tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3b67fdc..5c62393 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1040,13 +1040,13 @@
}
for (size_t i = 0; i < length; i++) {
- const mbedtls_ecp_curve_info *info =
- mbedtls_ecp_curve_info_from_grp_id(curve_list[i]);
- if (info == NULL) {
+ uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
+ curve_list[i]);
+ if (tls_id == 0) {
mbedtls_free(group_list);
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
- group_list[i] = info->tls_id;
+ group_list[i] = tls_id;
}
group_list[length] = 0;
@@ -4019,7 +4019,7 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
- mbedtls_free((void *) handshake->curves);
+ mbedtls_free((void *) handshake->curves_tls_id);
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@@ -5418,19 +5418,119 @@
*/
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
{
- const mbedtls_ecp_curve_info *grp_info =
- mbedtls_ecp_curve_info_from_grp_id(grp_id);
+ uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
- if (grp_info == NULL) {
+ if (tls_id == 0) {
return -1;
}
- uint16_t tls_id = grp_info->tls_id;
-
return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
}
#endif /* MBEDTLS_ECP_C */
+static const struct {
+ uint16_t tls_id;
+ mbedtls_ecp_group_id ecp_group_id;
+ psa_ecc_family_t psa_family;
+ uint16_t bits;
+ const char *name;
+} tls_id_match_table[] =
+{
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+ { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, "secp521r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+ { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, "brainpoolP512r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+ { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, "secp384r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+ { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, "brainpoolP384r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+ { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, "secp256r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+ { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, "secp256k1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+ { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, "brainpoolP256r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+ { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, "secp224r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+ { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, "secp224k1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+ { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, "secp192r1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+ { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, "secp192k1" },
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+ { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 256, "x25519" },
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+ { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, "x448" },
+#endif
+ { 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
+};
+
+int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
+ psa_ecc_family_t *family,
+ size_t *bits)
+{
+ for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+ if (tls_id_match_table[i].tls_id == tls_id) {
+ if (family != NULL) {
+ *family = tls_id_match_table[i].psa_family;
+ }
+ if (bits != NULL) {
+ *bits = tls_id_match_table[i].bits;
+ }
+ return PSA_SUCCESS;
+ }
+ }
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id)
+{
+ for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+ if (tls_id_match_table[i].tls_id == tls_id) {
+ return tls_id_match_table[i].ecp_group_id;
+ }
+ }
+
+ return MBEDTLS_ECP_DP_NONE;
+}
+
+uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id)
+{
+ for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE;
+ i++) {
+ if (tls_id_match_table[i].ecp_group_id == grp_id) {
+ return tls_id_match_table[i].tls_id;
+ }
+ }
+
+ return 0;
+}
+
+const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
+{
+ for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+ if (tls_id_match_table[i].tls_id == tls_id) {
+ return tls_id_match_table[i].name;
+ }
+ }
+
+ return NULL;
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite,