commit 63282b43210291931dc14341c94e198a54079c4d
author Jerry Yu <jerry.h.yu@arm.com> Tue Jan 11 15:43:53 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Jan 11 15:43:53 2022 +0800
tree 722274864ee28eeaa1517113cd0329c884e6a61e
parent 7f029d8a9494283f8df9bb7013e0ebf51af204dc

Refactor write supported group

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb533c9..6ca63cc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7208,36 +7208,26 @@
  *      struct {
  *          NamedGroup named_group_list<2..2^16-1>;
  *      } NamedGroupList;
+ * From RFC8422:
+ * enum {
+ *      deprecated(1..22),
+ *      secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ *      x25519(29), x448(30),
+ *      reserved (0xFE00..0xFEFF),
+ *      deprecated(0xFF01..0xFF02),
+ *      (0xFFFF)
+ *  } NamedCurve;
+ * struct {
+ *      NamedCurve named_curve_list<2..2^16-1>
+ *  } NamedCurveList;
+ *
+ * RFC8422 and RFC8446 share simillar structure and same extension id. The function
+ * only check if the curve/group is supported by library. It does not need check
+ * the IANA values. ECP module should check if the group/curve is deprecated or
+ * supported.
+ *
+ * DHE groups hasn't been supported yet.
  */
-
-#define SSL_GROUP_IS_UNSUPPORTED    0
-#define SSL_GROUP_IS_ECDHE          1
-#define SSL_GROUP_IS_DHE            2
-static int ssl_check_group_type( const mbedtls_ssl_config *conf,
-                                 const uint16_t group )
-{
-#if defined(MBEDTLS_ECP_C)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( mbedtls_ssl_conf_is_tls12_only( conf )
-        && mbedtls_ssl_named_group_is_ecdhe( group ) )
-        return( SSL_GROUP_IS_ECDHE );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( mbedtls_ssl_conf_is_tls13_only( conf )
-        && mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
-        return( SSL_GROUP_IS_ECDHE );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#else
-    ((void) conf);
-#endif /* MBEDTLS_ECDH_C */
-
-    if( mbedtls_ssl_tls13_named_group_is_dhe( group ) )
-        return( SSL_GROUP_IS_DHE );
-
-    return( SSL_GROUP_IS_UNSUPPORTED );
-}
-
 int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                             unsigned char *buf,
                                             const unsigned char *end,
@@ -7272,31 +7262,21 @@
     for ( ; *group_list != 0; group_list++ )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ("got supported group(%04x)",*group_list));
-        int group_type = ssl_check_group_type( ssl->conf, *group_list );
-        if( group_type == SSL_GROUP_IS_UNSUPPORTED )
-            continue;
-        MBEDTLS_SSL_DEBUG_MSG( 1, ("add supported group(%04x)",*group_list));
+
 #if defined(MBEDTLS_ECP_C)
-        if( group_type == SSL_GROUP_IS_ECDHE )
+        const mbedtls_ecp_curve_info *curve_info;
+        curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
+        if( curve_info != NULL )
         {
-            const mbedtls_ecp_curve_info *curve_info;
-            curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
-            if( curve_info == NULL )
-                continue;
+            MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+            MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+            p += 2;
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
                                    curve_info->name, *group_list ) );
-        }
-#endif /* MBEDTLS_ECDH_C */
-
-        if( group_type == SSL_GROUP_IS_DHE )
-        {
-            /* Implement DHE group here. */
             continue;
         }
-
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
-        p += 2;
+#endif /* MBEDTLS_ECP_C */
+        /* Add DHE groups here */
 
     }