From 295d93ebe821f0f2b3dc7693e0cb7408e7bc0bbe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 19 Jul 2022 08:21:29 +0200 Subject: [PATCH] Add psk handshake with gnutls Signed-off-by: Ronald Cron Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 23 +++++++++++++++++++++-- tests/ssl-opt.sh | 4 ++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 35c3751c5..8d01fc8dd 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -359,7 +359,7 @@ int mbedtls_ssl_tls13_evolve_secret( ret = 0; - if( input != NULL ) + if( ( input != NULL ) && ( input_len != 0 ) ) { memcpy( tmp_input, input, input_len ); ilen = input_len; @@ -825,6 +825,9 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, goto exit; } + MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder", + early_secret, hash_len ) ; + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) { ret = mbedtls_ssl_tls13_derive_secret( hash_alg, @@ -1052,6 +1055,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_algorithm_t hash_alg; mbedtls_ssl_handshake_params *handshake = ssl->handshake; + unsigned char *psk = NULL; + size_t psk_len = 0; if( handshake->ciphersuite_info == NULL ) { @@ -1061,14 +1066,28 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); - ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0, + ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len ); + if( ret != 0 && psk != NULL ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret ); + return( ret ); + } + + ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len, handshake->tls13_master_secrets.early ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + mbedtls_free( (void*)psk ); +#endif if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); return( ret ); } + MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early", + handshake->tls13_master_secrets.early, + PSA_HASH_LENGTH( hash_alg ) ); return( 0 ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d498d503c..5c042ee18 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2337,10 +2337,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_DEBUG_C run_test "TLS 1.3: PSK: basic check, G->m" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \ + "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ localhost" \ - 1 \ + 0 \ -s "found psk key exchange modes extension" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \