commit eb69aee6af8cd0901fb34d3088fd99b78e9658ed
author XiaokangQian <xiaokang.qian@arm.com> Tue Jul 05 08:21:43 2022 +0000
committer Ronald Cron <ronald.cron@arm.com> Thu Jul 21 15:30:04 2022 +0200
tree 3cb5499fffa5c24625ad9907eeec1cddc8d14a92
parent ecc1031dbfcaef88f19dd8cafb7451b3b7617a1b

Add psk code to tls13 client side

Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_client.c

diff --git a/library/ssl_client.c b/library/ssl_client.c
index 20f1aff..5e775cc 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -432,7 +432,8 @@
 static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
                                         unsigned char *buf,
                                         unsigned char *end,
-                                        size_t *out_len )
+                                        size_t *out_len,
+                                        size_t *binders_len )
 {
     int ret;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -443,6 +444,7 @@
     int tls12_uses_ec = 0;
 
     *out_len = 0;
+    *binders_len = 0;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     unsigned char propose_tls12 =
@@ -641,6 +643,18 @@
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+    defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+    if( propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) )
+    {
+        ret = mbedtls_ssl_tls13_write_pre_shared_key_ext_without_binders(
+                  ssl, p, end, &output_len, binders_len );
+        if( ret != 0 )
+            return( ret );
+        p += output_len;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
     /* Write the length of the list of extensions. */
     extensions_len = p - p_extensions_len - 2;
 
@@ -837,7 +851,7 @@
 {
     int ret = 0;
     unsigned char *buf;
-    size_t buf_len, msg_len;
+    size_t buf_len, msg_len, binders_len;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
@@ -849,7 +863,8 @@
 
     MBEDTLS_SSL_PROC_CHK( ssl_write_client_hello_body( ssl, buf,
                                                        buf + buf_len,
-                                                       &msg_len ) );
+                                                       &msg_len,
+                                                       &binders_len ) );
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@@ -883,6 +898,17 @@
     else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
     {
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+    defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+        if( binders_len > 0 )
+        {
+            MBEDTLS_SSL_PROC_CHK(
+                mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
+                      ssl, buf + msg_len - binders_len, buf + msg_len ) );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
         mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                             buf, msg_len );
         MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,