dtls: Check PSK ciphersuite against local list

Author: julek-wolfssl

src/dtls.c

@@ -732,8 +732,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
 
         /* Ask the user for the ciphersuite matching this identity */
         if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts,
-                tlsx.elements, (word16)tlsx.size, ssl->heap) == 0)
+                tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) {
+            /* suites only needs to be refined when searching for a PSK.
+             * MatchSuite_ex handles refining internally. */
+            refineSuites(WOLFSSL_SUITES(ssl), &suites, &suites,
+                    ssl->options.useClientOrder);
             FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites);
+        }
         /* Revert to full handshake if PSK parsing failed */
 
         if (pskInfo.isValid) {
@@ -753,8 +758,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
                     ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup);
                 doKE = 1;
             }
-            else if ((modes & (1 << PSK_KE)) == 0) {
-                    ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup);
+            else if ((modes & (1 << PSK_KE)) == 0 ||
+                    ssl->options.onlyPskDheKe) {
+                ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup);
             }
             usePSK = 1;
         }

src/internal.c

@@ -37406,6 +37406,74 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return 1;
     }
 
+    void refineSuites(const Suites* sslSuites, const Suites* peerSuites,
+            Suites* outSuites, byte useClientOrder)
+    {
+        byte   suites[WOLFSSL_MAX_SUITE_SZ];
+        word16 suiteSz = 0;
+        word16 i;
+        word16 j;
+
+        XMEMSET(suites, 0, sizeof(suites));
+
+        if (!useClientOrder) {
+            /* Server order refining. */
+            for (i = 0; i < sslSuites->suiteSz; i += 2) {
+                for (j = 0; j < peerSuites->suiteSz; j += 2) {
+                    if ((sslSuites->suites[i+0] == peerSuites->suites[j+0]) &&
+                        (sslSuites->suites[i+1] == peerSuites->suites[j+1])) {
+                        suites[suiteSz++] = peerSuites->suites[j+0];
+                        suites[suiteSz++] = peerSuites->suites[j+1];
+                        break;
+                    }
+                }
+                if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
+                    break;
+            }
+        }
+        else {
+            /* Client order refining. */
+            for (j = 0; j < peerSuites->suiteSz; j += 2) {
+                for (i = 0; i < sslSuites->suiteSz; i += 2) {
+                    if ((sslSuites->suites[i+0] == peerSuites->suites[j+0]) &&
+                        (sslSuites->suites[i+1] == peerSuites->suites[j+1])) {
+                        suites[suiteSz++] = peerSuites->suites[j+0];
+                        suites[suiteSz++] = peerSuites->suites[j+1];
+                        break;
+                    }
+                }
+                if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
+                    break;
+            }
+        }
+
+        outSuites->suiteSz = suiteSz;
+        XMEMCPY(outSuites->suites, &suites, sizeof(suites));
+    #ifdef WOLFSSL_DEBUG_TLS
+        {
+            int ii;
+            WOLFSSL_MSG("Refined Ciphers:");
+            for (ii = 0 ; ii < suites->suiteSz; ii += 2) {
+                WOLFSSL_MSG(GetCipherNameInternal(suites->suites[ii+0],
+                                                  suites->suites[ii+1]));
+            }
+        }
+    #endif
+    }
+
+    /* Refine list of supported cipher suites to those common to server and client.
+     *
+     * ssl         SSL/TLS object.
+     * peerSuites  The peer's advertised list of supported cipher suites.
+     */
+    void sslRefineSuites(WOLFSSL* ssl, Suites* peerSuites)
+    {
+        if (AllocateSuites(ssl) != 0)
+            return;
+        refineSuites(ssl->suites, peerSuites, ssl->suites,
+                ssl->options.useClientOrder);
+    }
+
     static int CompareSuites(const WOLFSSL* ssl, const Suites* suites,
                              Suites* peerSuites, word16 i, word16 j,
                              CipherSuite* cs, TLSX* extensions)

src/tls13.c

@@ -5887,69 +5887,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
 
 #ifndef NO_WOLFSSL_SERVER
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-/* Refine list of supported cipher suites to those common to server and client.
- *
- * ssl         SSL/TLS object.
- * peerSuites  The peer's advertised list of supported cipher suites.
- */
-static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
-{
-    byte   suites[WOLFSSL_MAX_SUITE_SZ];
-    word16 suiteSz = 0;
-    word16 i;
-    word16 j;
-
-    if (AllocateSuites(ssl) != 0)
-        return;
-
-    XMEMSET(suites, 0, sizeof(suites));
-
-    if (!ssl->options.useClientOrder) {
-        /* Server order refining. */
-        for (i = 0; i < ssl->suites->suiteSz; i += 2) {
-            for (j = 0; j < peerSuites->suiteSz; j += 2) {
-                if ((ssl->suites->suites[i+0] == peerSuites->suites[j+0]) &&
-                    (ssl->suites->suites[i+1] == peerSuites->suites[j+1])) {
-                    suites[suiteSz++] = peerSuites->suites[j+0];
-                    suites[suiteSz++] = peerSuites->suites[j+1];
-                    break;
-                }
-            }
-            if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
-                break;
-        }
-    }
-    else {
-        /* Client order refining. */
-        for (j = 0; j < peerSuites->suiteSz; j += 2) {
-            for (i = 0; i < ssl->suites->suiteSz; i += 2) {
-                if ((ssl->suites->suites[i+0] == peerSuites->suites[j+0]) &&
-                    (ssl->suites->suites[i+1] == peerSuites->suites[j+1])) {
-                    suites[suiteSz++] = peerSuites->suites[j+0];
-                    suites[suiteSz++] = peerSuites->suites[j+1];
-                    break;
-                }
-            }
-            if (suiteSz == WOLFSSL_MAX_SUITE_SZ)
-                break;
-        }
-    }
-
-    ssl->suites->suiteSz = suiteSz;
-    XMEMCPY(ssl->suites->suites, &suites, sizeof(suites));
-#ifdef WOLFSSL_DEBUG_TLS
-    {
-        int ii;
-        WOLFSSL_MSG("Refined Ciphers:");
-        for (ii = 0 ; ii < ssl->suites->suiteSz; ii += 2) {
-            WOLFSSL_MSG(GetCipherNameInternal(ssl->suites->suites[ii+0],
-                                              ssl->suites->suites[ii+1]));
-        }
-    }
-#endif
-}
-
-
 #ifndef NO_PSK
 int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
         word32* psk_keySz, const byte* suite, int* found, byte* foundSuite)
@@ -6322,7 +6259,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
         return ret;
 
     /* Refine list for PSK processing. */
-    RefineSuites(ssl, clSuites);
+    sslRefineSuites(ssl, clSuites);
 #ifndef WOLFSSL_PSK_ONE_ID
     if (usingPSK == NULL)
         return BAD_FUNC_ARG;

wolfssl/internal.h

@@ -2383,6 +2383,10 @@ WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
                               word16 haveAES128, word16 haveSHA1,
                               word16 haveRC4, int side);
 
+void refineSuites(const Suites* sslSuites, const Suites* peerSuites,
+        Suites* outSuites, byte useClientOrder);
+void sslRefineSuites(WOLFSSL* ssl, Suites* peerSuites);
+
 typedef struct TLSX TLSX;
 WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
                                 CipherSuite* cs, TLSX* extensions);