From b8358c62b0046783e0dd17decaf7feb2bbe0f7dd Mon Sep 17 00:00:00 2001 From: K1 Date: Fri, 24 Nov 2023 20:54:32 +0800 Subject: [PATCH] SM2 KeyShareEntry MUST be included in ClientHello when enable TLS1.3 + SM strictly Fixed #522 Re-order curveSM2 to the first supported group when enable_sm_tls13_strict is set, so that the key_share extension will include a KeyShareEntry for the "curveSM2" group because only one KeyShareEntry is sent now. --- ssl/statem/extensions_clnt.c | 50 +++++++++ ssl/t1_lib.c | 19 ++-- test/helpers/handshake.c | 3 + test/helpers/handshake.h | 2 + test/helpers/ssl_test_ctx.c | 25 +++++ test/helpers/ssl_test_ctx.h | 2 + test/ssl-tests/30-tls13-sm.cnf | 166 ++++++++++++------------------ test/ssl-tests/30-tls13-sm.cnf.in | 38 ++----- test/ssl_test.c | 13 +++ 9 files changed, 174 insertions(+), 144 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9b99cdef5..2bc61eb6f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -217,6 +217,56 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } + +#ifndef OPENSSL_NO_SM2 + /* + * RFC 8998 requires that: + * For the key_share extension, a KeyShareEntry for the "curveSM2" group + * MUST be included. We re-order curveSM2 to the first supported group when + * enable_sm_tls13_strict so that the key_share extension will include a + * KeyShareEntry for the "curveSM2" group because only one KeyShareEntry is + * sent now. + */ + if (!SSL_IS_DTLS(s) && max_version >= TLS1_3_VERSION + && s->enable_sm_tls13_strict == 1) { + int sm2_idx = -1; + + for (i = 0; i < num_groups; i++) { + if (pgroups[i] == TLSEXT_curve_SM2) { + sm2_idx = i; + break; + } + } + + if (sm2_idx > 0) { + int *groups = OPENSSL_malloc(sizeof(int) * num_groups); + if (groups == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + for (i = 0; i < num_groups; i++) + groups[i] = tls1_group_id2nid(pgroups[i], 1); + + for (i = sm2_idx; i > 0; i--) + groups[i] = groups[i - 1]; + + groups[0] = NID_sm2; + + if (!tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, + groups, num_groups)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + OPENSSL_free(groups); + return EXT_RETURN_FAIL; + } + + OPENSSL_free(groups); + tls1_get_supported_groups(s, &pgroups, &num_groups); + } + } +#endif + /* Copy group ID if supported */ for (i = 0; i < num_groups; i++) { uint16_t ctmp = pgroups[i]; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 97505f63e..22f2d7dd1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -677,13 +677,7 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, { uint16_t *glist; size_t i; - /* - * Bitmap of groups included to detect duplicates: two variables are added - * to detect duplicates as some values are more than 32. - */ - unsigned long *dup_list = NULL; - unsigned long dup_list_egrp = 0; - unsigned long dup_list_dhgrp = 0; + uint8_t bitmap[64] = { 0 }; if (ngroups == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); @@ -694,20 +688,19 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, return 0; } for (i = 0; i < ngroups; i++) { - unsigned long idmask; uint16_t id; id = tls1_nid2group_id(groups[i]); if (ngroups == 1) { glist[i] = id; break; } - if ((id & 0x00FF) >= (sizeof(unsigned long) * 8)) + if (id == 0 || id >= sizeof(bitmap) * 8) goto err; - idmask = 1L << (id & 0x00FF); - dup_list = (id < 0x100) ? &dup_list_egrp : &dup_list_dhgrp; - if (!id || ((*dup_list) & idmask)) + + if (bitmap[id / 8] & (1 << (id % 8))) goto err; - *dup_list |= idmask; + + bitmap[id / 8] |= 1 << (id % 8); glist[i] = id; } OPENSSL_free(*pext); diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 06b7bb702..3697a5fc7 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1716,6 +1716,9 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type); SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type); + if (SSL_IS_TLS13(client.ssl) && client.ssl->s3.did_kex) + ret->client_key_share = SSL_get_negotiated_group(client.ssl); + names = SSL_get0_peer_CA_list(client.ssl); if (names == NULL) ret->client_ca_names = NULL; diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h index d56c6bb0b..e8414cc44 100644 --- a/test/helpers/handshake.h +++ b/test/helpers/handshake.h @@ -70,6 +70,8 @@ typedef struct handshake_result { int client_sign_hash; /* client signature type */ int client_sign_type; + /* client key share */ + int client_key_share; /* Client CA names */ STACK_OF(X509_NAME) *client_ca_names; /* Session id status */ diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 0a93618b9..3878074e3 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -13,6 +13,7 @@ #include #include "internal/nelem.h" +#include "../../ssl/ssl_local.h" #include "ssl_test_ctx.h" #include "../testutil.h" @@ -636,6 +637,22 @@ __owur static int parse_expected_sign_hash(int *ptype, const char *value) return 1; } +__owur static int parse_expected_key_share(int *ptype, const char *value) +{ + int nid; + + if (value == NULL) + return 0; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); + if (nid == NID_undef) + return 0; + + *ptype = nid; + return 1; +} + __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx, const char *value) { @@ -650,6 +667,13 @@ __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_client_key_share(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_share(&test_ctx->expected_client_key_share, + value); +} + __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames, const char *value, OSSL_LIB_CTX *libctx) @@ -737,6 +761,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, { "ExpectedClientSignType", &parse_expected_client_sign_type }, { "ExpectedClientCANames", &parse_expected_client_ca_names }, + { "ExpectedClientKeyShare", &parse_expected_client_key_share }, { "UseSCTP", &parse_test_use_sctp }, { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug }, { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug }, diff --git a/test/helpers/ssl_test_ctx.h b/test/helpers/ssl_test_ctx.h index 8fe275814..1006cf504 100644 --- a/test/helpers/ssl_test_ctx.h +++ b/test/helpers/ssl_test_ctx.h @@ -233,6 +233,8 @@ typedef struct { int expected_client_sign_type; /* Expected CA names for client auth */ STACK_OF(X509_NAME) *expected_client_ca_names; + /* Expected client key share */ + int expected_client_key_share; /* Whether to use SCTP for the transport */ int use_sctp; /* Enable SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG on client side */ diff --git a/test/ssl-tests/30-tls13-sm.cnf b/test/ssl-tests/30-tls13-sm.cnf index e66e953b8..c10fd957a 100644 --- a/test/ssl-tests/30-tls13-sm.cnf +++ b/test/ssl-tests/30-tls13-sm.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 23 +num_tests = 22 test-0 = 0-test ciphersuites TLS_SM4_GCM_SM3 test-1 = 1-test series of ciphersuites includes TLS_SM4_GCM_SM3 @@ -17,14 +17,13 @@ test-11 = 11-test server can accept TLS_SM4_CCM_SM3 with ecdsa cert when disable test-12 = 12-test server can not accept TLS_SM4_CCM_SM3 with rsa cert when enable sm_tls13_strict tag test-13 = 13-test server can accept TLS_SM4_CCM_SM3 with rsa cert when disable sm_tls13_strict tag test-14 = 14-test server can accept TLS_SM4_CCM_SM3 with long sm2 cert chain -test-15 = 15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3 -test-16 = 16-test client should fail when enable sm_tls13_strict without SM2 key_share -test-17 = 17-test client success when enable sm_tls13_strict with SM2 key_share -test-18 = 18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher -test-19 = 19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3 -test-20 = 20-test client auth success when both enable sm_tls13_strict -test-21 = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 -test-22 = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 +test-15 = 15-test client enable sm_tls13_strict, the key_share extension must include curveSM2 +test-16 = 16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3 +test-17 = 17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher +test-18 = 18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3 +test-19 = 19-test client auth success when also enable sm_tls13_strict +test-20 = 20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 +test-21 = 21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3 # =========================================================== [0-test ciphersuites TLS_SM4_GCM_SM3] @@ -481,25 +480,26 @@ ExpectedResult = Success # =========================================================== -[15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3] -ssl_conf = 15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-ssl +[15-test client enable sm_tls13_strict, the key_share extension must include curveSM2] +ssl_conf = 15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-ssl -[15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-ssl] -server = 15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-server -client = 15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-client +[15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-ssl] +server = 15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-server +client = 15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-client -[15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-server] +[15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-server] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 -Enable_sm_tls13_strict = on +Enable_sm_tls13_strict = off MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key -[15-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-client] +[15-test client enable sm_tls13_strict, the key_share extension must include curveSM2-client] CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 +Enable_sm_tls13_strict = on MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt @@ -507,70 +507,37 @@ VerifyMode = Peer [test-15] ExpectedCipher = TLS_SM4_GCM_SM3 -ExpectedHRR = Yes +ExpectedClientKeyShare = SM2 ExpectedResult = Success # =========================================================== -[16-test client should fail when enable sm_tls13_strict without SM2 key_share] -ssl_conf = 16-test client should fail when enable sm_tls13_strict without SM2 key_share-ssl +[16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3] +ssl_conf = 16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-ssl -[16-test client should fail when enable sm_tls13_strict without SM2 key_share-ssl] -server = 16-test client should fail when enable sm_tls13_strict without SM2 key_share-server -client = 16-test client should fail when enable sm_tls13_strict without SM2 key_share-client +[16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-ssl] +server = 16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-server +client = 16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-client -[16-test client should fail when enable sm_tls13_strict without SM2 key_share-server] +[16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-server] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 -Enable_sm_tls13_strict = off -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key - -[16-test client should fail when enable sm_tls13_strict without SM2 key_share-client] -CipherString = DEFAULT -Ciphersuites = TLS_SM4_GCM_SM3 Enable_sm_tls13_strict = on MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt -VerifyMode = Peer - -[test-16] -ExpectedResult = ClientFail - - -# =========================================================== - -[17-test client success when enable sm_tls13_strict with SM2 key_share] -ssl_conf = 17-test client success when enable sm_tls13_strict with SM2 key_share-ssl - -[17-test client success when enable sm_tls13_strict with SM2 key_share-ssl] -server = 17-test client success when enable sm_tls13_strict with SM2 key_share-server -client = 17-test client success when enable sm_tls13_strict with SM2 key_share-client - -[17-test client success when enable sm_tls13_strict with SM2 key_share-server] -Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt -CipherString = DEFAULT -Ciphersuites = TLS_SM4_GCM_SM3 -Enable_sm_tls13_strict = off -Groups = SM2 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key -[17-test client success when enable sm_tls13_strict with SM2 key_share-client] +[16-test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3-client] CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 -Enable_sm_tls13_strict = on MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt VerifyMode = Peer -[test-17] +[test-16] ExpectedCipher = TLS_SM4_GCM_SM3 ExpectedHRR = Yes ExpectedResult = Success @@ -578,14 +545,14 @@ ExpectedResult = Success # =========================================================== -[18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher] -ssl_conf = 18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-ssl +[17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher] +ssl_conf = 17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-ssl -[18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-ssl] -server = 18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-server -client = 18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-client +[17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-ssl] +server = 17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-server +client = 17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-client -[18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-server] +[17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -595,7 +562,7 @@ MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -[18-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-client] +[17-test client should fail when enable sm_tls13_strict with ecdsa cert and TLS_SM4_GCM_SM3 cipher-client] CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 Enable_sm_tls13_strict = on @@ -604,21 +571,21 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-17] ExpectedClientAlert = BadCertificate ExpectedResult = ClientFail # =========================================================== -[19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3] -ssl_conf = 19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-ssl +[18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3] +ssl_conf = 18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-ssl -[19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-ssl] -server = 19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-server -client = 19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-client +[18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-ssl] +server = 18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-server +client = 18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-client -[19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-server] +[18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-server] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -630,7 +597,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem VerifyMode = Require -[19-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-client] +[18-test client auth fail when enable sm_tls13_strict, CertificateRequest with other signature algorithms except sm2sig_sm3-client] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-first-crt.pem CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -641,20 +608,20 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-first-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt VerifyMode = Peer -[test-19] +[test-18] ExpectedResult = ClientFail # =========================================================== -[20-test client auth success when both enable sm_tls13_strict] -ssl_conf = 20-test client auth success when both enable sm_tls13_strict-ssl +[19-test client auth success when also enable sm_tls13_strict] +ssl_conf = 19-test client auth success when also enable sm_tls13_strict-ssl -[20-test client auth success when both enable sm_tls13_strict-ssl] -server = 20-test client auth success when both enable sm_tls13_strict-server -client = 20-test client auth success when both enable sm_tls13_strict-client +[19-test client auth success when also enable sm_tls13_strict-ssl] +server = 19-test client auth success when also enable sm_tls13_strict-server +client = 19-test client auth success when also enable sm_tls13_strict-client -[20-test client auth success when both enable sm_tls13_strict-server] +[19-test client auth success when also enable sm_tls13_strict-server] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -665,7 +632,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem VerifyMode = Require -[20-test client auth success when both enable sm_tls13_strict-client] +[19-test client auth success when also enable sm_tls13_strict-client] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-first-crt.pem CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -676,22 +643,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-first-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt VerifyMode = Peer -[test-20] +[test-19] ExpectedCipher = TLS_SM4_GCM_SM3 -ExpectedHRR = Yes ExpectedResult = Success # =========================================================== -[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] -ssl_conf = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl +[20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] +ssl_conf = 20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl -[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] -server = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server -client = 21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client +[20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] +server = 20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server +client = 20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client -[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] +[20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -706,7 +672,7 @@ SM2.PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-leaf.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem VerifyMode = Require -[21-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] +[20-test sm_tls13_strict server with sm2 and rsa certs, client signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-first-crt.pem CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -718,7 +684,7 @@ SignatureAlgorithms = rsa_pss_rsae_sha256:sm2sig_sm3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt VerifyMode = Peer -[test-21] +[test-20] ExpectedCipher = TLS_SM4_GCM_SM3 ExpectedResult = Success ExpectedServerCertType = SM2 @@ -726,14 +692,14 @@ ExpectedServerCertType = SM2 # =========================================================== -[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] -ssl_conf = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl +[21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3] +ssl_conf = 21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl -[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] -server = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server -client = 22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client +[21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-ssl] +server = 21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server +client = 21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client -[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] +[21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-server] Certificate = ${ENV::TEST_CERTS_DIR}/sm2-leaf.crt CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 @@ -746,7 +712,7 @@ SignatureAlgorithms = rsa_pss_rsae_sha256:sm2sig_sm3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-root-cert.pem VerifyMode = Require -[22-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] +[21-test sm_tls13_strict client with sm2 and rsa certs, server signature_algorithms with rsa_pss_rsae_sha256 and sm2sig_sm3-client] CipherString = DEFAULT Ciphersuites = TLS_SM4_GCM_SM3 Enable_sm_tls13_strict = on @@ -759,7 +725,7 @@ SM2.PrivateKey = ${ENV::TEST_CERTS_DIR}/sm2-first-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2-chain-ca.crt VerifyMode = Peer -[test-22] +[test-21] ExpectedClientAlert = IllegalParameter ExpectedResult = ClientFail diff --git a/test/ssl-tests/30-tls13-sm.cnf.in b/test/ssl-tests/30-tls13-sm.cnf.in index e645a6806..82e01bd08 100644 --- a/test/ssl-tests/30-tls13-sm.cnf.in +++ b/test/ssl-tests/30-tls13-sm.cnf.in @@ -328,68 +328,45 @@ our @tests = ( }, { - name => "test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3", + name => "test client enable sm_tls13_strict, the key_share extension must include curveSM2", server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", "Ciphersuites" => "TLS_SM4_GCM_SM3", "Certificate" => test_pem("sm2-leaf.crt"), "PrivateKey" => test_pem("sm2-leaf.key"), - "Enable_sm_tls13_strict" => "on", + "Enable_sm_tls13_strict" => "off", }, - # ClientHello1 send key_share with X25519 only by default client => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", "Ciphersuites" => "TLS_SM4_GCM_SM3", "VerifyCAFile" => test_pem("sm2-chain-ca.crt"), + "Enable_sm_tls13_strict" => "on", }, test => { "ExpectedResult" => "Success", "ExpectedCipher" => "TLS_SM4_GCM_SM3", - "ExpectedHRR" => "Yes", + "ExpectedClientKeyShare" => "SM2", }, }, { - name => "test client should fail when enable sm_tls13_strict without SM2 key_share", + name => "test ClientHello1 no SM2 key_share, server should send HRR when enable sm_tls13_strict and choose TLS_SM4_GCM_SM3", server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", "Ciphersuites" => "TLS_SM4_GCM_SM3", "Certificate" => test_pem("sm2-leaf.crt"), "PrivateKey" => test_pem("sm2-leaf.key"), - "Enable_sm_tls13_strict" => "off", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Ciphersuites" => "TLS_SM4_GCM_SM3", - "VerifyCAFile" => test_pem("sm2-chain-ca.crt"), "Enable_sm_tls13_strict" => "on", }, - test => { - "ExpectedResult" => "ClientFail", - }, - }, - - { - name => "test client success when enable sm_tls13_strict with SM2 key_share", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Ciphersuites" => "TLS_SM4_GCM_SM3", - "Certificate" => test_pem("sm2-leaf.crt"), - "PrivateKey" => test_pem("sm2-leaf.key"), - "Enable_sm_tls13_strict" => "off", - "Groups" => "SM2", - }, + # ClientHello1 send key_share with X25519 only by default client => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", "Ciphersuites" => "TLS_SM4_GCM_SM3", "VerifyCAFile" => test_pem("sm2-chain-ca.crt"), - "Enable_sm_tls13_strict" => "on", }, test => { "ExpectedResult" => "Success", @@ -449,7 +426,7 @@ our @tests = ( }, { - name => "test client auth success when both enable sm_tls13_strict", + name => "test client auth success when also enable sm_tls13_strict", server => { "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3", @@ -472,7 +449,6 @@ our @tests = ( test => { "ExpectedResult" => "Success", "ExpectedCipher" => "TLS_SM4_GCM_SM3", - "ExpectedHRR" => "Yes", }, }, diff --git a/test/ssl_test.c b/test/ssl_test.c index 8bd038138..5ea022e3f 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -358,6 +358,18 @@ static int check_client_sign_type(HANDSHAKE_RESULT *result, result->client_sign_type); } +static int check_client_key_share(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + if (test_ctx->expected_client_key_share == 0 + || test_ctx->expected_client_key_share == result->client_key_share) + return 1; + + TEST_error("Client key share type mismatch, %d vs %d\n", + test_ctx->expected_client_key_share, result->client_key_share); + return 0; +} + static int check_client_ca_names(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { @@ -422,6 +434,7 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_client_cert_type(result, test_ctx); ret &= check_client_sign_hash(result, test_ctx); ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_key_share(result, test_ctx); ret &= check_client_ca_names(result, test_ctx); ret &= check_hrr(result, test_ctx); #ifndef OPENSSL_NO_DELEGATED_CREDENTIAL