mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:54:17 +01:00
Add fields for PSA-based ECDHE to handshake structure
This is the first in a series of commits adding client-side support for PSA-based ECDHE. Previously, the state of an ECDHE key agreement was maintained in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type ::mbedtls_ecdh_context and manipulated through the ECDH API. The ECDH API will be superseeded by the PSA Crypto API for key agreement, which needs the following data: (a) A raw buffer holding the public part of the key agreement received from our peer. (b) A key slot holding the private part of the key agreement. (c) The algorithm to use. The commit adds fields to ::mbedtls_ssl_handshake_params representing these three inputs to PSA-based key agreement. Specifically, it adds a field for the key slot holding the ECDH private key, a field for the EC curve identifier, and a buffer holding the peer's public key. Note: Storing the peer's public key buffer is slightly inefficient, as one could perform the ECDH computation as soon as the peer sends its public key, either working with in-place or using a stack-buffer to reformat the public key before passing it to PSA. This optimization is left for a later commit.
This commit is contained in:
parent
f75f912c31
commit
df51dbe17f
@ -235,6 +235,8 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
|
|||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 256
|
||||||
|
|
||||||
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
|
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
|
||||||
{
|
{
|
||||||
switch( grpid )
|
switch( grpid )
|
||||||
|
@ -57,6 +57,11 @@
|
|||||||
#include "ecjpake.h"
|
#include "ecjpake.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#include "psa_util.h"
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||||
!defined(inline) && !defined(__cplusplus)
|
!defined(inline) && !defined(__cplusplus)
|
||||||
#define inline __inline
|
#define inline __inline
|
||||||
@ -280,7 +285,15 @@ struct mbedtls_ssl_handshake_params
|
|||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDH_C)
|
#if defined(MBEDTLS_ECDH_C)
|
||||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||||
#endif
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
psa_ecc_curve_t ecdh_psa_curve;
|
||||||
|
psa_key_handle_t ecdh_psa_privkey;
|
||||||
|
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
|
||||||
|
size_t ecdh_psa_peerkey_len;
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#endif /* MBEDTLS_ECDH_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
Loading…
Reference in New Issue
Block a user