From eb3f788b032a514875320db819b67625cd9fedb8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Dec 2022 18:42:58 +0100 Subject: [PATCH] tls: pake: do not destroy password key in TLS Signed-off-by: Valerio Setti --- library/ssl_tls.c | 14 ++++++++++---- programs/ssl/ssl_client2.c | 18 +++++++----------- programs/ssl/ssl_server2.c | 18 +++++++----------- 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 57cfe424e..259d08884 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1934,7 +1934,6 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl, if( mbedtls_svc_key_id_is_null( pwd ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->handshake->psa_pake_password = pwd; psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE ); psa_pake_cs_set_primitive( &cipher_suite, @@ -1956,8 +1955,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl, if( status != PSA_SUCCESS ) goto error; - status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, - ssl->handshake->psa_pake_password ); + status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd ); if( status != PSA_SUCCESS ) goto error; @@ -4037,7 +4035,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_pake_abort( &handshake->psa_pake_ctx ); - psa_destroy_key( handshake->psa_pake_password ); + /* + * Opaque keys are not stored in the handshake's data and it's the user + * responsibility to destroy them. Clear ones, instead, are created by + * the TLS library and should be destroyed at the same level + */ + if( ! mbedtls_svc_key_id_is_null( handshake->psa_pake_password ) ) + { + psa_destroy_key( handshake->psa_pake_password ); + } handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; #else mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 54e9861cc..13ffa3d53 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3329,18 +3329,14 @@ exit: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) - if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) + /* + * In case opaque keys it's the user responsibility to keep the key valid + * for the duration of the handshake and destroy it at the end + */ + if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) && + ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) ) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - /* Ensure the key is still valid before destroying it */ - status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr ); - if( status == PSA_SUCCESS && - PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) ) - { - psa_destroy_key( ecjpake_pw_slot ); - } - psa_reset_key_attributes( &key_attr ); + psa_destroy_key( ecjpake_pw_slot ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 004616fd1..4b195c4f1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4439,18 +4439,14 @@ exit: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) - if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) + /* + * In case opaque keys it's the user responsibility to keep the key valid + * for the duration of the handshake and destroy it at the end + */ + if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) && + ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) ) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - /* Ensure the key is still valid before destroying it */ - status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr ); - if( status == PSA_SUCCESS && - PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) ) - { - psa_destroy_key( ecjpake_pw_slot ); - } - psa_reset_key_attributes( &key_attr ); + psa_destroy_key( ecjpake_pw_slot ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */