yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5166 from xffbai/code-align

Browse source 
Align the TLS 1.3 code with coding rules
This commit is contained in:
Ronald Cron 2021-12-06 10:54:00 +01:00 committed by GitHub
commit 8c8cea25c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 788 additions and 780 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/architecture/tls13-experimental.md
View file

@ -212,7 +212,7 @@ MVP definition
(1) Some support has already been upstreamed but it is incomplete.
(2) Key exchange configuration options for TLS 1.3 will likely to be
organized around the notion of key exchange mode along the line
of the MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
of the MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
runtime configuration macros.
- Quality considerations

106
include/mbedtls/ssl.h
View file

@ -218,27 +218,27 @@
* mbedtls_ssl_conf_tls13_key_exchange_modes().
*/
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange,
* encompassing both externally agreed PSKs
* as well as resumption PSKs. */
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges,
* including for example ECDHE and DHE
* key exchanges. */
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges,
* using both a PSK and an ephemeral
* key exchange. */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ( 1u << 0 ) /*!< Pure-PSK TLS 1.3 key exchange,
* encompassing both externally agreed PSKs
* as well as resumption PSKs. */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ( 1u << 1 ) /*!< Pure-Ephemeral TLS 1.3 key exchanges,
* including for example ECDHE and DHE
* key exchanges. */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ( 1u << 2 ) /*!< PSK-Ephemeral TLS 1.3 key exchanges,
* using both a PSK and an ephemeral
* key exchange. */
/* Convenience macros for sets of key exchanges. */
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL \
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) /*!< All TLS 1.3 key exchanges */
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL \
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK | \
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All PSK-based TLS 1.3 key exchanges */
#define MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \
( MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL | \
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All ephemeral TLS 1.3 key exchanges */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL \
( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) /*!< All TLS 1.3 key exchanges */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL \
( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All PSK-based TLS 1.3 key exchanges */
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \
( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL | \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) /*!< All ephemeral TLS 1.3 key exchanges */
/*
* Various constants
@ -414,34 +414,34 @@
*/
/* RSASSA-PKCS1-v1_5 algorithms */
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256 0x0401
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA384 0x0501
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA512 0x0601
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 0x0401
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 0x0501
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 0x0601
/* ECDSA algorithms */
#define MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256 0x0403
#define MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384 0x0503
#define MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512 0x0603
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 0x0403
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 0x0503
#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 0x0603
/* RSASSA-PSS algorithms with public key OID rsaEncryption */
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256 0x0804
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA384 0x0805
#define MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA512 0x0806
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 0x0804
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 0x0805
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 0x0806
/* EdDSA algorithms */
#define MBEDTLS_TLS13_SIG_ED25519 0x0807
#define MBEDTLS_TLS13_SIG_ED448 0x0808
#define MBEDTLS_TLS1_3_SIG_ED25519 0x0807
#define MBEDTLS_TLS1_3_SIG_ED448 0x0808
/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA256 0x0809
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA384 0x080A
#define MBEDTLS_TLS13_SIG_RSA_PSS_PSS_SHA512 0x080B
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256 0x0809
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384 0x080A
#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512 0x080B
/* LEGACY ALGORITHMS */
#define MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA1 0x0201
#define MBEDTLS_TLS13_SIG_ECDSA_SHA1 0x0203
#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1 0x0201
#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1 0x0203
#define MBEDTLS_TLS13_SIG_NONE 0x0
#define MBEDTLS_TLS1_3_SIG_NONE 0x0
/*
* Client Certificate Types
@ -1058,7 +1058,7 @@ typedef struct
unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
} mbedtls_ssl_tls1_3_application_secrets;
} mbedtls_ssl_tls13_application_secrets;
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@ -1152,7 +1152,7 @@ struct mbedtls_ssl_session
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
#endif
};
@ -1173,12 +1173,12 @@ typedef enum
{
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
} mbedtls_ssl_key_export_type;
@ -2759,20 +2759,20 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
*
* \param conf The SSL configuration the change should apply to.
* \param kex_modes A bitwise combination of one or more of the following:
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
* This flag enables pure-PSK key exchanges.
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
* This flag enables combined PSK-ephemeral key exchanges.
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
* This flag enables pure-ephemeral key exchanges.
* For convenience, the following pre-defined macros are
* available for combinations of the above:
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
* Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
* Includes both pure-PSK and combined PSK-ephemeral
* key exchanges, but excludes pure-ephemeral key exchanges.
* - MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
* - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
* Includes both pure-ephemeral and combined PSK-ephemeral
* key exchanges.
*
@ -3252,7 +3252,7 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
* \param conf SSL configuration
* \param groups List of allowed groups ordered by preference, terminated by 0.
* Must contain valid IANA NamedGroup IDs (provided via either an integer
* or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
* or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
*/
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
const uint16_t *groups );
@ -3296,9 +3296,9 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
*
* \param conf The SSL configuration to use.
* \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
* terminated by \c MBEDTLS_TLS13_SIG_NONE. The list must remain
* terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
* available throughout the lifetime of the conf object. Supported
* values are available as \c MBEDTLS_TLS13_SIG_XXXX
* values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
*/
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs );

21
library/ecdh.c
View file

@ -731,7 +731,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
size_t *olen, int point_format, unsigned char *buf, size_t blen,
size_t *out_len, int point_format,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -744,20 +745,20 @@ static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
return( ret );
ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
olen, buf, blen );
out_len, buf, buf_len );
if( ret != 0 )
return( ret );
return( 0 );
}
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
{
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( olen != NULL );
ECDH_VALIDATE_RET( out_len != NULL );
ECDH_VALIDATE_RET( buf != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
@ -768,8 +769,8 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format,
buf, blen, f_rng, p_rng ) );
return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
#else
switch( ctx->var )
{
@ -778,9 +779,9 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
ctx->point_format, buf, blen,
f_rng, p_rng ) );
return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh,
out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}

76
library/ssl_misc.h
View file

@ -512,13 +512,13 @@ typedef struct
unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
} mbedtls_ssl_tls1_3_early_secrets;
} mbedtls_ssl_tls13_early_secrets;
typedef struct
{
unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
} mbedtls_ssl_tls1_3_handshake_secrets;
} mbedtls_ssl_tls13_handshake_secrets;
/*
* This structure contains the parameters only needed during handshake.
@ -529,7 +529,7 @@ struct mbedtls_ssl_handshake_params
* Handshake specific crypto variables
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@ -765,9 +765,9 @@ struct mbedtls_ssl_handshake_params
unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE];
unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE];
} tls1_3_master_secrets;
} tls13_master_secrets;
mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@ -1528,31 +1528,31 @@ static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_conte
static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
}
static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
/**
@ -1565,41 +1565,41 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
* \return 0 if at least one of the key exchange modes is supported,
* !=0 otherwise.
*/
static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
int kex_modes_mask )
static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
int kex_modes_mask )
{
return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 );
}
static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
}
static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled(
mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
static inline int mbedtls_ssl_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
static inline int mbedtls_ssl_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
/*
@ -1629,10 +1629,10 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
/*
* Fetch TLS 1.3 handshake message header
*/
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buf_len );
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buf_len );
/*
* Write TLS 1.3 handshake message header
@ -1640,7 +1640,7 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buflen );
size_t *buf_len );
/*
* Handler of TLS 1.3 server certificate message
@ -1666,10 +1666,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
/*
* Update checksum of handshake messages.
*/
void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len );
void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
@ -1678,7 +1678,7 @@ void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen);
size_t *out_len);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

26
library/ssl_tls.c
View file

@ -3574,7 +3574,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
const int kex_modes )
{
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@ -6362,43 +6362,43 @@ static uint16_t ssl_preset_default_sig_algs[] = {
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
/* RSA algorithms */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256,
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
MBEDTLS_TLS13_SIG_NONE
MBEDTLS_TLS1_3_SIG_NONE
};
static uint16_t ssl_preset_suiteb_sig_algs[] = {
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
/* RSA algorithms */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256,
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
MBEDTLS_TLS13_SIG_NONE
MBEDTLS_TLS1_3_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
@ -6495,7 +6495,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
/*
* Allow all TLS 1.3 key exchange modes by default.
*/
conf->tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/*

164
library/ssl_tls13_client.c
View file

@ -47,11 +47,11 @@
static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf;
*olen = 0;
*out_len = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
@ -87,7 +87,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
ssl->conf->max_major_ver,
ssl->conf->max_minor_ver ) );
*olen = 7;
*out_len = 7;
return( 0 );
}
@ -139,11 +139,11 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf;
*olen = 0;
*out_len = 0;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
@ -152,9 +152,9 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( curve_info == NULL )
continue;
if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
@ -165,10 +165,10 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
info->name, *group_list ) );
curve_info->name, *group_list ) );
}
*olen = p - buf;
*out_len = p - buf;
return( 0 );
}
@ -176,12 +176,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
((void) ssl);
((void) buf);
((void) end);
*olen = 0;
*out_len = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_ECDH_C */
@ -189,12 +189,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
((void) ssl);
((void) buf);
((void) end);
*olen = 0;
*out_len = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
@ -202,15 +202,15 @@ static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf ;
unsigned char *named_group_list_ptr; /* Start of named_group_list */
size_t named_group_list_len; /* Length of named_group_list */
unsigned char *named_group_list; /* Start of named_group_list */
size_t named_group_list_len; /* Length of named_group_list */
size_t output_len = 0;
int ret_ecdhe, ret_dhe;
*olen = 0;
*out_len = 0;
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
return( 0 );
@ -218,14 +218,14 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
/* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - named_group_list_length (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
p += 6;
named_group_list_ptr = p;
named_group_list = p;
ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
if( ret_ecdhe != 0 )
{
@ -248,7 +248,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
}
/* Length of named_group_list*/
named_group_list_len = p - named_group_list_ptr;
named_group_list_len = p - named_group_list;
if( named_group_list_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
@ -264,7 +264,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
*olen = p - buf;
*out_len = p - buf;
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
@ -280,7 +280,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
uint16_t named_group,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ecp_curve_info *curve_info =
@ -298,9 +298,9 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange(
return( ret );
}
ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen,
buf, end - buf,
ssl->conf->f_rng, ssl->conf->p_rng );
ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, out_len,
buf, end - buf,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret );
@ -327,9 +327,9 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info != NULL &&
const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( curve_info != NULL &&
mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
{
*group_id = *group_list;
@ -365,15 +365,15 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf;
unsigned char *client_shares_ptr; /* Start of client_shares */
size_t client_shares_len; /* Length of client_shares */
unsigned char *client_shares; /* Start of client_shares */
size_t client_shares_len; /* Length of client_shares */
uint16_t group_id;
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
*olen = 0;
*out_len = 0;
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
return( 0 );
@ -405,12 +405,12 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
* type of KEM, and dispatch to the corresponding crypto. And
* only one key share entry is allowed.
*/
client_shares_ptr = p;
client_shares = p;
#if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{
/* Pointer to group */
unsigned char *group_ptr = p;
unsigned char *group = p;
/* Length of key_exchange */
size_t key_exchange_len;
@ -428,9 +428,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
return( ret );
/* Write group */
MBEDTLS_PUT_UINT16_BE( group_id, group_ptr, 0 );
MBEDTLS_PUT_UINT16_BE( group_id, group, 0 );
/* Write key_exchange_length */
MBEDTLS_PUT_UINT16_BE( key_exchange_len, group_ptr, 2 );
MBEDTLS_PUT_UINT16_BE( key_exchange_len, group, 2 );
}
else
#endif /* MBEDTLS_ECDH_C */
@ -442,7 +442,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/* Length of client_shares */
client_shares_len = p - client_shares_ptr;
client_shares_len = p - client_shares;
if( client_shares_len == 0)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
@ -459,9 +459,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
ssl->handshake->offered_group_id = group_id;
/* Output the total length of key_share extension. */
*olen = p - buf;
*out_len = p - buf;
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len );
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
@ -600,14 +600,14 @@ static int ssl_tls13_write_client_hello_cipher_suites(
mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf;
const int *ciphersuite_list;
unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */
unsigned char *cipher_suites; /* Start of the cipher_suites list */
size_t cipher_suites_len;
*olen = 0 ;
*out_len = 0 ;
/*
* Ciphersuite list
@ -624,7 +624,7 @@ static int ssl_tls13_write_client_hello_cipher_suites(
p += 2;
/* Write cipher_suites */
cipher_suites_ptr = p;
cipher_suites = p;
for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
{
int cipher_suite = ciphersuite_list[i];
@ -648,14 +648,14 @@ static int ssl_tls13_write_client_hello_cipher_suites(
}
/* Write the cipher_suites length in number of bytes */
cipher_suites_len = p - cipher_suites_ptr;
cipher_suites_len = p - cipher_suites;
MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
cipher_suites_len/2 ) );
/* Output the total length of cipher_suites field. */
*olen = p - buf;
*out_len = p - buf;
return( 0 );
}
@ -675,18 +675,18 @@ static int ssl_tls13_write_client_hello_cipher_suites(
static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
int ret;
unsigned char *extensions_len_ptr; /* Pointer to extensions length */
size_t output_len; /* Length of buffer used by function */
size_t extensions_len; /* Length of the list of extensions*/
unsigned char *p_extensions_len; /* Pointer to extensions length */
size_t output_len; /* Length of buffer used by function */
size_t extensions_len; /* Length of the list of extensions*/
/* Buffer management */
unsigned char *p = buf;
*olen = 0;
*out_len = 0;
/* No validation needed here. It has been done by ssl_conf_check() */
ssl->major_ver = ssl->conf->min_major_ver;
@ -749,7 +749,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
/* First write extensions, then the total length */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
extensions_len_ptr = p;
p_extensions_len = p;
p += 2;
/* Write supported_versions extension
@ -809,13 +809,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
/* Add more extensions here */
/* Write the length of the list of extensions. */
extensions_len = p - extensions_len_ptr - 2;
MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 );
extensions_len = p - p_extensions_len - 2;
MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET ,
extensions_len ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p_extensions_len, extensions_len );
*olen = p - buf;
*out_len = p - buf;
return( 0 );
}
@ -1257,17 +1257,17 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
{
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
/* Neither pre_shared_key nor key_share extension was received */
@ -1282,10 +1282,10 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
* TODO: We don't have to do this in case we offered 0-RTT and the
* server accepted it. In this case, we could skip generating
* the early secret. */
ret = mbedtls_ssl_tls1_3_key_schedule_stage_early( ssl );
ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_key_schedule_stage_early_data",
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early_data",
ret );
goto cleanup;
}
@ -1294,7 +1294,7 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret );
goto cleanup;
}
@ -1355,7 +1355,7 @@ cleanup:
* Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
@ -1381,9 +1381,9 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
buf + buf_len ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
MBEDTLS_SSL_HS_SERVER_HELLO,
buf, buf_len );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
MBEDTLS_SSL_HS_SERVER_HELLO,
buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
}
@ -1432,7 +1432,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
&buf, &buf_len ) );
@ -1440,7 +1440,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
mbedtls_ssl_tls13_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
@ -1530,7 +1530,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
@ -1573,7 +1573,7 @@ static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
{
int ret;
@ -1588,7 +1588,7 @@ static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret;
@ -1603,7 +1603,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
{
int ret;
@ -1634,7 +1634,7 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
@ -1644,7 +1644,7 @@ static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) );
mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application );
@ -1662,7 +1662,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 client state: %d", ssl->state ) );
switch( ssl->state )
{
@ -1676,7 +1676,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;
case MBEDTLS_SSL_SERVER_HELLO:
ret = ssl_tls1_3_process_server_hello( ssl );
ret = ssl_tls13_process_server_hello( ssl );
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
@ -1689,16 +1689,16 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
ret = ssl_tls1_3_process_server_certificate( ssl );
ret = ssl_tls13_process_server_certificate( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
ret = ssl_tls1_3_process_certificate_verify( ssl );
ret = ssl_tls13_process_certificate_verify( ssl );
break;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
case MBEDTLS_SSL_SERVER_FINISHED:
ret = ssl_tls1_3_process_server_finished( ssl );
ret = ssl_tls13_process_server_finished( ssl );
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
@ -1706,11 +1706,11 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;
case MBEDTLS_SSL_FLUSH_BUFFERS:
ret = ssl_tls1_3_flush_buffers( ssl );
ret = ssl_tls13_flush_buffers( ssl );
break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
ret = ssl_tls1_3_handshake_wrapup( ssl );
ret = ssl_tls13_handshake_wrapup( ssl );
break;
default:

94
library/ssl_tls13_generic.c
View file

@ -35,10 +35,10 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buflen )
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buf_len )
{
int ret;
@ -65,8 +65,8 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
* uint24 length;
* ...
*/
*buf = ssl->in_msg + 4;
*buflen = ssl->in_hslen - 4;
*buf = ssl->in_msg + 4;
*buf_len = ssl->in_hslen - 4;
cleanup:
@ -99,22 +99,22 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t msg_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msg_len_with_header;
size_t msg_with_header_len;
((void) buf_len);
/* Add reserved 4 bytes for handshake header */
msg_len_with_header = msg_len + 4;
ssl->out_msglen = msg_len_with_header;
msg_with_header_len = msg_len + 4;
ssl->out_msglen = msg_with_header_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) );
cleanup:
return( ret );
}
void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len )
void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len )
{
mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
ssl->handshake->update_checksum( ssl, msg, msg_len );
@ -157,13 +157,13 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
unsigned char *p = buf;
unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */
size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
*olen = 0;
*out_len = 0;
/* Skip the extension on the client if all allowed key exchanges
* are PSK-based. */
@ -188,9 +188,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
/*
* Write supported_signature_algorithms
*/
supported_sig_alg_ptr = p;
supported_sig_alg = p;
for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
*sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
@ -199,7 +199,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
}
/* Length of supported_signature_algorithms */
supported_sig_alg_len = p - supported_sig_alg_ptr;
supported_sig_alg_len = p - supported_sig_alg;
if( supported_sig_alg_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
@ -214,7 +214,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
/* Output the total length of signature algorithms extension. */
*olen = p - buf;
*out_len = p - buf;
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
return( 0 );
@ -298,7 +298,7 @@ static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
{
const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
for( ; *tls13_sig_alg != MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
for( ; *tls13_sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; tls13_sig_alg++ )
{
if( *tls13_sig_alg == sig_alg )
return( 1 );
@ -321,9 +321,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
size_t verify_hash_len;
void const *opts_ptr = NULL;
void const *options = NULL;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_pk_rsassa_pss_options opts;
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
/*
@ -362,20 +362,20 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
/* We currently only support ECDSA-based signatures */
switch( algorithm )
{
case MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256:
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_ECDSA;
break;
case MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384:
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
md_alg = MBEDTLS_MD_SHA384;
sig_alg = MBEDTLS_PK_ECDSA;
break;
case MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512:
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
md_alg = MBEDTLS_MD_SHA512;
sig_alg = MBEDTLS_PK_ECDSA;
break;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
case MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256:
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) );
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_RSASSA_PSS;
@ -443,17 +443,17 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
if( sig_alg == MBEDTLS_PK_RSASSA_PSS )
{
const mbedtls_md_info_t* md_info;
opts.mgf1_hash_id = md_alg;
rsassa_pss_options.mgf1_hash_id = md_alg;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
opts.expected_salt_len = mbedtls_md_get_size( md_info );
opts_ptr = (const void*) &opts;
rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info );
options = (const void*) &rsassa_pss_options;
}
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
if( ( ret = mbedtls_pk_verify_ext( sig_alg, opts_ptr,
if( ( ret = mbedtls_pk_verify_ext( sig_alg, options,
&ssl->session_negotiate->peer_cert->pk,
md_alg, verify_hash, verify_hash_len,
p, signature_len ) ) == 0 )
@ -490,7 +490,7 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
MBEDTLS_SSL_PROC_CHK(
mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
/* Need to calculate the hash of the transcript first
@ -524,7 +524,7 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
buf + buf_len, verify_buffer, verify_buffer_len ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
cleanup:
@ -850,7 +850,7 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
unsigned char *buf;
size_t buf_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
ssl, MBEDTLS_SSL_HS_CERTIFICATE,
&buf, &buf_len ) );
@ -859,8 +859,8 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
buf, buf_len );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
buf, buf_len );
cleanup:
@ -1020,19 +1020,19 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
size_t buflen;
size_t buf_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) );
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED,
&buf, &buflen ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
&buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
cleanup:
@ -1081,7 +1081,7 @@ static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl )
static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
size_t *out_len )
{
size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
/*
@ -1094,7 +1094,7 @@ static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
memcpy( buf, ssl->handshake->state_local.finished_out.digest,
verify_data_len );
*olen = verify_data_len;
*out_len = verify_data_len;
return( 0 );
}
@ -1115,8 +1115,8 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
buf, msg_len );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,

327
library/ssl_tls13_keys.c
View file

@ -34,7 +34,7 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string,
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
{
/* This seems to work in C, despite the string literal being one
* character too long due to the 0-termination. */
@ -61,24 +61,24 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
* 255 Bytes, so we require `desired_length` to be at most
* 255. This allows us to save a few Bytes of code by
* hardcoding the writing of the high bytes.
* - (label, llen): label + label length, without "tls13 " prefix
* The label length MUST be less than or equal to
* MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN
* It is the caller's responsibility to ensure this.
* All (label, label length) pairs used in TLS 1.3
* can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN().
* - (ctx, clen): context + context length
* The context length MUST be less than or equal to
* MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN
* It is the caller's responsibility to ensure this.
* - (label, label_len): label + label length, without "tls13 " prefix
* The label length MUST be less than or equal to
* MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN
* It is the caller's responsibility to ensure this.
* All (label, label length) pairs used in TLS 1.3
* can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN().
* - (ctx, ctx_len): context + context length
* The context length MUST be less than or equal to
* MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN
* It is the caller's responsibility to ensure this.
* - dst: Target buffer for HkdfLabel structure,
* This MUST be a writable buffer of size
* at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes.
* - dlen: Pointer at which to store the actual length of
* the HkdfLabel structure on success.
* - dst_len: Pointer at which to store the actual length of
* the HkdfLabel structure on success.
*/
static const char tls1_3_label_prefix[6] = "tls13 ";
static const char tls13_label_prefix[6] = "tls13 ";
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
( 2 /* expansion length */ \
@ -89,20 +89,20 @@ static const char tls1_3_label_prefix[6] = "tls13 ";
#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \
sizeof(tls1_3_label_prefix) + \
sizeof(tls13_label_prefix) + \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
static void ssl_tls1_3_hkdf_encode_label(
static void ssl_tls13_hkdf_encode_label(
size_t desired_length,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *dst, size_t *dlen )
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
unsigned char *dst, size_t *dst_len )
{
size_t total_label_len =
sizeof(tls1_3_label_prefix) + llen;
sizeof(tls13_label_prefix) + label_len;
size_t total_hkdf_lbl_len =
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen );
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, ctx_len );
unsigned char *p = dst;
@ -110,7 +110,7 @@ static void ssl_tls1_3_hkdf_encode_label(
* We're hardcoding the high byte to 0 here assuming that we never use
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
#endif
@ -119,32 +119,32 @@ static void ssl_tls1_3_hkdf_encode_label(
/* Add label incl. prefix */
*p++ = MBEDTLS_BYTE_0( total_label_len );
memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
p += sizeof(tls1_3_label_prefix);
memcpy( p, label, llen );
p += llen;
memcpy( p, tls13_label_prefix, sizeof(tls13_label_prefix) );
p += sizeof(tls13_label_prefix);
memcpy( p, label, label_len );
p += label_len;
/* Add context value */
*p++ = MBEDTLS_BYTE_0( clen );
if( clen != 0 )
memcpy( p, ctx, clen );
*p++ = MBEDTLS_BYTE_0( ctx_len );
if( ctx_len != 0 )
memcpy( p, ctx, ctx_len );
/* Return total length to the caller. */
*dlen = total_hkdf_lbl_len;
*dst_len = total_hkdf_lbl_len;
}
int mbedtls_ssl_tls1_3_hkdf_expand_label(
int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *buf, size_t blen )
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
unsigned char *buf, size_t buf_len )
{
const mbedtls_md_info_t *md;
const mbedtls_md_info_t *md_info;
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{
/* Should never happen since this is an internal
* function, and we know statically which labels
@ -152,32 +152,32 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label(
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
if( ctx_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
{
/* Should not happen, as above. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN )
if( buf_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN )
{
/* Should not happen, as above. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl_tls1_3_hkdf_encode_label( blen,
label, llen,
ctx, clen,
hkdf_label,
&hkdf_label_len );
ssl_tls13_hkdf_encode_label( buf_len,
label, label_len,
ctx, ctx_len,
hkdf_label,
&hkdf_label_len );
return( mbedtls_hkdf_expand( md,
secret, slen,
return( mbedtls_hkdf_expand( md_info,
secret, secret_len,
hkdf_label, hkdf_label_len,
buf, blen ) );
buf, buf_len ) );
}
/*
@ -196,41 +196,41 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label(
* by the function caller. Note that we generate server and client side
* keys in a single function call.
*/
int mbedtls_ssl_tls1_3_make_traffic_keys(
int mbedtls_ssl_tls13_make_traffic_keys(
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
size_t slen, size_t key_len, size_t iv_len,
const unsigned char *server_secret, size_t secret_len,
size_t key_len, size_t iv_len,
mbedtls_ssl_key_set *keys )
{
int ret = 0;
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
client_secret, slen,
ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
client_secret, secret_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
keys->client_write_key, key_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
server_secret, slen,
ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
server_secret, secret_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
keys->server_write_key, key_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
client_secret, slen,
ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
client_secret, secret_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
keys->client_write_iv, iv_len );
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
server_secret, slen,
ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
server_secret, secret_len,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
keys->server_write_iv, iv_len );
@ -243,32 +243,32 @@ int mbedtls_ssl_tls1_3_make_traffic_keys(
return( 0 );
}
int mbedtls_ssl_tls1_3_derive_secret(
int mbedtls_ssl_tls13_derive_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
int ctx_hashed,
unsigned char *dstbuf, size_t buflen )
unsigned char *dstbuf, size_t dstbuf_len )
{
int ret;
unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ];
const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED )
{
ret = mbedtls_md( md, ctx, clen, hashed_context );
ret = mbedtls_md( md_info, ctx, ctx_len, hashed_context );
if( ret != 0 )
return( ret );
clen = mbedtls_md_get_size( md );
ctx_len = mbedtls_md_get_size( md_info );
}
else
{
if( clen > sizeof(hashed_context) )
if( ctx_len > sizeof(hashed_context) )
{
/* This should never happen since this function is internal
* and the code sets `ctx_hashed` correctly.
@ -277,17 +277,17 @@ int mbedtls_ssl_tls1_3_derive_secret(
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
memcpy( hashed_context, ctx, clen );
memcpy( hashed_context, ctx, ctx_len );
}
return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
secret, slen,
label, llen,
hashed_context, clen,
dstbuf, buflen ) );
return( mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
secret, secret_len,
label, label_len,
hashed_context, ctx_len,
dstbuf, dstbuf_len ) );
}
int mbedtls_ssl_tls1_3_evolve_secret(
int mbedtls_ssl_tls13_evolve_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
@ -298,18 +298,18 @@ int mbedtls_ssl_tls1_3_evolve_secret(
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 };
const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg );
if( md == NULL )
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( hash_alg );
if( md_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md );
hlen = mbedtls_md_get_size( md_info );
/* For non-initial runs, call Derive-Secret( ., "derived", "")
* on the old secret. */
if( secret_old != NULL )
{
ret = mbedtls_ssl_tls1_3_derive_secret(
ret = mbedtls_ssl_tls13_derive_secret(
hash_alg,
secret_old, hlen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ),
@ -333,7 +333,7 @@ int mbedtls_ssl_tls1_3_evolve_secret(
/* HKDF-Extract takes a salt and input key material.
* The salt is the old secret, and the input key material
* is the input secret (PSK / ECDHE). */
ret = mbedtls_hkdf_extract( md,
ret = mbedtls_hkdf_extract( md_info,
tmp_secret, hlen,
tmp_input, ilen,
secret_new );
@ -349,11 +349,11 @@ int mbedtls_ssl_tls1_3_evolve_secret(
return( ret );
}
int mbedtls_ssl_tls1_3_derive_early_secrets(
int mbedtls_ssl_tls13_derive_early_secrets(
mbedtls_md_type_t md_type,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_early_secrets *derived )
mbedtls_ssl_tls13_early_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@ -379,7 +379,7 @@ int mbedtls_ssl_tls1_3_derive_early_secrets(
*/
/* Create client_early_traffic_secret */
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
transcript, transcript_len,
@ -390,7 +390,7 @@ int mbedtls_ssl_tls1_3_derive_early_secrets(
return( ret );
/* Create early exporter */
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
transcript, transcript_len,
@ -403,11 +403,11 @@ int mbedtls_ssl_tls1_3_derive_early_secrets(
return( 0 );
}
int mbedtls_ssl_tls1_3_derive_handshake_secrets(
int mbedtls_ssl_tls13_derive_handshake_secrets(
mbedtls_md_type_t md_type,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_handshake_secrets *derived )
mbedtls_ssl_tls13_handshake_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@ -437,7 +437,7 @@ int mbedtls_ssl_tls1_3_derive_handshake_secrets(
* Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
*/
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
handshake_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
transcript, transcript_len,
@ -452,7 +452,7 @@ int mbedtls_ssl_tls1_3_derive_handshake_secrets(
* Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
*/
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
handshake_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
transcript, transcript_len,
@ -465,11 +465,11 @@ int mbedtls_ssl_tls1_3_derive_handshake_secrets(
return( 0 );
}
int mbedtls_ssl_tls1_3_derive_application_secrets(
int mbedtls_ssl_tls13_derive_application_secrets(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_application_secrets *derived )
mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@ -498,7 +498,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
*
*/
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
transcript, transcript_len,
@ -508,7 +508,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
transcript, transcript_len,
@ -518,7 +518,7 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
if( ret != 0 )
return( ret );
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
transcript, transcript_len,
@ -533,13 +533,13 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
/* Generate resumption_master_secret for use with the ticket exchange.
*
* This is not integrated with mbedtls_ssl_tls1_3_derive_application_secrets()
* This is not integrated with mbedtls_ssl_tls13_derive_application_secrets()
* because it uses the transcript hash up to and including ClientFinished. */
int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
int mbedtls_ssl_tls13_derive_resumption_master_secret(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_application_secrets *derived )
mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@ -550,7 +550,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
if( md_info == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
transcript, transcript_len,
@ -577,26 +577,26 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
/*
* Compute MasterSecret
*/
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
handshake->tls1_3_master_secrets.handshake,
ret = mbedtls_ssl_tls13_evolve_secret( md_type,
handshake->tls13_master_secrets.handshake,
NULL, 0,
handshake->tls1_3_master_secrets.app );
handshake->tls13_master_secrets.app );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
handshake->tls1_3_master_secrets.app, md_size );
handshake->tls13_master_secrets.app, md_size );
return( 0 );
}
static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
unsigned char const *base_key,
unsigned char const *transcript,
unsigned char *dst )
static int ssl_tls13_calc_finished_core( mbedtls_md_type_t md_type,
unsigned char const *base_key,
unsigned char const *transcript,
unsigned char *dst )
{
const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md_info );
@ -625,7 +625,7 @@ static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
* HKDF-Expand-Label( BaseKey, "finished", "", Hash.length )
*/
ret = mbedtls_ssl_tls1_3_hkdf_expand_label(
ret = mbedtls_ssl_tls13_hkdf_expand_label(
md_type, base_key, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
NULL, 0,
@ -657,8 +657,9 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
unsigned char const *base_key = NULL;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md );
const mbedtls_md_info_t* const md_info =
mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md_info );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
@ -680,7 +681,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
else
base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
if( ret != 0 )
goto exit;
*actual_len = md_size;
@ -694,7 +695,7 @@ exit:
return( ret );
}
int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
int psk_type,
@ -728,19 +729,19 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
* v
*/
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
NULL, /* Old secret */
psk, psk_len, /* Input */
early_secret );
ret = mbedtls_ssl_tls13_evolve_secret( md_type,
NULL, /* Old secret */
psk, psk_len, /* Input */
early_secret );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
goto exit;
}
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
@ -749,7 +750,7 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
}
else
{
ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
@ -759,7 +760,7 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_secret", ret );
goto exit;
}
@ -768,7 +769,7 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
* but with the BaseKey being the binder_key.
*/
ret = ssl_tls1_3_calc_finished_core( md_type, binder_key, transcript, result );
ret = ssl_tls13_calc_finished_core( md_type, binder_key, transcript, result );
if( ret != 0 )
goto exit;
@ -902,7 +903,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
return( 0 );
}
int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_type;
@ -916,11 +917,11 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
md_type = handshake->ciphersuite_info->mac;
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, NULL, 0,
handshake->tls1_3_master_secrets.early );
ret = mbedtls_ssl_tls13_evolve_secret( md_type, NULL, NULL, 0,
handshake->tls13_master_secrets.early );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
@ -942,17 +943,17 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
size_t transcript_len;
mbedtls_cipher_info_t const *cipher_info;
size_t keylen, ivlen;
size_t key_len, iv_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
keylen = cipher_info->key_bitlen >> 3;
ivlen = cipher_info->iv_size;
key_len = cipher_info->key_bitlen >> 3;
iv_len = cipher_info->iv_size;
md_type = ciphersuite_info->mac;
md_info = mbedtls_md_info_from_type( md_type );
@ -970,12 +971,12 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
return( ret );
}
ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
handshake->tls1_3_master_secrets.handshake,
ret = mbedtls_ssl_tls13_derive_handshake_secrets( md_type,
handshake->tls13_master_secrets.handshake,
transcript, transcript_len, tls13_hs_secrets );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_handshake_secrets",
ret );
return( ret );
}
@ -993,7 +994,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
if( ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->client_handshake_traffic_secret,
md_size,
handshake->randbytes + 32,
@ -1001,7 +1002,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->server_handshake_traffic_secret,
md_size,
handshake->randbytes + 32,
@ -1009,13 +1010,13 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
}
ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
tls13_hs_secrets->client_handshake_traffic_secret,
tls13_hs_secrets->server_handshake_traffic_secret,
md_size, keylen, ivlen, traffic_keys );
md_size, key_len, iv_len, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
goto exit;
}
@ -1060,7 +1061,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
* client_handshake_traffic_secret and server_handshake_traffic_secret
* are derived in the handshake secret derivation stage.
*/
if( mbedtls_ssl_tls1_3_ephemeral_enabled( ssl ) )
if( mbedtls_ssl_tls13_ephemeral_enabled( ssl ) )
{
if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
{
@ -1089,18 +1090,18 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
/*
* Compute the Handshake Secret
*/
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
handshake->tls1_3_master_secrets.early,
ecdhe, ephemeral_len,
handshake->tls1_3_master_secrets.handshake );
ret = mbedtls_ssl_tls13_evolve_secret( md_type,
handshake->tls13_master_secrets.early,
ecdhe, ephemeral_len,
handshake->tls13_master_secrets.handshake );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
handshake->tls1_3_master_secrets.handshake, md_size );
handshake->tls13_master_secrets.handshake, md_size );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) );
@ -1119,7 +1120,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* Address at which to store the application secrets */
mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
mbedtls_ssl_tls13_application_secrets * const app_secrets =
&ssl->session_negotiate->app_secrets;
/* Holding the transcript up to and including the ServerFinished */
@ -1133,7 +1134,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
/* Variables relating to the cipher for the chosen ciphersuite. */
mbedtls_cipher_info_t const *cipher_info;
size_t keylen, ivlen;
size_t key_len, iv_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
@ -1141,8 +1142,8 @@ int mbedtls_ssl_tls13_generate_application_keys(
cipher_info = mbedtls_cipher_info_from_type(
handshake->ciphersuite_info->cipher );
keylen = cipher_info->key_bitlen / 8;
ivlen = cipher_info->iv_size;
key_len = cipher_info->key_bitlen / 8;
iv_len = cipher_info->iv_size;
md_type = handshake->ciphersuite_info->mac;
md_info = mbedtls_md_info_from_type( md_type );
@ -1159,26 +1160,26 @@ int mbedtls_ssl_tls13_generate_application_keys(
/* Compute application secrets from master secret and transcript hash. */
ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
handshake->tls1_3_master_secrets.app,
ret = mbedtls_ssl_tls13_derive_application_secrets( md_type,
handshake->tls13_master_secrets.app,
transcript, transcript_len,
app_secrets );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_tls1_3_derive_application_secrets", ret );
"mbedtls_ssl_tls13_derive_application_secrets", ret );
goto cleanup;
}
/* Derive first epoch of IV + Key for application traffic. */
ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
app_secrets->client_application_traffic_secret_N,
app_secrets->server_application_traffic_secret_N,
md_size, keylen, ivlen, traffic_keys );
md_size, key_len, iv_len, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
goto cleanup;
}
@ -1196,7 +1197,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
if( ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
app_secrets->client_application_traffic_secret_N, md_size,
handshake->randbytes + 32,
handshake->randbytes,
@ -1204,7 +1205,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
a new constant for TLS 1.3! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
app_secrets->server_application_traffic_secret_N, md_size,
handshake->randbytes + 32,
handshake->randbytes,
@ -1213,13 +1214,13 @@ int mbedtls_ssl_tls13_generate_application_keys(
}
MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
traffic_keys->client_write_key, keylen );
traffic_keys->client_write_key, key_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",
traffic_keys->server_write_key, keylen );
traffic_keys->server_write_key, key_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV",
traffic_keys->client_write_iv, ivlen );
traffic_keys->client_write_iv, iv_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV",
traffic_keys->server_write_iv, ivlen );
traffic_keys->server_write_iv, iv_len );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );

148
library/ssl_tls13_keys.h
View file

@ -20,7 +20,7 @@
#define MBEDTLS_SSL_TLS1_3_KEYS_H
/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
* the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union
* below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
@ -47,27 +47,27 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
const unsigned char name [ sizeof(string) - 1 ];
union mbedtls_ssl_tls1_3_labels_union
union mbedtls_ssl_tls13_labels_union
{
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
struct mbedtls_ssl_tls1_3_labels_struct
struct mbedtls_ssl_tls13_labels_struct
{
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
#undef MBEDTLS_SSL_TLS1_3_LABEL
extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL ) \
sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
sizeof(mbedtls_ssl_tls13_labels.LABEL)
#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \
mbedtls_ssl_tls1_3_labels.LABEL, \
mbedtls_ssl_tls13_labels.LABEL, \
MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
sizeof( union mbedtls_ssl_tls1_3_labels_union )
sizeof( union mbedtls_ssl_tls13_labels_union )
/* The maximum length of HKDF contexts used in the TLS 1.3 standard.
* Since contexts are always hashes of message transcripts, this can
@ -79,44 +79,46 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
* by HKDF-Expand-Label.
*
* Warning: If this ever needs to be increased, the implementation
* ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be
* ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be
* adjusted since it currently assumes that HKDF key expansion
* is never used with more than 255 Bytes of output. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
/**
* \brief The \c HKDF-Expand-Label function from
* the TLS 1.3 standard RFC 8446.
* \brief The \c HKDF-Expand-Label function from
* the TLS 1.3 standard RFC 8446.
*
* <tt>
* HKDF-Expand-Label( Secret, Label, Context, Length ) =
* HKDF-Expand-Label( Secret, Label, Context, Length ) =
* HKDF-Expand( Secret, HkdfLabel, Length )
* </tt>
*
* \param hash_alg The identifier for the hash algorithm to use.
* \param secret The \c Secret argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length \p slen Bytes.
* \param slen The length of \p secret in Bytes.
* \param label The \c Label argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length \p llen Bytes.
* \param llen The length of \p label in Bytes.
* \param ctx The \c Context argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length \p clen Bytes.
* \param clen The length of \p context in Bytes.
* \param buf The destination buffer to hold the expanded secret.
* This must be a writable buffer of length \p blen Bytes.
* \param blen The desired size of the expanded secret in Bytes.
* \param hash_alg The identifier for the hash algorithm to use.
* \param secret The \c Secret argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length
* \p secret_len Bytes.
* \param secret_len The length of \p secret in Bytes.
* \param label The \c Label argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length
* \p label_len Bytes.
* \param label_len The length of \p label in Bytes.
* \param ctx The \c Context argument to \c HKDF-Expand-Label.
* This must be a readable buffer of length \p ctx_len Bytes.
* \param ctx_len The length of \p context in Bytes.
* \param buf The destination buffer to hold the expanded secret.
* This must be a writable buffer of length \p buf_len Bytes.
* \param buf_len The desired size of the expanded secret in Bytes.
*
* \returns \c 0 on success.
* \return A negative error code on failure.
* \returns \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_hkdf_expand_label(
int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
unsigned char *buf, size_t blen );
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
unsigned char *buf, size_t buf_len );
/**
* \brief This function is part of the TLS 1.3 key schedule.
@ -133,10 +135,12 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label(
* \param hash_alg The identifier for the hash algorithm to be used
* for the HKDF-based expansion of the secret.
* \param client_secret The client traffic secret.
* This must be a readable buffer of size \p slen Bytes
* This must be a readable buffer of size
* \p secret_len Bytes
* \param server_secret The server traffic secret.
* This must be a readable buffer of size \p slen Bytes
* \param slen Length of the secrets \p client_secret and
* This must be a readable buffer of size
* \p secret_len Bytes
* \param secret_len Length of the secrets \p client_secret and
* \p server_secret in Bytes.
* \param key_len The desired length of the key to be extracted in Bytes.
* \param iv_len The desired length of the IV to be extracted in Bytes.
@ -147,11 +151,11 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label(
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_make_traffic_keys(
int mbedtls_ssl_tls13_make_traffic_keys(
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
size_t slen, size_t key_len, size_t iv_len,
const unsigned char *server_secret, size_t secret_len,
size_t key_len, size_t iv_len,
mbedtls_ssl_key_set *keys );
@ -171,15 +175,17 @@ int mbedtls_ssl_tls1_3_make_traffic_keys(
* \param hash_alg The identifier for the hash function used for the
* applications of HKDF.
* \param secret The \c Secret argument to the \c Derive-Secret function.
* This must be a readable buffer of length \p slen Bytes.
* \param slen The length of \p secret in Bytes.
* This must be a readable buffer of length
* \p secret_len Bytes.
* \param secret_len The length of \p secret in Bytes.
* \param label The \c Label argument to the \c Derive-Secret function.
* This must be a readable buffer of length \p llen Bytes.
* \param llen The length of \p label in Bytes.
* This must be a readable buffer of length
* \p label_len Bytes.
* \param label_len The length of \p label in Bytes.
* \param ctx The hash of the \c Messages argument to the
* \c Derive-Secret function, or the \c Messages argument
* itself, depending on \p context_already_hashed.
* \param clen The length of \p hash.
* itself, depending on \p ctx_hashed.
* \param ctx_len The length of \p ctx in Bytes.
* \param ctx_hashed This indicates whether the \p ctx contains the hash of
* the \c Messages argument in the application of the
* \c Derive-Secret function
@ -189,24 +195,24 @@ int mbedtls_ssl_tls1_3_make_traffic_keys(
* (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED).
* \param dstbuf The target buffer to write the output of
* \c Derive-Secret to. This must be a writable buffer of
* size \p buflen Bytes.
* \param buflen The length of \p dstbuf in Bytes.
* size \p dtsbuf_len Bytes.
* \param dstbuf_len The length of \p dstbuf in Bytes.
*
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_secret(
int mbedtls_ssl_tls13_derive_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
const unsigned char *secret, size_t secret_len,
const unsigned char *label, size_t label_len,
const unsigned char *ctx, size_t ctx_len,
int ctx_hashed,
unsigned char *dstbuf, size_t buflen );
unsigned char *dstbuf, size_t dstbuf_len );
/**
* \brief Derive TLS 1.3 early data key material from early secret.
*
* This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
* This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels.
*
* <tt>
@ -223,11 +229,11 @@ int mbedtls_ssl_tls1_3_derive_secret(
*
* \note To obtain the actual key and IV for the early data traffic,
* the client secret derived by this function need to be
* further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
* further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \note The binder key, which is also generated from the early secret,
* is omitted here. Its calculation is part of the separate routine
* mbedtls_ssl_tls1_3_create_psk_binder().
* mbedtls_ssl_tls13_create_psk_binder().
*
* \param md_type The hash algorithm associated with the PSK for which
* early data key material is being derived.
@ -245,16 +251,16 @@ int mbedtls_ssl_tls1_3_derive_secret(
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_early_secrets(
int mbedtls_ssl_tls13_derive_early_secrets(
mbedtls_md_type_t md_type,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_early_secrets *derived );
mbedtls_ssl_tls13_early_secrets *derived );
/**
* \brief Derive TLS 1.3 handshake key material from the handshake secret.
*
* This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
* This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* <tt>
@ -272,7 +278,7 @@ int mbedtls_ssl_tls1_3_derive_early_secrets(
*
* \note To obtain the actual key and IV for the encrypted handshake traffic,
* the client and server secret derived by this function need to be
* further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
* further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \param md_type The hash algorithm associated with the ciphersuite
* that's being used for the connection.
@ -290,16 +296,16 @@ int mbedtls_ssl_tls1_3_derive_early_secrets(
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_handshake_secrets(
int mbedtls_ssl_tls13_derive_handshake_secrets(
mbedtls_md_type_t md_type,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_handshake_secrets *derived );
mbedtls_ssl_tls13_handshake_secrets *derived );
/**
* \brief Derive TLS 1.3 application key material from the master secret.
*
* This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
* This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* <tt>
@ -321,7 +327,7 @@ int mbedtls_ssl_tls1_3_derive_handshake_secrets(
*
* \note To obtain the actual key and IV for the (0-th) application traffic,
* the client and server secret derived by this function need to be
* further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
* further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \param md_type The hash algorithm associated with the ciphersuite
* that's being used for the connection.
@ -340,16 +346,16 @@ int mbedtls_ssl_tls1_3_derive_handshake_secrets(
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_application_secrets(
int mbedtls_ssl_tls13_derive_application_secrets(
mbedtls_md_type_t md_type,
unsigned char const *master_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_application_secrets *derived );
mbedtls_ssl_tls13_application_secrets *derived );
/**
* \brief Derive TLS 1.3 resumption master secret from the master secret.
*
* This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
* This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* \param md_type The hash algorithm used in the application for which
@ -370,11 +376,11 @@ int mbedtls_ssl_tls1_3_derive_application_secrets(
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
int mbedtls_ssl_tls13_derive_resumption_master_secret(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
mbedtls_ssl_tls1_3_application_secrets *derived );
mbedtls_ssl_tls13_application_secrets *derived );
/**
* \brief Compute the next secret in the TLS 1.3 key schedule
@ -406,7 +412,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
*
* Each of the three secrets in turn is the basis for further
* key derivations, such as the derivation of traffic keys and IVs;
* see e.g. mbedtls_ssl_tls1_3_make_traffic_keys().
* see e.g. mbedtls_ssl_tls13_make_traffic_keys().
*
* This function implements one step in this evolution of secrets:
*
@ -443,7 +449,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_evolve_secret(
int mbedtls_ssl_tls13_evolve_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
@ -475,7 +481,7 @@ int mbedtls_ssl_tls1_3_evolve_secret(
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
int psk_type,
@ -520,7 +526,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
*
* Early -> Handshake -> Application
*
* Small wrappers around mbedtls_ssl_tls1_3_evolve_secret().
* Small wrappers around mbedtls_ssl_tls13_evolve_secret().
*/
/**
@ -535,7 +541,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
/**
* \brief Transition into handshake stage of TLS 1.3 key schedule.

2
library/ssl_tls13_server.c
View file

@ -30,7 +30,7 @@
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
{
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}

64
programs/ssl/ssl_client2.c
View file

@ -69,7 +69,7 @@ int main( void )
#define DFL_ECJPAKE_PW NULL
#define DFL_EC_MAX_OPS -1
#define DFL_FORCE_CIPHER 0
#define DFL_TLS13_KEX_MODES MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
@ -344,11 +344,11 @@ int main( void )
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define USAGE_TLS13_KEY_EXCHANGE_MODES \
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
#else
#define USAGE_TLS13_KEY_EXCHANGE_MODES ""
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* USAGE is arbitrarily split to stay under the portable string literal
@ -409,25 +409,25 @@ int main( void )
USAGE_ETM \
USAGE_REPRODUCIBLE \
USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_SIG_ALGS \
USAGE_DHMLEN \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#define TLS1_3_VERSION_OPTIONS ", tls13"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define USAGE4 \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" min_version=%%s default: (library default: tls12)\n" \
" max_version=%%s default: (library default: tls12)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
" options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
"\n\n" \
" force_ciphersuite=<name> default: all enabled\n" \
USAGE_TLS13_KEY_EXCHANGE_MODES \
USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
@ -841,7 +841,7 @@ int main( int argc, char *argv[] )
opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
opt.tls13_kex_modes = DFL_TLS13_KEX_MODES;
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
@ -1112,27 +1112,27 @@ int main( int argc, char *argv[] )
else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{
if( strcmp( q, "psk" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
else if( strcmp(q, "psk_ephemeral" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
else if( strcmp(q, "ephemeral" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
else if( strcmp(q, "ephemeral_all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
else if( strcmp( q, "psk_all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
else if( strcmp( q, "all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
else goto usage;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
@ -1140,11 +1140,11 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "max_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
@ -1161,19 +1161,19 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
}
else if( strcmp( q, "dtls1_2" ) == 0 )
else if( strcmp( q, "dtls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
@ -1511,7 +1511,7 @@ int main( int argc, char *argv[] )
p = (char *) opt.sig_algs;
i = 0;
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
/* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
{
q = p;
@ -1524,23 +1524,23 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
}
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
}
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
}
else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
}
else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
}
else
{
@ -1563,7 +1563,7 @@ int main( int argc, char *argv[] )
goto exit;
}
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

58
programs/ssl/ssl_server2.c
View file

@ -100,7 +100,7 @@ int main( void )
#define DFL_ECJPAKE_PW NULL
#define DFL_PSK_LIST NULL
#define DFL_FORCE_CIPHER 0
#define DFL_TLS13_KEX_MODES MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL
#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
@ -449,11 +449,11 @@ int main( void )
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define USAGE_TLS13_KEY_EXCHANGE_MODES \
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
" options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
#else
#define USAGE_TLS13_KEY_EXCHANGE_MODES ""
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@ -514,7 +514,7 @@ int main( void )
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
#define TLS1_3_VERSION_OPTIONS ", tls1_3"
#define TLS1_3_VERSION_OPTIONS ", tls13"
#else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#define TLS1_3_VERSION_OPTIONS ""
#endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@ -523,13 +523,13 @@ int main( void )
USAGE_SSL_ASYNC \
USAGE_SNI \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1_2)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" min_version=%%s default: (library default: tls12)\n" \
" max_version=%%s default: (library default: tls12)\n" \
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
" options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
"\n\n" \
" force_ciphersuite=<name> default: all enabled\n" \
USAGE_TLS13_KEY_EXCHANGE_MODES \
USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
@ -1522,7 +1522,7 @@ int main( int argc, char *argv[] )
opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
opt.tls13_kex_modes = DFL_TLS13_KEX_MODES;
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
@ -1775,28 +1775,28 @@ int main( int argc, char *argv[] )
else if( strcmp( p, "tls13_kex_modes" ) == 0 )
{
if( strcmp( q, "psk" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
else if( strcmp(q, "psk_ephemeral" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
else if( strcmp(q, "ephemeral" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
else if( strcmp(q, "ephemeral_all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
else if( strcmp( q, "psk_all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
else if( strcmp( q, "all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
else goto usage;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else if( strcmp( p, "min_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
@ -1804,11 +1804,11 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "max_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 ||
strcmp( q, "dtls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 ||
strcmp( q, "dtls12" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
else
@ -1825,19 +1825,19 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "tls1_2" ) == 0 )
if( strcmp( q, "tls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
}
else if( strcmp( q, "dtls1_2" ) == 0 )
else if( strcmp( q, "dtls12" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
else if( strcmp( q, "tls1_3" ) == 0 )
else if( strcmp( q, "tls13" ) == 0 )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
@ -2255,7 +2255,7 @@ int main( int argc, char *argv[] )
p = (char *) opt.sig_algs;
i = 0;
/* Leave room for a final MBEDTLS_TLS13_SIG_NONE in signature algorithm list (sig_alg_list). */
/* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
while( i < SIG_ALG_LIST_SIZE - 1 && *p != '\0' )
{
q = p;
@ -2268,15 +2268,15 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
}
else if( strcmp( q, "ecdsa_secp384r1_sha384" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
}
else if( strcmp( q, "ecdsa_secp521r1_sha512" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
}
else
{
@ -2297,7 +2297,7 @@ int main( int argc, char *argv[] )
goto exit;
}
sig_alg_list[i] = MBEDTLS_TLS13_SIG_NONE;
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

