Restrict DTLS 1.2 key exchange to P-256/P-384 (for now)

algesten · web-flow · commit dce1cfa38886 · 2026-03-01T16:00:17.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 # Unreleased
 
+  * Restrict DTLS 1.2 key exchange to P-256/P-384 (for now) #70
   * Add AEAD, encrypt_sn, and key exchange validation to CryptoProvider #68
   * Add #[non_exhaustive] to public API enums likely to grow (breaking) #69
   * feat: Add protocol_version() accessor to Dtls #59
diff --git a/src/crypto/validation/mod.rs b/src/crypto/validation/mod.rs
@@ -44,6 +44,20 @@ impl CryptoProvider {
         })
     }
 
+    /// Returns an iterator over key exchange groups supported for DTLS 1.2.
+    ///
+    /// DTLS 1.2 only supports ECDHE with NIST curves:
+    /// - P-256 (secp256r1)
+    /// - P-384 (secp384r1)
+    pub fn supported_dtls12_kx_groups(
+        &self,
+    ) -> impl Iterator<Item = &'static dyn SupportedKxGroup> {
+        self.kx_groups
+            .iter()
+            .copied()
+            .filter(|kx| matches!(kx.name(), NamedGroup::Secp256r1 | NamedGroup::Secp384r1))
+    }
+
     /// Returns cipher suites compatible with a specific signature algorithm.
     ///
     /// Combines provider filtering with signature algorithm compatibility.
diff --git a/src/dtls12/context.rs b/src/dtls12/context.rs
@@ -160,11 +160,10 @@ impl CryptoContext {
         named_group: NamedGroup,
         kx_buf: &mut Buf,
     ) -> Result<&[u8], String> {
-        // Find the matching key exchange group from the provider
+        // Find the matching key exchange group from the provider (DTLS 1.2 groups only)
         let kx_group = self
             .provider()
-            .kx_groups
-            .iter()
+            .supported_dtls12_kx_groups()
             .find(|g| g.name() == named_group)
             .ok_or_else(|| format!("Unsupported ECDHE named group: {:?}", named_group))?;
 
@@ -180,11 +179,10 @@ impl CryptoContext {
         server_public: &[u8],
         kx_buf: &mut Buf,
     ) -> Result<(), String> {
-        // Find the matching key exchange group from the provider
+        // Find the matching key exchange group from the provider (DTLS 1.2 groups only)
         let kx_group = self
             .provider()
-            .kx_groups
-            .iter()
+            .supported_dtls12_kx_groups()
             .find(|g| g.name() == group)
             .ok_or_else(|| format!("Unsupported ECDHE named group: {:?}", group))?;
 
diff --git a/src/dtls12/message/extensions/supported_groups.rs b/src/dtls12/message/extensions/supported_groups.rs
@@ -13,7 +13,7 @@ impl SupportedGroupsExtension {
     /// Create a SupportedGroupsExtension from a crypto provider
     pub fn from_provider(provider: &CryptoProvider) -> Self {
         let mut groups = NamedGroupVec::new();
-        for kx_group in provider.supported_kx_groups() {
+        for kx_group in provider.supported_dtls12_kx_groups() {
             groups.push(kx_group.name());
         }
         SupportedGroupsExtension { groups }

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ impl SupportedGroupsExtension {`
`13`	`13`	`/// Create a SupportedGroupsExtension from a crypto provider`
`14`	`14`	`pub fn from_provider(provider: &CryptoProvider) -> Self {`
`15`	`15`	`let mut groups = NamedGroupVec::new();`
`16`		`- for kx_group in provider.supported_kx_groups() {`
	`16`	`+ for kx_group in provider.supported_dtls12_kx_groups() {`
`17`	`17`	`groups.push(kx_group.name());`
`18`	`18`	`}`
`19`	`19`	`SupportedGroupsExtension { groups }`