From a1378105cf0a2f92d1a382e4ef144462b4d2e43c Mon Sep 17 00:00:00 2001 From: pespacek Date: Tue, 26 Apr 2022 15:03:11 +0200 Subject: [PATCH 1/5] FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. ssl_tls13_parse_certificate_verify() Signed-off-by: pespacek --- library/ssl_tls13_generic.c | 53 +++++++++++++++---------------------- 1 file changed, 21 insertions(+), 32 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f5e38abf53..3d6663ade4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -34,6 +34,9 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#include "psa/crypto.h" +#include "mbedtls/psa_util.h" + const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN ] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, @@ -160,12 +163,14 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, size_t verify_buffer_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; uint16_t algorithm; size_t signature_len; mbedtls_pk_type_t sig_alg; mbedtls_md_type_t md_alg; - unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE]; + psa_algorithm_t hash_alg = PSA_ALG_NONE; + unsigned char verify_hash[PSA_HASH_MAX_SIZE]; size_t verify_hash_len; void const *options = NULL; @@ -212,6 +217,12 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } + hash_alg = mbedtls_psa_translate_md( md_alg ); + if( hash_alg == 0 ) + { + goto error; + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )", ( unsigned int ) algorithm ) ); @@ -229,42 +240,20 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, p += 2; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, signature_len ); - /* Hash verify buffer with indicated hash function */ - switch( md_alg ) + status = psa_hash_compute( hash_alg, + verify_buffer, + verify_buffer_len, + verify_hash, + sizeof( verify_hash ), + &verify_hash_len ); + if( status != PSA_SUCCESS ) { -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA256: - verify_hash_len = 32; - ret = mbedtls_sha256( verify_buffer, verify_buffer_len, verify_hash, 0 ); - break; -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_MD_SHA384: - verify_hash_len = 48; - ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 1 ); - break; -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA512: - verify_hash_len = 64; - ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 0 ); - break; -#endif /* MBEDTLS_SHA512_C */ - - default: - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - break; - } - - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "hash computation PSA error", status ); goto error; } MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( sig_alg == MBEDTLS_PK_RSASSA_PSS ) { From 3493587e0592d39f427df900eb7b87a76ab8601f Mon Sep 17 00:00:00 2001 From: pespacek Date: Fri, 20 May 2022 15:43:32 +0200 Subject: [PATCH 2/5] FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() replaced withpsa_hash_compute() Signed-off-by: pespacek --- library/ssl_tls13_generic.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3d6663ade4..5340d843be 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -918,9 +918,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t verify_buffer_len; mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; + psa_algorithm_t psa_algorithm = PSA_ALG_NONE; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; size_t signature_len = 0; - const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; size_t verify_hash_len; @@ -983,15 +983,15 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, p += 2; /* Hash verify buffer with indicated hash function */ - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + psa_algorithm = mbedtls_psa_translate_md( md_alg ); - ret = mbedtls_md( md_info, verify_buffer, verify_buffer_len, verify_hash ); - if( ret != 0 ) + if( psa_hash_compute( psa_algorithm, + verify_buffer, + verify_buffer_len, + verify_hash,sizeof( verify_hash ), + &verify_hash_len ) != PSA_SUCCESS ) return( ret ); - verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, From 670913f4dcb2a9db0f3d31b029cb4dc951e59239 Mon Sep 17 00:00:00 2001 From: pespacek Date: Tue, 7 Jun 2022 10:53:39 +0200 Subject: [PATCH 3/5] Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek --- library/ssl_tls13_generic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5340d843be..b89f587b94 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -253,7 +253,6 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( sig_alg == MBEDTLS_PK_RSASSA_PSS ) { @@ -990,7 +989,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_buffer_len, verify_hash,sizeof( verify_hash ), &verify_hash_len ) != PSA_SUCCESS ) - return( ret ); + return( psa_ssl_status_to_mbedtls( status ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); From b06acd734b03d0c6a093b202f199b648da85a8b5 Mon Sep 17 00:00:00 2001 From: pespacek Date: Tue, 7 Jun 2022 13:07:21 +0200 Subject: [PATCH 4/5] Fixing PSA return status Signed-off-by: pespacek --- library/ssl_tls13_generic.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index b89f587b94..a90ddba43e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -922,7 +922,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t signature_len = 0; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; size_t verify_hash_len; - + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + *out_len = 0; own_key = mbedtls_ssl_own_key( ssl ); @@ -984,11 +985,12 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, /* Hash verify buffer with indicated hash function */ psa_algorithm = mbedtls_psa_translate_md( md_alg ); - if( psa_hash_compute( psa_algorithm, - verify_buffer, - verify_buffer_len, - verify_hash,sizeof( verify_hash ), - &verify_hash_len ) != PSA_SUCCESS ) + status = psa_hash_compute( psa_algorithm, + verify_buffer, + verify_buffer_len, + verify_hash,sizeof( verify_hash ), + &verify_hash_len ); + if( status != PSA_SUCCESS ) return( psa_ssl_status_to_mbedtls( status ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); From d9aaf768b57f4523f1d191d5d66e340258a3eccb Mon Sep 17 00:00:00 2001 From: pespacek Date: Wed, 8 Jun 2022 09:44:11 +0200 Subject: [PATCH 5/5] Fixing CI complains. Signed-off-by: pespacek --- library/ssl_tls13_generic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a90ddba43e..aa593181d2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -923,7 +923,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; size_t verify_hash_len; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - + *out_len = 0; own_key = mbedtls_ssl_own_key( ssl ); @@ -984,7 +984,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, /* Hash verify buffer with indicated hash function */ psa_algorithm = mbedtls_psa_translate_md( md_alg ); - status = psa_hash_compute( psa_algorithm, verify_buffer, verify_buffer_len,