mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:05:41 +01:00
Merge branch 'truncated-hmac' into development
This commit is contained in:
commit
872c29b705
@ -148,6 +148,10 @@
|
|||||||
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
|
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
|
||||||
#define SSL_LEGACY_BREAK_HANDSHAKE 2
|
#define SSL_LEGACY_BREAK_HANDSHAKE 2
|
||||||
|
|
||||||
|
#define SSL_TRUNC_HMAC_DISABLED 0
|
||||||
|
#define SSL_TRUNC_HMAC_ENABLED 1
|
||||||
|
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Size of the input / output buffer.
|
* Size of the input / output buffer.
|
||||||
* Note: the RFC defines the default size of SSL / TLS messages. If you
|
* Note: the RFC defines the default size of SSL / TLS messages. If you
|
||||||
@ -251,6 +255,8 @@
|
|||||||
|
|
||||||
#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
|
#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
|
||||||
|
|
||||||
|
#define TLS_EXT_TRUNCATED_HMAC 4
|
||||||
|
|
||||||
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
|
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
|
||||||
#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
|
#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
|
||||||
|
|
||||||
@ -333,6 +339,7 @@ struct _ssl_session
|
|||||||
#endif /* POLARSSL_X509_PARSE_C */
|
#endif /* POLARSSL_X509_PARSE_C */
|
||||||
|
|
||||||
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
|
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
|
||||||
|
int trunc_hmac; /*!< flag for truncated hmac activation */
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -540,6 +547,7 @@ struct _ssl_context
|
|||||||
int disable_renegotiation; /*!< enable/disable renegotiation */
|
int disable_renegotiation; /*!< enable/disable renegotiation */
|
||||||
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
|
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
|
||||||
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
|
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
|
||||||
|
int trunc_hmac; /*!< negotiate truncated hmac? */
|
||||||
|
|
||||||
#if defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_DHM_C)
|
||||||
mpi dhm_P; /*!< prime modulus for DHM */
|
mpi dhm_P; /*!< prime modulus for DHM */
|
||||||
@ -976,6 +984,19 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor );
|
|||||||
*/
|
*/
|
||||||
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
|
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Activate negotiation of truncated HMAC (Client only)
|
||||||
|
* (Default: SSL_TRUNC_HMAC_ENABLED)
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
|
||||||
|
* SSL_TRUNC_HMAC_DISABLED)
|
||||||
|
*
|
||||||
|
* \return O if successful,
|
||||||
|
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
|
||||||
|
*/
|
||||||
|
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Enable / Disable renegotiation support for connection when
|
* \brief Enable / Disable renegotiation support for connection when
|
||||||
* initiated by peer
|
* initiated by peer
|
||||||
|
@ -293,6 +293,28 @@ static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
|
|||||||
*olen = 5;
|
*olen = 5;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf, size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
|
||||||
|
if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED )
|
||||||
|
{
|
||||||
|
*olen = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = 0x00;
|
||||||
|
*p++ = 0x00;
|
||||||
|
|
||||||
|
*olen = 4;
|
||||||
|
}
|
||||||
|
|
||||||
static int ssl_write_client_hello( ssl_context *ssl )
|
static int ssl_write_client_hello( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
@ -463,6 +485,9 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||||||
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
|
|
||||||
|
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
|
ext_len += olen;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
||||||
ext_len ) );
|
ext_len ) );
|
||||||
|
|
||||||
@ -526,6 +551,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
@ -544,6 +570,23 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
size_t len )
|
||||||
|
{
|
||||||
|
if( ssl->trunc_hmac == SSL_TRUNC_HMAC_DISABLED ||
|
||||||
|
len != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
|
}
|
||||||
|
|
||||||
|
((void) buf);
|
||||||
|
|
||||||
|
ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
static int ssl_parse_server_hello( ssl_context *ssl )
|
static int ssl_parse_server_hello( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
uint32_t t;
|
uint32_t t;
|
||||||
@ -771,6 +814,17 @@ static int ssl_parse_server_hello( ssl_context *ssl )
|
|||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case TLS_EXT_TRUNCATED_HMAC:
|
||||||
|
SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
|
||||||
|
|
||||||
|
if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
|
||||||
|
ext + 4, ext_size ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||||
ext_id ) );
|
ext_id ) );
|
||||||
|
@ -306,6 +306,23 @@ static int ssl_parse_max_fragment_length_ext( ssl_context *ssl,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int ssl_parse_truncated_hmac_ext( ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
size_t len )
|
||||||
|
{
|
||||||
|
if( len != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
|
}
|
||||||
|
|
||||||
|
((void) buf);
|
||||||
|
|
||||||
|
ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||||
static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
static int ssl_parse_client_hello_v2( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
@ -848,6 +865,14 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case TLS_EXT_TRUNCATED_HMAC:
|
||||||
|
SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||||
|
|
||||||
|
ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||||
ext_id ) );
|
ext_id ) );
|
||||||
@ -957,6 +982,29 @@ have_ciphersuite:
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void ssl_write_truncated_hmac_ext( ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
unsigned char *p = buf;
|
||||||
|
|
||||||
|
if( ssl->session_negotiate->trunc_hmac == SSL_TRUNC_HMAC_DISABLED )
|
||||||
|
{
|
||||||
|
*olen = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
|
||||||
|
|
||||||
|
*p++ = 0x00;
|
||||||
|
*p++ = 0x00;
|
||||||
|
|
||||||
|
*olen = 4;
|
||||||
|
}
|
||||||
|
|
||||||
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
||||||
unsigned char *buf,
|
unsigned char *buf,
|
||||||
size_t *olen )
|
size_t *olen )
|
||||||
@ -1128,6 +1176,9 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
|||||||
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
|
|
||||||
|
ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
|
ext_len += olen;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
||||||
|
|
||||||
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||||
|
@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
transform->maclen = md_get_size( md_info );
|
transform->maclen = md_get_size( md_info );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If HMAC is to be truncated, we shall keep the leftmost bytes,
|
||||||
|
* (rfc 6066 page 13 or rfc 2104 section 4),
|
||||||
|
* so we only need to adjust the length here.
|
||||||
|
*/
|
||||||
|
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
|
||||||
|
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
transform->keylen = cipher_info->key_length;
|
transform->keylen = cipher_info->key_length;
|
||||||
@ -3141,6 +3149,16 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
|
||||||
|
{
|
||||||
|
if( ssl->endpoint != SSL_IS_CLIENT )
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
ssl->trunc_hmac = truncate;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
|
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
|
||||||
{
|
{
|
||||||
ssl->disable_renegotiation = renegotiation;
|
ssl->disable_renegotiation = renegotiation;
|
||||||
|
@ -58,6 +58,7 @@
|
|||||||
#define DFL_MAX_VERSION -1
|
#define DFL_MAX_VERSION -1
|
||||||
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
|
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
|
||||||
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
|
||||||
|
#define DFL_TRUNC_HMAC 0
|
||||||
|
|
||||||
#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
|
#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
|
||||||
"-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
|
"-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
|
||||||
@ -94,6 +95,7 @@ struct options
|
|||||||
int max_version; /* maximum protocol version accepted */
|
int max_version; /* maximum protocol version accepted */
|
||||||
int auth_mode; /* verify mode for connection */
|
int auth_mode; /* verify mode for connection */
|
||||||
unsigned char mfl_code; /* code for maximum fragment length */
|
unsigned char mfl_code; /* code for maximum fragment length */
|
||||||
|
int trunc_hmac; /* negotiate truncated hmac or not */
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
static void my_debug( void *ctx, int level, const char *str )
|
static void my_debug( void *ctx, int level, const char *str )
|
||||||
@ -191,6 +193,7 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags )
|
|||||||
" options: none, optional, required\n" \
|
" options: none, optional, required\n" \
|
||||||
" max_frag_len=%%d default: 16384 (tls default)" \
|
" max_frag_len=%%d default: 16384 (tls default)" \
|
||||||
" options: 512, 1024, 2048, 4096" \
|
" options: 512, 1024, 2048, 4096" \
|
||||||
|
" trunc_hmac=%%d default: 0 (disabled)\n" \
|
||||||
USAGE_PSK \
|
USAGE_PSK \
|
||||||
"\n" \
|
"\n" \
|
||||||
" force_ciphersuite=<name> default: all enabled\n"\
|
" force_ciphersuite=<name> default: all enabled\n"\
|
||||||
@ -281,6 +284,7 @@ int main( int argc, char *argv[] )
|
|||||||
opt.max_version = DFL_MAX_VERSION;
|
opt.max_version = DFL_MAX_VERSION;
|
||||||
opt.auth_mode = DFL_AUTH_MODE;
|
opt.auth_mode = DFL_AUTH_MODE;
|
||||||
opt.mfl_code = DFL_MFL_CODE;
|
opt.mfl_code = DFL_MFL_CODE;
|
||||||
|
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||||
|
|
||||||
for( i = 1; i < argc; i++ )
|
for( i = 1; i < argc; i++ )
|
||||||
{
|
{
|
||||||
@ -416,6 +420,12 @@ int main( int argc, char *argv[] )
|
|||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "trunc_hmac" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.trunc_hmac = atoi( q );
|
||||||
|
if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
@ -623,6 +633,9 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
ssl_set_max_frag_len( &ssl, opt.mfl_code );
|
ssl_set_max_frag_len( &ssl, opt.mfl_code );
|
||||||
|
|
||||||
|
if( opt.trunc_hmac != 0 )
|
||||||
|
ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
|
||||||
|
|
||||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||||
|
Loading…
Reference in New Issue
Block a user