mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-22 00:40:41 +00:00
Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
51a1f36be0
commit
19b80f8151
@ -5093,11 +5093,13 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
|
#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
|
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) )
|
||||||
if( ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
if( ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||||
handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) &&
|
handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||||
|
handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) &&
|
||||||
ssl_use_opaque_psk( ssl ) == 1 )
|
ssl_use_opaque_psk( ssl ) == 1 )
|
||||||
{
|
{
|
||||||
/* Perform PSK-to-MS expansion in a single step. */
|
/* Perform PSK-to-MS expansion in a single step. */
|
||||||
@ -5120,15 +5122,23 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
|||||||
size_t other_secret_len = 0;
|
size_t other_secret_len = 0;
|
||||||
unsigned char* other_secret = NULL;
|
unsigned char* other_secret = NULL;
|
||||||
|
|
||||||
if ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
|
switch( handshake->ciphersuite_info->key_exchange )
|
||||||
{
|
{
|
||||||
/* Provide other key as other secret.
|
/* Provide other secret.
|
||||||
* For RSA-PKS other key length is always 48 bytes.
|
|
||||||
* Other secret is stored in premaster, where first 2 bytes hold the
|
* Other secret is stored in premaster, where first 2 bytes hold the
|
||||||
* length of the other key. Skip them.
|
* length of the other key.
|
||||||
*/
|
*/
|
||||||
other_secret_len = 48;
|
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
|
||||||
other_secret = handshake->premaster + 2;
|
/* For RSA-PKS other key length is always 48 bytes. */
|
||||||
|
other_secret_len = 48;
|
||||||
|
other_secret = handshake->premaster + 2;
|
||||||
|
break;
|
||||||
|
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||||
|
other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0);
|
||||||
|
other_secret = handshake->premaster + 2;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = setup_psa_key_derivation( &derivation, psk, alg,
|
status = setup_psa_key_derivation( &derivation, psk, alg,
|
||||||
|
|||||||
@ -2959,10 +2959,6 @@ ecdh_calc_secret:
|
|||||||
* ciphersuites we offered, so this should never happen. */
|
* ciphersuites we offered, so this should never happen. */
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
|
||||||
/* Opaque PSKs are currently only supported for PSK-only suites. */
|
|
||||||
if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
|
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
|
||||||
|
|
||||||
/* uint16 to store content length */
|
/* uint16 to store content length */
|
||||||
const size_t content_len_size = 2;
|
const size_t content_len_size = 2;
|
||||||
|
|
||||||
@ -3068,30 +3064,40 @@ ecdh_calc_secret:
|
|||||||
MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
|
MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
|
||||||
pms += zlen_size + zlen;
|
pms += zlen_size + zlen;
|
||||||
|
|
||||||
const unsigned char *psk = NULL;
|
/* In case of opaque psk skip writting psk to pms.
|
||||||
size_t psk_len = 0;
|
* Opaque key will be handled later. */
|
||||||
|
if( ssl_conf_has_static_raw_psk( ssl->conf ) == 1 )
|
||||||
|
{
|
||||||
|
const unsigned char *psk = NULL;
|
||||||
|
size_t psk_len = 0;
|
||||||
|
|
||||||
if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
|
if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
|
||||||
== MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
== MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
|
||||||
/*
|
/*
|
||||||
* This should never happen because the existence of a PSK is always
|
* This should never happen because the existence of a PSK is always
|
||||||
* checked before calling this function
|
* checked before calling this function
|
||||||
*/
|
*/
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
|
||||||
/* opaque psk<0..2^16-1>; */
|
/* opaque psk<0..2^16-1>; */
|
||||||
if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
|
if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/* Write the PSK length as uint16 */
|
/* Write the PSK length as uint16 */
|
||||||
MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
|
MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
|
||||||
pms += 2;
|
pms += 2;
|
||||||
|
|
||||||
/* Write the PSK itself */
|
/* Write the PSK itself */
|
||||||
memcpy( pms, psk, psk_len );
|
memcpy( pms, psk, psk_len );
|
||||||
pms += psk_len;
|
pms += psk_len;
|
||||||
|
|
||||||
ssl->handshake->pmslen = pms - ssl->handshake->premaster;
|
ssl->handshake->pmslen = pms - ssl->handshake->premaster;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
|
( "skip PMS generation for opaque ECDHE-PSK" ) );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
||||||
|
|||||||
@ -1406,11 +1406,13 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
if( opt.psk_opaque != 0 )
|
if( opt.psk_opaque != 0 )
|
||||||
{
|
{
|
||||||
/* Ensure that the chosen ciphersuite is PSK-only or rsa-psk; we must know
|
/* Ensure that the chosen ciphersuite is PSK-only, rsa-psk
|
||||||
* the ciphersuite in advance to set the correct policy for the
|
or ecdhe-psk; we must know the ciphersuite in
|
||||||
|
advance to set the correct policy for the
|
||||||
* PSK key slot. This limitation might go away in the future. */
|
* PSK key slot. This limitation might go away in the future. */
|
||||||
if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
|
if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
|
||||||
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ||
|
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK &&
|
||||||
|
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ||
|
||||||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
|
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "opaque PSKs are only supported in conjunction \
|
mbedtls_printf( "opaque PSKs are only supported in conjunction \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user