diff --git a/library/ssl_client.c b/library/ssl_client.c index d9c6781592..0f0ea1dc52 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -106,6 +106,9 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, *olen = hostname_len + 9; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ @@ -177,6 +180,9 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */ MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -296,7 +302,8 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ return( 0 ); @@ -557,7 +564,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* Keeping track of the included extensions */ - handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; #endif /* First write extensions, then the total length */ @@ -667,6 +674,11 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, p_extensions_len, extensions_len ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions ); +#endif + *out_len = p - buf; return( 0 ); } diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 9f1df736bd..4412f8e213 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -43,6 +43,32 @@ const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ); const char *mbedtls_ssl_named_group_to_str( uint16_t in ); +const char *mbedtls_ssl_get_extension_name( unsigned int extension_type ); + +void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, uint32_t extensions_mask, + const char *extra ); + +void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, unsigned int extension_type, + const char *extra_msg0, const char *extra_msg1 ); + +#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extensions_mask ) \ + mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, extensions_mask, NULL ) + +#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \ + mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \ + hs_msg_type, extension_type, \ + extra, NULL ) +#else + +#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask ) + +#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) + #endif /* MBEDTLS_DEBUG_C */ -#endif /* SSL_DEBUG_HELPERS_H */ +#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 41bb9c514d..ad8754cac2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -74,34 +74,147 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ -/* - * Mask of TLS 1.3 handshake extensions used in extensions_present - * of mbedtls_ssl_handshake_params. - */ -#define MBEDTLS_SSL_EXT_NONE 0 +/* Faked handshake message identity for HelloRetryRequest. */ +#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO ) -#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 ) -#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 ) -#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) -#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 ) -#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 ) -#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) -#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) -#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) -#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 ) -#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 ) -#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) -#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) -#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 ) -#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 ) -#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 ) -#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 ) -#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 ) -#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 ) -#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) -#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) +/* + * Internal identity of handshake extensions + */ +#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 +#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 +#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1 +#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2 +#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4 +#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5 +#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6 +#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7 +#define MBEDTLS_SSL_EXT_ID_ALPN 8 +#define MBEDTLS_SSL_EXT_ID_SCT 9 +#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10 +#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11 +#define MBEDTLS_SSL_EXT_ID_PADDING 12 +#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13 +#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15 +#define MBEDTLS_SSL_EXT_ID_COOKIE 16 +#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17 +#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18 +#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19 +#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20 +#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21 +#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22 +#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23 +#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24 +#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25 +#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26 +#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27 + +/* Utility for translating IANA extension type. */ +uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type ); +uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); +/* Macros used to define mask constants */ +#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) ) +/* Reset value of extension mask */ +#define MBEDTLS_SSL_EXT_MASK_NONE 0 + +/* In messages containing extension requests, we should ignore unrecognized + * extensions. In messages containing extension responses, unrecognized + * extensions should result in handshake abortion. Messages containing + * extension requests include ClientHello, CertificateRequest and + * NewSessionTicket. Messages containing extension responses include + * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate. + * + * RFC 8446 section 4.1.3 + * + * The ServerHello MUST only include extensions which are required to establish + * the cryptographic context and negotiate the protocol version. + * + * RFC 8446 section 4.2 + * + * If an implementation receives an extension which it recognizes and which is + * not specified for the message in which it appears, it MUST abort the handshake + * with an "illegal_parameter" alert. + */ + +/* Extensions that are not recognized by TLS 1.3 */ +#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \ + ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \ + MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \ + MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \ + MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \ + MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \ + MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) ) + +/* RFC 8446 section 4.2. Allowed extensions for ClienHello */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ + ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \ + MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \ + MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \ + MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \ + MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \ + MBEDTLS_SSL_EXT_MASK( ALPN ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) | \ + MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( PADDING ) | \ + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \ + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) | \ + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \ + MBEDTLS_SSL_EXT_MASK( COOKIE ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) | \ + MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) + +/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ + ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \ + MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \ + MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \ + MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \ + MBEDTLS_SSL_EXT_MASK( ALPN ) | \ + MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \ + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) + +/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ + ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) | \ + MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \ + MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \ + MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) + +/* RFC 8446 section 4.2. Allowed extensions for Certificate */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ + ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \ + MBEDTLS_SSL_EXT_MASK( SCT ) ) + +/* RFC 8446 section 4.2. Allowed extensions for ServerHello */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ + ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) ) + +/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ + ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \ + MBEDTLS_SSL_EXT_MASK( COOKIE ) | \ + MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) ) + +/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ +#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ + ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \ + MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED ) /* * Helper macros for function call with return check. @@ -858,9 +971,8 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int extensions_present; /*!< extension presence; Each bitfield - represents an extension and defined - as \c MBEDTLS_SSL_EXT_XXX */ + uint32_t sent_extensions; /*!< extensions sent by endpoint */ + uint32_t received_extensions; /*!< extensions received by endpoint */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) unsigned char certificate_request_context_len; @@ -1838,6 +1950,24 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +/* + * Helper functions for extensions checking. + */ + +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ); + +static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( + mbedtls_ssl_context *ssl, unsigned int extension_type ) +{ + ssl->handshake->sent_extensions |= + mbedtls_ssl_get_extension_mask( extension_type ); +} + /* * Helper functions to check the selected key exchange mode. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dbbd6f237d..da90b2350f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -521,6 +521,245 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type ) +{ + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_SERVERNAME: + return( MBEDTLS_SSL_EXT_ID_SERVERNAME ); + + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH ); + + case MBEDTLS_TLS_EXT_STATUS_REQUEST: + return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST ); + + case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS ); + + case MBEDTLS_TLS_EXT_SIG_ALG: + return( MBEDTLS_SSL_EXT_ID_SIG_ALG ); + + case MBEDTLS_TLS_EXT_USE_SRTP: + return( MBEDTLS_SSL_EXT_ID_USE_SRTP ); + + case MBEDTLS_TLS_EXT_HEARTBEAT: + return( MBEDTLS_SSL_EXT_ID_HEARTBEAT ); + + case MBEDTLS_TLS_EXT_ALPN: + return( MBEDTLS_SSL_EXT_ID_ALPN ); + + case MBEDTLS_TLS_EXT_SCT: + return( MBEDTLS_SSL_EXT_ID_SCT ); + + case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: + return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: + return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE ); + + case MBEDTLS_TLS_EXT_PADDING: + return( MBEDTLS_SSL_EXT_ID_PADDING ); + + case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: + return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY ); + + case MBEDTLS_TLS_EXT_EARLY_DATA: + return( MBEDTLS_SSL_EXT_ID_EARLY_DATA ); + + case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS ); + + case MBEDTLS_TLS_EXT_COOKIE: + return( MBEDTLS_SSL_EXT_ID_COOKIE ); + + case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: + return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES ); + + case MBEDTLS_TLS_EXT_CERT_AUTH: + return( MBEDTLS_SSL_EXT_ID_CERT_AUTH ); + + case MBEDTLS_TLS_EXT_OID_FILTERS: + return( MBEDTLS_SSL_EXT_ID_OID_FILTERS ); + + case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: + return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH ); + + case MBEDTLS_TLS_EXT_SIG_ALG_CERT: + return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT ); + + case MBEDTLS_TLS_EXT_KEY_SHARE: + return( MBEDTLS_SSL_EXT_ID_KEY_SHARE ); + + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC ); + + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS ); + + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC ); + + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET ); + + case MBEDTLS_TLS_EXT_SESSION_TICKET: + return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET ); + + } + + return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED ); +} + +uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ) +{ + return( 1 << mbedtls_ssl_get_extension_id( extension_type ) ); +} + +#if defined(MBEDTLS_DEBUG_C) +static const char *extension_name_table[] = { + [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized", + [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name", + [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length", + [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups", + [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms", + [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp", + [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat", + [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation", + [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp", + [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type", + [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type", + [MBEDTLS_SSL_EXT_ID_PADDING] = "padding", + [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key", + [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions", + [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie", + [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes", + [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities", + [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters", + [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth", + [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert", + [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share", + [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac", + [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats", + [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac", + [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret", + [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket" +}; + +static unsigned int extension_type_table[]={ + [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, + [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, + [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, + [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, + [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG, + [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP, + [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT, + [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN, + [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT, + [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE, + [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE, + [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING, + [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY, + [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, + [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE, + [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, + [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH, + [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS, + [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH, + [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT, + [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE, + [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC, + [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, + [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, + [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, + [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET +}; + +const char *mbedtls_ssl_get_extension_name( unsigned int extension_type ) +{ + return( extension_name_table[ + mbedtls_ssl_get_extension_id( extension_type ) ] ); +} + +static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type ) +{ + switch( hs_msg_type ) + { + case MBEDTLS_SSL_HS_CLIENT_HELLO: + return( "ClientHello" ); + case MBEDTLS_SSL_HS_SERVER_HELLO: + return( "ServerHello" ); + case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: + return( "HelloRetryRequest" ); + case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: + return( "NewSessionTicket" ); + case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: + return( "EncryptedExtensions" ); + case MBEDTLS_SSL_HS_CERTIFICATE: + return( "Certificate" ); + case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: + return( "CertificateRequest" ); + } + return( "Unknown" ); +} + +void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, unsigned int extension_type, + const char *extra_msg0, const char *extra_msg1 ) +{ + const char *extra_msg; + if( extra_msg0 && extra_msg1 ) + { + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension %s %s.", + ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), + extension_type, + extra_msg0, extra_msg1 ); + return; + } + + extra_msg = extra_msg0 ? extra_msg0 : extra_msg1; + if( extra_msg ) + { + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), extension_type, + extra_msg ); + return; + } + + mbedtls_debug_print_msg( + ssl, level, file, line, + "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ), + mbedtls_ssl_get_extension_name( extension_type ), extension_type ); +} + +void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl, + int level, const char *file, int line, + int hs_msg_type, uint32_t extensions_mask, + const char *extra ) +{ + + for( unsigned i = 0; + i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] ); + i++ ) + { + mbedtls_ssl_print_extension( + ssl, level, file, line, hs_msg_type, extension_type_table[i], + extensions_mask & ( 1 << i ) ? "exists" : "does not exist", extra ); + } +} + +#endif /* MBEDTLS_DEBUG_C */ + void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) { @@ -8744,8 +8983,9 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + return( 0 ); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -8944,6 +9184,11 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, p[6] = MBEDTLS_BYTE_0( protocol_name_len ); memcpy( p + 7, ssl->alpn_chosen, protocol_name_len ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); +#endif + return ( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ac19f63081..9940a0e5ea 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -32,6 +32,7 @@ #include "ssl_misc.h" #include "ssl_client.h" #include "ssl_tls13_keys.h" +#include "ssl_debug_helpers.h" /* Write extensions */ @@ -89,6 +90,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, *out_len = 5 + versions_len; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + return( 0 ); } @@ -359,7 +363,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); cleanup: @@ -512,7 +516,6 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, else return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; return( ret ); } @@ -600,6 +603,8 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, *out_len = handshake->hrr_cookie_len + 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE ); + return( 0 ); } @@ -669,7 +674,10 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, buf[4] = ke_modes_len; *out_len = p - buf; - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; + + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); + return ( 0 ); } @@ -981,8 +989,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf ); - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( 0 ); } @@ -1037,6 +1043,9 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + return( 0 ); } @@ -1109,8 +1118,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; - return( 0 ); } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ @@ -1388,7 +1395,7 @@ static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl, ssl->session_negotiate->tls_version = ssl->tls_version; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ - handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; ret = ssl_server_hello_is_hrr( ssl, buf, end ); switch( ret ) @@ -1498,6 +1505,9 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; int fatal_alert = 0; + uint32_t allowed_extensions_mask; + int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : + MBEDTLS_SSL_HS_SERVER_HELLO; /* * Check there is space for minimal fields @@ -1640,6 +1650,11 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + allowed_extensions_mask = is_hrr ? + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; + while( p < extensions_end ) { unsigned int extension_type; @@ -1654,16 +1669,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, hs_msg_type, extension_type, allowed_extensions_mask ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { case MBEDTLS_TLS_EXT_COOKIE: - if( !is_hrr ) - { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } - ret = ssl_tls13_parse_cookie_ext( ssl, p, extension_data_end ); if( ret != 0 ) @@ -1686,11 +1700,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( is_hrr ) - { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext( ssl, p, extension_data_end ) ) != 0 ) @@ -1726,18 +1735,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, break; default: - MBEDTLS_SSL_DEBUG_MSG( - 3, - ( "unknown extension found: %u ( ignoring )", - extension_type ) ); - - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } p += extension_data_len; } + MBEDTLS_SSL_PRINT_EXTS( 3, hs_msg_type, handshake->received_extensions ); + cleanup: if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ) @@ -1786,21 +1792,21 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) * 3) If only the key_share extension was received then the key * exchange mode is EPHEMERAL-only. */ - switch( handshake->extensions_present & - ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) ) + switch( handshake->received_extensions & + ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ) ) { /* Only the pre_shared_key extension was received */ - case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: + case MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; /* Only the key_share extension was received */ - case MBEDTLS_SSL_EXT_KEY_SHARE: + case MBEDTLS_SSL_EXT_MASK( KEY_SHARE ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; break; /* Both the pre_shared_key and key_share extensions were received */ - case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): + case ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; @@ -1969,6 +1975,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, size_t extensions_len; const unsigned char *p = buf; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -1978,6 +1985,8 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + while( p < extensions_end ) { unsigned int extension_type; @@ -1996,22 +2005,14 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - /* The client MUST check EncryptedExtensions for the - * presence of any forbidden extensions and if any are found MUST abort - * the handshake with an "unsupported_extension" alert. - */ + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) ); - - /* The server_name extension should be an empty extension */ - - break; - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) ); - break; - #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); @@ -2024,17 +2025,18 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "unsupported extension found: %u ", extension_type) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); - return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + MBEDTLS_SSL_PRINT_EXT( + 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + extension_type, "( ignored )" ); + break; } p += extension_data_len; } + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + handshake->received_extensions ); + /* Check that we consumed all the message. */ if( p != end ) { @@ -2140,7 +2142,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, size_t certificate_request_context_len = 0; size_t extensions_len = 0; const unsigned char *extensions_end; - unsigned char sig_alg_ext_found = 0; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; /* ... * opaque certificate_request_context<0..2^8-1> @@ -2156,7 +2158,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context", p, certificate_request_context_len ); - mbedtls_ssl_handshake_params *handshake = ssl->handshake; handshake->certificate_request_context = mbedtls_calloc( 1, certificate_request_context_len ); if( handshake->certificate_request_context == NULL ) @@ -2180,6 +2181,8 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + while( p < extensions_end ) { unsigned int extension_type; @@ -2192,6 +2195,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { case MBEDTLS_TLS_EXT_SIG_ALG: @@ -2201,25 +2210,22 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, p + extension_data_len ); if( ret != 0 ) return( ret ); - if( ! sig_alg_ext_found ) - sig_alg_ext_found = 1; - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Duplicate signature algorithms extensions found" ) ); - goto decode_error; - } + break; default: - MBEDTLS_SSL_DEBUG_MSG( - 3, - ( "unknown extension found: %u ( ignoring )", - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT( + 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + extension_type, "( ignored )" ); break; } + p += extension_data_len; } + + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + handshake->received_extensions ); + /* Check that we consumed all the message. */ if( p != end ) { @@ -2227,8 +2233,12 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, ( "CertificateRequest misaligned" ) ); goto decode_error; } - /* Check that we found signature algorithms extension */ - if( ! sig_alg_ext_found ) + + /* RFC 8446 section 4.3.2 + * + * The "signature_algorithms" extension MUST be specified + */ + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); @@ -2468,14 +2478,17 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { + mbedtls_ssl_handshake_params *handshake = ssl->handshake; const unsigned char *p = buf; - ((void) ssl); + + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; while( p < end ) { unsigned int extension_type; size_t extension_data_len; + int ret; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2484,18 +2497,27 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { - case MBEDTLS_TLS_EXT_EARLY_DATA: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); - break; - default: + MBEDTLS_SSL_PRINT_EXT( + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, + extension_type, "( ignored )" ); break; } + p += extension_data_len; } + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, + handshake->received_extensions ); + return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 48e3675820..f854998893 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -398,6 +398,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, size_t certificate_list_len = 0; const unsigned char *p = buf; const unsigned char *certificate_list_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); certificate_request_context_len = p[0]; @@ -447,6 +448,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, while( p < certificate_list_end ) { size_t cert_data_len, extensions_len; + const unsigned char *extensions_end; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 ); cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 ); @@ -504,7 +506,48 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); - p += extensions_len; + + extensions_end = p + extensions_len; + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + + while( p < extensions_end ) + { + unsigned int extension_type; + size_t extension_data_len; + + /* + * struct { + * ExtensionType extension_type; (2 bytes) + * opaque extension_data<0..2^16-1>; + * } Extension; + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); + extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); + extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); + + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); + if( ret != 0 ) + return( ret ); + + switch( extension_type ) + { + default: + MBEDTLS_SSL_PRINT_EXT( + 3, MBEDTLS_SSL_HS_CERTIFICATE, + extension_type, "( ignored )" ); + break; + } + + p += extension_data_len; + } + + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE, + handshake->received_extensions ); } exit: @@ -512,7 +555,7 @@ exit: if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } @@ -843,6 +886,9 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, *out_len = p - buf; + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions ); + return( 0 ); } @@ -1485,4 +1531,61 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +/* RFC 8446 section 4.2 + * + * If an implementation receives an extension which it recognizes and which is + * not specified for the message in which it appears, it MUST abort the handshake + * with an "illegal_parameter" alert. + * + */ +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ) +{ + uint32_t extension_mask = mbedtls_ssl_get_extension_mask( + received_extension_type ); + + MBEDTLS_SSL_PRINT_EXT( + 3, hs_msg_type, received_extension_type, "received" ); + + if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) + { + MBEDTLS_SSL_PRINT_EXT( + 3, hs_msg_type, received_extension_type, "is illegal" ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + ssl->handshake->received_extensions |= extension_mask; + /* + * If it is a message containing extension responses, check that we + * previously sent the extension. + */ + switch( hs_msg_type ) + { + case MBEDTLS_SSL_HS_SERVER_HELLO: + case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: + case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: + case MBEDTLS_SSL_HS_CERTIFICATE: + /* Check if the received extension is sent by peer message.*/ + if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 ) + return( 0 ); + break; + default: + return( 0 ); + } + + MBEDTLS_SSL_PRINT_EXT( + 3, hs_msg_type, received_extension_type, "is unsupported" ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); +} + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ + diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3762393b96..3cd03108f6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -700,6 +700,8 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u", ssl->handshake->selected_identity ) ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + return( 0 ); } @@ -926,110 +928,69 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C */ -#if defined(MBEDTLS_DEBUG_C) -static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl ) -{ - ((void) ssl); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- KEY_SHARE_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- PRE_SHARED_KEY_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_GROUPS_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ? - "TRUE" : "FALSE" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SUPPORTED_VERSION_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- SERVERNAME_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined ( MBEDTLS_SSL_ALPN ) - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "- ALPN_EXTENSION ( %s )", - ( ( ssl->handshake->extensions_present - & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ? - "TRUE" : "FALSE" ) ); -#endif /* MBEDTLS_SSL_ALPN */ -} -#endif /* MBEDTLS_DEBUG_C */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, int exts_mask ) { - int masked = ssl->handshake->extensions_present & exts_mask; + int masked = ssl->handshake->received_extensions & exts_mask; return( masked == exts_mask ); } +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | - MBEDTLS_SSL_EXT_KEY_SHARE | - MBEDTLS_SSL_EXT_SIG_ALG ) ); + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | + MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) ); } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( mbedtls_ssl_context *ssl ) { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) ); + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { return( ssl_tls13_client_hello_has_exts( ssl, - MBEDTLS_SSL_EXT_SUPPORTED_GROUPS | - MBEDTLS_SSL_EXT_KEY_SHARE | - MBEDTLS_SSL_EXT_PRE_SHARED_KEY | - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) ); + MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | + MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | + MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) ); } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) return( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) ); +#else + ((void) ssl); + return( 0 ); +#endif } MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) && mbedtls_ssl_tls13_psk_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) ); @@ -1042,7 +1003,7 @@ static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) && mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) ); @@ -1289,6 +1250,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *cipher_suites_end; size_t extensions_len; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; int hrr_required = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1297,8 +1259,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *pre_shared_key_ext_end = NULL; #endif - ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; - /* * ClientHello layout: * 0 . 1 protocol version @@ -1356,7 +1316,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); - memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; /* ... @@ -1426,13 +1386,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, continue; ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; + handshake->ciphersuite_info = ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", cipher_suite, ciphersuite_info->name ) ); } - if( ssl->handshake->ciphersuite_info == NULL ) + if( handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); @@ -1468,27 +1428,29 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len ); + handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + while( p < extensions_end ) { unsigned int extension_type; size_t extension_data_len; const unsigned char *extension_data_end; - /* RFC 8446, page 57 + /* RFC 8446, section 4.2.11 * * The "pre_shared_key" extension MUST be the last extension in the * ClientHello (this facilitates implementation as described below). * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) + if( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); @@ -1499,6 +1461,12 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); + if( ret != 0 ) + return( ret ); + switch( extension_type ) { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -1512,7 +1480,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, 1, "mbedtls_ssl_parse_servername_ext", ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME; break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ @@ -1535,7 +1502,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; break; #endif /* MBEDTLS_ECDH_C */ @@ -1565,7 +1531,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; break; #endif /* MBEDTLS_ECDH_C */ @@ -1580,7 +1545,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ( "ssl_tls13_parse_supported_versions_ext" ), ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS; break; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1596,19 +1560,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; break; #endif case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( ( ssl->handshake->extensions_present & - MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) + if( ( handshake->received_extensions & + MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Delay processing of the PSK identity once we have @@ -1617,8 +1580,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, */ pre_shared_key_ext = p; pre_shared_key_ext_end = extension_data_end; -#endif - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ break; #if defined(MBEDTLS_SSL_ALPN) @@ -1632,7 +1594,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, 1, ( "mbedtls_ssl_parse_alpn_ext" ), ret ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN; break; #endif /* MBEDTLS_SSL_ALPN */ @@ -1649,23 +1610,21 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ret ) ); return( ret ); } - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; break; #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %ud ( ignoring )", - extension_type ) ); + MBEDTLS_SSL_PRINT_EXT( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, + extension_type, "( ignored )" ); + break; } p += extension_data_len; } -#if defined(MBEDTLS_DEBUG_C) - /* List all the extensions we have received */ - ssl_tls13_debug_print_client_hello_exts( ssl ); -#endif /* MBEDTLS_DEBUG_C */ + MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO, + handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -1679,9 +1638,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) + ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) ) { - ssl->handshake->update_checksum( ssl, buf, + handshake->update_checksum( ssl, buf, pre_shared_key_ext - buf ); ret = ssl_tls13_parse_pre_shared_key_ext( ssl, pre_shared_key_ext, @@ -1690,26 +1649,26 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ); } else if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_tls13_parse_pre_shared_key_ext" ), - ret ); + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_pre_shared_key_ext" , ret ); return( ret ); } } else #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ { - ssl->handshake->update_checksum( ssl, buf, p - buf ); + handshake->update_checksum( ssl, buf, p - buf ); } ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); - mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info ); return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); } @@ -1856,6 +1815,9 @@ static int ssl_tls13_write_server_hello_supported_versions_ext( *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + return( 0 ); } @@ -1962,6 +1924,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); } @@ -2026,6 +1990,8 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl, *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); } @@ -2054,6 +2020,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, size_t output_len; *out_len = 0; + ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; /* ... * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 @@ -2179,6 +2146,11 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len ); + MBEDTLS_SSL_PRINT_EXTS( + 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : + MBEDTLS_SSL_HS_SERVER_HELLO, + ssl->handshake->sent_extensions ); + return( ret ); } @@ -2363,6 +2335,9 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions ); + return( 0 ); } @@ -2492,6 +2467,9 @@ static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl, *out_len = p - buf; + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions ); + return( 0 ); } @@ -2877,6 +2855,8 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, * Note: We currently don't have any extensions. * Set length to zero. */ + ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( 0, p, 0 ); p += 2; @@ -2885,6 +2865,9 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions ); + return( 0 ); } diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 4f62ed69bf..974d513d8e 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -18,228 +18,8 @@ # limitations under the License. # -get_srv_psk_list () -{ - case $(( TESTS % 3 )) in - 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; - 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; - 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; - esac -} - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ - "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 0" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -S "ticket is not authentic" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ - "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -s "ticket is not authentic" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -s "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -s "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -s "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ - MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ - "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket start time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_gnutls_tls1_3 -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" +# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by +# scripts in future(#6280) requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh new file mode 100755 index 0000000000..4ad6faa48f --- /dev/null +++ b/tests/opt-testcases/tls13-misc.sh @@ -0,0 +1,284 @@ +#!/bin/sh + +# tls13-misc.sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched ciphersuite" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ + -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "No matched ciphersuite" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 0" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -S "ticket is not authentic" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ + "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 2" \ + -s "sent selected_identity: 1" \ + -s "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: ephemeral$" \ + -s "ticket is not authentic" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -s "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -s "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -s "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -s "Ticket age exceeds limitation" \ + -S "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -s "Ticket age outside tolerance window" + +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \ + MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ + MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ + "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ + 0 \ + -c "Pre-configured PSK number = 1" \ + -S "sent selected_identity:" \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: psk$" \ + -S "ticket is not authentic" \ + -S "ticket is expired" \ + -S "Invalid ticket start time" \ + -S "Ticket age exceeds limitation" \ + -s "Ticket age outside tolerance window" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 1 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -S "Found PSK KEX MODE" \ + -S "key exchange mode: psk$" \ + -S "key exchange mode: psk_ephemeral" \ + -S "key exchange mode: ephemeral" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "found psk key exchange modes extension" \ + -s "found pre_shared_key extension" \ + -s "Found PSK_EPHEMERAL KEX MODE" \ + -s "Found PSK KEX MODE" \ + -s "key exchange mode: psk_ephemeral$" + +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ + "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ + localhost" \ + 0 \ + -s "key exchange mode: ephemeral$" + diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fc892a18bc..9eb925aa16 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1024,6 +1024,16 @@ is_gnutls() { esac } +# Generate random psk_list argument for ssl_server2 +get_srv_psk_list () +{ + case $(( TESTS % 3 )) in + 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; + 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; + 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; + esac +} + # Determine what calc_verify trace is to be expected, if any. # # calc_verify is only called for two things: to calculate the