tls13: Declare PSK ephemeral key exchange mode first
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 72f4857..ac19f63 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -648,14 +648,6 @@
*/
p += 5;
- if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
- {
- *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
- ke_modes_len++;
-
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
- }
-
if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
{
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
@@ -664,6 +656,14 @@
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
}
+ if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
+ {
+ *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
+ ke_modes_len++;
+
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
+ }
+
/* Now write the extension and ke_modes length */
MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
buf[4] = ke_modes_len;
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index f499740..4f62ed6 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -3212,7 +3212,7 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: psk$" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3222,10 +3222,10 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
+run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -3233,7 +3233,8 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
#GNUTLS-SERVER psk_ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3366,7 +3367,7 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: psk$" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3388,5 +3389,5 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: ephemeral" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e2f9206..a75b3f5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -12882,7 +12882,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
+ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \