Fix wrongly kex mode fallback issue in psk cases

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian 2022-09-26 04:01:06 +00:00
parent 210727f3b1
commit ac8195f4f7
2 changed files with 22 additions and 35 deletions

View File

@ -1687,19 +1687,16 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
/* Only the pre_shared_key extension was received */ /* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY: case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
break; break;
/* Only the key_share extension was received */ /* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE: case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
break; break;
/* Both the pre_shared_key and key_share extensions were received */ /* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ): case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
break; break;
/* Neither pre_shared_key nor key_share extension was received */ /* Neither pre_shared_key nor key_share extension was received */
@ -1711,10 +1708,25 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, MBEDTLS_SSL_DEBUG_MSG( 3,
( "Server selected key exchange mode: %s", ( "Server selected key exchange mode: %s",
handshake->key_exchange_mode == 1 ? "psk" : handshake->key_exchange_mode ==
(handshake->key_exchange_mode == 2 ? "ephemeral" : MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ? "psk" :
(handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ? "ephemeral" :
"psk_ephemeral")) ); "psk_ephemeral")) );
if( !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode ) )
{
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
MBEDTLS_SSL_DEBUG_MSG( 2,
( "Not supported kex mode in client: %s",
handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ? "psk" :
(handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ? "ephemeral" :
"psk_ephemeral")) );
goto cleanup;
}
/* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
* *
* TODO: We don't have to do this in case we offered 0-RTT and the * TODO: We don't have to do this in case we offered 0-RTT and the

View File

@ -1835,15 +1835,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail - no common psk" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "Invalid binder." -s "Invalid binder."
"""
Currently server side will not check whether client
support ephemeral mode or not, it will cause improper
fallback. It's a bit complicated cause there is no good
way to pass the ephemeral kex mode from client to server,
will create one issue to solve the bug.
Skip this test case temporarily.
"""
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -1856,8 +1847,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode"
1 \ 1 \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list"
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1872,8 +1862,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \ -c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1887,8 +1875,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No matched PSK or ticket"
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1953,8 +1940,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \ -c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -1966,7 +1951,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail - no common id" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No matched PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2292,8 +2276,6 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail - no common psk" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-s "ClientHello message misses mandatory extensions." -s "ClientHello message misses mandatory extensions."
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2303,8 +2285,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
1 \ 1 \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list"
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2319,8 +2300,6 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \ -c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2331,8 +2310,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No matched PSK or ticket"
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2397,8 +2375,6 @@ run_test "TLS 1.3: m->m: psk_all/all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \ -c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2409,8 +2385,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \ -s "No matched PSK or ticket"
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C