mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-04 15:39:53 +00:00
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
e0e161b54a
@ -304,15 +304,26 @@
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for ECDH dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_HAVE_FULL_ECDH)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || \
|
||||
!defined(MBEDTLS_PK_HAVE_ECDSA) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
@ -1100,6 +1111,7 @@
|
||||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_ECDSA
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_PK_HAVE_ECDH
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
|
||||
@ -853,6 +853,11 @@ extern "C" {
|
||||
#define PSA_HAVE_FULL_JPAKE 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define PSA_HAVE_FULL_ECDH 1
|
||||
#endif
|
||||
|
||||
/* These features are always enabled. */
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_PASSWORD 1
|
||||
|
||||
@ -193,6 +193,12 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Symbol for ECDH capabilities, no matter how it is provided */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_HAVE_FULL_ECDH)) || \
|
||||
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
||||
#define MBEDTLS_PK_CAN_ECDH
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
||||
@ -4220,7 +4220,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
|
||||
mbedtls_ssl_buffering_free(ssl);
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) && \
|
||||
#if defined(MBEDTLS_PK_CAN_ECDH) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
|
||||
@ -2255,8 +2255,6 @@ config_psa_crypto_config_ecdh_use_psa () {
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
fi
|
||||
# Disable things that depend on it (regardless of driver or built-in)
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
|
||||
@ -284,6 +284,12 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
||||
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
|
||||
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() {
|
||||
if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2
|
||||
then
|
||||
@ -368,48 +374,66 @@ requires_ciphersuite_enabled() {
|
||||
# - $1 = command line (call to a TLS client or server program)
|
||||
# - $2 = client/server
|
||||
# - $3 = TLS version (TLS12 or TLS13)
|
||||
# - $4 = run test options
|
||||
# - $4 = Use an external tool without ECDH support
|
||||
# - $5 = run test options
|
||||
detect_required_features() {
|
||||
case "$1" in
|
||||
CMD_LINE=$1
|
||||
ROLE=$2
|
||||
TLS_VERSION=$3
|
||||
EXT_WO_ECDH=$4
|
||||
TEST_OPTIONS=${5:-}
|
||||
|
||||
case "$CMD_LINE" in
|
||||
*\ force_version=*)
|
||||
tmp="${1##*\ force_version=}"
|
||||
tmp="${CMD_LINE##*\ force_version=}"
|
||||
tmp="${tmp%%[!-0-9A-Z_a-z]*}"
|
||||
requires_protocol_version "$tmp";;
|
||||
esac
|
||||
|
||||
case "$1" in
|
||||
case "$CMD_LINE" in
|
||||
*\ force_ciphersuite=*)
|
||||
tmp="${1##*\ force_ciphersuite=}"
|
||||
tmp="${CMD_LINE##*\ force_ciphersuite=}"
|
||||
tmp="${tmp%%[!-0-9A-Z_a-z]*}"
|
||||
requires_ciphersuite_enabled "$tmp";;
|
||||
esac
|
||||
|
||||
case " $1 " in
|
||||
case " $CMD_LINE " in
|
||||
*[-_\ =]tickets=[^0]*)
|
||||
requires_config_enabled MBEDTLS_SSL_TICKET_C;;
|
||||
esac
|
||||
case " $1 " in
|
||||
case " $CMD_LINE " in
|
||||
*[-_\ =]alpn=*)
|
||||
requires_config_enabled MBEDTLS_SSL_ALPN;;
|
||||
esac
|
||||
|
||||
case "$1" in
|
||||
case "$CMD_LINE" in
|
||||
*server5*|\
|
||||
*server7*|\
|
||||
*dir-maxpath*)
|
||||
if [ "$3" = "TLS13" ]; then
|
||||
if [ "$TLS_VERSION" = "TLS13" ]; then
|
||||
# In case of TLS13 the support for ECDSA is enough
|
||||
requires_pk_alg "ECDSA"
|
||||
else
|
||||
# For TLS12 requirements are different between server and client
|
||||
if [ "$2" = "server" ]; then
|
||||
if [ "$ROLE" = "server" ]; then
|
||||
# If the server uses "server5*" certificates, then an ECDSA based
|
||||
# key exchange is required
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
elif [ "$2" = "client" ]; then
|
||||
# Otherwise for the client it is enough to have any certificate
|
||||
# based authentication + support for ECDSA
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
# key exchange is required. However gnutls also does not
|
||||
# support ECDH, so this limit the choice to ECDHE-ECDSA
|
||||
if [ "$EXT_WO_ECDH" = "yes" ]; then
|
||||
requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
else
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
fi
|
||||
elif [ "$ROLE" = "client" ]; then
|
||||
# On the client side it is enough to have any certificate
|
||||
# based authentication together with support for ECDSA.
|
||||
# Of course the GnuTLS limitation mentioned above applies
|
||||
# also here.
|
||||
if [ "$EXT_WO_ECDH" = "yes" ]; then
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH
|
||||
else
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
fi
|
||||
requires_pk_alg "ECDSA"
|
||||
fi
|
||||
fi
|
||||
@ -1102,6 +1126,28 @@ is_gnutls() {
|
||||
esac
|
||||
}
|
||||
|
||||
# Some external tools (gnutls or openssl) might not have support for static ECDH
|
||||
# and this limit the tests that can be run with them. This function checks server
|
||||
# and client command lines, given as input, to verify if the current test
|
||||
# is using one of these tools.
|
||||
use_ext_tool_without_ecdh_support() {
|
||||
case "$1" in
|
||||
*$GNUTLS_SERV*|\
|
||||
*${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\
|
||||
*${OPENSSL_NEXT:-"openssl-dummy"}*)
|
||||
echo "yes"
|
||||
return;;
|
||||
esac
|
||||
case "$2" in
|
||||
*$GNUTLS_CLI*|\
|
||||
*${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\
|
||||
*${OPENSSL_NEXT:-"openssl-dummy"}*)
|
||||
echo "yes"
|
||||
return;;
|
||||
esac
|
||||
echo "no"
|
||||
}
|
||||
|
||||
# Generate random psk_list argument for ssl_server2
|
||||
get_srv_psk_list ()
|
||||
{
|
||||
@ -1528,8 +1574,12 @@ run_test() {
|
||||
# If the client or server requires certain features that can be detected
|
||||
# from their command-line arguments, check that they're enabled.
|
||||
TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
|
||||
detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@"
|
||||
detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@"
|
||||
|
||||
# Check if we are trying to use an external tool wich does not support ECDH
|
||||
EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
|
||||
|
||||
detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
|
||||
detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
|
||||
|
||||
# If we're in a PSK-only build and the test can be adapted to PSK, do that.
|
||||
maybe_adapt_for_psk "$@"
|
||||
@ -9468,7 +9518,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "DTLS reassembly: some fragmentation (openssl server)" \
|
||||
"$O_SRV -dtls -mtu 768" \
|
||||
"$O_SRV -dtls -mtu 256" \
|
||||
"$P_CLI dtls=1 debug_level=2" \
|
||||
0 \
|
||||
-c "found fragmented DTLS handshake message" \
|
||||
|
||||
@ -440,39 +440,39 @@ depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Sending app data via TLS, MFL=512 without fragmentation
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user