From 6f199859b611ece6345f6a4193738ebf1f9f3b1d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 29 Jun 2023 08:59:26 +0200 Subject: [PATCH] Adapt handshake fields to ffdh Signed-off-by: Przemek Stekiel --- library/ssl_misc.h | 12 ++-- library/ssl_tls.c | 4 +- library/ssl_tls12_client.c | 66 ++++++++++---------- library/ssl_tls12_server.c | 93 ++++++++++++++-------------- library/ssl_tls13_client.c | 4 +- library/ssl_tls13_generic.c | 16 ++--- library/ssl_tls13_keys.c | 10 +-- tests/suites/test_suite_ssl.function | 2 +- 8 files changed, 104 insertions(+), 103 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 03a00b5d7..cbc04fda6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -769,12 +769,12 @@ struct mbedtls_ssl_handshake_params { #if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) - psa_key_type_t ecdh_psa_type; - size_t ecdh_bits; - mbedtls_svc_key_id_t ecdh_psa_privkey; - uint8_t ecdh_psa_privkey_is_external; - unsigned char ecdh_psa_peerkey[DH_PSA_PEERKEY_SIZE]; - size_t ecdh_psa_peerkey_len; + psa_key_type_t dh_psa_type; + size_t dh_bits; + mbedtls_svc_key_id_t dh_psa_privkey; + uint8_t dh_psa_privkey_is_external; + unsigned char dh_psa_peerkey[DH_PSA_PEERKEY_SIZE]; + size_t dh_psa_peerkey_len; #endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8d90075a4..44f2db6ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4218,8 +4218,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) - if (handshake->ecdh_psa_privkey_is_external == 0) { - psa_destroy_key(handshake->ecdh_psa_privkey); + if (handshake->dh_psa_privkey_is_external == 0) { + psa_destroy_key(handshake->dh_psa_privkey); } #endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e4f38212f..f77386de2 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1761,8 +1761,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, &ec_bits) == PSA_ERROR_NOT_SUPPORTED) { return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } - handshake->ecdh_psa_type = key_type; - handshake->ecdh_bits = ec_bits; + handshake->dh_psa_type = key_type; + handshake->dh_bits = ec_bits; /* Keep a copy of the peer's public key */ ecpoint_len = *(*p)++; @@ -1771,13 +1771,13 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, } #if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { + if (ecpoint_len > sizeof(handshake->dh_psa_peerkey)) { return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } #endif - memcpy(handshake->ecdh_psa_peerkey, *p, ecpoint_len); - handshake->ecdh_psa_peerkey_len = ecpoint_len; + memcpy(handshake->dh_psa_peerkey, *p, ecpoint_len); + handshake->dh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; return 0; @@ -2038,27 +2038,27 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->ecdh_bits); + &ssl->handshake->dh_bits); - ssl->handshake->ecdh_psa_type = key_type; + ssl->handshake->dh_psa_type = key_type; /* Store peer's public key in psa format. */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); - ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len; + memcpy(ssl->handshake->dh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); + ssl->handshake->dh_psa_peerkey_len = peer_pk->pub_raw_len; ret = 0; #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ size_t olen = 0; ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, - ssl->handshake->ecdh_psa_peerkey, + ssl->handshake->dh_psa_peerkey, MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); return ret; } - ssl->handshake->ecdh_psa_peerkey_len = olen; + ssl->handshake->dh_psa_peerkey_len = olen; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, @@ -2788,12 +2788,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->ecdh_bits); + psa_set_key_type(&key_attributes, handshake->dh_psa_type); + psa_set_key_bits(&key_attributes, handshake->dh_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, - &handshake->ecdh_psa_privkey); + &handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } @@ -2806,12 +2806,12 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) size_t own_pubkey_max_len = (size_t) (end - own_pubkey); size_t own_pubkey_len; - status = psa_export_public_key(handshake->ecdh_psa_privkey, + status = psa_export_public_key(handshake->dh_psa_privkey, own_pubkey, own_pubkey_max_len, &own_pubkey_len); if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } @@ -2822,15 +2822,15 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) /* Compute ECDH shared secret. */ status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, - handshake->ecdh_psa_peerkey_len, + handshake->dh_psa_privkey, + handshake->dh_psa_peerkey, + handshake->dh_psa_peerkey_len, ssl->handshake->premaster, sizeof(ssl->handshake->premaster), &ssl->handshake->pmslen); - destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + destruction_status = psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; @@ -2960,12 +2960,12 @@ ecdh_calc_secret: key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->ecdh_bits); + psa_set_key_type(&key_attributes, handshake->dh_psa_type); + psa_set_key_bits(&key_attributes, handshake->dh_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, - &handshake->ecdh_psa_privkey); + &handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); } @@ -2978,12 +2978,12 @@ ecdh_calc_secret: size_t own_pubkey_max_len = (size_t) (end - own_pubkey); size_t own_pubkey_len = 0; - status = psa_export_public_key(handshake->ecdh_psa_privkey, + status = psa_export_public_key(handshake->dh_psa_privkey, own_pubkey, own_pubkey_max_len, &own_pubkey_len); if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return PSA_TO_MBEDTLS_ERR(status); } @@ -3005,15 +3005,15 @@ ecdh_calc_secret: /* Perform ECDH computation after the uint16 reserved for the length */ status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, - handshake->ecdh_psa_peerkey_len, + handshake->dh_psa_privkey, + handshake->dh_psa_peerkey, + handshake->dh_psa_peerkey_len, pms + zlen_size, pms_end - (pms + zlen_size), &zlen); - destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + destruction_status = psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index bebc5d904..c023d1fb7 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2628,19 +2628,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - ssl->handshake->ecdh_psa_privkey = pk->priv_id; - /* Key should not be destroyed in the TLS library */ - ssl->handshake->ecdh_psa_privkey_is_external = 1; + ssl->handshake->dh_psa_privkey = pk->priv_id; - status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey, + /* Key should not be destroyed in the TLS library */ + ssl->handshake->dh_psa_privkey_is_external = 1; + + status = psa_get_key_attributes(ssl->handshake->dh_psa_privkey, &key_attributes); if (status != PSA_SUCCESS) { - ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + ssl->handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return PSA_TO_MBEDTLS_ERR(status); } - ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->ecdh_bits = psa_get_key_bits(&key_attributes); + ssl->handshake->dh_psa_type = psa_get_key_type(&key_attributes); + ssl->handshake->dh_bits = psa_get_key_bits(&key_attributes); psa_reset_key_attributes(&key_attributes); @@ -2664,16 +2665,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->ecdh_bits); + &ssl->handshake->dh_bits); - ssl->handshake->ecdh_psa_type = key_type; + ssl->handshake->dh_psa_type = key_type; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); + PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->dh_psa_type)); + psa_set_key_bits(&key_attributes, ssl->handshake->dh_bits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); @@ -2683,7 +2684,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->ecdh_psa_privkey); + &ssl->handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); mbedtls_platform_zeroize(buf, sizeof(buf)); @@ -2980,14 +2981,14 @@ curve_matching_done: MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse.")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - handshake->ecdh_psa_type = key_type; - handshake->ecdh_bits = ec_bits; + handshake->dh_psa_type = key_type; + handshake->dh_bits = ec_bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->ecdh_bits); + psa_set_key_type(&key_attributes, handshake->dh_psa_type); + psa_set_key_bits(&key_attributes, handshake->dh_bits); /* * ECParameters curve_params @@ -3004,7 +3005,7 @@ curve_matching_done: /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, - &handshake->ecdh_psa_privkey); + &handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); @@ -3026,14 +3027,14 @@ curve_matching_done: size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - (own_pubkey - ssl->out_msg)); - status = psa_export_public_key(handshake->ecdh_psa_privkey, + status = psa_export_public_key(handshake->dh_psa_privkey, own_pubkey, own_pubkey_max_len, &len); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); - (void) psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + (void) psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return ret; } @@ -3728,27 +3729,27 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } /* Store peer's ECDH public key. */ - memcpy(handshake->ecdh_psa_peerkey, p, data_len); - handshake->ecdh_psa_peerkey_len = data_len; + memcpy(handshake->dh_psa_peerkey, p, data_len); + handshake->dh_psa_peerkey_len = data_len; /* Compute ECDH shared secret. */ status = psa_raw_key_agreement( - PSA_ALG_ECDH, handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, + PSA_ALG_ECDH, handshake->dh_psa_privkey, + handshake->dh_psa_peerkey, handshake->dh_psa_peerkey_len, handshake->premaster, sizeof(handshake->premaster), &handshake->pmslen); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); - if (handshake->ecdh_psa_privkey_is_external == 0) { - (void) psa_destroy_key(handshake->ecdh_psa_privkey); + if (handshake->dh_psa_privkey_is_external == 0) { + (void) psa_destroy_key(handshake->dh_psa_privkey); } - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return ret; } - if (handshake->ecdh_psa_privkey_is_external == 0) { - status = psa_destroy_key(handshake->ecdh_psa_privkey); + if (handshake->dh_psa_privkey_is_external == 0) { + status = psa_destroy_key(handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); @@ -3756,7 +3757,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } } - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; #else if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, p, end - p)) != 0) { @@ -3889,35 +3890,35 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return ret; } /* Keep a copy of the peer's public key */ if (p >= end) { - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return MBEDTLS_ERR_SSL_DECODE_ERROR; } ecpoint_len = *(p++); if ((size_t) (end - p) < ecpoint_len) { - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return MBEDTLS_ERR_SSL_DECODE_ERROR; } #if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { - psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + if (ecpoint_len > sizeof(handshake->dh_psa_peerkey)) { + psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } #endif - memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len); - handshake->ecdh_psa_peerkey_len = ecpoint_len; + memcpy(handshake->dh_psa_peerkey, p, ecpoint_len); + handshake->dh_psa_peerkey_len = ecpoint_len; p += ecpoint_len; /* As RFC 5489 section 2, the premaster secret is formed as follows: @@ -3935,15 +3936,15 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) /* Compute ECDH shared secret. */ status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, - handshake->ecdh_psa_peerkey_len, + handshake->dh_psa_privkey, + handshake->dh_psa_peerkey, + handshake->dh_psa_peerkey_len, psm + zlen_size, psm_end - (psm + zlen_size), &zlen); - destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + destruction_status = psa_destroy_key(handshake->dh_psa_privkey); + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; if (status != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a9b5d735d..b133fe2d8 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -201,14 +201,14 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Destroy generated private key. */ - status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey); + status = psa_destroy_key(ssl->handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); return ret; } - ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + ssl->handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1bf627d60..4ea4d01ff 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1516,8 +1516,8 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len); /* Store peer's ECDH public key. */ - memcpy(handshake->ecdh_psa_peerkey, p, peerkey_len); - handshake->ecdh_psa_peerkey_len = peerkey_len; + memcpy(handshake->dh_psa_peerkey, p, peerkey_len); + handshake->dh_psa_peerkey_len = peerkey_len; return 0; } @@ -1592,18 +1592,18 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - handshake->ecdh_psa_type = key_type; - ssl->handshake->ecdh_bits = bits; + handshake->dh_psa_type = key_type; + ssl->handshake->dh_bits = bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->ecdh_bits); + psa_set_key_type(&key_attributes, handshake->dh_psa_type); + psa_set_key_bits(&key_attributes, handshake->dh_bits); /* Generate ECDH/FFDH private key. */ status = psa_generate_key(&key_attributes, - &handshake->ecdh_psa_privkey); + &handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); @@ -1612,7 +1612,7 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange( } /* Export the public part of the ECDH/FFDH private key from PSA. */ - status = psa_export_public_key(handshake->ecdh_psa_privkey, + status = psa_export_public_key(handshake->dh_psa_privkey, buf, buf_size, &own_pubkey_len); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d5b45b69a..e8b009f48 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1502,7 +1502,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - status = psa_get_key_attributes(handshake->ecdh_psa_privkey, + status = psa_get_key_attributes(handshake->dh_psa_privkey, &key_attributes); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); @@ -1516,8 +1516,8 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) } status = psa_raw_key_agreement( - alg, handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, + alg, handshake->dh_psa_privkey, + handshake->dh_psa_peerkey, handshake->dh_psa_peerkey_len, shared_secret, shared_secret_len, &shared_secret_len); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); @@ -1525,14 +1525,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) goto cleanup; } - status = psa_destroy_key(handshake->ecdh_psa_privkey); + status = psa_destroy_key(handshake->dh_psa_privkey); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); goto cleanup; } - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + handshake->dh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ } else { MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f793ec47b..f8644f1c6 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3386,7 +3386,7 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) if (bad_server_ecdhe_key) { /* Force a simulated bitflip in the server key. to make the * raw key agreement in ssl_write_client_key_exchange fail. */ - (client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02; + (client.ssl).handshake->dh_psa_peerkey[0] ^= 0x02; } TEST_EQUAL(mbedtls_test_move_handshake_to_state(