mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add the 'cookie' field of DTLS ClientHello

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-21 09:40:12 +01:00 committed by Paul Bakker
parent 8933a65d5c
commit 4128aa71ee
2 changed files with 65 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
library/ssl_cli.c
View File

@ -520,11 +520,13 @@ static int ssl_write_client_hello( ssl_context *ssl )
/* /*
* 38 . 38 session id length * 38 . 38 session id length
* 39 . 39+n session id * 39 . 39+n session id
* 40+n . 41+n ciphersuitelist length * 39+n . 39+n DTLS only: cookie length (1 byte)
* 42+n . .. ciphersuitelist * 40+n . .. DTSL only: cookie
* .. . .. compression methods length * .. . .. ciphersuitelist length (2 bytes)
* .. . .. ciphersuitelist
* .. . .. compression methods length (1 byte)
* .. . .. compression methods * .. . .. compression methods
* .. . .. extensions length * .. . .. extensions length (2 bytes)
* .. . .. extensions * .. . .. extensions
*/ */
n = ssl->session_negotiate->length; n = ssl->session_negotiate->length;
@ -561,16 +563,29 @@ static int ssl_write_client_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver]; /*
n = 0; * DTLS cookie
q = p; */
#if defined(POLARSSL_SSL_PROTO_DTLS)
// Skip writing ciphersuite length for now if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
p += 2; {
/* TODO-DTLS: for now, just send an empty cookie, later on must send
* back the cookie from HelloVerifyRequest */
*p++ = 0;
}
#endif
/* /*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV * Ciphersuite list
*/ */
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
/* Skip writing ciphersuite length for now */
n = 0;
q = p;
p += 2;
/* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
{ {
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );

45
library/ssl_srv.c
View File

@ -1122,6 +1122,9 @@ static int ssl_parse_client_hello( ssl_context *ssl )
unsigned int i, j; unsigned int i, j;
unsigned int ciph_offset, comp_offset, ext_offset; unsigned int ciph_offset, comp_offset, ext_offset;
unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len; unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len;
#if defined(POLARSSL_SSL_PROTO_DTLS)
unsigned int cookie_offset, cookie_len;
#endif
unsigned char *buf, *p, *ext; unsigned char *buf, *p, *ext;
int renegotiation_info_seen = 0; int renegotiation_info_seen = 0;
int handshake_failure = 0; int handshake_failure = 0;
@ -1249,11 +1252,13 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* 0 . 0 handshake type * 0 . 0 handshake type
* 1 . 3 handshake length * 1 . 3 handshake length
* 4 . 5 protocol version * 4 . 5 protocol version
* 6 . 37 random bytes (starting with 4 byte of Unix time) * 6 . 37 random bytes (starting with 4 bytes of Unix time)
* 38 . 38 session id length * 38 . 38 session id length (1 byte)
* 39 . 38+x session id * 39 . 38+x session id
* 39+x . 40+x ciphersuite list length * 39+x . 39+x DTLS only: cookie length (1 byte)
* 41+x . .. ciphersuite list * 40+x . .. DTSL only: cookie
* .. . .. ciphersuite list length (2 bytes)
* .. . .. ciphersuite list
* .. . .. compression alg. list length (1 byte) * .. . .. compression alg. list length (1 byte)
* .. . .. compression alg. list * .. . .. compression alg. list
* .. . .. extensions length (2 bytes, optional) * .. . .. extensions length (2 bytes, optional)
@ -1333,7 +1338,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
sess_len = buf[38]; sess_len = buf[38];
if( sess_len > sizeof( ssl->session_negotiate->id ) || if( sess_len > sizeof( ssl->session_negotiate->id ) ||
sess_len + 39 + 2 > msg_len ) /* 2 for cipherlist length field */ sess_len + 38 + 2 > msg_len ) /* 2 for cipherlist length field */
{ {
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@ -1348,10 +1353,38 @@ static int ssl_parse_client_hello( ssl_context *ssl )
memcpy( ssl->session_negotiate->id, buf + 39, memcpy( ssl->session_negotiate->id, buf + 39,
ssl->session_negotiate->length ); ssl->session_negotiate->length );
/*
* Check the cookie length and content
*/
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
{
cookie_offset = 39 + sess_len;
cookie_len = buf[cookie_offset];
if( // cookie_len > <MAX> || // TODO-DTLS
cookie_offset + 1 + cookie_len + 2 > msg_len )
{
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
SSL_DEBUG_BUF( 3, "client hello, cookie",
buf + cookie_offset + 1, cookie_len );
// TODO-DTLS: check cookie, reject if invalid!
}
#endif
/* /*
* Check the ciphersuitelist length (will be parsed later) * Check the ciphersuitelist length (will be parsed later)
*/ */
ciph_offset = 39 + sess_len; #if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
ciph_offset = cookie_offset + 1 + cookie_len;
else
#endif
ciph_offset = 39 + sess_len;
ciph_len = ( buf[ciph_offset + 0] << 8 ) ciph_len = ( buf[ciph_offset + 0] << 8 )
| ( buf[ciph_offset + 1] ); | ( buf[ciph_offset + 1] );