TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10570 from valeriosetti/issue10349

Browse Source 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
This commit is contained in:
Valerio Setti
2026-02-03 11:01:11 +00:00
committed by GitHub
parent 75eec4b477 318e4314df
commit 2a72766d75
5 changed files with 430 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog.d/issue10349.txt Normal file
View File

@@ -0,0 +1,8 @@
Features
* Function mbedtls_ssl_get_supported_group_list() is added to return the list
of supported groups IDs (curves and finite fields).
* MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is added to allow defining the list of
mbedtls_ssl_iana_tls_group_info_t items which represent known TLS groups
with corresponding informations.
If MBEDTLS_DEBUG_C is also enabled then mbedtls_ssl_iana_tls_group_info is
also available as implementation of such list.

144
include/mbedtls/ssl.h
View File

@@ -3667,6 +3667,146 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
/**
* This structure defines each entry of the macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO.
*
* \note Future versions of the library might add new fields to this structure.
*/
typedef struct {
/** TLS-ID */
uint16_t tls_id;
/** Group name */
const char *group_name;
/** 1 if the group is supported; 0 otherwise */
uint8_t is_supported;
} mbedtls_ssl_iana_tls_group_info_t;
/* Helpers to check which PSA_WANT_xxx symbols are defined for groups. */
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
#define MBEDTLS_SSL_HAVE_GROUP_X25519 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_X25519 0
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 0
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 0
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 0
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
#define MBEDTLS_SSL_HAVE_GROUP_X448 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_X448 0
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 0
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 0
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 0
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 0
#endif
#if defined(PSA_WANT_DH_RFC7919_2048)
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 0
#endif
#if defined(PSA_WANT_DH_RFC7919_3072)
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 0
#endif
#if defined(PSA_WANT_DH_RFC7919_4096)
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 0
#endif
#if defined(PSA_WANT_DH_RFC7919_6144)
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 0
#endif
#if defined(PSA_WANT_DH_RFC7919_8192)
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 1
#else
#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 0
#endif
/**
* Initializer for a list of known TLS 1.2 named elliptic curves and
* TLS 1.3 groups, with their names.
*
* Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t.
* The last entry has `tls_id = 0` and `group_name = NULL`.
*/
#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \
{ \
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", MBEDTLS_SSL_HAVE_GROUP_X25519 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", MBEDTLS_SSL_HAVE_GROUP_SECP256R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", MBEDTLS_SSL_HAVE_GROUP_SECP256K1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", MBEDTLS_SSL_HAVE_GROUP_SECP384R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", MBEDTLS_SSL_HAVE_GROUP_X448 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", MBEDTLS_SSL_HAVE_GROUP_SECP521R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", MBEDTLS_SSL_HAVE_GROUP_BP256R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", MBEDTLS_SSL_HAVE_GROUP_BP384R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", MBEDTLS_SSL_HAVE_GROUP_BP512R1 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 }, \
{ MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL, 1 } \
}
#if defined(MBEDTLS_DEBUG_C)
/**
* List of known "TLS ID" <-> "group name".
* #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is used to initialized the list.
*/
extern mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[];
#endif /* MBEDTLS_DEBUG_C */
/**
* \brief Return the list of supported groups (curves and finite fields).
*
* \note The returned list is ordered in ascending order of resource
* usage. This follows the same pattern of the default list being
* used when mbedtls_ssl_conf_groups() is not called.
*
* \note The returned list represents supported groups in the current build
* configuration, not the one set by mbedtls_ssl_conf_groups().
*
* \note The returned list is static so the user doesn't need to worry
* about it being freed.
*
* \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx)
* and is terminated by #MBEDTLS_SSL_IANA_TLS_GROUP_NONE.
*/
const uint16_t *mbedtls_ssl_get_supported_group_list(void);
/**
* \brief Set the allowed groups in order of preference.
*
@@ -3692,6 +3832,10 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
* keeping with the general principle of favoring the lowest
* resource usage.
*
* \note The list is not copied internally, only the reference to it
* is saved in \p conf. Do not free \p groups memory for the time
* in which \p conf is being used.
*
* \param conf SSL configuration
* \param groups List of allowed groups ordered by preference, terminated by 0.
* Must contain valid IANA NamedGroup IDs (provided via either an integer

119
library/ssl_tls.c
View File

@@ -2362,6 +2362,60 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_groups() for what we promise
* about this list.
*/
static const uint16_t ssl_preset_default_groups[] = {
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
#if defined(PSA_WANT_DH_RFC7919_2048)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
#endif
#if defined(PSA_WANT_DH_RFC7919_3072)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
#endif
#if defined(PSA_WANT_DH_RFC7919_4096)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096,
#endif
#if defined(PSA_WANT_DH_RFC7919_6144)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144,
#endif
#if defined(PSA_WANT_DH_RFC7919_8192)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192,
#endif
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
const uint16_t *mbedtls_ssl_get_supported_group_list(void)
{
return ssl_preset_default_groups;
}
/*
* Set the allowed groups
*/
@@ -5165,47 +5219,6 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
memset(conf, 0, sizeof(mbedtls_ssl_config));
}
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_groups() for what we promise
* about this list.
*/
static const uint16_t ssl_preset_default_groups[] = {
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
#if defined(PSA_WANT_ALG_FFDH)
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144,
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192,
#endif
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
static const int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -5839,28 +5852,14 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id)
}
#if defined(MBEDTLS_DEBUG_C)
static const struct {
uint16_t tls_id;
const char *name;
} tls_id_curve_name_table[] =
{
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" },
{ 0, NULL },
};
mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[] =
MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
{
for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) {
if (tls_id_curve_name_table[i].tls_id == tls_id) {
return tls_id_curve_name_table[i].name;
for (int i = 0; mbedtls_ssl_iana_tls_group_info[i].tls_id != 0; i++) {
if (mbedtls_ssl_iana_tls_group_info[i].tls_id == tls_id) {
return mbedtls_ssl_iana_tls_group_info[i].group_name;
}
}

160
tests/suites/test_suite_ssl.data
View File

@@ -3031,6 +3031,166 @@ ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI
Test configuration of EC groups through mbedtls_ssl_conf_groups()
conf_group:
Get supported group list: x25519, positive
depends_on:PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:1
Get supported group list: x25519, negative
depends_on:!PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:0
Get supported group list: secp256r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:1
Get supported group list: secp256r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0
Get supported group list: secp384r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1
Get supported group list: secp384r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:0
Get supported group list: x448, positive
depends_on:PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:1
Get supported group list: x448, negative
depends_on:!PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:0
Get supported group list: secp521r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_521
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:1
Get supported group list: secp521r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_521
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:0
Get supported group list: brainpool256r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:1
Get supported group list: brainpool256r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:0
Get supported group list: brainpool384r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:1
Get supported group list: brainpool384r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:0
Get supported group list: brainpool512r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:1
Get supported group list: brainpool512r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:0
Get supported group list: ffdhe2048, positive
depends_on:PSA_WANT_DH_RFC7919_2048
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:1
Get supported group list: ffdhe2048, negative
depends_on:!PSA_WANT_DH_RFC7919_2048
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:0
Get supported group list: ffdhe3072, positive
depends_on:PSA_WANT_DH_RFC7919_3072
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:1
Get supported group list: ffdhe3072, negative
depends_on:!PSA_WANT_DH_RFC7919_3072
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:0
Get supported group list: ffdhe4096, positive
depends_on:PSA_WANT_DH_RFC7919_4096
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:1
Get supported group list: ffdhe4096, negative
depends_on:!PSA_WANT_DH_RFC7919_4096
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:0
Get supported group list: ffdhe6144, positive
depends_on:PSA_WANT_DH_RFC7919_6144
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:1
Get supported group list: ffdhe6144, negative
depends_on:!PSA_WANT_DH_RFC7919_6144
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:0
Get supported group list: ffdhe8192, positive
depends_on:PSA_WANT_DH_RFC7919_8192
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:1
Get supported group list: ffdhe8192, negative
depends_on:!PSA_WANT_DH_RFC7919_8192
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0
TLS ID <-> group name: x25519
depends_on:PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:"x25519"
TLS ID <-> group name: secp256r1
depends_on:PSA_WANT_ECC_SECP_R1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:"secp256r1"
TLS ID <-> group name: secp256k1
depends_on:PSA_WANT_ECC_SECP_K1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:"secp256k1"
TLS ID <-> group name: secp384r1
depends_on:PSA_WANT_ECC_SECP_R1_384
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:"secp384r1"
TLS ID <-> group name: x448
depends_on:PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X448:"x448"
TLS ID <-> group name: secp521r1
depends_on:PSA_WANT_ECC_SECP_R1_521
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:"secp521r1"
TLS ID <-> group name: brainpoolP256r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:"brainpoolP256r1"
TLS ID <-> group name: brainpoolP384r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:"brainpoolP384r1"
TLS ID <-> group name: brainpoolP512r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:"brainpoolP512r1"
TLS ID <-> group name: ffdhe2048
depends_on:PSA_WANT_DH_RFC7919_2048
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:"ffdhe2048"
TLS ID <-> group name: ffdhe3072
depends_on:PSA_WANT_DH_RFC7919_3072
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:"ffdhe3072"
TLS ID <-> group name: ffdhe4096
depends_on:PSA_WANT_DH_RFC7919_4096
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:"ffdhe4096"
TLS ID <-> group name: ffdhe6144
depends_on:PSA_WANT_DH_RFC7919_6144
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:"ffdhe6144"
TLS ID <-> group name: ffdhe8192
depends_on:PSA_WANT_DH_RFC7919_8192
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192"
Version config: valid client TLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0

59
tests/suites/test_suite_ssl.function
View File

@@ -3574,6 +3574,65 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_available)
{
const uint16_t *list = mbedtls_ssl_get_supported_group_list();
int found = 0;
/* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and
* check that the specified group ID is supported/unsupported as expected. */
for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) {
if (list[i] == iana_group_id) {
found = 1;
break;
}
}
TEST_EQUAL(found, is_available);
/* Second: check that supported/unsupported property for the specified group is also
* correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_INFO. */
mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
mbedtls_ssl_iana_tls_group_info_t *ptr;
for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) {
if (ptr->tls_id == iana_group_id) {
TEST_EQUAL(ptr->is_supported, is_available);
}
}
exit:;
}
/* END_CASE */
/* BEGIN_CASE */
void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name)
{
mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
mbedtls_ssl_iana_tls_group_info_t *item;
const char *table_name = NULL;
/* Ensure that the list includes at least 1 valid entry. */
TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) {
if (item->tls_id == group_id) {
table_name = item->group_name;
}
}
TEST_ASSERT(table_name != NULL);
TEST_MEMORY_COMPARE(table_name, strlen(table_name), group_name, strlen(group_name));
#if defined(MBEDTLS_DEBUG_C)
const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id);
TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name,
strlen(group_name));
#endif /* MBEDTLS_DEBUG_C */
exit:;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */
void force_bad_session_id_len()
{