mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 10:15:40 +00:00
Merge remote-tracking branch 'public/pr/2643' into HEAD
This commit is contained in:
commit
fe20bea3c7
|
@ -317,6 +317,7 @@
|
|||
#define MBEDTLS_SSL_MSG_ALERT 21
|
||||
#define MBEDTLS_SSL_MSG_HANDSHAKE 22
|
||||
#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
|
||||
#define MBEDTLS_SSL_MSG_CID 25
|
||||
|
||||
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
|
||||
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
|
||||
|
|
|
@ -645,16 +645,27 @@ struct mbedtls_ssl_transform
|
|||
* make space for the fixed IV.
|
||||
*
|
||||
*/
|
||||
#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
|
||||
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
|
||||
#else
|
||||
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
|
||||
#endif
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t ctr[8]; /*!< Record sequence number */
|
||||
uint8_t type; /*!< Record type */
|
||||
uint8_t ver[2]; /*!< SSL/TLS version */
|
||||
uint8_t ctr[8]; /* Record sequence number */
|
||||
uint8_t type; /* Record type */
|
||||
uint8_t ver[2]; /* SSL/TLS version */
|
||||
|
||||
unsigned char *buf; /*!< Memory buffer enclosing the record content */
|
||||
size_t buf_len; /*!< Buffer length */
|
||||
size_t data_offset; /*!< Offset of record content */
|
||||
size_t data_len; /*!< Length of record content */
|
||||
unsigned char *buf; /* Memory buffer enclosing the record content */
|
||||
size_t buf_len; /* Buffer length */
|
||||
size_t data_offset; /* Offset of record content */
|
||||
size_t data_len; /* Length of record content */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
uint8_t cid_len; /* Length of the CID (0 if not present) */
|
||||
unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
} mbedtls_record;
|
||||
|
||||
|
|
|
@ -956,11 +956,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
|
||||
transform->in_cid_len = ssl->own_cid_len;
|
||||
transform->out_cid_len = ssl->handshake->peer_cid_len;
|
||||
memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
|
||||
memcpy( transform->out_cid, ssl->handshake->peer_cid,
|
||||
ssl->handshake->peer_cid_len );
|
||||
|
||||
/* Uncomment this once CID-parsing and support for a change
|
||||
* record content type during record decryption are added. */
|
||||
/* transform->in_cid_len = ssl->own_cid_len; */
|
||||
/* transform->out_cid_len = ssl->handshake->peer_cid_len; */
|
||||
/* memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); */
|
||||
/* memcpy( transform->out_cid, ssl->handshake->peer_cid, */
|
||||
/* ssl->handshake->peer_cid_len ); */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
|
||||
transform->out_cid_len );
|
||||
|
@ -1964,14 +1967,123 @@ static void ssl_read_memory( unsigned char *p, size_t len )
|
|||
* Encryption/decryption functions
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
/* This functions transforms a DTLS plaintext fragment and a record content
|
||||
* type into an instance of the DTLSInnerPlaintext structure:
|
||||
*
|
||||
* struct {
|
||||
* opaque content[DTLSPlaintext.length];
|
||||
* ContentType real_type;
|
||||
* uint8 zeros[length_of_padding];
|
||||
* } DTLSInnerPlaintext;
|
||||
*
|
||||
* Input:
|
||||
* - `content`: The beginning of the buffer holding the
|
||||
* plaintext to be wrapped.
|
||||
* - `*content_size`: The length of the plaintext in Bytes.
|
||||
* - `max_len`: The number of Bytes available starting from
|
||||
* `content`. This must be `>= *content_size`.
|
||||
* - `rec_type`: The desired record content type.
|
||||
*
|
||||
* Output:
|
||||
* - `content`: The beginning of the resulting DTLSInnerPlaintext structure.
|
||||
* - `*content_size`: The length of the resulting DTLSInnerPlaintext structure.
|
||||
*
|
||||
* Returns:
|
||||
* - `0` on success.
|
||||
* - A negative error code if `max_len` didn't offer enough space
|
||||
* for the expansion.
|
||||
*/
|
||||
static int ssl_cid_build_inner_plaintext( unsigned char *content,
|
||||
size_t *content_size,
|
||||
size_t remaining,
|
||||
uint8_t rec_type )
|
||||
{
|
||||
size_t len = *content_size;
|
||||
size_t pad = ~len & 0xF; /* Pad to a multiple of 16 */
|
||||
|
||||
/* Write real content type */
|
||||
if( remaining == 0 )
|
||||
return( -1 );
|
||||
content[ len ] = rec_type;
|
||||
len++;
|
||||
remaining--;
|
||||
|
||||
if( remaining < pad )
|
||||
return( -1 );
|
||||
memset( content + len, 0, pad );
|
||||
len += pad;
|
||||
remaining -= pad;
|
||||
|
||||
*content_size = len;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* This function parses a DTLSInnerPlaintext structure.
|
||||
* See ssl_cid_build_inner_plaintext() for details. */
|
||||
static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
|
||||
size_t *content_size,
|
||||
uint8_t *rec_type )
|
||||
{
|
||||
size_t remaining = *content_size;
|
||||
|
||||
/* Determine length of padding by skipping zeroes from the back. */
|
||||
do
|
||||
{
|
||||
if( remaining == 0 )
|
||||
return( -1 );
|
||||
remaining--;
|
||||
} while( content[ remaining ] == 0 );
|
||||
|
||||
*content_size = remaining;
|
||||
*rec_type = content[ remaining ];
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
|
||||
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
|
||||
static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
size_t *add_data_len,
|
||||
mbedtls_record *rec )
|
||||
{
|
||||
/* Quoting RFC 5246 (TLS 1.2):
|
||||
*
|
||||
* additional_data = seq_num + TLSCompressed.type +
|
||||
* TLSCompressed.version + TLSCompressed.length;
|
||||
*
|
||||
* For the CID extension, this is extended as follows
|
||||
* (quoting draft-ietf-tls-dtls-connection-id-05,
|
||||
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
|
||||
*
|
||||
* additional_data = seq_num + DTLSPlaintext.type +
|
||||
* DTLSPlaintext.version +
|
||||
* cid +
|
||||
* cid_length +
|
||||
* length_of_DTLSInnerPlaintext;
|
||||
*/
|
||||
|
||||
memcpy( add_data, rec->ctr, sizeof( rec->ctr ) );
|
||||
add_data[8] = rec->type;
|
||||
memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) );
|
||||
add_data[11] = ( rec->data_len >> 8 ) & 0xFF;
|
||||
add_data[12] = rec->data_len & 0xFF;
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
if( rec->cid_len != 0 )
|
||||
{
|
||||
memcpy( add_data + 11, rec->cid, rec->cid_len );
|
||||
add_data[11 + rec->cid_len + 0] = rec->cid_len;
|
||||
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
|
||||
add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
|
||||
*add_data_len = 13 + 1 + rec->cid_len;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
{
|
||||
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
|
||||
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
|
||||
*add_data_len = 13;
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
|
@ -1983,7 +2095,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
mbedtls_cipher_mode_t mode;
|
||||
int auth_done = 0;
|
||||
unsigned char * data;
|
||||
unsigned char add_data[13];
|
||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
|
||||
size_t add_data_len;
|
||||
size_t post_avail;
|
||||
|
||||
/* The SSL context is only used for debugging purposes! */
|
||||
|
@ -2009,17 +2122,21 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
if( rec == NULL ||
|
||||
rec->buf == NULL ||
|
||||
rec->buf_len < rec->data_offset ||
|
||||
rec->buf_len - rec->data_offset < rec->data_len )
|
||||
if( rec == NULL
|
||||
|| rec->buf == NULL
|
||||
|| rec->buf_len < rec->data_offset
|
||||
|| rec->buf_len - rec->data_offset < rec->data_len
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
|| rec->cid_len != 0
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
|
||||
data = rec->buf + rec->data_offset;
|
||||
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
data, rec->data_len );
|
||||
|
||||
|
@ -2033,6 +2150,37 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
/*
|
||||
* Add CID information
|
||||
*/
|
||||
rec->cid_len = transform->out_cid_len;
|
||||
memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
|
||||
|
||||
if( rec->cid_len != 0 )
|
||||
{
|
||||
/*
|
||||
* Wrap plaintext into DTLSInnerPlaintext structure.
|
||||
* See ssl_cid_build_inner_plaintext() for more information.
|
||||
*
|
||||
* Note that this changes `rec->data_len`, and hence
|
||||
* `post_avail` needs to be recalculated afterwards.
|
||||
*/
|
||||
if( ssl_cid_build_inner_plaintext( data,
|
||||
&rec->data_len,
|
||||
post_avail,
|
||||
rec->type ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
rec->type = MBEDTLS_SSL_MSG_CID;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
|
||||
|
||||
/*
|
||||
* Add MAC before if needed
|
||||
*/
|
||||
|
@ -2066,10 +2214,10 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
sizeof( add_data ) );
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
|
@ -2172,14 +2320,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
|
||||
iv, transform->ivlen );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
|
||||
data - explicit_iv_len, explicit_iv_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||
add_data, 13 );
|
||||
add_data, add_data_len );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
||||
"including 0 bytes of padding",
|
||||
rec->data_len ) );
|
||||
|
@ -2190,7 +2338,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
|
||||
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
|
||||
iv, transform->ivlen,
|
||||
add_data, 13, /* add data */
|
||||
add_data, add_data_len, /* add data */
|
||||
data, rec->data_len, /* source */
|
||||
data, &rec->data_len, /* destination */
|
||||
data + rec->data_len, transform->taglen ) ) != 0 )
|
||||
|
@ -2326,14 +2474,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||
sizeof( add_data ) );
|
||||
add_data_len );
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
sizeof( add_data ) );
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
|
@ -2378,7 +2526,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
size_t padlen = 0, correct = 1;
|
||||
#endif
|
||||
unsigned char* data;
|
||||
unsigned char add_data[13];
|
||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
|
||||
size_t add_data_len;
|
||||
|
||||
#if !defined(MBEDTLS_DEBUG_C)
|
||||
((void) ssl);
|
||||
|
@ -2402,6 +2551,24 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
data = rec->buf + rec->data_offset;
|
||||
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
/*
|
||||
* Match record's CID with incoming CID.
|
||||
*/
|
||||
|
||||
/* Uncomment this once CID parsing is in place */
|
||||
/* if( rec->cid_len != transform->in_cid_len || */
|
||||
/* memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) */
|
||||
/* { */
|
||||
/* return( MBEDTLS_ERR_SSL_INVALID_RECORD ); */
|
||||
/* } */
|
||||
|
||||
/* Remove this once CID parsing is in place */
|
||||
rec->cid_len = transform->in_cid_len;
|
||||
memcpy( rec->cid, transform->in_cid, transform->in_cid_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
if( mode == MBEDTLS_MODE_STREAM )
|
||||
{
|
||||
|
@ -2476,9 +2643,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
rec->data_offset += explicit_iv_len;
|
||||
rec->data_len -= explicit_iv_len + transform->taglen;
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||
add_data, 13 );
|
||||
add_data, add_data_len );
|
||||
|
||||
memcpy( transform->iv_dec + transform->fixed_ivlen,
|
||||
data - explicit_iv_len, explicit_iv_len );
|
||||
|
@ -2493,7 +2660,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
|
||||
iv, transform->ivlen,
|
||||
add_data, 13,
|
||||
add_data, add_data_len,
|
||||
data, rec->data_len,
|
||||
data, &olen,
|
||||
data + rec->data_len,
|
||||
|
@ -2577,10 +2744,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
/* Safe due to the check data_len >= minlen + maclen + 1 above. */
|
||||
rec->data_len -= transform->maclen;
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, 13 );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
|
||||
|
@ -2784,7 +2953,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
rec->data_len -= transform->maclen;
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, rec );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
|
@ -2854,15 +3023,17 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
case MBEDTLS_MD_SHA1:
|
||||
case MBEDTLS_MD_SHA256:
|
||||
/* 8 bytes of message size, 64-byte compression blocks */
|
||||
extra_run = ( 13 + rec->data_len + padlen + 8 ) / 64 -
|
||||
( 13 + rec->data_len + 8 ) / 64;
|
||||
extra_run =
|
||||
( add_data_len + rec->data_len + padlen + 8 ) / 64 -
|
||||
( add_data_len + rec->data_len + 8 ) / 64;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
/* 16 bytes of message size, 128-byte compression blocks */
|
||||
extra_run = ( 13 + rec->data_len + padlen + 16 ) / 128 -
|
||||
( 13 + rec->data_len + 16 ) / 128;
|
||||
extra_run =
|
||||
( add_data_len + rec->data_len + padlen + 16 ) / 128 -
|
||||
( add_data_len + rec->data_len + 16 ) / 128;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
|
@ -2872,7 +3043,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
|
||||
extra_run &= correct * 0xFF;
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_dec, data,
|
||||
rec->data_len );
|
||||
/* Make sure we access everything even when padlen > 0. This
|
||||
|
@ -2933,6 +3105,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
if( rec->cid_len != 0 )
|
||||
{
|
||||
ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len,
|
||||
&rec->type );
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
|
||||
|
||||
return( 0 );
|
||||
|
@ -3960,6 +4142,11 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
ssl->conf->transport, rec.ver );
|
||||
rec.type = ssl->out_msgtype;
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
/* The CID is set by mbedtls_ssl_encrypt_buf(). */
|
||||
rec.cid_len = 0;
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
|
|
110
tests/ssl-opt.sh
110
tests/ssl-opt.sh
|
@ -1321,11 +1321,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 2 Bytes): de ad" \
|
||||
-s "Peer CID (length 2 Bytes): be ef"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 2 Bytes): de ad" \
|
||||
# -s "Peer CID (length 2 Bytes): be ef"
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \
|
||||
|
@ -1341,11 +1342,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-s "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -s "Peer CID (length 0 Bytes):" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \
|
||||
|
@ -1361,11 +1363,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-c "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -c "Peer CID (length 0 Bytes):"
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \
|
||||
|
@ -1399,11 +1402,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 2 Bytes): de ad" \
|
||||
-s "Peer CID (length 2 Bytes): be ef"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 2 Bytes): de ad" \
|
||||
# -s "Peer CID (length 2 Bytes): be ef" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \
|
||||
|
@ -1419,11 +1423,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-s "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -s "Peer CID (length 0 Bytes):" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \
|
||||
|
@ -1439,11 +1444,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-c "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -c "Peer CID (length 0 Bytes):" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \
|
||||
|
@ -1477,11 +1483,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 2 Bytes): de ad" \
|
||||
-s "Peer CID (length 2 Bytes): be ef"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 2 Bytes): de ad" \
|
||||
# -s "Peer CID (length 2 Bytes): be ef" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \
|
||||
|
@ -1497,11 +1504,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-s "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -s "Peer CID (length 0 Bytes):" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \
|
||||
|
@ -1517,11 +1525,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
-c "Peer CID (length 0 Bytes):"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -s "Peer CID (length 4 Bytes): de ad be ef" \
|
||||
# -c "Peer CID (length 0 Bytes):" \
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_CID
|
||||
run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \
|
||||
|
@ -1556,11 +1565,12 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \
|
|||
-c "found CID extension" \
|
||||
-c "Use of CID extension negotiated" \
|
||||
-s "Copy CIDs into SSL transform" \
|
||||
-c "Copy CIDs into SSL transform" \
|
||||
-s "Use of Connection ID has been negotiated" \
|
||||
-c "Use of Connection ID has been negotiated" \
|
||||
-c "Peer CID (length 2 Bytes): de ad" \
|
||||
-s "Peer CID (length 2 Bytes): be ef"
|
||||
-c "Copy CIDs into SSL transform"
|
||||
# Uncomment once CID is fully implemented
|
||||
# -c "Peer CID (length 2 Bytes): de ad" \
|
||||
# -s "Peer CID (length 2 Bytes): be ef"
|
||||
# -s "Use of Connection ID has been negotiated" \
|
||||
# -c "Use of Connection ID has been negotiated" \
|
||||
|
||||
# Tests for Encrypt-then-MAC extension
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -18,11 +18,18 @@
|
|||
} \
|
||||
} while( 0 )
|
||||
|
||||
#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
|
||||
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
|
||||
#else
|
||||
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
|
||||
#endif
|
||||
|
||||
static int build_transforms( mbedtls_ssl_transform *t_in,
|
||||
mbedtls_ssl_transform *t_out,
|
||||
int cipher_type, int hash_id,
|
||||
int etm, int tag_mode, int ver )
|
||||
int etm, int tag_mode, int ver,
|
||||
size_t cid0_len,
|
||||
size_t cid1_len )
|
||||
{
|
||||
mbedtls_cipher_info_t const *cipher_info;
|
||||
int ret = 0;
|
||||
|
@ -31,6 +38,17 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
|
|||
unsigned char *key0 = NULL, *key1 = NULL;
|
||||
unsigned char iv_enc[16], iv_dec[16];
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
unsigned char cid0[ SSL_CID_LEN_MIN ];
|
||||
unsigned char cid1[ SSL_CID_LEN_MIN ];
|
||||
|
||||
rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
|
||||
rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
|
||||
#else
|
||||
((void) cid0_len);
|
||||
((void) cid1_len);
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
maclen = 0;
|
||||
|
||||
/* Pick cipher */
|
||||
|
@ -228,6 +246,18 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
|
|||
memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
|
||||
memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
/* Add CID */
|
||||
memcpy( &t_in->in_cid, cid0, cid0_len );
|
||||
memcpy( &t_in->out_cid, cid1, cid1_len );
|
||||
t_in->in_cid_len = cid0_len;
|
||||
t_in->out_cid_len = cid1_len;
|
||||
memcpy( &t_out->in_cid, cid1, cid1_len );
|
||||
memcpy( &t_out->out_cid, cid0, cid0_len );
|
||||
t_out->in_cid_len = cid1_len;
|
||||
t_out->out_cid_len = cid0_len;
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
cleanup:
|
||||
|
||||
mbedtls_free( key0 );
|
||||
|
@ -290,7 +320,8 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
|||
|
||||
/* BEGIN_CASE */
|
||||
void ssl_crypt_record( int cipher_type, int hash_id,
|
||||
int etm, int tag_mode, int ver )
|
||||
int etm, int tag_mode, int ver,
|
||||
int cid0_len, int cid1_len )
|
||||
{
|
||||
/*
|
||||
* Test several record encryptions and decryptions
|
||||
|
@ -311,7 +342,9 @@ void ssl_crypt_record( int cipher_type, int hash_id,
|
|||
mbedtls_ssl_transform_init( &t0 );
|
||||
mbedtls_ssl_transform_init( &t1 );
|
||||
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
|
||||
etm, tag_mode, ver ) == 0 );
|
||||
etm, tag_mode, ver,
|
||||
(size_t) cid0_len,
|
||||
(size_t) cid1_len ) == 0 );
|
||||
|
||||
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
|
||||
|
||||
|
@ -346,6 +379,9 @@ void ssl_crypt_record( int cipher_type, int hash_id,
|
|||
rec.type = 42;
|
||||
rec.ver[0] = num_records;
|
||||
rec.ver[1] = num_records;
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
rec.cid_len = 0;
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
rec.buf = buf;
|
||||
rec.buf_len = buflen;
|
||||
|
@ -369,7 +405,8 @@ void ssl_crypt_record( int cipher_type, int hash_id,
|
|||
}
|
||||
|
||||
/* Decrypt record with t_dec */
|
||||
TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
|
||||
ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
/* Compare results */
|
||||
TEST_ASSERT( rec.type == rec_backup.type );
|
||||
|
@ -396,7 +433,8 @@ exit:
|
|||
|
||||
/* BEGIN_CASE */
|
||||
void ssl_crypt_record_small( int cipher_type, int hash_id,
|
||||
int etm, int tag_mode, int ver )
|
||||
int etm, int tag_mode, int ver,
|
||||
int cid0_len, int cid1_len )
|
||||
{
|
||||
/*
|
||||
* Test pairs of encryption and decryption with an increasing
|
||||
|
@ -422,16 +460,16 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
|||
|
||||
mbedtls_ssl_transform t0, t1;
|
||||
unsigned char *buf = NULL;
|
||||
size_t const buflen = 150;
|
||||
size_t const buflen = 256;
|
||||
mbedtls_record rec, rec_backup;
|
||||
|
||||
int ret;
|
||||
int mode; /* Mode 1, 2 or 3 as explained above */
|
||||
size_t offset; /* Available space at beginning/end/both */
|
||||
size_t threshold = 64; /* Maximum offset to test against */
|
||||
int mode; /* Mode 1, 2 or 3 as explained above */
|
||||
size_t offset; /* Available space at beginning/end/both */
|
||||
size_t threshold = 96; /* Maximum offset to test against */
|
||||
|
||||
size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
|
||||
size_t default_post_padding = 64; /* Post-padding to use in mode 1 */
|
||||
size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
|
||||
size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
|
||||
|
||||
int seen_success; /* Indicates if in the current mode we've
|
||||
* already seen a successful test. */
|
||||
|
@ -440,7 +478,9 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
|||
mbedtls_ssl_transform_init( &t0 );
|
||||
mbedtls_ssl_transform_init( &t1 );
|
||||
TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
|
||||
etm, tag_mode, ver ) == 0 );
|
||||
etm, tag_mode, ver,
|
||||
(size_t) cid0_len,
|
||||
(size_t) cid1_len ) == 0 );
|
||||
|
||||
TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
|
||||
|
||||
|
@ -450,17 +490,8 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
|||
for( offset=0; offset <= threshold; offset++ )
|
||||
{
|
||||
mbedtls_ssl_transform *t_dec, *t_enc;
|
||||
/* Take turns in who's sending and who's receiving. */
|
||||
if( offset % 2 == 0 )
|
||||
{
|
||||
t_dec = &t0;
|
||||
t_enc = &t1;
|
||||
}
|
||||
else
|
||||
{
|
||||
t_dec = &t1;
|
||||
t_enc = &t0;
|
||||
}
|
||||
t_dec = &t0;
|
||||
t_enc = &t1;
|
||||
|
||||
memset( rec.ctr, offset, sizeof( rec.ctr ) );
|
||||
rec.type = 42;
|
||||
|
@ -468,6 +499,9 @@ void ssl_crypt_record_small( int cipher_type, int hash_id,
|
|||
rec.ver[1] = offset;
|
||||
rec.buf = buf;
|
||||
rec.buf_len = buflen;
|
||||
#if defined(MBEDTLS_SSL_CID)
|
||||
rec.cid_len = 0;
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
switch( mode )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue