From 7533635e5acbc3d28d1da334ebc006a57386feff Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Sep 2021 15:59:36 +0800 Subject: [PATCH 01/16] Change dummy extension return With error return, server can not receive Client Hello message. If received , we can test current status. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 10 ++++++---- library/ssl_tls13_generic.c | 7 +++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 41c7a4d14439..426568cce824 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -101,8 +101,9 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, ((void) ssl); ((void) buf); ((void) end); - ((void) olen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported groups extension is not available" ) ); + return( 0 ); } static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, @@ -113,8 +114,9 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, ((void) ssl); ((void) buf); ((void) end); - ((void) olen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "key share extension is not available" ) ); + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index ca4c16713267..1ff23bc012d9 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -24,9 +24,11 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #include "mbedtls/error.h" +#include "mbedtls/debug.h" #include "ssl_misc.h" + int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, @@ -108,8 +110,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, ((void) ssl); ((void) buf); ((void) end); - ((void) olen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature_algorithm extension is not available" ) ); + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ From 26f4d15d13ea4587da32229dec3551ec1cd76a4c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 23 Aug 2021 17:42:37 +0800 Subject: [PATCH 02/16] Add key exchange modes helper functions Add helper functions for `tls13_kex_modes` Signed-off-by: Jerry Yu --- library/ssl_misc.h | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7035c278cf4d..9cd1b3572837 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1348,6 +1348,49 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +/* + * Helper functions around key exchange modes. + */ +static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl, + int kex_mode_mask ) +{ + return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 ); +} + +static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) ); +} + +static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); +} + +static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /** * ssl utils functions for checking configuration. */ From e226cef124aa7bd79880bc0e5bda9c1fb14a13c6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 22:06:20 +0800 Subject: [PATCH 03/16] Add NamedGroup IANA values and helper functions Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 31 +++++++++++++++++++++++++++++++ library/ssl_misc.h | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f5338599596b..725b156d5d06 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -169,6 +169,37 @@ /** Invalid value in SSL config */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 +/* + * TLS 1.3 NamedGroup values + * + * From RF 8446 + * enum { + * // Elliptic Curve Groups (ECDHE) + * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), + * x25519(0x001D), x448(0x001E), + * // Finite Field Groups (DHE) + * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), + * ffdhe6144(0x0103), ffdhe8192(0x0104), + * // Reserved Code Points + * ffdhe_private_use(0x01FC..0x01FF), + * ecdhe_private_use(0xFE00..0xFEFF), + * (0xFFFF) + * } NamedGroup; + * + */ +/* Elliptic Curve Groups (ECDHE) */ +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 0x0017 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 0x0018 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 0x0019 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 0x001D +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 0x001E +/* Finite Field Groups (DHE) */ +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 0x0100 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072 0x0101 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096 0x0102 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144 0x0103 +#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 0x0104 + /* * TLS 1.3 Key Exchange Modes * diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9cd1b3572837..d9c82960f4ae 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1439,6 +1439,24 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/* + * Helper functions for NamedGroup. + */ +static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group ) +{ + return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 || + named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 || + named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 || + named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 || + named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 ); +} + +static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group ) +{ + return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 && + named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 ); +} + static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, mbedtls_ssl_states state ) { From 6b64fe31ce63b2a49effc2f7342905d14d316c0c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Sep 2021 17:05:13 +0800 Subject: [PATCH 04/16] add supported groups extension Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 161 +++++++++++++++++++++++++++++++++++-- 1 file changed, 156 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 426568cce824..df2f9eb7dc65 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -93,17 +93,168 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Functions for writing supported_groups extension. + * + * Stucture of supported_groups: + * enum { + * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), + * x25519(0x001D), x448(0x001E), + * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), + * ffdhe6144(0x0103), ffdhe8192(0x0104), + * ffdhe_private_use(0x01FC..0x01FF), + * ecdhe_private_use(0xFE00..0xFEFF), + * (0xFFFF) + * } NamedGroup; + * struct { + * NamedGroup named_group_list<2..2^16-1>; + * } NamedGroupList; + */ +/* Find out available ecdhe named groups in current configuration */ +#if defined(MBEDTLS_ECDH_C) +/* + * In versions of TLS prior to TLS 1.3, this extension was named + * 'elliptic_curves' and only contained elliptic curve groups. + */ +static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; +#if !defined(MBEDTLS_ECP_C) + ((void) ssl); +#endif + + *olen = 0; + +#if defined(MBEDTLS_ECP_C) + for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) + { + const mbedtls_ecp_curve_info *info; + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + if( info == NULL ) + continue; +#else + for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) + { +#endif + if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) + continue; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); + MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 ); + p += 2; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )", + mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name, + info->tls_id ) ); + } + + *olen = p - buf; + + return( 0 ); +} +#else +static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + *olen = 0; + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} +#endif /* MBEDTLS_ECDH_C */ + +/* Find out available dhe named groups in current configuration */ +static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +/* + * Supported Groups Extension (supported_groups) + */ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) { - ((void) ssl); - ((void) buf); - ((void) end); + unsigned char *p = buf ; + unsigned char *named_group_ptr; /* Start of named_group_list */ + size_t named_group_len = 0; + int ret = 0, ret_ecdhe, ret_dhe; + *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported groups extension is not available" ) ); - return( 0 ); + + if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + return( 0 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) ); + + /* Check there is space for extension header */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + named_group_ptr = p; + ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len ); + if( ret_ecdhe != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret ); + } + p += named_group_len; + + ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len ); + if( ret_dhe != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret ); + } + p += named_group_len; + + /* Both ECDHE and DHE Fail. */ + if( ret_ecdhe != 0 && ret_dhe != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Length of named_group_list*/ + named_group_len = p - named_group_ptr; + if( named_group_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 ); + /* Write length of named_group_list */ + MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 ); + + *olen = p - buf; + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; + + return( ret ); } static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, From 7236994aa9b57c7675fee71512581a19293c5dcb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 15:41:21 +0800 Subject: [PATCH 05/16] add signature algorithms extension Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 57 ++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1ff23bc012d9..79ecfff3ea11 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -107,11 +107,60 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *end, size_t *olen ) { - ((void) ssl); - ((void) buf); - ((void) end); + unsigned char *p = buf; + unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */ + size_t sig_alg_len = 0; /* Length of supported_signature_algorithms */ + *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature_algorithm extension is not available" ) ); + + /* Skip the extension on the client if all allowed key exchanges + * are PSK-based. */ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + { + return( 0 ); + } +#endif /* MBEDTLS_SSL_CLI_C */ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); + + /* Check there is space for extension header */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + /* + * Write supported_signature_algorithms + */ + sig_alg_ptr = p; + for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs; + *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); + } + + /* Length of supported_signature_algorithms*/ + sig_alg_len = p - sig_alg_ptr; + if( sig_alg_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 ); + /* Write length of supported_signature_algorithms */ + MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 ); + + /* Output the total length of signature algorithms extension. */ + *olen = p - buf; + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; return( 0 ); } From 56fc07f7aee15d27e3465481838cf6b060f75dd7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Sep 2021 17:48:49 +0800 Subject: [PATCH 06/16] add key_share extension Signed-off-by: Jerry Yu --- library/ecdh.c | 85 +++++++++++++++ library/ssl_misc.h | 20 ++++ library/ssl_tls13_client.c | 215 ++++++++++++++++++++++++++++++++++--- 3 files changed, 307 insertions(+), 13 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 9dfa8680637b..ac601654430e 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -31,6 +31,7 @@ #include "mbedtls/ecdh.