10
tests/compat.sh
View file

@ -67,7 +67,7 @@ else
fi
# default values for options
MODES="tls1_2 dtls1_2"
MODES="tls12 dtls12"
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
@ -155,14 +155,14 @@ log() {
# is_dtls <mode>
is_dtls()
{
test "$1" = "dtls1_2"
test "$1" = "dtls12"
}
# minor_ver <mode>
minor_ver()
{
case "$1" in
tls1_2|dtls1_2)
tls12|dtls12)
echo 3
;;
*)
@ -633,10 +633,10 @@ setup_arguments()
{
G_MODE=""
case "$MODE" in
"tls1_2")
"tls12")
G_PRIO_MODE="+VERS-TLS1.2"
;;
"dtls1_2")
"dtls12")
G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u"
;;

8
tests/scripts/all.sh
View file

@ -1079,7 +1079,7 @@ component_test_no_ctr_drbg_classic () {
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
}
component_test_no_ctr_drbg_use_psa () {
@ -1101,7 +1101,7 @@ component_test_no_ctr_drbg_use_psa () {
tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
}
component_test_no_hmac_drbg_classic () {
@ -1128,7 +1128,7 @@ component_test_no_hmac_drbg_classic () {
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
tests/compat.sh -m tls1_2 -t 'ECDSA'
tests/compat.sh -m tls12 -t 'ECDSA'
}
component_test_no_hmac_drbg_use_psa () {
@ -1155,7 +1155,7 @@ component_test_no_hmac_drbg_use_psa () {
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
tests/compat.sh -m tls1_2 -t 'ECDSA'
tests/compat.sh -m tls12 -t 'ECDSA'
}
component_test_psa_external_rng_no_drbg_classic () {

4
tests/scripts/test-ref-configs.pl
View file

@ -29,12 +29,12 @@ use strict;
my %configs = (
'config-ccm-psk-tls1_2.h' => {
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
},
'config-no-entropy.h' => {
},
'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
'config-symmetric-only.h' => {
},

220
tests/ssl-opt.sh
View file

@ -1194,8 +1194,8 @@ run_test() {
run_test_psa() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA-supported ciphersuite: $1" \
"$P_SRV debug_level=3 force_version=tls1_2" \
"$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \
"$P_SRV debug_level=3 force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
@ -1217,8 +1217,8 @@ run_test_psa() {
run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls1_2 curves=$1" \
"$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
"$P_SRV debug_level=4 force_version=tls12 curves=$1" \
"$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
@ -1250,8 +1250,8 @@ run_test_memory_after_hanshake_with_mfl()
MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
"$P_CLI debug_level=3 force_version=tls1_2 \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls12 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \
@ -1269,8 +1269,8 @@ run_tests_memory_after_hanshake()
# first test with default MFU is to get reference memory usage
MEMORY_USAGE_MFL_16K=0
run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
"$P_CLI debug_level=3 force_version=tls1_2 \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls12 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \
@ -2681,7 +2681,7 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
run_test "CBC Record splitting: TLS 1.2, no splitting" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
request_size=123 force_version=tls1_2" \
request_size=123 force_version=tls12" \
0 \
-s "Read from client: 123 bytes read" \
-S "Read from client: 1 bytes read" \
@ -4517,7 +4517,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
key_file=data_files/server5.key \
crt_file2=data_files/server5-sha1.crt \
key_file2=data_files/server5.key" \
"$P_CLI force_version=tls1_2" \
"$P_CLI force_version=tls12" \
0 \
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
@ -5490,7 +5490,7 @@ run_test "PSK callback: psk, no callback" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
@ -5504,7 +5504,7 @@ run_test "PSK callback: opaque psk on client, no callback" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
@ -5518,7 +5518,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
@ -5532,7 +5532,7 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
@ -5545,8 +5545,8 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5559,8 +5559,8 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5573,9 +5573,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
@ -5588,9 +5588,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
@ -5603,8 +5603,8 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5617,8 +5617,8 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5631,9 +5631,9 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead extended_ms=1" \
0 \
-c "session hash for extended master secret"\
@ -5646,9 +5646,9 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=abc psk=dead extended_ms=1" \
0 \
-c "session hash for extended master secret"\
@ -5661,8 +5661,8 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5675,8 +5675,8 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5689,8 +5689,8 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5702,8 +5702,8 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
@ -5715,8 +5715,8 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
1 \
-s "SSL - Verification of the message MAC failed"
@ -5896,35 +5896,35 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \
run_test "Small client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
"$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
"$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
"$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
"$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-s "Read from client: 1 bytes read"
run_test "Small client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
"$P_CLI request_size=1 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-s "Read from client: 1 bytes read"
@ -5933,7 +5933,7 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small client packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls1_2" \
"$P_SRV dtls=1 force_version=dtls12" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
@ -5941,7 +5941,7 @@ run_test "Small client packet DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small client packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
"$P_SRV dtls=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
@ -5951,35 +5951,35 @@ run_test "Small client packet DTLS 1.2, without EtM" \
run_test "Small server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "Read from server: 1 bytes read"
run_test "Small server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "Read from server: 1 bytes read"
@ -5988,7 +5988,7 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small server packet DTLS 1.2" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
"$P_SRV dtls=1 response_size=1 force_version=dtls12" \
"$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
@ -5996,7 +5996,7 @@ run_test "Small server packet DTLS 1.2" \
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
run_test "Small server packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
"$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \
"$P_CLI dtls=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
@ -6011,7 +6011,7 @@ fragments_for_write() {
run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
"$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -6019,14 +6019,14 @@ run_test "Large client packet TLS 1.2 BlockCipher" \
run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
"$P_CLI request_size=16384 force_version=tls12 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
"$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -6034,7 +6034,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
"$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -6042,7 +6042,7 @@ run_test "Large client packet TLS 1.2 AEAD" \
run_test "Large client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
"$P_CLI request_size=16384 force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
@ -6051,14 +6051,14 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
run_test "Large server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 etm=0 \
"$P_CLI force_version=tls12 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "16384 bytes written in 1 fragments" \
@ -6066,14 +6066,14 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV response_size=16384 trunc_hmac=1" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "16384 bytes written in 1 fragments" \
@ -6081,14 +6081,14 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC
run_test "Large server packet TLS 1.2 AEAD" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
"$P_CLI force_version=tls12 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "Read from server: 16384 bytes read"
@ -7572,7 +7572,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
mtu=512 force_version=dtls1_2" \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-C "error"
@ -7595,7 +7595,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
mtu=512 force_version=dtls1_2" \
mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
@ -7610,7 +7610,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
mtu=512 force_version=dtls1_2" \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-C "error"
@ -7624,7 +7624,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
mtu=512 force_version=dtls1_2" \
mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
@ -7646,7 +7646,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-C "error"
@ -7663,7 +7663,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
@ -7686,7 +7686,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
"$P_CLI dtls=1 debug_level=2 \
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-C "error"
@ -7703,7 +7703,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
crt_file=data_files/server7_int-ca.crt \
key_file=data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
@ -8794,9 +8794,9 @@ run_test "TLS1.3: Test gnutls tls1_3 feature" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
skip_handshake_stage_check
run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
"$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \
"$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \
run_test "TLS1.3: Not supported version check: tls12 and tls13" \
"$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
"$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \
1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available" \
@ -8805,34 +8805,34 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
run_test "TLS1.3: handshake dispatch test: tls1_3 only" \
"$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
run_test "TLS1.3: handshake dispatch test: tls13 only" \
"$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
"$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
1 \
-s "tls1_3 server state: 0" \
-c "tls1_3 client state: 0"
-s "tls13 server state: 0" \
-c "tls13 client state: 0"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15" \
-c "<= ssl_tls1_3_process_server_hello" \
-c "tls13 client state: 0" \
-c "tls13 client state: 2" \
-c "tls13 client state: 19" \
-c "tls13 client state: 5" \
-c "tls13 client state: 3" \
-c "tls13 client state: 9" \
-c "tls13 client state: 13" \
-c "tls13 client state: 11" \
-c "tls13 client state: 14" \
-c "tls13 client state: 15" \
-c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \
-c "=> ssl_tls1_3_process_server_hello" \
-c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
-c "=> parse certificate verify" \
@ -8849,7 +8849,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
"$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
"$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
0 \
-c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
@ -8864,23 +8864,23 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
0 \
-s "SERVER HELLO was queued" \
-c "tls1_3 client state: 0" \
-c "tls1_3 client state: 2" \
-c "tls1_3 client state: 19" \
-c "tls1_3 client state: 5" \
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15" \
-c "<= ssl_tls1_3_process_server_hello" \
-s "SERVER HELLO was queued" \
-c "tls13 client state: 0" \
-c "tls13 client state: 2" \
-c "tls13 client state: 19" \
-c "tls13 client state: 5" \
-c "tls13 client state: 3" \
-c "tls13 client state: 9" \
-c "tls13 client state: 13" \
-c "tls13 client state: 11" \
-c "tls13 client state: 14" \
-c "tls13 client state: 15" \
-c "<= ssl_tls13_process_server_hello" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \
-c "=> ssl_tls1_3_process_server_hello" \
-c "=> ssl_tls13_process_server_hello" \
-c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
-c "=> parse certificate verify" \
@ -8899,7 +8899,7 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_gnutls_next
run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
"$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
"$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
0 \
-c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \

68
tests/suites/test_suite_ssl.data
View file

@ -5890,136 +5890,136 @@ SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
SSL TLS 1.3 Key schedule: Secret evolution #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Early secret to Handshake Secret
ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
SSL TLS 1.3 Key schedule: Secret evolution #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Handshake secret to Master Secret
ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
ssl_tls13_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
SSL TLS 1.3 Key schedule: HKDF Expand Label #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
SSL TLS 1.3 Key schedule: HKDF Expand Label #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
SSL TLS 1.3 Key schedule: HKDF Expand Label #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
SSL TLS 1.3 Key schedule: HKDF Expand Label #4
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic Key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic Key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448)
# Calculation of finished_key
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448)
# Calculation of resumption key
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
SSL TLS 1.3 Key schedule: Traffic key generation #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448)
# Vector RFC 8448
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
ssl_tls13_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( Early-Secret, "derived", "")
# Tests the case where context isn't yet hashed (empty string here,
# but still needs to be hashed)
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( MasterSecret, "s ap traffic", hash)
# Tests the case where context is already hashed
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: Early secrets derivation helper
# Vector from RFC 8448
ssl_tls1_3_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
ssl_tls13_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
# Vector from RFC 8448
ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
ssl_tls13_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@ -6029,7 +6029,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
# - App data payload: 70696e67
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@ -6039,7 +6039,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
# - App data payload: 706f6e67
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
@ -6057,7 +6057,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
@ -6075,21 +6075,21 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
ssl_tls1_3_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
ssl_tls13_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
# Vector from RFC 8448
ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
ssl_tls13_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
SSL TLS 1.3 Key schedule: PSK binder
# Vector from RFC 8448
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
ssl_tls13_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE

170
tests/suites/test_suite_ssl.function
View file

@ -17,7 +17,7 @@
enum
{
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
tls1_3_label_ ## name,
tls13_label_ ## name,
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
};
@ -3670,22 +3670,22 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_hkdf_expand_label( int hash_alg,
data_t *secret,
int label_idx,
data_t *ctx,
int desired_length,
data_t *expected )
void ssl_tls13_hkdf_expand_label( int hash_alg,
data_t *secret,
int label_idx,
data_t *ctx,
int desired_length,
data_t *expected )
{
unsigned char dst[ 100 ];
unsigned char const *lbl = NULL;
size_t lbl_len;
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
if( label_idx == (int) tls1_3_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
if( label_idx == (int) tls13_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls13_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
}
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
@ -3695,7 +3695,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
TEST_ASSERT( mbedtls_ssl_tls13_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
@ -3708,15 +3708,15 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_traffic_key_generation( int hash_alg,
data_t *server_secret,
data_t *client_secret,
int desired_iv_len,
int desired_key_len,
data_t *expected_server_write_key,
data_t *expected_server_write_iv,
data_t *expected_client_write_key,
data_t *expected_client_write_iv )
void ssl_tls13_traffic_key_generation( int hash_alg,
data_t *server_secret,
data_t *client_secret,
int desired_iv_len,
int desired_key_len,
data_t *expected_server_write_key,
data_t *expected_server_write_iv,
data_t *expected_client_write_key,
data_t *expected_client_write_iv )
{
mbedtls_ssl_key_set keys;
@ -3727,7 +3727,7 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg,
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
expected_client_write_key->len == (size_t) desired_key_len );
TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys(
TEST_ASSERT( mbedtls_ssl_tls13_make_traffic_keys(
(mbedtls_md_type_t) hash_alg,
client_secret->x,
server_secret->x,
@ -3755,23 +3755,23 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_secret( int hash_alg,
data_t *secret,
int label_idx,
data_t *ctx,
int desired_length,
int already_hashed,
data_t *expected )
void ssl_tls13_derive_secret( int hash_alg,
data_t *secret,
int label_idx,
data_t *ctx,
int desired_length,
int already_hashed,
data_t *expected )
{
unsigned char dst[ 100 ];
unsigned char const *lbl = NULL;
size_t lbl_len;
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
if( label_idx == (int) tls1_3_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
if( label_idx == (int) tls13_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls13_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \
}
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
@ -3781,7 +3781,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
TEST_ASSERT( mbedtls_ssl_tls13_derive_secret(
(mbedtls_md_type_t) hash_alg,
secret->x, secret->len,
lbl, lbl_len,
@ -3795,13 +3795,13 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_early_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *traffic_expected,
data_t *exporter_expected )
void ssl_tls13_derive_early_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *traffic_expected,
data_t *exporter_expected )
{
mbedtls_ssl_tls1_3_early_secrets secrets;
mbedtls_ssl_tls13_early_secrets secrets;
/* Double-check that we've passed sane parameters. */
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@ -3813,7 +3813,7 @@ void ssl_tls1_3_derive_early_secrets( int hash_alg,
traffic_expected->len == md_size &&
exporter_expected->len == md_size );
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
TEST_ASSERT( mbedtls_ssl_tls13_derive_early_secrets(
md_type, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
@ -3825,13 +3825,13 @@ void ssl_tls1_3_derive_early_secrets( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *client_expected,
data_t *server_expected )
void ssl_tls13_derive_handshake_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *client_expected,
data_t *server_expected )
{
mbedtls_ssl_tls1_3_handshake_secrets secrets;
mbedtls_ssl_tls13_handshake_secrets secrets;
/* Double-check that we've passed sane parameters. */
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@ -3843,7 +3843,7 @@ void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
client_expected->len == md_size &&
server_expected->len == md_size );
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
TEST_ASSERT( mbedtls_ssl_tls13_derive_handshake_secrets(
md_type, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
@ -3855,14 +3855,14 @@ void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_application_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *client_expected,
data_t *server_expected,
data_t *exporter_expected )
void ssl_tls13_derive_application_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *client_expected,
data_t *server_expected,
data_t *exporter_expected )
{
mbedtls_ssl_tls1_3_application_secrets secrets;
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@ -3875,7 +3875,7 @@ void ssl_tls1_3_derive_application_secrets( int hash_alg,
server_expected->len == md_size &&
exporter_expected->len == md_size );
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
TEST_ASSERT( mbedtls_ssl_tls13_derive_application_secrets(
md_type, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
@ -3889,12 +3889,12 @@ void ssl_tls1_3_derive_application_secrets( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *resumption_expected )
void ssl_tls13_derive_resumption_secrets( int hash_alg,
data_t *secret,
data_t *transcript,
data_t *resumption_expected )
{
mbedtls_ssl_tls1_3_application_secrets secrets;
mbedtls_ssl_tls13_application_secrets secrets;
/* Double-check that we've passed sane parameters. */
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
@ -3905,7 +3905,7 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
transcript->len == md_size &&
resumption_expected->len == md_size );
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
TEST_ASSERT( mbedtls_ssl_tls13_derive_resumption_master_secret(
md_type, secret->x, transcript->x, transcript->len,
&secrets ) == 0 );
@ -3915,11 +3915,11 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_create_psk_binder( int hash_alg,
data_t *psk,
int psk_type,
data_t *transcript,
data_t *binder_expected )
void ssl_tls13_create_psk_binder( int hash_alg,
data_t *psk,
int psk_type,
data_t *transcript,
data_t *binder_expected )
{
unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
@ -3931,7 +3931,7 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
transcript->len == md_size &&
binder_expected->len == md_size );
TEST_ASSERT( mbedtls_ssl_tls1_3_create_psk_binder(
TEST_ASSERT( mbedtls_ssl_tls13_create_psk_binder(
NULL, /* SSL context for debugging only */
md_type,
psk->x, psk->len,
@ -3945,16 +3945,16 @@ void ssl_tls1_3_create_psk_binder( int hash_alg,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_record_protection( int ciphersuite,
int endpoint,
int ctr,
int padding_used,
data_t *server_write_key,
data_t *server_write_iv,
data_t *client_write_key,
data_t *client_write_iv,
data_t *plaintext,
data_t *ciphertext )
void ssl_tls13_record_protection( int ciphersuite,
int endpoint,
int ctr,
int padding_used,
data_t *server_write_key,
data_t *server_write_iv,
data_t *client_write_key,
data_t *client_write_iv,
data_t *plaintext,
data_t *ciphertext )
{
mbedtls_ssl_key_set keys;
mbedtls_ssl_transform transform_send;
@ -4043,14 +4043,14 @@ void ssl_tls1_3_record_protection( int ciphersuite,
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_key_evolution( int hash_alg,
data_t *secret,
data_t *input,
data_t *expected )
void ssl_tls13_key_evolution( int hash_alg,
data_t *secret,
data_t *input,
data_t *expected )
{
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret(
TEST_ASSERT( mbedtls_ssl_tls13_evolve_secret(
(mbedtls_md_type_t) hash_alg,
secret->len ? secret->x : NULL,
input->len ? input->x : NULL, input->len,