Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers

add tls13 client dummy state handlers and improve dispatch test
This commit is contained in:
Manuel Pégourié-Gonnard 2021-09-29 10:45:16 +02:00 committed by GitHub
commit 1869377146
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 198 additions and 12 deletions

View file

@ -623,6 +623,7 @@ typedef enum
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
}
mbedtls_ssl_states;

View file

@ -318,4 +318,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
}
#endif
/* Fix MSVC C99 compatible issue
* MSVC support __func__ from visual studio 2015( 1900 )
* Use MSVC predefine macro to avoid name check fail.
*/
#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
#define /*no-check-names*/ __func__ __FUNCTION__
#endif
#endif /* MBEDTLS_LIBRARY_COMMON_H */

View file

@ -701,6 +701,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
/*
* Write ClientHello handshake message.
* Handler for MBEDTLS_SSL_CLIENT_HELLO
*/
static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
{
@ -736,11 +737,121 @@ cleanup:
return ret;
}
/*
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
*/
static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
{
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );
switch( ssl->state )
{
@ -754,9 +865,47 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;
case MBEDTLS_SSL_SERVER_HELLO:
// Stop here : we haven't finished whole flow
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
ret = ssl_tls1_3_process_server_hello( ssl );
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
ret = ssl_tls1_3_process_encrypted_extensions( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
ret = ssl_tls1_3_process_certificate_request( ssl );
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
ret = ssl_tls1_3_process_server_certificate( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
ret = ssl_tls1_3_process_certificate_verify( ssl );
break;
case MBEDTLS_SSL_SERVER_FINISHED:
ret = ssl_tls1_3_process_server_finished( ssl );
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = ssl_tls1_3_write_client_certificate( ssl );
break;
case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
ret = ssl_tls1_3_write_client_certificate_verify( ssl );
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls1_3_write_client_finished( ssl );
break;
case MBEDTLS_SSL_FLUSH_BUFFERS:
ret = ssl_tls1_3_flush_buffers( ssl );
break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
ret = ssl_tls1_3_handshake_wrapup( ssl );
break;
default:

View file

@ -23,11 +23,15 @@
#if defined(MBEDTLS_SSL_SRV_C)
#include "mbedtls/debug.h"
#include "ssl_misc.h"
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
{
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}

View file

@ -8660,29 +8660,53 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
"$P_SRV min_version=tls1_3 max_version=tls1_3" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available"
-s "tls1_3 server state: 0" \
-c "tls1_3 client state: 0"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - openssl" \
"$O_NEXT_SRV -tls1_3 -msg" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
-s "ServerHello"
-s "ServerHello" \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 7" \
-c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - gnutls" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
-s "SERVER HELLO was queued"
-s "SERVER HELLO was queued" \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 7" \
-c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG