Add negative tests for opaque mixed-PSK (client)

ssl_client2.c used to check that we force a ciphersuite that worked; that would have prevented testing so I removed it. The library should be robust even when the application tries something that doesn't work. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-07-23 15:01:00 +03:00 · 2022-06-14 10:45:19 +02:00
parent 938be422c6
commit a49a00cc24
3 changed files with 44 additions and 11 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3928,7 +3928,10 @@ ecdh_calc_secret:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
            /* Opaque PSKs are currently only supported for PSK-only suites. */
            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

            if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
@ -3943,7 +3946,10 @@ ecdh_calc_secret:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
            /* Opaque PSKs are currently only supported for PSK-only suites. */
            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

            /*
@ -3980,7 +3986,10 @@ ecdh_calc_secret:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
            /* Opaque PSKs are currently only supported for PSK-only suites. */
            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

            /*
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -1420,17 +1420,6 @@ int main( int argc, char *argv[] )
 #if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
        if( opt.psk_opaque != 0 )
        {
-            /* Ensure that the chosen ciphersuite is PSK-only; we must know
-             * the ciphersuite in advance to set the correct policy for the
-             * PSK key slot. This limitation might go away in the future. */
-            if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
-                opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
-            {
-                mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
-                ret = 2;
-                goto usage;
-            }
-
            /* Determine KDF algorithm the opaque PSK will be used in. */
 #if defined(MBEDTLS_SHA512_C)
            if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -1699,6 +1699,41 @@ run_test    "Opaque key: server: ECDH-RSA not supported" \
            -s "error" \
            -c "error"

+# Opaque PSKs not supported for mixed PSK
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test    "Opaque psk: client: ECDHE-PSK not supported" \
+            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            force_version=tls12 \
+            force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
+            1 \
+            -c "opaque PSK not supported with ECDHE-PSK" \
+            -s "error" \
+            -c "error"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test    "Opaque psk: client: DHE-PSK not supported" \
+            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            force_version=tls12 \
+            force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
+            1 \
+            -c "opaque PSK not supported with DHE-PSK" \
+            -s "error" \
+            -c "error"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test    "Opaque psk: client: RSA-PSK not supported" \
+            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            force_version=tls12 \
+            force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
+            1 \
+            -c "opaque PSK not supported with RSA-PSK" \
+            -s "error" \
+            -c "error"
+
 # Test ciphersuites which we expect to be fully supported by PSA Crypto
 # and check that we don't fall back to Mbed TLS' internal crypto primitives.
 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM