From fb4a09a2789629d9170734e4abf21db26759af09 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 18 Jan 2019 06:51:29 +0000 Subject: Expose some symbols in a new tls13_handshake.h for regression testing. Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing --- src/lib/libssl/tls13_handshake.c | 132 ++++++++++++--------------------------- src/lib/libssl/tls13_handshake.h | 52 +++++++++++++++ src/lib/libssl/tls13_internal.h | 8 +-- 3 files changed, 93 insertions(+), 99 deletions(-) create mode 100644 src/lib/libssl/tls13_handshake.h (limited to 'src') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index 930e6e4be2..77e59f1930 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,6 +1,7 @@ -/* $OpenBSD: tls13_handshake.c,v 1.7 2018/11/11 06:49:35 beck Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.8 2019/01/18 06:51:29 tb Exp $ */ /* - * Copyright (c) 2018 Theo Buehler + * Copyright (c) 2018-2019 Theo Buehler + * Copyright (c) 2019 Joel Sing * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,6 +18,7 @@ #include +#include "tls13_handshake.h" #include "tls13_internal.h" /* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */ @@ -28,11 +30,6 @@ /* Indexing into the state machine */ struct tls13_handshake { uint8_t hs_type; -#define INITIAL 0x00 -#define NEGOTIATED 0x01 -#define WITH_CERT_REQ 0x02 -#define WITH_HELLO_RET_REQ 0x04 -#define WITH_PSK 0x08 int message_number; }; @@ -66,27 +63,6 @@ int tls13_handshake_send_action(struct tls13_ctx *ctx, int tls13_handshake_recv_action(struct tls13_ctx *ctx, struct tls13_handshake_action *action); -enum tls13_message_type { - INVALID, - CLIENT_HELLO, - CLIENT_HELLO_RETRY, - CLIENT_END_OF_EARLY_DATA, - CLIENT_CERTIFICATE, - CLIENT_CERTIFICATE_VERIFY, - CLIENT_FINISHED, - CLIENT_KEY_UPDATE, - SERVER_HELLO, - SERVER_NEW_SESSION_TICKET, - SERVER_ENCRYPTED_EXTENSIONS, - SERVER_CERTIFICATE, - SERVER_CERTIFICATE_VERIFY, - SERVER_CERTIFICATE_REQUEST, - SERVER_FINISHED, - SERVER_KEY_UPDATE, - SERVER_MESSAGE_HASH, - APPLICATION_DATA, -}; - struct tls13_handshake_action state_machine[] = { [CLIENT_HELLO] = { .record_type = TLS13_HANDSHAKE, @@ -144,13 +120,6 @@ struct tls13_handshake_action state_machine[] = { .send = tls13_server_hello_send, .recv = tls13_server_hello_recv, }, - [SERVER_NEW_SESSION_TICKET] = { - .record_type = TLS13_HANDSHAKE, - .handshake_type = TLS13_MT_NEW_SESSION_TICKET, - .sender = TLS13_HS_SERVER, - .send = tls13_server_new_session_ticket_send, - .recv = tls13_server_new_session_ticket_recv, - }, [SERVER_ENCRYPTED_EXTENSIONS] = { .record_type = TLS13_HANDSHAKE, .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS, @@ -186,20 +155,6 @@ struct tls13_handshake_action state_machine[] = { .send = tls13_server_finished_send, .recv = tls13_server_finished_recv, }, - [SERVER_KEY_UPDATE] = { - .record_type = TLS13_HANDSHAKE, - .handshake_type = TLS13_MT_KEY_UPDATE, - .sender = TLS13_HS_SERVER, - .send = tls13_server_key_update_send, - .recv = tls13_server_key_update_recv, - }, - [SERVER_MESSAGE_HASH] = { - .record_type = TLS13_HANDSHAKE, - .handshake_type = TLS13_MT_MESSAGE_HASH, - .sender = TLS13_HS_SERVER, - .send = tls13_server_message_hash_send, - .recv = tls13_server_message_hash_recv, - }, [APPLICATION_DATA] = { .record_type = TLS13_APPLICATION_DATA, .handshake_type = 0, @@ -209,7 +164,7 @@ struct tls13_handshake_action state_machine[] = { }, }; -static enum tls13_message_type handshakes[][16] = { +static enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = { [INITIAL] = { CLIENT_HELLO, SERVER_HELLO, @@ -218,16 +173,30 @@ static enum tls13_message_type handshakes[][16] = { CLIENT_HELLO, SERVER_HELLO, SERVER_ENCRYPTED_EXTENSIONS, + SERVER_CERTIFICATE_REQUEST, SERVER_CERTIFICATE, SERVER_CERTIFICATE_VERIFY, SERVER_FINISHED, + CLIENT_CERTIFICATE, CLIENT_FINISHED, APPLICATION_DATA, }, - [NEGOTIATED | WITH_HELLO_RET_REQ] = { + [NEGOTIATED | WITH_CCV] = { + CLIENT_HELLO, + SERVER_HELLO, + SERVER_ENCRYPTED_EXTENSIONS, + SERVER_CERTIFICATE_REQUEST, + SERVER_CERTIFICATE, + SERVER_CERTIFICATE_VERIFY, + SERVER_FINISHED, + CLIENT_CERTIFICATE, + CLIENT_CERTIFICATE_VERIFY, + CLIENT_FINISHED, + APPLICATION_DATA, + }, + [NEGOTIATED | WITHOUT_CR] = { CLIENT_HELLO, SERVER_HELLO, - CLIENT_HELLO_RETRY, SERVER_ENCRYPTED_EXTENSIONS, SERVER_CERTIFICATE, SERVER_CERTIFICATE_VERIFY, @@ -235,18 +204,28 @@ static enum tls13_message_type handshakes[][16] = { CLIENT_FINISHED, APPLICATION_DATA, }, - [NEGOTIATED | WITH_CERT_REQ] = { + [NEGOTIATED | WITH_PSK] = { CLIENT_HELLO, SERVER_HELLO, SERVER_ENCRYPTED_EXTENSIONS, + SERVER_FINISHED, + CLIENT_FINISHED, + APPLICATION_DATA, + }, + [NEGOTIATED | WITH_HRR] = { + CLIENT_HELLO, + SERVER_HELLO, + CLIENT_HELLO_RETRY, + SERVER_ENCRYPTED_EXTENSIONS, SERVER_CERTIFICATE_REQUEST, SERVER_CERTIFICATE, SERVER_CERTIFICATE_VERIFY, SERVER_FINISHED, + CLIENT_CERTIFICATE, CLIENT_FINISHED, APPLICATION_DATA, }, - [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_CERT_REQ] = { + [NEGOTIATED | WITH_HRR | WITH_CCV] = { CLIENT_HELLO, SERVER_HELLO, CLIENT_HELLO_RETRY, @@ -255,18 +234,23 @@ static enum tls13_message_type handshakes[][16] = { SERVER_CERTIFICATE, SERVER_CERTIFICATE_VERIFY, SERVER_FINISHED, + CLIENT_CERTIFICATE, + CLIENT_CERTIFICATE_VERIFY, CLIENT_FINISHED, APPLICATION_DATA, }, - [NEGOTIATED | WITH_PSK] = { + [NEGOTIATED | WITH_HRR | WITHOUT_CR] = { CLIENT_HELLO, SERVER_HELLO, + CLIENT_HELLO_RETRY, SERVER_ENCRYPTED_EXTENSIONS, + SERVER_CERTIFICATE, + SERVER_CERTIFICATE_VERIFY, SERVER_FINISHED, CLIENT_FINISHED, APPLICATION_DATA, }, - [NEGOTIATED | WITH_HELLO_RET_REQ | WITH_PSK] = { + [NEGOTIATED | WITH_HRR | WITH_PSK] = { CLIENT_HELLO, SERVER_HELLO, CLIENT_HELLO_RETRY, @@ -469,18 +453,6 @@ tls13_server_hello_send(struct tls13_ctx *ctx) return 1; } -int -tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx) -{ - return 1; -} - -int -tls13_server_new_session_ticket_send(struct tls13_ctx *ctx) -{ - return 1; -} - int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx) { @@ -540,27 +512,3 @@ tls13_server_finished_send(struct tls13_ctx *ctx) { return 1; } - -int -tls13_server_key_update_recv(struct tls13_ctx *ctx) -{ - return 1; -} - -int -tls13_server_key_update_send(struct tls13_ctx *ctx) -{ - return 1; -} - -int -tls13_server_message_hash_recv(struct tls13_ctx *ctx) -{ - return 1; -} - -int -tls13_server_message_hash_send(struct tls13_ctx *ctx) -{ - return 1; -} diff --git a/src/lib/libssl/tls13_handshake.h b/src/lib/libssl/tls13_handshake.h new file mode 100644 index 0000000000..8b21bca3dd --- /dev/null +++ b/src/lib/libssl/tls13_handshake.h @@ -0,0 +1,52 @@ +/* $OpenBSD: tls13_handshake.h,v 1.1 2019/01/18 06:51:29 tb Exp $ */ +/* + * Copyright (c) 2019 Theo Buehler + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS13_HANDSHAKE_H + +__BEGIN_HIDDEN_DECLS + +#define INITIAL 0x00 +#define NEGOTIATED 0x01 +#define WITH_HRR 0x02 +#define WITHOUT_CR 0x04 +#define WITH_PSK 0x08 +#define WITH_CCV 0x10 +#define WITH_0RTT 0x20 + +enum tls13_message_type { + INVALID, + CLIENT_HELLO, + SERVER_HELLO, + CLIENT_HELLO_RETRY, + SERVER_ENCRYPTED_EXTENSIONS, + SERVER_CERTIFICATE_REQUEST, + SERVER_CERTIFICATE, + SERVER_CERTIFICATE_VERIFY, + SERVER_FINISHED, + CLIENT_END_OF_EARLY_DATA, + CLIENT_CERTIFICATE, + CLIENT_CERTIFICATE_VERIFY, + CLIENT_FINISHED, + CLIENT_KEY_UPDATE, + SERVER_NEW_SESSION_TICKET, + APPLICATION_DATA, + TLS13_NUM_MESSAGE_TYPES, +}; + +__END_HIDDEN_DECLS + +#endif diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 872aced77c..e672df37e3 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.6 2019/01/17 06:32:12 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.7 2019/01/18 06:51:29 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -135,8 +135,6 @@ int tls13_client_key_update_send(struct tls13_ctx *ctx); int tls13_client_key_update_recv(struct tls13_ctx *ctx); int tls13_server_hello_recv(struct tls13_ctx *ctx); int tls13_server_hello_send(struct tls13_ctx *ctx); -int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx); -int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx); int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx); int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx); int tls13_server_certificate_recv(struct tls13_ctx *ctx); @@ -147,10 +145,6 @@ int tls13_server_certificate_verify_send(struct tls13_ctx *ctx); int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx); int tls13_server_finished_recv(struct tls13_ctx *ctx); int tls13_server_finished_send(struct tls13_ctx *ctx); -int tls13_server_key_update_recv(struct tls13_ctx *ctx); -int tls13_server_key_update_send(struct tls13_ctx *ctx); -int tls13_server_message_hash_recv(struct tls13_ctx *ctx); -int tls13_server_message_hash_send(struct tls13_ctx *ctx); __END_HIDDEN_DECLS -- cgit v1.2.3-55-g6feb