ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-24 22:29:04 +08:00
Code Issues Releases Wiki Activity

Merge pull request #7858 from mprse/ffdh_tls13_v2_f

Browse Source 
Make use of FFDH keys in TLS 1.3 - follow-up
This commit is contained in:
Manuel Pégourié-Gonnard 2023-07-07 16:19:35 +02:00 committed by GitHub
commit 461d59b2f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 1151 additions and 1122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_client.c
View File

@ -272,7 +272,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
} }
#endif #endif
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) { if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
propose_group = 1; propose_group = 1;
} }
#endif #endif

36
library/ssl_misc.h
View File

@ -755,18 +755,26 @@ struct mbedtls_ssl_handshake_params {
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH)
#if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH)
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH
#else
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#endif
#elif defined(PSA_WANT_ALG_ECDH)
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
#else
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH
#endif
#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ #if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
psa_key_type_t ecdh_psa_type; psa_key_type_t xxdh_psa_type;
size_t ecdh_bits; size_t xxdh_bits;
mbedtls_svc_key_id_t ecdh_psa_privkey; mbedtls_svc_key_id_t xxdh_psa_privkey;
uint8_t ecdh_psa_privkey_is_external; uint8_t xxdh_psa_privkey_is_external;
#if defined(PSA_WANT_ALG_FFDH) unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE];
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH]; size_t xxdh_psa_peerkey_len;
#else
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
#endif
size_t ecdh_psa_peerkey_len;
#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && #endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
@ -2117,7 +2125,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
uint16_t named_group, uint16_t named_group,
unsigned char *buf, unsigned char *buf,
@ -2215,7 +2223,7 @@ static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group)
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448; named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448;
} }
static inline int mbedtls_ssl_tls13_named_group_is_dhe(uint16_t named_group) static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group)
{ {
return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
@ -2250,7 +2258,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
} }
#endif #endif
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(named_group)) { if (mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
return 1; return 1;
} }
#endif #endif
@ -2652,7 +2660,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len); size_t buf_len);

4
library/ssl_tls.c
View File

@ -4218,8 +4218,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ #if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
if (handshake->ecdh_psa_privkey_is_external == 0) { if (handshake->xxdh_psa_privkey_is_external == 0) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
} }
#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && #endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */

73
library/ssl_tls12_client.c
View File

@ -1761,8 +1761,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
&ec_bits) == PSA_ERROR_NOT_SUPPORTED) { &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }
handshake->ecdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
handshake->ecdh_bits = ec_bits; handshake->xxdh_bits = ec_bits;
/* Keep a copy of the peer's public key */ /* Keep a copy of the peer's public key */
ecpoint_len = *(*p)++; ecpoint_len = *(*p)++;
@ -1770,14 +1770,21 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_DECODE_ERROR; return MBEDTLS_ERR_SSL_DECODE_ERROR;
} }
/* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
the sizes of the FFDH keys which are at least 2048 bits.
The size of the array is thus greater than 256 bytes which is greater than any
possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/
#if !defined(PSA_WANT_ALG_FFDH) #if !defined(PSA_WANT_ALG_FFDH)
if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }
#else
MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
"peer key buffer too small");
#endif #endif
memcpy(handshake->ecdh_psa_peerkey, *p, ecpoint_len); memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
handshake->ecdh_psa_peerkey_len = ecpoint_len; handshake->xxdh_psa_peerkey_len = ecpoint_len;
*p += ecpoint_len; *p += ecpoint_len;
return 0; return 0;
@ -2038,27 +2045,27 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
/* If the above conversion to TLS ID was fine, then also this one will be, /* If the above conversion to TLS ID was fine, then also this one will be,
so there is no need to check the return value here */ so there is no need to check the return value here */
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
&ssl->handshake->ecdh_bits); &ssl->handshake->xxdh_bits);
ssl->handshake->ecdh_psa_type = key_type; ssl->handshake->xxdh_psa_type = key_type;
/* Store peer's public key in psa format. */ /* Store peer's public key in psa format. */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len; ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;
ret = 0; ret = 0;
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
size_t olen = 0; size_t olen = 0;
ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
ssl->handshake->ecdh_psa_peerkey, ssl->handshake->xxdh_psa_peerkey,
MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH); MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
return ret; return ret;
} }
ssl->handshake->ecdh_psa_peerkey_len = olen; ssl->handshake->xxdh_psa_peerkey_len = olen;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#else /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_USE_PSA_CRYPTO */
if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
@ -2788,12 +2795,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->ecdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
&handshake->ecdh_psa_privkey); &handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
} }
@ -2806,12 +2813,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
size_t own_pubkey_max_len = (size_t) (end - own_pubkey); size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
size_t own_pubkey_len; size_t own_pubkey_len;
status = psa_export_public_key(handshake->ecdh_psa_privkey, status = psa_export_public_key(handshake->xxdh_psa_privkey,
own_pubkey, own_pubkey_max_len, own_pubkey, own_pubkey_max_len,
&own_pubkey_len); &own_pubkey_len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
} }
@ -2822,15 +2829,15 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
/* Compute ECDH shared secret. */ /* Compute ECDH shared secret. */
status = psa_raw_key_agreement(PSA_ALG_ECDH, status = psa_raw_key_agreement(PSA_ALG_ECDH,
handshake->ecdh_psa_privkey, handshake->xxdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->xxdh_psa_peerkey,
handshake->ecdh_psa_peerkey_len, handshake->xxdh_psa_peerkey_len,
ssl->handshake->premaster, ssl->handshake->premaster,
sizeof(ssl->handshake->premaster), sizeof(ssl->handshake->premaster),
&ssl->handshake->pmslen); &ssl->handshake->pmslen);
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
@ -2960,12 +2967,12 @@ ecdh_calc_secret:
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->ecdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
&handshake->ecdh_psa_privkey); &handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);
} }
@ -2978,12 +2985,12 @@ ecdh_calc_secret:
size_t own_pubkey_max_len = (size_t) (end - own_pubkey); size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
size_t own_pubkey_len = 0; size_t own_pubkey_len = 0;
status = psa_export_public_key(handshake->ecdh_psa_privkey, status = psa_export_public_key(handshake->xxdh_psa_privkey,
own_pubkey, own_pubkey_max_len, own_pubkey, own_pubkey_max_len,
&own_pubkey_len); &own_pubkey_len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);
} }
@ -3005,15 +3012,15 @@ ecdh_calc_secret:
/* Perform ECDH computation after the uint16 reserved for the length */ /* Perform ECDH computation after the uint16 reserved for the length */
status = psa_raw_key_agreement(PSA_ALG_ECDH, status = psa_raw_key_agreement(PSA_ALG_ECDH,
handshake->ecdh_psa_privkey, handshake->xxdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->xxdh_psa_peerkey,
handshake->ecdh_psa_peerkey_len, handshake->xxdh_psa_peerkey_len,
pms + zlen_size, pms + zlen_size,
pms_end - (pms + zlen_size), pms_end - (pms + zlen_size),
&zlen); &zlen);
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);

