Closed Bug 1818487 Opened 3 years ago Closed 2 years ago

DTLS1.3 Incorrect transcript computation

Categories

(NSS :: Libraries, defect, P4)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: anna.weine, Assigned: anna.weine)

References

(Blocks 1 open bug)

Details

Attachments

(3 files, 1 obsolete file)

Bug 1818487 - DTLS1.3 transcript generation
48 bytes, text/x-phabricator-request
Details | Review
Bug 1818487 - Implementation of tests supporting Transcription Generation patch for DTLS1.3
48 bytes, text/x-phabricator-request
Details | Review
Bug 1818487 - Ensuring that DTLS does not use ECH
48 bytes, text/x-phabricator-request
Details | Review

Copy paste from here: https://bugzilla.mozilla.org/show_bug.cgi?id=1809196#c5

WolfSSL transcript function skips the MessageSequence + Fragment Offset + Fragment Length (Handshake header) fields while computing the transcript, we compute using these fields.

RFC (TLS1.3): This value (transcript one) is computed by hashing the concatenation
of each included handshake message, including the handshake message
header carrying the handshake message type and length fields, but not
including record layer headers.

Could be solved (ugly, i know) by:
the function ssl3_AppendHandshakeInternal (https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/sslencode.c#287)
is responsible (among other things) for uploading the client message to ssl.hs.messages. Instead of the full message living in src (https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/sslencode.c#308), I copy the first 4 bytes (that correspond to HandshakeType and Length), then skip the next 8 bytes (MessageSequence + Fragment Offset + Fragment Length), finally I copy the rest.

The previous patch manages the modification of the transcript only on the client side, but not the server side.

The severity field is not set for this bug.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(bbeurdouche)
Severity: -- → S4
Priority: -- → P4
Flags: needinfo?(bbeurdouche)
Attachment #9338069 - Attachment description: WIP: Bug 1818487 - Implementation of the test checking ECH with DTLS. → Bug 1818487 - Implementation of the test checking ECH with DTLS.
Attachment #9319444 - Attachment description: WIP: Bug 1818487 - DTLS1.3 transcript generation → Bug 1818487 - DTLS1.3 transcript generation
Attachment #9319444 - Attachment description: Bug 1818487 - DTLS1.3 transcript generation → WIP: Bug 1818487 - DTLS1.3 transcript generation
Attachment #9339850 - Attachment description: WIP: Bug 1818487 - Implementation of tests supporting Transcription Generation patch for DTLS1.3 → Bug 1818487 - Implementation of tests supporting Transcription Generation patch for DTLS1.3
Status: NEW → ASSIGNED
Attachment #9319444 - Attachment description: WIP: Bug 1818487 - DTLS1.3 transcript generation → Bug 1818487 - DTLS1.3 transcript generation
Attachment #9319444 - Attachment description: Bug 1818487 - DTLS1.3 transcript generation → WIP: Bug 1818487 - DTLS1.3 transcript generation
Attachment #9319444 - Attachment description: WIP: Bug 1818487 - DTLS1.3 transcript generation → Bug 1818487 - DTLS1.3 transcript generation
Attachment #9319444 - Attachment description: Bug 1818487 - DTLS1.3 transcript generation → WIP: Bug 1818487 - DTLS1.3 transcript generation
Attachment #9319444 - Attachment description: WIP: Bug 1818487 - DTLS1.3 transcript generation → Bug 1818487 - DTLS1.3 transcript generation
Attachment #9338069 - Attachment is obsolete: true
Attachment #9367452 - Attachment description: WIP: Bug 1818487 - Ensuring that DTLS does not use ECH → Bug 1818487 - Ensuring that DTLS does not use ECH
Regressions: 1910370
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: