Skip to content

Add maximum_name_length to TLS ECH padding #10326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sebastian-carpenter wants to merge 1 commit into
base: master
Choose a base branch
from
+39 −9
Open

Add maximum_name_length to TLS ECH padding #10326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 16 additions & 6 deletions src/ssl_ech.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,15 @@
/* create the hpke key and ech config to send to clients */
int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
word16 kemId, word16 kdfId, word16 aeadId)
{
return wolfSSL_CTX_GenerateEchConfigEx(ctx, publicName, kemId, kdfId,
aeadId, 0);
}

/* create the hpke key and ech config to send to clients
* maximum_name_length may also be set for a more stable padding length */
int wolfSSL_CTX_GenerateEchConfigEx(WOLFSSL_CTX* ctx, const char* publicName,
word16 kemId, word16 kdfId, word16 aeadId, byte maxNameLen)
{
int ret = 0;
WOLFSSL_EchConfig* newConfig;
Expand Down Expand Up @@ -129,8 +138,8 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
ret = MEMORY_E;
}
else {
XMEMCPY(newConfig->publicName, publicName,
XSTRLEN(publicName) + 1);
XMEMCPY(newConfig->publicName, publicName, XSTRLEN(publicName) + 1);
newConfig->maxNameLen = maxNameLen;
}
}

Expand Down Expand Up @@ -399,8 +408,8 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
output += 2;
}

/* set maximum name length to 0 */
*output = 0;
/* maximum name len */
*output = config->maxNameLen;
output++;

/* publicName len */
Expand All @@ -411,7 +420,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
XMEMCPY(output, config->publicName, publicNameLen);
output += publicNameLen;

/* terminating zeros */
/* no extensions, print zeros */
c16toa(0, output);
/* output += 2; */

Expand Down Expand Up @@ -599,12 +608,13 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
echConfig += 4;
}

/* ignore the maximum name length */
/* maxNameLen */
idx++;
if (idx >= length) {
ret = BUFFER_E;
break;
}
workingConfig->maxNameLen = *echConfig;
echConfig++;

/* publicNameLen */
Expand Down
16 changes: 15 additions & 1 deletion src/tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4786,8 +4786,22 @@ int SendTls13ClientHello(WOLFSSL* ssl)
if (ret != 0)
return ret;

/* calculate padding (RFC 9849, section 6.1.3) */
if (args->ech->privateName != NULL) {
word16 nameLen = (word16)XSTRLEN(args->ech->privateName);
if (nameLen > args->ech->echConfig->maxNameLen)
args->ech->paddingLen = 0;
else
args->ech->paddingLen =
(word16)args->ech->echConfig->maxNameLen - nameLen;
}
else {
args->ech->paddingLen = args->ech->echConfig->maxNameLen + 9;
}
args->ech->paddingLen += 31 -
((args->length + args->ech->paddingLen - 1) % 32);

/* set innerClientHelloLen to ClientHelloInner + padding + tag */
args->ech->paddingLen = 31 - ((args->length - 1) % 32);
args->ech->innerClientHelloLen = args->length +
args->ech->paddingLen + args->ech->hpke->Nt;
if (args->ech->innerClientHelloLen > 0xFFFF)
Expand Down
6 changes: 4 additions & 2 deletions tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14822,8 +14822,10 @@ static int test_ech_server_ctx_ready(WOLFSSL_CTX* ctx)
{
int ret;

ret = wolfSSL_CTX_GenerateEchConfig(ctx, echCbTestPublicName,
echCbTestKemID, echCbTestKdfID, echCbTestAeadID);
/* +20 for this isn't significant, it just exercises the padding code */
ret = wolfSSL_CTX_GenerateEchConfigEx(ctx, echCbTestPublicName,
echCbTestKemID, echCbTestKdfID, echCbTestAeadID,
XSTRLEN(echCbTestPublicName) + 20);
if (ret != WOLFSSL_SUCCESS)
return TEST_FAIL;

Expand Down
1 change: 1 addition & 0 deletions wolfssl/internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3137,6 +3137,7 @@ typedef struct WOLFSSL_EchConfig {
byte configId;
byte numCipherSuites;
byte receiverPubkey[HPKE_Npk_MAX];
byte maxNameLen;
} WOLFSSL_EchConfig;

typedef struct WOLFSSL_ECH {
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1218,6 +1218,9 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx,
const char* publicName, word16 kemId, word16 kdfId, word16 aeadId);
WOLFSSL_API int wolfSSL_CTX_GenerateEchConfigEx(WOLFSSL_CTX* ctx,
const char* publicName, word16 kemId, word16 kdfId, word16 aeadId,
byte maxNameLen);

WOLFSSL_API int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx,
const char* echConfigs64, word32 echConfigs64Len);
Expand Down
Loading