lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

tls13: srv: Improve ticket identity check return values

Browse Source 
Improve the values returned by
ssl_tls13_offered_psks_check_identity_match_ticket().
Distinguish between the two following cases:
1) the PSK identity is not a valid ticket identity
2) the PSK identity is a valid ticket identity but
   the ticket cannot be used for session resumption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2023-12-05 18:15:14 +01:00
parent 3cdcac5647
commit fbae94a52f
1 changed files with 34 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
library/ssl_tls13_server.c
View File

@ -90,8 +90,9 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1 #define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0 #define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1
#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
@ -123,7 +124,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
/* Ticket parser is not configured, Skip */ /* Ticket parser is not configured, Skip */
if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
} }
/* We create a copy of the encrypted ticket since the ticket parsing /* We create a copy of the encrypted ticket since the ticket parsing
@ -138,28 +139,36 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
} }
memcpy(ticket_buffer, identity, identity_len); memcpy(ticket_buffer, identity, identity_len);
if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
session, session,
ticket_buffer, identity_len)) != 0) { ticket_buffer, identity_len);
if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { if (ret == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
} else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { } else {
if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
} else { } else {
MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret); if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
} else {
MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret);
}
ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
} }
} }
/* We delete the temporary buffer */ /* We delete the temporary buffer */
mbedtls_free(ticket_buffer); mbedtls_free(ticket_buffer);
if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); goto exit;
/* TODO: Define new return value for this case. */
ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
} }
if (ret != 0) { ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
goto exit; goto exit;
} }
@ -185,12 +194,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
if (key_exchanges == 0) { if (key_exchanges == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
goto exit; goto exit;
} }
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
now = mbedtls_ms_time(); now = mbedtls_ms_time();
if (now < session->ticket_creation_time) { if (now < session->ticket_creation_time) {
@ -242,12 +249,12 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
age_diff)); age_diff));
goto exit; goto exit;
} }
ret = 0;
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
exit: exit:
if (ret != 0) { if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
mbedtls_ssl_session_free(session); mbedtls_ssl_session_free(session);
} }
@ -277,7 +284,7 @@ static int ssl_tls13_offered_psks_check_identity_match(
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl_tls13_offered_psks_check_identity_match_ticket( if (ssl_tls13_offered_psks_check_identity_match_ticket(
ssl, identity, identity_len, obfuscated_ticket_age, ssl, identity, identity_len, obfuscated_ticket_age,
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) { session) == SSL_TLS1_3_PSK_IDENTITY_MATCH) {
ssl->handshake->resume = 1; ssl->handshake->resume = 1;
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
ret = mbedtls_ssl_set_hs_psk(ssl, ret = mbedtls_ssl_set_hs_psk(ssl,
@ -293,7 +300,7 @@ static int ssl_tls13_offered_psks_check_identity_match(
session->resumption_key_len); session->resumption_key_len);
MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u", MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u",
(unsigned) obfuscated_ticket_age)); (unsigned) obfuscated_ticket_age));
return SSL_TLS1_3_OFFERED_PSK_MATCH; return SSL_TLS1_3_PSK_IDENTITY_MATCH;
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
@ -301,9 +308,9 @@ static int ssl_tls13_offered_psks_check_identity_match(
if (ssl->conf->f_psk != NULL) { if (ssl->conf->f_psk != NULL) {
if (ssl->conf->f_psk( if (ssl->conf->f_psk(
ssl->conf->p_psk, ssl, identity, identity_len) == 0) { ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
return SSL_TLS1_3_OFFERED_PSK_MATCH; return SSL_TLS1_3_PSK_IDENTITY_MATCH;
} }
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
} }
MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len); MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len);
@ -317,10 +324,10 @@ static int ssl_tls13_offered_psks_check_identity_match(
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
return ret; return ret;
} }
return SSL_TLS1_3_OFFERED_PSK_MATCH; return SSL_TLS1_3_PSK_IDENTITY_MATCH;
} }
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
} }
#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1 #define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1
@ -588,7 +595,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(
ret = ssl_tls13_offered_psks_check_identity_match( ret = ssl_tls13_offered_psks_check_identity_match(
ssl, identity, identity_len, obfuscated_ticket_age, ssl, identity, identity_len, obfuscated_ticket_age,
&psk_type, &session); &psk_type, &session);
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
continue; continue;
} }