Merge pull request #4993 from xffbai/add-tls13-read-certificate
TLS1.3: add tls1_3 read certificate
This commit is contained in:
commit
f660c7c923
4 changed files with 393 additions and 10 deletions
|
@ -1627,6 +1627,12 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
|
||||||
unsigned hs_type,
|
unsigned hs_type,
|
||||||
unsigned char **buf,
|
unsigned char **buf,
|
||||||
size_t *buflen );
|
size_t *buflen );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Handler of TLS 1.3 server certificate message
|
||||||
|
*/
|
||||||
|
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write TLS 1.3 handshake message tail
|
* Write TLS 1.3 handshake message tail
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1501,7 +1501,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
3, ( "unsupported extension found: %u ", extension_type) );
|
3, ( "unsupported extension found: %u ", extension_type) );
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||||
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, \
|
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
|
||||||
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||||
return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||||
}
|
}
|
||||||
|
@ -1513,7 +1513,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
}
|
}
|
||||||
|
@ -1523,17 +1523,44 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
|
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
|
if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
|
||||||
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||||
|
else
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
|
||||||
|
#else
|
||||||
|
((void) ssl);
|
||||||
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||||
|
#endif
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
|
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
|
||||||
*/
|
*/
|
||||||
static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
|
static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
|
int ret = mbedtls_ssl_read_record( ssl, 0 );
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) &&
|
||||||
|
( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CertificateRequest not supported" ) );
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
|
||||||
|
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||||
|
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->keep_current_message = 1;
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1542,7 +1569,12 @@ static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
|
static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
|
int ret;
|
||||||
|
|
||||||
|
ret = mbedtls_ssl_tls13_process_certificate( ssl );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -1556,7 +1588,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
/*
|
/*
|
||||||
* Handler for MBEDTLS_SSL_SERVER_FINISHED
|
* Handler for MBEDTLS_SSL_SERVER_FINISHED
|
||||||
*/
|
*/
|
||||||
|
@ -1642,8 +1674,9 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
ret = ssl_tls13_process_encrypted_extensions( ssl );
|
ret = ssl_tls13_process_encrypted_extensions( ssl );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
|
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
|
||||||
ret = ssl_tls1_3_process_certificate_request( ssl );
|
ret = ssl_tls13_process_certificate_request( ssl );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case MBEDTLS_SSL_SERVER_CERTIFICATE:
|
case MBEDTLS_SSL_SERVER_CERTIFICATE:
|
||||||
|
@ -1653,6 +1686,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
|
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
|
||||||
ret = ssl_tls1_3_process_certificate_verify( ssl );
|
ret = ssl_tls1_3_process_certificate_verify( ssl );
|
||||||
break;
|
break;
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
case MBEDTLS_SSL_SERVER_FINISHED:
|
case MBEDTLS_SSL_SERVER_FINISHED:
|
||||||
ret = ssl_tls1_3_process_server_finished( ssl );
|
ret = ssl_tls1_3_process_server_finished( ssl );
|
||||||
|
|
|
@ -27,6 +27,10 @@
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
|
|
||||||
#include "ssl_misc.h"
|
#include "ssl_misc.h"
|
||||||
|
#include <mbedtls/debug.h>
|
||||||
|
#include <mbedtls/oid.h>
|
||||||
|
#include <mbedtls/platform.h>
|
||||||
|
|
||||||
|
|
||||||
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
|
||||||
unsigned hs_type,
|
unsigned hs_type,
|
||||||
|
@ -215,6 +219,339 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
|
/*
|
||||||
|
*
|
||||||
|
* STATE HANDLING: Incoming Certificate, client-side only currently.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Implementation
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
|
/*
|
||||||
|
* Structure of Certificate message:
|
||||||
|
*
|
||||||
|
* enum {
|
||||||
|
* X509(0),
|
||||||
|
* RawPublicKey(2),
|
||||||
|
* (255)
|
||||||
|
* } CertificateType;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* select (certificate_type) {
|
||||||
|
* case RawPublicKey:
|
||||||
|
* * From RFC 7250 ASN.1_subjectPublicKeyInfo *
|
||||||
|
* opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
|
||||||
|
* case X509:
|
||||||
|
* opaque cert_data<1..2^24-1>;
|
||||||
|
* };
|
||||||
|
* Extension extensions<0..2^16-1>;
|
||||||
|
* } CertificateEntry;
|
||||||
|
*
|
||||||
|
* struct {
|
||||||
|
* opaque certificate_request_context<0..2^8-1>;
|
||||||
|
* CertificateEntry certificate_list<0..2^24-1>;
|
||||||
|
* } Certificate;
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Parse certificate chain send by the server. */
|
||||||
|
static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
const unsigned char *end )
|
||||||
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
size_t certificate_request_context_len = 0;
|
||||||
|
size_t certificate_list_len = 0;
|
||||||
|
const unsigned char *p = buf;
|
||||||
|
const unsigned char *certificate_list_end;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
|
||||||
|
certificate_request_context_len = p[0];
|
||||||
|
certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 1 );
|
||||||
|
p += 4;
|
||||||
|
|
||||||
|
/* In theory, the certificate list can be up to 2^24 Bytes, but we don't
|
||||||
|
* support anything beyond 2^16 = 64K.
|
||||||
|
*/
|
||||||
|
if( ( certificate_request_context_len != 0 ) ||
|
||||||
|
( certificate_list_len >= 0x10000 ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||||
|
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* In case we tried to reuse a session but it failed */
|
||||||
|
if( ssl->session_negotiate->peer_cert != NULL )
|
||||||
|
{
|
||||||
|
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
|
||||||
|
mbedtls_free( ssl->session_negotiate->peer_cert );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ssl->session_negotiate->peer_cert =
|
||||||
|
mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed",
|
||||||
|
sizeof( mbedtls_x509_crt ) ) );
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
|
||||||
|
MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
|
||||||
|
|
||||||
|
certificate_list_end = p + certificate_list_len;
|
||||||
|
while( p < certificate_list_end )
|
||||||
|
{
|
||||||
|
size_t cert_data_len, extensions_len;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
|
||||||
|
cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
|
||||||
|
p += 3;
|
||||||
|
|
||||||
|
/* In theory, the CRT can be up to 2^24 Bytes, but we don't support
|
||||||
|
* anything beyond 2^16 = 64K. Otherwise as in the TLS 1.2 code,
|
||||||
|
* check that we have a minimum of 128 bytes of data, this is not
|
||||||
|
* clear why we need that though.
|
||||||
|
*/
|
||||||
|
if( ( cert_data_len < 128 ) || ( cert_data_len >= 0x10000 ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||||
|
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len );
|
||||||
|
ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
|
||||||
|
p, cert_data_len );
|
||||||
|
|
||||||
|
switch( ret )
|
||||||
|
{
|
||||||
|
case 0: /*ok*/
|
||||||
|
break;
|
||||||
|
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
|
||||||
|
/* Ignore certificate with an unknown algorithm: maybe a
|
||||||
|
prior certificate was already trusted. */
|
||||||
|
break;
|
||||||
|
|
||||||
|
case MBEDTLS_ERR_X509_ALLOC_FAILED:
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
|
||||||
|
MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
|
||||||
|
MBEDTLS_ERR_X509_UNKNOWN_VERSION );
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
default:
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT,
|
||||||
|
ret );
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
p += cert_data_len;
|
||||||
|
|
||||||
|
/* Certificate extensions length */
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 2 );
|
||||||
|
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
|
p += 2;
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
|
||||||
|
p += extensions_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check that all the message is consumed. */
|
||||||
|
if( p != end )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
|
||||||
|
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
const unsigned char *end )
|
||||||
|
{
|
||||||
|
((void) ssl);
|
||||||
|
((void) buf);
|
||||||
|
((void) end);
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
|
/* Validate certificate chain sent by the server. */
|
||||||
|
static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
mbedtls_x509_crt *ca_chain;
|
||||||
|
mbedtls_x509_crl *ca_crl;
|
||||||
|
uint32_t verify_result = 0;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
|
if( ssl->handshake->sni_ca_chain != NULL )
|
||||||
|
{
|
||||||
|
ca_chain = ssl->handshake->sni_ca_chain;
|
||||||
|
ca_crl = ssl->handshake->sni_ca_crl;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||||
|
{
|
||||||
|
ca_chain = ssl->conf->ca_chain;
|
||||||
|
ca_crl = ssl->conf->ca_crl;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Main check: verify certificate
|
||||||
|
*/
|
||||||
|
ret = mbedtls_x509_crt_verify_with_profile(
|
||||||
|
ssl->session_negotiate->peer_cert,
|
||||||
|
ca_chain, ca_crl,
|
||||||
|
ssl->conf->cert_profile,
|
||||||
|
ssl->hostname,
|
||||||
|
&verify_result,
|
||||||
|
ssl->conf->f_vrfy, ssl->conf->p_vrfy );
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Secondary checks: always done, but change 'ret' only if it was 0
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECP_C)
|
||||||
|
{
|
||||||
|
const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
|
||||||
|
|
||||||
|
/* If certificate uses an EC key, make sure the curve is OK */
|
||||||
|
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
|
||||||
|
mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
|
||||||
|
{
|
||||||
|
verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) );
|
||||||
|
if( ret == 0 )
|
||||||
|
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
|
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
|
||||||
|
ssl->handshake->ciphersuite_info,
|
||||||
|
!ssl->conf->endpoint,
|
||||||
|
&verify_result ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) );
|
||||||
|
if( ret == 0 )
|
||||||
|
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if( ca_chain == NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
|
||||||
|
ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
/* The certificate may have been rejected for several reasons.
|
||||||
|
Pick one and send the corresponding alert. Which alert to send
|
||||||
|
may be a subject of debate in some cases. */
|
||||||
|
if( verify_result & MBEDTLS_X509_BADCERT_OTHER )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret );
|
||||||
|
else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret );
|
||||||
|
else if( verify_result & ( MBEDTLS_X509_BADCERT_KEY_USAGE |
|
||||||
|
MBEDTLS_X509_BADCERT_EXT_KEY_USAGE |
|
||||||
|
MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
|
||||||
|
MBEDTLS_X509_BADCERT_BAD_PK |
|
||||||
|
MBEDTLS_X509_BADCERT_BAD_KEY ) )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
|
||||||
|
else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );
|
||||||
|
else if( verify_result & MBEDTLS_X509_BADCERT_REVOKED )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret );
|
||||||
|
else if( verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret );
|
||||||
|
else
|
||||||
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_DEBUG_C)
|
||||||
|
if( verify_result != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
|
||||||
|
(unsigned int) verify_result ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_DEBUG_C */
|
||||||
|
|
||||||
|
ssl->session_negotiate->verify_result = verify_result;
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
((void) ssl);
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
|
|
||||||
|
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
|
unsigned char *buf;
|
||||||
|
size_t buf_len;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
|
||||||
|
ssl, MBEDTLS_SSL_HS_CERTIFICATE,
|
||||||
|
&buf, &buf_len ) );
|
||||||
|
|
||||||
|
/* Parse the certificate chain sent by the peer. */
|
||||||
|
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, buf + buf_len ) );
|
||||||
|
/* Validate the certificate chain and set the verification results. */
|
||||||
|
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
|
||||||
|
|
||||||
|
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
|
||||||
|
buf, buf_len );
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
|
||||||
|
#else
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_TLS_C */
|
#endif /* MBEDTLS_SSL_TLS_C */
|
||||||
|
|
|
@ -8763,6 +8763,7 @@ run_test "export keys functionality" \
|
||||||
|
|
||||||
# openssl feature tests: check if tls1.3 exists.
|
# openssl feature tests: check if tls1.3 exists.
|
||||||
requires_openssl_tls1_3
|
requires_openssl_tls1_3
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
run_test "TLS1.3: Test openssl tls1_3 feature" \
|
run_test "TLS1.3: Test openssl tls1_3 feature" \
|
||||||
"$O_NEXT_SRV -tls1_3 -msg" \
|
"$O_NEXT_SRV -tls1_3 -msg" \
|
||||||
"$O_NEXT_CLI -tls1_3 -msg" \
|
"$O_NEXT_CLI -tls1_3 -msg" \
|
||||||
|
@ -8774,8 +8775,9 @@ run_test "TLS1.3: Test openssl tls1_3 feature" \
|
||||||
requires_gnutls_tls1_3
|
requires_gnutls_tls1_3
|
||||||
requires_gnutls_next_no_ticket
|
requires_gnutls_next_no_ticket
|
||||||
requires_gnutls_next_disable_tls13_compat
|
requires_gnutls_next_disable_tls13_compat
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
run_test "TLS1.3: Test gnutls tls1_3 feature" \
|
run_test "TLS1.3: Test gnutls tls1_3 feature" \
|
||||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
|
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \
|
||||||
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
||||||
0 \
|
0 \
|
||||||
-s "Version: TLS1.3" \
|
-s "Version: TLS1.3" \
|
||||||
|
@ -8829,13 +8831,16 @@ run_test "TLS1.3: Test client hello msg work - openssl" \
|
||||||
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
|
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
|
||||||
-c "ECDH curve: x25519" \
|
-c "ECDH curve: x25519" \
|
||||||
-c "=> ssl_tls1_3_process_server_hello" \
|
-c "=> ssl_tls1_3_process_server_hello" \
|
||||||
|
-c "Certificate verification flags clear" \
|
||||||
-c "<= parse encrypted extensions"
|
-c "<= parse encrypted extensions"
|
||||||
|
|
||||||
requires_gnutls_tls1_3
|
requires_gnutls_tls1_3
|
||||||
|
requires_gnutls_next_no_ticket
|
||||||
|
requires_gnutls_next_disable_tls13_compat
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
run_test "TLS1.3: Test client hello msg work - gnutls" \
|
run_test "TLS1.3: Test client hello msg work - gnutls" \
|
||||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE --debug=4" \
|
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
|
||||||
"$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
|
"$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
|
||||||
1 \
|
1 \
|
||||||
-c "SSL - The requested feature is not available" \
|
-c "SSL - The requested feature is not available" \
|
||||||
|
@ -8856,6 +8861,7 @@ run_test "TLS1.3: Test client hello msg work - gnutls" \
|
||||||
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
|
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
|
||||||
-c "ECDH curve: x25519" \
|
-c "ECDH curve: x25519" \
|
||||||
-c "=> ssl_tls1_3_process_server_hello" \
|
-c "=> ssl_tls1_3_process_server_hello" \
|
||||||
|
-c "Certificate verification flags clear" \
|
||||||
-c "<= parse encrypted extensions"
|
-c "<= parse encrypted extensions"
|
||||||
|
|
||||||
# Test heap memory usage after handshake
|
# Test heap memory usage after handshake
|
||||||
|
|
Loading…
Reference in a new issue