mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
Adapt handshake fields to ffdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
@ -2628,19 +2628,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_psa_privkey = pk->priv_id;
|
||||
/* Key should not be destroyed in the TLS library */
|
||||
ssl->handshake->ecdh_psa_privkey_is_external = 1;
|
||||
ssl->handshake->dh_psa_privkey = pk->priv_id;
|
||||
|
||||
status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey,
|
||||
/* Key should not be destroyed in the TLS library */
|
||||
ssl->handshake->dh_psa_privkey_is_external = 1;
|
||||
|
||||
status = psa_get_key_attributes(ssl->handshake->dh_psa_privkey,
|
||||
&key_attributes);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
ssl->handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
|
||||
ssl->handshake->ecdh_bits = psa_get_key_bits(&key_attributes);
|
||||
ssl->handshake->dh_psa_type = psa_get_key_type(&key_attributes);
|
||||
ssl->handshake->dh_bits = psa_get_key_bits(&key_attributes);
|
||||
|
||||
psa_reset_key_attributes(&key_attributes);
|
||||
|
||||
@ -2664,16 +2665,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
/* If the above conversion to TLS ID was fine, then also this one will
|
||||
be, so there is no need to check the return value here */
|
||||
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
|
||||
&ssl->handshake->ecdh_bits);
|
||||
&ssl->handshake->dh_bits);
|
||||
|
||||
ssl->handshake->ecdh_psa_type = key_type;
|
||||
ssl->handshake->dh_psa_type = key_type;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes,
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
|
||||
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->dh_psa_type));
|
||||
psa_set_key_bits(&key_attributes, ssl->handshake->dh_bits);
|
||||
|
||||
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
|
||||
ret = mbedtls_ecp_write_key(key, buf, key_len);
|
||||
@ -2683,7 +2684,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
status = psa_import_key(&key_attributes, buf, key_len,
|
||||
&ssl->handshake->ecdh_psa_privkey);
|
||||
&ssl->handshake->dh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
@ -2980,14 +2981,14 @@ curve_matching_done:
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse."));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
handshake->ecdh_psa_type = key_type;
|
||||
handshake->ecdh_bits = ec_bits;
|
||||
handshake->dh_psa_type = key_type;
|
||||
handshake->dh_bits = ec_bits;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
psa_set_key_type(&key_attributes, handshake->dh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->dh_bits);
|
||||
|
||||
/*
|
||||
* ECParameters curve_params
|
||||
@ -3004,7 +3005,7 @@ curve_matching_done:
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
&handshake->dh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||
@ -3026,14 +3027,14 @@ curve_matching_done:
|
||||
size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN
|
||||
- (own_pubkey - ssl->out_msg));
|
||||
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
status = psa_export_public_key(handshake->dh_psa_privkey,
|
||||
own_pubkey, own_pubkey_max_len,
|
||||
&len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
(void) psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -3728,27 +3729,27 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
/* Store peer's ECDH public key. */
|
||||
memcpy(handshake->ecdh_psa_peerkey, p, data_len);
|
||||
handshake->ecdh_psa_peerkey_len = data_len;
|
||||
memcpy(handshake->dh_psa_peerkey, p, data_len);
|
||||
handshake->dh_psa_peerkey_len = data_len;
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_raw_key_agreement(
|
||||
PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
|
||||
PSA_ALG_ECDH, handshake->dh_psa_privkey,
|
||||
handshake->dh_psa_peerkey, handshake->dh_psa_peerkey_len,
|
||||
handshake->premaster, sizeof(handshake->premaster),
|
||||
&handshake->pmslen);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
if (handshake->dh_psa_privkey_is_external == 0) {
|
||||
(void) psa_destroy_key(handshake->dh_psa_privkey);
|
||||
}
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
if (handshake->dh_psa_privkey_is_external == 0) {
|
||||
status = psa_destroy_key(handshake->dh_psa_privkey);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
@ -3756,7 +3757,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#else
|
||||
if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
|
||||
p, end - p)) != 0) {
|
||||
@ -3889,35 +3890,35 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Keep a copy of the peer's public key */
|
||||
if (p >= end) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
ecpoint_len = *(p++);
|
||||
if ((size_t) (end - p) < ecpoint_len) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
#if !defined(PSA_WANT_ALG_FFDH)
|
||||
if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
if (ecpoint_len > sizeof(handshake->dh_psa_peerkey)) {
|
||||
psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
#endif
|
||||
|
||||
memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len);
|
||||
handshake->ecdh_psa_peerkey_len = ecpoint_len;
|
||||
memcpy(handshake->dh_psa_peerkey, p, ecpoint_len);
|
||||
handshake->dh_psa_peerkey_len = ecpoint_len;
|
||||
p += ecpoint_len;
|
||||
|
||||
/* As RFC 5489 section 2, the premaster secret is formed as follows:
|
||||
@ -3935,15 +3936,15 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_raw_key_agreement(PSA_ALG_ECDH,
|
||||
handshake->ecdh_psa_privkey,
|
||||
handshake->ecdh_psa_peerkey,
|
||||
handshake->ecdh_psa_peerkey_len,
|
||||
handshake->dh_psa_privkey,
|
||||
handshake->dh_psa_peerkey,
|
||||
handshake->dh_psa_peerkey_len,
|
||||
psm + zlen_size,
|
||||
psm_end - (psm + zlen_size),
|
||||
&zlen);
|
||||
|
||||
destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
destruction_status = psa_destroy_key(handshake->dh_psa_privkey);
|
||||
handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_TO_MBEDTLS_ERR(status);
|
||||
|
Reference in New Issue
Block a user