lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #5369 from xkqian/add_2nd_client_hello

Browse Source 
Add 2nd client hello
This commit is contained in:
Ronald Cron
2022-03-28 12:18:41 +02:00
committed by GitHub
parent cefa904759 5c252620c5
commit e44d8e7eea
6 changed files with 803 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
library/ssl_cli.c
View File

@ -608,7 +608,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->verify_cookie != NULL ) ssl->handshake->cookie != NULL )
{ {
return( 0 ); return( 0 );
} }
@ -846,7 +846,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
if( ssl->handshake->verify_cookie == NULL ) if( ssl->handshake->cookie == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
*p++ = 0; *p++ = 0;
@ -854,15 +854,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
else else
{ {
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
ssl->handshake->verify_cookie, ssl->handshake->cookie,
ssl->handshake->verify_cookie_len ); ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len; *p++ = ssl->handshake->verify_cookie_len;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_SSL_CHK_BUF_PTR( p, end,
ssl->handshake->verify_cookie_len ); ssl->handshake->verify_cookie_len );
memcpy( p, ssl->handshake->verify_cookie, memcpy( p, ssl->handshake->cookie,
ssl->handshake->verify_cookie_len ); ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len; p += ssl->handshake->verify_cookie_len;
} }
} }
@ -1645,16 +1645,16 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
mbedtls_free( ssl->handshake->verify_cookie ); mbedtls_free( ssl->handshake->cookie );
ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
if( ssl->handshake->verify_cookie == NULL ) if( ssl->handshake->cookie == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
} }
memcpy( ssl->handshake->verify_cookie, p, cookie_len ); memcpy( ssl->handshake->cookie, p, cookie_len );
ssl->handshake->verify_cookie_len = cookie_len; ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */ /* Start over at ClientHello */
@ -1736,8 +1736,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
else else
{ {
/* We made it through the verification process */ /* We made it through the verification process */
mbedtls_free( ssl->handshake->verify_cookie ); mbedtls_free( ssl->handshake->cookie );
ssl->handshake->verify_cookie = NULL; ssl->handshake->cookie = NULL;
ssl->handshake->verify_cookie_len = 0; ssl->handshake->verify_cookie_len = 0;
} }
} }

20
library/ssl_misc.h
View File

@ -704,14 +704,20 @@ struct mbedtls_ssl_handshake_params
} buffering; } buffering;
#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_CLI_C) && \
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
* for dtls / tls 1.3 unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
* Srv: unused */ * HelloRetryRequest cookie for TLS 1.3 */
unsigned char verify_cookie_len; /*!< Cli: cookie length for #endif /* MBEDTLS_SSL_CLI_C &&
* dtls / tls 1.3 ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
* length
* Srv: flag for sending a cookie */ * Srv: flag for sending a cookie */
#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */

8
library/ssl_tls.c
View File

@ -3100,9 +3100,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
mbedtls_pk_free( &handshake->peer_pubkey ); mbedtls_pk_free( &handshake->peer_pubkey );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_CLI_C) && \
mbedtls_free( handshake->verify_cookie ); ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */ mbedtls_free( handshake->cookie );
#endif /* MBEDTLS_SSL_CLI_C &&
( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_ssl_flight_free( handshake->flight ); mbedtls_ssl_flight_free( handshake->flight );

60
library/ssl_tls13_client.c
View File

@ -659,7 +659,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
{ {
size_t cookie_len; uint16_t cookie_len;
const unsigned char *p = buf; const unsigned char *p = buf;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@ -671,19 +671,55 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
mbedtls_free( handshake->verify_cookie ); mbedtls_free( handshake->cookie );
handshake->verify_cookie_len = 0; handshake->hrr_cookie_len = 0;
handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); handshake->cookie = mbedtls_calloc( 1, cookie_len );
if( handshake->verify_cookie == NULL ) if( handshake->cookie == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )", ( "alloc failed ( %ud bytes )",
cookie_len ) ); cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
} }
memcpy( handshake->verify_cookie, p, cookie_len ); memcpy( handshake->cookie, p, cookie_len );
handshake->verify_cookie_len = (unsigned char) cookie_len; handshake->hrr_cookie_len = cookie_len;
return( 0 );
}
static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *out_len )
{
unsigned char *p = buf;
*out_len = 0;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
if( handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
return( 0 );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
handshake->cookie,
handshake->hrr_cookie_len );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 );
MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 );
p += 6;
/* Cookie */
memcpy( p, handshake->cookie, handshake->hrr_cookie_len );
*out_len = handshake->hrr_cookie_len + 6;
return( 0 ); return( 0 );
} }
@ -873,6 +909,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
p += output_len; p += output_len;
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
/* Echo the cookie if the server provided one in its preceding
* HelloRetryRequest message.
*/
ret = ssl_tls13_write_cookie_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*

680
tests/opt-testcases/tls13-compat.sh
View File

@ -3474,3 +3474,683 @@ run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
-c "NamedGroup: x448 ( 1e )" \ -c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \ -c "Verifying peer X.509 certificate... ok" \
-C "received HelloRetryRequest message" -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
0 \
-c "HTTP/1.0 200 ok" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 30 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 23 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 24 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 25 )"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
0 \
-c "HTTP/1.0 200 OK" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: x25519 ( 1d )" \
-c "Verifying peer X.509 certificate... ok" \
-c "received HelloRetryRequest message" \
-c "selected_group ( 29 )"

43
tests/scripts/generate_tls13_compat_tests.py
View File

@ -244,7 +244,7 @@ class GnuTLSServ(TLSProgram):
priority_string_list.extend(update_priority_string_list( priority_string_list.extend(update_priority_string_list(
self._ciphers, self.CIPHER_SUITE)) self._ciphers, self.CIPHER_SUITE))
else: else:
priority_string_list.append('CIPHER-ALL') priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
if self._sig_algs: if self._sig_algs:
signature_algorithms = set(self._sig_algs + self._cert_sig_algs) signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
@ -375,6 +375,35 @@ def generate_compat_test(server=None, client=None, cipher=None, sig_alg=None, na
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd]) return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=None,
client_named_group=None, server_named_group=None):
"""
Generate Hello Retry Request test case with `ssl-opt.sh` format.
"""
name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
client=client, server=server, c_named_group=client_named_group,
s_named_group=server_named_group)
server_object = SERVER_CLASSES[server](named_group=server_named_group,
cert_sig_alg=cert_sig_alg)
client_object = CLIENT_CLASSES[client](named_group=client_named_group,
cert_sig_alg=cert_sig_alg)
client_object.add_named_groups(server_named_group)
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
cmd += ['-c "received HelloRetryRequest message"']
cmd += ['-c "selected_group ( {:d} )"'.format(
NAMED_GROUP_IANA_VALUE[server_named_group])]
prefix = ' \\\n' + (' '*9)
cmd = prefix.join(cmd)
return '\n'.join(server_object.pre_checks() +
client_object.pre_checks() +
[cmd])
SSL_OUTPUT_HEADER = '''#!/bin/sh SSL_OUTPUT_HEADER = '''#!/bin/sh
# {filename} # {filename}
@ -404,7 +433,6 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh
# #
''' '''
def main(): def main():
""" """
Main function of this program Main function of this program
@ -461,6 +489,17 @@ def main():
yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group, yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group,
server=server, client=client) server=server, client=client)
# Generate Hello Retry Request compat test cases
for client, server, client_named_group, server_named_group in \
itertools.product(CLIENT_CLASSES.keys(),
SERVER_CLASSES.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys()):
if client_named_group != server_named_group:
yield generate_hrr_compat_test(client=client, server=server,
cert_sig_alg="ecdsa_secp256r1_sha256",
client_named_group=client_named_group,
server_named_group=server_named_group)
if args.generate_all_tls13_compat_tests: if args.generate_all_tls13_compat_tests:
if args.output: if args.output: