TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a3c2c1712c0d7befca0091b50cd9bcba52e22bd8^! / . / library
commita3c2c1712c0d7befca0091b50cd9bcba52e22bd8[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Tue Jul 23 16:51:57 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Mon Aug 12 17:05:38 2019 +0100
tree41bbf79ef98364ed4bdbaf960a78958ab33806a0
parent75f12d1eb9784264a1e2fa34208c5d5e21ee778c [diff]
tinyCrypt: Share ECDH secret calculation code-path

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4734eab..44a7bcc 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -3573,14 +3573,6 @@
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
         }
 
-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
         /* TODO: Write the client share. */
         ((void) p);
         ((void) end);

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index fb8fab6..37e8339 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -4204,19 +4204,8 @@
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
     {
-        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
-
-        ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end );
-        if( ret != 0 )
-            return( ret );
-
-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
+        if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
     }
     else
 #endif

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3e9d717..da7285f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1701,6 +1701,26 @@
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+    {
+        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+
+        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+                                 ssl->handshake->ecdh_privkey,
+                                 ssl->handshake->premaster,
+                                 uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        ssl->handshake->pmslen = NUM_ECC_BYTES;
+    }
+    else
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_DHE_RSA )