add selected_identity parser

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-03-28 19:21:08 +00:00 · 2022-09-28 22:12:07 +08:00 · 2022-09-28 22:12:07 +08:00 · b300e3c5be
commit b300e3c5be
parent 1a0a0f4416
1 changed files with 84 additions and 4 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1083,10 +1083,90 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
                                                      const unsigned char *buf,
                                                      const unsigned char *end )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    return( 0 );
+    int ret = 0;
+    int selected_identity;
+    int psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+    const unsigned char *psk;
+    size_t psk_len;
+    psa_algorithm_t psa_alg;
+
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+    selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) );
+
+    if( ssl_tls13_has_configured_psk( ssl ) &&
+        ssl_tls13_has_configured_ticket( ssl ) )
+    {
+        if( selected_identity >= 2 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) );
+            goto exit;
+        }
+        switch( selected_identity )
+        {
+            case 0:
+                psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+                break;
+            case 1:
+                psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+                break;
+        }
+    }
+    else if( ssl_tls13_has_configured_psk( ssl ) ||
+             ssl_tls13_has_configured_ticket( ssl ) )
+    {
+        if( selected_identity >= 1 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) );
+            goto exit;
+        }
+
+        if( ssl_tls13_has_configured_psk( ssl ) )
+            psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+        else if( ssl_tls13_has_configured_ticket( ssl ) )
+            psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    switch( psk_type )
+    {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
+            ret = ssl_tls13_session_tickets_get_psk(
+                      ssl, &psa_alg, &psk, &psk_len );
+            break;
+#endif
+        case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
+            ret = ssl_tls13_psk_get_psk(
+                      ssl, &psa_alg, &psk, &psk_len );
+            break;
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret );
+    }
+    else
+        ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
+
+    return( ret );
+
+exit:
+    MBEDTLS_SSL_DEBUG_MSG(
+            1, ( "Invalid chosen PSK identity." ) );
+
+    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                    MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
 }

 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */