Add support for FFDH in TLS 1.3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 46caa45..c69078d 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1484,8 +1484,15 @@
* are derived in the handshake secret derivation stage.
*/
if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
- if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) {
-#if defined(PSA_WANT_ALG_ECDH)
+ if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
+ mbedtls_ssl_tls13_named_group_is_dhe(handshake->offered_group_id)) {
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
+ psa_algorithm_t alg = 0;
+ if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) {
+ alg = PSA_ALG_ECDH;
+ } else {
+ alg = PSA_ALG_FFDH;
+ }
/* Compute ECDH shared secret. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1504,7 +1511,7 @@
}
status = psa_raw_key_agreement(
- PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+ alg, handshake->ecdh_psa_privkey,
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
shared_secret, shared_secret_len, &shared_secret_len);
if (status != PSA_SUCCESS) {
@@ -1521,7 +1528,7 @@
}
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
} else {
MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported."));
return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;