eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Code cleanup

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-06-12 11:21:18 +02:00
parent 1051f856dc
commit 75a5a9c205
15 changed files with 65 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

33
library/ssl_client.c
View file

@ -277,37 +277,14 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_FFDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
const char *ffdh_group = NULL;
switch (*group_list) {
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
ffdh_group = "ffdhe2048";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
ffdh_group = "ffdhe3072";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
ffdh_group = "ffdhe4096";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
ffdh_group = "ffdhe6144";
break;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
ffdh_group = "ffdhe8192";
break;
default:
break;
}
if (ffdh_group == NULL) {
continue;
}
#if defined(MBEDTLS_DEBUG_C)
const char *ffdh_group = mbedtls_ssl_named_group_to_str(*group_list);
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
ffdh_group, *group_list));
#endif
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
p += 2;
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
ffdh_group, *group_list));
}
#endif /* PSA_WANT_ALG_FFDH */
}

4
library/ssl_tls12_client.c
View file

@ -1714,7 +1714,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
uint16_t tls_id;
uint8_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_key_type_t key_type = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t ec_bits = 0;
/*
@ -2014,7 +2014,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0;
psa_key_type_t key_type = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk);
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {

4
library/ssl_tls12_server.c
View file

@ -2594,7 +2594,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint16_t tls_id = 0;
psa_key_type_t key_type = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t key_len;
mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id;
@ -2961,7 +2961,7 @@ curve_matching_done:
const size_t header_size = 4; // curve_type(1), namedcurve(2),
// data length(1)
const size_t data_length_size = 1;
psa_key_type_t key_type = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t ec_bits = 0;
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));

38
library/ssl_tls13_client.c
View file

@ -248,11 +248,6 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
((void) group_id);
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
/*
* Add DHE named groups here.
* Pick first available DHE group compatible with TLS 1.3
*/
return ret;
}
@ -386,7 +381,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end)
{
#if defined(PSA_WANT_ALG_ECDH)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
const unsigned char *p = buf;
int selected_group;
int found = 0;
@ -413,6 +408,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
* then the client MUST abort the handshake with an "illegal_parameter" alert.
*/
for (; *group_list != 0; group_list++) {
#if defined(PSA_WANT_ALG_ECDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) {
if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(
*group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
@ -421,10 +417,13 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
break;
}
}
#endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(*group_list)) {
found = 1;
break;
}
#endif /* PSA_WANT_ALG_FFDH */
}
/* Client MUST verify that the selected_group field does not
@ -446,12 +445,12 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
ssl->handshake->offered_group_id = selected_group;
return 0;
#else
#else /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
(void) ssl;
(void) buf;
(void) end;
return MBEDTLS_ERR_SSL_BAD_CONFIG;
#endif
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
}
/*
@ -497,25 +496,10 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
mbedtls_ssl_tls13_named_group_is_dhe(group)) {
#if defined(PSA_WANT_ALG_ECDH)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) {
if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL)
== PSA_ERROR_NOT_SUPPORTED) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(
2,
("ECDH curve: %s", mbedtls_ssl_get_curve_name_from_tls_id(group)));
}
#endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_dhe(group)) {
MBEDTLS_SSL_DEBUG_MSG(2,
("DHE group name: %s", mbedtls_ssl_ffdh_name_from_group(group)));
}
#endif /* PSA_WANT_ALG_FFDH */
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_MSG(2,
("DHE group name: %s", mbedtls_ssl_named_group_to_str(group)));
#endif
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
if (ret != 0) {
return ret;

13
library/ssl_tls13_generic.c
View file

@ -1514,9 +1514,9 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
}
static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
uint16_t tls_ecc_grp_reg_id, size_t *bits, psa_key_type_t *key_type)
uint16_t tls_id, size_t *bits, psa_key_type_t *key_type)
{
switch (tls_ecc_grp_reg_id) {
switch (tls_id) {
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
*bits = 2048;
*key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
@ -1555,8 +1555,8 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
size_t own_pubkey_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
size_t bits = 0;
psa_key_type_t key_type = 0;
psa_algorithm_t alg = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
psa_algorithm_t alg = PSA_ALG_NONE;
size_t buf_size = (size_t) (end - buf);
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation."));
@ -1569,12 +1569,13 @@ int mbedtls_ssl_tls13_generate_and_write_dh_key_exchange(
}
#endif
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, &key_type) == PSA_SUCCESS) {
if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits,
&key_type) == PSA_SUCCESS) {
alg = PSA_ALG_FFDH;
}
#endif
if (key_type == 0) {
if (key_type == PSA_KEY_TYPE_NONE) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}

10
library/ssl_tls13_keys.c
View file

@ -1487,12 +1487,10 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) {
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
psa_algorithm_t alg = 0;
if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) {
alg = PSA_ALG_ECDH;
} else {
alg = PSA_ALG_FFDH;
}
psa_algorithm_t alg =
mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ?
PSA_ALG_ECDH : PSA_ALG_FFDH;
/* Compute ECDH shared secret. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;