The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].

2024-11-25 15:15:47 +01:00 · 2014-01-22 11:22:20 +01:00 · 2014-01-22 11:22:20 +01:00 · e40c469ad3
commit e40c469ad3
parent de05390c85
3 changed files with 42 additions and 50 deletions
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@ -255,6 +255,13 @@ const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
 */
 const ecp_curve_info *ecp_curve_info_from_name( const char *name );

+/**
+ * \brief           Get the default ECDH curve list
+ *
+ * \return          The default ECDH curve list
+ */
+ecp_group_id *ecp_get_default_echd_curve_list( void );
+
 /**
 * \brief           Initialize a point (as zero)
 */
--- a/library/ecp.c
+++ b/library/ecp.c
@ -114,27 +114,33 @@ typedef enum
 *  - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
 *  - size in bits
 *  - readable name
+ *
+ * The sequence of elements in this list also determines the default preference
+ * of the curves used by an ECHDE handshake.
+ * We start with the most secure curves. From the same sized curves, we prefer
+ * the SECP ones because they are much faster.
+ *
 */
 static const ecp_curve_info ecp_supported_curves[] =
 {
-#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
-    { POLARSSL_ECP_DP_BP512R1,      28,     512,    "brainpoolP512r1"   },
-#endif
-#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
-    { POLARSSL_ECP_DP_BP384R1,      27,     384,    "brainpoolP384r1"   },
-#endif
-#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
-    { POLARSSL_ECP_DP_BP256R1,      26,     256,    "brainpoolP256r1"   },
-#endif
 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
    { POLARSSL_ECP_DP_SECP521R1,    25,     521,    "secp521r1"         },
 #endif
+#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
+    { POLARSSL_ECP_DP_BP512R1,      28,     512,    "brainpoolP512r1"   },
+#endif
 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
    { POLARSSL_ECP_DP_SECP384R1,    24,     384,    "secp384r1"         },
 #endif
+#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
+    { POLARSSL_ECP_DP_BP384R1,      27,     384,    "brainpoolP384r1"   },
+#endif
 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
    { POLARSSL_ECP_DP_SECP256R1,    23,     256,    "secp256r1"         },
 #endif
+#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
+    { POLARSSL_ECP_DP_BP256R1,      26,     256,    "brainpoolP256r1"   },
+#endif
 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
    { POLARSSL_ECP_DP_SECP224R1,    21,     224,    "secp224r1"         },
 #endif
@ -152,6 +158,8 @@ static const ecp_curve_info ecp_supported_curves[] =
 #endif
    { POLARSSL_ECP_DP_NONE,          0,     0,      NULL                },
 };
+#define ECP_NUM_SUPPORTED_CURVES ( sizeof( ecp_supported_curves ) / \
+                                   sizeof( ecp_curve_info )         )

 /*
 * List of supported curves and associated info
@ -215,6 +223,23 @@ const ecp_curve_info *ecp_curve_info_from_name( const char *name )
    return( NULL );
 }

+/*
+ * Get the default ECDH curve list
+ */
+ecp_group_id *ecp_get_default_echd_curve_list( void )
+{
+    static ecp_group_id ecdh_default_curve_list[ECP_NUM_SUPPORTED_CURVES];
+    int i;
+
+    /* Build the list of default curves based on ecp_supported_curves[] */
+    for( i = 0; i < ECP_NUM_SUPPORTED_CURVES; i++)
+    {
+        ecdh_default_curve_list[i] = ecp_supported_curves[i].grp_id;
+    }
+
+    return ecdh_default_curve_list;
+}
+
 /*
 * Get the type of a curve
 */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3325,46 +3325,6 @@ static int ssl_handshake_init( ssl_context *ssl )
 */
 int ssl_init( ssl_context *ssl )
 {
-
-#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
-    /*
-    * ECDHE allowed curves and preference list
-    *
-    * We start with the most secure curves. From the same size curves, we prefer
-    * the SECP ones because they are much faster.
-    *
-    * TODO: Add the Montgomery curves
-    */
-    static const ecp_group_id default_curve_list[] =
-    {
-#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
-        POLARSSL_ECP_DP_SECP521R1,
-#endif
-#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
-        POLARSSL_ECP_DP_BP512R1,
-#endif
-#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
-        POLARSSL_ECP_DP_SECP384R1,
-#endif
-#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
-        POLARSSL_ECP_DP_BP384R1,
-#endif
-#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
-        POLARSSL_ECP_DP_SECP256R1,
-#endif
-#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
-        POLARSSL_ECP_DP_BP256R1,
-#endif
-#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
-        POLARSSL_ECP_DP_SECP224R1,
-#endif
-#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
-        POLARSSL_ECP_DP_SECP192R1,
-#endif
-        POLARSSL_ECP_DP_NONE
-    };
-#endif
-
    int ret;
    int len = SSL_BUFFER_LEN;

@ -3426,7 +3386,7 @@ int ssl_init( ssl_context *ssl )

 #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
    defined(POLARSSL_SSL_SET_CURVES)
-    ssl->curve_list = default_curve_list;
+    ssl->curve_list = ecp_get_default_echd_curve_list( );
 #endif

    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )