tls: pake: do not destroy password key in TLS

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-08 18:42:58 +01:00
parent 2a3ffb4203
commit eb3f788b03
3 changed files with 24 additions and 26 deletions

View file

@ -1934,7 +1934,6 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
if( mbedtls_svc_key_id_is_null( pwd ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->handshake->psa_pake_password = pwd;
psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE );
psa_pake_cs_set_primitive( &cipher_suite,
@ -1956,8 +1955,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
if( status != PSA_SUCCESS )
goto error;
status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx,
ssl->handshake->psa_pake_password );
status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd );
if( status != PSA_SUCCESS )
goto error;
@ -4037,7 +4035,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_pake_abort( &handshake->psa_pake_ctx );
psa_destroy_key( handshake->psa_pake_password );
/*
* Opaque keys are not stored in the handshake's data and it's the user
* responsibility to destroy them. Clear ones, instead, are created by
* the TLS library and should be destroyed at the same level
*/
if( ! mbedtls_svc_key_id_is_null( handshake->psa_pake_password ) )
{
psa_destroy_key( handshake->psa_pake_password );
}
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
#else
mbedtls_ecjpake_free( &handshake->ecjpake_ctx );

View file

@ -3329,18 +3329,14 @@ exit:
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
*/
if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
{
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Ensure the key is still valid before destroying it */
status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
if( status == PSA_SUCCESS &&
PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
{
psa_destroy_key( ecjpake_pw_slot );
}
psa_reset_key_attributes( &key_attr );
psa_destroy_key( ecjpake_pw_slot );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */

View file

@ -4439,18 +4439,14 @@ exit:
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
*/
if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
{
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Ensure the key is still valid before destroying it */
status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
if( status == PSA_SUCCESS &&
PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
{
psa_destroy_key( ecjpake_pw_slot );
}
psa_reset_key_attributes( &key_attr );
psa_destroy_key( ecjpake_pw_slot );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */