From 14d11b0877ffecc42dae531afe17570f0e61b7e6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 14 Apr 2022 08:33:29 +0200 Subject: [PATCH] Enable support for psa opaque ECDHE-PSK key exchange on the server side Signed-off-by: Przemek Stekiel --- library/ssl_tls12_server.c | 50 +++++++++++++++++++++----------------- programs/ssl/ssl_server2.c | 5 ++-- 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 05d382b03..1adfe3e5f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -4112,10 +4112,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t ecpoint_len; - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - mbedtls_ssl_handshake_params *handshake = ssl->handshake; if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) @@ -4188,28 +4184,38 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) const unsigned char *psk = NULL; size_t psk_len = 0; - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function - */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + /* In case of opaque psk skip writting psk to pms. + * Opaque key will be handled later. */ + if( ssl_use_opaque_psk( ssl ) == 0 ) + { + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) + /* + * This should never happen because the existence of a PSK is always + * checked before calling this function + */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - /* opaque psk<0..2^16-1>; */ - if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* opaque psk<0..2^16-1>; */ + if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - /* Write the PSK length as uint16 */ - MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 ); - psm += 2; + /* Write the PSK length as uint16 */ + MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 ); + psm += 2; - /* Write the PSK itself */ - memcpy( psm, psk, psk_len ); - psm += psk_len; + /* Write the PSK itself */ + memcpy( psm, psk, psk_len ); + psm += psk_len; - ssl->handshake->pmslen = psm - ssl->handshake->premaster; -#else + ssl->handshake->pmslen = psm - ssl->handshake->premaster; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque ECDHE-PSK" ) ); + } +#else /* MBEDTLS_USE_PSA_CRYPTO */ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 13e340625..bc2aa6880 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2211,11 +2211,12 @@ int main( int argc, char *argv[] ) * the ciphersuite in advance to set the correct policy for the * PSK key slot. This limitation might go away in the future. */ if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK && - ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) || + ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK && + ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) || opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 ) { mbedtls_printf( "opaque PSKs are only supported in conjunction \ - with forcing TLS 1.2 and a PSK-only, RSA-PSK \ + with forcing TLS 1.2 and a PSK-only, RSA-PSK, ECDHE-PSK \ ciphersuites through the 'force_ciphersuite' option.\n" ); ret = 2; goto usage;