fixes #3140 (RFC 9266: Channel Bindings for TLS 1.3 support)

6 files changed, 28 insertions, 13 deletions

diff --git a/include/m_netlib.h b/include/m_netlib.h
index 867cdd974f..b36badd926 100644
--- a/include/m_netlib.h
+++ b/include/m_netlib.h
@@ -777,7 +777,7 @@ EXTERN_C MIR_APP_DLL(void) Netlib_SslShutdown(HSSL ssl);
 EXTERN_C MIR_APP_DLL(void) Netlib_SslFree(HSSL ssl);
 
 // gets TLS channel binging data for a socket
-EXTERN_C MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen);
+EXTERN_C MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen, int &tlsVer);
 
 /////////////////////////////////////////////////////////////////////////////////////////
 // WebSocket support
diff --git a/libs/win32/mir_app.lib b/libs/win32/mir_app.lib
index 4c7a0b32ee..6d2db7c7aa 100644
--- a/libs/win32/mir_app.lib
+++ b/libs/win32/mir_app.lib
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index bbd8a7820a..e3a6dbdc34 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -211,14 +211,14 @@ TScramAuth::TScramAuth(ThreadData *info, const char *pszMech, const EVP_MD *pMet
 	priority = iPriority;

 

 	if ((iPriority % 10) == 1) {

-		bindFlag = "p=tls-unique,,";

-

-		int cbLen;

-		void *pData = Netlib_GetTlsUnique(info->s, cbLen);

+		int cbLen, tlsVer;

+		void *pData = Netlib_GetTlsUnique(info->s, cbLen, tlsVer);

 		if (pData == nullptr)

 			bIsValid = false;

-		else

+		else {

+			bindFlag = (tlsVer == 13) ? "p=tls-exporter,," : "p=tls-unique,,";

 			bindData.append(pData, cbLen);

+		}

 	}

 	else bindFlag = "n,,";

 }

diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp
index ce3c613013..6f2fb75278 100644
--- a/protocols/JabberG/src/jabber_thread.cpp
+++ b/protocols/JabberG/src/jabber_thread.cpp
@@ -653,23 +653,23 @@ void CJabberProto::OnProcessFeatures(const TiXmlElement *node, ThreadData *info)
 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1"))

 						pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 500);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1-PLUS"))

-						pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 600);

+						pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 601);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224"))

 						pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 510);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224-PLUS"))

-						pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 610);

+						pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 611);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256"))

 						pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 520);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256-PLUS"))

-						pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 620);

+						pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 621);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384"))

 						pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 530);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384-PLUS"))

-						pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 630);

+						pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 631);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512"))

 						pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 540);

 					else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512-PLUS"))

-						pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 640);

+						pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 641);

 					else if (!mir_strcmp(szMechanism, "NTLM") || !mir_strcmp(szMechanism, "GSS-SPNEGO") || !mir_strcmp(szMechanism, "GSSAPI"))

 						pAuth = new TNtlmAuth(info, szMechanism);

 					else {

diff --git a/src/mir_app/src/mir_app.def b/src/mir_app/src/mir_app.def
index 34764c676a..f49cd58964 100644
--- a/src/mir_app/src/mir_app.def
+++ b/src/mir_app/src/mir_app.def
@@ -735,7 +735,7 @@ Chat_CreateMenu @824 NONAME
 ?OnEventEdited@PROTO_INTERFACE@@UAEXII@Z @828 NONAME

 ?GetChecker@MDatabaseCommon@@UAGPAUMIDatabaseChecker@@XZ @829 NONAME

 ?GetMenuItem@PROTO_INTERFACE@@QAEPAUTMO_IntMenuItem@@W4ProtoMenuItemType@@@Z @830 NONAME

-_Netlib_GetTlsUnique@8 @831 NONAME

+_Netlib_GetTlsUnique@12 @831 NONAME

 ?IsDirect@PU@@YG_NXZ @832 NONAME

 ?IsProcessElevated@PU@@YG_NXZ @833 NONAME

 ?PrepareEscalation@PU@@YG_NXZ @834 NONAME

diff --git a/src/mir_app/src/netlib_ssl.cpp b/src/mir_app/src/netlib_ssl.cpp
index 3874d978f4..3bf4c2afa3 100644
--- a/src/mir_app/src/netlib_ssl.cpp
+++ b/src/mir_app/src/netlib_ssl.cpp
@@ -380,16 +380,31 @@ MIR_APP_DLL(int) Netlib_StartSsl(HNETLIBCONN hConnection, const char *szHost)
 /////////////////////////////////////////////////////////////////////////////////////////
 // gets TLS channel binging data for a socket
 
-MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen)
+static char TLS13_Label[] = "EXPORTER-Channel-Binding";
+
+MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen, int &tlsVer)
 {
 	if (nlc == nullptr || nlc->hSsl == nullptr)
 		return nullptr;
 
 	char buf[1000];
+	auto *pszVersion = SSL_get_version(nlc->hSsl->session);
+	if (!mir_strcmp(pszVersion, "TLSv1.3")) {
+		int res = SSL_export_keying_material(nlc->hSsl->session,
+			(uint8_t *)buf, 32, TLS13_Label, sizeof(TLS13_Label) - 1, 0, 0, 0);
+		if (res == 1) {
+			tlsVer = 13;
+			void *pBuf = mir_alloc(cbLen = 32);
+			memcpy(pBuf, buf, cbLen);
+			return pBuf;
+		}
+	}
+
 	size_t len = SSL_get_finished(nlc->hSsl->session, buf, sizeof(buf));
 	if (len == 0)
 		return nullptr;
 
+	tlsVer = 12;
 	cbLen = (int)len;
 	void *pBuf = mir_alloc(len);
 	memcpy(pBuf, buf, len);