TinyCrypt SSL: Impl. ECDH-param extraction from CRT for TinyCrypt

This commit is contained in:
Hanno Becker 2019-09-01 09:47:23 +01:00
parent ecf5d3fdb1
commit b3a244847d
2 changed files with 51 additions and 12 deletions

View File

@ -2551,9 +2551,13 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
int ret;
const mbedtls_ecp_keypair *peer_key;
mbedtls_pk_context * peer_pk;
/* Acquire peer's PK context: In case we store peer's entire
* certificate, we extract the context from it. Otherwise,
* we can use a temporary copy we've made for the purpose of
* signature verification. */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@ -2580,6 +2584,18 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
goto cleanup;
}
/* Extract ECDH parameters from peer's PK context. */
{
#if defined(MBEDTLS_USE_TINYCRYPT)
mbedtls_uecc_keypair *peer_key =
mbedtls_pk_uecc( *peer_pk );
memcpy( ssl->handshake->ecdh_peerkey,
peer_key->public_key,
sizeof( ssl->handshake->ecdh_peerkey ) );
#else /* MBEDTLS_USE_TINYCRYPT */
const mbedtls_ecp_keypair *peer_key;
peer_key = mbedtls_pk_ec( *peer_pk );
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
@ -2595,6 +2611,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
goto cleanup;
}
#endif /* MBEDTLS_USE_TINYCRYPT */
}
cleanup:

View File

@ -3198,6 +3198,26 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#if defined(MBEDTLS_USE_TINYCRYPT)
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
mbedtls_uecc_keypair *own_key =
mbedtls_pk_uecc( *mbedtls_ssl_own_key( ssl ) );
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
memcpy( ssl->handshake->ecdh_privkey,
own_key->private_key,
sizeof( ssl->handshake->ecdh_privkey ) );
return( 0 );
}
#else /* MBEDTLS_USE_TINYCRYPT */
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
int ret;
@ -3218,6 +3238,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
return( 0 );
}
#endif /* MBEDTLS_USE_TINYCRYPT */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */