diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 50715b584..55d780208 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3878,6 +3878,56 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t data_len = (size_t)( *p++ ); + size_t buf_len = (size_t)( end - p ); + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Read the peer's public key." ) ); + + /* + * We must have at least two bytes (1 for length, at least 1 for data) + */ + if( buf_len < 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid buffer length" ) ); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } + + if( data_len < 1 || data_len > buf_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid data length" ) ); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } + + /* Store peer's ECDH public key. */ + memcpy( handshake->ecdh_psa_peerkey, p, data_len ); + handshake->ecdh_psa_peerkey_len = data_len; + + /* Compute ECDH shared secret. */ + status = psa_raw_key_agreement( + PSA_ALG_ECDH, handshake->ecdh_psa_privkey, + handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, + handshake->premaster, sizeof( handshake->premaster ), + &handshake->pmslen ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret ); + return( ret ); + } + + status = psa_destroy_key( handshake->ecdh_psa_privkey ); + + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret ); + return( ret ); + } + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; +#else if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, p, end - p) ) != 0 ) { @@ -3900,6 +3950,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_Z ); +#endif } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||