yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tls: pake: small code refactoring for password setting functions

Browse source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-09 14:17:50 +01:00
parent 9d313dfeeb
commit 016f682796
1 changed files with 48 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

117
library/ssl_tls.c
View file

@ -1852,27 +1852,55 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* Set EC J-PAKE password for current handshake
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
const unsigned char *pw,
size_t pw_len )
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_pake_role_t psa_role;
psa_status_t status;
if( ssl->handshake == NULL || ssl->conf == NULL ) #if defined(MBEDTLS_USE_PSA_CRYPTO)
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t pwd )
{
psa_status_t status;
psa_pake_role_t psa_role;
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE );
psa_pake_cs_set_primitive( &cipher_suite,
PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1,
256) );
psa_pake_cs_set_hash( &cipher_suite, PSA_ALG_SHA_256 );
status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite );
if( status != PSA_SUCCESS )
return status;
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
psa_role = PSA_PAKE_ROLE_SERVER; psa_role = PSA_PAKE_ROLE_SERVER;
else else
psa_role = PSA_PAKE_ROLE_CLIENT; psa_role = PSA_PAKE_ROLE_CLIENT;
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
if( status != PSA_SUCCESS )
return status;
status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd );
if( status != PSA_SUCCESS )
return status;
ssl->handshake->psa_pake_ctx_is_ok = 1;
return ( PSA_SUCCESS );
}
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
const unsigned char *pw,
size_t pw_len )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
if( ssl->handshake == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Empty password is not valid */ /* Empty password is not valid */
if( ( pw == NULL) || ( pw_len == 0 ) ) if( ( pw == NULL) || ( pw_len == 0 ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -1886,29 +1914,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE ); status = mbedtls_ssl_set_hs_ecjpake_password_common( ssl,
psa_pake_cs_set_primitive( &cipher_suite,
PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1,
256) );
psa_pake_cs_set_hash( &cipher_suite, PSA_ALG_SHA_256 );
status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite );
if( status != PSA_SUCCESS )
{
psa_destroy_key( ssl->handshake->psa_pake_password );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
if( status != PSA_SUCCESS )
{
psa_destroy_key( ssl->handshake->psa_pake_password );
psa_pake_abort( &ssl->handshake->psa_pake_ctx );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx,
ssl->handshake->psa_pake_password ); ssl->handshake->psa_pake_password );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {
@ -1917,16 +1923,12 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
} }
ssl->handshake->psa_pake_ctx_is_ok = 1;
return( 0 ); return( 0 );
} }
int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl, int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t pwd ) mbedtls_svc_key_id_t pwd )
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_role_t psa_role;
psa_status_t status; psa_status_t status;
if( ssl->handshake == NULL || ssl->conf == NULL ) if( ssl->handshake == NULL || ssl->conf == NULL )
@ -1935,38 +1937,15 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
if( mbedtls_svc_key_id_is_null( pwd ) ) if( mbedtls_svc_key_id_is_null( pwd ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE ); status = mbedtls_ssl_set_hs_ecjpake_password_common( ssl, pwd );
psa_pake_cs_set_primitive( &cipher_suite,
PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1,
256) );
psa_pake_cs_set_hash( &cipher_suite, PSA_ALG_SHA_256 );
status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); {
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
psa_role = PSA_PAKE_ROLE_SERVER;
else
psa_role = PSA_PAKE_ROLE_CLIENT;
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
if( status != PSA_SUCCESS )
goto error;
status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd );
if( status != PSA_SUCCESS )
goto error;
ssl->handshake->psa_pake_ctx_is_ok = 1;
return( 0 );
error:
psa_pake_abort( &ssl->handshake->psa_pake_ctx ); psa_pake_abort( &ssl->handshake->psa_pake_ctx );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
} }
return( 0 );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_USE_PSA_CRYPTO */
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
const unsigned char *pw, const unsigned char *pw,