From c9ee6e3646258f79a9970be96394cb2b93b7eddd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Sep 2022 11:57:23 +0100 Subject: [PATCH] Reimplement brainpool TLSv1.3 support group support Create new TLS_GROUP_ENTRY values for these groups. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19315) --- crypto/objects/obj_dat.h | 15 ++++++++++++--- crypto/objects/obj_mac.num | 3 +++ crypto/objects/objects.txt | 6 ++++++ include/openssl/obj_mac.h | 9 +++++++++ providers/common/capabilities.c | 20 ++++++++++++++------ ssl/t1_lib.c | 3 +++ ssl/t1_trce.c | 3 +++ test/ssl-tests/20-cert-select.cnf | 2 +- test/ssl-tests/20-cert-select.cnf.in | 2 +- 9 files changed, 52 insertions(+), 11 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index cd83f24e8d..b97118922c 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1154,7 +1154,7 @@ static const unsigned char so[8356] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32, /* [ 8344] OBJ_id_ct_signedTAL */ }; -#define NUM_NID 1285 +#define NUM_NID 1288 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2441,9 +2441,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"oracle-organization", "Oracle organization", NID_oracle, 7, &so[8325]}, {"oracle-jdk-trustedkeyusage", "Trusted key usage (Oracle)", NID_oracle_jdk_trustedkeyusage, 12, &so[8332]}, {"id-ct-signedTAL", "id-ct-signedTAL", NID_id_ct_signedTAL, 11, &so[8344]}, + {"brainpoolP256r1tls13", "brainpoolP256r1tls13", NID_brainpoolP256r1tls13}, + {"brainpoolP384r1tls13", "brainpoolP384r1tls13", NID_brainpoolP384r1tls13}, + {"brainpoolP512r1tls13", "brainpoolP512r1tls13", NID_brainpoolP512r1tls13}, }; -#define NUM_SN 1276 +#define NUM_SN 1279 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2781,12 +2784,15 @@ static const unsigned int sn_objs[NUM_SN] = { 925, /* "brainpoolP224r1" */ 926, /* "brainpoolP224t1" */ 927, /* "brainpoolP256r1" */ + 1285, /* "brainpoolP256r1tls13" */ 928, /* "brainpoolP256t1" */ 929, /* "brainpoolP320r1" */ 930, /* "brainpoolP320t1" */ 931, /* "brainpoolP384r1" */ + 1286, /* "brainpoolP384r1tls13" */ 932, /* "brainpoolP384t1" */ 933, /* "brainpoolP512r1" */ + 1287, /* "brainpoolP512r1tls13" */ 934, /* "brainpoolP512t1" */ 494, /* "buildingName" */ 860, /* "businessCategory" */ @@ -3723,7 +3729,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1276 +#define NUM_LN 1279 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4057,12 +4063,15 @@ static const unsigned int ln_objs[NUM_LN] = { 925, /* "brainpoolP224r1" */ 926, /* "brainpoolP224t1" */ 927, /* "brainpoolP256r1" */ + 1285, /* "brainpoolP256r1tls13" */ 928, /* "brainpoolP256t1" */ 929, /* "brainpoolP320r1" */ 930, /* "brainpoolP320t1" */ 931, /* "brainpoolP384r1" */ + 1286, /* "brainpoolP384r1tls13" */ 932, /* "brainpoolP384t1" */ 933, /* "brainpoolP512r1" */ + 1287, /* "brainpoolP512r1tls13" */ 934, /* "brainpoolP512t1" */ 494, /* "buildingName" */ 860, /* "businessCategory" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index f4e70da2cd..64dffcb7c1 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1282,3 +1282,6 @@ hmacWithSM3 1281 oracle 1282 oracle_jdk_trustedkeyusage 1283 id_ct_signedTAL 1284 +brainpoolP256r1tls13 1285 +brainpoolP384r1tls13 1286 +brainpoolP512r1tls13 1287 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a03f682d5e..b627cfdfd1 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1643,12 +1643,18 @@ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH 1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1 1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1 1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1 +# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group + : brainpoolP256r1tls13 1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1 1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1 1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1 1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1 +# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group + : brainpoolP384r1tls13 1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1 1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1 +# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group + : brainpoolP512r1tls13 1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1 # ECDH schemes from RFC5753 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index e1cafb0109..8ad445259d 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5171,6 +5171,9 @@ #define NID_brainpoolP256r1 927 #define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L +#define SN_brainpoolP256r1tls13 "brainpoolP256r1tls13" +#define NID_brainpoolP256r1tls13 1285 + #define SN_brainpoolP256t1 "brainpoolP256t1" #define NID_brainpoolP256t1 928 #define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L @@ -5187,6 +5190,9 @@ #define NID_brainpoolP384r1 931 #define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L +#define SN_brainpoolP384r1tls13 "brainpoolP384r1tls13" +#define NID_brainpoolP384r1tls13 1286 + #define SN_brainpoolP384t1 "brainpoolP384t1" #define NID_brainpoolP384t1 932 #define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L @@ -5195,6 +5201,9 @@ #define NID_brainpoolP512r1 933 #define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L +#define SN_brainpoolP512r1tls13 "brainpoolP512r1tls13" +#define NID_brainpoolP512r1tls13 1287 + #define SN_brainpoolP512t1 "brainpoolP512t1" #define NID_brainpoolP512t1 934 #define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index ed37e76969..f7234615e4 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -30,7 +30,7 @@ typedef struct tls_group_constants_st { int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ } TLS_GROUP_CONSTANTS; -static const TLS_GROUP_CONSTANTS group_list[35] = { +static const TLS_GROUP_CONSTANTS group_list[] = { { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, TLS1_2_VERSION, @@ -86,6 +86,9 @@ static const TLS_GROUP_CONSTANTS group_list[35] = { DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_x25519, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, { OSSL_TLS_GROUP_ID_x448, 224, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13, 192, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13, 256, TLS1_3_VERSION, 0, -1, -1 }, /* Security bit values as given by BN_security_bits() */ { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1 }, { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1 }, @@ -189,14 +192,19 @@ static const OSSL_PARAM param_group_list[][10] = { # endif TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), TLS_GROUP_ENTRY("x448", "X448", "X448", 29), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30), + TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31), + TLS_GROUP_ENTRY("brainpoolP512r1tls13", "brainpoolP512r1", "EC", 32), +# endif # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are as per RFC 7919 */ - TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30), - TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31), - TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32), - TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33), - TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34), + TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 33), + TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 34), + TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 35), + TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36), + TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37), # endif }; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index dcd7b294a0..166b4f837e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -181,6 +181,9 @@ static struct { {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1}, {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519}, {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448}, + {NID_brainpoolP256r1tls13, OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13}, + {NID_brainpoolP384r1tls13, OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13}, + {NID_brainpoolP512r1tls13, OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13}, {NID_id_tc26_gost_3410_2012_256_paramSetA, OSSL_TLS_GROUP_ID_gc256A}, {NID_id_tc26_gost_3410_2012_256_paramSetB, OSSL_TLS_GROUP_ID_gc256B}, {NID_id_tc26_gost_3410_2012_256_paramSetC, OSSL_TLS_GROUP_ID_gc256C}, diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index edeb926e22..802958c383 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -525,6 +525,9 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { {28, "brainpoolP512r1"}, {29, "ecdh_x25519"}, {30, "ecdh_x448"}, + {31, "brainpoolP256r1tls13"}, + {32, "brainpoolP384r1tls13"}, + {33, "brainpoolP512r1tls13"}, {34, "GC256A"}, {35, "GC256B"}, {36, "GC256C"}, diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 5cb7aca3ea..51d38b9b61 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1728,7 +1728,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index d0cc5cfd5c..b8e689d565 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -914,7 +914,7 @@ my @tests_tls_1_3_non_fips = ( #We only configured brainpoolP256r1 on the client side, but TLSv1.3 #is enabled and this group is not allowed in TLSv1.3. Therefore this #should fail - "ExpectedResult" => "ServerFail" + "ExpectedResult" => "ClientFail" }, }, {