Add psk handshake with gnutls
Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
40f3771e18
commit
295d93ebe8
2 changed files with 23 additions and 4 deletions
|
@ -359,7 +359,7 @@ int mbedtls_ssl_tls13_evolve_secret(
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
if( input != NULL )
|
if( ( input != NULL ) && ( input_len != 0 ) )
|
||||||
{
|
{
|
||||||
memcpy( tmp_input, input, input_len );
|
memcpy( tmp_input, input, input_len );
|
||||||
ilen = input_len;
|
ilen = input_len;
|
||||||
|
@ -825,6 +825,9 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder",
|
||||||
|
early_secret, hash_len ) ;
|
||||||
|
|
||||||
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
|
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
|
||||||
{
|
{
|
||||||
ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
|
ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
|
||||||
|
@ -1052,6 +1055,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_algorithm_t hash_alg;
|
psa_algorithm_t hash_alg;
|
||||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||||
|
unsigned char *psk = NULL;
|
||||||
|
size_t psk_len = 0;
|
||||||
|
|
||||||
if( handshake->ciphersuite_info == NULL )
|
if( handshake->ciphersuite_info == NULL )
|
||||||
{
|
{
|
||||||
|
@ -1061,14 +1066,28 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
|
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
|
||||||
|
|
||||||
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0,
|
ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
|
||||||
|
if( ret != 0 && psk != NULL )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
|
||||||
handshake->tls13_master_secrets.early );
|
handshake->tls13_master_secrets.early );
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
|
mbedtls_free( (void*)psk );
|
||||||
|
#endif
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early",
|
||||||
|
handshake->tls13_master_secrets.early,
|
||||||
|
PSA_HASH_LENGTH( hash_alg ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2337,10 +2337,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
requires_config_enabled MBEDTLS_DEBUG_C
|
requires_config_enabled MBEDTLS_DEBUG_C
|
||||||
run_test "TLS 1.3: PSK: basic check, G->m" \
|
run_test "TLS 1.3: PSK: basic check, G->m" \
|
||||||
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
|
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
|
||||||
"$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \
|
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \
|
||||||
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
|
||||||
localhost" \
|
localhost" \
|
||||||
1 \
|
0 \
|
||||||
-s "found psk key exchange modes extension" \
|
-s "found psk key exchange modes extension" \
|
||||||
-s "found pre_shared_key extension" \
|
-s "found pre_shared_key extension" \
|
||||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||||
|
|
Loading…
Reference in a new issue