From 98545f128a030051713bf58e3745ccdd58737f8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 Jul 2014 22:10:43 +0200 Subject: [PATCH] Generate random key for HelloVerifyRequest --- include/polarssl/ssl.h | 4 ++++ library/ssl_srv.c | 44 +++++++++++++++++++++++++------------- library/ssl_tls.c | 1 + programs/ssl/ssl_server2.c | 9 ++++++++ 4 files changed, 43 insertions(+), 15 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 6e40c329fe..05bb3de31f 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -881,6 +881,7 @@ struct _ssl_context #if defined(POLARSSL_SSL_PROTO_DTLS) && defined(POLARSSL_SSL_SRV_C) unsigned char *cli_id; /*!< transport-level ID of the client */ size_t cli_id_len; /*!< length of cli_id */ + md_context_t hvr_hmac_ctx; /*!< HMAC data for HelloVerifyRequest */ #endif /* @@ -1091,6 +1092,9 @@ void ssl_set_bio( ssl_context *ssl, int ssl_set_client_transport_id( ssl_context *ssl, const unsigned char *info, size_t ilen ); + +/* Temporary */ +int ssl_setup_hvr_key( ssl_context *ssl ); #endif /* POLARSSL_SSL_PROTO_DTLS && POLARSSL_SSL_SRV_C */ /** diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 521552dec6..2b1a654ba4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1159,6 +1159,30 @@ have_ciphersuite_v2: #error "DTLS hello verify needs SHA-1 or SHA-2" #endif +/* + * Generate server key for HelloVerifyRequest + */ +int ssl_setup_hvr_key( ssl_context *ssl ) +{ + int ret; + unsigned char key[HVR_MD_LEN]; + + if( ( ret = ssl->f_rng( ssl->p_rng, key, sizeof( key ) ) ) != 0 ) + return( ret ); + + ret = md_init_ctx( &ssl->hvr_hmac_ctx, md_info_from_type( HVR_MD ) ); + if( ret != 0 ) + return( ret ); + + ret = md_hmac_starts( &ssl->hvr_hmac_ctx, key, sizeof( key ) ); + if( ret != 0 ) + return( ret ); + + polarssl_zeroize( key, sizeof( key ) ); + + return( 0 ); +} + /* * Generate cookie for DTLS ClientHello verification */ @@ -1168,10 +1192,6 @@ static int ssl_generate_verify_cookie( ssl_context *ssl ) unsigned char *cookie = ssl->handshake->verify_cookie; unsigned char cookie_len; unsigned char hmac_out[HVR_MD_LEN]; - unsigned char hmac_key[32] = { 0 }; /* temporary! */ - md_context_t hmac_ctx; - - md_init( &hmac_ctx ); polarssl_free( cookie ); @@ -1183,23 +1203,17 @@ static int ssl_generate_verify_cookie( ssl_context *ssl ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); } - /* Do a HMAC of client id */ - ret = md_init_ctx( &hmac_ctx, md_info_from_type( HVR_MD ) ); - if( ret != 0 ) + if( ( ret = md_hmac_reset( &ssl->hvr_hmac_ctx ) ) != 0 || + ( ret = md_hmac_update( &ssl->hvr_hmac_ctx, + ssl->cli_id, ssl->cli_id_len ) ) != 0 || + ( ret = md_hmac_finish( &ssl->hvr_hmac_ctx, hmac_out ) ) != 0 ) { - SSL_DEBUG_RET( 0, "md_init_ctx", ret ); + SSL_DEBUG_RET( 1, "md_hmac", ret ); return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); } - /* Only possible error is if hmac_ctx wasn't initialized */ - (void) md_hmac_starts( &hmac_ctx, hmac_key, sizeof( hmac_key ) ); - (void) md_hmac_update( &hmac_ctx, ssl->cli_id, ssl->cli_id_len ); - (void) md_hmac_finish( &hmac_ctx, hmac_out ); - memcpy( cookie, hmac_out, HVR_MD_USE ); - md_free( &hmac_ctx ); - ssl->handshake->verify_cookie = cookie; ssl->handshake->verify_cookie_len = cookie_len; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d854199430..d0f1ccc9fd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5041,6 +5041,7 @@ void ssl_free( ssl_context *ssl ) #if defined(POLARSSL_SSL_PROTO_DTLS) && defined(POLARSSL_SSL_SRV_C) polarssl_free( ssl->cli_id ); + md_free( &ssl->hvr_hmac_ctx ); #endif SSL_DEBUG_MSG( 2, ( "<= free" ) ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index bb8e62b09d..07c1e07790 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1344,6 +1344,15 @@ int main( int argc, char *argv[] ) ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout ); #endif +#if defined(POLARSSL_SSL_PROTO_DTLS) + if( opt.transport == SSL_TRANSPORT_DATAGRAM && + ( ret = ssl_setup_hvr_key( &ssl ) ) != 0 ) + { + printf( " failed\n ! ssl_setup_hvr_key returned %d\n\n", ret ); + goto exit; + } +#endif + if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );