|
|
8b9ea0 |
From c9e072236c4e1c290f38aee819ecaff8398e2a16 Mon Sep 17 00:00:00 2001
|
|
|
8b9ea0 |
From: Daiki Ueno <ueno@gnu.org>
|
|
|
8b9ea0 |
Date: Fri, 25 Jun 2021 08:39:12 +0200
|
|
|
8b9ea0 |
Subject: [PATCH] key_share: treat X25519 and X448 as same PK type when
|
|
|
8b9ea0 |
advertising
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
Previously, if both X25519 and X448 groups were enabled in the
|
|
|
8b9ea0 |
priority string, the client sent both algorithms in a key_share
|
|
|
8b9ea0 |
extension, while it was only capable of handling one algorithm from
|
|
|
8b9ea0 |
the same (Edwards curve) category. This adds an extra check so the
|
|
|
8b9ea0 |
client should send either X25519 or X448.
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
8b9ea0 |
---
|
|
|
8b9ea0 |
lib/ext/key_share.c | 24 +++++++++++++++++++++---
|
|
|
8b9ea0 |
tests/tls13/key_share.c | 3 +++
|
|
|
8b9ea0 |
2 files changed, 24 insertions(+), 3 deletions(-)
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
|
|
|
8b9ea0 |
index a8c4bb5cf..a4db3af95 100644
|
|
|
8b9ea0 |
--- a/lib/ext/key_share.c
|
|
|
8b9ea0 |
+++ b/lib/ext/key_share.c
|
|
|
8b9ea0 |
@@ -656,6 +656,18 @@ key_share_recv_params(gnutls_session_t session,
|
|
|
8b9ea0 |
return 0;
|
|
|
8b9ea0 |
}
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
+static inline bool
|
|
|
8b9ea0 |
+pk_type_is_ecdhx(gnutls_pk_algorithm_t pk)
|
|
|
8b9ea0 |
+{
|
|
|
8b9ea0 |
+ return pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448;
|
|
|
8b9ea0 |
+}
|
|
|
8b9ea0 |
+
|
|
|
8b9ea0 |
+static inline bool
|
|
|
8b9ea0 |
+pk_type_equal(gnutls_pk_algorithm_t a, gnutls_pk_algorithm_t b)
|
|
|
8b9ea0 |
+{
|
|
|
8b9ea0 |
+ return a == b || (pk_type_is_ecdhx(a) && pk_type_is_ecdhx(b));
|
|
|
8b9ea0 |
+}
|
|
|
8b9ea0 |
+
|
|
|
8b9ea0 |
/* returns data_size or a negative number on failure
|
|
|
8b9ea0 |
*/
|
|
|
8b9ea0 |
static int
|
|
|
8b9ea0 |
@@ -710,12 +722,18 @@ key_share_send_params(gnutls_session_t session,
|
|
|
8b9ea0 |
/* generate key shares for out top-(max_groups) groups
|
|
|
8b9ea0 |
* if they are of different PK type. */
|
|
|
8b9ea0 |
for (i = 0; i < session->internals.priorities->groups.size; i++) {
|
|
|
8b9ea0 |
+ unsigned int j;
|
|
|
8b9ea0 |
+
|
|
|
8b9ea0 |
group = session->internals.priorities->groups.entry[i];
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
- if (generated == 1 && group->pk == selected_groups[0])
|
|
|
8b9ea0 |
- continue;
|
|
|
8b9ea0 |
- else if (generated == 2 && (group->pk == selected_groups[1] || group->pk == selected_groups[0]))
|
|
|
8b9ea0 |
+ for (j = 0; j < generated; j++) {
|
|
|
8b9ea0 |
+ if (pk_type_equal(group->pk, selected_groups[j])) {
|
|
|
8b9ea0 |
+ break;
|
|
|
8b9ea0 |
+ }
|
|
|
8b9ea0 |
+ }
|
|
|
8b9ea0 |
+ if (j < generated) {
|
|
|
8b9ea0 |
continue;
|
|
|
8b9ea0 |
+ }
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
selected_groups[generated] = group->pk;
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c
|
|
|
8b9ea0 |
index 7f8f6295c..816a7d9b5 100644
|
|
|
8b9ea0 |
--- a/tests/tls13/key_share.c
|
|
|
8b9ea0 |
+++ b/tests/tls13/key_share.c
|
|
|
8b9ea0 |
@@ -124,6 +124,7 @@ unsigned int tls_id_to_group[] = {
|
|
|
8b9ea0 |
[23] = GNUTLS_GROUP_SECP256R1,
|
|
|
8b9ea0 |
[24] = GNUTLS_GROUP_SECP384R1,
|
|
|
8b9ea0 |
[29] = GNUTLS_GROUP_X25519,
|
|
|
8b9ea0 |
+ [30] = GNUTLS_GROUP_X448,
|
|
|
8b9ea0 |
[0x100] = GNUTLS_GROUP_FFDHE2048,
|
|
|
8b9ea0 |
[0x101] = GNUTLS_GROUP_FFDHE3072
|
|
|
8b9ea0 |
};
|
|
|
8b9ea0 |
@@ -315,11 +316,13 @@ void doit(void)
|
|
|
8b9ea0 |
start("two groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
|
|
|
8b9ea0 |
start("two groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
|
|
|
8b9ea0 |
start("two groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X25519, 2);
|
|
|
8b9ea0 |
+ start("two groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X448, 2);
|
|
|
8b9ea0 |
start("two groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_FFDHE2048, 2);
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
start("three groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
|
|
|
8b9ea0 |
start("three groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
|
|
|
8b9ea0 |
start("three groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X25519, 3);
|
|
|
8b9ea0 |
+ start("three groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X448, 3);
|
|
|
8b9ea0 |
start("three groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_FFDHE2048, 3);
|
|
|
8b9ea0 |
|
|
|
8b9ea0 |
/* test default behavior */
|
|
|
8b9ea0 |
--
|
|
|
8b9ea0 |
2.31.1
|
|
|
8b9ea0 |
|