yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove ECDH code specific to TLS 1.3

Browse source 
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-04-05 16:25:33 +02:00
parent 9d0a3e8296
commit fd8cbda3ec
4 changed files with 0 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

138
library/ecdh.c
View file

@ -32,8 +32,6 @@
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "ecdh_misc.h"
#include <string.h> #include <string.h>
/* Parameter validation macros based on platform_util.h */ /* Parameter validation macros based on platform_util.h */
@ -727,140 +725,4 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
} }
#endif #endif
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
size_t *out_len, int point_format,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
f_rng, p_rng ) ) != 0 )
return( ret );
ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
out_len, buf, buf_len );
if( ret != 0 )
return( ret );
return( 0 );
}
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
{
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( out_len != NULL );
ECDH_VALIDATE_RET( buf != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ctx-> restart_enabled )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
#else
switch( ctx->var )
{
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh,
out_len, ctx->point_format,
buf, buf_len, f_rng, p_rng ) );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
/*
* Setup context without Everest
*/
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id )
{
ECDH_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
#else
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
ctx->grp_id = grp_id;
ecdh_init_internal( &ctx->ctx.mbed_ecdh );
return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
#endif
}
static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
const unsigned char *buf,
size_t buf_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *p = buf;
size_t data_len;
if( buf_len < 3 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
data_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
if( data_len < 1 || data_len != ( buf_len - 2 ) )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ( ret = mbedtls_ecp_point_read_binary( &ctx->grp,
&ctx->Qp, p, data_len ) ) != 0)
{
return( ret );
}
return( 0 );
}
/*
* Parse and import the client's TLS 1.3 public value
*/
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf,
size_t buf_len )
{
ECDH_VALIDATE_RET( ctx != NULL );
ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_tls13_read_public_internal( ctx, buf, buf_len ) );
#else
switch( ctx->var )
{
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
case MBEDTLS_ECDH_VARIANT_EVEREST:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#endif
case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh,
buf, buf_len ) );
default:
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */

57
library/ecdh_misc.h
View file

@ -1,57 +0,0 @@
/**
* \file ecdh_misc.h
*
* \brief Internal functions shared by the ECDH module
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 ( the "License" ); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if !defined(MBEDTLS_ECDH_MISC_H)
#define MBEDTLS_ECDH_MISC_H
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
#if defined(MBEDTLS_ECDH_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/*
* Setup context without Everest
*/
int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx,
mbedtls_ecp_group_id grp_id );
/*
* TLS 1.3 version of mbedtls_ecdh_make_params
*/
int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t buf_len,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng );
/*
* TLS 1.3 version of mbedtls_ecdh_read_public
*/
int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf,
size_t buf_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_ECDH_C */
#endif /* !MBEDTLS_ECDH_MISC_H */

1
library/ssl_client.c
View file

@ -42,7 +42,6 @@
#include "ssl_client.h" #include "ssl_client.h"
#include "ssl_misc.h" #include "ssl_misc.h"
#include "ecdh_misc.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"

1
library/ssl_tls13_client.c
View file

@ -30,7 +30,6 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "ssl_misc.h" #include "ssl_misc.h"
#include "ecdh_misc.h"
#include "ssl_client.h" #include "ssl_client.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"