Allow mutual authentication to be required for TLS 1.3

2020-02-20 16:15:30 +10:00 · 2020-02-20 16:15:30 +10:00 · 6334dd9cb0
commit 6334dd9cb0
parent 805034bca3
6 changed files with 112 additions and 13 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -614,23 +614,26 @@ static const char* server_usage_msg[][49] = {
 #ifdef HAVE_SESSION_TICKET
        "-T          Do not generate session ticket\n",                 /* 44 */
 #endif
+#ifdef WOLFSSL_TLS13
+        "-F          Mutual authentication is required\n",              /* 45 */
+#endif
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
-        "-Q          Request certificate from client post-handshake\n", /* 45 */
+        "-Q          Request certificate from client post-handshake\n", /* 46 */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-        "-J          Server sends Cookie Extension containing state\n", /* 46 */
+        "-J          Server sends Cookie Extension containing state\n", /* 47 */
 #endif
 #endif /* WOLFSSL_TLS13 */
 #ifdef WOLFSSL_EARLY_DATA
-        "-0          Early data read from client (0-RTT handshake)\n",  /* 47 */
+        "-0          Early data read from client (0-RTT handshake)\n",  /* 48 */
 #endif
 #ifdef WOLFSSL_MULTICAST
-        "-3 <grpid>  Multicast, grpid < 256\n",                         /* 48 */
+        "-3 <grpid>  Multicast, grpid < 256\n",                         /* 49 */
 #endif
        "-1 <num>    Display a result by specified language."
-                             "\n            0: English, 1: Japanese\n", /* 49 */
+                             "\n            0: English, 1: Japanese\n", /* 50 */
 #ifdef HAVE_TRUSTED_CA
-        "-5          Use Trusted CA Key Indication\n",                  /* 52 */
+        "-5          Use Trusted CA Key Indication\n",                  /* 53 */
 #endif
 #ifdef HAVE_CURVE448
        "-8          Pre-generate Key share using Curve448 only\n",     /* 55 */
@ -734,25 +737,28 @@ static const char* server_usage_msg[][49] = {
 #ifdef HAVE_SESSION_TICKET
        "-T         セッションチケットを生成しない\n",                  /* 44 */
 #endif
+#ifdef WOLFSSL_TLS13
+        "-F          Mutual authentication is required\n",              /* 45 */
+#endif
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
        "-Q          クライアントのポストハンドシェイクから"
-                                              "証明書を要求する\n",     /* 45 */
+                                              "証明書を要求する\n",     /* 46 */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-        "-J          サーバーの状態を含むTLS Cookie 拡張を送信する\n",  /* 46 */
+        "-J          サーバーの状態を含むTLS Cookie 拡張を送信する\n",  /* 47 */
 #endif
 #endif /* WOLFSSL_TLS13 */
 #ifdef WOLFSSL_EARLY_DATA
        "-0          クライアントからの Early Data 読み取り"
-                                      "（0-RTTハンドシェイク）\n",      /* 47 */
+                                      "（0-RTTハンドシェイク）\n",      /* 48 */
 #endif
 #ifdef WOLFSSL_MULTICAST
-        "-3 <grpid>  マルチキャスト, grpid < 256\n",                    /* 48 */
+        "-3 <grpid>  マルチキャスト, grpid < 256\n",                    /* 49 */
 #endif
        "-1 <num>    指定された言語で結果を表示します。"
-                                 "\n            0: 英語、 1: 日本語\n", /* 49 */
+                                 "\n            0: 英語、 1: 日本語\n", /* 50 */
 #ifdef HAVE_TRUSTED_CA
-        "-5          信頼できる認証局の鍵表示を使用する\n",             /* 52 */
+        "-5          信頼できる認証局の鍵表示を使用する\n",             /* 53 */
 #endif
 #ifdef HAVE_CURVE448
        "-8          Pre-generate Key share using Curve448 only\n",     /* 55 */
@ -852,6 +858,9 @@ static void Usage(void)
 #ifdef HAVE_SESSION_TICKET
    printf("%s", msg[++msgId]);     /* -T */
 #endif
+#ifdef WOLFSSL_TLS13
+    printf("%s", msg[++msgId]);     /* -F */
+#endif
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
    printf("%s", msg[++msgId]);     /* -Q */
 #endif
@ -986,6 +995,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
    int noPskDheKe = 0;
 #endif
    int updateKeysIVs = 0;
+    int tls13MutualAuth = 0;
    int postHandAuth = 0;
 #ifdef WOLFSSL_EARLY_DATA
    int earlyData = 0;
@ -1071,6 +1081,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
    (void)crlFlags;
    (void)readySignal;
    (void)updateKeysIVs;
+    (void)tls13MutualAuth;
    (void)postHandAuth;
    (void)mcastID;
    (void)loadCertKeyIntoSSLObj;
@ -1087,7 +1098,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
    /* Not Used: h, z, F, T, V, W, X */
    while ((ch = mygetopt(argc, argv, "?:"
                "abc:defgijk:l:mnop:q:rstuv:wxy"
-                "A:B:C:D:E:GH:IJKL:MNO:PQR:S:TUVYZ:"
+                "A:B:C:D:E:FGH:IJKL:MNO:PQR:S:TUVYZ:"
                "01:23:4:58")) != -1) {
        switch (ch) {
            case '?' :
@ -1402,6 +1413,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                #endif
                break;

+            case 'F' :
+                #ifdef WOLFSSL_TLS13
+                    tls13MutualAuth = 1;
+                #endif
+                break;
+
            case 'Q' :
            #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
                postHandAuth = 1;
@ -1745,6 +1762,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
        }
 #endif
    }
+#ifdef WOLFSSL_TLS13
+    if (tls13MutualAuth)
+        wolfSSL_CTX_mutual_auth(ctx, 1);
+#endif


 #ifdef HAVE_ECC
--- a/scripts/tls13.test
+++ b/scripts/tls13.test
@ -111,6 +111,22 @@ if [ $RESULT -eq 0 ]; then
 fi
 echo ""

+# TLS 1.3 mutual auth required but client doesn't send certificates.
+echo -e "\n\nTLS v1.3 mutual auth fail"
+port=0
+./examples/server/server -v 4 -F -R $ready_file -p $port &
+server_pid=$!
+create_port
+./examples/client/client -v 4 -x -p $port
+RESULT=$?
+remove_ready_file
+if [ $RESULT -eq 0 ]; then
+    echo -e "\n\nIssue with requiring mutual authentication"
+    do_cleanup
+    exit 1
+fi
+echo ""
+

 ./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
 if [ $? -ne 0 ]; then
--- a/src/internal.c
+++ b/src/internal.c
@ -5673,6 +5673,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
        ssl->options.noTicketTls13 = ctx->noTicketTls13;
    #endif
    ssl->options.noPskDheKe = ctx->noPskDheKe;
+    ssl->options.mutualAuth = ctx->mutualAuth;
    #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
        ssl->options.postHandshakeAuth = ctx->postHandshakeAuth;
    #endif
@ -9829,6 +9830,9 @@ static void DoCertFatalAlert(WOLFSSL* ssl, int ret)
        alertWhy = certificate_revoked;
    }
 #endif
+    else if (ret == NO_PEER_CERT) {
+        alertWhy = certificate_required;
+    }

    /* send fatal alert and mark connection closed */
    SendAlert(ssl, alert_fatal, alertWhy); /* try to send */
@ -10600,6 +10604,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
            args->count = args->totalCerts;
            args->certIdx = 0; /* select peer cert (first one) */

+        #ifdef WOLFSSL_TLS13
+            if (args->count == 0 && ssl->options.tls1_3 &&
+                                      ssl->options.mutualAuth &&
+                                      ssl->options.side == WOLFSSL_SERVER_END) {
+                ret = NO_PEER_CERT;
+                DoCertFatalAlert(ssl, ret);
+            }
+        #endif
+
            args->dCertInit = 0;
        #ifndef WOLFSSL_SMALL_CERT_VERIFY
            args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
--- a/src/tls13.c
+++ b/src/tls13.c
@ -8292,6 +8292,48 @@ int wolfSSL_update_keys(WOLFSSL* ssl)
    return ret;
 }

+#if !defined(NO_CERTS)
+/* Set whether mutual authentication is required for TLS v1.3 connections.
+ * Server side only.
+ *
+ * ctx  The SSL/TLS CTX object.
+ * req  1 to indicate required and 0 when not.
+ * returns BAD_FUNC_ARG when ctx is NULL, SIDE_ERROR when not a server and
+ * 0 on success.
+ */
+int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req)
+{
+    if (ctx == NULL || !IsAtLeastTLSv1_3(ctx->method->version))
+        return BAD_FUNC_ARG;
+    if (ctx->method->side == WOLFSSL_CLIENT_END)
+        return SIDE_ERROR;
+
+    ctx->mutualAuth = req;
+
+    return 0;
+}
+
+/* Set whether mutual authentication is required for a TLS v1.3 connection.
+ * Server side only.
+ *
+ * ssl  The SSL/TLS object.
+ * req  1 to indicate required and 0 when not.
+ * returns BAD_FUNC_ARG when ssl is NULL, or not using TLS v1.3,
+ * SIDE_ERROR when not a client and 0 on success.
+ */
+int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
+{
+    if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
+        return BAD_FUNC_ARG;
+    if (ssl->options.side == WOLFSSL_SERVER_END)
+        return SIDE_ERROR;
+
+    ssl->options.mutualAuth = req;
+
+    return 0;
+}
+#endif /* NO_CERTS */
+
 #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
 /* Allow post-handshake authentication in TLS v1.3 connections.
 *
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2658,6 +2658,7 @@ struct WOLFSSL_CTX {
 #ifdef WOLFSSL_TLS13
    byte        noTicketTls13:1;  /* Server won't create new Ticket */
    byte        noPskDheKe:1;     /* Don't use (EC)DHE with PSK */
+    byte        mutualAuth:1;     /* Mutual authentication required */
 #endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    byte        postHandshakeAuth:1;  /* Post-handshake auth supported. */
@ -3411,6 +3412,9 @@ typedef struct Options {
 #endif
    word16            keepResources:1;    /* Keep resources after handshake */
    word16            useClientOrder:1;   /* Use client's cipher order */
+#ifdef WOLFSSL_TLS13
+    word16            mutualAuth:1;       /* Mutual authentication is rquired */
+#endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    word16            postHandshakeAuth:1;/* Client send post_handshake_auth
                                           * extension */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -627,6 +627,7 @@ enum AlertDescription {
    unrecognized_name               = 112, /**< RFC 6066, section 3 */
    bad_certificate_status_response = 113, /**< RFC 6066, section 8 */
    unknown_psk_identity            = 115, /**< RFC 4279, section 2 */
+    certificate_required            = 116, /**< RFC 8446, section 8.2 */
    no_application_protocol         = 120
 };

@ -866,6 +867,8 @@ WOLFSSL_API int  wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
 WOLFSSL_API int  wolfSSL_no_dhe_psk(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_update_keys(WOLFSSL* ssl);
+WOLFSSL_API int  wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
+WOLFSSL_API int  wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
 WOLFSSL_API int  wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
 WOLFSSL_API int  wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_request_certificate(WOLFSSL* ssl);