TinyCrypt SSL: Declare EC-related TLS RFC constants in SSL namespace

mbedtls/ecp.h defines constants

   MBEDTLS_ECP_PF_UNCOMPRESSED
   MBEDTLS_ECP_PF_COMPRESSED
   MBEDTLS_ECP_TLS_NAMED_CURVE

which regard the encoding of elliptic curves and curve point formats in TLS.
As such, they should be defined in the SSL namespace. Asides, this will help
replacing the legacy ECC crypto by alternative ECC implementations.
This commit is contained in:
Hanno Becker 2019-08-23 14:39:50 +01:00
parent ee902df678
commit 27b7e50dcd
3 changed files with 20 additions and 8 deletions

View File

@ -1885,4 +1885,16 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char *end ); unsigned char **p, unsigned char *end );
#endif /* MBEDTLS_USE_TINYCRYPT */ #endif /* MBEDTLS_USE_TINYCRYPT */
/*
* Point formats, from RFC 4492's enum ECPointFormat
*/
#define MBEDTLS_SSL_EC_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
#define MBEDTLS_SSL_EC_PF_COMPRESSED 1 /**< Compressed point format. */
/*
* Some other constants from RFC 4492
*/
#define MBEDTLS_SSL_EC_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
#endif /* ssl_internal.h */ #endif /* ssl_internal.h */

View File

@ -331,7 +331,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
*p++ = 2; *p++ = 2;
*p++ = 1; *p++ = 1;
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
*olen = 6; *olen = 6;
} }
@ -1405,8 +1405,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
p = buf + 1; p = buf + 1;
while( list_size > 0 ) while( list_size > 0 )
{ {
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED ) p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
{ {
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
ssl->handshake->ecdh_ctx.point_format = p[0]; ssl->handshake->ecdh_ctx.point_format = p[0];
@ -2817,7 +2817,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
{ {
static const unsigned char ecdh_group[] = { static const unsigned char ecdh_group[] = {
MBEDTLS_ECP_TLS_NAMED_CURVE, MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
0 /* high bits of secp256r1 TLS ID */, 0 /* high bits of secp256r1 TLS ID */,
23 /* low bits of secp256r1 TLS ID */, 23 /* low bits of secp256r1 TLS ID */,
}; };

View File

@ -347,8 +347,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
p = buf + 1; p = buf + 1;
while( list_size > 0 ) while( list_size > 0 )
{ {
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED ) p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
{ {
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
ssl->handshake->ecdh_ctx.point_format = p[0]; ssl->handshake->ecdh_ctx.point_format = p[0];
@ -2579,7 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
*p++ = 2; *p++ = 2;
*p++ = 1; *p++ = 1;
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
*olen = 6; *olen = 6;
} }
@ -3400,7 +3400,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
{ {
static const unsigned char ecdh_param_hdr[] = { static const unsigned char ecdh_param_hdr[] = {
MBEDTLS_ECP_TLS_NAMED_CURVE, MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
0 /* high bits of secp256r1 TLS ID */, 0 /* high bits of secp256r1 TLS ID */,
23 /* low bits of secp256r1 TLS ID */, 23 /* low bits of secp256r1 TLS ID */,
2 * NUM_ECC_BYTES + 1, 2 * NUM_ECC_BYTES + 1,