search

hannestschofenig / mbedtls

An open source, portable, easy to use, readable and flexible SSL library
https://tls.mbed.org
Apache License 2.0
15 stars 8 forks source link

Pre-Shared Key Exchange Modes extension should be sent in Client Hello when client supports psk_dhe_ke #397

Closed lhuang04 closed 2 years ago

lhuang04 commented 2 years ago

Summary

A recent commit added the logic to send key exchange mode ext only when offering a PSK. As a result, the client may not add Pre-Shared Key Exchange Modes extension in the very initial Client Hello. And our server will not send New Session Ticket(NST) to client if there is no Pre-Shared Key Exchange Modes extension in the client hello. In psk_dhe_ke mode, client can only offer PSK if it has received NST from previous session.

Looking at the RFC, it seems correct that server may not sent NST to client when there is no Pre-Shared Key Exchange Modes extension in the client hello.

   In order to use PSKs, clients MUST also send a
   "psk_key_exchange_modes" extension.  The semantics of this extension
   are that the client only supports the use of PSKs with these modes,
   which restricts both the use of PSKs offered in this ClientHello and
   those which the server might supply via NewSessionTicket.

Another issue with the commit is that the *out_len should be set to 0 when the function returns early.

    if( mbedtls_ssl_get_psk_to_offer( ssl, &psk, &psk_len,
                                      &psk_identity, &psk_identity_len ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip psk_key_exchange_modes extension" ) );
        return( 0 );
    }

Should be

    if( mbedtls_ssl_get_psk_to_offer( ssl, &psk, &psk_len,
                                      &psk_identity, &psk_identity_len ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip psk_key_exchange_modes extension" ) );
        *out_len = 0;
        return( 0 );
    }

System information

Mbed TLS version (number or commit id): Operating system and version: Configuration (if not default, please attach mbedtls_config.h): Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information:

Expected behavior

Actual behavior

Steps to reproduce

Additional information

lhuang04 commented 2 years ago

cc @ronald-cron-arm

ronald-cron-arm commented 2 years ago

@lhuang04 you are right, sorry for the inconvenience. I forgot about the ticket enablement part of the pre shared key exchange modes extension. I will revert the commit.