Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add tls13 client dummy state handlers and improve dispatch test #4942

Merged
merged 9 commits into from
Sep 29, 2021
Merged

add tls13 client dummy state handlers and improve dispatch test #4942

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
687101b
tls13: add dummy state machine handler
yuhaoth Sep 14, 2021
3523a3b
Improve dispatch tests
yuhaoth Sep 14, 2021
6c98352
Move msvc compatible fix to `common.h`
yuhaoth Sep 24, 2021
435756f
Keep consistent order in dummy functions
yuhaoth Sep 24, 2021
6e81b27
Add client state number check
yuhaoth Sep 27, 2021
860b4ee
Rename `*_read_*` to `*_process_*`
yuhaoth Sep 27, 2021
e86cd65
fix unused-variable fail without MBEDTLS_DEBUG_C
yuhaoth Sep 27, 2021
d52398d
fix double underscore fail
yuhaoth Sep 28, 2021
ad8d0ba
Keep consistency order.
yuhaoth Sep 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions include/mbedtls/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -623,6 +623,7 @@ typedef enum
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
}
mbedtls_ssl_states;
Expand Down
8 changes: 8 additions & 0 deletions library/common.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,4 +318,12 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
}
#endif

/* Fix MSVC C99 compatible issue
* MSVC support __func__ from visual studio 2015( 1900 )
* Use MSVC predefine macro to avoid name check fail.
*/
#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
#define /*no-check-names*/ __func__ __FUNCTION__
#endif

#endif /* MBEDTLS_LIBRARY_COMMON_H */
157 changes: 153 additions & 4 deletions library/ssl_tls13_client.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )

/*
* Write ClientHello handshake message.
* Handler for MBEDTLS_SSL_CLIENT_HELLO
*/
static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
{
Expand Down Expand Up @@ -736,11 +737,121 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
return ret;
}

/*
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
return( 0 );
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
}

/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
*/
static int ssl_tls1_3_process_certificate_request( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
ronald-cron-arm marked this conversation as resolved.
Show resolved Hide resolved
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
return( 0 );
mpg marked this conversation as resolved.
Show resolved Hide resolved
}

/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
return( 0 );
}

/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
{
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}

int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = 0;

MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );

switch( ssl->state )
{
Expand All @@ -754,9 +865,47 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;

case MBEDTLS_SSL_SERVER_HELLO:
// Stop here : we haven't finished whole flow
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
ret = ssl_tls1_3_process_server_hello( ssl );
break;

case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
ret = ssl_tls1_3_process_encrypted_extensions( ssl );
break;

case MBEDTLS_SSL_CERTIFICATE_REQUEST:
ret = ssl_tls1_3_process_certificate_request( ssl );
break;

case MBEDTLS_SSL_SERVER_CERTIFICATE:
ret = ssl_tls1_3_process_server_certificate( ssl );
break;

case MBEDTLS_SSL_CERTIFICATE_VERIFY:
ret = ssl_tls1_3_process_certificate_verify( ssl );
break;

case MBEDTLS_SSL_SERVER_FINISHED:
ret = ssl_tls1_3_process_server_finished( ssl );
break;

case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = ssl_tls1_3_write_client_certificate( ssl );
break;

case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
ret = ssl_tls1_3_write_client_certificate_verify( ssl );
break;

case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls1_3_write_client_finished( ssl );
break;

case MBEDTLS_SSL_FLUSH_BUFFERS:
ret = ssl_tls1_3_flush_buffers( ssl );
break;

case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
ret = ssl_tls1_3_handshake_wrapup( ssl );
break;

default:
Expand Down
4 changes: 4 additions & 0 deletions library/ssl_tls13_server.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,15 @@

#if defined(MBEDTLS_SSL_SRV_C)

#include "mbedtls/debug.h"

#include "ssl_misc.h"

int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
{
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );

return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}

Expand Down
40 changes: 32 additions & 8 deletions tests/ssl-opt.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8660,29 +8660,53 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
"$P_SRV min_version=tls1_3 max_version=tls1_3" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available"
-s "tls1_3 server state: 0" \
-c "tls1_3 client state: 0"

requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - openssl" \
"$O_NEXT_SRV -tls1_3 -msg" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
-s "ServerHello"
-s "ServerHello" \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 7" \
-c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15"

requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: Test client hello msg work - gnutls" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \
"$P_CLI min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
1 \
-c "SSL - The requested feature is not available" \
-s "SERVER HELLO was queued"
-s "SERVER HELLO was queued" \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 7" \
-c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15"

# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
Expand Down