From f650f96be98903b60f79c78e5013be3e3fd2ad04 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 30 Dec 2022 17:44:24 +0100 Subject: [PATCH] tls: remove dependency from mbedtls_ecp_curve functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 17 ------ library/ssl_client.c | 8 +-- library/ssl_misc.h | 71 ++++++++++++++++++++-- library/ssl_tls.c | 120 +++++++++++++++++++++++++++++++++---- library/ssl_tls12_client.c | 17 +++--- library/ssl_tls12_server.c | 67 ++++++++++++--------- library/ssl_tls13_client.c | 19 +++--- 7 files changed, 238 insertions(+), 81 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index d55b7f753d..dc74ac60cc 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -257,23 +257,6 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) -/* This function transforms an ECC group identifier from - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - * into a PSA ECC group identifier. */ -#if defined(MBEDTLS_ECP_C) -static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( - uint16_t tls_ecc_grp_reg_id, size_t *bits) -{ - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id); - if (curve_info == NULL) { - return 0; - } - return PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa(curve_info->grp_id, bits)); -} -#endif /* MBEDTLS_ECP_C */ - /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. diff --git a/library/ssl_client.c b/library/ssl_client.c index ca67c22e60..ab897c49fd 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -262,16 +262,16 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) || (mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) && mbedtls_ssl_tls12_named_group_is_ecdhe(*group_list))) { - const mbedtls_ecp_curve_info *curve_info; - curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list); - if (curve_info == NULL) { + if (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) == + MBEDTLS_ECP_DP_NONE) { continue; } MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); p += 2; MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", - curve_info->name, *group_list)); + mbedtls_ssl_get_curve_name_from_tls_id(*group_list), + *group_list)); } #endif /* MBEDTLS_ECP_C */ /* Add DHE groups here */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fad785410e..ab2a38f151 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -781,7 +781,7 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ + uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -1554,6 +1554,70 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); #endif +/** + * \brief Return PSA EC info for the specified TLS ID. + * + * \param tls_id The TLS ID to look for + * \param family If the TLD ID is supported, then proper \c psa_ecc_family_t + * value is returned here. Can be NULL. + * \param bits If the TLD ID is supported, then proper bit size is returned + * here. Can be NULL. + * \return PSA_SUCCESS if the TLS ID is supported, + * PSA_ERROR_NOT_SUPPORTED otherwise + * + * \note If either \c family or \c bits parameters are NULL, then + * the corresponding value is not returned. + * The function can be called with both parameters as NULL + * simply to check if a specific TLS ID is supported. + */ +int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, + psa_ecc_family_t *family, + size_t *bits); + +/** + * \brief Return \c mbedtls_ecp_group_id for the specified TLS ID. + * + * \param tls_id The TLS ID to look for + * \return Proper \c mbedtls_ecp_group_id if the TLS ID is supported, + * or MBEDTLS_ECP_DP_NONE otherwise + */ +mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id); + +/** + * \brief Return TLS ID for the specified \c mbedtls_ecp_group_id. + * + * \param grp_id The \c mbedtls_ecp_group_id ID to look for + * \return Proper TLS ID if the \c mbedtls_ecp_group_id is supported, + * or 0 otherwise + */ +uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id); + +/** + * \brief Return EC's name for the specified TLS ID. + * + * \param tls_id The TLS ID to look for + * \return A pointer to a const string with the proper name. If TLS + * ID is not suppoted, a NULL pointer is returned insted. + */ +const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id); + +/* This function transforms an ECC group identifier from + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + * into a PSA ECC group identifier. */ +#if defined(MBEDTLS_ECP_C) +static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( + uint16_t tls_ecc_grp_reg_id, size_t *bits) +{ + mbedtls_ecp_group_id grp_id = + mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_ecc_grp_reg_id); + if (grp_id == MBEDTLS_ECP_DP_NONE) { + return 0; + } + return PSA_KEY_TYPE_ECC_KEY_PAIR( + mbedtls_ecc_group_to_psa(grp_id, bits)); +} +#endif /* MBEDTLS_ECP_C */ + #if defined(MBEDTLS_SSL_DTLS_SRTP) static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value (const uint16_t srtp_profile_value) @@ -2159,9 +2223,8 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) { #if defined(MBEDTLS_ECDH_C) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id(named_group); - if (curve_info != NULL) { + if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) != + MBEDTLS_ECP_DP_NONE) { return 1; } } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9a600640e9..09c89ad3fb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1052,13 +1052,13 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) } for (size_t i = 0; i < length; i++) { - const mbedtls_ecp_curve_info *info = - mbedtls_ecp_curve_info_from_grp_id(curve_list[i]); - if (info == NULL) { + uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( + curve_list[i]); + if (tls_id == 0) { mbedtls_free(group_list); return MBEDTLS_ERR_SSL_BAD_CONFIG; } - group_list[i] = info->tls_id; + group_list[i] = tls_id; } group_list[length] = 0; @@ -4036,7 +4036,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ - mbedtls_free((void *) handshake->curves); + mbedtls_free((void *) handshake->curves_tls_id); #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -5440,19 +5440,119 @@ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_ */ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id) { - const mbedtls_ecp_curve_info *grp_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); + uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (grp_info == NULL) { + if (tls_id == 0) { return -1; } - uint16_t tls_id = grp_info->tls_id; - return mbedtls_ssl_check_curve_tls_id(ssl, tls_id); } #endif /* MBEDTLS_ECP_C */ +static const struct { + uint16_t tls_id; + mbedtls_ecp_group_id ecp_group_id; + psa_ecc_family_t psa_family; + uint16_t bits; + const char *name; +} tls_id_match_table[] = +{ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) + { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, "secp521r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, "brainpoolP512r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, "secp384r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) + { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, "brainpoolP384r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, "secp256r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) + { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, "secp256k1" }, +#endif +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) + { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, "brainpoolP256r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) + { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, "secp224r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) + { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, "secp224k1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) + { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, "secp192r1" }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) + { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, "secp192k1" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) + { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 256, "x25519" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) + { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, "x448" }, +#endif + { 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, +}; + +int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, + psa_ecc_family_t *family, + size_t *bits) +{ + for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { + if (tls_id_match_table[i].tls_id == tls_id) { + if (family != NULL) { + *family = tls_id_match_table[i].psa_family; + } + if (bits != NULL) { + *bits = tls_id_match_table[i].bits; + } + return PSA_SUCCESS; + } + } + + return PSA_ERROR_NOT_SUPPORTED; +} + +mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id) +{ + for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { + if (tls_id_match_table[i].tls_id == tls_id) { + return tls_id_match_table[i].ecp_group_id; + } + } + + return MBEDTLS_ECP_DP_NONE; +} + +uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) +{ + for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE; + i++) { + if (tls_id_match_table[i].ecp_group_id == grp_id) { + return tls_id_match_table[i].tls_id; + } + } + + return 0; +} + +const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) +{ + for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { + if (tls_id_match_table[i].tls_id == tls_id) { + return tls_id_match_table[i].name; + } + } + + return NULL; +} + #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 840c0a493c..41de9168e1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1778,7 +1778,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) { - const mbedtls_ecp_curve_info *curve_info; + uint16_t tls_id; mbedtls_ecp_group_id grp_id; #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) grp_id = ssl->handshake->ecdh_ctx.grp.id; @@ -1786,13 +1786,14 @@ static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) grp_id = ssl->handshake->ecdh_ctx.grp_id; #endif - curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); - if (curve_info == NULL) { + tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); + if (tls_id == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name)); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", + mbedtls_ssl_get_curve_name_from_tls_id(tls_id))); if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { return -1; @@ -2222,15 +2223,15 @@ start_processing: * that TLS ID here */ uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1); - const mbedtls_ecp_curve_info *curve_info; + uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( + MBEDTLS_ECP_DP_SECP256R1); - if ((curve_info = mbedtls_ecp_curve_info_from_grp_id( - MBEDTLS_ECP_DP_SECP256R1)) == NULL) { + if (exp_tls_id == 0) { return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) || - (read_tls_id != curve_info->tls_id)) { + (read_tls_id != exp_tls_id)) { return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 399750ba1d..44ad45282c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -182,7 +182,8 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, { size_t list_size, our_size; const unsigned char *p; - const mbedtls_ecp_curve_info *curve_info, **curves; + //const mbedtls_ecp_curve_info *curve_info, **curves; + uint16_t *curves_tls_id; if (len < 2) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); @@ -200,7 +201,7 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, } /* Should never happen unless client duplicates the extension */ - if (ssl->handshake->curves != NULL) { + if (ssl->handshake->curves_tls_id != NULL) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); @@ -214,20 +215,22 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, our_size = MBEDTLS_ECP_DP_MAX; } - if ((curves = mbedtls_calloc(our_size, sizeof(*curves))) == NULL) { + if ((curves_tls_id = mbedtls_calloc(our_size, + sizeof(*curves_tls_id))) == NULL) { mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - ssl->handshake->curves = curves; + ssl->handshake->curves_tls_id = curves_tls_id; p = buf + 2; while (list_size > 0 && our_size > 1) { - curve_info = mbedtls_ecp_curve_info_from_tls_id((p[0] << 8) | p[1]); + uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0); - if (curve_info != NULL) { - *curves++ = curve_info; + if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) != + MBEDTLS_ECP_DP_NONE) { + *curves_tls_id++ = curr_tls_id; our_size--; } @@ -657,16 +660,18 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDSA_C) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_key_curve(mbedtls_pk_context *pk, - const mbedtls_ecp_curve_info **curves) + uint16_t *curves_tls_id) { - const mbedtls_ecp_curve_info **crv = curves; + uint16_t *curr_tls_id = curves_tls_id; mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id; + mbedtls_ecp_group_id curr_grp_id; - while (*crv != NULL) { - if ((*crv)->grp_id == grp_id) { + while (*curr_tls_id != 0) { + curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); + if (curr_grp_id == grp_id) { return 0; } - crv++; + curr_tls_id++; } return -1; @@ -758,7 +763,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDSA_C) if (pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves) != 0) { + ssl_check_key_curve(&cur->cert->pk, + ssl->handshake->curves_tls_id) != 0) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve")); continue; } @@ -821,8 +827,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && - (ssl->handshake->curves == NULL || - ssl->handshake->curves[0] == NULL)) { + (ssl->handshake->curves_tls_id == NULL || + ssl->handshake->curves_tls_id[0] == 0)) { MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " "no common elliptic curve")); return 0; @@ -2741,7 +2747,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, ssl->out_msglen; size_t output_offset = 0; size_t output_len = 0; - const mbedtls_ecp_curve_info *curve_info; /* * The first 3 bytes are: @@ -2751,12 +2756,13 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * However since we only support secp256r1 for now, we hardcode its * TLS ID here */ - if ((curve_info = mbedtls_ecp_curve_info_from_grp_id( - MBEDTLS_ECP_DP_SECP256R1)) == NULL) { + uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( + MBEDTLS_ECP_DP_SECP256R1); + if (tls_id == 0) { return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; - MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, out_p, 1); + MBEDTLS_PUT_UINT16_BE(tls_id, out_p, 1); output_offset += 3; ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, @@ -2869,30 +2875,32 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * ECPoint public; * } ServerECDHParams; */ - const mbedtls_ecp_curve_info **curve = NULL; + uint16_t *curr_tls_id = ssl->handshake->curves_tls_id; const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* Match our preference list against the offered curves */ - if (group_list == NULL) { + if ((group_list == NULL) || (curr_tls_id == NULL)) { return MBEDTLS_ERR_SSL_BAD_CONFIG; } for (; *group_list != 0; group_list++) { - for (curve = ssl->handshake->curves; *curve != NULL; curve++) { - if ((*curve)->tls_id == *group_list) { + for (curr_tls_id = ssl->handshake->curves_tls_id; + *curr_tls_id != 0; curr_tls_id++) { + if (*curr_tls_id == *group_list) { goto curve_matching_done; } } } curve_matching_done: - if (curve == NULL || *curve == NULL) { + if (*curr_tls_id == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE")); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", (*curve)->name)); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", + mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id))); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -2908,7 +2916,7 @@ curve_matching_done: /* Convert EC group to PSA key type. */ handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( - (*curve)->tls_id, &ecdh_bits); + *curr_tls_id, &ecdh_bits); if (handshake->ecdh_psa_type == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse.")); @@ -2932,7 +2940,7 @@ curve_matching_done: /* * Next two bytes are the namedcurve value */ - MBEDTLS_PUT_UINT16_BE((*curve)->tls_id, p, 0); + MBEDTLS_PUT_UINT16_BE(*curr_tls_id, p, 0); p += 2; /* Generate ECDH private key. */ @@ -2976,8 +2984,11 @@ curve_matching_done: /* Determine full message length. */ len += header_size; #else + mbedtls_ecp_group_id curr_grp_id = + mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); + if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, - (*curve)->grp_id)) != 0) { + curr_grp_id)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret); return ret; } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d7535c013c..8589ff9bd7 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -223,9 +223,8 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, } for (; *group_list != 0; group_list++) { - const mbedtls_ecp_curve_info *curve_info; - curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list); - if (curve_info != NULL && + if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list, + NULL, NULL) == PSA_SUCCESS) && mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { *group_id = *group_list; return 0; @@ -373,7 +372,6 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, const unsigned char *end) { #if defined(MBEDTLS_ECDH_C) - const mbedtls_ecp_curve_info *curve_info = NULL; const unsigned char *p = buf; int selected_group; int found = 0; @@ -400,8 +398,9 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, * then the client MUST abort the handshake with an "illegal_parameter" alert. */ for (; *group_list != 0; group_list++) { - curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list); - if (curve_info == NULL || curve_info->tls_id != selected_group) { + if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list, + NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) || + *group_list != selected_group) { continue; } @@ -479,14 +478,14 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) { - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id(group); - if (curve_info == NULL) { + if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL) + == PSA_ERROR_NOT_SUPPORTED) { MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name)); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", + mbedtls_ssl_get_curve_name_from_tls_id(group))); ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p); if (ret != 0) {