Add support for TLS v1.3

include/wintls/detail/sspi_compat.hpp

@@ -0,0 +1,71 @@
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#ifndef WINTLS_DETAIL_SSPI_COMPAT_HPP
+#define WINTLS_DETAIL_SSPI_COMPAT_HPP
+
+// for SCH_CREDENTIALS
+#ifndef SCHANNEL_USE_BLACKLISTS
+#define SCHANNEL_USE_BLACKLISTS
+#define WINTLS_SCHANNEL_USE_BLACKLISTS_DEFINED
+#endif // SCHANNEL_USE_BLACKLISTS
+
+#include <sdkddkver.h>
+#include <SubAuth.h>
+#include <schannel.h>
+
+#if (WDK_NTDDI_VERSION < NTDDI_WIN10_19H1)
+typedef enum _eTlsAlgorithmUsage
+{
+    TlsParametersCngAlgUsageKeyExchange,
+    TlsParametersCngAlgUsageSignature,
+    TlsParametersCngAlgUsageCipher,
+    TlsParametersCngAlgUsageDigest,
+    TlsParametersCngAlgUsageCertSig
+} eTlsAlgorithmUsage;
+
+typedef struct _CRYPTO_SETTINGS
+{
+    eTlsAlgorithmUsage  eAlgorithmUsage;
+    UNICODE_STRING      strCngAlgId;
+    DWORD               cChainingModes;
+    PUNICODE_STRING     rgstrChainingModes;
+    DWORD               dwMinBitLength;
+    DWORD               dwMaxBitLength;
+} CRYPTO_SETTINGS, * PCRYPTO_SETTINGS;
+
+typedef struct _TLS_PARAMETERS
+{
+    DWORD               cAlpnIds;
+    PUNICODE_STRING     rgstrAlpnIds;
+    DWORD               grbitDisabledProtocols;
+    DWORD               cDisabledCrypto;
+    PCRYPTO_SETTINGS    pDisabledCrypto;
+    DWORD               dwFlags;
+} TLS_PARAMETERS, * PTLS_PARAMETERS;
+
+typedef struct _SCH_CREDENTIALS
+{
+    DWORD               dwVersion;
+    DWORD               dwCredFormat;
+    DWORD               cCreds;
+    PCCERT_CONTEXT* paCred;
+    HCERTSTORE          hRootStore;
+
+    DWORD               cMappers;
+    struct _HMAPPER **aphMappers;
+
+    DWORD               dwSessionLifespan;
+    DWORD               dwFlags;
+    DWORD               cTlsParameters;
+    PTLS_PARAMETERS     pTlsParameters;
+} SCH_CREDENTIALS, * PSCH_CREDENTIALS;
+#endif // (NTDDI_VERSION < NTDDI_WIN10_19H1)
+
+#ifdef WINTLS_SCHANNEL_USE_BLACKLISTS_DEFINED
+#undef SCHANNEL_USE_BLACKLISTS
+#endif // WINTLS_SCHANNEL_USE_BLACKLISTS_DEFINED
+
+#endif // WINTLS_DETAIL_SSPI_COMPAT_HPP

include/wintls/detail/sspi_handshake.hpp

@@ -47,17 +47,10 @@ class sspi_handshake {
   void operator()(handshake_type type) {
     handshake_type_ = type;
 
+    TLS_PARAMETERS tls_parameters{};
+    SCH_CREDENTIALS credentials{};
     SCHANNEL_CRED creds{};
-    creds.dwVersion = SCHANNEL_CRED_VERSION;
-    creds.grbitEnabledProtocols = static_cast<DWORD>(context_.method_);
-    creds.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_DEFAULT_CREDS;
-    // If revocation checking is enables, specify SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
-    // to cause the TLS certificate status request extension (commonly known as OCSP stapling)
-    // to be sent. This flag matches the CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
-    // flag that we pass to the CertGetCertificateChain calls during our manual authentication.
-    if (check_revocation_) {
-      creds.dwFlags |= SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
-    }
+    void* cred = nullptr;
 
     auto usage = [this]() {
       switch (handshake_type_) {
@@ -69,21 +62,71 @@ class sspi_handshake {
       WINTLS_UNREACHABLE_RETURN(0);
     }();
 
+    auto server_cert = context_.server_cert();
+    bool is_tlsv13 = [this]() {
+      switch (context_.method_) {
+        case method::tlsv13:
+        case method::tlsv13_client:
+        case method::tlsv13_server:
+          return true;
+        default:
+          return false;
+      }
+      WINTLS_UNREACHABLE_RETURN(0);
+    }();
+
+    DWORD version = is_tlsv13 ? SCH_CREDENTIALS_VERSION : SCHANNEL_CRED_VERSION;
+    DWORD flags = is_tlsv13 ? SCH_USE_STRONG_CRYPTO : (SCH_CRED_MANUAL_CRED_VALIDATION | SCH_CRED_NO_DEFAULT_CREDS);
+    DWORD protocols = static_cast<DWORD>(context_.method_);
+
+    // If revocation checking is enables, specify SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
+    // to cause the TLS certificate status request extension (commonly known as OCSP stapling)
+    // to be sent. This flag matches the CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
+    // flag that we pass to the CertGetCertificateChain calls during our manual authentication.
+    if (check_revocation_) {
+      flags |= SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
+    }
+
+    DWORD num_creds = 0;
+    decltype(&server_cert) creds_list = nullptr;
+
+    if (handshake_type_ == handshake_type::server && server_cert != nullptr) {
+      num_creds = 1;
+      creds_list = &server_cert;
+    }
+
     // TODO: rename server_cert field since it is also used for client cert.
     // Note: if client cert is set, sspi will auto validate server cert with it.
     // Even though verify_server_certificate_ in context is set to false.
-    auto server_cert = context_.server_cert();
-    if (server_cert != nullptr) {
-      creds.cCreds = 1;
-      creds.paCred = &server_cert;
+    if (handshake_type_ == handshake_type::client && server_cert != nullptr) {
+      num_creds = 1;
+      creds_list = &server_cert;
+    }
+
+    if (!is_tlsv13) {
+      cred = &creds;
+      creds.dwVersion = version;
+      creds.grbitEnabledProtocols = protocols;
+      creds.dwFlags = flags;
+      creds.cCreds = num_creds;
+      creds.paCred = creds_list;
+    } else {
+      cred = &credentials;
+      credentials.dwVersion = version;
+      credentials.dwFlags = flags;
+      credentials.cTlsParameters = 1;
+      credentials.pTlsParameters = &tls_parameters;
+      credentials.pTlsParameters->grbitDisabledProtocols = ~protocols;
+      credentials.cCreds = num_creds;
+      credentials.paCred = creds_list;
     }
 
     TimeStamp expiry;
     last_error_ = detail::sspi_functions::AcquireCredentialsHandleA(nullptr,
                                                                    const_cast<SEC_CHAR*>(UNISP_NAME),
                                                                    static_cast<unsigned>(usage),
                                                                    nullptr,
-                                                                   &creds,
+                                                                   cred,
                                                                    nullptr,
                                                                    nullptr,
                                                                    cred_handle_.get(),

include/wintls/detail/sspi_types.hpp

@@ -18,7 +18,7 @@
 #define WINTLS_UNICODE_UNDEFINED
 #endif // UNICODE
 
-#include <schannel.h>
+#include <wintls/detail/sspi_compat.hpp>
 #include <security.h>
 
 #ifdef WINTLS_SECURITY_WIN32_DEFINED
@@ -29,4 +29,5 @@
 #define UNICODE
 #endif // WINTLS_UNICODE_UNDEFINED
 
+
 #endif // WINTLS_DETAIL_SSPI_TYPES_HPP

test/handshake_test.cpp

@@ -616,7 +616,29 @@ TEST_CASE("ssl/tls versions") {
                                 [&buffer, &server_stream, &version](const error_code&, std::size_t length) {
                                   tls_record rec(net::buffer(buffer, length));
                                   REQUIRE(rec.type == tls_record::record_type::handshake);
-                                  CHECK(rec.version == version);
+                                  if (version != tls_version::tls_1_3) {
+                                    CHECK(rec.version == version);
+                                  } else {
+                                    bool support_tls_v1_3 = false;
+
+                                    if (rec.type == tls_record::record_type::handshake) {
+                                      tls_handshake& handshake = variant::get<tls_handshake>(rec.message);
+                                      auto& extension = variant::get<tls_handshake::client_hello>(handshake.message).extension;
+
+                                      auto it = std::find_if(extension.begin(), extension.end(), [](const tls_extension& s) {
+                                        return s.type == tls_extension::extension_type::supported_versions;
+                                      });
+
+                                      if (it != extension.end()) {
+                                        auto& versions = variant::get<tls_extension::supported_versions>(it->message).version;
+                                        support_tls_v1_3 = std::any_of(versions.begin(), versions.end(), [](const auto& s) {
+                                          return s == tls_version::tls_1_3;
+                                        });
+                                      }
+                                    }
+
+                                    REQUIRE(support_tls_v1_3);
+                                  }
                                   server_stream.close();
                                 });
 

test/tls_record.cpp

@@ -29,6 +29,13 @@ SizeType read_value(net::const_buffer& buffer) {
   return net_to_host(ret);
 }
 
+net::const_buffer read_buffer(net::const_buffer& buffer, std::size_t length) {
+  assert(buffer.size() >= length);
+  net::const_buffer ret(reinterpret_cast<const char*>(buffer.data()), length);
+  buffer += length;
+  return ret;
+}
+
 std::uint32_t read_three_byte_value(net::const_buffer& buffer) {
   assert(buffer.size() >= 3);
   std::array<char, 4> value{};
@@ -51,12 +58,12 @@ tls_record::message_type read_message(tls_record::record_type type, net::const_b
   WINTLS_UNREACHABLE_RETURN(0);
 }
 
-tls_handshake::message_type read_message(tls_handshake::handshake_type t, net::const_buffer&) {
+tls_handshake::message_type read_message(tls_handshake::handshake_type t, net::const_buffer& buffer) {
   switch(t) {
     case tls_handshake::handshake_type::hello_request:
       return tls_handshake::hello_request{};
     case tls_handshake::handshake_type::client_hello:
-      return tls_handshake::client_hello{};
+      return tls_handshake::client_hello{buffer};
     case tls_handshake::handshake_type::server_hello:
       return tls_handshake::server_hello{};
     case tls_handshake::handshake_type::certificate:
@@ -77,8 +84,57 @@ tls_handshake::message_type read_message(tls_handshake::handshake_type t, net::c
   WINTLS_UNREACHABLE_RETURN(0);
 }
 
+tls_extension::message_type read_message(tls_extension::extension_type t,
+                                         net::const_buffer& buffer,
+                                         std::uint16_t size) {
+  switch (t) {
+    case tls_extension::extension_type::supported_versions:
+      return tls_extension::supported_versions{buffer};
+    case tls_extension::extension_type::server_name:
+    case tls_extension::extension_type::max_fragment_length:
+    case tls_extension::extension_type::status_request:
+    case tls_extension::extension_type::supported_group:
+    case tls_extension::extension_type::signature_algorithms:
+    case tls_extension::extension_type::use_srtp:
+    case tls_extension::extension_type::heartbeat:
+    case tls_extension::extension_type::application_layer_protocol_negotiation:
+    case tls_extension::extension_type::signed_certificate_timestamp:
+    case tls_extension::extension_type::client_certificate_type:
+    case tls_extension::extension_type::server_certificate_type:
+    case tls_extension::extension_type::padding:
+    case tls_extension::extension_type::pre_shared_key:
+    case tls_extension::extension_type::early_data:
+    case tls_extension::extension_type::cookie:
+    case tls_extension::extension_type::psk_key_exchange_modes:
+    case tls_extension::extension_type::certificate_authorities:
+    case tls_extension::extension_type::oid_filters:
+    case tls_extension::extension_type::post_handshake_auth:
+    case tls_extension::extension_type::signature_algorithms_cert:
+    case tls_extension::extension_type::key_share:
+    default:
+      return tls_extension::common{buffer, size};
+  }
+  WINTLS_UNREACHABLE_RETURN(0);
+}
+
 } // namespace
 
+tls_handshake::client_hello::client_hello(net::const_buffer& data) {
+  version = static_cast<tls_version>(read_value<std::uint16_t>(data));
+  random = read_buffer(data, 32);
+  session_id_length = read_value<std::uint8_t>(data);
+  session_id = read_buffer(data, session_id_length);
+  cipher_suites_length = read_value<std::uint16_t>(data);
+  cipher_suites = read_buffer(data, cipher_suites_length);
+  compression_methods_length = read_value<std::uint8_t>(data);
+  compression_methods = read_buffer(data, compression_methods_length);
+  extensions_length = read_value<std::uint16_t>(data);
+
+  while (data.size()) {
+    extension.emplace_back(data);
+  }
+}
+
 tls_handshake::tls_handshake(net::const_buffer data)
   : type(static_cast<handshake_type>(read_value<std::uint8_t>(data)))
   , size(read_three_byte_value(data))
@@ -91,3 +147,23 @@ tls_record::tls_record(net::const_buffer data)
   , size(read_value<std::uint16_t>(data))
   , message(read_message(type, data)) {
 }
+
+tls_extension::tls_extension(net::const_buffer& data)
+  : type(static_cast<extension_type>(read_value<std::uint16_t>(data)))
+  , size(read_value<std::uint16_t>(data))
+  , message(read_message(type, data, size)) {
+}
+
+tls_extension::common::common(net::const_buffer& data, std::uint16_t size)
+  : message(read_buffer(data, size)) {
+}
+
+tls_extension::supported_versions::supported_versions(net::const_buffer& data) {
+  auto version_length = read_value<std::uint8_t>(data);
+
+  version_length /= 2; // 2byte per version field
+
+  for (int i = 0; i < version_length; i++) {
+    version.emplace_back(static_cast<tls_version>(read_value<std::uint16_t>(data)));
+  }
+}