ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-03-09 15:40:52 +01:00
parent b6ce0b6cd8
commit fd32e9609b

View file

@ -3878,6 +3878,56 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t data_len = (size_t)( *p++ );
size_t buf_len = (size_t)( end - p );
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Read the peer's public key." ) );
/*
* We must have at least two bytes (1 for length, at least 1 for data)
*/
if( buf_len < 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid buffer length" ) );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
if( data_len < 1 || data_len > buf_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid data length" ) );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
/* Store peer's ECDH public key. */
memcpy( handshake->ecdh_psa_peerkey, p, data_len );
handshake->ecdh_psa_peerkey_len = data_len;
/* Compute ECDH shared secret. */
status = psa_raw_key_agreement(
PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
handshake->premaster, sizeof( handshake->premaster ),
&handshake->pmslen );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
return( ret );
}
status = psa_destroy_key( handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#else
if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
p, end - p) ) != 0 )
{
@ -3900,6 +3950,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z );
#endif
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||