remove usage of secp192[k|r]1 curves

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

include/mbedtls/ssl.h

@@ -229,8 +229,6 @@
 
 /* Elliptic Curve Groups (ECDHE) */
 #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE               0
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1     0x0012
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1     0x0013
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1     0x0016
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1     0x0017
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1     0x0018

library/ssl_misc.h

@@ -2243,8 +2243,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448      ||
            /* Below deprecated curves should be removed with notice to users */
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||

library/ssl_tls.c

@@ -5893,12 +5893,6 @@ static const struct {
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
     { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-    { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-    { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
-#endif
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)
     { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
 #endif
@@ -5963,8 +5957,6 @@ static const struct {
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" },
     { 0, NULL },

programs/ssl/ssl_test_lib.c

@@ -505,16 +505,6 @@ static const struct {
 #else
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
 #endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
-#else
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
-#else
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
-#endif
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
     { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
 #else

tests/scripts/depends.py

@@ -262,12 +262,10 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
     'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
     'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
-    'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
                                  'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
-    'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
     'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
 
     'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',

tests/scripts/set_psa_test_dependencies.py

@@ -27,11 +27,9 @@ CLASSIC_DEPENDENCIES = frozenset([
     'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS',
     'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN',
     'MBEDTLS_CIPHER_PADDING_ZEROS',
-    #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
-    #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED',

tests/ssl-opt.sh

@@ -2659,10 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256
 run_test_psa_force_curve "secp256k1"
 requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
 run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled PSA_WANT_ECC_SECP_R1_192
-run_test_psa_force_curve "secp192r1"
-requires_config_enabled PSA_WANT_ECC_SECP_K1_192
-run_test_psa_force_curve "secp192k1"
 
 # Test current time in ServerHello
 requires_config_enabled MBEDTLS_HAVE_TIME

tests/suites/test_suite_ssl.function

@@ -3537,8 +3537,7 @@ exit:
 /* BEGIN_CASE */
 void conf_group()
 {
-    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
-                                       MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
 
     mbedtls_ssl_config conf;
@@ -4049,16 +4048,6 @@ void elliptic_curve_get_properties()
 #else
     TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-    TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
-#else
-    TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-    TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
-#else
-    TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
-#endif
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)
     TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
 #else