TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 08d34b8693a03727e6731ae5adf44a8e081dfbf9^! / . / scripts
commit08d34b8693a03727e6731ae5adf44a8e081dfbf9[log] [tgz]
authorAndrzej Kurek <andrzej.kurek@arm.com>Fri Jul 29 10:00:16 2022 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Wed Sep 14 08:39:26 2022 -0400
treef8e09c89ed1fd6c1ce2cc105fd88d7b9105c0d31
parentf6a6a2d8154209886fc89e3f300108ff41e82efb [diff]
Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2

TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 592fc0a..f52ca9a 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py

@@ -357,6 +357,7 @@
         'HKDF': AlgorithmCategory.KEY_DERIVATION,
         'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION,
         'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION,
+        'TLS12_ECJPAKE_TO_PMS': AlgorithmCategory.KEY_DERIVATION,
         'PBKDF': AlgorithmCategory.KEY_DERIVATION,
         'ECDH': AlgorithmCategory.KEY_AGREEMENT,
         'FFDH': AlgorithmCategory.KEY_AGREEMENT,