commit b300e3c5be3f1a749b73fd89e1a089b957f31bca
author Jerry Yu <jerry.h.yu@arm.com> Wed Sep 28 22:12:07 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Fri Oct 07 10:11:05 2022 +0800
tree 3c7e8560d7587ed76476b20e0942a5690fe339e9
parent 1a0a0f4416944ff93717be268304e540ca520592

add selected_identity parser

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index babbbbd..67ecdc9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1083,10 +1083,90 @@
                                                       const unsigned char *buf,
                                                       const unsigned char *end )
 {
-    ((void) ssl);
-    ((void) buf);
-    ((void) end);
-    return( 0 );
+    int ret = 0;
+    int selected_identity;
+    int psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+    const unsigned char *psk;
+    size_t psk_len;
+    psa_algorithm_t psa_alg;
+
+    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 );
+    selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) );
+
+    if( ssl_tls13_has_configured_psk( ssl ) &&
+        ssl_tls13_has_configured_ticket( ssl ) )
+    {
+        if( selected_identity >= 2 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) );
+            goto exit;
+        }
+        switch( selected_identity )
+        {
+            case 0:
+                psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+                break;
+            case 1:
+                psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+                break;
+        }
+    }
+    else if( ssl_tls13_has_configured_psk( ssl ) ||
+             ssl_tls13_has_configured_ticket( ssl ) )
+    {
+        if( selected_identity >= 1 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Out of range" ) );
+            goto exit;
+        }
+
+        if( ssl_tls13_has_configured_psk( ssl ) )
+            psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+        else if( ssl_tls13_has_configured_ticket( ssl ) )
+            psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    switch( psk_type )
+    {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
+            ret = ssl_tls13_session_tickets_get_psk(
+                      ssl, &psa_alg, &psk, &psk_len );
+            break;
+#endif
+        case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
+            ret = ssl_tls13_psk_get_psk(
+                      ssl, &psa_alg, &psk, &psk_len );
+            break;
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret );
+    }
+    else
+        ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
+
+    return( ret );
+
+exit:
+    MBEDTLS_SSL_DEBUG_MSG(
+            1, ( "Invalid chosen PSK identity." ) );
+
+    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                    MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
 }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */