diff --git a/examples/client/client.c b/examples/client/client.c index e4d26216d..f0750f7c4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -628,6 +628,9 @@ static void Usage(void) #ifdef HAVE_ECC printf("-Y Key Share with ECC named groups only\n"); #endif +#ifdef HAVE_CURVE25519 + printf("-t Use X25519 for key exchange\n"); +#endif #endif /* WOLFSSL_TLS13 */ } @@ -732,6 +735,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int useOcsp = 0; char* ocspUrl = NULL; #endif +#ifdef HAVE_CURVE25519 + int useX25519 = 0; +#endif #ifdef HAVE_WNR const char* wnrConfigFile = wnrConfig; @@ -771,7 +777,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef WOLFSSL_VXWORKS /* Not used: t, Q */ while ((ch = mygetopt(argc, argv, "?" - "ab:c:defgh:ijk:l:mnop:q:rsuv:wxyz" + "ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz" "A:B:CDE:F:GHIJKL:M:NO:PRS:TUVW:XYZ:")) != -1) { switch (ch) { case '?' : @@ -1076,6 +1082,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) useVerifyCb = 1; break; + case 't' : + #ifdef HAVE_CURVE25519 + useX25519 = 1; + #endif + break; + default: Usage(); exit(MY_EX_USAGE); @@ -1493,16 +1505,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_KeepArrays(ssl); #endif + #ifdef HAVE_CURVE25519 + if (useX25519) + wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_X25519); + #endif + #ifdef WOLFSSL_TLS13 if (!helloRetry) { - if (onlyKeyShare == 0 || onlyKeyShare == 1) { - #ifdef HAVE_FFDHE_2048 - if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) { - err_sys("unable to use DH 2048-bit parameters"); - } - #endif - } if (onlyKeyShare == 0 || onlyKeyShare == 2) { + if (useX25519) { + if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) + != SSL_SUCCESS) { + err_sys("unable to use curve secp256r1"); + } + } if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) { err_sys("unable to use curve secp256r1"); @@ -1512,6 +1528,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) err_sys("unable to use curve secp384r1"); } } + if (onlyKeyShare == 0 || onlyKeyShare == 1) { + #ifdef HAVE_FFDHE_2048 + if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) { + err_sys("unable to use DH 2048-bit parameters"); + } + #endif + } } else { wolfSSL_NoKeyShares(ssl); @@ -1920,12 +1943,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void*)"resumed session"); #endif +#ifdef HAVE_CURVE25519 + if (useX25519) + wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_X25519); +#endif + #ifdef WOLFSSL_TLS13 - #ifdef HAVE_FFDHE_2048 - if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) { - err_sys("unable to use DH 2048-bit parameters"); + if (useX25519) { + if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != SSL_SUCCESS) { + err_sys("unable to use curve secp256r1"); + } } - #endif if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) { err_sys("unable to use curve secp256r1"); @@ -1934,6 +1962,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) { err_sys("unable to use curve secp384r1"); } + #ifdef HAVE_FFDHE_2048 + if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) { + err_sys("unable to use DH 2048-bit parameters"); + } + #endif #endif #ifndef WOLFSSL_CALLBACKS diff --git a/src/ssl.c b/src/ssl.c index d30932887..97cf0a77b 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -1598,6 +1598,7 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name) case WOLFSSL_ECC_BRAINPOOLP256R1: case WOLFSSL_ECC_BRAINPOOLP384R1: case WOLFSSL_ECC_BRAINPOOLP512R1: + case WOLFSSL_ECC_X25519: break; #ifdef WOLFSSL_TLS13 @@ -14229,7 +14230,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) { if (ssl == NULL) return NULL; - if (ssl->specs.kea != ecdhe_psk_kea && + if (!IsAtLeastTLSv1_3(ssl->version) && ssl->specs.kea != ecdhe_psk_kea && ssl->specs.kea != ecc_diffie_hellman_kea) return NULL; if (ssl->ecdhCurveOID == 0) diff --git a/src/tls.c b/src/tls.c index 51ab12f00..2f346ca88 100755 --- a/src/tls.c +++ b/src/tls.c @@ -3061,6 +3061,12 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { octets = 32; break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_CURVE25519 + case WOLFSSL_ECC_X25519: + oid = ECC_X25519_OID; + octets = 32; + break; + #endif /* HAVE_CURVE25519 */ #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP256K1: oid = ECC_SECP256K1_OID; @@ -3073,12 +3079,6 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { octets = 32; break; #endif /* HAVE_ECC_BRAINPOOL */ - #ifdef HAVE_CURVE25519 - case WOLFSSL_ECC_X25519: - oid = ECC_X25519_OID; - octets = 32; - break; - #endif /* HAVE_ECC_BRAINPOOL */ #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP @@ -5083,6 +5083,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (params->p_len != keyShareEntry->keLen) return BUFFER_ERROR; + ssl->options.dhKeySz = params->p_len; /* TODO: [TLS13] move this check down into wolfcrypt. */ /* Check that public DH key is not 0 or 1. */ @@ -5221,6 +5222,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) EC25519_LITTLE_ENDIAN); wc_curve25519_free(peerEccKey); XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX); + ssl->ecdhCurveOID = ECC_X25519_OID; return ret; } #endif @@ -5244,6 +5246,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->peerEccKey, curveId) != 0) { return ECC_PEERKEY_ERROR; } + ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum; ssl->arrays->preMasterSz = ENCRYPT_LEN; do { @@ -5607,6 +5610,10 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif /* !NO_ECC_SECP */ #endif + #ifdef HAVE_CURVE25519 + case WOLFSSL_ECC_X25519: + break; + #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP384R1: @@ -5619,10 +5626,6 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif /* !NO_ECC_SECP */ #endif - #ifdef HAVE_CURVE25519 - case WOLFSSL_ECC_X25519: - break; - #endif #ifdef HAVE_X448 case WOLFSSL_ECC_X448: break; @@ -7033,16 +7036,16 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #endif #endif #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) - #ifdef HAVE_CURVE25519 - ret = TLSX_UseSupportedCurve(&ssl->extensions, - WOLFSSL_ECC_X25519, ssl->heap); - if (ret != SSL_SUCCESS) return ret; - #endif #ifndef NO_ECC_SECP ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256R1, ssl->heap); if (ret != SSL_SUCCESS) return ret; #endif + #ifdef HAVE_CURVE25519 + ret = TLSX_UseSupportedCurve(&ssl->extensions, + WOLFSSL_ECC_X25519, ssl->heap); + if (ret != SSL_SUCCESS) return ret; + #endif #ifdef HAVE_ECC_KOBLITZ ret = TLSX_UseSupportedCurve(&ssl->extensions, WOLFSSL_ECC_SECP256K1, ssl->heap); @@ -7135,6 +7138,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) !defined(NO_ECC_SECP) ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP256R1, 0, NULL, NULL); + #elif defined(HAVE_CURVE25519) + ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_X25519, 0, NULL, NULL); #elif (!defined(NO_ECC384) || defined(HAVE_ALL_CURVES)) && \ !defined(NO_ECC_SECP) ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP384R1, 0, NULL,