Re: [PATCH 02/24] wolfssl: implement suiteb ciphersuite

Jouni Malinen <j@xxxxx> · Sun, 2 Feb 2025 21:07:25 +0200

On Thu, Apr 04, 2024 at 08:16:08PM +0200, Juliusz Sosinowicz wrote:
> diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
...

I'm not completely sure whether all these changes are correct, but I
applied this version now, to make progress with this patchset.

> diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py

I did not apply this part that would modify the test cases, though.

> @@ -74,7 +74,8 @@ def test_suite_b(dev, apdev):
>      hapd.wait_sta()
>      tls_cipher = dev[0].get_status_field("EAP TLS cipher")
>      if tls_cipher != "ECDHE-ECDSA-AES128-GCM-SHA256" and \
> -       tls_cipher != "ECDHE-ECDSA-AES-128-GCM-AEAD":
> +       tls_cipher != "ECDHE-ECDSA-AES-128-GCM-AEAD" and \
> +       tls_cipher != "ECDHE-ECDSA-AES256-GCM-SHA384":
>          raise Exception("Unexpected TLS cipher: " + tls_cipher)

That is not a valid TLS cipher to use with 128-bit security level
SuiteB. I'd also point out that this 128-bit security level was
deprecated and there are no known deployment of it, so at this point in
time, it does not feel worth the effort to look at what exactly should
have been there in either testing or implementation. Instead, all focus
related to Suite B (or well, CNSA Suite nowadays) should be for the
192-bit security level variant.

> @@ -488,7 +489,16 @@ def test_suite_b_192_rsa_insufficient_key(dev, apdev):
>      params["ca_cert"] = "auth_serv/ca.pem"
>      params["server_cert"] = "auth_serv/server.pem"
>      params["private_key"] = "auth_serv/server.key"
> -    hapd = hostapd.add_ap(apdev[0], params)
> +
> +    try:
> +        hapd = hostapd.add_ap(apdev[0], params)
> +    except:
> +        hapd = hostapd.add_ap(apdev[0], suite_b_192_rsa_ap_params())
> +        tls = hapd.request("GET tls_library")
> +        if tls.startswith("wolfSSL"):
> +            # wolfSSL fails during key loading with too short key
> +            return
> +        raise

If a test case is to be skipped, HwsimSkip() exception should be raised
instead of just returning to avoid claiming the test case passed when it
was not actually executed.

> @@ -516,7 +528,16 @@ def test_suite_b_192_rsa_insufficient_dh(dev, apdev):
>      params = suite_b_192_rsa_ap_params()
>      params["tls_flags"] = "[SUITEB-NO-ECDH]"
>      params["dh_file"] = "auth_serv/dh.conf"
> -    hapd = hostapd.add_ap(apdev[0], params)
> +    try:
> +        hapd = hostapd.add_ap(apdev[0], params)
> +    except:
> +        hapd = hostapd.add_ap(apdev[0], suite_b_192_rsa_ap_params())
> +        tls = hapd.request("GET tls_library")
> +        if tls.startswith("wolfSSL"):
> +            # wolfSSL fails during key loading with too short key
> +            return
> +        raise

Same here.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap