Adapt ServerKeyEchange processing to restart
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index af8728d..51dd4e1 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -231,6 +231,8 @@
mbedtls_ecdsa_restart_ctx rs_ctx; /*!< ECDSA restart context */
enum {
ssl_ecrs_init = 0, /*!< just getting started */
+ ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */
+ ssl_ecrs_ske_verified, /*!< ServerKeyExchange was verified */
ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */
ssl_ecrs_ecdh_completed, /*!< completed ECDHE key exchange */
ssl_ecrs_keys_derived, /*!< ssl_derive_keys() done */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 77d376b..faaedb7 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1697,6 +1697,14 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ ssl->handshake->ec_restart_enabled = 1;
+ }
+#endif
+
i = 0;
while( 1 )
{
@@ -2303,12 +2311,22 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_state == ssl_ecrs_ske_read )
+ goto ske_process;
+#endif
+
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ ssl->handshake->ecrs_state++;
+
+ske_process:
+#endif
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
@@ -2432,6 +2450,7 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
size_t params_len = p - params;
+ void *rs_ctx = NULL;
/*
* Handle the digitally-signed structure
@@ -2598,14 +2617,27 @@
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
- if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
- md_alg, hash, hashlen, p, sig_len ) ) != 0 )
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ec_restart_enabled )
+ rs_ctx = &ssl->handshake->rs_ctx;
+#endif
+
+ if( ( ret = mbedtls_pk_verify_restartable(
+ &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+#endif
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
return( ret );
}
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ ssl->handshake->ecrs_state++;
+#endif
}
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b960df0..d1ad9bf 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3450,6 +3450,7 @@
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1" \
0 \
+ -C "mbedtls_pk_verify.*4b80" \
-C "mbedtls_ecdh_make_public.*4b80" \
-C "mbedtls_pk_sign.*4b80"
@@ -3460,6 +3461,7 @@
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=0" \
0 \
+ -C "mbedtls_pk_verify.*4b80" \
-C "mbedtls_ecdh_make_public.*4b80" \
-C "mbedtls_pk_sign.*4b80"
@@ -3470,6 +3472,7 @@
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=65535" \
0 \
+ -C "mbedtls_pk_verify.*4b80" \
-C "mbedtls_ecdh_make_public.*4b80" \
-C "mbedtls_pk_sign.*4b80"
@@ -3480,6 +3483,7 @@
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
+ -c "mbedtls_pk_verify.*4b80" \
-c "mbedtls_ecdh_make_public.*4b80" \
-c "mbedtls_pk_sign.*4b80"
@@ -3490,6 +3494,7 @@
key_file=data_files/server5.key crt_file=data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
+ -c "mbedtls_pk_verify.*4b80" \
-c "mbedtls_ecdh_make_public.*4b80" \
-c "mbedtls_pk_sign.*4b80"