ext/psk_ke_modes: always send extension unless disabled in config

With the psk_key_exchange_modes extension, clients can restrict the
key exchange modes for use with resumption and in that case the server
shouldn't send NewSessionTicket.  This patch makes use of it to avoid
receiving useless tickets, by sending the psk_key_exchange_modes
extension unless PSK is completely disabled.

A couple of tests need to be adjusted: tls13/prf to take into account
of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to
not treat the presence of the extension as error.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

3 files changed, 10 insertions, 27 deletions

diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c
index 9c41d9e94a..281ca0a1a6 100644
--- a/lib/ext/psk_ke_modes.c
+++ b/lib/ext/psk_ke_modes.c
@@ -28,26 +28,6 @@
 #define PSK_KE 0
 #define PSK_DHE_KE 1
 
-/* Relevant to client only */
-static bool
-psk_ke_modes_is_required(gnutls_session_t session)
-{
-	gnutls_psk_client_credentials_t cred;
-
-	if (!(session->internals.flags & GNUTLS_NO_TICKETS) &&
-	    session->internals.tls13_ticket.ticket.data != NULL)
-		return 1;
-
-	if (session->internals.priorities->have_psk) {
-		cred = (gnutls_psk_client_credentials_t)
-				_gnutls_get_cred(session, GNUTLS_CRD_PSK);
-		if (cred && _gnutls_have_psk_credentials(cred, session))
-			return 1;
-	}
-
-	return 0;
-}
-
 static int
 psk_ke_modes_send_params(gnutls_session_t session,
 			 gnutls_buffer_t extdata)
@@ -63,7 +43,10 @@ psk_ke_modes_send_params(gnutls_session_t session,
 	if (session->security_parameters.entity == GNUTLS_SERVER)
 		return 0;
 
-	if (!psk_ke_modes_is_required(session))
+	/* If session ticket is disabled and no PSK key exchange is
+	 * enabled, don't send the extension */
+	if ((session->internals.flags & GNUTLS_NO_TICKETS) &&
+	    !session->internals.priorities->have_psk)
 		return 0;
 
 	vers = _gnutls_version_max(session);
diff --git a/tests/tls13/no-psk-exts.c b/tests/tls13/no-psk-exts.c
index b70c667822..e8f1e2e84f 100644
--- a/tests/tls13/no-psk-exts.c
+++ b/tests/tls13/no-psk-exts.c
@@ -84,7 +84,7 @@ static void client(int fd)
 
 	/* Initialize TLS session
 	 */
-	gnutls_init(&session, GNUTLS_CLIENT);
+	gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_TICKETS);
 
 	gnutls_handshake_set_timeout(session, 20 * 1000);
 
@@ -148,7 +148,7 @@ static int hellos_callback(gnutls_session_t session, unsigned int htype,
 		fail("PSK extension seen in client hello with no PSK!\n");
 
 	if (find_client_extension(msg, TLS_EXT_PSK_KE, NULL, NULL))
-		fail("PSK extension seen in client hello with no PSK!\n");
+		fail("PSK KE extension seen in client hello with no PSK!\n");
 
 	return 0;
 }
diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c
index f221896124..22e7f0e08f 100644
--- a/tests/tls13/prf.c
+++ b/tests/tls13/prf.c
@@ -126,8 +126,8 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
 	} \
 	}
 
-#define KEY_EXP_VALUE "\x1f\x17\xb5\xe2\xef\xfc\x1c\x27\x1e\x1a\x2c\x9b\x36\xc7\x43\x70\x5c\x80\x93\x7a\xce\x7b\x52\x18\xe0\x22\xca\x0d\xf8\x01\xa5\x7f\xef\x8b"
-#define HELLO_VALUE "\x5c\x6d\x0a\xa0\xc7\x1e\x52\xb5\xb4\x2c\x4b\xfa\x24\xc8\x3f\x3f\xba\xfc\x43\xc2\x05\xe5\x04\xd9\xfd\x86\x84\x00\x1c\xfb\xf3"
+#define KEY_EXP_VALUE "\x81\x7a\x37\xc6\xa3\x2b\x83\x47\x3b\xad\x03\xa6\xd4\x6d\xac\xe3\x1c\x9d\xa4\xdc\x8e\x0c\x77\xf8\x1c\x5e\x5d\xe5\xca\x1c\xbc\x89\x4c\x37"
+#define HELLO_VALUE "\x10\x3e\xef\x5e\x62\x1d\x03\x95\xfc\x8f\x59\xc7\x7d\xdc\x14\x7e\xcf\x46\x86\x2f\xfb\x1c\x5a\x16\x6a\xf5\x38\x69\xa8\x3c\x85"
 static void check_prfs(gnutls_session_t session)
 {
 	unsigned char key_material[512];
@@ -138,8 +138,8 @@ static void check_prfs(gnutls_session_t session)
 
 	TRY(13, "key expansion", 0, NULL, 34, (uint8_t*)KEY_EXP_VALUE);
 	TRY(6, "hello", 0, NULL, 31, (uint8_t*)HELLO_VALUE);
-	TRY(7, "context", 5, "abcd\xfa", 31, (uint8_t*)"\xa5\xc0\x3e\x31\x5b\x70\x57\x48\x1e\xfe\x11\x2b\x13\x13\x8f\x97\x14\x2d\x4d\x35\xac\x0a\x20\x4e\x9c\x84\xcf\x48\x8c\xa2\x0b");
-	TRY(12, "null-context", 0, "", 31, (uint8_t*)"\x7b\xb9\x00\x8a\x2c\x97\xa0\x73\x28\x91\xbf\x73\xda\xa5\x78\x08\x45\xac\xa7\x29\xa8\xc4\x30\x30\xc2\x76\x94\x1a\xaf\x74\x4b");
+	TRY(7, "context", 5, "abcd\xfa", 31, (uint8_t*)"\xbc\x23\xe3\xf4\x29\xdb\x48\x20\x48\x8c\x37\xd9\xd4\xe0\xcf\x88\xc3\x3d\x7b\x12\x59\xfb\xad\x8e\x4d\x8c\x53\x58\xf4\xe6\xef");
+	TRY(12, "null-context", 0, "", 31, (uint8_t*)"\x89\x89\x1f\x2f\x6c\x35\x26\x0b\xe9\x1c\x7b\xb7\x27\x5e\x7c\x41\xfb\xa0\x11\x9c\xd7\xe6\xd5\xdc\x2a\xcc\x54\x23\x3f\x52\x9f");
 
 	/* Try whether calling gnutls_prf() with non-null context or server-first
 	 * param, will fail */