mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-21 15:41:00 +00:00
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
461d59b2f8
@ -272,7 +272,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
|
||||
propose_group = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -755,18 +755,26 @@ struct mbedtls_ssl_handshake_params {
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH)
|
||||
#if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH)
|
||||
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH
|
||||
#else
|
||||
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#endif
|
||||
#elif defined(PSA_WANT_ALG_ECDH)
|
||||
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
|
||||
#else
|
||||
#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH
|
||||
#endif
|
||||
|
||||
#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
psa_key_type_t ecdh_psa_type;
|
||||
size_t ecdh_bits;
|
||||
mbedtls_svc_key_id_t ecdh_psa_privkey;
|
||||
uint8_t ecdh_psa_privkey_is_external;
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH];
|
||||
#else
|
||||
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
|
||||
#endif
|
||||
size_t ecdh_psa_peerkey_len;
|
||||
psa_key_type_t xxdh_psa_type;
|
||||
size_t xxdh_bits;
|
||||
mbedtls_svc_key_id_t xxdh_psa_privkey;
|
||||
uint8_t xxdh_psa_privkey_is_external;
|
||||
unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE];
|
||||
size_t xxdh_psa_peerkey_len;
|
||||
#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
|
||||
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
|
||||
|
||||
@ -2117,7 +2125,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
@ -2215,7 +2223,7 @@ static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group)
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448;
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_dhe(uint16_t named_group)
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group)
|
||||
{
|
||||
return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
|
||||
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
|
||||
@ -2250,7 +2258,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
|
||||
}
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
@ -2652,7 +2660,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
|
||||
int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len);
|
||||
|
||||
|
||||
@ -4218,8 +4218,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
|
||||
|
||||
#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
if (handshake->xxdh_psa_privkey_is_external == 0) {
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
}
|
||||
#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
|
||||
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
|
||||
|
||||
@ -1761,8 +1761,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
|
||||
&ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
handshake->ecdh_psa_type = key_type;
|
||||
handshake->ecdh_bits = ec_bits;
|
||||
handshake->xxdh_psa_type = key_type;
|
||||
handshake->xxdh_bits = ec_bits;
|
||||
|
||||
/* Keep a copy of the peer's public key */
|
||||
ecpoint_len = *(*p)++;
|
||||
@ -1770,14 +1770,21 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
/* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
|
||||
the sizes of the FFDH keys which are at least 2048 bits.
|
||||
The size of the array is thus greater than 256 bytes which is greater than any
|
||||
possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/
|
||||
#if !defined(PSA_WANT_ALG_FFDH)
|
||||
if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) {
|
||||
if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
#else
|
||||
MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
|
||||
"peer key buffer too small");
|
||||
#endif
|
||||
|
||||
memcpy(handshake->ecdh_psa_peerkey, *p, ecpoint_len);
|
||||
handshake->ecdh_psa_peerkey_len = ecpoint_len;
|
||||
memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
|
||||
handshake->xxdh_psa_peerkey_len = ecpoint_len;
|
||||
*p += ecpoint_len;
|
||||
|
||||
return 0;
|
||||
@ -2038,27 +2045,27 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
/* If the above conversion to TLS ID was fine, then also this one will be,
|
||||
so there is no need to check the return value here */
|
||||
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
|
||||
&ssl->handshake->ecdh_bits);
|
||||
&ssl->handshake->xxdh_bits);
|
||||
|
||||
ssl->handshake->ecdh_psa_type = key_type;
|
||||
ssl->handshake->xxdh_psa_type = key_type;
|
||||
|
||||
/* Store peer's public key in psa format. */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
|
||||
ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len;
|
||||
memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
|
||||
ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;
|
||||
ret = 0;
|
||||
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
size_t olen = 0;
|
||||
ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
|
||||
ssl->handshake->ecdh_psa_peerkey,
|
||||
ssl->handshake->xxdh_psa_peerkey,
|
||||
MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH);
|
||||
|
||||
if (ret != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
|
||||
return ret;
|
||||
}
|
||||
ssl->handshake->ecdh_psa_peerkey_len = olen;
|
||||
ssl->handshake->xxdh_psa_peerkey_len = olen;
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
|
||||
@ -2788,12 +2795,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
&handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
}
|
||||
@ -2806,12 +2813,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
|
||||
size_t own_pubkey_len;
|
||||
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
status = psa_export_public_key(handshake->xxdh_psa_privkey,
|
||||
own_pubkey, own_pubkey_max_len,
|
||||
&own_pubkey_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
}
|
||||
|
||||
@ -2822,15 +2829,15 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_raw_key_agreement(PSA_ALG_ECDH,
|
||||
handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey,
|
||||
handshake->ecdh_psa_peerkey_len,
|
||||
handshake->xxdh_psa_privkey,
|
||||
handshake->xxdh_psa_peerkey,
|
||||
handshake->xxdh_psa_peerkey_len,
|
||||
ssl->handshake->premaster,
|
||||
sizeof(ssl->handshake->premaster),
|
||||
&ssl->handshake->pmslen);
|
||||
|
||||
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
|
||||
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
@ -2960,12 +2967,12 @@ ecdh_calc_secret:
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
&handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
@ -2978,12 +2985,12 @@ ecdh_calc_secret:
|
||||
size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
|
||||
size_t own_pubkey_len = 0;
|
||||
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
status = psa_export_public_key(handshake->xxdh_psa_privkey,
|
||||
own_pubkey, own_pubkey_max_len,
|
||||
&own_pubkey_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
@ -3005,15 +3012,15 @@ ecdh_calc_secret:
|
||||
|
||||
/* Perform ECDH computation after the uint16 reserved for the length */
|
||||
status = psa_raw_key_agreement(PSA_ALG_ECDH,
|
||||
handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey,
|
||||
handshake->ecdh_psa_peerkey_len,
|
||||
handshake->xxdh_psa_privkey,
|
||||
handshake->xxdh_psa_peerkey,
|
||||
handshake->xxdh_psa_peerkey_len,
|
||||
pms + zlen_size,
|
||||
pms_end - (pms + zlen_size),
|
||||
&zlen);
|
||||
|
||||
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
|
||||
@ -2628,19 +2628,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_psa_privkey = pk->priv_id;
|
||||
/* Key should not be destroyed in the TLS library */
|
||||
ssl->handshake->ecdh_psa_privkey_is_external = 1;
|
||||
ssl->handshake->xxdh_psa_privkey = pk->priv_id;
|
||||
|
||||
status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey,
|
||||
/* Key should not be destroyed in the TLS library */
|
||||
ssl->handshake->xxdh_psa_privkey_is_external = 1;
|
||||
|
||||
status = psa_get_key_attributes(ssl->handshake->xxdh_psa_privkey,
|
||||
&key_attributes);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
|
||||
ssl->handshake->ecdh_bits = psa_get_key_bits(&key_attributes);
|
||||
ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
|
||||
ssl->handshake->xxdh_bits = psa_get_key_bits(&key_attributes);
|
||||
|
||||
psa_reset_key_attributes(&key_attributes);
|
||||
|
||||
@ -2664,16 +2665,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
/* If the above conversion to TLS ID was fine, then also this one will
|
||||
be, so there is no need to check the return value here */
|
||||
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
|
||||
&ssl->handshake->ecdh_bits);
|
||||
&ssl->handshake->xxdh_bits);
|
||||
|
||||
ssl->handshake->ecdh_psa_type = key_type;
|
||||
ssl->handshake->xxdh_psa_type = key_type;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes,
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
|
||||
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
|
||||
psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_bits);
|
||||
|
||||
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
|
||||
ret = mbedtls_ecp_write_key(key, buf, key_len);
|
||||
@ -2683,7 +2684,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
status = psa_import_key(&key_attributes, buf, key_len,
|
||||
&ssl->handshake->ecdh_psa_privkey);
|
||||
&ssl->handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
@ -2980,14 +2981,14 @@ curve_matching_done:
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse."));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
handshake->ecdh_psa_type = key_type;
|
||||
handshake->ecdh_bits = ec_bits;
|
||||
handshake->xxdh_psa_type = key_type;
|
||||
handshake->xxdh_bits = ec_bits;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
|
||||
|
||||
/*
|
||||
* ECParameters curve_params
|
||||
@ -3004,7 +3005,7 @@ curve_matching_done:
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
&handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||
@ -3026,14 +3027,14 @@ curve_matching_done:
|
||||
size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
- (own_pubkey - ssl->out_msg));
|
||||
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
status = psa_export_public_key(handshake->xxdh_psa_privkey,
|
||||
own_pubkey, own_pubkey_max_len,
|
||||
&len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
(void) psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -3728,27 +3729,27 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
/* Store peer's ECDH public key. */
|
||||
memcpy(handshake->ecdh_psa_peerkey, p, data_len);
|
||||
handshake->ecdh_psa_peerkey_len = data_len;
|
||||
memcpy(handshake->xxdh_psa_peerkey, p, data_len);
|
||||
handshake->xxdh_psa_peerkey_len = data_len;
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_raw_key_agreement(
|
||||
PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
|
||||
PSA_ALG_ECDH, handshake->xxdh_psa_privkey,
|
||||
handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
|
||||
handshake->premaster, sizeof(handshake->premaster),
|
||||
&handshake->pmslen);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
if (handshake->xxdh_psa_privkey_is_external == 0) {
|
||||
(void) psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
}
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
if (handshake->xxdh_psa_privkey_is_external == 0) {
|
||||
status = psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
@ -3756,7 +3757,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#else
|
||||
if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
|
||||
p, end - p)) != 0) {
|
||||
@ -3889,35 +3890,42 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Keep a copy of the peer's public key */
|
||||
if (p >= end) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
ecpoint_len = *(p++);
|
||||
if ((size_t) (end - p) < ecpoint_len) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
/* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
|
||||
the sizes of the FFDH keys which are at least 2048 bits.
|
||||
The size of the array is thus greater than 256 bytes which is greater than any
|
||||
possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/
|
||||
#if !defined(PSA_WANT_ALG_FFDH)
|
||||
if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
|
||||
psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
#else
|
||||
MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
|
||||
"peer key buffer too small");
|
||||
#endif
|
||||
|
||||
memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len);
|
||||
handshake->ecdh_psa_peerkey_len = ecpoint_len;
|
||||
memcpy(handshake->xxdh_psa_peerkey, p, ecpoint_len);
|
||||
handshake->xxdh_psa_peerkey_len = ecpoint_len;
|
||||
p += ecpoint_len;
|
||||
|
||||
/* As RFC 5489 section 2, the premaster secret is formed as follows:
|
||||
@ -3935,15 +3943,15 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_raw_key_agreement(PSA_ALG_ECDH,
|
||||
handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey,
|
||||
handshake->ecdh_psa_peerkey_len,
|
||||
handshake->xxdh_psa_privkey,
|
||||
handshake->xxdh_psa_peerkey,
|
||||
handshake->xxdh_psa_peerkey_len,
|
||||
psm + zlen_size,
|
||||
psm_end - (psm + zlen_size),
|
||||
&zlen);
|
||||
|
||||
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
|
||||
@ -196,19 +196,19 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(group_id)) {
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
/* Destroy generated private key. */
|
||||
status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey);
|
||||
status = psa_destroy_key(ssl->handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return 0;
|
||||
} else
|
||||
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
|
||||
@ -247,7 +247,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
|
||||
*group_id = *group_list;
|
||||
return 0;
|
||||
}
|
||||
@ -301,7 +301,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
/* HRR could already have requested something else. */
|
||||
group_id = ssl->handshake->offered_group_id;
|
||||
if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) &&
|
||||
!mbedtls_ssl_tls13_named_group_is_dhe(group_id)) {
|
||||
!mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
|
||||
MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl,
|
||||
&group_id));
|
||||
}
|
||||
@ -317,7 +317,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
client_shares = p;
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(group_id)) {
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
|
||||
/* Pointer to group */
|
||||
unsigned char *group = p;
|
||||
/* Length of key_exchange */
|
||||
@ -329,7 +329,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
|
||||
p += 4;
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
|
||||
ssl, group_id, p, end, &key_exchange_len);
|
||||
p += key_exchange_len;
|
||||
if (ret != 0) {
|
||||
@ -429,7 +429,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) {
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
@ -505,10 +505,10 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(group)) {
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(2,
|
||||
("DHE group name: %s", mbedtls_ssl_named_group_to_str(group)));
|
||||
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
|
||||
ret = mbedtls_ssl_tls13_read_public_xxdhe_share(ssl, p, end - p);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1499,7 +1499,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
|
||||
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
|
||||
int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t buf_len)
|
||||
{
|
||||
@ -1516,8 +1516,8 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len);
|
||||
|
||||
/* Store peer's ECDH public key. */
|
||||
memcpy(handshake->ecdh_psa_peerkey, p, peerkey_len);
|
||||
handshake->ecdh_psa_peerkey_len = peerkey_len;
|
||||
memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len);
|
||||
handshake->xxdh_psa_peerkey_len = peerkey_len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1551,7 +1551,7 @@ static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
@ -1592,18 +1592,18 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
handshake->ecdh_psa_type = key_type;
|
||||
ssl->handshake->ecdh_bits = bits;
|
||||
handshake->xxdh_psa_type = key_type;
|
||||
ssl->handshake->xxdh_bits = bits;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, alg);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->xxdh_bits);
|
||||
|
||||
/* Generate ECDH/FFDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
&handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||
@ -1612,7 +1612,7 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
}
|
||||
|
||||
/* Export the public part of the ECDH/FFDH private key from PSA. */
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
status = psa_export_public_key(handshake->xxdh_psa_privkey,
|
||||
buf, buf_size,
|
||||
&own_pubkey_len);
|
||||
|
||||
|
||||
@ -1492,7 +1492,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||
*/
|
||||
if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) {
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(handshake->offered_group_id)) {
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
psa_algorithm_t alg =
|
||||
mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ?
|
||||
@ -1502,7 +1502,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
|
||||
status = psa_get_key_attributes(handshake->xxdh_psa_privkey,
|
||||
&key_attributes);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
@ -1516,8 +1516,8 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
status = psa_raw_key_agreement(
|
||||
alg, handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
|
||||
alg, handshake->xxdh_psa_privkey,
|
||||
handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
|
||||
shared_secret, shared_secret_len, &shared_secret_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
@ -1525,14 +1525,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
status = psa_destroy_key(handshake->xxdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
|
||||
} else {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported."));
|
||||
|
||||
@ -914,11 +914,11 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
|
||||
* ECDHE and FFDHE groups are supported
|
||||
*/
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(group)) {
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)",
|
||||
mbedtls_ssl_named_group_to_str(group),
|
||||
group));
|
||||
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
|
||||
ret = mbedtls_ssl_tls13_read_public_xxdhe_share(
|
||||
ssl, key_exchange - 2, key_exchange_len + 2);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
@ -1915,12 +1915,12 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
|
||||
ssl, named_group, buf, end, out_len);
|
||||
if (ret != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
1, "mbedtls_ssl_tls13_generate_and_write_dh_key_exchange",
|
||||
1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange",
|
||||
ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -95,7 +95,7 @@ int main(void)
|
||||
#define DFL_RECONNECT_HARD 0
|
||||
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
|
||||
#define DFL_ALPN_STRING NULL
|
||||
#define DFL_CURVES NULL
|
||||
#define DFL_GROUPS NULL
|
||||
#define DFL_SIG_ALGS NULL
|
||||
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
||||
#define DFL_HS_TO_MIN 0
|
||||
@ -264,14 +264,17 @@ int main(void)
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
#define USAGE_CURVES \
|
||||
" curves=a,b,c,d default: \"default\" (library default)\n" \
|
||||
" example: \"secp521r1,brainpoolP512r1\"\n" \
|
||||
" - use \"none\" for empty list\n" \
|
||||
" - see mbedtls_ecp_curve_list()\n" \
|
||||
" for acceptable curve names\n"
|
||||
#define USAGE_GROUPS \
|
||||
" groups=a,b,c,d default: \"default\" (library default)\n" \
|
||||
" example: \"secp521r1,brainpoolP512r1\"\n" \
|
||||
" - use \"none\" for empty list\n" \
|
||||
" - see mbedtls_ecp_curve_list()\n" \
|
||||
" for acceptable EC group names\n" \
|
||||
" - the following ffdh groups are supported:\n" \
|
||||
" ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
|
||||
" ffdhe8192\n"
|
||||
#else
|
||||
#define USAGE_CURVES ""
|
||||
#define USAGE_GROUPS ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
@ -439,7 +442,7 @@ int main(void)
|
||||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
USAGE_REPRODUCIBLE \
|
||||
USAGE_CURVES \
|
||||
USAGE_GROUPS \
|
||||
USAGE_SIG_ALGS \
|
||||
USAGE_EARLY_DATA \
|
||||
USAGE_DHMLEN \
|
||||
@ -524,7 +527,7 @@ struct options {
|
||||
int reco_mode; /* how to keep the session around */
|
||||
int reconnect_hard; /* unexpectedly reconnect from the same port */
|
||||
int tickets; /* enable / disable session tickets */
|
||||
const char *curves; /* list of supported elliptic curves */
|
||||
const char *groups; /* list of supported groups */
|
||||
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
|
||||
const char *alpn_string; /* ALPN supported protocols */
|
||||
int transport; /* TLS or DTLS? */
|
||||
@ -757,7 +760,7 @@ int main(int argc, char *argv[])
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
|
||||
#endif
|
||||
uint16_t group_list[CURVE_LIST_SIZE];
|
||||
uint16_t group_list[GROUP_LIST_SIZE];
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
|
||||
size_t mki_len = 0;
|
||||
@ -943,7 +946,7 @@ usage:
|
||||
opt.reconnect_hard = DFL_RECONNECT_HARD;
|
||||
opt.tickets = DFL_TICKETS;
|
||||
opt.alpn_string = DFL_ALPN_STRING;
|
||||
opt.curves = DFL_CURVES;
|
||||
opt.groups = DFL_GROUPS;
|
||||
opt.sig_algs = DFL_SIG_ALGS;
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
opt.early_data = DFL_EARLY_DATA;
|
||||
@ -1166,8 +1169,8 @@ usage:
|
||||
break;
|
||||
default: goto usage;
|
||||
}
|
||||
} else if (strcmp(p, "curves") == 0) {
|
||||
opt.curves = q;
|
||||
} else if (strcmp(p, "groups") == 0) {
|
||||
opt.groups = q;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
else if (strcmp(p, "sig_algs") == 0) {
|
||||
@ -1491,8 +1494,8 @@ usage:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
if (opt.curves != NULL) {
|
||||
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
|
||||
if (opt.groups != NULL) {
|
||||
if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
@ -1901,8 +1904,8 @@ usage:
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
if (opt.curves != NULL &&
|
||||
strcmp(opt.curves, "default") != 0) {
|
||||
if (opt.groups != NULL &&
|
||||
strcmp(opt.groups, "default") != 0) {
|
||||
mbedtls_ssl_conf_groups(&conf, group_list);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -133,7 +133,7 @@ int main(void)
|
||||
#define DFL_CACHE_REMOVE 0
|
||||
#define DFL_SNI NULL
|
||||
#define DFL_ALPN_STRING NULL
|
||||
#define DFL_CURVES NULL
|
||||
#define DFL_GROUPS NULL
|
||||
#define DFL_MAX_EARLY_DATA_SIZE 0
|
||||
#define DFL_SIG_ALGS NULL
|
||||
#define DFL_DHM_FILE NULL
|
||||
@ -449,14 +449,17 @@ int main(void)
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
#define USAGE_CURVES \
|
||||
" curves=a,b,c,d default: \"default\" (library default)\n" \
|
||||
#define USAGE_GROUPS \
|
||||
" groups=a,b,c,d default: \"default\" (library default)\n" \
|
||||
" example: \"secp521r1,brainpoolP512r1\"\n" \
|
||||
" - use \"none\" for empty list\n" \
|
||||
" - see mbedtls_ecp_curve_list()\n" \
|
||||
" for acceptable curve names\n"
|
||||
" - see mbedtls_ecp_curve_list()\n" \
|
||||
" for acceptable EC group names\n" \
|
||||
" - the following ffdh groups are supported:\n" \
|
||||
" ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
|
||||
" ffdhe8192\n"
|
||||
#else
|
||||
#define USAGE_CURVES ""
|
||||
#define USAGE_GROUPS ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
@ -560,7 +563,7 @@ int main(void)
|
||||
USAGE_ALPN \
|
||||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
USAGE_CURVES \
|
||||
USAGE_GROUPS \
|
||||
USAGE_SIG_ALGS \
|
||||
USAGE_KEY_OPAQUE_ALGS \
|
||||
"\n"
|
||||
@ -672,7 +675,7 @@ struct options {
|
||||
#endif
|
||||
int cache_remove; /* enable / disable cache entry removal */
|
||||
char *sni; /* string describing sni information */
|
||||
const char *curves; /* list of supported elliptic curves */
|
||||
const char *groups; /* list of supported groups */
|
||||
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
|
||||
const char *alpn_string; /* ALPN supported protocols */
|
||||
const char *dhm_file; /* the file with the DH parameters */
|
||||
@ -1522,7 +1525,7 @@ int main(int argc, char *argv[])
|
||||
#if defined(SNI_OPTION)
|
||||
sni_entry *sni_info = NULL;
|
||||
#endif
|
||||
uint16_t group_list[CURVE_LIST_SIZE];
|
||||
uint16_t group_list[GROUP_LIST_SIZE];
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
const char *alpn_list[ALPN_LIST_SIZE];
|
||||
#endif
|
||||
@ -1733,7 +1736,7 @@ usage:
|
||||
opt.cache_remove = DFL_CACHE_REMOVE;
|
||||
opt.sni = DFL_SNI;
|
||||
opt.alpn_string = DFL_ALPN_STRING;
|
||||
opt.curves = DFL_CURVES;
|
||||
opt.groups = DFL_GROUPS;
|
||||
opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
|
||||
opt.sig_algs = DFL_SIG_ALGS;
|
||||
opt.dhm_file = DFL_DHM_FILE;
|
||||
@ -1913,8 +1916,8 @@ usage:
|
||||
goto usage;
|
||||
}
|
||||
opt.force_ciphersuite[1] = 0;
|
||||
} else if (strcmp(p, "curves") == 0) {
|
||||
opt.curves = q;
|
||||
} else if (strcmp(p, "groups") == 0) {
|
||||
opt.groups = q;
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
else if (strcmp(p, "sig_algs") == 0) {
|
||||
@ -2386,8 +2389,8 @@ usage:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||
|
||||
if (opt.curves != NULL) {
|
||||
if (parse_curves(opt.curves, group_list, CURVE_LIST_SIZE) != 0) {
|
||||
if (opt.groups != NULL) {
|
||||
if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
@ -3095,8 +3098,8 @@ usage:
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
if (opt.curves != NULL &&
|
||||
strcmp(opt.curves, "default") != 0) {
|
||||
if (opt.groups != NULL &&
|
||||
strcmp(opt.groups, "default") != 0) {
|
||||
mbedtls_ssl_conf_groups(&conf, group_list);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -508,16 +508,16 @@ static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group)
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
|
||||
|
||||
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len)
|
||||
int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len)
|
||||
{
|
||||
char *p = (char *) curves;
|
||||
char *p = (char *) groups;
|
||||
char *q = NULL;
|
||||
size_t i = 0;
|
||||
|
||||
if (strcmp(p, "none") == 0) {
|
||||
group_list[0] = 0;
|
||||
} else if (strcmp(p, "default") != 0) {
|
||||
/* Leave room for a final NULL in curve list */
|
||||
/* Leave room for a final NULL in group list */
|
||||
while (i < group_list_len - 1 && *p != '\0') {
|
||||
q = p;
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
@ -547,9 +547,9 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
mbedtls_printf("unknown curve %s\n", q);
|
||||
mbedtls_printf("unknown group %s\n", q);
|
||||
mbedtls_printf("supported groups: ");
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
mbedtls_printf("supported curves: ");
|
||||
for (curve_cur = mbedtls_ecp_curve_list();
|
||||
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_cur++) {
|
||||
@ -570,10 +570,10 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf("Number of curves: %u\n", (unsigned int) i);
|
||||
mbedtls_printf("Number of groups: %u\n", (unsigned int) i);
|
||||
|
||||
if (i == group_list_len - 1 && *p != '\0') {
|
||||
mbedtls_printf("curves list too long, maximum %u",
|
||||
mbedtls_printf("groups list too long, maximum %u",
|
||||
(unsigned int) (group_list_len - 1));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -81,7 +81,7 @@
|
||||
#include "../test/query_config.h"
|
||||
|
||||
#define ALPN_LIST_SIZE 10
|
||||
#define CURVE_LIST_SIZE 25
|
||||
#define GROUP_LIST_SIZE 25
|
||||
#define SIG_ALG_LIST_SIZE 5
|
||||
|
||||
typedef struct eap_tls_keys {
|
||||
@ -312,7 +312,7 @@ void test_hooks_free(void);
|
||||
#endif /* !MBEDTLS_TEST_HOOKS */
|
||||
|
||||
/* Helper functions for FFDH groups. */
|
||||
int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len);
|
||||
int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len);
|
||||
|
||||
#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
|
||||
#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1537,7 +1537,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATI
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
||||
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
|
||||
0 \
|
||||
-s "write selected_group: secp384r1" \
|
||||
@ -1553,7 +1553,7 @@ requires_gnutls_next_disable_tls13_compat
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
|
||||
0 \
|
||||
-s "write selected_group: secp384r1" \
|
||||
|
||||
@ -67,10 +67,10 @@ NAMED_GROUP_IANA_VALUE = {
|
||||
'secp521r1': 0x19,
|
||||
'x25519': 0x1d,
|
||||
'x448': 0x1e,
|
||||
# Only one finite field group to keep testing time within reasonable bounds.
|
||||
'ffdhe2048': 0x100,
|
||||
}
|
||||
|
||||
|
||||
class TLSProgram:
|
||||
"""
|
||||
Base class for generate server/client command.
|
||||
@ -362,7 +362,7 @@ class MbedTLSBase(TLSProgram):
|
||||
|
||||
if self._named_groups:
|
||||
named_groups = ','.join(self._named_groups)
|
||||
ret += ["curves={named_groups}".format(named_groups=named_groups)]
|
||||
ret += ["groups={named_groups}".format(named_groups=named_groups)]
|
||||
return ret
|
||||
|
||||
def pre_checks(self):
|
||||
|
||||
@ -1707,8 +1707,8 @@ run_test_psa_force_curve() {
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
set_maybe_calc_verify none
|
||||
run_test "PSA - ECDH with $1" \
|
||||
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \
|
||||
"$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
|
||||
"$P_SRV debug_level=4 force_version=tls12 groups=$1" \
|
||||
"$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \
|
||||
0 \
|
||||
-c "$maybe_calc_verify" \
|
||||
-c "calc PSA finished" \
|
||||
@ -5396,7 +5396,7 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \
|
||||
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
|
||||
"$P_SRV debug_level=1 key_file=data_files/server5.key \
|
||||
crt_file=data_files/server5.ku-ka.crt" \
|
||||
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required curves=secp521r1" \
|
||||
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
|
||||
1 \
|
||||
-c "bad certificate (EC key curve)"\
|
||||
-c "! Certificate verification flags"\
|
||||
@ -5405,7 +5405,7 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo
|
||||
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
|
||||
"$P_SRV debug_level=1 key_file=data_files/server5.key \
|
||||
crt_file=data_files/server5.ku-ka.crt" \
|
||||
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional curves=secp521r1" \
|
||||
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
|
||||
1 \
|
||||
-c "bad certificate (EC key curve)"\
|
||||
-c "! Certificate verification flags"\
|
||||
@ -5783,7 +5783,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
|
||||
"$P_SRV debug_level=1 key_file=data_files/server5.key \
|
||||
crt_file=data_files/server5.ku-ka.crt" \
|
||||
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
|
||||
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
|
||||
1 \
|
||||
-c "use CA callback for X.509 CRT verification" \
|
||||
-c "bad certificate (EC key curve)" \
|
||||
@ -5794,7 +5794,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
|
||||
"$P_SRV debug_level=1 key_file=data_files/server5.key \
|
||||
crt_file=data_files/server5.ku-ka.crt" \
|
||||
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
|
||||
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
|
||||
1 \
|
||||
-c "use CA callback for X.509 CRT verification" \
|
||||
-c "bad certificate (EC key curve)"\
|
||||
@ -8430,7 +8430,7 @@ run_test "Large server packet TLS 1.3 AEAD shorter tag" \
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
run_test "EC restart: TLS, default" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1" \
|
||||
@ -8443,7 +8443,7 @@ run_test "EC restart: TLS, default" \
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
run_test "EC restart: TLS, max_ops=0" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1 ec_max_ops=0" \
|
||||
@ -8456,7 +8456,7 @@ run_test "EC restart: TLS, max_ops=0" \
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
run_test "EC restart: TLS, max_ops=65535" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1 ec_max_ops=65535" \
|
||||
@ -8471,7 +8471,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1 ec_max_ops=1000" \
|
||||
@ -8487,7 +8487,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1 ec_max_ops=1000" \
|
||||
@ -8502,7 +8502,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
run_test "EC restart: TLS, max_ops=1000, badsign" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -8522,7 +8522,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -8543,7 +8543,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -8563,7 +8563,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -8584,7 +8584,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required \
|
||||
crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
@ -8604,7 +8604,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
dtls=1 debug_level=1 ec_max_ops=1000" \
|
||||
@ -8620,7 +8620,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
dtls=1 debug_level=1 ec_max_ops=1000" \
|
||||
@ -8635,7 +8635,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1" \
|
||||
"$P_SRV groups=secp256r1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
debug_level=1 ec_max_ops=1000" \
|
||||
0 \
|
||||
@ -8651,7 +8651,7 @@ requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
|
||||
"$P_SRV curves=secp256r1" \
|
||||
"$P_SRV groups=secp256r1" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
debug_level=1 ec_max_ops=1000" \
|
||||
0 \
|
||||
@ -8667,7 +8667,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
|
||||
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
|
||||
"$P_SRV curves=secp256r1 auth_mode=required" \
|
||||
"$P_SRV groups=secp256r1 auth_mode=required" \
|
||||
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||
debug_level=1 ec_max_ops=1000" \
|
||||
@ -12322,8 +12322,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
run_test "TLS 1.3: server: HRR check - mbedtls" \
|
||||
"$P_SRV debug_level=4 curves=secp384r1" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_SRV debug_level=4 groups=secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||
@ -12587,8 +12587,8 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \
|
||||
"$P_SRV debug_level=4 curves=secp384r1 tickets=0" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
@ -12603,8 +12603,8 @@ requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
|
||||
"$P_SRV debug_level=4 curves=secp384r1 tickets=0" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
@ -12619,7 +12619,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
-c "received HelloRetryRequest message" \
|
||||
@ -12633,7 +12633,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
1 \
|
||||
-c "received HelloRetryRequest message" \
|
||||
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
|
||||
@ -12645,7 +12645,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
|
||||
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
|
||||
@ -12659,7 +12659,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
-c "received HelloRetryRequest message" \
|
||||
@ -12674,7 +12674,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
1 \
|
||||
-c "received HelloRetryRequest message" \
|
||||
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
|
||||
@ -12688,7 +12688,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
|
||||
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
|
||||
"$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
|
||||
0 \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
|
||||
@ -12699,7 +12699,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -12712,7 +12712,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -12724,7 +12724,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -12739,7 +12739,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -12755,7 +12755,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -12772,7 +12772,7 @@ requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key curves=secp384r1 tickets=0" \
|
||||
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
|
||||
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -13204,7 +13204,7 @@ requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -13226,7 +13226,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
requires_config_enabled PSA_WANT_ALG_FFDH
|
||||
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
|
||||
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
|
||||
0 \
|
||||
-c "HTTP/1.0 200 OK" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
@ -13246,7 +13246,7 @@ requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -13268,7 +13268,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
requires_config_enabled PSA_WANT_ALG_FFDH
|
||||
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
|
||||
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
|
||||
0 \
|
||||
-c "HTTP/1.0 200 OK" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
@ -13288,7 +13288,7 @@ requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -13309,7 +13309,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
requires_config_enabled PSA_WANT_ALG_FFDH
|
||||
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
|
||||
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
|
||||
0 \
|
||||
-c "HTTP/1.0 200 OK" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
@ -13330,7 +13330,7 @@ requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
client_needs_more_time 4
|
||||
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.3" \
|
||||
@ -13352,7 +13352,7 @@ requires_config_enabled PSA_WANT_ALG_FFDH
|
||||
client_needs_more_time 4
|
||||
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
|
||||
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
|
||||
"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
|
||||
0 \
|
||||
-c "HTTP/1.0 200 OK" \
|
||||
-c "Protocol is TLSv1.3" \
|
||||
|
||||
@ -3386,7 +3386,7 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
||||
if (bad_server_ecdhe_key) {
|
||||
/* Force a simulated bitflip in the server key. to make the
|
||||
* raw key agreement in ssl_write_client_key_exchange fail. */
|
||||
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
|
||||
(client.ssl).handshake->xxdh_psa_peerkey[0] ^= 0x02;
|
||||
}
|
||||
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user