100
library/ssl_tls12_server.c
View File

@ -2628,19 +2628,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
} }
ssl->handshake->ecdh_psa_privkey = pk->priv_id; ssl->handshake->xxdh_psa_privkey = pk->priv_id;
/* Key should not be destroyed in the TLS library */
ssl->handshake->ecdh_psa_privkey_is_external = 1;
status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey, /* Key should not be destroyed in the TLS library */
ssl->handshake->xxdh_psa_privkey_is_external = 1;
status = psa_get_key_attributes(ssl->handshake->xxdh_psa_privkey,
&key_attributes); &key_attributes);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);
} }
ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
ssl->handshake->ecdh_bits = psa_get_key_bits(&key_attributes); ssl->handshake->xxdh_bits = psa_get_key_bits(&key_attributes);
psa_reset_key_attributes(&key_attributes); psa_reset_key_attributes(&key_attributes);
@ -2664,16 +2665,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
/* If the above conversion to TLS ID was fine, then also this one will /* If the above conversion to TLS ID was fine, then also this one will
be, so there is no need to check the return value here */ be, so there is no need to check the return value here */
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
&ssl->handshake->ecdh_bits); &ssl->handshake->xxdh_bits);
ssl->handshake->ecdh_psa_type = key_type; ssl->handshake->xxdh_psa_type = key_type;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, psa_set_key_type(&key_attributes,
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_bits);
key_len = PSA_BITS_TO_BYTES(key->grp.pbits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len); ret = mbedtls_ecp_write_key(key, buf, key_len);
@ -2683,7 +2684,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
} }
status = psa_import_key(&key_attributes, buf, key_len, status = psa_import_key(&key_attributes, buf, key_len,
&ssl->handshake->ecdh_psa_privkey); &ssl->handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
mbedtls_platform_zeroize(buf, sizeof(buf)); mbedtls_platform_zeroize(buf, sizeof(buf));
@ -2980,14 +2981,14 @@ curve_matching_done:
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse.")); MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse."));
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
} }
handshake->ecdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
handshake->ecdh_bits = ec_bits; handshake->xxdh_bits = ec_bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->ecdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
/* /*
* ECParameters curve_params * ECParameters curve_params
@ -3004,7 +3005,7 @@ curve_matching_done:
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
&handshake->ecdh_psa_privkey); &handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
@ -3026,14 +3027,14 @@ curve_matching_done:
size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN
- (own_pubkey - ssl->out_msg)); - (own_pubkey - ssl->out_msg));
status = psa_export_public_key(handshake->ecdh_psa_privkey, status = psa_export_public_key(handshake->xxdh_psa_privkey,
own_pubkey, own_pubkey_max_len, own_pubkey, own_pubkey_max_len,
&len); &len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
(void) psa_destroy_key(handshake->ecdh_psa_privkey); (void) psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return ret; return ret;
} }
@ -3728,27 +3729,27 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
} }
/* Store peer's ECDH public key. */ /* Store peer's ECDH public key. */
memcpy(handshake->ecdh_psa_peerkey, p, data_len); memcpy(handshake->xxdh_psa_peerkey, p, data_len);
handshake->ecdh_psa_peerkey_len = data_len; handshake->xxdh_psa_peerkey_len = data_len;
/* Compute ECDH shared secret. */ /* Compute ECDH shared secret. */
status = psa_raw_key_agreement( status = psa_raw_key_agreement(
PSA_ALG_ECDH, handshake->ecdh_psa_privkey, PSA_ALG_ECDH, handshake->xxdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
handshake->premaster, sizeof(handshake->premaster), handshake->premaster, sizeof(handshake->premaster),
&handshake->pmslen); &handshake->pmslen);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
if (handshake->ecdh_psa_privkey_is_external == 0) { if (handshake->xxdh_psa_privkey_is_external == 0) {
(void) psa_destroy_key(handshake->ecdh_psa_privkey); (void) psa_destroy_key(handshake->xxdh_psa_privkey);
} }
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return ret; return ret;
} }
if (handshake->ecdh_psa_privkey_is_external == 0) { if (handshake->xxdh_psa_privkey_is_external == 0) {
status = psa_destroy_key(handshake->ecdh_psa_privkey); status = psa_destroy_key(handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
@ -3756,7 +3757,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
return ret; return ret;
} }
} }
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#else #else
if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
p, end - p)) != 0) { p, end - p)) != 0) {
@ -3889,35 +3890,42 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return ret; return ret;
} }
/* Keep a copy of the peer's public key */ /* Keep a copy of the peer's public key */
if (p >= end) { if (p >= end) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return MBEDTLS_ERR_SSL_DECODE_ERROR; return MBEDTLS_ERR_SSL_DECODE_ERROR;
} }
ecpoint_len = *(p++); ecpoint_len = *(p++);
if ((size_t) (end - p) < ecpoint_len) { if ((size_t) (end - p) < ecpoint_len) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return MBEDTLS_ERR_SSL_DECODE_ERROR; return MBEDTLS_ERR_SSL_DECODE_ERROR;
} }
/* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
the sizes of the FFDH keys which are at least 2048 bits.
The size of the array is thus greater than 256 bytes which is greater than any
possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/
#if !defined(PSA_WANT_ALG_FFDH) #if !defined(PSA_WANT_ALG_FFDH)
if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }
#else
MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
"peer key buffer too small");
#endif #endif
memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len); memcpy(handshake->xxdh_psa_peerkey, p, ecpoint_len);
handshake->ecdh_psa_peerkey_len = ecpoint_len; handshake->xxdh_psa_peerkey_len = ecpoint_len;
p += ecpoint_len; p += ecpoint_len;
/* As RFC 5489 section 2, the premaster secret is formed as follows: /* As RFC 5489 section 2, the premaster secret is formed as follows:
@ -3935,15 +3943,15 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
/* Compute ECDH shared secret. */ /* Compute ECDH shared secret. */
status = psa_raw_key_agreement(PSA_ALG_ECDH, status = psa_raw_key_agreement(PSA_ALG_ECDH,
handshake->ecdh_psa_privkey, handshake->xxdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->xxdh_psa_peerkey,
handshake->ecdh_psa_peerkey_len, handshake->xxdh_psa_peerkey_len,
psm + zlen_size, psm + zlen_size,
psm_end - (psm + zlen_size), psm_end - (psm + zlen_size),
&zlen); &zlen);
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);

20
library/ssl_tls13_client.c
View File

@ -196,19 +196,19 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) ||
mbedtls_ssl_tls13_named_group_is_dhe(group_id)) { mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Destroy generated private key. */ /* Destroy generated private key. */
status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey); status = psa_destroy_key(ssl->handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
return ret; return ret;
} }
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return 0; return 0;
} else } else
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
@ -247,7 +247,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
} }
#endif #endif
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) { if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
*group_id = *group_list; *group_id = *group_list;
return 0; return 0;
} }
@ -301,7 +301,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
/* HRR could already have requested something else. */ /* HRR could already have requested something else. */
group_id = ssl->handshake->offered_group_id; group_id = ssl->handshake->offered_group_id;
if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) && if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) &&
!mbedtls_ssl_tls13_named_group_is_dhe(group_id)) { !mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl, MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl,
&group_id)); &group_id));
} }
@ -317,7 +317,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
client_shares = p; client_shares = p;
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) ||
mbedtls_ssl_tls13_named_group_is_dhe(group_id)) { mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
/* Pointer to group */ /* Pointer to group */
unsigned char *group = p; unsigned char *group = p;
/* Length of key_exchange */ /* Length of key_exchange */
@ -329,7 +329,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
*/ */
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
p += 4; p += 4;
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
ssl, group_id, p, end, &key_exchange_len); ssl, group_id, p, end, &key_exchange_len);
p += key_exchange_len; p += key_exchange_len;
if (ret != 0) { if (ret != 0) {
@ -429,7 +429,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
} }
#endif /* PSA_WANT_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) { if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
found = 1; found = 1;
break; break;
} }
@ -505,10 +505,10 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
mbedtls_ssl_tls13_named_group_is_dhe(group)) { mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
MBEDTLS_SSL_DEBUG_MSG(2, MBEDTLS_SSL_DEBUG_MSG(2,
("DHE group name: %s", mbedtls_ssl_named_group_to_str(group))); ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group)));
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p); ret = mbedtls_ssl_tls13_read_public_xxdhe_share(ssl, p, end - p);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }

20
library/ssl_tls13_generic.c
View File

@ -1499,7 +1499,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len) size_t buf_len)
{ {
@ -1516,8 +1516,8 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len);
/* Store peer's ECDH public key. */ /* Store peer's ECDH public key. */
memcpy(handshake->ecdh_psa_peerkey, p, peerkey_len); memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len);
handshake->ecdh_psa_peerkey_len = peerkey_len; handshake->xxdh_psa_peerkey_len = peerkey_len;
return 0; return 0;
} }
@ -1551,7 +1551,7 @@ static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
} }
} }
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
uint16_t named_group, uint16_t named_group,
unsigned char *buf, unsigned char *buf,
@ -1592,18 +1592,18 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
} }
handshake->ecdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
ssl->handshake->ecdh_bits = bits; ssl->handshake->xxdh_bits = bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, alg); psa_set_key_algorithm(&key_attributes, alg);
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->ecdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
/* Generate ECDH/FFDH private key. */ /* Generate ECDH/FFDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
&handshake->ecdh_psa_privkey); &handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
@ -1612,7 +1612,7 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
} }
/* Export the public part of the ECDH/FFDH private key from PSA. */ /* Export the public part of the ECDH/FFDH private key from PSA. */
status = psa_export_public_key(handshake->ecdh_psa_privkey, status = psa_export_public_key(handshake->xxdh_psa_privkey,
buf, buf_size, buf, buf_size,
&own_pubkey_len); &own_pubkey_len);

12
library/ssl_tls13_keys.c
View File

@ -1492,7 +1492,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
*/ */
if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) { mbedtls_ssl_tls13_named_group_is_ffdh(handshake->offered_group_id)) {
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
psa_algorithm_t alg = psa_algorithm_t alg =
mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ? mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ?
@ -1502,7 +1502,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
status = psa_get_key_attributes(handshake->ecdh_psa_privkey, status = psa_get_key_attributes(handshake->xxdh_psa_privkey,
&key_attributes); &key_attributes);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
@ -1516,8 +1516,8 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
} }
status = psa_raw_key_agreement( status = psa_raw_key_agreement(
alg, handshake->ecdh_psa_privkey, alg, handshake->xxdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
shared_secret, shared_secret_len, &shared_secret_len); shared_secret, shared_secret_len, &shared_secret_len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
@ -1525,14 +1525,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
goto cleanup; goto cleanup;
} }
status = psa_destroy_key(handshake->ecdh_psa_privkey); status = psa_destroy_key(handshake->xxdh_psa_privkey);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status); ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
goto cleanup; goto cleanup;
} }
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
} else { } else {
MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported."));

10
library/ssl_tls13_server.c
View File

@ -914,11 +914,11 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
* ECDHE and FFDHE groups are supported * ECDHE and FFDHE groups are supported
*/ */
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
mbedtls_ssl_tls13_named_group_is_dhe(group)) { mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)", MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)",
mbedtls_ssl_named_group_to_str(group), mbedtls_ssl_named_group_to_str(group),
group)); group));
ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ret = mbedtls_ssl_tls13_read_public_xxdhe_share(
ssl, key_exchange - 2, key_exchange_len + 2); ssl, key_exchange - 2, key_exchange_len + 2);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
@ -1915,12 +1915,12 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) ||
mbedtls_ssl_tls13_named_group_is_dhe(named_group)) { mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
ssl, named_group, buf, end, out_len); ssl, named_group, buf, end, out_len);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET( MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_tls13_generate_and_write_dh_key_exchange", 1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange",
ret); ret);
return ret; return ret;
} }

33
programs/ssl/ssl_client2.c
View File

@ -95,7 +95,7 @@ int main(void)
#define DFL_RECONNECT_HARD 0 #define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
#define DFL_CURVES NULL #define DFL_GROUPS NULL
#define DFL_SIG_ALGS NULL #define DFL_SIG_ALGS NULL
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_HS_TO_MIN 0 #define DFL_HS_TO_MIN 0
@ -264,14 +264,17 @@ int main(void)
#if defined(MBEDTLS_ECP_LIGHT) || \ #if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)) defined(PSA_WANT_ALG_FFDH))
#define USAGE_CURVES \ #define USAGE_GROUPS \
" curves=a,b,c,d default: \"default\" (library default)\n" \ " groups=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \ " example: \"secp521r1,brainpoolP512r1\"\n" \
" - use \"none\" for empty list\n" \ " - use \"none\" for empty list\n" \
" - see mbedtls_ecp_curve_list()\n" \ " - see mbedtls_ecp_curve_list()\n" \
" for acceptable curve names\n" " for acceptable EC group names\n" \
" - the following ffdh groups are supported:\n" \
" ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
" ffdhe8192\n"
#else #else
#define USAGE_CURVES "" #define USAGE_GROUPS ""
#endif #endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@ -439,7 +442,7 @@ int main(void)
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_REPRODUCIBLE \ USAGE_REPRODUCIBLE \
USAGE_CURVES \ USAGE_GROUPS \
USAGE_SIG_ALGS \ USAGE_SIG_ALGS \
USAGE_EARLY_DATA \ USAGE_EARLY_DATA \
USAGE_DHMLEN \ USAGE_DHMLEN \
@ -524,7 +527,7 @@ struct options {
int reco_mode; /* how to keep the session around */ int reco_mode; /* how to keep the session around */
int reconnect_hard; /* unexpectedly reconnect from the same port */ int reconnect_hard; /* unexpectedly reconnect from the same port */
int tickets; /* enable / disable session tickets */ int tickets; /* enable / disable session tickets */
const char *curves; /* list of supported elliptic curves */ const char *groups; /* list of supported groups */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */
const char *alpn_string; /* ALPN supported protocols */ const char *alpn_string; /* ALPN supported protocols */
int transport; /* TLS or DTLS? */ int transport; /* TLS or DTLS? */
@ -757,7 +760,7 @@ int main(int argc, char *argv[])
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[MEMORY_HEAP_SIZE]; unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif #endif
uint16_t group_list[CURVE_LIST_SIZE]; uint16_t group_list[GROUP_LIST_SIZE];
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
size_t mki_len = 0; size_t mki_len = 0;
@ -943,7 +946,7 @@ usage:
opt.reconnect_hard = DFL_RECONNECT_HARD; opt.reconnect_hard = DFL_RECONNECT_HARD;
opt.tickets = DFL_TICKETS; opt.tickets = DFL_TICKETS;
opt.alpn_string = DFL_ALPN_STRING; opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES; opt.groups = DFL_GROUPS;
opt.sig_algs = DFL_SIG_ALGS; opt.sig_algs = DFL_SIG_ALGS;
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
opt.early_data = DFL_EARLY_DATA; opt.early_data = DFL_EARLY_DATA;
@ -1166,8 +1169,8 @@ usage:
break; break;
default: goto usage; default: goto usage;
} }
} else if (strcmp(p, "curves") == 0) { } else if (strcmp(p, "groups") == 0) {
opt.curves = q; opt.groups = q;
} }
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if (strcmp(p, "sig_algs") == 0) { else if (strcmp(p, "sig_algs") == 0) {
@ -1491,8 +1494,8 @@ usage:
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if (opt.curves != NULL) { if (opt.groups != NULL) {
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
goto exit; goto exit;
} }
} }
@ -1901,8 +1904,8 @@ usage:
#if defined(MBEDTLS_ECP_LIGHT) || \ #if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)) defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL && if (opt.groups != NULL &&
strcmp(opt.curves, "default") != 0) { strcmp(opt.groups, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list); mbedtls_ssl_conf_groups(&conf, group_list);
} }
#endif #endif

33
programs/ssl/ssl_server2.c
View File

@ -133,7 +133,7 @@ int main(void)
#define DFL_CACHE_REMOVE 0 #define DFL_CACHE_REMOVE 0
#define DFL_SNI NULL #define DFL_SNI NULL
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
#define DFL_CURVES NULL #define DFL_GROUPS NULL
#define DFL_MAX_EARLY_DATA_SIZE 0 #define DFL_MAX_EARLY_DATA_SIZE 0
#define DFL_SIG_ALGS NULL #define DFL_SIG_ALGS NULL
#define DFL_DHM_FILE NULL #define DFL_DHM_FILE NULL
@ -449,14 +449,17 @@ int main(void)
#if defined(MBEDTLS_ECP_LIGHT) || \ #if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)) defined(PSA_WANT_ALG_FFDH))
#define USAGE_CURVES \ #define USAGE_GROUPS \
" curves=a,b,c,d default: \"default\" (library default)\n" \ " groups=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \ " example: \"secp521r1,brainpoolP512r1\"\n" \
" - use \"none\" for empty list\n" \ " - use \"none\" for empty list\n" \
" - see mbedtls_ecp_curve_list()\n" \ " - see mbedtls_ecp_curve_list()\n" \
" for acceptable curve names\n" " for acceptable EC group names\n" \
" - the following ffdh groups are supported:\n" \
" ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
" ffdhe8192\n"
#else #else
#define USAGE_CURVES "" #define USAGE_GROUPS ""
#endif #endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@ -560,7 +563,7 @@ int main(void)
USAGE_ALPN \ USAGE_ALPN \
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_CURVES \ USAGE_GROUPS \
USAGE_SIG_ALGS \ USAGE_SIG_ALGS \
USAGE_KEY_OPAQUE_ALGS \ USAGE_KEY_OPAQUE_ALGS \
"\n" "\n"
@ -672,7 +675,7 @@ struct options {
#endif #endif
int cache_remove; /* enable / disable cache entry removal */ int cache_remove; /* enable / disable cache entry removal */
char *sni; /* string describing sni information */ char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */ const char *groups; /* list of supported groups */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */
const char *alpn_string; /* ALPN supported protocols */ const char *alpn_string; /* ALPN supported protocols */
const char *dhm_file; /* the file with the DH parameters */ const char *dhm_file; /* the file with the DH parameters */
@ -1522,7 +1525,7 @@ int main(int argc, char *argv[])
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
sni_entry *sni_info = NULL; sni_entry *sni_info = NULL;
#endif #endif
uint16_t group_list[CURVE_LIST_SIZE]; uint16_t group_list[GROUP_LIST_SIZE];
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE]; const char *alpn_list[ALPN_LIST_SIZE];
#endif #endif
@ -1733,7 +1736,7 @@ usage:
opt.cache_remove = DFL_CACHE_REMOVE; opt.cache_remove = DFL_CACHE_REMOVE;
opt.sni = DFL_SNI; opt.sni = DFL_SNI;
opt.alpn_string = DFL_ALPN_STRING; opt.alpn_string = DFL_ALPN_STRING;
opt.curves = DFL_CURVES; opt.groups = DFL_GROUPS;
opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
opt.sig_algs = DFL_SIG_ALGS; opt.sig_algs = DFL_SIG_ALGS;
opt.dhm_file = DFL_DHM_FILE; opt.dhm_file = DFL_DHM_FILE;
@ -1913,8 +1916,8 @@ usage:
goto usage; goto usage;
} }
opt.force_ciphersuite[1] = 0; opt.force_ciphersuite[1] = 0;
} else if (strcmp(p, "curves") == 0) { } else if (strcmp(p, "groups") == 0) {
opt.curves = q; opt.groups = q;
} }
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if (strcmp(p, "sig_algs") == 0) { else if (strcmp(p, "sig_algs") == 0) {
@ -2386,8 +2389,8 @@ usage:
} }
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
if (opt.curves != NULL) { if (opt.groups != NULL) {
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) { if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
goto exit; goto exit;
} }
} }
@ -3095,8 +3098,8 @@ usage:
#if defined(MBEDTLS_ECP_LIGHT) || \ #if defined(MBEDTLS_ECP_LIGHT) || \
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)) defined(PSA_WANT_ALG_FFDH))
if (opt.curves != NULL && if (opt.groups != NULL &&
strcmp(opt.curves, "default") != 0) { strcmp(opt.groups, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list); mbedtls_ssl_conf_groups(&conf, group_list);
} }
#endif #endif

14
programs/ssl/ssl_test_lib.c
View File

@ -508,16 +508,16 @@ static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group)
} }
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len)
{ {
char *p = (char *) curves; char *p = (char *) groups;
char *q = NULL; char *q = NULL;
size_t i = 0; size_t i = 0;
if (strcmp(p, "none") == 0) { if (strcmp(p, "none") == 0) {
group_list[0] = 0; group_list[0] = 0;
} else if (strcmp(p, "default") != 0) { } else if (strcmp(p, "default") != 0) {
/* Leave room for a final NULL in curve list */ /* Leave room for a final NULL in group list */
while (i < group_list_len - 1 && *p != '\0') { while (i < group_list_len - 1 && *p != '\0') {
q = p; q = p;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
@ -547,9 +547,9 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
} else } else
#endif #endif
{ {
mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("unknown group %s\n", q);
mbedtls_printf("supported groups: ");
#if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_ECP_LIGHT)
mbedtls_printf("supported curves: ");
for (curve_cur = mbedtls_ecp_curve_list(); for (curve_cur = mbedtls_ecp_curve_list();
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE; curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
curve_cur++) { curve_cur++) {
@ -570,10 +570,10 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
} }
} }
mbedtls_printf("Number of curves: %u\n", (unsigned int) i); mbedtls_printf("Number of groups: %u\n", (unsigned int) i);
if (i == group_list_len - 1 && *p != '\0') { if (i == group_list_len - 1 && *p != '\0') {
mbedtls_printf("curves list too long, maximum %u", mbedtls_printf("groups list too long, maximum %u",
(unsigned int) (group_list_len - 1)); (unsigned int) (group_list_len - 1));
return -1; return -1;
} }

4
programs/ssl/ssl_test_lib.h
View File

@ -81,7 +81,7 @@
#include "../test/query_config.h" #include "../test/query_config.h"
#define ALPN_LIST_SIZE 10 #define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 25 #define GROUP_LIST_SIZE 25
#define SIG_ALG_LIST_SIZE 5 #define SIG_ALG_LIST_SIZE 5
typedef struct eap_tls_keys { typedef struct eap_tls_keys {
@ -312,7 +312,7 @@ void test_hooks_free(void);
#endif /* !MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_TEST_HOOKS */
/* Helper functions for FFDH groups. */ /* Helper functions for FFDH groups. */
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len); int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len);
#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */

1800
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

4
tests/opt-testcases/tls13-kex-modes.sh
View File

@ -1537,7 +1537,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATI
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
0 \ 0 \
-s "write selected_group: secp384r1" \ -s "write selected_group: secp384r1" \
@ -1553,7 +1553,7 @@ requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
0 \ 0 \
-s "write selected_group: secp384r1" \ -s "write selected_group: secp384r1" \

4
tests/scripts/generate_tls13_compat_tests.py
View File

@ -67,10 +67,10 @@ NAMED_GROUP_IANA_VALUE = {
'secp521r1': 0x19, 'secp521r1': 0x19,
'x25519': 0x1d, 'x25519': 0x1d,
'x448': 0x1e, 'x448': 0x1e,
# Only one finite field group to keep testing time within reasonable bounds.
'ffdhe2048': 0x100, 'ffdhe2048': 0x100,
} }
class TLSProgram: class TLSProgram:
""" """
Base class for generate server/client command. Base class for generate server/client command.
@ -362,7 +362,7 @@ class MbedTLSBase(TLSProgram):
if self._named_groups: if self._named_groups:
named_groups = ','.join(self._named_groups) named_groups = ','.join(self._named_groups)
ret += ["curves={named_groups}".format(named_groups=named_groups)] ret += ["groups={named_groups}".format(named_groups=named_groups)]
return ret return ret
def pre_checks(self): def pre_checks(self):

94
tests/ssl-opt.sh
View File

@ -1707,8 +1707,8 @@ run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
set_maybe_calc_verify none set_maybe_calc_verify none
run_test "PSA - ECDH with $1" \ run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \ "$P_SRV debug_level=4 force_version=tls12 groups=$1" \
"$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \
0 \ 0 \
-c "$maybe_calc_verify" \ -c "$maybe_calc_verify" \
-c "calc PSA finished" \ -c "calc PSA finished" \
@ -5396,7 +5396,7 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required curves=secp521r1" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
1 \ 1 \
-c "bad certificate (EC key curve)"\ -c "bad certificate (EC key curve)"\
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
@ -5405,7 +5405,7 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional curves=secp521r1" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \ 1 \
-c "bad certificate (EC key curve)"\ -c "bad certificate (EC key curve)"\
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
@ -5783,7 +5783,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)" \ -c "bad certificate (EC key curve)" \
@ -5794,7 +5794,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)"\ -c "bad certificate (EC key curve)"\
@ -8430,7 +8430,7 @@ run_test "Large server packet TLS 1.3 AEAD shorter tag" \
requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, default" \ run_test "EC restart: TLS, default" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1" \ debug_level=1" \
@ -8443,7 +8443,7 @@ run_test "EC restart: TLS, default" \
requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=0" \ run_test "EC restart: TLS, max_ops=0" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=0" \ debug_level=1 ec_max_ops=0" \
@ -8456,7 +8456,7 @@ run_test "EC restart: TLS, max_ops=0" \
requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=65535" \ run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=65535" \ debug_level=1 ec_max_ops=65535" \
@ -8471,7 +8471,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \ debug_level=1 ec_max_ops=1000" \
@ -8487,7 +8487,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \ debug_level=1 ec_max_ops=1000" \
@ -8502,7 +8502,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, badsign" \ run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV curves=secp256r1 auth_mode=required \ "$P_SRV groups=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \ crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -8522,7 +8522,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required \ "$P_SRV groups=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \ crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -8543,7 +8543,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required \ "$P_SRV groups=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \ crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -8563,7 +8563,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required \ "$P_SRV groups=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \ crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -8584,7 +8584,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required \ "$P_SRV groups=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \ crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -8604,7 +8604,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \ dtls=1 debug_level=1 ec_max_ops=1000" \
@ -8620,7 +8620,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \ dtls=1 debug_level=1 ec_max_ops=1000" \
@ -8635,7 +8635,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
"$P_SRV curves=secp256r1" \ "$P_SRV groups=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \ debug_level=1 ec_max_ops=1000" \
0 \ 0 \
@ -8651,7 +8651,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
"$P_SRV curves=secp256r1" \ "$P_SRV groups=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \ debug_level=1 ec_max_ops=1000" \
0 \ 0 \
@ -8667,7 +8667,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
"$P_SRV curves=secp256r1 auth_mode=required" \ "$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \ key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \ debug_level=1 ec_max_ops=1000" \
@ -12322,8 +12322,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_ECDH
run_test "TLS 1.3: server: HRR check - mbedtls" \ run_test "TLS 1.3: server: HRR check - mbedtls" \
"$P_SRV debug_level=4 curves=secp384r1" \ "$P_SRV debug_level=4 groups=secp384r1" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@ -12587,8 +12587,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -12603,8 +12603,8 @@ requires_config_enabled PSA_WANT_ALG_ECDH
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -12619,7 +12619,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
@ -12633,7 +12633,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
1 \ 1 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
@ -12645,7 +12645,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
@ -12659,7 +12659,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
@ -12674,7 +12674,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
1 \ 1 \
-c "received HelloRetryRequest message" \ -c "received HelloRetryRequest message" \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
@ -12688,7 +12688,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
@ -12699,7 +12699,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -12712,7 +12712,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -12724,7 +12724,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -12739,7 +12739,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -12755,7 +12755,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -12772,7 +12772,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -13204,7 +13204,7 @@ requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -13226,7 +13226,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -13246,7 +13246,7 @@ requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -13268,7 +13268,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -13288,7 +13288,7 @@ requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -13309,7 +13309,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
@ -13330,7 +13330,7 @@ requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
client_needs_more_time 4 client_needs_more_time 4
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
0 \ 0 \
-s "Protocol is TLSv1.3" \ -s "Protocol is TLSv1.3" \
@ -13352,7 +13352,7 @@ requires_config_enabled PSA_WANT_ALG_FFDH
client_needs_more_time 4 client_needs_more_time 4
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
0 \ 0 \
-c "HTTP/1.0 200 OK" \ -c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \

2
tests/suites/test_suite_ssl.function
View File

@ -3386,7 +3386,7 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
if (bad_server_ecdhe_key) { if (bad_server_ecdhe_key) {
/* Force a simulated bitflip in the server key. to make the /* Force a simulated bitflip in the server key. to make the
* raw key agreement in ssl_write_client_key_exchange fail. */ * raw key agreement in ssl_write_client_key_exchange fail. */
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; (client.ssl).handshake->xxdh_psa_peerkey[0] ^= 0x02;
} }
TEST_EQUAL(mbedtls_test_move_handshake_to_state( TEST_EQUAL(mbedtls_test_move_handshake_to_state(