yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix wrongly kex mode fallback issue in psk cases

Browse source 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian 2022-09-26 04:01:06 +00:00
parent 210727f3b1
commit ac8195f4f7
2 changed files with 22 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
library/ssl_tls13_client.c
View file

@ -1687,19 +1687,16 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
break;
/* Neither pre_shared_key nor key_share extension was received */
@ -1711,10 +1708,25 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3,
( "Server selected key exchange mode: %s",
handshake->key_exchange_mode == 1 ? "psk" :
(handshake->key_exchange_mode == 2 ? "ephemeral" :
handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ? "psk" :
(handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ? "ephemeral" :
"psk_ephemeral")) );
if( !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode ) )
{
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
MBEDTLS_SSL_DEBUG_MSG( 2,
( "Not supported kex mode in client: %s",
handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ? "psk" :
(handshake->key_exchange_mode ==
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ? "ephemeral" :
"psk_ephemeral")) );
goto cleanup;
}
/* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
*
* TODO: We don't have to do this in case we offered 0-RTT and the

35
tests/opt-testcases/tls13-kex-modes.sh
View file

@ -1835,15 +1835,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail - no common psk" \
-c "client hello, adding PSK binder list" \
-s "Invalid binder."
"""
Currently server side will not check whether client
support ephemeral mode or not, it will cause improper
fallback. It's a bit complicated cause there is no good
way to pass the ephemeral kex mode from client to server,
will create one issue to solve the bug.
Skip this test case temporarily.
"""
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -1856,8 +1847,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode"
1 \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "ClientHello message misses mandatory extensions."
-c "client hello, adding PSK binder list"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1872,8 +1862,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1887,8 +1875,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
-s "No matched PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -1953,8 +1940,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -1966,7 +1951,6 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail - no common id" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2292,8 +2276,6 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail - no common psk" \
-c "client hello, adding psk_key_exchange_modes extension" \
-s "ClientHello message misses mandatory extensions."
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2303,8 +2285,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
1 \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "ClientHello message misses mandatory extensions."
-c "client hello, adding PSK binder list"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2319,8 +2300,6 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2331,8 +2310,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
-s "No matched PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -2397,8 +2375,6 @@ run_test "TLS 1.3: m->m: psk_all/all, good" \
-c "Server selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
# Skip this test case temporarily.
SKIP_NEXT="YES"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -2409,8 +2385,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail - no common id" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-s "No matched PSK or ticket" \
-s "ClientHello message misses mandatory extensions."
-s "No matched PSK or ticket"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C