eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2

Browse source 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-07-29 10:00:16 -04:00
parent f6a6a2d815
commit 08d34b8693
7 changed files with 129 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
include/psa/crypto_values.h
View file

@ -2021,6 +2021,14 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
/* Macro to build a KDF that takes the shared secret K (an EC point in case
* of EC J-PAKE) and calculates SHA256(K.X) that the rest of TLS 1.2 will
* use to derive the session secret. Uses PSA_ALG_SHA_256.
*/
#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t)0x08000600)
#define PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS(alg) \
(alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)
/* This flag indicates whether the key derivation algorithm is suitable for
* use on low-entropy secrets such as password - these algorithms are also
* known as key stretching or password hashing schemes. These are also the