diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 0aed59619c64..a013fb169637 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -308,4 +308,7 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, } #endif +const char * mbedtls_debug_get_state_string( mbedtls_ssl_states stat); + + #endif /* debug.h */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ffaa4e3eaf3d..b8eb0ff5f9cc 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1528,6 +1528,14 @@ */ #define MBEDTLS_ZERO_RTT +/** +* \def MBEDTLS_TLS13_EARLY_DATA +* +* Allows to add extension early_data for TLS 1.3 +* +*/ +#define MBEDTLS_TLS13_EARLY_DATA + /** * \def MBEDTLS_SSL_DEBUG_HANDSHAKE_HASHES * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 900e16578a17..084df255971f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -648,12 +648,16 @@ typedef enum MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_SECOND_CLIENT_HELLO, MBEDTLS_SSL_SECOND_SERVER_HELLO, - MBEDTLS_SSL_EARLY_DATA, +#if defined(MBEDTLS_TLS13_EARLY_DATA) + MBEDTLS_SSL_EARLY_APP_DATA, MBEDTLS_SSL_END_OF_EARLY_DATA, +#endif MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, MBEDTLS_SSL_HANDSHAKE_FINISH_ACK, +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) MBEDTLS_SSL_CLIENT_NEW_SESSION_TICKET, +#endif #if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, @@ -661,7 +665,6 @@ typedef enum MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HRR, #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ - MBEDTLS_SSL_EARLY_APP_DATA #endif } mbedtls_ssl_states; diff --git a/library/debug.c b/library/debug.c index fa60d13f3028..ea1e71ab79e0 100644 --- a/library/debug.c +++ b/library/debug.c @@ -419,4 +419,55 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_ECDH_C */ +const char * mbedtls_debug_get_state_string( mbedtls_ssl_states stat) +{ + static const char * stat_str[]={ + [MBEDTLS_SSL_HELLO_REQUEST] ="MBEDTLS_SSL_HELLO_REQUEST", + [MBEDTLS_SSL_CLIENT_HELLO] ="MBEDTLS_SSL_CLIENT_HELLO", + [MBEDTLS_SSL_SERVER_HELLO] ="MBEDTLS_SSL_SERVER_HELLO", + [MBEDTLS_SSL_SERVER_CERTIFICATE] ="MBEDTLS_SSL_SERVER_CERTIFICATE", + [MBEDTLS_SSL_SERVER_KEY_EXCHANGE] ="MBEDTLS_SSL_SERVER_KEY_EXCHANGE", + [MBEDTLS_SSL_CERTIFICATE_REQUEST] ="MBEDTLS_SSL_CERTIFICATE_REQUEST", + [MBEDTLS_SSL_SERVER_HELLO_DONE] ="MBEDTLS_SSL_SERVER_HELLO_DONE", + [MBEDTLS_SSL_CLIENT_CERTIFICATE] ="MBEDTLS_SSL_CLIENT_CERTIFICATE", + [MBEDTLS_SSL_CLIENT_KEY_EXCHANGE] ="MBEDTLS_SSL_CLIENT_KEY_EXCHANGE", + [MBEDTLS_SSL_CERTIFICATE_VERIFY] ="MBEDTLS_SSL_CERTIFICATE_VERIFY", + [MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC] ="MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC", + [MBEDTLS_SSL_CLIENT_FINISHED] ="MBEDTLS_SSL_CLIENT_FINISHED", + [MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC] ="MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC", + [MBEDTLS_SSL_SERVER_FINISHED] ="MBEDTLS_SSL_SERVER_FINISHED", + [MBEDTLS_SSL_FLUSH_BUFFERS] ="MBEDTLS_SSL_FLUSH_BUFFERS", + [MBEDTLS_SSL_HANDSHAKE_WRAPUP] ="MBEDTLS_SSL_HANDSHAKE_WRAPUP", + [MBEDTLS_SSL_HANDSHAKE_OVER] ="MBEDTLS_SSL_HANDSHAKE_OVER", + [MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET] ="MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET", + [MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET_FLUSH] ="MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET_FLUSH", + [MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT] ="MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT", +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + [MBEDTLS_SSL_HELLO_RETRY_REQUEST] ="MBEDTLS_SSL_HELLO_RETRY_REQUEST", + [MBEDTLS_SSL_SECOND_CLIENT_HELLO] ="MBEDTLS_SSL_SECOND_CLIENT_HELLO", + [MBEDTLS_SSL_SECOND_SERVER_HELLO] ="MBEDTLS_SSL_SECOND_SERVER_HELLO", +#if defined(MBEDTLS_TLS13_EARLY_DATA) + [MBEDTLS_SSL_EARLY_APP_DATA] ="MBEDTLS_SSL_EARLY_APP_DATA", + [MBEDTLS_SSL_END_OF_EARLY_DATA] ="MBEDTLS_SSL_END_OF_EARLY_DATA", +#endif + [MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY] ="MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY", + [MBEDTLS_SSL_ENCRYPTED_EXTENSIONS] ="MBEDTLS_SSL_ENCRYPTED_EXTENSIONS", + [MBEDTLS_SSL_HANDSHAKE_FINISH_ACK] ="MBEDTLS_SSL_HANDSHAKE_FINISH_ACK", +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) + [MBEDTLS_SSL_CLIENT_NEW_SESSION_TICKET] ="MBEDTLS_SSL_CLIENT_NEW_SESSION_TICKET", +#endif +#if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) + [MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO] ="MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO", + [MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED] ="MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED", + [MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO] ="MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO", + [MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO] ="MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO", + [MBEDTLS_SSL_SERVER_CCS_AFTER_HRR] ="MBEDTLS_SSL_SERVER_CCS_AFTER_HRR", +#endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ +#endif + }; + if( stat < 0 || stat >= sizeof(stat_str)/sizeof(stat_str[0]) ) + return( "null" ); + return( stat_str[stat] ? stat_str[stat] : "null" ); +} + #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 99c9e7ed402a..a526a164822d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1473,7 +1473,7 @@ static inline int mbedtls_ssl_get_psk_to_offer( const mbedtls_ssl_context *ssl, { ptrs_present = 1; } - +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) /* Check if a ticket has been configured. */ if( ssl->session_negotiate != NULL && ssl->session_negotiate->ticket != NULL ) @@ -1487,6 +1487,7 @@ static inline int mbedtls_ssl_get_psk_to_offer( const mbedtls_ssl_context *ssl, } return( 0 ); } +#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */ /* Check if an external PSK has been configured. */ if( ssl->conf->psk != NULL ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6b75c8e10561..e5d6754a1fc9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4405,15 +4405,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -/* mbedtls_ssl_conf_tls13_key_exchange( ) allows to set the key exchange mode. */ -int mbedtls_ssl_conf_tls13_key_exchange( mbedtls_ssl_config* conf, - const int key_exchange_mode ) -{ - conf->key_exchange_modes = key_exchange_mode; - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + void mbedtls_ssl_remove_hs_psk( mbedtls_ssl_context* ssl ) @@ -4509,6 +4501,16 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/* mbedtls_ssl_conf_tls13_key_exchange( ) allows to set the key exchange mode. */ +int mbedtls_ssl_conf_tls13_key_exchange( mbedtls_ssl_config* conf, + const int key_exchange_mode ) +{ + conf->key_exchange_modes = key_exchange_mode; + return 0; +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ea2487b80b07..be1c6e8684f2 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -178,10 +178,12 @@ int ssl_write_early_data_process( mbedtls_ssl_context* ssl ) #endif /* MBEDTLS_SSL_USE_MPS */ #else /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_SSL_USE_MPS) ((void) buf); ((void) buf_len); ((void) msg); ((void) msg_len); +#endif /* Should never happen */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -339,9 +341,10 @@ static int ssl_write_early_data_coordinate( mbedtls_ssl_context* ssl ) static int ssl_write_early_data_postprocess( mbedtls_ssl_context* ssl ) { +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* Clear PSK we've used for the 0-RTT. */ mbedtls_ssl_remove_hs_psk( ssl ); - +#endif mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); return ( 0 ); } @@ -1006,7 +1009,7 @@ int mbedtls_ssl_write_pre_shared_key_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - +#if defined(MBEDTLS_SSL_COOKIE_C) static int ssl_write_cookie_ext( mbedtls_ssl_context *ssl, unsigned char* buf, unsigned char* end, @@ -1054,6 +1057,7 @@ static int ssl_write_cookie_ext( mbedtls_ssl_context *ssl, return( 0 ); } +#endif /* MBEDTLS_SSL_COOKIE_C */ #if defined(MBEDTLS_ECDH_C) /* @@ -1406,8 +1410,10 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) { #if defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO ); -#else +#elif defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); #endif /* MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE */ return( 0 ); @@ -1661,11 +1667,49 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, total_ext_len += cur_ext_len; buf += cur_ext_len; +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + /* The supported_groups and the key_share extensions are + * REQUIRED for ECDHE ciphersuites. + */ + ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; + + /* The supported_signature_algorithms extension is REQUIRED for + * certificate authenticated ciphersuites. */ + ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; + + /* We need to send the key shares under three conditions: + * 1 ) A certificate-based ciphersuite is being offered. In this case + * supported_groups and supported_signature extensions have been successfully added. + * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the + * psk_key_exchange_modes has been added as the last extension. + * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above ) + */ + + ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_COOKIE_C) /* For TLS / DTLS 1.3 we need to support the use of cookies * ( if the server provided them ) */ ssl_write_cookie_ext( ssl, buf, end, &cur_ext_len ); total_ext_len += cur_ext_len; buf += cur_ext_len; +#endif /* MBEDTLS_SSL_COOKIE_C */ #if defined(MBEDTLS_SSL_ALPN) ssl_write_alpn_ext( ssl, buf, end, &cur_ext_len ); @@ -1719,42 +1763,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, buf += cur_ext_len; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - /* The supported_groups and the key_share extensions are - * REQUIRED for ECDHE ciphersuites. - */ - ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); - if( ret != 0 ) - return( ret ); - - total_ext_len += cur_ext_len; - buf += cur_ext_len; - - /* The supported_signature_algorithms extension is REQUIRED for - * certificate authenticated ciphersuites. */ - ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len ); - if( ret != 0 ) - return( ret ); - - total_ext_len += cur_ext_len; - buf += cur_ext_len; - - /* We need to send the key shares under three conditions: - * 1 ) A certificate-based ciphersuite is being offered. In this case - * supported_groups and supported_signature extensions have been successfully added. - * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the - * psk_key_exchange_modes has been added as the last extension. - * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above ) - */ - - ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); - if( ret != 0 ) - return( ret ); - - total_ext_len += cur_ext_len; - buf += cur_ext_len; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) { size_t bytes_written; @@ -2459,7 +2467,7 @@ static int ssl_encrypted_extensions_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_fetch_handshake_msg( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, &buf, &buflen ) ); - + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) ); /* Process the message contents */ MBEDTLS_SSL_PROC_CHK( ssl_encrypted_extensions_parse( ssl, buf, buflen ) ); @@ -3926,7 +3934,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %s(%d)", mbedtls_debug_get_state_string(ssl->state), ssl->state ) ); if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) return( ret ); @@ -3945,10 +3953,20 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = ssl_client_hello_process( ssl ); break; +#if defined(MBEDTLS_TLS13_EARLY_DATA) case MBEDTLS_SSL_EARLY_APP_DATA: ret = ssl_write_early_data_process( ssl ); break; - + /* + * ==> (EndOfEarlyData) + * (Certificate) + * (CertificateVerify) + * (Finished) + */ + case MBEDTLS_SSL_END_OF_EARLY_DATA: + ret = ssl_write_end_of_early_data_process( ssl ); + break; +#endif /* MBEDTLS_TLS13_EARLY_DATA */ /* * <== ServerHello / HelloRetryRequest * EncryptedExtensions @@ -3981,16 +3999,6 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_finished_in_process( ssl ); break; - /* - * ==> (EndOfEarlyData) - * (Certificate) - * (CertificateVerify) - * (Finished) - */ - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_write_end_of_early_data_process( ssl ); - break; - case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = mbedtls_ssl_write_certificate_process( ssl ); break; @@ -4003,6 +4011,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_finished_out_process( ssl ); break; +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) /* * <== NewSessionTicket */ @@ -4014,6 +4023,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET; break; +#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */ /* * Injection of dummy-CCS's for middlebox compatibility diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 134fbb50231b..b58f39caa1ca 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -383,7 +383,11 @@ static int ssl_write_change_cipher_spec_postprocess( mbedtls_ssl_context* ssl ) switch( ssl->state ) { case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); +#endif break; case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); @@ -2269,8 +2273,11 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl ) if( ret != 0 ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_EARLY_APP_DATA ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif } else #endif /* MBEDTLS_SSL_SRV_C */ @@ -2457,8 +2464,13 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) if( ret != 0 ) return( ret ); #endif /* MBEDTLS_SSL_USE_MPS */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); +#elif defined(MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#endif return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index b19504c2f631..100c39b7d94f 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1254,11 +1254,16 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early_data( return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - + const unsigned char *input = NULL; + size_t input_len = 0; +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + input = ssl->handshake->psk; + input_len = ssl->handshake->psk_len; +#endif ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, /* Old secret */ - ssl->handshake->psk, - ssl->handshake->psk_len, + input, + input_len, ssl->handshake->tls1_3_master_secrets.early ); if( ret != 0 ) { diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 44b3ee1cdbb7..1942e02f5b38 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -652,10 +652,10 @@ int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl, size_t *actual_len, int from ); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0 #define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1 +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /** * \brief Calculate a TLS 1.3 PSK binder. * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 51977c79941c..793823f8d518 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -708,7 +708,7 @@ int mbedtls_ssl_parse_client_psk_identity_ext( if( diff > MBEDTLS_SSL_TICKET_AGE_TOLERANCE ) { MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Ticket age outside tolerance window ( diff=%lld )", + ( "Ticket age outside tolerance window ( diff=%ld )", diff ) ); ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; } @@ -724,7 +724,7 @@ int mbedtls_ssl_parse_client_psk_identity_ext( else { MBEDTLS_SSL_DEBUG_MSG( 3, - ( "0-RTT is disabled ( diff=%lld exceeds "\ + ( "0-RTT is disabled ( diff=%ld exceeds "\ "MBEDTLS_SSL_EARLY_DATA_MAX_DELAY )", diff ) ); ssl->session_negotiate->process_early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; @@ -1803,16 +1803,16 @@ static int ssl_early_data_fetch( mbedtls_ssl_context* ssl, size_t* buflen ); #endif /* MBEDTLS_SSL_USE_MPS */ #endif /* MBEDTLS_ZERO_RTT */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ); - +#endif #if defined(MBEDTLS_ZERO_RTT) /* Parse early data send by the peer. */ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, unsigned char const* buf, size_t buflen ); #endif /* MBEDTLS_ZERO_RTT */ - +#if defined(MBEDTLS_TLS13_EARLY_DATA) /* Update the state after handling the incoming early data message. */ static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ); @@ -1873,6 +1873,7 @@ int ssl_read_early_data_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse early data" ) ); return( ret ); } +#endif #if defined(MBEDTLS_ZERO_RTT) #if defined(MBEDTLS_SSL_USE_MPS) @@ -1923,11 +1924,13 @@ static int ssl_early_data_fetch( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_ZERO_RTT */ #if !defined(MBEDTLS_ZERO_RTT) +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) { ((void) ssl); return( SSL_EARLY_DATA_SKIP ); } +#endif #else /* MBEDTLS_ZERO_RTT */ static int ssl_read_early_data_coordinate( mbedtls_ssl_context* ssl ) { @@ -2002,11 +2005,13 @@ static int ssl_read_early_data_parse( mbedtls_ssl_context* ssl, } #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_TLS13_EARLY_DATA) static int ssl_read_early_data_postprocess( mbedtls_ssl_context* ssl ) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_END_OF_EARLY_DATA ); return ( 0 ); } +#endif /* MBEDTLS_TLS13_EARLY_DATA */ /* @@ -2257,13 +2262,15 @@ static int ssl_client_hello_parse( mbedtls_ssl_context* ssl, int ret; size_t i, j; size_t comp_len, sess_len; - size_t ciph_len, ext_len, ext_len_psk_ext = 0; + size_t ciph_len, ext_len; unsigned char *orig_buf, *end = buf + buflen; unsigned char *ciph_offset; unsigned char *p = NULL; unsigned char *ext = NULL; unsigned char *ext_psk_ptr = NULL; - +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + size_t ext_len_psk_ext = 0; +#endif const int* ciphersuites; const mbedtls_ssl_ciphersuite_t* ciphersuite_info; @@ -2728,6 +2735,7 @@ static int ssl_client_hello_parse( mbedtls_ssl_context* ssl, return( ret ); #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_kex_with_psk( ssl ) ) { @@ -2741,7 +2749,7 @@ static int ssl_client_hello_parse( mbedtls_ssl_context* ssl, return( ret ); } } - +#endif #if defined(MBEDTLS_SSL_COOKIE_C) /* If we failed to see a cookie extension, and we required it through the * configuration settings ( rr_config ), then we need to send a HRR msg. @@ -3080,14 +3088,24 @@ static int ssl_encrypted_extensions_write( mbedtls_ssl_context* ssl, size_t buflen, size_t* olen ) { + + size_t enc_ext_len; + unsigned char *p, *len; +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) || \ + defined(MBEDTLS_SSL_ALPN) || \ + defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || \ + defined(MBEDTLS_ZERO_RTT) int ret; - size_t n, enc_ext_len; - unsigned char *p, *end, *len; + size_t n; + unsigned char *end; + end = buf + buflen; +#else + ((void) ssl); + ((void) buflen); +#endif /* If all extensions are disabled then olen is 0. */ *olen = 0; - - end = buf + buflen; p = buf; /* @@ -3336,7 +3354,7 @@ static int ssl_write_hello_retry_request_write( mbedtls_ssl_context* ssl, int ret; unsigned char *p = buf; unsigned char *end = buf + buflen; - unsigned char *ext_len_byte; + size_t ext_length; size_t total_ext_len = 0; unsigned char *extension_start; @@ -3406,7 +3424,7 @@ static int ssl_write_hello_retry_request_write( mbedtls_ssl_context* ssl, * } Cookie; * */ - + unsigned char *ext_len_byte; /* Write extension header */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_COOKIE >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_COOKIE >> 0 ) & 0xFF ); @@ -3896,7 +3914,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %s(%d)", mbedtls_debug_get_state_string(ssl->state), ssl->state ) ); #if !defined(MBEDTLS_SSL_USE_MPS) if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) @@ -3931,6 +3949,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) break; +#if defined(MBEDTLS_TLS13_EARLY_DATA) /* ----- WRITE EARLY APP DATA ----*/ case MBEDTLS_SSL_EARLY_APP_DATA: @@ -3940,9 +3959,11 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "ssl_read_early_data_process", ret ); return ( ret ); } - break; - + case MBEDTLS_SSL_END_OF_EARLY_DATA: + ret = ssl_read_end_of_early_data_process( ssl ); + break; +#endif /* ----- WRITE HELLO RETRY REQUEST ----*/ case MBEDTLS_SSL_HELLO_RETRY_REQUEST: @@ -4064,10 +4085,6 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_read_certificate_verify_process( ssl ); break; - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_read_end_of_early_data_process( ssl ); - break; - /* ----- READ FINISHED ----*/ case MBEDTLS_SSL_CLIENT_FINISHED: @@ -4095,22 +4112,21 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_USE_MPS */ mbedtls_ssl_handshake_wrapup_tls13( ssl ); +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET ); - +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); +#endif break; - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: - #if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) - + case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: ret = ssl_write_new_session_ticket_process( ssl ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_new_session_ticket ", ret ); return( ret ); } -#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */ - break; case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET_FLUSH: @@ -4119,6 +4135,7 @@ int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) return( ret ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); break; +#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index f9e031b587c3..27d1fd1ca1d9 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -24,6 +24,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" +#include "mbedtls/platform_time.h" #else #include #include diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8e02b4538835..efb1622c2a05 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1431,6 +1431,7 @@ cleanup: return( ret ); } +#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET) /* * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. @@ -1515,6 +1516,7 @@ static int ssl_populate_session_tls12( mbedtls_ssl_session *session, return( 0 ); } +#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */ /* * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the @@ -3888,7 +3890,7 @@ void ssl_tls1_3_derive_application_secrets( int hash_alg, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_tls1_3_derive_resumption_secrets( int hash_alg, data_t *secret, data_t *transcript, @@ -3914,7 +3916,7 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ void ssl_tls1_3_create_psk_binder( int hash_alg, data_t *psk, int psk_type, @@ -3991,7 +3993,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) { mbedtls_ssl_session original, restored; @@ -4089,7 +4091,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_serialize_session_load_save( int ticket_len, char *crt_file ) { mbedtls_ssl_session session; @@ -4139,7 +4141,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file ) { mbedtls_ssl_session session; @@ -4175,7 +4177,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file ) { mbedtls_ssl_session session; @@ -4217,7 +4219,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_NEW_SESSION_TICKET */ void ssl_session_serialize_version_check( int corrupt_major, int corrupt_minor, int corrupt_patch,