mirror of https://github.com/wolfSSL/wolfssl.git
Merge pull request #638 from ejohnstown/dtls-window-update
DTLS Sequence Window Tracking Updatepull/644/head
JacobBarthelmeh
GitHub
commit
a540169b72
162
src/internal.c
162
src/internal.c
|
|
@ -355,20 +355,6 @@ static INLINE void c32toa(word32 u32, byte* c)
|
||||||
c[3] = u32 & 0xff;
|
c[3] = u32 & 0xff;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(WOLFSSL_SESSION_EXPORT)
|
|
||||||
/* convert 64 bit integer to opaque */
|
|
||||||
static INLINE void c64toa(word64 u64, byte* c)
|
|
||||||
{
|
|
||||||
c[0] = (u64 >> 56) & 0xff;
|
|
||||||
c[1] = (u64 >> 48) & 0xff;
|
|
||||||
c[2] = (u64 >> 40) & 0xff;
|
|
||||||
c[3] = (u64 >> 32) & 0xff;
|
|
||||||
c[4] = (u64 >> 24) & 0xff;
|
|
||||||
c[5] = (u64 >> 16) & 0xff;
|
|
||||||
c[6] = (u64 >> 8) & 0xff;
|
|
||||||
c[7] = u64 & 0xff;
|
|
||||||
}
|
|
||||||
#endif /* WOLFSSL_SESSION_EXPORT */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -395,21 +381,6 @@ static INLINE void ato32(const byte* c, word32* u32)
|
||||||
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
|
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(WOLFSSL_SESSION_EXPORT)
|
|
||||||
/* convert opaque to word64 type */
|
|
||||||
static INLINE void ato64(const byte* c, word64* u64)
|
|
||||||
{
|
|
||||||
/* when doing cast to allow for shift, mask the values */
|
|
||||||
*u64 = (((word64)c[0] << 56) & 0xff00000000000000) |
|
|
||||||
(((word64)c[1] << 48) & 0x00ff000000000000) |
|
|
||||||
(((word64)c[2] << 40) & 0x0000ff0000000000) |
|
|
||||||
(((word64)c[3] << 32) & 0x000000ff00000000) |
|
|
||||||
(((word64)c[4] << 24) & 0x00000000ff000000) |
|
|
||||||
(((word64)c[5] << 16) & 0x0000000000ff0000) |
|
|
||||||
(((word64)c[6] << 8) & 0x000000000000ff00) |
|
|
||||||
((word64)c[7] & 0x00000000000000ff);
|
|
||||||
}
|
|
||||||
#endif /* WOLFSSL_SESSION_EXPORT */
|
|
||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -596,15 +567,20 @@ static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
|
||||||
exp[idx++] = keys->encryptionOn;
|
exp[idx++] = keys->encryptionOn;
|
||||||
exp[idx++] = keys->decryptedCur;
|
exp[idx++] = keys->decryptedCur;
|
||||||
|
|
||||||
#ifdef WORD64_AVAILABLE
|
{
|
||||||
c64toa(keys->window, exp + idx); idx += OPAQUE64_LEN;
|
word32 i;
|
||||||
c64toa(keys->prevWindow, exp + idx); idx += OPAQUE64_LEN;
|
|
||||||
#else
|
c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
|
||||||
c32toa(keys->window, exp + idx); idx += OPAQUE32_LEN;
|
for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
|
||||||
c32toa(0, exp + idx); idx += OPAQUE32_LEN;
|
c32toa(keys->window[i], exp + idx);
|
||||||
c32toa(keys->prevWindow, exp + idx); idx += OPAQUE32_LEN;
|
idx += OPAQUE32_LEN;
|
||||||
c32toa(0, exp + idx); idx += OPAQUE32_LEN;
|
}
|
||||||
#endif
|
c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
|
||||||
|
for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
|
||||||
|
c32toa(keys->prevWindow[i], exp + idx);
|
||||||
|
idx += OPAQUE32_LEN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef HAVE_TRUNCATED_HMAC
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
|
sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
|
||||||
|
|
@ -729,15 +705,42 @@ static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
|
||||||
keys->encryptionOn = exp[idx++];
|
keys->encryptionOn = exp[idx++];
|
||||||
keys->decryptedCur = exp[idx++];
|
keys->decryptedCur = exp[idx++];
|
||||||
|
|
||||||
#ifdef WORD64_AVAILABLE
|
{
|
||||||
ato64(exp + idx, &keys->window); idx += OPAQUE64_LEN;
|
word16 i, wordCount, wordAdj = 0;
|
||||||
ato64(exp + idx, &keys->prevWindow); idx += OPAQUE64_LEN;
|
|
||||||
#else
|
/* do window */
|
||||||
ato32(exp + idx, &keys->window); idx += OPAQUE32_LEN;
|
ato16(exp + idx, &wordCount);
|
||||||
ato32(exp + idx, 0); idx += OPAQUE32_LEN;
|
idx += OPAQUE16_LEN;
|
||||||
ato32(exp + idx, &keys->prevWindow); idx += OPAQUE32_LEN;
|
|
||||||
ato32(exp + idx, 0); idx += OPAQUE32_LEN;
|
if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
|
||||||
#endif
|
wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
|
||||||
|
wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
|
||||||
|
}
|
||||||
|
|
||||||
|
XMEMSET(keys->window, 0xFF, DTLS_SEQ_SZ);
|
||||||
|
for (i = 0; i < wordCount; i++) {
|
||||||
|
ato32(exp + idx, &keys->window[i]);
|
||||||
|
idx += OPAQUE32_LEN;
|
||||||
|
}
|
||||||
|
idx += wordAdj;
|
||||||
|
|
||||||
|
/* do prevWindow */
|
||||||
|
ato16(exp + idx, &wordCount);
|
||||||
|
idx += OPAQUE16_LEN;
|
||||||
|
|
||||||
|
if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
|
||||||
|
wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
|
||||||
|
wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
|
||||||
|
}
|
||||||
|
|
||||||
|
XMEMSET(keys->prevWindow, 0xFF, DTLS_SEQ_SZ);
|
||||||
|
for (i = 0; i < wordCount; i++) {
|
||||||
|
ato32(exp + idx, &keys->prevWindow[i]);
|
||||||
|
idx += OPAQUE32_LEN;
|
||||||
|
}
|
||||||
|
idx += wordAdj;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef HAVE_TRUNCATED_HMAC
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
ssl->truncated_hmac = exp[idx++];
|
ssl->truncated_hmac = exp[idx++];
|
||||||
|
|
@ -7831,7 +7834,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||||
|
|
||||||
static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
|
static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
DtlsSeq window;
|
word32* window;
|
||||||
word16 cur_hi, next_hi;
|
word16 cur_hi, next_hi;
|
||||||
word32 cur_lo, next_lo, diff;
|
word32 cur_lo, next_lo, diff;
|
||||||
int curLT;
|
int curLT;
|
||||||
|
|
@ -7869,23 +7872,28 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check to see that the next value is greater than the number of messages
|
/* Check to see that the next value is greater than the number of messages
|
||||||
* trackable in the window (32 or 64), and that the difference between the
|
* trackable in the window, and that the difference between the next
|
||||||
* next expected sequence number and the received sequence number is
|
* expected sequence number and the received sequence number is inside the
|
||||||
* inside the window. */
|
* window. */
|
||||||
if ((next_hi || next_lo > DTLS_SEQ_BITS) &&
|
if ((next_hi || next_lo > DTLS_SEQ_BITS) &&
|
||||||
curLT && (diff > DTLS_SEQ_BITS)) {
|
curLT && (diff > DTLS_SEQ_BITS)) {
|
||||||
|
|
||||||
WOLFSSL_MSG("Current record sequence number from the past.");
|
WOLFSSL_MSG("Current record sequence number from the past.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
else if (curLT && (window & ((DtlsSeq)1 << (diff - 1)))) {
|
|
||||||
WOLFSSL_MSG("Current record sequence number already received.");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
else if (!curLT && (diff > DTLS_SEQ_BITS)) {
|
else if (!curLT && (diff > DTLS_SEQ_BITS)) {
|
||||||
WOLFSSL_MSG("Rejecting message too far into the future.");
|
WOLFSSL_MSG("Rejecting message too far into the future.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
else if (curLT) {
|
||||||
|
word32 idx = diff / DTLS_WORD_BITS;
|
||||||
|
word32 newDiff = diff % DTLS_WORD_BITS;
|
||||||
|
|
||||||
|
if (window[idx] & (1 << (newDiff - 1))) {
|
||||||
|
WOLFSSL_MSG("Current record sequence number already received.");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
@ -7893,7 +7901,7 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
|
||||||
|
|
||||||
static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
|
static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
DtlsSeq* window;
|
word32* window;
|
||||||
word32* next_lo;
|
word32* next_lo;
|
||||||
word16* next_hi;
|
word16* next_hi;
|
||||||
int curLT;
|
int curLT;
|
||||||
|
|
@ -7903,12 +7911,12 @@ static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
|
||||||
if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
|
if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
|
||||||
next_hi = &ssl->keys.nextSeq_hi;
|
next_hi = &ssl->keys.nextSeq_hi;
|
||||||
next_lo = &ssl->keys.nextSeq_lo;
|
next_lo = &ssl->keys.nextSeq_lo;
|
||||||
window = &ssl->keys.window;
|
window = ssl->keys.window;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
next_hi = &ssl->keys.prevSeq_hi;
|
next_hi = &ssl->keys.prevSeq_hi;
|
||||||
next_lo = &ssl->keys.prevSeq_lo;
|
next_lo = &ssl->keys.prevSeq_lo;
|
||||||
window = &ssl->keys.prevWindow;
|
window = ssl->keys.prevWindow;
|
||||||
}
|
}
|
||||||
|
|
||||||
cur_hi = ssl->keys.curSeq_hi;
|
cur_hi = ssl->keys.curSeq_hi;
|
||||||
|
|
@ -7924,14 +7932,37 @@ static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (curLT) {
|
if (curLT) {
|
||||||
*window |= ((DtlsSeq)1 << (diff - 1));
|
word32 idx = diff / DTLS_WORD_BITS;
|
||||||
|
word32 newDiff = diff % DTLS_WORD_BITS;
|
||||||
|
|
||||||
|
if (idx < WOLFSSL_DTLS_WINDOW_WORDS)
|
||||||
|
window[idx] |= (1 << (newDiff - 1));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (diff >= DTLS_SEQ_BITS)
|
if (diff >= DTLS_SEQ_BITS)
|
||||||
*window = 0;
|
XMEMSET(window, 0, DTLS_SEQ_SZ);
|
||||||
else
|
else {
|
||||||
*window <<= (1 + diff);
|
word32 idx, newDiff, temp, i;
|
||||||
*window |= 1;
|
word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS];
|
||||||
|
|
||||||
|
temp = 0;
|
||||||
|
diff++;
|
||||||
|
idx = diff / DTLS_WORD_BITS;
|
||||||
|
newDiff = diff % DTLS_WORD_BITS;
|
||||||
|
|
||||||
|
XMEMCPY(oldWindow, window, sizeof(oldWindow));
|
||||||
|
|
||||||
|
for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
|
||||||
|
if (i < idx)
|
||||||
|
window[i] = 0;
|
||||||
|
else {
|
||||||
|
temp |= (oldWindow[i-idx] << newDiff);
|
||||||
|
window[i] = temp;
|
||||||
|
temp = oldWindow[i-idx] >> (DTLS_WORD_BITS - newDiff);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
window[0] |= 1;
|
||||||
*next_lo = cur_lo + 1;
|
*next_lo = cur_lo + 1;
|
||||||
if (*next_lo < cur_lo)
|
if (*next_lo < cur_lo)
|
||||||
(*next_hi)++;
|
(*next_hi)++;
|
||||||
|
|
@ -9597,8 +9628,9 @@ int ProcessReply(WOLFSSL* ssl)
|
||||||
DtlsMsgPoolReset(ssl);
|
DtlsMsgPoolReset(ssl);
|
||||||
ssl->keys.nextEpoch++;
|
ssl->keys.nextEpoch++;
|
||||||
ssl->keys.nextSeq_lo = 0;
|
ssl->keys.nextSeq_lo = 0;
|
||||||
ssl->keys.prevWindow = ssl->keys.window;
|
XMEMCPY(ssl->keys.prevWindow, ssl->keys.window,
|
||||||
ssl->keys.window = 0;
|
DTLS_SEQ_SZ);
|
||||||
|
XMEMSET(ssl->keys.window, 0, DTLS_SEQ_SZ);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -863,6 +863,14 @@ enum {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_DTLS_WINDOW_WORDS
|
||||||
|
#define WOLFSSL_DTLS_WINDOW_WORDS 2
|
||||||
|
#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
|
||||||
|
#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
|
||||||
|
#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
|
||||||
|
#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
|
||||||
|
|
||||||
|
|
||||||
enum Misc {
|
enum Misc {
|
||||||
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
|
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
|
||||||
QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
|
QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
|
||||||
|
|
@ -960,10 +968,12 @@ enum Misc {
|
||||||
DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
|
DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
|
||||||
DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
|
DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
|
||||||
DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
|
DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
|
||||||
DTLS_EXPORT_VERSION = 2, /* wolfSSL version for serialized session */
|
DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */
|
||||||
DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
|
DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
|
||||||
DTLS_EXPORT_KEY_SZ = 337,/* max amount of bytes used from Keys */
|
DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
|
||||||
DTLS_EXPORT_MIN_KEY_SZ = 89, /* min amount of bytes used from Keys */
|
/* max amount of bytes used from Keys */
|
||||||
|
DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
|
||||||
|
/* min amount of bytes used from Keys */
|
||||||
DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
|
DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
|
||||||
DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
|
DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
|
||||||
DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
|
DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
|
||||||
|
|
@ -1582,18 +1592,6 @@ typedef struct WOLFSSL_DTLS_CTX {
|
||||||
} WOLFSSL_DTLS_CTX;
|
} WOLFSSL_DTLS_CTX;
|
||||||
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
|
||||||
|
|
||||||
#ifdef WORD64_AVAILABLE
|
|
||||||
typedef word64 DtlsSeq;
|
|
||||||
#else
|
|
||||||
typedef word32 DtlsSeq;
|
|
||||||
#endif
|
|
||||||
#define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
|
|
||||||
|
|
||||||
#endif /* WOLFSSL_DTLS */
|
|
||||||
|
|
||||||
|
|
||||||
#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
|
#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
|
||||||
|
|
||||||
/* keys and secrets
|
/* keys and secrets
|
||||||
|
|
@ -1617,7 +1615,8 @@ typedef struct Keys {
|
||||||
word32 sequence_number_lo;
|
word32 sequence_number_lo;
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
DtlsSeq window; /* Sliding window for current epoch */
|
word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
|
||||||
|
/* Sliding window for current epoch */
|
||||||
word16 nextEpoch; /* Expected epoch in next record */
|
word16 nextEpoch; /* Expected epoch in next record */
|
||||||
word16 nextSeq_hi; /* Expected sequence in next record */
|
word16 nextSeq_hi; /* Expected sequence in next record */
|
||||||
word32 nextSeq_lo;
|
word32 nextSeq_lo;
|
||||||
|
|
@ -1626,7 +1625,8 @@ typedef struct Keys {
|
||||||
word16 curSeq_hi; /* Received sequence in current record */
|
word16 curSeq_hi; /* Received sequence in current record */
|
||||||
word32 curSeq_lo;
|
word32 curSeq_lo;
|
||||||
|
|
||||||
DtlsSeq prevWindow; /* Sliding window for old epoch */
|
word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
|
||||||
|
/* Sliding window for old epoch */
|
||||||
word16 prevSeq_hi; /* Next sequence in allowed old epoch */
|
word16 prevSeq_hi; /* Next sequence in allowed old epoch */
|
||||||
word32 prevSeq_lo;
|
word32 prevSeq_lo;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue