mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-01 03:34:39 +02:00
Merge pull request #953 from SparkiDev/tls13_psk
External PSK working in TLS13
This commit is contained in:
toddouska
GitHub
@@ -1281,7 +1281,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
if (cipherList == NULL) {
|
if (cipherList == NULL) {
|
||||||
const char *defaultCipherList;
|
const char *defaultCipherList;
|
||||||
#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
||||||
|
#ifdef WOLFSSL_TLS13
|
||||||
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:"
|
||||||
|
"TLS13-AES128-GCM-SHA256";
|
||||||
|
#else
|
||||||
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
||||||
|
#endif
|
||||||
#elif defined(HAVE_NULL_CIPHER)
|
#elif defined(HAVE_NULL_CIPHER)
|
||||||
defaultCipherList = "PSK-NULL-SHA256";
|
defaultCipherList = "PSK-NULL-SHA256";
|
||||||
#else
|
#else
|
||||||
|
|||||||
@@ -867,7 +867,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
if (cipherList == NULL && !usePskPlus) {
|
if (cipherList == NULL && !usePskPlus) {
|
||||||
const char *defaultCipherList;
|
const char *defaultCipherList;
|
||||||
#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
||||||
|
#ifdef WOLFSSL_TLS13
|
||||||
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:"
|
||||||
|
"TLS13-AES128-GCM-SHA256";
|
||||||
|
#else
|
||||||
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
||||||
|
#endif
|
||||||
needDH = 1;
|
needDH = 1;
|
||||||
#elif defined(HAVE_NULL_CIPHER)
|
#elif defined(HAVE_NULL_CIPHER)
|
||||||
defaultCipherList = "PSK-NULL-SHA256";
|
defaultCipherList = "PSK-NULL-SHA256";
|
||||||
|
|||||||
@@ -9128,7 +9128,7 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
|
|||||||
ssl->options.resuming = 1;
|
ssl->options.resuming = 1;
|
||||||
|
|
||||||
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
|
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
|
||||||
defined(HAVE_SESSION_TICKET) && !defined(NO_PSK))
|
defined(HAVE_SESSION_TICKET))
|
||||||
ssl->version = session->version;
|
ssl->version = session->version;
|
||||||
ssl->options.cipherSuite0 = session->cipherSuite0;
|
ssl->options.cipherSuite0 = session->cipherSuite0;
|
||||||
ssl->options.cipherSuite = session->cipherSuite;
|
ssl->options.cipherSuite = session->cipherSuite;
|
||||||
@@ -9278,13 +9278,13 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
|
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
|
||||||
defined(HAVE_SESSION_TICKET) && !defined(NO_PSK))
|
defined(HAVE_SESSION_TICKET))
|
||||||
if (error == 0) {
|
if (error == 0) {
|
||||||
session->version = ssl->version;
|
session->version = ssl->version;
|
||||||
session->cipherSuite0 = ssl->options.cipherSuite0;
|
session->cipherSuite0 = ssl->options.cipherSuite0;
|
||||||
session->cipherSuite = ssl->options.cipherSuite;
|
session->cipherSuite = ssl->options.cipherSuite;
|
||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS || (WOLFSSL_TLS13 & !NO_PSK) */
|
#endif /* SESSION_CERTS || (WOLFSSL_TLS13 & HAVE_SESSION_TICKET) */
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||||
if (error == 0) {
|
if (error == 0) {
|
||||||
session->namedGroup = ssl->session.namedGroup;
|
session->namedGroup = ssl->session.namedGroup;
|
||||||
|
|||||||
82
src/tls.c
82
src/tls.c
@@ -673,7 +673,7 @@ static INLINE void c24to32(const word24 u24, word32* u32)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
|
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||||
/* Convert opaque data to a 32-bit unsigned integer.
|
/* Convert opaque data to a 32-bit unsigned integer.
|
||||||
*
|
*
|
||||||
* c The opaque data holding a 32-bit integer.
|
* c The opaque data holding a 32-bit integer.
|
||||||
@@ -5207,7 +5207,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
ssl->session.namedGroup = keyShareEntry->group;
|
ssl->session.namedGroup = keyShareEntry->group;
|
||||||
#endif
|
#endif
|
||||||
/* Use Key Share Data from server. */
|
/* Use Key Share Data from server. */
|
||||||
@@ -5434,6 +5434,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
|
|||||||
if (extension == NULL)
|
if (extension == NULL)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
|
extension->resp = 0;
|
||||||
|
|
||||||
/* Try to find the key share entry with this group. */
|
/* Try to find the key share entry with this group. */
|
||||||
keyShareEntry = (KeyShareEntry*)extension->data;
|
keyShareEntry = (KeyShareEntry*)extension->data;
|
||||||
@@ -5620,6 +5621,9 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl)
|
|||||||
if (extension != NULL)
|
if (extension != NULL)
|
||||||
list = (KeyShareEntry*)extension->data;
|
list = (KeyShareEntry*)extension->data;
|
||||||
|
|
||||||
|
if (extension && extension->resp == 1)
|
||||||
|
return 0;
|
||||||
|
|
||||||
/* TODO: [TLS13] Server's preference and sending back SupportedGroups */
|
/* TODO: [TLS13] Server's preference and sending back SupportedGroups */
|
||||||
/* Use client's preference. */
|
/* Use client's preference. */
|
||||||
for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
|
for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
|
||||||
@@ -5695,7 +5699,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl)
|
|||||||
/* Pre-Shared Key */
|
/* Pre-Shared Key */
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||||
/* Free the pre-shared key dynamic data.
|
/* Free the pre-shared key dynamic data.
|
||||||
*
|
*
|
||||||
* list The linked list of key share entry objects.
|
* list The linked list of key share entry objects.
|
||||||
@@ -5922,8 +5926,8 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
ato32(input + idx, &age);
|
ato32(input + idx, &age);
|
||||||
idx += OPAQUE32_LEN;
|
idx += OPAQUE32_LEN;
|
||||||
|
|
||||||
ret = TLSX_PreSharedKey_Use(ssl, identity, identityLen, age, 0, 1,
|
ret = TLSX_PreSharedKey_Use(ssl, identity, identityLen, age, no_mac,
|
||||||
NULL);
|
1, NULL);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@@ -5990,6 +5994,7 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
return PSK_KEY_ERROR;
|
return PSK_KEY_ERROR;
|
||||||
list->chosen = 1;
|
list->chosen = 1;
|
||||||
|
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
if (list->resumption) {
|
if (list->resumption) {
|
||||||
/* Check that the session's details are the same as the server's. */
|
/* Check that the session's details are the same as the server's. */
|
||||||
if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 ||
|
if (ssl->options.cipherSuite0 != ssl->session.cipherSuite0 ||
|
||||||
@@ -5999,6 +6004,7 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
|||||||
return PSK_KEY_ERROR;
|
return PSK_KEY_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
/* TODO: [TLS13] More checks of consistency.
|
/* TODO: [TLS13] More checks of consistency.
|
||||||
* the "key_share", and "signature_algorithms" extensions are
|
* the "key_share", and "signature_algorithms" extensions are
|
||||||
* consistent with the indicated ke_modes and auth_modes values
|
* consistent with the indicated ke_modes and auth_modes values
|
||||||
@@ -6147,7 +6153,7 @@ int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity, word16 len, word32 age,
|
|||||||
/* PSK Key Exchange Modes */
|
/* PSK Key Exchange Modes */
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
|
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||||
/* Get the size of the encoded PSK KE modes extension.
|
/* Get the size of the encoded PSK KE modes extension.
|
||||||
* Only in ClientHello.
|
* Only in ClientHello.
|
||||||
*
|
*
|
||||||
@@ -6368,7 +6374,7 @@ void TLSX_FreeAll(TLSX* list, void* heap)
|
|||||||
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
|
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
case TLSX_PRE_SHARED_KEY:
|
case TLSX_PRE_SHARED_KEY:
|
||||||
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
|
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
@@ -6475,7 +6481,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType)
|
|||||||
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
|
length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
case TLSX_PRE_SHARED_KEY:
|
case TLSX_PRE_SHARED_KEY:
|
||||||
length += PSK_GET_SIZE((PreSharedKey*)extension->data, msgType);
|
length += PSK_GET_SIZE((PreSharedKey*)extension->data, msgType);
|
||||||
break;
|
break;
|
||||||
@@ -6602,7 +6608,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
output + offset, msgType);
|
output + offset, msgType);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
case TLSX_PRE_SHARED_KEY:
|
case TLSX_PRE_SHARED_KEY:
|
||||||
WOLFSSL_MSG("Pre-Shared Key extension to write");
|
WOLFSSL_MSG("Pre-Shared Key extension to write");
|
||||||
offset += PSK_WRITE((PreSharedKey*)extension->data,
|
offset += PSK_WRITE((PreSharedKey*)extension->data,
|
||||||
@@ -6826,6 +6832,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
byte* public_key = NULL;
|
byte* public_key = NULL;
|
||||||
word16 public_key_len = 0;
|
word16 public_key_len = 0;
|
||||||
|
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||||
|
int usingPSK = 0;
|
||||||
|
#endif
|
||||||
#ifdef HAVE_QSH
|
#ifdef HAVE_QSH
|
||||||
TLSX* extension;
|
TLSX* extension;
|
||||||
QSHScheme* qsh;
|
QSHScheme* qsh;
|
||||||
@@ -7084,11 +7093,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#if defined(HAVE_SESSION_TICKET)
|
||||||
if (ssl->options.resuming) {
|
if (ssl->options.resuming) {
|
||||||
WOLFSSL_SESSION* sess = &ssl->session;
|
WOLFSSL_SESSION* sess = &ssl->session;
|
||||||
word32 milli;
|
word32 milli;
|
||||||
byte modes;
|
|
||||||
|
|
||||||
/* Determine the MAC algorithm for the cipher suite used. */
|
/* Determine the MAC algorithm for the cipher suite used. */
|
||||||
ssl->options.cipherSuite0 = sess->cipherSuite0;
|
ssl->options.cipherSuite0 = sess->cipherSuite0;
|
||||||
@@ -7103,6 +7111,37 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
usingPSK = 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#ifndef NO_PSK
|
||||||
|
if (ssl->options.client_psk_cb != NULL) {
|
||||||
|
byte mac = sha256_mac;
|
||||||
|
|
||||||
|
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
||||||
|
ssl->arrays->server_hint, ssl->arrays->client_identity,
|
||||||
|
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
|
||||||
|
if (ssl->arrays->psk_keySz == 0 ||
|
||||||
|
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
|
||||||
|
return PSK_KEY_ERROR;
|
||||||
|
}
|
||||||
|
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
|
||||||
|
/* Hash algorithm defaults to SHA-256 unless cb specifies. */
|
||||||
|
|
||||||
|
ret = TLSX_PreSharedKey_Use(ssl,
|
||||||
|
(byte*)ssl->arrays->client_identity,
|
||||||
|
XSTRLEN(ssl->arrays->client_identity),
|
||||||
|
0, mac, 0, NULL);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
usingPSK = 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
|
if (usingPSK) {
|
||||||
|
byte modes;
|
||||||
|
|
||||||
/* Pre-shared key modes: mandatory extension for resumption. */
|
/* Pre-shared key modes: mandatory extension for resumption. */
|
||||||
modes = 1 << PSK_KE;
|
modes = 1 << PSK_KE;
|
||||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||||
@@ -7114,7 +7153,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* TODO: [TLS13] Add PSKs */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
@@ -7152,7 +7190,7 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
|
|||||||
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
||||||
#endif
|
#endif
|
||||||
@@ -7200,11 +7238,11 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
|
|||||||
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
if (!IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PSK_KEY_EXCHANGE_MODES));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
@@ -7227,8 +7265,8 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.resuming) {
|
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
offset += TLSX_Write(ssl->extensions, output + offset, semaphore,
|
offset += TLSX_Write(ssl->extensions, output + offset, semaphore,
|
||||||
@@ -7260,7 +7298,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType)
|
|||||||
if (ssl->options.tls1_3) {
|
if (ssl->options.tls1_3) {
|
||||||
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
||||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -7268,7 +7306,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType)
|
|||||||
case encrypted_extensions:
|
case encrypted_extensions:
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
@@ -7321,7 +7359,7 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType)
|
|||||||
if (ssl->options.tls1_3) {
|
if (ssl->options.tls1_3) {
|
||||||
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
|
||||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -7329,7 +7367,7 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType)
|
|||||||
case encrypted_extensions:
|
case encrypted_extensions:
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SESSION_TICKET));
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
@@ -7574,7 +7612,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
|
|||||||
ret = KS_PARSE(ssl, input + offset, size, msgType);
|
ret = KS_PARSE(ssl, input + offset, size, msgType);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
case TLSX_PRE_SHARED_KEY:
|
case TLSX_PRE_SHARED_KEY:
|
||||||
WOLFSSL_MSG("Pre-Shared Key extension received");
|
WOLFSSL_MSG("Pre-Shared Key extension received");
|
||||||
|
|
||||||
|
|||||||
192
src/tls13.c
192
src/tls13.c
@@ -26,7 +26,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
#if defined(HAVE_SESSION_TICKET)
|
#ifdef HAVE_SESSION_TICKET
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -462,7 +462,7 @@ static int DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#ifndef NO_PSK
|
||||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||||
/* The length of the binder key label. */
|
/* The length of the binder key label. */
|
||||||
#define BINDER_KEY_LABEL_SZ 23
|
#define BINDER_KEY_LABEL_SZ 23
|
||||||
@@ -489,7 +489,9 @@ static int DeriveBinderKey(WOLFSSL* ssl, byte* key)
|
|||||||
binderKeyLabel, BINDER_KEY_LABEL_SZ,
|
binderKeyLabel, BINDER_KEY_LABEL_SZ,
|
||||||
NULL, 0, ssl->specs.mac_algorithm);
|
NULL, 0, ssl->specs.mac_algorithm);
|
||||||
}
|
}
|
||||||
|
#endif /* !NO_PSK */
|
||||||
|
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||||
/* The length of the binder key resume label. */
|
/* The length of the binder key resume label. */
|
||||||
#define BINDER_KEY_RESUME_LABEL_SZ 25
|
#define BINDER_KEY_RESUME_LABEL_SZ 25
|
||||||
@@ -516,7 +518,7 @@ static int DeriveBinderKeyResume(WOLFSSL* ssl, byte* key)
|
|||||||
binderKeyResumeLabel, BINDER_KEY_RESUME_LABEL_SZ,
|
binderKeyResumeLabel, BINDER_KEY_RESUME_LABEL_SZ,
|
||||||
NULL, 0, ssl->specs.mac_algorithm);
|
NULL, 0, ssl->specs.mac_algorithm);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* HAVE_SESSION_TICKET */
|
||||||
|
|
||||||
#ifdef TLS13_SUPPORTS_0RTT
|
#ifdef TLS13_SUPPORTS_0RTT
|
||||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||||
@@ -713,7 +715,7 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
#ifdef WOLFSSL_TLS13_DRAFT_18
|
#ifdef WOLFSSL_TLS13_DRAFT_18
|
||||||
/* The length of the resumption master secret label. */
|
/* The length of the resumption master secret label. */
|
||||||
#define RESUME_MASTER_LABEL_SZ 24
|
#define RESUME_MASTER_LABEL_SZ 24
|
||||||
@@ -794,7 +796,7 @@ static int DeriveTrafficSecret(WOLFSSL* ssl, byte* secret)
|
|||||||
static int DeriveEarlySecret(WOLFSSL* ssl)
|
static int DeriveEarlySecret(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
WOLFSSL_MSG("Derive Early Secret");
|
WOLFSSL_MSG("Derive Early Secret");
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
return Tls13_HKDF_Extract(ssl->arrays->secret, NULL, 0,
|
return Tls13_HKDF_Extract(ssl->arrays->secret, NULL, 0,
|
||||||
ssl->arrays->psk_key, ssl->arrays->psk_keySz,
|
ssl->arrays->psk_key, ssl->arrays->psk_keySz,
|
||||||
ssl->specs.mac_algorithm);
|
ssl->specs.mac_algorithm);
|
||||||
@@ -1073,7 +1075,7 @@ end:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET)
|
#ifdef HAVE_SESSION_TICKET
|
||||||
#if defined(USER_TICKS)
|
#if defined(USER_TICKS)
|
||||||
#if 0
|
#if 0
|
||||||
word32 TimeNowInMilliseconds(void)
|
word32 TimeNowInMilliseconds(void)
|
||||||
@@ -1274,10 +1276,10 @@ end:
|
|||||||
return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000);
|
return (word32)(now.tv_sec * 1000 + now.tv_usec / 1000);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif /* HAVE_SESSION_TICKET */
|
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
|
||||||
|
|
||||||
|
|
||||||
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_SESSION_TICKET) && \
|
#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_SESSION_TICKET) || \
|
||||||
!defined(NO_PSK))
|
!defined(NO_PSK))
|
||||||
/* Add input to all handshake hashes.
|
/* Add input to all handshake hashes.
|
||||||
*
|
*
|
||||||
@@ -1323,6 +1325,55 @@ static int HashInputRaw(WOLFSSL* ssl, const byte* input, int sz)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Restart the Hanshake hash with a hash of the previous messages.
|
||||||
|
*
|
||||||
|
* ssl The SSL/TLS object.
|
||||||
|
* returns 0 on success, otherwise failure.
|
||||||
|
*/
|
||||||
|
static int RestartHandshakeHash(WOLFSSL* ssl)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
Hashes hashes;
|
||||||
|
byte header[] = { message_hash, 0, 0, 0 };
|
||||||
|
byte* hash = NULL;
|
||||||
|
|
||||||
|
ret = BuildCertHashes(ssl, &hashes);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
ret = InitHandshakeHashes(ssl);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
switch (ssl->specs.mac_algorithm) {
|
||||||
|
#ifndef NO_SHA256
|
||||||
|
case sha256_mac:
|
||||||
|
header[3] = SHA256_DIGEST_SIZE;
|
||||||
|
hash = hashes.sha256;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_SHA384
|
||||||
|
case sha384_mac:
|
||||||
|
header[3] = SHA384_DIGEST_SIZE;
|
||||||
|
hash = hashes.sha384;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WOLFSSL_SHA512
|
||||||
|
case sha512_mac:
|
||||||
|
header[3] = SHA512_DIGEST_SIZE;
|
||||||
|
hash = hashes.sha512;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
WOLFSSL_MSG("Restart Hash");
|
||||||
|
WOLFSSL_BUFFER(hash, header[3]);
|
||||||
|
|
||||||
|
ret = HashOutputRaw(ssl, header, sizeof(header));
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
return HashOutputRaw(ssl, hash, header[3]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Extract the handshake header information.
|
/* Extract the handshake header information.
|
||||||
*
|
*
|
||||||
* ssl The SSL/TLS object.
|
* ssl The SSL/TLS object.
|
||||||
@@ -1821,7 +1872,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_WOLFSSL_CLIENT
|
#ifndef NO_WOLFSSL_CLIENT
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#ifdef HAVE_SESSION_TICKET
|
||||||
/* Get the size of the message hash.
|
/* Get the size of the message hash.
|
||||||
*
|
*
|
||||||
* ssl The SSL/TLS object.
|
* ssl The SSL/TLS object.
|
||||||
@@ -1845,7 +1896,9 @@ static int GetMsgHashSize(WOLFSSL *ssl)
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
/* Derive and write the binders into the ClientHello in space left when
|
/* Derive and write the binders into the ClientHello in space left when
|
||||||
* writing the Pre-Shared Key extension.
|
* writing the Pre-Shared Key extension.
|
||||||
*
|
*
|
||||||
@@ -1879,6 +1932,7 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
|
|||||||
/* Calculate the binder for each identity based on previous handshake data.
|
/* Calculate the binder for each identity based on previous handshake data.
|
||||||
*/
|
*/
|
||||||
while (current != NULL) {
|
while (current != NULL) {
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
if (current->resumption) {
|
if (current->resumption) {
|
||||||
/* Set the HMAC to use based on the one for the session (set into
|
/* Set the HMAC to use based on the one for the session (set into
|
||||||
* the extension data at the start of this function based on the
|
* the extension data at the start of this function based on the
|
||||||
@@ -1899,12 +1953,17 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
else {
|
else
|
||||||
/* TODO: [TLS13] Support non-ticket PSK. */
|
#endif
|
||||||
|
#ifndef NO_PSK
|
||||||
|
if (!current->resumption) {
|
||||||
/* Get the pre-shared key. */
|
/* Get the pre-shared key. */
|
||||||
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
||||||
(char *)current->identity, ssl->arrays->client_identity,
|
(char *)current->identity, ssl->arrays->client_identity,
|
||||||
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
|
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
|
||||||
|
/* TODO: Forcing cipher suite to use SHA256 with PSK. */
|
||||||
|
/* Default to SHA-256 if cb doesn't specify. */
|
||||||
|
ssl->specs.mac_algorithm = sha256_mac;
|
||||||
/* Derive the early secret using the PSK. */
|
/* Derive the early secret using the PSK. */
|
||||||
ret = DeriveEarlySecret(ssl);
|
ret = DeriveEarlySecret(ssl);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
@@ -1914,6 +1973,12 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
current = current->next;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
/* Derive the Finished message secret. */
|
/* Derive the Finished message secret. */
|
||||||
ret = DeriveFinishedSecret(ssl, binderKey, ssl->keys.client_write_MAC_secret);
|
ret = DeriveFinishedSecret(ssl, binderKey, ssl->keys.client_write_MAC_secret);
|
||||||
@@ -1954,7 +2019,7 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
int sendSz;
|
int sendSz;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||||
if (ssl->options.resuming &&
|
if (ssl->options.resuming &&
|
||||||
(ssl->session.version.major != ssl->version.major ||
|
(ssl->session.version.major != ssl->version.major ||
|
||||||
ssl->session.version.minor != ssl->version.minor)) {
|
ssl->session.version.minor != ssl->version.minor)) {
|
||||||
@@ -2031,11 +2096,11 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
|||||||
/* Write out extensions for a request. */
|
/* Write out extensions for a request. */
|
||||||
idx += TLSX_WriteRequest(ssl, output + idx);
|
idx += TLSX_WriteRequest(ssl, output + idx);
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
/* Resumption has a specific set of extensions and binder is calculated
|
/* Resumption has a specific set of extensions and binder is calculated
|
||||||
* for each identity.
|
* for each identity.
|
||||||
*/
|
*/
|
||||||
if (ssl->options.resuming)
|
if (TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY))
|
||||||
ret = WritePSKBinders(ssl, output, idx);
|
ret = WritePSKBinders(ssl, output, idx);
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
@@ -2083,7 +2148,7 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Version info and length field of extension data. */
|
/* Version info and length field of extension data. */
|
||||||
if (totalSz < i - begin + OPAQUE16_LEN + OPAQUE16_LEN)
|
if (totalSz < i - begin + OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
/* Protocol version. */
|
/* Protocol version. */
|
||||||
@@ -2093,6 +2158,14 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
/* Set the cipher suite from the message. */
|
||||||
|
ssl->options.cipherSuite0 = input[i++];
|
||||||
|
ssl->options.cipherSuite = input[i++];
|
||||||
|
|
||||||
|
ret = SetCipherSpecs(ssl);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
/* Length of extension data. */
|
/* Length of extension data. */
|
||||||
ato16(&input[i], &totalExtSz);
|
ato16(&input[i], &totalExtSz);
|
||||||
i += OPAQUE16_LEN;
|
i += OPAQUE16_LEN;
|
||||||
@@ -2115,7 +2188,7 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input,
|
|||||||
ssl->options.tls1_3 = 1;
|
ssl->options.tls1_3 = 1;
|
||||||
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST;
|
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST;
|
||||||
|
|
||||||
return 0;
|
return RestartHandshakeHash(ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Handle the ServerHello message from the server.
|
/* Handle the ServerHello message from the server.
|
||||||
@@ -2199,7 +2272,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#ifdef HAVE_SESSION_TICKET
|
||||||
if (ssl->options.resuming) {
|
if (ssl->options.resuming) {
|
||||||
PreSharedKey* psk = NULL;
|
PreSharedKey* psk = NULL;
|
||||||
TLSX* ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
|
TLSX* ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
|
||||||
@@ -2336,7 +2409,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
|
|||||||
#endif /* !NO_WOLFSSL_CLIENT */
|
#endif /* !NO_WOLFSSL_CLIENT */
|
||||||
|
|
||||||
#ifndef NO_WOLFSSL_SERVER
|
#ifndef NO_WOLFSSL_SERVER
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
/* Handle any Pre-Shared Key (PSK) extension.
|
/* Handle any Pre-Shared Key (PSK) extension.
|
||||||
* Must do this in ClientHello as it requires a hash of the truncated message.
|
* Must do this in ClientHello as it requires a hash of the truncated message.
|
||||||
* Don't know size of binders until Pre-Shared Key extension has been parsed.
|
* Don't know size of binders until Pre-Shared Key extension has been parsed.
|
||||||
@@ -2384,13 +2457,15 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
|
|||||||
/* Look through all client's pre-shared keys for a match. */
|
/* Look through all client's pre-shared keys for a match. */
|
||||||
current = (PreSharedKey*)ext->data;
|
current = (PreSharedKey*)ext->data;
|
||||||
while (current != NULL) {
|
while (current != NULL) {
|
||||||
/* TODO: [TLS13] Support non-ticket PSK. */
|
#ifndef NO_PSK
|
||||||
/* Decode the identity. */
|
XMEMCPY(ssl->arrays->client_identity, current->identity,
|
||||||
ret = DoClientTicket(ssl, current->identity, current->identityLen);
|
current->identityLen);
|
||||||
if (ret != WOLFSSL_TICKET_RET_OK)
|
ssl->arrays->client_identity[current->identityLen] = '\0';
|
||||||
continue;
|
#endif
|
||||||
|
|
||||||
if (current->resumption) {
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
/* Decode the identity. */
|
||||||
|
if ((ret = DoClientTicket(ssl, current->identity, current->identityLen)) == WOLFSSL_TICKET_RET_OK) {
|
||||||
/* Check the ticket isn't too old or new. */
|
/* Check the ticket isn't too old or new. */
|
||||||
int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
|
int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
|
||||||
diff -= current->ticketAge - ssl->session.ticketAdd;
|
diff -= current->ticketAge - ssl->session.ticketAdd;
|
||||||
@@ -2421,15 +2496,25 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
else {
|
else
|
||||||
|
#endif
|
||||||
|
#ifndef NO_PSK
|
||||||
|
if ((ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
|
||||||
|
ssl->arrays->client_identity, ssl->arrays->psk_key,
|
||||||
|
MAX_PSK_KEY_LEN)) != 0) {
|
||||||
|
if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
|
||||||
|
return PSK_KEY_ERROR;
|
||||||
|
|
||||||
|
ssl->options.resuming = 0;
|
||||||
|
|
||||||
/* PSK age is always zero. */
|
/* PSK age is always zero. */
|
||||||
if (current->ticketAge != ssl->session.ticketAdd)
|
if (current->ticketAge != ssl->session.ticketAdd)
|
||||||
return PSK_KEY_ERROR;
|
return PSK_KEY_ERROR;
|
||||||
|
|
||||||
/* Get the pre-shared key. */
|
/* TODO: Forcing cipher suite to use SHA256 with PSK. */
|
||||||
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
|
/* Default to SHA-256 if cb doesn't specify. */
|
||||||
(char*)current->identity, ssl->arrays->client_identity,
|
ssl->specs.mac_algorithm = sha256_mac;
|
||||||
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
|
|
||||||
/* Derive the early secret using the PSK. */
|
/* Derive the early secret using the PSK. */
|
||||||
ret = DeriveEarlySecret(ssl);
|
ret = DeriveEarlySecret(ssl);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
@@ -2439,6 +2524,14 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
current = current->next;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->options.sendVerify = 0;
|
||||||
|
|
||||||
/* Derive the Finished message secret. */
|
/* Derive the Finished message secret. */
|
||||||
ret = DeriveFinishedSecret(ssl, binderKey,
|
ret = DeriveFinishedSecret(ssl, binderKey,
|
||||||
@@ -2627,21 +2720,25 @@ static int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL)
|
if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL)
|
||||||
ssl->version.minor = pv.minor;
|
ssl->version.minor = pv.minor;
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) && !defined(NO_PSK)
|
ssl->options.sendVerify = SEND_CERT;
|
||||||
|
|
||||||
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
/* Process the Pre-Shared Key extension if present. */
|
/* Process the Pre-Shared Key extension if present. */
|
||||||
ret = DoPreSharedKeys(ssl, input + begin, helloSz, &usingPSK);
|
ret = DoPreSharedKeys(ssl, input + begin, helloSz, &usingPSK);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!usingPSK) {
|
if (!usingPSK || !ssl->options.resuming) {
|
||||||
ret = MatchSuite(ssl, &clSuites);
|
ret = MatchSuite(ssl, &clSuites);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
|
WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef NO_PSK
|
if (!usingPSK) {
|
||||||
|
#ifdef HAVE_SESSION_TICKET
|
||||||
if (ssl->options.resuming) {
|
if (ssl->options.resuming) {
|
||||||
ssl->options.resuming = 0;
|
ssl->options.resuming = 0;
|
||||||
XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
|
XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
|
||||||
@@ -2655,6 +2752,10 @@ static int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
ret = HashInput(ssl, input + begin, helloSz);
|
ret = HashInput(ssl, input + begin, helloSz);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
/* Derive early secret for handshake secret. */
|
||||||
|
if ((ret = DeriveEarlySecret(ssl)) != 0)
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
i += totalExtSz;
|
i += totalExtSz;
|
||||||
@@ -2687,8 +2788,8 @@ int SendTls13HelloRetryRequest(WOLFSSL *ssl)
|
|||||||
if (len == 0)
|
if (len == 0)
|
||||||
return MISSING_HANDSHAKE_DATA;
|
return MISSING_HANDSHAKE_DATA;
|
||||||
|
|
||||||
/* Protocol version + Extensions */
|
/* Protocol version + CipherSuite + Extensions */
|
||||||
length = OPAQUE16_LEN + len;
|
length = OPAQUE16_LEN + OPAQUE16_LEN + len;
|
||||||
sendSz = idx + length;
|
sendSz = idx + length;
|
||||||
|
|
||||||
/* Check buffers are big enough and grow if needed. */
|
/* Check buffers are big enough and grow if needed. */
|
||||||
@@ -2713,6 +2814,10 @@ int SendTls13HelloRetryRequest(WOLFSSL *ssl)
|
|||||||
output[idx++] = TLS_DRAFT_MAJOR;
|
output[idx++] = TLS_DRAFT_MAJOR;
|
||||||
output[idx++] = TLS_DRAFT_MINOR;
|
output[idx++] = TLS_DRAFT_MINOR;
|
||||||
|
|
||||||
|
/* Chosen cipher suite */
|
||||||
|
output[idx++] = ssl->options.cipherSuite0;
|
||||||
|
output[idx++] = ssl->options.cipherSuite;
|
||||||
|
|
||||||
/* Add TLS extensions. */
|
/* Add TLS extensions. */
|
||||||
TLSX_WriteResponse(ssl, output + idx, hello_retry_request);
|
TLSX_WriteResponse(ssl, output + idx, hello_retry_request);
|
||||||
idx += len;
|
idx += len;
|
||||||
@@ -2725,6 +2830,10 @@ int SendTls13HelloRetryRequest(WOLFSSL *ssl)
|
|||||||
ssl->heap);
|
ssl->heap);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
ret = RestartHandshakeHash(ssl);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
ret = HashOutput(ssl, output, idx, 0);
|
ret = HashOutput(ssl, output, idx, 0);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
@@ -2837,9 +2946,6 @@ int SendTls13EncryptedExtensions(WOLFSSL *ssl)
|
|||||||
|
|
||||||
ssl->keys.encryptionOn = 1;
|
ssl->keys.encryptionOn = 1;
|
||||||
|
|
||||||
/* Derive early secret for handshake secret. */
|
|
||||||
if ((ret = DeriveEarlySecret(ssl)) != 0)
|
|
||||||
return ret;
|
|
||||||
/* Derive the handshake secret now that we are at first message to be
|
/* Derive the handshake secret now that we are at first message to be
|
||||||
* encrypted under the keys.
|
* encrypted under the keys.
|
||||||
*/
|
*/
|
||||||
@@ -3279,7 +3385,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
|
|||||||
CreateSigData(ssl, sigData, &sigDataSz, 1);
|
CreateSigData(ssl, sigData, &sigDataSz, 1);
|
||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
if (sigAlgo == rsa_pss_sa_algo) {
|
if (sigAlgo == rsa_pss_sa_algo) {
|
||||||
int hashType = WC_HASH_TYPE_NONE;
|
enum wc_HashType hashType = WC_HASH_TYPE_NONE;
|
||||||
|
|
||||||
switch (hashAlgo) {
|
switch (hashAlgo) {
|
||||||
case sha512_mac:
|
case sha512_mac:
|
||||||
@@ -4392,7 +4498,7 @@ int SendTls13Finished(WOLFSSL* ssl)
|
|||||||
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
|
if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret);
|
ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -5011,7 +5117,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
if (type == finished && ssl->options.side == WOLFSSL_SERVER_END)
|
if (type == finished && ssl->options.side == WOLFSSL_SERVER_END)
|
||||||
DeriveResumptionSecret(ssl, ssl->session.masterSecret);
|
DeriveResumptionSecret(ssl, ssl->session.masterSecret);
|
||||||
#endif
|
#endif
|
||||||
@@ -5464,7 +5570,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||||||
errno = 0;
|
errno = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
(void)havePSK;
|
(void)havePSK;
|
||||||
@@ -5594,7 +5700,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||||||
case CERT_REQ_SENT :
|
case CERT_REQ_SENT :
|
||||||
ssl->options.acceptState = KEY_EXCHANGE_SENT;
|
ssl->options.acceptState = KEY_EXCHANGE_SENT;
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
if (!ssl->options.resuming) {
|
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||||
if ((ssl->error = SendTls13Certificate(ssl)) != 0) {
|
if ((ssl->error = SendTls13Certificate(ssl)) != 0) {
|
||||||
WOLFSSL_ERROR(ssl->error);
|
WOLFSSL_ERROR(ssl->error);
|
||||||
return SSL_FATAL_ERROR;
|
return SSL_FATAL_ERROR;
|
||||||
@@ -5607,7 +5713,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||||||
|
|
||||||
case CERT_SENT :
|
case CERT_SENT :
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
if (!ssl->options.resuming) {
|
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||||
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
|
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
|
||||||
WOLFSSL_ERROR(ssl->error);
|
WOLFSSL_ERROR(ssl->error);
|
||||||
return SSL_FATAL_ERROR;
|
return SSL_FATAL_ERROR;
|
||||||
|
|||||||
@@ -251,3 +251,13 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l PSK-AES256-GCM-SHA384
|
-l PSK-AES256-GCM-SHA384
|
||||||
|
|
||||||
|
# server TLSv1.3 AES128-GCM-SHA256
|
||||||
|
-s
|
||||||
|
-v 4
|
||||||
|
-l TLS13-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.3 AES128-GCM-SHA256
|
||||||
|
-s
|
||||||
|
-v 4
|
||||||
|
-l TLS13-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
|||||||
@@ -1771,11 +1771,11 @@ typedef enum {
|
|||||||
TLSX_SESSION_TICKET = 0x0023,
|
TLSX_SESSION_TICKET = 0x0023,
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
TLSX_KEY_SHARE = 0x0028,
|
TLSX_KEY_SHARE = 0x0028,
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TLSX_PRE_SHARED_KEY = 0x0029,
|
TLSX_PRE_SHARED_KEY = 0x0029,
|
||||||
#endif
|
#endif
|
||||||
TLSX_SUPPORTED_VERSIONS = 0x002b,
|
TLSX_SUPPORTED_VERSIONS = 0x002b,
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
|
TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
@@ -2063,7 +2063,7 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
|
|||||||
WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
|
WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
|
||||||
WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
|
WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
/* The PreSharedKey extension information - entry in a linked list. */
|
/* The PreSharedKey extension information - entry in a linked list. */
|
||||||
typedef struct PreSharedKey {
|
typedef struct PreSharedKey {
|
||||||
word16 identityLen; /* Length of identity */
|
word16 identityLen; /* Length of identity */
|
||||||
@@ -2092,7 +2092,7 @@ enum PskKeyExchangeMode {
|
|||||||
};
|
};
|
||||||
|
|
||||||
WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
|
WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
|
||||||
#endif /* NO_PSK */
|
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
|
||||||
|
|
||||||
/* The types of keys to derive for. */
|
/* The types of keys to derive for. */
|
||||||
enum DeriveKeyType {
|
enum DeriveKeyType {
|
||||||
@@ -2203,12 +2203,12 @@ struct WOLFSSL_CTX {
|
|||||||
word32 ecdhCurveOID; /* curve Ecc_Sum */
|
word32 ecdhCurveOID; /* curve Ecc_Sum */
|
||||||
word32 pkCurveOID; /* curve Ecc_Sum */
|
word32 pkCurveOID; /* curve Ecc_Sum */
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
byte havePSK; /* psk key set by user */
|
byte havePSK; /* psk key set by user */
|
||||||
wc_psk_client_callback client_psk_cb; /* client callback */
|
wc_psk_client_callback client_psk_cb; /* client callback */
|
||||||
wc_psk_server_callback server_psk_cb; /* server callback */
|
wc_psk_server_callback server_psk_cb; /* server callback */
|
||||||
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||||
#endif /* NO_PSK */
|
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
|
||||||
#ifdef HAVE_ANON
|
#ifdef HAVE_ANON
|
||||||
byte haveAnon; /* User wants to allow Anon suites */
|
byte haveAnon; /* User wants to allow Anon suites */
|
||||||
#endif /* HAVE_ANON */
|
#endif /* HAVE_ANON */
|
||||||
@@ -2527,7 +2527,7 @@ struct WOLFSSL_SESSION {
|
|||||||
word16 idLen; /* serverID length */
|
word16 idLen; /* serverID length */
|
||||||
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
|
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
byte namedGroup;
|
byte namedGroup;
|
||||||
word32 ticketSeen; /* Time ticket seen (ms) */
|
word32 ticketSeen; /* Time ticket seen (ms) */
|
||||||
@@ -2657,8 +2657,10 @@ typedef struct Options {
|
|||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
wc_psk_client_callback client_psk_cb;
|
wc_psk_client_callback client_psk_cb;
|
||||||
wc_psk_server_callback server_psk_cb;
|
wc_psk_server_callback server_psk_cb;
|
||||||
word16 havePSK:1; /* psk key set by user */
|
|
||||||
#endif /* NO_PSK */
|
#endif /* NO_PSK */
|
||||||
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
|
word16 havePSK:1; /* psk key set by user */
|
||||||
|
#endif /* HAVE_SESSION_TICKET || !NO_PSK */
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
unsigned long mask; /* store SSL_OP_ flags */
|
unsigned long mask; /* store SSL_OP_ flags */
|
||||||
#endif
|
#endif
|
||||||
@@ -2767,7 +2769,7 @@ typedef struct Arrays {
|
|||||||
word32 preMasterSz; /* differs for DH, actual size */
|
word32 preMasterSz; /* differs for DH, actual size */
|
||||||
word32 pendingMsgSz; /* defrag buffer size */
|
word32 pendingMsgSz; /* defrag buffer size */
|
||||||
word32 pendingMsgOffset; /* current offset into defrag buffer */
|
word32 pendingMsgOffset; /* current offset into defrag buffer */
|
||||||
#ifndef NO_PSK
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
word32 psk_keySz; /* actual size */
|
word32 psk_keySz; /* actual size */
|
||||||
char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||||
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
|
||||||
@@ -3380,6 +3382,7 @@ enum HandShakeType {
|
|||||||
change_cipher_hs = 55, /* simulate unique handshake type for sanity
|
change_cipher_hs = 55, /* simulate unique handshake type for sanity
|
||||||
checks. record layer change_cipher
|
checks. record layer change_cipher
|
||||||
conflicts with handshake finished */
|
conflicts with handshake finished */
|
||||||
|
message_hash = 254, /* synthetic message type for TLS v1.3 */
|
||||||
no_shake = 255 /* used to initialize the DtlsMsg record */
|
no_shake = 255 /* used to initialize the DtlsMsg record */
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -3543,7 +3546,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
|||||||
|
|
||||||
#endif /* NO_TLS */
|
#endif /* NO_TLS */
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
|
||||||
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
|
WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL_LOCAL word32 LowResTimer(void);
|
WOLFSSL_LOCAL word32 LowResTimer(void);
|
||||||
|
|||||||
Reference in New Issue
Block a user