From e19e3b9eb89bf560f8e1d544fa4635847a647cf4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 8 Jul 2022 12:04:51 +0000 Subject: [PATCH 1/6] Add psk_key_exchange_modes parser Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 9 ++++++ library/ssl_tls13_server.c | 64 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b3b5d47f84..7893edd130 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -169,6 +169,15 @@ /** Invalid value in SSL config */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 +/* + * Constants from RFC 8446 for TLS 1.3 PSK modes + * + * Those are used in the Pre-Shared Key Exchange Modes extension. + * See Section 4.2.9 in RFC 8446. + */ +#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE 0 /* Pure PSK-based exchange */ +#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE 1 /* PSK+ECDHE-based exchange */ + /* * TLS 1.3 NamedGroup values * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7d99433a90..fc5ceebf04 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -45,6 +45,53 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +/* From RFC 8446: + * + * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; + * struct { + * PskKeyExchangeMode ke_modes<1..255>; + * } PskKeyExchangeModes; + */ +static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end) +{ + size_t ke_modes_len; + int ke_modes = 0; + + /* Read PSK mode list length (1 Byte) */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 1 ); + ke_modes_len = *buf++; + /* Currently, there are only two PSK modes, so even without looking + * at the content, something's wrong if the list has more than 2 items. */ + if( ke_modes_len > 2 ) + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + + MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, ke_modes_len ); + + while( ke_modes_len-- != 0 ) + { + switch( *buf++ ) + { + case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: + ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK KEX MODE" ) ); + break; + case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: + ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK_EPHEMERAL KEX MODE" ) ); + break; + default: + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + } + + ssl->handshake->tls13_kex_modes = ke_modes; + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + /* From RFC 8446: * struct { * ProtocolVersion versions<2..254>; @@ -754,6 +801,23 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS; break; +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found psk key exchange modes extension" ) ); + + ret = ssl_tls13_parse_key_exchange_modes_ext( + ssl, p, extension_data_end ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_key_exchange_modes_ext", ret ); + return( ret ); + } + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; + break; +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); From e36397d13b8877a648479ff327db5fb5e8d71871 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 9 Jul 2022 04:20:59 +0000 Subject: [PATCH 2/6] add tests for psk_key_exchange_mode To confirm, psk_key_exchange_modes were received and parsed. Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 80b7806e78..c934811216 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2229,41 +2229,95 @@ run_test "SHA-256 allowed by default in client certificate" \ # ssl_client2/ssl_server2 example programs works. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: PSK only" \ "$P_SRV tls13_kex_modes=psk debug_level=4" \ "$P_CLI tls13_kex_modes=psk debug_level=4" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: PSK-ephemeral only" \ "$P_SRV tls13_kex_modes=psk_ephemeral" \ "$P_CLI tls13_kex_modes=psk_ephemeral" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: Pure-ephemeral only" \ "$P_SRV tls13_kex_modes=ephemeral" \ "$P_CLI tls13_kex_modes=ephemeral" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All ephemeral" \ "$P_SRV tls13_kex_modes=ephemeral_all" \ "$P_CLI tls13_kex_modes=ephemeral_all" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All PSK" \ "$P_SRV tls13_kex_modes=psk_all" \ "$P_CLI tls13_kex_modes=psk_all" \ 0 + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C run_test "TLS 1.3: key exchange mode parameter passing: All" \ "$P_SRV tls13_kex_modes=all" \ "$P_CLI tls13_kex_modes=all" \ 0 +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->m" \ + "$P_SRV force_version=tls13 debug_level=5" \ + "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70 -allow_no_dhe_kex" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, G->m" \ + "$P_SRV force_version=tls13 debug_level=5" \ + "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->G" \ + "$G_NEXT_SRV -d 50 --pskpasswd data_files/passwd.psk --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ + "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70" \ + 0 + # Tests for datagram packing requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client and server" \ From fe52e553016a99043761b56f5a9c6e796e7f3f78 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 9 Jul 2022 04:23:43 +0000 Subject: [PATCH 3/6] redirect stderr output in ubuntu22.04 Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c934811216..10aaa4a359 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -878,7 +878,7 @@ wait_client_done() { CLI_EXIT=$? kill $DOG_PID >/dev/null 2>&1 - wait $DOG_PID + wait $DOG_PID >> $CLI_OUT 2>&1 echo "EXIT: $CLI_EXIT" >> $CLI_OUT From 299e31f10e834b3452302d424b55db690ad7b143 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 13 Jul 2022 23:06:36 +0800 Subject: [PATCH 4/6] fix various issue - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 17 ++++++++++++----- tests/ssl-opt.sh | 11 ++--------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fc5ceebf04..84b6b8096b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -55,24 +55,29 @@ */ static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, - const unsigned char *end) + const unsigned char *end ) { + const unsigned char *p = buf; size_t ke_modes_len; int ke_modes = 0; /* Read PSK mode list length (1 Byte) */ - MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 1 ); - ke_modes_len = *buf++; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 ); + ke_modes_len = *p++; /* Currently, there are only two PSK modes, so even without looking * at the content, something's wrong if the list has more than 2 items. */ if( ke_modes_len > 2 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } - MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, ke_modes_len ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ke_modes_len ); while( ke_modes_len-- != 0 ) { - switch( *buf++ ) + switch( *p++ ) { case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; @@ -83,6 +88,8 @@ static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK_EPHEMERAL KEX MODE" ) ); break; default: + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 10aaa4a359..979ae7a621 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -878,6 +878,8 @@ wait_client_done() { CLI_EXIT=$? kill $DOG_PID >/dev/null 2>&1 + # For ubuntu 22.04, `Terminated` message is outputed from `wait` command. + # to eliminate it from stdout, redirect stdout/stderr to CLI_OUT wait $DOG_PID >> $CLI_OUT 2>&1 echo "EXIT: $CLI_EXIT" >> $CLI_OUT @@ -2309,15 +2311,6 @@ run_test "TLS 1.3: psk_key_exchange_modes: basic check, G->m" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->G" \ - "$G_NEXT_SRV -d 50 --pskpasswd data_files/passwd.psk --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 - # Tests for datagram packing requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS: multiple records in same datagram, client and server" \ From c52e3bd93bd030f3c62b4f2e54472cbc46966f18 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 14 Jul 2022 10:48:46 +0800 Subject: [PATCH 5/6] Improve comment Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 979ae7a621..68a2d778b7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -878,8 +878,8 @@ wait_client_done() { CLI_EXIT=$? kill $DOG_PID >/dev/null 2>&1 - # For ubuntu 22.04, `Terminated` message is outputed from `wait` command. - # to eliminate it from stdout, redirect stdout/stderr to CLI_OUT + # For Ubuntu 22.04, `Terminated` message is outputed by wait command. + # To remove it from stdout, redirect stdout/stderr to CLI_OUT wait $DOG_PID >> $CLI_OUT 2>&1 echo "EXIT: $CLI_EXIT" >> $CLI_OUT From 854dd9e23f8b117624ef6c50ec6f7ed2e191d4e0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 15 Jul 2022 14:28:27 +0800 Subject: [PATCH 6/6] fix comment issue Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 84b6b8096b..7c28c578c2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -61,7 +61,7 @@ static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl, size_t ke_modes_len; int ke_modes = 0; - /* Read PSK mode list length (1 Byte) */ + /* Read ke_modes length (1 Byte) */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 ); ke_modes_len = *p++; /* Currently, there are only two PSK modes, so even without looking