yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 16:35:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add ecp_supported_curves and simplify some code

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-16 17:30:04 +02:00 committed by Paul Bakker
parent 7038039f2e
commit 568c9cf878
5 changed files with 95 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
include/polarssl/ecp.h
View File

@ -54,13 +54,28 @@ extern "C" {
typedef enum typedef enum
{ {
POLARSSL_ECP_DP_NONE = 0, POLARSSL_ECP_DP_NONE = 0,
POLARSSL_ECP_DP_SECP192R1, /* 192-bits NIST curve */ POLARSSL_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
POLARSSL_ECP_DP_SECP224R1, /* 224-bits NIST curve */ POLARSSL_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
POLARSSL_ECP_DP_SECP256R1, /* 256-bits NIST curve */ POLARSSL_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
POLARSSL_ECP_DP_SECP384R1, /* 384-bits NIST curve */ POLARSSL_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
POLARSSL_ECP_DP_SECP521R1, /* 521-bits NIST curve */ POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
} ecp_group_id; } ecp_group_id;
/**
* Curve information for use by the SSL module
*/
typedef struct
{
ecp_group_id grp_id; /*!< Internal identifier */
uint16_t name; /*!< TLS NamedCurve value */
uint16_t size; /*!< Curve size in bits */
} ecp_curve_info;
/**
* List of supported curves
*/
extern ecp_curve_info ecp_supported_curves[];
/** /**
* \brief ECP point structure (jacobian coordinates) * \brief ECP point structure (jacobian coordinates)
* *
@ -346,7 +361,7 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
* \return The associated TLS NamedCurve value on success, * \return The associated TLS NamedCurve value on success,
* 0 on failure. * 0 on failure.
*/ */
unsigned int ecp_named_curve_from_grp_id( ecp_group_id id ); uint16_t ecp_named_curve_from_grp_id( ecp_group_id id );
/** /**
* \brief Get an internal group identifier from a TLS NamedCurve value * \brief Get an internal group identifier from a TLS NamedCurve value
@ -356,7 +371,7 @@ unsigned int ecp_named_curve_from_grp_id( ecp_group_id id );
* \return The associated POLARSSL_ECP_DP_XXX identifer on success, * \return The associated POLARSSL_ECP_DP_XXX identifer on success,
* POLARSSL_ECP_DP_NONE on failure. * POLARSSL_ECP_DP_NONE on failure.
*/ */
ecp_group_id ecp_grp_id_from_named_curve( unsigned int curve ); ecp_group_id ecp_grp_id_from_named_curve( uint16_t curve );
/** /**
* \brief Import a point from a TLS ECPoint record * \brief Import a point from a TLS ECPoint record

92
library/ecp.c
View File

@ -67,6 +67,32 @@
unsigned long add_count, dbl_count; unsigned long add_count, dbl_count;
#endif #endif
/*
* List of supported curves:
* - internal ID
* - TLS NamedCurve number (RFC 4492 section 5.1.1)
* - size in bits
*/
ecp_curve_info ecp_supported_curves[] =
{
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
{ POLARSSL_ECP_DP_SECP521R1, 25, 521, },
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
{ POLARSSL_ECP_DP_SECP384R1, 24, 384, },
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
{ POLARSSL_ECP_DP_SECP256R1, 23, 256, },
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
{ POLARSSL_ECP_DP_SECP224R1, 21, 224, },
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
{ POLARSSL_ECP_DP_SECP192R1, 19, 192, },
#endif
{ POLARSSL_ECP_DP_NONE, 0, 0 },
};
/* /*
* Initialize (the components of) a point * Initialize (the components of) a point
*/ */
@ -720,54 +746,42 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
return 0; return 0;
} }
/* Hard-coded values are temporary, will be reimplemented soon */ /*
ecp_group_id ecp_grp_id_from_named_curve( unsigned int curve ) * Get the internal identifer from the TLS name
*/
ecp_group_id ecp_grp_id_from_named_curve( uint16_t name )
{ {
switch( curve ) ecp_curve_info *curve_info;
for( curve_info = ecp_supported_curves;
curve_info->grp_id != POLARSSL_ECP_DP_NONE;
curve_info++ )
{ {
case 19: if( curve_info->name == name )
return( POLARSSL_ECP_DP_SECP192R1 ); return( curve_info->grp_id );
case 21:
return( POLARSSL_ECP_DP_SECP224R1 );
case 23:
return( POLARSSL_ECP_DP_SECP256R1 );
case 24:
return( POLARSSL_ECP_DP_SECP384R1 );
case 25:
return( POLARSSL_ECP_DP_SECP521R1 );
default:
return( POLARSSL_ECP_DP_NONE );
} }
return( POLARSSL_ECP_DP_NONE );
} }
unsigned int ecp_named_curve_from_grp_id( ecp_group_id id ) /*
* Get the TLS name for the internal identifer
*/
uint16_t ecp_named_curve_from_grp_id( ecp_group_id id )
{ {
switch( id ) ecp_curve_info *curve_info;
for( curve_info = ecp_supported_curves;
curve_info->grp_id != POLARSSL_ECP_DP_NONE;
curve_info++ )
{ {
case POLARSSL_ECP_DP_SECP192R1: if( curve_info->grp_id == id )
return( 19 ); return( curve_info->name );
case POLARSSL_ECP_DP_SECP224R1:
return( 21 );
case POLARSSL_ECP_DP_SECP256R1:
return( 23 );
case POLARSSL_ECP_DP_SECP384R1:
return( 24 );
case POLARSSL_ECP_DP_SECP521R1:
return( 25 );
default:
return( 0 );
} }
return( 0 );
} }
/* /*
* Fast mod-p functions expect their argument to be in the 0..p^2 range. * Fast mod-p functions expect their argument to be in the 0..p^2 range.
* *

33
library/ssl_cli.c
View File

@ -233,32 +233,20 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
unsigned char *p = buf; unsigned char *p = buf;
unsigned char elliptic_curve_list[20]; unsigned char elliptic_curve_list[20];
size_t elliptic_curve_len = 0; size_t elliptic_curve_len = 0;
ecp_curve_info *curve;
((void) ssl); ((void) ssl);
*olen = 0; *olen = 0;
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) for( curve = ecp_supported_curves;
elliptic_curve_list[elliptic_curve_len++] = 0x00; curve->grp_id != POLARSSL_ECP_DP_NONE;
elliptic_curve_list[elliptic_curve_len++] = ecp_named_curve_from_grp_id( POLARSSL_ECP_DP_SECP521R1 ); curve++ )
#endif {
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) elliptic_curve_list[elliptic_curve_len++] = curve->name >> 8;
elliptic_curve_list[elliptic_curve_len++] = 0x00; elliptic_curve_list[elliptic_curve_len++] = curve->name & 0xFF;
elliptic_curve_list[elliptic_curve_len++] = ecp_named_curve_from_grp_id( POLARSSL_ECP_DP_SECP384R1 ); }
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = ecp_named_curve_from_grp_id( POLARSSL_ECP_DP_SECP256R1 );
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = ecp_named_curve_from_grp_id( POLARSSL_ECP_DP_SECP224R1 );
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = ecp_named_curve_from_grp_id( POLARSSL_ECP_DP_SECP192R1 );
#endif
if( elliptic_curve_len == 0 ) if( elliptic_curve_len == 0 )
return; return;
@ -1134,10 +1122,13 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx, if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx,
(const unsigned char **) p, end ) ) != 0 ) (const unsigned char **) p, end ) ) != 0 )
{ {
SSL_DEBUG_RET( 2, ( "ecdh_read_params" ), ret ); SSL_DEBUG_RET( 1, ( "ecdh_read_params" ), ret );
return( ret ); return( ret );
} }
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 ) ssl->handshake->ecdh_ctx.grp.nbits > 521 )
{ {

36
library/ssl_srv.c
View File

@ -517,41 +517,12 @@ static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
while( list_size > 0 ) while( list_size > 0 )
{ {
grp_id = ecp_grp_id_from_named_curve( ( p[0] << 8 ) | p[1] ); grp_id = ecp_grp_id_from_named_curve( ( p[0] << 8 ) | p[1] );
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
if( grp_id == POLARSSL_ECP_DP_SECP192R1 ) if( grp_id != POLARSSL_ECP_DP_NONE )
{ {
ssl->handshake->ec_curve = grp_id; ssl->handshake->ec_curve = grp_id;
return( 0 ); return( 0 );
} }
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
if( grp_id == POLARSSL_ECP_DP_SECP224R1 )
{
ssl->handshake->ec_curve = grp_id;
return( 0 );
}
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
if( grp_id == POLARSSL_ECP_DP_SECP256R1 )
{
ssl->handshake->ec_curve = grp_id;
return( 0 );
}
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
if( grp_id == POLARSSL_ECP_DP_SECP384R1 )
{
ssl->handshake->ec_curve = grp_id;
return( 0 );
}
#endif
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
if( grp_id == POLARSSL_ECP_DP_SECP521R1 )
{
ssl->handshake->ec_curve = grp_id;
return( 0 );
}
#endif
list_size -= 2; list_size -= 2;
p += 2; p += 2;
@ -1939,6 +1910,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
return( ret ); return( ret );
} }
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx, if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx,
&len, &len,
p, p,

18
programs/pkey/ecdsa.c
View File

@ -38,30 +38,18 @@
*/ */
#if !defined(ECPARAMS) #if !defined(ECPARAMS)
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) #define ECPARAMS ecp_supported_curves[0].grp_id
#define ECPARAMS POLARSSL_ECP_DP_SECP192R1
#elif defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
#define ECPARAMS POLARSSL_ECP_DP_SECP224R1
#elif defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
#define ECPARAMS POLARSSL_ECP_DP_SECP256R1
#elif defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
#define ECPARAMS POLARSSL_ECP_DP_SECP384R1
#elif defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
#define ECPARAMS POLARSSL_ECP_DP_SECP521R1
#endif #endif
#endif /* !defined(ECPARAMS) */
#if !defined(POLARSSL_ECDSA_C) || \ #if !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
!defined(ECPARAMS)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_ECDSA_C and/or " printf("POLARSSL_ECDSA_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined," "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined\n"
"and/or no EC domain parameter available\n" );
return( 0 ); return( 0 );
} }
#else #else