From 4059aba353fe5d8a875dcabefe8797a2854ceeb3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Mar 2023 15:40:57 +0100 Subject: [PATCH 1/7] accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 ++-- tests/scripts/all.sh | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1293f431a..ff4eef75b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -802,14 +802,14 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ +#if !( defined(MBEDTLS_PK_HAVE_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#if !( defined(MBEDTLS_ECDH_C) ) +#if !( defined(MBEDTLS_PK_HAVE_ECDH) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2801214d1..097321646 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2258,14 +2258,6 @@ config_psa_crypto_config_ecdh_use_psa () { scripts/config.py unset MBEDTLS_ECDH_C fi - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - # Note: the above two lines should be enough, but currently there's a bug - # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) - # when TLS 1.2 is also enabled, see #6848. - # So, as a temporary measure disable all of TLS 1.3. - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones) From 90df310d89f033170d4c5050d320797bc20ab313 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Mar 2023 17:14:56 +0100 Subject: [PATCH 2/7] ssl_tls13: fix guards for accel ECDH These changes fix all failures found in test_suite_ssl Signed-off-by: Valerio Setti --- library/ssl_misc.h | 2 +- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_generic.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f53e9ec9d..fe21627c4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2089,7 +2089,7 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl); -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a7fecedfd..6aae51b8b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -184,7 +184,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -219,7 +219,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); /* Pick first available ECDHE group compatible with TLS 1.3 */ if (group_list == NULL) { @@ -301,7 +301,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, * only one key share entry is allowed. */ client_shares = p; -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) { /* Pointer to group */ unsigned char *group = p; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 669a90a9b..a1356e381 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1428,7 +1428,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, From 0c8ec3983e638365d98bf9384139b80c25ed14d5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 17 Mar 2023 17:07:50 +0100 Subject: [PATCH 3/7] ssl_tls: fix proper guards for accelerated ECDH Signed-off-by: Valerio Setti --- library/ssl_misc.h | 8 ++++---- library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 12 ++++++------ library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 4 ++-- library/ssl_tls13_server.c | 20 ++++++++++---------- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fe21627c4..16bc44c79 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2215,7 +2215,7 @@ static inline int mbedtls_ssl_named_group_is_offered( static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) { -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) != MBEDTLS_ECP_DP_NONE) { @@ -2224,7 +2224,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) } #else ((void) named_group); -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ return 0; } @@ -2617,14 +2617,14 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( const mbedtls_ssl_ciphersuite_t *suite); #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t buf_len); -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ static inline int mbedtls_ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl, int cipher_suite) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a9c7005a3..cf46c2b85 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4224,7 +4224,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) if (handshake->ecdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->ecdh_psa_privkey); } -#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_CAN_ECDH && MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 6aae51b8b..dac1a1e04 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -200,7 +200,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } @@ -237,7 +237,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, #else ((void) ssl); ((void) group_id); -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ /* * Add DHE named groups here. @@ -326,7 +326,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, /* Write key_exchange_length */ MBEDTLS_PUT_UINT16_BE(key_exchange_len, group, 2); } else -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } else { @@ -375,7 +375,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) const unsigned char *p = buf; int selected_group; int found = 0; @@ -480,7 +480,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) { if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) { @@ -496,7 +496,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a1356e381..1572bcd68 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1510,7 +1510,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( return 0; } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 6edce50bc..ff5627a33 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1463,7 +1463,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) */ if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) { -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) /* Compute ECDH shared secret. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1499,7 +1499,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) } handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ } else { MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bccf9abec..04158f11f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -762,7 +762,7 @@ static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) /* * * From RFC 8446: @@ -818,11 +818,11 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its associated group. @@ -923,7 +923,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1462,7 +1462,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension")); @@ -1481,9 +1481,9 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1508,7 +1508,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported versions extension")); @@ -1826,7 +1826,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PK_CAN_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, named_group, buf, end, out_len); @@ -1837,7 +1837,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PK_CAN_ECDH */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 8427b56d711fb48efe45b5867a37b55004baa55d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 17 Mar 2023 18:49:24 +0100 Subject: [PATCH 4/7] added changelog for accelerated ECDH changes Signed-off-by: Valerio Setti --- ChangeLog.d/driver-only-ecdh.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/driver-only-ecdh.txt diff --git a/ChangeLog.d/driver-only-ecdh.txt b/ChangeLog.d/driver-only-ecdh.txt new file mode 100644 index 000000000..a360f8f38 --- /dev/null +++ b/ChangeLog.d/driver-only-ecdh.txt @@ -0,0 +1,4 @@ +Features + * When a PSA driver for ECDH is present, it is now possible to disable + MBEDTLS_ECDH_C in the build in order to save code size. For PK, X.509 + and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. From 080a22ba757371058b40456cc9616826ec1f651b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Mar 2023 15:22:47 +0100 Subject: [PATCH 5/7] ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 6 ------ library/ssl_misc.h | 12 ++++++------ library/ssl_tls.c | 4 ++-- library/ssl_tls13_client.c | 18 +++++++++--------- library/ssl_tls13_generic.c | 4 ++-- library/ssl_tls13_keys.c | 4 ++-- library/ssl_tls13_server.c | 20 ++++++++++---------- 7 files changed, 31 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f029265e3..3de7a8fa0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -193,12 +193,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #endif /* PSA_WANT_ALG_ECDSA */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ -/* Symbol for ECDH capabilities, no matter how it is provided */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_HAVE_FULL_ECDH)) || \ - (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_PK_CAN_ECDH -#endif - #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) #define MBEDTLS_PK_CAN_ECDSA_SOME #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 16bc44c79..61cf20f15 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2089,7 +2089,7 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl); -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( mbedtls_ssl_context *ssl, @@ -2097,7 +2097,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( unsigned char *buf, unsigned char *end, size_t *out_len); -#endif /* MBEDTLS_ECDH_C */ +#endif /* PSA_WANT_ALG_ECDH */ #if defined(MBEDTLS_SSL_EARLY_DATA) int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, @@ -2215,7 +2215,7 @@ static inline int mbedtls_ssl_named_group_is_offered( static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) { -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) != MBEDTLS_ECP_DP_NONE) { @@ -2224,7 +2224,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) } #else ((void) named_group); -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ return 0; } @@ -2617,14 +2617,14 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( const mbedtls_ssl_ciphersuite_t *suite); #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t buf_len); -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ static inline int mbedtls_ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl, int cipher_suite) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cf46c2b85..ad019b1cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4219,12 +4219,12 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_ssl_buffering_free(ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_PK_CAN_ECDH) && \ +#if defined(PSA_WANT_ALG_ECDH) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) if (handshake->ecdh_psa_privkey_is_external == 0) { psa_destroy_key(handshake->ecdh_psa_privkey); } -#endif /* MBEDTLS_PK_CAN_ECDH && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* PSA_WANT_ALG_ECDH && (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_transform_free(handshake->transform_handshake); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index dac1a1e04..d10fbeb46 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -184,7 +184,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -200,7 +200,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return 0; } else -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } @@ -219,7 +219,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); /* Pick first available ECDHE group compatible with TLS 1.3 */ if (group_list == NULL) { @@ -237,7 +237,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, #else ((void) ssl); ((void) group_id); -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ /* * Add DHE named groups here. @@ -301,7 +301,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, * only one key share entry is allowed. */ client_shares = p; -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) { /* Pointer to group */ unsigned char *group = p; @@ -326,7 +326,7 @@ static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, /* Write key_exchange_length */ MBEDTLS_PUT_UINT16_BE(key_exchange_len, group, 2); } else -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } else { @@ -375,7 +375,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end) { -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) const unsigned char *p = buf; int selected_group; int found = 0; @@ -480,7 +480,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) { if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) { @@ -496,7 +496,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ if (0 /* other KEMs? */) { /* Do something */ } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1572bcd68..38077ddbb 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1428,7 +1428,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) return ret; } -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1510,7 +1510,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( return 0; } -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ /* RFC 8446 section 4.2 * diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ff5627a33..8ec3570fa 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1463,7 +1463,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) */ if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) { -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) /* Compute ECDH shared secret. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1499,7 +1499,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) } handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ } else { MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 04158f11f..4cfb20baa 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -762,7 +762,7 @@ static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, return 0; } -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) /* * * From RFC 8446: @@ -818,11 +818,11 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, return 0; } -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) /* * ssl_tls13_parse_key_shares_ext() verifies whether the information in the * extension is correct and stores the first acceptable key share and its associated group. @@ -923,7 +923,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, } return 0; } -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, @@ -1462,7 +1462,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension")); @@ -1481,9 +1481,9 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); @@ -1508,7 +1508,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } break; -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported versions extension")); @@ -1826,7 +1826,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, *out_len = 0; -#if defined(MBEDTLS_PK_CAN_ECDH) +#if defined(PSA_WANT_ALG_ECDH) if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, named_group, buf, end, out_len); @@ -1837,7 +1837,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, return ret; } } else -#endif /* MBEDTLS_PK_CAN_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ if (0 /* Other kinds of KEMs */) { } else { ((void) ssl); From 89029e7366b8187fe940f305f79e78919abfbccd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Mar 2023 15:25:29 +0100 Subject: [PATCH 6/7] changelog: fix description for ECDH changes Signed-off-by: Valerio Setti --- ChangeLog.d/driver-only-ecdh.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/driver-only-ecdh.txt b/ChangeLog.d/driver-only-ecdh.txt index a360f8f38..1aeed64fe 100644 --- a/ChangeLog.d/driver-only-ecdh.txt +++ b/ChangeLog.d/driver-only-ecdh.txt @@ -1,4 +1,7 @@ Features * When a PSA driver for ECDH is present, it is now possible to disable - MBEDTLS_ECDH_C in the build in order to save code size. For PK, X.509 - and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. + MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2 + key exchanges based on ECDH(E) to work, this requires + MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in + TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, + as PSA does not have an API for restartable ECDH yet. From 226f9b903f27bfb7604840a5152bfe7e9347fb98 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Mar 2023 08:36:00 +0100 Subject: [PATCH 7/7] ssl_tls: fix guard in ssl_misc.h Signed-off-by: Valerio Setti --- library/ssl_misc.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 61cf20f15..9dc402130 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -760,16 +760,18 @@ struct mbedtls_ssl_handshake_params { #if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(PSA_WANT_ALG_ECDH) && \ + (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) psa_key_type_t ecdh_psa_type; size_t ecdh_bits; mbedtls_svc_key_id_t ecdh_psa_privkey; uint8_t ecdh_psa_privkey_is_external; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#endif /* PSA_WANT_ALG_ECDH && + (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO)