Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1315735 - TLS 1.3 draft 17 - Restructure PSK negotiation. r=mt
 - move ticket_age_add into NST
 - max_early_data_size as an extension.
 - Remove server signature algorithm sending

NOTE: This version fails some of the tests because I did not
update the canned server hello.
  • Loading branch information
ekr committed Nov 7, 2016
1 parent 32c1423 commit ffb635f
Show file tree
Hide file tree
Showing 10 changed files with 163 additions and 254 deletions.
79 changes: 13 additions & 66 deletions gtests/ssl_gtest/ssl_extension_unittest.cc
Expand Up @@ -581,29 +581,6 @@ TEST_F(TlsExtensionTest13Stream, UnknownServerKeyShare) {
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
}

TEST_F(TlsExtensionTest13Stream, DropServerSignatureAlgorithms) {
EnsureTlsSetup();
server_->SetPacketFilter(
new TlsExtensionDropper(ssl_signature_algorithms_xtn));
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION,
client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
}

TEST_F(TlsExtensionTest13Stream, NonEmptySignatureAlgorithms) {
EnsureTlsSetup();
DataBuffer sig_algs;
size_t index = 0;
index = sig_algs.Write(index, 2, 2);
index = sig_algs.Write(index, ssl_sig_rsa_pss_sha256, 2);
server_->SetPacketFilter(
new TlsExtensionReplacer(ssl_signature_algorithms_xtn, sig_algs));
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
}

TEST_F(TlsExtensionTest13Stream, AddServerSignatureAlgorithmsOnResumption) {
SetupForResume();
DataBuffer empty;
Expand Down Expand Up @@ -642,7 +619,6 @@ class TlsPreSharedKeyReplacer : public TlsExtensionFilter {
}

return WriteVariable(output, index, tmp, size);
;
}

PacketFilter::Action FilterExtension(uint16_t extension_type,
Expand All @@ -663,15 +639,6 @@ class TlsPreSharedKeyReplacer : public TlsExtensionFilter {
}
DataBuffer buf;
size_t index = 0;
index = CopyAndMaybeReplace(&parser, 1, ke_modes_, index, &buf);
if (!index) {
return DROP;
}

index = CopyAndMaybeReplace(&parser, 1, auth_modes_, index, &buf);
if (!index) {
return DROP;
}

index = CopyAndMaybeReplace(&parser, 2, psk_, index, &buf);
if (!index) {
Expand Down Expand Up @@ -706,49 +673,29 @@ TEST_F(TlsExtensionTest13Stream, ResumeEmptyPskLabel) {

TEST_F(TlsExtensionTest13Stream, ResumeNoKeModes) {
SetupForResume();
const static uint8_t ke_modes[1] = {0};

DataBuffer empty;
client_->SetPacketFilter(
new TlsPreSharedKeyReplacer(nullptr, 0, &ke_modes[0], 0, nullptr, 0));
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}

TEST_F(TlsExtensionTest13Stream, ResumeNoAuthModes) {
SetupForResume();
const static uint8_t auth_modes[1] = {0};

DataBuffer empty;
client_->SetPacketFilter(
new TlsPreSharedKeyReplacer(nullptr, 0, nullptr, 0, &auth_modes[0], 0));
new TlsExtensionDropper(ssl_tls13_psk_key_exchange_modes_xtn));
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES);
}

// The following two tests are valid but unacceptable PreSharedKey
// modes and therefore produce non-resumption followed by MAC errors.
// The following test contains valid but unacceptable PreSharedKey
// modes and therefore produces non-resumption followed by MAC
// errors.
TEST_F(TlsExtensionTest13Stream, ResumeBogusKeModes) {
SetupForResume();
const static uint8_t ke_modes = kTls13PskKe;
const static uint8_t ke_modes[] = {
1, // Length
kTls13PskKe
};

DataBuffer empty;
client_->SetPacketFilter(
new TlsPreSharedKeyReplacer(nullptr, 0, &ke_modes, 1, nullptr, 0));
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
}

TEST_F(TlsExtensionTest13Stream, ResumeBogusAuthModes) {
SetupForResume();
const static uint8_t auth_modes = kTls13PskSignAuth;

DataBuffer empty;
DataBuffer modes(ke_modes, sizeof(ke_modes));
client_->SetPacketFilter(
new TlsPreSharedKeyReplacer(nullptr, 0, nullptr, 0, &auth_modes, 1));
new TlsExtensionReplacer(ssl_tls13_psk_key_exchange_modes_xtn,
modes));
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
Expand Down
7 changes: 7 additions & 0 deletions lib/ssl/SSLerrs.h
Expand Up @@ -499,3 +499,10 @@ ER3(SSL_ERROR_BAD_2ND_CLIENT_HELLO, (SSL_ERROR_BASE + 156),

ER3(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION, (SSL_ERROR_BASE + 157),
"SSL expected a signature algorithms extension.")

ER3(SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 158),
"SSL received a malformed PSK key exchange modes extension.")

ER3(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 159),
"SSL expected a missing PSK key exchange modes extension.")

7 changes: 5 additions & 2 deletions lib/ssl/ssl3ext.c
Expand Up @@ -37,6 +37,8 @@ static const ssl3ExtensionHandler clientHelloHandlers[] = {
{ ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
{ ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },
{ ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },
{ ssl_tls13_psk_key_exchange_modes_xtn,
&tls13_ServerHandlePskKeyExchangeModesXtn },
{ -1, NULL }
};

Expand All @@ -56,7 +58,6 @@ static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_tls13_key_share_xtn, &tls13_ClientHandleKeyShareXtn },
{ ssl_tls13_pre_shared_key_xtn, &tls13_ClientHandlePreSharedKeyXtn },
{ ssl_tls13_early_data_xtn, &tls13_ClientHandleEarlyDataXtn },
{ ssl_signature_algorithms_xtn, &tls13_ClientHandleSigAlgsXtn },
{ -1, NULL }
};

Expand Down Expand Up @@ -109,7 +110,9 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
* signature_algorithms at the end. See bug 1243641. */
{ ssl_tls13_supported_versions_xtn, &tls13_ClientSendSupportedVersionsXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn }
{ ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn },
{ ssl_tls13_psk_key_exchange_modes_xtn,
&tls13_ClientSendPskKeyExchangeModesXtn },
/* any extra entries will appear as { 0, NULL } */
};

Expand Down
4 changes: 1 addition & 3 deletions lib/ssl/ssl3ext.h
Expand Up @@ -58,9 +58,7 @@ struct TLSExtensionDataStr {
PRBool emptySessionTicket;
PRBool sentSessionTicketInClientHello;
SECItem psk_ke_modes;
SECItem psk_auth_modes;
PRUint32 ticket_age_add;
PRBool ticket_age_add_found;
PRUint32 max_early_data_size;

/* SNI Extension related data
* Names data is not coppied from the input buffer. It can not be
Expand Down
6 changes: 1 addition & 5 deletions lib/ssl/ssl3prot.h
Expand Up @@ -288,6 +288,7 @@ typedef struct {
PRUint32 ticket_lifetime_hint;
PRUint32 flags;
PRUint32 ticket_age_add;
PRUint32 max_early_data_size;
SECItem ticket;
} NewSessionTicket;

Expand All @@ -296,11 +297,6 @@ typedef enum {
tls13_psk_dh_ke = 1
} TLS13PskKEModes;

typedef enum {
tls13_psk_auth = 0,
tls13_psk_sign_auth = 1
} TLS13PskAuthModes;

typedef enum {
CLIENT_AUTH_ANONYMOUS = 0,
CLIENT_AUTH_CERTIFICATE = 1
Expand Down
2 changes: 2 additions & 0 deletions lib/ssl/sslerr.h
Expand Up @@ -242,6 +242,8 @@ typedef enum {
SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST = (SSL_ERROR_BASE + 155),
SSL_ERROR_BAD_2ND_CLIENT_HELLO = (SSL_ERROR_BASE + 156),
SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION = (SSL_ERROR_BASE + 157),
SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES = (SSL_ERROR_BASE + 158),
SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES = (SSL_ERROR_BASE + 159),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
Expand Down
3 changes: 2 additions & 1 deletion lib/ssl/sslt.h
Expand Up @@ -385,6 +385,7 @@ typedef enum {
ssl_tls13_early_data_xtn = 42,
ssl_tls13_supported_versions_xtn = 43,
ssl_tls13_cookie_xtn = 44,
ssl_tls13_psk_key_exchange_modes_xtn = 45,
ssl_tls13_ticket_early_data_info_xtn = 46,
ssl_next_proto_nego_xtn = 13172,
ssl_renegotiation_info_xtn = 0xff01
Expand All @@ -397,7 +398,7 @@ typedef enum {
* number of extensions that are supported for any single message type. That
* is, a ClientHello; ServerHello and TLS 1.3 NewSessionTicket and
* HelloRetryRequest extensions are smaller. */
#define SSL_MAX_EXTENSIONS 17
#define SSL_MAX_EXTENSIONS 18

/* Deprecated */
typedef enum {
Expand Down

0 comments on commit ffb635f

Please sign in to comment.