yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 08:14:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].

Browse Source
This commit is contained in:
Gergely Budai 2014-01-22 11:22:20 +01:00 committed by Manuel Pégourié-Gonnard
parent de05390c85
commit e40c469ad3
3 changed files with 42 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/polarssl/ecp.h
View File

@ -255,6 +255,13 @@ const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
*/ */
const ecp_curve_info *ecp_curve_info_from_name( const char *name ); const ecp_curve_info *ecp_curve_info_from_name( const char *name );
/**
* \brief Get the default ECDH curve list
*
* \return The default ECDH curve list
*/
ecp_group_id *ecp_get_default_echd_curve_list( void );
/** /**
* \brief Initialize a point (as zero) * \brief Initialize a point (as zero)
*/ */

43
library/ecp.c
View File

@ -114,27 +114,33 @@ typedef enum
* - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2) * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
* - size in bits * - size in bits
* - readable name * - readable name
*
* The sequence of elements in this list also determines the default preference
* of the curves used by an ECHDE handshake.
* We start with the most secure curves. From the same sized curves, we prefer
* the SECP ones because they are much faster.
*
*/ */
static const ecp_curve_info ecp_supported_curves[] = static const ecp_curve_info ecp_supported_curves[] =
{ {
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
{ POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
{ POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
{ POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
{ POLARSSL_ECP_DP_SECP521R1, 25, 521, "secp521r1" }, { POLARSSL_ECP_DP_SECP521R1, 25, 521, "secp521r1" },
#endif #endif
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
{ POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
{ POLARSSL_ECP_DP_SECP384R1, 24, 384, "secp384r1" }, { POLARSSL_ECP_DP_SECP384R1, 24, 384, "secp384r1" },
#endif #endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
{ POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
{ POLARSSL_ECP_DP_SECP256R1, 23, 256, "secp256r1" }, { POLARSSL_ECP_DP_SECP256R1, 23, 256, "secp256r1" },
#endif #endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
{ POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
{ POLARSSL_ECP_DP_SECP224R1, 21, 224, "secp224r1" }, { POLARSSL_ECP_DP_SECP224R1, 21, 224, "secp224r1" },
#endif #endif
@ -152,6 +158,8 @@ static const ecp_curve_info ecp_supported_curves[] =
#endif #endif
{ POLARSSL_ECP_DP_NONE, 0, 0, NULL }, { POLARSSL_ECP_DP_NONE, 0, 0, NULL },
}; };
#define ECP_NUM_SUPPORTED_CURVES ( sizeof( ecp_supported_curves ) / \
sizeof( ecp_curve_info ) )
/* /*
* List of supported curves and associated info * List of supported curves and associated info
@ -215,6 +223,23 @@ const ecp_curve_info *ecp_curve_info_from_name( const char *name )
return( NULL ); return( NULL );
} }
/*
* Get the default ECDH curve list
*/
ecp_group_id *ecp_get_default_echd_curve_list( void )
{
static ecp_group_id ecdh_default_curve_list[ECP_NUM_SUPPORTED_CURVES];
int i;
/* Build the list of default curves based on ecp_supported_curves[] */
for( i = 0; i < ECP_NUM_SUPPORTED_CURVES; i++)
{
ecdh_default_curve_list[i] = ecp_supported_curves[i].grp_id;
}
return ecdh_default_curve_list;
}
/* /*
* Get the type of a curve * Get the type of a curve
*/ */

42
library/ssl_tls.c
View File

@ -3325,46 +3325,6 @@ static int ssl_handshake_init( ssl_context *ssl )
*/ */
int ssl_init( ssl_context *ssl ) int ssl_init( ssl_context *ssl )
{ {
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
/*
* ECDHE allowed curves and preference list
*
* We start with the most secure curves. From the same size curves, we prefer
* the SECP ones because they are much faster.
*
* TODO: Add the Montgomery curves
*/
static const ecp_group_id default_curve_list[] =
{
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
POLARSSL_ECP_DP_SECP521R1,
#endif
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
POLARSSL_ECP_DP_BP512R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
POLARSSL_ECP_DP_SECP384R1,
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
POLARSSL_ECP_DP_BP384R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
POLARSSL_ECP_DP_SECP256R1,
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
POLARSSL_ECP_DP_BP256R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
POLARSSL_ECP_DP_SECP224R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
POLARSSL_ECP_DP_SECP192R1,
#endif
POLARSSL_ECP_DP_NONE
};
#endif
int ret; int ret;
int len = SSL_BUFFER_LEN; int len = SSL_BUFFER_LEN;
@ -3426,7 +3386,7 @@ int ssl_init( ssl_context *ssl )
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_CURVES) defined(POLARSSL_SSL_SET_CURVES)
ssl->curve_list = default_curve_list; ssl->curve_list = ecp_get_default_echd_curve_list( );
#endif #endif
if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) if( ( ret = ssl_handshake_init( ssl ) ) != 0 )