Add pointers to in/out CID fields to mbedtls_ssl_context

mbedtls_ssl_context contains pointers in_buf, in_hdr, in_len, ... which point to various parts of the header of an incoming TLS or DTLS record; similarly, there are pointers out_buf, ... for outgoing records. This commit adds fields in_cid and out_cid which point to where the CID of incoming/outgoing records should reside, if present, namely prior to where the record length resides. Quoting https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: The DTLSInnerPlaintext value is then encrypted and the CID added to produce the final DTLSCiphertext. struct { ContentType special_type = tls12_cid; /* 25 */ ProtocolVersion version; uint16 epoch; uint48 sequence_number; opaque cid[cid_length]; // New field uint16 length; opaque enc_content[DTLSCiphertext.length]; } DTLSCiphertext; For outgoing records, out_cid is set in ssl_update_out_pointers() based on the settings in the current outgoing transform. For incoming records, ssl_update_in_pointers() sets in_cid as if no CID was present, and it is the responsibility of ssl_parse_record_header() to update the field (as well as in_len, in_msg and in_iv) when parsing records that do contain a CID. This will be done in a subsequent commit. Finally, the code around the invocations of ssl_decrypt_buf() and ssl_encrypt_buf() is adapted to transfer the CID from the input/output buffer to the CID field in the internal record structure (which is what ssl_{encrypt/decrypt}_buf() uses). Note that mbedtls_ssl_in_hdr_len() doesn't need change because it infers the header length as in_iv - in_hdr, which will account for the CID for records using such.
2025-10-30 11:11:12 -04:00 · 2019-05-03 14:34:53 +01:00 · 2019-05-03 14:34:53 +01:00 · f9c6a4bea1
commit f9c6a4bea1
parent 6cbad5560d
2 changed files with 35 additions and 4 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1182,6 +1182,10 @@ struct mbedtls_ssl_context
                                     TLS: maintained by us
                                     DTLS: read from peer             */
    unsigned char *in_hdr;      /*!< start of record header           */
+#if defined(MBEDTLS_SSL_CID)
+    unsigned char *in_cid;      /*!< The start of the CID;
+                                 *   (the end is marked by in_len).   */
+#endif /* MBEDTLS_SSL_CID */
    unsigned char *in_len;      /*!< two-bytes message length field   */
    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
@ -1218,6 +1222,10 @@ struct mbedtls_ssl_context
    unsigned char *out_buf;     /*!< output buffer                    */
    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
    unsigned char *out_hdr;     /*!< start of record header           */
+#if defined(MBEDTLS_SSL_CID)
+    unsigned char *out_cid;     /*!< The start of the CID;
+                                 *   (the end is marked by in_len).   */
+#endif /* MBEDTLS_SSL_CID */
    unsigned char *out_len;     /*!< two-bytes message length field   */
    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4177,6 +4177,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
            }

+#if defined(MBEDTLS_SSL_CID )
+            memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_CID */
            ssl->out_msglen = len = rec.data_len;
            ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
            ssl->out_len[1] = (unsigned char)( rec.data_len      );
@ -5037,6 +5040,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
            - ( ssl->in_iv - ssl->in_buf );
        rec.data_len    = ssl->in_msglen;
        rec.data_offset = 0;
+#if defined(MBEDTLS_SSL_CID )
+        rec.cid_len     = ssl->in_len - ssl->in_cid;
+        memcpy( rec.cid, ssl->in_cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_CID */

        memcpy( &rec.ctr[0], ssl->in_ctr, 8 );
        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@ -7980,8 +7987,15 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
    {
        ssl->out_ctr = ssl->out_hdr +  3;
-        ssl->out_len = ssl->out_hdr + 11;
-        ssl->out_iv  = ssl->out_hdr + 13;
+#if defined(MBEDTLS_SSL_CID)
+        ssl->out_cid = ssl->out_ctr +  8;
+        ssl->out_len = ssl->out_cid;
+        if( transform != NULL )
+            ssl->out_len += transform->out_cid_len;
+#else /* MBEDTLS_SSL_CID */
+        ssl->out_len = ssl->out_ctr + 8;
+#endif /* MBEDTLS_SSL_CID */
+        ssl->out_iv  = ssl->out_len + 2;
    }
    else
 #endif
@ -8024,9 +8038,18 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
    {
+        /* This sets the header pointers to match records
+         * without CID. When we receive a record containing
+         * a CID, the fields are shifted accordingly in
+         * ssl_parse_record_header(). */
        ssl->in_ctr = ssl->in_hdr +  3;
-        ssl->in_len = ssl->in_hdr + 11;
-        ssl->in_iv  = ssl->in_hdr + 13;
+#if defined(MBEDTLS_SSL_CID)
+        ssl->in_cid = ssl->in_ctr +  8;
+        ssl->in_len = ssl->in_cid; /* Default: no CID */
+#else /* MBEDTLS_SSL_CID */
+        ssl->in_len = ssl->in_ctr + 8;
+#endif /* MBEDTLS_SSL_CID */
+        ssl->in_iv  = ssl->in_len + 2;
    }
    else
 #endif