From 70e7928d76cbe2d0f04e13afd08858b707a233d0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 14:34:53 +0100 Subject: [PATCH] Add pointers to in/out CID fields to mbedtls_ssl_context mbedtls_ssl_context contains pointers in_buf, in_hdr, in_len, ... which point to various parts of the header of an incoming TLS or DTLS record; similarly, there are pointers out_buf, ... for outgoing records. This commit adds fields in_cid and out_cid which point to where the CID of incoming/outgoing records should reside, if present, namely prior to where the record length resides. Quoting https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: The DTLSInnerPlaintext value is then encrypted and the CID added to produce the final DTLSCiphertext. struct { ContentType special_type = tls12_cid; /* 25 */ ProtocolVersion version; uint16 epoch; uint48 sequence_number; opaque cid[cid_length]; // New field uint16 length; opaque enc_content[DTLSCiphertext.length]; } DTLSCiphertext; For outgoing records, out_cid is set in ssl_update_out_pointers() based on the settings in the current outgoing transform. For incoming records, ssl_update_in_pointers() sets in_cid as if no CID was present, and it is the responsibility of ssl_parse_record_header() to update the field (as well as in_len, in_msg and in_iv) when parsing records that do contain a CID. This will be done in a subsequent commit. Finally, the code around the invocations of ssl_decrypt_buf() and ssl_encrypt_buf() is adapted to transfer the CID from the input/output buffer to the CID field in the internal record structure (which is what ssl_{encrypt/decrypt}_buf() uses). Note that mbedtls_ssl_in_hdr_len() doesn't need change because it infers the header length as in_iv - in_hdr, which will account for the CID for records using such. --- include/mbedtls/ssl.h | 8 ++++++++ library/ssl_tls.c | 31 +++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ec4a15c45..3ca74a064 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1106,6 +1106,10 @@ struct mbedtls_ssl_context TLS: maintained by us DTLS: read from peer */ unsigned char *in_hdr; /*!< start of record header */ +#if defined(MBEDTLS_SSL_CID) + unsigned char *in_cid; /*!< The start of the CID; + * (the end is marked by in_len). */ +#endif /* MBEDTLS_SSL_CID */ unsigned char *in_len; /*!< two-bytes message length field */ unsigned char *in_iv; /*!< ivlen-byte IV */ unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ @@ -1142,6 +1146,10 @@ struct mbedtls_ssl_context unsigned char *out_buf; /*!< output buffer */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_hdr; /*!< start of record header */ +#if defined(MBEDTLS_SSL_CID) + unsigned char *out_cid; /*!< The start of the CID; + * (the end is marked by in_len). */ +#endif /* MBEDTLS_SSL_CID */ unsigned char *out_len; /*!< two-bytes message length field */ unsigned char *out_iv; /*!< ivlen-byte IV */ unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 73dc2e27e..1529d659b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3755,6 +3755,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_SSL_CID ) + memcpy( ssl->out_cid, rec.cid, rec.cid_len ); +#endif /* MBEDTLS_SSL_CID */ ssl->out_msglen = len = rec.data_len; ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->out_len[1] = (unsigned char)( rec.data_len ); @@ -4615,6 +4618,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) - ( ssl->in_iv - ssl->in_buf ); rec.data_len = ssl->in_msglen; rec.data_offset = 0; +#if defined(MBEDTLS_SSL_CID ) + rec.cid_len = ssl->in_len - ssl->in_cid; + memcpy( rec.cid, ssl->in_cid, rec.cid_len ); +#endif /* MBEDTLS_SSL_CID */ memcpy( &rec.ctr[0], ssl->in_ctr, 8 ); mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, @@ -7220,8 +7227,15 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { ssl->out_ctr = ssl->out_hdr + 3; - ssl->out_len = ssl->out_hdr + 11; - ssl->out_iv = ssl->out_hdr + 13; +#if defined(MBEDTLS_SSL_CID) + ssl->out_cid = ssl->out_ctr + 8; + ssl->out_len = ssl->out_cid; + if( transform != NULL ) + ssl->out_len += transform->out_cid_len; +#else /* MBEDTLS_SSL_CID */ + ssl->out_len = ssl->out_ctr + 8; +#endif /* MBEDTLS_SSL_CID */ + ssl->out_iv = ssl->out_len + 2; } else #endif @@ -7264,9 +7278,18 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + /* This sets the header pointers to match records + * without CID. When we receive a record containing + * a CID, the fields are shifted accordingly in + * ssl_parse_record_header(). */ ssl->in_ctr = ssl->in_hdr + 3; - ssl->in_len = ssl->in_hdr + 11; - ssl->in_iv = ssl->in_hdr + 13; +#if defined(MBEDTLS_SSL_CID) + ssl->in_cid = ssl->in_ctr + 8; + ssl->in_len = ssl->in_cid; /* Default: no CID */ +#else /* MBEDTLS_SSL_CID */ + ssl->in_len = ssl->in_ctr + 8; +#endif /* MBEDTLS_SSL_CID */ + ssl->in_iv = ssl->in_len + 2; } else #endif