Add fields for PSA-based ECDHE to handshake structure
This is the first in a series of commits adding client-side
support for PSA-based ECDHE.
Previously, the state of an ECDHE key agreement was maintained
in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type
::mbedtls_ecdh_context and manipulated through the ECDH API.
The ECDH API will be superseeded by the PSA Crypto API for key
agreement, which needs the following data:
(a) A raw buffer holding the public part of the key agreement
received from our peer.
(b) A key slot holding the private part of the key agreement.
(c) The algorithm to use.
The commit adds fields to ::mbedtls_ssl_handshake_params
representing these three inputs to PSA-based key agreement.
Specifically, it adds a field for the key slot holding the
ECDH private key, a field for the EC curve identifier, and
a buffer holding the peer's public key.
Note: Storing the peer's public key buffer is slightly
inefficient, as one could perform the ECDH computation
as soon as the peer sends its public key, either working
with in-place or using a stack-buffer to reformat the
public key before passing it to PSA. This optimization
is left for a later commit.
This commit is contained in:
Hanno Becker
parent
f75f912c31
commit
df51dbe17f
2 changed files with 16 additions and 1 deletions
|
|
@ -235,6 +235,8 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
|
|||
return( -1 );
|
||||
}
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 256
|
||||
|
||||
static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
|
||||
{
|
||||
switch( grpid )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue