diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 30f5035cbc..88427effb5 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -608,7 +608,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->verify_cookie != NULL ) + ssl->handshake->cookie != NULL ) { return( 0 ); } @@ -846,7 +846,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); - if( ssl->handshake->verify_cookie == NULL ) + if( ssl->handshake->cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); *p++ = 0; @@ -854,15 +854,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) else { MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", - ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + ssl->handshake->cookie, + ssl->handshake->verify_cookie_len ); *p++ = ssl->handshake->verify_cookie_len; MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->handshake->verify_cookie_len ); - memcpy( p, ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + memcpy( p, ssl->handshake->cookie, + ssl->handshake->verify_cookie_len ); p += ssl->handshake->verify_cookie_len; } } @@ -1645,16 +1645,16 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); - mbedtls_free( ssl->handshake->verify_cookie ); + mbedtls_free( ssl->handshake->cookie ); - ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); - if( ssl->handshake->verify_cookie == NULL ) + ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len ); + if( ssl->handshake->cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } - memcpy( ssl->handshake->verify_cookie, p, cookie_len ); + memcpy( ssl->handshake->cookie, p, cookie_len ); ssl->handshake->verify_cookie_len = cookie_len; /* Start over at ClientHello */ @@ -1736,8 +1736,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) else { /* We made it through the verification process */ - mbedtls_free( ssl->handshake->verify_cookie ); - ssl->handshake->verify_cookie = NULL; + mbedtls_free( ssl->handshake->cookie ); + ssl->handshake->cookie = NULL; ssl->handshake->verify_cookie_len = 0; } } diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a02b712ceb..c4621e7ca7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -704,14 +704,20 @@ struct mbedtls_ssl_handshake_params } buffering; -#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie - * for dtls / tls 1.3 - * Srv: unused */ - unsigned char verify_cookie_len; /*!< Cli: cookie length for - * dtls / tls 1.3 +#if defined(MBEDTLS_SSL_CLI_C) && \ + ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) + unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS + * HelloRetryRequest cookie for TLS 1.3 */ +#endif /* MBEDTLS_SSL_CLI_C && + ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie + * length * Srv: flag for sending a cookie */ -#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */ +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0177add1f4..7c7c1601f8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3100,9 +3100,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_pk_free( &handshake->peer_pubkey ); #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_free( handshake->verify_cookie ); -#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_CLI_C) && \ + ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) + mbedtls_free( handshake->cookie ); +#endif /* MBEDTLS_SSL_CLI_C && + ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) mbedtls_ssl_flight_free( handshake->flight ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 05b79415da..165aa9d842 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -659,7 +659,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { - size_t cookie_len; + uint16_t cookie_len; const unsigned char *p = buf; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -671,19 +671,55 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len ); - mbedtls_free( handshake->verify_cookie ); - handshake->verify_cookie_len = 0; - handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); - if( handshake->verify_cookie == NULL ) + mbedtls_free( handshake->cookie ); + handshake->hrr_cookie_len = 0; + handshake->cookie = mbedtls_calloc( 1, cookie_len ); + if( handshake->cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )", + ( "alloc failed ( %ud bytes )", cookie_len ) ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } - memcpy( handshake->verify_cookie, p, cookie_len ); - handshake->verify_cookie_len = (unsigned char) cookie_len; + memcpy( handshake->cookie, p, cookie_len ); + handshake->hrr_cookie_len = cookie_len; + + return( 0 ); +} + +static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + *out_len = 0; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + if( handshake->cookie == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) ); + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", + handshake->cookie, + handshake->hrr_cookie_len ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) ); + + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 ); + MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 ); + MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 ); + p += 6; + + /* Cookie */ + memcpy( p, handshake->cookie, handshake->hrr_cookie_len ); + + *out_len = handshake->hrr_cookie_len + 6; return( 0 ); } @@ -873,6 +909,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, p += output_len; #endif /* MBEDTLS_SSL_ALPN */ + /* Echo the cookie if the server provided one in its preceding + * HelloRetryRequest message. + */ + ret = ssl_tls13_write_cookie_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index fa7663ba72..291fe1c44d 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -3474,3 +3474,683 @@ run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \ -c "NamedGroup: x448 ( 1e )" \ -c "Verifying peer X.509 certificate... ok" \ -C "received HelloRetryRequest message" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x25519 -> x448" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->O: HRR x448 -> x25519" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + 0 \ + -c "HTTP/1.0 200 ok" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x25519 -> x448" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 30 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp256r1 ( 17 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 23 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp384r1 ( 18 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 24 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: secp521r1 ( 19 )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 25 )" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_gnutls_next_disable_tls13_compat +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3 m->G: HRR x448 -> x25519" \ + "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \ + "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \ + 0 \ + -c "HTTP/1.0 200 OK" \ + -c "NamedGroup: x448 ( 1e )" \ + -c "NamedGroup: x25519 ( 1d )" \ + -c "Verifying peer X.509 certificate... ok" \ + -c "received HelloRetryRequest message" \ + -c "selected_group ( 29 )" diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 5c429db4e9..7ff07e70cc 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -244,7 +244,7 @@ class GnuTLSServ(TLSProgram): priority_string_list.extend(update_priority_string_list( self._ciphers, self.CIPHER_SUITE)) else: - priority_string_list.append('CIPHER-ALL') + priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL']) if self._sig_algs: signature_algorithms = set(self._sig_algs + self._cert_sig_algs) @@ -375,6 +375,35 @@ def generate_compat_test(server=None, client=None, cipher=None, sig_alg=None, na return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) +def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=None, + client_named_group=None, server_named_group=None): + """ + Generate Hello Retry Request test case with `ssl-opt.sh` format. + """ + name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format( + client=client, server=server, c_named_group=client_named_group, + s_named_group=server_named_group) + server_object = SERVER_CLASSES[server](named_group=server_named_group, + cert_sig_alg=cert_sig_alg) + + client_object = CLIENT_CLASSES[client](named_group=client_named_group, + cert_sig_alg=cert_sig_alg) + client_object.add_named_groups(server_named_group) + + cmd = ['run_test "{}"'.format(name), '"{}"'.format( + server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] + cmd += server_object.post_checks() + cmd += client_object.post_checks() + cmd += ['-c "received HelloRetryRequest message"'] + cmd += ['-c "selected_group ( {:d} )"'.format( + NAMED_GROUP_IANA_VALUE[server_named_group])] + prefix = ' \\\n' + (' '*9) + cmd = prefix.join(cmd) + return '\n'.join(server_object.pre_checks() + + client_object.pre_checks() + + [cmd]) + + SSL_OUTPUT_HEADER = '''#!/bin/sh # {filename} @@ -404,7 +433,6 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh # ''' - def main(): """ Main function of this program @@ -461,6 +489,17 @@ def main(): yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group, server=server, client=client) + # Generate Hello Retry Request compat test cases + for client, server, client_named_group, server_named_group in \ + itertools.product(CLIENT_CLASSES.keys(), + SERVER_CLASSES.keys(), + NAMED_GROUP_IANA_VALUE.keys(), + NAMED_GROUP_IANA_VALUE.keys()): + if client_named_group != server_named_group: + yield generate_hrr_compat_test(client=client, server=server, + cert_sig_alg="ecdsa_secp256r1_sha256", + client_named_group=client_named_group, + server_named_group=server_named_group) if args.generate_all_tls13_compat_tests: if args.output: