commit 295d93ebe821f0f2b3dc7693e0cb7408e7bc0bbe
author Ronald Cron <ronald.cron@arm.com> Tue Jul 19 08:21:29 2022 +0200
committer Jerry Yu <jerry.h.yu@arm.com> Thu Aug 11 21:25:35 2022 +0800
tree 59dd1a2d044357d2a6878ea4ea67e0ddae0b8e26
parent 40f3771e185f074935f8189e5a9e0b06b7768e5e

Add psk handshake with gnutls

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 35c3751..8d01fc8 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -359,7 +359,7 @@
 
     ret = 0;
 
-    if( input != NULL )
+    if( ( input != NULL ) && ( input_len != 0 ) )
     {
         memcpy( tmp_input, input, input_len );
         ilen = input_len;
@@ -825,6 +825,9 @@
         goto exit;
     }
 
+    MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder",
+                           early_secret, hash_len ) ;
+
     if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
     {
         ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
@@ -1052,6 +1055,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t hash_alg;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+    unsigned char *psk = NULL;
+    size_t psk_len = 0;
 
     if( handshake->ciphersuite_info == NULL )
     {
@@ -1061,14 +1066,28 @@
 
     hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
 
-    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0,
+    ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
+    if( ret != 0 && psk != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret );
+        return( ret );
+    }
+
+    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
                                            handshake->tls13_master_secrets.early );
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+    mbedtls_free( (void*)psk );
+#endif
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
         return( ret );
     }
 
+    MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early",
+                           handshake->tls13_master_secrets.early,
+                           PSA_HASH_LENGTH( hash_alg ) );
     return( 0 );
 }
 

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d498d50..5c042ee 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2337,10 +2337,10 @@
 requires_config_enabled MBEDTLS_DEBUG_C
 run_test    "TLS 1.3: PSK: basic check, G->m" \
             "$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 psk=6162636465666768696a6b6c6d6e6f70" \
-            "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+KX-ALL:+PSK:+DHE-PSK:+VERS-TLS1.3 \
+            "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+SHA256 \
                          --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
                          localhost" \
-            1 \
+            0 \
             -s "found psk key exchange modes extension" \
             -s "found pre_shared_key extension" \
             -s "Found PSK_EPHEMERAL KEX MODE" \