diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 065643967..2e3c1ef51 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1735,6 +1735,19 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Handler of TLS 1.3 write Certificate message + */ +int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); + +/* + * Handler of TLS 1.3 write Certificate Verify message + */ +int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Generic handler of Certificate Verify */ @@ -1893,8 +1906,26 @@ static inline const void *mbedtls_ssl_get_sig_algs( #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ } + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl, + uint16_t own_sig_alg ) +{ + const uint16_t *sig_alg = ssl->handshake->received_sig_algs; + if( sig_alg == NULL ) + return( 0 ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + if( *sig_alg == own_sig_alg ) + return( 1 ); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, uint16_t proposed_sig_alg ) { @@ -1910,7 +1941,6 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } - static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7f120a28e..30b1ed44f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1915,9 +1915,14 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); +#else +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); #else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ return( 0 ); } @@ -1938,6 +1943,28 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE + */ +static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Switch to handshake traffic keys for outbound traffic" ) ); + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + + return( mbedtls_ssl_tls13_write_certificate( ssl ) ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY + */ +static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) +{ + return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED */ @@ -1945,8 +1972,13 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl ) { int ret; - mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - + if( !ssl->handshake->client_auth ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Switch to handshake traffic keys for outbound traffic" ) ); + mbedtls_ssl_set_outbound_transform( ssl, + ssl->handshake->transform_handshake ); + } ret = mbedtls_ssl_tls13_write_finished_message( ssl ); if( ret != 0 ) return( ret ); @@ -2027,6 +2059,16 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_process_server_finished( ssl ); break; +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = ssl_tls13_write_client_certificate( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: + ret = ssl_tls13_write_client_certificate_verify( ssl ); + break; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_write_client_finished( ssl ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d1646ebd2..8b0d93e20 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -846,6 +846,393 @@ cleanup: #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ return( ret ); } +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* + * STATE HANDLING: Output Certificate + */ +/* Check if a certificate should be written, and if yes, + * if it is available. + * Returns a negative error code on failure ( such as no certificate + * being available on the server ), and otherwise + * SSL_WRITE_CERTIFICATE_SEND or + * SSL_WRITE_CERTIFICATE_SKIP + * indicating that a Certificate message should be written based + * on the configured certificate, or whether it should be silently skipped. + */ +#define SSL_WRITE_CERTIFICATE_SEND 0 +#define SSL_WRITE_CERTIFICATE_SKIP 1 + +static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context *ssl ) +{ + + /* For PSK and ECDHE-PSK ciphersuites there is no certificate to exchange. */ + if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + return( SSL_WRITE_CERTIFICATE_SKIP ); + } + +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + /* The client MUST send a Certificate message if and only + * if the server has requested client authentication via a + * CertificateRequest message. + * + * client_auth indicates whether the server had requested + * client authentication. + */ + if( ssl->handshake->client_auth == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + return( SSL_WRITE_CERTIFICATE_SKIP ); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return( SSL_WRITE_CERTIFICATE_SEND ); + +} + +/* + * enum { + * X509(0), + * RawPublicKey(2), + * (255) + * } CertificateType; + * + * struct { + * select (certificate_type) { + * case RawPublicKey: + * // From RFC 7250 ASN.1_subjectPublicKeyInfo + * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; + * + * case X509: + * opaque cert_data<1..2^24-1>; + * }; + * Extension extensions<0..2^16-1>; + * } CertificateEntry; + * + * struct { + * opaque certificate_request_context<0..2^8-1>; + * CertificateEntry certificate_list<0..2^24-1>; + * } Certificate; + */ +static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); + unsigned char *p = buf; + unsigned char *certificate_request_context = + ssl->handshake->certificate_request_context; + unsigned char certificate_request_context_len = + ssl->handshake->certificate_request_context_len; + unsigned char *p_certificate_list_len; + + + /* ... + * opaque certificate_request_context<0..2^8-1>; + * ... + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, certificate_request_context_len + 1 ); + *p++ = certificate_request_context_len; + if( certificate_request_context_len > 0 ) + { + memcpy( p, certificate_request_context, certificate_request_context_len ); + p += certificate_request_context_len; + } + + /* ... + * CertificateEntry certificate_list<0..2^24-1>; + * ... + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); + p_certificate_list_len = p; + p += 3; + + MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); + + while( crt != NULL ) + { + size_t cert_data_len = crt->raw.len; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, cert_data_len + 3 + 2 ); + MBEDTLS_PUT_UINT24_BE( cert_data_len, p, 0 ); + p += 3; + + memcpy( p, crt->raw.p, cert_data_len ); + p += cert_data_len; + crt = crt->next; + + /* Currently, we don't have any certificate extensions defined. + * Hence, we are sending an empty extension with length zero. + */ + MBEDTLS_PUT_UINT24_BE( 0, p, 0 ); + p += 2; + } + + MBEDTLS_PUT_UINT24_BE( p - p_certificate_list_len - 3, + p_certificate_list_len, 0 ); + + *out_len = p - buf; + + return( 0 ); +} + +static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context *ssl ) +{ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); + if( ssl->handshake->client_auth && crt != NULL ) + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + } + else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + return( 0 ); + } + else +#endif /* MBEDTLS_SSL_CLI_C */ + ((void) ssl); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ) +{ + int ret; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + + /* Coordination: Check if we need to send a certificate. */ + MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) ); + + if( ret == SSL_WRITE_CERTIFICATE_SEND ) + { + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl, + buf, + buf + buf_len, + &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, + MBEDTLS_SSL_HS_CERTIFICATE, + buf, + msg_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); + } + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + return( ret ); +} + +/* + * STATE HANDLING: Output Certificate Verify + */ +static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + int ret; + unsigned char *p = buf; + mbedtls_pk_context *own_key; + + unsigned char handshake_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + size_t handshake_hash_len; + unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; + size_t verify_buffer_len; + unsigned char signature_type; +#if defined(MBEDTLS_ECDSA_C) + size_t own_key_size; +#endif /* MBEDTLS_ECDSA_C */ + mbedtls_md_type_t md_alg; + uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; + size_t signature_len = 0; + const mbedtls_md_info_t *md_info; + unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; + size_t verify_hash_len; + + *out_len = 0; + + own_key = mbedtls_ssl_own_key( ssl ); + if( own_key == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + ret = mbedtls_ssl_get_handshake_transcript( ssl, + ssl->handshake->ciphersuite_info->mac, + handshake_hash, + sizeof( handshake_hash ), + &handshake_hash_len ); + if( ret != 0 ) + return( ret ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", + handshake_hash, + handshake_hash_len); + + ssl_tls13_create_verify_structure( handshake_hash, handshake_hash_len, + verify_buffer, &verify_buffer_len, + ssl->conf->endpoint ); + + /* + * struct { + * SignatureScheme algorithm; + * opaque signature<0..2^16-1>; + * } CertificateVerify; + */ + signature_type = mbedtls_ssl_sig_from_pk( own_key ); +#if defined(MBEDTLS_ECDSA_C) + /* Determine the size of the key */ + own_key_size = mbedtls_pk_get_bitlen( own_key ); +#endif /* MBEDTLS_ECDSA_C */ + switch( signature_type ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( own_key_size ) + { + case 256: + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + break; + case 384: + md_alg = MBEDTLS_MD_SHA384; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + break; + case 521: + md_alg = MBEDTLS_MD_SHA512; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + + default: + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "unkown pk type : %d", signature_type ) ); + break; + } + + if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || + ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm not in received or offered list." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + /* Check there is space for the algorithm identifier (2 bytes) and the + * signature length (2 bytes). + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 ); + p += 2; + + /* Hash verify buffer with indicated hash function */ + md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + ret = mbedtls_md( md_info, verify_buffer, verify_buffer_len, verify_hash ); + if( ret != 0 ) + return( ret ); + + verify_hash_len = mbedtls_md_get_size( md_info ); + MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); + + if( ( ret = mbedtls_pk_sign( own_key, md_alg, + verify_hash, verify_hash_len, + p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); + return( ret ); + } + + MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 ); + p += 2 + signature_len; + + *out_len = (size_t)( p - buf ); + + return( ret ); +} + +static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context *ssl ) +{ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + } + else +#endif /* MBEDTLS_SSL_CLI_C */ + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + } + + return( 0 ); +} + +int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) +{ + int ret = 0; + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( + ssl, buf, buf + buf_len, &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); + /* Update state */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); + return( ret ); +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* * @@ -1142,7 +1529,14 @@ static int ssl_tls13_finalize_change_cipher_spec( mbedtls_ssl_context* ssl ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#else + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_FINISHED ); +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2fe7a4016..81bdbe4c0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9791,30 +9791,230 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 " \ - 1 \ - -c "=> parse certificate request" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -s "TLS 1.3" \ + -c "HTTP/1.0 200 ok" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ - 1 \ - -c "=> parse certificate request" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ + -s "Version: TLS1.3" \ + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" + + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "unkown pk type" \ + -c "signature algorithm not in received or offered list." + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "unkown pk type" \ + -c "signature algorithm not in received or offered list." + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 + -sigalgs ecdsa_secp256r1_sha256" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "signature algorithm not in received or offered list." \ + -C "unkown pk type" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "signature algorithm not in received or offered list." \ + -C "unkown pk type" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE