Use PSA version of key agreement only for ECDHE keys

This should be cleaned when server-side static ECDH (1.2) support is added (#5320). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2025-03-29 13:20:21 +00:00 · 2022-03-14 09:18:24 +01:00 · 2022-03-14 09:18:24 +01:00 · 130c4b5567
commit 130c4b5567
parent fd32e9609b
1 changed files with 77 additions and 46 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -3879,6 +3879,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
    {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
+        // Handle only ECDHE keys using PSA crypto.
+        if ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+             ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+        {
            size_t data_len = (size_t)( *p++ );
            size_t buf_len = (size_t)( end - p );
            psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@ -3927,7 +3931,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
                return( ret );
            }
            handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-#else
+
+        }
+        else
+        {
            if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
                                p, end - p) ) != 0 )
            {
@ -3950,7 +3957,31 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )

            MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                                    MBEDTLS_DEBUG_ECDH_Z );
-#endif
+        }
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
+                                      p, end - p) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_QP );
+
+        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+                                      &ssl->handshake->pmslen,
+                                       ssl->handshake->premaster,
+                                       MBEDTLS_MPI_MAX_SIZE,
+                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
    }
    else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||