lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user

Browse Source 
EC J-PAKE: partial fix for role vs user+peer
This commit is contained in:
Manuel Pégourié-Gonnard
2023-03-15 09:37:30 +01:00
committed by GitHub
parent e59c46e161 c0e6250ff9
commit 18336dace2
9 changed files with 497 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
library/psa_crypto.c
View File

@ -90,6 +90,10 @@
#define BUILTIN_ALG_ANY_HKDF 1
#endif
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
@ -7208,6 +7212,68 @@ psa_status_t psa_crypto_driver_pake_get_role(
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *inputs,
size_t *user_len)
{
if (inputs->user_len == 0) {
return PSA_ERROR_BAD_STATE;
}
*user_len = inputs->user_len;
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_user(
const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *user_id, size_t user_id_size, size_t *user_id_len)
{
if (inputs->user_len == 0) {
return PSA_ERROR_BAD_STATE;
}
if (user_id_size < inputs->user_len) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(user_id, inputs->user, inputs->user_len);
*user_id_len = inputs->user_len;
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_peer_len(
const psa_crypto_driver_pake_inputs_t *inputs,
size_t *peer_len)
{
if (inputs->peer_len == 0) {
return PSA_ERROR_BAD_STATE;
}
*peer_len = inputs->peer_len;
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_peer(
const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length)
{
if (inputs->peer_len == 0) {
return PSA_ERROR_BAD_STATE;
}
if (peer_id_size < inputs->peer_len) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
memcpy(peer_id, inputs->peer, inputs->peer_len);
*peer_id_length = inputs->peer_len;
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_cipher_suite(
const psa_crypto_driver_pake_inputs_t *inputs,
psa_pake_cipher_suite_t *cipher_suite)
@ -7322,7 +7388,6 @@ psa_status_t psa_pake_set_user(
size_t user_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
(void) user_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE;
@ -7334,7 +7399,30 @@ psa_status_t psa_pake_set_user(
goto exit;
}
return PSA_ERROR_NOT_SUPPORTED;
if (operation->data.inputs.user_len != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Allow only "client" or "server" values (temporary restriction). */
if ((user_id_len != sizeof(jpake_server_id) ||
memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
(user_id_len != sizeof(jpake_client_id) ||
memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
if (operation->data.inputs.user == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto exit;
}
memcpy(operation->data.inputs.user, user_id, user_id_len);
operation->data.inputs.user_len = user_id_len;
return PSA_SUCCESS;
exit:
psa_pake_abort(operation);
return status;
@ -7346,7 +7434,6 @@ psa_status_t psa_pake_set_peer(
size_t peer_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
(void) peer_id;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE;
@ -7358,7 +7445,30 @@ psa_status_t psa_pake_set_peer(
goto exit;
}
return PSA_ERROR_NOT_SUPPORTED;
if (operation->data.inputs.peer_len != 0) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}
/* Allow only "client" or "server" values (temporary restriction). */
if ((peer_id_len != sizeof(jpake_server_id) ||
memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
(peer_id_len != sizeof(jpake_client_id) ||
memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
if (operation->data.inputs.peer == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto exit;
}
memcpy(operation->data.inputs.peer, peer_id, peer_id_len);
operation->data.inputs.peer_len = peer_id_len;
return PSA_SUCCESS;
exit:
psa_pake_abort(operation);
return status;
@ -7371,22 +7481,24 @@ psa_status_t psa_pake_set_role(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE;
status = PSA_ERROR_BAD_STATE;
goto exit;
}
if (role != PSA_PAKE_ROLE_NONE &&
role != PSA_PAKE_ROLE_FIRST &&
role != PSA_PAKE_ROLE_SECOND &&
role != PSA_PAKE_ROLE_CLIENT &&
role != PSA_PAKE_ROLE_SERVER) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE:
if (role == PSA_PAKE_ROLE_NONE) {
return PSA_SUCCESS;
}
status = PSA_ERROR_INVALID_ARGUMENT;
break;
#endif
default:
(void) role;
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->data.inputs.role = role;
return PSA_SUCCESS;
exit:
psa_pake_abort(operation);
return status;
@ -7456,15 +7568,27 @@ static psa_status_t psa_pake_complete_inputs(
with the driver context which will be setup by the driver. */
psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs;
if (inputs.password_len == 0 ||
inputs.role == PSA_PAKE_ROLE_NONE) {
if (inputs.password_len == 0) {
return PSA_ERROR_BAD_STATE;
}
if (operation->alg == PSA_ALG_JPAKE &&
inputs.role != PSA_PAKE_ROLE_CLIENT &&
inputs.role != PSA_PAKE_ROLE_SERVER) {
return PSA_ERROR_NOT_SUPPORTED;
if (operation->alg == PSA_ALG_JPAKE) {
if (inputs.user_len == 0 || inputs.peer_len == 0) {
return PSA_ERROR_BAD_STATE;
}
if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_CLIENT;
} else
if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_SERVER;
}
if (inputs.role != PSA_PAKE_ROLE_CLIENT &&
inputs.role != PSA_PAKE_ROLE_SERVER) {
return PSA_ERROR_NOT_SUPPORTED;
}
}
/* Clear driver context */
@ -7476,6 +7600,10 @@ static psa_status_t psa_pake_complete_inputs(
mbedtls_platform_zeroize(inputs.password, inputs.password_len);
mbedtls_free(inputs.password);
/* User and peer are translated to role. */
mbedtls_free(inputs.user);
mbedtls_free(inputs.peer);
if (status == PSA_SUCCESS) {
#if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) {
@ -7884,13 +8012,19 @@ psa_status_t psa_pake_abort(
status = psa_driver_wrapper_pake_abort(operation);
}
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS &&
operation->data.inputs.password != NULL) {
mbedtls_platform_zeroize(operation->data.inputs.password,
operation->data.inputs.password_len);
mbedtls_free(operation->data.inputs.password);
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
if (operation->data.inputs.password != NULL) {
mbedtls_platform_zeroize(operation->data.inputs.password,
operation->data.inputs.password_len);
mbedtls_free(operation->data.inputs.password);
}
if (operation->data.inputs.user != NULL) {
mbedtls_free(operation->data.inputs.user);
}
if (operation->data.inputs.peer != NULL) {
mbedtls_free(operation->data.inputs.peer);
}
}
memset(operation, 0, sizeof(psa_pake_operation_t));
return status;

26
library/ssl_tls.c
View File

@ -1945,14 +1945,19 @@ void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t pwd)
{
psa_status_t status;
psa_pake_role_t psa_role;
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
const uint8_t *user = NULL;
size_t user_len = 0;
const uint8_t *peer = NULL;
size_t peer_len = 0;
psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
psa_pake_cs_set_primitive(&cipher_suite,
PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC,
@ -1966,12 +1971,23 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
}
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
psa_role = PSA_PAKE_ROLE_SERVER;
user = jpake_server_id;
user_len = sizeof(jpake_server_id);
peer = jpake_client_id;
peer_len = sizeof(jpake_client_id);
} else {
psa_role = PSA_PAKE_ROLE_CLIENT;
user = jpake_client_id;
user_len = sizeof(jpake_client_id);
peer = jpake_server_id;
peer_len = sizeof(jpake_server_id);
}
status = psa_pake_set_role(&ssl->handshake->psa_pake_ctx, psa_role);
status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len);
if (status != PSA_SUCCESS) {
return status;
}