commit 2eaa76044b13e6ced8d828438629718c3221cc2f
author Jerry Yu <jerry.h.yu@arm.com> Thu Aug 04 17:28:15 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Mon Oct 31 16:41:42 2022 +0800
tree 3f661195a7ed20344971256511fc391fe01ce231
parent c55a6af9eb9749cba60c67954b4d077e21e9d0ac

Add extension check for Certificate

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 662e6f4..bd56666 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -447,6 +447,8 @@
     while( p < certificate_list_end )
     {
         size_t cert_data_len, extensions_len;
+        const unsigned char *extensions_end;
+        uint32_t extensions_present;
 
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
         cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
@@ -504,7 +506,62 @@
         extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
         p += 2;
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
-        p += extensions_len;
+
+        extensions_end = p + extensions_len;
+        extensions_present = MBEDTLS_SSL_EXT_NONE;
+
+        while( p < extensions_end )
+        {
+            unsigned int extension_type;
+            size_t extension_data_len;
+
+            /*
+            * struct {
+            *     ExtensionType extension_type; (2 bytes)
+            *     opaque extension_data<0..2^16-1>;
+            * } Extension;
+            */
+            MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+            extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+            extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+            p += 4;
+
+            MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+
+            /* RFC 8446 page 35
+             *
+             * If an implementation receives an extension which it recognizes and
+             * which is not specified for the message in which it appears, it MUST
+             * abort the handshake with an "illegal_parameter" alert.
+             */
+            extensions_present |= mbedtls_tls13_get_extension_mask( extension_type );
+            MBEDTLS_SSL_DEBUG_MSG( 3,
+                        ( "encrypted extensions : received %s(%u) extension",
+                        mbedtls_tls13_get_extension_name( extension_type ),
+                        extension_type ) );
+            if( ( extensions_present & MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ) == 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "forbidden extension received." ) );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            }
+            switch( extension_type )
+            {
+                default:
+                    MBEDTLS_SSL_DEBUG_MSG( 3,
+                        ( "Certificate: received %s(%u) extension ( ignored )",
+                        mbedtls_tls13_get_extension_name( extension_type ),
+                        extension_type ) );
+                    break;
+            }
+
+            p += extension_data_len;
+        }
+
+        MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, "Certificate", extensions_present );
     }
 
 exit: