miTLS client send key share of type x22519, regardless of configuration done via FFI_mitls_configure_named_groups

[oweisse-msft]

FFI_mitls_configure_named_groups is called, with 'P-521:P-384:P-256:FFDHE4096:FFDHE3072:FFDHE2048', which affects the list in "supported_groups" extension in ClientHello, but the KeyShare that is sent is always x25519.

[s-zanella]

This changed recently. Now we have two different fields in the configuration:

• named_groups determines the supported groups
• offer_shares determines the groups for which the client includes shares in the key_share extension in the initial ClientHello. I believe the new syntax for FFI is e.g. P-256:P-384:P-521@P-256:P-384 to indicate support for P-256:P-384:P-521 but send shares for only P-256 and P-384. A server that only supports P-521, will respond with a HelloRetryRequest message; the client will send a new ClientHello message including a P-521 share.

The default value for offer_shares is just X25519. We don't check in FFI that this is compatible with named_groups (that X25519 is one of the supported groups). We should do so, and default to, say, the first supported group otherwise.

[ad-l]

I changed the behavior of ffiSetNamedGroups to offer all supported groups if no share list is specified with the @X:...:Z syntax.