diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt new file mode 100644 index 0000000000..3562b85044 --- /dev/null +++ b/ChangeLog.d/add-record-size-limit-extension-support.txt @@ -0,0 +1,5 @@ +Features + * Add support for record size limit extension as defined by RFC 8449 + and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. + Application data sent and received will be fragmented according to + Record size limits negotiated during handshake. diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 8415f3e5f5..5dd331c765 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -65,6 +65,7 @@ #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED #undef MBEDTLS_SSL_EARLY_DATA +#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a0724e0a74..96afe7628d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2704,12 +2704,18 @@ int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) #define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2) -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) +#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) /* As defined in RFC 8449 */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end); + +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len); #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_SSL_ALPN) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 444df7673d..2470b7bef4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3521,15 +3521,15 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) if (ssl->transform_out != NULL && ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* RFC 8449, section 4: - * - * This value [record_size_limit] is the length of the plaintext - * of a protected record. - * The value includes the content type and padding added in TLS 1.3 - * (that is, the complete length of TLSInnerPlaintext). - * - * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * and subtract 1 (for the content type that will be added later) + /* + * In TLS 1.3 case, when records are protected, `max_len` as computed + * above is the maximum length of the TLSInnerPlaintext structure that + * along the plaintext payload contains the inner content type (one byte) + * and some zero padding. Given the algorithm used for padding + * in mbedtls_ssl_encrypt_buf(), compute the maximum length for + * the plaintext payload. Round down to a multiple of + * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY and + * subtract 1. */ max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index dac6bfcd8d..5c668bdf29 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1160,6 +1160,15 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, } p += ext_len; +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; +#endif + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index ecfaf8a1a9..47fa65c188 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1698,6 +1698,7 @@ int mbedtls_ssl_tls13_check_received_extension( } #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + /* RFC 8449, section 4: * * The ExtensionData of the "record_size_limit" extension is @@ -1738,6 +1739,8 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, * as a fatal error and generate an "illegal_parameter" alert. */ if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", + record_size_limit)); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); @@ -1749,6 +1752,36 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return 0; } +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *out_len) +{ + unsigned char *p = buf; + *out_len = 0; + + MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN, + "MBEDTLS_SSL_IN_CONTENT_LEN is less than the " + "minimum record size limit"); + + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); + + MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, + p, 2); + MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4); + + *out_len = 6; + + MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %d Bytes", + MBEDTLS_SSL_IN_CONTENT_LEN)); + + mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); + + return 0; +} + #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5aa3870704..6e2866a112 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2540,6 +2540,17 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_EARLY_DATA */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { + ret = mbedtls_ssl_tls13_write_record_size_limit_ext( + ssl, p, end, &output_len); + if (ret != 0) { + return ret; + } + p += output_len; + } +#endif + extensions_len = (p - p_extensions_len) - 2; MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); diff --git a/scripts/config.py b/scripts/config.py index d5fb85e52d..ab0e5ea6e8 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -207,7 +207,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient - 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c298119cff..44930d28b5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5646,6 +5646,7 @@ support_build_armcc () { component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" scripts/config.py set MBEDTLS_SSL_EARLY_DATA + scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" @@ -5808,18 +5809,6 @@ component_test_tls13_no_compatibility_mode () { tests/ssl-opt.sh } -component_test_tls13_only_record_size_limit () { - msg "build: TLS 1.3 only from default, record size limit extension enabled" - scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)" - tests/ssl-opt.sh -} - component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2d34f9005f..26c5a796fb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4836,8 +4836,9 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ @@ -4849,28 +4850,30 @@ run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit -requires_gnutls_next_disable_tls13_compat +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ - -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" -# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send -# a response in its EncryptedExtensions record. -# -c "RecordSizeLimit: 16385 Bytes" + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "EncryptedExtensions: record_size_limit(28) extension received." \ + -c "RecordSizeLimit: 16385 Bytes" \ -# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the -# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". -# There is currently a lower limit of 512, caused by this function not respecting the -# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function -# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size. +# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the +# maximum record size using gnutls_record_set_max_size() +# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size). +# There is currently a lower limit of 512, caused by gnutls_record_set_max_size() +# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the +# more recent function gnutls_record_set_max_recv_size() +# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size). # There is currently an upper limit of 4096, caused by the cli arg parser: # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. -# Thus, these tests are currently limit to that value range. -# Moreover, the value sent in the extension is expected to be larger by one compared -# to the value passed on the cli: +# Thus, these tests are currently limited to the value range 512-4096. +# Also, the value sent in the extension will be one larger than the value +# set at the command line: # https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 # Currently test certificates being used do not fit in 513 record size limit @@ -4886,10 +4889,13 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ response_size=256" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "256 bytes written in 1 fragments" @@ -4906,6 +4912,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "768 bytes written in 2 fragments" @@ -4922,6 +4931,9 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ 0 \ -s "RecordSizeLimit: 513 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 511" \ -s "1280 bytes written in 3 fragments" @@ -4936,6 +4948,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "512 bytes written in 1 fragments" @@ -4950,6 +4964,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "1536 bytes written in 2 fragments" @@ -4964,6 +4980,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 1024 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 1023" \ -s "2560 bytes written in 3 fragments" @@ -4978,6 +4996,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "2048 bytes written in 1 fragments" @@ -4992,6 +5012,8 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "6144 bytes written in 2 fragments" @@ -5006,11 +5028,181 @@ run_test "Record Size Limit: TLS 1.3: Server complies with record size limit 0 \ -s "RecordSizeLimit: 4096 Bytes" \ -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Sent RecordSizeLimit: 16384 Bytes" \ + -s "EncryptedExtensions: record_size_limit(28) extension exists." \ -s "Maximum outgoing record payload length is 4095" \ -s "10240 bytes written in 3 fragments" +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "256 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "768 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 513 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 511" \ + -c "1280 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "512 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "1536 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 1024 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 1023" \ + -c "2560 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "2048 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "6144 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ + "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ + 0 \ + -c "Sent RecordSizeLimit: 16384 Bytes" \ + -c "ClientHello: record_size_limit(28) extension exists." \ + -c "RecordSizeLimit: 4096 Bytes" \ + -c "EncryptedExtensions: record_size_limit(28) extension exists." \ + -c "Maximum outgoing record payload length is 4095" \ + -c "10240 bytes written in 3 fragments" + +# TODO: For time being, we send fixed value of RecordSizeLimit defined by +# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of +# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. +requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384 +requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \ + "$P_SRV debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ + -s "Maximum outgoing record payload length is 16383" \ + -s "Maximum incoming record payload length is 16384" + +# End of Record size limit tests + # Tests for renegotiation +# G_NEXT_SRV is used in renegotiation tests becuase of the increased +# extensions limit since we exceed the limit in G_SRV when we send +# TLS 1.3 extensions in the initial handshake. + # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION run_test "Renegotiation: none, for reference" \ "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ @@ -5341,7 +5533,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server strict, client-initiated" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ @@ -5355,7 +5547,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 1 \ -c "client hello, adding renegotiation extension" \ @@ -5369,7 +5561,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=0" \ 1 \ @@ -5384,7 +5576,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=1" \ 0 \ @@ -5445,7 +5637,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ - "$G_SRV -u --mtu 4096" \ + "$G_NEXT_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ @@ -5460,7 +5652,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ 0 \ -c "found renegotiation extension" \ @@ -5470,7 +5662,7 @@ run_test "Renego ext: gnutls server strict, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ 0 \ -C "found renegotiation extension" \ @@ -5480,7 +5672,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 allow_legacy=-1" \ 1 \ -C "found renegotiation extension" \