Hello all,
I have a Problem with establishing a client server connection with mbedTls.
With the cipher suite MBEDTLS_TLS1_3_AES_128_GCM_SHA256 a 16 byte long PSK it works fine!
The code is running on an STM32
When I change the suite to MBEDTLS_TLS1_3_AES_256_GCM_SHA384 the ssl_tls13_select_ciphersuite_for_psk function returns an error: No matched ciphersuite
ssl_tls13_server.c
…
static int ssl_tls13_select_ciphersuite_for_psk(
mbedtls_ssl_context *ssl,
const unsigned char *cipher_suites,
const unsigned char *cipher_suites_end,
uint16_t *selected_ciphersuite,
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
{
psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
*selected_ciphersuite = 0;
*selected_ciphersuite_info = NULL;
/* RFC 8446, page 55.
*
* For externally established PSKs, the Hash algorithm MUST be set when the
* PSK is established or default to SHA-256 if no such algorithm is defined.
*
*/
/*
* Search for a matching ciphersuite
*/
for ( const unsigned char *p = cipher_suites;
p < cipher_suites_end; p += 2 )
{
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
cipher_suite );
if( ciphersuite_info == NULL )
continue;
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
* Otherwise, client should reject.
*/
if( psk_hash_alg == mbedtls_psa_translate_md( ciphersuite_info->mac ) )
{
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return( 0 );
}
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "No matched ciphersuite" ) );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
…
at the start psk_hash_alg is set to PSA_ALG_SHA_256, but now i am using 384, so in the if statement it is mismatching…
Am I allowed to change this PSA_ALG_SHA_256 to PSA_ALG_SHA_384?
If no, how can I make this work?
Thanks,
Martin