lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Refactor to make PSA and non-PSA ECDH(E) server code exclusive

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
2022-04-12 14:38:52 +02:00
parent 927410ded3
commit d91526c17f
1 changed files with 112 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
library/ssl_tls12_server.c
View File

@ -3162,123 +3162,116 @@ curve_matching_done:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || psa_status_t status = PSA_ERROR_GENERIC_ERROR;
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || psa_key_attributes_t key_attributes;
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) mbedtls_ssl_handshake_params *handshake = ssl->handshake;
size_t ecdh_bits = 0;
uint8_t *p = ssl->out_msg + ssl->out_msglen;
const size_t header_size = 4; // curve_type(1), namedcurve(2),
// data length(1)
const size_t data_length_size = 1;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
/* Convert EC group to PSA key type. */
handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
(*curve)->tls_id, &ecdh_bits );
if( handshake->ecdh_psa_type == 0 )
{ {
psa_status_t status = PSA_ERROR_GENERIC_ERROR; MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
psa_key_attributes_t key_attributes; return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
size_t ecdh_bits = 0;
uint8_t *p = ssl->out_msg + ssl->out_msglen;
const size_t header_size = 4; // curve_type(1), namedcurve(2),
// data length(1)
const size_t data_length_size = 1;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
/* Convert EC group to PSA key type. */
handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
(*curve)->tls_id, &ecdh_bits );
if( handshake->ecdh_psa_type == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
handshake->ecdh_bits = ecdh_bits;
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
/*
* ECParameters curve_params
*
* First byte is curve_type, always named_curve
*/
*p++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
/*
* Next two bytes are the namedcurve value
*/
MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 );
p += 2;
/* Generate ECDH private key. */
status = psa_generate_key( &key_attributes,
&handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
return( ret );
}
/*
* ECPoint public
*
* First byte is data length.
* It will be filled later. p holds now the data length location.
*/
/* Export the public part of the ECDH private key from PSA.
* Make one byte space for the length.
*/
unsigned char *own_pubkey = p + data_length_size;
size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
- ( own_pubkey - ssl->out_msg ) );
status = psa_export_public_key( handshake->ecdh_psa_privkey,
own_pubkey, own_pubkey_max_len,
&len );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
(void) psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret );
}
/* Store the length of the exported public key. */
*p = (uint8_t) len;
/* Determine full message length. */
len += header_size;
} }
else handshake->ecdh_bits = ecdh_bits;
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
/*
* ECParameters curve_params
*
* First byte is curve_type, always named_curve
*/
*p++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
/*
* Next two bytes are the namedcurve value
*/
MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 );
p += 2;
/* Generate ECDH private key. */
status = psa_generate_key( &key_attributes,
&handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
return( ret );
}
/*
* ECPoint public
*
* First byte is data length.
* It will be filled later. p holds now the data length location.
*/
/* Export the public part of the ECDH private key from PSA.
* Make one byte space for the length.
*/
unsigned char *own_pubkey = p + data_length_size;
size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
- ( own_pubkey - ssl->out_msg ) );
status = psa_export_public_key( handshake->ecdh_psa_privkey,
own_pubkey, own_pubkey_max_len,
&len );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
(void) psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret );
}
/* Store the length of the exported public key. */
*p = (uint8_t) len;
/* Determine full message length. */
len += header_size;
#else
if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
(*curve)->grp_id ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
return( ret );
}
if( ( ret = mbedtls_ecdh_make_params(
&ssl->handshake->ecdh_ctx, &len,
ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Q );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
(*curve)->grp_id ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
return( ret );
}
if( ( ret = mbedtls_ecdh_make_params(
&ssl->handshake->ecdh_ctx, &len,
ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret );
}
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
dig_signed = ssl->out_msg + ssl->out_msglen; dig_signed = ssl->out_msg + ssl->out_msglen;
#endif #endif
ssl->out_msglen += len; ssl->out_msglen += len;
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Q );
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
@ -3926,11 +3919,11 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
@ -3992,15 +3985,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO && #else
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
@ -4030,6 +4015,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_DEBUG_ECDH_Z ); MBEDTLS_DEBUG_ECDH_Z );
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
@ -4143,8 +4129,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -4250,9 +4236,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
ssl->handshake->pmslen = psm - ssl->handshake->premaster; ssl->handshake->pmslen = psm - ssl->handshake->premaster;
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO && #else
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{ {
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
@ -4268,12 +4252,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Opaque PSKs are currently only supported for PSK-only. */
if( ssl_use_opaque_psk( ssl ) == 1 )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP ); MBEDTLS_DEBUG_ECDH_QP );
@ -4285,6 +4263,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
} }
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )