mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-31 10:20:45 +00:00
Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
parent
cd05f0b9e5
commit
044a32c4c6
@ -1313,6 +1313,26 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
|
|||||||
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
|
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
/**
|
||||||
|
* Get the first defined opaque PSK by order of precedence:
|
||||||
|
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
|
||||||
|
* callback
|
||||||
|
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
|
||||||
|
* Return an opaque PSK
|
||||||
|
*/
|
||||||
|
static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
|
||||||
|
const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
|
||||||
|
return( ssl->handshake->psk_opaque );
|
||||||
|
|
||||||
|
if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
|
||||||
|
return( ssl->conf->psk_opaque );
|
||||||
|
|
||||||
|
return( MBEDTLS_SVC_KEY_ID_INIT );
|
||||||
|
}
|
||||||
|
#else
|
||||||
/**
|
/**
|
||||||
* Get the first defined PSK by order of precedence:
|
* Get the first defined PSK by order of precedence:
|
||||||
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
|
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
|
||||||
@ -1322,12 +1342,6 @@ int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
|
|||||||
static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
|
static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
|
||||||
const unsigned char **psk, size_t *psk_len )
|
const unsigned char **psk, size_t *psk_len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
(void) ssl;
|
|
||||||
*psk = NULL;
|
|
||||||
*psk_len = 0;
|
|
||||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
|
||||||
#else
|
|
||||||
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
|
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
|
||||||
{
|
{
|
||||||
*psk = ssl->handshake->psk;
|
*psk = ssl->handshake->psk;
|
||||||
@ -1348,29 +1362,7 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
||||||
/**
|
|
||||||
* Get the first defined opaque PSK by order of precedence:
|
|
||||||
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
|
|
||||||
* callback
|
|
||||||
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
|
|
||||||
* Return an opaque PSK
|
|
||||||
*/
|
|
||||||
static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
|
|
||||||
const mbedtls_ssl_context *ssl )
|
|
||||||
{
|
|
||||||
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
|
|
||||||
return( ssl->handshake->psk_opaque );
|
|
||||||
|
|
||||||
if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
|
|
||||||
return( ssl->conf->psk_opaque );
|
|
||||||
|
|
||||||
return( MBEDTLS_SVC_KEY_ID_INIT );
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||||
|
|||||||
@ -5533,17 +5533,19 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
|||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
|
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
|
||||||
{
|
{
|
||||||
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO) || \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
unsigned char *p = ssl->handshake->premaster;
|
unsigned char *p = ssl->handshake->premaster;
|
||||||
unsigned char *end = p + sizeof( ssl->handshake->premaster );
|
unsigned char *end = p + sizeof( ssl->handshake->premaster );
|
||||||
|
#else
|
||||||
|
(void)ssl;
|
||||||
|
(void)key_ex;
|
||||||
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
const unsigned char *psk = NULL;
|
const unsigned char *psk = NULL;
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len );
|
int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
|
||||||
(void) key_ex;
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
|
||||||
|
|
||||||
if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@ -5600,6 +5602,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||||
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
@ -5618,14 +5621,6 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||||||
p += 2 + len;
|
p += 2 + len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
||||||
|
|
||||||
/* For opaque PSK fill premaster with the the shared secret without PSK. */
|
|
||||||
if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
|
||||||
( "skip PMS generation for opaque DHE-PSK" ) );
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
@ -5657,6 +5652,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
/* opaque psk<0..2^16-1>; */
|
/* opaque psk<0..2^16-1>; */
|
||||||
if( end - p < 2 )
|
if( end - p < 2 )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
@ -5671,6 +5667,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||||||
p += psk_len;
|
p += psk_len;
|
||||||
|
|
||||||
ssl->handshake->pmslen = p - ssl->handshake->premaster;
|
ssl->handshake->pmslen = p - ssl->handshake->premaster;
|
||||||
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user