Add select ciphersuite entry function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:58:26 +08:00 · 2022-08-23 17:58:26 +08:00 · f35ba384ff
commit f35ba384ff
parent dd1bef788e
1 changed files with 102 additions and 80 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -46,6 +46,25 @@
 #include "ssl_tls13_keys.h"
 #include "ssl_debug_helpers.h"

+
+static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id(
+                                      mbedtls_ssl_context *ssl,
+                                      uint16_t cipher_suite )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+    if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+        return( NULL );
+
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+    if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+                                            ssl->tls_version,
+                                            ssl->tls_version ) != 0 ) )
+    {
+        return( NULL );
+    }
+    return( ciphersuite_info );
+}
+
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 /* From RFC 8446:
 *
@ -188,88 +207,98 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl,
    return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
 }

-static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id(
-                                      mbedtls_ssl_context *ssl,
-                                      uint16_t cipher_suite )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
-        return( NULL );
-
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-    if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
-                                            ssl->tls_version,
-                                            ssl->tls_version ) != 0 ) )
-    {
-        return( NULL );
-    }
-    return( ciphersuite_info );
-}
-
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl,
-                                                      const unsigned char *buf,
-                                                      const unsigned char *end,
-                                                      size_t binder_len,
-                                                      uint16_t *selected_cipher_suite )
+static int ssl_tls13_select_ciphersuite_for_psk(
+               mbedtls_ssl_context *ssl,
+               const unsigned char *cipher_suites,
+               const unsigned char *cipher_suites_end,
+               uint16_t *selected_ciphersuite,
+               const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
 {
-    mbedtls_md_type_t psk_alg;
+    psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;

-    *selected_cipher_suite = 0;
+    /* RFC 8446, page 55.
+     *
+     * For externally established PSKs, the Hash algorithm MUST be set when the
+     * PSK is established or default to SHA-256 if no such algorithm is defined.
+     *
+     */
+    psk_hash_alg = PSA_ALG_SHA_256;

-    switch( binder_len )
-    {
-#if defined(MBEDTLS_SHA256_C)
-        case 32:
-            psk_alg = MBEDTLS_MD_SHA256;
-            break;
-#endif
-#if defined(MBEDTLS_SHA384_C)
-        case 48:
-            psk_alg = MBEDTLS_MD_SHA384;
-            break;
-#endif
-        default:
-            return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
-    }
    /*
     * Search for a matching ciphersuite
     */
-    for ( const unsigned char *p = buf ; p < end ; p += 2 )
+    for ( const unsigned char *p = cipher_suites ;
+          p < cipher_suites_end ; p += 2 )
    {
        uint16_t cipher_suite;
-        const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
-
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+        const mbedtls_ssl_ciphersuite_t *ciphersuite_info;

        cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
-        if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+        ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id(
+                               ssl,cipher_suite );
+        if( ciphersuite_info == NULL )
            continue;

-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-        if( ( mbedtls_ssl_validate_ciphersuite(
-                ssl, ciphersuite_info, ssl->tls_version,
-                ssl->tls_version ) != 0 ) )
-        {
-            continue;
-        }
-
        /* MAC of selected ciphersuite MUST be same with PSK binder if exist.
         * Otherwise, client should reject.
         */
-        if( psk_alg != MBEDTLS_MD_NONE && psk_alg != ciphersuite_info->mac )
-            continue;
+        if( psk_hash_alg == mbedtls_psa_translate_md( ciphersuite_info->mac ) )
+        {
+            *selected_ciphersuite = cipher_suite;
+            *selected_ciphersuite_info = ciphersuite_info;
+            return( 0 );
+        }
+    }
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "No matched ciphersuite" ) );
+    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+}

-        *selected_cipher_suite = cipher_suite;
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_select_ciphersuite_for_resumption(
+               mbedtls_ssl_context *ssl,
+               const unsigned char *cipher_suites,
+               const unsigned char *cipher_suites_end,
+               mbedtls_ssl_session *session,
+               uint16_t *selected_ciphersuite,
+               const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+{
+    ((void) ssl);
+    ((void) session);
+    ((void) cipher_suites);
+    ((void) cipher_suites_end);
+    ((void) selected_ciphersuite);
+    ((void) selected_ciphersuite_info);
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}

-        MBEDTLS_SSL_DEBUG_MSG( 5, ( "PSK matched ciphersuite: %04x - %s",
-                                    cipher_suite,
-                                    ciphersuite_info->name ) );
-        return( 0 );
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_select_ciphersuite(
+               mbedtls_ssl_context *ssl,
+               const unsigned char *cipher_suites,
+               const unsigned char *cipher_suites_end,
+               int psk_type,
+               mbedtls_ssl_session *session,
+               uint16_t *selected_ciphersuite,
+               const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+{
+    *selected_ciphersuite = 0;
+    *selected_ciphersuite_info = NULL;
+    switch( psk_type )
+    {
+        case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
+            return( ssl_tls13_select_ciphersuite_for_psk(
+                        ssl, cipher_suites, cipher_suites_end,
+                        selected_ciphersuite, selected_ciphersuite_info ) );
+        case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
+            return( ssl_tls13_select_ciphersuite_for_resumption(
+                        ssl, cipher_suites, cipher_suites_end, session,
+                        selected_ciphersuite, selected_ciphersuite_info ) );
    }

-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
+
 /* Parser for pre_shared_key extension in client hello
 *    struct {
 *        opaque identity<1..2^16-1>;
@ -367,26 +396,19 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
        if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
            continue;

-        if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL )
+        MBEDTLS_SSL_DEBUG_MSG( 4, ( "found matched identity" ) );
+        ret = ssl_tls13_select_ciphersuite( ssl, ciphersuites, ciphersuites_end,
+                                            psk_type, NULL, &cipher_suite,
+                                            &ciphersuite_info );
+        if( ret != 0 )
        {
-            ret = ssl_tls13_psk_external_check_ciphersuites(
-                            ssl, ciphersuites, ciphersuites_end,
-                            binder_len, &cipher_suite );
-            if( ret < 0 )
-            {
-                /* See below, no cipher_suite available, abort handshake */
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( ret );
-            }
-            ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "`psk_type = %d` not support yet",
-                                        psk_type ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            /* See below, no cipher_suite available, abort handshake */
+            MBEDTLS_SSL_PEND_FATAL_ALERT(
+                MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            MBEDTLS_SSL_DEBUG_RET(
+                2, "ssl_tls13_select_ciphersuite_for_psk", ret );
+            return( ret );
        }

        ret = ssl_tls13_offered_psks_check_binder_match(