From 476a2edea7c068b2b58ddf33009a456591350779 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 23:37:50 +0100 Subject: [PATCH] library: extend mbedtls_ssl_iana_tls_group_info_t structure Add new field that tells if the corresponding group is supported or not in the current build. Test function "test_mbedtls_ssl_get_supported_group_list" is extended to verify this new feature. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 119 ++++++++++++++++++++++----- tests/suites/test_suite_ssl.function | 13 ++- 2 files changed, 109 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index baf889ba62..95f3c3e22c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3661,18 +3661,93 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ /** - * This structure defines the correpondence between IANA's TLS-ID and its - * corresponding group name. - * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list - * of known TLS IDs and corresponding group names. + * This structure defines each entry of the macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO. * - * Future versions of the library might add new fields to this structure. + * \note Future versions of the library might add new fields to this structure. */ typedef struct { + /** TLS-ID */ uint16_t tls_id; + + /** Group name */ const char *group_name; + + /** 1 if the group is supported; 0 otherwise */ + uint8_t is_supported; } mbedtls_ssl_iana_tls_group_info_t; +/* Helpers to check which PSA_WANT_xxx symbols are defined for groups. */ +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#define MBEDTLS_SSL_HAVE_GROUP_X25519 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X25519 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 0 +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#define MBEDTLS_SSL_HAVE_GROUP_X448 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X448 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_2048) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_3072) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_4096) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_6144) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_8192) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 0 +#endif + /** * Initializer for a list of known TLS 1.2 named elliptic curves and * TLS 1.3 groups, with their names. @@ -3680,23 +3755,23 @@ typedef struct { * Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t. * The last entry has `tls_id = 0` and `group_name = NULL`. */ -#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ - { \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ +#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ + { \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", MBEDTLS_SSL_HAVE_GROUP_X25519 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", MBEDTLS_SSL_HAVE_GROUP_SECP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", MBEDTLS_SSL_HAVE_GROUP_SECP256K1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", MBEDTLS_SSL_HAVE_GROUP_SECP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", MBEDTLS_SSL_HAVE_GROUP_X448 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", MBEDTLS_SSL_HAVE_GROUP_SECP521R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", MBEDTLS_SSL_HAVE_GROUP_BP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", MBEDTLS_SSL_HAVE_GROUP_BP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", MBEDTLS_SSL_HAVE_GROUP_BP512R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL, 1 } \ } #if defined(MBEDTLS_DEBUG_C) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c63ad65bd2..55f9965542 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3580,15 +3580,26 @@ void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_availab const uint16_t *list = mbedtls_ssl_get_supported_group_list(); int found = 0; + /* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and + * check that the specified group ID is supported/unsupported as expected. */ for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) { if (list[i] == iana_group_id) { found = 1; break; } } - TEST_EQUAL(found, is_available); + /* Second: check that supported/unsupported property for the specified group is also + * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ + mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; + mbedtls_ssl_iana_tls_group_info_t *ptr; + for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) { + if (ptr->tls_id == iana_group_id) { + TEST_EQUAL(ptr->is_supported, is_available); + } + } + exit:; } /* END_CASE */