Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS13-KDF #446

Merged
merged 4 commits into from
Oct 1, 2024
Merged

Add TLS13-KDF #446

merged 4 commits into from
Oct 1, 2024

Conversation

simo5
Copy link
Member

@simo5 simo5 commented Sep 24, 2024
edited
Loading

Description

Add support for OpenSSL's TLS13-KDF which is a limited TLS-specific HKDF version.

Fixes #445

Checklist

  • Code modified for feature
  • Test suite updated with functionality tests
  • [ ] Test suite updated with negative tests
  • [ ] Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible commit messages
  • Coverity Scan has run if needed (code PR) and no new defects were found

@simo5 simo5 marked this pull request as draft September 24, 2024 21:42
@simo5 simo5 force-pushed the tls13kdf branch 2 times, most recently from 7fb5bdd to f936dd7 Compare September 27, 2024 17:17
@simo5 simo5 marked this pull request as ready for review September 27, 2024 17:23
@simo5
Copy link
Member Author

simo5 commented Sep 27, 2024

@kshitizvars would you mind testing this PR? It should solve the issues you have with tls1.3 fully on the token, note that you have to block digest operations with the block operations quirk.

@simo5
Copy link
Member Author

simo5 commented Sep 27, 2024

Note that the kryoptic build will fail until latchset/kryoptic#99 is merged

@simo5 simo5 requested a review from beldmit September 27, 2024 19:04
beldmit
beldmit reviewed Sep 27, 2024
View reviewed changes
tests/ttls Outdated Show resolved Hide resolved
beldmit
beldmit reviewed Sep 27, 2024
View reviewed changes
src/kdf.c Show resolved Hide resolved
src/kdf.c Outdated Show resolved Hide resolved
sahilnxp
sahilnxp reviewed Sep 30, 2024
View reviewed changes
src/util.c Show resolved Hide resolved
src/util.c Show resolved Hide resolved
src/kdf.c Outdated Show resolved Hide resolved
src/kdf.c Outdated Show resolved Hide resolved
sahilnxp
sahilnxp reviewed Sep 30, 2024
View reviewed changes
src/kdf.c Show resolved Hide resolved
@simo5 simo5 force-pushed the tls13kdf branch 2 times, most recently from d7ef2f9 to c5b4410 Compare September 30, 2024 16:52
@simo5 simo5 requested a review from beldmit October 1, 2024 16:51
@simo5
Add a generic digest utility function
6b51b63 
In preparation to reuse outside of the specific object.c use case.
Also adds a better and more flexible interface.

Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5
Implement support for ec point compression query
bc17192 
OpenSSL TLS code needs to know if the EC public key is in compressed or
uncompressed representation, for peer keys.
Add support to return this information from public keys.

Signed-off-by: Simo Sorce <simo@redhat.com>
@kshitizvars
Copy link
Contributor

Hi @simo5

Thanks for the patch!!
I have tested your TLS13-kdf patch. OpenSSL calls are coming to tls based kdf implementation but after reverting 4f67dfd

FYI, with 4f67dfd patch, I am getting below issue:-

ACCEPT
ERROR
20F076AFFFFF0000:error:0A00013A:SSL routines:tls_parse_ctos_key_share:unable to find ecdh parameters:ssl/statem/extensions_srvr.c:684:
shutting down SSL
CONNECTION CLOSED

We are currently working on fixing the issue, comimg with the faulty patch.

@simo5
Copy link
Member Author

simo5 commented Oct 1, 2024

@kshitizvars so your token has issues storing/using session objects?

@simo5 simo5 added the covscan Triggers Coverity Scanner label Oct 1, 2024
@github-actions github-actions bot removed the covscan Triggers Coverity Scanner label Oct 1, 2024
@simo5
Copy link
Member Author

simo5 commented Oct 1, 2024

Covscan found an error:

*** CID 510334:  Memory - corruptions  (OVERRUN)
/src/kdf.c: 353 in p11prov_tls13_expand_label()
347         params.pInfo = info;
348         params.ulInfoLen = infolen;
349    
350         ret = inner_derive_key(hkdfctx->provctx, keyobj, &hkdfctx->session,
351                                &mechanism, keylen, dkey_handle);
352    
>>>     CID 510334:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "info" of 514 bytes by passing it to a function which accesses it at byte offset 766 using argument "infolen" (which evaluates to 767).
353         OPENSSL_cleanse(&info, infolen);
354         return ret;
355     }
356    
357     static CK_RV p11prov_tls13_derive_secret(P11PROV_KDF_CTX *hkdfctx,
358                                              P11PROV_OBJ *keyobj, size_t keylen,

@simo5
Copy link
Member Author

simo5 commented Oct 1, 2024

Covscan found an error:

*** CID 510334:  Memory - corruptions  (OVERRUN)
/src/kdf.c: 353 in p11prov_tls13_expand_label()
347         params.pInfo = info;
348         params.ulInfoLen = infolen;
349    
350         ret = inner_derive_key(hkdfctx->provctx, keyobj, &hkdfctx->session,
351                                &mechanism, keylen, dkey_handle);
352    
>>>     CID 510334:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "info" of 514 bytes by passing it to a function which accesses it at byte offset 766 using argument "infolen" (which evaluates to 767).

I think Coverity here is confused as the big check on inputs should make it impossible to get such a large value.

353         OPENSSL_cleanse(&info, infolen);
354         return ret;
355     }
356    
357     static CK_RV p11prov_tls13_derive_secret(P11PROV_KDF_CTX *hkdfctx,
358                                              P11PROV_OBJ *keyobj, size_t keylen,

In any case I am changing the code to add belts and suspender so the total info size is more
explicitly checked, and also to reduce the number of variables used to the minimum necessary so there is no chance of mis-assigning anything and getting to an inconsistent state.

beldmit
beldmit approved these changes Oct 1, 2024
View reviewed changes
Copy link
Collaborator

@beldmit beldmit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/kdf.c Outdated Show resolved Hide resolved
@simo5
Add the TLS13-KDF OpenSSL Key Derivation Function
4f034a2 
OpenSSL has a special TLS 1.3 KDF that perform TLS 1.3 specific and
limited actions using an underlying HKDF implementation.

Implement it the way OpenSSL expect it to work.

Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5
Test TLS1.3 connection forcing all ops on token
b7c9bb6 
This is used primarily to test TLS13-KDF.
Note that we have to disable digest ops on the token as OpenSSL requires
context duplication to work, and most tokens do not really offer it.

Signed-off-by: Simo Sorce <simo@redhat.com>
@simo5 simo5 added the covscan Triggers Coverity Scanner label Oct 1, 2024
@github-actions github-actions bot removed the covscan Triggers Coverity Scanner label Oct 1, 2024
@simo5 simo5 added the covscan-ok Coverity scan passed label Oct 1, 2024
@simo5 simo5 merged commit 996ef73 into latchset:main Oct 1, 2024
46 checks passed
@simo5
Copy link
Member Author

simo5 commented Oct 1, 2024

Thanks for all the reviews folks.

This was referenced Oct 2, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sahilnxp sahilnxp sahilnxp left review comments

@beldmit beldmit beldmit approved these changes

Assignees
No one assigned
Labels
covscan-ok Coverity scan passed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add TLS13-KDF name for HKDF
4 participants
@simo5 @kshitizvars @beldmit @sahilnxp