diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2a8695a475..d42e463a93 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -218,57 +218,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, return( 0 ); } -/* - * The ssl_tls13_create_verify_structure() creates the verify structure. - * As input, it requires the transcript hash. - * - * The caller has to ensure that the buffer has size at least - * SSL_VERIFY_STRUCT_MAX_SIZE bytes. - */ -static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash, - size_t transcript_hash_len, - unsigned char *verify_buffer, - size_t *verify_buffer_len, - int from ) -{ - size_t idx; - - /* RFC 8446, Section 4.4.3: - * - * The digital signature [in the CertificateVerify message] is then - * computed over the concatenation of: - * - A string that consists of octet 32 (0x20) repeated 64 times - * - The context string - * - A single 0 byte which serves as the separator - * - The content to be signed - */ - uint8_t const verify_padding_val = 0x20; - size_t const verify_padding_len = 64; - - memset( verify_buffer, verify_padding_val, verify_padding_len ); - idx = verify_padding_len; - - if( from == MBEDTLS_SSL_IS_CLIENT ) - { - memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) ); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv ); - } - else - { /* from == MBEDTLS_SSL_IS_SERVER */ - memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) ); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv ); - } - - verify_buffer[idx++] = 0x0; - - memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len ); - idx += transcript_hash_len; - - *verify_buffer_len = idx; -} - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - /* * STATE HANDLING: Read CertificateVerify */ @@ -296,8 +245,52 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash, MBEDTLS_TLS1_3_MD_MAX_SIZE \ ) +/* + * The ssl_tls13_create_verify_structure() creates the verify structure. + * As input, it requires the transcript hash. + * + * The caller has to ensure that the buffer has size at least + * SSL_VERIFY_STRUCT_MAX_SIZE bytes. + */ +static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash, + size_t transcript_hash_len, + unsigned char *verify_buffer, + size_t *verify_buffer_len, + int from ) +{ + size_t idx; + + /* RFC 8446, Section 4.4.3: + * + * The digital signature [in the CertificateVerify message] is then + * computed over the concatenation of: + * - A string that consists of octet 32 (0x20) repeated 64 times + * - The context string + * - A single 0 byte which serves as the separator + * - The content to be signed + */ + memset( verify_buffer, 0x20, 64 ); + idx = 64; + + if( from == MBEDTLS_SSL_IS_CLIENT ) + { + memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) ); + idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv ); + } + else + { /* from == MBEDTLS_SSL_IS_SERVER */ + memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) ); + idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv ); + } + + verify_buffer[idx++] = 0x0; + + memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len ); + idx += transcript_hash_len; + + *verify_buffer_len = idx; +} -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_alg ) { const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs; @@ -310,7 +303,7 @@ static int ssl_tls13_sig_alg_is_offered( mbedtls_ssl_context *ssl, uint16_t sig_ return 0; } -static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl, +static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end, const unsigned char *verify_buffer, @@ -350,7 +343,7 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl, * Check if algorithm in offered signature algorithms. Send `unsupported_certificate` * alert message on failure. */ - if( ssl_tls13_sig_alg_is_offered( ssl, algorithm ) == 0 ) + if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) ) { /* algorithm not in offered signature algorithms list */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not " @@ -429,12 +422,9 @@ static int ssl_tls13_process_certificate_verify_parse( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SHA512_C */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + default: + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + break; } if( ret != 0 ) @@ -481,13 +471,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ) unsigned char *buf; size_t buf_len; - if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - if( ssl->session_negotiate->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); MBEDTLS_SSL_PROC_CHK( @@ -495,9 +478,9 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); /* Need to calculate the hash of the transcript first - * before reading the message since otherwise it gets - * included in the transcript - */ + * before reading the message since otherwise it gets + * included in the transcript + */ ret = mbedtls_ssl_get_handshake_transcript( ssl, ssl->handshake->ciphersuite_info->mac, transcript, sizeof( transcript ), @@ -514,15 +497,16 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ) /* Create verify structure */ ssl_tls13_create_verify_structure( transcript, - transcript_len, - verify_buffer, - &verify_buffer_len, - !ssl->conf->endpoint ); + transcript_len, + verify_buffer, + &verify_buffer_len, + ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ? + MBEDTLS_SSL_IS_SERVER : + MBEDTLS_SSL_IS_CLIENT ); /* Process the message contents */ - MBEDTLS_SSL_PROC_CHK( - ssl_tls13_process_certificate_verify_parse( ssl, - buf, buf + buf_len, verify_buffer, verify_buffer_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf, + buf + buf_len, verify_buffer, verify_buffer_len ) ); mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );