diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 8b4417024..19d1fd364 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1830,4 +1830,9 @@ MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_pend_fatal_alert( #define MBEDTLS_SSL_CHK(f) do { if( ( ret = f ) < 0 ) goto cleanup; } while( 0 ) +#if defined(MBEDTLS_USE_TINYCRYPT) +int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl, + unsigned char **p, unsigned char *end ); +#endif /* MBEDTLS_USE_TINYCRYPT */ + #endif /* ssl_internal.h */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c3c99c114..4734eabd5 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2798,6 +2798,39 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#if defined(MBEDTLS_USE_TINYCRYPT) + if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) + == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || + mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) + == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) + { + static const uint16_t secp256r1_tls_id = 23; + static const unsigned char ecdh_group[] = { + MBEDTLS_ECP_TLS_NAMED_CURVE, + ( secp256r1_tls_id >> 8 ) & 0xFF, + ( secp256r1_tls_id >> 0 ) & 0xFF, + }; + + /* Check for fixed ECDH parameter preamble. */ + if( (size_t)( end - p ) < sizeof( ecdh_group ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (too short)" ) ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + if( memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (unexpected header)" ) ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + p += sizeof( ecdh_group ); + + /* Read server's key share. */ + if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + else +#endif /* MBEDTLS_USE_TINYCRYPT */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b661d647f..fb8fab655 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4206,7 +4206,9 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl, { const struct uECC_Curve_t * uecc_curve = uECC_secp256r1(); - /* TODO: Parse the client's key share. */ + ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ); + if( ret != 0 ) + return( ret ); if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey, ssl->handshake->ecdh_privkey, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 17f1b414f..3e9d717e3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -65,6 +65,35 @@ static int uecc_rng_wrapper( uint8_t *dest, unsigned int size ) return( 0 ); } + +int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl, + unsigned char **p, unsigned char *end ) +{ + size_t const secp256r1_uncompressed_point_length = + 1 /* length */ + 1 /* length */ + 2 * NUM_ECC_BYTES /* data */; + + if( (size_t)( end - *p ) < secp256r1_uncompressed_point_length ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Bad ECDH peer pubkey (too short)" ) ); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } + + if( (*p)[0] != 2 * NUM_ECC_BYTES + 1 || + (*p)[1] != 0x04 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Unexpected ECDH peer pubkey header - expected { %#02x, %#02x }, got { %#02x, %#02x }", + 2 * NUM_ECC_BYTES + 1, + 0x04, + (unsigned) (*p)[0], + (unsigned) (*p)[1] ) ); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } + + memcpy( ssl->handshake->ecdh_peerkey, *p + 2, 2 * NUM_ECC_BYTES ); + + *p += secp256r1_uncompressed_point_length; + return( 0 ); +} #endif /* MBEDTLS_USE_TINYCRYPT */ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );