From 887f823deb88224e3a467c9a1b688f6384aac895 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jun 2023 17:16:33 +0200 Subject: [PATCH 01/12] test: re-enable TLS and key exchanges in no_ecp_at_all component Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ef741e7780..e6c615409d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2435,15 +2435,6 @@ config_psa_crypto_no_ecp_at_all () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - # keep excluding TLS and key exchanges (this will be removed in #7749) - # Note: key exchanges are not explicitly disabled here because they are - # auto-disabled in build_info.h as long as the following symbols - # are not enabled. - scripts/config.py unset MBEDTLS_SSL_TLS_C - scripts/config.py unset MBEDTLS_SSL_PROTO_DTLS - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_2 - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # enable support for drivers and configuring PSA-only algorithms scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG if [ "$DRIVER_ONLY" -eq 1 ]; then @@ -2472,7 +2463,7 @@ config_psa_crypto_no_ecp_at_all () { # # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP" + msg "build: full + accelerated EC algs + USE_PSA - ECP" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2511,7 +2502,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Run the tests # ------------- - msg "test: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP" + msg "test: full + accelerated EC algs + USE_PSA - ECP" make test } @@ -2519,13 +2510,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). # Keep in sync with its accelerated counterpart. component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE" + msg "build: full + non accelerated EC algs + USE_PSA" config_psa_crypto_no_ecp_at_all 0 make - msg "test: crypto_full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE" + msg "test: crypto_full + non accelerated EC algs + USE_PSA" make test } From 49e6907b5b477cfd879bcda3e443b54a03fb840d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jun 2023 17:27:51 +0200 Subject: [PATCH 02/12] tls: replace ECP_LIGHT occurrencies with PK_HAVE_ECC_KEYS Up to this point "make test" runs successfully. "ssl-opt" has not been tested yet. Signed-off-by: Valerio Setti --- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cc893b4c62..3346905c1a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1565,10 +1565,10 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /** * \brief Return PSA EC info for the specified TLS ID. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b97d4eecf5..e283ef3c75 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5544,7 +5544,7 @@ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_ return -1; } -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id. */ @@ -5558,7 +5558,7 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id return mbedtls_ssl_check_curve_tls_id(ssl, tls_id); } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_DEBUG_C) #define EC_NAME(_name_) _name_ From 16b70f2b1aa9fdafa002ba683c3e95ebae482940 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jun 2023 17:45:49 +0200 Subject: [PATCH 03/12] test: enabled ssl-opt testing in no_ecp_at_all components Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e6c615409d..bad6bfffb5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2504,6 +2504,9 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { msg "test: full + accelerated EC algs + USE_PSA - ECP" make test + + msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP" + tests/ssl-opt.sh } # Reference function used for driver's coverage analysis in analyze_outcomes.py @@ -2518,6 +2521,9 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { msg "test: crypto_full + non accelerated EC algs + USE_PSA" make test + + msg "ssl-opt: crypto_full + non accelerated EC algs + USE_PSA" + tests/ssl-opt.sh } # Helper function used in: From 0085c2e486bb824631ad748752dd9ea04deb3ba2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Jun 2023 10:17:44 +0200 Subject: [PATCH 04/12] test: fix message's text Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bad6bfffb5..1e88cef6fe 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2519,10 +2519,10 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { make - msg "test: crypto_full + non accelerated EC algs + USE_PSA" + msg "test: full + non accelerated EC algs + USE_PSA" make test - msg "ssl-opt: crypto_full + non accelerated EC algs + USE_PSA" + msg "ssl-opt: full + non accelerated EC algs + USE_PSA" tests/ssl-opt.sh } From acd32c005fc52889ddbe679b89fb9d2d0ab52884 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 29 Jun 2023 18:06:29 +0200 Subject: [PATCH 05/12] programs: add helper functions for supported EC curves - get full list, or - get TLS ID from name Signed-off-by: Valerio Setti --- library/ssl_tls.c | 66 ++++++++++------- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 4 +- programs/ssl/ssl_test_lib.c | 142 ++++++++++++++++++++++++++++++++---- 4 files changed, 170 insertions(+), 46 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e283ef3c75..2cd17b6e8a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5560,60 +5560,53 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_DEBUG_C) -#define EC_NAME(_name_) _name_ -#else -#define EC_NAME(_name_) NULL -#endif - static const struct { uint16_t tls_id; mbedtls_ecp_group_id ecp_group_id; psa_ecc_family_t psa_family; uint16_t bits; - const char *name; } tls_id_match_table[] = { #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) - { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, EC_NAME("secp521r1") }, + { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 }, #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, EC_NAME("brainpoolP512r1") }, + { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 }, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) - { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, EC_NAME("secp384r1") }, + { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 }, #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, EC_NAME("brainpoolP384r1") }, + { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) - { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, EC_NAME("secp256r1") }, + { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) - { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, EC_NAME("secp256k1") }, + { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 }, #endif #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, EC_NAME("brainpoolP256r1") }, + { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, EC_NAME("secp224r1") }, + { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) - { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, EC_NAME("secp224k1") }, + { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, EC_NAME("secp192r1") }, + { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, EC_NAME("secp192k1") }, + { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) - { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255, EC_NAME("x25519") }, + { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) - { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, EC_NAME("x448") }, + { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 }, #endif - { 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, + { 0, MBEDTLS_ECP_DP_NONE, 0, 0 }, }; int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, @@ -5659,11 +5652,32 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) +static const struct { + uint16_t tls_id; + const char *name; +} tls_id_curve_name_table[] = +{ + { 25, "secp521r1" }, + { 28, "brainpoolP512r1" }, + { 24, "secp384r1" }, + { 27, "brainpoolP384r1" }, + { 23, "secp256r1" }, + { 22, "secp256k1" }, + { 26, "brainpoolP256r1" }, + { 21, "secp224r1" }, + { 20, "secp224k1" }, + { 19, "secp192r1" }, + { 18, "secp192k1" }, + { 29, "x25519" }, + { 30, "x448" }, + { 0, NULL }, +}; + const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { - for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { - if (tls_id_match_table[i].tls_id == tls_id) { - return tls_id_match_table[i].name; + for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { + if (tls_id_curve_name_table[i].tls_id == tls_id) { + return tls_id_curve_name_table[i].name; } } @@ -7344,7 +7358,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, * Secondary checks: always done, but change 'ret' only if it was 0 */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) { const mbedtls_pk_context *pk = &chain->pk; @@ -7371,7 +7385,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, } } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (mbedtls_ssl_check_cert_usage(chain, ciphersuite_info, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c7124cdc27..7c2c818d81 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -261,7 +261,7 @@ int main(void) #define USAGE_ALPN "" #endif /* MBEDTLS_SSL_ALPN */ -#if defined(MBEDTLS_ECP_LIGHT) || \ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) #define USAGE_GROUPS \ @@ -1901,7 +1901,7 @@ usage: } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_LIGHT) || \ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) if (opt.groups != NULL && diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 474f2d92e7..58c2f1eff4 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -446,7 +446,7 @@ int main(void) #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ -#if defined(MBEDTLS_ECP_LIGHT) || \ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) #define USAGE_GROUPS \ @@ -3095,7 +3095,7 @@ usage: } #endif -#if defined(MBEDTLS_ECP_LIGHT) || \ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) if (opt.groups != NULL && diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 2ce4f1aa2b..57bfdf8128 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -30,6 +30,8 @@ #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) +#define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0])) + void my_debug(void *ctx, int level, const char *file, int line, const char *str) @@ -508,7 +510,118 @@ static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ -int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len) +static const struct { + uint16_t tls_id; + const char *name; + uint8_t is_supported; +} tls_id_curve_name_table[] = +{ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) + { 25, "secp521r1", 1 }, +#else + { 25, "secp521r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + { 28, "brainpoolP512r1", 1 }, +#else + { 28, "brainpoolP512r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) + { 24, "secp384r1", 1 }, +#else + { 24, "secp384r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + { 27, "brainpoolP384r1", 1 }, +#else + { 27, "brainpoolP384r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) + { 23, "secp256r1", 1 }, +#else + { 23, "secp256r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) + { 22, "secp256k1", 1 }, +#else + { 22, "secp256k1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + { 26, "brainpoolP256r1", 1 }, +#else + { 26, "brainpoolP256r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) + { 21, "secp224r1", 1 }, +#else + { 21, "secp224r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) + { 20, "secp224k1", 1 }, +#else + { 20, "secp224k1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) + { 19, "secp192r1", 1 }, +#else + { 19, "secp192r1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) + { 18, "secp192k1", 1 }, +#else + { 18, "secp192k1", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) + { 29, "x25519", 1 }, +#else + { 29, "x25519", 0 }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) + { 30, "x448", 1 }, +#else + { 30, "x448", 0 }, +#endif + { 0, NULL, 0 }, +}; + +static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) +{ + if (name == NULL) { + return 0; + } + + for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { + if (strcmp(tls_id_curve_name_table[i].name, name) == 0) { + return tls_id_curve_name_table[i].tls_id; + } + } + + return 0; +} + +static const char **mbedtls_ssl_get_supported_curves_list(void) +{ + const char **supported_list = NULL; + int i = 0, j = 0; + + /* The allocated area might be bigger than strictly required (because not + * all the curves might be supported), but it is enough to contain all the + * pointers when all curves are enabled. */ + supported_list = mbedtls_calloc(ARRAY_LENGTH(tls_id_curve_name_table), + sizeof(char *)); + for (i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { + if (tls_id_curve_name_table[i].is_supported == 1) { + supported_list[j] = tls_id_curve_name_table[i].name; + j++; + } + } + // Keep NULL as last element as guard for end-of-array. + supported_list[j] = NULL; + + return supported_list; +} + +int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) { char *p = (char *) groups; char *q = NULL; @@ -524,9 +637,8 @@ int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len defined(PSA_WANT_ALG_FFDH) uint16_t ffdh_group = 0; #endif -#if defined(MBEDTLS_ECP_LIGHT) - const mbedtls_ecp_curve_info *curve_cur = NULL; -#endif + uint16_t curve_tls_id; + /* Terminate the current string */ while (*p != ',' && *p != '\0') { p++; @@ -535,11 +647,9 @@ int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len *p++ = '\0'; } -#if defined(MBEDTLS_ECP_LIGHT) - if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) { - group_list[i++] = curve_cur->tls_id; + if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { + group_list[i++] = curve_tls_id; } else -#endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH) if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { @@ -547,15 +657,15 @@ int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len } else #endif { - mbedtls_printf("unknown group %s\n", q); - mbedtls_printf("supported groups: "); -#if defined(MBEDTLS_ECP_LIGHT) - for (curve_cur = mbedtls_ecp_curve_list(); - curve_cur->grp_id != MBEDTLS_ECP_DP_NONE; - curve_cur++) { - mbedtls_printf("%s ", curve_cur->name); + mbedtls_printf("unknown curve %s\n", q); + mbedtls_printf("supported curves: "); + const char **supported_curves = mbedtls_ssl_get_supported_curves_list(); + for (int index = 0; + supported_curves[index] != NULL; + index++) { + mbedtls_printf("%s ", supported_curves[index]); } -#endif + mbedtls_free((char *) supported_curves); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH) const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); From 6f0441d11ebf64da2426e6c92e141bc189242b83 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Jul 2023 12:11:36 +0200 Subject: [PATCH 06/12] tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 6 ++-- library/ssl_tls.c | 18 ++++++------ tests/suites/test_suite_ssl.data | 42 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 8 +++--- 4 files changed, 37 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b73b41a1d..07db577267 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1486,7 +1486,7 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ #endif @@ -3621,7 +3621,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen); #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Set the allowed curves in order of preference. @@ -3667,7 +3667,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves); #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /** * \brief Set the allowed groups in order of preference. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2cd17b6e8a..7acbbd9c65 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1150,7 +1150,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) * mbedtls_ssl_conf_curves returns void and so can't return * any error codes. */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* Heap allocate and translate curve_list from internal to IANA group ids */ if (ssl->conf->curve_list != NULL) { @@ -1185,7 +1185,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) ssl->handshake->group_list_heap_allocated = 0; } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -2924,7 +2924,7 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Set the allowed elliptic curves @@ -2941,7 +2941,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, conf->group_list = NULL; } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* * Set the allowed groups @@ -2949,7 +2949,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *group_list) { -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = group_list; @@ -4084,14 +4084,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) return; } -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if !defined(MBEDTLS_DEPRECATED_REMOVED) if (ssl->handshake->group_list_heap_allocated) { mbedtls_free((void *) handshake->group_list); } handshake->group_list = NULL; #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -5326,7 +5326,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = ssl_preset_suiteb_groups; @@ -5352,7 +5352,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED) conf->curve_list = NULL; #endif conf->group_list = ssl_preset_default_groups; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index bb2922b438..361c1606a7 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -437,87 +437,87 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d3eecced1c..44a275d8e8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2574,7 +2574,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) { enum { BUFFSIZE = 1024 }; @@ -2647,7 +2647,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) @@ -2768,7 +2768,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) @@ -3054,7 +3054,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECP_LIGHT:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ void conf_curve() { From ee3a4d0d38432b5852cab9c6bb45a1cc7762428a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Jul 2023 12:14:25 +0200 Subject: [PATCH 07/12] debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- tests/suites/test_suite_debug.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 8c079c5b08..20890c4c3c 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -63,5 +63,5 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" From deb676442df89558909e9a0d3805d3cd71433fbf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Jul 2023 14:26:04 +0200 Subject: [PATCH 08/12] ssl_test_lib: manage FFDH keys the same way as ECC ones Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 149 ++++++++++-------------------------- 1 file changed, 42 insertions(+), 107 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 57bfdf8128..42336f1f66 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -451,65 +451,6 @@ void test_hooks_free(void) #endif /* MBEDTLS_TEST_HOOKS */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - -/* Finite Field Group Names (DHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192" - -static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) -{ - if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; - } - return 0; -} - -static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) -{ - static const uint16_t ffdh_groups[] = { - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, - 0 - }; - return ffdh_groups; -} - -static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) -{ - switch (group) { - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192; - default: - return NULL; - } - return NULL; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ - static const struct { uint16_t tls_id; const char *name; @@ -517,70 +458,84 @@ static const struct { } tls_id_curve_name_table[] = { #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) - { 25, "secp521r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, #else - { 25, "secp521r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { 28, "brainpoolP512r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, #else - { 28, "brainpoolP512r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) - { 24, "secp384r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, #else - { 24, "secp384r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { 27, "brainpoolP384r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, #else - { 27, "brainpoolP384r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) - { 23, "secp256r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, #else - { 23, "secp256r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) - { 22, "secp256k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, #else - { 22, "secp256k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { 26, "brainpoolP256r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, #else - { 26, "brainpoolP256r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { 21, "secp224r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 }, #else - { 21, "secp224r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) - { 20, "secp224k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 }, #else - { 20, "secp224k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { 19, "secp192r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, #else - { 19, "secp192r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { 18, "secp192k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 }, #else - { 18, "secp192k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) - { 29, "x25519", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else - { 29, "x25519", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) - { 30, "x448", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, #else - { 30, "x448", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, #endif +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, +#else + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 }, +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ { 0, NULL, 0 }, }; @@ -632,12 +587,8 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len } else if (strcmp(p, "default") != 0) { /* Leave room for a final NULL in group list */ while (i < group_list_len - 1 && *p != '\0') { - q = p; -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - uint16_t ffdh_group = 0; -#endif uint16_t curve_tls_id; + q = p; /* Terminate the current string */ while (*p != ',' && *p != '\0') { @@ -649,14 +600,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { group_list[i++] = curve_tls_id; - } else -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { - group_list[i++] = ffdh_group; - } else -#endif - { + } else { mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("supported curves: "); const char **supported_curves = mbedtls_ssl_get_supported_curves_list(); @@ -666,15 +610,6 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len mbedtls_printf("%s ", supported_curves[index]); } mbedtls_free((char *) supported_curves); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); - while (*supported_ffdh_group != 0) { - mbedtls_printf("%s ", - mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group)); - supported_ffdh_group++; - } -#endif mbedtls_printf("\n"); return -1; } From fb6356f003897c0523449f5d3ee0abe24f458e43 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Jul 2023 17:55:48 +0200 Subject: [PATCH 09/12] ssl_test_lib: simplify function which prints supported curves Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 42336f1f66..5f281fa182 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -554,26 +554,13 @@ static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) return 0; } -static const char **mbedtls_ssl_get_supported_curves_list(void) +static void mbedtls_ssl_print_supported_curves_list(void) { - const char **supported_list = NULL; - int i = 0, j = 0; - - /* The allocated area might be bigger than strictly required (because not - * all the curves might be supported), but it is enough to contain all the - * pointers when all curves are enabled. */ - supported_list = mbedtls_calloc(ARRAY_LENGTH(tls_id_curve_name_table), - sizeof(char *)); - for (i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { + for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { if (tls_id_curve_name_table[i].is_supported == 1) { - supported_list[j] = tls_id_curve_name_table[i].name; - j++; + mbedtls_printf("%s ", tls_id_curve_name_table[i].name); } } - // Keep NULL as last element as guard for end-of-array. - supported_list[j] = NULL; - - return supported_list; } int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) @@ -603,13 +590,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len } else { mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("supported curves: "); - const char **supported_curves = mbedtls_ssl_get_supported_curves_list(); - for (int index = 0; - supported_curves[index] != NULL; - index++) { - mbedtls_printf("%s ", supported_curves[index]); - } - mbedtls_free((char *) supported_curves); + mbedtls_ssl_print_supported_curves_list(); mbedtls_printf("\n"); return -1; } From 54e23792c80af76cf6417e511db4cffbfec8a431 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 10:49:27 +0200 Subject: [PATCH 10/12] tls: replace numeric values with proper TLS IANA symbols Signed-off-by: Valerio Setti --- library/ssl_tls.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7acbbd9c65..4cb5934667 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5657,19 +5657,19 @@ static const struct { const char *name; } tls_id_curve_name_table[] = { - { 25, "secp521r1" }, - { 28, "brainpoolP512r1" }, - { 24, "secp384r1" }, - { 27, "brainpoolP384r1" }, - { 23, "secp256r1" }, - { 22, "secp256k1" }, - { 26, "brainpoolP256r1" }, - { 21, "secp224r1" }, - { 20, "secp224k1" }, - { 19, "secp192r1" }, - { 18, "secp192k1" }, - { 29, "x25519" }, - { 30, "x448" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, { 0, NULL }, }; From 5bdebb20046d8619f6fe7f8efb15ccd70e2164c7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Jul 2023 10:52:18 +0200 Subject: [PATCH 11/12] ssl_test_lib: fix variable naming for curve group Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 5f281fa182..b4ad17d224 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -455,7 +455,7 @@ static const struct { uint16_t tls_id; const char *name; uint8_t is_supported; -} tls_id_curve_name_table[] = +} tls_id_group_name_table[] = { #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, @@ -545,9 +545,9 @@ static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) return 0; } - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (strcmp(tls_id_curve_name_table[i].name, name) == 0) { - return tls_id_curve_name_table[i].tls_id; + for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { + if (strcmp(tls_id_group_name_table[i].name, name) == 0) { + return tls_id_group_name_table[i].tls_id; } } @@ -556,9 +556,9 @@ static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) static void mbedtls_ssl_print_supported_curves_list(void) { - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (tls_id_curve_name_table[i].is_supported == 1) { - mbedtls_printf("%s ", tls_id_curve_name_table[i].name); + for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { + if (tls_id_group_name_table[i].is_supported == 1) { + mbedtls_printf("%s ", tls_id_group_name_table[i].name); } } } From dda0019e2e3397667d8eac54c81eb11c060a0474 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 10:22:51 +0200 Subject: [PATCH 12/12] ssl_test_lib: fix rebase error Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index b4ad17d224..aea056b686 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -554,7 +554,7 @@ static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) return 0; } -static void mbedtls_ssl_print_supported_curves_list(void) +static void mbedtls_ssl_print_supported_groups_list(void) { for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { if (tls_id_group_name_table[i].is_supported == 1) { @@ -563,7 +563,7 @@ static void mbedtls_ssl_print_supported_curves_list(void) } } -int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len) +int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len) { char *p = (char *) groups; char *q = NULL; @@ -588,9 +588,9 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { group_list[i++] = curve_tls_id; } else { - mbedtls_printf("unknown curve %s\n", q); - mbedtls_printf("supported curves: "); - mbedtls_ssl_print_supported_curves_list(); + mbedtls_printf("unknown group %s\n", q); + mbedtls_printf("supported groups: "); + mbedtls_ssl_print_supported_groups_list(); mbedtls_printf("\n"); return -1; }