yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adapt guards, dependencies + optimizations

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-05-31 15:25:11 +02:00
parent e7db09bede
commit 316c19ef93
5 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog.d/ffdh-tls-1-3.txt
View file

@ -1,2 +1,2 @@
Features Features
* Add usage of FFDH keys in TLS 1.3. * Add support for FFDH key exchange in TLS 1.3.

11
library/ssl_client.c
View file

@ -185,7 +185,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH)
/* /*
* Function for writing a supported groups (TLS 1.3) or supported elliptic * Function for writing a supported groups (TLS 1.3) or supported elliptic
* curves (TLS 1.2) extension. * curves (TLS 1.2) extension.
@ -274,6 +274,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
*group_list)); *group_list));
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_LIGHT */
#if defined(PSA_WANT_ALG_FFDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) { mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
const char *ffdh_group = NULL; const char *ffdh_group = NULL;
@ -308,6 +309,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
ffdh_group, *group_list)); ffdh_group, *group_list));
} }
#endif /* PSA_WANT_ALG_FFDH */
} }
/* Length of named_group_list */ /* Length of named_group_list */
@ -337,7 +339,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_hello_cipher_suites( static int ssl_write_client_hello_cipher_suites(
@ -629,7 +631,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
#endif #endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH)
if ( if (
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
(propose_tls13 && (propose_tls13 &&
@ -645,7 +647,8 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
} }
p += output_len; p += output_len;
} }
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if ( if (

2
library/ssl_tls.c
View file

@ -4949,7 +4949,7 @@ static uint16_t ssl_preset_default_groups[] = {
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif #endif
#if defined(MBEDTLS_DHM_C) #if defined(PSA_WANT_ALG_FFDH)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096,

2
programs/ssl/ssl_client2.c
View file

@ -25,8 +25,6 @@
#include "test/psa_crypto_helpers.h" #include "test/psa_crypto_helpers.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#include "mbedtls/dhm.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
int main(void) int main(void)
{ {

7
tests/ssl-opt.sh
View file

@ -12353,6 +12353,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups (ffdhe2048)" \ run_test "TLS 1.3: Test ffdh groups (ffdhe2048)" \
"$P_SRV debug_level=5 force_version=tls13 curves=ffdhe2048" \ "$P_SRV debug_level=5 force_version=tls13 curves=ffdhe2048" \
"$P_CLI debug_level=5 force_version=tls13 curves=ffdhe2048" \ "$P_CLI debug_level=5 force_version=tls13 curves=ffdhe2048" \
@ -12367,6 +12368,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups (ffdhe3072)" \ run_test "TLS 1.3: Test ffdh groups (ffdhe3072)" \
"$P_SRV debug_level=4 force_version=tls13 curves=ffdhe3072" \ "$P_SRV debug_level=4 force_version=tls13 curves=ffdhe3072" \
"$P_CLI debug_level=4 force_version=tls13 curves=ffdhe3072" \ "$P_CLI debug_level=4 force_version=tls13 curves=ffdhe3072" \
@ -12381,6 +12383,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups (ffdhe4096)" \ run_test "TLS 1.3: Test ffdh groups (ffdhe4096)" \
"$P_SRV debug_level=4 force_version=tls13 curves=ffdhe4096" \ "$P_SRV debug_level=4 force_version=tls13 curves=ffdhe4096" \
"$P_CLI debug_level=4 force_version=tls13 curves=ffdhe4096" \ "$P_CLI debug_level=4 force_version=tls13 curves=ffdhe4096" \
@ -12395,6 +12398,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups (ffdhe6144)" \ run_test "TLS 1.3: Test ffdh groups (ffdhe6144)" \
"$P_SRV debug_level=4 force_version=tls13 curves=ffdhe6144" \ "$P_SRV debug_level=4 force_version=tls13 curves=ffdhe6144" \
"$P_CLI debug_level=4 force_version=tls13 curves=ffdhe6144" \ "$P_CLI debug_level=4 force_version=tls13 curves=ffdhe6144" \
@ -12409,6 +12413,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups (ffdhe8192)" \ run_test "TLS 1.3: Test ffdh groups (ffdhe8192)" \
"$P_SRV debug_level=4 force_version=tls13 curves=ffdhe8192" \ "$P_SRV debug_level=4 force_version=tls13 curves=ffdhe8192" \
"$P_CLI debug_level=4 force_version=tls13 curves=ffdhe8192" \ "$P_CLI debug_level=4 force_version=tls13 curves=ffdhe8192" \
@ -12423,6 +12428,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups - no match(server: ffdhe2048 client: secp384r1)" \ run_test "TLS 1.3: Test ffdh groups - no match(server: ffdhe2048 client: secp384r1)" \
"$P_SRV debug_level=4 force_version=tls13 curves=ffdhe2048" \ "$P_SRV debug_level=4 force_version=tls13 curves=ffdhe2048" \
"$P_CLI debug_level=4 force_version=tls13 curves=secp384r1" \ "$P_CLI debug_level=4 force_version=tls13 curves=secp384r1" \
@ -12436,6 +12442,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled PSA_WANT_ALG_FFDH requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Test ffdh groups - no match(server: secp384r1 client: ffdhe2048)" \ run_test "TLS 1.3: Test ffdh groups - no match(server: secp384r1 client: ffdhe2048)" \
"$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \
"$P_CLI debug_level=4 force_version=tls13 curves=ffdhe2048" \ "$P_CLI debug_level=4 force_version=tls13 curves=ffdhe2048" \