Refactored: Moved TLSGroupNames to constants

Added: Test group_to_name in tests/constants.c
Refactored: Moved tests in separate functions in tests/constants.c

Author: kraemv

src/constants.rs

@@ -120,6 +120,27 @@ pub fn sig_scheme_to_type_nid(scheme: SignatureScheme) -> Option<c_int> {
     }
 }
 
+pub fn named_group_to_tls_name(id: NamedGroup) -> Option<&'static CStr> {
+    match id {
+        NamedGroup::secp256r1 => Some(c"secp256r1"),
+        NamedGroup::secp384r1 => Some(c"secp384r1"),
+        NamedGroup::secp521r1 => Some(c"secp521r1"),
+        NamedGroup::X25519 => Some(c"x25519"),
+        NamedGroup::X448 => Some(c"x448"),
+        NamedGroup::FFDHE2048 => Some(c"ffdhe2048"),
+        NamedGroup::FFDHE3072 => Some(c"ffdhe3072"),
+        NamedGroup::FFDHE4096 => Some(c"ffdhe4096"),
+        NamedGroup::FFDHE6144 => Some(c"ffdhe6144"),
+        NamedGroup::FFDHE8192 => Some(c"ffdhe8192"),
+        NamedGroup::MLKEM512 => Some(c"MLKEM512"),
+        NamedGroup::MLKEM768 => Some(c"MLKEM768"),
+        NamedGroup::MLKEM1024 => Some(c"MLKEM1024"),
+        NamedGroup::X25519MLKEM768 => Some(c"X25519MLKEM768"),
+        NamedGroup::secp256r1MLKEM768 => Some(c"SecP256r1MLKEM768"),
+        _ => None,
+    }
+}
+
 pub fn named_group_to_nid(group: NamedGroup) -> Option<c_int> {
     use NamedGroup::*;
 

src/entry.rs

@@ -22,7 +22,7 @@ use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
 
 use crate::bio::{Bio, BIO, BIO_METHOD};
 use crate::callbacks::SslCallbackContext;
-use crate::constants::{named_group_to_nid, sig_scheme_to_type_nid};
+use crate::constants::{named_group_to_nid, named_group_to_tls_name, sig_scheme_to_type_nid};
 use crate::error::{ffi_panic_boundary, Error, MysteriouslyOppositeReturnValue};
 use crate::evp_pkey::EvpPkey;
 use crate::ex_data::ExData;
@@ -1481,10 +1481,12 @@ entry! {
             .get()
             .get_groups()
             .iter()
-            .find(|group| named_group_to_nid(group.name()) == Some(id))
-            .map(|group| group.name())
-            .and_then(crate::TlsGroupInfo::find_by_id)
-            .map(|group| group.tls_name.as_ptr())
+            .find_map(|group| match named_group_to_nid(group.name()) {
+                Some(nid) if nid == id => {
+                    named_group_to_tls_name(group.name()).map(|info| info.as_ptr())
+                }
+                _ => None,
+            })
             .unwrap_or_else(ptr::null)
     }
 }

src/lib.rs

@@ -18,7 +18,7 @@ use rustls::pki_types::{CertificateDer, ServerName};
 use rustls::server::{Accepted, Acceptor, ProducesTickets};
 use rustls::{
     AlertDescription, CipherSuite, ClientConfig, ClientConnection, Connection, HandshakeKind,
-    NamedGroup, ProtocolVersion, ServerConfig, SignatureScheme, SupportedProtocolVersion,
+    ProtocolVersion, ServerConfig, SignatureScheme, SupportedProtocolVersion,
 };
 
 use not_thread_safe::NotThreadSafe;
@@ -240,158 +240,6 @@ static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     description: c"TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
 };
 
-#[allow(dead_code)]
-struct TlsGroupInfo {
-    pub tls_name: &'static CStr,
-    pub standard_name: &'static CStr,
-    pub algorithm: &'static CStr,
-    pub secbits: usize,
-    pub group_id: NamedGroup,
-}
-
-impl TlsGroupInfo {
-    pub fn find_by_id(id: NamedGroup) -> Option<&'static Self> {
-        match id {
-            NamedGroup::secp256r1 => Some(&SECP256R1),
-            NamedGroup::secp384r1 => Some(&SECP384R1),
-            NamedGroup::secp521r1 => Some(&SECP521R1),
-            NamedGroup::X25519 => Some(&X25519),
-            NamedGroup::X448 => Some(&X448),
-            NamedGroup::FFDHE2048 => Some(&FFDHE2048),
-            NamedGroup::FFDHE3072 => Some(&FFDHE3072),
-            NamedGroup::FFDHE4096 => Some(&FFDHE4096),
-            NamedGroup::FFDHE6144 => Some(&FFDHE6144),
-            NamedGroup::FFDHE8192 => Some(&FFDHE8192),
-            NamedGroup::MLKEM512 => Some(&MLKEM512),
-            NamedGroup::MLKEM768 => Some(&MLKEM768),
-            NamedGroup::MLKEM1024 => Some(&MLKEM1024),
-            NamedGroup::X25519MLKEM768 => Some(&X25519MLKEM768),
-            NamedGroup::secp256r1MLKEM768 => Some(&SECP256R1_MLKEM768),
-            _ => None,
-        }
-    }
-}
-
-static SECP256R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp256r1",
-    standard_name: c"prime256v1",
-    algorithm: c"EC",
-    secbits: 128,
-    group_id: NamedGroup::secp256r1,
-};
-
-static SECP384R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp384r1",
-    standard_name: c"secp384r1",
-    algorithm: c"EC",
-    secbits: 192,
-    group_id: NamedGroup::secp384r1,
-};
-
-static SECP521R1: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"secp521r1",
-    standard_name: c"secp521r1",
-    algorithm: c"EC",
-    secbits: 256,
-    group_id: NamedGroup::secp521r1,
-};
-
-static X25519: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"x25519",
-    standard_name: c"X25519",
-    algorithm: c"X25519",
-    secbits: 128,
-    group_id: NamedGroup::X25519,
-};
-
-static X448: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"x448",
-    standard_name: c"X448",
-    algorithm: c"X448",
-    secbits: 224,
-    group_id: NamedGroup::X448,
-};
-
-static FFDHE2048: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe2048",
-    standard_name: c"ffdhe2048",
-    algorithm: c"DH",
-    secbits: 112,
-    group_id: NamedGroup::FFDHE2048,
-};
-
-static FFDHE3072: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe3072",
-    standard_name: c"ffdhe3072",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE3072,
-};
-
-static FFDHE4096: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe4096",
-    standard_name: c"ffdhe4096",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE4096,
-};
-
-static FFDHE6144: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe6144",
-    standard_name: c"ffdhe6144",
-    algorithm: c"DH",
-    secbits: 128,
-    group_id: NamedGroup::FFDHE6144,
-};
-
-static FFDHE8192: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"ffdhe8192",
-    standard_name: c"ffdhe8192",
-    algorithm: c"DH",
-    secbits: 192,
-    group_id: NamedGroup::FFDHE8192,
-};
-
-static MLKEM512: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM512",
-    standard_name: c"",
-    algorithm: c"ML-KEM-512",
-    secbits: 128,
-    group_id: NamedGroup::MLKEM512,
-};
-
-static MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM768",
-    standard_name: c"",
-    algorithm: c"ML-KEM-768",
-    secbits: 192,
-    group_id: NamedGroup::MLKEM768,
-};
-
-static MLKEM1024: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"MLKEM1024",
-    standard_name: c"",
-    algorithm: c"ML-KEM-1024",
-    secbits: 256,
-    group_id: NamedGroup::MLKEM1024,
-};
-
-static X25519MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"X25519MLKEM768",
-    standard_name: c"",
-    algorithm: c"X25519MLKEM768",
-    secbits: 192,
-    group_id: NamedGroup::X25519MLKEM768,
-};
-
-static SECP256R1_MLKEM768: TlsGroupInfo = TlsGroupInfo {
-    tls_name: c"SecP256r1MLKEM768",
-    standard_name: c"",
-    algorithm: c"SecP256r1MLKEM768",
-    secbits: 192,
-    group_id: NamedGroup::secp256r1MLKEM768,
-};
-
 /// Backs a server-side SSL_SESSION object
 ///
 /// Note that this has equality and ordering entirely based on the `id` field.
@@ -1261,6 +1109,7 @@ impl Ssl {
         if let ConnMode::Unknown = self.mode {
             self.set_client_mode();
         }
+
         if matches!(self.conn, ConnState::Nothing) {
             self.init_client_conn()?;
         }

tests/constants.c

@@ -6,10 +6,36 @@
 
 #include <openssl/ssl.h>
 
-int main(void) {
+void print_group_to_name(){
+  // secp{256, 384, 521}r1, x{25519, 448}, ffdhe{2048, 3072, 4096, 6144, 8192}
+  int supported_nids[] = {415, 715, 716, 1034, 1035, 1126, 1127, 1128, 1129, 1130};
+  SSL_CTX *ctx = SSL_CTX_new(TLS_method());
+  if (!ctx) {
+      printf("Failed allocating SSL context\n");
+      return;
+  }
+  SSL *ssl_inst = SSL_new(ctx);
+  if (!ssl_inst) {
+      printf("Failed allocating SSL struct\n");
+      return;
+  }
+  
+  for(size_t i=0; i < sizeof(supported_nids)/sizeof(int); i += 1){
+    printf("%s\n", SSL_group_to_name(ssl_inst, supported_nids[i]));
+  }
+  
+  SSL_free(ssl_inst);
+  SSL_CTX_free(ctx);
+}
+
+void print_alert_desc_string(){
   for (int i = -1; i < 260; i++) {
     printf("%d: '%s' '%s'\n", i, SSL_alert_desc_string(i),
            SSL_alert_desc_string_long(i));
   }
+}
+int main(void) {
+  print_alert_desc_string();
+  print_group_to_name();
   return 0;
 }