AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #4859 from brett-warren-arm/supported_groups

Browse Source 
Add mbedtls_ssl_conf_groups to API
This commit is contained in:
Manuel Pégourié-Gonnard 2021-11-02 10:49:09 +01:00 committed by GitHub
commit 0dbe1dfa1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 327 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/ecp.h
View File

@ -130,10 +130,8 @@ typedef enum
/**
* The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
*
* \note Montgomery curves are currently excluded.
*/
#define MBEDTLS_ECP_DP_MAX 12
#define MBEDTLS_ECP_DP_MAX 14
/*
* Curve types

6
include/mbedtls/platform_util.h
View File

@ -42,10 +42,6 @@ extern "C" {
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
* to avoid conflict with other headers which define and use
* it, too. We might want to move all these definitions here at
* some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
@ -53,8 +49,8 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
#define MBEDTLS_DEPRECATED
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */

83
include/mbedtls/ssl.h
View File

@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
#include "mbedtls/platform_util.h"
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
@ -187,18 +188,28 @@
* } NamedGroup;
*
*/
/* Elliptic Curve Groups (ECDHE) */
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 0x0017
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 0x0018
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 0x0019
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 0x001D
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 0x001E
#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B
#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C
#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D
#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E
/* Finite Field Groups (DHE) */
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 0x0100
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072 0x0101
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096 0x0102
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144 0x0103
#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 0x0104
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103
#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104
/*
* TLS 1.3 Key Exchange Modes
@ -1283,10 +1294,12 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
@ -3143,6 +3156,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
*
@ -3156,6 +3170,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
* \deprecated Superseeded by mbedtls_ssl_conf_groups().
*
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
* for that. For the end-entity certificate however, the key
@ -3182,10 +3198,51 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves );
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
/**
* \brief Set the allowed groups in order of preference.
*
* On server: This only affects the choice of key agreement mechanism
*
* On client: this affects the list of groups offered for any
* use. The server can override our preference order.
*
* Both sides: limits the set of groups accepted for use in
* key sharing.
*
* \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
* which only allows ECP curves to be configured.
*
* \note The most recent invocation of either mbedtls_ssl_conf_curves()
* or mbedtls_ssl_conf_groups() nullifies all previous invocations
* of both.
*
* \note This list should be ordered by decreasing preference
* (preferred group first).
*
* \note When this function is not called, a default list is used,
* consisting of all supported curves at 255 bits and above,
* and all supported finite fields at 2048 bits and above.
* The order favors groups with the lowest resource usage.
*
* \note New minor versions of Mbed TLS will not remove items
* from the default list unless serious security concerns require it.
* New minor versions of Mbed TLS may change the order in
* keeping with the general principle of favoring the lowest
* resource usage.
*
* \param conf SSL configuration
* \param groups List of allowed groups ordered by preference, terminated by 0.
* Must contain valid IANA NamedGroup IDs (provided via either an integer
* or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
*/
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
const uint16_t *groups );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.

32
library/ssl_cli.c
View File

@ -309,27 +309,32 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
const mbedtls_ecp_group_id *grp_id;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
*olen = 0;
/* Check there is room for header */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding supported_elliptic_curves extension" ) );
if( ssl->conf->curve_list == NULL )
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
for( ; *group_list != 0; group_list++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "invalid curve in ssl configuration" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
/* Check there is room for another curve */
MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
elliptic_curve_len += 2;
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
@ -344,19 +349,6 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
if( elliptic_curve_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
elliptic_curve_len = 0;
for( grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
}
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
p += 2;

42
library/ssl_misc.h
View File

@ -542,6 +542,11 @@ struct mbedtls_ssl_handshake_params
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
const uint16_t *group_list;
unsigned char group_list_heap_allocated;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
@ -1593,17 +1598,17 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
*/
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
{
return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
}
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
{
return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
}
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
@ -1672,4 +1677,27 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
size_t dst_len,
size_t *olen );
/*
* Return supported groups.
*
* In future, invocations can be changed to ssl->conf->group_list
* when mbedtls_ssl_conf_curves() is deleted.
*
* ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
* identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
* ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
*
*/
static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
return( ssl->conf->group_list );
#else
if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
return( ssl->handshake->group_list );
else
return( ssl->conf->group_list );
#endif
}
#endif /* ssl_misc.h */

8
library/ssl_srv.c
View File

@ -3036,14 +3036,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
const mbedtls_ecp_group_id *gid;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* Match our preference list against the offered curves */
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *group_list != 0; group_list++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
if( (*curve)->grp_id == *gid )
if( (*curve)->tls_id == *group_list )
goto curve_matching_done;
curve_matching_done:

127
library/ssl_tls.c
View File

@ -3073,6 +3073,52 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
}
#endif
/*
* curve_list is translated to IANA TLS group identifiers here because
* mbedtls_ssl_conf_curves returns void and so can't return
* any error codes.
*/
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* Heap allocate and translate curve_list from internal to IANA group ids */
if ( ssl->conf->curve_list != NULL )
{
size_t length;
const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
/* Leave room for zero termination */
uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
if ( group_list == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
for( size_t i = 0; i < length; i++ )
{
const mbedtls_ecp_curve_info *info =
mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
if ( info == NULL )
{
mbedtls_free( group_list );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
group_list[i] = info->tls_id;
}
group_list[length] = 0;
ssl->handshake->group_list = group_list;
ssl->handshake->group_list_heap_allocated = 1;
}
else
{
ssl->handshake->group_list = ssl->conf->group_list;
ssl->handshake->group_list_heap_allocated = 0;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
return( 0 );
}
@ -3928,16 +3974,36 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
*
* mbedtls_ssl_setup() takes the provided list
* and translates it to a list of IANA TLS group identifiers,
* stored in ssl->handshake->group_list.
*
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list )
{
conf->curve_list = curve_list;
conf->group_list = NULL;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
/*
* Set the allowed groups
*/
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
const uint16_t *group_list )
{
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = group_list;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
{
@ -5379,6 +5445,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
if( handshake == NULL )
return;
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if ( ssl->handshake->group_list_heap_allocated )
mbedtls_free( (void*) handshake->group_list );
handshake->group_list = NULL;
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
{
@ -6233,41 +6307,39 @@ static int ssl_preset_default_hashes[] = {
};
#endif
#if defined(MBEDTLS_ECP_C)
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_curves() for what we promise
* about this list.
*/
static mbedtls_ecp_group_id ssl_preset_default_curves[] = {
static uint16_t ssl_preset_default_groups[] = {
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
MBEDTLS_ECP_DP_CURVE25519,
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_ECP_DP_SECP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
MBEDTLS_ECP_DP_CURVE448,
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
MBEDTLS_ECP_DP_SECP521R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
MBEDTLS_ECP_DP_BP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
MBEDTLS_ECP_DP_BP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
MBEDTLS_ECP_DP_BP512R1,
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
MBEDTLS_ECP_DP_NONE
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
#endif
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@ -6314,17 +6386,15 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
#if defined(MBEDTLS_ECP_C)
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
static uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_ECP_DP_SECP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
MBEDTLS_ECP_DP_NONE
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
#endif
/*
* Load default in mbedtls_ssl_config
@ -6438,9 +6508,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
#if defined(MBEDTLS_ECP_C)
conf->curve_list = ssl_preset_suiteb_curves;
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = ssl_preset_suiteb_groups;
break;
/*
@ -6475,9 +6546,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
conf->curve_list = ssl_preset_default_curves;
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = ssl_preset_default_groups;
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
conf->dhm_min_bitlen = 1024;
@ -6701,14 +6773,17 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
const mbedtls_ecp_group_id *gid;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
if( ssl->conf->curve_list == NULL )
if( group_list == NULL )
return( -1 );
uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( *gid == grp_id )
for( ; *group_list != 0; group_list++ )
{
if( *group_list == tls_id )
return( 0 );
}
return( -1 );
}

36
library/ssl_tls13_client.c
View File

@ -137,36 +137,35 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
* 'elliptic_curves' and only contained elliptic curve groups.
*/
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
unsigned char *buf,
unsigned char *end,
size_t *olen )
{
unsigned char *p = buf;
*olen = 0;
if( ssl->conf->curve_list == NULL )
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
continue;
if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
continue;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 );
MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name,
info->tls_id ) );
info->name, *group_list ) );
}
*olen = p - buf;
@ -321,20 +320,19 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C)
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
/* Pick first available ECDHE group compatible with TLS 1.3 */
if( ssl->conf->curve_list == NULL )
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info != NULL &&
mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
{
*group_id = info->tls_id;
*group_id = *group_list;
return( 0 );
}
}

10
programs/ssl/ssl_client2.c
View File

@ -678,7 +678,7 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_ECP_C)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@ -1452,7 +1452,7 @@ int main( int argc, char *argv[] )
if( strcmp( p, "none" ) == 0 )
{
curve_list[0] = MBEDTLS_ECP_DP_NONE;
group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@ -1469,7 +1469,7 @@ int main( int argc, char *argv[] )
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
curve_list[i++] = curve_cur->grp_id;
group_list[i++] = curve_cur->tls_id;
}
else
{
@ -1495,7 +1495,7 @@ int main( int argc, char *argv[] )
goto exit;
}
curve_list[i] = MBEDTLS_ECP_DP_NONE;
group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@ -1889,7 +1889,7 @@ int main( int argc, char *argv[] )
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif

10
programs/ssl/ssl_server2.c
View File

@ -1340,7 +1340,7 @@ int main( int argc, char *argv[] )
sni_entry *sni_info = NULL;
#endif
#if defined(MBEDTLS_ECP_C)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info * curve_cur;
#endif
#if defined(MBEDTLS_SSL_ALPN)
@ -2196,7 +2196,7 @@ int main( int argc, char *argv[] )
if( strcmp( p, "none" ) == 0 )
{
curve_list[0] = MBEDTLS_ECP_DP_NONE;
group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@ -2213,7 +2213,7 @@ int main( int argc, char *argv[] )
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
curve_list[i++] = curve_cur->grp_id;
group_list[i++] = curve_cur->tls_id;
}
else
{
@ -2239,7 +2239,7 @@ int main( int argc, char *argv[] )
goto exit;
}
curve_list[i] = MBEDTLS_ECP_DP_NONE;
group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@ -2903,7 +2903,7 @@ int main( int argc, char *argv[] )
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif

6
tests/suites/test_suite_ssl.data
View File

@ -6229,3 +6229,9 @@ ssl_cf_memcpy_offset:0:255:32
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48
Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
conf_curve:
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:

69
tests/suites/test_suite_ssl.function
View File

@ -4881,3 +4881,72 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void conf_curve()
{
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
MBEDTLS_ECP_DP_SECP224R1,
MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
mbedtls_ssl_conf_curves( &conf, curve_list );
mbedtls_ssl_context ssl;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_setup( &ssl, &conf );
TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
void conf_group()
{
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
mbedtls_ssl_config conf;
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_conf_max_version( &conf, 3, 3 );
mbedtls_ssl_conf_min_version( &conf, 3, 3 );
mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
mbedtls_ssl_context ssl;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_setup( &ssl, &conf );
TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */