From 07c641605e14bd715b5a6d98fd4dc873f8e971d7 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Mon, 14 Mar 2022 12:34:51 -0400 Subject: [PATCH] Rename mbedtls_ssl_transform minor_ver to tls_version Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss --- library/ssl_misc.h | 4 ++-- library/ssl_msg.c | 28 +++++++++++++++------------- library/ssl_tls.c | 18 ++++++++++-------- library/ssl_tls13_keys.c | 2 +- tests/suites/test_suite_ssl.function | 17 ++++++++++------- 5 files changed, 38 insertions(+), 31 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 254627f5c..af3aa5d8b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -947,7 +947,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * and indicates the length of the static part of the IV which is * constant throughout the communication, and which is stored in * the first fixed_ivlen bytes of the iv_{enc/dec} arrays. - * - minor_ver denotes the SSL/TLS version + * - tls_version denotes the 2-byte TLS version * - For stream/CBC transformations, maclen denotes the length of the * authentication tag, while taglen is unused and 0. * - For AEAD transformations, taglen denotes the length of the @@ -988,7 +988,7 @@ struct mbedtls_ssl_transform #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - int minor_ver; + mbedtls_ssl_protocol_version tls_version; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4eac24bde..8053e7613 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -382,7 +382,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content, static void ssl_extract_add_data_from_record( unsigned char* add_data, size_t *add_data_len, mbedtls_record *rec, - unsigned minor_ver, + mbedtls_ssl_protocol_version + tls_version, size_t taglen ) { /* Quoting RFC 5246 (TLS 1.2): @@ -421,7 +422,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, size_t ad_len_field = rec->data_len; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { /* In TLS 1.3, the AAD contains the length of the TLSCiphertext, * which differs from the length of the TLSInnerPlaintext @@ -431,7 +432,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, else #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ { - ((void) minor_ver); + ((void) tls_version); ((void) taglen); memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); cur += sizeof( rec->ctr ); @@ -596,7 +597,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * is hence no risk of double-addition of the inner plaintext. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { size_t padding = ssl_compute_padding_length( rec->data_len, @@ -680,7 +681,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver, + transform->tls_version, transform->taglen ); #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -817,7 +818,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * This depends on the TLS version. */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver, + transform->tls_version, transform->taglen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", @@ -1050,7 +1051,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } ssl_extract_add_data_from_record( add_data, &add_data_len, - rec, transform->minor_ver, + rec, transform->tls_version, transform->taglen ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); @@ -1270,7 +1271,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * This depends on the TLS version. */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver, + transform->tls_version, transform->taglen ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); @@ -1412,7 +1413,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Further, we still know that data_len > minlen */ rec->data_len -= transform->maclen; ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver, + transform->tls_version, transform->taglen ); /* Calculate expected MAC. */ @@ -1697,7 +1698,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, */ rec->data_len -= transform->maclen; ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver, + transform->tls_version, transform->taglen ); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -1775,7 +1776,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { /* Remove inner padding and infer true content type. */ ret = ssl_parse_inner_plaintext( data, &rec->data_len, @@ -3692,7 +3693,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( ssl->transform_in != NULL && - ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) done = 1; @@ -4967,7 +4968,8 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) static size_t ssl_transform_get_explicit_iv_len( mbedtls_ssl_transform const *transform ) { - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + /* XXX: obsolete test? (earlier vers no longer supported?) */ + if( transform->tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ) return( 0 ); return( transform->ivlen - transform->fixed_ivlen ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 63442eb6a..1fdc1f381 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -390,7 +390,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], - int minor_ver, + mbedtls_ssl_protocol_version tls_version, unsigned endpoint, const mbedtls_ssl_context *ssl ); @@ -3660,7 +3660,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ - MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ + MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */ ssl->conf->endpoint, ssl ); if( ret != 0 ) @@ -5253,7 +5253,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl->handshake->tls_prf, ssl->handshake->randbytes, - ssl->minor_ver, + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 + ? MBEDTLS_SSL_VERSION_TLS1_3 + : MBEDTLS_SSL_VERSION_TLS1_2, ssl->conf->endpoint, ssl ); if( ret != 0 ) @@ -6826,7 +6828,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) * - [in] compression * - [in] tls_prf: pointer to PRF to use for key derivation * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random - * - [in] minor_ver: SSL/TLS minor version + * - [in] tls_version: TLS version * - [in] endpoint: client or server * - [in] ssl: used for: * - ssl->conf->{f,p}_export_keys @@ -6843,7 +6845,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], - int minor_ver, + mbedtls_ssl_protocol_version tls_version, unsigned endpoint, const mbedtls_ssl_context *ssl ) { @@ -6887,14 +6889,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) transform->encrypt_then_mac = encrypt_then_mac; #endif - transform->minor_ver = minor_ver; + transform->tls_version = tls_version; #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform * generation separate. This should never happen. */ @@ -7064,7 +7066,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, - transform->maclen % cipher_info->block_size; } - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) { transform->minlen += transform->ivlen; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d7deaba8d..6559bc91c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1106,7 +1106,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, transform->ivlen = traffic_keys->iv_len; transform->maclen = 0; transform->fixed_ivlen = transform->ivlen; - transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4; + transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; /* We add the true record content type (1 Byte) to the plaintext and * then pad to the configured granularity. The mimimum length of the diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 692efbe42..0ba501d89 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1261,7 +1261,8 @@ static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform, static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, int cipher_type, int hash_id, - int etm, int tag_mode, int ver, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, size_t cid0_len, size_t cid1_len ) { @@ -1438,8 +1439,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, ((void) etm); #endif - t_out->minor_ver = ver; - t_in->minor_ver = ver; + t_out->tls_version = tls_version; + t_in->tls_version = tls_version; t_out->ivlen = ivlen; t_in->ivlen = ivlen; @@ -1448,7 +1449,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { t_out->fixed_ivlen = 12; t_in->fixed_ivlen = 12; @@ -3425,6 +3426,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, USE_PSA_INIT( ); + ver |= 0x0300; /*(or substitute in tests)*/ mbedtls_ssl_init( &ssl ); mbedtls_ssl_transform_init( &t0 ); mbedtls_ssl_transform_init( &t1 ); @@ -3504,7 +3506,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { /* TLS 1.3 hides the real content type and * always uses Application Data as the content type @@ -3586,6 +3588,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, USE_PSA_INIT( ); + ver |= 0x0300; /*(or substitute in tests)*/ mbedtls_ssl_init( &ssl ); mbedtls_ssl_transform_init( &t0 ); mbedtls_ssl_transform_init( &t1 ); @@ -3673,7 +3676,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + if( t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { /* TLS 1.3 hides the real content type and * always uses Application Data as the content type @@ -3758,7 +3761,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* Set up transforms with dummy keys */ ret = build_transforms( &t0, &t1, cipher_type, hash_id, 0, trunc_hmac, - MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_VERSION_TLS1_2, 0 , 0 ); TEST_ASSERT( ret == 0 );