tls13: Declare PSK ephemeral key exchange mode first

In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-09-27 16:46:11 +02:00
parent dd0c8f9c26
commit a709a0f2c6
3 changed files with 16 additions and 15 deletions

View file

@ -648,14 +648,6 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
*/
p += 5;
if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
{
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
ke_modes_len++;
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
}
if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
{
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
@ -664,6 +656,14 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
}
if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
{
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
ke_modes_len++;
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
}
/* Now write the extension and ke_modes length */
MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
buf[4] = ke_modes_len;

View file

@ -3212,7 +3212,7 @@ run_test "TLS 1.3: m->G: psk_all/all, good" \
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
-c "Selected key exchange mode: psk$" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -3222,10 +3222,10 @@ requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
1 \
0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@ -3233,7 +3233,8 @@ run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
#GNUTLS-SERVER psk_ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -3366,7 +3367,7 @@ run_test "TLS 1.3: m->G: all/all, good" \
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
-c "Selected key exchange mode: psk$" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -3388,5 +3389,5 @@ run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
-c "Selected key exchange mode: ephemeral" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"

View file

@ -12882,7 +12882,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \