CID update to RFC 9146
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content. Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
This commit is contained in:
parent
52f83dc471
commit
fd6cca4448
8 changed files with 308 additions and 69 deletions
|
@ -839,6 +839,12 @@
|
||||||
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
|
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||||
|
defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
|
||||||
|
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequsites"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
|
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
|
||||||
|
|
|
@ -1320,9 +1320,7 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID
|
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
*
|
*
|
||||||
* Enable support for the DTLS Connection ID extension
|
* Enable support for the DTLS Connection ID extension,
|
||||||
* (version draft-ietf-tls-dtls-connection-id-05,
|
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
|
|
||||||
* which allows to identify DTLS connections across changes
|
* which allows to identify DTLS connections across changes
|
||||||
* in the underlying transport.
|
* in the underlying transport.
|
||||||
*
|
*
|
||||||
|
@ -1331,10 +1329,6 @@
|
||||||
* `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
|
* `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
|
||||||
* more information.
|
* more information.
|
||||||
*
|
*
|
||||||
* \warning The Connection ID extension is still in draft state.
|
|
||||||
* We make no stability promises for the availability
|
|
||||||
* or the shape of the API controlled by this option.
|
|
||||||
*
|
|
||||||
* The maximum lengths of outgoing and incoming CIDs can be configured
|
* The maximum lengths of outgoing and incoming CIDs can be configured
|
||||||
* through the options
|
* through the options
|
||||||
* - MBEDTLS_SSL_CID_OUT_LEN_MAX
|
* - MBEDTLS_SSL_CID_OUT_LEN_MAX
|
||||||
|
@ -1344,7 +1338,23 @@
|
||||||
*
|
*
|
||||||
* Uncomment to enable the Connection ID extension.
|
* Uncomment to enable the Connection ID extension.
|
||||||
*/
|
*/
|
||||||
//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
|
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
||||||
|
*
|
||||||
|
* Defines whether RFC 9146 (default) or the legacy version
|
||||||
|
* (version draft-ietf-tls-dtls-connection-id-05,
|
||||||
|
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
|
||||||
|
* is used.
|
||||||
|
*
|
||||||
|
* Set the value to 0 for the standard version, and
|
||||||
|
* 1 for the legacy draft version.
|
||||||
|
*
|
||||||
|
* Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_ASYNC_PRIVATE
|
* \def MBEDTLS_SSL_ASYNC_PRIVATE
|
||||||
|
@ -3539,17 +3549,6 @@
|
||||||
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
|
||||||
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
|
||||||
|
|
||||||
/** \def MBEDTLS_TLS_EXT_CID
|
|
||||||
*
|
|
||||||
* At the time of writing, the CID extension has not been assigned its
|
|
||||||
* final value. Set this configuration option to make Mbed TLS use a
|
|
||||||
* different value.
|
|
||||||
*
|
|
||||||
* A future minor revision of Mbed TLS may change the default value of
|
|
||||||
* this option to match evolving standards and usage.
|
|
||||||
*/
|
|
||||||
//#define MBEDTLS_TLS_EXT_CID 254
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Complete list of ciphersuites to use, in order of preference.
|
* Complete list of ciphersuites to use, in order of preference.
|
||||||
*
|
*
|
||||||
|
|
|
@ -401,7 +401,13 @@
|
||||||
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/** \} name SECTION: Module settings */
|
/*
|
||||||
|
* Default to standard CID mode
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||||
|
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
|
||||||
|
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Length of the verify data for secure renegotiation
|
* Length of the verify data for secure renegotiation
|
||||||
|
@ -571,15 +577,10 @@
|
||||||
#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
|
#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
|
||||||
#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
|
#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
|
||||||
|
|
||||||
/* The value of the CID extension is still TBD as of
|
#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||||
* draft-ietf-tls-dtls-connection-id-05
|
#define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */
|
||||||
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
|
#else
|
||||||
*
|
#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */
|
||||||
* A future minor revision of Mbed TLS may change the default value of
|
|
||||||
* this option to match evolving standards and usage.
|
|
||||||
*/
|
|
||||||
#if !defined(MBEDTLS_TLS_EXT_CID)
|
|
||||||
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
||||||
|
@ -2003,8 +2004,9 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||||
* \brief Configure the use of the Connection ID (CID)
|
* \brief Configure the use of the Connection ID (CID)
|
||||||
* extension in the next handshake.
|
* extension in the next handshake.
|
||||||
*
|
*
|
||||||
* Reference: draft-ietf-tls-dtls-connection-id-05
|
* Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
||||||
|
* for legacy version)
|
||||||
*
|
*
|
||||||
* The DTLS CID extension allows the reliable association of
|
* The DTLS CID extension allows the reliable association of
|
||||||
* DTLS records to DTLS connections across changes in the
|
* DTLS records to DTLS connections across changes in the
|
||||||
|
|
|
@ -388,30 +388,80 @@ static int ssl_parse_inner_plaintext( unsigned char const *content,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
|
/* The size of the `add_data` structure depends on various
|
||||||
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
|
* factors, namely
|
||||||
|
*
|
||||||
|
* 1) CID functionality disabled
|
||||||
|
*
|
||||||
|
* additional_data =
|
||||||
|
* 8: seq_num +
|
||||||
|
* 1: type +
|
||||||
|
* 2: version +
|
||||||
|
* 2: length of inner plaintext +
|
||||||
|
*
|
||||||
|
* size = 13 bytes
|
||||||
|
*
|
||||||
|
* 2) CID functionality based on RFC 9146 enabled
|
||||||
|
*
|
||||||
|
* size = 8 + 1 + 1 + 1 + 2 + 2 + 6 + 2 + CID-length
|
||||||
|
* = 23 + CID-length
|
||||||
|
*
|
||||||
|
* 3) CID functionality based on legacy CID version
|
||||||
|
according to draft-ietf-tls-dtls-connection-id-05
|
||||||
|
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
||||||
|
*
|
||||||
|
* size = 13 + 1 + CID-length
|
||||||
|
*
|
||||||
|
* More information about the CID usage:
|
||||||
|
*
|
||||||
|
* Per Section 5.3 of draft-ietf-tls-dtls-connection-id-05 the
|
||||||
|
* size of the additional data structure is calculated as:
|
||||||
|
*
|
||||||
|
* additional_data =
|
||||||
|
* 8: seq_num +
|
||||||
|
* 1: tls12_cid +
|
||||||
|
* 2: DTLSCipherText.version +
|
||||||
|
* n: cid +
|
||||||
|
* 1: cid_length +
|
||||||
|
* 2: length_of_DTLSInnerPlaintext
|
||||||
|
*
|
||||||
|
* Per RFC 9146 the size of the add_data structure is calculated as:
|
||||||
|
*
|
||||||
|
* additional_data =
|
||||||
|
* 8: seq_num_placeholder +
|
||||||
|
* 1: tls12_cid +
|
||||||
|
* 1: cid_length +
|
||||||
|
* 1: tls12_cid +
|
||||||
|
* 2: DTLSCiphertext.version +
|
||||||
|
* 2: epoch +
|
||||||
|
* 6: sequence_number +
|
||||||
|
* n: cid +
|
||||||
|
* 2: length_of_DTLSInnerPlaintext
|
||||||
|
*
|
||||||
|
*/
|
||||||
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
size_t *add_data_len,
|
size_t *add_data_len,
|
||||||
mbedtls_record *rec,
|
mbedtls_record *rec,
|
||||||
mbedtls_ssl_protocol_version
|
mbedtls_ssl_protocol_version
|
||||||
tls_version,
|
tls_version,
|
||||||
size_t taglen )
|
size_t taglen )
|
||||||
{
|
{
|
||||||
/* Quoting RFC 5246 (TLS 1.2):
|
/* Several types of ciphers have been defined for use with TLS and DTLS,
|
||||||
|
* and the MAC calculations for those ciphers differ slightly. Further
|
||||||
|
* variants were added when the CID functionality was added with RFC 9146.
|
||||||
|
* This implementations also considers the use of a legacy version of the
|
||||||
|
* CID specification published in draft-ietf-tls-dtls-connection-id-05,
|
||||||
|
* which is used in deployments.
|
||||||
|
*
|
||||||
|
* We will distinguish between the non-CID and the CID cases below.
|
||||||
|
*
|
||||||
|
* --- Non-CID cases ---
|
||||||
|
*
|
||||||
|
* Quoting RFC 5246 (TLS 1.2):
|
||||||
*
|
*
|
||||||
* additional_data = seq_num + TLSCompressed.type +
|
* additional_data = seq_num + TLSCompressed.type +
|
||||||
* TLSCompressed.version + TLSCompressed.length;
|
* TLSCompressed.version + TLSCompressed.length;
|
||||||
*
|
*
|
||||||
* For the CID extension, this is extended as follows
|
|
||||||
* (quoting draft-ietf-tls-dtls-connection-id-05,
|
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
|
|
||||||
*
|
|
||||||
* additional_data = seq_num + DTLSPlaintext.type +
|
|
||||||
* DTLSPlaintext.version +
|
|
||||||
* cid +
|
|
||||||
* cid_length +
|
|
||||||
* length_of_DTLSInnerPlaintext;
|
|
||||||
*
|
|
||||||
* For TLS 1.3, the record sequence number is dropped from the AAD
|
* For TLS 1.3, the record sequence number is dropped from the AAD
|
||||||
* and encoded within the nonce of the AEAD operation instead.
|
* and encoded within the nonce of the AEAD operation instead.
|
||||||
* Moreover, the additional data involves the length of the TLS
|
* Moreover, the additional data involves the length of the TLS
|
||||||
|
@ -427,11 +477,72 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
*
|
*
|
||||||
* TLSCiphertext.length = TLSInnerPlaintext.length + taglen.
|
* TLSCiphertext.length = TLSInnerPlaintext.length + taglen.
|
||||||
*
|
*
|
||||||
*/
|
* --- CID cases ---
|
||||||
|
*
|
||||||
|
* RFC 9146 uses a common pattern when constructing the data
|
||||||
|
* passed into a MAC / AEAD cipher.
|
||||||
|
*
|
||||||
|
* Data concatenation for MACs used with block ciphers with
|
||||||
|
* Encrypt-then-MAC Processing (with CID):
|
||||||
|
*
|
||||||
|
* data = seq_num_placeholder +
|
||||||
|
* tls12_cid +
|
||||||
|
* cid_length +
|
||||||
|
* tls12_cid +
|
||||||
|
* DTLSCiphertext.version +
|
||||||
|
* epoch +
|
||||||
|
* sequence_number +
|
||||||
|
* cid +
|
||||||
|
* DTLSCiphertext.length +
|
||||||
|
* IV +
|
||||||
|
* ENC(content + padding + padding_length)
|
||||||
|
*
|
||||||
|
* Data concatenation for MACs used with block ciphers (with CID):
|
||||||
|
*
|
||||||
|
* data = seq_num_placeholder +
|
||||||
|
* tls12_cid +
|
||||||
|
* cid_length +
|
||||||
|
* tls12_cid +
|
||||||
|
* DTLSCiphertext.version +
|
||||||
|
* epoch +
|
||||||
|
* sequence_number +
|
||||||
|
* cid +
|
||||||
|
* length_of_DTLSInnerPlaintext +
|
||||||
|
* DTLSInnerPlaintext.content +
|
||||||
|
* DTLSInnerPlaintext.real_type +
|
||||||
|
* DTLSInnerPlaintext.zeros
|
||||||
|
*
|
||||||
|
* AEAD ciphers use the following additional data calculation (with CIDs):
|
||||||
|
*
|
||||||
|
* additional_data = seq_num_placeholder +
|
||||||
|
* tls12_cid +
|
||||||
|
* cid_length +
|
||||||
|
* tls12_cid +
|
||||||
|
* DTLSCiphertext.version +
|
||||||
|
* epoch +
|
||||||
|
* sequence_number +
|
||||||
|
* cid +
|
||||||
|
* length_of_DTLSInnerPlaintext
|
||||||
|
*
|
||||||
|
* Section 5.3 of draft-ietf-tls-dtls-connection-id-05 (for legacy CID use)
|
||||||
|
* defines the additional data calculation as follows:
|
||||||
|
*
|
||||||
|
* additional_data = seq_num +
|
||||||
|
* tls12_cid +
|
||||||
|
* DTLSCipherText.version +
|
||||||
|
* cid +
|
||||||
|
* cid_length +
|
||||||
|
* length_of_DTLSInnerPlaintext
|
||||||
|
*/
|
||||||
|
|
||||||
unsigned char *cur = add_data;
|
unsigned char *cur = add_data;
|
||||||
size_t ad_len_field = rec->data_len;
|
size_t ad_len_field = rec->data_len;
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||||
|
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||||
|
const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
|
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
|
||||||
{
|
{
|
||||||
|
@ -445,25 +556,78 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||||
{
|
{
|
||||||
((void) tls_version);
|
((void) tls_version);
|
||||||
((void) taglen);
|
((void) taglen);
|
||||||
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
|
|
||||||
cur += sizeof( rec->ctr );
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
|
||||||
|
#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||||
|
if( rec->cid_len != 0 )
|
||||||
|
{
|
||||||
|
// seq_num_placeholder
|
||||||
|
memcpy( cur, seq_num_placeholder, sizeof(seq_num_placeholder) );
|
||||||
|
cur += sizeof( seq_num_placeholder );
|
||||||
|
|
||||||
|
// tls12_cid type
|
||||||
|
*cur = rec->type;
|
||||||
|
cur++;
|
||||||
|
|
||||||
|
// cid_length
|
||||||
|
*cur = rec->cid_len;
|
||||||
|
cur++;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// epoch + sequence number
|
||||||
|
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
|
||||||
|
cur += sizeof( rec->ctr );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 */
|
||||||
|
#else
|
||||||
|
// epoch + sequence number
|
||||||
|
memcpy(cur, rec->ctr, sizeof(rec->ctr));
|
||||||
|
cur += sizeof(rec->ctr);
|
||||||
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// type
|
||||||
*cur = rec->type;
|
*cur = rec->type;
|
||||||
cur++;
|
cur++;
|
||||||
|
|
||||||
|
// version
|
||||||
memcpy( cur, rec->ver, sizeof( rec->ver ) );
|
memcpy( cur, rec->ver, sizeof( rec->ver ) );
|
||||||
cur += sizeof( rec->ver );
|
cur += sizeof( rec->ver );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||||
if( rec->cid_len != 0 )
|
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1
|
||||||
|
|
||||||
|
if (rec->cid_len != 0)
|
||||||
{
|
{
|
||||||
memcpy( cur, rec->cid, rec->cid_len );
|
// CID
|
||||||
|
memcpy(cur, rec->cid, rec->cid_len);
|
||||||
cur += rec->cid_len;
|
cur += rec->cid_len;
|
||||||
|
|
||||||
|
// cid_length
|
||||||
*cur = rec->cid_len;
|
*cur = rec->cid_len;
|
||||||
cur++;
|
cur++;
|
||||||
|
|
||||||
|
// length of inner plaintext
|
||||||
|
MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
|
||||||
|
cur += 2;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
|
||||||
|
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
|
||||||
|
|
||||||
|
if( rec->cid_len != 0 )
|
||||||
|
{
|
||||||
|
// epoch + sequence number
|
||||||
|
memcpy(cur, rec->ctr, sizeof(rec->ctr));
|
||||||
|
cur += sizeof(rec->ctr);
|
||||||
|
|
||||||
|
// CID
|
||||||
|
memcpy( cur, rec->cid, rec->cid_len );
|
||||||
|
cur += rec->cid_len;
|
||||||
|
|
||||||
|
// length of inner plaintext
|
||||||
MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
|
MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
|
||||||
cur += 2;
|
cur += 2;
|
||||||
}
|
}
|
||||||
|
@ -538,7 +702,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_ssl_mode_t ssl_mode;
|
mbedtls_ssl_mode_t ssl_mode;
|
||||||
int auth_done = 0;
|
int auth_done = 0;
|
||||||
unsigned char * data;
|
unsigned char * data;
|
||||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
|
/* For an explanation of the additional data length see
|
||||||
|
* the descrpition of ssl_extract_add_data_from_record().
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
|
||||||
|
#else
|
||||||
|
unsigned char add_data[13];
|
||||||
|
#endif
|
||||||
size_t add_data_len;
|
size_t add_data_len;
|
||||||
size_t post_avail;
|
size_t post_avail;
|
||||||
|
|
||||||
|
@ -1021,13 +1192,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
size_t sign_mac_length = 0;
|
size_t sign_mac_length = 0;
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
/*
|
/* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length))
|
||||||
* MAC(MAC_write_key, seq_num +
|
|
||||||
* TLSCipherText.type +
|
|
||||||
* TLSCipherText.version +
|
|
||||||
* length_of( (IV +) ENC(...) ) +
|
|
||||||
* IV +
|
|
||||||
* ENC(content + padding + padding_length));
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if( post_avail < transform->maclen)
|
if( post_avail < transform->maclen)
|
||||||
|
@ -1133,7 +1298,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
size_t padlen = 0, correct = 1;
|
size_t padlen = 0, correct = 1;
|
||||||
#endif
|
#endif
|
||||||
unsigned char* data;
|
unsigned char* data;
|
||||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
|
/* For an explanation of the additional data length see
|
||||||
|
* the descrpition of ssl_extract_add_data_from_record().
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX];
|
||||||
|
#else
|
||||||
|
unsigned char add_data[13];
|
||||||
|
#endif
|
||||||
size_t add_data_len;
|
size_t add_data_len;
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEBUG_C)
|
#if !defined(MBEDTLS_DEBUG_C)
|
||||||
|
@ -3487,7 +3659,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||||
{
|
{
|
||||||
/* Shift pointers to account for record header including CID
|
/* Shift pointers to account for record header including CID
|
||||||
* struct {
|
* struct {
|
||||||
* ContentType special_type = tls12_cid;
|
* ContentType outer_type = tls12_cid;
|
||||||
* ProtocolVersion version;
|
* ProtocolVersion version;
|
||||||
* uint16 epoch;
|
* uint16 epoch;
|
||||||
* uint48 sequence_number;
|
* uint48 sequence_number;
|
||||||
|
|
|
@ -235,9 +235,6 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
size_t ext_len;
|
size_t ext_len;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Quoting draft-ietf-tls-dtls-connection-id-05
|
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
|
||||||
*
|
|
||||||
* struct {
|
* struct {
|
||||||
* opaque cid<0..2^8-1>;
|
* opaque cid<0..2^8-1>;
|
||||||
* } ConnectionId;
|
* } ConnectionId;
|
||||||
|
|
|
@ -358,9 +358,6 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Quoting draft-ietf-tls-dtls-connection-id-05
|
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
|
||||||
*
|
|
||||||
* struct {
|
* struct {
|
||||||
* opaque cid<0..2^8-1>;
|
* opaque cid<0..2^8-1>;
|
||||||
* } ConnectionId;
|
* } ConnectionId;
|
||||||
|
@ -1748,9 +1745,6 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Quoting draft-ietf-tls-dtls-connection-id-05
|
|
||||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
|
|
||||||
*
|
|
||||||
* struct {
|
* struct {
|
||||||
* opaque cid<0..2^8-1>;
|
* opaque cid<0..2^8-1>;
|
||||||
* } ConnectionId;
|
* } ConnectionId;
|
||||||
|
|
|
@ -2449,6 +2449,25 @@ component_test_variable_ssl_in_out_buffer_len_CID () {
|
||||||
tests/compat.sh
|
tests/compat.sh
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_variable_ssl_in_out_buffer_len_CID_legacy () {
|
||||||
|
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
|
||||||
|
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||||
|
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
|
||||||
|
|
||||||
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||||
|
make
|
||||||
|
|
||||||
|
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID"
|
||||||
|
make test
|
||||||
|
|
||||||
|
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
|
||||||
|
tests/ssl-opt.sh
|
||||||
|
|
||||||
|
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
|
||||||
|
tests/compat.sh
|
||||||
|
}
|
||||||
|
|
||||||
component_test_ssl_alloc_buffer_and_mfl () {
|
component_test_ssl_alloc_buffer_and_mfl () {
|
||||||
msg "build: default config with memory buffer allocator and MFL extension"
|
msg "build: default config with memory buffer allocator and MFL extension"
|
||||||
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
|
|
|
@ -440,6 +440,14 @@ requires_max_content_len() {
|
||||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
|
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CID_MODE=$( get_config_value_or_default "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT" )
|
||||||
|
|
||||||
|
requires_cid_compat() {
|
||||||
|
if [ "$CID_MODE" = "0" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if GnuTLS isn't available
|
# skip next test if GnuTLS isn't available
|
||||||
requires_gnutls() {
|
requires_gnutls() {
|
||||||
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
||||||
|
@ -2386,6 +2394,17 @@ run_test "Context serialization, client serializes, with CID" \
|
||||||
-S "Deserializing connection..."
|
-S "Deserializing connection..."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
requires_cid_compat
|
||||||
|
run_test "Context serialization, client serializes, with CID (legacy)" \
|
||||||
|
"$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
|
||||||
|
"$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
|
||||||
|
0 \
|
||||||
|
-c "Deserializing connection..." \
|
||||||
|
-S "Deserializing connection..."
|
||||||
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
run_test "Context serialization, server serializes, CCM" \
|
run_test "Context serialization, server serializes, CCM" \
|
||||||
"$P_SRV dtls=1 serialize=1 exchanges=2" \
|
"$P_SRV dtls=1 serialize=1 exchanges=2" \
|
||||||
|
@ -2422,6 +2441,16 @@ run_test "Context serialization, server serializes, with CID" \
|
||||||
-C "Deserializing connection..." \
|
-C "Deserializing connection..." \
|
||||||
-s "Deserializing connection..."
|
-s "Deserializing connection..."
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
requires_cid_compat
|
||||||
|
run_test "Context serialization, server serializes, with CID (legacy)" \
|
||||||
|
"$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
|
||||||
|
"$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \
|
||||||
|
0 \
|
||||||
|
-C "Deserializing connection..." \
|
||||||
|
-s "Deserializing connection..."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
run_test "Context serialization, both serialize, CCM" \
|
run_test "Context serialization, both serialize, CCM" \
|
||||||
|
@ -2460,6 +2489,17 @@ run_test "Context serialization, both serialize, with CID" \
|
||||||
-s "Deserializing connection..."
|
-s "Deserializing connection..."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
requires_cid_compat
|
||||||
|
run_test "Context serialization, both serialize, with CID (legacy)" \
|
||||||
|
"$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
|
||||||
|
"$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
|
||||||
|
0 \
|
||||||
|
-c "Deserializing connection..." \
|
||||||
|
-s "Deserializing connection..."
|
||||||
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
run_test "Context serialization, re-init, client serializes, CCM" \
|
run_test "Context serialization, re-init, client serializes, CCM" \
|
||||||
"$P_SRV dtls=1 serialize=0 exchanges=2" \
|
"$P_SRV dtls=1 serialize=0 exchanges=2" \
|
||||||
|
@ -2497,6 +2537,16 @@ run_test "Context serialization, re-init, client serializes, with CID" \
|
||||||
-S "Deserializing connection..."
|
-S "Deserializing connection..."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
|
requires_cid_compat
|
||||||
|
run_test "Context serialization, re-init, client serializes, with CID (legacy)" \
|
||||||
|
"$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
|
||||||
|
"$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \
|
||||||
|
0 \
|
||||||
|
-c "Deserializing connection..." \
|
||||||
|
-S "Deserializing connection..."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
run_test "Context serialization, re-init, server serializes, CCM" \
|
run_test "Context serialization, re-init, server serializes, CCM" \
|
||||||
"$P_SRV dtls=1 serialize=2 exchanges=2" \
|
"$P_SRV dtls=1 serialize=2 exchanges=2" \
|
||||||
|
|
Loading…
Reference in a new issue