yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 17:35:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

USE_PSA_CRYPTO: don't rely on the curve encoding

Browse Source 
Adapt to the change of encoding of elliptic curve key types in PSA
crypto. Before, an EC key type encoded the TLS curve identifier. Now
the EC key type only includes an ad hoc curve family identifier, and
determining the exact curve requires both the key type and size. This
commit moves from the old encoding and old definitions from
crypto/include/mbedtls/psa_util.h to the new encoding and definitions
from the immediately preceding crypto submodule update.
This commit is contained in:
Gilles Peskine 2019-12-19 13:31:53 +01:00
parent 81d3100250
commit 42459805ce
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/mbedtls/ssl_internal.h
View File

@ -319,7 +319,8 @@ struct mbedtls_ssl_handshake_params
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_ecc_curve_t ecdh_psa_curve; psa_key_type_t ecdh_psa_type;
uint16_t ecdh_bits;
psa_key_handle_t ecdh_psa_privkey; psa_key_handle_t ecdh_psa_privkey;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len; size_t ecdh_psa_peerkey_len;

17
library/ssl_cli.c
View File

@ -2244,6 +2244,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
unsigned char *end ) unsigned char *end )
{ {
uint16_t tls_id; uint16_t tls_id;
size_t ecdh_bits = 0;
uint8_t ecpoint_len; uint8_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@ -2264,11 +2265,14 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
tls_id |= *(*p)++; tls_id |= *(*p)++;
/* Convert EC group to PSA key type. */ /* Convert EC group to PSA key type. */
if( ( handshake->ecdh_psa_curve = if( ( handshake->ecdh_psa_type =
mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 ) mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
{ {
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
if( ecdh_bits > 0xffff )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
handshake->ecdh_bits = (uint16_t) ecdh_bits;
/* /*
* Put peer's ECDH public key in the format understood by PSA. * Put peer's ECDH public key in the format understood by PSA.
@ -2278,7 +2282,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
if( (size_t)( end - *p ) < ecpoint_len ) if( (size_t)( end - *p ) < ecpoint_len )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve, if( mbedtls_psa_tls_ecpoint_to_psa_ec(
*p, ecpoint_len, *p, ecpoint_len,
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey,
sizeof( handshake->ecdh_psa_peerkey ), sizeof( handshake->ecdh_psa_peerkey ),
@ -3257,11 +3261,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
psa_set_key_type( &key_attributes, psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve ) psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
);
psa_set_key_bits( &key_attributes,
PSA_ECC_CURVE_BITS( handshake->ecdh_psa_curve ) );
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key( &key_attributes, status = psa_generate_key( &key_attributes,