diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 807e7811da..d022721a7f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2388,43 +2388,10 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_parse_ecjpake_round_one( +int mbedtls_psa_ecjpake_read_round_one( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len ) -{ - psa_status_t status; - size_t input_offset = 0; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1; x <= 2; ++x ) - { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step ) - { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - status = psa_pake_input( pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - return psa_ssl_status_to_mbedtls( status ); - } - - input_offset += length; - } - } - - return( 0 ); -} + size_t len ); /** * \brief Parse the provided input buffer for getting the second round @@ -2436,60 +2403,10 @@ static inline int psa_tls12_parse_ecjpake_round_one( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_parse_ecjpake_round_two( +int mbedtls_psa_ecjpake_read_round_two( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len, int role ) -{ - psa_status_t status; - size_t input_offset = 0; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - size_t length; - - /* - * On its 2nd round, the server sends 3 extra bytes which identify the - * curve: - * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE - * - the 2nd and 3rd represent curve's TLS ID - * Validate this data before moving forward - */ - if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && - ( role == MBEDTLS_SSL_IS_CLIENT ) ) - { - uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); - - if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || - ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - input_offset += 3; - } - - /* Length is stored at the first byte */ - length = buf[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - status = psa_pake_input( pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - return psa_ssl_status_to_mbedtls( status ); - } - - input_offset += length; - } - - return( 0 ); -} + size_t len, int role ); /** * \brief Write the first round of key exchange into the provided output @@ -2502,43 +2419,10 @@ static inline int psa_tls12_parse_ecjpake_round_two( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_write_ecjpake_round_one( +int mbedtls_psa_ecjpake_write_round_one( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) - { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - - status = psa_pake_output( pake_ctx, step, - buf + output_offset, - len - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } - } - - *olen = output_offset; - - return( 0 ); -} + size_t len, size_t *olen ); /** * \brief Write the second round of key exchange into the provided output @@ -2551,38 +2435,11 @@ static inline int psa_tls12_write_ecjpake_round_one( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_write_ecjpake_round_two( +int mbedtls_psa_ecjpake_write_round_two( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; + size_t len, size_t *olen ); - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - status = psa_pake_output( pake_ctx, - step, buf + output_offset, - len - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } - - *olen = output_offset; - - return( 0 ); -} #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8771c595b9..35262cb885 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8194,6 +8194,173 @@ end: return( ret ); } +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_psa_ecjpake_read_round_one( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len ) +{ + psa_status_t status; + size_t input_offset = 0; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1; x <= 2; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; + step <= PSA_PAKE_STEP_ZK_PROOF; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + } + + return( 0 ); +} + +int mbedtls_psa_ecjpake_read_round_two( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len, int role ) +{ + psa_status_t status; + size_t input_offset = 0; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + size_t length; + + /* + * On its 2nd round, the server sends 3 extra bytes which identify the + * curve: + * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE + * - the 2nd and 3rd represent curve's TLS ID + * Validate this data before moving forward + */ + if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && + ( role == MBEDTLS_SSL_IS_CLIENT ) ) + { + uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); + + if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || + ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + input_offset += 3; + } + + /* Length is stored at the first byte */ + length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + + return( 0 ); +} + +int mbedtls_psa_ecjpake_write_round_one( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); + output_offset += 1; + + status = psa_pake_output( pake_ctx, step, + buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + } + + *olen = output_offset; + + return( 0 ); +} + +int mbedtls_psa_ecjpake_write_round_two( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); + output_offset += 1; + status = psa_pake_output( pake_ctx, + step, buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + + *olen = output_offset; + + return( 0 ); +} +#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO + #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c90ed2e46b..4e986d1dff 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -164,7 +164,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = psa_tls12_write_ecjpake_round_one(&ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_one(&ssl->handshake->psa_pake_ctx, p + 2, end - p - 2, &kkpp_len ); if ( ret != 0 ) { @@ -908,7 +908,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_one( + if( ( ret = mbedtls_psa_ecjpake_read_round_one( &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2333,7 +2333,7 @@ start_processing: if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_two( + if( ( ret = mbedtls_psa_ecjpake_read_round_two( &ssl->handshake->psa_pake_ctx, p, end - p, ssl->conf->endpoint ) ) != 0 ) { @@ -3292,7 +3292,7 @@ ecdh_calc_secret: unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; - ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, out_p, end_p - out_p, &content_len ); if ( ret != 0 ) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 38899f9528..f5c50ea671 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -305,7 +305,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( ( ret = psa_tls12_parse_ecjpake_round_one( + if ( ( ret = mbedtls_psa_ecjpake_read_round_one( &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2896,7 +2896,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 ); output_offset += sizeof( uint8_t ) + sizeof( uint16_t ); - ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, out_p + output_offset, end_p - out_p - output_offset, &output_len ); if( ret != 0 ) @@ -4143,7 +4143,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_two( + if( ( ret = mbedtls_psa_ecjpake_read_round_two( &ssl->handshake->psa_pake_ctx, p, end - p, ssl->conf->endpoint ) ) != 0 ) {