Add supported_curves/groups extension
This allows us to use a ciphersuite that will still be supported in 4.0.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 81cf5bd..9992efa 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3446,7 +3446,7 @@
TLS 1.3 srv, max early data size, HRR, 98, wsz=49
tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0
-# 1.2 minimal ClientHello breakdown:
+# (Minimal) ClientHello breakdown:
# 160303rlrl - record header, 2-byte record contents len
# 01hlhlhl - handshake header, 3-byte handshake message len
# 0303 - protocol version: 1.2
@@ -3454,23 +3454,37 @@
# 00 - session ID (empty)
# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below)
# 0100 - compression methods: 1-byte len then "null" (only legal value now)
-# [then end, or extensions]
+# [then end, or extensions, see notes below]
# elel - 2-byte extensions length
# ...
+# 000a - elliptic_curves aka supported_groups
+# 0004 - extension length
+# 0002 - length of named_curve_list / named_group_list
+# 0017 - secp256r1 aka NIST P-256
+# ...
#
# Note: currently our TLS "1.3 or 1.2" code requires extension length to be
# present even it it's 0. This is not strictly compliant but doesn't matter
# much in practice as these days everyone wants to use signature_algorithms
# (for hashes better than SHA-1), secure_renego (even if you have renego
# disabled), and most people want either ECC or PSK related extensions.
+# See https://github.com/Mbed-TLS/mbedtls/issues/9963
+#
+# Also, currently we won't negotiate ECC ciphersuites unless at least the
+# supported_groups extension is present, see
+# https://github.com/Mbed-TLS/mbedtls/issues/7458
#
# Note: cccc is currently not assigned, so can be used get a consistent
# "no matching ciphersuite" behaviour regardless of the configuration.
-# 002f is MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MTI in 1.2, but removed in 4.0.
-Inject ClientHello - TLS 1.2 good (for reference)
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_HAVE_CBC
-inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002002f01000000":"<= parse client hello":0
+# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2)
+# See "ClientHello breakdown" above
+# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1
+Inject ClientHello - TLS 1.2 good (for reference)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1
+inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0
+
+# See "ClientHello breakdown" above
Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference)
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
-inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C
+inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 34671c7..a70fb77 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -5039,8 +5039,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void inject_client_content_on_the_wire(int state, data_t *hello, char *log_pattern,
- int expected_ret)
+void inject_client_content_on_the_wire(int pk_alg,
+ int state, data_t *data,
+ char *log_pattern, int expected_ret)
{
/* This function allows us to inject content at a specific state
* in the handshake, or when it's completed. The content is injected
@@ -5069,7 +5070,9 @@
srv_pattern.pattern = log_pattern;
options.srv_log_obj = &srv_pattern;
options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
- mbedtls_debug_set_threshold(3);
+ mbedtls_debug_set_threshold(5);
+
+ options.pk_alg = pk_alg;
ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
&options, NULL, NULL, NULL);
@@ -5088,8 +5091,8 @@
TEST_EQUAL(ret, 0);
/* Send the crafted message */
- ret = mbedtls_test_mock_tcp_send_b(&client.socket, hello->x, hello->len);
- TEST_ASSERT(ret >= 0 && (size_t) ret == hello->len);
+ ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len);
+ TEST_ASSERT(ret >= 0 && (size_t) ret == data->len);
/* Have the server process it.
* Need the loop because a server that support 1.3 and 1.2