[PATCH v2 1/2] ecc: add l_ecc_curve_get_supported_groups

[PATCH v2 1/2] ecc: add l_ecc_curve_get_supported_groups

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1773 bytes --]

---
 ell/ecc.c   | 18 ++++++++++++++++++
 ell/ecc.h   |  1 +
 ell/ell.sym |  1 +
 3 files changed, 20 insertions(+)

diff --git a/ell/ecc.c b/ell/ecc.c
index 053e5fb..b2110df 100644
--- a/ell/ecc.c
+++ b/ell/ecc.c
@@ -90,6 +90,9 @@ static const struct l_ecc_curve *curves[] = {
 	&p384,
 };
 
+static unsigned int supported_groups[L_ARRAY_SIZE(curves) + 1];
+static bool first = true;
+
 LIB_EXPORT const struct l_ecc_curve *l_ecc_curve_get(unsigned int group)
 {
 	int i;
@@ -102,6 +105,21 @@ LIB_EXPORT const struct l_ecc_curve *l_ecc_curve_get(unsigned int group)
 	return NULL;
 }
 
+LIB_EXPORT const unsigned int *l_ecc_curve_get_supported_groups(void)
+{
+	if (first) {
+		unsigned int i;
+
+		for (i = 0; i < L_ARRAY_SIZE(curves); i++)
+			supported_groups[i] = curves[i]->group;
+
+		supported_groups[i] = 0;
+		first = false;
+	}
+
+	return supported_groups;
+}
+
 static bool ecc_valid_point(struct l_ecc_point *point)
 {
 	const struct l_ecc_curve *curve = point->curve;
diff --git a/ell/ecc.h b/ell/ecc.h
index 9a852ff..0c2b33c 100644
--- a/ell/ecc.h
+++ b/ell/ecc.h
@@ -43,6 +43,7 @@ enum l_ecc_point_type {
 };
 
 const struct l_ecc_curve *l_ecc_curve_get(unsigned int group);
+const unsigned int *l_ecc_curve_get_supported_groups(void);
 
 struct l_ecc_point *l_ecc_point_new(const struct l_ecc_curve *curve);
 struct l_ecc_point *l_ecc_point_from_data(const struct l_ecc_curve *curve,
diff --git a/ell/ell.sym b/ell/ell.sym
index 58b8c8e..4a806aa 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -458,6 +458,7 @@ global:
 	l_certchain_verify;
 	/* ecc */
 	l_ecc_curve_get;
+	l_ecc_curve_get_supported_groups;
 	l_ecc_curve_get_order;
 	l_ecc_curve_get_prime;
 	l_ecc_point_add;
-- 
2.17.1

[PATCH v2 2/2] ecc: document where ECC groups came from

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 911 bytes --]

For future reference a comment was added pointing to RFC 5114
---
 ell/ecc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ell/ecc.c b/ell/ecc.c
index b2110df..a9eedf4 100644
--- a/ell/ecc.c
+++ b/ell/ecc.c
@@ -32,6 +32,9 @@
 #include "ecc-private.h"
 #include "random.h"
 
+/*
+ * RFC 5114 - Section 2.6 256-bit Random ECP Group
+ */
 #define P256_CURVE_P { 0xFFFFFFFFFFFFFFFFull, 0x00000000FFFFFFFFull, \
 			0x0000000000000000ull, 0xFFFFFFFF00000001ull }
 #define P256_CURVE_GX { 0xF4A13945D898C296ull, 0x77037D812DEB33A0ull,   \
@@ -56,6 +59,9 @@ static const struct l_ecc_curve p256 = {
 	.b = P256_CURVE_B,
 };
 
+/*
+ * RFC 5114 - Section 2.7 384-bit Random ECP Group
+ */
 #define P384_CURVE_P {	0x00000000FFFFFFFFull, 0xFFFFFFFF00000000ull, \
 			0xFFFFFFFFFFFFFFFEull, 0xFFFFFFFFFFFFFFFFull, \
 			0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }
-- 
2.17.1

Re: [PATCH v2 1/2] ecc: add l_ecc_curve_get_supported_groups

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]

Hi James,

On 01/15/2019 04:43 PM, James Prestwood wrote:
> ---
>   ell/ecc.c   | 18 ++++++++++++++++++
>   ell/ecc.h   |  1 +
>   ell/ell.sym |  1 +
>   3 files changed, 20 insertions(+)
> 
> diff --git a/ell/ecc.c b/ell/ecc.c
> index 053e5fb..b2110df 100644
> --- a/ell/ecc.c
> +++ b/ell/ecc.c
> @@ -90,6 +90,9 @@ static const struct l_ecc_curve *curves[] = {
>   	&p384,
>   };
>   
> +static unsigned int supported_groups[L_ARRAY_SIZE(curves) + 1];
> +static bool first = true;
> +

I moved these into the function definition itself to make things a bit 
neater.

Applied, thanks.

Regards,
-Denis

Re: [PATCH v2 2/2] ecc: document where ECC groups came from

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

Hi James,

On 01/15/2019 04:43 PM, James Prestwood wrote:
> For future reference a comment was added pointing to RFC 5114
> ---
>   ell/ecc.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 

Applied.

But the original question was actually about where the group identifiers 
came from?  E.g. group 19, 20 etc.

Regards,
-Denis

Re: [PATCH v2 2/2] ecc: document where ECC groups came from

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 963 bytes --]

On Wed, 2019-01-16 at 10:38 -0600, Denis Kenzior wrote:
> Hi James,
> 
> On 01/15/2019 04:43 PM, James Prestwood wrote:
> > For future reference a comment was added pointing to RFC 5114
> > ---
> >   ell/ecc.c | 6 ++++++
> >   1 file changed, 6 insertions(+)
> > 
> 
> Applied.
> 
> But the original question was actually about where the group
> identifiers 
> came from?  E.g. group 19, 20 etc.

Ah, ok. Well they are in that RFC, just a different section. Actually
after looking into this I am somewhat confused. I originally based my
ECC groups off hostapd, and e.g. EAP-PWD which says group 19 (256-bit)
must be supported. Sort of after the fact I saw that these group
numbers were defined in RFC 5114. Now after revisiting this I see there
are actually two tables, one for IKE and one for TLS, and the group
numbers do not match. Maybe once ECC is used in TLS we will need a
mapping?

Thanks,
James
> 
> Regards,
> -Denis
> 

[PATCH v2 2/2] ecc: document where ECC groups came from

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 911 bytes --]

For future reference a comment was added pointing to RFC 5114
---
 ell/ecc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ell/ecc.c b/ell/ecc.c
index b2110df..1ce12a4 100644
--- a/ell/ecc.c
+++ b/ell/ecc.c
@@ -32,6 +32,9 @@
 #include "ecc-private.h"
 #include "random.h"
 
+/*
+ * RFC 5114 - Section 2.6 256-bit Random ECP Group
+ */
 #define P256_CURVE_P { 0xFFFFFFFFFFFFFFFFull, 0x00000000FFFFFFFFull, \
 			0x0000000000000000ull, 0xFFFFFFFF00000001ull }
 #define P256_CURVE_GX { 0xF4A13945D898C296ull, 0x77037D812DEB33A0ull,   \
@@ -56,6 +59,9 @@ static const struct l_ecc_curve p256 = {
 	.b = P256_CURVE_B,
 };
 
+/*
+ * RFC 5114 - Section 2.6 384-bit Random ECP Group
+ */
 #define P384_CURVE_P {	0x00000000FFFFFFFFull, 0xFFFFFFFF00000000ull, \
 			0xFFFFFFFFFFFFFFFEull, 0xFFFFFFFFFFFFFFFFull, \
 			0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }
-- 
2.17.1