mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-30 06:33:06 +00:00
Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
316c19ef93
commit
29c219c285
@ -2116,22 +2116,15 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len);
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
|
||||
int mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
|
||||
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len);
|
||||
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
|
||||
|
||||
@ -33,7 +33,6 @@
|
||||
#include "ssl_client.h"
|
||||
#include "ssl_tls13_keys.h"
|
||||
#include "ssl_debug_helpers.h"
|
||||
#include "mbedtls/dhm.h"
|
||||
|
||||
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||
psa_to_ssl_errors, \
|
||||
@ -229,8 +228,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
|
||||
return MBEDTLS_ERR_SSL_BAD_CONFIG;
|
||||
}
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (*group_list >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
|
||||
*group_list <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192) {
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
|
||||
*group_id = *group_list;
|
||||
return 0;
|
||||
}
|
||||
@ -326,18 +324,8 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
|
||||
p += 4;
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
ssl, group_id, p, end, &key_exchange_len);
|
||||
}
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(group_id)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
|
||||
ssl, group_id, p, end, &key_exchange_len);
|
||||
}
|
||||
#endif /* PSA_WANT_ALG_FFDH */
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
ssl, group_id, p, end, &key_exchange_len);
|
||||
p += key_exchange_len;
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
|
||||
@ -1513,7 +1513,36 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
static psa_key_type_t mbedtls_psa_parse_tls_ffdh_group(
|
||||
uint16_t tls_ecc_grp_reg_id, size_t *bits, psa_key_type_t *key_type)
|
||||
{
|
||||
switch (tls_ecc_grp_reg_id) {
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
|
||||
*bits = 2048;
|
||||
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
return PSA_SUCCESS;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
|
||||
*bits = 3072;
|
||||
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
return PSA_SUCCESS;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
|
||||
*bits = 4096;
|
||||
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
return PSA_SUCCESS;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
|
||||
*bits = 6144;
|
||||
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
return PSA_SUCCESS;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
|
||||
*bits = 8192;
|
||||
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
return PSA_SUCCESS;
|
||||
default:
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
@ -1525,26 +1554,57 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
psa_key_attributes_t key_attributes;
|
||||
size_t own_pubkey_len;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
psa_ecc_family_t ec_psa_family = 0;
|
||||
size_t ec_bits = 0;
|
||||
size_t bits = 0;
|
||||
psa_key_type_t key_type = 0;
|
||||
size_t buf_size = (size_t) (end - buf);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation."));
|
||||
|
||||
/* Convert EC's TLS ID to PSA key type. */
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
psa_ecc_family_t ec_psa_family = 0;
|
||||
if (mbedtls_ssl_get_psa_curve_info_from_tls_id(
|
||||
named_group, &ec_psa_family, &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
|
||||
named_group, &ec_psa_family, &bits) == PSA_SUCCESS) {
|
||||
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
|
||||
}
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_psa_parse_tls_ffdh_group(named_group, &bits, &key_type) == PSA_SUCCESS) {
|
||||
if (PSA_KEY_TYPE_IS_DH(key_type)) {
|
||||
if (buf_size < PSA_BITS_TO_BYTES(bits)) {
|
||||
|
||||
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
}
|
||||
buf_size = PSA_BITS_TO_BYTES(bits);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (key_type == 0) {
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
|
||||
ssl->handshake->ecdh_bits = ec_bits;
|
||||
|
||||
handshake->ecdh_psa_type = key_type;
|
||||
ssl->handshake->ecdh_bits = bits;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
|
||||
if (PSA_KEY_TYPE_IS_ECC(key_type)) {
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
|
||||
#endif
|
||||
} else {
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_FFDH);
|
||||
#endif
|
||||
}
|
||||
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
/* Generate ECDH/FFDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@ -1554,10 +1614,11 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
|
||||
}
|
||||
|
||||
/* Export the public part of the ECDH private key from PSA. */
|
||||
/* Export the public part of the ECDH/FFDH private key from PSA. */
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
buf, (size_t) (end - buf),
|
||||
buf, buf_size,
|
||||
&own_pubkey_len);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||
@ -1571,92 +1632,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
}
|
||||
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
|
||||
|
||||
#if defined(PSA_WANT_ALG_FFDH)
|
||||
static psa_key_type_t mbedtls_psa_parse_tls_ffdh_group(
|
||||
uint16_t tls_ecc_grp_reg_id, size_t *bits)
|
||||
{
|
||||
switch (tls_ecc_grp_reg_id) {
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
|
||||
*bits = 2048;
|
||||
return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
|
||||
*bits = 3072;
|
||||
return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
|
||||
*bits = 4096;
|
||||
return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
|
||||
*bits = 6144;
|
||||
return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
|
||||
*bits = 8192;
|
||||
return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
|
||||
mbedtls_ssl_context *ssl,
|
||||
uint16_t named_group,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *out_len)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
psa_key_attributes_t key_attributes;
|
||||
size_t own_pubkey_len;
|
||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||
size_t ffdh_bits = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based DHE computation."));
|
||||
|
||||
/* Convert DHE group to PSA key type. */
|
||||
if ((handshake->ecdh_psa_type =
|
||||
mbedtls_psa_parse_tls_ffdh_group(named_group, &ffdh_bits)) == 0) {
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
|
||||
if ((size_t) (end - buf) < PSA_BITS_TO_BYTES(ffdh_bits)) {
|
||||
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
return ret;
|
||||
}
|
||||
|
||||
ssl->handshake->ecdh_bits = ffdh_bits;
|
||||
|
||||
key_attributes = psa_key_attributes_init();
|
||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&key_attributes, PSA_ALG_FFDH);
|
||||
psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
|
||||
psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
|
||||
|
||||
/* Generate FFDH private key. */
|
||||
status = psa_generate_key(&key_attributes,
|
||||
&handshake->ecdh_psa_privkey);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
/* Export the public part of the FFDH private key from PSA. */
|
||||
status = psa_export_public_key(handshake->ecdh_psa_privkey,
|
||||
buf, PSA_BITS_TO_BYTES(ffdh_bits),
|
||||
&own_pubkey_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
*out_len = own_pubkey_len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* PSA_WANT_ALG_FFDH */
|
||||
|
||||
/* RFC 8446 section 4.2
|
||||
*
|
||||
* If an implementation receives an extension which it recognizes and which is
|
||||
|
||||
@ -1912,30 +1912,19 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
|
||||
|
||||
*out_len = 0;
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) ||
|
||||
mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
|
||||
ssl, named_group, buf, end, out_len);
|
||||
if (ret != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
1, "mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange",
|
||||
1, "mbedtls_ssl_tls13_generate_and_write_dh_key_exchange",
|
||||
ret);
|
||||
return ret;
|
||||
}
|
||||
} else
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
#if defined(MBEDTLS_DHM_C) || defined(PSA_WANT_ALG_FFDH)
|
||||
if (mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
|
||||
ret = mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
|
||||
ssl, named_group, buf, end, out_len);
|
||||
if (ret != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
1, "mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange",
|
||||
ret);
|
||||
return ret;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_DHM_C || PSA_WANT_ALG_FFDH */
|
||||
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
|
||||
if (0 /* Other kinds of KEMs */) {
|
||||
} else {
|
||||
((void) ssl);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user