Add NamedGroup IANA values and helper functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-04-01 13:20:30 +00:00 · 2021-08-27 22:06:20 +08:00 · 2021-08-27 22:06:20 +08:00 · e226cef124
commit e226cef124
parent 26f4d15d13
2 changed files with 49 additions and 0 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -169,6 +169,37 @@
 /** Invalid value in SSL config */
 #define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80

+/*
+ * TLS 1.3 NamedGroup values
+ *
+ * From RF 8446
+ *    enum {
+ *         // Elliptic Curve Groups (ECDHE)
+ *         secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ *         x25519(0x001D), x448(0x001E),
+ *         // Finite Field Groups (DHE)
+ *         ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ *         ffdhe6144(0x0103), ffdhe8192(0x0104),
+ *         // Reserved Code Points
+ *         ffdhe_private_use(0x01FC..0x01FF),
+ *         ecdhe_private_use(0xFE00..0xFEFF),
+ *         (0xFFFF)
+ *     } NamedGroup;
+ *
+ */
+/* Elliptic Curve Groups (ECDHE) */
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1     0x0017
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1     0x0018
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1     0x0019
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519        0x001D
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448          0x001E
+/* Finite Field Groups (DHE) */
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048     0x0100
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072     0x0101
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096     0x0102
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144     0x0103
+#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192     0x0104
+
 /*
 * TLS 1.3 Key Exchange Modes
 *
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1439,6 +1439,24 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)

+/*
+ * Helper functions for NamedGroup.
+ */
+static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
+{
+    return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519    ||
+            named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
+}
+
+static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group )
+{
+    return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
+            named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
+}
+
 static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
                                                    mbedtls_ssl_states state )
 {