Containered alerts, discovery (except for the transparent case), and endpoint... (fddf4684) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/err/openssl.ec

+13 −0

Original line number	Diff line number	Diff line
		@@ -76,3 +76,16 @@ R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
		R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
		R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
		R TLS1_AD_NO_APPLICATION_PROTOCOL 1120

		# TLMSP alerts
		R SSL_R_TLMSP_ALERT_MIDDLEBOX_ROUTE_FAILURE 1170
		R SSL_R_TLMSP_ALERT_MIDDLEBOX_AUTHORIZATION_FAILURE 1171
		R SSL_R_TLMSP_ALERT_MIDDLEBOX_REQUIRED 1172
		R SSL_R_TLMSP_ALERT_DISCOVERY_ACK 1173
		R SSL_R_TLMSP_ALERT_UNKNOWN_CONTEXT 1174
		R SSL_R_TLMSP_ALERT_UNSUPPORTED_CONTEXT 1175
		R SSL_R_TLMSP_ALERT_MIDDLEBOX_KEY_VERIFY_FAILURE 1176
		R SSL_R_TLMSP_ALERT_BAD_READER_MAC 1177
		R SSL_R_TLMSP_ALERT_BAD_WRITER_MAC 1178
		R SSL_R_TLMSP_ALERT_MIDDLEBOX_KEYCONFIRMATION_FAULT 1179
		R SSL_R_TLMSP_ALERT_AUTHENTICATION_REQUIRED 1180

crypto/err/openssl.txt

+9 −1

Original line number	Diff line number	Diff line
		@@ -1366,9 +1366,11 @@ SSL_F_TLMSP_CONSTRUCT_SERVER_KEY_EXCHANGE:692:\
		tlmsp_construct_server_key_exchange
		SSL_F_TLMSP_CONSTRUCT_STOC_TLMSP:646:tlmsp_construct_stoc_tlmsp
		SSL_F_TLMSP_CONTAINER_CHECK_MAC:722:tlmsp_container_check_mac
		SSL_F_TLMSP_CONTAINER_DELIVER_ALERT:726:TLMSP_container_deliver_alert
		SSL_F_TLMSP_CONTAINER_ENC:647:tlmsp_container_enc
		SSL_F_TLMSP_CONTAINER_FORWARDING_MAC:648:tlmsp_container_forwarding_mac
		SSL_F_TLMSP_CONTAINER_MAC:649:tlmsp_container_mac
		SSL_F_TLMSP_CONTAINER_PARSE:729:tlmsp_container_parse
		SSL_F_TLMSP_CONTAINER_READ:650:TLMSP_container_read
		SSL_F_TLMSP_CONTAINER_READER_CHECK_MAC:721:tlmsp_container_reader_check_mac
		SSL_F_TLMSP_CONTAINER_WRITE:651:TLMSP_container_write
		@@ -1380,6 +1382,8 @@ SSL_F_TLMSP_GENERATE_MASTER_SECRET:656:tlmsp_generate_master_secret
		SSL_F_TLMSP_GENERATE_MIDDLEBOX_MASTER_SECRET:699:\
		tlmsp_generate_middlebox_master_secret
		SSL_F_TLMSP_GET_MIDDLEBOXES_INSTANCE:719:TLMSP_get_middleboxes_instance
		SSL_F_TLMSP_GET_MIDDLEBOXES_LIST:732:tlmsp_get_middleboxes_list
		SSL_F_TLMSP_GET_RECONNECT_STATE:731:TLMSP_get_reconnect_state
		SSL_F_TLMSP_HASH_IDLIST:657:tlmsp_hash_idlist
		SSL_F_TLMSP_KEY_ACTIVATE_ALL:658:tlmsp_key_activate_all
		SSL_F_TLMSP_MAC:659:tlmsp_mac
		@@ -1388,6 +1392,7 @@ SSL_F_TLMSP_MIDDLEBOX_ADD:661:TLMSP_middlebox_add
		SSL_F_TLMSP_MIDDLEBOX_COPY:707:tlmsp_middlebox_copy
		SSL_F_TLMSP_MIDDLEBOX_CREATE:662:tlmsp_middlebox_create
		SSL_F_TLMSP_MIDDLEBOX_DUP:708:tlmsp_middlebox_dup
		SSL_F_TLMSP_MIDDLEBOX_DUP_STATIC:730:tlmsp_middlebox_dup_static
		SSL_F_TLMSP_MIDDLEBOX_HANDSHAKE_PROCESS:663:tlmsp_middlebox_handshake_process
		SSL_F_TLMSP_MIDDLEBOX_INSTANCE_COPY:710:tlmsp_middlebox_instance_copy
		SSL_F_TLMSP_MIDDLEBOX_INSTANCE_DUP:709:tlmsp_middlebox_instance_dup
		@@ -1420,6 +1425,7 @@ SSL_F_TLMSP_PARSE_CTOS_TLMSP_CONTEXT_LIST:666:\
		tlmsp_parse_ctos_tlmsp_context_list
		SSL_F_TLMSP_PARSE_MIDDLEBOX_LIST:685:tlmsp_parse_middlebox_list
		SSL_F_TLMSP_PARSE_STOC_TLMSP:667:tlmsp_parse_stoc_tlmsp
		SSL_F_TLMSP_PROCESS_ALERT:724:tlmsp_process_alert
		SSL_F_TLMSP_PROCESS_CERTIFICATE:713:tlmsp_process_certificate
		SSL_F_TLMSP_PROCESS_CLIENT_KEY_EXCHANGE:706:tlmsp_process_client_key_exchange
		SSL_F_TLMSP_PROCESS_KEY_MATERIAL_CONTRIBUTION:712:\
		@@ -1447,7 +1453,8 @@ SSL_F_TLMSP_RECORD_MAC:675:tlmsp_record_mac
		SSL_F_TLMSP_RESET_CIPHER:676:tlmsp_reset_cipher
		SSL_F_TLMSP_SETUP_ADVANCE_KEYS:677:tlmsp_setup_advance_keys
		SSL_F_TLMSP_SETUP_KEY_BLOCK:678:tlmsp_setup_key_block
		SSL_F_TLMSP_VERIFY_FORWARDING_MAC:724:tlmsp_verify_forwarding_mac
		SSL_F_TLMSP_VERIFY_FORWARDING_CHECK_MAC:727:tlmsp_verify_forwarding_check_mac
		SSL_F_TLMSP_VERIFY_FORWARDING_READER_MAC:728:tlmsp_verify_forwarding_reader_mac
		SSL_F_TLMSP_VERIFY_READER_MAC:723:tlmsp_verify_reader_mac
		SSL_F_TLMSP_WRITE_BYTES:679:tlmsp_write_bytes
		SSL_F_TLMSP_WRITE_FORWARDING_MAC:680:tlmsp_write_forwarding_mac
		@@ -2769,6 +2776,7 @@ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\
		SSL_R_DH_KEY_TOO_SMALL:394:dh key too small
		SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong
		SSL_R_DIGEST_CHECK_FAILED:149:digest check failed
		SSL_R_DISCOVERY_RECONNECT:293:discovery reconnect
		SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big
		SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id
		SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing

include/openssl/ssl.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -1193,6 +1193,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
		/* fatal */
		# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
		# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL

		# define SSL_alert_value(level, desc) ((((level) & 0xff) << 8) \| ((desc) & 0xff))
		# define SSL_alert_level(value) (((value) >> 8) & 0xff)
		# define SSL_alert_description(value) ((value) & 0xff)

		# define SSL_ERROR_NONE 0
		# define SSL_ERROR_SSL 1
		# define SSL_ERROR_WANT_READ 2

include/openssl/sslerr.h

+20 −1

Original line number	Diff line number	Diff line
		@@ -272,9 +272,11 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_CONSTRUCT_SERVER_KEY_EXCHANGE 692
		# define SSL_F_TLMSP_CONSTRUCT_STOC_TLMSP 646
		# define SSL_F_TLMSP_CONTAINER_CHECK_MAC 722
		# define SSL_F_TLMSP_CONTAINER_DELIVER_ALERT 726
		# define SSL_F_TLMSP_CONTAINER_ENC 647
		# define SSL_F_TLMSP_CONTAINER_FORWARDING_MAC 648
		# define SSL_F_TLMSP_CONTAINER_MAC 649
		# define SSL_F_TLMSP_CONTAINER_PARSE 729
		# define SSL_F_TLMSP_CONTAINER_READ 650
		# define SSL_F_TLMSP_CONTAINER_READER_CHECK_MAC 721
		# define SSL_F_TLMSP_CONTAINER_WRITE 651
		@@ -285,6 +287,8 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_GENERATE_MASTER_SECRET 656
		# define SSL_F_TLMSP_GENERATE_MIDDLEBOX_MASTER_SECRET 699
		# define SSL_F_TLMSP_GET_MIDDLEBOXES_INSTANCE 719
		# define SSL_F_TLMSP_GET_MIDDLEBOXES_LIST 732
		# define SSL_F_TLMSP_GET_RECONNECT_STATE 731
		# define SSL_F_TLMSP_HASH_IDLIST 657
		# define SSL_F_TLMSP_KEY_ACTIVATE_ALL 658
		# define SSL_F_TLMSP_MAC 659
		@@ -293,6 +297,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_MIDDLEBOX_COPY 707
		# define SSL_F_TLMSP_MIDDLEBOX_CREATE 662
		# define SSL_F_TLMSP_MIDDLEBOX_DUP 708
		# define SSL_F_TLMSP_MIDDLEBOX_DUP_STATIC 730
		# define SSL_F_TLMSP_MIDDLEBOX_HANDSHAKE_PROCESS 663
		# define SSL_F_TLMSP_MIDDLEBOX_INSTANCE_COPY 710
		# define SSL_F_TLMSP_MIDDLEBOX_INSTANCE_DUP 709
		@@ -313,6 +318,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_PARSE_CTOS_TLMSP_CONTEXT_LIST 666
		# define SSL_F_TLMSP_PARSE_MIDDLEBOX_LIST 685
		# define SSL_F_TLMSP_PARSE_STOC_TLMSP 667
		# define SSL_F_TLMSP_PROCESS_ALERT 724
		# define SSL_F_TLMSP_PROCESS_CERTIFICATE 713
		# define SSL_F_TLMSP_PROCESS_CLIENT_KEY_EXCHANGE 706
		# define SSL_F_TLMSP_PROCESS_KEY_MATERIAL_CONTRIBUTION 712
		@@ -336,7 +342,8 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_RESET_CIPHER 676
		# define SSL_F_TLMSP_SETUP_ADVANCE_KEYS 677
		# define SSL_F_TLMSP_SETUP_KEY_BLOCK 678
		# define SSL_F_TLMSP_VERIFY_FORWARDING_MAC 724
		# define SSL_F_TLMSP_VERIFY_FORWARDING_CHECK_MAC 727
		# define SSL_F_TLMSP_VERIFY_FORWARDING_READER_MAC 728
		# define SSL_F_TLMSP_VERIFY_READER_MAC 723
		# define SSL_F_TLMSP_WRITE_BYTES 679
		# define SSL_F_TLMSP_WRITE_FORWARDING_MAC 680
		@@ -620,6 +627,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_DH_KEY_TOO_SMALL 394
		# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
		# define SSL_R_DIGEST_CHECK_FAILED 149
		# define SSL_R_DISCOVERY_RECONNECT 293
		# define SSL_R_DTLS_MESSAGE_TOO_BIG 334
		# define SSL_R_DUPLICATE_COMPRESSION_ID 309
		# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
		@@ -782,6 +790,17 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_SSL_SESSION_ID_TOO_LONG 408
		# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
		# define SSL_R_STILL_IN_INIT 121
		# define SSL_R_TLMSP_ALERT_AUTHENTICATION_REQUIRED 1180
		# define SSL_R_TLMSP_ALERT_BAD_READER_MAC 1177
		# define SSL_R_TLMSP_ALERT_BAD_WRITER_MAC 1178
		# define SSL_R_TLMSP_ALERT_DISCOVERY_ACK 1173
		# define SSL_R_TLMSP_ALERT_MIDDLEBOX_AUTHORIZATION_FAILURE 1171
		# define SSL_R_TLMSP_ALERT_MIDDLEBOX_KEYCONFIRMATION_FAULT 1179
		# define SSL_R_TLMSP_ALERT_MIDDLEBOX_KEY_VERIFY_FAILURE 1176
		# define SSL_R_TLMSP_ALERT_MIDDLEBOX_REQUIRED 1172
		# define SSL_R_TLMSP_ALERT_MIDDLEBOX_ROUTE_FAILURE 1170
		# define SSL_R_TLMSP_ALERT_UNKNOWN_CONTEXT 1174
		# define SSL_R_TLMSP_ALERT_UNSUPPORTED_CONTEXT 1175
		# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
		# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109
		# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049

include/openssl/tlmsp.h

+16 −6

Original line number	Diff line number	Diff line
		@@ -109,7 +109,18 @@ struct tlmsp_middlebox_configuration {
		struct tlmsp_reconnect_state_st;
		typedef struct tlmsp_reconnect_state_st TLMSP_ReconnectState;

		/* XXX Alert and error values. */
		/* Alert descriptions. */
		# define TLMSP_AD_MIDDLEBOX_ROUTE_FAILURE (170)
		# define TLMSP_AD_MIDDLEBOX_AUTHORIZATION_FAILURE (171)
		# define TLMSP_AD_MIDDLEBOX_REQUIRED (172)
		# define TLMSP_AD_DISCOVERY_ACK (173)
		# define TLMSP_AD_UNKNOWN_CONTEXT (174)
		# define TLMSP_AD_UNSUPPORTED_CONTEXT (175)
		# define TLMSP_AD_MIDDLEBOX_KEY_VERIFY_FAILURE (176)
		# define TLMSP_AD_BAD_READER_MAC (177)
		# define TLMSP_AD_BAD_WRITER_MAC (178)
		# define TLMSP_AD_MIDDLEBOX_KEYCONFIRMATION_FAULT (179)
		# define TLMSP_AD_AUTHENTICATION_REQUIRED (180)

		/* SSL_METHODs. */

		@@ -126,9 +137,6 @@ int TLMSP_set_contexts_instance(SSL , const TLMSP_Contexts );
		int TLMSP_set_initial_middleboxes(SSL_CTX , const TLMSP_Middleboxes );
		int TLMSP_set_initial_middleboxes_instance(SSL , const TLMSP_Middleboxes );

		int TLMSP_set_middleboxes_instance(SSL , const TLMSP_Middleboxes );
		TLMSP_Middleboxes TLMSP_get_middleboxes_instance(SSL );

		int TLMSP_set_audit_order(SSL_CTX *, tlmsp_audit_order_t);
		int TLMSP_set_audit_order_instance(SSL *, tlmsp_audit_order_t);

		@@ -137,7 +145,7 @@ int TLMSP_set_transparent_instance(SSL , int, const uint8_t , size_t);

		int TLMSP_get_sid(const SSL , tlmsp_sid_t );

		typedef int (TLMSP_discovery_cb_fn) (SSL s, void *);
		typedef int (TLMSP_discovery_cb_fn) (SSL s, void , TLMSP_Middleboxes );
		void TLMSP_set_discovery_cb(SSL_CTX , TLMSP_discovery_cb_fn, void );
		void TLMSP_set_discovery_cb_instance(SSL , TLMSP_discovery_cb_fn, void );

		@@ -193,6 +201,7 @@ int TLMSP_middleboxes_insert_after(TLMSP_Middleboxes , const TLMSP_Middlebox ,

		int TLMSP_get_middlebox_address(const TLMSP_Middlebox , int , uint8_t *, size_t );
		const TLMSP_ContextAccess TLMSP_middlebox_context_access(const TLMSP_Middlebox );
		int TLMSP_middlebox_dynamic(const TLMSP_Middlebox *);
		int TLMSP_middlebox_forbid(TLMSP_Middlebox *);

		/* Connection establishment. */
		@@ -214,11 +223,12 @@ int TLMSP_container_delete(SSL , TLMSP_Container );
		int TLMSP_container_verify(SSL , const TLMSP_Container );

		int TLMSP_container_create(SSL , TLMSP_Container , tlmsp_context_id_t, const void , size_t);
		int TLMSP_container_create_alert(SSL , TLMSP_Container , tlmsp_context_id_t, int, const void , size_t);
		int TLMSP_container_create_alert(SSL , TLMSP_Container *, tlmsp_context_id_t, int);
		void TLMSP_container_free(SSL , TLMSP_Container );

		tlmsp_context_id_t TLMSP_container_context(const TLMSP_Container *);
		size_t TLMSP_container_length(const TLMSP_Container *);
		int TLMSP_container_alert(const TLMSP_Container c, int );
		int TLMSP_container_deleted(const TLMSP_Container *c);
		int TLMSP_container_readable(const TLMSP_Container *c);
		int TLMSP_container_writable(const TLMSP_Container *c);