ssl: Make key share groups configurable

Author: IngelaAndin

lib/ssl/src/ssl.erl

@@ -1380,6 +1380,11 @@ certificate signatures.
 The following options are specific to the client side, or have
 different semantics for the client and server:
 
+- **`{psk_groups, Groups}`** - key exchange groups that the client
+will send pre share keys for, defaults to first group in
+supported_groups. Must be a subset of supported_groups and will
+be sent in the same order as they appear in supported_groups.
+
 - **`{alpn_advertised_protocols, AppProtocols}`** - Application layer protocol
 
   The list of protocols supported by the client to be sent to the server to be
@@ -1397,6 +1402,7 @@ different semantics for the client and server:
 
 -type client_option() :: client_option_cert() |
                          common_option_cert() |
+                         {psk_groups, [group()]} |
                          {alpn_advertised_protocols, AppProtocols::[AppProto::binary()]} |
                          {max_fragment_length, MaxLen:: undefined | 512 | 1024 | 2048 | 4096} |
                          client_option_tls13() |

lib/ssl/src/ssl_config.erl

@@ -493,6 +493,7 @@ ssl_options() ->
      partial_chain,
      password,
      protocol,
+     psk_groups,
      psk_identity,
      receiver_spawn_opts,
      renegotiate_at,
@@ -1371,7 +1372,7 @@ handle_user_lookup(UserOpts, #{versions := Versions} = Opts) ->
     end.
 
 
-opt_supported_groups(UserOpts, #{versions := TlsVsns} = Opts, _Env) ->
+opt_supported_groups(UserOpts, #{versions := TlsVsns} = Opts, Env) ->
     SG = case get_opt_list(supported_groups,  undefined, UserOpts, Opts) of
              {default, undefined} ->
                  try assert_version_dep(supported_groups, TlsVsns, ['tlsv1.3']) of
@@ -1404,7 +1405,27 @@ opt_supported_groups(UserOpts, #{versions := TlsVsns} = Opts, _Env) ->
                 throw:_ ->
                     []
             end,
-    Opts#{ciphers => CPHS, eccs => ECCS, supported_groups => SG}.
+    case opt_psk_groups(SG, UserOpts, Opts, Env)  of
+        undefined ->
+            Opts#{ciphers => CPHS, eccs => ECCS, supported_groups => SG};
+        PSKGroups ->
+            Opts#{ciphers => CPHS, eccs => ECCS, supported_groups => SG, psk_groups => PSKGroups}
+    end.
+
+opt_psk_groups(undefined, _,  _, _) ->
+    undefined;
+opt_psk_groups(#supported_groups{supported_groups = SupportedGroups},  UserOpts, Opts, _Env) ->
+    %% Version dependency already asserted when SupportedGroups is supported
+    %% so is psk_groups
+    First = hd(SupportedGroups),
+    case get_opt_list(psk_groups, [First], UserOpts, Opts) of
+        {default, Default} ->
+            Default;
+        {new, PSKGroups} ->
+            [Group || Group <- SupportedGroups, lists:member(Group, PSKGroups)];
+        {old, PSKGroups} ->
+            PSKGroups
+    end.
 
 opt_crl(UserOpts, Opts, _Env) ->
     {_, Check} = get_opt_of(crl_check, [best_effort, peer, true, false], false, UserOpts, Opts),

lib/ssl/src/tls_client_connection_1_3.erl

@@ -593,11 +593,9 @@ maybe_resumption(_) ->
     ok.
 
 maybe_generate_client_shares(#{versions := [?TLS_1_3|_],
-                               supported_groups :=
-                                   #supported_groups{
-                                      supported_groups = [Group|_]}}) ->
-    %% Generate only key_share entry for the most preferred group
-    ssl_cipher:generate_client_shares([Group]);
+                               psk_groups := Groups}) ->
+    %% Default will be the list of only the most proffered supported group
+    ssl_cipher:generate_client_shares(Groups);
 maybe_generate_client_shares(_) ->
     undefined.
 

lib/ssl/test/ssl_api_SUITE.erl

@@ -29,6 +29,7 @@
 -include_lib("common_test/include/ct.hrl").
 -include_lib("ssl/src/ssl_api.hrl").
 -include_lib("ssl/src/ssl_internal.hrl").
+-include_lib("ssl/src/ssl_handshake.hrl").
 -include_lib("public_key/include/public_key.hrl").
 -include_lib("ssl/src/ssl_record.hrl").
 
@@ -3122,12 +3123,19 @@ options_sign_alg(_Config) ->  %% signature_algs[_cert]
     ok.
 
 options_supported_groups(_Config) ->
-    Default = ssl:groups(default),
-    ?OK(#{supported_groups := {supported_groups, Default}},
+    DefaultGroups = ssl:groups(default),
+    First = hd(DefaultGroups),
+    ?OK(#{supported_groups := #supported_groups{supported_groups = DefaultGroups}},
         [], client),
-    ?OK(#{supported_groups := {supported_groups, [secp521r1, ffdhe2048]}},
+    ?OK(#{supported_groups := #supported_groups{supported_groups = [secp521r1, ffdhe2048]}},
         [{supported_groups, [secp521r1, ffdhe2048]}], client),
 
+    ?OK(#{psk_groups := [First]},
+        [], client),
+    ?OK(#{psk_groups := [secp521r1, secp256r1],
+          supported_groups := #supported_groups{supported_groups = [secp521r1, secp256r1, ffdhe2048]}},
+        [{supported_groups, [secp521r1, secp256r1, ffdhe2048]}, {psk_groups, [secp521r1, secp384r1, secp256r1]}], client),
+
     %% ERRORs
     ?ERR({{'tlvs1.2'},{versions,[{'tlvs1.2'}]}},
          [{supported_groups, []}, {versions, [{'tlvs1.2'}]}], client),