Merge pull request #10570 from valeriosetti/issue10349

mbedtls 4.x does not expose mbedtls_ecp_curve_list()
2026-04-01 02:01:09 +02:00 · 2026-02-03 11:01:11 +00:00
parent 75eec4b477 318e4314df
commit 2a72766d75
5 changed files with 430 additions and 60 deletions
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3031,6 +3031,166 @@ ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI
 Test configuration of EC groups through mbedtls_ssl_conf_groups()
 conf_group:

+Get supported group list: x25519, positive
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:1
+
+Get supported group list: x25519, negative
+depends_on:!PSA_WANT_ECC_MONTGOMERY_255
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:0
+
+Get supported group list: secp256r1, positive
+depends_on:PSA_WANT_ECC_SECP_R1_256
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:1
+
+Get supported group list: secp256r1, negative
+depends_on:!PSA_WANT_ECC_SECP_R1_256
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0
+
+Get supported group list: secp384r1, positive
+depends_on:PSA_WANT_ECC_SECP_R1_384
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1
+
+Get supported group list: secp384r1, negative
+depends_on:!PSA_WANT_ECC_SECP_R1_384
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:0
+
+Get supported group list: x448, positive
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:1
+
+Get supported group list: x448, negative
+depends_on:!PSA_WANT_ECC_MONTGOMERY_448
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:0
+
+Get supported group list: secp521r1, positive
+depends_on:PSA_WANT_ECC_SECP_R1_521
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:1
+
+Get supported group list: secp521r1, negative
+depends_on:!PSA_WANT_ECC_SECP_R1_521
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:0
+
+Get supported group list: brainpool256r1, positive
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:1
+
+Get supported group list: brainpool256r1, negative
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:0
+
+Get supported group list: brainpool384r1, positive
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:1
+
+Get supported group list: brainpool384r1, negative
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:0
+
+Get supported group list: brainpool512r1, positive
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:1
+
+Get supported group list: brainpool512r1, negative
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:0
+
+Get supported group list: ffdhe2048, positive
+depends_on:PSA_WANT_DH_RFC7919_2048
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:1
+
+Get supported group list: ffdhe2048, negative
+depends_on:!PSA_WANT_DH_RFC7919_2048
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:0
+
+Get supported group list: ffdhe3072, positive
+depends_on:PSA_WANT_DH_RFC7919_3072
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:1
+
+Get supported group list: ffdhe3072, negative
+depends_on:!PSA_WANT_DH_RFC7919_3072
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:0
+
+Get supported group list: ffdhe4096, positive
+depends_on:PSA_WANT_DH_RFC7919_4096
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:1
+
+Get supported group list: ffdhe4096, negative
+depends_on:!PSA_WANT_DH_RFC7919_4096
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:0
+
+Get supported group list: ffdhe6144, positive
+depends_on:PSA_WANT_DH_RFC7919_6144
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:1
+
+Get supported group list: ffdhe6144, negative
+depends_on:!PSA_WANT_DH_RFC7919_6144
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:0
+
+Get supported group list: ffdhe8192, positive
+depends_on:PSA_WANT_DH_RFC7919_8192
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:1
+
+Get supported group list: ffdhe8192, negative
+depends_on:!PSA_WANT_DH_RFC7919_8192
+test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0
+
+TLS ID <-> group name: x25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:"x25519"
+
+TLS ID <-> group name: secp256r1
+depends_on:PSA_WANT_ECC_SECP_R1_256
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:"secp256r1"
+
+TLS ID <-> group name: secp256k1
+depends_on:PSA_WANT_ECC_SECP_K1_256
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:"secp256k1"
+
+TLS ID <-> group name: secp384r1
+depends_on:PSA_WANT_ECC_SECP_R1_384
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:"secp384r1"
+
+TLS ID <-> group name: x448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X448:"x448"
+
+TLS ID <-> group name: secp521r1
+depends_on:PSA_WANT_ECC_SECP_R1_521
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:"secp521r1"
+
+TLS ID <-> group name: brainpoolP256r1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:"brainpoolP256r1"
+
+TLS ID <-> group name: brainpoolP384r1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:"brainpoolP384r1"
+
+TLS ID <-> group name: brainpoolP512r1
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:"brainpoolP512r1"
+
+TLS ID <-> group name: ffdhe2048
+depends_on:PSA_WANT_DH_RFC7919_2048
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:"ffdhe2048"
+
+TLS ID <-> group name: ffdhe3072
+depends_on:PSA_WANT_DH_RFC7919_3072
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:"ffdhe3072"
+
+TLS ID <-> group name: ffdhe4096
+depends_on:PSA_WANT_DH_RFC7919_4096
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:"ffdhe4096"
+
+TLS ID <-> group name: ffdhe6144
+depends_on:PSA_WANT_DH_RFC7919_6144
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:"ffdhe6144"
+
+TLS ID <-> group name: ffdhe8192
+depends_on:PSA_WANT_DH_RFC7919_8192
+test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192"
+
 Version config: valid client TLS 1.2 only
 depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3574,6 +3574,65 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE */
+void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_available)
+{
+    const uint16_t *list = mbedtls_ssl_get_supported_group_list();
+    int found = 0;
+
+    /* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and
+     * check that the specified group ID is supported/unsupported as expected. */
+    for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) {
+        if (list[i] == iana_group_id) {
+            found = 1;
+            break;
+        }
+    }
+    TEST_EQUAL(found, is_available);
+
+    /* Second: check that supported/unsupported property for the specified group is also
+     * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_INFO. */
+    mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
+    mbedtls_ssl_iana_tls_group_info_t *ptr;
+    for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) {
+        if (ptr->tls_id == iana_group_id) {
+            TEST_EQUAL(ptr->is_supported, is_available);
+        }
+    }
+
+exit:;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name)
+{
+    mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
+    mbedtls_ssl_iana_tls_group_info_t *item;
+    const char *table_name = NULL;
+
+    /* Ensure that the list includes at least 1 valid entry. */
+    TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
+
+    for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) {
+        if (item->tls_id == group_id) {
+            table_name = item->group_name;
+        }
+    }
+
+    TEST_ASSERT(table_name != NULL);
+    TEST_MEMORY_COMPARE(table_name, strlen(table_name), group_name, strlen(group_name));
+
+#if defined(MBEDTLS_DEBUG_C)
+    const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id);
+    TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name,
+                        strlen(group_name));
+#endif /* MBEDTLS_DEBUG_C */
+
+exit:;
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */
 void force_bad_session_id_len()
 {