summaryrefslogtreecommitdiff
path: root/lib/tls13/anti_replay.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/tls13/anti_replay.c')
-rw-r--r--lib/tls13/anti_replay.c221
1 files changed, 221 insertions, 0 deletions
diff --git a/lib/tls13/anti_replay.c b/lib/tls13/anti_replay.c
new file mode 100644
index 0000000000..5ae9926afd
--- /dev/null
+++ b/lib/tls13/anti_replay.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright (C) 2018 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include "db.h"
+#include "system.h"
+#include "tls13/anti_replay.h"
+
+/* The default time window in milliseconds; RFC8446 suggests the order
+ * of ten seconds is sufficient for the clients on the Internet. */
+#define DEFAULT_WINDOW_MS 10000
+
+struct gnutls_anti_replay_st {
+ uint32_t window;
+ struct timespec start_time;
+};
+
+/**
+ * gnutls_anti_replay_init:
+ * @anti_replay: is a pointer to #gnutls_anti_replay_t type
+ *
+ * This function will allocate and initialize the @anti_replay context
+ * to be usable for detect replay attacks. The context can then be
+ * attached to a @gnutls_session_t with
+ * gnutls_anti_replay_enable().
+ *
+ * Returns: Zero or a negative error code on error.
+ *
+ * Since: 3.6.5
+ **/
+int
+gnutls_anti_replay_init(gnutls_anti_replay_t *anti_replay)
+{
+ *anti_replay = gnutls_calloc(1, sizeof(struct gnutls_anti_replay_st));
+ if (!*anti_replay)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ (*anti_replay)->window = DEFAULT_WINDOW_MS;
+
+ gnutls_gettime(&(*anti_replay)->start_time);
+
+ return 0;
+}
+
+/**
+ * gnutls_anti_replay_set_window:
+ * @anti_replay: is a #gnutls_anti_replay_t type.
+ * @window: is the time window recording ClientHello, in milliseconds
+ *
+ * Sets the time window used for ClientHello recording. In order to
+ * protect against replay attacks, the server records ClientHello
+ * messages within this time period from the last update, and
+ * considers it a replay when a ClientHello outside of the period; if
+ * a ClientHello arrives within this period, the server checks the
+ * database and detects duplicates.
+ *
+ * For the details of the algorithm, see RFC 8446, section 8.2.
+ *
+ * Since: 3.6.5
+ */
+void
+gnutls_anti_replay_set_window(gnutls_anti_replay_t anti_replay,
+ unsigned int window)
+{
+ anti_replay->window = window;
+}
+
+/**
+ * gnutls_anti_replay_deinit:
+ * @anti_replay: is a #gnutls_anti_replay type
+ *
+ * This function will deinitialize all resources occupied by the given
+ * anti-replay context.
+ *
+ * Since: 3.6.5
+ **/
+void
+gnutls_anti_replay_deinit(gnutls_anti_replay_t anti_replay)
+{
+ gnutls_free(anti_replay);
+}
+
+/**
+ * gnutls_anti_replay_enable:
+ * @session: is a #gnutls_session_t type.
+ * @anti_replay: is a #gnutls_anti_replay_t type.
+ *
+ * Request that the server should use anti-replay mechanism.
+ *
+ * Since: 3.6.5
+ **/
+void
+gnutls_anti_replay_enable(gnutls_session_t session,
+ gnutls_anti_replay_t anti_replay)
+{
+ if (unlikely(session->security_parameters.entity != GNUTLS_SERVER)) {
+ gnutls_assert();
+ return;
+ }
+
+ session->internals.anti_replay = anti_replay;
+}
+
+int
+_gnutls_anti_replay_check(gnutls_session_t session,
+ uint32_t client_ticket_age,
+ struct timespec *ticket_creation_time,
+ gnutls_datum_t *id)
+{
+ gnutls_anti_replay_t anti_replay = session->internals.anti_replay;
+ struct timespec now;
+ uint32_t server_ticket_age, diff;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t entry = { NULL, 0 };
+ unsigned char key_buffer[MAX_HASH_SIZE + 12];
+ unsigned char entry_buffer[12]; /* magic + timestamp + expire_time */
+ unsigned char *p;
+ int ret;
+
+ if (unlikely(id->size > MAX_HASH_SIZE))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ gnutls_gettime(&now);
+ server_ticket_age = timespec_sub_ms(&now, ticket_creation_time);
+
+ /* It shouldn't be possible that the server's view of ticket
+ * age is smaller than the client's view.
+ */
+ if (unlikely(server_ticket_age < client_ticket_age))
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
+ /* If ticket is created before recording has started, discard
+ * reject early data.
+ */
+ if (_gnutls_timespec_cmp(ticket_creation_time,
+ &anti_replay->start_time) < 0) {
+ _gnutls_handshake_log("anti_replay: ticket is created before recording has started\n");
+ return gnutls_assert_val(GNUTLS_E_EARLY_DATA_REJECTED);
+ }
+
+ /* If certain amount of time (window) has elapsed, rollover
+ * the recording.
+ */
+ diff = timespec_sub_ms(&now, &anti_replay->start_time);
+ if (diff > anti_replay->window)
+ gnutls_gettime(&anti_replay->start_time);
+
+ /* If expected_arrival_time is out of window, reject early
+ * data.
+ */
+ if (server_ticket_age - client_ticket_age > anti_replay->window) {
+ _gnutls_handshake_log("anti_replay: server ticket age: %u, client ticket age: %u\n",
+ server_ticket_age,
+ client_ticket_age);
+ return gnutls_assert_val(GNUTLS_E_EARLY_DATA_REJECTED);
+ }
+
+ /* Check if the ClientHello is stored in the database.
+ */
+ if (!session->internals.db_add_func)
+ return gnutls_assert_val(GNUTLS_E_EARLY_DATA_REJECTED);
+
+ /* Create a key for database lookup, prefixing window start
+ * time to ID. Note that this shouldn't clash with session ID
+ * used in TLS 1.2, because such IDs are 32 octets, while here
+ * the key becomes 44+ octets.
+ */
+ p = key_buffer;
+ _gnutls_write_uint32((uint64_t) anti_replay->start_time.tv_sec >> 32, p);
+ p += 4;
+ _gnutls_write_uint32(anti_replay->start_time.tv_sec & 0xFFFFFFFF, p);
+ p += 4;
+ _gnutls_write_uint32(anti_replay->start_time.tv_nsec, p);
+ p += 4;
+ memcpy(p, id->data, id->size);
+ p += id->size;
+ key.data = key_buffer;
+ key.size = p - key_buffer;
+
+ /* Create an entry to be stored on database if the lookup
+ * failed. This is formatted so that
+ * gnutls_db_entry_is_expired() work.
+ */
+ p = entry_buffer;
+ _gnutls_write_uint32(PACKED_SESSION_MAGIC, p);
+ p += 4;
+ _gnutls_write_uint32(now.tv_sec, p);
+ p += 4;
+ _gnutls_write_uint32(anti_replay->window / 1000, p);
+ p += 4;
+ entry.data = entry_buffer;
+ entry.size = p - entry_buffer;
+
+ ret = session->internals.db_add_func(session->internals.db_ptr,
+ key, entry);
+ if (ret < 0) {
+ _gnutls_handshake_log("anti_replay: duplicate ClientHello found\n");
+ return gnutls_assert_val(GNUTLS_E_EARLY_DATA_REJECTED);
+ }
+
+ return 0;
+}
View Lorry Controller Status