Skip to content

Commit

Permalink
Merge pull request Mbed-TLS#389 from xkqian/fix_hrr_sha384
Browse files Browse the repository at this point in the history 
Fix Mbed-TLS#388 hrr test case failed in sha384 with openssl peer
  • Loading branch information
@yuhaoth
yuhaoth authored Jan 27, 2022
2 parents 007cf22 + dd42d8b commit 9ac52ff
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 26 deletions.
71 changes: 45 additions & 26 deletions library/ssl_tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -634,40 +634,59 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char hash_transcript[ MBEDTLS_MD_MAX_SIZE + 4 ];
size_t hash_olen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );

MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );

#if defined(MBEDTLS_SHA256_C)
ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA256,
hash_transcript,
sizeof( hash_transcript ),
&hash_olen );
if( ret != 0 )
if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
{
MBEDTLS_SSL_DEBUG_RET( 4, "ssl_hash_transcript_core", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-256 handshake transcript",
hash_transcript, hash_olen );
#if defined(MBEDTLS_SHA256_C)
ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA256,
hash_transcript,
sizeof( hash_transcript ),
&hash_olen );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 4, "ssl_hash_transcript_core", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-256 handshake transcript",
hash_transcript, hash_olen );

mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
ssl_update_checksum_sha256( ssl, hash_transcript, hash_olen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
#endif
ssl_update_checksum_sha256( ssl, hash_transcript, hash_olen );
#endif /* MBEDTLS_SHA256_C */

#if defined(MBEDTLS_SHA512_C)
ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA384,
hash_transcript,
sizeof( hash_transcript ),
&hash_olen );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 4, "ssl_hash_transcript_core", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
hash_transcript, hash_olen );
else if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
#if defined(MBEDTLS_SHA512_C)
ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA384,
hash_transcript,
sizeof( hash_transcript ),
&hash_olen );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 4, "ssl_hash_transcript_core", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
hash_transcript, hash_olen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
#else
mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
#endif
ssl_update_checksum_sha384( ssl, hash_transcript, hash_olen );
#endif /* MBEDTLS_SHA512_C */

}
return( ret );
}

Expand Down
28 changes: 28 additions & 0 deletions tests/ssl-opt.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2525,6 +2525,34 @@ run_test "TLS 1.3, TLS1-3-AES-128-CCM-SHA256 with ECDHE-ECDSA, SRV auth, HRR
-c "Ciphersuite is TLS1-3-AES-128-CCM-SHA256" \
-c "Verifying peer X.509 certificate... ok"

# configure client to initially sent incorrect group, which will be corrected with HRR from the server
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->O, TLS1-3-AES-256-GCM-SHA384 with ECDHE-ECDSA, SRV auth, HRR enforcing group" \
"$O_SRV -msg -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups P-256 -num_tickets 0 -no_resume_ephemeral -no_cache -stateless" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 tls13_kex_modes=ephemeral named_groups=secp384r1,secp256r1" \
0 \
-c "received HelloRetryRequest message" \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
-c "Verifying peer X.509 certificate... ok" \
-c "HTTP/1.0 200 ok"

# configure client to initially sent incorrect group, which will be corrected with HRR from the server
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 m->O, TLS1-3-AES-128-GCM-SHA256 with ECDHE-ECDSA, SRV auth, HRR enforcing group" \
"$O_SRV -msg -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -groups P-256 -num_tickets 0 -no_resume_ephemeral -no_cache -stateless" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 tls13_kex_modes=ephemeral named_groups=secp384r1,secp256r1" \
0 \
-c "received HelloRetryRequest message" \
-c "Protocol is TLSv1.3" \
-c "Ciphersuite is TLS1-3-AES-128-GCM-SHA256" \
-c "Verifying peer X.509 certificate... ok" \
-c "HTTP/1.0 200 ok"

# test early data status - not sent
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
Expand Down

0 comments on commit 9ac52ff

Please sign in to comment.