Add psk code to tls13 client side

Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2025-08-07 06:42:56 +03:00 · 2022-07-05 08:21:43 +00:00
parent ecc1031dbf
commit eb69aee6af
4 changed files with 543 additions and 7 deletions
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -432,7 +432,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
                                        unsigned char *buf,
                                        unsigned char *end,
-                                        size_t *out_len )
+                                        size_t *out_len,
+                                        size_t *binders_len )
 {
    int ret;
    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -443,6 +444,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
    int tls12_uses_ec = 0;

    *out_len = 0;
+    *binders_len = 0;

 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
    unsigned char propose_tls12 =
@@ -641,6 +643,18 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
    }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+    defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+    if( propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) )
+    {
+        ret = mbedtls_ssl_tls13_write_pre_shared_key_ext_without_binders(
+                  ssl, p, end, &output_len, binders_len );
+        if( ret != 0 )
+            return( ret );
+        p += output_len;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
    /* Write the length of the list of extensions. */
    extensions_len = p - p_extensions_len - 2;

@@ -837,7 +851,7 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
 {
    int ret = 0;
    unsigned char *buf;
-    size_t buf_len, msg_len;
+    size_t buf_len, msg_len, binders_len;

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );

@@ -849,7 +863,8 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )

    MBEDTLS_SSL_PROC_CHK( ssl_write_client_hello_body( ssl, buf,
                                                       buf + buf_len,
-                                                       &msg_len ) );
+                                                       &msg_len,
+                                                       &binders_len ) );

 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
@@ -883,6 +898,17 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
    else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
    {
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+    defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+        if( binders_len > 0 )
+        {
+            MBEDTLS_SSL_PROC_CHK(
+                mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
+                      ssl, buf + msg_len - binders_len, buf + msg_len ) );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
        mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
                                            buf, msg_len );
        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,