tinyCrypt: Add ServerKeyExchange parsing code

include/mbedtls/ssl_internal.h

@@ -1830,4 +1830,9 @@ MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_pend_fatal_alert(
 
 #define MBEDTLS_SSL_CHK(f) do { if( ( ret = f ) < 0 ) goto cleanup; } while( 0 )
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
+                                   unsigned char **p, unsigned char *end );
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #endif /* ssl_internal.h */

library/ssl_cli.c

@@ -2798,6 +2798,39 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+    {
+        static const uint16_t secp256r1_tls_id = 23;
+        static const unsigned char ecdh_group[] = {
+            MBEDTLS_ECP_TLS_NAMED_CURVE,
+            ( secp256r1_tls_id >> 8 ) & 0xFF,
+            ( secp256r1_tls_id >> 0 ) & 0xFF,
+        };
+
+        /* Check for fixed ECDH parameter preamble. */
+        if( (size_t)( end - p ) < sizeof( ecdh_group ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (too short)" ) );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        if( memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (unexpected header)" ) );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+        p += sizeof( ecdh_group );
+
+        /* Read server's key share. */
+        if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    }
+    else
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)

library/ssl_srv.c

@@ -4206,7 +4206,9 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
     {
         const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
 
-        /* TODO: Parse the client's key share. */
+        ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end );
+        if( ret != 0 )
+            return( ret );
 
         if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
                                  ssl->handshake->ecdh_privkey,

library/ssl_tls.c

@@ -65,6 +65,35 @@ static int uecc_rng_wrapper( uint8_t *dest, unsigned int size )
 
     return( 0 );
 }
+
+int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
+                                   unsigned char **p, unsigned char *end )
+{
+    size_t const secp256r1_uncompressed_point_length =
+        1 /* length */ + 1 /* length */ + 2 * NUM_ECC_BYTES /* data */;
+
+    if( (size_t)( end - *p ) < secp256r1_uncompressed_point_length )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Bad ECDH peer pubkey (too short)" ) );
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    if( (*p)[0] != 2 * NUM_ECC_BYTES + 1 ||
+        (*p)[1] != 0x04 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Unexpected ECDH peer pubkey header - expected { %#02x, %#02x }, got { %#02x, %#02x }",
+                               2 * NUM_ECC_BYTES + 1,
+                               0x04,
+                               (unsigned) (*p)[0],
+                               (unsigned) (*p)[1] ) );
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    memcpy( ssl->handshake->ecdh_peerkey, *p + 2, 2 * NUM_ECC_BYTES );
+
+    *p += secp256r1_uncompressed_point_length;
+    return( 0 );
+}
 #endif /* MBEDTLS_USE_TINYCRYPT */
 
 static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );