From ea4000f897deec7afa343e64b4051a363f28ced2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 16 Mar 2022 09:49:33 +0100 Subject: [PATCH 1/4] ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled Signed-off-by: Przemek Stekiel --- library/ssl_cli.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 98b897800..49b1d5919 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2610,6 +2610,36 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) peer_key = mbedtls_pk_ec( *peer_pk ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t ecdh_bits = 0; + size_t qlen = 0; + + ssl->handshake->ecdh_psa_type = + PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id, + &ecdh_bits ) ); + + if( ssl->handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group conversion to psa." ) ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits; + + qlen = mbedtls_mpi_size( (const mbedtls_mpi*) &peer_key->Q ); + + /* Store peer's public key in psa format. */ + ssl->handshake->ecdh_psa_peerkey[0] = 0x04; + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &peer_key->Q.X, + ssl->handshake->ecdh_psa_peerkey + 1, qlen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &peer_key->Q.Y, + ssl->handshake->ecdh_psa_peerkey + 1 + qlen, qlen ) ); + + ssl->handshake->ecdh_psa_peerkey_len = ( 2 * qlen + 1 ); + + ret = 0; +cleanup: +#else if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, MBEDTLS_ECDH_THEIRS ) ) != 0 ) { @@ -2623,6 +2653,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); } +#endif #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive From d905d33488774a95c2297f3b9996456febf984bf Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 16 Mar 2022 09:50:56 +0100 Subject: [PATCH 2/4] ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange Signed-off-by: Przemek Stekiel --- library/ssl_cli.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 49b1d5919..d4e2a2af4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3319,9 +3319,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; @@ -3397,7 +3401,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ From 561a42392aa41784d5d3fc64cc27f2c5c57fc4f8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 16 Mar 2022 13:16:24 +0100 Subject: [PATCH 3/4] ssl_parse_signature_algorithm(): refactor PSA CRYPTO code - use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary(). - add check for ECDH curve type in server's certificate Signed-off-by: Przemek Stekiel --- library/ssl_cli.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d4e2a2af4..b9dee829c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2612,7 +2612,13 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t ecdh_bits = 0; - size_t qlen = 0; + size_t olen = 0; + + if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); + } ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id, @@ -2626,19 +2632,19 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits; - qlen = mbedtls_mpi_size( (const mbedtls_mpi*) &peer_key->Q ); - /* Store peer's public key in psa format. */ - ssl->handshake->ecdh_psa_peerkey[0] = 0x04; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &peer_key->Q.X, - ssl->handshake->ecdh_psa_peerkey + 1, qlen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &peer_key->Q.Y, - ssl->handshake->ecdh_psa_peerkey + 1 + qlen, qlen ) ); + ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, + ssl->handshake->ecdh_psa_peerkey, + MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ); - ssl->handshake->ecdh_psa_peerkey_len = ( 2 * qlen + 1 ); + if ( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecp_point_write_binary" ), ret ); + return( ret ); + } - ret = 0; -cleanup: + ssl->handshake->ecdh_psa_peerkey_len = olen; #else if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, MBEDTLS_ECDH_THEIRS ) ) != 0 ) @@ -2652,7 +2658,6 @@ cleanup: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); } - #endif #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, From 068a6b401364f8145207881737ad1482fea2336c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 17 Mar 2022 07:54:09 +0100 Subject: [PATCH 4/4] ssl_check_server_ecdh_params():Adapt build flags Signed-off-by: Przemek Stekiel --- library/ssl_cli.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b9dee829c..30f5035cb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2242,8 +2242,9 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) ) static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) { const mbedtls_ecp_curve_info *curve_info; @@ -2274,8 +2275,9 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + ( !MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \