Align remaining TLS ECDH APIs on "group" terminology
This adds "group" versions of our codepoint-based APIs. This is mostly
because it looks weird to switch terminology randomly in the
implementation. See I7a356793d36419fc668364c912ca7b4f5c6c23a2 for
additional context.
I've not bothered renaming the bssl_shim flags. That seems a waste of
time.
Change-Id: I566ad132f5a33d99efd8cb2bb8b76d9a6038c825
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60207
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 31add55..5084fa2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2353,7 +2353,7 @@
// element of |groups| should be a |NID_*| constant from nid.h. It returns one
// on success and zero on failure.
//
-// Note that this API does not use the |SSL_CURVE_*| values defined below.
+// Note that this API does not use the |SSL_GROUP_*| values defined below.
OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups,
size_t num_groups);
@@ -2361,7 +2361,7 @@
// element of |groups| should be a |NID_*| constant from nid.h. It returns one
// on success and zero on failure.
//
-// Note that this API does not use the |SSL_CURVE_*| values defined below.
+// Note that this API does not use the |SSL_GROUP_*| values defined below.
OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups,
size_t num_groups);
@@ -2377,27 +2377,24 @@
// failure.
OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups);
-// SSL_CURVE_* define TLS curve IDs.
-#define SSL_CURVE_SECP224R1 21
-#define SSL_CURVE_SECP256R1 23
-#define SSL_CURVE_SECP384R1 24
-#define SSL_CURVE_SECP521R1 25
-#define SSL_CURVE_X25519 29
-#define SSL_CURVE_X25519_KYBER768_DRAFT00 0x6399
+// SSL_GROUP_* define TLS group IDs.
+#define SSL_GROUP_SECP224R1 21
+#define SSL_GROUP_SECP256R1 23
+#define SSL_GROUP_SECP384R1 24
+#define SSL_GROUP_SECP521R1 25
+#define SSL_GROUP_X25519 29
+#define SSL_GROUP_X25519_KYBER768_DRAFT00 0x6399
-// SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently
-// completed handshake or 0 if not applicable.
-//
-// TODO(davidben): This API currently does not work correctly if there is a
-// renegotiation in progress. Fix this.
-OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl);
+// SSL_get_group_id returns the ID of the group used by |ssl|'s most recently
+// completed handshake, or 0 if not applicable.
+OPENSSL_EXPORT uint16_t SSL_get_group_id(const SSL *ssl);
-// SSL_get_curve_name returns a human-readable name for the curve specified by
-// the given TLS curve id, or NULL if the curve is unknown.
-OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
+// SSL_get_group_name returns a human-readable name for the group specified by
+// the given TLS group ID, or NULL if the group is unknown.
+OPENSSL_EXPORT const char *SSL_get_group_name(uint16_t group_id);
-// SSL_get_all_curve_names outputs a list of possible strings
-// |SSL_get_curve_name| may return in this version of BoringSSL. It writes at
+// SSL_get_all_group_names outputs a list of possible strings
+// |SSL_get_group_name| may return in this version of BoringSSL. It writes at
// most |max_out| entries to |out| and returns the total number it would have
// written, if |max_out| had been large enough. |max_out| may be initially set
// to zero to size the output.
@@ -2408,7 +2405,7 @@
// placeholder, experimental, or deprecated values that do not apply to every
// caller. Future versions of BoringSSL may also return strings not in this
// list, so this does not apply if, say, sending strings across services.
-OPENSSL_EXPORT size_t SSL_get_all_curve_names(const char **out, size_t max_out);
+OPENSSL_EXPORT size_t SSL_get_all_group_names(const char **out, size_t max_out);
// Certificate verification.
@@ -5243,6 +5240,15 @@
#define SSL_set1_curves SSL_set1_groups
#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
#define SSL_set1_curves_list SSL_set1_groups_list
+#define SSL_get_curve_id SSL_get_group_id
+#define SSL_get_curve_name SSL_get_group_name
+#define SSL_get_all_curve_names SSL_get_all_group_names
+#define SSL_CURVE_SECP224R1 SSL_GROUP_SECP224R1
+#define SSL_CURVE_SECP256R1 SSL_GROUP_SECP256R1
+#define SSL_CURVE_SECP384R1 SSL_GROUP_SECP384R1
+#define SSL_CURVE_SECP521R1 SSL_GROUP_SECP521R1
+#define SSL_CURVE_X25519 SSL_GROUP_X25519
+#define SSL_CURVE_X25519_KYBER768_DRAFT00 SSL_GROUP_X25519_KYBER768_DRAFT00
// Compliance policy configurations
diff --git a/ssl/extensions.cc b/ssl/extensions.cc
index 974a36c..c5b1ed1 100644
--- a/ssl/extensions.cc
+++ b/ssl/extensions.cc
@@ -206,7 +206,7 @@
static bool is_post_quantum_group(uint16_t id) {
switch (id) {
- case SSL_CURVE_X25519_KYBER768_DRAFT00:
+ case SSL_GROUP_X25519_KYBER768_DRAFT00:
return true;
default:
return false;
@@ -307,9 +307,9 @@
}
static const uint16_t kDefaultGroups[] = {
- SSL_CURVE_X25519,
- SSL_CURVE_SECP256R1,
- SSL_CURVE_SECP384R1,
+ SSL_GROUP_X25519,
+ SSL_GROUP_SECP256R1,
+ SSL_GROUP_SECP384R1,
};
Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index 6e5cc2d..a4563c7 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc
@@ -52,12 +52,12 @@
return false;
}
}
- CBB curves;
- if (!CBB_add_asn1(out, &curves, CBS_ASN1_OCTETSTRING)) {
+ CBB groups;
+ if (!CBB_add_asn1(out, &groups, CBS_ASN1_OCTETSTRING)) {
return false;
}
for (const NamedGroup& g : NamedGroups()) {
- if (!CBB_add_u16(&curves, g.group_id)) {
+ if (!CBB_add_u16(&groups, g.group_id)) {
return false;
}
}
@@ -169,46 +169,46 @@
return false;
}
- CBS curves;
- if (!CBS_get_asn1(in, &curves, CBS_ASN1_OCTETSTRING)) {
+ CBS groups;
+ if (!CBS_get_asn1(in, &groups, CBS_ASN1_OCTETSTRING)) {
return false;
}
- Array<uint16_t> supported_curves;
- if (!supported_curves.Init(CBS_len(&curves) / 2)) {
+ Array<uint16_t> supported_groups;
+ if (!supported_groups.Init(CBS_len(&groups) / 2)) {
return false;
}
size_t idx = 0;
- while (CBS_len(&curves)) {
- uint16_t curve;
- if (!CBS_get_u16(&curves, &curve)) {
+ while (CBS_len(&groups)) {
+ uint16_t group;
+ if (!CBS_get_u16(&groups, &group)) {
return false;
}
- supported_curves[idx++] = curve;
+ supported_groups[idx++] = group;
}
- Span<const uint16_t> configured_curves =
+ Span<const uint16_t> configured_groups =
tls1_get_grouplist(ssl->s3->hs.get());
- Array<uint16_t> new_configured_curves;
- if (!new_configured_curves.Init(configured_curves.size())) {
+ Array<uint16_t> new_configured_groups;
+ if (!new_configured_groups.Init(configured_groups.size())) {
return false;
}
idx = 0;
- for (uint16_t configured_curve : configured_curves) {
+ for (uint16_t configured_group : configured_groups) {
bool ok = false;
- for (uint16_t supported_curve : supported_curves) {
- if (supported_curve == configured_curve) {
+ for (uint16_t supported_group : supported_groups) {
+ if (supported_group == configured_group) {
ok = true;
break;
}
}
if (ok) {
- new_configured_curves[idx++] = configured_curve;
+ new_configured_groups[idx++] = configured_group;
}
}
if (idx == 0) {
return false;
}
- new_configured_curves.Shrink(idx);
- ssl->config->supported_group_list = std::move(new_configured_curves);
+ new_configured_groups.Shrink(idx);
+ ssl->config->supported_group_list = std::move(new_configured_groups);
CBS alps;
CBS_init(&alps, nullptr, 0);
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index e50a690..cffa52d 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -483,7 +483,7 @@
while (CBS_len(&supported_groups) > 0) {
uint16_t group;
if (!CBS_get_u16(&supported_groups, &group) ||
- group == SSL_CURVE_X25519) {
+ group == SSL_GROUP_X25519) {
return false;
}
}
diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc
index 77f16b5..b7ebef4 100644
--- a/ssl/ssl_key_share.cc
+++ b/ssl/ssl_key_share.cc
@@ -141,7 +141,7 @@
public:
X25519KeyShare() {}
- uint16_t GroupID() const override { return SSL_CURVE_X25519; }
+ uint16_t GroupID() const override { return SSL_GROUP_X25519; }
bool Generate(CBB *out) override {
uint8_t public_key[32];
@@ -198,7 +198,7 @@
X25519Kyber768KeyShare() {}
uint16_t GroupID() const override {
- return SSL_CURVE_X25519_KYBER768_DRAFT00;
+ return SSL_GROUP_X25519_KYBER768_DRAFT00;
}
bool Generate(CBB *out) override {
@@ -285,12 +285,12 @@
};
constexpr NamedGroup kNamedGroups[] = {
- {NID_secp224r1, SSL_CURVE_SECP224R1, "P-224", "secp224r1"},
- {NID_X9_62_prime256v1, SSL_CURVE_SECP256R1, "P-256", "prime256v1"},
- {NID_secp384r1, SSL_CURVE_SECP384R1, "P-384", "secp384r1"},
- {NID_secp521r1, SSL_CURVE_SECP521R1, "P-521", "secp521r1"},
- {NID_X25519, SSL_CURVE_X25519, "X25519", "x25519"},
- {NID_X25519Kyber768Draft00, SSL_CURVE_X25519_KYBER768_DRAFT00,
+ {NID_secp224r1, SSL_GROUP_SECP224R1, "P-224", "secp224r1"},
+ {NID_X9_62_prime256v1, SSL_GROUP_SECP256R1, "P-256", "prime256v1"},
+ {NID_secp384r1, SSL_GROUP_SECP384R1, "P-384", "secp384r1"},
+ {NID_secp521r1, SSL_GROUP_SECP521R1, "P-521", "secp521r1"},
+ {NID_X25519, SSL_GROUP_X25519, "X25519", "x25519"},
+ {NID_X25519Kyber768Draft00, SSL_GROUP_X25519_KYBER768_DRAFT00,
"X25519Kyber768Draft00", ""},
};
@@ -302,17 +302,17 @@
UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
switch (group_id) {
- case SSL_CURVE_SECP224R1:
- return MakeUnique<ECKeyShare>(NID_secp224r1, SSL_CURVE_SECP224R1);
- case SSL_CURVE_SECP256R1:
- return MakeUnique<ECKeyShare>(NID_X9_62_prime256v1, SSL_CURVE_SECP256R1);
- case SSL_CURVE_SECP384R1:
- return MakeUnique<ECKeyShare>(NID_secp384r1, SSL_CURVE_SECP384R1);
- case SSL_CURVE_SECP521R1:
- return MakeUnique<ECKeyShare>(NID_secp521r1, SSL_CURVE_SECP521R1);
- case SSL_CURVE_X25519:
+ case SSL_GROUP_SECP224R1:
+ return MakeUnique<ECKeyShare>(NID_secp224r1, SSL_GROUP_SECP224R1);
+ case SSL_GROUP_SECP256R1:
+ return MakeUnique<ECKeyShare>(NID_X9_62_prime256v1, SSL_GROUP_SECP256R1);
+ case SSL_GROUP_SECP384R1:
+ return MakeUnique<ECKeyShare>(NID_secp384r1, SSL_GROUP_SECP384R1);
+ case SSL_GROUP_SECP521R1:
+ return MakeUnique<ECKeyShare>(NID_secp521r1, SSL_GROUP_SECP521R1);
+ case SSL_GROUP_X25519:
return MakeUnique<X25519KeyShare>();
- case SSL_CURVE_X25519_KYBER768_DRAFT00:
+ case SSL_GROUP_X25519_KYBER768_DRAFT00:
return MakeUnique<X25519Kyber768KeyShare>();
default:
return nullptr;
@@ -349,7 +349,7 @@
using namespace bssl;
-const char* SSL_get_curve_name(uint16_t group_id) {
+const char* SSL_get_group_name(uint16_t group_id) {
for (const auto &group : kNamedGroups) {
if (group.group_id == group_id) {
return group.name;
@@ -358,7 +358,7 @@
return nullptr;
}
-size_t SSL_get_all_curve_names(const char **out, size_t max_out) {
+size_t SSL_get_all_group_names(const char **out, size_t max_out) {
return GetAllNames(out, max_out, Span<const char *>(), &NamedGroup::name,
MakeConstSpan(kNamedGroups));
}
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 066fe69..b7303d4 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -2016,7 +2016,7 @@
return ssl_str_to_group_ids(&ssl->config->supported_group_list, groups);
}
-uint16_t SSL_get_curve_id(const SSL *ssl) {
+uint16_t SSL_get_group_id(const SSL *ssl) {
SSL_SESSION *session = SSL_get_session(ssl);
if (session == NULL) {
return 0;
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index bd58f1c..fdaf2fd 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -478,29 +478,29 @@
static const CurveTest kCurveTests[] = {
{
"P-256",
- { SSL_CURVE_SECP256R1 },
+ { SSL_GROUP_SECP256R1 },
},
{
"P-256:X25519Kyber768Draft00",
- { SSL_CURVE_SECP256R1, SSL_CURVE_X25519_KYBER768_DRAFT00 },
+ { SSL_GROUP_SECP256R1, SSL_GROUP_X25519_KYBER768_DRAFT00 },
},
{
"P-256:P-384:P-521:X25519",
{
- SSL_CURVE_SECP256R1,
- SSL_CURVE_SECP384R1,
- SSL_CURVE_SECP521R1,
- SSL_CURVE_X25519,
+ SSL_GROUP_SECP256R1,
+ SSL_GROUP_SECP384R1,
+ SSL_GROUP_SECP521R1,
+ SSL_GROUP_X25519,
},
},
{
"prime256v1:secp384r1:secp521r1:x25519",
{
- SSL_CURVE_SECP256R1,
- SSL_CURVE_SECP384R1,
- SSL_CURVE_SECP521R1,
- SSL_CURVE_X25519,
+ SSL_GROUP_SECP256R1,
+ SSL_GROUP_SECP384R1,
+ SSL_GROUP_SECP521R1,
+ SSL_GROUP_X25519,
},
},
};
@@ -5902,7 +5902,7 @@
bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(ssl));
EXPECT_TRUE(peer);
EXPECT_TRUE(SSL_get_current_cipher(ssl));
- EXPECT_TRUE(SSL_get_curve_id(ssl));
+ EXPECT_TRUE(SSL_get_group_id(ssl));
};
std::vector<std::thread> threads;
@@ -7754,7 +7754,7 @@
ASSERT_TRUE(cipher);
EXPECT_EQ(SSL_CIPHER_get_id(cipher),
uint32_t{TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256});
- EXPECT_EQ(SSL_get_curve_id(client.get()), SSL_CURVE_X25519);
+ EXPECT_EQ(SSL_get_group_id(client.get()), SSL_GROUP_X25519);
EXPECT_EQ(SSL_get_peer_signature_algorithm(client.get()),
SSL_SIGN_RSA_PKCS1_SHA256);
bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client.get()));
@@ -8726,7 +8726,7 @@
{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_AES_128_GCM_SHA256"}},
{SSL_get_all_cipher_names,
{"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS_AES_128_GCM_SHA256", "(NONE)"}},
- {SSL_get_all_curve_names, {"P-256", "X25519"}},
+ {SSL_get_all_group_names, {"P-256", "X25519"}},
{SSL_get_all_signature_algorithm_names,
{"rsa_pkcs1_sha256", "ecdsa_secp256r1_sha256", "ecdsa_sha256"}},
};
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 2640de7..e2f79d3 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -692,9 +692,9 @@
SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))) ||
!CheckListContains("OpenSSL cipher name", SSL_get_all_cipher_names,
SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))) ||
- (SSL_get_curve_id(ssl) != 0 &&
- !CheckListContains("curve", SSL_get_all_curve_names,
- SSL_get_curve_name(SSL_get_curve_id(ssl)))) ||
+ (SSL_get_group_id(ssl) != 0 &&
+ !CheckListContains("group", SSL_get_all_group_names,
+ SSL_get_group_name(SSL_get_group_id(ssl)))) ||
(SSL_get_peer_signature_algorithm(ssl) != 0 &&
!CheckListContains(
"sigalg", SSL_get_all_signature_algorithm_names,
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index b204491..4cb3485 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -1899,27 +1899,27 @@
std::vector<int> nids;
for (auto curve : curves) {
switch (curve) {
- case SSL_CURVE_SECP224R1:
+ case SSL_GROUP_SECP224R1:
nids.push_back(NID_secp224r1);
break;
- case SSL_CURVE_SECP256R1:
+ case SSL_GROUP_SECP256R1:
nids.push_back(NID_X9_62_prime256v1);
break;
- case SSL_CURVE_SECP384R1:
+ case SSL_GROUP_SECP384R1:
nids.push_back(NID_secp384r1);
break;
- case SSL_CURVE_SECP521R1:
+ case SSL_GROUP_SECP521R1:
nids.push_back(NID_secp521r1);
break;
- case SSL_CURVE_X25519:
+ case SSL_GROUP_X25519:
nids.push_back(NID_X25519);
break;
- case SSL_CURVE_X25519_KYBER768_DRAFT00:
+ case SSL_GROUP_X25519_KYBER768_DRAFT00:
nids.push_back(NID_X25519Kyber768Draft00);
break;
}
diff --git a/tool/transport_common.cc b/tool/transport_common.cc
index e889688..15358de 100644
--- a/tool/transport_common.cc
+++ b/tool/transport_common.cc
@@ -288,9 +288,9 @@
BIO_printf(bio, " Resumed session: %s\n",
SSL_session_reused(ssl) ? "yes" : "no");
BIO_printf(bio, " Cipher: %s\n", SSL_CIPHER_standard_name(cipher));
- uint16_t curve = SSL_get_curve_id(ssl);
- if (curve != 0) {
- BIO_printf(bio, " ECDHE curve: %s\n", SSL_get_curve_name(curve));
+ uint16_t group = SSL_get_group_id(ssl);
+ if (group != 0) {
+ BIO_printf(bio, " ECDHE group: %s\n", SSL_get_group_name(group));
}
uint16_t sigalg = SSL_get_peer_signature_algorithm(ssl);
if (sigalg != 0) {
