lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-01 05:01:58 +03:00
Code Activity

Merge pull request #5817 from xkqian/tls13_add_server_name

Browse Source 
Tls13 add server name
This commit is contained in:
Ronald Cron
2022-06-16 08:30:09 +02:00
committed by GitHub
parent 4ccd226cbf 75fe8c7e54
commit ca3c6a5698
7 changed files with 257 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/ssl_misc.h
View File

@@ -2270,4 +2270,14 @@ int mbedtls_ssl_validate_ciphersuite(
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
const unsigned char *end, size_t *out_len );
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm );
#endif /* ssl_misc.h */

75
library/ssl_tls.c
View File

@@ -8210,4 +8210,79 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/*
* mbedtls_ssl_parse_server_name_ext
*
* Structure of server_name extension:
*
* enum {
* host_name(0), (255)
* } NameType;
* opaque HostName<1..2^16-1>;
*
* struct {
* NameType name_type;
* select (name_type) {
* case host_name: HostName;
* } name;
* } ServerName;
* struct {
* ServerName server_name_list<1..2^16-1>
* } ServerNameList;
*/
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t server_name_list_len, hostname_len;
const unsigned char *server_name_list_end;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
server_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, server_name_list_len );
server_name_list_end = p + server_name_list_len;
while( p < server_name_list_end )
{
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end, 3 );
hostname_len = MBEDTLS_GET_UINT16_BE( p, 1 );
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end,
hostname_len + 3 );
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
{
/* sni_name is intended to be used only during the parsing of the
* ClientHello message (it is reset to NULL before the end of
* the message parsing). Thus it is ok to just point to the
* reception buffer and not make a copy of it.
*/
ssl->handshake->sni_name = p + 3;
ssl->handshake->sni_name_len = hostname_len;
if( ssl->conf->f_sni == NULL )
return( 0 );
ret = ssl->conf->f_sni( ssl->conf->p_sni,
ssl, p + 3, hostname_len );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME,
MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
}
return( 0 );
}
p += hostname_len + 3;
}
return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_SSL_TLS_C */

77
library/ssl_tls12_server.c
View File

@@ -77,80 +77,6 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t servername_list_size, hostname_len;
const unsigned char *p;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
if( len < 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
p = buf + 2;
while( servername_list_size > 2 )
{
hostname_len = ( ( p[1] << 8 ) | p[2] );
if( hostname_len + 3 > servername_list_size )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
{
ssl->handshake->sni_name = p + 3;
ssl->handshake->sni_name_len = hostname_len;
if( ssl->conf->f_sni == NULL )
return( 0 );
ret = ssl->conf->f_sni( ssl->conf->p_sni,
ssl, p + 3, hostname_len );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
}
return( 0 );
}
servername_list_size -= hostname_len + 3;
p += hostname_len + 3;
}
if( servername_list_size != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
{
@@ -1483,7 +1409,8 @@ read_record_header:
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
ret = mbedtls_ssl_parse_server_name_ext( ssl, ext + 4,
ext + 4 + ext_size );
if( ret != 0 )
return( ret );
break;

4
library/ssl_tls13_client.c
View File

@@ -1687,7 +1687,7 @@ static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
}
else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip tls13 parse certificate request" ) );
ret = 0;
}
else
@@ -1793,7 +1793,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip write certificate" ) );
}
#endif

17
library/ssl_tls13_generic.c
View File

@@ -548,7 +548,14 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
* from the configuration. */
#if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
authmode = ssl->conf->authmode;
{
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
authmode = ssl->handshake->sni_authmode;
else
#endif
authmode = ssl->conf->authmode;
}
#endif
/*
@@ -847,9 +854,9 @@ cleanup:
/*
* STATE HANDLING: Output Certificate Verify
*/
static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key );
/* Determine the size of the key */
@@ -1017,7 +1024,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
ret = mbedtls_ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,

125
library/ssl_tls13_server.c
View File

@@ -335,6 +335,75 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
return( 1 );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Pick best ( private key, certificate chain ) pair based on the signature
* algorithms supported by the client.
*/
static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_key_cert *key_cert, *key_cert_list;
const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
uint16_t key_sig_alg;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_key_cert != NULL )
key_cert_list = ssl->handshake->sni_key_cert;
else
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
key_cert_list = ssl->conf->key_cert;
if( key_cert_list == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
return( -1 );
}
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
for( key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next )
{
int ret;
MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
key_cert->cert );
/*
* This avoids sending the client a cert it'll reject based on
* keyUsage or other extensions.
*/
if( mbedtls_x509_crt_check_key_usage(
key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE ) != 0 ||
mbedtls_x509_crt_check_extended_key_usage(
key_cert->cert, MBEDTLS_OID_SERVER_AUTH,
MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
"(extended) key usage extension" ) );
continue;
}
ret = mbedtls_ssl_tls13_get_sig_alg_from_pk(
ssl, &key_cert->cert->pk, &key_sig_alg );
if( ret != 0 )
continue;
if( *sig_alg == key_sig_alg )
{
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_CRT(
3, "selected certificate (chain)",
ssl->handshake->key_cert->cert );
return( 0 );
}
}
}
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
*
* STATE HANDLING: ClientHello
@@ -580,6 +649,21 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
switch( extension_type )
{
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
ret = mbedtls_ssl_parse_server_name_ext( ssl, p,
extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_parse_servername_ext", ret );
return( ret );
}
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME;
break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_ECDH_C)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported group extension" ) );
@@ -685,10 +769,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
ssl_tls13_debug_print_client_hello_exts( ssl );
#endif /* MBEDTLS_DEBUG_C */
return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
/* Update the handshake state machine */
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
* Here we only support the ephemeral or (EC)DHE key echange mode
*/
if( !ssl_tls13_check_ephemeral_key_exchange( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG(
@@ -699,14 +791,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
/* Update the handshake state machine */
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
* Server certificate selection
*/
if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
return( ret );
}
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
ssl->handshake->sni_name = NULL;
ssl->handshake->sni_name_len = 0;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
if( ret != 0 )
@@ -1337,6 +1433,11 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int authmode;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
authmode = ssl->handshake->sni_authmode;
else
#endif
authmode = ssl->conf->authmode;
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
@@ -1450,13 +1551,17 @@ cleanup:
static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( mbedtls_ssl_own_cert( ssl ) == NULL )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ssl_tls13_pick_key_cert( ssl ) != 0 ) ||
mbedtls_ssl_own_cert( ssl ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate available." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
ret = mbedtls_ssl_tls13_write_certificate( ssl );
if( ret != 0 )