Replace curve_list with group_list and add update test scripts

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2025-02-03 20:54:00 +00:00 · 2021-12-22 02:39:32 +00:00 · 2021-12-22 02:39:32 +00:00 · 0b56a8f85c
commit 0b56a8f85c
parent 51eff22c9b
3 changed files with 54 additions and 12 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -135,6 +135,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
 *  } KeyShare;
 */

+#if defined(MBEDTLS_ECDH_C)
 static int ssl_reset_ecdhe_share( mbedtls_ssl_context *ssl )
 {
    mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx );
@ -156,6 +157,13 @@ static int ssl_reset_key_share( mbedtls_ssl_context *ssl )

    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 }
+#else
+static int ssl_reset_key_share( mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#endif /* MBEDTLS_ECDH_C */

 /*
 * Functions for writing key_share extension.
@ -1445,7 +1453,7 @@ static int ssl_hrr_parse( mbedtls_ssl_context *ssl,
            case MBEDTLS_TLS_EXT_KEY_SHARE:
            {
                /* Variables for parsing the key_share */
-                const mbedtls_ecp_group_id* grp_id;
+                const uint16_t* grp_id;
                const mbedtls_ecp_curve_info *curve_info = NULL;
                int tls_id;
                int found = 0;
@ -1460,13 +1468,14 @@ static int ssl_hrr_parse( mbedtls_ssl_context *ssl,
                 * MUST first verify that the selected_group field corresponds to a
                 * group which was provided in the "supported_groups" extension in the
                 * original ClientHello.
-                 * The supported_group was based on the info in ssl->conf->curve_list.
+                 * The supported_group was based on the info in ssl->conf->group_list.
                 *
                 * If the server provided a key share that was not sent in the ClientHello
-                 * then the client MUST abort the handshake with an "illegal_parameter" alert. */
-                for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
+                 * then the client MUST abort the handshake with an "illegal_parameter" alert.
+                 */
+                for( grp_id = ssl->conf->group_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
                {
-                    curve_info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+                    curve_info = mbedtls_ecp_curve_info_from_tls_id( *grp_id );
                    if( curve_info == NULL || curve_info->tls_id != tls_id )
                        continue;

@ -1480,7 +1489,8 @@ static int ssl_hrr_parse( mbedtls_ssl_context *ssl,
                 * extension in the original ClientHello. If the server sent an
                 * HRR message with a key share already provided in the
                 * ClientHello then the client MUST abort the handshake with
-                 * an "illegal_parameter" alert. */
+                 * an "illegal_parameter" alert.
+                 */
                if( found == 0 || tls_id == ssl->handshake->offered_group_id )
                {
                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid key share in HRR" ) );
@ -1513,7 +1523,9 @@ static int ssl_hrr_parse( mbedtls_ssl_context *ssl,

 static int ssl_hrr_postprocess( mbedtls_ssl_context *ssl )
 {
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

    if( ssl->handshake->hello_retry_requests_received > 0 )
    {
@ -1545,9 +1557,11 @@ static int ssl_hrr_postprocess( mbedtls_ssl_context *ssl )
     * key share writing, we can confine this to the case where the server
     * requested a different share.
     */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    ret = ssl_reset_key_share( ssl );
    if( ret != 0 )
        return( ret );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

    return( 0 );
 }
@ -1840,8 +1854,6 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
    if( ret != 0 )
        return( ret );

-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-
    return( 0 );
 }
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
@ -1952,6 +1964,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
         */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
        case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
+        case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
            ret = ssl_tls13_write_change_cipher_spec( ssl );
            break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1058,6 +1058,32 @@ void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
 */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)

+static int ssl_write_change_cipher_spec_postprocess( mbedtls_ssl_context* ssl )
+{
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        switch( ssl->state )
+        {
+            case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
+                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+                break;
+            case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
+                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+                break;
+            default:
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+    }
+#else
+    ((void) ssl);
+#endif /* MBEDTLS_SSL_CLI_C */
+
+    return( 0 );
+}
+
 static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
                                                    unsigned char *buf,
                                                    unsigned char *end,
@ -1088,6 +1114,9 @@ int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )

    ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;

+    /* Update state */
+    MBEDTLS_SSL_PROC_CHK( ssl_write_change_cipher_spec_postprocess( ssl ) );
+
    /* Dispatch message */
    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 1 ) );

--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -9219,8 +9219,8 @@ run_test    "TLS 1.3: HelloRetryRequest check - openssl" \
            "$P_CLI debug_level=4 force_version=tls13" \
            1 \
            -c "received HelloRetryRequest message" \
-            -c "HRR not supported" \
-            -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed"
+            -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO(1)" \
+            -c "Last error was: -0x7180 - SSL - Verification of the message MAC failed"

 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@ -9234,8 +9234,8 @@ run_test    "TLS 1.3: HelloRetryRequest check - gnutls" \
            "$P_CLI debug_level=4 force_version=tls13" \
            1 \
            -c "received HelloRetryRequest message" \
-            -c "HRR not supported" \
-            -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \
+            -c "tls13 client state: MBEDTLS_SSL_CLIENT_HELLO(1)" \
+            -c "Last error was: -0x7180 - SSL - Verification of the message MAC failed" \
            -s "HELLO RETRY REQUEST was queued"

 for i in $(ls opt-testcases/*.sh)