Add support for psa rsa-psk key exchange

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-04-05 17:19:41 +02:00
parent ae4ed30435
commit c2033409e3

View file

@ -5093,8 +5093,10 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ #endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
if( ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) &&
ssl_use_opaque_psk( ssl ) == 1 ) ssl_use_opaque_psk( ssl ) == 1 )
{ {
/* Perform PSK-to-MS expansion in a single step. */ /* Perform PSK-to-MS expansion in a single step. */
@ -5114,10 +5116,25 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
else else
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
size_t salt_len = 0;
unsigned char* salt = NULL;
if ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
{
/* Provide other key as salt.
* For RSA-PKS other key length is always 48 bytes.
* Other key is stored in premaster, where first 2 bytes hold the
* length of the other key. Skip them.
*/
salt_len = 48;
salt = handshake->premaster + 2;
}
status = setup_psa_key_derivation( &derivation, psk, alg, status = setup_psa_key_derivation( &derivation, psk, alg,
seed, seed_len, seed, seed_len,
(unsigned char const *) lbl, (unsigned char const *) lbl,
(size_t) strlen( lbl ), (size_t) strlen( lbl ),
salt, salt_len,
master_secret_len ); master_secret_len );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {