diff --git a/library/ssl_client.c b/library/ssl_client.c index 20f1aff4b8..e7453d5730 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -432,7 +432,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *out_len ) + size_t *out_len, + size_t *binders_len ) { int ret; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -443,6 +444,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, int tls12_uses_ec = 0; *out_len = 0; + *binders_len = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char propose_tls12 = @@ -641,6 +643,21 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) + * MUST be the last extension in the ClientHello. + */ + if( propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) ) + { + ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( + ssl, p, end, &output_len, binders_len ); + if( ret != 0 ) + return( ret ); + p += output_len; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + /* Write the length of the list of extensions. */ extensions_len = p - p_extensions_len - 2; @@ -837,7 +854,7 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret = 0; unsigned char *buf; - size_t buf_len, msg_len; + size_t buf_len, msg_len, binders_len; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); @@ -849,7 +866,8 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_write_client_hello_body( ssl, buf, buf + buf_len, - &msg_len ) ); + &msg_len, + &binders_len ) ); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) @@ -883,8 +901,22 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ { - mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - buf, msg_len ); + + mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + msg_len ); + ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len ); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + if( binders_len > 0 ) + { + MBEDTLS_SSL_PROC_CHK( + mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( + ssl, buf + msg_len - binders_len, buf + msg_len ) ); + ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len, + binders_len ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d16b254fc7..089b7d422a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1349,6 +1349,10 @@ void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, unsigned char const *msg, size_t msg_len ); +void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ); + #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if !defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL @@ -2449,4 +2453,49 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( unsigned char *obuf, size_t buf_len, size_t *olen ); #endif +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +/* Check if we have any PSK to offer, returns 0 if PSK is available. + * Assign the psk and ticket if pointers are present. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_get_psk_to_offer( + const mbedtls_ssl_context *ssl, + int *psk_type, + const unsigned char **psk, size_t *psk_len, + const unsigned char **psk_identity, size_t *psk_identity_len ); + +/** + * \brief Given an SSL context and its associated configuration, write the TLS + * 1.3 specific Pre-Shared key extension. + * + * \param[in] ssl SSL context + * \param[in] buf Base address of the buffer where to write the extension + * \param[in] end End address of the buffer where to write the extension + * \param[out] out_len Length in bytes of the Pre-Shared key extension: data + * written into the buffer \p buf by this function plus + * the length of the binders to be written. + * \param[out] binders_len Length of the binders to be written at the end of + * the extension. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, unsigned char *end, + size_t *out_len, size_t *binders_len ); + +/** + * \brief Given an SSL context and its associated configuration, write the TLS + * 1.3 specific Pre-Shared key extension binders at the end of the + * ClientHello. + * + * \param[in] ssl SSL context + * \param[in] buf Base address of the buffer where to write the binders + * \param[in] end End address of the buffer where to write the binders + */ +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, unsigned char *end ); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 99768a2e44..6d9101147c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -533,9 +533,9 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, } } -static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len ) +void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ) { unsigned char hs_hdr[4]; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e38f1179b6..cd3be46c9a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -595,6 +595,289 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, return( 0 ); } +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +/* + * ssl_tls13_write_psk_key_exchange_modes_ext() structure: + * + * enum { psk_ke( 0 ), psk_dhe_ke( 1 ), ( 255 ) } PskKeyExchangeMode; + * + * struct { + * PskKeyExchangeMode ke_modes<1..255>; + * } PskKeyExchangeModes; + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + int ke_modes_len = 0; + + ((void) ke_modes_len ); + *out_len = 0; + + /* Skip writing extension if no PSK key exchange mode + * is enabled in the config. + */ + if( !mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip psk_key_exchange_modes extension" ) ); + return( 0 ); + } + + /* Require 7 bytes of data, otherwise fail, + * even if extension might be shorter. + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "client hello, adding psk_key_exchange_modes extension" ) ); + + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, p, 0 ); + + /* Skip extension length (2 bytes) and + * ke_modes length (1 byte) for now. + */ + p += 5; + + if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) ) + { + *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE; + ke_modes_len++; + + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) ); + } + + if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) ) + { + *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE; + ke_modes_len++; + + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) ); + } + + /* Now write the extension and ke_modes length */ + MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 ); + buf[4] = ke_modes_len; + + *out_len = p - buf; + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES; + return ( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + +/* + * mbedtls_ssl_tls13_write_pre_shared_key_ext() structure: + * + * struct { + * opaque identity<1..2^16-1>; + * uint32 obfuscated_ticket_age; + * } PskIdentity; + * + * opaque PskBinderEntry<32..255>; + * + * struct { + * PskIdentity identities<7..2^16-1>; + * PskBinderEntry binders<33..2^16-1>; + * } OfferedPsks; + * + * struct { + * select (Handshake.msg_type) { + * case client_hello: OfferedPsks; + * ... + * }; + * } PreSharedKeyExtension; + * + */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + +int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, unsigned char *end, + size_t *out_len, size_t *binders_len ) +{ + unsigned char *p = buf; + const unsigned char *psk; + size_t psk_len; + const unsigned char *psk_identity; + size_t psk_identity_len; + int psk_type; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + const int *ciphersuites; + psa_algorithm_t psa_hash_alg; + int hash_len = 0; + size_t identities_len, l_binders_len; + uint32_t obfuscated_ticket_age = 0; + + *out_len = 0; + *binders_len = 0; + + /* Check if we have any PSKs to offer. If so, return the first. + * + * NOTE: Ultimately, we want to be able to offer multiple PSKs, + * in which case we want to iterate over them here. + * + * As it stands, however, we only ever offer one, chosen + * by the following heuristic: + * - If a ticket has been configured, offer the corresponding PSK. + * - If no ticket has been configured by an external PSK has been + * configured, offer that. + * - Otherwise, skip the PSK extension. + */ + + if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len, + &psk_identity, &psk_identity_len ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) ); + return( 0 ); + } + + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) + { + /* + * Ciphersuite list + */ + ciphersuites = ssl->conf->ciphersuite_list; + for( int i = 0; ciphersuites[i] != 0; i++ ) + { + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( + ciphersuites[i] ); + + if( mbedtls_ssl_validate_ciphersuite( + ssl, ciphersuite_info, + MBEDTLS_SSL_VERSION_TLS1_3, + MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 ) + continue; + + /* In this implementation we only add one pre-shared-key + * extension. + */ + ssl->session_negotiate->ciphersuite = ciphersuites[i]; + break; + } + } + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + /* No suitable ciphersuite for the PSK */ + if( ciphersuite_info == NULL ) + return( 0 ); + + psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + hash_len = PSA_HASH_LENGTH( psa_hash_alg ); + if( hash_len == -1 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* Check if we have space to write the extension, binder included. + * - extension_type (2 bytes) + * - extension_data_len (2 bytes) + * - identities_len (2 bytes) + * - identity_len (2 bytes) + * - identity (psk_identity_len bytes) + * - obfuscated_ticket_age (4 bytes) + * - binders_len (2 bytes) + * - binder_len (1 byte) + * - binder (hash_len bytes) + */ + + identities_len = 6 + psk_identity_len; + l_binders_len = 1 + hash_len; + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding pre_shared_key extension, " + "omitting PSK binder list" ) ); + + /* Extension header */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 8 ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0 ); + MBEDTLS_PUT_UINT16_BE( 2 + identities_len + 2 + l_binders_len , p, 2 ); + + MBEDTLS_PUT_UINT16_BE( identities_len, p, 4 ); + MBEDTLS_PUT_UINT16_BE( psk_identity_len, p, 6 ); + p += 8; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, psk_identity_len ); + memcpy( p, psk_identity, psk_identity_len ); + p += psk_identity_len; + + /* add obfuscated ticket age */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, p, 0 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 + l_binders_len ); + *out_len = ( p - buf ) + l_binders_len + 2; + *binders_len = l_binders_len + 2; + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + + return( 0 ); +} + +int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, unsigned char *end ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + const unsigned char *psk_identity; + size_t psk_identity_len; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; + psa_algorithm_t psa_hash_alg; + int hash_len = 0; + const unsigned char *psk = NULL; + size_t psk_len = 0; + int psk_type; + unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; + size_t transcript_len; + + if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len, + &psk_identity, &psk_identity_len ) != 0 ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + if( ciphersuite_info == NULL ) + return( 0 ); + + psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + hash_len = PSA_HASH_LENGTH( psa_hash_alg ); + if( ( hash_len == -1 ) || ( ( end - buf ) != 3 + hash_len ) ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding PSK binder list" ) ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 + hash_len ); + /* 2 bytes length field for array of psk binders */ + MBEDTLS_PUT_UINT16_BE( hash_len + 1, p, 0 ); + p += 2; + + /* 1 bytes length field for next psk binder */ + *p++ = MBEDTLS_BYTE_0( hash_len ); + + /* Get current state of handshake transcript. */ + ret = mbedtls_ssl_get_handshake_transcript( ssl, ciphersuite_info->mac, + transcript, sizeof( transcript ), + &transcript_len ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls13_create_psk_binder( ssl, + mbedtls_psa_translate_md( ciphersuite_info->mac ), + psk, psk_len, psk_type, + transcript, p ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret ); + return( ret ); + } + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, @@ -631,6 +914,22 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, p += ext_len; } +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) + /* For PSK-based key exchange we need the pre_shared_key extension + * and the psk_key_exchange_modes extension. + * + * The pre_shared_key extension MUST be the last extension in the + * ClientHello. Servers MUST check that it is the last extension and + * otherwise fail the handshake with an "illegal_parameter" alert. + * + * Add the psk_key_exchange_modes extension. + */ + ret = ssl_tls13_write_psk_key_exchange_modes_ext( ssl, p, end, &ext_len ); + if( ret != 0 ) + return( ret ); + p += ext_len; +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + *out_len = p - buf; return( 0 ); @@ -929,6 +1228,92 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss return( 0 ); } +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +/* + * struct { + * opaque identity<1..2^16-1>; + * uint32 obfuscated_ticket_age; + * } PskIdentity; + * + * opaque PskBinderEntry<32..255>; + * + * struct { + * + * select (Handshake.msg_type) { + * ... + * case server_hello: uint16 selected_identity; + * }; + * + * } PreSharedKeyExtension; + * + */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + int ret = 0; + size_t selected_identity; + + const unsigned char *psk; + size_t psk_len; + const unsigned char *psk_identity; + size_t psk_identity_len; + + + /* Check which PSK we've offered. + * + * NOTE: Ultimately, we want to offer multiple PSKs, and in this + * case, we need to iterate over them here. + */ + if( mbedtls_ssl_get_psk_to_offer( ssl, NULL, &psk, &psk_len, + &psk_identity, &psk_identity_len ) != 0 ) + { + /* If we haven't offered a PSK, the server must not send + * a PSK identity extension. */ + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 ); + + /* We have offered only one PSK, so the only valid choice + * for the server is PSK index 0. + * + * This will change once we support multiple PSKs. */ + if( selected_identity > 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server's chosen PSK identity out of range" ) ); + + if( ( ret = mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ) ) != 0 ) + { + return( ret ); + } + + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + /* Set the chosen PSK + * + * TODO: We don't have to do this in case we offered 0-RTT and the + * server accepted it, because in this case we've already + * set the handshake PSK. */ + ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret ); + return( ret ); + } + + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + return( 0 ); +} + +#endif + /* Parse ServerHello message and configure context * * struct { @@ -1139,12 +1524,24 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, goto cleanup; break; +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension." ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key:Not supported yet" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); + if( is_hrr ) + { + fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; + goto cleanup; + } - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; + if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext( + ssl, p, extension_data_end ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, ( "ssl_tls13_parse_server_pre_shared_key_ext" ), ret ); + return( ret ); + } + break; +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 265d6d3097..1e63c776ea 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1505,4 +1505,41 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( } #endif /* MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +/* Check if we have any PSK to offer, returns 0 if PSK is available. + * Assign the psk and ticket if pointers are present. + */ +int mbedtls_ssl_get_psk_to_offer( + const mbedtls_ssl_context *ssl, + int *psk_type, + const unsigned char **psk, size_t *psk_len, + const unsigned char **psk_identity, size_t *psk_identity_len ) +{ + int ptrs_present = 0; + + if( psk_type != NULL && psk != NULL && psk_len != NULL && + psk_identity != NULL && psk_identity_len != NULL ) + { + ptrs_present = 1; + } + + /* Check if an external PSK has been configured. */ + if( ssl->conf->psk != NULL ) + { + if( ptrs_present ) + { + *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; + *psk = ssl->conf->psk; + *psk_len = ssl->conf->psk_len; + *psk_identity = ssl->conf->psk_identity; + *psk_identity_len = ssl->conf->psk_identity_len; + } + + return( 0 ); + } + + return( 1 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 797b821705..77e9f4e2ff 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11985,6 +11985,52 @@ run_test "TLS 1.3: Server side check - mbedtls with sni" \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3, default suite, PSK" \ + "$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + "$P_CLI nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3, default suite, PSK - openssl" \ + "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ + "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -c "<= write client hello" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3, default suite, PSK - gnutls" \ + "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+CIPHER-ALL:%NO_TICKETS --pskhint=0a0b0c" \ + "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ + 1 \ + -c "=> write client hello" \ + -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ + -c "client hello, adding psk_key_exchange_modes extension" \ + -c "client hello, adding PSK binder list" \ + -s "Parsing extension 'PSK Key Exchange Modes/45'" \ + -s "Parsing extension 'Pre Shared Key/41'" \ + -c "<= write client hello" + for i in opt-testcases/*.sh do TEST_SUITE_NAME=${i##*/} @@ -12619,7 +12665,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \ "$P_CLI debug_level=4" \ 0 \ -c "Protocol is TLSv1.3" \