From 8bee89994dbcc119812ac81102eb22e959cf9093 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 27 Oct 2022 10:21:05 +0000 Subject: [PATCH 1/4] Add parse function for early data in encrypted extentions Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 63 +++++++++++++++++++++++++++++++ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 65 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0372f2d98..839fe3679 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1335,6 +1335,53 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, return( 0 ); } +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* + * ssl_tls13_parse_ee_early_data_ext() + * Parse early data indication extension in EncryptedExtensions. + * + * struct {} Empty; + * + * struct { + * select (Handshake.msg_type) { + * ... + * case client_hello: Empty; + * case encrypted_extensions: Empty; + * }; + * } EarlyDataIndication; + * + */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) + { + /* The server must not send the EarlyDataIndication if the + * client hasn't indicated the use of early data. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + if( len != 0 ) + { + /* The message must be empty. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + /* Nothing to parse */ + ((void) buf); + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + return( 0 ); +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* Returns a negative value on failure, and otherwise * - SSL_SERVER_HELLO or * - SSL_SERVER_HELLO_HRR @@ -2060,6 +2107,22 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ + +#if defined(MBEDTLS_SSL_EARLY_DATA) + case MBEDTLS_TLS_EXT_EARLY_DATA: + ret = ssl_tls13_parse_ee_early_data_ext( + ssl, p, (size_t)extension_data_len ); + if( ret != 0 ) + { + ssl->early_data_status = + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_ee_early_data_ext", ret ); + return( ret ); + } + break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + default: MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index edece456b..ed428480c 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -301,7 +301,7 @@ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ -c "NewSessionTicket: early_data(42) extension received." \ -c "ClientHello: early_data(42) extension exists." \ -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ + -c "EncryptedExtensions: early_data(42) extension exists." \ -s "Parsing extension 'Early Data/42' (0 bytes)" \ -s "Sending extension Early Data/42 (0 bytes)" \ -s "early data accepted" @@ -322,7 +322,7 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "NewSessionTicket: early_data(42) extension received." \ -c "ClientHello: early_data(42) extension does not exist." \ -C "EncryptedExtensions: early_data(42) extension received." \ - -C "EncryptedExtensions: early_data(42) extension ( ignored )." + -C "EncryptedExtensions: early_data(42) extension exists." #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test From ca09afc60ace53dca16e6d1bea697fc308165423 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 22 Nov 2022 10:05:19 +0000 Subject: [PATCH 2/4] Remove useless function and parse early data in ee Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 72 +++++++++----------------------------- 1 file changed, 17 insertions(+), 55 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 839fe3679..9db2b7928 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1335,53 +1335,6 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * ssl_tls13_parse_ee_early_data_ext() - * Parse early data indication extension in EncryptedExtensions. - * - * struct {} Empty; - * - * struct { - * select (Handshake.msg_type) { - * ... - * case client_hello: Empty; - * case encrypted_extensions: Empty; - * }; - * } EarlyDataIndication; - * - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) - { - /* The server must not send the EarlyDataIndication if the - * client hasn't indicated the use of early data. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - - if( len != 0 ) - { - /* The message must be empty. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Nothing to parse */ - ((void) buf); - - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - return( 0 ); -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* Returns a negative value on failure, and otherwise * - SSL_SERVER_HELLO or * - SSL_SERVER_HELLO_HRR @@ -2110,16 +2063,25 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_ee_early_data_ext( - ssl, p, (size_t)extension_data_len ); - if( ret != 0 ) + if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) { - ssl->early_data_status = - MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_ee_early_data_ext", ret ); - return( ret ); + /* The server must not send the EarlyDataIndication if the + * client hasn't indicated the use of early data. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } + + if( extension_data_len != 0 ) + { + /* The message must be empty. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From e861ba01d474034cbde57de9448d697daf8d8349 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 23 Nov 2022 03:21:02 +0000 Subject: [PATCH 3/4] Remove the duplicate early_data_status check Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9db2b7928..57d3adb71 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2063,14 +2063,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) - { - /* The server must not send the EarlyDataIndication if the - * client hasn't indicated the use of early data. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } if( extension_data_len != 0 ) { @@ -2080,7 +2072,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From b157e915ad29e7e47443a2f624d9cb42c497d487 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 23 Nov 2022 08:12:26 +0000 Subject: [PATCH 4/4] Move the early data status set afeter all of the extensions parse Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 57d3adb71..227c99d47 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2072,8 +2072,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - break; #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2119,6 +2117,14 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) ); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if( ssl->handshake->received_extensions & + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) + { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } +#endif + mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );