cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing

Browse Source
This commit is contained in:
Andrzej Kurek 2019-01-10 05:27:10 -05:00
parent 2192c27720
commit d6db9be598
2 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/mbedtls/ssl_internal.h
View File

@ -765,6 +765,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
// The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length.
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen, unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len, unsigned char *data, size_t data_len,

65
library/ssl_tls.c
View File

@ -50,6 +50,11 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#endif #endif
@ -9972,6 +9977,64 @@ exit:
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
mbedtls_md_type_t md_alg )
{
int ret = 0;
psa_hash_operation_t hash_operation;
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
if( ( ret = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", ret );
goto exit;
}
if( ( ret = psa_hash_update( &hash_operation, ssl->handshake->randbytes, 64 ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret );
goto exit;
}
if( ( ret = psa_hash_update( &hash_operation, data, data_len ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret );
goto exit;
}
if( ( ret = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, hashlen ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", ret );
goto exit;
}
exit:
if( ret != 0 )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
switch(ret)
{
case PSA_ERROR_NOT_SUPPORTED:
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
case PSA_ERROR_BAD_STATE: // Intentional fallthrough
case PSA_ERROR_BUFFER_TOO_SMALL:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
case PSA_ERROR_INSUFFICIENT_MEMORY:
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
default:
return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED );
}
}
return( 0 );
}
#else
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen, unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len, unsigned char *data, size_t data_len,
@ -10026,6 +10089,8 @@ exit:
return( ret ); return( ret );
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_PROTO_TLS1_2 */