feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1235 from SparkiDev/tls13_draft21

Browse Source 
Update code to support Draft 21 of TLS v1.3
This commit is contained in:
toddouska
2017-11-17 13:11:03 -08:00
committed by GitHub
parent 8badc334ea cb8e284464
commit 21e391fbce
5 changed files with 156 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@@ -23270,6 +23270,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
word32 ageAdd; /* Obfuscation of age */ word32 ageAdd; /* Obfuscation of age */
byte namedGroup; /* Named group used */ byte namedGroup; /* Named group used */
#ifndef WOLFSSL_TLS13_DRAFT_18
TicketNonce ticketNonce; /* Ticket nonce */
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
word32 maxEarlyDataSz; /* Max size of early data */ word32 maxEarlyDataSz; /* Max size of early data */
#endif #endif
@@ -23325,6 +23328,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
it.timestamp = TimeNowInMilliseconds(); it.timestamp = TimeNowInMilliseconds();
/* Resumption master secret. */ /* Resumption master secret. */
XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN); XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN);
#ifndef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(&it.ticketNonce, &ssl->session.ticketNonce,
sizeof(TicketNonce));
#endif
#endif #endif
} }
@@ -23437,6 +23444,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
/* Resumption master secret. */ /* Resumption master secret. */
XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN); XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN);
#ifndef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(&ssl->session.ticketNonce, &it->ticketNonce,
sizeof(TicketNonce));
#endif
ssl->session.namedGroup = it->namedGroup; ssl->session.namedGroup = it->namedGroup;
#endif #endif
} }

8
src/ssl.c
View File

@@ -9789,6 +9789,10 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
copyInto->namedGroup = copyFrom->namedGroup; copyInto->namedGroup = copyFrom->namedGroup;
copyInto->ticketSeen = copyFrom->ticketSeen; copyInto->ticketSeen = copyFrom->ticketSeen;
copyInto->ticketAdd = copyFrom->ticketAdd; copyInto->ticketAdd = copyFrom->ticketAdd;
#ifndef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(&copyInto->ticketNonce, &copyFrom->ticketNonce,
sizeof(TicketNonce));
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz; copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz;
#endif #endif
@@ -10021,6 +10025,10 @@ int AddSession(WOLFSSL* ssl)
session->namedGroup = ssl->session.namedGroup; session->namedGroup = ssl->session.namedGroup;
session->ticketSeen = ssl->session.ticketSeen; session->ticketSeen = ssl->session.ticketSeen;
session->ticketAdd = ssl->session.ticketAdd; session->ticketAdd = ssl->session.ticketAdd;
#ifndef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(&session->ticketNonce, &ssl->session.ticketNonce,
sizeof(TicketNonce));
#endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
session->maxEarlyDataSz = ssl->session.maxEarlyDataSz; session->maxEarlyDataSz = ssl->session.maxEarlyDataSz;
#endif #endif

4
src/tls.c
View File

@@ -3093,7 +3093,7 @@ static int TLSX_SupportedCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
word16 name; word16 name;
int ret; int ret;
if(!isRequest) if(!isRequest && !IsAtLeastTLSv1_3(ssl->version))
return BUFFER_ERROR; /* servers doesn't send this extension. */ return BUFFER_ERROR; /* servers doesn't send this extension. */
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
@@ -8172,6 +8172,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType)
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case encrypted_extensions: case encrypted_extensions:
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -8258,6 +8259,7 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType)
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case encrypted_extensions: case encrypted_extensions:
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)

118
src/tls13.c
View File

@@ -169,6 +169,7 @@ static int Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen,
* TLS v1.3 defines this function. * TLS v1.3 defines this function.
* *
* okm The generated pseudorandom key - output key material. * okm The generated pseudorandom key - output key material.
* okmLen The length of generated pseudorandom key - output key material.
* prk The salt - pseudo-random key. * prk The salt - pseudo-random key.
* prkLen The length of the salt - pseudo-random key. * prkLen The length of the salt - pseudo-random key.
* protocol The TLS protocol label. * protocol The TLS protocol label.
@@ -808,6 +809,62 @@ static int DeriveMasterSecret(WOLFSSL* ssl)
#endif #endif
} }
#ifndef WOLFSSL_TLS13_DRAFT_18
#if defined(HAVE_SESSION_TICKET)
/* Length of the resumption label. */
#define RESUMPTION_LABEL_SZ 10
/* Resumption label for generating PSK assocated with the ticket. */
static const byte resumptionLabel[RESUMPTION_LABEL_SZ+1] = "resumption";
/* Derive the PSK assocated with the ticket.
*
* ssl The SSL/TLS object.
* nonce The nonce to derive with.
* nonceLen The length of the nonce to derive with.
* secret The derived secret.
* returns 0 on success, otherwise failure.
*/
static int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen,
byte* secret)
{
int digestAlg;
/* Only one protocol version defined at this time. */
const byte* protocol = tls13ProtocolLabel;
word32 protocolLen = TLS13_PROTOCOL_LABEL_SZ;
WOLFSSL_MSG("Derive Resumption PSK");
switch (ssl->specs.mac_algorithm) {
#ifndef NO_SHA256
case sha256_mac:
digestAlg = WC_SHA256;
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
digestAlg = WC_SHA256;
break;
#endif
#ifdef WOLFSSL_TLS13_TLS13_SHA512
case sha512_mac:
digestAlg = WC_SHA256;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return HKDF_Expand_Label(secret, ssl->specs.hash_size,
ssl->session.masterSecret, ssl->specs.hash_size,
protocol, protocolLen, resumptionLabel,
RESUMPTION_LABEL_SZ, nonce, nonceLen, digestAlg);
}
#endif /* HAVE_SESSION_TICKET */
#endif /* WOLFSSL_TLS13_DRAFT_18 */
/* Calculate the HMAC of message data to this point. /* Calculate the HMAC of message data to this point.
* *
* ssl The SSL/TLS object. * ssl The SSL/TLS object.
@@ -2055,8 +2112,15 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
#endif #endif
/* Resumption PSK is master secret. */ /* Resumption PSK is master secret. */
ssl->arrays->psk_keySz = ssl->specs.hash_size; ssl->arrays->psk_keySz = ssl->specs.hash_size;
#ifdef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
ssl->arrays->psk_keySz); ssl->arrays->psk_keySz);
#else
if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data,
ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) {
return ret;
}
#endif
} }
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
@@ -2916,8 +2980,15 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
/* Resumption PSK is resumption master secret. */ /* Resumption PSK is resumption master secret. */
ssl->arrays->psk_keySz = ssl->specs.hash_size; ssl->arrays->psk_keySz = ssl->specs.hash_size;
#ifdef WOLFSSL_TLS13_DRAFT_18
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
ssl->specs.hash_size); ssl->arrays->psk_keySz);
#else
if ((ret = DeriveResumptionPSK(ssl, ssl->session.ticketNonce.data,
ssl->session.ticketNonce.len, ssl->arrays->psk_key)) != 0) {
return ret;
}
#endif
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
ret = DeriveEarlySecret(ssl); ret = DeriveEarlySecret(ssl);
@@ -5550,6 +5621,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
word32 ageAdd; word32 ageAdd;
word16 length; word16 length;
word32 now; word32 now;
#ifndef WOLFSSL_TLS13_DRAFT_18
const byte* nonce;
byte nonceLength;
#endif
WOLFSSL_ENTER("DoTls13NewSessionTicket"); WOLFSSL_ENTER("DoTls13NewSessionTicket");
@@ -5567,6 +5642,24 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
ato32(input + *inOutIdx, &ageAdd); ato32(input + *inOutIdx, &ageAdd);
*inOutIdx += SESSION_ADD_SZ; *inOutIdx += SESSION_ADD_SZ;
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Ticket nonce. */
if ((*inOutIdx - begin) + 1 > size)
return BUFFER_ERROR;
nonceLength = input[*inOutIdx];
if (nonceLength == 0)
return INVALID_PARAMETER;
if (nonceLength > MAX_TICKET_NONCE_SZ) {
WOLFSSL_MSG("Nonce length not supported");
return INVALID_PARAMETER;
}
*inOutIdx += 1;
if ((*inOutIdx - begin) + nonceLength > size)
return BUFFER_ERROR;
nonce = input + *inOutIdx;
*inOutIdx += 1;
#endif
/* Ticket length. */ /* Ticket length. */
if ((*inOutIdx - begin) + LENGTH_SZ > size) if ((*inOutIdx - begin) + LENGTH_SZ > size)
return BUFFER_ERROR; return BUFFER_ERROR;
@@ -5592,6 +5685,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input,
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
ssl->session.maxEarlyDataSz = ssl->options.maxEarlyDataSz; ssl->session.maxEarlyDataSz = ssl->options.maxEarlyDataSz;
#endif #endif
#ifndef WOLFSSL_TLS13_DRAFT_18
ssl->session.ticketNonce.len = nonceLength;
XMEMCPY(&ssl->session.ticketNonce.data, nonce, nonceLength);
#endif
if ((*inOutIdx - begin) + EXTS_SZ > size) if ((*inOutIdx - begin) + EXTS_SZ > size)
return BUFFER_ERROR; return BUFFER_ERROR;
@@ -5751,6 +5848,16 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
} }
#endif #endif
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Start ticket nonce at 0 and go up to 255. */
if (ssl->session.ticketNonce.len == 0) {
ssl->session.ticketNonce.len = DEF_TICKET_NONCE_SZ;
ssl->session.ticketNonce.data[0] = 0;
}
else
ssl->session.ticketNonce.data[0]++;
#endif
if (!ssl->options.noTicketTls13) { if (!ssl->options.noTicketTls13) {
if ((ret = CreateTicket(ssl)) != 0) if ((ret = CreateTicket(ssl)) != 0)
return ret; return ret;
@@ -5768,6 +5875,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
/* Lifetime | Age Add | Ticket | Extensions */ /* Lifetime | Age Add | Ticket | Extensions */
length = SESSION_HINT_SZ + SESSION_ADD_SZ + LENGTH_SZ + length = SESSION_HINT_SZ + SESSION_ADD_SZ + LENGTH_SZ +
ssl->session.ticketLen + extSz; ssl->session.ticketLen + extSz;
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Nonce */
length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ;
#endif
sendSz = idx + length + MAX_MSG_EXTRA; sendSz = idx + length + MAX_MSG_EXTRA;
/* Check buffers are big enough and grow if needed. */ /* Check buffers are big enough and grow if needed. */
@@ -5788,6 +5899,11 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
c32toa(ssl->session.ticketAdd, output + idx); c32toa(ssl->session.ticketAdd, output + idx);
idx += SESSION_ADD_SZ; idx += SESSION_ADD_SZ;
#ifndef WOLFSSL_TLS13_DRAFT_18
output[idx++] = ssl->session.ticketNonce.len;
output[idx++] = ssl->session.ticketNonce.data[0];
#endif
/* length */ /* length */
c16toa(ssl->session.ticketLen, output + idx); c16toa(ssl->session.ticketLen, output + idx);
idx += LENGTH_SZ; idx += LENGTH_SZ;

18
wolfssl/internal.h
View File

@@ -955,7 +955,7 @@ enum Misc {
#ifdef WOLFSSL_TLS13_DRAFT_18 #ifdef WOLFSSL_TLS13_DRAFT_18
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
#else #else
TLS_DRAFT_MINOR = 0x14, /* Minor version number of TLS draft */ TLS_DRAFT_MINOR = 0x15, /* Minor version number of TLS draft */
#endif #endif
OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
@@ -1003,6 +1003,9 @@ enum Misc {
NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */ NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
SESSION_HINT_SZ = 4, /* session timeout hint */ SESSION_HINT_SZ = 4, /* session timeout hint */
SESSION_ADD_SZ = 4, /* session age add */ SESSION_ADD_SZ = 4, /* session age add */
TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
MAX_TICKET_NONCE_SZ = 4, /* maximum ticket nonce size */
MAX_LIFETIME = 604800, /* maximum ticket lifetime */ MAX_LIFETIME = 604800, /* maximum ticket lifetime */
MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */ MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
@@ -2155,6 +2158,16 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#ifndef WOLFSSL_TLS13_DRAFT_18
/* Ticket nonce - for deriving PSK.
* Length allowed to be: 1..255. Only support 4 bytes.
*/
typedef struct TicketNonce {
byte len;
byte data[MAX_TICKET_NONCE_SZ];
} TicketNonce;
#endif
/* The PreSharedKey extension information - entry in a linked list. */ /* The PreSharedKey extension information - entry in a linked list. */
typedef struct PreSharedKey { typedef struct PreSharedKey {
word16 identityLen; /* Length of identity */ word16 identityLen; /* Length of identity */
@@ -2675,6 +2688,9 @@ struct WOLFSSL_SESSION {
byte namedGroup; byte namedGroup;
word32 ticketSeen; /* Time ticket seen (ms) */ word32 ticketSeen; /* Time ticket seen (ms) */
word32 ticketAdd; /* Added by client */ word32 ticketAdd; /* Added by client */
#ifndef WOLFSSL_TLS13_DRAFT_18
TicketNonce ticketNonce; /* Nonce used to derive PSK */
#endif
#endif #endif
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
word32 maxEarlyDataSz; word32 maxEarlyDataSz;