Merge pull request #5636 from mprse/tls_ecdh_2b

TLS ECDH 2b: client-side static ECDH (1.2)
2022-03-18 11:36:53 +01:00 · 2022-03-18 11:36:53 +01:00 · e5b53193e0
commit e5b53193e0
parent 8d4bc5eeb9 068a6b4013
1 changed files with 52 additions and 8 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2242,8 +2242,9 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    ( !defined(MBEDTLS_USE_PSA_CRYPTO) &&                                  \
+        ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) )
 static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
 {
    const mbedtls_ecp_curve_info *curve_info;
@ -2274,8 +2275,9 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+          ( !MBEDTLS_USE_PSA_CRYPTO &&
+            ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */

 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
@ -2610,6 +2612,42 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )

    peer_key = mbedtls_pk_ec( *peer_pk );

+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    size_t ecdh_bits = 0;
+    size_t olen = 0;
+
+    if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+    }
+
+    ssl->handshake->ecdh_psa_type =
+        PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id,
+                                                             &ecdh_bits ) );
+
+    if( ssl->handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group conversion to psa." ) );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    }
+
+    ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+
+    /* Store peer's public key in psa format. */
+    ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q,
+                                          MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
+                                          ssl->handshake->ecdh_psa_peerkey,
+                                          MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH );
+
+    if ( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecp_point_write_binary" ), ret );
+        return( ret );
+    }
+
+    ssl->handshake->ecdh_psa_peerkey_len = olen;
+#else
    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
    {
@ -2622,7 +2660,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
        return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
    }
-
+#endif
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
    /* We don't need the peer's public key anymore. Free it,
     * so that more RAM is available for upcoming expensive
@ -3288,9 +3326,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
-          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||   \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||      \
+          defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
    {
        psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
        psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
@ -3366,7 +3408,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
    else
 #endif /* MBEDTLS_USE_PSA_CRYPTO &&
            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+              MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \