diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-08 13:57:05 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-09 17:02:23 +0100 |
| commit | 70db923871d9cdf17a458790e98708828f1e5b1c (patch) | |
| tree | 92ae2b4091231ae3c6dc0d0bd848639cd47e1a6a /lib/tls13 | |
| parent | 28e65c00ae7092c67f1fe0a86b87cd55a1d9a630 (diff) | |
| download | gnutls-70db923871d9cdf17a458790e98708828f1e5b1c.tar.gz | |
Hello retry request matches server hello
That also distinguishes between them by using the special random value,
and implements the version check as in draft-ietf-tls-tls13-24.
Resolves #391 #390 #392
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/tls13')
| -rw-r--r-- | lib/tls13/hello_retry.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c index 59f965cd57..51f545ec00 100644 --- a/lib/tls13/hello_retry.c +++ b/lib/tls13/hello_retry.c @@ -34,6 +34,7 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again) mbuffer_st *bufel = NULL; gnutls_buffer_st buf; const version_entry_st *ver; + const uint8_t vbuf[2] = {0x03, 0x03}; if (again == 0) { ver = get_version(session); @@ -44,11 +45,21 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again) if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_buffer_append_data(&buf, &ver->major, 1); + ret = _gnutls_buffer_append_data(&buf, vbuf, 2); if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_buffer_append_data(&buf, &ver->minor, 1); + ret = _gnutls_buffer_append_data(&buf, + HRR_RANDOM, + GNUTLS_RANDOM_SIZE); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data_prefix(&buf, 8, + session->security_parameters.session_id, + session->security_parameters.session_id_size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -60,6 +71,13 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again) goto cleanup; } + /* compression */ + ret = _gnutls_buffer_append_prefix(&buf, 8, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + ret = _gnutls_gen_hello_extensions(session, &buf, GNUTLS_EXT_FLAG_HRR, GNUTLS_EXT_ANY); @@ -85,11 +103,12 @@ int _gnutls13_recv_hello_retry_request(gnutls_session_t session, gnutls_buffer_st *buf) { - const version_entry_st *vers; int ret; uint8_t tmp[2]; const gnutls_cipher_suite_entry_st *cs; const mac_entry_st *prf; + gnutls_datum_t session_id; + uint8_t random[GNUTLS_RANDOM_SIZE]; /* only under TLS 1.3 */ if (IS_DTLS(session)) @@ -100,20 +119,27 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session, session->internals.hsk_flags |= HSK_HRR_RECEIVED; + /* version */ ret = _gnutls_buffer_pop_data(buf, tmp, 2); if (ret < 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - vers = nversion_to_entry(tmp[0], tmp[1]); - if (unlikely(vers == NULL)) + if (unlikely(tmp[0] != 0x03 || tmp[1] != 0x03)) return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); - if (_gnutls_version_is_supported(session, vers->id) == 0) - return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + ret = _gnutls_buffer_pop_data(buf, random, GNUTLS_RANDOM_SIZE); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - if (_gnutls_set_current_version(session, vers->id) < 0) - return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + if (memcmp(random, HRR_RANDOM, GNUTLS_RANDOM_SIZE) != 0) { + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + } + ret = _gnutls_buffer_pop_datum_prefix8(buf, &session_id); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + /* read ciphersuites */ ret = _gnutls_buffer_pop_data(buf, tmp, 2); if (ret < 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); @@ -123,13 +149,20 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE); _gnutls_handshake_log("EXT[%p]: Hello Retry Request with %s\n", session, cs->name); - memcpy(session->internals.hrr_cs, cs->id, 2); prf = mac_to_entry(cs->prf); if (unlikely(prf == NULL)) return gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_SUITE); + /* compression */ + ret = _gnutls_buffer_pop_data(buf, tmp, 1); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + if (unlikely(tmp[0] != 0)) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + ret = _gnutls13_handshake_hash_buffers_synth(session, prf, 1); if (ret < 0) return gnutls_assert_val(ret); @@ -139,6 +172,15 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH); } + /* figure version first */ + ret = + _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR, + GNUTLS_EXT_VERSION_NEG, + buf->data, buf->length); + if (ret < 0) + return gnutls_assert_val(ret); + + /* parse the rest of extensions */ ret = _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_HRR, GNUTLS_EXT_ANY, buf->data, buf->length); if (ret < 0) |