lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge pull request #7627 from mprse/ffdh_tls13_v2

Browse Source 
Make use of FFDH keys in TLS 1.3 v.2
This commit is contained in:
Manuel Pégourié-Gonnard
2023-07-03 10:12:33 +02:00
committed by GitHub
parent 45e009aa97 3484db4ce7
commit 56b159a12a
30 changed files with 4528 additions and 364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
library/ssl_misc.h
View File

@ -755,15 +755,19 @@ struct mbedtls_ssl_handshake_params {
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_ECDH) && \
#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
psa_key_type_t ecdh_psa_type;
size_t ecdh_bits;
mbedtls_svc_key_id_t ecdh_psa_privkey;
uint8_t ecdh_psa_privkey_is_external;
#if defined(PSA_WANT_ALG_FFDH)
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH];
#else
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
#endif
size_t ecdh_psa_peerkey_len;
#endif /* PSA_WANT_ALG_ECDH &&
#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -1562,7 +1566,7 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id
* \brief Return PSA EC info for the specified TLS ID.
*
* \param tls_id The TLS ID to look for
* \param family If the TLD ID is supported, then proper \c psa_ecc_family_t
* \param type If the TLD ID is supported, then proper \c psa_key_type_t
* value is returned here. Can be NULL.
* \param bits If the TLD ID is supported, then proper bit size is returned
* here. Can be NULL.
@ -1575,7 +1579,7 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id
* simply to check if a specific TLS ID is supported.
*/
int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
psa_ecc_family_t *family,
psa_key_type_t *type,
size_t *bits);
/**
@ -2111,15 +2115,15 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
#if defined(PSA_WANT_ALG_ECDH)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
mbedtls_ssl_context *ssl,
uint16_t named_group,
unsigned char *buf,
unsigned char *end,
size_t *out_len);
#endif /* PSA_WANT_ALG_ECDH */
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
@ -2244,9 +2248,15 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
return 1;
}
}
#else
((void) named_group);
#endif /* PSA_WANT_ALG_ECDH */
#endif
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
return 1;
}
#endif
#if !defined(PSA_WANT_ALG_ECDH) && !defined(PSA_WANT_ALG_FFDH)
(void) named_group;
#endif
return 0;
}
@ -2639,14 +2649,14 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
const mbedtls_ssl_ciphersuite_t *suite);
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
#if defined(PSA_WANT_ALG_ECDH)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t buf_len);
#endif /* PSA_WANT_ALG_ECDH */
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
mbedtls_ssl_context *ssl, int cipher_suite)