Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
e68ab4f55e
commit
73fe8df922
7 changed files with 52 additions and 46 deletions
|
|
@ -1393,7 +1393,7 @@ struct mbedtls_ssl_config
|
||||||
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
|
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
/** Callback to retrieve PSK key from identity */
|
/** Callback to retrieve PSK key from identity */
|
||||||
int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||||
|
|
@ -1463,7 +1463,7 @@ struct mbedtls_ssl_config
|
||||||
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
|
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
|
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
|
||||||
|
|
@ -1494,7 +1494,7 @@ struct mbedtls_ssl_config
|
||||||
* Its value is non-zero if and only if
|
* Its value is non-zero if and only if
|
||||||
* \c psk is not \c NULL or \c psk_opaque
|
* \c psk is not \c NULL or \c psk_opaque
|
||||||
* is not \c 0. */
|
* is not \c 0. */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
|
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
|
||||||
|
|
@ -3296,7 +3296,7 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
|
||||||
mbedtls_pk_context *pk_key );
|
mbedtls_pk_context *pk_key );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
/**
|
/**
|
||||||
* \brief Configure pre-shared keys (PSKs) and their
|
* \brief Configure pre-shared keys (PSKs) and their
|
||||||
* identities to be used in PSK-based ciphersuites.
|
* identities to be used in PSK-based ciphersuites.
|
||||||
|
|
@ -3465,7 +3465,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||||
size_t),
|
size_t),
|
||||||
void *p_psk );
|
void *p_psk );
|
||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -346,6 +346,11 @@ typedef enum {
|
||||||
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \
|
||||||
|
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||||
|
#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Key exchanges using DHE */
|
/* Key exchanges using DHE */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
|
|
|
||||||
|
|
@ -675,7 +675,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
|
mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
|
||||||
uint8_t psk_opaque_is_internal;
|
uint8_t psk_opaque_is_internal;
|
||||||
|
|
@ -684,7 +684,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
size_t psk_len; /*!< Length of PSK from callback */
|
size_t psk_len; /*!< Length of PSK from callback */
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
uint16_t selected_identity;
|
uint16_t selected_identity;
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||||
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
||||||
|
|
@ -1366,12 +1366,13 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_key_exchange_type_t key_ex );
|
mbedtls_key_exchange_type_t key_ex );
|
||||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
|
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
/**
|
/**
|
||||||
* Get the first defined opaque PSK by order of precedence:
|
* Get the first defined opaque PSK by order of precedence:
|
||||||
|
|
@ -1424,7 +1425,7 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_C)
|
#if defined(MBEDTLS_PK_C)
|
||||||
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
||||||
|
|
|
||||||
|
|
@ -1599,7 +1599,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
|
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
|
||||||
{
|
{
|
||||||
if( conf->psk_identity == NULL ||
|
if( conf->psk_identity == NULL ||
|
||||||
|
|
@ -1842,7 +1842,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
|
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
|
||||||
|
|
@ -3645,7 +3645,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_free( (void *) handshake->curves );
|
mbedtls_free( (void *) handshake->curves );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
|
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
|
||||||
{
|
{
|
||||||
|
|
@ -3665,7 +3665,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_free( handshake->psk );
|
mbedtls_free( handshake->psk );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
|
|
@ -4873,7 +4873,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
||||||
mbedtls_mpi_free( &conf->dhm_G );
|
mbedtls_mpi_free( &conf->dhm_G );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
|
if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
|
||||||
{
|
{
|
||||||
|
|
@ -4895,7 +4895,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
||||||
conf->psk_identity = NULL;
|
conf->psk_identity = NULL;
|
||||||
conf->psk_identity_len = 0;
|
conf->psk_identity_len = 0;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
ssl_key_cert_free( conf->key_cert );
|
ssl_key_cert_free( conf->key_cert );
|
||||||
|
|
|
||||||
|
|
@ -173,7 +173,7 @@ int main( void )
|
||||||
#define USAGE_CID ""
|
#define USAGE_CID ""
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#define USAGE_PSK_RAW \
|
#define USAGE_PSK_RAW \
|
||||||
" psk=%%s default: \"\" (disabled)\n" \
|
" psk=%%s default: \"\" (disabled)\n" \
|
||||||
" The PSK values are in hex, without 0x.\n" \
|
" The PSK values are in hex, without 0x.\n" \
|
||||||
|
|
@ -195,7 +195,7 @@ int main( void )
|
||||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
#define USAGE_CA_CALLBACK \
|
#define USAGE_CA_CALLBACK \
|
||||||
|
|
@ -724,7 +724,7 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -756,7 +756,7 @@ int main( int argc, char *argv[] )
|
||||||
const char *pers = "ssl_client2";
|
const char *pers = "ssl_client2";
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
psa_algorithm_t alg = 0;
|
psa_algorithm_t alg = 0;
|
||||||
psa_key_attributes_t key_attributes;
|
psa_key_attributes_t key_attributes;
|
||||||
|
|
@ -1403,7 +1403,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_debug_set_threshold( opt.debug_level );
|
mbedtls_debug_set_threshold( opt.debug_level );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Unhexify the pre-shared key if any is given
|
* Unhexify the pre-shared key if any is given
|
||||||
*/
|
*/
|
||||||
|
|
@ -1416,7 +1416,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
|
|
@ -1475,7 +1475,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined (MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
{
|
{
|
||||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||||
|
|
@ -1486,7 +1486,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2027,7 +2027,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -2065,7 +2065,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
if( opt.min_version != DFL_MIN_VERSION )
|
if( opt.min_version != DFL_MIN_VERSION )
|
||||||
mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
|
mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
|
||||||
|
|
@ -3195,7 +3195,7 @@ exit:
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -3214,7 +3214,7 @@ exit:
|
||||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||||
MBEDTLS_USE_PSA_CRYPTO */
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
|
|
||||||
|
|
@ -241,7 +241,7 @@ int main( void )
|
||||||
#define USAGE_CID ""
|
#define USAGE_CID ""
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#define USAGE_PSK_RAW \
|
#define USAGE_PSK_RAW \
|
||||||
" psk=%%s default: \"\" (disabled)\n" \
|
" psk=%%s default: \"\" (disabled)\n" \
|
||||||
" The PSK values are in hex, without 0x.\n" \
|
" The PSK values are in hex, without 0x.\n" \
|
||||||
|
|
@ -276,7 +276,7 @@ int main( void )
|
||||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
#define USAGE_CA_CALLBACK \
|
#define USAGE_CA_CALLBACK \
|
||||||
" ca_callback=%%d default: 0 (disabled)\n" \
|
" ca_callback=%%d default: 0 (disabled)\n" \
|
||||||
|
|
@ -907,7 +907,7 @@ int cert_callback( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
#endif /* SNI_OPTION */
|
#endif /* SNI_OPTION */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
|
||||||
typedef struct _psk_entry psk_entry;
|
typedef struct _psk_entry psk_entry;
|
||||||
|
|
||||||
|
|
@ -1020,7 +1020,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
static mbedtls_net_context listen_fd, client_fd;
|
static mbedtls_net_context listen_fd, client_fd;
|
||||||
|
|
||||||
|
|
@ -1280,7 +1280,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot,
|
static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
unsigned char *psk,
|
unsigned char *psk,
|
||||||
|
|
@ -1303,7 +1303,7 @@ static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot,
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
|
@ -1431,7 +1431,7 @@ int main( int argc, char *argv[] )
|
||||||
int query_config_ret = 0;
|
int query_config_ret = 0;
|
||||||
io_ctx_t io_ctx;
|
io_ctx_t io_ctx;
|
||||||
unsigned char* buf = 0;
|
unsigned char* buf = 0;
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_algorithm_t alg = 0;
|
psa_algorithm_t alg = 0;
|
||||||
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
@ -2336,7 +2336,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
|
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
|
||||||
{
|
{
|
||||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||||
|
|
@ -2347,7 +2347,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2374,7 +2374,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Unhexify the pre-shared key and parse the list if any given
|
* Unhexify the pre-shared key and parse the list if any given
|
||||||
*/
|
*/
|
||||||
|
|
@ -2393,7 +2393,7 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( opt.curves != NULL )
|
if( opt.curves != NULL )
|
||||||
|
|
@ -3233,7 +3233,7 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
|
||||||
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -4314,7 +4314,7 @@ exit:
|
||||||
sni_free( sni_info );
|
sni_free( sni_info );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
ret = psk_free( psk_info );
|
ret = psk_free( psk_info );
|
||||||
if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
|
if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
|
||||||
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||||
|
|
@ -4348,7 +4348,7 @@ exit:
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
{
|
{
|
||||||
|
|
@ -4365,7 +4365,7 @@ exit:
|
||||||
(int) status );
|
(int) status );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||||
MBEDTLS_USE_PSA_CRYPTO */
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
|
|
||||||
|
|
@ -2076,7 +2076,7 @@ void perform_handshake( handshake_test_options *options )
|
||||||
int forced_ciphersuite[2];
|
int forced_ciphersuite[2];
|
||||||
enum { BUFFSIZE = 17000 };
|
enum { BUFFSIZE = 17000 };
|
||||||
mbedtls_endpoint client, server;
|
mbedtls_endpoint client, server;
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
const char *psk_identity = "foo";
|
const char *psk_identity = "foo";
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
|
|
@ -2188,7 +2188,7 @@ void perform_handshake( handshake_test_options *options )
|
||||||
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
|
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if( options->psk_str != NULL && options->psk_str->len > 0 )
|
if( options->psk_str != NULL && options->psk_str->len > 0 )
|
||||||
{
|
{
|
||||||
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
|
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
|
||||||
|
|
@ -5621,7 +5621,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
void test_multiple_psks()
|
void test_multiple_psks()
|
||||||
{
|
{
|
||||||
unsigned char psk0[10] = { 0 };
|
unsigned char psk0[10] = { 0 };
|
||||||
|
|
@ -5651,7 +5651,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
|
||||||
void test_multiple_psks_opaque( int mode )
|
void test_multiple_psks_opaque( int mode )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue