From e7db09beded903e0fbf306aeb00948c929633881 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 11:29:55 +0200 Subject: [PATCH] Move FFDH helper functions and macros to more suitable locations Signed-off-by: Przemek Stekiel --- include/mbedtls/dhm.h | 63 ------------------------------------- include/mbedtls/psa_util.h | 24 -------------- include/mbedtls/ssl.h | 25 +++++++++++++++ library/ssl_tls13_generic.c | 24 ++++++++++++++ programs/ssl/ssl_test_lib.c | 30 ++++++++++++++++++ programs/ssl/ssl_test_lib.h | 4 +++ 6 files changed, 83 insertions(+), 87 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index b7c3256fb..c4616dc76 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -92,20 +92,6 @@ /** Setting the modulus and generator failed. */ #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 -/* Finite Field Groups (DHE) */ -#define MBEDTLS_DHM_GROUP_FFDHE2048 0x0100 -#define MBEDTLS_DHM_GROUP_FFDHE3072 0x0101 -#define MBEDTLS_DHM_GROUP_FFDHE4096 0x0102 -#define MBEDTLS_DHM_GROUP_FFDHE6144 0x0103 -#define MBEDTLS_DHM_GROUP_FFDHE8192 0x0104 - -/* Finite Field Group Names (DHE) */ -#define MBEDTLS_DHM_GROUP_NAME_FFDHE2048 "ffdhe2048" -#define MBEDTLS_DHM_GROUP_NAME_FFDHE3072 "ffdhe3072" -#define MBEDTLS_DHM_GROUP_NAME_FFDHE4096 "ffdhe4096" -#define MBEDTLS_DHM_GROUP_NAME_FFDHE6144 "ffdhe6144" -#define MBEDTLS_DHM_GROUP_NAME_FFDHE8192 "ffdhe8192" - /** Which parameter to access in mbedtls_dhm_get_value(). */ typedef enum { MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */ @@ -392,55 +378,6 @@ int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -static inline uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) -{ - if (strcmp(name, MBEDTLS_DHM_GROUP_NAME_FFDHE2048) == 0) { - return MBEDTLS_DHM_GROUP_FFDHE2048; - } else if (strcmp(name, MBEDTLS_DHM_GROUP_NAME_FFDHE3072) == 0) { - return MBEDTLS_DHM_GROUP_FFDHE3072; - } else if (strcmp(name, MBEDTLS_DHM_GROUP_NAME_FFDHE4096) == 0) { - return MBEDTLS_DHM_GROUP_FFDHE4096; - } else if (strcmp(name, MBEDTLS_DHM_GROUP_NAME_FFDHE6144) == 0) { - return MBEDTLS_DHM_GROUP_FFDHE6144; - } else if (strcmp(name, MBEDTLS_DHM_GROUP_NAME_FFDHE8192) == 0) { - return MBEDTLS_DHM_GROUP_FFDHE8192; - } - return 0; -} - -static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) -{ - switch (group) { - case MBEDTLS_DHM_GROUP_FFDHE2048: - return MBEDTLS_DHM_GROUP_NAME_FFDHE2048; - case MBEDTLS_DHM_GROUP_FFDHE3072: - return MBEDTLS_DHM_GROUP_NAME_FFDHE3072; - case MBEDTLS_DHM_GROUP_FFDHE4096: - return MBEDTLS_DHM_GROUP_NAME_FFDHE4096; - case MBEDTLS_DHM_GROUP_FFDHE6144: - return MBEDTLS_DHM_GROUP_NAME_FFDHE6144; - case MBEDTLS_DHM_GROUP_FFDHE8192: - return MBEDTLS_DHM_GROUP_NAME_FFDHE8192; - default: - return NULL; - } - return NULL; -} - -static inline uint16_t *mbedtls_ssl_ffdh_supported_groups(void) -{ - static uint16_t ffdh_groups[] = { - MBEDTLS_DHM_GROUP_FFDHE2048, - MBEDTLS_DHM_GROUP_FFDHE3072, - MBEDTLS_DHM_GROUP_FFDHE4096, - MBEDTLS_DHM_GROUP_FFDHE6144, - MBEDTLS_DHM_GROUP_FFDHE8192, - 0 - }; - - return ffdh_groups; -} - #if defined(MBEDTLS_SELF_TEST) /** diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e67acdfe8..5e894c5c4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -280,30 +280,6 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) -static inline psa_key_type_t mbedtls_psa_parse_tls_ffdh_group( - uint16_t tls_ecc_grp_reg_id, size_t *bits) -{ - switch (tls_ecc_grp_reg_id) { - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - *bits = 2048; - return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - *bits = 3072; - return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - *bits = 4096; - return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - *bits = 6144; - return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - *bits = 8192; - return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - default: - return 0; - } -} - /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b73b41a1..b10a56303 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -221,6 +221,12 @@ #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 #define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 +/* Finite Field Group Names (DHE) */ +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144" +#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192" /* * TLS 1.3 Key Exchange Modes @@ -5333,4 +5339,23 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, } #endif +static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group) +{ + switch (group) { + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144; + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: + return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192; + default: + return NULL; + } + return NULL; +} + #endif /* ssl.h */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6a1006fdc..821a54cbc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1572,6 +1572,30 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ #if defined(PSA_WANT_ALG_FFDH) +static psa_key_type_t mbedtls_psa_parse_tls_ffdh_group( + uint16_t tls_ecc_grp_reg_id, size_t *bits) +{ + switch (tls_ecc_grp_reg_id) { + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: + *bits = 2048; + return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: + *bits = 3072; + return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: + *bits = 4096; + return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: + *bits = 6144; + return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); + case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: + *bits = 8192; + return PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); + default: + return 0; + } +} + int mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange( mbedtls_ssl_context *ssl, uint16_t named_group, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 40aedd7b4..ea422e960 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -449,4 +449,34 @@ void test_hooks_free(void) #endif /* MBEDTLS_TEST_HOOKS */ +uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name) +{ + if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) { + return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048; + } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072) == 0) { + return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072; + } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096) == 0) { + return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096; + } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144) == 0) { + return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144; + } else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192) == 0) { + return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; + } + return 0; +} + +uint16_t *mbedtls_ssl_ffdh_supported_groups(void) +{ + static uint16_t ffdh_groups[] = { + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, + 0 + }; + + return ffdh_groups; +} + #endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 020fc2d29..5f9dbdd04 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -307,5 +307,9 @@ void test_hooks_free(void); #endif /* !MBEDTLS_TEST_HOOKS */ +/* Helper functions for FFDH groups. */ +uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name); +uint16_t *mbedtls_ssl_ffdh_supported_groups(void); + #endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ #endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */