diff options
-rw-r--r-- | include/mbedtls/ecp.h | 4 | ||||
-rw-r--r-- | include/mbedtls/platform_util.h | 6 | ||||
-rw-r--r-- | include/mbedtls/ssl.h | 83 | ||||
-rw-r--r-- | library/ssl_cli.c | 32 | ||||
-rw-r--r-- | library/ssl_misc.h | 42 | ||||
-rw-r--r-- | library/ssl_srv.c | 8 | ||||
-rw-r--r-- | library/ssl_tls.c | 127 | ||||
-rw-r--r-- | library/ssl_tls13_client.c | 36 | ||||
-rw-r--r-- | programs/ssl/ssl_client2.c | 10 | ||||
-rw-r--r-- | programs/ssl/ssl_server2.c | 10 | ||||
-rw-r--r-- | tests/suites/test_suite_ssl.data | 6 | ||||
-rw-r--r-- | tests/suites/test_suite_ssl.function | 69 |
12 files changed, 327 insertions, 106 deletions
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b2a2e32..5b26084 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -130,10 +130,8 @@ typedef enum /** * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE. - * - * \note Montgomery curves are currently excluded. */ -#define MBEDTLS_ECP_DP_MAX 12 +#define MBEDTLS_ECP_DP_MAX 14 /* * Curve types diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 36e3718..5d2fefc 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -42,10 +42,6 @@ extern "C" { /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) -/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here - * to avoid conflict with other headers which define and use - * it, too. We might want to move all these definitions here at - * some point for uniformity. */ #define MBEDTLS_DEPRECATED __attribute__((deprecated)) MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ @@ -53,8 +49,8 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) -#undef MBEDTLS_DEPRECATED #else /* MBEDTLS_DEPRECATED_WARNING */ +#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL #endif /* MBEDTLS_DEPRECATED_WARNING */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 288d9b3..5d04a11 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H +#include "mbedtls/platform_util.h" #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" @@ -187,18 +188,28 @@ * } NamedGroup; * */ + /* Elliptic Curve Groups (ECDHE) */ -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 0x0017 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 0x0018 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 0x0019 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 0x001D -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 0x001E +#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 +#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019 +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B +#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C +#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D +#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E /* Finite Field Groups (DHE) */ -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 0x0100 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072 0x0101 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096 0x0102 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144 0x0103 -#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 0x0104 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 +#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 /* * TLS 1.3 Key Exchange Modes @@ -1283,10 +1294,12 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ #endif + const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ + #if defined(MBEDTLS_DHM_C) mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ @@ -3143,6 +3156,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Set the allowed curves in order of preference. * @@ -3156,6 +3170,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * Both sides: limits the set of curves accepted for use in * ECDHE and in the peer's end-entity certificate. * + * \deprecated Superseeded by mbedtls_ssl_conf_groups(). + * * \note This has no influence on which curves are allowed inside the * certificate chains, see \c mbedtls_ssl_conf_cert_profile() * for that. For the end-entity certificate however, the key @@ -3182,10 +3198,51 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * \param curves Ordered list of allowed curves, * terminated by MBEDTLS_ECP_DP_NONE. */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves ); +void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curves ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +/** + * \brief Set the allowed groups in order of preference. + * + * On server: This only affects the choice of key agreement mechanism + * + * On client: this affects the list of groups offered for any + * use. The server can override our preference order. + * + * Both sides: limits the set of groups accepted for use in + * key sharing. + * + * \note This function replaces the deprecated mbedtls_ssl_conf_curves(), + * which only allows ECP curves to be configured. + * + * \note The most recent invocation of either mbedtls_ssl_conf_curves() + * or mbedtls_ssl_conf_groups() nullifies all previous invocations + * of both. + * + * \note This list should be ordered by decreasing preference + * (preferred group first). + * + * \note When this function is not called, a default list is used, + * consisting of all supported curves at 255 bits and above, + * and all supported finite fields at 2048 bits and above. + * The order favors groups with the lowest resource usage. + * + * \note New minor versions of Mbed TLS will not remove items + * from the default list unless serious security concerns require it. + * New minor versions of Mbed TLS may change the order in + * keeping with the general principle of favoring the lowest + * resource usage. + * + * \param conf SSL configuration + * \param groups List of allowed groups ordered by preference, terminated by 0. + * Must contain valid IANA NamedGroup IDs (provided via either an integer + * or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros). + */ +void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, + const uint16_t *groups ); + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /** * \brief Set the allowed hashes for signatures during the handshake. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9120aa2..9fc8041 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -309,27 +309,32 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; - const mbedtls_ecp_group_id *grp_id; - + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); *olen = 0; + /* Check there is room for header */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); - if( ssl->conf->curve_list == NULL ) + if( group_list == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) + for( ; *group_list != 0; group_list++ ) { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); if( info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } + + /* Check there is room for another curve */ + MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 ); + + MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len ); elliptic_curve_len += 2; if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) @@ -344,19 +349,6 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, if( elliptic_curve_len == 0 ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); - - elliptic_curve_len = 0; - - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); - elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id ); - elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id ); - } - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 ); p += 2; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dbef6aa..c7d966b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -542,6 +542,11 @@ struct mbedtls_ssl_handshake_params int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + const uint16_t *group_list; + unsigned char group_list_heap_allocated; +#endif + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ @@ -1593,17 +1598,17 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf */ static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group ) { - return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 || - named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 || - named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 || - named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 || - named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 ); + return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || + named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ); } static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group ) { - return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 && - named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 ); + return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && + named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 ); } static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, @@ -1672,4 +1677,27 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, size_t dst_len, size_t *olen ); +/* + * Return supported groups. + * + * In future, invocations can be changed to ssl->conf->group_list + * when mbedtls_ssl_conf_curves() is deleted. + * + * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group + * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to + * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. + * + */ +static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl ) +{ + #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) + return( ssl->conf->group_list ); + #else + if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) ) + return( ssl->handshake->group_list ); + else + return( ssl->conf->group_list ); + #endif +} + #endif /* ssl_misc.h */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e27fdff..881b1fd 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3036,14 +3036,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * } ServerECDHParams; */ const mbedtls_ecp_curve_info **curve = NULL; - const mbedtls_ecp_group_id *gid; + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* Match our preference list against the offered curves */ - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) + if( group_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( ; *group_list != 0; group_list++ ) for( curve = ssl->handshake->curves; *curve != NULL; curve++ ) - if( (*curve)->grp_id == *gid ) + if( (*curve)->tls_id == *group_list ) goto curve_matching_done; curve_matching_done: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c507950..d604f38 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3073,6 +3073,52 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) } #endif +/* + * curve_list is translated to IANA TLS group identifiers here because + * mbedtls_ssl_conf_curves returns void and so can't return + * any error codes. + */ +#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + /* Heap allocate and translate curve_list from internal to IANA group ids */ + if ( ssl->conf->curve_list != NULL ) + { + size_t length; + const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; + + for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) && + ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {} + + /* Leave room for zero termination */ + uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) ); + if ( group_list == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + for( size_t i = 0; i < length; i++ ) + { + const mbedtls_ecp_curve_info *info = + mbedtls_ecp_curve_info_from_grp_id( curve_list[i] ); + if ( info == NULL ) + { + mbedtls_free( group_list ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } + group_list[i] = info->tls_id; + } + + group_list[length] = 0; + + ssl->handshake->group_list = group_list; + ssl->handshake->group_list_heap_allocated = 1; + } + else + { + ssl->handshake->group_list = ssl->conf->group_list; + ssl->handshake->group_list_heap_allocated = 0; + } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_ECP_C */ + return( 0 ); } @@ -3928,16 +3974,36 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Set the allowed elliptic curves + * + * mbedtls_ssl_setup() takes the provided list + * and translates it to a list of IANA TLS group identifiers, + * stored in ssl->handshake->group_list. + * */ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curve_list ) { conf->curve_list = curve_list; + conf->group_list = NULL; } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +/* + * Set the allowed groups + */ +void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, + const uint16_t *group_list ) +{ +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; +#endif + conf->group_list = group_list; +} + #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { @@ -5379,6 +5445,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) if( handshake == NULL ) return; +#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + if ( ssl->handshake->group_list_heap_allocated ) + mbedtls_free( (void*) handshake->group_list ); + handshake->group_list = NULL; +#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_ECP_C */ + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) { @@ -6233,41 +6307,39 @@ static int ssl_preset_default_hashes[] = { }; #endif -#if defined(MBEDTLS_ECP_C) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: * curves with a lower resource usage come first. * See the documentation of mbedtls_ssl_conf_curves() for what we promise * about this list. */ -static mbedtls_ecp_group_id ssl_preset_default_curves[] = { +static uint16_t ssl_preset_default_groups[] = { #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_ECP_DP_CURVE25519, + MBEDTLS_SSL_IANA_TLS_GROUP_X25519, #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_ECP_DP_CURVE448, + MBEDTLS_SSL_IANA_TLS_GROUP_X448, #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - MBEDTLS_ECP_DP_SECP521R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, #endif #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - MBEDTLS_ECP_DP_BP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - MBEDTLS_ECP_DP_BP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - MBEDTLS_ECP_DP_BP512R1, + MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, #endif - MBEDTLS_ECP_DP_NONE + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; -#endif static int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -6314,17 +6386,15 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) -static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { +static uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif - MBEDTLS_ECP_DP_NONE + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; -#endif /* * Load default in mbedtls_ssl_config @@ -6438,9 +6508,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif -#if defined(MBEDTLS_ECP_C) - conf->curve_list = ssl_preset_suiteb_curves; +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; #endif + conf->group_list = ssl_preset_suiteb_groups; break; /* @@ -6475,9 +6546,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) - conf->curve_list = ssl_preset_default_curves; +#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->curve_list = NULL; #endif + conf->group_list = ssl_preset_default_groups; #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) conf->dhm_min_bitlen = 1024; @@ -6701,14 +6773,17 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md ) */ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) { - const mbedtls_ecp_group_id *gid; + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); - if( ssl->conf->curve_list == NULL ) + if( group_list == NULL ) return( -1 ); + uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id; - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - if( *gid == grp_id ) + for( ; *group_list != 0; group_list++ ) + { + if( *group_list == tls_id ) return( 0 ); + } return( -1 ); } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0fb09c4..9c88484 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -137,36 +137,35 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, * 'elliptic_curves' and only contained elliptic curve groups. */ static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->curve_list == NULL ) + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); + + if( group_list == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) + for ( ; *group_list != 0; group_list++ ) { const mbedtls_ecp_curve_info *info; - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); if( info == NULL ) continue; - if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) + if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) continue; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); - MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 ); + MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 ); p += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )", - mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name, - info->tls_id ) ); + info->name, *group_list ) ); } *olen = p - buf; @@ -321,20 +320,19 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) + const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); /* Pick first available ECDHE group compatible with TLS 1.3 */ - if( ssl->conf->curve_list == NULL ) + if( group_list == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) + for ( ; *group_list != 0; group_list++ ) { const mbedtls_ecp_curve_info *info; - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); if( info != NULL && - mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) ) + mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) { - *group_id = info->tls_id; + *group_id = *group_list; return( 0 ); } } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f872e60..29bda7f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -678,7 +678,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ECP_C) - mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; + uint16_t group_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info *curve_cur; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -1452,7 +1452,7 @@ int main( int argc, char *argv[] ) if( strcmp( p, "none" ) == 0 ) { - curve_list[0] = MBEDTLS_ECP_DP_NONE; + group_list[0] = 0; } else if( strcmp( p, "default" ) != 0 ) { @@ -1469,7 +1469,7 @@ int main( int argc, char *argv[] ) if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL ) { - curve_list[i++] = curve_cur->grp_id; + group_list[i++] = curve_cur->tls_id; } else { @@ -1495,7 +1495,7 @@ int main( int argc, char *argv[] ) goto exit; } - curve_list[i] = MBEDTLS_ECP_DP_NONE; + group_list[i] = 0; } } #endif /* MBEDTLS_ECP_C */ @@ -1889,7 +1889,7 @@ int main( int argc, char *argv[] ) if( opt.curves != NULL && strcmp( opt.curves, "default" ) != 0 ) { - mbedtls_ssl_conf_curves( &conf, curve_list ); + mbedtls_ssl_conf_groups( &conf, group_list ); } #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c0f3196..4d785d7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1340,7 +1340,7 @@ int main( int argc, char *argv[] ) sni_entry *sni_info = NULL; #endif #if defined(MBEDTLS_ECP_C) - mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; + uint16_t group_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info * curve_cur; #endif #if defined(MBEDTLS_SSL_ALPN) @@ -2196,7 +2196,7 @@ int main( int argc, char *argv[] ) if( strcmp( p, "none" ) == 0 ) { - curve_list[0] = MBEDTLS_ECP_DP_NONE; + group_list[0] = 0; } else if( strcmp( p, "default" ) != 0 ) { @@ -2213,7 +2213,7 @@ int main( int argc, char *argv[] ) if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL ) { - curve_list[i++] = curve_cur->grp_id; + group_list[i++] = curve_cur->tls_id; } else { @@ -2239,7 +2239,7 @@ int main( int argc, char *argv[] ) goto exit; } - curve_list[i] = MBEDTLS_ECP_DP_NONE; + group_list[i] = 0; } } #endif /* MBEDTLS_ECP_C */ @@ -2903,7 +2903,7 @@ int main( int argc, char *argv[] ) if( opt.curves != NULL && strcmp( opt.curves, "default" ) != 0 ) { - mbedtls_ssl_conf_curves( &conf, curve_list ); + mbedtls_ssl_conf_groups( &conf, group_list ); } #endif diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 25eefb3..9dabb51 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -6229,3 +6229,9 @@ ssl_cf_memcpy_offset:0:255:32 # we could get this with 255-bytes plaintext and untruncated SHA-384 Constant-flow memcpy from offset: large ssl_cf_memcpy_offset:100:339:48 + +Test configuration of groups for DHE through mbedtls_ssl_conf_curves() +conf_curve: + +Test configuration of groups for DHE through mbedtls_ssl_conf_groups() +conf_group: diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 69d2e00..75eda1d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4881,3 +4881,72 @@ exit: } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void conf_curve() +{ + + mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1, + MBEDTLS_ECP_DP_SECP224R1, + MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_ECP_DP_NONE }; + mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; + + mbedtls_ssl_config conf; + mbedtls_ssl_config_init( &conf ); + + mbedtls_ssl_conf_max_version( &conf, 3, 3 ); + mbedtls_ssl_conf_min_version( &conf, 3, 3 ); + mbedtls_ssl_conf_curves( &conf, curve_list ); + + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_setup( &ssl, &conf ); + + TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL ); + TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL ); + + TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE ); + + for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ ) + TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] ); + + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ +void conf_group() +{ + uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; + + mbedtls_ssl_config conf; + mbedtls_ssl_config_init( &conf ); + + mbedtls_ssl_conf_max_version( &conf, 3, 3 ); + mbedtls_ssl_conf_min_version( &conf, 3, 3 ); + + mbedtls_ssl_conf_groups( &conf, iana_tls_group_list ); + + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_setup( &ssl, &conf ); + + TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL ); + + TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE ); + + for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ ) + TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] ); + + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); +} +/* END_CASE */ |