From 2f28c1031f8d74c5c760534952c022fb463216dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 15:46:59 +0100 Subject: [PATCH 01/28] Add fields to SSL structures describing state and config of CID ext * mbedtls_ssl_context gets fields indicating whether the CID extension should be negotiated in the next handshake, and, if yes, which CID the user wishes the peer to use. This information does not belong to mbedtls_ssl_handshake_params because (a) it is configured prior to the handshake, and (b) it applies to all subsequent handshakes. * mbedtls_ssl_handshake_params gets fields indicating the state of CID negotiation during the handshake. Specifically, it indicates if the use of the CID extension has been negotiated, and if so, which CID the peer wishes us to use for outgoing messages. --- include/mbedtls/ssl.h | 15 +++++++++++++++ include/mbedtls/ssl_internal.h | 12 ++++++++++++ 2 files changed, 27 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f40506565..494f8c282 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1266,6 +1266,21 @@ struct mbedtls_ssl_context char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ + +#if defined(MBEDTLS_SSL_CID) + /* CID configuration to use in subsequent handshakes. */ + + /*! The next incoming CID, chosen by the user and applying to + * all subsequent handshakes. This may be different from the + * CID currently used in case the user has re-configured the CID + * after an initial handshake. */ + unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; + uint8_t own_cid_len; /*!< The length of \c own_cid. */ + uint8_t negotiate_cid; /*!< This indicates whether the CID extension should + * be negotiated in the next handshake or not. + * Possible values are #MBEDTLS_SSL_CID_ENABLED + * and #MBEDTLS_SSL_CID_DISABLED. */ +#endif /* MBEDTLS_SSL_CID */ }; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9c4be53f7..e4d0a4c28 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -372,6 +372,18 @@ struct mbedtls_ssl_handshake_params unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ +#if defined(MBEDTLS_SSL_CID) + /* The state of CID configuration in this handshake. */ + + uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension + * has been negotited. Possible values are + * #MBEDTLS_SSL_CID_ENABLED and + * #MBEDTLS_SSL_CID_DISABLED. */ + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ + uint8_t peer_cid_len; /*!< The length of + * \c peer_cid. */ +#endif /* MBEDTLS_SSL_CID */ + struct { size_t total_bytes_buffered; /*!< Cumulative size of heap allocated From ca092246a729b65aec62c764fa6a5865c7abbd32 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:01:49 +0100 Subject: [PATCH 02/28] Allow configuring own CID fields through mbedtls_ssl_get_peer_cid() --- library/ssl_tls.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 50464751c..aabe8c5f8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -121,18 +121,33 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_CID) /* Top-level Connection ID API */ -/* WARNING: This implementation is a stub and doesn't do anything! - * It is included solely to allow review and coding against - * the new Connection CID API. */ +/* WARNING: The CID feature isn't fully implemented yet + * and will not be used. */ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, int enable, unsigned char const *own_cid, size_t own_cid_len ) { - ((void) ssl); - ((void) enable); - ((void) own_cid); - ((void) own_cid_len); + ssl->negotiate_cid = enable; + if( enable == MBEDTLS_SSL_CID_DISABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) ); + return( 0 ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) ); + + if( own_cid_len > MBEDTLS_SSL_CID_IN_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID too large: Maximum %u, actual %u", + (unsigned) MBEDTLS_SSL_CID_IN_LEN_MAX, + (unsigned) own_cid_len ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + memcpy( ssl->own_cid, own_cid, own_cid_len ); + ssl->own_cid_len = own_cid_len; + + MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); return( 0 ); } From f157a97b756140bc330eb7239fe59ccc5b3549d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:05:45 +0100 Subject: [PATCH 03/28] Modify CID tests in ssl-opt.sh to grep for CID config debug msgs --- tests/ssl-opt.sh | 120 +++++++++++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 45 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0037429a9..6aac9cead 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1278,94 +1278,124 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client enabled, server disabled" \ - "$P_SRV dtls=1 cid=0" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=0" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + 0 \ + -s "Disable use of CID extension." \ + -c "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=0" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=0" \ + 0 \ + -c "Disable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ - "$P_SRV dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." # Tests for Encrypt-then-MAC extension From 0652bc50c76c5ab6cc6e37afa5a05c5c1f023c4c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:24:57 +0100 Subject: [PATCH 04/28] Add identifier for CID extension Note: The current draft https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04 does not yet specify the extension value, so we use a temporary value of 42. --- include/mbedtls/ssl.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 494f8c282..b45ceb3d4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -386,6 +386,10 @@ #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 +/* The value of the CID extension is still TBD as of + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04. */ +#define MBEDTLS_TLS_EXT_CID 42 /* TBD */ + #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 From 189a01309ffd773fc75767b8a2b45e67b56be27b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:47:57 +0100 Subject: [PATCH 05/28] Check static bounds of CID lengths in check_config.h --- include/mbedtls/check_config.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d8b0786c0..b8b327c99 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -646,6 +646,18 @@ #error "MBEDTLS_SSL_CID defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ + MBEDTLS_SSL_CID_IN_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" +#endif + +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ + MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" +#endif + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) #error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites" From 49770ffd931bceb3bb34e756270772a7a27c7b1b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 16:55:15 +0100 Subject: [PATCH 06/28] Implement writing of CID extension in ClientHello --- library/ssl_cli.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index aabf4d485..fcd72bab1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -475,6 +475,54 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#if defined(MBEDTLS_SSL_CID) +static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + unsigned char *p = buf; + size_t ext_len; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + *olen = 0; + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + { + return; + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); + + /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX + * which is at most 255, so the increment cannot overflow. */ + if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + /* Add extension ID + size */ + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + ext_len = (size_t) ssl->own_cid_len + 1; + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + *p++ = (uint8_t) ssl->own_cid_len; + memcpy( p, ssl->own_cid, ssl->own_cid_len ); + + *olen = ssl->own_cid_len + 5; +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1085,6 +1133,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_CID) + ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; From 6b78c8382938a886124231b0f367139403374b3e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 17:01:43 +0100 Subject: [PATCH 07/28] Grep for dbg msg witnessing writing of CID extension in ClientHello --- tests/ssl-opt.sh | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6aac9cead..98a589e8c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1282,7 +1282,8 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ -s "Disable use of CID extension." \ - -c "Enable use of CID extension." + -c "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ @@ -1290,6 +1291,7 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ "$P_CLI debug_level=3 dtls=1 cid=0" \ 0 \ -c "Disable use of CID extension." \ + -C "client hello, adding CID extension" \ -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID @@ -1298,7 +1300,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1306,7 +1309,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1314,7 +1318,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1322,7 +1327,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt "$P_CLI debug_level=3 dtls=1 cid=1" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1330,7 +1336,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1338,7 +1345,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1346,7 +1354,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1354,7 +1363,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1362,7 +1372,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1370,7 +1381,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1378,7 +1390,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1386,7 +1399,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1395,7 +1409,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 0 \ -c "Enable use of CID extension." \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" # Tests for Encrypt-then-MAC extension From 89dcc881d4d237d0c7b40f8fc6663d8bab5c2086 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 13:56:39 +0100 Subject: [PATCH 08/28] Implement parsing of CID extension in ClientHello --- library/ssl_srv.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 33a38a652..2845da881 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -475,6 +475,78 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_CID) +static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + size_t peer_cid_len; + + /* CID extension only makes sense in DTLS */ + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + if( len < 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + peer_cid_len = *buf++; + len--; + + if( len != peer_cid_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* Ignore CID if the user has disabled its use. */ + if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + { + /* Leave ssl->handshake->cid_in_use in its default + * value of MBEDTLS_SSL_CID_DISABLED. */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) ); + return( 0 ); + } + + if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; + memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len ); + + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; + return( 0 ); +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1823,6 +1895,16 @@ read_record_header: break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + + ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; +#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); From 7dee2c6369ea01a656ad140022f54c11da67d18d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 14:17:56 +0100 Subject: [PATCH 09/28] Grep for dbg msg witnessing parsing of CID extension in ClientHello --- tests/ssl-opt.sh | 55 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98a589e8c..2088bf08b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1282,6 +1282,8 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 0 \ -s "Disable use of CID extension." \ + -s "found CID extension" \ + -s "Client sent CID extension, but CID disabled" \ -c "Enable use of CID extension." \ -c "client hello, adding CID extension" @@ -1292,6 +1294,7 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ 0 \ -c "Disable use of CID extension." \ -C "client hello, adding CID extension" \ + -S "found CID extension" \ -s "Enable use of CID extension." requires_config_enabled MBEDTLS_SSL_CID @@ -1301,7 +1304,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1310,7 +1315,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1319,7 +1326,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1328,7 +1337,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1337,7 +1348,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1346,7 +1359,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1355,7 +1370,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1364,7 +1381,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1373,7 +1392,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1382,7 +1403,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1391,7 +1414,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1400,7 +1425,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1410,7 +1437,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ 0 \ -c "Enable use of CID extension." \ -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" # Tests for Encrypt-then-MAC extension From 51de2d3f69e0885bcdae6dcb2dbe16afb780d4ec Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 15:46:55 +0100 Subject: [PATCH 10/28] Implement writing of CID extension in ServerHello --- library/ssl_srv.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2845da881..1f5a75f67 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2182,6 +2182,54 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + unsigned char *p = buf; + size_t ext_len; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + *olen = 0; + + /* Skip writing the extension if we don't want to use it or if + * the client hasn't offered it. */ + if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED ) + return; + + /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX + * which is at most 255, so the increment cannot overflow. */ + if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) ); + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + ext_len = (size_t) ssl->own_cid_len + 1; + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + *p++ = (uint8_t) ssl->own_cid_len; + memcpy( p, ssl->own_cid, ssl->own_cid_len ); + + *olen = ssl->own_cid_len + 5; +} +#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -2703,6 +2751,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_CID) + ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; From 4bc9e9d3f678d586acec72835e64c92f9e836a12 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 16:00:29 +0100 Subject: [PATCH 11/28] Grep for dbg msg witnessing writing of CID extension in ServerHello --- tests/ssl-opt.sh | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2088bf08b..7797b824b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1285,7 +1285,8 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -s "found CID extension" \ -s "Client sent CID extension, but CID disabled" \ -c "Enable use of CID extension." \ - -c "client hello, adding CID extension" + -c "client hello, adding CID extension" \ + -S "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ @@ -1295,7 +1296,8 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -c "Disable use of CID extension." \ -C "client hello, adding CID extension" \ -S "found CID extension" \ - -s "Enable use of CID extension." + -s "Enable use of CID extension." \ + -S "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ @@ -1306,7 +1308,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1317,7 +1320,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1328,7 +1332,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1339,7 +1344,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1350,7 +1356,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1361,7 +1368,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1372,7 +1380,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1383,7 +1392,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1394,7 +1404,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1405,7 +1416,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1416,7 +1428,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1427,7 +1440,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1439,7 +1453,8 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -s "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -s "found CID extension" \ - -s "Use of CID extension negotiated" + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" # Tests for Encrypt-then-MAC extension From a8373a11c0a1ad5c8050c9ed4dd1f5acdddf2ff8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 15:37:26 +0100 Subject: [PATCH 12/28] Implement parsing of CID extension in ServerHello --- library/ssl_cli.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index fcd72bab1..529a80b72 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1295,6 +1295,57 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) +static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + size_t peer_cid_len; + + if( /* CID extension only makes sense in DTLS */ + ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + /* The server must only send the CID extension if we have offered it. */ + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED || + /* CID extension must at least contain the length byte */ + len < 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + peer_cid_len = *buf++; + len--; + + if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( len != peer_cid_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; + memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len ); + + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; + + return( 0 ); +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1946,6 +1997,20 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + + if( ( ret = ssl_parse_cid_ext( ssl, + ext + 4, + ext_size ) ) != 0 ) + { + return( ret ); + } + + break; +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) ); From a6a4c7623cd5e3b049297ebd1095019f5fe7acfe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 16:13:31 +0100 Subject: [PATCH 13/28] Grep for dbg msg witnessing parsing of CID extension in ServerHello --- tests/ssl-opt.sh | 58 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7797b824b..1fbc8ad1e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1286,7 +1286,8 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -s "Client sent CID extension, but CID disabled" \ -c "Enable use of CID extension." \ -c "client hello, adding CID extension" \ - -S "server hello, adding CID extension" + -S "server hello, adding CID extension" \ + -C "found CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ @@ -1297,7 +1298,8 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -C "client hello, adding CID extension" \ -S "found CID extension" \ -s "Enable use of CID extension." \ - -S "server hello, adding CID extension" + -S "server hello, adding CID extension" \ + -C "found CID extension" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ @@ -1309,7 +1311,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1321,7 +1325,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1333,7 +1339,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1345,7 +1353,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1357,7 +1367,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1369,7 +1381,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1381,7 +1395,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1393,7 +1409,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1405,7 +1423,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1417,7 +1437,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1429,7 +1451,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1441,7 +1465,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1454,7 +1480,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -c "client hello, adding CID extension" \ -s "found CID extension" \ -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" # Tests for Encrypt-then-MAC extension From 1327fa7d1452f0cdcddcc9610c1b4211c9ef1cf9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Apr 2019 15:54:02 +0100 Subject: [PATCH 14/28] Add fields holding in/out CIDs to SSL record transformation struct These will be copied from the CID fields in mbedtls_ssl_handshake_params (outgoing CID) and mbedtls_ssl_context (incoming CID) when the transformation is set up at the end of the handshake. --- include/mbedtls/ssl_internal.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e4d0a4c28..e5da547c7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -609,6 +609,13 @@ struct mbedtls_ssl_transform mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; +#if defined(MBEDTLS_SSL_CID) + uint8_t in_cid_len; + uint8_t out_cid_len; + unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; + unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; +#endif /* MBEDTLS_SSL_CID */ + /* * Session specific compression layer */ From 4bf7465840c6dff423f11b79e77c6b3ad2adcdbe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 16:22:27 +0100 Subject: [PATCH 15/28] Copy CIDs into SSL transform if use of CID has been negotiated --- library/ssl_tls.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index aabe8c5f8..2750b4e51 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -933,6 +933,25 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } +#if defined(MBEDTLS_SSL_CID) + /* Copy own and peer's CID if the use of the CID + * extension has been negotiated. */ + if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); + transform->in_cid_len = ssl->own_cid_len; + transform->out_cid_len = ssl->handshake->peer_cid_len; + memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); + memcpy( transform->out_cid, ssl->handshake->peer_cid, + ssl->handshake->peer_cid_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, + transform->out_cid_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Ingoing CID", transform->in_cid, + transform->in_cid_len ); + } +#endif /* MBEDTLS_SSL_CID */ + /* * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions */ From 9ecb6c676c547479d05c1da82d94f494e162ab66 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 16:23:52 +0100 Subject: [PATCH 16/28] Grep for dbg msg witnessing copying of CIDs to SSL transform --- tests/ssl-opt.sh | 60 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 45 insertions(+), 15 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1fbc8ad1e..bd9b69054 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1287,7 +1287,9 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -c "Enable use of CID extension." \ -c "client hello, adding CID extension" \ -S "server hello, adding CID extension" \ - -C "found CID extension" + -C "found CID extension" \ + -S "Copy CIDs into SSL transform" \ + -C "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ @@ -1299,7 +1301,9 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -S "found CID extension" \ -s "Enable use of CID extension." \ -S "server hello, adding CID extension" \ - -C "found CID extension" + -C "found CID extension" \ + -S "Copy CIDs into SSL transform" \ + -C "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ @@ -1313,7 +1317,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1327,7 +1333,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1341,7 +1349,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1355,7 +1365,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1369,7 +1381,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1383,7 +1397,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1397,7 +1413,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1411,7 +1429,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1425,7 +1445,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1439,7 +1461,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1453,7 +1477,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1467,7 +1493,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1482,7 +1510,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -s "Use of CID extension negotiated" \ -s "server hello, adding CID extension" \ -c "found CID extension" \ - -c "Use of CID extension negotiated" + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" # Tests for Encrypt-then-MAC extension From b1f89cd6023239d8c6a554b10e7d9ade90687568 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 17:08:02 +0100 Subject: [PATCH 17/28] Implement mbedtls_ssl_get_peer_cid() --- library/ssl_tls.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2750b4e51..45cafffa2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -151,19 +151,35 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, return( 0 ); } -/* WARNING: This implementation is a stub and doesn't do anything! - * It is included solely to allow review and coding against - * the new Connection CID API. */ +/* WARNING: The CID feature isn't fully implemented yet + * and will not be used. */ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], size_t *peer_cid_len ) { - ((void) ssl); - ((void) peer_cid); - ((void) peer_cid_len); - *enabled = MBEDTLS_SSL_CID_DISABLED; + + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + /* What shall we report if we have exchanged if both client + * and server have used the CID extension, but negotiated + * empty CIDs? This is indistinguishable from not using the + * CID extension in the first place, and we're reporting + * MBEDTLS_SSL_CID_DISABLED in this case. */ + if( ssl->transform_in->in_cid_len == 0 && + ssl->transform_in->out_cid_len == 0 ) + { + return( 0 ); + } + + *peer_cid_len = ssl->transform_in->out_cid_len; + memcpy( peer_cid, ssl->transform_in->out_cid, + ssl->transform_in->out_cid_len ); + + *enabled = MBEDTLS_SSL_CID_ENABLED; + return( 0 ); } #endif /* MBEDTLS_SSL_CID */ From dec2552a92ac8a9b2802dd8248ecf0e92903c883 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 17:19:15 +0100 Subject: [PATCH 18/28] Change formating of CID debug output in ssl_client2/ssl_server2 --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a524f81ce..cb5bea7dc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2180,7 +2180,7 @@ int main( int argc, char *argv[] ) (unsigned) peer_cid_len ); while( idx < peer_cid_len ) { - mbedtls_printf( "%#02x ", peer_cid[ idx ] ); + mbedtls_printf( "%02x ", peer_cid[ idx ] ); idx++; } mbedtls_printf( "\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 60c5a507d..03eda0bf7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3330,7 +3330,7 @@ handshake: (unsigned) peer_cid_len ); while( idx < peer_cid_len ) { - mbedtls_printf( "%#02x ", peer_cid[ idx ] ); + mbedtls_printf( "%02x ", peer_cid[ idx ] ); idx++; } mbedtls_printf( "\n" ); From fcffdccb85e0c9a82d828370a2afb605c51b9d7a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 17:19:46 +0100 Subject: [PATCH 19/28] Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 --- tests/ssl-opt.sh | 78 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 15 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bd9b69054..de0653241 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1289,7 +1289,8 @@ run_test "(STUB) Connection ID: Client enabled, server disabled" \ -S "server hello, adding CID extension" \ -C "found CID extension" \ -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" + -C "Copy CIDs into SSL transform" \ + -c "Use of Connection ID was rejected by the server" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ @@ -1303,7 +1304,8 @@ run_test "(STUB) Connection ID: Client disabled, server enabled" \ -S "server hello, adding CID extension" \ -C "found CID extension" \ -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" + -C "Copy CIDs into SSL transform" \ + -s "Use of Connection ID was not offered by the client" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ @@ -1319,7 +1321,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ @@ -1335,7 +1341,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ @@ -1351,7 +1361,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ @@ -1367,7 +1381,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ @@ -1383,7 +1399,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ @@ -1399,7 +1419,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ @@ -1415,7 +1439,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ @@ -1431,7 +1459,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ @@ -1447,7 +1477,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID none -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ @@ -1463,7 +1497,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ @@ -1479,7 +1517,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES- -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ @@ -1495,7 +1537,9 @@ run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empt -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -1512,7 +1556,11 @@ run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ -c "found CID extension" \ -c "Use of CID extension negotiated" \ -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" # Tests for Encrypt-then-MAC extension From b7ee0cf3f993478e178077e73986026cbca957f8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 30 Apr 2019 14:07:31 +0100 Subject: [PATCH 20/28] Make integer truncation explicit in mbedtls_ssl_set_cid() --- library/ssl_tls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 45cafffa2..a0f9584a7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -145,7 +145,9 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, } memcpy( ssl->own_cid, own_cid, own_cid_len ); - ssl->own_cid_len = own_cid_len; + /* Truncation is not an issue here because + * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ + ssl->own_cid_len = (uint8_t) own_cid_len; MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); return( 0 ); From a34ff5b9a2c97706c5f9304cad394d0a85037c11 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 30 Apr 2019 14:17:40 +0100 Subject: [PATCH 21/28] Correct compile-time guard around CID extension writing func on srv --- library/ssl_srv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1f5a75f67..7386e8de1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2182,7 +2182,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +#if defined(MBEDTLS_SSL_CID) static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -2228,7 +2228,7 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, *olen = ssl->own_cid_len + 5; } -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#endif /* MBEDTLS_SSL_CID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, From 554b6ea30a8b50a6994b4e80ed2f459f59d2bc69 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 30 Apr 2019 14:18:06 +0100 Subject: [PATCH 22/28] Correct compile-time guard around unhexify() in ssl_server2 --- programs/ssl/ssl_server2.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 03eda0bf7..a94ddac8e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -924,7 +924,8 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, #endif /* SNI_OPTION */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \ + defined(MBEDTLS_SSL_CID) #define HEX2NUM( c ) \ do \ @@ -967,6 +968,10 @@ int unhexify( unsigned char *output, const char *input, size_t *olen ) return( 0 ); } +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) + typedef struct _psk_entry psk_entry; struct _psk_entry From 064b732d11e05db4286644a42967a6f2172ce440 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:42:13 +0100 Subject: [PATCH 23/28] Use unused extension ID as tentative ID for CID extension --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b45ceb3d4..fa6d2327b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -388,7 +388,7 @@ /* The value of the CID extension is still TBD as of * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04. */ -#define MBEDTLS_TLS_EXT_CID 42 /* TBD */ +#define MBEDTLS_TLS_EXT_CID 254 /* TBD */ #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ From 08556bf8fb6a81a001b2ae9e016ca0df8b82163e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:43:44 +0100 Subject: [PATCH 24/28] Improve structure of ssl_parse_cid_ext() Group configuring CID values together. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 7386e8de1..51340b443 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -536,13 +536,13 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len ); - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; return( 0 ); } #endif /* MBEDTLS_SSL_CID */ From 2262648b6968f4dee34f4437dbfb9f30cdc0de45 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:46:59 +0100 Subject: [PATCH 25/28] Improve debugging output of client-side CID extension parsing --- library/ssl_cli.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 529a80b72..1063f45fa 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1305,13 +1305,19 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, if( /* CID extension only makes sense in DTLS */ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || /* The server must only send the CID extension if we have offered it. */ - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED || - /* CID extension must at least contain the length byte */ - len < 1 ) + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1320,17 +1326,17 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } if( len != peer_cid_len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } From 5a29990367a863c0879efbfdf63ab9e286cef8fe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:47:49 +0100 Subject: [PATCH 26/28] Improve structure of client-side CID extension parsing Group configuring CID values together. --- library/ssl_cli.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1063f45fa..45f4c4047 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1340,14 +1340,13 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len ); - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; - return( 0 ); } #endif /* MBEDTLS_SSL_CID */ From c5f2422116e384e0df35b6872d14ce559199f815 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:54:52 +0100 Subject: [PATCH 27/28] Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs --- include/mbedtls/ssl.h | 7 +++++++ library/ssl_tls.c | 9 ++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa6d2327b..5acdbd570 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1628,6 +1628,13 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, * progress, this function will attempt to complete * the handshake first. * + * \note If CID extensions have been exchanged but both client + * and server chose to use an empty CID, this function + * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED + * (the rationale for this is that the resulting + * communication is the same as if the CID extensions + * hadn't been used). + * * \return \c 0 on success. * \return A negative error code on failure. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a0f9584a7..5cb15f572 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -165,11 +165,10 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - /* What shall we report if we have exchanged if both client - * and server have used the CID extension, but negotiated - * empty CIDs? This is indistinguishable from not using the - * CID extension in the first place, and we're reporting - * MBEDTLS_SSL_CID_DISABLED in this case. */ + /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions + * were used, but client and server requested the empty CID. + * This is indistinguishable from not using the CID extension + * in the first place. */ if( ssl->transform_in->in_cid_len == 0 && ssl->transform_in->out_cid_len == 0 ) { From 1c1f04680482a8d5cdfd7de336bd246ed3d3e992 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 12:55:51 +0100 Subject: [PATCH 28/28] Replace 'ingoing' -> 'incoming' in CID debug messages --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5acdbd570..8c5dd140b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3161,7 +3161,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record - * counter (outgoing or ingoing) crosses the defined + * counter (outgoing or incoming) crosses the defined * threshold. The default value is meant to prevent the * connection from being closed when the counter is about to * reached its maximal value (it is not allowed to wrap). diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5cb15f572..4d41d8328 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -964,7 +964,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, transform->out_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Ingoing CID", transform->in_cid, + MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, transform->in_cid_len ); } #endif /* MBEDTLS_SSL_CID */