- Notifications
You must be signed in to change notification settings - Fork862
Description
Contact Details
No response
Version
wolfssl-5.7.6
Description
Summary
I found that wolfssl 5.7.6 server didn't check if the messages are encrypted with correct traffic secret.
Examples
Example 1: send Certificate, CertificateVerify, and Finished messages with epoch=3
Client should send Finished with epoch=2, which is using handshake_traffic_secret.
However, I deliberately send Finished with epoch=3 and encrypted with application_traffic_secret, we can still complete the handshake.
Example 2: [PSK] send Finished messages with epoch=3
the same problem as Example 1, but also exists when we using PSK instead of certificate authentication.
Example 3: send Application message with epoch=2
After we complete the handshake, we should use epoch=3 and encrypt our Application data with application_traffic_secret.
However, I intentionally use epoch=2 and encrypt Application data with handshake_traffic_secret, server still accept our Application data.
Reference
According to DTLS 1.3 RFCrfc9147 2. Conventions and Terminology
'{}'
indicates messages protected using keys derived from a [sender]_handshake_traffic_secret.
'[]'
indicates messages protected using keys derived from traffic_secret_N.
andrfc9147 6.1. Epoch Values and Rekeying Figure 13:
Client Server------ ------ Record 0 ClientHello (epoch=0) --------> Record 0 <-------- HelloRetryRequest (epoch=0) Record 1 ClientHello --------> (epoch=0) Record 1 <-------- ServerHello (epoch=0) {EncryptedExtensions} (epoch=2) {Certificate} (epoch=2) {CertificateVerify} (epoch=2) {Finished} (epoch=2) Record 2 {Certificate} --------> (epoch=2) {CertificateVerify} (epoch=2) {Finished} (epoch=2) Record 2 <-------- [ACK] (epoch=3) Record 3 [Application Data] --------> (epoch=3) Record 3 <-------- [Application Data] (epoch=3)Other Information
Environment
OS: Ubuntu 24.04
How I build wolfSSL:
bash autogen.shAM_CFLAGS='-DHAVE_AES_CBC -DWOLFSSL_AES_128 -DWOLFSSL_DEBUG_TLS' ./configure --enable-dtls --enable-dtls13 --enable-keylog-export --enable-psk --enable-rsa --enable-sha --enable-debug C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSKHow I launch wolfSSL server:
# PSK authentication/dtls-fuzzer/suts/wolfssl-5.7.6/examples/server/server -i -x -p 17830 -s -u -v 4 -l TLS13-AES128-GCM-SHA256# Certificate authentication with Client certificate required/dtls-fuzzer/suts/wolfssl-5.7.6/examples/server/server -i -x -p 17680 -u -v 4 -l TLS13-AES128-GCM-SHA256 -c /dtls-fuzzer/experiments/keystore/rsa2048_cert.pem -k /dtls-fuzzer/experiments/keystore/rsa2048_key.pem -A /dtls-fuzzer/experiments/keystore/rsa2048_cert.pem
Reproduction steps
If you don't want to do reproduction, then you can downloadreproduction.zip, I collected network traffic captures, sslkeylog files, wolfssl server debug logs, and Docker files inside it.
reproduction.zip
In order to make the reproduction easy to run, I createddocker images, so you can generate results with only one command.
If you are using Linux, you need to installDocker first.
If you are using Windows, you need to installDocker Desktop first.
After you run the command, you can see a new foldermyTmpFolder, inside the folder there will be three files:
- dtls_capture: network traffic captured by tcpdump, and you can check it with Wireshark
- running_output: Java program logs and wolfssl server debug logs
- sslkeylog.log: generated by wolfssl, you can use it to decrypt network traffic within Wireshark
Command to run reproduction
For example 1: send Certificate, CertificateVerify, and Finished messages with epoch=3
Linux:docker run --rm -v $(pwd)/myTmpFolder:/output west2077/wolfssl-bug-reproduction:finished-with-epoch3
Windows with powershell:docker run --rm -v ${PWD}/myTmpFolder:/output west2077/wolfssl-bug-reproduction:finished-with-epoch3
For example 2: [PSK] send Finished messages with epoch=3
Linux:docker run --rm -v $(pwd)/myTmpFolder:/output west2077/wolfssl-bug-reproduction:finished-with-epoch3-psk
Windows with powershell:docker run -it --rm -v ${PWD}/myTmpFolder:/output west2077/wolfssl-bug-reproduction:finished-with-epoch3-psk
For example 3: send Application message with epoch=2
Linux:docker run --rm -v $(pwd)/myTmpFolder:/output west2077/wolfssl-bug-reproduction:application-with-epoch2
Windows with powershell:docker run --rm -v ${PWD}/myTmpFolder:/output west2077/wolfssl-bug-reproduction:application-with-epoch2
Dockerfile and How I build the docker image
I choose Docker for easy to run, portability, and stable reproduction, and you can also build the docker image from scratch.
The only file you need is DockerfileDockerfile_finished_with_epoch3,Dockerfile_finished_with_epoch3_psk, orDockerfile_application_with_epoch2.
After you download the Dockerfile, you can build the image with command:
For example 1: send Certificate, CertificateVerify, and Finished messages with epoch=3
docker build -t wolfssl-bug-reproduction:finished-with-epoch3 -f Dockerfile_finished_with_epoch3 .
For example 2: [PSK] send Finished messages with epoch=3
docker build -t wolfssl-bug-reproduction:finished-with-epoch3-psk -f Dockerfile_finished_with_epoch3_psk .
For example 3: send Application message with epoch=2
docker build -t wolfssl-bug-reproduction:application-with-epoch2 -f Dockerfile_application_with_epoch2 .