diff --git a/CMakeLists.txt b/CMakeLists.txt index 0ae85fe52bcb..0e94ba5e7a87 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -121,38 +121,33 @@ endif() # Create a symbolic link from ${base_name} in the binary directory # to the corresponding path in the source directory. +# Note: Copies the file(s) on Windows. function(link_to_source base_name) - # Get OS dependent path to use in `execute_process` - if (CMAKE_HOST_WIN32) - #mklink is an internal command of cmd.exe it can only work with \ - string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") - string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") - else() - set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") - set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") - endif() + set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") + set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") # Linking to non-existent file is not desirable. At best you will have a # dangling link, but when building in tree, this can create a symbolic link # to itself. if (EXISTS ${target} AND NOT EXISTS ${link}) if (CMAKE_HOST_UNIX) - set(command ln -s ${target} ${link}) + execute_process(COMMAND ln -s ${target} ${link} + RESULT_VARIABLE result + ERROR_VARIABLE output) + + if (NOT ${result} EQUAL 0) + message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") + endif() else() if (IS_DIRECTORY ${target}) - set(command cmd.exe /c mklink /j ${link} ${target}) + file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*") + foreach(file IN LISTS files) + configure_file("${target}/${file}" "${link}/${file}" COPYONLY) + endforeach(file) else() - set(command cmd.exe /c mklink /h ${link} ${target}) + configure_file(${target} ${link} COPYONLY) endif() endif() - - execute_process(COMMAND ${command} - RESULT_VARIABLE result - ERROR_VARIABLE output) - - if (NOT ${result} EQUAL 0) - message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") - endif() endif() endfunction(link_to_source) diff --git a/ChangeLog.d/ecjpake_to_pms.txt b/ChangeLog.d/ecjpake_to_pms.txt new file mode 100644 index 000000000000..4dd2075de06d --- /dev/null +++ b/ChangeLog.d/ecjpake_to_pms.txt @@ -0,0 +1,5 @@ +API changes + * Add an ad-hoc key derivation function handling ECJPAKE to PMS + calculation that can be used to derive the session secret in TLS 1.2, + as described in draft-cragie-tls-ecjpake-01. This can be achieved by + using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm. diff --git a/ChangeLog.d/fix_hard_link_across_drives b/ChangeLog.d/fix_hard_link_across_drives new file mode 100644 index 000000000000..0c55c3038b5d --- /dev/null +++ b/ChangeLog.d/fix_hard_link_across_drives @@ -0,0 +1,3 @@ +Bugfix + * Fix a build issue on Windows where the source and build directory could not be on + different drives (#5751). diff --git a/ChangeLog.d/tls13_sig_alg_selection.txt b/ChangeLog.d/tls13_sig_alg_selection.txt new file mode 100644 index 000000000000..8857750b47dc --- /dev/null +++ b/ChangeLog.d/tls13_sig_alg_selection.txt @@ -0,0 +1,3 @@ +Features + * Add support for opaque keys as the private keys associated to certificates + for authentication in TLS 1.3. diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 2609787bacc6..5b27dda2a7d9 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -237,6 +237,12 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ #endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */ +#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ + #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 @@ -721,6 +727,11 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif + #if defined(MBEDTLS_CHACHA20_C) #define PSA_WANT_KEY_TYPE_CHACHA20 1 #define PSA_WANT_ALG_STREAM_CIPHER 1 diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 9011a5596aa4..5ab4fdef3a34 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -89,6 +89,8 @@ #define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 + /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. * Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_XTS 1 diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 1024d6b918a1..231ea624a7cc 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -239,6 +239,15 @@ */ #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128 +/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input, + * which is expected to work with P-256 curve only. */ +#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65 + +/* The size of a serialized K.X coordinate to be used in + * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256 + * curve. */ +#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32 + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 957b4c611372..afba32502228 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -202,6 +202,12 @@ typedef struct #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) +typedef struct +{ + uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE]; +} psa_tls12_ecjpake_to_pms_t; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -266,6 +272,9 @@ struct psa_key_derivation_s #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf); +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif } MBEDTLS_PRIVATE(ctx); }; diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5e6e5e352c95..b465ddb14c55 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2021,6 +2021,20 @@ #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +/* The TLS 1.2 ECJPAKE-to-PMS KDF. It takes the shared secret K (an EC point + * in case of EC J-PAKE) and calculates SHA256(K.X) that the rest of TLS 1.2 + * will use to derive the session secret, as defined by step 2 of + * https://datatracker.ietf.org/doc/html/draft-cragie-tls-ecjpake-01#section-8.7. + * Uses PSA_ALG_SHA_256. + * This function takes a single input: + * #PSA_KEY_DERIVATION_INPUT_SECRET is the shared secret K from EC J-PAKE. + * The only supported curve is secp256r1 (the 256-bit curve in + * #PSA_ECC_FAMILY_SECP_R1), so the input must be exactly 65 bytes. + * The output has to be read as a single chunk of 32 bytes, defined as + * PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE. + */ +#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t)0x08000609) + /* This flag indicates whether the key derivation algorithm is suitable for * use on low-entropy secrets such as password - these algorithms are also * known as key stretching or password hashing schemes. These are also the diff --git a/library/chachapoly.c b/library/chachapoly.c index dc75b2030a48..1f75528c00e1 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -39,12 +39,6 @@ #if !defined(MBEDTLS_CHACHAPOLY_ALT) -/* Parameter validation macros */ -#define CHACHAPOLY_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) -#define CHACHAPOLY_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - #define CHACHAPOLY_STATE_INIT ( 0 ) #define CHACHAPOLY_STATE_AAD ( 1 ) #define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */ @@ -91,8 +85,6 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) { - CHACHAPOLY_VALIDATE( ctx != NULL ); - mbedtls_chacha20_init( &ctx->chacha20_ctx ); mbedtls_poly1305_init( &ctx->poly1305_ctx ); ctx->aad_len = 0U; @@ -118,8 +110,6 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, const unsigned char key[32] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( key != NULL ); ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); @@ -132,8 +122,6 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char poly1305_key[64]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); /* Set counter = 0, will be update to 1 when generating Poly1305 key */ ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); @@ -170,9 +158,6 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, const unsigned char *aad, size_t aad_len ) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - if( ctx->state != CHACHAPOLY_STATE_AAD ) return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); @@ -187,9 +172,6 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) @@ -237,8 +219,6 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char len_block[16]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( mac != NULL ); if( ctx->state == CHACHAPOLY_STATE_INIT ) { @@ -314,13 +294,6 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, unsigned char *output, unsigned char tag[16] ) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); - return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, length, nonce, aad, aad_len, input, output, tag ) ); @@ -339,12 +312,6 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, unsigned char check_tag[16]; size_t i; int diff; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); if( ( ret = chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index c74437e7de1d..e60e6661620d 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -93,4 +93,9 @@ #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #endif +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \ + !defined(PSA_WANT_ALG_SHA_256) +#error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites" +#endif + #endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */ diff --git a/library/dhm.c b/library/dhm.c index 1e95bdab0398..1ba533907419 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -55,11 +55,6 @@ #if !defined(MBEDTLS_DHM_ALT) -#define DHM_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA ) -#define DHM_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - /* * helper to validate the mbedtls_mpi size and import it */ @@ -120,7 +115,6 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) { - DHM_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); } @@ -173,9 +167,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, const unsigned char *end ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( p != NULL && *p != NULL ); - DHM_VALIDATE_RET( end != NULL ); if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || @@ -252,10 +243,6 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, int ret; size_t n1, n2, n3; unsigned char *p; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); ret = dhm_make_common( ctx, x_size, f_rng, p_rng ); if( ret != 0 ) @@ -300,9 +287,6 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *G ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( P != NULL ); - DHM_VALIDATE_RET( G != NULL ); if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) @@ -320,8 +304,6 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( input != NULL ); if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); @@ -341,9 +323,6 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, void *p_rng ) { int ret; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); @@ -440,9 +419,6 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GYb; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); if( f_rng == NULL ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); @@ -518,9 +494,6 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, mbedtls_pem_context pem; #endif /* MBEDTLS_PEM_PARSE_C */ - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( dhmin != NULL ); - #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); @@ -667,8 +640,6 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( path != NULL ); if( ( ret = load_file( path, &buf, &n ) ) != 0 ) return( ret ); diff --git a/library/pk.c b/library/pk.c index 5dd0fa832d6d..8dc19ef99b78 100644 --- a/library/pk.c +++ b/library/pk.c @@ -46,19 +46,11 @@ #include #include -/* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - /* * Initialise a mbedtls_pk_context */ void mbedtls_pk_init( mbedtls_pk_context *ctx ) { - PK_VALIDATE( ctx != NULL ); - ctx->pk_info = NULL; ctx->pk_ctx = NULL; } @@ -83,7 +75,6 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) */ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) { - PK_VALIDATE( ctx != NULL ); ctx->pk_info = NULL; ctx->rs_ctx = NULL; } @@ -137,7 +128,6 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) */ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) { - PK_VALIDATE_RET( ctx != NULL ); if( info == NULL || ctx->pk_info != NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -200,7 +190,6 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, mbedtls_rsa_alt_context *rsa_alt; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; - PK_VALIDATE_RET( ctx != NULL ); if( ctx->pk_info != NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -404,10 +393,8 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL ) + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) @@ -462,10 +449,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL ) + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -588,13 +573,10 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_pk_restart_ctx *rs_ctx ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL ) + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - if( ctx->pk_info == NULL || - pk_hashlen_helper( md_alg, &hash_len ) != 0 ) + if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -707,11 +689,6 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); - if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -730,11 +707,6 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); - if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -753,9 +725,6 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( pub != NULL ); - PK_VALIDATE_RET( prv != NULL ); - if( pub->pk_info == NULL || prv->pk_info == NULL ) { @@ -800,7 +769,6 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) */ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) { - PK_VALIDATE_RET( ctx != NULL ); if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/library/pkparse.c b/library/pkparse.c index 73d59a6bbe98..2a9a55862712 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -56,12 +56,6 @@ #define mbedtls_free free #endif -/* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. @@ -75,10 +69,6 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) FILE *f; long size; - PK_VALIDATE_RET( path != NULL ); - PK_VALIDATE_RET( buf != NULL ); - PK_VALIDATE_RET( n != NULL ); - if( ( f = fopen( path, "rb" ) ) == NULL ) return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); @@ -133,9 +123,6 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); @@ -160,9 +147,6 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) return( ret ); @@ -620,11 +604,6 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( end != NULL ); - PK_VALIDATE_RET( pk != NULL ); - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { @@ -1217,10 +1196,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( pk != NULL ); if( keylen == 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); @@ -1436,10 +1413,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( ctx != NULL ); if( keylen == 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL || keylen == 0 ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); diff --git a/library/pkwrite.c b/library/pkwrite.c index 8b99340507e5..4d87b07efe02 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -59,12 +59,6 @@ #define mbedtls_free free #endif -/* Parameter validation macros based on platform_util.h */ -#define PK_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) -#define PK_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - #if defined(MBEDTLS_RSA_C) /* * RSAPublicKey ::= SEQUENCE { @@ -182,11 +176,6 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( start != NULL ); - PK_VALIDATE_RET( key != NULL ); - #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); @@ -233,10 +222,8 @@ int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *b mbedtls_pk_type_t pk_type; const char *oid; - PK_VALIDATE_RET( key != NULL ); if( size == 0 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); c = buf + size; @@ -333,10 +320,8 @@ int mbedtls_pk_write_key_der( const mbedtls_pk_context *key, unsigned char *buf, unsigned char *c; size_t len = 0; - PK_VALIDATE_RET( key != NULL ); if( size == 0 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); c = buf + size; @@ -500,9 +485,6 @@ int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *b unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); - if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) { @@ -526,9 +508,6 @@ int mbedtls_pk_write_key_pem( const mbedtls_pk_context *key, unsigned char *buf, const char *begin, *end; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); - if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) return( ret ); diff --git a/library/poly1305.c b/library/poly1305.c index 7375a0c5728f..f0d4cb63f823 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -44,12 +44,6 @@ #define inline __inline #endif -/* Parameter validation macros */ -#define POLY1305_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) -#define POLY1305_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) /* @@ -258,8 +252,6 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) { - POLY1305_VALIDATE( ctx != NULL ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); } @@ -274,9 +266,6 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, const unsigned char key[32] ) { - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( key != NULL ); - /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU; ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU; @@ -310,8 +299,6 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, size_t remaining = ilen; size_t queue_free_len; size_t nblocks; - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) { @@ -369,9 +356,6 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, unsigned char mac[16] ) { - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); - /* Process any leftover data */ if( ctx->queue_len > 0U ) { @@ -400,9 +384,6 @@ int mbedtls_poly1305_mac( const unsigned char key[32], { mbedtls_poly1305_context ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - POLY1305_VALIDATE_RET( key != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); mbedtls_poly1305_init( &ctx ); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4a0bd833166e..38b49cb0a1bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4245,7 +4245,8 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) #if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ @@ -4352,6 +4353,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) + { + mbedtls_platform_zeroize( operation->ctx.tls12_ecjpake_to_pms.data, + sizeof( operation->ctx.tls12_ecjpake_to_pms.data ) ); + } + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ { status = PSA_ERROR_BAD_STATE; } @@ -4633,6 +4642,31 @@ static psa_status_t psa_key_derivation_tls12_prf_read( #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) +static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read( + psa_tls12_ecjpake_to_pms_t *ecjpake, + uint8_t *output, + size_t output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t output_size = 0; + + if( output_length != 32 ) + return ( PSA_ERROR_INVALID_ARGUMENT ); + + status = psa_hash_compute( PSA_ALG_SHA_256, ecjpake->data, + PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE, output, output_length, + &output_size ); + if( status != PSA_SUCCESS ) + return ( status ); + + if( output_size != output_length ) + return ( PSA_ERROR_GENERIC_ERROR ); + + return ( PSA_SUCCESS ); +} +#endif + psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, uint8_t *output, @@ -4687,6 +4721,15 @@ psa_status_t psa_key_derivation_output_bytes( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) + { + status = psa_key_derivation_tls12_ecjpake_to_pms_read( + &operation->ctx.tls12_ecjpake_to_pms, output, output_length ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ + { (void) kdf_alg; return( PSA_ERROR_BAD_STATE ); @@ -5078,6 +5121,10 @@ static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) return( 1 ); +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) + return( 1 ); #endif return( 0 ); } @@ -5102,19 +5149,26 @@ static psa_status_t psa_key_derivation_setup_kdf( if( ! is_kdf_alg_supported( kdf_alg ) ) return( PSA_ERROR_NOT_SUPPORTED ); - /* All currently supported key derivation algorithms are based on a - * hash algorithm. */ + /* All currently supported key derivation algorithms (apart from + * ecjpake to pms) are based on a hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - if( hash_size == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if( kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS ) + { + if( hash_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); - /* Make sure that hash_alg is a supported hash algorithm. Otherwise - * we might fail later, which is somewhat unfriendly and potentially - * risk-prone. */ - psa_status_t status = psa_hash_try_support( hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + psa_status_t status = psa_hash_try_support( hash_alg ); + if( status != PSA_SUCCESS ) + return( status ); + } + else + { + hash_size = PSA_HASH_LENGTH( PSA_ALG_SHA_256 ); + } if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && @@ -5122,11 +5176,14 @@ static psa_status_t psa_key_derivation_setup_kdf( { return( PSA_ERROR_NOT_SUPPORTED ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) - if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || + ( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) ) operation->capacity = hash_size; else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } @@ -5515,6 +5572,29 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) +static psa_status_t psa_tls12_ecjpake_to_pms_input( + psa_tls12_ecjpake_to_pms_t *ecjpake, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length ) +{ + if( data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE || + step != PSA_KEY_DERIVATION_INPUT_SECRET ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + /* Check if the passed point is in an uncompressed form */ + if( data[0] != 0x04 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Only K.X has to be extracted - bytes 1 to 32 inclusive. */ + memcpy( ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE ); + + return( PSA_SUCCESS ); +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. * @@ -5593,6 +5673,14 @@ static psa_status_t psa_key_derivation_input_internal( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) + { + status = psa_tls12_ecjpake_to_pms_input( + &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ { /* This can't happen unless the operation object was not initialized */ (void) data; diff --git a/library/rsa.c b/library/rsa.c index e59755534f67..4df240abf3ee 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -74,19 +74,12 @@ #if !defined(MBEDTLS_RSA_ALT) -/* Parameter validation macros */ -#define RSA_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) -#define RSA_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( ctx != NULL ); if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || @@ -111,7 +104,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *E, size_t E_len ) { int ret = 0; - RSA_VALIDATE_RET( ctx != NULL ); if( N != NULL ) { @@ -241,8 +233,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) #endif int n_missing, pq_missing, d_missing, is_pub, is_priv; - RSA_VALIDATE_RET( ctx != NULL ); - have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); @@ -345,7 +335,6 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, { int ret = 0; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ is_priv = @@ -390,7 +379,6 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ is_priv = @@ -434,7 +422,6 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); /* Check if key is private or public */ is_priv = @@ -471,8 +458,6 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx ) { - RSA_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); ctx->padding = MBEDTLS_RSA_PKCS_V15; @@ -549,8 +534,6 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi H, G, L; int prime_quality = 0; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( f_rng != NULL ); /* * If the modulus is 1024 bit long or shorter, then the security strength of @@ -663,8 +646,6 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - RSA_VALIDATE_RET( ctx != NULL ); - if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -688,8 +669,6 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - RSA_VALIDATE_RET( ctx != NULL ); - if( mbedtls_rsa_check_pubkey( ctx ) != 0 || rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) { @@ -719,9 +698,6 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ) { - RSA_VALIDATE_RET( pub != NULL ); - RSA_VALIDATE_RET( prv != NULL ); - if( mbedtls_rsa_check_pubkey( pub ) != 0 || mbedtls_rsa_check_privkey( prv ) != 0 ) { @@ -747,9 +723,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; mbedtls_mpi T; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -917,10 +890,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * checked result; should be the same in the end. */ mbedtls_mpi I, C; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1308,11 +1277,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, unsigned char *p = output; unsigned int hlen; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - if( f_rng == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1374,10 +1338,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1426,10 +1386,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -1469,12 +1425,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, unsigned char lhash[MBEDTLS_HASH_MAX_SIZE]; unsigned int hlen; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); - /* * Parameters sanity checks */ @@ -1595,11 +1545,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t ilen; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); - ilen = ctx->len; if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) @@ -1634,11 +1579,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); - switch( ctx->padding ) { #if defined(MBEDTLS_PKCS1_V15) @@ -1676,11 +1616,8 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t msb; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; if( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1952,11 +1889,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *sig_try = NULL, *verif = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -2020,11 +1954,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; switch( ctx->padding ) { @@ -2066,11 +1997,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t observed_salt_len, msb; unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0}; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; siglen = ctx->len; @@ -2165,11 +2093,8 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, const unsigned char *sig ) { mbedtls_md_type_t mgf1_hash_id; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) ? (mbedtls_md_type_t) ctx->hash_id @@ -2198,11 +2123,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, size_t sig_len; unsigned char *encoded = NULL, *encoded_expected = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; sig_len = ctx->len; @@ -2267,11 +2189,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ) { - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL ) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; switch( ctx->padding ) { @@ -2298,8 +2217,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( dst != NULL ); - RSA_VALIDATE_RET( src != NULL ); dst->len = src->len; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 55479e8f2b1e..47165888852b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1371,11 +1371,11 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, int ret = 0; size_t selected_identity; + int psk_type; const unsigned char *psk; size_t psk_len; const unsigned char *psk_identity; size_t psk_identity_len; - int psk_type; /* Check which PSK we've offered. * @@ -1775,6 +1775,23 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, return( ret ); } +#if defined(MBEDTLS_DEBUG_C) +static const char *ssl_tls13_get_kex_mode_str(int mode) +{ + switch( mode ) + { + case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: + return "psk"; + case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: + return "ephemeral"; + case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: + return "psk_ephemeral"; + default: + return "unknown mode"; + } +} +#endif /* MBEDTLS_DEBUG_C */ + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) { @@ -1795,19 +1812,16 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) /* Only the pre_shared_key extension was received */ case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) ); break; /* Only the key_share extension was received */ case MBEDTLS_SSL_EXT_KEY_SHARE: handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) ); break; /* Both the pre_shared_key and key_share extensions were received */ case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) ); break; /* Neither pre_shared_key nor key_share extension was received */ @@ -1817,6 +1831,19 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) goto cleanup; } + if( !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode ) ) + { + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "Key exchange mode(%s) is not supported.", + ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) ); + goto cleanup; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Selected key exchange mode: %s", + ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) ); + /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. * * TODO: We don't have to do this in case we offered 0-RTT and the diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6601b1bf59d7..88919cad2238 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1059,12 +1059,8 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, case MBEDTLS_SSL_SIG_RSA: switch( sig_alg ) { - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return( key_size <= 3072 ); - - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return( key_size <= 7680 ); - + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */ + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: return( 1 ); @@ -1080,43 +1076,13 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, return( 0 ); } -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_select_sig_alg_for_certificate_verify( - mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - uint16_t *algorithm ) -{ - uint16_t *sig_alg = ssl->handshake->received_sig_algs; - - *algorithm = MBEDTLS_TLS1_3_SIG_NONE; - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) - { - if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) && - mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) && - mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "select_sig_alg_for_certificate_verify:" - "selected signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); - *algorithm = *sig_alg; - return( 0 ); - } - } - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "select_sig_alg_for_certificate_verify:" - "no suitable signature algorithm found" ) ); - return( -1 ); -} - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *out_len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; mbedtls_pk_context *own_key; @@ -1124,14 +1090,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t handshake_hash_len; unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; - mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - psa_algorithm_t psa_algorithm = PSA_ALG_NONE; - uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; + + uint16_t *sig_alg = ssl->handshake->received_sig_algs; size_t signature_len = 0; - unsigned char verify_hash[PSA_HASH_MAX_SIZE]; - size_t verify_hash_len; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *out_len = 0; @@ -1164,64 +1125,84 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key, - &algorithm ); - if( ret != 0 ) + /* Check there is space for the algorithm identifier (2 bytes) and the + * signature length (2 bytes). + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm not in received or offered list." ) ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; + psa_algorithm_t psa_algorithm = PSA_ALG_NONE; + unsigned char verify_hash[PSA_HASH_MAX_SIZE]; + size_t verify_hash_len; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", - mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); + if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) ) + continue; - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } + if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) ) + continue; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s", - mbedtls_ssl_sig_alg_to_str( algorithm )) ); - - if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - algorithm, &pk_type, &md_alg ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + if( !mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) + continue; - /* Check there is space for the algorithm identifier (2 bytes) and the - * signature length (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 ); - p += 2; + if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + *sig_alg, &pk_type, &md_alg ) != 0 ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } - /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg ); - status = psa_hash_compute( psa_algorithm, - verify_buffer, - verify_buffer_len, - verify_hash,sizeof( verify_hash ), - &verify_hash_len ); - if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + /* Hash verify buffer with indicated hash function */ + psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg ); + status = psa_hash_compute( psa_algorithm, + verify_buffer, + verify_buffer_len, + verify_hash, sizeof( verify_hash ), + &verify_hash_len ); + if( status != PSA_SUCCESS ) + return( psa_ssl_status_to_mbedtls( status ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, + if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, md_alg, verify_hash, verify_hash_len, - p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, + p + 4, (size_t)( end - ( p + 4 ) ), &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s", + mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); + MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret ); + + /* The signature failed. This is possible if the private key + * was not suitable for the signature operation as purposely we + * did not check its suitability completely. Let's try with + * another signature algorithm. + */ + continue; + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature with %s", + mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); + + break; + } + + if( *sig_alg == MBEDTLS_TLS1_3_SIG_NONE ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no suitable signature algorithm" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 ); - p += 2 + signature_len; + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + MBEDTLS_PUT_UINT16_BE( signature_len, p, 2 ); - *out_len = (size_t)( p - buf ); + *out_len = 4 + signature_len; - return( ret ); + return( 0 ); } int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index be20a5d2bec0..b6c41195f1bd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1701,6 +1701,36 @@ static int ssl_tls13_read_early_data_postprocess( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg ) +{ + switch( sig_alg ) + { + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + return( PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) ); + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + return( PSA_ALG_ECDSA( PSA_ALG_SHA_384 ) ); + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + return( PSA_ALG_ECDSA( PSA_ALG_SHA_512 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_384 ) ); + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_512 ) ); + default: + return( PSA_ALG_NONE ); + } +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Pick best ( private key, certificate chain ) pair based on the signature * algorithms supported by the client. @@ -1726,9 +1756,19 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { + if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) ) + continue; + + if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) ) + continue; + for( key_cert = key_cert_list; key_cert != NULL; key_cert = key_cert->next ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t psa_alg = PSA_ALG_NONE; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate", key_cert->cert ); @@ -1752,8 +1792,18 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) "check signature algorithm %s [%04x]", mbedtls_ssl_sig_alg_to_str( *sig_alg ), *sig_alg ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg( *sig_alg ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - *sig_alg, &key_cert->cert->pk ) ) + *sig_alg, &key_cert->cert->pk ) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + && psa_alg != PSA_ALG_NONE && + mbedtls_pk_can_do_ext( &key_cert->cert->pk, psa_alg, + PSA_KEY_USAGE_SIGN_HASH ) == 1 +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG( 3, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cb777dc2787f..0375e53fea93 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -363,10 +363,11 @@ int main( void ) #define USAGE_KEY_OPAQUE_ALGS \ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ @@ -1939,7 +1940,8 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf( " ok (key type: %s)\n", - strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" ); + strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ? + mbedtls_pk_get_name( &pkey ) : "none" ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8c891c1b95eb..153de5bb4fbd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -489,15 +489,17 @@ int main( void ) #endif #define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ - " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" \ + " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index a7f3d0e3895f..cf810a3035ba 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -205,6 +205,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 && strcmp( *alg1, "rsa-sign-pss" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 && strcmp( *alg1, "rsa-decrypt" ) != 0 && strcmp( *alg1, "ecdsa-sign" ) != 0 && strcmp( *alg1, "ecdh" ) != 0 ) @@ -212,6 +215,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 && strcmp( *alg2, "rsa-sign-pss" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 && + strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 && strcmp( *alg2, "rsa-decrypt" ) != 0 && strcmp( *alg2, "ecdsa-sign" ) != 0 && strcmp( *alg2, "ecdh" ) != 0 && @@ -245,6 +251,21 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2, *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); *usage |= PSA_KEY_USAGE_SIGN_HASH; } + else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } else if( strcmp( algs[i], "rsa-decrypt" ) == 0 ) { *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 592fc0afe2fc..f52ca9ac8c75 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -357,6 +357,7 @@ def determine_head(expr: str) -> str: 'HKDF': AlgorithmCategory.KEY_DERIVATION, 'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION, 'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION, + 'TLS12_ECJPAKE_TO_PMS': AlgorithmCategory.KEY_DERIVATION, 'PBKDF': AlgorithmCategory.KEY_DERIVATION, 'ECDH': AlgorithmCategory.KEY_AGREEMENT, 'FFDH': AlgorithmCategory.KEY_AGREEMENT, diff --git a/tests/data_files/simplepass.psk b/tests/data_files/simplepass.psk new file mode 100644 index 000000000000..93e7ab456170 --- /dev/null +++ b/tests/data_files/simplepass.psk @@ -0,0 +1 @@ +0a0b0c:010203 diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index eda2de9d9f41..3487026206e5 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -1629,3 +1629,1434 @@ run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" + + +# Add psk test cases for mbedtls client code + +# MbedTls->MbedTLS kinds of tls13_kex_modes +# PSK mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +# psk_ephemeral mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +# ephemeral mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 1 \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 1 \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 1 \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +# ephemeral_all mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "key exchange mode: ephemeral" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "key exchange mode: ephemeral" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "key exchange mode: ephemeral" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +# psk_all mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +# all mode in client +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/ephemeral, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "ClientHello message misses mandatory extensions." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/all, good" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ + 0 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "No matched PSK or ticket" \ + -s "key exchange mode: ephemeral" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ + 1 \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Invalid binder." + +#OPENSSL-SERVER psk mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" + +#OPENSSL-SERVER psk_all mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk_all/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 ok" + +#OPENSSL-SERVER psk_ephemeral mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 ok" + +#OPENSSL-SERVER ephemeral mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: ephemeral/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "skip psk_key_exchange_modes extension" \ + -c "<= write client hello" \ + -c "found key_shares extension" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "skip psk_key_exchange_modes extension" \ + -c "<= write client hello" \ + -c "found key_shares extension" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 ok" + +#OPENSSL-SERVER ephemeral_all mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "<= write client hello" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "<= write client hello" \ + -c "HTTP/1.0 200 ok" + +#OPENSSL-SERVER all mode +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: all/all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "<= write client hello" \ + -c "HTTP/1.0 200 ok" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ + "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "<= write client hello" \ + -c "HTTP/1.0 200 ok" + +#GNUTLS-SERVER psk mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" + +#GNUTLS-SERVER psk_all mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk_all/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" + +#GNUTLS-SERVER psk_ephemeral mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +#GNUTLS-SERVER ephemeral mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: ephemeral/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "skip psk_key_exchange_modes extension" \ + -s "Not sending extension (PSK Key Exchange Modes/45)" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ + 0 \ + -c "=> write client hello" \ + -c "skip psk_key_exchange_modes extension" \ + -s "Not sending extension (PSK Key Exchange Modes/45)" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" + +#GNUTLS-SERVER ephemeral_all mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk_ephemeral" \ + -c "HTTP/1.0 200 OK" + +#GNUTLS-SERVER all mode +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: all/all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: psk$" \ + -c "HTTP/1.0 200 OK" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \ + "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + 0 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" \ + -c "Selected key exchange mode: ephemeral" \ + -c "HTTP/1.0 200 OK" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a4cf4293106b..6674707a7b4f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -120,6 +120,9 @@ # Treat uninitialised variables as errors. set -e -o pipefail -u +# Enable ksh/bash extended file matching patterns +shopt -s extglob + pre_check_environment () { if [ -d library -a -d include -a -d tests ]; then :; else echo "Must be run from mbed TLS root" >&2 @@ -295,7 +298,7 @@ cleanup() -iname CMakeCache.txt -o \ -path './cmake/*.cmake' \) -exec rm -f {} \+ # Recover files overwritten by in-tree CMake builds - rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile + rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile # Remove any artifacts from the component_test_cmake_as_subdirectory test. rm -rf programs/test/cmake_subproject/build @@ -314,7 +317,9 @@ cleanup() # Restore files that may have been clobbered by the job for x in $files_to_back_up; do - cp -p "$x$backup_suffix" "$x" + if [[ -e "$x$backup_suffix" ]]; then + cp -p "$x$backup_suffix" "$x" + fi done } @@ -2077,6 +2082,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -2096,6 +2102,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -2115,6 +2122,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -2133,6 +2141,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -2170,6 +2179,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -2189,6 +2199,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ef297e3e4b9..4c338e48604d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2872,6 +2872,59 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3 opaque key: no suitable algorithm found" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + 1 \ + -s "The SSL configuration is tls13 only" \ + -c "key type: Opaque" \ + -s "key types: Opaque, Opaque" \ + -c "error" \ + -s "no suitable signature algorithm" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3 opaque key: suitable algorithm found" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + 0 \ + -s "The SSL configuration is tls13 only" \ + -c "key type: Opaque" \ + -s "key types: Opaque, Opaque" \ + -C "error" \ + -S "error" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ + "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ + 0 \ + -s "The SSL configuration is tls13 only" \ + -s "key types: Opaque, Opaque" \ + -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ + -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ + -C "error" \ + -S "error" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + 0 \ + -s "The SSL configuration is tls13 only" \ + -c "key type: Opaque" \ + -s "key types: Opaque, Opaque" \ + -C "error" \ + -S "error" \ + # Test using a RSA opaque private key for server authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO @@ -12362,7 +12415,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - ope -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." \ + -c "no suitable signature algorithm" \ -C "unknown pk type" requires_gnutls_tls1_3 @@ -12380,7 +12433,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." \ + -c "no suitable signature algorithm" \ -C "unknown pk type" # Test using an opaque private key for client authentication @@ -12634,7 +12687,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." \ + -c "no suitable signature algorithm" \ -C "unkown pk type" requires_gnutls_tls1_3 @@ -12653,7 +12706,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." \ + -c "no suitable signature algorithm" \ -C "unkown pk type" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -12897,52 +12950,6 @@ run_test "TLS 1.3: Server side check - mbedtls with sni" \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3, default suite, PSK" \ - "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3, default suite, PSK - openssl" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3, default suite, PSK - gnutls" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+CIPHER-ALL:%NO_TICKETS --pskhint=0a0b0c" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" - for i in opt-testcases/*.sh do TEST_SUITE_NAME=${i##*/} @@ -13327,7 +13334,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls_tls1_3 @@ -13343,7 +13350,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13360,8 +13367,8 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ - -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ - -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ + -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" @@ -13380,7 +13387,7 @@ run_test "TLS 1.3: Check signature algorithm order, O->m" \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 0 \ -c "TLSv1.3" \ - -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 @@ -13399,7 +13406,7 @@ run_test "TLS 1.3: Check signature algorithm order, G->m" \ 0 \ -c "Negotiated version: 3.4" \ -c "HTTP/1.0 200 [Oo][Kk]" \ - -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 @@ -13416,8 +13423,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ 1 \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ - -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -S "ssl_tls13_pick_key_cert:check signature algorithm" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13433,8 +13439,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ -cert data_files/server2-sha256.crt -key data_files/server2.key \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ 1 \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ - -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -S "ssl_tls13_pick_key_cert:check signature algorithm" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -13449,8 +13454,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ 1 \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ - -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -S "ssl_tls13_pick_key_cert:check signature algorithm" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13506,7 +13510,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ - -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -c "no suitable signature algorithm" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13520,7 +13524,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ - -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -c "no suitable signature algorithm" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -13535,7 +13539,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ - -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + -c "no suitable signature algorithm" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e8cc076f637d..3dc2b8ba1b68 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1,3 +1,6 @@ +PK invalid parameters +pk_invalid_param: + PK valid parameters valid_parameters: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 91fe8695b800..beb3e7c680ee 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -299,6 +299,53 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void pk_invalid_param() +{ + mbedtls_pk_context ctx; + mbedtls_pk_type_t pk_type = 0; + unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + size_t buf_size = sizeof( buf ); + + mbedtls_pk_init( &ctx ); + + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_NONE, + NULL, buf_size, + buf, buf_size, + NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_SHA256, + NULL, 0, + buf, buf_size, + NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( pk_type, NULL, + &ctx, MBEDTLS_MD_NONE, + NULL, buf_size, + buf, buf_size ) ); + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( pk_type, NULL, + &ctx, MBEDTLS_MD_SHA256, + NULL, 0, + buf, buf_size ) ); + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_NONE, + NULL, buf_size, + buf, buf_size, &buf_size, + NULL, NULL, + NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_SHA256, + NULL, 0, + buf, buf_size, &buf_size, + NULL, NULL, + NULL ) ); +exit: + mbedtls_pk_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void valid_parameters( ) { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c8b229c7f42e..f2478be5f5cd 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4824,6 +4824,10 @@ PSA key derivation setup: TLS 1.2 PRF SHA-256, good case depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_setup:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_SUCCESS +PSA key derivation setup: TLS 1.2 ECJPAKE to PMS +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS +derive_setup:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_SUCCESS + PSA key derivation setup: not a key derivation algorithm (HMAC) depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 derive_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT @@ -5793,6 +5797,47 @@ PSA key derivation: over capacity 42: output 43+1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff":0:1:0 +PSA key derivation: ECJPAKE to PMS, no input +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: ECJPAKE to PMS, input too short +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"deadbeef":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: ECJPAKE to PMS, input too long +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000de":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: ECJPAKE to PMS, bad input format +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT + +#NIST CAVS 11.0 SHA-256 ShortMSG vector for L=256 +PSA key derivation: ECJPAKE to PMS, good case +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS + +PSA key derivation: ECJPAKE to PMS, bad derivation step +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SEED:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS + +PSA key derivation: ECJPAKE to PMS, capacity 1 byte too big +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:33:PSA_ERROR_INVALID_ARGUMENT:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS + +PSA key derivation: ECJPAKE to PMS, capacity 1 byte too small +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:31:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_ERROR_INSUFFICIENT_DATA + +PSA key derivation: ECJPAKE to PMS, output too short +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f":PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: ECJPAKE to PMS, output too long +depends_on:PSA_WANT_ALG_SHA_256 +derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a400":PSA_ERROR_INSUFFICIENT_DATA + PSA key derivation: HKDF SHA-256, read maximum capacity minus 1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c74acf67158d..fa237d3667e7 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7797,6 +7797,51 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS:MBEDTLS_SHA256_C */ +void derive_ecjpake_to_pms( data_t *input, int expected_input_status_arg, + int derivation_step, + int capacity, int expected_capacity_status_arg, + data_t *expected_output, + int expected_output_status_arg ) +{ + psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_step_t step = (psa_key_derivation_step_t) derivation_step; + uint8_t *output_buffer = NULL; + psa_status_t status; + psa_status_t expected_input_status = (psa_status_t) expected_input_status_arg; + psa_status_t expected_capacity_status = (psa_status_t) expected_capacity_status_arg; + psa_status_t expected_output_status = (psa_status_t) expected_output_status_arg; + + ASSERT_ALLOC( output_buffer, expected_output->len ); + PSA_ASSERT( psa_crypto_init() ); + + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ), + expected_capacity_status); + + TEST_EQUAL( psa_key_derivation_input_bytes( &operation, + step, input->x, input->len ), + expected_input_status ); + + if( ( (psa_status_t) expected_input_status ) != PSA_SUCCESS ) + goto exit; + + status = psa_key_derivation_output_bytes( &operation, output_buffer, + expected_output->len ); + + TEST_EQUAL( status, expected_output_status ); + if( expected_output->len != 0 && expected_output_status == PSA_SUCCESS ) + ASSERT_COMPARE( output_buffer, expected_output->len, expected_output->x, + expected_output->len ); + +exit: + mbedtls_free( output_buffer ); + psa_key_derivation_abort( &operation ); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void derive_key_exercise( int alg_arg, data_t *key_data, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a866d432d5f8..65731ed93beb 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -16,6 +16,8 @@ void rsa_invalid_param( ) mbedtls_rsa_context ctx; const int invalid_padding = 42; const int invalid_hash_id = 0xff; + unsigned char buf[] = {0x00,0x01,0x02,0x03,0x04,0x05}; + size_t buf_len = sizeof( buf ); mbedtls_rsa_init( &ctx ); @@ -29,6 +31,28 @@ void rsa_invalid_param( ) invalid_hash_id ), MBEDTLS_ERR_RSA_INVALID_PADDING ); + TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL, + NULL, MBEDTLS_MD_NONE, + buf_len, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL, + NULL, MBEDTLS_MD_SHA256, + 0, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE, + buf_len, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256, + 0, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + #if !defined(MBEDTLS_PKCS1_V15) TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, @@ -36,6 +60,32 @@ void rsa_invalid_param( ) MBEDTLS_ERR_RSA_INVALID_PADDING ); #endif +#if defined(MBEDTLS_PKCS1_V15) + TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, + NULL, MBEDTLS_MD_NONE, + buf_len, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL, + NULL, MBEDTLS_MD_SHA256, + 0, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE, + buf_len, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256, + 0, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + +#endif + #if !defined(MBEDTLS_PKCS1_V21) TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, @@ -43,6 +93,42 @@ void rsa_invalid_param( ) MBEDTLS_ERR_RSA_INVALID_PADDING ); #endif +#if defined(MBEDTLS_PKCS1_V21) + TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, + MBEDTLS_MD_NONE, buf_len, + NULL, buf_len, + buf ), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL, + MBEDTLS_MD_SHA256, 0, + NULL, buf_len, + buf ), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE, + buf_len, NULL, + MBEDTLS_MD_NONE, + buf_len, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256, + 0, NULL, + MBEDTLS_MD_NONE, + buf_len, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE, + buf_len, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256, + 0, + NULL, buf), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +#endif + exit: mbedtls_rsa_free( &ctx ); }