Driver-only FFDH is not good enough for DHE support in TLS 1.2

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-27 15:35:50 +00:00 · 2024-04-30 14:25:30 +02:00 · 2024-04-30 14:25:30 +02:00 · ff3b8211ff
commit ff3b8211ff
parent 6191f4aeb5
2 changed files with 11 additions and 0 deletions
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@ -277,6 +277,11 @@ The same holds for the associated algorithm:
 `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
 removing builtin support (i.e. `MBEDTLS_DHM_C`).

+Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
+Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer
+of Mbed TLS only supports DHE cipher suites if built-in FFDH
+(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
 RSA
 ---

--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@ -468,6 +468,12 @@ KNOWN_TASKS = {
                'bignum.generated', 'bignum.misc',
            ],
            'ignored_tests': {
+                'ssl-opt': [
+                    # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
+                    # (because it needs custom groups, which PSA does not
+                    # provide), even with MBEDTLS_USE_PSA_CRYPTO.
+                    re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
+                ],
                'test_suite_platform': [
                    # Incompatible with sanitizers (e.g. ASan). If the driver
                    # component uses a sanitizer but the reference component