions */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b3210c4155..7bc0a0cd5b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -616,6 +616,152 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ) return( 1 << mbedtls_ssl_get_extension_id( extension_type ) ); } +#if defined(MBEDTLS_DEBUG_C) +static const char *extension_name_table[] = { + [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unreognized", + [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name", + [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length", + [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups", + [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms", + [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp", + [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat", + [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation", + [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp", + [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type", + [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type", + [MBEDTLS_SSL_EXT_ID_PADDING] = "padding", + [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key", + [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions", + [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie", + [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes", + [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities", + [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters", + [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth", + [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert", + [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share", + [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats", + [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac", + [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret", + [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket" +}; + +static unsigned int extension_type_tbl[]={ + [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, + [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, + [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, + [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, + [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG, + [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP, + [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT, + [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN, + [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT, + [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE, + [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE, + [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING, + [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY, + [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, + [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE, + [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, + [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH, + [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS, + [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH, + [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT, + [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE, + [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, + [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, + [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, + [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET +}; + +const char *mbedtls_ssl_get_extension_name( unsigned int extension_type ) +{ + return( extension_name_table[ + mbedtls_ssl_get_extension_id( extension_type ) ] ); +} + +static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type ) +{ + switch( hs_msg_type ) + { + case MBEDTLS_SSL_HS_CLIENT_HELLO: + return( "ClientHello" ); + case MBEDTLS_SSL_HS_SERVER_HELLO: + return( "ServerHello" ); + case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: + return( "HelloRetryRequest" ); + case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: + return( "NewSessionTicket" ); + case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: + return( "EncryptedExtensions" ); + case MBEDTLS_SSL_HS_CERTIFICATE: + return( "Certificate" ); + case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: + return( "CertificateRequest" ); + } + return( NULL ); +} + +void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, + unsigned int extension_type, + const char *extra_msg0, + const char *extra_msg1 ) +{ + const char *extra_msg; + if( extra_msg0 && extra_msg1 ) + { + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension %s %s.", + ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), + extension_type, + extra_msg0, extra_msg1 ); + return; + } + + extra_msg = extra_msg0 ? extra_msg0 : extra_msg1; + if( extra_msg ) + { + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), extension_type, + extra_msg ); + return; + } + + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), extension_type ); +} + +void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, uint32_t extensions_mask, + const char *extra ) +{ + + for( unsigned i = 0; + i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] ); + i++ ) + { + mbedtls_ssl_print_extension_type( + ssl, level, file, line, hs_msg_type, extension_type_tbl[i], + extensions_mask & ( 1 << i ) ? "was" : "was not", extra ); + } +} + +#endif /* MBEDTLS_DEBUG_C */ + void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1bbd7f033b..a94bbef283 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1529,155 +1529,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ -#if defined(MBEDTLS_DEBUG_C) -const char *mbedtls_tls13_get_extension_name( uint16_t extension_type ) -{ - switch( extension_type ) - { - case MBEDTLS_TLS_EXT_SERVERNAME: - return( "server_name" ); - - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - return( "max_fragment_length" ); - - case MBEDTLS_TLS_EXT_STATUS_REQUEST: - return( "status_request" ); - - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - return( "supported_groups" ); - - case MBEDTLS_TLS_EXT_SIG_ALG: - return( "signature_algorithms" ); - - case MBEDTLS_TLS_EXT_USE_SRTP: - return( "use_srtp" ); - - case MBEDTLS_TLS_EXT_HEARTBEAT: - return( "heartbeat" ); - - case MBEDTLS_TLS_EXT_ALPN: - return( "application_layer_protocol_negotiation" ); - - case MBEDTLS_TLS_EXT_SCT: - return( "signed_certificate_timestamp" ); - - case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: - return( "client_certificate_type" ); - - case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: - return( "server_certificate_type" ); - - case MBEDTLS_TLS_EXT_PADDING: - return( "padding" ); - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - return( "pre_shared_key" ); - - case MBEDTLS_TLS_EXT_EARLY_DATA: - return( "early_data" ); - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - return( "supported_versions" ); - - case MBEDTLS_TLS_EXT_COOKIE: - return( "cookie" ); - - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - return( "psk_key_exchange_modes" ); - - case MBEDTLS_TLS_EXT_CERT_AUTH: - return( "certificate_authorities" ); - - case MBEDTLS_TLS_EXT_OID_FILTERS: - return( "oid_filters" ); - - case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: - return( "post_handshake_auth" ); - - case MBEDTLS_TLS_EXT_SIG_ALG_CERT: - return( "signature_algorithms_cert" ); - - case MBEDTLS_TLS_EXT_KEY_SHARE: - return( "key_share" ); - }; - - return( "unknown" ); -} - -static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type ) -{ - switch( hs_msg_type ) - { - case MBEDTLS_SSL_HS_CLIENT_HELLO: - return( "ClientHello" ); - case MBEDTLS_SSL_HS_SERVER_HELLO: - return( "ServerHello" ); - case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. - return( "HelloRetryRequest" ); - case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: - return( "NewSessionTicket" ); - case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: - return( "EncryptedExtensions" ); - case MBEDTLS_SSL_HS_CERTIFICATE: - return( "Certificate" ); - case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: - return( "CertificateRequest" ); - } - return( NULL ); -} - -void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, - uint32_t extensions_present ) -{ - static const struct{ - uint32_t extension_mask; - const char *extension_name; - } mask_to_str_table[] = { - { MBEDTLS_SSL_EXT_SERVERNAME, "server_name" }, - { MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH, "max_fragment_length" }, - { MBEDTLS_SSL_EXT_STATUS_REQUEST, "status_request" }, - { MBEDTLS_SSL_EXT_SUPPORTED_GROUPS, "supported_groups" }, - { MBEDTLS_SSL_EXT_SIG_ALG, "signature_algorithms" }, - { MBEDTLS_SSL_EXT_USE_SRTP, "use_srtp" }, - { MBEDTLS_SSL_EXT_HEARTBEAT, "heartbeat" }, - { MBEDTLS_SSL_EXT_ALPN, "application_layer_protocol_negotiation" }, - { MBEDTLS_SSL_EXT_SCT, "signed_certificate_timestamp" }, - { MBEDTLS_SSL_EXT_CLI_CERT_TYPE, "client_certificate_type" }, - { MBEDTLS_SSL_EXT_SERV_CERT_TYPE, "server_certificate_type" }, - { MBEDTLS_SSL_EXT_PADDING, "padding" }, - { MBEDTLS_SSL_EXT_PRE_SHARED_KEY, "pre_shared_key" }, - { MBEDTLS_SSL_EXT_EARLY_DATA, "early_data" }, - { MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS, "supported_versions" }, - { MBEDTLS_SSL_EXT_COOKIE, "cookie" }, - { MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, - { MBEDTLS_SSL_EXT_CERT_AUTH, "certificate_authorities" }, - { MBEDTLS_SSL_EXT_OID_FILTERS, "oid_filters" }, - { MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" }, - { MBEDTLS_SSL_EXT_SIG_ALG_CERT, "signature_algorithms_cert" }, - { MBEDTLS_SSL_EXT_KEY_SHARE, "key_share" } }; - - mbedtls_debug_print_msg( ssl, level, file, line, - "extension list of %s:", - ssl_tls13_get_hs_msg_name( hs_msg_type ) ); - - for( unsigned i = 0; - i < sizeof( mask_to_str_table ) / sizeof( mask_to_str_table[0] ); - i++ ) - { - const char *extension_name = mask_to_str_table[i].extension_name; - uint32_t is_present = extensions_present & - mask_to_str_table[i].extension_mask; - - mbedtls_debug_print_msg( ssl, level, file, line, - "- %s extension ( %s )", extension_name, - is_present ? "true" : "false" ); - } -} - -#endif /* MBEDTLS_DEBUG_C */ - /* RFC 8446 section 4.2 * * If an implementation receives an extension which it recognizes and which is From 4b8f2f72668270e46b475c697565df0bbb305876 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 13:31:22 +0800 Subject: [PATCH 18/33] Refactor sent extension message output Signed-off-by: Jerry Yu --- library/ssl_client.c | 18 ++++++------------ library/ssl_tls.c | 4 ---- library/ssl_tls13_client.c | 26 ++++---------------------- library/ssl_tls13_generic.c | 2 ++ library/ssl_tls13_server.c | 10 ++++++++++ 5 files changed, 22 insertions(+), 38 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 16cef0204a..1c5b447fe0 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -108,10 +108,6 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_SERVERNAME ) ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } @@ -186,10 +182,6 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_ALPN ) ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } @@ -310,10 +302,8 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); - MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ) ) ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); @@ -684,6 +674,10 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, p_extensions_len, extensions_len ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO ); +#endif + *out_len = p - buf; return( 0 ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7bc0a0cd5b..04d2ef440b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8955,10 +8955,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_SIG_ALG ) ) ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 27747a2097..54101cb344 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -89,12 +89,10 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, } *out_len = 5 + versions_len; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) ) ); + return( 0 ); } @@ -366,11 +364,6 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_KEY_SHARE ) ) ); cleanup: @@ -610,12 +603,8 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, *out_len = handshake->hrr_cookie_len + 6; - mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_COOKIE ) ) ); + return( 0 ); } @@ -688,10 +677,7 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ) ) ); + return ( 0 ); } @@ -1059,10 +1045,6 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); - MBEDTLS_SSL_DEBUG_MSG( - 4, ( "sent %s extension", - mbedtls_tls13_get_extension_name( - MBEDTLS_TLS_EXT_PRE_SHARED_KEY ) ) ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a94bbef283..1a17372837 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -887,6 +887,8 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, *out_len = p - buf; + MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE ); + return( 0 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f0f06b81a7..0239090f35 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2128,6 +2128,10 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len ); + MBEDTLS_SSL_PRINT_SENT_EXTS( + 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : + MBEDTLS_SSL_HS_SERVER_HELLO ); + return( ret ); } @@ -2312,6 +2316,8 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len ); + MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS ); + return( 0 ); } @@ -2441,6 +2447,8 @@ static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl, *out_len = p - buf; + MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); + return( 0 ); } @@ -2834,6 +2842,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); + MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET ); + return( 0 ); } From 63a459cde5995c1909d873c707fae8fef09e8e37 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 13:38:40 +0800 Subject: [PATCH 19/33] Refactor client_hello parser and writer Signed-off-by: Jerry Yu --- library/ssl_client.c | 2 +- library/ssl_tls13_server.c | 42 ++++++++++++++++++-------------------- 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 1c5b447fe0..ebf0fa701e 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -564,7 +564,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* Keeping track of the included extensions */ - handshake->sent_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; #endif /* First write extensions, then the total length */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0239090f35..607347d730 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -940,9 +940,9 @@ static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | - MBEDTLS_SSL_EXT_KEY_SHARE | - MBEDTLS_SSL_EXT_SIG_ALG ) ); + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) ); } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -952,8 +952,8 @@ static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) ); + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } MBEDTLS_CHECK_RETURN_CRITICAL @@ -962,10 +962,10 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | - MBEDTLS_SSL_EXT_KEY_SHARE | - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) ); + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ @@ -1417,7 +1417,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len ); - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < extensions_end ) { @@ -1432,7 +1432,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) + if( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); @@ -1555,7 +1555,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); if( ( handshake->received_extensions & - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, @@ -1603,18 +1603,16 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello: received %s(%u) extension ( ignored )", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, + extension_type, "( ignored )" ); break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -1628,7 +1626,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) + ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) ) { handshake->update_checksum( ssl, buf, pre_shared_key_ext - buf ); @@ -1639,12 +1637,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - handshake->received_extensions &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ); } else if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_tls13_parse_pre_shared_key_ext" ), - ret ); + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_pre_shared_key_ext" , ret ); return( ret ); } } From 9eba750916b751bb1cf1a1d4c0fc2c59bd7be64f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 13:46:16 +0800 Subject: [PATCH 20/33] Refactor encrypted extensions Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 54101cb344..082be20b35 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1989,7 +1989,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < extensions_end ) { @@ -2029,18 +2029,16 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "encrypted extensions: received %s(%u) extension ( ignored )", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + extension_type, "( ignored )" ); break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS ); /* Check that we consumed all the message. */ if( p != end ) From 6d0e78ba22cbaa19e4de862a79b03cdedefe4ff2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 14:13:25 +0800 Subject: [PATCH 21/33] Refactor certificate request Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 082be20b35..688eb52018 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2184,7 +2184,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < extensions_end ) { @@ -2217,19 +2217,16 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "certificate request: received %s(%u) extension ( ignored )", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + extension_type, "( ignored )" ); break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, - MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); /* Check that we consumed all the message. */ if( p != end ) @@ -2243,7 +2240,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, * * The "signature_algorithms" extension MUST be specified */ - if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); From 0d5cfb7703c51be78e71a6efd4548753ca7929c9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 14:15:48 +0800 Subject: [PATCH 22/33] Refactor Certificate Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1a17372837..a9c8c973f8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -508,7 +508,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); extensions_end = p + extensions_len; - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < extensions_end ) { @@ -537,18 +537,16 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, switch( extension_type ) { default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Certificate: received %s(%u) extension ( ignored )", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, MBEDTLS_SSL_HS_CERTIFICATE, + extension_type, "( ignored )" ); break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE, handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE ); } exit: From edab637b515d4015c10c59b4ecc176e66bea62d1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 14:37:31 +0800 Subject: [PATCH 23/33] Refactor new session ticket Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 20 +++++++------------- library/ssl_tls13_server.c | 2 ++ 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 688eb52018..b0a835f4e3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2484,7 +2484,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *p = buf; - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < end ) { @@ -2500,30 +2500,24 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); + ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST ); if( ret != 0 ) return( ret ); switch( extension_type ) { - case MBEDTLS_TLS_EXT_EARLY_DATA: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "NewSessionTicket : received %s(%u) extension ( ignored )", - mbedtls_tls13_get_extension_name( extension_type ), - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT_TYPE( + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, + extension_type, "( ignored )" ); break; } p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET ); return( 0 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 607347d730..f31e7ab89e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2832,6 +2832,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, * Note: We currently don't have any extensions. * Set length to zero. */ + ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( 0, p, 0 ); p += 2; From 50e00e3ac6b7c9f7940d0f459d727bd35a96c9fc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 31 Oct 2022 14:45:01 +0800 Subject: [PATCH 24/33] Refactor server hello Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 24 ++++++++++-------------- library/ssl_tls13_server.c | 1 + 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b0a835f4e3..fff0febed8 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1395,7 +1395,7 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl, ssl->session_negotiate->tls_version = ssl->tls_version; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; ret = ssl_server_hello_is_hrr( ssl, buf, end ); switch( ret ) @@ -1506,6 +1506,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info; int fatal_alert = 0; uint32_t allowed_extensions_mask; + int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : + MBEDTLS_SSL_HS_SERVER_HELLO; /* * Check there is space for minimal fields @@ -1648,7 +1650,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); - handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; allowed_extensions_mask = is_hrr ? MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; @@ -1668,11 +1670,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, extension_data_end = p + extension_data_len; ret = mbedtls_ssl_tls13_check_received_extension( - ssl, - is_hrr ? - -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, - extension_type, - allowed_extensions_mask ); + ssl, hs_msg_type, extension_type, allowed_extensions_mask ); if( ret != 0 ) return( ret ); @@ -1744,9 +1742,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, - handshake->received_extensions ); + MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, hs_msg_type ); cleanup: @@ -1797,20 +1793,20 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) * exchange mode is EPHEMERAL-only. */ switch( handshake->received_extensions & - ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) ) + ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ) ) { /* Only the pre_shared_key extension was received */ - case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: + case MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; /* Only the key_share extension was received */ - case MBEDTLS_SSL_EXT_KEY_SHARE: + case MBEDTLS_SSL_EXT_MASK( KEY_SHARE ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; break; /* Both the pre_shared_key and key_share extensions were received */ - case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): + case ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f31e7ab89e..288332865b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2001,6 +2001,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, size_t output_len; *out_len = 0; + ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; /* ... * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 From f467d46bbbcee711d647441152d0f316a354e855 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 7 Nov 2022 13:12:44 +0800 Subject: [PATCH 25/33] move get_srv_psk_list It can be reused in other test-suites Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 9 --------- tests/ssl-opt.sh | 10 ++++++++++ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 4f62ed69bf..b1320c5b59 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -18,15 +18,6 @@ # limitations under the License. # -get_srv_psk_list () -{ - case $(( TESTS % 3 )) in - 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; - 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; - 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; - esac -} - requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a75b3f593c..f264b5ed12 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1024,6 +1024,16 @@ is_gnutls() { esac } +# Generate random psk_list argument for ssl_server2 +get_srv_psk_list () +{ + case $(( TESTS % 3 )) in + 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; + 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; + 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; + esac +} + # Determine what calc_verify trace is to be expected, if any. # # calc_verify is only called for two things: to calculate the From e5991328ffaa3139f6a747cd6a68fbac55e931aa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 7 Nov 2022 14:03:44 +0800 Subject: [PATCH 26/33] fix tls13 psk only test fail Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 17 ++++++-- tests/opt-testcases/tls13-misc.sh | 70 +++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 4 deletions(-) create mode 100755 tests/opt-testcases/tls13-misc.sh diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 288332865b..598ca91bfa 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -934,6 +934,7 @@ static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, return( masked == exts_mask ); } +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) @@ -944,8 +945,9 @@ static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) ); } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( mbedtls_ssl_context *ssl ) @@ -955,7 +957,9 @@ static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) @@ -967,19 +971,24 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) return( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) ); +#else + ((void) ssl); + return( 0 ); +#endif } MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) && mbedtls_ssl_tls13_psk_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) ); @@ -992,7 +1001,7 @@ static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) && mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) ); diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh new file mode 100755 index 0000000000..661b3500b1 --- /dev/null +++ b/tests/opt-testcases/tls13-misc.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# tls13-misc.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk_ephemeral$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "key exchange mode: ephemeral$" + From ea52ed91cf746915736625ad6205c5adc615e160 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:01:17 +0800 Subject: [PATCH 27/33] fix typo and spell issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 14 +++++++------- library/ssl_tls.c | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7c32969b2b..77b091d030 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -78,7 +78,7 @@ #define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO ) /* - * Inernal identity of handshake extensions + * Internal identity of handshake extensions */ #define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 #define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 @@ -138,8 +138,8 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); * with an "illegal_parameter" alert. */ -/* Extensions that not recognized by TLS 1.3 */ -#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED \ +/* Extensions that are not recognized by TLS 1.3 */ +#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \ ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \ MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \ MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \ @@ -169,7 +169,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \ MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) /* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ @@ -191,7 +191,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \ MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) /* RFC 8446 section 4.2. Allowed extensions for Certificate */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ @@ -213,7 +213,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); /* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNREOGNIZED ) + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) /* * Helper macros for function call with return check. @@ -1950,7 +1950,7 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* - * Helper functions for extensions checking and convert. + * Helper functions for extensions checking. */ MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 04d2ef440b..cf71d263a5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -618,7 +618,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ) #if defined(MBEDTLS_DEBUG_C) static const char *extension_name_table[] = { - [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unreognized", + [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized", [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name", [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length", [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request", @@ -648,7 +648,7 @@ static const char *extension_name_table[] = { [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket" }; -static unsigned int extension_type_tbl[]={ +static unsigned int extension_type_table[]={ [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, @@ -755,7 +755,7 @@ void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, i++ ) { mbedtls_ssl_print_extension_type( - ssl, level, file, line, hs_msg_type, extension_type_tbl[i], + ssl, level, file, line, hs_msg_type, extension_type_table[i], extensions_mask & ( 1 << i ) ? "was" : "was not", extra ); } } From c437ee3bac80e52b5d6d637f6816426fb12a7c2a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:04:15 +0800 Subject: [PATCH 28/33] fix wrong return value Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 598ca91bfa..378ce8fc91 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1447,8 +1447,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, 3, ( "pre_shared_key is not last extension." ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); From b95dd3683b99d5a34876952f65d915656804c819 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:19:34 +0800 Subject: [PATCH 29/33] Add missing mask set and tls13 unrecognized extension Signed-off-by: Jerry Yu --- library/ssl_misc.h | 1 + library/ssl_tls.c | 5 +++++ library/ssl_tls13_server.c | 9 +++++++++ 3 files changed, 15 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 77b091d030..ad8754cac2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -144,6 +144,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \ MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \ MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \ + MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \ MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) ) /* RFC 8446 section 4.2. Allowed extensions for ClienHello */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cf71d263a5..4787ca0585 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9155,6 +9155,11 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, p[6] = MBEDTLS_BYTE_0( protocol_name_len ); memcpy( p + 7, ssl->alpn_chosen, protocol_name_len ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); +#endif + return ( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 378ce8fc91..051afa2705 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -700,6 +700,8 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u", ssl->handshake->selected_identity ) ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + return( 0 ); } @@ -1812,6 +1814,9 @@ static int ssl_tls13_write_server_hello_supported_versions_ext( *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + return( 0 ); } @@ -1918,6 +1923,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); } @@ -1982,6 +1989,8 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl, *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); } From 79aa721adee6042afecae06c124d35a36337b18a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:30:21 +0800 Subject: [PATCH 30/33] Rename ext print function and macro Signed-off-by: Jerry Yu --- library/ssl_debug_helpers.h | 19 +++++++++---------- library/ssl_tls.c | 14 ++++++-------- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_generic.c | 8 ++++---- library/ssl_tls13_server.c | 2 +- 5 files changed, 23 insertions(+), 26 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 8fce87a985..ad84619a0d 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -50,12 +50,10 @@ void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, int hs_msg_type, uint32_t extensions_mask, const char *extra ); -void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, - unsigned int extension_type, - const char *extra_msg0, - const char *extra_msg1 ); +void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, unsigned int extension_type, + const char *extra_msg0, const char *extra_msg1 ); #define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) \ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ @@ -69,16 +67,17 @@ void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl, ssl->handshake->received_extensions, \ "received" ) -#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra ) \ - mbedtls_ssl_print_extension_type( ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extension_type, extra, NULL ) +#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \ + mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, extension_type, \ + extra, NULL ) #else #define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) #define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) -#define MBEDTLS_SSL_PRINT_EXT_TYPE( level, hs_msg_type, extension_type, extra ) +#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4787ca0585..efe24634fe 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -704,15 +704,13 @@ static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type ) case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return( "CertificateRequest" ); } - return( NULL ); + return( "Unknown" ); } -void mbedtls_ssl_print_extension_type( const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, - unsigned int extension_type, - const char *extra_msg0, - const char *extra_msg1 ) +void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, unsigned int extension_type, + const char *extra_msg0, const char *extra_msg1 ) { const char *extra_msg; if( extra_msg0 && extra_msg1 ) @@ -754,7 +752,7 @@ void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] ); i++ ) { - mbedtls_ssl_print_extension_type( + mbedtls_ssl_print_extension( ssl, level, file, line, hs_msg_type, extension_type_table[i], extensions_mask & ( 1 << i ) ? "was" : "was not", extra ); } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fff0febed8..f4502d290f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2025,7 +2025,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, "( ignored )" ); break; @@ -2213,7 +2213,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, "( ignored )" ); break; @@ -2504,7 +2504,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, switch( extension_type ) { default: - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type, "( ignored )" ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a9c8c973f8..39b86b984a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -537,7 +537,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, switch( extension_type ) { default: - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, "( ignored )" ); break; @@ -1545,12 +1545,12 @@ int mbedtls_ssl_tls13_check_received_extension( uint32_t extension_mask = mbedtls_ssl_get_extension_mask( received_extension_type ); - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, hs_msg_type, received_extension_type, "received" ); if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) { - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, hs_msg_type, received_extension_type, "is illegal" ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, @@ -1577,7 +1577,7 @@ int mbedtls_ssl_tls13_check_received_extension( return( 0 ); } - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, hs_msg_type, received_extension_type, "is unsupported" ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 051afa2705..28f242295b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1614,7 +1614,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ default: - MBEDTLS_SSL_PRINT_EXT_TYPE( + MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, "( ignored )" ); break; From 7de2ff0310f4c7e7493844533e10785a6207a2a8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:43:46 +0800 Subject: [PATCH 31/33] Refactor extension list print Signed-off-by: Jerry Yu --- library/ssl_client.c | 3 ++- library/ssl_debug_helpers.h | 16 +++------------- library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 12 ++++++++---- library/ssl_tls13_generic.c | 6 ++++-- library/ssl_tls13_server.c | 17 +++++++++++------ 6 files changed, 29 insertions(+), 27 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index ebf0fa701e..b226caffff 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -675,7 +675,8 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions ); #endif *out_len = p - buf; diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index ad84619a0d..ccdda2a0d6 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -55,17 +55,9 @@ void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, int hs_msg_type, unsigned int extension_type, const char *extra_msg0, const char *extra_msg1 ); -#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) \ +#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask ) \ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ - hs_msg_type, \ - ssl->handshake->sent_extensions, \ - "sent" ) - -#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) \ - mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ - hs_msg_type, \ - ssl->handshake->received_extensions, \ - "received" ) + hs_msg_type, extension_mask, NULL ) #define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \ mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \ @@ -73,9 +65,7 @@ void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, extra, NULL ) #else -#define MBEDTLS_SSL_PRINT_SENT_EXTS( level, hs_msg_type ) - -#define MBEDTLS_SSL_PRINT_RECEIVED_EXTS( level, hs_msg_type ) +#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask ) #define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index efe24634fe..ea8464f0c8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -754,7 +754,7 @@ void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, { mbedtls_ssl_print_extension( ssl, level, file, line, hs_msg_type, extension_type_table[i], - extensions_mask & ( 1 << i ) ? "was" : "was not", extra ); + extensions_mask & ( 1 << i ) ? "exists" : "does not exists", extra ); } } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f4502d290f..364e886bca 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1742,7 +1742,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, hs_msg_type ); + MBEDTLS_SSL_PRINT_EXTS( + 3, hs_msg_type, ssl->handshake->received_extensions ); cleanup: @@ -2034,7 +2035,8 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS ); + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + ssl->handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2222,7 +2224,8 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + ssl->handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2513,7 +2516,8 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET ); + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, + ssl->handshake->received_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 39b86b984a..a39949c1cd 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -546,7 +546,8 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE ); + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE, + ssl->handshake->received_extensions ); } exit: @@ -885,7 +886,8 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, *out_len = p - buf; - MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 28f242295b..597fbb7e63 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1623,7 +1623,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_RECEIVED_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO ); + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO, + ssl->handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -2145,9 +2146,10 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len ); - MBEDTLS_SSL_PRINT_SENT_EXTS( + MBEDTLS_SSL_PRINT_EXTS( 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : - MBEDTLS_SSL_HS_SERVER_HELLO ); + MBEDTLS_SSL_HS_SERVER_HELLO, + ssl->handshake->sent_extensions ); return( ret ); } @@ -2333,7 +2335,8 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len ); - MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions ); return( 0 ); } @@ -2464,7 +2467,8 @@ static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl, *out_len = p - buf; - MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions ); return( 0 ); } @@ -2861,7 +2865,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); - MBEDTLS_SSL_PRINT_SENT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions ); return( 0 ); } From 616ba75c233b47dac91ac652621acb15b30a32c9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:49:47 +0800 Subject: [PATCH 32/33] move test cases and mark `tls13-kex-modes.sh` as locked Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-kex-modes.sh | 215 +------------------------ tests/opt-testcases/tls13-misc.sh | 214 ++++++++++++++++++++++++ 2 files changed, 216 insertions(+), 213 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index b1320c5b59..2681f61f17 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -18,219 +18,8 @@ # limitations under the License. # -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 0" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -S "ticket is not authentic" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -s "ticket is not authentic" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -s "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -s "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -s "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" +# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases can be generated by +# scripts in future(#6280) requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 661b3500b1..4ad6faa48f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -18,6 +18,220 @@ # limitations under the License. # +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched ciphersuite" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched ciphersuite" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 0" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -S "ticket is not authentic" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -s "ticket is not authentic" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -s "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -s "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -s "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -s "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -s "Ticket age outside tolerance window" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ From 97be6a913ecf7d4436ca7bf923958b5bb5191421 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 9 Nov 2022 22:43:31 +0800 Subject: [PATCH 33/33] fix various issues - typo error - replace `ssl->hanshake` with handshake Signed-off-by: Jerry Yu --- library/ssl_client.c | 2 +- library/ssl_debug_helpers.h | 4 ++-- library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 9 ++++----- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- tests/opt-testcases/tls13-kex-modes.sh | 2 +- 7 files changed, 11 insertions(+), 12 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index b226caffff..0f0ea1dc52 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -676,7 +676,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions ); + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions ); #endif *out_len = p - buf; diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index ccdda2a0d6..4412f8e213 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -55,9 +55,9 @@ void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, int hs_msg_type, unsigned int extension_type, const char *extra_msg0, const char *extra_msg1 ); -#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask ) \ +#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extensions_mask ) \ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extension_mask, NULL ) + hs_msg_type, extensions_mask, NULL ) #define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \ mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ea8464f0c8..20648a1667 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -754,7 +754,7 @@ void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, { mbedtls_ssl_print_extension( ssl, level, file, line, hs_msg_type, extension_type_table[i], - extensions_mask & ( 1 << i ) ? "exists" : "does not exists", extra ); + extensions_mask & ( 1 << i ) ? "exists" : "does not exist", extra ); } } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 364e886bca..9940a0e5ea 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1742,8 +1742,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, p += extension_data_len; } - MBEDTLS_SSL_PRINT_EXTS( - 3, hs_msg_type, ssl->handshake->received_extensions ); + MBEDTLS_SSL_PRINT_EXTS( 3, hs_msg_type, handshake->received_extensions ); cleanup: @@ -2036,7 +2035,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2225,7 +2224,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2517,7 +2516,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - ssl->handshake->received_extensions ); + handshake->received_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a39949c1cd..f854998893 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -547,7 +547,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE, - ssl->handshake->received_extensions ); + handshake->received_extensions ); } exit: diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 597fbb7e63..3cd03108f6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1624,7 +1624,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO, - ssl->handshake->received_extensions ); + handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 2681f61f17..974d513d8e 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -18,7 +18,7 @@ # limitations under the License. # -# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases can be generated by +# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by # scripts in future(#6280) requires_gnutls_tls1_3