lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Address various issues

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
2021-10-13 13:36:05 +08:00
parent 435208a949
commit b85277e3af
4 changed files with 95 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
library/ecdh.c
View File

@ -808,24 +808,21 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx, static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *buf, const unsigned char *buf,
size_t blen ) size_t buf_len )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf; const unsigned char *p = buf;
size_t data_len; size_t data_len;
if( blen < 3 ) if( buf_len < 3 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
data_len = MBEDTLS_GET_UINT16_BE( p, 0 ); data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2; p += 2;
if( data_len < 1 || data_len != ( blen - 2 ) ) if( data_len < 1 || data_len != ( buf_len - 2 ) )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/*
* Save buffer start for read_binary and update buf
*/
if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp, if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
&ctx->Qp, p, data_len ) ) != 0) &ctx->Qp, p, data_len ) ) != 0)
{ {
@ -840,13 +837,13 @@ static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
*/ */
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, const unsigned char *buf,
size_t blen ) size_t buf_len )
{ {
ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( buf != NULL ); ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_read_public_internal( ctx, buf, blen ) ); return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
#else #else
switch( ctx->var ) switch( ctx->var )
{ {
@ -856,7 +853,7 @@ int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
#endif #endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh, return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, blen ) ); buf, buf_len ) );
default: default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }

8
library/ecdh_misc.h
View File

@ -36,19 +36,19 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id ); mbedtls_ecp_group_id grp_id );
/* /*
* TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h * TLS 1.3 version of mbedtls_ecdh_make_params
*/ */
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen, unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ), int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng ); void *p_rng );
/* /*
* TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h * TLS 1.3 version of mbedtls_ecdh_read_public
*/ */
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, const unsigned char *buf,
size_t blen ); size_t buf_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

185
library/ssl_tls13_client.c
View File

@ -97,12 +97,12 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len ) const unsigned char *end )
{ {
((void) ssl); ((void) ssl);
if( buf_len != 2 || MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2);
buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 || if( buf[0] != MBEDTLS_SSL_MAJOR_VERSION_3 ||
buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 ) buf[1] != MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
@ -497,7 +497,7 @@ static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
return( -1 ); return( -1 );
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP ); MBEDTLS_DEBUG_ECDH_QP );
@ -505,12 +505,6 @@ static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
/* The ssl_tls13_parse_key_share_ext() function is used
* by the client to parse a KeyShare extension in
* a Server Hello message.
*
* The server only provides a single KeyShareEntry.
*/
static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len ) size_t buf_len )
@ -522,12 +516,16 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_tls13_read_public" ), ret );
return( ret );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
if( ssl_tls13_check_ecdh_params( ssl ) != 0 ) if( ssl_tls13_check_ecdh_params( ssl ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@ -538,7 +536,9 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
/* /*
* Parse key_share extension in Server Hello * ssl_tls13_parse_key_share_ext()
* Parse key_share extension in Server Hello
*
* struct { * struct {
* KeyShareEntry server_share; * KeyShareEntry server_share;
* } KeyShareServerHello; * } KeyShareServerHello;
@ -551,7 +551,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
{ {
int ret = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf; const unsigned char *p = buf;
uint16_t group, offered_group; uint16_t group, offered_group;
@ -583,8 +583,9 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
} }
else
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
else if( 0 /* other KEMs? */ ) if( 0 /* other KEMs? */ )
{ {
/* Do something */ /* Do something */
} }
@ -883,9 +884,18 @@ cleanup:
/* /*
* Functions for parsing and processing Server Hello * Functions for parsing and processing Server Hello
*/ */
static int ssl_server_hello_is_hrr( unsigned const char *buf, size_t blen ) /* Fetch and preprocess
* Returns a negative value on failure, and otherwise
* - SSL_SERVER_HELLO_COORDINATE_HELLO or
* - SSL_SERVER_HELLO_COORDINATE_HRR
* to indicate which message is expected and to be parsed next. */
#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
#define SSL_SERVER_HELLO_COORDINATE_HRR 1
static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{ {
static const unsigned char magic_hrr_string[32] = static const unsigned char magic_hrr_string[SERVER_HELLO_RANDOM_LEN] =
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@ -902,31 +912,23 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf, size_t blen )
* opaque legacy_session_id_echo<0..32>; * opaque legacy_session_id_echo<0..32>;
* CipherSuite cipher_suite; * CipherSuite cipher_suite;
* uint8 legacy_compression_method = 0; * uint8 legacy_compression_method = 0;
* Extension extensions<6..2 ^ 16 - 1>; * Extension extensions<6..2^16-1>;
* } ServerHello; * } ServerHello;
* *
*/ */
if( blen < 2 + sizeof( magic_hrr_string ) ) MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 + sizeof( magic_hrr_string ) );
return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 ) if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 )
{ {
return( 1 ); return( SSL_SERVER_HELLO_COORDINATE_HRR );
} }
return( 0 ); return( SSL_SERVER_HELLO_COORDINATE_HELLO );
} }
/* Fetch and preprocess static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
* Returns a negative value on failure, and otherwise unsigned char **buf,
* - SSL_SERVER_HELLO_COORDINATE_HELLO or size_t *buf_len )
* - SSL_SERVER_HELLO_COORDINATE_HRR
* to indicate which message is expected and to be parsed next. */
#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
#define SSL_SERVER_HELLO_COORDINATE_HRR 1
static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
unsigned char **buf,
size_t *buf_len )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -945,15 +947,15 @@ static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
*buf = ssl->in_msg + 4; *buf = ssl->in_msg + 4;
*buf_len = ssl->in_hslen - 4; *buf_len = ssl->in_hslen - 4;
if( ssl_server_hello_is_hrr( *buf, *buf_len ) ) ret = ssl_server_hello_is_hrr( ssl, *buf, *buf + *buf_len );
{ switch( ret )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
ret = SSL_SERVER_HELLO_COORDINATE_HRR;
}
else
{ {
case SSL_SERVER_HELLO_COORDINATE_HELLO:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
ret = SSL_SERVER_HELLO_COORDINATE_HELLO; break;
case SSL_SERVER_HELLO_COORDINATE_HRR:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
break;
} }
cleanup: cleanup:
@ -977,10 +979,6 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss
if( ssl->session_negotiate->id_len != legacy_session_id_echo_len || if( ssl->session_negotiate->id_len != legacy_session_id_echo_len ||
memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 ) memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Mismatch of session id length:"
" id_len = %" MBEDTLS_PRINTF_SIZET
" , legacy_session_id_echo_len = %" MBEDTLS_PRINTF_SIZET,
ssl->session_negotiate->id_len, legacy_session_id_echo_len ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID", MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID",
ssl->session_negotiate->id, ssl->session_negotiate->id,
ssl->session_negotiate->id_len ); ssl->session_negotiate->id_len );
@ -1025,17 +1023,17 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
* opaque legacy_session_id_echo<0..32>; * opaque legacy_session_id_echo<0..32>;
* CipherSuite cipher_suite; * CipherSuite cipher_suite;
* uint8 legacy_compression_method = 0; * uint8 legacy_compression_method = 0;
* Extension extensions<6..2 ^ 16 - 1>; * Extension extensions<6..2^16-1>;
* } ServerHello; * } ServerHello;
*/ */
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
{ {
int ret; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf; const unsigned char *p = buf;
size_t extensions_len; /* Length of field */ size_t extensions_len;
const unsigned char *extensions_end; /* Pointer to end of individual extension */ const unsigned char *extensions_end;
uint16_t cipher_suite; uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@ -1054,7 +1052,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
/* ... /* ...
* ProtocaolVersion legacy_version = 0x0303; // TLS 1.2 * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
* ... * ...
* with ProtocolVersion defined as: * with ProtocolVersion defined as:
* uint16 ProtocolVersion; * uint16 ProtocolVersion;
@ -1112,9 +1110,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
if( ciphersuite_info == NULL || if( ciphersuite_info == NULL ||
ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 ) ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite(%04x) not found or not offered",
cipher_suite ) ); cipher_suite ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
@ -1142,17 +1139,16 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
if( p[0] != 0 ) if( p[0] != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
p++; p++;
/* /* ...
* .... * Extension extensions<6..2^16-1>;
* Extension extensions<6..2 ^ 16 - 1>; * ...
* ....
* struct { * struct {
* ExtensionType extension_type; (2 bytes) * ExtensionType extension_type; (2 bytes)
* opaque extension_data<0..2^16-1>; * opaque extension_data<0..2^16-1>;
@ -1166,9 +1162,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
extensions_end = p + extensions_len; extensions_end = p + extensions_len;
MBEDTLS_SSL_DEBUG_MSG( 3,
( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
extensions_len ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
while( p < extensions_end ) while( p < extensions_end )
@ -1190,7 +1183,8 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
( "found supported_versions extension" ) ); ( "found supported_versions extension" ) );
ret = ssl_tls13_parse_supported_versions_ext( ssl, ret = ssl_tls13_parse_supported_versions_ext( ssl,
p, extension_data_len ); p,
p + extension_data_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
break; break;
@ -1238,45 +1232,39 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_key_set traffic_keys; mbedtls_ssl_key_set traffic_keys;
mbedtls_ssl_transform *transform_handshake = NULL; mbedtls_ssl_transform *transform_handshake = NULL;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* We need to set the key exchange algorithm based on the /* Determine the key exchange mode:
* following rules: * 1) If both the pre_shared_key and key_share extensions were received
* * then the key exchange mode is PSK with EPHEMERAL.
* 1) IF PRE_SHARED_KEY extension was received * 2) If only the pre_shared_key extension was received then the key
* THEN set KEY_EXCHANGE_MODE_PSK_EPHEMERAL; * exchange mode is PSK-only.
* 2) IF PRE_SHARED_KEY extension && KEY_SHARE was received * 3) If only the key_share extension was received then the key
* THEN set KEY_EXCHANGE_MODE_PSK; * exchange mode is EPHEMERAL-only.
* 3) IF KEY_SHARES extension was received && SIG_ALG extension received
* THEN set KEY_EXCHANGE_MODE_EPHEMERAL
* ELSE unknown key exchange mechanism.
*/ */
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) switch( handshake->extensions_present &
( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
{ {
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) /* Only the pre_shared_key extension was received */
{ case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
/* Condition 2) */ handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
ssl->handshake->tls1_3_kex_modes = break;
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
} /* Only the key_share extension was received */
else case MBEDTLS_SSL_EXT_KEY_SHARE:
{ handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
/* Condition 1) */ break;
ssl->handshake->tls1_3_kex_modes =
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; /* Both the pre_shared_key and key_share extensions were received */
} case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
} handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
else if( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) ) break;
{
/* Condition 3) */ /* Neither pre_shared_key nor key_share extension was received */
ssl->handshake->tls1_3_kex_modes = default:
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
}
else
{
/* ELSE case */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
goto cleanup; goto cleanup;
@ -1313,8 +1301,7 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
goto cleanup; goto cleanup;
} }
transform_handshake = transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
if( transform_handshake == NULL ) if( transform_handshake == NULL )
{ {
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@ -1332,8 +1319,8 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
goto cleanup; goto cleanup;
} }
ssl->handshake->transform_handshake = transform_handshake; handshake->transform_handshake = transform_handshake;
mbedtls_ssl_set_inbound_transform( ssl, ssl->handshake->transform_handshake ); mbedtls_ssl_set_inbound_transform( ssl, transform_handshake );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
ssl->session_in = ssl->session_negotiate; ssl->session_in = ssl->session_negotiate;
@ -1348,8 +1335,7 @@ cleanup:
mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
if( ret != 0 ) if( ret != 0 )
{ {
if( transform_handshake != NULL ) mbedtls_free( transform_handshake );
mbedtls_free( transform_handshake );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
@ -1375,11 +1361,10 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
* - Make sure it's either a ServerHello or a HRR. * - Make sure it's either a ServerHello or a HRR.
* - Switch processing routine in case of HRR * - Switch processing routine in case of HRR
*/ */
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
ret = ssl_server_hello_coordinate( ssl, &buf, &buf_len ); ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );
/* Parsing step /* Parsing step
* We know what message to expect by now and call * We know what message to expect by now and call
* the respective parsing function. * the respective parsing function.

1
library/ssl_tls13_keys.c
View File

@ -1000,7 +1000,6 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
} }
else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) ) else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
{ {
/* TODO: Not supported yet */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) );
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
} }