tinyCrypt: Share ECDH secret calculation code-path

2025-02-02 15:30:59 +00:00 · 2019-07-23 16:51:57 +01:00 · 2019-07-23 16:51:57 +01:00 · a3c2c1712c
parent 75f12d1eb9
commit a3c2c1712c
3 changed files with 21 additions and 20 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3573,14 +3573,6 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
        }

-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
        /* TODO: Write the client share. */
        ((void) p);
        ((void) end);
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -4204,19 +4204,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
    {
-        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
-
-        ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end );
-        if( ret != 0 )
-            return( ret );
-
-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
+        if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
    }
    else
 #endif
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1701,6 +1701,26 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
    mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
        mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );

+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+    {
+        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+
+        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+                                 ssl->handshake->ecdh_privkey,
+                                 ssl->handshake->premaster,
+                                 uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        ssl->handshake->pmslen = NUM_ECC_BYTES;
+    }
+    else
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
        == MBEDTLS_KEY_EXCHANGE_DHE_RSA )