ssl_tls: use PSA to compute running handshake hash for TLS 1.2

This commit is contained in:
Andrzej Kurek 2019-01-29 09:14:33 -05:00
parent 2192c27720
commit eb342241a5
2 changed files with 168 additions and 17 deletions

View File

@ -27,6 +27,10 @@
#include "ssl.h" #include "ssl.h"
#include "cipher.h" #include "cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
#include "md5.h" #include "md5.h"
#endif #endif
@ -370,11 +374,19 @@ struct mbedtls_ssl_handshake_params
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
#else
mbedtls_sha256_context fin_sha256; mbedtls_sha256_context fin_sha256;
#endif #endif
#endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha512_psa;
#else
mbedtls_sha512_context fin_sha512; mbedtls_sha512_context fin_sha512;
#endif #endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);

View File

@ -1347,7 +1347,7 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
mbedtls_md5_finish_ret( &md5, hash ); mbedtls_md5_finish_ret( &md5, hash );
mbedtls_sha1_finish_ret( &sha1, hash + 16 ); mbedtls_sha1_finish_ret( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
@ -1364,6 +1364,28 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha256_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
return;
}
status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return;
}
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
#else
mbedtls_sha256_context sha256; mbedtls_sha256_context sha256;
mbedtls_sha256_init( &sha256 ); mbedtls_sha256_init( &sha256 );
@ -1377,7 +1399,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha256_free( &sha256 ); mbedtls_sha256_free( &sha256 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return; return;
} }
#endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SHA256_C */
@ -1385,6 +1407,28 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha512_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
return;
}
status = psa_hash_finish( &sha512_psa, hash, 48, &hash_size );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return;
}
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
#else
mbedtls_sha512_context sha512; mbedtls_sha512_context sha512;
mbedtls_sha512_init( &sha512 ); mbedtls_sha512_init( &sha512 );
@ -1398,7 +1442,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha512_free( &sha512 ); mbedtls_sha512_free( &sha512 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return; return;
} }
#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SHA512_C */
@ -6169,11 +6213,19 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
#endif #endif
#endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_setup( &ssl->handshake->fin_sha512_psa, PSA_ALG_SHA_384 );
#else
mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
#endif #endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
} }
@ -6187,11 +6239,19 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
#endif #endif
#endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len );
#else
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
#endif #endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
} }
@ -6210,7 +6270,11 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
#endif
} }
#endif #endif
@ -6218,7 +6282,11 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len );
#else
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
#endif
} }
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -6374,13 +6442,44 @@ static void ssl_calc_finished_tls_sha256(
{ {
int len = 12; int len = 12;
const char *sender; const char *sender;
mbedtls_sha256_context sha256;
unsigned char padbuf[32]; unsigned char padbuf[32];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_hash_operation_t sha256_psa;
psa_status_t status;
#else
mbedtls_sha256_context sha256;
#endif
mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session ) if( !session )
session = ssl->session; session = ssl->session;
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
sha256_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
return;
}
status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return;
}
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
#else
mbedtls_sha256_init( &sha256 ); mbedtls_sha256_init( &sha256 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
@ -6398,19 +6497,15 @@ static void ssl_calc_finished_tls_sha256(
sha256.state, sizeof( sha256.state ) ); sha256.state, sizeof( sha256.state ) );
#endif #endif
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
mbedtls_sha256_finish_ret( &sha256, padbuf ); mbedtls_sha256_finish_ret( &sha256, padbuf );
mbedtls_sha256_free( &sha256 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl->handshake->tls_prf( session->master, 48, sender, ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 32, buf, len ); padbuf, 32, buf, len );
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
mbedtls_sha256_free( &sha256 );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
@ -6423,13 +6518,43 @@ static void ssl_calc_finished_tls_sha384(
{ {
int len = 12; int len = 12;
const char *sender; const char *sender;
mbedtls_sha512_context sha512;
unsigned char padbuf[48]; unsigned char padbuf[48];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_hash_operation_t sha512_psa;
psa_status_t status;
#else
mbedtls_sha512_context sha512;
#endif
mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session ) if( !session )
session = ssl->session; session = ssl->session;
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
sha512_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
return;
}
status = psa_hash_finish( &sha512_psa, padbuf, sizeof( padbuf ), &hash_size );
if( status != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return;
}
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
#else
mbedtls_sha512_init( &sha512 ); mbedtls_sha512_init( &sha512 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
@ -6447,19 +6572,15 @@ static void ssl_calc_finished_tls_sha384(
sha512.state, sizeof( sha512.state ) ); sha512.state, sizeof( sha512.state ) );
#endif #endif
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
? "client finished"
: "server finished";
mbedtls_sha512_finish_ret( &sha512, padbuf ); mbedtls_sha512_finish_ret( &sha512, padbuf );
mbedtls_sha512_free( &sha512 );
#endif
ssl->handshake->tls_prf( session->master, 48, sender, ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len ); padbuf, 48, buf, len );
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
mbedtls_sha512_free( &sha512 );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
@ -6770,13 +6891,23 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
mbedtls_sha256_init( &handshake->fin_sha256 ); mbedtls_sha256_init( &handshake->fin_sha256 );
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
#endif #endif
#endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha512_psa = psa_hash_operation_init();
psa_hash_setup( &handshake->fin_sha512_psa, PSA_ALG_SHA_384 );
#else
mbedtls_sha512_init( &handshake->fin_sha512 ); mbedtls_sha512_init( &handshake->fin_sha512 );
mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
#endif #endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
handshake->update_checksum = ssl_update_checksum_start; handshake->update_checksum = ssl_update_checksum_start;
@ -9079,11 +9210,19 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &handshake->fin_sha256_psa );
#else
mbedtls_sha256_free( &handshake->fin_sha256 ); mbedtls_sha256_free( &handshake->fin_sha256 );
#endif #endif
#endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &handshake->fin_sha512_psa );
#else
mbedtls_sha512_free( &handshake->fin_sha512 ); mbedtls_sha512_free( &handshake->fin_sha512 );
#endif #endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)