Does mbedtls support ec_point_format compressed?

[SongGuyang]

There has ec_point_formats define MBEDTLS_ECP_PF_COMPRESSED.

#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */`

But, in ssl_write_supported_point_formats_ext, the supported_point_formats fill MBEDTLS_ECP_PF_UNCOMPRESSED never change.

static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
                                                   unsigned char *buf,
                                                   size_t *olen )
{
    unsigned char *p = buf;
    ((void) ssl);

    if( ( ssl->handshake->cli_exts &
          MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
    {
        *olen = 0;
        return;
    }

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );

    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );

    *p++ = 0x00;
    *p++ = 2;

    *p++ = 1;
    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;

    *olen = 6;
}

So, does mbedtls support ec_point_format compressed?

[dbedev]

Also interested in having support for this feature. With the released code there only seems to be support for writing compressed EC points. Reading and decompressing is not there (yet?).

Did find the following pull request to add a decompression method some time ago.

#521

Is there a plan on when this should get integrated?

[mpg]

mbed TLS does indeed support the TLS extension ec_point_format. Supporting that extension does not mean having to support reading all possible point formats. In fact it is the very point of the extension is the opposite: allow implementations to choose what formats they support for reading, and signal that to peers in order to interoperate. (There is a mandatory-to-implement format, which is uncompressed.)

The #defines you mention are meant to be used as parameters to mbedtls_ecp_tls_write_point(), as writing in compressed format is supported, even if reading isn't.

I can't answer regarding plans, but for what it's worth, I'd like to mention that TLS 1.3 is going to deprecate compressed point format, and the successor of RFC 4492 (ECC in TLS) is going to do the same for previous versions of TLS. https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-16#section-5.1.2

[mwarning]

Relevant: #521

[mpg]

Support for compressed format has been deprecated by RFC 8422 in the context of TLS, which reflects a more general sentiment in the ECC community to prefer uncompressed format. Also, implementing it correctly for all supported curves would require substantial code, impacting our footprint.

At this point, we're unlikely to want to add that amount of code for a feature that's formally deprecated in TLS and being abandoned more generally, so I'm closing this issue.

Thanks for your interest in Mbed TLS anyway.