From deb676442df89558909e9a0d3805d3cd71433fbf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Jul 2023 14:26:04 +0200 Subject: [PATCH] ssl_test_lib: manage FFDH keys the same way as ECC ones Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 149 ++++++++++-------------------------- 1 file changed, 42 insertions(+), 107 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 57bfdf812..42336f1f6 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -451,65 +451,6 @@ void test_hooks_free(void) #endif /* MBEDTLS_TEST_HOOKS */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - -/* Finite Field Group Names (DHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144" -#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192" - -static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) -{ - if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144; - } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192) == 0) { - return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; - } - return 0; -} - -static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void) -{ - static const uint16_t ffdh_groups[] = { - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, - 0 - }; - return ffdh_groups; -} - -static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) -{ - switch (group) { - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144; - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192; - default: - return NULL; - } - return NULL; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ - static const struct { uint16_t tls_id; const char *name; @@ -517,70 +458,84 @@ static const struct { } tls_id_curve_name_table[] = { #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) - { 25, "secp521r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, #else - { 25, "secp521r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { 28, "brainpoolP512r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, #else - { 28, "brainpoolP512r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) - { 24, "secp384r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, #else - { 24, "secp384r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { 27, "brainpoolP384r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, #else - { 27, "brainpoolP384r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) - { 23, "secp256r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, #else - { 23, "secp256r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) - { 22, "secp256k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, #else - { 22, "secp256k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { 26, "brainpoolP256r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, #else - { 26, "brainpoolP256r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { 21, "secp224r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 }, #else - { 21, "secp224r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) - { 20, "secp224k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 }, #else - { 20, "secp224k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { 19, "secp192r1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, #else - { 19, "secp192r1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { 18, "secp192k1", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 }, #else - { 18, "secp192k1", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) - { 29, "x25519", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else - { 29, "x25519", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) - { 30, "x448", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, #else - { 30, "x448", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, #endif +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ + defined(PSA_WANT_ALG_FFDH) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, +#else + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 }, + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 }, +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ { 0, NULL, 0 }, }; @@ -632,12 +587,8 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len } else if (strcmp(p, "default") != 0) { /* Leave room for a final NULL in group list */ while (i < group_list_len - 1 && *p != '\0') { - q = p; -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - uint16_t ffdh_group = 0; -#endif uint16_t curve_tls_id; + q = p; /* Terminate the current string */ while (*p != ',' && *p != '\0') { @@ -649,14 +600,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { group_list[i++] = curve_tls_id; - } else -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) { - group_list[i++] = ffdh_group; - } else -#endif - { + } else { mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("supported curves: "); const char **supported_curves = mbedtls_ssl_get_supported_curves_list(); @@ -666,15 +610,6 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len mbedtls_printf("%s ", supported_curves[index]); } mbedtls_free((char *) supported_curves); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) - const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups(); - while (*supported_ffdh_group != 0) { - mbedtls_printf("%s ", - mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group)); - supported_ffdh_group++; - } -#endif mbedtls_printf("\n"); return -1; }