Add psk handshake with gnutls

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Ronald Cron 2022-07-19 08:21:29 +02:00 committed by Jerry Yu
parent 40f3771e18
commit 295d93ebe8
2 changed files with 23 additions and 4 deletions

View file

@ -359,7 +359,7 @@ int mbedtls_ssl_tls13_evolve_secret(
ret = 0; ret = 0;
if( input != NULL ) if( ( input != NULL ) && ( input_len != 0 ) )
{ {
memcpy( tmp_input, input, input_len ); memcpy( tmp_input, input, input_len );
ilen = input_len; ilen = input_len;
@ -825,6 +825,9 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
goto exit; goto exit;
} }
MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder",
early_secret, hash_len ) ;
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{ {
ret = mbedtls_ssl_tls13_derive_secret( hash_alg, ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
@ -1052,6 +1055,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t hash_alg; psa_algorithm_t hash_alg;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
unsigned char *psk = NULL;
size_t psk_len = 0;
if( handshake->ciphersuite_info == NULL ) if( handshake->ciphersuite_info == NULL )
{ {
@ -1061,14 +1066,28 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0, ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
if( ret != 0 && psk != NULL )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret );
return( ret );
}
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
handshake->tls13_master_secrets.early ); handshake->tls13_master_secrets.early );
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_free( (void*)psk );
#endif
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret ); return( ret );
} }
MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early",
handshake->tls13_master_secrets.early,
PSA_HASH_LENGTH( hash_alg ) );
return( 0 ); return( 0 );
} }

View file

@ -2337,10 +2337,10 @@ requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
run_test "TLS 1.3: PSK: basic check, G->m" \ run_test "TLS 1.3: PSK: basic check, G->m" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \ "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \
--pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
localhost" \ localhost" \
1 \ 0 \
-s "found psk key exchange modes extension" \ -s "found psk key exchange modes extension" \
-s "found pre_shared_key extension" \ -s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK_EPHEMERAL KEX MODE" \