diff options
author | Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> | 2022-02-10 10:37:15 +0100 |
---|---|---|
committer | Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> | 2022-02-10 15:03:11 +0100 |
commit | 75638a44027c883b3b4d7e9c50e0c1b04c0ceaf4 (patch) | |
tree | 507226c549ca9af131e9d4170e0b55a69cb16b12 | |
parent | 830c45eb40d180b0b9ce6bca2e18b009dc95115d (diff) | |
download | mbedtls-tls_ecdh_2c.zip mbedtls-tls_ecdh_2c.tar.gz mbedtls-tls_ecdh_2c.tar.bz2 |
Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement()tls_ecdh_2c
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
-rw-r--r-- | library/ssl_tls13_keys.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5615386..540c6e0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1116,6 +1116,7 @@ exit: int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac; size_t ephemeral_len = 0; @@ -1136,15 +1137,29 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) ) { #if defined(MBEDTLS_ECDH_C) - ret = mbedtls_ecdh_calc_secret( &handshake->ecdh_ctx, - &ephemeral_len, ecdhe, sizeof( ecdhe ), - ssl->conf->f_rng, - ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( ret ); - } + /* Compute ECDH shared secret. */ + status = psa_raw_key_agreement( + PSA_ALG_ECDH, handshake->ecdh_psa_privkey, + handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, + handshake->premaster, sizeof( handshake->premaster ), + &handshake->pmslen ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret ); + return( ret ); + + } + + status = psa_destroy_key( handshake->ecdh_psa_privkey ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret ); + return( ret ); + + } + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_ECDH_C */ } else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) ) |