fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
da8cdf2fa9
commit
0b32c502a4
@ -218,57 +218,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* The ssl_tls13_create_verify_structure() creates the verify structure.
|
||||
* As input, it requires the transcript hash.
|
||||
*
|
||||
* The caller has to ensure that the buffer has size at least
|
||||
* SSL_VERIFY_STRUCT_MAX_SIZE bytes.
|
||||
*/
|
||||
static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
|
||||
size_t transcript_hash_len,
|
||||
unsigned char *verify_buffer,
|
||||
size_t *verify_buffer_len,
|
||||
int from )
|
||||
{
|
||||
size_t idx;
|
||||
|
||||
/* RFC 8446, Section 4.4.3:
|
||||
*
|
||||
* The digital signature [in the CertificateVerify message] is then
|
||||
* computed over the concatenation of:
|
||||
* - A string that consists of octet 32 (0x20) repeated 64 times
|
||||
* - The context string
|
||||
* - A single 0 byte which serves as the separator
|
||||
* - The content to be signed
|
||||
*/
|
||||
uint8_t const verify_padding_val = 0x20;
|
||||
size_t const verify_padding_len = 64;
|
||||
|
||||
memset( verify_buffer, verify_padding_val, verify_padding_len );
|
||||
idx = verify_padding_len;
|
||||
|
||||
if( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
|
||||
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
|
||||
}
|
||||
else
|
||||
{ /* from == MBEDTLS_SSL_IS_SERVER */
|
||||
memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
|
||||
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
|
||||
}
|
||||
|
||||
verify_buffer[idx++] = 0x0;
|
||||
|
||||
memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
|
||||
idx += transcript_hash_len;
|
||||
|
||||
*verify_buffer_len = idx;
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
/*
|
||||
* STATE HANDLING: Read CertificateVerify
|
||||
*/
|
||||
@ -296,8 +245,52 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
|
||||
MBEDTLS_TLS1_3_MD_MAX_SIZE \
|
||||
)
|
||||
|
||||
/*
|
||||
* The ssl_tls13_create_verify_structure() creates the verify structure.
|
||||
* As input, it requires the transcript hash.
|
||||
*
|
||||
* The caller has to ensure that the buffer has size at least
|
||||
* SSL_VERIFY_STRUCT_MAX_SIZE bytes.
|
||||
*/
|
||||
static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
|
||||
size_t transcript_hash_len,
|
||||
unsigned char *verify_buffer,
|
||||
size_t *verify_buffer_len,
|
||||
int from )
|
||||
{
|
||||
size_t idx;
|
||||
|
||||
/* RFC 8446, Section 4.4.3:
|
||||
*
|
||||
* The digital signature [in the CertificateVerify message] is then
|
||||
* computed over the concatenation of:
|
||||
* - A string that consists of octet 32 (0x20) repeated 64 times
|
||||
* - The context string
|
||||
* - A single 0 byte which serves as the separator
|
||||
* - The content to be signed
|
||||
*/
|
||||
memset( verify_buffer, 0x20, 64 );
|
||||
idx = 64;
|
||||
|
||||
if( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
|
||||
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
|
||||
}
|
||||
else
|
||||
{ /* from == MBEDTLS_SSL_IS_SERVER */
|
||||
memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
|
||||
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
|
||||
}
|
||||
|
||||
verify_buffer[idx++] = 0x0;
|
||||
|
||||
memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
|
||||
idx += transcript_hash_len;
|
||||
|
||||
*verify_buffer_len = idx;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg )
|
||||
{
|
||||
const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
|
||||
@ -310,7 +303,7 @@ static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
|
||||
static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
const unsigned char *verify_buffer,
|
||||
@ -350,7 +343,7 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
|
||||
* Check if algorithm in offered signature algorithms. Send `unsupported_certificate`
|
||||
* alert message on failure.
|
||||
*/
|
||||
if( ssl_tls13_sig_alg_is_offered( ssl, algorithm ) == 0 )
|
||||
if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
|
||||
{
|
||||
/* algorithm not in offered signature algorithms list */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
|
||||
@ -429,12 +422,9 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl,
|
||||
break;
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
default:
|
||||
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
@ -481,13 +471,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
unsigned char *buf;
|
||||
size_t buf_len;
|
||||
|
||||
if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
if( ssl->session_negotiate->peer_cert == NULL )
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(
|
||||
@ -495,9 +478,9 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
|
||||
|
||||
/* Need to calculate the hash of the transcript first
|
||||
* before reading the message since otherwise it gets
|
||||
* included in the transcript
|
||||
*/
|
||||
* before reading the message since otherwise it gets
|
||||
* included in the transcript
|
||||
*/
|
||||
ret = mbedtls_ssl_get_handshake_transcript( ssl,
|
||||
ssl->handshake->ciphersuite_info->mac,
|
||||
transcript, sizeof( transcript ),
|
||||
@ -514,15 +497,16 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
|
||||
/* Create verify structure */
|
||||
ssl_tls13_create_verify_structure( transcript,
|
||||
transcript_len,
|
||||
verify_buffer,
|
||||
&verify_buffer_len,
|
||||
!ssl->conf->endpoint );
|
||||
transcript_len,
|
||||
verify_buffer,
|
||||
&verify_buffer_len,
|
||||
( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ?
|
||||
MBEDTLS_SSL_IS_SERVER :
|
||||
MBEDTLS_SSL_IS_CLIENT );
|
||||
|
||||
/* Process the message contents */
|
||||
MBEDTLS_SSL_PROC_CHK(
|
||||
ssl_tls13_process_certificate_verify_parse( ssl,
|
||||
buf, buf + buf_len, verify_buffer, verify_buffer_len ) );
|
||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
|
||||
buf + buf_len, verify_buffer, verify_buffer_len ) );
|
||||
|
||||
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
|
||||
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user