diff options
author | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2023-01-10 15:06:18 +0100 |
---|---|---|
committer | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2023-02-20 16:32:13 +0100 |
commit | bac6e555630763e631f9cd45528f46a23fe4377e (patch) | |
tree | 9a0d0cf376ab66cf7212d2554aa9327b916158e8 | |
parent | caf3be8fdb3fe115406b5523633bf6ffdc8bb615 (diff) | |
download | gnutls-bac6e555630763e631f9cd45528f46a23fe4377e.tar.gz |
DTLS1_3: Deserialize Header (AE)AD
DTLS1.3 uses unified_header without necrypted sequence as a AD for AEAD
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
-rw-r--r-- | lib/cipher.c | 34 | ||||
-rw-r--r-- | lib/cipher.h | 2 | ||||
-rw-r--r-- | lib/dtls-sw.c | 10 | ||||
-rw-r--r-- | lib/dtls.h | 3 |
4 files changed, 36 insertions, 13 deletions
diff --git a/lib/cipher.c b/lib/cipher.c index eb032dd37f..9f06c7ccf9 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -64,7 +64,7 @@ decrypt_packet_tls13(gnutls_session_t session, gnutls_datum_t * ciphertext, gnutls_datum_t * plain, content_type_t *type, record_parameters_st * params, - uint64_t sequence); + uint64_t sequence, uint8_t dtls13_header); static int encrypt_packet_tls13(gnutls_session_t session, @@ -156,7 +156,7 @@ _gnutls_decrypt(gnutls_session_t session, gnutls_datum_t *output, content_type_t *type, record_parameters_st *params, - uint64_t sequence) + uint64_t sequence, uint8_t dtls13_header) { int ret; const version_entry_st *vers = get_version(session); @@ -168,7 +168,7 @@ _gnutls_decrypt(gnutls_session_t session, ret = decrypt_packet_tls13(session, ciphertext, output, type, params, - sequence); + sequence, dtls13_header); else ret = decrypt_packet(session, ciphertext, @@ -825,7 +825,7 @@ decrypt_packet_tls13(gnutls_session_t session, gnutls_datum_t *ciphertext, gnutls_datum_t *plain, content_type_t *type, record_parameters_st *params, - uint64_t sequence) + uint64_t sequence, uint8_t dtls13_header) { uint8_t nonce[MAX_CIPHER_IV_SIZE]; size_t length, length_to_decrypt; @@ -836,6 +836,7 @@ decrypt_packet_tls13(gnutls_session_t session, unsigned j; volatile unsigned length_set; uint8_t aad[5]; + ssize_t aad_size; if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -880,15 +881,32 @@ decrypt_packet_tls13(gnutls_session_t session, gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); } - aad[0] = GNUTLS_APPLICATION_DATA; if (session->internals.transport == GNUTLS_STREAM) { + aad[0] = GNUTLS_APPLICATION_DATA; aad[1] = 0x03; aad[2] = 0x03; + _gnutls_write_uint16(ciphertext->size, &aad[3]); + aad_size = 5; } else { - aad[1] = 0xfe; - aad[2] = 0xfc; + /* Deserialize the DTLS1.3 Header */ + aad[0] = dtls13_header; + aad_size = 1; + + // Connection Id will be resolved here + + if (dtls13_header & 0x08) { + _gnutls_write_uint16(sequence, &aad[aad_size]); + aad_size += 2; + } else { + aad[aad_size] = sequence; + aad_size++; + } + + if(dtls13_header & 0x04) { + _gnutls_write_uint16(length_to_decrypt, &aad[aad_size]); + aad_size += 2; + } } - _gnutls_write_uint16(ciphertext->size, &aad[3]); ret = gnutls_aead_cipher_decrypt(¶ms->read.ctx.aead, nonce, iv_size, diff --git a/lib/cipher.h b/lib/cipher.h index 43cdde22f4..c5e195280d 100644 --- a/lib/cipher.h +++ b/lib/cipher.h @@ -32,7 +32,7 @@ int _gnutls_encrypt(gnutls_session_t session, int _gnutls_decrypt(gnutls_session_t session, gnutls_datum_t * ciphertext, gnutls_datum_t * output, content_type_t *type, record_parameters_st * params, - uint64_t sequence); + uint64_t sequence, uint8_t dtls13_header); #define MAX_PREAMBLE_SIZE 16 diff --git a/lib/dtls-sw.c b/lib/dtls-sw.c index 2511fb34a2..366b52ea88 100644 --- a/lib/dtls-sw.c +++ b/lib/dtls-sw.c @@ -49,12 +49,16 @@ void _dtls_reset_window(struct record_parameters_st *rp) * packet is detected it returns a negative value (but no sensible error code). * Otherwise zero. */ -int _dtls_record_check(struct record_parameters_st *rp, uint64_t seq_num) +int _dtls_record_check(struct record_parameters_st *rp, uint64_t seq_num, + uint16_t epoch, const version_entry_st *ver) { - if ((seq_num >> DTLS_EPOCH_SHIFT) != rp->epoch) { - return gnutls_assert_val(-1); + if (!ver->tls13_sem) { + epoch = seq_num >> DTLS_EPOCH_SHIFT; } + if (epoch != rp->epoch) + return gnutls_assert_val(-1); + seq_num &= DTLS_SEQ_NUM_MASK; /* diff --git a/lib/dtls.h b/lib/dtls.h index 7d9fb40094..dde7d5abe5 100644 --- a/lib/dtls.h +++ b/lib/dtls.h @@ -30,7 +30,8 @@ #include <constate.h> int _dtls_transmit(gnutls_session_t session); -int _dtls_record_check(struct record_parameters_st *rp, uint64_t seq_num); +int _dtls_record_check(struct record_parameters_st *rp, uint64_t seq_num, + uint16_t epoch, const version_entry_st *ver); void _dtls_reset_hsk_state(gnutls_session_t session); void _dtls_reset_window(struct record_parameters_st *rp); |