[01/12] Print ciphersuites in wolfSSL

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
---
 src/crypto/tls_wolfssl.c | 3 +++
 1 file changed, 3 insertions(+)

Hi,

is there a timeline when someone will be able to review this patchset? 
Thanks.

Sincerely
Juliusz

On 08/03/2023 18:18, Juliusz Sosinowicz wrote:
> Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
> ---
>   src/crypto/tls_wolfssl.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
> index b4f1bbe7f..a02c92892 100644
> --- a/src/crypto/tls_wolfssl.c
> +++ b/src/crypto/tls_wolfssl.c
> @@ -284,6 +284,7 @@ void * tls_init(const struct tls_config *conf)
>   		ciphers = conf->openssl_ciphers;
>   	else
>   		ciphers = "ALL";
> +	wpa_printf(MSG_DEBUG, "wolfSSL: cipher suites: %s", ciphers);
>   	if (wolfSSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
>   		wpa_printf(MSG_ERROR,
>   			   "wolfSSL: Failed to set cipher string '%s'",
> @@ -1323,6 +1324,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
>   		return -1;
>   	}
>   
> +	wpa_printf(MSG_DEBUG, "wolfSSL: cipher suites: %s", params->openssl_ciphers);
>   	if (params->openssl_ciphers &&
>   	    wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
>   		wpa_printf(MSG_INFO,
> @@ -1553,6 +1555,7 @@ int tls_global_set_params(void *tls_ctx,
>   		return -1;
>   	}
>   
> +	wpa_printf(MSG_DEBUG, "wolfSSL: cipher suites: %s", params->openssl_ciphers);
>   	if (params->openssl_ciphers &&
>   	    wolfSSL_CTX_set_cipher_list(tls_ctx,
>   					params->openssl_ciphers) != 1) {

Thanks, applied the full series with some cleanup and fixes. The last
patches in this series were quite inconvenient to review since there was
a mix of refactoring and functional changes in the same patch and also
cases where some FIPS cases were first removed and then re-added in a
later patch in the same series. I ended up splitting those quite
differently for the commit to make the real changes easier to
understand.

This broke the build with wolfSSL 5.2.0 which was the version I used
when testing the functionality last time. I ended up adding a simple
wrapper function based on the library version to try to work around that
for now. I'm not sure whether 5.2.0 is considered supported anymore, so
it might be fine to remove that wrapper if that is considered obsolete.

In addition, I ran the full hwsim test case set with wolfSSL 5.5.4 on
the STA side and OpenSSL on the AP and authentication server. The
following test cases are failing likely due to some missing
functionality. I did not look at the details, though.

ap_wpa2_eap_fast_binary_pac
ap_wpa2_eap_fast_binary_pac_errors
ap_wpa2_eap_fast_cipher_suites
ap_wpa2_eap_fast_eap_aka
ap_wpa2_eap_fast_eap_sim
ap_wpa2_eap_fast_gtc_auth_prov
ap_wpa2_eap_fast_mschapv2_unauth_prov
ap_wpa2_eap_fast_pac_file
ap_wpa2_eap_fast_pac_lifetime
ap_wpa2_eap_fast_pac_refresh
ap_wpa2_eap_fast_pac_truncate
ap_wpa2_eap_fast_prf_oom
ap_wpa2_eap_fast_prov
ap_wpa2_eap_fast_server_oom
ap_wpa2_eap_fast_text_pac_errors
ap_wpa2_eap_tls_ec_and_rsa
ap_wpa2_eap_tls_intermediate_ca_ocsp
ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked
ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1
ap_wpa2_eap_tls_rsa_and_ec
ap_wpa2_eap_tls_versions
ap_wpa2_eap_tls_versions_server
ap_wpa2_eap_ttls_expired_cert
ap_wpa2_eap_ttls_ignore_expired_cert
ap_wpa2_eap_ttls_ocsp_revoked
ap_wpa2_eap_ttls_ocsp_unknown
ap_wpa2_eap_ttls_optional_ocsp_unknown
ap_wpa2_eap_ttls_pap_check_cert_subject_neg
dpp_peer_intro_failures
dpp_pkex_hostapd_initiator
eap_fast_proto_phase2
eap_fast_tlv_nak_oom
eap_mschapv2_errors
eap_proto_fast_errors
eap_teap_tls_cs_sha1
eap_teap_tls_cs_sha256
eap_teap_tls_cs_sha384
fils_sk_pfs_25
openssl_ecdh_curves
owe_invalid_assoc_resp
sae_bignum_failure
sae_no_ffc_by_default
sae_password_ffc
sae_pwe_failure
sae_pwe_group_14
sae_pwe_group_15
sae_pwe_group_16
sae_pwe_group_23
sae_pwe_group_24
sae_pwe_group_25
sae_pwe_group_5
sae_reflection_attack_ffc
sae_reflection_attack_ffc_internal
sigma_dut_ap_cipher_ccmp_128
sigma_dut_ap_cipher_ccmp_256
sigma_dut_ap_cipher_ccmp_gcmp_1
sigma_dut_ap_cipher_ccmp_gcmp_2
sigma_dut_ap_cipher_gcmp_128
sigma_dut_ap_cipher_gcmp_256
sigma_dut_ap_cipher_gcmp_256_group_ccmp
sigma_dut_ap_suite_b
sigma_dut_eap_aka
sigma_dut_eap_ttls
sigma_dut_eap_ttls_uosc
sigma_dut_eap_ttls_uosc_ca_mistrust
sigma_dut_suite_b
suite_b
suite_b_192
suite_b_192_mic_failure
suite_b_192_okc
suite_b_192_pmkid_failure
suite_b_192_pmksa_caching_roam
suite_b_192_radius
suite_b_192_rsa
suite_b_192_rsa_dhe
suite_b_192_rsa_ecdhe
suite_b_192_rsa_insufficient_dh
suite_b_192_rsa_insufficient_key
suite_b_192_rsa_radius
suite_b_192_rsa_tls_13
suite_b_mic_failure
suite_b_pmkid_failure
suite_b_radius

Thanks Jouni,

Yes wolfSSL 5.2.0 is an older version of the library. Please use a newer 
release for future testing. I will make a note to take a look at the 
failing tests. Hopefully this is something that can be fixed with a few 
new functions.

Sincerely
Juliusz

On 04/11/2023 18:01, Jouni Malinen wrote:
> Thanks, applied the full series with some cleanup and fixes. The last
> patches in this series were quite inconvenient to review since there was
> a mix of refactoring and functional changes in the same patch and also
> cases where some FIPS cases were first removed and then re-added in a
> later patch in the same series. I ended up splitting those quite
> differently for the commit to make the real changes easier to
> understand.
>
> This broke the build with wolfSSL 5.2.0 which was the version I used
> when testing the functionality last time. I ended up adding a simple
> wrapper function based on the library version to try to work around that
> for now. I'm not sure whether 5.2.0 is considered supported anymore, so
> it might be fine to remove that wrapper if that is considered obsolete.
>
> In addition, I ran the full hwsim test case set with wolfSSL 5.5.4 on
> the STA side and OpenSSL on the AP and authentication server. The
> following test cases are failing likely due to some missing
> functionality. I did not look at the details, though.
>
> ap_wpa2_eap_fast_binary_pac
> ap_wpa2_eap_fast_binary_pac_errors
> ap_wpa2_eap_fast_cipher_suites
> ap_wpa2_eap_fast_eap_aka
> ap_wpa2_eap_fast_eap_sim
> ap_wpa2_eap_fast_gtc_auth_prov
> ap_wpa2_eap_fast_mschapv2_unauth_prov
> ap_wpa2_eap_fast_pac_file
> ap_wpa2_eap_fast_pac_lifetime
> ap_wpa2_eap_fast_pac_refresh
> ap_wpa2_eap_fast_pac_truncate
> ap_wpa2_eap_fast_prf_oom
> ap_wpa2_eap_fast_prov
> ap_wpa2_eap_fast_server_oom
> ap_wpa2_eap_fast_text_pac_errors
> ap_wpa2_eap_tls_ec_and_rsa
> ap_wpa2_eap_tls_intermediate_ca_ocsp
> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked
> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1
> ap_wpa2_eap_tls_rsa_and_ec
> ap_wpa2_eap_tls_versions
> ap_wpa2_eap_tls_versions_server
> ap_wpa2_eap_ttls_expired_cert
> ap_wpa2_eap_ttls_ignore_expired_cert
> ap_wpa2_eap_ttls_ocsp_revoked
> ap_wpa2_eap_ttls_ocsp_unknown
> ap_wpa2_eap_ttls_optional_ocsp_unknown
> ap_wpa2_eap_ttls_pap_check_cert_subject_neg
> dpp_peer_intro_failures
> dpp_pkex_hostapd_initiator
> eap_fast_proto_phase2
> eap_fast_tlv_nak_oom
> eap_mschapv2_errors
> eap_proto_fast_errors
> eap_teap_tls_cs_sha1
> eap_teap_tls_cs_sha256
> eap_teap_tls_cs_sha384
> fils_sk_pfs_25
> openssl_ecdh_curves
> owe_invalid_assoc_resp
> sae_bignum_failure
> sae_no_ffc_by_default
> sae_password_ffc
> sae_pwe_failure
> sae_pwe_group_14
> sae_pwe_group_15
> sae_pwe_group_16
> sae_pwe_group_23
> sae_pwe_group_24
> sae_pwe_group_25
> sae_pwe_group_5
> sae_reflection_attack_ffc
> sae_reflection_attack_ffc_internal
> sigma_dut_ap_cipher_ccmp_128
> sigma_dut_ap_cipher_ccmp_256
> sigma_dut_ap_cipher_ccmp_gcmp_1
> sigma_dut_ap_cipher_ccmp_gcmp_2
> sigma_dut_ap_cipher_gcmp_128
> sigma_dut_ap_cipher_gcmp_256
> sigma_dut_ap_cipher_gcmp_256_group_ccmp
> sigma_dut_ap_suite_b
> sigma_dut_eap_aka
> sigma_dut_eap_ttls
> sigma_dut_eap_ttls_uosc
> sigma_dut_eap_ttls_uosc_ca_mistrust
> sigma_dut_suite_b
> suite_b
> suite_b_192
> suite_b_192_mic_failure
> suite_b_192_okc
> suite_b_192_pmkid_failure
> suite_b_192_pmksa_caching_roam
> suite_b_192_radius
> suite_b_192_rsa
> suite_b_192_rsa_dhe
> suite_b_192_rsa_ecdhe
> suite_b_192_rsa_insufficient_dh
> suite_b_192_rsa_insufficient_key
> suite_b_192_rsa_radius
> suite_b_192_rsa_tls_13
> suite_b_mic_failure
> suite_b_pmkid_failure
> suite_b_radius
>

Hi Jouni,

its taken me a while but I was able to fix the failing tests. Fixing 
bugs and implementing new features. The large patchset I just sent 
passes all tests except the following:

   - ap_wpa2_eap_tls_ec_and_rsa
   - ap_wpa2_eap_tls_rsa_and_ec
       - wolfSSL does not support loading multiple certs into one 
object. This could be implemented by lazily loading the appropriate 
certificate by using wolfSSL_get_ciphersuite_info and 
wolfSSL_get_sigalg_info to determine the ciphersuite and sigalgs but 
this is still on the roadmap.
   - ap_wpa2_eap_ttls_optional_ocsp_unknown
       - wolfSSL does not support recovering from an OCSP error dynamically.
   - OCSP tests with sha256
       - wolfSSL only works with sha-1 (although it can be changed to 
sha256 at compile time) signatures in OCSP responses. Being signature 
algorithm agnostic is in our backlog for a while now.

The wolfSSL dev branch to use for testing is 
https://github.com/julek-wolfssl/wolfssl/tree/hostap.

The wolfSSL configuration I used is:

     --enable-wpas --enable-wpas-dpp --enable-brainpool 
--with-eccminsz=192 --enable-tlsv10 --enable-oldtls 
'CPPFLAGS=-DWOLFSSL_STATIC_RSA'

Sincerely
Juliusz

On 04/11/2023 18:01, Jouni Malinen wrote:
> Thanks, applied the full series with some cleanup and fixes. The last
> patches in this series were quite inconvenient to review since there was
> a mix of refactoring and functional changes in the same patch and also
> cases where some FIPS cases were first removed and then re-added in a
> later patch in the same series. I ended up splitting those quite
> differently for the commit to make the real changes easier to
> understand.
>
> This broke the build with wolfSSL 5.2.0 which was the version I used
> when testing the functionality last time. I ended up adding a simple
> wrapper function based on the library version to try to work around that
> for now. I'm not sure whether 5.2.0 is considered supported anymore, so
> it might be fine to remove that wrapper if that is considered obsolete.
>
> In addition, I ran the full hwsim test case set with wolfSSL 5.5.4 on
> the STA side and OpenSSL on the AP and authentication server. The
> following test cases are failing likely due to some missing
> functionality. I did not look at the details, though.
>
> ap_wpa2_eap_fast_binary_pac
> ap_wpa2_eap_fast_binary_pac_errors
> ap_wpa2_eap_fast_cipher_suites
> ap_wpa2_eap_fast_eap_aka
> ap_wpa2_eap_fast_eap_sim
> ap_wpa2_eap_fast_gtc_auth_prov
> ap_wpa2_eap_fast_mschapv2_unauth_prov
> ap_wpa2_eap_fast_pac_file
> ap_wpa2_eap_fast_pac_lifetime
> ap_wpa2_eap_fast_pac_refresh
> ap_wpa2_eap_fast_pac_truncate
> ap_wpa2_eap_fast_prf_oom
> ap_wpa2_eap_fast_prov
> ap_wpa2_eap_fast_server_oom
> ap_wpa2_eap_fast_text_pac_errors
> ap_wpa2_eap_tls_ec_and_rsa
> ap_wpa2_eap_tls_intermediate_ca_ocsp
> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked
> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1
> ap_wpa2_eap_tls_rsa_and_ec
> ap_wpa2_eap_tls_versions
> ap_wpa2_eap_tls_versions_server
> ap_wpa2_eap_ttls_expired_cert
> ap_wpa2_eap_ttls_ignore_expired_cert
> ap_wpa2_eap_ttls_ocsp_revoked
> ap_wpa2_eap_ttls_ocsp_unknown
> ap_wpa2_eap_ttls_optional_ocsp_unknown
> ap_wpa2_eap_ttls_pap_check_cert_subject_neg
> dpp_peer_intro_failures
> dpp_pkex_hostapd_initiator
> eap_fast_proto_phase2
> eap_fast_tlv_nak_oom
> eap_mschapv2_errors
> eap_proto_fast_errors
> eap_teap_tls_cs_sha1
> eap_teap_tls_cs_sha256
> eap_teap_tls_cs_sha384
> fils_sk_pfs_25
> openssl_ecdh_curves
> owe_invalid_assoc_resp
> sae_bignum_failure
> sae_no_ffc_by_default
> sae_password_ffc
> sae_pwe_failure
> sae_pwe_group_14
> sae_pwe_group_15
> sae_pwe_group_16
> sae_pwe_group_23
> sae_pwe_group_24
> sae_pwe_group_25
> sae_pwe_group_5
> sae_reflection_attack_ffc
> sae_reflection_attack_ffc_internal
> sigma_dut_ap_cipher_ccmp_128
> sigma_dut_ap_cipher_ccmp_256
> sigma_dut_ap_cipher_ccmp_gcmp_1
> sigma_dut_ap_cipher_ccmp_gcmp_2
> sigma_dut_ap_cipher_gcmp_128
> sigma_dut_ap_cipher_gcmp_256
> sigma_dut_ap_cipher_gcmp_256_group_ccmp
> sigma_dut_ap_suite_b
> sigma_dut_eap_aka
> sigma_dut_eap_ttls
> sigma_dut_eap_ttls_uosc
> sigma_dut_eap_ttls_uosc_ca_mistrust
> sigma_dut_suite_b
> suite_b
> suite_b_192
> suite_b_192_mic_failure
> suite_b_192_okc
> suite_b_192_pmkid_failure
> suite_b_192_pmksa_caching_roam
> suite_b_192_radius
> suite_b_192_rsa
> suite_b_192_rsa_dhe
> suite_b_192_rsa_ecdhe
> suite_b_192_rsa_insufficient_dh
> suite_b_192_rsa_insufficient_key
> suite_b_192_rsa_radius
> suite_b_192_rsa_tls_13
> suite_b_mic_failure
> suite_b_pmkid_failure
> suite_b_radius
>