From 27b7e50dcd6df37bf3368d154a8355afb5baf2f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 23 Aug 2019 14:39:50 +0100 Subject: [PATCH] TinyCrypt SSL: Declare EC-related TLS RFC constants in SSL namespace mbedtls/ecp.h defines constants MBEDTLS_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_COMPRESSED MBEDTLS_ECP_TLS_NAMED_CURVE which regard the encoding of elliptic curves and curve point formats in TLS. As such, they should be defined in the SSL namespace. Asides, this will help replacing the legacy ECC crypto by alternative ECC implementations. --- include/mbedtls/ssl_internal.h | 12 ++++++++++++ library/ssl_cli.c | 8 ++++---- library/ssl_srv.c | 8 ++++---- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 1ba1fe035..0e38bc3c8 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1885,4 +1885,16 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ); #endif /* MBEDTLS_USE_TINYCRYPT */ + +/* + * Point formats, from RFC 4492's enum ECPointFormat + */ +#define MBEDTLS_SSL_EC_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */ +#define MBEDTLS_SSL_EC_PF_COMPRESSED 1 /**< Compressed point format. */ + +/* + * Some other constants from RFC 4492 + */ +#define MBEDTLS_SSL_EC_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */ + #endif /* ssl_internal.h */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 97ae00e74..330d017ed 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -331,7 +331,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *p++ = 2; *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; + *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED; *olen = 6; } @@ -1405,8 +1405,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, p = buf + 1; while( list_size > 0 ) { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) + if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED || + p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED ) { #if defined(MBEDTLS_ECDH_C) ssl->handshake->ecdh_ctx.point_format = p[0]; @@ -2817,7 +2817,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) { static const unsigned char ecdh_group[] = { - MBEDTLS_ECP_TLS_NAMED_CURVE, + MBEDTLS_SSL_EC_TLS_NAMED_CURVE, 0 /* high bits of secp256r1 TLS ID */, 23 /* low bits of secp256r1 TLS ID */, }; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f617950c2..620fa5904 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -347,8 +347,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, p = buf + 1; while( list_size > 0 ) { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) + if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED || + p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED ) { #if defined(MBEDTLS_ECDH_C) ssl->handshake->ecdh_ctx.point_format = p[0]; @@ -2579,7 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *p++ = 2; *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; + *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED; *olen = 6; } @@ -3400,7 +3400,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ) { static const unsigned char ecdh_param_hdr[] = { - MBEDTLS_ECP_TLS_NAMED_CURVE, + MBEDTLS_SSL_EC_TLS_NAMED_CURVE, 0 /* high bits of secp256r1 TLS ID */, 23 /* low bits of secp256r1 TLS ID */, 2 * NUM_ECC_BYTES + 1,