From 00dc4063e2f543e3a37cf8682c3eda0801fae354 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:48:43 +0200 Subject: [PATCH 01/18] ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17b8ff789..5958b9dd0 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -364,6 +364,19 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif +/* TLS 1.2 key exchanges using ECDH(E)*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#endif + typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ From 7aeec54094b832a1e202c94a36280f5adac4a7c6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:57:21 +0200 Subject: [PATCH 02/18] tls: replace ECDH_C guards with new helpers Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 +- library/ssl_ciphersuites.c | 6 ++++-- library/ssl_client.c | 3 ++- library/ssl_misc.h | 6 ++++-- library/ssl_tls.c | 9 ++++++--- library/ssl_tls12_client.c | 28 ++++++++++++++++------------ library/ssl_tls12_server.c | 16 +++++++++------- 7 files changed, 42 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b73b41a1..2f46778bf 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -42,7 +42,7 @@ #include "mbedtls/md.h" -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) #include "mbedtls/ecdh.h" #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 793ec6a1c..f4a087987 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -2021,7 +2021,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { @@ -2038,7 +2039,8 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) return 0; } } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + * MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) diff --git a/library/ssl_client.c b/library/ssl_client.c index 9acc44f68..dc2b650b4 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -374,7 +374,8 @@ static int ssl_write_client_hello_cipher_suites( } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cc893b4c6..8062ef6bf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -751,9 +751,11 @@ struct mbedtls_ssl_handshake_params { mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && + MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ #if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) #if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b97d4eecf..fedbb9589 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -987,7 +987,8 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_init(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -4132,7 +4133,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif @@ -4158,7 +4160,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ mbedtls_free((void *) handshake->curves_tls_id); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0d5e77787..a53ea03cd 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -99,7 +99,8 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -130,8 +131,8 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -547,7 +548,8 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, p += ext_len; #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (uses_ec) { if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, @@ -815,7 +817,8 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, @@ -837,9 +840,10 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECDH_C */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, @@ -858,8 +862,8 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1542,8 +1546,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported_point_formats extension")); @@ -1554,7 +1558,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) } break; -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c49c97fe8..e052e364c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -273,9 +273,10 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECDH_C */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, @@ -1892,8 +1893,8 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen) @@ -1920,7 +1921,8 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, *olen = 6; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, @@ -2349,8 +2351,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) ext_len += olen; #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) const mbedtls_ssl_ciphersuite_t *suite = mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { From c2232eadfbddc47f09f776b314cf48f384f3fb59 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Jul 2023 18:57:52 +0200 Subject: [PATCH 03/18] tls: replace PK_CAN_ECDH guards with new helpers Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 5 ----- library/ssl_misc.h | 3 ++- library/ssl_tls12_server.c | 17 ++++++++++------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index cdd3882cd..171fb85e5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -197,11 +197,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDSA_SOME #endif -#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ - (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_PK_CAN_ECDH -#endif - /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) * format. It should be noticed that this only affect how data is stored, not diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8062ef6bf..4ab97185e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -794,7 +794,8 @@ struct mbedtls_ssl_handshake_params { #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ #endif diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e052e364c..426365d3b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -148,7 +148,8 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * Function for parsing a supported groups (TLS 1.3) or supported elliptic @@ -292,8 +293,8 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || + MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -836,7 +837,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #endif -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || ssl->handshake->curves_tls_id[0] == 0)) { @@ -1379,7 +1381,8 @@ read_record_header: break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); @@ -1399,8 +1402,8 @@ read_record_header: return ret; } break; -#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || \ + MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: From b302efc8d9dd029d93f7c9192317356f3d1b9138 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 09:28:37 +0200 Subject: [PATCH 04/18] debug: replace ECDH_C symbol with key exchange one Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 2 +- library/debug.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 74f5d5560..01d2901d9 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -280,7 +280,7 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, diff --git a/library/debug.c b/library/debug.c index 0f0292915..8c33f8281 100644 --- a/library/debug.c +++ b/library/debug.c @@ -397,7 +397,7 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -443,6 +443,6 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, } #endif } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ #endif /* MBEDTLS_DEBUG_C */ From e87915b66f78d579dfc88aa754d93e88d5411307 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 12:47:43 +0200 Subject: [PATCH 05/18] ssl: update new symbols to include also FFDH Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5958b9dd0..9c07c5448 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -371,10 +371,18 @@ typedef enum { #endif /* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)) && \ + !defined(PSA_WANT_ALG_FFDH) +#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#endif + +/* TLS 1.2 or 1.3 DH key exchanges: ECDH(E) or FFDH */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED +#define MBEDTLS_KEY_EXCHANGE_SOME_DH_ANY_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; From a15078b784678cc94c1ceff9da4d9acfa29d2fd3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 14:52:45 +0200 Subject: [PATCH 06/18] pk: do not duplicate internal symbols for ECDH/ECDSA capabilities Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 29 ++++++++++++++++++++++ include/mbedtls/check_config.h | 45 ++++++++-------------------------- include/mbedtls/pk.h | 26 -------------------- 3 files changed, 39 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 471706351..012cd703d 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -161,6 +161,35 @@ #define MBEDTLS_PK_PARSE_EC_COMPRESSED #endif +/* PK module can achieve ECDH and ECDSA functionalities by means of either + * software implementations (ECDH_C and ECDSA_C) or through a PSA driver. The + * following defines are meant to list these capabilities in a general way + * which abstracts how they are implemented under the hood. */ +#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ + (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) +#define MBEDTLS_PK_CAN_ECDH +#endif + +#if !defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* MBEDTLS_ECDSA_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_ALG_ECDSA */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) +#define MBEDTLS_PK_CAN_ECDSA_SOME +#endif + /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT * is defined as well to include all PSA code. */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 51223a081..900e80e53 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -275,19 +275,6 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif -/* Helper for ECDSA dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if (defined(PSA_WANT_ALG_ECDSA) || \ - defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_ECDSA -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PK_HAVE_ECDSA -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Helper for JPAKE dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) @@ -299,17 +286,6 @@ #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ -/* Helper for ECDH dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_ECDH -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_PK_HAVE_ECDH -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Helper for curve SECP256R1 */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ECC_SECP_R1_256) @@ -322,14 +298,14 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || \ - !defined(MBEDTLS_PK_HAVE_ECDSA) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -339,7 +315,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_PK_HAVE_ECDH) + !defined(MBEDTLS_PK_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" #endif @@ -350,14 +326,14 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_ECDH) || \ - !defined(MBEDTLS_PK_HAVE_ECDSA) || \ + ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -814,8 +790,9 @@ #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) +#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) && \ + ( defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif @@ -1129,9 +1106,7 @@ #endif /* Undefine helper symbols */ -#undef MBEDTLS_PK_HAVE_ECDSA #undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_PK_HAVE_ECDH #undef MBEDTLS_MD_HAVE_SHA256 #undef MBEDTLS_MD_HAVE_SHA384 #undef MBEDTLS_MD_HAVE_SHA512 diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 171fb85e5..39ae38c1c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -171,32 +171,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #endif #endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ -/** - * \brief The following defines are meant to list ECDSA capabilities of the - * PK module in a general way (without any reference to how this - * is achieved, which can be either through PSA driver or - * MBEDTLS_ECDSA_C) - */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(PSA_WANT_ALG_ECDSA) -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#endif -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif -#endif /* PSA_WANT_ALG_ECDSA */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) -#define MBEDTLS_PK_CAN_ECDSA_SOME -#endif - /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) * format. It should be noticed that this only affect how data is stored, not From ed365e66bb4392480d4848a71d4a649e6952fdda Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 15:02:27 +0200 Subject: [PATCH 07/18] ssl: improve/fix definitions for internal helpers Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 9c07c5448..7df3ec329 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -364,25 +364,28 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDH(E)*/ +/* TLS 1.2 key exchanges using ECDH or ECDHE*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif -/* TLS 1.2 or 1.3 key exchanges using ECDH(E) */ +/* TLS 1.3 key exchanges using ECDH or ECDHE */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_ECDH) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)) && \ - !defined(PSA_WANT_ALG_FFDH) + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED #endif -/* TLS 1.2 or 1.3 DH key exchanges: ECDH(E) or FFDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_DH_ANY_ENABLED +/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */ +#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; From 0a0d0d552784a89d745a34024faae5dc654337b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 15:12:45 +0200 Subject: [PATCH 08/18] ssl: keep all helper definitions in ssl_ciphersuites.h Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 10 ---------- include/mbedtls/ssl_ciphersuites.h | 23 ++++++++++++++++++----- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 012cd703d..ff7008873 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -251,16 +251,6 @@ #undef MBEDTLS_SSL_EARLY_DATA #endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 7df3ec329..4941e7ea5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -346,11 +346,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED -#endif - /* Key exchanges using DHE */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) @@ -370,6 +365,24 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif +/* TLS 1.3 PSK key exchanges */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED +#endif + +/* TLS 1.2 or 1.3 key exchanges with PSK */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED +#endif + +/* TLS 1.3 ephemeral key exchanges */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED +#endif + /* TLS 1.3 key exchanges using ECDH or ECDHE */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_ECDH) From 3d237b5ff145663a864ad0ae16bc2b62a5a655c9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 16:00:20 +0200 Subject: [PATCH 09/18] ssl_misc: fix guards for PSA data used in XXDH key exchanges Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 5 +++++ library/ssl_misc.h | 6 ++---- library/ssl_tls.c | 6 ++---- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 7 +++---- library/ssl_tls13_server.c | 12 ++++++------ 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 4941e7ea5..5696d9a4b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -401,6 +401,11 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif +#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED +#endif + typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4ab97185e..96d268e43 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -769,16 +769,14 @@ struct mbedtls_ssl_handshake_params { #define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH #endif -#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE]; size_t xxdh_psa_peerkey_len; -#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && - (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fedbb9589..0139e55cd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4219,13 +4219,11 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_ssl_buffering_free(ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (handshake->xxdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->xxdh_psa_privkey); } -#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) && - (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8b261d647..aafc47d3b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 665ea7155..5e9140a47 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,8 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1497,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1626,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 196d09a72..66ac54937 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 6eb005435cd61806bacf70e5ad4000a51eacc48a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 17:04:24 +0200 Subject: [PATCH 10/18] tls: fix guards for legacy ECDH contexts Signed-off-by: Valerio Setti --- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 96d268e43..2b0b7f15e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -752,10 +752,10 @@ struct mbedtls_ssl_handshake_params { #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #endif /* !MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ + MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ #if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) #if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0139e55cd..a21b3fb1d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -988,7 +988,7 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) mbedtls_dhm_init(&handshake->dhm_ctx); #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -4134,7 +4134,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_dhm_free(&handshake->dhm_ctx); #endif #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif From aa7cbd619c670f665822b1859fcf52432a478a84 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 17:22:17 +0200 Subject: [PATCH 11/18] build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 12 +++++++----- include/mbedtls/check_config.h | 10 +++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index ff7008873..bc5cad832 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -161,15 +161,17 @@ #define MBEDTLS_PK_PARSE_EC_COMPRESSED #endif -/* PK module can achieve ECDH and ECDSA functionalities by means of either - * software implementations (ECDH_C and ECDSA_C) or through a PSA driver. The - * following defines are meant to list these capabilities in a general way - * which abstracts how they are implemented under the hood. */ +/* Helper symbol to state that there is support for ECDH, either through + * library implementation (ECDH_C) or through PSA. */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_PK_CAN_ECDH +#define MBEDTLS_CAN_ECDH #endif +/* PK module can achieve ECDSA functionalities by means of either software + * implementations (ECDSA_C) or through a PSA driver. The following defines + * are meant to list these capabilities in a general way which abstracts how + * they are implemented under the hood. */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PK_CAN_ECDSA_SIGN diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 900e80e53..4c250430f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -298,14 +298,14 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -315,7 +315,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_PK_CAN_ECDH) + !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" #endif @@ -326,13 +326,13 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_PK_CAN_ECDH) || \ + ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" From da403b749e443908e9c930f459c76033c32d60ad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 14:31:39 +0200 Subject: [PATCH 12/18] =?UTF-8?q?tls:=20use=20already=20existing=20symbols?= =?UTF-8?q?=20to=20size=20the=20buffer=20for=20XXD=E1=B8=A6=20peer=20key?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Valerio Setti --- library/ssl_misc.h | 14 +------------- library/ssl_tls12_client.c | 16 +++------------- 2 files changed, 4 insertions(+), 26 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2b0b7f15e..c08f5e1a8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -757,24 +757,12 @@ struct mbedtls_ssl_handshake_params { #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_ALG_FFDH) -#if (MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH >= MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH) -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH -#else -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#endif -#elif defined(PSA_WANT_ALG_ECDH) -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH -#else -#define SSL_XXDH_PSA_PEERKEY_SIZE MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; - unsigned char xxdh_psa_peerkey[SSL_XXDH_PSA_PEERKEY_SIZE]; + unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t xxdh_psa_peerkey_len; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a53ea03cd..957488109 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1774,19 +1774,9 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account - the sizes of the FFDH keys which are at least 2048 bits. - The size of the array is thus greater than 256 bytes which is greater than any - possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/ -#if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#else - MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX, - "peer key buffer too small"); -#endif - + /* xxdh_psa_peerkey is sized after maximum supported FFDH public key. + * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so + * we can skip the buffer size check before the memcpy-ing data into it. */ memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); handshake->xxdh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; From 60d3b91eba65e21ffba9c1b7ee8b8c29827f6032 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 10:43:53 +0200 Subject: [PATCH 13/18] tls: use TLS 1.2 macros in ssl_tls12_server.c Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 426365d3b..c23416ec3 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -148,7 +148,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* @@ -293,7 +293,7 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -837,7 +837,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || @@ -1381,7 +1381,7 @@ read_record_header: break; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: @@ -1402,7 +1402,7 @@ read_record_header: return ret; } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED || \ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) From d0371b0a08b99cb3ab08a7b119deb441c5ef704d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 10:57:01 +0200 Subject: [PATCH 14/18] debug: keep ECDH_C guard for debug printf accessing ecdh_context's items Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 8 ++++++-- library/debug.c | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 01d2901d9..d6dd15224 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -280,7 +280,10 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) +/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function + only works for the built-in implementation. */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ + defined(MBEDTLS_ECDH_C) typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, @@ -307,7 +310,8 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const mbedtls_ecdh_context *ecdh, mbedtls_debug_ecdh_attr attr); -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && + MBEDTLS_ECDH_C */ #ifdef __cplusplus } diff --git a/library/debug.c b/library/debug.c index 8c33f8281..56bc3f694 100644 --- a/library/debug.c +++ b/library/debug.c @@ -397,7 +397,8 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ + defined(MBEDTLS_ECDH_C) static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -443,6 +444,7 @@ void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, } #endif } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && + MBEDTLS_ECDH_C */ #endif /* MBEDTLS_DEBUG_C */ From ea59c43499ee11a0c061577b9a98462f02b4358e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:14:03 +0200 Subject: [PATCH 15/18] tls: fix a comment a rename a variable/symbol Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 4 ++-- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 10 +++++----- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 10 +++++----- library/ssl_tls13_server.c | 12 ++++++------ 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5696d9a4b..48ed541d8 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -383,7 +383,7 @@ typedef enum { #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #endif -/* TLS 1.3 key exchanges using ECDH or ECDHE */ +/* TLS 1.3 key exchanges using ECDHE */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_ECDH) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED @@ -403,7 +403,7 @@ typedef enum { #if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED #endif typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c08f5e1a8..b5e6ed2fd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -757,14 +757,14 @@ struct mbedtls_ssl_handshake_params { #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; - size_t xxdh_bits; + size_t xxdh_psa_bits; mbedtls_svc_key_id_t xxdh_psa_privkey; uint8_t xxdh_psa_privkey_is_external; unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; size_t xxdh_psa_peerkey_len; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a21b3fb1d..f6fd254fa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4219,11 +4219,11 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_ssl_buffering_free(ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (handshake->xxdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->xxdh_psa_privkey); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 957488109..9f37fdcf3 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1766,7 +1766,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } handshake->xxdh_psa_type = key_type; - handshake->xxdh_bits = ec_bits; + handshake->xxdh_psa_bits = ec_bits; /* Keep a copy of the peer's public key */ ecpoint_len = *(*p)++; @@ -2039,7 +2039,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_bits); + &ssl->handshake->xxdh_psa_bits); ssl->handshake->xxdh_psa_type = key_type; @@ -2790,7 +2790,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, @@ -2962,7 +2962,7 @@ ecdh_calc_secret: psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH private key. */ status = psa_generate_key(&key_attributes, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c23416ec3..7acede773 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2646,7 +2646,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_bits = psa_get_key_bits(&key_attributes); + ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); psa_reset_key_attributes(&key_attributes); @@ -2670,7 +2670,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* If the above conversion to TLS ID was fine, then also this one will be, so there is no need to check the return value here */ mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_bits); + &ssl->handshake->xxdh_psa_bits); ssl->handshake->xxdh_psa_type = key_type; @@ -2679,7 +2679,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); @@ -2987,13 +2987,13 @@ curve_matching_done: return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } handshake->xxdh_psa_type = key_type; - handshake->xxdh_bits = ec_bits; + handshake->xxdh_psa_bits = ec_bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* * ECParameters curve_params diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index aafc47d3b..fbbbb6703 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5e9140a47..639e59110 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,7 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1496,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1592,13 +1592,13 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( } handshake->xxdh_psa_type = key_type; - ssl->handshake->xxdh_bits = bits; + ssl->handshake->xxdh_psa_bits = bits; key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&key_attributes, alg); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_bits); + psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); /* Generate ECDH/FFDH private key. */ status = psa_generate_key(&key_attributes, @@ -1625,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 66ac54937..d88aae6c7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From c9ae8622252bf3de245be745b8b408414ae9bc9d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:23:50 +0200 Subject: [PATCH 16/18] tls: use TLS 1.3 guards in ssl_tls13 modules Signed-off-by: Valerio Setti --- library/ssl_tls13_client.c | 10 +++++----- library/ssl_tls13_generic.c | 6 +++--- library/ssl_tls13_server.c | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fbbbb6703..77325c327 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -35,7 +35,7 @@ #include "ssl_debug_helpers.h" #include "md_psa.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } @@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || mbedtls_ssl_tls13_named_group_is_ffdh(group)) { MBEDTLS_SSL_DEBUG_MSG(2, @@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 639e59110..f8e078edf 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -39,7 +39,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -1496,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1625,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d88aae6c7..c12631ef3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its @@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: /* Already parsed */ @@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( @@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 46520ea52d99f0d1fff225717a96294dc57cf7b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 11:41:28 +0200 Subject: [PATCH 17/18] tls12: check buffer size before memcpy-ing data into it Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9f37fdcf3..ff116ad02 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1774,9 +1774,10 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - /* xxdh_psa_peerkey is sized after maximum supported FFDH public key. - * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so - * we can skip the buffer size check before the memcpy-ing data into it. */ + if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); handshake->xxdh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; From 9cd8011978b719af8b3c60a81efdc4639901403f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jul 2023 12:04:21 +0200 Subject: [PATCH 18/18] tls: fix definition of symbol KEY_EXCHANGE_SOME_XXDH_PSA_ANY Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48ed541d8..2db5209ea 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -401,7 +401,16 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif -#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ +/* The handshake params structure has a set of fields called xxdh_psa which are used: + * - by TLS 1.2 with `USE_PSA` to do ECDH or ECDHE; + * - by TLS 1.3 to do ECDHE or FFDHE. + * The following macros can be used to guard their declaration and use. + */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED +#endif +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED #endif