From 49ac40b81bce5f3d0b608f166ba7de6ebc69b425 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 29 Aug 2019 16:25:49 +0100 Subject: [PATCH] Fixup: Don't reference legacy ECP curve identifier in config.h TinyCrypt should be used as a replacement of legacy ECC. In particular, there shouldn't be any use of identifiers from the legacy ECC module. So far, there's the configuration option MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in this case must resolve to an identifier of type mbedtls_ecp_group_id indicating which single curve to enable. With the introduction of TinyCrypt, we must either change the type of this option to mbedtls_uecc_group_id, or introduce a separate compilation option. In order to avoid type confusion, this commit follows tha latter approach, introducing the configuration option MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID that indicatesthe TinyCrypt group identifier of the single curve to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE and MBEDTLS_USE_TINYCRYPT are set. --- include/mbedtls/config.h | 7 +++++-- programs/ssl/query_config.c | 8 ++++++++ tests/scripts/all.sh | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0b4380276..7b50ef047 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2577,7 +2577,7 @@ * Requires: MBEDTLS_SSL_CONF_RNG * MBEDTLS_SSL_CONF_SINGLE_EC * MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23 - * MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1 + * MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1 * * \see MBEDTLS_SSL_CONF_RNG * @@ -3755,11 +3755,13 @@ * curve operations during the handshake. * * If this is set, you must also define the following: - * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID + * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID (if MBEDTLS_ECP_C is set) * This must resolve to the Mbed TLS group ID for the elliptic * curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1); see * ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list * of curve identifiers. + * - MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID (if MBEDTLS_USE_TINYCRYPT is set) + * This must resolve to MBEDTLS_UECC_DP_SECP256R1. * - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID * This must resolve to the identifier for the elliptic curve * to use according to the IANA NamedCurve registry: @@ -3771,6 +3773,7 @@ //#define MBEDTLS_SSL_CONF_SINGLE_EC //#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23 //#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1 +//#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1 /* Enable support a single signature hash algorithm * at compile-time, at the benefit of code-size. diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index c17941929..dd5051466 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2866,6 +2866,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */ +#if defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID) + if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID */ + #if defined(MBEDTLS_SSL_CONF_SINGLE_SIG_HASH) if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_SIG_HASH", config ) == 0 ) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ef5dfccd9..7b25ad28e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1423,7 +1423,7 @@ component_test_default_tinycrypt_without_legacy_ecdh () { scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23 - scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1 + scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1 scripts/config.pl unset MBEDTLS_ECDH_C scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED