diff --git a/library/ssl_misc.h b/library/ssl_misc.h index acb38cf811..b9fd53e766 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1619,26 +1619,10 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id( mbedtls_ecp_group_id grp_id ) * * \param tls_id The TLS ID to look for * \return A pointer to a const string with the proper name. If TLS - * ID is not suppoted, a NULL pointer is returned insted. + * ID is not suppoted, a NULL pointer is returned instead. */ const char* mbedtls_ssl_get_curve_name_from_tls_id( uint16_t tls_id ); -/* This function transforms an ECC group identifier from - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - * into a PSA ECC group identifier. */ -#if defined(MBEDTLS_ECP_C) -static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( - uint16_t tls_ecc_grp_reg_id, size_t *bits ) -{ - mbedtls_ecp_group_id grp_id = - mbedtls_ssl_get_ecp_group_id_from_tls_id( tls_ecc_grp_reg_id ); - if( grp_id == MBEDTLS_ECP_DP_NONE ) - return( 0 ); - return( PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa( grp_id, bits ) ) ); -} -#endif /* MBEDTLS_ECP_C */ - #if defined(MBEDTLS_SSL_DTLS_SRTP) static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value ( const uint16_t srtp_profile_value ) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7c54820f33..58f0a375c1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1800,9 +1800,10 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, unsigned char *end ) { uint16_t tls_id; - size_t ecdh_bits = 0; uint8_t ecpoint_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; + psa_ecc_family_t ec_psa_family = 0; + size_t ec_bits = 0; /* * struct { @@ -1836,13 +1837,14 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - /* Convert EC group to PSA key type. */ - if( ( handshake->ecdh_psa_type = - mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) + /* Convert EC's TLS ID to PSA key type. */ + if( mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ec_psa_family, + &ec_bits ) == PSA_ERROR_NOT_SUPPORTED ) { return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - handshake->ecdh_bits = ecdh_bits; + handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family ); + handshake->ecdh_bits = ec_bits; /* Keep a copy of the peer's public key */ ecpoint_len = *(*p)++; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a90617f9a6..fb053c689a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3019,24 +3019,24 @@ curve_matching_done: psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t ecdh_bits = 0; uint8_t *p = ssl->out_msg + ssl->out_msglen; const size_t header_size = 4; // curve_type(1), namedcurve(2), // data length(1) const size_t data_length_size = 1; + psa_ecc_family_t ec_psa_family = 0; + size_t ec_bits = 0; MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); - /* Convert EC group to PSA key type. */ - handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( - *curr_tls_id, &ecdh_bits ); - - if( handshake->ecdh_psa_type == 0 ) + /* Convert EC's TLS ID to PSA key type. */ + if( mbedtls_ssl_get_psa_curve_info_from_tls_id( *curr_tls_id, + &ec_psa_family, &ec_bits ) == PSA_ERROR_NOT_SUPPORTED ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - handshake->ecdh_bits = ecdh_bits; + handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family ); + handshake->ecdh_bits = ec_bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 761c00ec52..7a85063df2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1518,16 +1518,19 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( psa_key_attributes_t key_attributes; size_t own_pubkey_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t ecdh_bits = 0; + psa_ecc_family_t ec_psa_family = 0; + size_t ec_bits = 0; MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); - /* Convert EC group to PSA key type. */ - if( ( handshake->ecdh_psa_type = - mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 ) - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - - ssl->handshake->ecdh_bits = ecdh_bits; + /* Convert EC's TLS ID to PSA key type. */ + if( mbedtls_ssl_get_psa_curve_info_from_tls_id( named_group, + &ec_psa_family, &ec_bits ) == PSA_ERROR_NOT_SUPPORTED ) + { + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family ); + ssl->handshake->ecdh_bits = ec_bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );