tinyCrypt: Don't store public ECDH-share in handshake struct

Instead, write it to the message buffer directly.
This commit is contained in:
Hanno Becker 2019-07-24 12:45:52 +01:00
parent b1626fb619
commit 8295ff0b04
3 changed files with 14 additions and 20 deletions

View file

@ -552,7 +552,6 @@ struct mbedtls_ssl_handshake_params
#if defined(MBEDTLS_USE_TINYCRYPT) #if defined(MBEDTLS_USE_TINYCRYPT)
uint8_t ecdh_privkey[NUM_ECC_BYTES]; uint8_t ecdh_privkey[NUM_ECC_BYTES];
uint8_t ecdh_ownpubkey[2*NUM_ECC_BYTES];
uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; uint8_t ecdh_peerkey[2*NUM_ECC_BYTES];
#endif /* MBEDTLS_USE_TINYCRYPT */ #endif /* MBEDTLS_USE_TINYCRYPT */
}; };

View file

@ -3576,19 +3576,17 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
((void) n); ((void) n);
((void) ret); ((void) ret);
if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
ssl->handshake->ecdh_privkey,
uecc_curve ) )
{
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 ) if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
*p++ = 2 * NUM_ECC_BYTES + 1; *p++ = 2 * NUM_ECC_BYTES + 1;
*p++ = 0x04; /* uncompressed point presentation */ *p++ = 0x04; /* uncompressed point presentation */
memcpy( p, ssl->handshake->ecdh_ownpubkey, 2 * NUM_ECC_BYTES );
if( !uECC_make_key( p, ssl->handshake->ecdh_privkey,
uecc_curve ) )
{
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
p += 2 * NUM_ECC_BYTES; p += 2 * NUM_ECC_BYTES;
} }
else else

View file

@ -3398,14 +3398,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
0x04 /* Uncompressed */ 0x04 /* Uncompressed */
}; };
if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
ssl->handshake->ecdh_privkey,
uecc_curve ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = ssl->out_msg + ssl->out_msglen; dig_signed = ssl->out_msg + ssl->out_msglen;
#endif #endif
@ -3414,9 +3406,14 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ecdh_param_hdr, sizeof( ecdh_param_hdr ) ); ecdh_param_hdr, sizeof( ecdh_param_hdr ) );
ssl->out_msglen += sizeof( ecdh_param_hdr ); ssl->out_msglen += sizeof( ecdh_param_hdr );
memcpy( &ssl->out_msg[ssl->out_msglen], if( !uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
ssl->handshake->ecdh_ownpubkey, ssl->handshake->ecdh_privkey,
2*NUM_ECC_BYTES ); uecc_curve ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl->out_msglen += 2*NUM_ECC_BYTES; ssl->out_msglen += 2*NUM_ECC_BYTES;
} }
else else