mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-10 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

TLS 1.3: SRV: Validate kex modes when parsing psk

Browse Source 
On resumption, after the psk identity is matched, we
should check if psk and/or psk_ephemeral, which are
allowed by session ticket, are valid to be selected.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
Pengyu Lv 2023-01-18 17:07:19 +08:00
parent 0b740bc85b
commit f8e50a9607
1 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
library/ssl_tls13_server.c
View File

@ -104,6 +104,10 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0 #define SSL_TLS1_3_OFFERED_PSK_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket( static int ssl_tls13_offered_psks_check_identity_match_ticket(
@ -115,6 +119,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer; unsigned char *ticket_buffer;
unsigned int ticket_flags;
unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t now; mbedtls_time_t now;
uint64_t age_in_s; uint64_t age_in_s;
@ -169,14 +175,22 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
* *
* We regard the ticket with incompatible key exchange modes as not match. * We regard the ticket with incompatible key exchange modes as not match.
*/ */
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, ticket_flags = mbedtls_ssl_session_get_ticket_flags(
session->ticket_flags); session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
if (mbedtls_ssl_tls13_check_kex_modes(
ssl, key_exchanges = 0;
mbedtls_ssl_session_get_ticket_flags( if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) &&
session, ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) &&
ssl_tls13_check_psk_key_exchange(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
if (key_exchanges == 0) {
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
goto exit; goto exit;
} }