forked from wolfSSL/wolfssl
Put X25519 behind P256
Option to have X25519 prioritized. Show curve name and DH key size in TLS v1.3.
This commit is contained in:
Sean Parkinson
@ -628,6 +628,9 @@ static void Usage(void)
|
|||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
printf("-Y Key Share with ECC named groups only\n");
|
printf("-Y Key Share with ECC named groups only\n");
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
printf("-t Use X25519 for key exchange\n");
|
||||||
|
#endif
|
||||||
#endif /* WOLFSSL_TLS13 */
|
#endif /* WOLFSSL_TLS13 */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -732,6 +735,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
int useOcsp = 0;
|
int useOcsp = 0;
|
||||||
char* ocspUrl = NULL;
|
char* ocspUrl = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
int useX25519 = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_WNR
|
#ifdef HAVE_WNR
|
||||||
const char* wnrConfigFile = wnrConfig;
|
const char* wnrConfigFile = wnrConfig;
|
||||||
@ -771,7 +777,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#ifndef WOLFSSL_VXWORKS
|
#ifndef WOLFSSL_VXWORKS
|
||||||
/* Not used: t, Q */
|
/* Not used: t, Q */
|
||||||
while ((ch = mygetopt(argc, argv, "?"
|
while ((ch = mygetopt(argc, argv, "?"
|
||||||
"ab:c:defgh:ijk:l:mnop:q:rsuv:wxyz"
|
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
|
||||||
"A:B:CDE:F:GHIJKL:M:NO:PRS:TUVW:XYZ:")) != -1) {
|
"A:B:CDE:F:GHIJKL:M:NO:PRS:TUVW:XYZ:")) != -1) {
|
||||||
switch (ch) {
|
switch (ch) {
|
||||||
case '?' :
|
case '?' :
|
||||||
@ -1076,6 +1082,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
useVerifyCb = 1;
|
useVerifyCb = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 't' :
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
useX25519 = 1;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
Usage();
|
Usage();
|
||||||
exit(MY_EX_USAGE);
|
exit(MY_EX_USAGE);
|
||||||
@ -1493,16 +1505,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
wolfSSL_KeepArrays(ssl);
|
wolfSSL_KeepArrays(ssl);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
if (useX25519)
|
||||||
|
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_X25519);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (!helloRetry) {
|
if (!helloRetry) {
|
||||||
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
|
|
||||||
#ifdef HAVE_FFDHE_2048
|
|
||||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
|
||||||
err_sys("unable to use DH 2048-bit parameters");
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
||||||
|
if (useX25519) {
|
||||||
|
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
|
||||||
|
!= SSL_SUCCESS) {
|
||||||
|
err_sys("unable to use curve secp256r1");
|
||||||
|
}
|
||||||
|
}
|
||||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
|
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
|
||||||
!= SSL_SUCCESS) {
|
!= SSL_SUCCESS) {
|
||||||
err_sys("unable to use curve secp256r1");
|
err_sys("unable to use curve secp256r1");
|
||||||
@ -1512,6 +1528,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
err_sys("unable to use curve secp384r1");
|
err_sys("unable to use curve secp384r1");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
|
||||||
|
#ifdef HAVE_FFDHE_2048
|
||||||
|
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
||||||
|
err_sys("unable to use DH 2048-bit parameters");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
wolfSSL_NoKeyShares(ssl);
|
wolfSSL_NoKeyShares(ssl);
|
||||||
@ -1920,12 +1943,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
(void*)"resumed session");
|
(void*)"resumed session");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
if (useX25519)
|
||||||
|
wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_X25519);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
#ifdef HAVE_FFDHE_2048
|
if (useX25519) {
|
||||||
if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519) != SSL_SUCCESS) {
|
||||||
err_sys("unable to use DH 2048-bit parameters");
|
err_sys("unable to use curve secp256r1");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
if (wolfSSL_UseKeyShare(sslResume,
|
if (wolfSSL_UseKeyShare(sslResume,
|
||||||
WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) {
|
WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) {
|
||||||
err_sys("unable to use curve secp256r1");
|
err_sys("unable to use curve secp256r1");
|
||||||
@ -1934,6 +1962,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) {
|
WOLFSSL_ECC_SECP384R1) != SSL_SUCCESS) {
|
||||||
err_sys("unable to use curve secp384r1");
|
err_sys("unable to use curve secp384r1");
|
||||||
}
|
}
|
||||||
|
#ifdef HAVE_FFDHE_2048
|
||||||
|
if (wolfSSL_UseKeyShare(sslResume, WOLFSSL_FFDHE_2048) != SSL_SUCCESS) {
|
||||||
|
err_sys("unable to use DH 2048-bit parameters");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef WOLFSSL_CALLBACKS
|
#ifndef WOLFSSL_CALLBACKS
|
||||||
|
|||||||
@ -1598,6 +1598,7 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
|
|||||||
case WOLFSSL_ECC_BRAINPOOLP256R1:
|
case WOLFSSL_ECC_BRAINPOOLP256R1:
|
||||||
case WOLFSSL_ECC_BRAINPOOLP384R1:
|
case WOLFSSL_ECC_BRAINPOOLP384R1:
|
||||||
case WOLFSSL_ECC_BRAINPOOLP512R1:
|
case WOLFSSL_ECC_BRAINPOOLP512R1:
|
||||||
|
case WOLFSSL_ECC_X25519:
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
@ -14229,7 +14230,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
|
|||||||
{
|
{
|
||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (ssl->specs.kea != ecdhe_psk_kea &&
|
if (!IsAtLeastTLSv1_3(ssl->version) && ssl->specs.kea != ecdhe_psk_kea &&
|
||||||
ssl->specs.kea != ecc_diffie_hellman_kea)
|
ssl->specs.kea != ecc_diffie_hellman_kea)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (ssl->ecdhCurveOID == 0)
|
if (ssl->ecdhCurveOID == 0)
|
||||||
|
|||||||
35
src/tls.c
35
src/tls.c
@ -3061,6 +3061,12 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
octets = 32;
|
octets = 32;
|
||||||
break;
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
case WOLFSSL_ECC_X25519:
|
||||||
|
oid = ECC_X25519_OID;
|
||||||
|
octets = 32;
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_CURVE25519 */
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
case WOLFSSL_ECC_SECP256K1:
|
case WOLFSSL_ECC_SECP256K1:
|
||||||
oid = ECC_SECP256K1_OID;
|
oid = ECC_SECP256K1_OID;
|
||||||
@ -3073,12 +3079,6 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
octets = 32;
|
octets = 32;
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_ECC_BRAINPOOL */
|
#endif /* HAVE_ECC_BRAINPOOL */
|
||||||
#ifdef HAVE_CURVE25519
|
|
||||||
case WOLFSSL_ECC_X25519:
|
|
||||||
oid = ECC_X25519_OID;
|
|
||||||
octets = 32;
|
|
||||||
break;
|
|
||||||
#endif /* HAVE_ECC_BRAINPOOL */
|
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
@ -5083,6 +5083,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||||||
|
|
||||||
if (params->p_len != keyShareEntry->keLen)
|
if (params->p_len != keyShareEntry->keLen)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
ssl->options.dhKeySz = params->p_len;
|
||||||
|
|
||||||
/* TODO: [TLS13] move this check down into wolfcrypt. */
|
/* TODO: [TLS13] move this check down into wolfcrypt. */
|
||||||
/* Check that public DH key is not 0 or 1. */
|
/* Check that public DH key is not 0 or 1. */
|
||||||
@ -5221,6 +5222,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||||||
EC25519_LITTLE_ENDIAN);
|
EC25519_LITTLE_ENDIAN);
|
||||||
wc_curve25519_free(peerEccKey);
|
wc_curve25519_free(peerEccKey);
|
||||||
XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
|
XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||||
|
ssl->ecdhCurveOID = ECC_X25519_OID;
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -5244,6 +5246,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||||||
ssl->peerEccKey, curveId) != 0) {
|
ssl->peerEccKey, curveId) != 0) {
|
||||||
return ECC_PEERKEY_ERROR;
|
return ECC_PEERKEY_ERROR;
|
||||||
}
|
}
|
||||||
|
ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;
|
||||||
|
|
||||||
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
ssl->arrays->preMasterSz = ENCRYPT_LEN;
|
||||||
do {
|
do {
|
||||||
@ -5607,6 +5610,10 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
|||||||
break;
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
case WOLFSSL_ECC_X25519:
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP384R1:
|
case WOLFSSL_ECC_SECP384R1:
|
||||||
@ -5619,10 +5626,6 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
|||||||
break;
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_CURVE25519
|
|
||||||
case WOLFSSL_ECC_X25519:
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_X448
|
#ifdef HAVE_X448
|
||||||
case WOLFSSL_ECC_X448:
|
case WOLFSSL_ECC_X448:
|
||||||
break;
|
break;
|
||||||
@ -7033,16 +7036,16 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
||||||
#ifdef HAVE_CURVE25519
|
|
||||||
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
|
||||||
WOLFSSL_ECC_X25519, ssl->heap);
|
|
||||||
if (ret != SSL_SUCCESS) return ret;
|
|
||||||
#endif
|
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
||||||
WOLFSSL_ECC_SECP256R1, ssl->heap);
|
WOLFSSL_ECC_SECP256R1, ssl->heap);
|
||||||
if (ret != SSL_SUCCESS) return ret;
|
if (ret != SSL_SUCCESS) return ret;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_CURVE25519
|
||||||
|
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
||||||
|
WOLFSSL_ECC_X25519, ssl->heap);
|
||||||
|
if (ret != SSL_SUCCESS) return ret;
|
||||||
|
#endif
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
ret = TLSX_UseSupportedCurve(&ssl->extensions,
|
||||||
WOLFSSL_ECC_SECP256K1, ssl->heap);
|
WOLFSSL_ECC_SECP256K1, ssl->heap);
|
||||||
@ -7135,6 +7138,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
!defined(NO_ECC_SECP)
|
!defined(NO_ECC_SECP)
|
||||||
ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP256R1, 0, NULL,
|
ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP256R1, 0, NULL,
|
||||||
NULL);
|
NULL);
|
||||||
|
#elif defined(HAVE_CURVE25519)
|
||||||
|
ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_X25519, 0, NULL, NULL);
|
||||||
#elif (!defined(NO_ECC384) || defined(HAVE_ALL_CURVES)) && \
|
#elif (!defined(NO_ECC384) || defined(HAVE_ALL_CURVES)) && \
|
||||||
!defined(NO_ECC_SECP)
|
!defined(NO_ECC_SECP)
|
||||||
ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP384R1, 0, NULL,
|
ret = TLSX_KeyShare_Use(ssl, WOLFSSL_ECC_SECP384R1, 0, NULL,
|
||||||
|
|||||||
Reference in New Issue
Block a user