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "ssl_misc.h" #include @@ -726,4 +727,88 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #endif } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, + unsigned char *, + size_t), + void *p_rng, int restart_enabled ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_ctx *rs_ctx = NULL; +#endif + + if( ctx->grp.pbits == 0 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( restart_enabled ) + rs_ctx = &ctx->rs; +#else + (void) restart_enabled; +#endif + +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx ) ) != 0 ) + return( ret ); +#else + if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng ) ) != 0 ) + return( ret ); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format, + olen, buf, blen ); + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + int restart_enabled = 0; + ECDH_VALIDATE_RET( ctx != NULL ); + ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET( f_rng != NULL ); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + restart_enabled = ctx->restart_enabled; +#else + (void) restart_enabled; +#endif + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled ) ); +#else + switch( ctx->var ) + { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); +#endif + case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: + return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled ) ); + default: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } +#endif +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #endif /* MBEDTLS_ECDH_C */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d9c82960f4ae..f8f5fe6c9355 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -649,6 +649,16 @@ struct mbedtls_ssl_handshake_params void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); mbedtls_ssl_tls_prf_cb *tls_prf; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + uint16_t offered_group_id; /* The NamedGroup value for the group + * that is being used for ephemeral + * key exchange. + * + * On the client: Defaults to the first + * entry in the client's group list, + * but can be overwritten by the HRR. */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + mbedtls_ssl_ciphersuite_t const *ciphersuite_info; size_t pmslen; /*!< premaster length */ @@ -1491,6 +1501,16 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen); +#if defined(MBEDTLS_ECDH_C) +/* + * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h + */ +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); +#endif /* MBEDTLS_ECDH_C */ + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index df2f9eb7dc65..8323b6778208 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -28,7 +28,8 @@ #include #include "ssl_misc.h" -#include +#include "mbedtls/debug.h" +#include "mbedtls/error.h" #define CLIENT_HELLO_RANDOM_LEN 32 @@ -257,24 +258,212 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, return( ret ); } -static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +/* + * Functions for writing key_share extension. + */ +#if defined(MBEDTLS_ECDH_C) +static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl, + uint16_t named_group, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { - ((void) ssl); - ((void) buf); - ((void) end); - *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "key share extension is not available" ) ); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_tls_id( named_group ); + + if( curve_info == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) ); + + if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, + curve_info->grp_id ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); + return( ret ); + } + + ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen, + buf, end - buf, + ssl->conf->f_rng, ssl->conf->p_rng ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); return( 0 ); } +#endif /* MBEDTLS_ECDH_C */ -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl, + uint16_t *named_group_id ) +{ + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + + /* Pick first entry of curve list. + * + * TODO: When we introduce PQC KEMs, we'll have a NamedGroup + * list instead, and can just return its first element. + */ + + /* Check if ecdhe named groups are available and pick first entry */ +#if defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_ECP_C) + ((void) ssl); +#endif +#if defined(MBEDTLS_ECP_C) + for ( const mbedtls_ecp_group_id * grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) + { + const mbedtls_ecp_curve_info *info; + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); +#else + for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) + { +#endif + if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) + { + *named_group_id = info->tls_id; + return( 0 ); + } + } +#else + ((void) ssl); + ((void) named_group_id); +#endif /* MBEDTLS_ECDH_C */ + + /* + * Add DHE named groups here. + * Check if ecdhe named groups are available and pick first entry + */ + + return( ret ); +} /* - * Functions for writing ClientHello message. + * ssl_tls13_write_key_share_ext + * + * Structure of key_share extension in ClientHelo: + * + * struct { + * NamedGroup group; + * opaque key_exchange<1..2^16-1>; + * } KeyShareEntry; + * struct { + * KeyShareEntry client_shares<0..2^16-1>; + * } KeyShareClientHello; */ +static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + unsigned char *client_shares_ptr; /* Start of client_shares */ + uint16_t group_id; + + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + + *olen = 0; + + if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) + return( 0 ); + + /* Check if we have space for headers and length fields: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - client_shares_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello: adding key share extension" ) ); + + /* HRR could already have requested something else. */ + group_id = ssl->handshake->offered_group_id; + if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) && + !mbedtls_ssl_named_group_is_dhe( group_id ) ) + { + MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl, + &group_id ) ); + } + + /* + * Dispatch to type-specific key generation function. + * + * So far, we're only supporting ECDHE. With the introduction + * of PQC KEMs, we'll want to have multiple branches, one per + * type of KEM, and dispatch to the corresponding crypto. And + * only one key share entry is allowed. + */ + client_shares_ptr = p; +#if defined(MBEDTLS_ECDH_C) + if( mbedtls_ssl_named_group_is_ecdhe( group_id ) ) + { + /* Pointer of group */ + unsigned char *group_id_ptr = p; + /* Length of key_exchange */ + size_t key_exchange_len; + + /* Check there is space for header of KeyShareEntry + * - group (2 bytes) + * - key_exchange_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + p += 4; + ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id, + p, end, + &key_exchange_len ); + p += key_exchange_len; + if( ret != 0 ) + return( ret ); + + /* Write group */ + MBEDTLS_PUT_UINT16_BE( group_id, group_id_ptr, 0 ); + /* Write key_exchange_length */ + MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_id_ptr, 2 ); + } + else +#endif /* MBEDTLS_ECDH_C */ + if( 0 /* other KEMs? */ ) + { + /* Do something */ + } + else + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 ); + /* Write client_shares_length */ + MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 ); + + /* Update offered_group_id field */ + ssl->handshake->offered_group_id = group_id; + + /* Output the total length of key_share extension. */ + *olen = p - buf; + + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen ); + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; + +cleanup: + + return( ret ); +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* Write cipher_suites * CipherSuite cipher_suites<2..2^16-2>; */ @@ -464,7 +653,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * 3) Or, in case all ciphers are supported ( which includes #1 and #2 * from above ) */ - ret = ssl_tls13_write_key_shares_ext( ssl, p, end, &output_len ); + ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); p += output_len; From ed2ef2d9e084a024eb999834540f2d8749216f18 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 19 Aug 2021 18:11:43 +0800 Subject: [PATCH 07/16] add client hello msg test Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3e199e288100..9170136038f4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1322,6 +1322,11 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT" fi +if [ -n "${OPENSSL_NEXT:-}" ]; then + O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" + O_NEXT_CLI="$O_NEXT_CLI -connect localhost:+SRV_PORT" +fi + if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" fi @@ -8661,6 +8666,15 @@ run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ -s "SSL - The requested feature is not available" \ -c "SSL - The requested feature is not available" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS1.3: Test client hello msg work" \ + "$O_NEXT_SRV -tls1_3 -msg" \ + "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + 1 \ + -c "SSL - The requested feature is not available" \ + -s "ServerHello" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C From b60e3cf4242825740d485ad46a0cac53c6c7ab18 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Sep 2021 16:41:02 +0800 Subject: [PATCH 08/16] fix various issues - format problems - name conversion issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 20 +++--- library/ssl_tls13_client.c | 132 +++++++++++++++++++----------------- library/ssl_tls13_generic.c | 24 ++++--- 3 files changed, 91 insertions(+), 85 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f8f5fe6c9355..fb843848bf01 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1363,39 +1363,39 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); /* * Helper functions around key exchange modes. */ -static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl, +static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl, int kex_mode_mask ) { return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 ); } -static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl ) +static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl ) { - return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) ); } static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl ) { - return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); } -static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl ) +static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl ) { - return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) ); } static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) { - return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); } static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) { - return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, + return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) ); } @@ -1452,7 +1452,7 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf /* * Helper functions for NamedGroup. */ -static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group ) +static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group ) { return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 || named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 || @@ -1461,7 +1461,7 @@ static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group ) named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 ); } -static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group ) +static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group ) { return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 && named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8323b6778208..d3eab844907e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -53,13 +53,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); - /* - * Check space for extension header. - * - * extension_type 2 - * extension_data_length 2 - * version_length 1 - * versions 2 + /* Check if we have space for header and length fields: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - versions_length (1 byte ) + * - versions (2 bytes) */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); @@ -111,16 +109,15 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, * NamedGroup named_group_list<2..2^16-1>; * } NamedGroupList; */ -/* Find out available ecdhe named groups in current configuration */ #if defined(MBEDTLS_ECDH_C) /* * In versions of TLS prior to TLS 1.3, this extension was named * 'elliptic_curves' and only contained elliptic curve groups. */ -static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { unsigned char *p = buf; #if !defined(MBEDTLS_ECP_C) @@ -144,7 +141,7 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, info++ ) { #endif - if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) continue; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); @@ -161,10 +158,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, return( 0 ); } #else -static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); @@ -174,11 +171,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C */ -/* Find out available dhe named groups in current configuration */ -static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); @@ -188,18 +184,15 @@ static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } -/* - * Supported Groups Extension (supported_groups) - */ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) { unsigned char *p = buf ; - unsigned char *named_group_ptr; /* Start of named_group_list */ - size_t named_group_len = 0; - int ret = 0, ret_ecdhe, ret_dhe; + unsigned char *name_group_list_ptr; /* Start of named_group_list */ + size_t output_len = 0; + int ret_ecdhe, ret_dhe; *olen = 0; @@ -208,24 +201,28 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) ); - /* Check there is space for extension header */ + /* Check if we have space for header and length fields: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - named_group_list_length (2 bytes) + */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); p += 6; - named_group_ptr = p; - ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len ); + name_group_list_ptr = p; + ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len ); if( ret_ecdhe != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe ); } - p += named_group_len; + p += output_len; - ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len ); + ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len ); if( ret_dhe != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe ); } - p += named_group_len; + p += output_len; /* Both ECDHE and DHE Fail. */ if( ret_ecdhe != 0 && ret_dhe != 0 ) @@ -235,8 +232,8 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, } /* Length of named_group_list*/ - named_group_len = p - named_group_ptr; - if( named_group_len == 0 ) + size_t named_group_list_len = p - name_group_list_ptr; + if( named_group_list_len == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -245,31 +242,31 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, /* Write extension_type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 ); /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 ); + MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 ); /* Write length of named_group_list */ - MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 ); + MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 ); *olen = p - buf; ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; - return( ret ); + return( 0 ); } /* * Functions for writing key_share extension. */ #if defined(MBEDTLS_ECDH_C) -static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +static int ssl_tls13_generate_and_write_ecdh_key_exchange( + mbedtls_ssl_context *ssl, + uint16_t named_group, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_tls_id( named_group ); @@ -300,8 +297,8 @@ static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C */ -static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl, - uint16_t *named_group_id ) +static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, + uint16_t *group_id ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -329,15 +326,15 @@ static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl, info++ ) { #endif - if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) + if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) { - *named_group_id = info->tls_id; + *group_id = info->tls_id; return( 0 ); } } #else ((void) ssl); - ((void) named_group_id); + ((void) group_id); #endif /* MBEDTLS_ECDH_C */ /* @@ -368,8 +365,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; unsigned char *client_shares_ptr; /* Start of client_shares */ + size_t client_shares_len; /* Length of client_shares */ uint16_t group_id; - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; *olen = 0; @@ -377,7 +374,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) return( 0 ); - /* Check if we have space for headers and length fields: + /* Check if we have space for header and length fields: * - extension_type (2 bytes) * - extension_data_length (2 bytes) * - client_shares_length (2 bytes) @@ -389,10 +386,10 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, /* HRR could already have requested something else. */ group_id = ssl->handshake->offered_group_id; - if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) && - !mbedtls_ssl_named_group_is_dhe( group_id ) ) + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) && + !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) ) { - MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl, + MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl, &group_id ) ); } @@ -406,7 +403,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, */ client_shares_ptr = p; #if defined(MBEDTLS_ECDH_C) - if( mbedtls_ssl_named_group_is_ecdhe( group_id ) ) + if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) { /* Pointer of group */ unsigned char *group_id_ptr = p; @@ -419,9 +416,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); p += 4; - ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id, - p, end, - &key_exchange_len ); + ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, + p, end, + &key_exchange_len ); p += key_exchange_len; if( ret != 0 ) return( ret ); @@ -440,12 +437,19 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, else return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + /* Length of client_shares */ + client_shares_len = p - client_shares_ptr; + if( client_shares_len == 0) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } /* Write extension_type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 ); /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 ); + MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 ); /* Write client_shares_length */ - MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 ); + MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 ); /* Update offered_group_id field */ ssl->handshake->offered_group_id = group_id; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 79ecfff3ea11..5c20f2928331 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -28,7 +28,6 @@ #include "ssl_misc.h" - int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, @@ -101,15 +100,14 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, * * Only if we handle at least one key exchange that needs signatures. */ - int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) { unsigned char *p = buf; - unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */ - size_t sig_alg_len = 0; /* Length of supported_signature_algorithms */ + unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */ + size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ *olen = 0; @@ -125,14 +123,18 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); - /* Check there is space for extension header */ + /* Check if we have space for header and length field: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - supported_signature_algorithms_length (2 bytes) + */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); p += 6; /* * Write supported_signature_algorithms */ - sig_alg_ptr = p; + supported_sig_alg_ptr = p; for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs; *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ ) { @@ -142,9 +144,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); } - /* Length of supported_signature_algorithms*/ - sig_alg_len = p - sig_alg_ptr; - if( sig_alg_len == 0 ) + /* Length of supported_signature_algorithms */ + supported_sig_alg_len = p - supported_sig_alg_ptr; + if( supported_sig_alg_len == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -153,9 +155,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, /* Write extension_type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 ); + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); /* Write length of supported_signature_algorithms */ - MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 ); + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); /* Output the total length of signature algorithms extension. */ *olen = p - buf; From 7c522d4941b198e44a3d311f9e3766fcfb716ca1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Sep 2021 17:55:09 +0800 Subject: [PATCH 09/16] Remove ecp_c undefine routines Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d3eab844907e..1b55abab6d27 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -120,13 +120,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; -#if !defined(MBEDTLS_ECP_C) - ((void) ssl); -#endif *olen = 0; -#if defined(MBEDTLS_ECP_C) + if( ssl->conf->curve_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) @@ -135,12 +134,7 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); if( info == NULL ) continue; -#else - for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) - { -#endif + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) continue; @@ -259,7 +253,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, * Functions for writing key_share extension. */ #if defined(MBEDTLS_ECDH_C) -static int ssl_tls13_generate_and_write_ecdh_key_exchange( +static int ssl_tls13_generate_and_write_ecdh_key_exchange( mbedtls_ssl_context *ssl, uint16_t named_group, unsigned char *buf, @@ -443,7 +437,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + } /* Write extension_type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 ); /* Write extension_data_length */ From 72fc69bd40be61ba4d591abd9857417180caab78 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Sep 2021 10:23:24 +0800 Subject: [PATCH 10/16] fix typo error Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 1b55abab6d27..5d9e50b0d2ef 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -184,7 +184,8 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, size_t *olen ) { unsigned char *p = buf ; - unsigned char *name_group_list_ptr; /* Start of named_group_list */ + unsigned char *named_group_list_ptr; /* Start of named_group_list */ + size_t named_group_list_len; /* Length of named_group_list */ size_t output_len = 0; int ret_ecdhe, ret_dhe; @@ -203,7 +204,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); p += 6; - name_group_list_ptr = p; + named_group_list_ptr = p; ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len ); if( ret_ecdhe != 0 ) { @@ -226,10 +227,10 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, } /* Length of named_group_list*/ - size_t named_group_list_len = p - name_group_list_ptr; + named_group_list_len = p - named_group_list_ptr; if( named_group_list_len == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group Available." ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From 335aca9c52d50bf8bb1bd84a25d63ef0659da017 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 12 Sep 2021 20:18:56 +0800 Subject: [PATCH 11/16] fix format issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 5d9e50b0d2ef..8ae8a56330db 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -681,7 +681,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, return( 0 ); } -static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); return( 0 ); From bdc71888fcedae2d85b367452bc618c63c138a88 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Sep 2021 19:30:36 +0800 Subject: [PATCH 12/16] Remove restartable and everest from tls1.3 Signed-off-by: Jerry Yu --- library/ecdh.c | 50 +++++++++++--------------------------- library/ecdh_misc.h | 41 +++++++++++++++++++++++++++++++ library/ssl_misc.h | 9 ------- library/ssl_tls13_client.c | 4 ++- 4 files changed, 58 insertions(+), 46 deletions(-) create mode 100644 library/ecdh_misc.h diff --git a/library/ecdh.c b/library/ecdh.c index ac601654430e..b9319470e564 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -31,7 +31,8 @@ #include "mbedtls/ecdh.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "ssl_misc.h" + +#include "ecdh_misc.h" #include @@ -730,37 +731,17 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, - unsigned char *, - size_t), - void *p_rng, int restart_enabled ) + size_t *olen, int point_format, unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_ctx *rs_ctx = NULL; -#endif if( ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) - rs_ctx = &ctx->rs; -#else - (void) restart_enabled; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); -#else if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ) != 0 ) return( ret ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format, olen, buf, blen ); @@ -771,38 +752,35 @@ static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, } int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, unsigned char *, size_t ), - void *p_rng ) + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) { - int restart_enabled = 0; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( olen != NULL ); ECDH_VALIDATE_RET( buf != NULL ); ECDH_VALIDATE_RET( f_rng != NULL ); + #if defined(MBEDTLS_ECP_RESTARTABLE) - restart_enabled = ctx->restart_enabled; -#else - (void) restart_enabled; + if( ctx-> restart_enabled ) + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, + buf, blen, f_rng, p_rng ) ); #else switch( ctx->var ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen, ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + f_rng, p_rng ) ); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h new file mode 100644 index 000000000000..3d75b0fce05e --- /dev/null +++ b/library/ecdh_misc.h @@ -0,0 +1,41 @@ +/** + * \file ecdh_misc.h + * + * \brief Internal functions shared by the ECDH module + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if !defined(MBEDTLS_ECDH_MISC_H) +#define MBEDTLS_ECDH_MISC_H + +#if defined(MBEDTLS_ECDH_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +/* + * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h + */ +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_ECDH_C */ + +#endif /* !MBEDTLS_ECDH_MISC_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fb843848bf01..c338d79eecd6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1501,15 +1501,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen); -#if defined(MBEDTLS_ECDH_C) -/* - * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h - */ -int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, unsigned char *, size_t ), - void *p_rng ); -#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8ae8a56330db..0190ee5f3951 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -27,10 +27,12 @@ #include -#include "ssl_misc.h" #include "mbedtls/debug.h" #include "mbedtls/error.h" +#include "ssl_misc.h" +#include "ecdh_misc.h" + #define CLIENT_HELLO_RANDOM_LEN 32 /* Write extensions */ From dd1fb9e37eae2c53d42dd78bfed9f5f2766ba4eb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Sep 2021 11:10:15 +0800 Subject: [PATCH 13/16] add mbedtls_ecdh_setup_no_everest Setup ecdh without everest for TLS1.3 Signed-off-by: Jerry Yu --- library/ecdh.c | 19 +++++++++++++++++++ library/ecdh_misc.h | 10 ++++++++++ library/ssl_tls13_client.c | 4 ++-- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index b9319470e564..4d73da074831 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -787,6 +787,25 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif } +/* + * Setup context without everst + */ +int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id ) +{ + ECDH_VALIDATE_RET( ctx != NULL ); + +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return( ecdh_setup_internal( ctx, grp_id ) ); +#else + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; + ctx->grp_id = grp_id; + ecdh_init_internal( &ctx->ctx.mbed_ecdh ); + return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); +#endif +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_ECDH_C */ diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h index 3d75b0fce05e..c377e704c160 100644 --- a/library/ecdh_misc.h +++ b/library/ecdh_misc.h @@ -22,10 +22,19 @@ #if !defined(MBEDTLS_ECDH_MISC_H) #define MBEDTLS_ECDH_MISC_H +#include "mbedtls/ecdh.h" +#include "mbedtls/ecp.h" + #if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/* + * Setup context without everst + */ +int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id ); + /* * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h */ @@ -34,6 +43,7 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, int ( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_ECDH_C */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0190ee5f3951..91f1b0c86777 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -272,8 +272,8 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange( MBEDTLS_SSL_DEBUG_MSG( 3, ( "offer curve %s", curve_info->name ) ); - if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, - curve_info->grp_id ) ) != 0 ) + if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx, + curve_info->grp_id ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); return( ret ); From 388bd0d53c1789669f4f85e1178f7792918270ed Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Sep 2021 18:41:02 +0800 Subject: [PATCH 14/16] fix various issues Signed-off-by: Jerry Yu --- library/ecdh.c | 2 +- library/ecdh_misc.h | 2 +- library/ssl_tls13_client.c | 45 ++++++++++++++------------------------ 3 files changed, 19 insertions(+), 30 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 4d73da074831..b72bd1fe08e4 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -788,7 +788,7 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, } /* - * Setup context without everst + * Setup context without Everest */ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h index c377e704c160..d1342f8b91e8 100644 --- a/library/ecdh_misc.h +++ b/library/ecdh_misc.h @@ -30,7 +30,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) /* - * Setup context without everst + * Setup context without Everest */ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 91f1b0c86777..13e932c4535b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -55,7 +55,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); - /* Check if we have space for header and length fields: + /* Check if we have space to write the extension: * - extension_type (2 bytes) * - extension_data_length (2 bytes) * - versions_length (1 byte ) @@ -221,7 +221,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, } p += output_len; - /* Both ECDHE and DHE Fail. */ + /* Both ECDHE and DHE failed. */ if( ret_ecdhe != 0 && ret_dhe != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) ); @@ -232,7 +232,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, named_group_list_len = p - named_group_list_ptr; if( named_group_list_len == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group Available." ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -275,7 +275,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange( if( ( ret = mbedtls_ecdh_setup_no_everest( &ssl->handshake->ecdh_ctx, curve_info->grp_id ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_setup_no_everest", ret ); return( ret ); } @@ -299,31 +299,20 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - /* Pick first entry of curve list. - * - * TODO: When we introduce PQC KEMs, we'll have a NamedGroup - * list instead, and can just return its first element. - */ - /* Check if ecdhe named groups are available and pick first entry */ #if defined(MBEDTLS_ECDH_C) -#if !defined(MBEDTLS_ECP_C) - ((void) ssl); -#endif -#if defined(MBEDTLS_ECP_C) - for ( const mbedtls_ecp_group_id * grp_id = ssl->conf->curve_list; + /* Pick first available ECDHE group compatible with TLS 1.3 */ + if( ssl->conf->curve_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { const mbedtls_ecp_curve_info *info; info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#else - for ( const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) - { -#endif - if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) + if( info != NULL && + mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) { *group_id = info->tls_id; return( 0 ); @@ -336,7 +325,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, /* * Add DHE named groups here. - * Check if ecdhe named groups are available and pick first entry + * Pick first available DHE group compatible with TLS 1.3 */ return( ret ); @@ -345,7 +334,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, /* * ssl_tls13_write_key_share_ext * - * Structure of key_share extension in ClientHelo: + * Structure of key_share extension in ClientHello: * * struct { * NamedGroup group; @@ -402,8 +391,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) { - /* Pointer of group */ - unsigned char *group_id_ptr = p; + /* Pointer to group */ + unsigned char *group_ptr = p; /* Length of key_exchange */ size_t key_exchange_len; @@ -421,9 +410,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, return( ret ); /* Write group */ - MBEDTLS_PUT_UINT16_BE( group_id, group_id_ptr, 0 ); + MBEDTLS_PUT_UINT16_BE( group_id, group_ptr, 0 ); /* Write key_exchange_length */ - MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_id_ptr, 2 ); + MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_ptr, 2 ); } else #endif /* MBEDTLS_ECDH_C */ From 7a5ab044cae7ab148d643426a36694ad785aa4ff Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Sep 2021 19:22:29 +0800 Subject: [PATCH 15/16] Add tls13 test with everst and ecp restartable Signed-off-by: Jerry Yu --- tests/scripts/all.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9944a853f50b..8c88b635323d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2565,6 +2565,8 @@ component_test_tls13_experimental () { make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, without padding" make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh } component_test_tls13_experimental_with_padding () { @@ -2579,6 +2581,31 @@ component_test_tls13_experimental_with_padding () { if_build_succeeded tests/ssl-opt.sh } +component_test_tls13_experimental_with_ecp_restartable () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.py set MBEDTLS_ECP_RESTARTABLE + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with ecp_restartable" + make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh +} + +component_test_tls13_experimental_with_everest () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled, with Everest" + make test + msg "ssl-opt.sh (TLS 1.3 experimental)" + if_build_succeeded tests/ssl-opt.sh +} + component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs From 76e31ec169e09cc3afd93ad3ff63e5a043804e30 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Sep 2021 21:16:27 +0800 Subject: [PATCH 16/16] Add gnutls version test for client hello Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9170136038f4..39499d441c30 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8668,13 +8668,22 @@ run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL -run_test "TLS1.3: Test client hello msg work" \ +run_test "TLS1.3: Test client hello msg work - openssl" \ "$O_NEXT_SRV -tls1_3 -msg" \ "$P_CLI min_version=tls1_3 max_version=tls1_3" \ 1 \ -c "SSL - The requested feature is not available" \ -s "ServerHello" +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +run_test "TLS1.3: Test client hello msg work - gnutls" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --debug=4" \ + "$P_CLI min_version=tls1_3 max_version=tls1_3" \ + 1 \ + -c "SSL - The requested feature is not available" \ + -s "SERVER HELLO was queued" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C