lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge pull request #6863 from valeriosetti/issue6830

Browse Source 
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
This commit is contained in:
Manuel Pégourié-Gonnard
2023-01-10 10:01:17 +01:00
committed by GitHub
parent 3368724ade a0b97bc803
commit 28d4d43416
11 changed files with 391 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
library/ssl_tls.c
View File

@ -1076,14 +1076,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
for( size_t i = 0; i < length; i++ )
{
const mbedtls_ecp_curve_info *info =
mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
if ( info == NULL )
uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
curve_list[i] );
if ( tls_id == 0 )
{
mbedtls_free( group_list );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
group_list[i] = info->tls_id;
group_list[i] = tls_id;
}
group_list[length] = 0;
@ -4065,7 +4065,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free( (void *) handshake->curves );
mbedtls_free( (void *) handshake->curves_tls_id );
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@ -5490,18 +5490,126 @@ int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
const mbedtls_ecp_curve_info *grp_info =
mbedtls_ecp_curve_info_from_grp_id( grp_id );
uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( grp_id );
if ( grp_info == NULL )
if ( tls_id == 0 )
return -1;
uint16_t tls_id = grp_info->tls_id;
return mbedtls_ssl_check_curve_tls_id( ssl, tls_id );
}
#endif /* MBEDTLS_ECP_C */
#if defined( MBEDTLS_DEBUG_C )
#define EC_NAME(_name_) _name_
#else
#define EC_NAME(_name_) NULL
#endif
static const struct {
uint16_t tls_id;
mbedtls_ecp_group_id ecp_group_id;
psa_ecc_family_t psa_family;
uint16_t bits;
const char* name;
} tls_id_match_table[] =
{
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, EC_NAME( "secp521r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, EC_NAME( "brainpoolP512r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, EC_NAME( "secp384r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, EC_NAME( "brainpoolP384r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, EC_NAME( "secp256r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, EC_NAME( "secp256k1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, EC_NAME( "brainpoolP256r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, EC_NAME( "secp224r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, EC_NAME( "secp224k1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, EC_NAME( "secp192r1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, EC_NAME( "secp192k1" ) },
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255, EC_NAME( "x25519" ) },
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, EC_NAME( "x448" ) },
#endif
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
int mbedtls_ssl_get_psa_curve_info_from_tls_id( uint16_t tls_id,
psa_ecc_family_t *family,
size_t* bits )
{
for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
{
if( tls_id_match_table[i].tls_id == tls_id )
{
if( family != NULL )
*family = tls_id_match_table[i].psa_family;
if( bits != NULL )
*bits = tls_id_match_table[i].bits;
return PSA_SUCCESS;
}
}
return PSA_ERROR_NOT_SUPPORTED;
}
mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id( uint16_t tls_id )
{
for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
{
if( tls_id_match_table[i].tls_id == tls_id )
return tls_id_match_table[i].ecp_group_id;
}
return MBEDTLS_ECP_DP_NONE;
}
uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id( mbedtls_ecp_group_id grp_id )
{
for( int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE;
i++ )
{
if( tls_id_match_table[i].ecp_group_id == grp_id )
return tls_id_match_table[i].tls_id;
}
return 0;
}
#if defined(MBEDTLS_DEBUG_C)
const char* mbedtls_ssl_get_curve_name_from_tls_id( uint16_t tls_id )
{
for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
{
if( tls_id_match_table[i].tls_id == tls_id )
return tls_id_match_table[i].name;
}
return NULL;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite,