yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 00:00:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce configuration option for TLS 1.3 padding granularity

Browse source 
TLS 1.3 record protection allows the addition of an arbitrary amount
of padding.

This commit introduces a configuration option

```
   MBEDTLS_SSL_TLS13_PADDING_GRANULARITY
```

The semantics of this option is that padding is chosen in a minimal
way so that the padded plaintext has a length which is a multiple of
MBEDTLS_SSL_TLS13_PADDING_GRANULARITY.

For example, setting MBEDTLS_SSL_TLS13_PADDING_GRANULARITY to 1024
means that padded plaintexts will have length 1024, 2048, ..., while
setting it to 1 means that no padding will be used.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2020-05-28 16:15:19 +01:00
parent b54094bd7c
commit 13996927cb
3 changed files with 41 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
include/mbedtls/config.h
View file

@ -3554,6 +3554,22 @@
*/ */
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_TLS13_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* in TLS 1.3.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
*
* Note: A value of \c 1 means that no padding will be used
* for outgoing records.
*
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*/
//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
* *
* Maximum length (in bytes) of outgoing plaintext fragments. * Maximum length (in bytes) of outgoing plaintext fragments.

4
include/mbedtls/ssl.h
View file

@ -277,6 +277,10 @@
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 #define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
#endif #endif
#if !defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY)
#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */ /* \} name SECTION: Module settings */
/* /*

29
library/ssl_msg.c
View file

@ -343,6 +343,13 @@ static void ssl_read_memory( unsigned char *p, size_t len )
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \
defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static size_t ssl_compute_padding_length( size_t len,
size_t granularity )
{
return( ( granularity - ( len + 1 ) % granularity ) % granularity );
}
/* This functions transforms a (D)TLS plaintext fragment and a record content /* This functions transforms a (D)TLS plaintext fragment and a record content
* type into an instance of the (D)TLSInnerPlaintext structure. This is used * type into an instance of the (D)TLSInnerPlaintext structure. This is used
* in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect
@ -374,12 +381,10 @@ static void ssl_read_memory( unsigned char *p, size_t len )
static int ssl_build_inner_plaintext( unsigned char *content, static int ssl_build_inner_plaintext( unsigned char *content,
size_t *content_size, size_t *content_size,
size_t remaining, size_t remaining,
uint8_t rec_type ) uint8_t rec_type,
size_t pad )
{ {
size_t len = *content_size; size_t len = *content_size;
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
/* Write real content type */ /* Write real content type */
if( remaining == 0 ) if( remaining == 0 )
@ -651,10 +656,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
{ {
size_t padding =
ssl_compute_padding_length( rec->data_len,
MBEDTLS_SSL_TLS13_PADDING_GRANULARITY );
if( ssl_build_inner_plaintext( data, if( ssl_build_inner_plaintext( data,
&rec->data_len, &rec->data_len,
post_avail, post_avail,
rec->type ) != 0 ) rec->type,
padding ) != 0 )
{ {
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }
@ -673,6 +682,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
if( rec->cid_len != 0 ) if( rec->cid_len != 0 )
{ {
size_t padding =
ssl_compute_padding_length( rec->data_len,
MBEDTLS_SSL_CID_PADDING_GRANULARITY );
/* /*
* Wrap plaintext into DTLSInnerPlaintext structure. * Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for more information. * See ssl_build_inner_plaintext() for more information.
@ -683,7 +695,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
if( ssl_build_inner_plaintext( data, if( ssl_build_inner_plaintext( data,
&rec->data_len, &rec->data_len,
post_avail, post_avail,
rec->type ) != 0 ) rec->type,
padding ) != 0 )
{ {
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
} }