Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser
TLS 1.3: Add extension check for message parsers
diff --git a/library/ssl_client.c b/library/ssl_client.c
index d9c6781..0f0ea1d 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -106,6 +106,9 @@
*olen = hostname_len + 9;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
@@ -177,6 +180,9 @@
/* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
return( 0 );
}
#endif /* MBEDTLS_SSL_ALPN */
@@ -296,7 +302,8 @@
*out_len = p - buf;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
return( 0 );
@@ -557,7 +564,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Keeping track of the included extensions */
- handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+ handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
#endif
/* First write extensions, then the total length */
@@ -667,6 +674,11 @@
p_extensions_len, extensions_len );
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions );
+#endif
+
*out_len = p - buf;
return( 0 );
}
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 9f1df73..4412f8e 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -43,6 +43,32 @@
const char *mbedtls_ssl_named_group_to_str( uint16_t in );
+const char *mbedtls_ssl_get_extension_name( unsigned int extension_type );
+
+void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, uint32_t extensions_mask,
+ const char *extra );
+
+void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, unsigned int extension_type,
+ const char *extra_msg0, const char *extra_msg1 );
+
+#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extensions_mask ) \
+ mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__, \
+ hs_msg_type, extensions_mask, NULL )
+
+#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra ) \
+ mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__, \
+ hs_msg_type, extension_type, \
+ extra, NULL )
+#else
+
+#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask )
+
+#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra )
+
#endif /* MBEDTLS_DEBUG_C */
-#endif /* SSL_DEBUG_HELPERS_H */
+#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 41bb9c5..ad8754c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -74,34 +74,147 @@
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
-/*
- * Mask of TLS 1.3 handshake extensions used in extensions_present
- * of mbedtls_ssl_handshake_params.
- */
-#define MBEDTLS_SSL_EXT_NONE 0
+/* Faked handshake message identity for HelloRetryRequest. */
+#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO )
-#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 )
-#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 )
-#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 )
-#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 )
-#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 )
-#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 )
-#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 )
-#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 )
-#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 )
-#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 )
-#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 )
-#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 )
-#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 )
-#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 )
-#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 )
-#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 )
-#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 )
-#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 )
-#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 )
-#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 )
-#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 )
-#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 )
+/*
+ * Internal identity of handshake extensions
+ */
+#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0
+#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1
+#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1
+#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2
+#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3
+#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4
+#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4
+#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5
+#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6
+#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7
+#define MBEDTLS_SSL_EXT_ID_ALPN 8
+#define MBEDTLS_SSL_EXT_ID_SCT 9
+#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10
+#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11
+#define MBEDTLS_SSL_EXT_ID_PADDING 12
+#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13
+#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14
+#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15
+#define MBEDTLS_SSL_EXT_ID_COOKIE 16
+#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17
+#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18
+#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19
+#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20
+#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21
+#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22
+#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23
+#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24
+#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25
+#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26
+#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27
+
+/* Utility for translating IANA extension type. */
+uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type );
+uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
+/* Macros used to define mask constants */
+#define MBEDTLS_SSL_EXT_MASK( id ) ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) )
+/* Reset value of extension mask */
+#define MBEDTLS_SSL_EXT_MASK_NONE 0
+
+/* In messages containing extension requests, we should ignore unrecognized
+ * extensions. In messages containing extension responses, unrecognized
+ * extensions should result in handshake abortion. Messages containing
+ * extension requests include ClientHello, CertificateRequest and
+ * NewSessionTicket. Messages containing extension responses include
+ * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate.
+ *
+ * RFC 8446 section 4.1.3
+ *
+ * The ServerHello MUST only include extensions which are required to establish
+ * the cryptographic context and negotiate the protocol version.
+ *
+ * RFC 8446 section 4.2
+ *
+ * If an implementation receives an extension which it recognizes and which is
+ * not specified for the message in which it appears, it MUST abort the handshake
+ * with an "illegal_parameter" alert.
+ */
+
+/* Extensions that are not recognized by TLS 1.3 */
+#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \
+ ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS ) | \
+ MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \
+ MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \
+ MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \
+ MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \
+ MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
+
+/* RFC 8446 section 4.2. Allowed extensions for ClienHello */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \
+ ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
+ MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
+ MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
+ MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
+ MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
+ MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
+ MBEDTLS_SSL_EXT_MASK( ALPN ) | \
+ MBEDTLS_SSL_EXT_MASK( SCT ) | \
+ MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
+ MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
+ MBEDTLS_SSL_EXT_MASK( PADDING ) | \
+ MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
+ MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
+ MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) | \
+ MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
+ MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) | \
+ MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
+ MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH ) | \
+ MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+
+/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \
+ ( MBEDTLS_SSL_EXT_MASK( SERVERNAME ) | \
+ MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH ) | \
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) | \
+ MBEDTLS_SSL_EXT_MASK( USE_SRTP ) | \
+ MBEDTLS_SSL_EXT_MASK( HEARTBEAT ) | \
+ MBEDTLS_SSL_EXT_MASK( ALPN ) | \
+ MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE ) | \
+ MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE ) | \
+ MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
+
+/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \
+ ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
+ MBEDTLS_SSL_EXT_MASK( SIG_ALG ) | \
+ MBEDTLS_SSL_EXT_MASK( SCT ) | \
+ MBEDTLS_SSL_EXT_MASK( CERT_AUTH ) | \
+ MBEDTLS_SSL_EXT_MASK( OID_FILTERS ) | \
+ MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT ) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+
+/* RFC 8446 section 4.2. Allowed extensions for Certificate */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \
+ ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST ) | \
+ MBEDTLS_SSL_EXT_MASK( SCT ) )
+
+/* RFC 8446 section 4.2. Allowed extensions for ServerHello */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \
+ ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
+ MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | \
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+
+/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \
+ ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) | \
+ MBEDTLS_SSL_EXT_MASK( COOKIE ) | \
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+
+/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */
+#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \
+ ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) | \
+ MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
/*
* Helper macros for function call with return check.
@@ -858,9 +971,8 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- int extensions_present; /*!< extension presence; Each bitfield
- represents an extension and defined
- as \c MBEDTLS_SSL_EXT_XXX */
+ uint32_t sent_extensions; /*!< extensions sent by endpoint */
+ uint32_t received_extensions; /*!< extensions received by endpoint */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
unsigned char certificate_request_context_len;
@@ -1839,6 +1951,24 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
/*
+ * Helper functions for extensions checking.
+ */
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_check_received_extension(
+ mbedtls_ssl_context *ssl,
+ int hs_msg_type,
+ unsigned int received_extension_type,
+ uint32_t hs_msg_allowed_extensions_mask );
+
+static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ mbedtls_ssl_context *ssl, unsigned int extension_type )
+{
+ ssl->handshake->sent_extensions |=
+ mbedtls_ssl_get_extension_mask( extension_type );
+}
+
+/*
* Helper functions to check the selected key exchange mode.
*/
static inline int mbedtls_ssl_tls13_key_exchange_mode_check(
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dbbd6f2..da90b23 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -521,6 +521,245 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type )
+{
+ switch( extension_type )
+ {
+ case MBEDTLS_TLS_EXT_SERVERNAME:
+ return( MBEDTLS_SSL_EXT_ID_SERVERNAME );
+
+ case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+ return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH );
+
+ case MBEDTLS_TLS_EXT_STATUS_REQUEST:
+ return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST );
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
+ return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS );
+
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ return( MBEDTLS_SSL_EXT_ID_SIG_ALG );
+
+ case MBEDTLS_TLS_EXT_USE_SRTP:
+ return( MBEDTLS_SSL_EXT_ID_USE_SRTP );
+
+ case MBEDTLS_TLS_EXT_HEARTBEAT:
+ return( MBEDTLS_SSL_EXT_ID_HEARTBEAT );
+
+ case MBEDTLS_TLS_EXT_ALPN:
+ return( MBEDTLS_SSL_EXT_ID_ALPN );
+
+ case MBEDTLS_TLS_EXT_SCT:
+ return( MBEDTLS_SSL_EXT_ID_SCT );
+
+ case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
+ return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE );
+
+ case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
+ return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE );
+
+ case MBEDTLS_TLS_EXT_PADDING:
+ return( MBEDTLS_SSL_EXT_ID_PADDING );
+
+ case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
+ return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY );
+
+ case MBEDTLS_TLS_EXT_EARLY_DATA:
+ return( MBEDTLS_SSL_EXT_ID_EARLY_DATA );
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
+ return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS );
+
+ case MBEDTLS_TLS_EXT_COOKIE:
+ return( MBEDTLS_SSL_EXT_ID_COOKIE );
+
+ case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
+ return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES );
+
+ case MBEDTLS_TLS_EXT_CERT_AUTH:
+ return( MBEDTLS_SSL_EXT_ID_CERT_AUTH );
+
+ case MBEDTLS_TLS_EXT_OID_FILTERS:
+ return( MBEDTLS_SSL_EXT_ID_OID_FILTERS );
+
+ case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
+ return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH );
+
+ case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
+ return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT );
+
+ case MBEDTLS_TLS_EXT_KEY_SHARE:
+ return( MBEDTLS_SSL_EXT_ID_KEY_SHARE );
+
+ case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
+ return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC );
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+ return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS );
+
+ case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+ return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC );
+
+ case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+ return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET );
+
+ case MBEDTLS_TLS_EXT_SESSION_TICKET:
+ return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET );
+
+ }
+
+ return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED );
+}
+
+uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type )
+{
+ return( 1 << mbedtls_ssl_get_extension_id( extension_type ) );
+}
+
+#if defined(MBEDTLS_DEBUG_C)
+static const char *extension_name_table[] = {
+ [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized",
+ [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name",
+ [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length",
+ [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups",
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms",
+ [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp",
+ [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat",
+ [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation",
+ [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp",
+ [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type",
+ [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type",
+ [MBEDTLS_SSL_EXT_ID_PADDING] = "padding",
+ [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key",
+ [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions",
+ [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie",
+ [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes",
+ [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities",
+ [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters",
+ [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth",
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert",
+ [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share",
+ [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac",
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats",
+ [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac",
+ [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret",
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket"
+};
+
+static unsigned int extension_type_table[]={
+ [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
+ [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
+ [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
+ [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS,
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG,
+ [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP,
+ [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT,
+ [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN,
+ [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT,
+ [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE,
+ [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE,
+ [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING,
+ [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY,
+ [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS,
+ [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE,
+ [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES,
+ [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH,
+ [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS,
+ [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH,
+ [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT,
+ [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE,
+ [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC,
+ [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS,
+ [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC,
+ [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET,
+ [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET
+};
+
+const char *mbedtls_ssl_get_extension_name( unsigned int extension_type )
+{
+ return( extension_name_table[
+ mbedtls_ssl_get_extension_id( extension_type ) ] );
+}
+
+static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type )
+{
+ switch( hs_msg_type )
+ {
+ case MBEDTLS_SSL_HS_CLIENT_HELLO:
+ return( "ClientHello" );
+ case MBEDTLS_SSL_HS_SERVER_HELLO:
+ return( "ServerHello" );
+ case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
+ return( "HelloRetryRequest" );
+ case MBEDTLS_SSL_HS_NEW_SESSION_TICKET:
+ return( "NewSessionTicket" );
+ case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
+ return( "EncryptedExtensions" );
+ case MBEDTLS_SSL_HS_CERTIFICATE:
+ return( "Certificate" );
+ case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
+ return( "CertificateRequest" );
+ }
+ return( "Unknown" );
+}
+
+void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, unsigned int extension_type,
+ const char *extra_msg0, const char *extra_msg1 )
+{
+ const char *extra_msg;
+ if( extra_msg0 && extra_msg1 )
+ {
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension %s %s.",
+ ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ),
+ extension_type,
+ extra_msg0, extra_msg1 );
+ return;
+ }
+
+ extra_msg = extra_msg0 ? extra_msg0 : extra_msg1;
+ if( extra_msg )
+ {
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ), extension_type,
+ extra_msg );
+ return;
+ }
+
+ mbedtls_debug_print_msg(
+ ssl, level, file, line,
+ "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
+ mbedtls_ssl_get_extension_name( extension_type ), extension_type );
+}
+
+void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ int hs_msg_type, uint32_t extensions_mask,
+ const char *extra )
+{
+
+ for( unsigned i = 0;
+ i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] );
+ i++ )
+ {
+ mbedtls_ssl_print_extension(
+ ssl, level, file, line, hs_msg_type, extension_type_table[i],
+ extensions_mask & ( 1 << i ) ? "exists" : "does not exist", extra );
+ }
+}
+
+#endif /* MBEDTLS_DEBUG_C */
+
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
{
@@ -8744,8 +8983,9 @@
*out_len = p - buf;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
return( 0 );
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -8944,6 +9184,11 @@
p[6] = MBEDTLS_BYTE_0( protocol_name_len );
memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+#endif
+
return ( 0 );
}
#endif /* MBEDTLS_SSL_ALPN */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ac19f63..9940a0e 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -32,6 +32,7 @@
#include "ssl_misc.h"
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
/* Write extensions */
@@ -89,6 +90,9 @@
*out_len = 5 + versions_len;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+
return( 0 );
}
@@ -359,7 +363,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len );
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
cleanup:
@@ -512,7 +516,6 @@
else
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
return( ret );
}
@@ -600,6 +603,8 @@
*out_len = handshake->hrr_cookie_len + 6;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE );
+
return( 0 );
}
@@ -669,7 +674,10 @@
buf[4] = ke_modes_len;
*out_len = p - buf;
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
+
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES );
+
return ( 0 );
}
@@ -981,8 +989,6 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf );
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
-
return( 0 );
}
@@ -1037,6 +1043,9 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf );
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+
return( 0 );
}
@@ -1109,8 +1118,6 @@
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
-
return( 0 );
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -1388,7 +1395,7 @@
ssl->session_negotiate->tls_version = ssl->tls_version;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
- handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
ret = ssl_server_hello_is_hrr( ssl, buf, end );
switch( ret )
@@ -1498,6 +1505,9 @@
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int fatal_alert = 0;
+ uint32_t allowed_extensions_mask;
+ int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
+ MBEDTLS_SSL_HS_SERVER_HELLO;
/*
* Check there is space for minimal fields
@@ -1640,6 +1650,11 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+ allowed_extensions_mask = is_hrr ?
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
+
while( p < extensions_end )
{
unsigned int extension_type;
@@ -1654,16 +1669,15 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
extension_data_end = p + extension_data_len;
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, hs_msg_type, extension_type, allowed_extensions_mask );
+ if( ret != 0 )
+ return( ret );
+
switch( extension_type )
{
case MBEDTLS_TLS_EXT_COOKIE:
- if( !is_hrr )
- {
- fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
- goto cleanup;
- }
-
ret = ssl_tls13_parse_cookie_ext( ssl,
p, extension_data_end );
if( ret != 0 )
@@ -1686,11 +1700,6 @@
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
- if( is_hrr )
- {
- fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
- goto cleanup;
- }
if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext(
ssl, p, extension_data_end ) ) != 0 )
@@ -1726,18 +1735,15 @@
break;
default:
- MBEDTLS_SSL_DEBUG_MSG(
- 3,
- ( "unknown extension found: %u ( ignoring )",
- extension_type ) );
-
- fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto cleanup;
}
p += extension_data_len;
}
+ MBEDTLS_SSL_PRINT_EXTS( 3, hs_msg_type, handshake->received_extensions );
+
cleanup:
if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )
@@ -1786,21 +1792,21 @@
* 3) If only the key_share extension was received then the key
* exchange mode is EPHEMERAL-only.
*/
- switch( handshake->extensions_present &
- ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ) )
+ switch( handshake->received_extensions &
+ ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ) )
{
/* Only the pre_shared_key extension was received */
- case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
+ case MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
/* Only the key_share extension was received */
- case MBEDTLS_SSL_EXT_KEY_SHARE:
+ case MBEDTLS_SSL_EXT_MASK( KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
break;
/* Both the pre_shared_key and key_share extensions were received */
- case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
+ case ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
@@ -1969,6 +1975,7 @@
size_t extensions_len;
const unsigned char *p = buf;
const unsigned char *extensions_end;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -1978,6 +1985,8 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
extensions_end = p + extensions_len;
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+
while( p < extensions_end )
{
unsigned int extension_type;
@@ -1996,22 +2005,14 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
- /* The client MUST check EncryptedExtensions for the
- * presence of any forbidden extensions and if any are found MUST abort
- * the handshake with an "unsupported_extension" alert.
- */
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE );
+ if( ret != 0 )
+ return( ret );
+
switch( extension_type )
{
- case MBEDTLS_TLS_EXT_SERVERNAME:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) );
-
- /* The server_name extension should be an empty extension */
-
- break;
- case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
- break;
-
#if defined(MBEDTLS_SSL_ALPN)
case MBEDTLS_TLS_EXT_ALPN:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
@@ -2024,17 +2025,18 @@
break;
#endif /* MBEDTLS_SSL_ALPN */
default:
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "unsupported extension found: %u ", extension_type) );
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
- MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
- return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ extension_type, "( ignored )" );
+ break;
}
p += extension_data_len;
}
+ MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ handshake->received_extensions );
+
/* Check that we consumed all the message. */
if( p != end )
{
@@ -2140,7 +2142,7 @@
size_t certificate_request_context_len = 0;
size_t extensions_len = 0;
const unsigned char *extensions_end;
- unsigned char sig_alg_ext_found = 0;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* ...
* opaque certificate_request_context<0..2^8-1>
@@ -2156,7 +2158,6 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context",
p, certificate_request_context_len );
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
handshake->certificate_request_context =
mbedtls_calloc( 1, certificate_request_context_len );
if( handshake->certificate_request_context == NULL )
@@ -2180,6 +2181,8 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
extensions_end = p + extensions_len;
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+
while( p < extensions_end )
{
unsigned int extension_type;
@@ -2192,6 +2195,12 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR );
+ if( ret != 0 )
+ return( ret );
+
switch( extension_type )
{
case MBEDTLS_TLS_EXT_SIG_ALG:
@@ -2201,25 +2210,22 @@
p + extension_data_len );
if( ret != 0 )
return( ret );
- if( ! sig_alg_ext_found )
- sig_alg_ext_found = 1;
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "Duplicate signature algorithms extensions found" ) );
- goto decode_error;
- }
+
break;
default:
- MBEDTLS_SSL_DEBUG_MSG(
- 3,
- ( "unknown extension found: %u ( ignoring )",
- extension_type ) );
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ extension_type, "( ignored )" );
break;
}
+
p += extension_data_len;
}
+
+ MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ handshake->received_extensions );
+
/* Check that we consumed all the message. */
if( p != end )
{
@@ -2227,8 +2233,12 @@
( "CertificateRequest misaligned" ) );
goto decode_error;
}
- /* Check that we found signature algorithms extension */
- if( ! sig_alg_ext_found )
+
+ /* RFC 8446 section 4.3.2
+ *
+ * The "signature_algorithms" extension MUST be specified
+ */
+ if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "no signature algorithms extension found" ) );
@@ -2468,14 +2478,17 @@
const unsigned char *buf,
const unsigned char *end )
{
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const unsigned char *p = buf;
- ((void) ssl);
+
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
while( p < end )
{
unsigned int extension_type;
size_t extension_data_len;
+ int ret;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -2484,18 +2497,27 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST );
+ if( ret != 0 )
+ return( ret );
+
switch( extension_type )
{
- case MBEDTLS_TLS_EXT_EARLY_DATA:
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
- break;
-
default:
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+ extension_type, "( ignored )" );
break;
}
+
p += extension_data_len;
}
+ MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+ handshake->received_extensions );
+
return( 0 );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 48e3675..f854998 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -398,6 +398,7 @@
size_t certificate_list_len = 0;
const unsigned char *p = buf;
const unsigned char *certificate_list_end;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
certificate_request_context_len = p[0];
@@ -447,6 +448,7 @@
while( p < certificate_list_end )
{
size_t cert_data_len, extensions_len;
+ const unsigned char *extensions_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
@@ -504,7 +506,48 @@
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
- p += extensions_len;
+
+ extensions_end = p + extensions_len;
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+
+ while( p < extensions_end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+
+ /*
+ * struct {
+ * ExtensionType extension_type; (2 bytes)
+ * opaque extension_data<0..2^16-1>;
+ * } Extension;
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT );
+ if( ret != 0 )
+ return( ret );
+
+ switch( extension_type )
+ {
+ default:
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, MBEDTLS_SSL_HS_CERTIFICATE,
+ extension_type, "( ignored )" );
+ break;
+ }
+
+ p += extension_data_len;
+ }
+
+ MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE,
+ handshake->received_extensions );
}
exit:
@@ -512,7 +555,7 @@
if( p != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
@@ -843,6 +886,9 @@
*out_len = p - buf;
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions );
+
return( 0 );
}
@@ -1485,4 +1531,61 @@
}
#endif /* MBEDTLS_ECDH_C */
+/* RFC 8446 section 4.2
+ *
+ * If an implementation receives an extension which it recognizes and which is
+ * not specified for the message in which it appears, it MUST abort the handshake
+ * with an "illegal_parameter" alert.
+ *
+ */
+int mbedtls_ssl_tls13_check_received_extension(
+ mbedtls_ssl_context *ssl,
+ int hs_msg_type,
+ unsigned int received_extension_type,
+ uint32_t hs_msg_allowed_extensions_mask )
+{
+ uint32_t extension_mask = mbedtls_ssl_get_extension_mask(
+ received_extension_type );
+
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, hs_msg_type, received_extension_type, "received" );
+
+ if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 )
+ {
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, hs_msg_type, received_extension_type, "is illegal" );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ ssl->handshake->received_extensions |= extension_mask;
+ /*
+ * If it is a message containing extension responses, check that we
+ * previously sent the extension.
+ */
+ switch( hs_msg_type )
+ {
+ case MBEDTLS_SSL_HS_SERVER_HELLO:
+ case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
+ case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
+ case MBEDTLS_SSL_HS_CERTIFICATE:
+ /* Check if the received extension is sent by peer message.*/
+ if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 )
+ return( 0 );
+ break;
+ default:
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, hs_msg_type, received_extension_type, "is unsupported" );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+}
+
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
+
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 3762393..3cd0310 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -700,6 +700,8 @@
MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u",
ssl->handshake->selected_identity ) );
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+
return( 0 );
}
@@ -926,110 +928,69 @@
}
#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_DEBUG_C)
-static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
-{
- ((void) ssl);
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- KEY_SHARE_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ?
- "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- PRE_SHARED_KEY_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SUPPORTED_GROUPS_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ?
- "TRUE" : "FALSE" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SUPPORTED_VERSION_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION )
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- SERVERNAME_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#if defined ( MBEDTLS_SSL_ALPN )
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "- ALPN_EXTENSION ( %s )",
- ( ( ssl->handshake->extensions_present
- & MBEDTLS_SSL_EXT_ALPN ) > 0 ) ?
- "TRUE" : "FALSE" ) );
-#endif /* MBEDTLS_SSL_ALPN */
-}
-#endif /* MBEDTLS_DEBUG_C */
-
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
int exts_mask )
{
- int masked = ssl->handshake->extensions_present & exts_mask;
+ int masked = ssl->handshake->received_extensions & exts_mask;
return( masked == exts_mask );
}
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
mbedtls_ssl_context *ssl )
{
return( ssl_tls13_client_hello_has_exts(
ssl,
- MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
- MBEDTLS_SSL_EXT_KEY_SHARE |
- MBEDTLS_SSL_EXT_SIG_ALG ) );
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) |
+ MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) |
+ MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) );
}
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
-#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange(
mbedtls_ssl_context *ssl )
{
return( ssl_tls13_client_hello_has_exts(
ssl,
- MBEDTLS_SSL_EXT_PRE_SHARED_KEY |
- MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) );
+ MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) |
+ MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
}
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
mbedtls_ssl_context *ssl )
{
return( ssl_tls13_client_hello_has_exts(
ssl,
- MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
- MBEDTLS_SSL_EXT_KEY_SHARE |
- MBEDTLS_SSL_EXT_PRE_SHARED_KEY |
- MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) );
+ MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) |
+ MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) |
+ MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) |
+ MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
}
-#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
{
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
return( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) &&
ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) );
+#else
+ ((void) ssl);
+ return( 0 );
+#endif
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) &&
mbedtls_ssl_tls13_psk_enabled( ssl ) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) );
@@ -1042,7 +1003,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) &&
mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) );
@@ -1289,6 +1250,7 @@
const unsigned char *cipher_suites_end;
size_t extensions_len;
const unsigned char *extensions_end;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
int hrr_required = 0;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -1297,8 +1259,6 @@
const unsigned char *pre_shared_key_ext_end = NULL;
#endif
- ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
-
/*
* ClientHello layout:
* 0 . 1 protocol version
@@ -1356,7 +1316,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
- memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
/* ...
@@ -1426,13 +1386,13 @@
continue;
ssl->session_negotiate->ciphersuite = cipher_suite;
- ssl->handshake->ciphersuite_info = ciphersuite_info;
+ handshake->ciphersuite_info = ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s",
cipher_suite,
ciphersuite_info->name ) );
}
- if( ssl->handshake->ciphersuite_info == NULL )
+ if( handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
@@ -1468,27 +1428,29 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
+ handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+
while( p < extensions_end )
{
unsigned int extension_type;
size_t extension_data_len;
const unsigned char *extension_data_end;
- /* RFC 8446, page 57
+ /* RFC 8446, section 4.2.11
*
* The "pre_shared_key" extension MUST be the last extension in the
* ClientHello (this facilitates implementation as described below).
* Servers MUST check that it is the last extension and otherwise fail
* the handshake with an "illegal_parameter" alert.
*/
- if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
+ if( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) )
{
MBEDTLS_SSL_DEBUG_MSG(
3, ( "pre_shared_key is not last extension." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
@@ -1499,6 +1461,12 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
extension_data_end = p + extension_data_len;
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH );
+ if( ret != 0 )
+ return( ret );
+
switch( extension_type )
{
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -1512,7 +1480,6 @@
1, "mbedtls_ssl_parse_servername_ext", ret );
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SERVERNAME;
break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
@@ -1535,7 +1502,6 @@
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
break;
#endif /* MBEDTLS_ECDH_C */
@@ -1565,7 +1531,6 @@
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
break;
#endif /* MBEDTLS_ECDH_C */
@@ -1580,7 +1545,6 @@
( "ssl_tls13_parse_supported_versions_ext" ), ret );
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
break;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -1596,19 +1560,18 @@
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
break;
#endif
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
- if( ( ssl->handshake->extensions_present &
- MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 )
+ if( ( handshake->received_extensions &
+ MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) == 0 )
{
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Delay processing of the PSK identity once we have
@@ -1617,8 +1580,7 @@
*/
pre_shared_key_ext = p;
pre_shared_key_ext_end = extension_data_end;
-#endif
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
break;
#if defined(MBEDTLS_SSL_ALPN)
@@ -1632,7 +1594,6 @@
1, ( "mbedtls_ssl_parse_alpn_ext" ), ret );
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_ALPN;
break;
#endif /* MBEDTLS_SSL_ALPN */
@@ -1649,23 +1610,21 @@
ret ) );
return( ret );
}
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
break;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown extension found: %ud ( ignoring )",
- extension_type ) );
+ MBEDTLS_SSL_PRINT_EXT(
+ 3, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ extension_type, "( ignored )" );
+ break;
}
p += extension_data_len;
}
-#if defined(MBEDTLS_DEBUG_C)
- /* List all the extensions we have received */
- ssl_tls13_debug_print_client_hello_exts( ssl );
-#endif /* MBEDTLS_DEBUG_C */
+ MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ handshake->received_extensions );
mbedtls_ssl_add_hs_hdr_to_checksum( ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
@@ -1679,9 +1638,9 @@
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) &&
mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
- ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) )
+ ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) )
{
- ssl->handshake->update_checksum( ssl, buf,
+ handshake->update_checksum( ssl, buf,
pre_shared_key_ext - buf );
ret = ssl_tls13_parse_pre_shared_key_ext( ssl,
pre_shared_key_ext,
@@ -1690,26 +1649,26 @@
cipher_suites_end );
if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
{
- ssl->handshake->extensions_present &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
+ handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY );
}
else if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_tls13_parse_pre_shared_key_ext" ),
- ret );
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_pre_shared_key_ext" , ret );
return( ret );
}
}
else
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
{
- ssl->handshake->update_checksum( ssl, buf, p - buf );
+ handshake->update_checksum( ssl, buf, p - buf );
}
ret = ssl_tls13_determine_key_exchange_mode( ssl );
if( ret < 0 )
return( ret );
- mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
+ mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info );
return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
@@ -1856,6 +1815,9 @@
*out_len = 6;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+ ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+
return( 0 );
}
@@ -1962,6 +1924,8 @@
*out_len = p - buf;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
return( 0 );
}
@@ -2026,6 +1990,8 @@
*out_len = 6;
+ mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
return( 0 );
}
@@ -2054,6 +2020,7 @@
size_t output_len;
*out_len = 0;
+ ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
/* ...
* ProtocolVersion legacy_version = 0x0303; // TLS 1.2
@@ -2179,6 +2146,11 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len );
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
+ MBEDTLS_SSL_HS_SERVER_HELLO,
+ ssl->handshake->sent_extensions );
+
return( ret );
}
@@ -2363,6 +2335,9 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len );
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions );
+
return( 0 );
}
@@ -2492,6 +2467,9 @@
*out_len = p - buf;
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions );
+
return( 0 );
}
@@ -2877,6 +2855,8 @@
* Note: We currently don't have any extensions.
* Set length to zero.
*/
+ ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
+
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( 0, p, 0 );
p += 2;
@@ -2885,6 +2865,9 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions );
+
return( 0 );
}
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 4f62ed6..974d513 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -18,228 +18,8 @@
# limitations under the License.
#
-get_srv_psk_list ()
-{
- case $(( TESTS % 3 )) in
- 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";;
- 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";;
- 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";;
- esac
-}
-
-requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
-run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
- "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
- "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
- --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
- localhost" \
- 1 \
- -s "found psk key exchange modes extension" \
- -s "found pre_shared_key extension" \
- -s "Found PSK_EPHEMERAL KEX MODE" \
- -s "Found PSK KEX MODE" \
- -s "No matched ciphersuite"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-
-run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
- "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
- "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
- -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
- 1 \
- -s "found psk key exchange modes extension" \
- -s "found pre_shared_key extension" \
- -s "Found PSK_EPHEMERAL KEX MODE" \
- -s "Found PSK KEX MODE" \
- -s "No matched ciphersuite"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
- "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
- "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 2" \
- -s "sent selected_identity: 0" \
- -s "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "key exchange mode: ephemeral$" \
- -S "ticket is not authentic"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
- "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
- "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 2" \
- -s "sent selected_identity: 1" \
- -s "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "key exchange mode: ephemeral$" \
- -s "ticket is not authentic"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -s "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket start time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -s "ticket is expired" \
- -S "Invalid ticket start time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -s "Invalid ticket start time" \
- -S "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket start time" \
- -s "Ticket age exceeds limitation" \
- -S "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket start time" \
- -S "Ticket age exceeds limitation" \
- -s "Ticket age outside tolerance window"
-
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
- MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
- 0 \
- -c "Pre-configured PSK number = 1" \
- -S "sent selected_identity:" \
- -s "key exchange mode: ephemeral" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: psk$" \
- -S "ticket is not authentic" \
- -S "ticket is expired" \
- -S "Invalid ticket start time" \
- -S "Ticket age exceeds limitation" \
- -s "Ticket age outside tolerance window"
-
-requires_gnutls_tls1_3
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
- "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
- "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
- --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
- localhost" \
- 1 \
- -s "found psk key exchange modes extension" \
- -s "found pre_shared_key extension" \
- -s "Found PSK_EPHEMERAL KEX MODE" \
- -S "Found PSK KEX MODE" \
- -S "key exchange mode: psk$" \
- -S "key exchange mode: psk_ephemeral" \
- -S "key exchange mode: ephemeral"
+# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
+# scripts in future(#6280)
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
new file mode 100755
index 0000000..4ad6faa
--- /dev/null
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -0,0 +1,284 @@
+#!/bin/sh
+
+# tls13-misc.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
+run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched ciphersuite"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
+run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
+ -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "No matched ciphersuite"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
+ "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 2" \
+ -s "sent selected_identity: 0" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: ephemeral$" \
+ -S "ticket is not authentic"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
+ "$P_CLI force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 2" \
+ -s "sent selected_identity: 1" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: ephemeral$" \
+ -s "ticket is not authentic"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket start time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "ticket is not authentic" \
+ -s "ticket is expired" \
+ -S "Invalid ticket start time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -s "Invalid ticket start time" \
+ -S "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket start time" \
+ -s "Ticket age exceeds limitation" \
+ -S "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket start time" \
+ -S "Ticket age exceeds limitation" \
+ -s "Ticket age outside tolerance window"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
+ MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \
+ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -S "ticket is not authentic" \
+ -S "ticket is expired" \
+ -S "Invalid ticket start time" \
+ -S "Ticket age exceeds limitation" \
+ -s "Ticket age outside tolerance window"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 1 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -S "Found PSK KEX MODE" \
+ -S "key exchange mode: psk$" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "key exchange mode: psk$"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "found pre_shared_key extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE" \
+ -s "key exchange mode: psk_ephemeral$"
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
+ "$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
+ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "key exchange mode: ephemeral$"
+
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fc892a1..9eb925a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1024,6 +1024,16 @@
esac
}
+# Generate random psk_list argument for ssl_server2
+get_srv_psk_list ()
+{
+ case $(( TESTS % 3 )) in
+ 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";;
+ 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";;
+ 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";;
+ esac
+}
+
# Determine what calc_verify trace is to be expected, if any.
#
# calc_verify is only called for two things: to calculate the