From f75f912c31b52f200b54dd5ef763208db4412226 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 7 Jan 2019 15:36:51 +0000 Subject: [PATCH 01/14] Add functions to psa_util module to convert EC public keys --- include/mbedtls/psa_util.h | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index fbf25e638..dca4fa4f5 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -43,6 +43,8 @@ #include "pk.h" #include "oid.h" +#include + /* Translations for symmetric crypto. */ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( @@ -352,6 +354,48 @@ static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group( return( (psa_ecc_curve_t) tls_ecc_grp_reg_id ); } +/* This function takes a buffer holding an EC public key + * exported through psa_export_public_key(), and converts + * it into an ECPoint structure to be put into a ClientKeyExchange + * message in an ECDHE exchange. + * + * Both the present and the foreseeable future format of EC public keys + * used by PSA have the ECPoint structure contained in the exported key + * as a subbuffer, and the function merely selects this subbuffer instead + * of making a copy. + */ +static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src, + size_t srclen, + unsigned char **dst, + size_t *dstlen ) +{ + *dst = src; + *dstlen = srclen; + return( 0 ); +} + +/* This function takes a buffer holding an ECPoint structure + * (as contained in a TLS ServerKeyExchange message for ECDHE + * exchanges) and converts it into a format that the PSA key + * agreement API understands. + */ +static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve, + unsigned char const *src, + size_t srclen, + unsigned char *dst, + size_t dstlen, + size_t *olen ) +{ + ((void) curve); + + if( srclen > dstlen ) + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + + memcpy( dst, src, srclen ); + *olen = srclen; + return( 0 ); +} + #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PSA_UTIL_H */ From df51dbe17f6c31eecef309cd7ccaa39bf9808b11 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Feb 2019 16:41:55 +0000 Subject: [PATCH 02/14] Add fields for PSA-based ECDHE to handshake structure This is the first in a series of commits adding client-side support for PSA-based ECDHE. Previously, the state of an ECDHE key agreement was maintained in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type ::mbedtls_ecdh_context and manipulated through the ECDH API. The ECDH API will be superseeded by the PSA Crypto API for key agreement, which needs the following data: (a) A raw buffer holding the public part of the key agreement received from our peer. (b) A key slot holding the private part of the key agreement. (c) The algorithm to use. The commit adds fields to ::mbedtls_ssl_handshake_params representing these three inputs to PSA-based key agreement. Specifically, it adds a field for the key slot holding the ECDH private key, a field for the EC curve identifier, and a buffer holding the peer's public key. Note: Storing the peer's public key buffer is slightly inefficient, as one could perform the ECDH computation as soon as the peer sends its public key, either working with in-place or using a stack-buffer to reformat the public key before passing it to PSA. This optimization is left for a later commit. --- include/mbedtls/psa_util.h | 2 ++ include/mbedtls/ssl_internal.h | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index dca4fa4f5..a678a777a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -235,6 +235,8 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( return( -1 ); } +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 256 + static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid ) { switch( grpid ) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 3159cd32b..be7f41b1d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -57,6 +57,11 @@ #include "ecjpake.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#include "psa_util.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -280,7 +285,15 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_ECDH_C) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_ecc_curve_t ecdh_psa_curve; + psa_key_handle_t ecdh_psa_privkey; + unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t ecdh_psa_peerkey_len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_ECDH_C */ + #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ #if defined(MBEDTLS_SSL_CLI_C) From bb89e2727f532042ef7f3273f4058033851570e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jan 2019 12:54:37 +0000 Subject: [PATCH 03/14] Implement ServerKeyExchange parsing for PSA-based ECDHE suites - Reformat the server's ECDH public key to make it suitable for the PSA key agreement API. Currently, the key agreement API needs a full SubjectPublicKeyInfo structure, while the TLS ServerKeyExchange message only contains a ECPoint structure. --- library/ssl_cli.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 06bcc731f..7665f332b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -39,6 +39,10 @@ #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #include #include @@ -2109,6 +2113,64 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) +static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end ) +{ + uint16_t tls_id; + uint8_t ecpoint_len; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + /* + * Parse ECC group + */ + + if( end - *p < 4 ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + + /* First byte is curve_type; only named_curve is handled */ + if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + + /* Next two bytes are the namedcurve value */ + tls_id = *(*p)++; + tls_id <<= 8; + tls_id |= *(*p)++; + + /* Convert EC group to PSA key type. */ + if( ( handshake->ecdh_psa_curve = + mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 ) + { + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + /* + * Put peer's ECDH public key in the format understood by PSA. + */ + + ecpoint_len = *(*p)++; + if( (size_t)( end - *p ) < ecpoint_len ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + + if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve, + *p, ecpoint_len, + handshake->ecdh_psa_peerkey, + sizeof( handshake->ecdh_psa_peerkey ), + &handshake->ecdh_psa_peerkey_len ) != 0 ) + { + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + *p += ecpoint_len; + return( 0 ); +} +#endif /* MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ + #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) @@ -2510,6 +2572,24 @@ start_processing: else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) + { + if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + } + else +#endif /* MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) From 4a63ed421c514185c377e86c6ecf6978edd33aa0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jan 2019 11:39:35 +0000 Subject: [PATCH 04/14] Implement ClientKeyExchange writing in PSA-based ECDHE suites - Populate the ECDH private key slot with a fresh private EC key designated for the correct algorithm. - Export the public part of the ECDH private key from PSA and reformat it to suite the format of the ClientKeyExchange message. - Perform the PSA-based ECDH key agreement and store the result as the premaster secret for the connection. --- library/ssl_cli.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++ library/ssl_tls.c | 5 +++ 2 files changed, 115 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7665f332b..62c36951c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3063,6 +3063,116 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) + { + psa_status_t status; + psa_key_policy_t policy; + + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t own_pubkey_len; + unsigned char *own_pubkey_ecpoint; + size_t own_pubkey_ecpoint_len; + + psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + + i = 4; + + /* + * Generate EC private key for ECDHE exchange. + */ + + /* Allocate a new key slot for the private key. */ + + status = psa_allocate_key( &handshake->ecdh_psa_privkey ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + /* The master secret is obtained from the shared ECDH secret by + * applying the TLS 1.2 PRF with a specific salt and label. While + * the PSA Crypto API encourages combining key agreement schemes + * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not + * yet support the provisioning of salt + label to the KDF. + * For the time being, we therefore need to split the computation + * of the ECDH secret and the application of the TLS 1.2 PRF. */ + policy = psa_key_policy_init(); + psa_key_policy_set_usage( &policy, + PSA_KEY_USAGE_DERIVE, + PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) ); + status = psa_set_key_policy( handshake->ecdh_psa_privkey, &policy ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + /* Generate ECDH private key. */ + status = psa_generate_key( handshake->ecdh_psa_privkey, + PSA_KEY_TYPE_ECC_KEYPAIR( handshake->ecdh_psa_curve ), + MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ), + NULL, 0 ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + /* Export the public part of the ECDH private key from PSA + * and convert it to ECPoint format used in ClientKeyExchange. */ + status = psa_export_public_key( handshake->ecdh_psa_privkey, + own_pubkey, sizeof( own_pubkey ), + &own_pubkey_len ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey, + own_pubkey_len, + &own_pubkey_ecpoint, + &own_pubkey_ecpoint_len ) != 0 ) + { + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + /* Copy ECPoint structure to outgoing message buffer. */ + ssl->out_msg[i] = own_pubkey_ecpoint_len; + memcpy( ssl->out_msg + i + 1, own_pubkey_ecpoint, own_pubkey_ecpoint_len ); + n = own_pubkey_ecpoint_len + 1; + + /* Compute ECDH shared secret. */ + status = psa_key_agreement( &generator, + handshake->ecdh_psa_privkey, + handshake->ecdh_psa_peerkey, + handshake->ecdh_psa_peerkey_len, + PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + /* The ECDH secret is the premaster secret used for key derivation. */ + + ssl->handshake->pmslen = + MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve ); + + status = psa_generator_read( &generator, + ssl->handshake->premaster, + ssl->handshake->pmslen ); + if( status != PSA_SUCCESS ) + { + psa_generator_abort( &generator ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_generator_abort( &generator ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + status = psa_destroy_key( handshake->ecdh_psa_privkey ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + handshake->ecdh_psa_privkey = 0; + } + else +#endif /* MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f224d5e94..962223fd0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9367,6 +9367,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) ssl_buffering_free( ssl ); #endif +#if defined(MBEDTLS_ECDH_C) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key( handshake->ecdh_psa_privkey ); +#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_platform_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); } From c14a3bb5a67f8324eb357d2d3620ba055d81bf02 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 14 Jan 2019 09:41:16 +0000 Subject: [PATCH 05/14] Make variable in ssl_write_client_key_exchange() more descriptive --- library/ssl_cli.c | 104 ++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 46 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 62c36951c..f2e227522 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3018,7 +3018,9 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) { int ret; - size_t i, n; + + size_t header_len; + size_t content_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -3030,16 +3032,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) /* * DHM key exchange -- send G^X mod P */ - n = ssl->handshake->dhm_ctx.len; + content_len = ssl->handshake->dhm_ctx.len; - ssl->out_msg[4] = (unsigned char)( n >> 8 ); - ssl->out_msg[5] = (unsigned char)( n ); - i = 6; + ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); + ssl->out_msg[5] = (unsigned char)( content_len ); + header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[i], n, - ssl->conf->f_rng, ssl->conf->p_rng ); + (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -3050,10 +3052,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -3081,7 +3083,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - i = 4; + header_len = 4; /* * Generate EC private key for ECDHE exchange. @@ -3133,9 +3135,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) } /* Copy ECPoint structure to outgoing message buffer. */ - ssl->out_msg[i] = own_pubkey_ecpoint_len; - memcpy( ssl->out_msg + i + 1, own_pubkey_ecpoint, own_pubkey_ecpoint_len ); - n = own_pubkey_ecpoint_len + 1; + ssl->out_msg[header_len] = own_pubkey_ecpoint_len; + memcpy( ssl->out_msg + header_len + 1, + own_pubkey_ecpoint, own_pubkey_ecpoint_len ); + content_len = own_pubkey_ecpoint_len + 1; /* Compute ECDH shared secret. */ status = psa_key_agreement( &generator, @@ -3185,7 +3188,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) /* * ECDH key exchange -- send client public value */ - i = 4; + header_len = 4; #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) @@ -3198,8 +3201,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #endif ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, - &n, - &ssl->out_msg[i], 1000, + &content_len, + &ssl->out_msg[header_len], 1000, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { @@ -3217,19 +3220,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) if( ssl->handshake->ecrs_enabled ) { - ssl->handshake->ecrs_n = n; + ssl->handshake->ecrs_n = content_len; ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; } ecdh_calc_secret: if( ssl->handshake->ecrs_enabled ) - n = ssl->handshake->ecrs_n; + content_len = ssl->handshake->ecrs_n; #endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) @@ -3261,26 +3264,28 @@ ecdh_calc_secret: return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - i = 4; - n = ssl->conf->psk_identity_len; + header_len = 4; + content_len = ssl->conf->psk_identity_len; - if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) + if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " "SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl->out_msg[i++] = (unsigned char)( n >> 8 ); - ssl->out_msg[i++] = (unsigned char)( n ); + ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); + ssl->out_msg[header_len++] = (unsigned char)( content_len ); - memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); - i += ssl->conf->psk_identity_len; + memcpy( ssl->out_msg + header_len, + ssl->conf->psk_identity, + ssl->conf->psk_identity_len ); + header_len += ssl->conf->psk_identity_len; #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) { - n = 0; + content_len = 0; } else #endif @@ -3293,7 +3298,8 @@ ecdh_calc_secret: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) + if( ( ret = ssl_write_encrypted_pms( ssl, header_len, + &content_len, 2 ) ) != 0 ) return( ret ); } else @@ -3310,21 +3316,22 @@ ecdh_calc_secret: /* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ - n = ssl->handshake->dhm_ctx.len; + content_len = ssl->handshake->dhm_ctx.len; - if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) + if( header_len + 2 + content_len > + MBEDTLS_SSL_OUT_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" " or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl->out_msg[i++] = (unsigned char)( n >> 8 ); - ssl->out_msg[i++] = (unsigned char)( n ); + ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); + ssl->out_msg[header_len++] = (unsigned char)( content_len ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[i], n, + &ssl->out_msg[header_len], content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { @@ -3346,8 +3353,10 @@ ecdh_calc_secret: /* * ClientECDiffieHellmanPublic public; */ - ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, - &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, + ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, + &content_len, + &ssl->out_msg[header_len], + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { @@ -3388,8 +3397,9 @@ ecdh_calc_secret: #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) { - i = 4; - if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) + header_len = 4; + if( ( ret = ssl_write_encrypted_pms( ssl, header_len, + &content_len, 0 ) ) != 0 ) return( ret ); } else @@ -3397,10 +3407,12 @@ ecdh_calc_secret: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { - i = 4; + header_len = 4; ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, - ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, + ssl->out_msg + header_len, + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, + &content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { @@ -3425,7 +3437,7 @@ ecdh_calc_secret: return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl->out_msglen = i + n; + ssl->out_msglen = header_len + content_len; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; From 0a94a64bbdeb16f77cc07abe48a06a26b1e889d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 11 Jan 2019 14:35:30 +0000 Subject: [PATCH 06/14] Add debugging output to confirm that PSA was used for ECDHE --- library/ssl_cli.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f2e227522..46ec50c15 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3085,6 +3085,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) header_len = 4; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); + /* * Generate EC private key for ECDHE exchange. */ From 354e248d815ce41487798da3674a84eb55438f2d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jan 2019 11:40:25 +0000 Subject: [PATCH 07/14] Add ssl-opt.sh tests for PSA-based ECDH with various ECC curves --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 646ddd6be..0d703a3f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -774,6 +774,17 @@ run_test_psa() { -C "error" } +run_test_psa_force_curve() { + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO + run_test "PSA - ECDH with $1" \ + "$P_SRV debug_level=4 force_version=tls1_2" \ + "$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -S "error" \ + -C "error" +} + cleanup() { rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 @@ -932,6 +943,29 @@ run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 +requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED +run_test_psa_force_curve "secp521r1" +requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED +run_test_psa_force_curve "brainpoolP512r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED +run_test_psa_force_curve "secp384r1" +requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED +run_test_psa_force_curve "brainpoolP384r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test_psa_force_curve "secp256r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED +run_test_psa_force_curve "secp256k1" +requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED +run_test_psa_force_curve "brainpoolP256r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED +run_test_psa_force_curve "secp224r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED +run_test_psa_force_curve "secp224k1" +requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED +run_test_psa_force_curve "secp192r1" +requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED +run_test_psa_force_curve "secp192k1" + # Test current time in ServerHello requires_config_enabled MBEDTLS_HAVE_TIME run_test "ServerHello contains gmt_unix_time" \ From 3b7c4a0ff00c0ef25653eaf1e5f940dc3ceb0b2c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 10 Jan 2019 08:49:23 +0000 Subject: [PATCH 08/14] Regenerate VisualStudio project file --- visualc/VS2010/mbedTLS.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 133fd065b..e33c7483c 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -281,6 +281,7 @@ + From 4af484e29a710fcea966bc3d53ebd60a55fc1748 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 29 Jan 2019 09:59:48 +0000 Subject: [PATCH 09/14] Regenerate VS2010 project file --- visualc/VS2010/mbedTLS.vcxproj | 1 - 1 file changed, 1 deletion(-) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index e33c7483c..133fd065b 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -281,7 +281,6 @@ - From 28f78440d8d01a98a0737277013b33216c65151b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Feb 2019 16:47:50 +0000 Subject: [PATCH 10/14] Grep for debug output witnessing use of PSA in ECDHE ssl-opt.sh --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0d703a3f7..9e04353a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -769,6 +769,7 @@ run_test_psa() { -C "Failed to setup PSA-based cipher context"\ -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ + -c "Perform PSA-based ECDH computation."\ -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" @@ -780,7 +781,19 @@ run_test_psa_force_curve() { "$P_SRV debug_level=4 force_version=tls1_2" \ "$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 0 \ + -c "Successfully setup PSA-based decryption cipher context" \ + -c "Successfully setup PSA-based encryption cipher context" \ + -c "PSA calc verify" \ + -c "calc PSA finished" \ + -s "Successfully setup PSA-based decryption cipher context" \ + -s "Successfully setup PSA-based encryption cipher context" \ + -s "PSA calc verify" \ + -s "calc PSA finished" \ + -C "Failed to setup PSA-based cipher context"\ + -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ + -c "Perform PSA-based ECDH computation."\ + -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" } From 135baef1bd45c78ca73d9861eb7155449591acd2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Feb 2019 17:03:36 +0000 Subject: [PATCH 11/14] Define maximum EC public key length depending on enabled curves --- include/mbedtls/psa_util.h | 81 +++++++++++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a678a777a..b0c042827 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -235,7 +235,85 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( return( -1 ); } -#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 256 +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1 + +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 ) +#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 ) +#endif +#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ + static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid ) { @@ -298,6 +376,7 @@ static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group } } + #define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \ ( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \ curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \ From 1ce51e4dc3b459d2d27ed563b030055294468859 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Feb 2019 10:25:47 +0000 Subject: [PATCH 12/14] Forbid setting MBEDTLS_ECP_RESTARTABLE and MBEDTLS_USE_PSA_CRYPTO_C Restartable ECC isn't supported in PSA yet. --- include/mbedtls/check_config.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 3d47899c7..083948dec 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -114,14 +114,15 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO_C) || \ + defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ defined(MBEDTLS_ECP_INTERNAL_ALT) || \ defined(MBEDTLS_ECP_ALT) ) -#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" +#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation" #endif #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) From 241b524964d70b829c43c7774a1bc0e93dbe9354 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Feb 2019 10:26:18 +0000 Subject: [PATCH 13/14] Disable restartable ECC in full config PSA test in all.sh --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 90f9632d9..b67696240 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -852,6 +852,7 @@ component_test_use_psa_crypto_full_cmake_asan() { msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA scripts/config.pl set MBEDTLS_PSA_CRYPTO_C scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D USE_CRYPTO_SUBMODULE=1 -D CMAKE_BUILD_TYPE:String=Asan . From 85fd913950de673a7804e384a233cd85c050036f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Feb 2019 12:50:35 +0000 Subject: [PATCH 14/14] Fix typo in check_config.h --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 083948dec..ea05938ed 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -114,7 +114,7 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO_C) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) || \ defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \