tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 807e781..d022721 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2388,43 +2388,10 @@
*
* \return 0 on success or a negative error code in case of failure
*/
-static inline int psa_tls12_parse_ecjpake_round_one(
+int mbedtls_psa_ecjpake_read_round_one(
psa_pake_operation_t *pake_ctx,
const unsigned char *buf,
- size_t len )
-{
- psa_status_t status;
- size_t input_offset = 0;
-
- /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */
- for( unsigned int x = 1; x <= 2; ++x )
- {
- for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
- step <= PSA_PAKE_STEP_ZK_PROOF;
- ++step )
- {
- /* Length is stored at the first byte */
- size_t length = buf[input_offset];
- input_offset += 1;
-
- if( input_offset + length > len )
- {
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- }
-
- status = psa_pake_input( pake_ctx, step,
- buf + input_offset, length );
- if( status != PSA_SUCCESS)
- {
- return psa_ssl_status_to_mbedtls( status );
- }
-
- input_offset += length;
- }
- }
-
- return( 0 );
-}
+ size_t len );
/**
* \brief Parse the provided input buffer for getting the second round
@@ -2436,60 +2403,10 @@
*
* \return 0 on success or a negative error code in case of failure
*/
-static inline int psa_tls12_parse_ecjpake_round_two(
+int mbedtls_psa_ecjpake_read_round_two(
psa_pake_operation_t *pake_ctx,
const unsigned char *buf,
- size_t len, int role )
-{
- psa_status_t status;
- size_t input_offset = 0;
-
- for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
- step <= PSA_PAKE_STEP_ZK_PROOF ;
- ++step )
- {
- size_t length;
-
- /*
- * On its 2nd round, the server sends 3 extra bytes which identify the
- * curve:
- * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE
- * - the 2nd and 3rd represent curve's TLS ID
- * Validate this data before moving forward
- */
- if( ( step == PSA_PAKE_STEP_KEY_SHARE ) &&
- ( role == MBEDTLS_SSL_IS_CLIENT ) )
- {
- uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 );
-
- if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) ||
- ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- input_offset += 3;
- }
-
- /* Length is stored at the first byte */
- length = buf[input_offset];
- input_offset += 1;
-
- if( input_offset + length > len )
- {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- status = psa_pake_input( pake_ctx, step,
- buf + input_offset, length );
- if( status != PSA_SUCCESS)
- {
- return psa_ssl_status_to_mbedtls( status );
- }
-
- input_offset += length;
- }
-
- return( 0 );
-}
+ size_t len, int role );
/**
* \brief Write the first round of key exchange into the provided output
@@ -2502,43 +2419,10 @@
*
* \return 0 on success or a negative error code in case of failure
*/
-static inline int psa_tls12_write_ecjpake_round_one(
+int mbedtls_psa_ecjpake_write_round_one(
psa_pake_operation_t *pake_ctx,
unsigned char *buf,
- size_t len, size_t *olen )
-{
- psa_status_t status;
- size_t output_offset = 0;
- size_t output_len;
-
- /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */
- for( unsigned int x = 1 ; x <= 2 ; ++x )
- {
- for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
- step <= PSA_PAKE_STEP_ZK_PROOF ;
- ++step )
- {
- /* For each step, prepend 1 byte with the length of the data */
- *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step );
- output_offset += 1;
-
- status = psa_pake_output( pake_ctx, step,
- buf + output_offset,
- len - output_offset,
- &output_len );
- if( status != PSA_SUCCESS )
- {
- return( psa_ssl_status_to_mbedtls( status ) );
- }
-
- output_offset += output_len;
- }
- }
-
- *olen = output_offset;
-
- return( 0 );
-}
+ size_t len, size_t *olen );
/**
* \brief Write the second round of key exchange into the provided output
@@ -2551,38 +2435,11 @@
*
* \return 0 on success or a negative error code in case of failure
*/
-static inline int psa_tls12_write_ecjpake_round_two(
+int mbedtls_psa_ecjpake_write_round_two(
psa_pake_operation_t *pake_ctx,
unsigned char *buf,
- size_t len, size_t *olen )
-{
- psa_status_t status;
- size_t output_offset = 0;
- size_t output_len;
+ size_t len, size_t *olen );
- for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
- step <= PSA_PAKE_STEP_ZK_PROOF ;
- ++step )
- {
- /* For each step, prepend 1 byte with the length of the data */
- *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step );
- output_offset += 1;
- status = psa_pake_output( pake_ctx,
- step, buf + output_offset,
- len - output_offset,
- &output_len );
- if( status != PSA_SUCCESS )
- {
- return( psa_ssl_status_to_mbedtls( status ) );
- }
-
- output_offset += output_len;
- }
-
- *olen = output_offset;
-
- return( 0 );
-}
#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
/**
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8771c59..35262cb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8194,6 +8194,173 @@
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_psa_ecjpake_read_round_one(
+ psa_pake_operation_t *pake_ctx,
+ const unsigned char *buf,
+ size_t len )
+{
+ psa_status_t status;
+ size_t input_offset = 0;
+
+ /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */
+ for( unsigned int x = 1; x <= 2; ++x )
+ {
+ for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
+ step <= PSA_PAKE_STEP_ZK_PROOF;
+ ++step )
+ {
+ /* Length is stored at the first byte */
+ size_t length = buf[input_offset];
+ input_offset += 1;
+
+ if( input_offset + length > len )
+ {
+ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ }
+
+ status = psa_pake_input( pake_ctx, step,
+ buf + input_offset, length );
+ if( status != PSA_SUCCESS)
+ {
+ return psa_ssl_status_to_mbedtls( status );
+ }
+
+ input_offset += length;
+ }
+ }
+
+ return( 0 );
+}
+
+int mbedtls_psa_ecjpake_read_round_two(
+ psa_pake_operation_t *pake_ctx,
+ const unsigned char *buf,
+ size_t len, int role )
+{
+ psa_status_t status;
+ size_t input_offset = 0;
+
+ for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
+ step <= PSA_PAKE_STEP_ZK_PROOF ;
+ ++step )
+ {
+ size_t length;
+
+ /*
+ * On its 2nd round, the server sends 3 extra bytes which identify the
+ * curve:
+ * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE
+ * - the 2nd and 3rd represent curve's TLS ID
+ * Validate this data before moving forward
+ */
+ if( ( step == PSA_PAKE_STEP_KEY_SHARE ) &&
+ ( role == MBEDTLS_SSL_IS_CLIENT ) )
+ {
+ uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 );
+
+ if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) ||
+ ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ input_offset += 3;
+ }
+
+ /* Length is stored at the first byte */
+ length = buf[input_offset];
+ input_offset += 1;
+
+ if( input_offset + length > len )
+ {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ status = psa_pake_input( pake_ctx, step,
+ buf + input_offset, length );
+ if( status != PSA_SUCCESS)
+ {
+ return psa_ssl_status_to_mbedtls( status );
+ }
+
+ input_offset += length;
+ }
+
+ return( 0 );
+}
+
+int mbedtls_psa_ecjpake_write_round_one(
+ psa_pake_operation_t *pake_ctx,
+ unsigned char *buf,
+ size_t len, size_t *olen )
+{
+ psa_status_t status;
+ size_t output_offset = 0;
+ size_t output_len;
+
+ /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */
+ for( unsigned int x = 1 ; x <= 2 ; ++x )
+ {
+ for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
+ step <= PSA_PAKE_STEP_ZK_PROOF ;
+ ++step )
+ {
+ /* For each step, prepend 1 byte with the length of the data */
+ *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step );
+ output_offset += 1;
+
+ status = psa_pake_output( pake_ctx, step,
+ buf + output_offset,
+ len - output_offset,
+ &output_len );
+ if( status != PSA_SUCCESS )
+ {
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ output_offset += output_len;
+ }
+ }
+
+ *olen = output_offset;
+
+ return( 0 );
+}
+
+int mbedtls_psa_ecjpake_write_round_two(
+ psa_pake_operation_t *pake_ctx,
+ unsigned char *buf,
+ size_t len, size_t *olen )
+{
+ psa_status_t status;
+ size_t output_offset = 0;
+ size_t output_len;
+
+ for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ;
+ step <= PSA_PAKE_STEP_ZK_PROOF ;
+ ++step )
+ {
+ /* For each step, prepend 1 byte with the length of the data */
+ *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step );
+ output_offset += 1;
+ status = psa_pake_output( pake_ctx,
+ step, buf + output_offset,
+ len - output_offset,
+ &output_len );
+ if( status != PSA_SUCCESS )
+ {
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ output_offset += output_len;
+ }
+
+ *olen = output_offset;
+
+ return( 0 );
+}
+#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index c90ed2e..4e986d1 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -164,7 +164,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ret = psa_tls12_write_ecjpake_round_one(&ssl->handshake->psa_pake_ctx,
+ ret = mbedtls_psa_ecjpake_write_round_one(&ssl->handshake->psa_pake_ctx,
p + 2, end - p - 2, &kkpp_len );
if ( ret != 0 )
{
@@ -908,7 +908,7 @@
ssl->handshake->ecjpake_cache_len = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ( ret = psa_tls12_parse_ecjpake_round_one(
+ if( ( ret = mbedtls_psa_ecjpake_read_round_one(
&ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 )
{
psa_destroy_key( ssl->handshake->psa_pake_password );
@@ -2333,7 +2333,7 @@
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ( ret = psa_tls12_parse_ecjpake_round_two(
+ if( ( ret = mbedtls_psa_ecjpake_read_round_two(
&ssl->handshake->psa_pake_ctx, p, end - p,
ssl->conf->endpoint ) ) != 0 )
{
@@ -3292,7 +3292,7 @@
unsigned char *out_p = ssl->out_msg + header_len;
unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
header_len;
- ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx,
+ ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx,
out_p, end_p - out_p, &content_len );
if ( ret != 0 )
{
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 38899f9..f5c50ea 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -305,7 +305,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( ( ret = psa_tls12_parse_ecjpake_round_one(
+ if ( ( ret = mbedtls_psa_ecjpake_read_round_one(
&ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 )
{
psa_destroy_key( ssl->handshake->psa_pake_password );
@@ -2896,7 +2896,7 @@
MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 );
output_offset += sizeof( uint8_t ) + sizeof( uint16_t );
- ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx,
+ ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx,
out_p + output_offset,
end_p - out_p - output_offset, &output_len );
if( ret != 0 )
@@ -4143,7 +4143,7 @@
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ( ret = psa_tls12_parse_ecjpake_round_two(
+ if( ( ret = mbedtls_psa_ecjpake_read_round_two(
&ssl->handshake->psa_pake_ctx, p, end - p,
ssl->conf->endpoint ) ) != 0 )
{