commit f8e50a9607f4ad0236424495a98aee9e84bb4c3e
author Pengyu Lv <pengyu.lv@arm.com> Wed Jan 18 17:07:19 2023 +0800
committer Pengyu Lv <pengyu.lv@arm.com> Wed Jan 18 17:42:12 2023 +0800
tree 3beae285f5528221339b2fc4ce574fca9a0506f9
parent 0b740bc85b4c99a8dfba9247617d35094d0fcbad

TLS 1.3: SRV: Validate kex modes when parsing psk

On resumption, after the psk identity is matched, we
should check if psk and/or psk_ephemeral, which are
allowed by session ticket, are valid to be selected.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 26ef0f9..858a7a3 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -104,6 +104,10 @@
 #define SSL_TLS1_3_OFFERED_PSK_MATCH       0
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_offered_psks_check_identity_match_ticket(
@@ -115,6 +119,8 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *ticket_buffer;
+    unsigned int ticket_flags;
+    unsigned int key_exchanges;
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t now;
     uint64_t age_in_s;
@@ -169,14 +175,22 @@
      *
      * We regard the ticket with incompatible key exchange modes as not match.
      */
-    ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
-    MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
-                                   session->ticket_flags);
-    if (mbedtls_ssl_tls13_check_kex_modes(
-            ssl,
-            mbedtls_ssl_session_get_ticket_flags(
-                session,
-                MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
+    MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
+    ticket_flags = mbedtls_ssl_session_get_ticket_flags(
+        session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
+
+    key_exchanges = 0;
+    if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) &&
+        ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+        key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+    }
+    if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) &&
+        ssl_tls13_check_psk_key_exchange(ssl)) {
+        key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+    }
+
+    if (key_exchanges == 0) {
+        ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
         MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
         goto exit;
     }