yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 17:45:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

TinyCrypt SSL: Impl. ECDH-param extraction from CRT for TinyCrypt

Browse Source
This commit is contained in:
Hanno Becker 2019-09-01 09:47:23 +01:00
parent ecf5d3fdb1
commit b3a244847d
2 changed files with 51 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
library/ssl_cli.c
View File

@ -2551,9 +2551,13 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
const mbedtls_ecp_keypair *peer_key;
mbedtls_pk_context * peer_pk; mbedtls_pk_context * peer_pk;
/* Acquire peer's PK context: In case we store peer's entire
* certificate, we extract the context from it. Otherwise,
* we can use a temporary copy we've made for the purpose of
* signature verification. */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey; peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@ -2580,20 +2584,34 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
goto cleanup; goto cleanup;
} }
peer_key = mbedtls_pk_ec( *peer_pk ); /* Extract ECDH parameters from peer's PK context. */
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); #if defined(MBEDTLS_USE_TINYCRYPT)
goto cleanup; mbedtls_uecc_keypair *peer_key =
} mbedtls_pk_uecc( *peer_pk );
if( ssl_check_server_ecdh_params( ssl ) != 0 ) memcpy( ssl->handshake->ecdh_peerkey,
{ peer_key->public_key,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); sizeof( ssl->handshake->ecdh_peerkey ) );
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; #else /* MBEDTLS_USE_TINYCRYPT */
goto cleanup; const mbedtls_ecp_keypair *peer_key;
peer_key = mbedtls_pk_ec( *peer_pk );
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
goto cleanup;
}
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
goto cleanup;
}
#endif /* MBEDTLS_USE_TINYCRYPT */
} }
cleanup: cleanup:

21
library/ssl_srv.c
View File

@ -3198,6 +3198,26 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#if defined(MBEDTLS_USE_TINYCRYPT)
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
mbedtls_uecc_keypair *own_key =
mbedtls_pk_uecc( *mbedtls_ssl_own_key( ssl ) );
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
memcpy( ssl->handshake->ecdh_privkey,
own_key->private_key,
sizeof( ssl->handshake->ecdh_privkey ) );
return( 0 );
}
#else /* MBEDTLS_USE_TINYCRYPT */
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -3218,6 +3238,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_USE_TINYCRYPT */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */