From d25fab6f7928a36b6e517bb48e836d29a827e4ad Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Thu, 2 Dec 2021 06:36:27 +0000 Subject: [PATCH] Update based on comments Signed-off-by: Xiaofei Bai --- library/ecdh.c | 18 ++++---- library/ssl_misc.h | 8 ++-- library/ssl_tls13_client.c | 62 +++++++++++++------------- library/ssl_tls13_generic.c | 22 +++++----- library/ssl_tls13_keys.c | 28 ++++++------ library/ssl_tls13_keys.h | 28 +++++++----- library/ssl_tls13_server.c | 2 +- programs/ssl/ssl_client2.c | 30 ++++++------- programs/ssl/ssl_server2.c | 28 ++++++------ tests/ssl-opt.sh | 66 ++++++++++++++-------------- tests/suites/test_suite_ssl.data | 40 ++++++++--------- tests/suites/test_suite_ssl.function | 14 +++--- 12 files changed, 176 insertions(+), 170 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 18474a327..3f3992643 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -731,8 +731,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t buf_len, + size_t *out_len, int point_format, + unsigned char *buf, size_t buf_len, int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -745,20 +745,20 @@ static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, return( ret ); ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format, - olen, buf, buf_len ); + out_len, buf, buf_len ); if( ret != 0 ) return( ret ); return( 0 ); } -int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len, unsigned char *buf, size_t buf_len, int ( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); + ECDH_VALIDATE_RET( out_len != NULL ); ECDH_VALIDATE_RET( buf != NULL ); ECDH_VALIDATE_RET( f_rng != NULL ); @@ -769,7 +769,7 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, + return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format, buf, buf_len, f_rng, p_rng ) ); #else switch( ctx->var ) @@ -779,9 +779,9 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen, - ctx->point_format, buf, buf_len, - f_rng, p_rng ) ); + return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, + out_len, ctx->point_format, + buf, buf_len, f_rng, p_rng ) ); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e1c69a88e..a94c79f04 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -529,7 +529,7 @@ struct mbedtls_ssl_handshake_params * Handshake specific crypto variables */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */ + int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -765,7 +765,7 @@ struct mbedtls_ssl_handshake_params unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE]; unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE]; - } tls1_3_master_secrets; + } tls13_master_secrets; mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ @@ -1568,7 +1568,7 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context * static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl, int kex_modes_mask ) { - return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 ); + return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 ); } static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl ) @@ -1678,7 +1678,7 @@ void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen); + size_t *out_len); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ca633ffb9..1874d4fde 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -47,11 +47,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf; - *olen = 0; + *out_len = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); @@ -87,7 +87,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); - *olen = 7; + *out_len = 7; return( 0 ); } @@ -139,11 +139,11 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf; - *olen = 0; + *out_len = 0; const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); @@ -168,7 +168,7 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, curve_info->name, *group_list ) ); } - *olen = p - buf; + *out_len = p - buf; return( 0 ); } @@ -176,12 +176,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { ((void) ssl); ((void) buf); ((void) end); - *olen = 0; + *out_len = 0; return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } #endif /* MBEDTLS_ECDH_C */ @@ -189,12 +189,12 @@ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { ((void) ssl); ((void) buf); ((void) end); - *olen = 0; + *out_len = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -202,7 +202,7 @@ static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl, static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf ; unsigned char *named_group_list; /* Start of named_group_list */ @@ -210,7 +210,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, size_t output_len = 0; int ret_ecdhe, ret_dhe; - *olen = 0; + *out_len = 0; if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) return( 0 ); @@ -264,7 +264,7 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 ); - *olen = p - buf; + *out_len = p - buf; ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; @@ -280,7 +280,7 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange( uint16_t named_group, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ecp_curve_info *curve_info = @@ -298,9 +298,9 @@ static int ssl_tls13_generate_and_write_ecdh_key_exchange( return( ret ); } - ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen, - buf, end - buf, - ssl->conf->f_rng, ssl->conf->p_rng ); + ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, out_len, + buf, end - buf, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret ); @@ -365,7 +365,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf; unsigned char *client_shares; /* Start of client_shares */ @@ -373,7 +373,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, uint16_t group_id; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - *olen = 0; + *out_len = 0; if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) return( 0 ); @@ -459,9 +459,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, ssl->handshake->offered_group_id = group_id; /* Output the total length of key_share extension. */ - *olen = p - buf; + *out_len = p - buf; - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE; @@ -600,14 +600,14 @@ static int ssl_tls13_write_client_hello_cipher_suites( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf; const int *ciphersuite_list; unsigned char *cipher_suites; /* Start of the cipher_suites list */ size_t cipher_suites_len; - *olen = 0 ; + *out_len = 0 ; /* * Ciphersuite list @@ -655,7 +655,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( cipher_suites_len/2 ) ); /* Output the total length of cipher_suites field. */ - *olen = p - buf; + *out_len = p - buf; return( 0 ); } @@ -675,7 +675,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { int ret; @@ -686,7 +686,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, /* Buffer management */ unsigned char *p = buf; - *olen = 0; + *out_len = 0; /* No validation needed here. It has been done by ssl_conf_check() */ ssl->major_ver = ssl->conf->min_major_ver; @@ -815,7 +815,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, extensions_len ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p_extensions_len, extensions_len ); - *olen = p - buf; + *out_len = p - buf; return( 0 ); } @@ -1257,17 +1257,17 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl ) { /* Only the pre_shared_key extension was received */ case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; /* Only the key_share extension was received */ case MBEDTLS_SSL_EXT_KEY_SHARE: - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; + handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; break; /* Both the pre_shared_key and key_share extensions were received */ case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): - handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; /* Neither pre_shared_key nor key_share extension was received */ @@ -1662,7 +1662,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 client state: %d", ssl->state ) ); switch( ssl->state ) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 86d984f0b..066147a5e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -157,13 +157,13 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { unsigned char *p = buf; unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ - *olen = 0; + *out_len = 0; /* Skip the extension on the client if all allowed key exchanges * are PSK-based. */ @@ -214,7 +214,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); /* Output the total length of signature algorithms extension. */ - *olen = p - buf; + *out_len = p - buf; ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; return( 0 ); @@ -321,9 +321,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE]; size_t verify_hash_len; - void const *opts_ptr = NULL; + void const *options = NULL; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_pk_rsassa_pss_options opts; + mbedtls_pk_rsassa_pss_options rsassa_pss_options; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ /* @@ -443,17 +443,17 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, if( sig_alg == MBEDTLS_PK_RSASSA_PSS ) { const mbedtls_md_info_t* md_info; - opts.mgf1_hash_id = md_alg; + rsassa_pss_options.mgf1_hash_id = md_alg; if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - opts.expected_salt_len = mbedtls_md_get_size( md_info ); - opts_ptr = (const void*) &opts; + rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); + options = (const void*) &rsassa_pss_options; } #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - if( ( ret = mbedtls_pk_verify_ext( sig_alg, opts_ptr, + if( ( ret = mbedtls_pk_verify_ext( sig_alg, options, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len ) ) == 0 ) @@ -1081,7 +1081,7 @@ static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ) + size_t *out_len ) { size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; /* @@ -1094,7 +1094,7 @@ static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl, memcpy( buf, ssl->handshake->state_local.finished_out.digest, verify_data_len ); - *olen = verify_data_len; + *out_len = verify_data_len; return( 0 ); } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 109c375e9..b77fc7b63 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -78,7 +78,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * the HkdfLabel structure on success. */ -static const char tls1_3_label_prefix[6] = "tls13 "; +static const char tls13_label_prefix[6] = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ ( 2 /* expansion length */ \ @@ -89,7 +89,7 @@ static const char tls1_3_label_prefix[6] = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ - sizeof(tls1_3_label_prefix) + \ + sizeof(tls13_label_prefix) + \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) @@ -100,7 +100,7 @@ static void ssl_tls13_hkdf_encode_label( unsigned char *dst, size_t *dst_len ) { size_t total_label_len = - sizeof(tls1_3_label_prefix) + label_len; + sizeof(tls13_label_prefix) + label_len; size_t total_hkdf_lbl_len = SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, ctx_len ); @@ -119,8 +119,8 @@ static void ssl_tls13_hkdf_encode_label( /* Add label incl. prefix */ *p++ = MBEDTLS_BYTE_0( total_label_len ); - memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); - p += sizeof(tls1_3_label_prefix); + memcpy( p, tls13_label_prefix, sizeof(tls13_label_prefix) ); + p += sizeof(tls13_label_prefix); memcpy( p, label, label_len ); p += label_len; @@ -578,9 +578,9 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ) * Compute MasterSecret */ ret = mbedtls_ssl_tls13_evolve_secret( md_type, - handshake->tls1_3_master_secrets.handshake, + handshake->tls13_master_secrets.handshake, NULL, 0, - handshake->tls1_3_master_secrets.app ); + handshake->tls13_master_secrets.app ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); @@ -588,7 +588,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret", - handshake->tls1_3_master_secrets.app, md_size ); + handshake->tls13_master_secrets.app, md_size ); return( 0 ); } @@ -918,7 +918,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) md_type = handshake->ciphersuite_info->mac; ret = mbedtls_ssl_tls13_evolve_secret( md_type, NULL, NULL, 0, - handshake->tls1_3_master_secrets.early ); + handshake->tls13_master_secrets.early ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); @@ -972,7 +972,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, } ret = mbedtls_ssl_tls13_derive_handshake_secrets( md_type, - handshake->tls1_3_master_secrets.handshake, + handshake->tls13_master_secrets.handshake, transcript, transcript_len, tls13_hs_secrets ); if( ret != 0 ) { @@ -1091,9 +1091,9 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) * Compute the Handshake Secret */ ret = mbedtls_ssl_tls13_evolve_secret( md_type, - handshake->tls1_3_master_secrets.early, + handshake->tls13_master_secrets.early, ecdhe, ephemeral_len, - handshake->tls1_3_master_secrets.handshake ); + handshake->tls13_master_secrets.handshake ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); @@ -1101,7 +1101,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret", - handshake->tls1_3_master_secrets.handshake, md_size ); + handshake->tls13_master_secrets.handshake, md_size ); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) ); @@ -1161,7 +1161,7 @@ int mbedtls_ssl_tls13_generate_application_keys( /* Compute application secrets from master secret and transcript hash. */ ret = mbedtls_ssl_tls13_derive_application_secrets( md_type, - handshake->tls1_3_master_secrets.app, + handshake->tls13_master_secrets.app, transcript, transcript_len, app_secrets ); if( ret != 0 ) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 0a6895679..da967c398 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -95,16 +95,18 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; * * \param hash_alg The identifier for the hash algorithm to use. * \param secret The \c Secret argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length \p slen Bytes. + * This must be a readable buffer of length + * \p secret_len Bytes. * \param secret_len The length of \p secret in Bytes. * \param label The \c Label argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length \p llen Bytes. + * This must be a readable buffer of length + * \p label_len Bytes. * \param label_len The length of \p label in Bytes. * \param ctx The \c Context argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length \p clen Bytes. + * This must be a readable buffer of length \p ctx_len Bytes. * \param ctx_len The length of \p context in Bytes. * \param buf The destination buffer to hold the expanded secret. - * This must be a writable buffer of length \p blen Bytes. + * This must be a writable buffer of length \p buf_len Bytes. * \param buf_len The desired size of the expanded secret in Bytes. * * \returns \c 0 on success. @@ -133,9 +135,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( * \param hash_alg The identifier for the hash algorithm to be used * for the HKDF-based expansion of the secret. * \param client_secret The client traffic secret. - * This must be a readable buffer of size \p slen Bytes + * This must be a readable buffer of size + * \p secret_len Bytes * \param server_secret The server traffic secret. - * This must be a readable buffer of size \p slen Bytes + * This must be a readable buffer of size + * \p secret_len Bytes * \param secret_len Length of the secrets \p client_secret and * \p server_secret in Bytes. * \param key_len The desired length of the key to be extracted in Bytes. @@ -171,15 +175,17 @@ int mbedtls_ssl_tls13_make_traffic_keys( * \param hash_alg The identifier for the hash function used for the * applications of HKDF. * \param secret The \c Secret argument to the \c Derive-Secret function. - * This must be a readable buffer of length \p slen Bytes. + * This must be a readable buffer of length + * \p secret_len Bytes. * \param secret_len The length of \p secret in Bytes. * \param label The \c Label argument to the \c Derive-Secret function. - * This must be a readable buffer of length \p llen Bytes. + * This must be a readable buffer of length + * \p label_len Bytes. * \param label_len The length of \p label in Bytes. * \param ctx The hash of the \c Messages argument to the * \c Derive-Secret function, or the \c Messages argument - * itself, depending on \p context_already_hashed. - * \param ctx_len The length of \p hash. + * itself, depending on \p ctx_hashed. + * \param ctx_len The length of \p ctx in Bytes. * \param ctx_hashed This indicates whether the \p ctx contains the hash of * the \c Messages argument in the application of the * \c Derive-Secret function @@ -189,7 +195,7 @@ int mbedtls_ssl_tls13_make_traffic_keys( * (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED). * \param dstbuf The target buffer to write the output of * \c Derive-Secret to. This must be a writable buffer of - * size \p buflen Bytes. + * size \p dtsbuf_len Bytes. * \param dstbuf_len The length of \p dstbuf in Bytes. * * \returns \c 0 on success. diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 86f44cb65..3018ecbcc 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -30,7 +30,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { ((void) ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4b9b90cce..776d77dcd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -409,25 +409,25 @@ int main( void ) USAGE_ETM \ USAGE_REPRODUCIBLE \ USAGE_CURVES \ - USAGE_SIG_ALGS \ + USAGE_SIG_ALGS \ USAGE_DHMLEN \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -#define TLS1_3_VERSION_OPTIONS ", tls1_3" +#define TLS1_3_VERSION_OPTIONS ", tls13" #else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #define TLS1_3_VERSION_OPTIONS "" #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #define USAGE4 \ " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls1_2)\n" \ - " max_version=%%s default: (library default: tls1_2)\n" \ + " min_version=%%s default: (library default: tls12)\n" \ + " max_version=%%s default: (library default: tls12)\n" \ " force_version=%%s default: \"\" (none)\n" \ - " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \ + " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ "\n\n" \ " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ + USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " query_config= return 0 if the specified\n" \ " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ @@ -1128,11 +1128,11 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else if( strcmp( p, "min_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 || - strcmp( q, "dtls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 || + strcmp( q, "dtls12" ) == 0 ) opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else @@ -1140,11 +1140,11 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "max_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 || - strcmp( q, "dtls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 || + strcmp( q, "dtls12" ) == 0 ) opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else @@ -1161,19 +1161,19 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "force_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; } - else if( strcmp( q, "dtls1_2" ) == 0 ) + else if( strcmp( q, "dtls12" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; } #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index cff042b80..5bad4a6a5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -514,7 +514,7 @@ int main( void ) "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -#define TLS1_3_VERSION_OPTIONS ", tls1_3" +#define TLS1_3_VERSION_OPTIONS ", tls13" #else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #define TLS1_3_VERSION_OPTIONS "" #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ @@ -523,13 +523,13 @@ int main( void ) USAGE_SSL_ASYNC \ USAGE_SNI \ " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls1_2)\n" \ - " max_version=%%s default: (library default: tls1_2)\n" \ + " min_version=%%s default: (library default: tls12)\n" \ + " max_version=%%s default: (library default: tls12)\n" \ " force_version=%%s default: \"\" (none)\n" \ - " options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \ + " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ "\n\n" \ " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ + USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " query_config= return 0 if the specified\n" \ " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ @@ -1792,11 +1792,11 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "min_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 || - strcmp( q, "dtls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 || + strcmp( q, "dtls12" ) == 0 ) opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else @@ -1804,11 +1804,11 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "max_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 || - strcmp( q, "dtls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 || + strcmp( q, "dtls12" ) == 0 ) opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ else @@ -1825,19 +1825,19 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "force_version" ) == 0 ) { - if( strcmp( q, "tls1_2" ) == 0 ) + if( strcmp( q, "tls12" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; } - else if( strcmp( q, "dtls1_2" ) == 0 ) + else if( strcmp( q, "dtls12" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; } #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - else if( strcmp( q, "tls1_3" ) == 0 ) + else if( strcmp( q, "tls13" ) == 0 ) { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4; opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3d65338f9..50b196915 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8794,9 +8794,9 @@ run_test "TLS1.3: Test gnutls tls1_3 feature" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL skip_handshake_stage_check -run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \ - "$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \ - "$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \ +run_test "TLS1.3: Not supported version check: tls12 and tls13" \ + "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \ + "$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \ 1 \ -s "SSL - The requested feature is not available" \ -c "SSL - The requested feature is not available" \ @@ -8805,30 +8805,30 @@ run_test "TLS1.3: Not supported version check: tls1_2 and tls1_3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL -run_test "TLS1.3: handshake dispatch test: tls1_3 only" \ - "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \ - "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \ +run_test "TLS1.3: handshake dispatch test: tls13 only" \ + "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \ + "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \ 1 \ - -s "tls1_3 server state: 0" \ - -c "tls1_3 client state: 0" + -s "tls13 server state: 0" \ + -c "tls13 client state: 0" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS1.3: minimal feature sets - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 0 \ - -c "tls1_3 client state: 0" \ - -c "tls1_3 client state: 2" \ - -c "tls1_3 client state: 19" \ - -c "tls1_3 client state: 5" \ - -c "tls1_3 client state: 3" \ - -c "tls1_3 client state: 9" \ - -c "tls1_3 client state: 13" \ - -c "tls1_3 client state: 11" \ - -c "tls1_3 client state: 14" \ - -c "tls1_3 client state: 15" \ + -c "tls13 client state: 0" \ + -c "tls13 client state: 2" \ + -c "tls13 client state: 19" \ + -c "tls13 client state: 5" \ + -c "tls13 client state: 3" \ + -c "tls13 client state: 9" \ + -c "tls13 client state: 13" \ + -c "tls13 client state: 11" \ + -c "tls13 client state: 14" \ + -c "tls13 client state: 15" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "ECDH curve: x25519" \ @@ -8849,7 +8849,7 @@ requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS 1.3 m->O AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \ "$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \ - "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \ + "$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \ 0 \ -c "ECDH curve: x25519" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ @@ -8864,19 +8864,19 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_disabled MBEDTLS_USE_PSA_CRYPTO run_test "TLS1.3: minimal feature sets - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 0 \ - -s "SERVER HELLO was queued" \ - -c "tls1_3 client state: 0" \ - -c "tls1_3 client state: 2" \ - -c "tls1_3 client state: 19" \ - -c "tls1_3 client state: 5" \ - -c "tls1_3 client state: 3" \ - -c "tls1_3 client state: 9" \ - -c "tls1_3 client state: 13" \ - -c "tls1_3 client state: 11" \ - -c "tls1_3 client state: 14" \ - -c "tls1_3 client state: 15" \ + -s "SERVER HELLO was queued" \ + -c "tls13 client state: 0" \ + -c "tls13 client state: 2" \ + -c "tls13 client state: 19" \ + -c "tls13 client state: 5" \ + -c "tls13 client state: 3" \ + -c "tls13 client state: 9" \ + -c "tls13 client state: 13" \ + -c "tls13 client state: 11" \ + -c "tls13 client state: 14" \ + -c "tls13 client state: 15" \ -c "<= ssl_tls13_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "ECDH curve: x25519" \ @@ -8899,7 +8899,7 @@ requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_gnutls_next run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \ + "$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \ 0 \ -c "ECDH curve: x25519" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index d57c87195..4ef54f5a9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -5906,57 +5906,57 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a" SSL TLS 1.3 Key schedule: HKDF Expand Label #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815" SSL TLS 1.3 Key schedule: HKDF Expand Label #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" SSL TLS 1.3 Key schedule: HKDF Expand Label #4 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30" SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic Key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f" SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) # Calculation of finished_key -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) # Calculation of resumption key -ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" +ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" SSL TLS 1.3 Key schedule: Traffic key generation #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) @@ -5973,45 +5973,45 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # Derive-Secret( Early-Secret, "derived", "") # Tests the case where context isn't yet hashed (empty string here, # but still needs to be hashed) -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) # Vector from RFC 8448 -ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" SSL TLS 1.3 Key schedule: Early secrets derivation helper # Vector from RFC 8448 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9e93b38ac..c1bc17c33 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -17,7 +17,7 @@ enum { #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ - tls1_3_label_ ## name, + tls13_label_ ## name, MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL }; @@ -3681,9 +3681,9 @@ void ssl_tls13_hkdf_expand_label( int hash_alg, unsigned char const *lbl = NULL; size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ - if( label_idx == (int) tls1_3_label_ ## name ) \ - { \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls13_label_ ## name ) \ + { \ lbl = mbedtls_ssl_tls13_labels.name; \ lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \ } @@ -3767,9 +3767,9 @@ void ssl_tls13_derive_secret( int hash_alg, unsigned char const *lbl = NULL; size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ - if( label_idx == (int) tls1_3_label_ ## name ) \ - { \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls13_label_ ## name ) \ + { \ lbl = mbedtls_ssl_tls13_labels.name; \ lbl_len = sizeof( mbedtls_ssl_tls13_labels.name ); \ }