Refactor to make PSA and non-PSA ECDH(E) client code exclusive
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
parent
d91526c17f
commit
d8419ff390
@ -1771,12 +1771,10 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
|||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) )
|
||||||
( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) )
|
|
||||||
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
const mbedtls_ecp_curve_info *curve_info;
|
const mbedtls_ecp_curve_info *curve_info;
|
||||||
@ -1804,18 +1802,16 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
|
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
( !MBEDTLS_USE_PSA_CRYPTO &&
|
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) */
|
||||||
( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||||
unsigned char **p,
|
unsigned char **p,
|
||||||
unsigned char *end )
|
unsigned char *end )
|
||||||
{
|
{
|
||||||
@ -1878,13 +1874,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
#else
|
||||||
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
|
||||||
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||||
unsigned char **p,
|
unsigned char **p,
|
||||||
unsigned char *end )
|
unsigned char *end )
|
||||||
@ -1919,6 +1909,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
@ -2345,31 +2336,8 @@ start_processing:
|
|||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
|
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
|
||||||
{
|
|
||||||
if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
|
||||||
mbedtls_ssl_send_alert_message(
|
|
||||||
ssl,
|
|
||||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
|
||||||
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
|
|
||||||
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
|
||||||
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
@ -2839,11 +2807,11 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
@ -2921,15 +2889,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
#else
|
||||||
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
@ -2996,6 +2956,7 @@ ecdh_calc_secret:
|
|||||||
MBEDTLS_DEBUG_ECDH_Z );
|
MBEDTLS_DEBUG_ECDH_Z );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||||
@ -3247,7 +3208,8 @@ ecdh_calc_secret:
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
@ -3274,7 +3236,7 @@ ecdh_calc_secret:
|
|||||||
MBEDTLS_DEBUG_ECDH_Q );
|
MBEDTLS_DEBUG_ECDH_Q );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user