Merge pull request #6112 from ronald-cron-arm/tls13-negotiated-key-exchange-mode

TLS 1.3: Add specific field to store the selected key exchange mode
Validated by the internal CI merge job.
This commit is contained in:
Ronald Cron 2022-07-21 15:46:35 +02:00 committed by GitHub
commit 892747015d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 15 deletions

View File

@ -611,14 +611,19 @@ struct mbedtls_ssl_handshake_params
* Handshake specific crypto variables
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
uint8_t key_exchange_mode; /*!< Selected key exchange mode */
/** Number of HelloRetryRequest messages received/sent from/to the server. */
int hello_retry_request_count;
#if defined(MBEDTLS_SSL_SRV_C)
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@ -1769,6 +1774,7 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/**
* Given a list of key exchange modes, check if at least one of them is
* supported.
@ -1815,6 +1821,30 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
/*
* Helper functions to check the selected key exchange mode.
*/
static inline int mbedtls_ssl_tls13_key_exchange_mode_check(
mbedtls_ssl_context *ssl, int kex_mask )
{
return( ( ssl->handshake->key_exchange_mode & kex_mask ) != 0 );
}
static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk(
mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(
mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
/*
* Fetch TLS 1.3 handshake message header

View File

@ -1218,17 +1218,17 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
/* Neither pre_shared_key nor key_share extension was received */
@ -1477,7 +1477,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
buf, buf_len );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
@ -1512,12 +1512,6 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= skip parse certificate request" ) );
return( SSL_CERTIFICATE_REQUEST_SKIP );
}
if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );

View File

@ -1237,7 +1237,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
* client_handshake_traffic_secret and server_handshake_traffic_secret
* are derived in the handshake secret derivation stage.
*/
if( mbedtls_ssl_tls13_ephemeral_enabled( ssl ) )
if( mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
{
if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
{

View File

@ -397,7 +397,7 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
if( !ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) )
return( 0 );
ssl->handshake->tls13_kex_modes =
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
return( 1 );
}
@ -1167,7 +1167,7 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
* of the HRR is then to transmit a cookie to force the client to demonstrate
* reachability at their apparent network address (primarily useful for DTLS).
*/
if( ! mbedtls_ssl_tls13_some_ephemeral_enabled( ssl ) )
if( ! mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
return( 0 );
/* We should only send the key_share extension if the client's initial
@ -1555,7 +1555,7 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
ssl, buf_len, msg_len ) );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );