tls13: Share write ecdh_key_exchange function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 46d85d9..fa336e4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1781,6 +1781,16 @@
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
+#if defined(MBEDTLS_ECDH_C)
+int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len );
+#endif /* MBEDTLS_ECDH_C */
+
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index cf5b382..d024abf 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -204,65 +204,6 @@
/*
* Functions for writing key_share extension.
*/
-#if defined(MBEDTLS_ECDH_C)
-static int ssl_tls13_generate_and_write_ecdh_key_exchange(
- mbedtls_ssl_context *ssl,
- uint16_t named_group,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- psa_key_attributes_t key_attributes;
- size_t own_pubkey_len;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- size_t ecdh_bits = 0;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
-
- /* Convert EC group to PSA key type. */
- if( ( handshake->ecdh_psa_type =
- mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-
- ssl->handshake->ecdh_bits = ecdh_bits;
-
- key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
- psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
- psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
-
- /* Generate ECDH private key. */
- status = psa_generate_key( &key_attributes,
- &handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
- return( ret );
-
- }
-
- /* Export the public part of the ECDH private key from PSA. */
- status = psa_export_public_key( handshake->ecdh_psa_privkey,
- buf, (size_t)( end - buf ),
- &own_pubkey_len );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
- return( ret );
-
- }
-
- *out_len = own_pubkey_len;
-
- return( 0 );
-}
-#endif /* MBEDTLS_ECDH_C */
-
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id )
{
@@ -367,8 +308,8 @@
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
p += 4;
- ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, p, end,
- &key_exchange_len );
+ ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ ssl, group_id, p, end, &key_exchange_len );
p += key_exchange_len;
if( ret != 0 )
return( ret );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4bee319..f5d791f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1535,6 +1535,63 @@
return( 0 );
}
+
+int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ psa_key_attributes_t key_attributes;
+ size_t own_pubkey_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ size_t ecdh_bits = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /* Convert EC group to PSA key type. */
+ if( ( handshake->ecdh_psa_type =
+ mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+ ssl->handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
+ return( ret );
+
+ }
+
+ /* Export the public part of the ECDH private key from PSA. */
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ buf, (size_t)( end - buf ),
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
+ return( ret );
+
+ }
+
+ *out_len = own_pubkey_len;
+
+ return( 0 );
+}
#endif /* MBEDTLS_ECDH_C */
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index ae49eff..d6450a5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -822,20 +822,27 @@
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
+ ((void) ssl);
+ ((void) named_group);
+ ((void) buf);
+ ((void) end);
+ ((void) out_len);
+#if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
{
- ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx,
- out_len, buf, end - buf, ssl->conf->f_rng, ssl->conf->p_rng );
+ ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ ssl, named_group, buf, end, out_len );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_tls13_params", ret );
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange",
+ ret );
return( ret );
}
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_Q );
}
- else if( 0 /* Other kinds of KEMs */ )
+ else
+#endif /* MBEDTLS_ECDH_C */
+ if( 0 /* Other kinds of KEMs */ )
{
}
else