Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 42459805ce18c7dfe4e3ddefa777210fc0cba411^! / .
commit42459805ce18c7dfe4e3ddefa777210fc0cba411[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu Dec 19 13:31:53 2019 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Fri Jan 31 14:57:43 2020 +0100
treebe7e4221089d899e2cc44e0710cb320e9c33a3a7
parent81d31002503f0cdc735176279e913106155666c4 [diff]
USE_PSA_CRYPTO: don't rely on the curve encoding

Adapt to the change of encoding of elliptic curve key types in PSA
crypto. Before, an EC key type encoded the TLS curve identifier. Now
the EC key type only includes an ad hoc curve family identifier, and
determining the exact curve requires both the key type and size. This
commit moves from the old encoding and old definitions from
crypto/include/mbedtls/psa_util.h to the new encoding and definitions
from the immediately preceding crypto submodule update.

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index f703da9..b8c7f0a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h

@@ -319,7 +319,8 @@
     mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_ecc_curve_t ecdh_psa_curve;
+    psa_key_type_t ecdh_psa_type;
+    uint16_t ecdh_bits;
     psa_key_handle_t ecdh_psa_privkey;
     unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
     size_t ecdh_psa_peerkey_len;

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 1005bd9..0f6a26b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2244,6 +2244,7 @@
                                              unsigned char *end )
 {
     uint16_t tls_id;
+    size_t ecdh_bits = 0;
     uint8_t ecpoint_len;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
@@ -2264,11 +2265,14 @@
     tls_id |= *(*p)++;
 
     /* Convert EC group to PSA key type. */
-    if( ( handshake->ecdh_psa_curve =
-          mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 )
+    if( ( handshake->ecdh_psa_type =
+          mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
     {
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
     }
+    if( ecdh_bits > 0xffff )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    handshake->ecdh_bits = (uint16_t) ecdh_bits;
 
     /*
      * Put peer's ECDH public key in the format understood by PSA.
@@ -2278,7 +2282,7 @@
     if( (size_t)( end - *p ) < ecpoint_len )
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
 
-    if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve,
+    if( mbedtls_psa_tls_ecpoint_to_psa_ec(
                                     *p, ecpoint_len,
                                     handshake->ecdh_psa_peerkey,
                                     sizeof( handshake->ecdh_psa_peerkey ),
@@ -3257,11 +3261,8 @@
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
         psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes,
-                          PSA_KEY_TYPE_ECC_KEY_PAIR( handshake->ecdh_psa_curve )
-                        );
-        psa_set_key_bits( &key_attributes,
-                          PSA_ECC_CURVE_BITS( handshake->ecdh_psa_curve ) );
+        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
 
         /* Generate ECDH private key. */
         status = psa_generate_key( &key_attributes,