ssl_test_lib: manage FFDH keys the same way as ECC ones

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-07-03 14:26:04 +02:00
parent ee3a4d0d38
commit deb676442d

View file

@ -451,65 +451,6 @@ void test_hooks_free(void)
#endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
/* Finite Field Group Names (DHE) */
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048"
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072"
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096"
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144"
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192"
static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name)
{
if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048;
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072;
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096;
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144;
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192) == 0) {
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
}
return 0;
}
static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void)
{
static const uint16_t ffdh_groups[] = {
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192,
0
};
return ffdh_groups;
}
static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group)
{
switch (group) {
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144;
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192;
default:
return NULL;
}
return NULL;
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
static const struct { static const struct {
uint16_t tls_id; uint16_t tls_id;
const char *name; const char *name;
@ -517,70 +458,84 @@ static const struct {
} tls_id_curve_name_table[] = } tls_id_curve_name_table[] =
{ {
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
{ 25, "secp521r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
#else #else
{ 25, "secp521r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
{ 28, "brainpoolP512r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
#else #else
{ 28, "brainpoolP512r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
{ 24, "secp384r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
#else #else
{ 24, "secp384r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
{ 27, "brainpoolP384r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
#else #else
{ 27, "brainpoolP384r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
{ 23, "secp256r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
#else #else
{ 23, "secp256r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
{ 22, "secp256k1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
#else #else
{ 22, "secp256k1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{ 26, "brainpoolP256r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
#else #else
{ 26, "brainpoolP256r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
{ 21, "secp224r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
#else #else
{ 21, "secp224r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
{ 20, "secp224k1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
#else #else
{ 20, "secp224k1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
{ 19, "secp192r1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
#else #else
{ 19, "secp192r1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
{ 18, "secp192k1", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
#else #else
{ 18, "secp192k1", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
{ 29, "x25519", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
#else #else
{ 29, "x25519", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
#endif #endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
{ 30, "x448", 1 }, { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
#else #else
{ 30, "x448", 0 }, { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
#endif #endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
#else
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 },
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 },
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
{ 0, NULL, 0 }, { 0, NULL, 0 },
}; };
@ -632,12 +587,8 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
} else if (strcmp(p, "default") != 0) { } else if (strcmp(p, "default") != 0) {
/* Leave room for a final NULL in group list */ /* Leave room for a final NULL in group list */
while (i < group_list_len - 1 && *p != '\0') { while (i < group_list_len - 1 && *p != '\0') {
q = p;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
uint16_t ffdh_group = 0;
#endif
uint16_t curve_tls_id; uint16_t curve_tls_id;
q = p;
/* Terminate the current string */ /* Terminate the current string */
while (*p != ',' && *p != '\0') { while (*p != ',' && *p != '\0') {
@ -649,14 +600,7 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) {
group_list[i++] = curve_tls_id; group_list[i++] = curve_tls_id;
} else } else {
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
group_list[i++] = ffdh_group;
} else
#endif
{
mbedtls_printf("unknown curve %s\n", q); mbedtls_printf("unknown curve %s\n", q);
mbedtls_printf("supported curves: "); mbedtls_printf("supported curves: ");
const char **supported_curves = mbedtls_ssl_get_supported_curves_list(); const char **supported_curves = mbedtls_ssl_get_supported_curves_list();
@ -666,15 +610,6 @@ int parse_curves(const char *curves, uint16_t *group_list, size_t group_list_len
mbedtls_printf("%s ", supported_curves[index]); mbedtls_printf("%s ", supported_curves[index]);
} }
mbedtls_free((char *) supported_curves); mbedtls_free((char *) supported_curves);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_FFDH)
const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
while (*supported_ffdh_group != 0) {
mbedtls_printf("%s ",
mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
supported_ffdh_group++;
}
#endif
mbedtls_printf("\n"); mbedtls_printf("\n");
return -1; return -1;
} }