Skip to content

Commit

Permalink
fix: for mbedtls update
Browse files Browse the repository at this point in the history
  • Loading branch information
thekuwayama committed Jun 28, 2023
1 parent 1de8370 commit 42fbed2
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 16 deletions.
41 changes: 27 additions & 14 deletions matter/src/crypto/crypto_mbedtls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,15 @@ impl KeyPair {
}

pub fn new_from_components(_pub_key: &[u8], priv_key: &[u8]) -> Result<Self, Error> {
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
// No rust-mbedtls API yet for creating keypair from both public and private key
let priv_key = Mpi::from_binary(priv_key)?;
Ok(Self {
key: Pk::private_from_ec_components(EcGroup::new(EcGroupId::SecP256R1)?, priv_key)?,
key: Pk::private_from_ec_components(
&mut ctr_drbg,
EcGroup::new(EcGroupId::SecP256R1)?,
priv_key,
)?,
})
}

Expand All @@ -89,9 +94,13 @@ impl KeyPair {

impl CryptoKeyPair for KeyPair {
fn get_csr<'a>(&self, out_csr: &'a mut [u8]) -> Result<&'a [u8], Error> {
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
let tmp_priv = self.key.ec_private()?;
let mut tmp_key =
Pk::private_from_ec_components(EcGroup::new(EcGroupId::SecP256R1)?, tmp_priv)?;
let mut tmp_key = Pk::private_from_ec_components(
&mut ctr_drbg,
EcGroup::new(EcGroupId::SecP256R1)?,
tmp_priv,
)?;

let mut builder = x509::csr::Builder::new();
builder.key(&mut tmp_key);
Expand Down Expand Up @@ -132,12 +141,16 @@ impl CryptoKeyPair for KeyPair {
}

fn derive_secret(self, peer_pub_key: &[u8], secret: &mut [u8]) -> Result<usize, Error> {
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
// mbedtls requires a 'mut' key. Instead of making a change in our Trait,
// we just clone the key this way

let tmp_key = self.key.ec_private()?;
let mut tmp_key =
Pk::private_from_ec_components(EcGroup::new(EcGroupId::SecP256R1)?, tmp_key)?;
let mut tmp_key = Pk::private_from_ec_components(
&mut ctr_drbg,
EcGroup::new(EcGroupId::SecP256R1)?,
tmp_key,
)?;

let group = EcGroup::new(EcGroupId::SecP256R1)?;
let other = EcPoint::from_binary(&group, peer_pub_key)?;
Expand All @@ -150,11 +163,15 @@ impl CryptoKeyPair for KeyPair {
}

fn sign_msg(&self, msg: &[u8], signature: &mut [u8]) -> Result<usize, Error> {
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
// mbedtls requires a 'mut' key. Instead of making a change in our Trait,
// we just clone the key this way
let tmp_key = self.key.ec_private()?;
let mut tmp_key =
Pk::private_from_ec_components(EcGroup::new(EcGroupId::SecP256R1)?, tmp_key)?;
let mut tmp_key = Pk::private_from_ec_components(
&mut ctr_drbg,
EcGroup::new(EcGroupId::SecP256R1)?,
tmp_key,
)?;

// First get the SHA256 of the message
let mut msg_hash = [0_u8; super::SHA256_HASH_LEN_BYTES];
Expand Down Expand Up @@ -286,18 +303,16 @@ pub fn encrypt_in_place(
nonce: &[u8],
ad: &[u8],
data: &mut [u8],
data_len: usize,
_: usize,
) -> Result<usize, Error> {
let cipher = Cipher::<_, Authenticated, _>::new(
mbedtls::cipher::raw::CipherId::Aes,
mbedtls::cipher::raw::CipherMode::CCM,
(key.len() * 8) as u32,
)?;
let cipher = cipher.set_key_iv(key, nonce)?;
let (data, tag) = data.split_at_mut(data_len);
let tag = &mut tag[..super::AEAD_MIC_LEN_BYTES];
cipher
.encrypt_auth_inplace(ad, data, tag)
.encrypt_auth_inplace(ad, data, super::AEAD_MIC_LEN_BYTES)
.map(|(len, _)| len)
.map_err(|_e| Error::TLSStack)
}
Expand All @@ -314,10 +329,8 @@ pub fn decrypt_in_place(
(key.len() * 8) as u32,
)?;
let cipher = cipher.set_key_iv(key, nonce)?;
let data_len = data.len() - super::AEAD_MIC_LEN_BYTES;
let (data, tag) = data.split_at_mut(data_len);
cipher
.decrypt_auth_inplace(ad, data, tag)
.decrypt_auth_inplace(ad, data, super::AEAD_MIC_LEN_BYTES)
.map(|(len, _)| len)
.map_err(|e| {
error!("Error during decryption: {:?}", e);
Expand Down
9 changes: 7 additions & 2 deletions matter/src/secure_channel/crypto_mbedtls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,11 @@ impl CryptoSpake2 for CryptoMbedTLS {
// where P is the generator of the underlying elliptic curve
self.set_w1_from_w1s(w1s)?;
// TODO: rust-mbedtls doesn't yet accept the DRBG parameter
self.L = self.group.generator()?.mul(&mut self.group, &self.w1)?;
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
self.L = self
.group
.generator()?
.mul(&mut self.group, &self.w1, &mut ctr_drbg)?;
Ok(())
}

Expand Down Expand Up @@ -287,7 +291,8 @@ impl CryptoMbedTLS {
let Z = EcPoint::muladd(group, X, y, &inverted_M, &tmp)?;
// Cofactor for P256 is 1, so that is a No-Op

let V = L.mul(group, y)?;
let mut ctr_drbg = CtrDrbg::new(Arc::new(OsEntropy::new()), None)?;
let V = L.mul(group, y, &mut ctr_drbg)?;
Ok((Z, V))
}

Expand Down

0 comments on commit 42fbed2

Please sign in to comment.