From 960bc28bccf177b7b2e2c406258c9c233b718e01 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 26 Jan 2022 11:12:34 +0800 Subject: [PATCH 01/35] Add tests for no middlebox mode Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2fe7a4016..b0d2d79a4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9816,6 +9816,33 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ -c "got a certificate request" \ -c "<= parse certificate request" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 " \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C From 566c781290a5baa4df7a63de6dc52ba47357e270 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 26 Jan 2022 15:41:22 +0800 Subject: [PATCH 02/35] Add dummy state for client_certifiate Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 37 +++++++++++++++++++++++++++++++++++-- library/ssl_tls13_generic.c | 13 ++++++++++++- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7f120a28e..c10b69801 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1916,8 +1916,13 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); #else - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); -#endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ssl->handshake->client_auth ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); + else +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ return( 0 ); } @@ -1938,6 +1943,25 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE + */ +static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY + */ +static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + return( 0 ); +} + /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED */ @@ -2027,6 +2051,15 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_process_server_finished( ssl ); break; + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = ssl_tls13_write_client_certificate( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: + ret = ssl_tls13_write_client_certificate_verify( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_write_client_finished( ssl ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d1646ebd2..14884aa3b 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1142,7 +1142,18 @@ static int ssl_tls13_finalize_change_cipher_spec( mbedtls_ssl_context* ssl ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ssl->handshake->client_auth ) + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_CERTIFICATE ); + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_FINISHED ); + } break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); From 200b47b8f5f156b57e811c035bc764b5d5f70b5c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 14:26:30 +0800 Subject: [PATCH 03/35] Add more tests for CertificateRequest Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 47 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b0d2d79a4..74bc24ae6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9800,7 +9800,9 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9814,7 +9816,9 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9827,7 +9831,9 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9841,7 +9847,40 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 " \ + 0 \ + -c "=> parse certificate request" \ + -c "got no certificate request" \ + -c "<= parse certificate request" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ + "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + 0 \ + -c "=> parse certificate request" \ + -c "got no certificate request" \ + -c "<= parse certificate request" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From 5cc3506c9f6bc2775fa3c03ca06198387c98e927 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 16:16:08 +0800 Subject: [PATCH 04/35] Add write certificate and client handler Signed-off-by: Jerry Yu --- library/ssl_misc.h | 5 + library/ssl_tls13_client.c | 6 +- library/ssl_tls13_generic.c | 190 ++++++++++++++++++++++++++++++++++++ 3 files changed, 199 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 065643967..4b307c27e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1735,6 +1735,11 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); +/* + * Handler of TLS 1.3 write certificate message + */ +int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); + /* * Generic handler of Certificate Verify */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c10b69801..f1483c78a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1948,9 +1948,11 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Switch to handshake traffic keys for outbound traffic" ) ); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); - return( 0 ); + + return( mbedtls_ssl_tls13_write_certificate( ssl ) ); } /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 14884aa3b..513b7c03e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -847,6 +847,196 @@ cleanup: return( ret ); } +/* + * STATE HANDLING: Output Certificate + */ +/* Check if a certificate should be written, and if yes, + * if it is available. + * Returns a negative error code on failure ( such as no certificate + * being available on the server ), and otherwise + * SSL_WRITE_CERTIFICATE_AVAILABLE or + * SSL_WRITE_CERTIFICATE_SKIP + * indicating that a Certificate message should be written based + * on the configured certificate, or whether it should be silently skipped. + */ +#define SSL_WRITE_CERTIFICATE_AVAILABLE 0 +#define SSL_WRITE_CERTIFICATE_SKIP 1 + + +static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) +{ + + /* For PSK and ECDHE-PSK ciphersuites there is no certificate to exchange. */ + if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + return( SSL_WRITE_CERTIFICATE_SKIP ); + } + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + /* The client MUST send a Certificate message if and only + * if the server has requested client authentication via a + * CertificateRequest message. + * + * client_auth indicates whether the server had requested + * client authentication. + */ + if( ssl->handshake->client_auth == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + return( SSL_WRITE_CERTIFICATE_SKIP ); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return( SSL_WRITE_CERTIFICATE_AVAILABLE ); +#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +#endif /* !MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buflen, + size_t *olen ) +{ + size_t i=0, n, total_len; + const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); + unsigned char *start; + + /* TODO: Add bounds checks! Only then remove the next line. */ + ((void) buflen ); + + /* empty certificate_request_context with length 0 */ + buf[i] = 0; + /* Skip length of certificate_request_context and + * the length of CertificateEntry + */ + i += 1; + +#if defined(MBEDTLS_SSL_CLI_C) + /* If the server requests client authentication but no suitable + * certificate is available, the client MUST send a + * Certificate message containing no certificates + * ( i.e., with the "certificate_list" field having length 0 ). + * + * authmode indicates whether the client configuration required authentication. + */ + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ( ( crt == NULL ) || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) ); + buf[i] = 0; + buf[i + 1] = 0; + buf[i + 2] = 0; + i += 3; + *olen = i; + return( 0 ); + } +#endif /* MBEDTLS_SSL_CLI_C */ + + start = &buf[i]; + MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); + + i += 3; + + while ( crt != NULL ) + { + n = crt->raw.len; + if( n > buflen - 3 - i ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET " > %d", + i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + buf[i] = (unsigned char)( n >> 16 ); + buf[i + 1] = (unsigned char)( n >> 8 ); + buf[i + 2] = (unsigned char)( n ); + + i += 3; memcpy( buf + i, crt->raw.p, n ); + i += n; crt = crt->next; + + /* Currently, we don't have any certificate extensions defined. + * Hence, we are sending an empty extension with length zero. + */ + buf[i] = 0; + buf[i + 1] = 0; + i += 2; + } + total_len = &buf[i] - start - 3; + *start++ = (unsigned char)( ( total_len ) >> 16 ); + *start++ = (unsigned char)( ( total_len ) >> 8 ); + *start++ = (unsigned char)( ( total_len ) ); + + *olen = i; + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + +/* Update the state after handling the outgoing certificate message. */ +static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) +{ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + return( 0 ); + } + else +#endif /* MBEDTLS_SSL_CLI_C */ + + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) +{ + int ret; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + + /* Coordination: Check if we need to send a certificate. */ + MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) ); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ret == SSL_WRITE_CERTIFICATE_AVAILABLE ) + { + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate( ssl, buf, buf_len, + &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, + MBEDTLS_SSL_HS_CERTIFICATE, + buf, + msg_len ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); + } + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + return( ret ); +} + /* * * STATE HANDLING: Incoming Finished message. From 8511f125af890bcd27b6713f32b2bbf8b922f270 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 10:01:04 +0800 Subject: [PATCH 05/35] Add certificteVerify Signed-off-by: Jerry Yu --- library/ssl_misc.h | 13 +- library/ssl_tls13_client.c | 3 +- library/ssl_tls13_generic.c | 242 ++++++++++++++++++++++++++++++++++++ 3 files changed, 255 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4b307c27e..71987e032 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1740,6 +1740,10 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); */ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); +/* + * Handler of TLS 1.3 write certificate verify message + */ +int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); /* * Generic handler of Certificate Verify */ @@ -1900,6 +1904,14 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl, + uint16_t own_sig_alg ) +{ + ((void) ssl); + ((void) own_sig_alg); + return( 1 ); +} + static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, uint16_t proposed_sig_alg ) { @@ -1915,7 +1927,6 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } - static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f1483c78a..db9b76296 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1960,8 +1960,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); - return( 0 ); + return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) ); } /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 513b7c03e..26e53a567 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1037,6 +1037,248 @@ cleanup: return( ret ); } +/* Coordinate: Check whether a certificate verify message should be sent. + * Returns a negative value on failure, and otherwise + * - SSL_WRITE_CERTIFICATE_VERIFY_SKIP + * - SSL_WRITE_CERTIFICATE_VERIFY_SEND + * to indicate if the CertificateVerify message should be sent or not. + */ +#define SSL_WRITE_CERTIFICATE_VERIFY_SKIP 0 +#define SSL_WRITE_CERTIFICATE_VERIFY_SEND 1 +static int ssl_tls13_write_certificate_verify_coordinate( + mbedtls_ssl_context* ssl ) +{ + mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); + + if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + return( SSL_WRITE_CERTIFICATE_VERIFY_SKIP ); + } + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + if( ssl->handshake->client_auth == 0 || + crt == NULL || + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + return( SSL_WRITE_CERTIFICATE_VERIFY_SKIP ); + } + } + + if( crt == NULL && + ssl->handshake->client_auth == 1 && + ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate" ) ); + return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + } + + return( SSL_WRITE_CERTIFICATE_VERIFY_SEND ); +#else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + +#endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ +} + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, + unsigned char* buf, + size_t buflen, + size_t* olen ) +{ + int ret; + size_t n = 0; + unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; + size_t verify_buffer_len; + mbedtls_pk_context *own_key; + size_t own_key_size; + unsigned int md_alg; + int sig_alg; + unsigned char verify_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + size_t verify_hash_len; + unsigned char handshake_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + size_t handshake_hash_len; + unsigned char *p; + const mbedtls_md_info_t *md_info; + /* Verify whether we can use signature algorithm */ + // int signature_scheme_client; + unsigned char * const end = buf + buflen; + + p = buf; + if( buflen < 2 + MBEDTLS_MD_MAX_SIZE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too short" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + /* + * Check whether the signature scheme corresponds to the key we are using + */ + if( mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ) != + MBEDTLS_SSL_SIG_ECDSA ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "CertificateVerify: Only ECDSA signature algorithms are supported." ) ); + + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "%d", mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ) ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + /* Calculate the transcript hash */ + ret = mbedtls_ssl_get_handshake_transcript( ssl, + ssl->handshake->ciphersuite_info->mac, + handshake_hash, + sizeof( handshake_hash ), + &handshake_hash_len ); + if( ret != 0 ) + return( ret ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", + handshake_hash, + handshake_hash_len); + + /* Create verify structure */ + ssl_tls13_create_verify_structure( handshake_hash, handshake_hash_len, + verify_buffer, &verify_buffer_len, + ssl->conf->endpoint ); + + /* + * struct { + * SignatureScheme algorithm; + * opaque signature<0..2^16-1>; + * } CertificateVerify; + */ + + /* Determine size of key */ + own_key = mbedtls_ssl_own_key( ssl ); + if( own_key != NULL) + { + own_key_size = mbedtls_pk_get_bitlen( own_key ); + switch( own_key_size ) + { + case 256: + md_alg = MBEDTLS_MD_SHA256; + sig_alg = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + break; + case 384: + md_alg = MBEDTLS_MD_SHA384; + sig_alg = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + // signature_scheme_client = MBEDTLS_TLS1_3_SIG_NONE; + + if( !mbedtls_ssl_sig_alg_is_received( ssl, sig_alg ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + *(p++) = (unsigned char)( ( sig_alg >> 8 ) & 0xFF ); + *(p++) = (unsigned char)( ( sig_alg >> 0 ) & 0xFF ); + + /* Hash verify buffer with indicated hash function */ + md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + ret = mbedtls_md( md_info, verify_buffer, verify_buffer_len, verify_hash ); + if( ret != 0 ) + return( ret ); + + verify_hash_len = mbedtls_md_get_size( md_info ); + MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); + + if( ( ret = mbedtls_pk_sign( own_key, md_alg, + verify_hash, verify_hash_len, + p + 2, (size_t)( end - ( p + 2 ) ), &n, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); + return( ret ); + } + // unsigned char * x= p; + p[0] = (unsigned char)( n >> 8 ); + p[1] = (unsigned char)( n >> 0 ); + + p += 2 + n; + + *olen = (size_t)( p - buf ); + MBEDTLS_SSL_DEBUG_BUF( 3, "xverify hash", buf, *olen ); + return( ret ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + +static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl ) +{ +#if defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + } + else +#endif /* MBEDTLS_SSL_CLI_C */ + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + } + + return( 0 ); +} + +int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context* ssl ) +{ + int ret = 0; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + + /* Coordination step: Check if we need to send a CertificateVerify */ + MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_verify_coordinate( ssl ) ); + + if( ret == SSL_WRITE_CERTIFICATE_VERIFY_SEND ) + { + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( + ssl, buf, buf_len, &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); + /* Update state */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + } + else + { + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); + } + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); + return( ret ); +} + /* * * STATE HANDLING: Incoming Finished message. From 25e0ddcf47bd6a233589b0ec24b104984305a8e0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 10:33:13 +0800 Subject: [PATCH 06/35] Add client certificate file Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 74bc24ae6..2413ee931 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9796,7 +9796,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: CertificateRequest check - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ @@ -9812,7 +9813,8 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: CertificateRequest check - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ @@ -9827,7 +9829,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ @@ -9843,7 +9846,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ @@ -9858,7 +9862,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 0 \ -c "=> parse certificate request" \ -c "got no certificate request" \ @@ -9874,7 +9879,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ + key_file=data_files/cli2.key" \ 0 \ -c "=> parse certificate request" \ -c "got no certificate request" \ From c19884f487dadaa104dc124e038ee7d51a7796f8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 10:44:44 +0800 Subject: [PATCH 07/35] change expect exit value Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2413ee931..96ded8fa3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9798,7 +9798,7 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ - 1 \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ @@ -9815,7 +9815,7 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ - 1 \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ @@ -9831,7 +9831,7 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ - 1 \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ @@ -9848,7 +9848,7 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ - 1 \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ From 72637c734bd98bbd5040f506710250673efd8977 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 17:10:19 +0800 Subject: [PATCH 08/35] fix write certificate fail Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index db9b76296..cdb41f0de 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1970,8 +1970,13 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl ) { int ret; - mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - + if( !ssl->handshake->client_auth ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Switch to handshake traffic keys for outbound traffic" ) ); + mbedtls_ssl_set_outbound_transform( ssl, + ssl->handshake->transform_handshake ); + } ret = mbedtls_ssl_tls13_write_finished_message( ssl ); if( ret != 0 ) return( ret ); From 90f152dfac5882e52805ddbaeb667151653930a0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 22:12:42 +0800 Subject: [PATCH 09/35] fix psk only build fail Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 ++++ library/ssl_tls13_client.c | 5 ++++- library/ssl_tls13_generic.c | 21 +++++---------------- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 71987e032..68971cd3f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1735,6 +1735,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Handler of TLS 1.3 write certificate message */ @@ -1744,6 +1745,9 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); * Handler of TLS 1.3 write certificate verify message */ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Generic handler of Certificate Verify */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index cdb41f0de..207098c34 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1943,6 +1943,7 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE */ @@ -1962,6 +1963,7 @@ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) { return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) ); } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED @@ -2057,6 +2059,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_process_server_finished( ssl ); break; +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = ssl_tls13_write_client_certificate( ssl ); break; @@ -2064,7 +2067,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: ret = ssl_tls13_write_client_certificate_verify( ssl ); break; - +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_write_client_finished( ssl ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 26e53a567..b96fbc822 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -846,6 +846,7 @@ cleanup: #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ return( ret ); } +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * STATE HANDLING: Output Certificate @@ -862,7 +863,6 @@ cleanup: #define SSL_WRITE_CERTIFICATE_AVAILABLE 0 #define SSL_WRITE_CERTIFICATE_SKIP 1 - static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) { @@ -873,7 +873,6 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) return( SSL_WRITE_CERTIFICATE_SKIP ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { @@ -893,13 +892,9 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) #endif /* MBEDTLS_SSL_CLI_C */ return( SSL_WRITE_CERTIFICATE_AVAILABLE ); -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); -#endif /* !MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, @@ -978,7 +973,6 @@ static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Update the state after handling the outgoing certificate message. */ static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) @@ -1003,7 +997,6 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) /* Coordination: Check if we need to send a certificate. */ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) ); -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ret == SSL_WRITE_CERTIFICATE_AVAILABLE ) { unsigned char *buf; @@ -1025,7 +1018,6 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) ssl, buf_len, msg_len ) ); } else -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); @@ -1080,12 +1072,12 @@ static int ssl_tls13_write_certificate_verify_coordinate( return( SSL_WRITE_CERTIFICATE_VERIFY_SEND ); #else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + ((void) crt); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); #endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, unsigned char* buf, size_t buflen, @@ -1105,8 +1097,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, size_t handshake_hash_len; unsigned char *p; const mbedtls_md_info_t *md_info; - /* Verify whether we can use signature algorithm */ - // int signature_scheme_client; unsigned char * const end = buf + buflen; p = buf; @@ -1182,8 +1172,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - // signature_scheme_client = MBEDTLS_TLS1_3_SIG_NONE; - if( !mbedtls_ssl_sig_alg_is_received( ssl, sig_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -1223,7 +1211,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "xverify hash", buf, *olen ); return( ret ); } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl ) { @@ -1279,6 +1266,8 @@ cleanup: return( ret ); } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * * STATE HANDLING: Incoming Finished message. From 32e0c2d52601b4aca7c804308fa3e1d532e9cd7d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 22:28:16 +0800 Subject: [PATCH 10/35] fix server only build fail Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index b96fbc822..4050d0c74 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -985,7 +985,7 @@ static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) } else #endif /* MBEDTLS_SSL_CLI_C */ - + ((void) ssl); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -1049,7 +1049,7 @@ static int ssl_tls13_write_certificate_verify_coordinate( } #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - +#if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { if( ssl->handshake->client_auth == 0 || @@ -1060,15 +1060,14 @@ static int ssl_tls13_write_certificate_verify_coordinate( return( SSL_WRITE_CERTIFICATE_VERIFY_SKIP ); } } +#endif /* MBEDTLS_SSL_CLI_C */ if( crt == NULL && - ssl->handshake->client_auth == 1 && ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate" ) ); return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); } - return( SSL_WRITE_CERTIFICATE_VERIFY_SEND ); #else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); From 1bb5a1ffe3317a329f29b292845445b148460749 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 30 Jan 2022 10:52:11 +0800 Subject: [PATCH 11/35] Implement received sig_algs check Signed-off-by: Jerry Yu --- library/ssl_misc.h | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 68971cd3f..e4195bf4b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1911,9 +1911,16 @@ static inline const void *mbedtls_ssl_get_sig_algs( static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl, uint16_t own_sig_alg ) { - ((void) ssl); - ((void) own_sig_alg); - return( 1 ); + const uint16_t *sig_alg = ssl->handshake->received_sig_algs; + if( sig_alg == NULL ) + return( 0 ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + if( *sig_alg == own_sig_alg ) + return( 1 ); + } + return( 0 ); } static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, From 7399d0d8065bfd6b87d94ccc70c51e4afc3199cb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 30 Jan 2022 17:54:19 +0800 Subject: [PATCH 12/35] refactor write certificate Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 100 ++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 43 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4050d0c74..c74721092 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -895,24 +895,43 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) } -static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buflen, - size_t *olen ) +/* + * enum { + * X509(0), + * RawPublicKey(2), + * (255) + * } CertificateType; + * + * struct { + * select (certificate_type) { + * case RawPublicKey: + * // From RFC 7250 ASN.1_subjectPublicKeyInfo + * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; + * + * case X509: + * opaque cert_data<1..2^24-1>; + * }; + * Extension extensions<0..2^16-1>; + * } CertificateEntry; + * + * struct { + * opaque certificate_request_context<0..2^8-1>; + * CertificateEntry certificate_list<0..2^24-1>; + * } Certificate; + */ +static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, + const unsigned char *buf, + unsigned char *end, + size_t *olen ) { - size_t i=0, n, total_len; const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); - unsigned char *start; + unsigned char *p = (unsigned char *)buf; + unsigned char *certificate_list; - /* TODO: Add bounds checks! Only then remove the next line. */ - ((void) buflen ); + /* Write certificate_request_context */ /* empty certificate_request_context with length 0 */ - buf[i] = 0; - /* Skip length of certificate_request_context and - * the length of CertificateEntry - */ - i += 1; + *p++ = 0; #if defined(MBEDTLS_SSL_CLI_C) /* If the server requests client authentication but no suitable @@ -926,50 +945,43 @@ static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, ( ( crt == NULL ) || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) ); - buf[i] = 0; - buf[i + 1] = 0; - buf[i + 2] = 0; - i += 3; - *olen = i; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3); + MBEDTLS_PUT_UINT24_BE( 0, p, 0); + p += 3; + *olen = p - buf; return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ - start = &buf[i]; - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); + certificate_list = p; + /* Reserve space for certificate_list_len */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3); + p += 3; - i += 3; + MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); while ( crt != NULL ) { - n = crt->raw.len; - if( n > buflen - 3 - i ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET " > %d", - i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } + size_t cert_data_len = crt->raw.len; - buf[i] = (unsigned char)( n >> 16 ); - buf[i + 1] = (unsigned char)( n >> 8 ); - buf[i + 2] = (unsigned char)( n ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, cert_data_len + 3 + 2 ); + MBEDTLS_PUT_UINT24_BE( cert_data_len, p, 0 ); + p += 3; - i += 3; memcpy( buf + i, crt->raw.p, n ); - i += n; crt = crt->next; + memcpy( p, crt->raw.p, cert_data_len ); + p += cert_data_len; + crt = crt->next; /* Currently, we don't have any certificate extensions defined. * Hence, we are sending an empty extension with length zero. */ - buf[i] = 0; - buf[i + 1] = 0; - i += 2; + MBEDTLS_PUT_UINT24_BE( 0, p, 0 ); + p += 2; } - total_len = &buf[i] - start - 3; - *start++ = (unsigned char)( ( total_len ) >> 16 ); - *start++ = (unsigned char)( ( total_len ) >> 8 ); - *start++ = (unsigned char)( ( total_len ) ); - *olen = i; + MBEDTLS_PUT_UINT24_BE( p - certificate_list - 3, certificate_list, 0); + + *olen = p - buf; return( 0 ); } @@ -1005,8 +1017,10 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate( ssl, buf, buf_len, - &msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl, + buf, + buf + buf_len, + &msg_len ) ); mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE, From aa6214a5716ec184754a393f05bd5f5299faa4b7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 30 Jan 2022 19:53:28 +0800 Subject: [PATCH 13/35] add empty client certificate tests Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 96ded8fa3..f438f9524 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9822,6 +9822,41 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "<= write empty client certificate" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "<= write empty client certificate" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C From 22abd06cd00fc25e2449612b0b27997e7c1bcd44 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 30 Jan 2022 20:02:47 +0800 Subject: [PATCH 14/35] Add rsa key check Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f438f9524..bc2cfeb79 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9805,6 +9805,43 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest, RSA not support - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli-rsa-sha256.crt \ + key_file=data_files/cli-rsa.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Only ECDSA signature algorithms are supported." + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest, RSA not support - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli-rsa-sha256.crt \ + key_file=data_files/cli-rsa.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Only ECDSA signature algorithms are supported." + requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9864,7 +9901,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ -c "=> parse certificate request" \ From a23b9d954c951781f9aa083db88094c09fda8f1f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 9 Feb 2022 19:57:53 +0800 Subject: [PATCH 15/35] fix undefine error Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e4195bf4b..0c6f9b5cb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1906,8 +1906,10 @@ static inline const void *mbedtls_ssl_get_sig_algs( #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ } + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl, uint16_t own_sig_alg ) { @@ -1922,6 +1924,7 @@ static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ss } return( 0 ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, uint16_t proposed_sig_alg ) From 3e536442f576f35728cabf578db1e75b3e79337f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Feb 2022 11:05:59 +0800 Subject: [PATCH 16/35] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 +- library/ssl_tls13_generic.c | 156 +++++++++++++++++------------------- 2 files changed, 76 insertions(+), 84 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0c6f9b5cb..2e3c1ef51 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1737,12 +1737,12 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * Handler of TLS 1.3 write certificate message + * Handler of TLS 1.3 write Certificate message */ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); /* - * Handler of TLS 1.3 write certificate verify message + * Handler of TLS 1.3 write Certificate Verify message */ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c74721092..907ede7fb 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -855,12 +855,12 @@ cleanup: * if it is available. * Returns a negative error code on failure ( such as no certificate * being available on the server ), and otherwise - * SSL_WRITE_CERTIFICATE_AVAILABLE or + * SSL_WRITE_CERTIFICATE_SEND or * SSL_WRITE_CERTIFICATE_SKIP * indicating that a Certificate message should be written based * on the configured certificate, or whether it should be silently skipped. */ -#define SSL_WRITE_CERTIFICATE_AVAILABLE 0 +#define SSL_WRITE_CERTIFICATE_SEND 0 #define SSL_WRITE_CERTIFICATE_SKIP 1 static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) @@ -891,7 +891,7 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) } #endif /* MBEDTLS_SSL_CLI_C */ - return( SSL_WRITE_CERTIFICATE_AVAILABLE ); + return( SSL_WRITE_CERTIFICATE_SEND ); } @@ -920,12 +920,12 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) * } Certificate; */ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, - const unsigned char *buf, + unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); - unsigned char *p = (unsigned char *)buf; + unsigned char *p = buf; unsigned char *certificate_list; @@ -933,6 +933,11 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, /* empty certificate_request_context with length 0 */ *p++ = 0; + /* Reserve space for certificate_list_len */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); + certificate_list = p; + p += 3; + #if defined(MBEDTLS_SSL_CLI_C) /* If the server requests client authentication but no suitable * certificate is available, the client MUST send a @@ -941,23 +946,15 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, * * authmode indicates whether the client configuration required authentication. */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ( ( crt == NULL ) || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && crt == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3); - MBEDTLS_PUT_UINT24_BE( 0, p, 0); - p += 3; - *olen = p - buf; + MBEDTLS_PUT_UINT24_BE( 0, certificate_list, 0 ); + *out_len = p - buf; return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ - certificate_list = p; - /* Reserve space for certificate_list_len */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3); - p += 3; - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); while ( crt != NULL ) @@ -979,15 +976,14 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, p += 2; } - MBEDTLS_PUT_UINT24_BE( p - certificate_list - 3, certificate_list, 0); + MBEDTLS_PUT_UINT24_BE( p - certificate_list - 3, certificate_list, 0 ); - *olen = p - buf; + *out_len = p - buf; return( 0 ); } -/* Update the state after handling the outgoing certificate message. */ -static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) @@ -1001,7 +997,7 @@ static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) +int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ) { int ret; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); @@ -1009,7 +1005,7 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) /* Coordination: Check if we need to send a certificate. */ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) ); - if( ret == SSL_WRITE_CERTIFICATE_AVAILABLE ) + if( ret == SSL_WRITE_CERTIFICATE_SEND ) { unsigned char *buf; size_t buf_len, msg_len; @@ -1043,7 +1039,10 @@ cleanup: return( ret ); } -/* Coordinate: Check whether a certificate verify message should be sent. +/* + * STATE HANDLING: Output Certificate Verify + */ +/* Coordinate: Check whether a Certificate Verify message should be sent. * Returns a negative value on failure, and otherwise * - SSL_WRITE_CERTIFICATE_VERIFY_SKIP * - SSL_WRITE_CERTIFICATE_VERIFY_SEND @@ -1052,7 +1051,7 @@ cleanup: #define SSL_WRITE_CERTIFICATE_VERIFY_SKIP 0 #define SSL_WRITE_CERTIFICATE_VERIFY_SEND 1 static int ssl_tls13_write_certificate_verify_coordinate( - mbedtls_ssl_context* ssl ) + mbedtls_ssl_context *ssl ) { mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); @@ -1091,39 +1090,40 @@ static int ssl_tls13_write_certificate_verify_coordinate( #endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ } -static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, - unsigned char* buf, - size_t buflen, - size_t* olen ) +static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) { int ret; - size_t n = 0; - unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; - size_t verify_buffer_len; + unsigned char *p = buf; mbedtls_pk_context *own_key; - size_t own_key_size; - unsigned int md_alg; - int sig_alg; - unsigned char verify_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; - size_t verify_hash_len; + unsigned char handshake_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; size_t handshake_hash_len; - unsigned char *p; + unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; + size_t verify_buffer_len; + size_t own_key_size; + unsigned int md_alg; + int algorithm; + size_t signature_len = 0; const mbedtls_md_info_t *md_info; - unsigned char * const end = buf + buflen; + unsigned char verify_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + size_t verify_hash_len; - p = buf; - if( buflen < 2 + MBEDTLS_MD_MAX_SIZE ) + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 + MBEDTLS_TLS1_3_MD_MAX_SIZE ); + + own_key = mbedtls_ssl_own_key( ssl ); + if( own_key == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too short" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } /* * Check whether the signature scheme corresponds to the key we are using */ - if( mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ) != - MBEDTLS_SSL_SIG_ECDSA ) + if( mbedtls_ssl_sig_from_pk( own_key ) != MBEDTLS_SSL_SIG_ECDSA ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "CertificateVerify: Only ECDSA signature algorithms are supported." ) ); @@ -1159,40 +1159,34 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, */ /* Determine size of key */ - own_key = mbedtls_ssl_own_key( ssl ); - if( own_key != NULL) + own_key_size = mbedtls_pk_get_bitlen( own_key ); + switch( own_key_size ) { - own_key_size = mbedtls_pk_get_bitlen( own_key ); - switch( own_key_size ) - { - case 256: - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - break; - case 384: - md_alg = MBEDTLS_MD_SHA384; - sig_alg = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + case 256: + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + break; + case 384: + md_alg = MBEDTLS_MD_SHA384; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" MBEDTLS_PRINTF_SIZET + " bits", + own_key_size ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - else + + + if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( !mbedtls_ssl_sig_alg_is_received( ssl, sig_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - *(p++) = (unsigned char)( ( sig_alg >> 8 ) & 0xFF ); - *(p++) = (unsigned char)( ( sig_alg >> 0 ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 ); + p += 2; /* Hash verify buffer with indicated hash function */ md_info = mbedtls_md_info_from_type( md_alg ); @@ -1208,24 +1202,22 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, if( ( ret = mbedtls_pk_sign( own_key, md_alg, verify_hash, verify_hash_len, - p + 2, (size_t)( end - ( p + 2 ) ), &n, + p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); } - // unsigned char * x= p; - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n >> 0 ); - p += 2 + n; + MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 ); + p += 2 + signature_len; + + *out_len = (size_t)( p - buf ); - *olen = (size_t)( p - buf ); - MBEDTLS_SSL_DEBUG_BUF( 3, "xverify hash", buf, *olen ); return( ret ); } -static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) @@ -1241,7 +1233,7 @@ static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl ) return( 0 ); } -int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context* ssl ) +int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) { int ret = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); @@ -1258,7 +1250,7 @@ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( - ssl, buf, buf_len, &msg_len ) ); + ssl, buf, buf + buf_len, &msg_len ) ); mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); From 537530d57aa16b4c532f319acbd1e69e8594e252 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Feb 2022 14:00:57 +0800 Subject: [PATCH 17/35] Add certificate request echo Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 907ede7fb..3cf9745ab 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -930,8 +930,17 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, /* Write certificate_request_context */ - /* empty certificate_request_context with length 0 */ - *p++ = 0; + *p++ = ssl->handshake->certificate_request_context_len; + if( ssl->handshake->certificate_request_context_len > 0 ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, + ssl->handshake->certificate_request_context_len ); + memcpy( p, + ssl->handshake->certificate_request_context, + ssl->handshake->certificate_request_context_len ); + p += ssl->handshake->certificate_request_context_len; + } + /* Reserve space for certificate_list_len */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); From ca133a34c5a920da195071986159912c297653e4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Feb 2022 14:22:05 +0800 Subject: [PATCH 18/35] Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 8 ++-- library/ssl_tls13_generic.c | 78 ++++++++++++++++--------------------- tests/ssl-opt.sh | 10 +---- 3 files changed, 39 insertions(+), 57 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 207098c34..30b1ed44f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1917,11 +1917,11 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); #else #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ssl->handshake->client_auth ) - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); - else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ return( 0 ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3cf9745ab..f65e2b68e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -997,7 +997,14 @@ static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); + if( ssl->handshake->client_auth && crt != NULL ) + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + } + else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); return( 0 ); } else @@ -1051,14 +1058,6 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ -/* Coordinate: Check whether a Certificate Verify message should be sent. - * Returns a negative value on failure, and otherwise - * - SSL_WRITE_CERTIFICATE_VERIFY_SKIP - * - SSL_WRITE_CERTIFICATE_VERIFY_SEND - * to indicate if the CertificateVerify message should be sent or not. - */ -#define SSL_WRITE_CERTIFICATE_VERIFY_SKIP 0 -#define SSL_WRITE_CERTIFICATE_VERIFY_SEND 1 static int ssl_tls13_write_certificate_verify_coordinate( mbedtls_ssl_context *ssl ) { @@ -1066,8 +1065,8 @@ static int ssl_tls13_write_certificate_verify_coordinate( if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); - return( SSL_WRITE_CERTIFICATE_VERIFY_SKIP ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -1078,8 +1077,8 @@ static int ssl_tls13_write_certificate_verify_coordinate( crt == NULL || ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); - return( SSL_WRITE_CERTIFICATE_VERIFY_SKIP ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } } #endif /* MBEDTLS_SSL_CLI_C */ @@ -1087,10 +1086,10 @@ static int ssl_tls13_write_certificate_verify_coordinate( if( crt == NULL && ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - return( SSL_WRITE_CERTIFICATE_VERIFY_SEND ); + return( 0 ); #else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); ((void) crt); @@ -1245,34 +1244,27 @@ static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context *ssl ) int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) { int ret = 0; + unsigned char *buf; + size_t buf_len, msg_len; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); /* Coordination step: Check if we need to send a CertificateVerify */ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_verify_coordinate( ssl ) ); - if( ret == SSL_WRITE_CERTIFICATE_VERIFY_SEND ) - { - unsigned char *buf; - size_t buf_len, msg_len; + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, - MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( + ssl, buf, buf + buf_len, &msg_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( - ssl, buf, buf + buf_len, &msg_len ) ); + mbedtls_ssl_tls13_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); + /* Update state */ + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); - mbedtls_ssl_tls13_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); - /* Update state */ - MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); - - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( - ssl, buf_len, msg_len ) ); - } - else - { - MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) ); - } + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( + ssl, buf_len, msg_len ) ); cleanup: @@ -1578,17 +1570,13 @@ static int ssl_tls13_finalize_change_cipher_spec( mbedtls_ssl_context* ssl ) break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ssl->handshake->client_auth ) - { - mbedtls_ssl_handshake_set_state( ssl, + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); - } - else +#else + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_FINISHED ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - { - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_CLIENT_FINISHED ); - } + break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bc2cfeb79..99ff60087 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9874,7 +9874,6 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ -c "got a certificate request" \ -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "<= write empty client certificate" requires_openssl_tls1_3 @@ -9891,7 +9890,6 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ -c "got a certificate request" \ -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "<= write empty client certificate" requires_openssl_tls1_3 @@ -9939,9 +9937,7 @@ run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" 0 \ -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "<= parse certificate request" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9956,9 +9952,7 @@ run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" 0 \ -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "<= parse certificate request" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From 3391ac00d3e635dc57aeb918cdfddbf577972b47 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Feb 2022 11:21:37 +0800 Subject: [PATCH 19/35] fix various issue Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 93 +++++++++---------------------------- 1 file changed, 22 insertions(+), 71 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f65e2b68e..b93fd6c59 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -860,8 +860,8 @@ cleanup: * indicating that a Certificate message should be written based * on the configured certificate, or whether it should be silently skipped. */ -#define SSL_WRITE_CERTIFICATE_SEND 0 -#define SSL_WRITE_CERTIFICATE_SKIP 1 +#define SSL_WRITE_CERTIFICATE_SEND 0 +#define SSL_WRITE_CERTIFICATE_SKIP 1 static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) { @@ -929,41 +929,29 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, unsigned char *certificate_list; - /* Write certificate_request_context */ + /* ... + * opaque certificate_request_context<0..2^8-1>; + * ... + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, + ssl->handshake->certificate_request_context_len + 1 ); *p++ = ssl->handshake->certificate_request_context_len; if( ssl->handshake->certificate_request_context_len > 0 ) { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, - ssl->handshake->certificate_request_context_len ); memcpy( p, ssl->handshake->certificate_request_context, ssl->handshake->certificate_request_context_len ); p += ssl->handshake->certificate_request_context_len; } - - /* Reserve space for certificate_list_len */ + /* ... + * CertificateEntry certificate_list<0..2^24-1>; + * ... + */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); certificate_list = p; p += 3; -#if defined(MBEDTLS_SSL_CLI_C) - /* If the server requests client authentication but no suitable - * certificate is available, the client MUST send a - * Certificate message containing no certificates - * ( i.e., with the "certificate_list" field having length 0 ). - * - * authmode indicates whether the client configuration required authentication. - */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && crt == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write empty client certificate" ) ); - MBEDTLS_PUT_UINT24_BE( 0, certificate_list, 0 ); - *out_len = p - buf; - return( 0 ); - } -#endif /* MBEDTLS_SSL_CLI_C */ - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); while ( crt != NULL ) @@ -1058,46 +1046,6 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ -static int ssl_tls13_write_certificate_verify_coordinate( - mbedtls_ssl_context *ssl ) -{ - mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); - - if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - if( ssl->handshake->client_auth == 0 || - crt == NULL || - ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - if( crt == NULL && - ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - return( 0 ); -#else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ((void) crt); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - -#endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -} - static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, @@ -1116,11 +1064,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, int algorithm; size_t signature_len = 0; const mbedtls_md_info_t *md_info; - unsigned char verify_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; + unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; size_t verify_hash_len; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 + MBEDTLS_TLS1_3_MD_MAX_SIZE ); - own_key = mbedtls_ssl_own_key( ssl ); if( own_key == NULL ) { @@ -1178,6 +1124,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, md_alg = MBEDTLS_MD_SHA384; algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; break; + case 521: + md_alg = MBEDTLS_MD_SHA512; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + break; default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET @@ -1190,9 +1140,13 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + /* Check there is space for the algorithm identifier (2 bytes) and the + * signature length (2 bytes). + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 ); p += 2; @@ -1249,9 +1203,6 @@ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); - /* Coordination step: Check if we need to send a CertificateVerify */ - MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_verify_coordinate( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); From 37987ddd0f5d334afbaa919d41bb18debec4ea4a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Feb 2022 14:52:39 +0800 Subject: [PATCH 20/35] Add test cases Add test cases for different sig algs. Known issue is rsa_pss_rsae_sha256 fail Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 140 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 99ff60087..6ce8a3c14 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9873,8 +9873,7 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "<= write empty client certificate" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9889,8 +9888,7 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "<= write empty client certificate" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9925,6 +9923,140 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +#This test is expected fail now. It should be fixed later +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +#This test is expected fail now. It should be fixed later +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C From 7db5b8f68c4a82b3c798bf28a724c5fd3bb9cc2a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 18:30:13 +0800 Subject: [PATCH 21/35] add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 95 +++++++++++++++++++++++-------------- tests/ssl-opt.sh | 14 +++--- 2 files changed, 66 insertions(+), 43 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index b93fd6c59..c26bd9839 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1059,6 +1059,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t handshake_hash_len; unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; + unsigned char signature_type; size_t own_key_size; unsigned int md_alg; int algorithm; @@ -1074,19 +1075,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - /* - * Check whether the signature scheme corresponds to the key we are using - */ - if( mbedtls_ssl_sig_from_pk( own_key ) != MBEDTLS_SSL_SIG_ECDSA ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "CertificateVerify: Only ECDSA signature algorithms are supported." ) ); - - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "%d", mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ) ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - /* Calculate the transcript hash */ ret = mbedtls_ssl_get_handshake_transcript( ssl, ssl->handshake->ciphersuite_info->mac, @@ -1111,31 +1099,68 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - - /* Determine size of key */ - own_key_size = mbedtls_pk_get_bitlen( own_key ); - switch( own_key_size ) + signature_type = mbedtls_ssl_sig_from_pk( own_key ); + switch( signature_type ) { - case 256: - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + /* Determine size of key */ + own_key_size = mbedtls_pk_get_bitlen( own_key ); + switch( own_key_size ) + { + case 256: + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + break; + case 384: + md_alg = MBEDTLS_MD_SHA384; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + break; + case 521: + md_alg = MBEDTLS_MD_SHA512; + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } break; - case 384: - md_alg = MBEDTLS_MD_SHA384; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - break; - case 521: - md_alg = MBEDTLS_MD_SHA512; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" MBEDTLS_PRINTF_SIZET - " bits", - own_key_size ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) + case MBEDTLS_SSL_SIG_RSA: + /* Determine size of key */ + own_key_size = mbedtls_pk_get_bitlen( own_key ); + switch( own_key_size ) + { + case 2048: + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), + MBEDTLS_RSA_PKCS_V21, + md_alg ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + break; +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ + default: + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "unkown pk type : %d", signature_type ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6ce8a3c14..5b292d013 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10022,24 +10022,22 @@ run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" -#This test is expected fail now. It should be fixed later requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key" \ - 1 \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" -#This test is expected fail now. It should be fixed later requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -10049,8 +10047,8 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key" \ - 1 \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ From 42ea733fdc059398dc9683661a8d04c2188e45b0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Feb 2022 20:55:34 +0800 Subject: [PATCH 22/35] remove RSA not found test Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5b292d013..2a770b44b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9805,43 +9805,6 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: CertificateRequest, RSA not support - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli-rsa-sha256.crt \ - key_file=data_files/cli-rsa.key" \ - 1 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Only ECDSA signature algorithms are supported." - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: CertificateRequest, RSA not support - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli-rsa-sha256.crt \ - key_file=data_files/cli-rsa.key" \ - 1 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Only ECDSA signature algorithms are supported." - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -10027,6 +9990,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ @@ -10044,6 +10008,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_RSA_C run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ From c8d8d4e01ab577a26d5e95606a532c2576b41082 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 12:10:03 +0800 Subject: [PATCH 23/35] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 38 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c26bd9839..c9a95e193 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -863,7 +863,7 @@ cleanup: #define SSL_WRITE_CERTIFICATE_SEND 0 #define SSL_WRITE_CERTIFICATE_SKIP 1 -static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) +static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context *ssl ) { /* For PSK and ECDHE-PSK ciphersuites there is no certificate to exchange. */ @@ -926,22 +926,23 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, { const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl ); unsigned char *p = buf; - unsigned char *certificate_list; + unsigned char *certificate_request_context = + ssl->handshake->certificate_request_context; + unsigned char certificate_request_context_len = + ssl->handshake->certificate_request_context_len; + unsigned char *p_certificate_list_len; /* ... * opaque certificate_request_context<0..2^8-1>; * ... */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, - ssl->handshake->certificate_request_context_len + 1 ); - *p++ = ssl->handshake->certificate_request_context_len; - if( ssl->handshake->certificate_request_context_len > 0 ) + MBEDTLS_SSL_CHK_BUF_PTR( p, end, certificate_request_context_len + 1 ); + *p++ = certificate_request_context_len; + if( certificate_request_context_len > 0 ) { - memcpy( p, - ssl->handshake->certificate_request_context, - ssl->handshake->certificate_request_context_len ); - p += ssl->handshake->certificate_request_context_len; + memcpy( p, certificate_request_context, certificate_request_context_len ); + p += certificate_request_context_len; } /* ... @@ -949,12 +950,12 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, * ... */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); - certificate_list = p; + p_certificate_list_len = p; p += 3; MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt ); - while ( crt != NULL ) + while( crt != NULL ) { size_t cert_data_len = crt->raw.len; @@ -973,7 +974,8 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, p += 2; } - MBEDTLS_PUT_UINT24_BE( p - certificate_list - 3, certificate_list, 0 ); + MBEDTLS_PUT_UINT24_BE( p - p_certificate_list_len - 3, + p_certificate_list_len, 0 ); *out_len = p - buf; @@ -1061,8 +1063,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t verify_buffer_len; unsigned char signature_type; size_t own_key_size; - unsigned int md_alg; - int algorithm; + mbedtls_md_type_t md_alg; + uint16_t algorithm; size_t signature_len = 0; const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; @@ -1075,7 +1077,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - /* Calculate the transcript hash */ ret = mbedtls_ssl_get_handshake_transcript( ssl, ssl->handshake->ciphersuite_info->mac, handshake_hash, @@ -1088,7 +1089,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, handshake_hash, handshake_hash_len); - /* Create verify structure */ ssl_tls13_create_verify_structure( handshake_hash, handshake_hash_len, verify_buffer, &verify_buffer_len, ssl->conf->endpoint ); @@ -1104,7 +1104,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: - /* Determine size of key */ + /* Determine the size of the key */ own_key_size = mbedtls_pk_get_bitlen( own_key ); switch( own_key_size ) { @@ -1132,7 +1132,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) case MBEDTLS_SSL_SIG_RSA: - /* Determine size of key */ + /* Determine the size of the key */ own_key_size = mbedtls_pk_get_bitlen( own_key ); switch( own_key_size ) { From 4bfa22aeb35236181a263ce856e863a488765ea1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 12:13:08 +0800 Subject: [PATCH 24/35] remove useless config option Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2a770b44b..9e9f80592 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9827,7 +9827,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ @@ -9842,7 +9841,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ @@ -9857,7 +9855,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ @@ -9874,7 +9871,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ @@ -9890,7 +9886,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -9907,7 +9902,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -9923,7 +9917,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -9940,7 +9933,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -9956,7 +9948,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -9973,7 +9964,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -9989,7 +9979,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_RSA_C run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ @@ -10007,7 +9996,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_RSA_C run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ @@ -10024,7 +10012,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ @@ -10039,7 +10026,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ From 46b53b9920f6a5b34c088b187ef8c240cdb9ddba Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 12:14:21 +0800 Subject: [PATCH 25/35] remove duplicate test Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9e9f80592..35401e043 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9789,39 +9789,6 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \ -S "Version: TLS1.2" \ -C "Protocol : TLSv1.2" -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ - key_file=data_files/cli2.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ - key_file=data_files/cli2.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 6c3d821ff18ea671bc2ebfd0c94aa4db22a32247 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 15:23:23 +0800 Subject: [PATCH 26/35] update ssl-opt test cases Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 296 ++++++++++++++++++++++------------------------- 1 file changed, 139 insertions(+), 157 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35401e043..7b82f0991 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9789,47 +9789,45 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \ -S "Version: TLS1.2" \ -C "Protocol : TLSv1.2" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ - key_file=none" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ +run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ key_file=none" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -s "TLS 1.3" \ + -c "HTTP/1.0 200 ok" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ + -s "Version: TLS1.3" \ + -c "HTTP/1.0 200 OK" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ +run_test "TLS 1.3: Client authentication, no server middlebox compatibility - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" @@ -9838,14 +9836,12 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ +run_test "TLS 1.3: Client authentication, no server middlebox compatibility - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" @@ -9853,154 +9849,140 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ - key_file=data_files/ecdsa_secp256r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ - key_file=data_files/ecdsa_secp256r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ - key_file=data_files/ecdsa_secp384r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ - key_file=data_files/ecdsa_secp384r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ - key_file=data_files/ecdsa_secp521r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ - key_file=data_files/ecdsa_secp521r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ - key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: No client authentication, client has certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From 562a0fddf017a61a3d4de7c0b2bb5215b73f8f5c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 15:35:11 +0800 Subject: [PATCH 27/35] Add client version check Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7b82f0991..c61f2352f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9801,7 +9801,8 @@ run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -s "TLS 1.3" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9816,7 +9817,9 @@ run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ -s "Version: TLS1.3" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Protocol is TLSv1.3" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9829,7 +9832,8 @@ run_test "TLS 1.3: Client authentication, no server middlebox compatibility - 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9843,7 +9847,8 @@ run_test "TLS 1.3: Client authentication, no server middlebox compatibility - 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9857,7 +9862,8 @@ run_test "TLS 1.3: No client authentication, client has certificate - openssl 0 \ -c "got no certificate request" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9872,7 +9878,8 @@ run_test "TLS 1.3: No client authentication, client has certificate- gnutls" 0 \ -c "got no certificate request" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9885,7 +9892,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9899,7 +9907,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9912,7 +9921,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9926,7 +9936,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9939,7 +9950,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9953,7 +9965,8 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9967,7 +9980,8 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9982,7 +9996,8 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From d66409ae924ec1ecb1018e603f4c24b6b0af5f02 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 16:42:24 +0800 Subject: [PATCH 28/35] Add non support sig alg check and test Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 5 ++++- tests/ssl-opt.sh | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c9a95e193..2338bebb8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1164,7 +1164,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm not in received list." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c61f2352f..61c4407a6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9861,7 +9861,7 @@ run_test "TLS 1.3: No client authentication, client has certificate - openssl key_file=data_files/cli2.key" \ 0 \ -c "got no certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3" @@ -9871,13 +9871,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \ +run_test "TLS 1.3: No client authentication, client has certificate - gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ -c "got no certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3" From 2124d05e065a1da6adec10deac5042e87bec3f95 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 21:07:18 +0800 Subject: [PATCH 29/35] Add sha384 and sha512 case Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 53 ++++++++++++++++++++++++++++--------- tests/ssl-opt.sh | 32 ++++++++++++++++++++++ 2 files changed, 72 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2338bebb8..4960c9a9d 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1125,6 +1125,12 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET " bits", own_key_size ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm not in " + "received or offered list." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } break; @@ -1134,25 +1140,46 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, case MBEDTLS_SSL_SIG_RSA: /* Determine the size of the key */ own_key_size = mbedtls_pk_get_bitlen( own_key ); - switch( own_key_size ) + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) { - case 2048: - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; } + else if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) + { + md_alg = MBEDTLS_MD_SHA384; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) + { + md_alg = MBEDTLS_MD_SHA512; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm not in received or offered list." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), MBEDTLS_RSA_PKCS_V21, md_alg ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } break; #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ @@ -1165,7 +1192,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm not in received list." ) ); + ( "signature algorithm not in received or offered list." ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 61c4407a6..36cbe3751 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9999,6 +9999,38 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, client algorithm not in server list - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox + -sigalgs ecdsa_secp256r1_sha256" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "signature algorithm not in received or offered list." + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, client algorithm not in server list - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "signature algorithm not in received or offered list." + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C From 819f29730a9fda6b17f6ffad19ef54c7a5a4c43d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Feb 2022 10:14:24 +0800 Subject: [PATCH 30/35] fix various issues in ssl-opt Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 73 ++++++++++++++++++------------------------------ 1 file changed, 27 insertions(+), 46 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 36cbe3751..9ec9d18c9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9793,8 +9793,9 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ key_file=none" \ 0 \ @@ -9809,8 +9810,9 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ key_file=none" \ 0 \ @@ -9825,7 +9827,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: Client authentication, no server middlebox compatibility - openssl" \ +run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ @@ -9840,7 +9842,7 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: Client authentication, no server middlebox compatibility - gnutls" \ +run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ @@ -9854,39 +9856,9 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: No client authentication, client has certificate - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ - key_file=data_files/cli2.key" \ - 0 \ - -c "got no certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: No client authentication, client has certificate - gnutls" \ - "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ - key_file=data_files/cli2.key" \ - 0 \ - -c "got no certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ key_file=data_files/ecdsa_secp256r1.key" \ 0 \ @@ -9900,8 +9872,9 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ key_file=data_files/ecdsa_secp256r1.key" \ 0 \ @@ -9914,8 +9887,9 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ key_file=data_files/ecdsa_secp384r1.key" \ 0 \ @@ -9929,8 +9903,9 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ key_file=data_files/ecdsa_secp384r1.key" \ 0 \ @@ -9943,8 +9918,9 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ key_file=data_files/ecdsa_secp521r1.key" \ 0 \ @@ -9958,8 +9934,9 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ key_file=data_files/ecdsa_secp521r1.key" \ 0 \ @@ -9973,8 +9950,9 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ 0 \ @@ -9989,8 +9967,9 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ 0 \ @@ -10004,8 +9983,9 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, client algorithm not in server list - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ @@ -10021,8 +10001,9 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C -run_test "TLS 1.3: Client authentication, client algorithm not in server list - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 1 \ From 782720787fcf0daed0ff74c7783c35322e4f0a90 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Feb 2022 10:28:13 +0800 Subject: [PATCH 31/35] Refactor write_certificate_verify Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4960c9a9d..cea381102 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1064,7 +1064,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char signature_type; size_t own_key_size; mbedtls_md_type_t md_alg; - uint16_t algorithm; + uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; size_t signature_len = 0; const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; @@ -1100,12 +1100,12 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * } CertificateVerify; */ signature_type = mbedtls_ssl_sig_from_pk( own_key ); + /* Determine the size of the key */ + own_key_size = mbedtls_pk_get_bitlen( own_key ); switch( signature_type ) { #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: - /* Determine the size of the key */ - own_key_size = mbedtls_pk_get_bitlen( own_key ); switch( own_key_size ) { case 256: @@ -1125,21 +1125,13 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET " bits", own_key_size ) ); - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm not in " - "received or offered list." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + break; } break; #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) case MBEDTLS_SSL_SIG_RSA: - /* Determine the size of the key */ - own_key_size = mbedtls_pk_get_bitlen( own_key ); if( own_key_size <= 2048 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) @@ -1166,12 +1158,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" MBEDTLS_PRINTF_SIZET " bits", own_key_size ) ); - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm not in received or offered list." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + break; } if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), @@ -1189,7 +1176,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) + if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || + ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); From ccb005e35f8f507939e090fb25a2ccc118d5271f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Feb 2022 17:38:34 +0800 Subject: [PATCH 32/35] fix missing feedback address Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9ec9d18c9..42f97cd87 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9984,7 +9984,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -run_test "TLS 1.3: Client authentication, client algorithm not in server list - openssl" \ +run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ From 2ff6ba1df027ad86d05818e9072bf465de812750 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Feb 2022 10:38:25 +0800 Subject: [PATCH 33/35] Remove rsa_pss_rsae_sha256 support. Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 42 +------------------------------------ tests/ssl-opt.sh | 28 ++++++++++++++----------- 2 files changed, 17 insertions(+), 53 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cea381102..d0486983e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1130,50 +1130,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) - case MBEDTLS_SSL_SIG_RSA: - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) - { - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - } - else if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) - { - md_alg = MBEDTLS_MD_SHA384; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - } - else if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) - { - md_alg = MBEDTLS_MD_SHA512; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - - if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), - MBEDTLS_RSA_PKCS_V21, - md_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - break; -#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "unkown pk type : %d", signature_type ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + break; } if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 42f97cd87..81bdbe4c0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9954,12 +9954,13 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ - key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" + -c "unkown pk type" \ + -c "signature algorithm not in received or offered list." requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9971,12 +9972,13 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" + -c "unkown pk type" \ + -c "signature algorithm not in received or offered list." requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9987,13 +9989,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ - key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." + -c "signature algorithm not in received or offered list." \ + -C "unkown pk type" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -10004,13 +10007,14 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 1 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "signature algorithm not in received or offered list." + -c "signature algorithm not in received or offered list." \ + -C "unkown pk type" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE From 0b7b101b3b1bdb9e8498f9d89e3b36d1874a2e72 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Feb 2022 12:23:05 +0800 Subject: [PATCH 34/35] fix warnings Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d0486983e..a8fcb0756 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1062,7 +1062,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; unsigned char signature_type; +#if defined(MBEDTLS_ECDSA_C) size_t own_key_size; +#endif /* MBEDTLS_ECDSA_C */ mbedtls_md_type_t md_alg; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; size_t signature_len = 0; @@ -1070,6 +1072,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; size_t verify_hash_len; + *out_len = 0; + own_key = mbedtls_ssl_own_key( ssl ); if( own_key == NULL ) { @@ -1100,8 +1104,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * } CertificateVerify; */ signature_type = mbedtls_ssl_sig_from_pk( own_key ); +#if defined(MBEDTLS_ECDSA_C) /* Determine the size of the key */ own_key_size = mbedtls_pk_get_bitlen( own_key ); +#endif /* MBEDTLS_ECDSA_C */ switch( signature_type ) { #if defined(MBEDTLS_ECDSA_C) From 71f36f1d2ef7ed4fd1fecc302f18a9a0a6813ad8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Feb 2022 17:34:29 +0800 Subject: [PATCH 35/35] change alert message type Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a8fcb0756..8b0d93e20 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1147,7 +1147,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); }