Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fdaa2f1..2ab2e01 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -179,6 +179,9 @@
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
+ if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
+ endif()
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
endif()
@@ -194,6 +197,9 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
endif()
endif()
+ if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2")
+ endif()
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@@ -204,7 +210,7 @@
endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
diff --git a/ChangeLog b/ChangeLog
index 184bd09..a6d4adf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,116 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.26.0 branch released 2021-03-08
+
+API changes
+ * Renamed the PSA Crypto API output buffer size macros to bring them in line
+ with version 1.0.0 of the specification.
+ * The API glue function mbedtls_ecc_group_of_psa() now takes the curve size
+ in bits rather than bytes, with an additional flag to indicate if the
+ size may have been rounded up to a whole number of bytes.
+ * Renamed the PSA Crypto API AEAD tag length macros to bring them in line
+ with version 1.0.0 of the specification.
+
+Default behavior changes
+ * In mbedtls_rsa_context objects, the ver field was formerly documented
+ as always 0. It is now reserved for internal purposes and may take
+ different values.
+
+New deprecations
+ * PSA_KEY_EXPORT_MAX_SIZE, PSA_HASH_SIZE, PSA_MAC_FINAL_SIZE,
+ PSA_BLOCK_CIPHER_BLOCK_SIZE, PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE and
+ PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names
+ deprecated.
+ * PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and PSA_ALG_AEAD_WITH_TAG_LENGTH
+ have been renamed, and the old names deprecated.
+
+Features
+ * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG.
+ CTR_DRBG is used by default if it is available, but you can override
+ this choice by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE at compile time.
+ Fix #3354.
+ * Automatic fallback to a software implementation of ECP when
+ MBEDTLS_ECP_xxx_ALT accelerator hooks are in use can now be turned off
+ through setting the new configuration flag MBEDTLS_ECP_NO_FALLBACK.
+ * The PSA crypto subsystem can now be configured to use less static RAM by
+ tweaking the setting for the maximum amount of keys simultaneously in RAM.
+ MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that
+ can exist simultaneously. It has a sensible default if not overridden.
+ * Partial implementation of the PSA crypto driver interface: Mbed TLS can
+ now use an external random generator instead of the library's own
+ entropy collection and DRBG code. Enable MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ and see the documentation of mbedtls_psa_external_get_random() for details.
+ * Applications using both mbedtls_xxx and psa_xxx functions (for example,
+ applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA
+ random generator with mbedtls_xxx functions. See the documentation of
+ mbedtls_psa_get_random() for details.
+ * In the PSA API, the policy for a MAC or AEAD algorithm can specify a
+ minimum MAC or tag length thanks to the new wildcards
+ PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and
+ PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG.
+
+Security
+ * Fix a security reduction in CTR_DRBG when the initial seeding obtained a
+ nonce from entropy. Applications were affected if they called
+ mbedtls_ctr_drbg_set_nonce_len(), if they called
+ mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
+ length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
+ In such cases, a random nonce was necessary to achieve the advertised
+ security strength, but the code incorrectly used a constant instead of
+ entropy from the nonce.
+ Found by John Stroebel in #3819 and fixed in #3973.
+ * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
+ |A| - |B| where |B| is larger than |A| and has more limbs (so the
+ function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
+ applications calling mbedtls_mpi_sub_abs() directly are affected:
+ all calls inside the library were safe since this function is
+ only called with |A| >= |B|. Reported by Guido Vranken in #4042.
+ * Fix an errorneous estimation for an internal buffer in
+ mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
+ value the function might fail to write a private RSA keys of the largest
+ supported size.
+ Found by Daniel Otte, reported in #4093 and fixed in #4094.
+ * Fix a stack buffer overflow with mbedtls_net_poll() and
+ mbedtls_net_recv_timeout() when given a file descriptor that is
+ beyond FD_SETSIZE. Reported by FigBug in #4169.
+ * Guard against strong local side channel attack against base64 tables by
+ making access aceess to them use constant flow code.
+
+Bugfix
+ * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
+ * Fix memory leak that occured when calling psa_close_key() on a
+ wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
+ * Fix an incorrect error code if an RSA private operation glitched.
+ * Fix a memory leak in an error case in psa_generate_derived_key_internal().
+ * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
+ is enabled, on platforms where initializing a mutex allocates resources.
+ This was a regression introduced in the previous release. Reported in
+ #4017, #4045 and #4071.
+ * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
+ twice is safe. This happens for RSA when some Mbed TLS library functions
+ fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
+ enabled on platforms where freeing a mutex twice is not safe.
+ * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
+ when MBEDTLS_THREADING_C is enabled on platforms where initializing
+ a mutex allocates resources.
+ * Fixes a bug where, if the library was configured to include support for
+ both the old SE interface and the new PSA driver interface, external keys were
+ not loaded from storage. This was fixed by #3996.
+ * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
+ consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
+ include this extension in all CA certificates that contain public keys
+ used to validate digital signatures on certificates and MUST mark the
+ extension as critical in such certificates." Previous to this change,
+ the extension was always marked as non-critical. This was fixed by
+ #3698.
+
+Changes
+ * A new library C file psa_crypto_client.c has been created to contain
+ the PSA code needed by a PSA crypto client when the PSA crypto
+ implementation is not included into the library.
+ * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module
+ now uses the getrandom syscall instead of reading from /dev/urandom.
+
= mbed TLS 2.25.0 branch released 2020-12-11
API changes
diff --git a/ChangeLog.d/drbg-mutex.txt b/ChangeLog.d/drbg-mutex.txt
deleted file mode 100644
index 3ac5abf..0000000
--- a/ChangeLog.d/drbg-mutex.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
- is enabled, on platforms where initializing a mutex allocates resources.
- This was a regression introduced in the previous release. Reported in
- #4017, #4045 and #4071.
diff --git a/ChangeLog.d/dtls_sample_use_read_timeout.txt b/ChangeLog.d/dtls_sample_use_read_timeout.txt
new file mode 100644
index 0000000..e3150d6
--- /dev/null
+++ b/ChangeLog.d/dtls_sample_use_read_timeout.txt
@@ -0,0 +1,2 @@
+Changes
+ * Fix the setting of the read timeout in the DTLS sample programs.
diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt
new file mode 100644
index 0000000..4867721
--- /dev/null
+++ b/ChangeLog.d/fix-printf-specifiers.txt
@@ -0,0 +1,10 @@
+Bugfix
+ * Add printf function attributes to mbedtls_debug_print_msg to ensure we
+ get printf format specifier warnings.
+Changes
+ * Add extra printf compiler warning flags to builds.
+Requirement changes
+ * The library now uses the %zu format specifier with the printf() family of
+ functions, so requires a toolchain that supports it. This change does not
+ affect the maintained LTS branches, so when contributing changes please
+ bear this in mind and do not add them to backported code.
diff --git a/ChangeLog.d/fix_memsan_build_clang11.txt b/ChangeLog.d/fix_memsan_build_clang11.txt
new file mode 100644
index 0000000..3f5cc05
--- /dev/null
+++ b/ChangeLog.d/fix_memsan_build_clang11.txt
@@ -0,0 +1,2 @@
+Changes
+ * Fix memsan build false positive in x509_crt.c with clang 11
diff --git a/ChangeLog.d/fix_psa_crypto_leak.txt b/ChangeLog.d/fix_psa_crypto_leak.txt
deleted file mode 100644
index 6f9e5fe..0000000
--- a/ChangeLog.d/fix_psa_crypto_leak.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix a memory leak in an error case in psa_generate_derived_key_internal().
diff --git a/ChangeLog.d/getentropy.txt b/ChangeLog.d/getentropy.txt
deleted file mode 100644
index 460798f..0000000
--- a/ChangeLog.d/getentropy.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module
- now uses the getrandom syscall instead of reading from /dev/urandom.
diff --git a/ChangeLog.d/issue3819.txt b/ChangeLog.d/issue3819.txt
deleted file mode 100644
index e41520f..0000000
--- a/ChangeLog.d/issue3819.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Security
- * Fix a security reduction in CTR_DRBG when the initial seeding obtained a
- nonce from entropy. Applications were affected if they called
- mbedtls_ctr_drbg_set_nonce_len(), if they called
- mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
- length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
- In such cases, a random nonce was necessary to achieve the advertised
- security strength, but the code incorrectly used a constant instead of
- entropy from the nonce.
- Found by John Stroebel in #3819 and fixed in #3973.
diff --git a/ChangeLog.d/issue4093.txt b/ChangeLog.d/issue4093.txt
deleted file mode 100644
index f6985cf..0000000
--- a/ChangeLog.d/issue4093.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix an errorneous estimation for an internal buffer in
- mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
- value the function might fail to write a private RSA keys of the largest
- supported size.
- Found by Daniel Otte, reported in #4093 and fixed in #4094.
diff --git a/ChangeLog.d/mbedtls_ecc_group_of_psa.txt b/ChangeLog.d/mbedtls_ecc_group_of_psa.txt
deleted file mode 100644
index bce4c66..0000000
--- a/ChangeLog.d/mbedtls_ecc_group_of_psa.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-API changes
- * The API glue function mbedtls_ecc_group_of_psa() now takes the curve size
- in bits rather than bytes, with an additional flag to indicate if the
- size may have been rounded up to a whole number of bytes.
diff --git a/ChangeLog.d/mbedtls_psa_get_random.txt b/ChangeLog.d/mbedtls_psa_get_random.txt
deleted file mode 100644
index f6e6b09..0000000
--- a/ChangeLog.d/mbedtls_psa_get_random.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Features
- * Partial implementation of the PSA crypto driver interface: Mbed TLS can
- now use an external random generator instead of the library's own
- entropy collection and DRBG code. Enable MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- and see the documentation of mbedtls_psa_external_get_random() for details.
- * Applications using both mbedtls_xxx and psa_xxx functions (for example,
- applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA
- random generator with mbedtls_xxx functions. See the documentation of
- mbedtls_psa_get_random() for details.
diff --git a/ChangeLog.d/mpi_sub_abs.txt b/ChangeLog.d/mpi_sub_abs.txt
deleted file mode 100644
index 9f34ee7..0000000
--- a/ChangeLog.d/mpi_sub_abs.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
- * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
- |A| - |B| where |B| is larger than |A| and has more limbs (so the
- function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
- applications calling mbedtls_mpi_sub_abs() directly are affected:
- all calls inside the library were safe since this function is
- only called with |A| >= |B|. Reported by Guido Vranken in #4042.
diff --git a/ChangeLog.d/net_poll-fd_setsize.txt b/ChangeLog.d/net_poll-fd_setsize.txt
deleted file mode 100644
index e4db8c7..0000000
--- a/ChangeLog.d/net_poll-fd_setsize.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Fix a stack buffer overflow with mbedtls_net_poll() and
- mbedtls_net_recv_timeout() when given a file descriptor that is
- beyond FD_SETSIZE. Reported by FigBug in #4169.
diff --git a/ChangeLog.d/no_ecp_fallback.txt b/ChangeLog.d/no_ecp_fallback.txt
deleted file mode 100644
index f61d311..0000000
--- a/ChangeLog.d/no_ecp_fallback.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Automatic fallback to a software implementation of ECP when
- MBEDTLS_ECP_xxx_ALT accelerator hooks are in use can now be turned off
- through setting the new configuration flag MBEDTLS_ECP_NO_FALLBACK.
diff --git a/ChangeLog.d/programs-ssl-use-after-scope.txt b/ChangeLog.d/programs-ssl-use-after-scope.txt
deleted file mode 100644
index 64bea61..0000000
--- a/ChangeLog.d/programs-ssl-use-after-scope.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
diff --git a/ChangeLog.d/psa-crypto-api-rename-aead-tag-length-macros.txt b/ChangeLog.d/psa-crypto-api-rename-aead-tag-length-macros.txt
deleted file mode 100644
index 58c5e4f..0000000
--- a/ChangeLog.d/psa-crypto-api-rename-aead-tag-length-macros.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-API changes
- * Renamed the PSA Crypto API AEAD tag length macros to bring them in line
- with version 1.0.0 of the specification.
-
-New deprecations
- * PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and PSA_ALG_AEAD_WITH_TAG_LENGTH
- have been renamed, and the old names deprecated.
diff --git a/ChangeLog.d/psa-crypto-client.txt b/ChangeLog.d/psa-crypto-client.txt
deleted file mode 100644
index 3070ee9..0000000
--- a/ChangeLog.d/psa-crypto-client.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * A new library C file psa_crypto_client.c has been created to contain
- the PSA code needed by a PSA crypto client when the PSA crypto
- implementation is not included into the library.
diff --git a/ChangeLog.d/psa-crypto-hmac-drbg.txt b/ChangeLog.d/psa-crypto-hmac-drbg.txt
deleted file mode 100644
index 18a0d1b..0000000
--- a/ChangeLog.d/psa-crypto-hmac-drbg.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG.
- CTR_DRBG is used by default if it is available, but you can override
- this choice by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE at compile time.
- Fix #3354.
diff --git a/ChangeLog.d/psa-crypto-new-wildcard-policies.txt b/ChangeLog.d/psa-crypto-new-wildcard-policies.txt
deleted file mode 100644
index 56fbbc9..0000000
--- a/ChangeLog.d/psa-crypto-new-wildcard-policies.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * In the PSA API, the policy for a MAC or AEAD algorithm can specify a
- minimum MAC or tag length thanks to the new wildcards
- PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and
- PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG.
diff --git a/ChangeLog.d/psa-crypto-rename-output-buffer-size-macros.txt b/ChangeLog.d/psa-crypto-rename-output-buffer-size-macros.txt
deleted file mode 100644
index 1e8fb5f..0000000
--- a/ChangeLog.d/psa-crypto-rename-output-buffer-size-macros.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-API changes
- * Renamed the PSA Crypto API output buffer size macros to bring them in line
- with version 1.0.0 of the specification.
-
-New deprecations
- * PSA_KEY_EXPORT_MAX_SIZE, PSA_HASH_SIZE, PSA_MAC_FINAL_SIZE,
- PSA_BLOCK_CIPHER_BLOCK_SIZE, PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE and
- PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names
- deprecated.
diff --git a/ChangeLog.d/psa_allow_tweaking_library_configuration.txt b/ChangeLog.d/psa_allow_tweaking_library_configuration.txt
deleted file mode 100644
index 78b082c..0000000
--- a/ChangeLog.d/psa_allow_tweaking_library_configuration.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * The PSA crypto subsystem can now be configured to use less static RAM by
- tweaking the setting for the maximum amount of keys simultaneously in RAM.
- MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that
- can exist simultaneously. It has a sensible default if not overridden.
diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
deleted file mode 100644
index 91ce174..0000000
--- a/ChangeLog.d/psa_close_key_memory_leak_fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix memory leak that occured when calling psa_close_key() on a
- wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
diff --git a/ChangeLog.d/rsa-mutex.txt b/ChangeLog.d/rsa-mutex.txt
deleted file mode 100644
index 2a477a9..0000000
--- a/ChangeLog.d/rsa-mutex.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Bugfix
- * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
- twice is safe. This happens for RSA when some Mbed TLS library functions
- fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
- enabled on platforms where freeing a mutex twice is not safe.
- * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
- when MBEDTLS_THREADING_C is enabled on platforms where initializing
- a mutex allocates resources.
-
-Default behavior changes
- * In mbedtls_rsa_context objects, the ver field was formerly documented
- as always 0. It is now reserved for internal purposes and may take
- different values.
diff --git a/ChangeLog.d/rsa_private-ret.txt b/ChangeLog.d/rsa_private-ret.txt
deleted file mode 100644
index b965cea..0000000
--- a/ChangeLog.d/rsa_private-ret.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix an incorrect error code if an RSA private operation glitched.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 5b51bd5..dcbb705 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage mbed TLS v2.25.0 source code documentation
+ * @mainpage mbed TLS v2.26.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index dd4237a..27cba6e 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.25.0"
+PROJECT_NAME = "mbed TLS v2.26.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index ab5b037..dd20ba0 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -80,6 +80,50 @@
#endif /* MBEDTLS_DEBUG_C */
+/**
+ * \def MBEDTLS_PRINTF_ATTRIBUTE
+ *
+ * Mark a function as having printf attributes, and thus enable checking
+ * via -wFormat and other flags. This does nothing on builds with compilers
+ * that do not support the format attribute
+ *
+ * Module: library/debug.c
+ * Caller:
+ *
+ * This module provides debugging functions.
+ */
+#if defined(__has_attribute)
+#if __has_attribute(format)
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__((format (printf, string_index, first_to_check)))
+#else /* __has_attribute(format) */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#endif /* __has_attribute(format) */
+#else /* defined(__has_attribute) */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#endif
+
+/**
+ * \def MBEDTLS_PRINTF_SIZET
+ *
+ * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
+ * and MinGW we need to define the printf specifier for size_t
+ * and long long per platform.
+ *
+ * Module: library/debug.c
+ * Caller:
+ *
+ * This module provides debugging functions.
+ */
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
+ #include <inttypes.h>
+ #define MBEDTLS_PRINTF_SIZET PRIuPTR
+ #define MBEDTLS_PRINTF_LONGLONG "I64d"
+#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+ #define MBEDTLS_PRINTF_SIZET "zu"
+ #define MBEDTLS_PRINTF_LONGLONG "lld"
+#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -118,7 +162,7 @@
*/
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
- const char *format, ... );
+ const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
/**
* \brief Print the return value of a function to the debug output. This
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 10c4316..5b0c70f 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -37,7 +37,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 25
+#define MBEDTLS_VERSION_MINOR 26
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -45,9 +45,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02190000
-#define MBEDTLS_VERSION_STRING "2.25.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.25.0"
+#define MBEDTLS_VERSION_NUMBER 0x021A0000
+#define MBEDTLS_VERSION_STRING "2.26.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.26.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 78c6e3d..7ee3293 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3465,7 +3465,8 @@
* state and must be aborted by calling psa_key_derivation_abort().
*
* How much output is produced and consumed from the operation, and how
- * the key is derived, depends on the key type:
+ * the key is derived, depends on the key type and on the key size
+ * (denoted \c bits below):
*
* - For key types for which the key is an arbitrary sequence of bytes
* of a given size, this function is functionally equivalent to
@@ -3475,7 +3476,7 @@
* if the implementation provides an isolation boundary then
* the key material is not exposed outside the isolation boundary.
* As a consequence, for these key types, this function always consumes
- * exactly (\p bits / 8) bytes from the operation.
+ * exactly (\c bits / 8) bytes from the operation.
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
@@ -3496,8 +3497,8 @@
* string and process it as specified in RFC 7748 §5.
*
* - For key types for which the key is represented by a single sequence of
- * \p bits bits with constraints as to which bit sequences are acceptable,
- * this function draws a byte string of length (\p bits / 8) bytes rounded
+ * \c bits bits with constraints as to which bit sequences are acceptable,
+ * this function draws a byte string of length (\c bits / 8) bytes rounded
* up to the nearest whole number of bytes. If the resulting byte string
* is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
* This process is repeated until an acceptable byte string is drawn.
diff --git a/include/psa/crypto_builtin_hash.h b/include/psa/crypto_builtin_hash.h
new file mode 100644
index 0000000..64323bf
--- /dev/null
+++ b/include/psa/crypto_builtin_hash.h
@@ -0,0 +1,89 @@
+/*
+ * Context structure declaration of the software-based driver which performs
+ * hashing through the PSA Crypto driver dispatch layer.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_BUILTIN_HASH_H
+#define PSA_CRYPTO_BUILTIN_HASH_H
+
+#include <psa/crypto_driver_common.h>
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
+#define MBEDTLS_PSA_BUILTIN_HASH
+#endif
+
+typedef struct
+{
+ psa_algorithm_t alg;
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_MD2_C)
+ mbedtls_md2_context md2;
+#endif
+#if defined(MBEDTLS_MD4_C)
+ mbedtls_md4_context md4;
+#endif
+#if defined(MBEDTLS_MD5_C)
+ mbedtls_md5_context md5;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ mbedtls_ripemd160_context ripemd160;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ mbedtls_sha1_context sha1;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ mbedtls_sha256_context sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ mbedtls_sha512_context sha512;
+#endif
+ } ctx;
+} mbedtls_psa_hash_operation_t;
+
+#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
+
+/*
+ * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
+ */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operation_t;
+
+#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT MBEDTLS_PSA_HASH_OPERATION_INIT
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* PSA_CRYPTO_BUILTIN_HASH_H */
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 66e6201..ae09a70 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -313,9 +313,9 @@
* number of open keys, the number of open key handles, or available
* memory.
* \retval #PSA_ERROR_DOES_NOT_EXIST
- * There is no persistent key with key identifier \p id.
+ * There is no persistent key with key identifier \p key.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p id is not a valid persistent key identifier.
+ * \p key is not a valid persistent key identifier.
* \retval #PSA_ERROR_NOT_PERMITTED
* The specified key exists, but the application does not have the
* permission to access it. Note that this specification does not
diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts.h
new file mode 100644
index 0000000..fdf178f
--- /dev/null
+++ b/include/psa/crypto_driver_contexts.h
@@ -0,0 +1,51 @@
+/*
+ * Declaration of context structures for use with the PSA driver wrapper
+ * interface.
+ *
+ * Warning: This file will be auto-generated in the future.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_H
+#define PSA_CRYPTO_DRIVER_CONTEXTS_H
+
+#include "psa/crypto.h"
+#include "psa/crypto_driver_common.h"
+
+/* Include the context structure definitions for those drivers that were
+ * declared during the autogeneration process. */
+
+/* Include the context structure definitions for the Mbed TLS software drivers */
+#include "psa/crypto_builtin_hash.h"
+
+/* Define the context to be used for an operation that is executed through the
+ * PSA Driver wrapper layer as the union of all possible driver's contexts.
+ *
+ * The union members are the driver's context structures, and the member names
+ * are formatted as `'drivername'_ctx`. This allows for procedural generation
+ * of both this file and the content of psa_crypto_driver_wrappers.c */
+
+typedef union {
+ unsigned dummy; /* Make sure this structure is always non-empty */
+ mbedtls_psa_hash_operation_t mbedtls_ctx;
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
+#endif
+} psa_driver_hash_context_t;
+
+#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */
+/* End of automatically generated file. */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index f5fe029..aaf117f 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -1061,7 +1061,8 @@
* \brief A function that generates a symmetric or asymmetric key on a secure
* element
*
- * If \p type is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) = 1),
+ * If the key type \c type recorded in \p attributes
+ * is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\c type) = 1),
* the driver may export the public key at the time of generation,
* in the format documented for psa_export_public_key() by writing it
* to the \p pubkey buffer.
@@ -1364,16 +1365,16 @@
*
* \return #PSA_SUCCESS
* The driver was successfully registered. Applications can now
- * use \p lifetime to access keys through the methods passed to
+ * use \p location to access keys through the methods passed to
* this function.
* \return #PSA_ERROR_BAD_STATE
* This function was called after the initialization of the
* cryptography module, and this implementation does not support
* driver registration at this stage.
* \return #PSA_ERROR_ALREADY_EXISTS
- * There is already a registered driver for this value of \p lifetime.
+ * There is already a registered driver for this value of \p location.
* \return #PSA_ERROR_INVALID_ARGUMENT
- * \p lifetime is a reserved value.
+ * \p location is a reserved value.
* \return #PSA_ERROR_NOT_SUPPORTED
* `methods->hal_version` is not supported by this implementation.
* \return #PSA_ERROR_INSUFFICIENT_MEMORY
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 3956834..c9de062 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -65,8 +65,6 @@
*
* \return The hash size for the specified hash algorithm.
* If the hash algorithm is not recognized, return 0.
- * An implementation may return either 0 or the correct size
- * for a hash algorithm that it recognizes, but does not support.
*/
#define PSA_HASH_LENGTH(alg) \
( \
@@ -91,9 +89,8 @@
*
* Maximum size of a hash.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a hash supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a hash in bytes.
*/
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
@@ -110,9 +107,8 @@
*
* Maximum size of a MAC.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a MAC supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a MAC in bytes.
*/
/* All non-HMAC MACs have a maximum size that's smaller than the
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
@@ -132,15 +128,18 @@
* tag that can be distinguished from the rest of
* the ciphertext, return 0.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_TAG_LENGTH(alg) \
(PSA_ALG_IS_AEAD(alg) ? \
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
0)
+/** The maximum tag size for all supported AEAD algorithms, in bytes.
+ *
+ * See also #PSA_AEAD_TAG_LENGTH(\p alg).
+ */
+#define PSA_AEAD_TAG_MAX_SIZE 16
+
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
*
@@ -190,7 +189,7 @@
/** This macro returns the maximum supported length of the PSK for the
* TLS-1.2 PSK-to-MS key derivation
- * (#PSA_ALG_TLS12_PSK_TO_MS(\p hash_alg)).
+ * (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)).
*
* The maximum supported length does not depend on the chosen hash algorithm.
*
@@ -205,7 +204,7 @@
*/
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
-/** The maximum size of a block cipher supported by the implementation. */
+/** The maximum size of a block cipher. */
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
/** The size of the output of psa_mac_sign_finish(), in bytes.
@@ -242,6 +241,10 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the ciphertext may be smaller.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -250,15 +253,33 @@
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
0)
+/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the ciphertext buffer is at least this large, it is guaranteed
+ * that psa_aead_encrypt() will not fail due to an insufficient buffer size.
+ *
+ * \note This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
+ *
+ * \param plaintext_length Size of the plaintext in bytes.
+ *
+ * \return A sufficient output buffer size for any of the
+ * supported key types and AEAD algorithms.
+ *
+ */
+#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
+ ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
+
+
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
*
* If the size of the plaintext buffer is at least this large, it is
@@ -266,6 +287,10 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the plaintext may be smaller.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -274,15 +299,79 @@
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
0)
+/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the plaintext buffer is at least this large, it is guaranteed
+ * that psa_aead_decrypt() will not fail due to an insufficient buffer size.
+ *
+ * \note This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
+ *
+ * \param ciphertext_length Size of the ciphertext in bytes.
+ *
+ * \return A sufficient output buffer size for any of the
+ * supported key types and AEAD algorithms.
+ *
+ */
+#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
+ (ciphertext_length)
+
+/** The default nonce size for an AEAD algorithm, in bytes.
+ *
+ * This macro can be used to allocate a buffer of sufficient size to
+ * store the nonce output from #psa_aead_generate_nonce().
+ *
+ * See also #PSA_AEAD_NONCE_MAX_SIZE.
+ *
+ * \note This is not the maximum size of nonce supported as input to
+ * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
+ * just the default size that is generated by #psa_aead_generate_nonce().
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type A symmetric key type that is compatible with
+ * algorithm \p alg.
+ *
+ * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return The default nonce size for the specified key type and algorithm.
+ * If the key type or AEAD algorithm is not recognized,
+ * or the parameters are incompatible, return 0.
+ */
+#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM ? 13 : \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM ? 12 : \
+ 0 : \
+ (key_type) == PSA_KEY_TYPE_CHACHA20 && \
+ PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+ 0)
+
+/** The maximum default nonce size among all supported pairs of key types and
+ * AEAD algorithms, in bytes.
+ *
+ * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH()
+ * may return.
+ *
+ * \note This is not the maximum size of nonce supported as input to
+ * #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
+ * just the largest size that may be generated by
+ * #psa_aead_generate_nonce().
+ */
+#define PSA_AEAD_NONCE_MAX_SIZE 13
+
/** A sufficient output buffer size for psa_aead_update().
*
* If the size of the output buffer is at least this large, it is
@@ -290,6 +379,10 @@
* insufficient buffer size. The actual size of the output may be smaller
* in any given call.
*
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -298,19 +391,29 @@
* \return A sufficient output buffer size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
/* For all the AEAD modes defined in this specification, it is possible
* to emit output without delay. However, hardware may not always be
* capable of this. So for modes based on a block cipher, allow the
* implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
+ (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
(input_length))
+/** A sufficient output buffer size for psa_aead_update(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_aead_update() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
+
/** A sufficient ciphertext buffer size for psa_aead_finish().
*
* If the size of the ciphertext buffer is at least this large, it is
@@ -325,15 +428,19 @@
* \return A sufficient ciphertext buffer size for the
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
0)
+/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
+ */
+#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
/** A sufficient plaintext buffer size for psa_aead_verify().
*
* If the size of the plaintext buffer is at least this large, it is
@@ -348,15 +455,19 @@
* \return A sufficient plaintext buffer size for the
* specified algorithm.
* If the AEAD algorithm is not recognized, return 0.
- * An implementation may return either 0 or a
- * correct size for an AEAD algorithm that it
- * recognizes, but does not support.
*/
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
0)
+/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
+ * supported key types and AEAD algorithms.
+ *
+ * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
+ */
+#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
@@ -393,9 +504,8 @@
* a buffer size in bytes that guarantees that
* psa_sign_hash() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -411,9 +521,8 @@
*
* Maximum size of an asymmetric signature.
*
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a signature supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
+ * This macro expands to a compile-time constant integer. This value
+ * is the maximum size of a signature in bytes.
*/
#define PSA_SIGNATURE_MAX_SIZE \
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
@@ -440,9 +549,8 @@
* a buffer size in bytes that guarantees that
* psa_asymmetric_encrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -451,6 +559,15 @@
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0)
+/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
+ * supported asymmetric encryption.
+ *
+ * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
+ */
+/* This macro assumes that RSA is the only supported asymmetric encryption. */
+#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
+
/** Sufficient output buffer size for psa_asymmetric_decrypt().
*
* This macro returns a sufficient buffer size for a plaintext produced using
@@ -471,9 +588,8 @@
* a buffer size in bytes that guarantees that
* psa_asymmetric_decrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
@@ -482,6 +598,16 @@
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
0)
+/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
+ * supported asymmetric decryption.
+ *
+ * This macro assumes that RSA is the only supported asymmetric encryption.
+ *
+ * See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
+ */
+#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
+
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
* number of bits.
*
@@ -627,11 +753,9 @@
* a buffer size in bytes that guarantees that
* psa_export_key() or psa_export_public_key() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
- * If the parameters are not valid, the
- * return value is unspecified.
+ * If the parameters are a valid combination that is not supported,
+ * return either a sensible size or 0.
+ * If the parameters are not valid, the return value is unspecified.
*/
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
@@ -643,48 +767,123 @@
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0)
-/** The default nonce size for an AEAD algorithm, in bytes.
+/** Sufficient output buffer size for psa_export_public_key().
*
- * This macro can be used to allocate a buffer of sufficient size to
- * store the nonce output from #psa_aead_generate_nonce().
- *
- * See also #PSA_AEAD_NONCE_MAX_SIZE.
- *
- * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
- * #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by
- * #psa_aead_generate_nonce().
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
*
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
- * \param key_type A symmetric key type that is compatible with algorithm \p alg.
+ * The following code illustrates how to allocate enough memory to export
+ * a public key by querying the key type and size at runtime.
+ * \code{c}
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ * psa_status_t status;
+ * status = psa_get_key_attributes(key, &attributes);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * psa_key_type_t key_type = psa_get_key_type(&attributes);
+ * size_t key_bits = psa_get_key_bits(&attributes);
+ * size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
+ * psa_reset_key_attributes(&attributes);
+ * uint8_t *buffer = malloc(buffer_size);
+ * if (buffer == NULL) handle_error(...);
+ * size_t buffer_length;
+ * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
+ * if (status != PSA_SUCCESS) handle_error(...);
+ * \endcode
*
- * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param key_type A public key or key pair key type.
+ * \param key_bits The size of the key in bits.
*
- * \return The default nonce size for the specified key type and algorithm.
- * If the key type or AEAD algorithm is not recognized,
- * or the parameters are incompatible, return 0.
- * An implementation can return either 0 or a correct size for a key type
- * and AEAD algorithm that it recognizes, but does not support.
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_export_public_key() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that is not
+ * supported, return either a sensible size or 0.
+ * If the parameters are not valid,
+ * the return value is unspecified.
+ *
+ * If the parameters are valid and supported,
+ * return the same result as
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(
+ * \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type),
+ * \p key_bits).
*/
-#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
- (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
- (key_type) == PSA_KEY_TYPE_CHACHA20 && \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0)
-/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes.
+/** Sufficient buffer size for exporting any asymmetric key pair.
*
- * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.
+ * This macro expands to a compile-time constant integer. This value is
+ * a sufficient buffer size when calling psa_export_key() to export any
+ * asymmetric key pair, regardless of the exact key type and key size.
*
- * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
- * #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by
- * #psa_aead_generate_nonce().
+ * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
+ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+
+/** Sufficient buffer size for exporting any asymmetric public key.
+ *
+ * This macro expands to a compile-time constant integer. This value is
+ * a sufficient buffer size when calling psa_export_key() or
+ * psa_export_public_key() to export any asymmetric public key,
+ * regardless of the exact key type and key size.
+ *
+ * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
+ */
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
+ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+
+/** Sufficient output buffer size for psa_raw_key_agreement().
+ *
+ * This macro returns a compile-time constant if its arguments are
+ * compile-time constants.
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
+ *
+ * \param key_type A supported key type.
+ * \param key_bits The size of the key in bits.
+ *
+ * \return If the parameters are valid and supported, return
+ * a buffer size in bytes that guarantees that
+ * psa_raw_key_agreement() will not fail with
+ * #PSA_ERROR_BUFFER_TOO_SMALL.
+ * If the parameters are a valid combination that
+ * is not supported, return either a sensible size or 0.
+ * If the parameters are not valid,
+ * the return value is unspecified.
+ */
+/* FFDH is not yet supported in PSA. */
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
+ (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
+ PSA_BITS_TO_BYTES(key_bits) : \
+ 0)
+
+/** Maximum size of the output from psa_raw_key_agreement().
+ *
+ * This macro expands to a compile-time constant integer. This value is the
+ * maximum size of the output any raw key agreement algorithm, in bytes.
+ *
+ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
+ */
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
/** The default IV size for a cipher algorithm, in bytes.
*
@@ -709,8 +908,6 @@
* If the algorithm does not use an IV, return 0.
* If the key type or cipher algorithm is not recognized,
* or the parameters are incompatible, return 0.
- * An implementation can return either 0 or a correct size for a key type
- * and cipher algorithm that it recognizes, but does not support.
*/
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
@@ -730,4 +927,163 @@
*/
#define PSA_CIPHER_IV_MAX_SIZE 16
+/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
+ * Depending on the algorithm, the actual size of the output might be smaller.
+ *
+ * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
+ */
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0))
+
+/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ *
+ */
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1) + \
+ PSA_CIPHER_IV_MAX_SIZE)
+
+/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
+ * Depending on the algorithm, the actual size of the output might be smaller.
+ *
+ * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
+ */
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
+ ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
+ (input_length) : \
+ 0)
+
+/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (input_length)
+
+/** A sufficient output buffer size for psa_cipher_update().
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_update() will not fail due to an insufficient buffer size.
+ * The actual size of the output might be smaller in any given call.
+ *
+ * See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible, return 0.
+ */
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : \
+ 0)
+
+/** A sufficient output buffer size for psa_cipher_update(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_cipher_update() will not fail due to an insufficient buffer size.
+ *
+ * See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
+ *
+ * \param input_length Size of the input in bytes.
+ */
+#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
+
+/** A sufficient ciphertext buffer size for psa_cipher_finish().
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_cipher_finish() will not fail due to an insufficient
+ * ciphertext buffer size. The actual size of the output might be smaller in
+ * any given call.
+ *
+ * See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE().
+ *
+ * \param key_type A symmetric key type that is compatible with algorithm
+ * alg.
+ * \param alg A cipher algorithm (PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \return A sufficient output size for the specified key type and
+ * algorithm. If the key type or cipher algorithm is not
+ * recognized, or the parameters are incompatible, return 0.
+ */
+#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
+ 0) : \
+ 0)
+
+/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
+ * supported key types and cipher algorithms.
+ *
+ * See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
+ */
+#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
+ (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
+
#endif /* PSA_CRYPTO_SIZES_H */
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 04ece6d..87eefb9 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -68,14 +68,9 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cmac.h"
#include "mbedtls/gcm.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
+
+/* Include the context definition for the compiled-in drivers */
+#include "psa/crypto_driver_contexts.h"
typedef struct {
/** Unique ID indicating which driver got assigned to do the
@@ -89,32 +84,14 @@
struct psa_hash_operation_s
{
- psa_algorithm_t alg;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_MD2_C)
- mbedtls_md2_context md2;
-#endif
-#if defined(MBEDTLS_MD4_C)
- mbedtls_md4_context md4;
-#endif
-#if defined(MBEDTLS_MD5_C)
- mbedtls_md5_context md5;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
- mbedtls_ripemd160_context ripemd160;
-#endif
-#if defined(MBEDTLS_SHA1_C)
- mbedtls_sha1_context sha1;
-#endif
-#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_context sha256;
-#endif
-#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_context sha512;
-#endif
- } ctx;
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int id;
+ psa_driver_hash_context_t ctx;
};
#define PSA_HASH_OPERATION_INIT {0, {0}}
@@ -127,6 +104,8 @@
#if defined(MBEDTLS_MD_C)
typedef struct
{
+ /** The HMAC algorithm in use */
+ psa_algorithm_t alg;
/** The hash context. */
struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index a17bfc2..24b2e18 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -892,7 +892,7 @@
* for policy comparison purposes.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true). This may be a truncated or untruncated
* MAC algorithm.
* \param mac_length Desired length of the truncated MAC in bytes.
@@ -903,7 +903,7 @@
*
* \return The corresponding MAC algorithm with the specified
* length.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm or if \p mac_length is too small or
* too large for the specified MAC algorithm.
*/
@@ -916,12 +916,12 @@
* MAC algorithm.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true). This may be a truncated or untruncated
* MAC algorithm.
*
* \return The corresponding base MAC algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm.
*/
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
@@ -931,12 +931,12 @@
/** Length to which a MAC algorithm is truncated.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true).
*
* \return Length of the truncated MAC in bytes.
- * \return 0 if \p alg is a non-truncated MAC algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return 0 if \p mac_alg is a non-truncated MAC algorithm.
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm.
*/
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
@@ -1146,13 +1146,13 @@
* of the ciphertext.
*
* \param aead_alg An AEAD algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
* is true).
* \param tag_length Desired length of the authentication tag in bytes.
*
* \return The corresponding AEAD algorithm with the specified
* length.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p aead_alg is not a supported
* AEAD algorithm or if \p tag_length is not valid
* for the specified AEAD algorithm.
*/
@@ -1165,13 +1165,12 @@
/** Retrieve the tag length of a specified AEAD algorithm
*
* \param aead_alg An AEAD algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
* is true).
*
* \return The tag length specified by the input algorithm.
- * \return Unspecified if \p alg is not a supported
- * AEAD algorithm or if \p tag_length is not valid
- * for the specified AEAD algorithm.
+ * \return Unspecified if \p aead_alg is not a supported
+ * AEAD algorithm.
*/
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
@@ -1180,7 +1179,7 @@
/** Calculate the corresponding AEAD algorithm with the default tag length.
*
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * #PSA_ALG_IS_AEAD(\p aead_alg) is true).
*
* \return The corresponding AEAD algorithm with the default
* tag length for that algorithm.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 9c252a8..2b2672e 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -64,6 +64,7 @@
psa_crypto_client.c
psa_crypto_driver_wrappers.c
psa_crypto_ecp.c
+ psa_crypto_hash.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
@@ -196,15 +197,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.25.0 SOVERSION 6)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.26.0 SOVERSION 6)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.25.0 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.26.0 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.25.0 SOVERSION 13)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.26.0 SOVERSION 13)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index 903dc0d..e9829cc 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -2,7 +2,7 @@
# Also see "include/mbedtls/config.h"
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -Wextra
+WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include ../include for public headers and . for private headers.
@@ -121,6 +121,7 @@
psa_crypto_client.o \
psa_crypto_driver_wrappers.o \
psa_crypto_ecp.o \
+ psa_crypto_hash.o \
psa_crypto_rsa.o \
psa_crypto_se.o \
psa_crypto_slot_management.o \
diff --git a/library/base64.c b/library/base64.c
index d39474a..1a05226 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -66,6 +66,99 @@
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/*
+ * Constant flow conditional assignment to unsigned char
+ */
+static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
+ unsigned char condition )
+{
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* Generate bitmask from condition, mask will either be 0xFF or 0 */
+ unsigned char mask = ( condition | -condition );
+ mask >>= 7;
+ mask = -mask;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
+}
+
+/*
+ * Constant flow conditional assignment to uint_32
+ */
+static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
+ uint32_t condition )
+{
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
+ uint32_t mask = ( condition | -condition );
+ mask >>= 31;
+ mask = -mask;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ *dest = ( src & mask ) | ( ( *dest ) & ~mask );
+}
+
+/*
+ * Constant flow check for equality
+ */
+static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
+{
+ size_t difference = in_a ^ in_b;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ difference |= -difference;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ /* cope with the varying size of size_t per platform */
+ difference >>= ( sizeof( difference ) * 8 - 1 );
+
+ return (unsigned char) ( 1 ^ difference );
+}
+
+/*
+ * Constant flow lookup into table.
+ */
+static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
+ const size_t table_size, const size_t table_index )
+{
+ size_t i;
+ unsigned char result = 0;
+
+ for( i = 0; i < table_size; ++i )
+ {
+ mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
+ }
+
+ return result;
+}
+
+/*
* Encode a buffer into base64 format
*/
int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
@@ -105,10 +198,17 @@
C2 = *src++;
C3 = *src++;
- *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
- *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
- *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
- *p++ = base64_enc_map[C3 & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( C1 >> 2 ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( C3 & 0x3F ) );
}
if( i < slen )
@@ -116,11 +216,15 @@
C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
- *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
- *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( C1 >> 2 ) & 0x3F ) );
+
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
if( ( i + 1 ) < slen )
- *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
+ *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+ ( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
else *p++ = '=';
*p++ = '=';
@@ -141,6 +245,7 @@
size_t i, n;
uint32_t j, x;
unsigned char *p;
+ unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
@@ -171,10 +276,12 @@
if( src[i] == '=' && ++j > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
+ dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
+
+ if( src[i] > 127 || dec_map_lookup == 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( base64_dec_map[src[i]] < 64 && j != 0 )
+ if( dec_map_lookup < 64 && j != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
n++;
@@ -204,8 +311,10 @@
if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
- j -= ( base64_dec_map[*src] == 64 );
- x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
+ dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
+
+ mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
+ x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
if( ++n == 4 )
{
diff --git a/library/debug.c b/library/debug.c
index c3384be..e91d1ad 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -74,6 +74,7 @@
#endif
}
+MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... )
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 57053ef..8c61cb9 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -33,6 +33,7 @@
#include "psa_crypto_invasive.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_ecp.h"
+#include "psa_crypto_hash.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_ecp.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -2141,274 +2142,53 @@
/* Message digests */
/****************************************************************/
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
-{
- switch( alg )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- return( &mbedtls_md4_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- return( &mbedtls_md5_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- return( &mbedtls_ripemd160_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- return( &mbedtls_sha1_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- return( &mbedtls_sha224_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- return( &mbedtls_sha256_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- return( &mbedtls_sha384_info );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- return( &mbedtls_sha512_info );
-#endif
- default:
- return( NULL );
- }
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
- switch( operation->alg )
- {
- case 0:
- /* The object has (apparently) been initialized but it is not
- * in use. It's ok to call abort on such an object, and there's
- * nothing to do. */
- break;
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_free( &operation->ctx.md2 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_free( &operation->ctx.md4 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- mbedtls_md5_free( &operation->ctx.md5 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- mbedtls_sha1_free( &operation->ctx.sha1 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- mbedtls_sha256_free( &operation->ctx.sha256 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- mbedtls_sha256_free( &operation->ctx.sha256 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- mbedtls_sha512_free( &operation->ctx.sha512 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- mbedtls_sha512_free( &operation->ctx.sha512 );
- break;
-#endif
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- operation->alg = 0;
- return( PSA_SUCCESS );
+ /* Aborting a non-active operation is allowed */
+ if( operation->id == 0 )
+ return( PSA_SUCCESS );
+
+ psa_status_t status = psa_driver_wrapper_hash_abort( operation );
+ operation->id = 0;
+
+ return( status );
}
psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
/* A context must be freshly initialized before it can be set up. */
- if( operation->alg != 0 )
- {
+ if( operation->id != 0 )
return( PSA_ERROR_BAD_STATE );
- }
- switch( alg )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_init( &operation->ctx.md2 );
- ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_init( &operation->ctx.md4 );
- ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- mbedtls_md5_init( &operation->ctx.md5 );
- ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
- ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- mbedtls_sha1_init( &operation->ctx.sha1 );
- ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
- break;
-#endif
- default:
- return( PSA_ALG_IS_HASH( alg ) ?
- PSA_ERROR_NOT_SUPPORTED :
- PSA_ERROR_INVALID_ARGUMENT );
- }
- if( ret == 0 )
- operation->alg = alg;
- else
- psa_hash_abort( operation );
- return( mbedtls_to_psa_error( ret ) );
+ if( !PSA_ALG_IS_HASH( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
+ * directly zeroes the int-sized dummy member of the context union. */
+ memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+
+ return( psa_driver_wrapper_hash_setup( operation, alg ) );
}
psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if( operation->id == 0 )
+ return( PSA_ERROR_BAD_STATE );
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
if( input_length == 0 )
return( PSA_SUCCESS );
- switch( operation->alg )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- ret = mbedtls_md2_update_ret( &operation->ctx.md2,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- ret = mbedtls_md4_update_ret( &operation->ctx.md4,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- ret = mbedtls_md5_update_ret( &operation->ctx.md5,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
- input, input_length );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
- input, input_length );
- break;
-#endif
- default:
- (void)input;
- return( PSA_ERROR_BAD_STATE );
- }
-
- if( ret != 0 )
+ psa_status_t status = psa_driver_wrapper_hash_update( operation,
+ input, input_length );
+ if( status != PSA_SUCCESS )
psa_hash_abort( operation );
- return( mbedtls_to_psa_error( ret ) );
+
+ return( status );
}
psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
@@ -2416,88 +2196,14 @@
size_t hash_size,
size_t *hash_length )
{
- psa_status_t status;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg );
+ *hash_length = 0;
+ if( operation->id == 0 )
+ return( PSA_ERROR_BAD_STATE );
- /* Fill the output buffer with something that isn't a valid hash
- * (barring an attack on the hash and deliberately-crafted input),
- * in case the caller doesn't check the return status properly. */
- *hash_length = hash_size;
- /* If hash_size is 0 then hash may be NULL and then the
- * call to memset would have undefined behavior. */
- if( hash_size != 0 )
- memset( hash, '!', hash_size );
-
- if( hash_size < actual_hash_length )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto exit;
- }
-
- switch( operation->alg )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
- break;
-#endif
- default:
- return( PSA_ERROR_BAD_STATE );
- }
- status = mbedtls_to_psa_error( ret );
-
-exit:
- if( status == PSA_SUCCESS )
- {
- *hash_length = actual_hash_length;
- return( psa_hash_abort( operation ) );
- }
- else
- {
- psa_hash_abort( operation );
- return( status );
- }
+ psa_status_t status = psa_driver_wrapper_hash_finish(
+ operation, hash, hash_size, hash_length );
+ psa_hash_abort( operation );
+ return( status );
}
psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
@@ -2506,9 +2212,10 @@
{
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
size_t actual_hash_length;
- psa_status_t status = psa_hash_finish( operation,
- actual_hash, sizeof( actual_hash ),
- &actual_hash_length );
+ psa_status_t status = psa_hash_finish(
+ operation,
+ actual_hash, sizeof( actual_hash ),
+ &actual_hash_length );
if( status != PSA_SUCCESS )
return( status );
if( actual_hash_length != hash_length )
@@ -2523,123 +2230,52 @@
uint8_t *hash, size_t hash_size,
size_t *hash_length )
{
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ *hash_length = 0;
+ if( !PSA_ALG_IS_HASH( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
- *hash_length = hash_size;
- status = psa_hash_setup( &operation, alg );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_hash_update( &operation, input, input_length );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_hash_finish( &operation, hash, hash_size, hash_length );
- if( status != PSA_SUCCESS )
- goto exit;
-
-exit:
- if( status == PSA_SUCCESS )
- status = psa_hash_abort( &operation );
- else
- psa_hash_abort( &operation );
- return( status );
+ return( psa_driver_wrapper_hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length ) );
}
psa_status_t psa_hash_compare( psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length )
{
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
+ size_t actual_hash_length;
- status = psa_hash_setup( &operation, alg );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_hash_update( &operation, input, input_length );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_hash_verify( &operation, hash, hash_length );
- if( status != PSA_SUCCESS )
- goto exit;
+ if( !PSA_ALG_IS_HASH( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
-exit:
- if( status == PSA_SUCCESS )
- status = psa_hash_abort( &operation );
- else
- psa_hash_abort( &operation );
- return( status );
+ psa_status_t status = psa_driver_wrapper_hash_compute(
+ alg, input, input_length,
+ actual_hash, sizeof(actual_hash),
+ &actual_hash_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ if( actual_hash_length != hash_length )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ return( PSA_ERROR_INVALID_SIGNATURE );
+ return( PSA_SUCCESS );
}
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
- if( target_operation->alg != 0 )
- return( PSA_ERROR_BAD_STATE );
-
- switch( source_operation->alg )
+ if( source_operation->id == 0 ||
+ target_operation->id != 0 )
{
- case 0:
- return( PSA_ERROR_BAD_STATE );
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
- case PSA_ALG_MD2:
- mbedtls_md2_clone( &target_operation->ctx.md2,
- &source_operation->ctx.md2 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
- case PSA_ALG_MD4:
- mbedtls_md4_clone( &target_operation->ctx.md4,
- &source_operation->ctx.md4 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
- case PSA_ALG_MD5:
- mbedtls_md5_clone( &target_operation->ctx.md5,
- &source_operation->ctx.md5 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
- case PSA_ALG_RIPEMD160:
- mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
- &source_operation->ctx.ripemd160 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
- case PSA_ALG_SHA_1:
- mbedtls_sha1_clone( &target_operation->ctx.sha1,
- &source_operation->ctx.sha1 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
- case PSA_ALG_SHA_224:
- mbedtls_sha256_clone( &target_operation->ctx.sha256,
- &source_operation->ctx.sha256 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
- case PSA_ALG_SHA_256:
- mbedtls_sha256_clone( &target_operation->ctx.sha256,
- &source_operation->ctx.sha256 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
- case PSA_ALG_SHA_384:
- mbedtls_sha512_clone( &target_operation->ctx.sha512,
- &source_operation->ctx.sha512 );
- break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
- case PSA_ALG_SHA_512:
- mbedtls_sha512_clone( &target_operation->ctx.sha512,
- &source_operation->ctx.sha512 );
- break;
-#endif
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( PSA_ERROR_BAD_STATE );
}
- target_operation->alg = source_operation->alg;
- return( PSA_SUCCESS );
+ psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
+ target_operation );
+ if( status != PSA_SUCCESS )
+ psa_hash_abort( target_operation );
+
+ return( status );
}
@@ -2795,7 +2431,7 @@
if( PSA_ALG_IS_HMAC( operation->alg ) )
{
/* We'll set up the hash operation later in psa_hmac_setup_internal. */
- operation->ctx.hmac.hash_ctx.alg = 0;
+ operation->ctx.hmac.alg = 0;
status = PSA_SUCCESS;
}
else
@@ -2902,6 +2538,8 @@
size_t block_size = psa_get_hash_block_size( hash_alg );
psa_status_t status;
+ hmac->alg = hash_alg;
+
/* Sanity checks on block_size, to guarantee that there won't be a buffer
* overflow below. This should never trigger if the hash algorithm
* is implemented correctly. */
@@ -3119,7 +2757,7 @@
size_t mac_size )
{
uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
- psa_algorithm_t hash_alg = hmac->hash_ctx.alg;
+ psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0;
size_t block_size = psa_get_hash_block_size( hash_alg );
psa_status_t status;
@@ -3280,275 +2918,59 @@
/* Asymmetric cryptography */
/****************************************************************/
+psa_status_t psa_sign_hash_internal(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-/* Decode the hash algorithm from alg and store the mbedtls encoding in
- * md_alg. Verify that the hash length is acceptable. */
-static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
- size_t hash_length,
- mbedtls_md_type_t *md_alg )
-{
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- *md_alg = mbedtls_md_get_type( md_info );
-
- /* The Mbed TLS RSA module uses an unsigned int for hash length
- * parameters. Validate that it fits so that we don't risk an
- * overflow later. */
-#if SIZE_MAX > UINT_MAX
- if( hash_length > UINT_MAX )
- return( PSA_ERROR_INVALID_ARGUMENT );
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- /* For PKCS#1 v1.5 signature, if using a hash, the hash length
- * must be correct. */
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
- alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+ if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
- if( md_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( mbedtls_md_get_size( md_info ) != hash_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- /* PSS requires a hash internally. */
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- if( md_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
-
- return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
-{
- psa_status_t status;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_type_t md_alg;
-
- status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( signature_size < mbedtls_rsa_get_len( rsa ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ return( mbedtls_psa_rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
}
else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
-
- if( ret == 0 )
- *signature_length = mbedtls_rsa_get_len( rsa );
- return( mbedtls_to_psa_error( ret ) );
-}
-
-static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
-{
- psa_status_t status;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_type_t md_alg;
-
- status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
- if( status != PSA_SUCCESS )
- return( status );
-
- if( signature_length != mbedtls_rsa_get_len( rsa ) )
- return( PSA_ERROR_INVALID_SIGNATURE );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_verify( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
- {
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
-
- /* Mbed TLS distinguishes "invalid padding" from "valid padding but
- * the rest of the signature is invalid". This has little use in
- * practice and PSA doesn't report this distinction. */
- if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
- return( PSA_ERROR_INVALID_SIGNATURE );
- return( mbedtls_to_psa_error( ret ) );
-}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
-
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-/* `ecp` cannot be const because `ecp->grp` needs to be non-const
- * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
- * (even though these functions don't modify it). */
-static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi r, s;
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
-
- if( signature_size < 2 * curve_bytes )
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
- ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
- goto cleanup;
- }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
- {
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
- mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s,
- &ecp->d, hash,
- hash_length, md_alg,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
+ if( PSA_ALG_IS_ECDSA( alg ) )
+ {
+ return( mbedtls_psa_ecdsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+ }
+ else
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- {
- (void) alg;
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
- hash, hash_length,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-
-cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- if( ret == 0 )
- *signature_length = 2 * curve_bytes;
- return( mbedtls_to_psa_error( ret ) );
-}
-
-static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi r, s;
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
-
- if( signature_length != 2 * curve_bytes )
- return( PSA_ERROR_INVALID_SIGNATURE );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-
- /* Check whether the public part is loaded. If not, load it. */
- if( mbedtls_ecp_is_zero( &ecp->Q ) )
- {
- MBEDTLS_MPI_CHK(
- mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
- mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
- }
-
- ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
- &ecp->Q, &r, &s );
-
-cleanup:
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- return( mbedtls_to_psa_error( ret ) );
-}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+ {
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
@@ -3581,83 +3003,14 @@
goto exit;
}
- /* Try any of the available accelerators first */
- status = psa_driver_wrapper_sign_hash( slot,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length );
- if( status != PSA_ERROR_NOT_SUPPORTED ||
- psa_key_lifetime_is_external( slot->attr.lifetime ) )
- goto exit;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
- /* If the operation was not supported by any accelerator, try fallback. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- mbedtls_rsa_context *rsa = NULL;
-
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_rsa_sign( rsa,
- alg,
- hash, hash_length,
- signature, signature_size,
- signature_length );
-
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
- }
- else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
- if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- if(
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- PSA_ALG_IS_ECDSA( alg )
-#else
- PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
-#endif
- )
- {
- mbedtls_ecp_keypair *ecp = NULL;
- status = mbedtls_psa_ecp_load_representation( slot->attr.type,
- slot->attr.bits,
- slot->key.data,
- slot->key.bytes,
- &ecp );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_ecdsa_sign( ecp,
- alg,
- hash, hash_length,
- signature, signature_size,
- signature_length );
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
- }
- else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- }
- }
- else
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- }
+ status = psa_driver_wrapper_sign_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length );
exit:
/* Fill the unused part of the output buffer (the whole buffer on error,
@@ -3677,6 +3030,58 @@
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
+psa_status_t psa_verify_hash_internal(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+ if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
+ {
+ return( mbedtls_psa_rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ if( PSA_ALG_IS_ECDSA( alg ) )
+ {
+ return( mbedtls_psa_ecdsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+ else
+ {
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -3694,76 +3099,15 @@
if( status != PSA_SUCCESS )
return( status );
- /* Try any of the available accelerators first */
- status = psa_driver_wrapper_verify_hash( slot,
- alg,
- hash,
- hash_length,
- signature,
- signature_length );
- if( status != PSA_ERROR_NOT_SUPPORTED ||
- psa_key_lifetime_is_external( slot->attr.lifetime ) )
- goto exit;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
- {
- mbedtls_rsa_context *rsa = NULL;
+ status = psa_driver_wrapper_verify_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, hash, hash_length,
+ signature, signature_length );
- status = mbedtls_psa_rsa_load_representation( slot->attr.type,
- slot->key.data,
- slot->key.bytes,
- &rsa );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_rsa_verify( rsa,
- alg,
- hash, hash_length,
- signature, signature_length );
- mbedtls_rsa_free( rsa );
- mbedtls_free( rsa );
- goto exit;
- }
- else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
- if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- if( PSA_ALG_IS_ECDSA( alg ) )
- {
- mbedtls_ecp_keypair *ecp = NULL;
- status = mbedtls_psa_ecp_load_representation( slot->attr.type,
- slot->attr.bits,
- slot->key.data,
- slot->key.bytes,
- &ecp );
- if( status != PSA_SUCCESS )
- goto exit;
- status = psa_ecdsa_verify( ecp,
- hash, hash_length,
- signature, signature_length );
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
- goto exit;
- }
- else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
- }
- else
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- }
-
-exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 9f10868..ec7ac80 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -324,4 +324,80 @@
size_t key_buffer_size,
size_t *key_buffer_length );
+/** Sign an already-calculated hash with a private key.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * sign_hash entry point. This function behaves as a sign_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of the key.
+ * \param[in] hash The hash or message to sign.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of the key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t psa_sign_hash_internal(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+/**
+ * \brief Verify the signature a hash or short message using a public key.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * verify_hash entry point. This function behaves as a verify_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of the key.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t psa_verify_hash_internal(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
+
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 3cb7557..6c94472 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -21,6 +21,8 @@
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
+#include "psa_crypto_hash.h"
+
#include "mbedtls/platform.h"
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
@@ -37,15 +39,18 @@
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Repeat above block for each JSON-declared driver during autogeneration */
-
-/* Auto-generated values depending on which drivers are registered. ID 0 is
- * reserved for unallocated operations. */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1)
-#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2)
-#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
+/* Auto-generated values depending on which drivers are registered.
+ * ID 0 is reserved for unallocated operations.
+ * ID 1 is reserved for the Mbed TLS software driver. */
+#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
+#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
@@ -57,21 +62,18 @@
#endif
/* Start delegation functions */
-psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+psa_status_t psa_driver_wrapper_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
{
-#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_sign == NULL )
@@ -79,32 +81,27 @@
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
- return( drv->asymmetric->p_sign( drv_context,
- psa_key_slot_get_slot_number( slot ),
- alg,
- hash, hash_length,
- signature, signature_size,
- signature_length ) );
+ return( drv->asymmetric->p_sign(
+ drv_context, *( (psa_key_slot_number_t *)key_buffer ),
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
- /* Then try accelerator API */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_sign_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ status = test_transparent_signature_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -115,14 +112,25 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( psa_sign_hash_internal( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length ) );
+
/* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
- return( test_opaque_signature_sign_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ return( test_opaque_signature_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -130,40 +138,26 @@
signature_size,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)slot;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_size;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
-psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+psa_status_t psa_driver_wrapper_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
{
-#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_verify == NULL )
@@ -171,31 +165,27 @@
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
- return( drv->asymmetric->p_verify( drv_context,
- psa_key_slot_get_slot_number( slot ),
- alg,
- hash, hash_length,
- signature, signature_length ) );
+ return( drv->asymmetric->p_verify(
+ drv_context, *( (psa_key_slot_number_t *)key_buffer ),
+ alg, hash, hash_length,
+ signature, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
- /* Then try accelerator API */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_verify_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ status = test_transparent_signature_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -205,37 +195,36 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
- /* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ return( psa_verify_hash_internal( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length ) );
+
/* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
- return( test_opaque_signature_verify_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ return( test_opaque_signature_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)slot;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
/** Get the key buffer size for the key material of a generated key in the
@@ -1082,4 +1071,172 @@
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
+/*
+ * Hashing functions
+ */
+psa_status_t psa_driver_wrapper_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try accelerators first */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_transparent_test_driver_hash_compute(
+ alg, input, input_length, hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif
+
+ /* If software fallback is compiled in, try fallback */
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif
+ (void) status;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) hash;
+ (void) hash_size;
+ (void) hash_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_driver_wrapper_hash_setup(
+ psa_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Try setup on accelerators first */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_transparent_test_driver_hash_setup(
+ &operation->ctx.test_driver_ctx, alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif
+
+ /* If software fallback is compiled in, try fallback */
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif
+ /* Nothing left to try if we fall through here */
+ (void) status;
+ (void) operation;
+ (void) alg;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_driver_wrapper_hash_clone(
+ const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation )
+{
+ switch( source_operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+ return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
+ &target_operation->ctx.mbedtls_ctx ) );
+#endif
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ return( mbedtls_transparent_test_driver_hash_clone(
+ &source_operation->ctx.test_driver_ctx,
+ &target_operation->ctx.test_driver_ctx ) );
+#endif
+ default:
+ (void) target_operation;
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+psa_status_t psa_driver_wrapper_hash_update(
+ psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
+ input, input_length ) );
+#endif
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_transparent_test_driver_hash_update(
+ &operation->ctx.test_driver_ctx,
+ input, input_length ) );
+#endif
+ default:
+ (void) input;
+ (void) input_length;
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+psa_status_t psa_driver_wrapper_hash_finish(
+ psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
+ hash, hash_size, hash_length ) );
+#endif
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_transparent_test_driver_hash_finish(
+ &operation->ctx.test_driver_ctx,
+ hash, hash_size, hash_length ) );
+#endif
+ default:
+ (void) hash;
+ (void) hash_size;
+ (void) hash_length;
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+psa_status_t psa_driver_wrapper_hash_abort(
+ psa_hash_operation_t *operation )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
+#endif
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_transparent_test_driver_hash_abort(
+ &operation->ctx.test_driver_ctx ) );
+#endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
/* End of automatically generated file. */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index ad16cdd..dd7c6c7 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -28,20 +28,17 @@
/*
* Signature functions
*/
-psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length );
+psa_status_t psa_driver_wrapper_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length );
+psa_status_t psa_driver_wrapper_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
/*
* Key handling functions
@@ -130,6 +127,39 @@
psa_status_t psa_driver_wrapper_cipher_abort(
psa_operation_driver_context_t *operation );
+/*
+ * Hashing functions
+ */
+psa_status_t psa_driver_wrapper_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length);
+
+psa_status_t psa_driver_wrapper_hash_setup(
+ psa_hash_operation_t *operation,
+ psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_hash_clone(
+ const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation );
+
+psa_status_t psa_driver_wrapper_hash_update(
+ psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t psa_driver_wrapper_hash_finish(
+ psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length );
+
+psa_status_t psa_driver_wrapper_hash_abort(
+ psa_hash_operation_t *operation );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 23ec6ac..3ce232c 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -26,6 +26,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_random_impl.h"
+#include "psa_crypto_hash.h"
#include <stdlib.h>
#include <string.h>
@@ -35,6 +36,7 @@
#define mbedtls_free free
#endif
+#include <mbedtls/ecdsa.h>
#include <mbedtls/ecp.h>
#include <mbedtls/error.h>
@@ -50,11 +52,25 @@
#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
#endif
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
+ defined(MBEDTLS_ECDSA_C) ) )
+#define BUILTIN_ALG_ECDSA 1
+#endif
+
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \
+ defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) )
+#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#endif
+
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ defined(BUILTIN_ALG_ECDSA) || \
+ defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
@@ -167,9 +183,9 @@
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+ * defined(BUILTIN_ALG_ECDSA) ||
+ * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
@@ -337,6 +353,148 @@
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
+/****************************************************************/
+/* ECDSA sign/verify */
+/****************************************************************/
+
+#if defined(BUILTIN_ALG_ECDSA) || \
+ defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
+static psa_status_t ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecp_keypair *ecp = NULL;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t curve_bytes;
+ mbedtls_mpi r, s;
+
+ status = mbedtls_psa_ecp_load_representation( attributes->core.type,
+ attributes->core.bits,
+ key_buffer,
+ key_buffer_size,
+ &ecp );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+
+ if( signature_size < 2 * curve_bytes )
+ {
+ ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+ goto cleanup;
+ }
+
+ if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
+ {
+#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
+ &ecp->grp, &r, &s,
+ &ecp->d, hash,
+ hash_length, md_alg,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE ) );
+#else
+ ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ goto cleanup;
+#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+ }
+ else
+ {
+ (void) alg;
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
+ hash, hash_length,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE ) );
+ }
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
+ signature,
+ curve_bytes ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
+ signature + curve_bytes,
+ curve_bytes ) );
+cleanup:
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+ if( ret == 0 )
+ *signature_length = 2 * curve_bytes;
+
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+static psa_status_t ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecp_keypair *ecp = NULL;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t curve_bytes;
+ mbedtls_mpi r, s;
+
+ (void)alg;
+
+ status = mbedtls_psa_ecp_load_representation( attributes->core.type,
+ attributes->core.bits,
+ key_buffer,
+ key_buffer_size,
+ &ecp );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+
+ if( signature_length != 2 * curve_bytes )
+ {
+ ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
+ signature,
+ curve_bytes ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
+ signature + curve_bytes,
+ curve_bytes ) );
+
+ /* Check whether the public part is loaded. If not, load it. */
+ if( mbedtls_ecp_is_zero( &ecp->Q ) )
+ {
+ MBEDTLS_MPI_CHK(
+ mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+ mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
+ }
+
+ ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
+ &ecp->Q, &r, &s );
+
+cleanup:
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+#endif /* defined(BUILTIN_ALG_ECDSA) || \
+ * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
@@ -373,6 +531,38 @@
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+
+psa_status_t mbedtls_psa_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+
+ return( ecdsa_sign_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+}
+
+psa_status_t mbedtls_psa_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ return( ecdsa_verify_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+}
+
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -417,6 +607,62 @@
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
defined(MBEDTLS_GENPRIME) */
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+
+#if defined(MBEDTLS_ECDSA_C)
+ return( ecdsa_sign_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+#if defined(MBEDTLS_ECDSA_C)
+ return( ecdsa_verify_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 5c9b63c..0c2b928 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -146,6 +146,78 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+/** Sign an already-calculated hash with ECDSA.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * sign_hash entry point. This function behaves as a sign_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the ECC key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the ECC key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg Randomized or deterministic ECDSA algorithm.
+ * \param[in] hash The hash or message to sign.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits,
+ * \p alg) where \c key_bits is the bit-size of the ECC key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t mbedtls_psa_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+/**
+ * \brief Verify an ECDSA hash or short message signature.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * verify_hash entry point. This function behaves as a verify_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the ECC key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the ECC key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg Randomized or deterministic ECDSA algorithm.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -167,6 +239,18 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ECP_H */
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
new file mode 100644
index 0000000..7552100
--- /dev/null
+++ b/library/psa_crypto_hash.c
@@ -0,0 +1,697 @@
+/*
+ * PSA hashing layer on top of Mbed TLS software crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include <psa/crypto.h>
+#include "psa_crypto_core.h"
+#include "psa_crypto_hash.h"
+
+#include <mbedtls/error.h>
+#include <string.h>
+
+/* Use builtin defines specific to this compilation unit, since the test driver
+ * relies on the software driver. */
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) )
+#define BUILTIN_ALG_MD2 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) )
+#define BUILTIN_ALG_MD4 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) )
+#define BUILTIN_ALG_MD5 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) ) )
+#define BUILTIN_ALG_RIPEMD160 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) ) )
+#define BUILTIN_ALG_SHA_1 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) ) )
+#define BUILTIN_ALG_SHA_224 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) ) )
+#define BUILTIN_ALG_SHA_256 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) ) )
+#define BUILTIN_ALG_SHA_384 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) ) )
+#define BUILTIN_ALG_SHA_512 1
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
+{
+ switch( alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case PSA_ALG_MD2:
+ return( &mbedtls_md2_info );
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case PSA_ALG_MD4:
+ return( &mbedtls_md4_info );
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case PSA_ALG_MD5:
+ return( &mbedtls_md5_info );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case PSA_ALG_RIPEMD160:
+ return( &mbedtls_ripemd160_info );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case PSA_ALG_SHA_1:
+ return( &mbedtls_sha1_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_224:
+ return( &mbedtls_sha224_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case PSA_ALG_SHA_256:
+ return( &mbedtls_sha256_info );
+#endif
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
+ case PSA_ALG_SHA_384:
+ return( &mbedtls_sha384_info );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case PSA_ALG_SHA_512:
+ return( &mbedtls_sha512_info );
+#endif
+ default:
+ return( NULL );
+ }
+}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+
+/* Implement the PSA driver hash interface on top of mbed TLS if either the
+ * software driver or the test driver requires it. */
+#if defined(MBEDTLS_PSA_BUILTIN_HASH) || defined(PSA_CRYPTO_DRIVER_TEST)
+static psa_status_t hash_abort(
+ mbedtls_psa_hash_operation_t *operation )
+{
+ switch( operation->alg )
+ {
+ case 0:
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ break;
+#if defined(BUILTIN_ALG_MD2)
+ case PSA_ALG_MD2:
+ mbedtls_md2_free( &operation->ctx.md2 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD4)
+ case PSA_ALG_MD4:
+ mbedtls_md4_free( &operation->ctx.md4 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD5)
+ case PSA_ALG_MD5:
+ mbedtls_md5_free( &operation->ctx.md5 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_free( &operation->ctx.sha1 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ mbedtls_sha256_free( &operation->ctx.sha256 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_free( &operation->ctx.sha256 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ mbedtls_sha512_free( &operation->ctx.sha512 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_free( &operation->ctx.sha512 );
+ break;
+#endif
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+ operation->alg = 0;
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t hash_setup(
+ mbedtls_psa_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != 0 )
+ {
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ switch( alg )
+ {
+#if defined(BUILTIN_ALG_MD2)
+ case PSA_ALG_MD2:
+ mbedtls_md2_init( &operation->ctx.md2 );
+ ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD4)
+ case PSA_ALG_MD4:
+ mbedtls_md4_init( &operation->ctx.md4 );
+ ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD5)
+ case PSA_ALG_MD5:
+ mbedtls_md5_init( &operation->ctx.md5 );
+ ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
+ ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_init( &operation->ctx.sha1 );
+ ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ mbedtls_sha256_init( &operation->ctx.sha256 );
+ ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_init( &operation->ctx.sha256 );
+ ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ mbedtls_sha512_init( &operation->ctx.sha512 );
+ ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_init( &operation->ctx.sha512 );
+ ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
+ break;
+#endif
+ default:
+ return( PSA_ALG_IS_HASH( alg ) ?
+ PSA_ERROR_NOT_SUPPORTED :
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( ret == 0 )
+ operation->alg = alg;
+ else
+ hash_abort( operation );
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+static psa_status_t hash_clone(
+ const mbedtls_psa_hash_operation_t *source_operation,
+ mbedtls_psa_hash_operation_t *target_operation )
+{
+ switch( source_operation->alg )
+ {
+ case 0:
+ return( PSA_ERROR_BAD_STATE );
+#if defined(BUILTIN_ALG_MD2)
+ case PSA_ALG_MD2:
+ mbedtls_md2_clone( &target_operation->ctx.md2,
+ &source_operation->ctx.md2 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD4)
+ case PSA_ALG_MD4:
+ mbedtls_md4_clone( &target_operation->ctx.md4,
+ &source_operation->ctx.md4 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD5)
+ case PSA_ALG_MD5:
+ mbedtls_md5_clone( &target_operation->ctx.md5,
+ &source_operation->ctx.md5 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
+ &source_operation->ctx.ripemd160 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ mbedtls_sha1_clone( &target_operation->ctx.sha1,
+ &source_operation->ctx.sha1 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ mbedtls_sha256_clone( &target_operation->ctx.sha256,
+ &source_operation->ctx.sha256 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ mbedtls_sha256_clone( &target_operation->ctx.sha256,
+ &source_operation->ctx.sha256 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ mbedtls_sha512_clone( &target_operation->ctx.sha512,
+ &source_operation->ctx.sha512 );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ mbedtls_sha512_clone( &target_operation->ctx.sha512,
+ &source_operation->ctx.sha512 );
+ break;
+#endif
+ default:
+ (void) source_operation;
+ (void) target_operation;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ target_operation->alg = source_operation->alg;
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t hash_update(
+ mbedtls_psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ switch( operation->alg )
+ {
+#if defined(BUILTIN_ALG_MD2)
+ case PSA_ALG_MD2:
+ ret = mbedtls_md2_update_ret( &operation->ctx.md2,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD4)
+ case PSA_ALG_MD4:
+ ret = mbedtls_md4_update_ret( &operation->ctx.md4,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD5)
+ case PSA_ALG_MD5:
+ ret = mbedtls_md5_update_ret( &operation->ctx.md5,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ input, input_length );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ input, input_length );
+ break;
+#endif
+ default:
+ (void) input;
+ (void) input_length;
+ return( PSA_ERROR_BAD_STATE );
+ }
+
+ return( mbedtls_to_psa_error( ret ) );
+}
+
+static psa_status_t hash_finish(
+ mbedtls_psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ psa_status_t status;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg );
+
+ /* Fill the output buffer with something that isn't a valid hash
+ * (barring an attack on the hash and deliberately-crafted input),
+ * in case the caller doesn't check the return status properly. */
+ *hash_length = hash_size;
+ /* If hash_size is 0 then hash may be NULL and then the
+ * call to memset would have undefined behavior. */
+ if( hash_size != 0 )
+ memset( hash, '!', hash_size );
+
+ if( hash_size < actual_hash_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ switch( operation->alg )
+ {
+#if defined(BUILTIN_ALG_MD2)
+ case PSA_ALG_MD2:
+ ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD4)
+ case PSA_ALG_MD4:
+ ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_MD5)
+ case PSA_ALG_MD5:
+ ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ break;
+#endif
+#if defined(BUILTIN_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ break;
+#endif
+ default:
+ (void) hash;
+ return( PSA_ERROR_BAD_STATE );
+ }
+ status = mbedtls_to_psa_error( ret );
+
+exit:
+ if( status == PSA_SUCCESS )
+ *hash_length = actual_hash_length;
+ return( status );
+}
+
+static psa_status_t hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ mbedtls_psa_hash_operation_t operation = MBEDTLS_PSA_HASH_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ *hash_length = hash_size;
+ status = hash_setup( &operation, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = hash_update( &operation, input, input_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = hash_finish( &operation, hash, hash_size, hash_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+exit:
+ abort_status = hash_abort( &operation );
+ if( status == PSA_SUCCESS )
+ return( abort_status );
+ else
+ return( status );
+
+}
+#endif /* MBEDTLS_PSA_BUILTIN_HASH || PSA_CRYPTO_DRIVER_TEST */
+
+#if defined(MBEDTLS_PSA_BUILTIN_HASH)
+psa_status_t mbedtls_psa_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ return( hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length ) );
+}
+
+psa_status_t mbedtls_psa_hash_setup(
+ mbedtls_psa_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ return( hash_setup( operation, alg ) );
+}
+
+psa_status_t mbedtls_psa_hash_clone(
+ const mbedtls_psa_hash_operation_t *source_operation,
+ mbedtls_psa_hash_operation_t *target_operation )
+{
+ return( hash_clone( source_operation, target_operation ) );
+}
+
+psa_status_t mbedtls_psa_hash_update(
+ mbedtls_psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ return( hash_update( operation, input, input_length ) );
+}
+
+psa_status_t mbedtls_psa_hash_finish(
+ mbedtls_psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ return( hash_finish( operation, hash, hash_size, hash_length ) );
+}
+
+psa_status_t mbedtls_psa_hash_abort(
+ mbedtls_psa_hash_operation_t *operation )
+{
+ return( hash_abort( operation ) );
+}
+#endif /* MBEDTLS_PSA_BUILTIN_HASH */
+
+ /*
+ * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
+ */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+psa_status_t is_hash_accelerated( psa_algorithm_t alg )
+{
+ switch( alg )
+ {
+#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
+ case PSA_ALG_MD2:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
+ case PSA_ALG_MD4:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+ case PSA_ALG_MD5:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+ case PSA_ALG_SHA_1:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+ case PSA_ALG_SHA_224:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+ case PSA_ALG_SHA_256:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+ case PSA_ALG_SHA_384:
+ return( PSA_SUCCESS );
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+ case PSA_ALG_SHA_512:
+ return( PSA_SUCCESS );
+#endif
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ if( is_hash_accelerated( alg ) == PSA_SUCCESS )
+ return( hash_compute( alg, input, input_length,
+ hash, hash_size, hash_length ) );
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ if( is_hash_accelerated( alg ) == PSA_SUCCESS )
+ return( hash_setup( operation, alg ) );
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation )
+{
+ if( is_hash_accelerated( source_operation->alg ) == PSA_SUCCESS )
+ return( hash_clone( source_operation, target_operation ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ if( is_hash_accelerated( operation->alg ) == PSA_SUCCESS )
+ return( hash_update( operation, input, input_length ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ if( is_hash_accelerated( operation->alg ) == PSA_SUCCESS )
+ return( hash_finish( operation, hash, hash_size, hash_length ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_hash_abort(
+ mbedtls_transparent_test_driver_hash_operation_t *operation )
+{
+ return( hash_abort( operation ) );
+}
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
new file mode 100644
index 0000000..af47c8b
--- /dev/null
+++ b/library/psa_crypto_hash.h
@@ -0,0 +1,273 @@
+/*
+ * PSA hashing layer on top of Mbed TLS software crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_HASH_H
+#define PSA_CRYPTO_HASH_H
+
+#include <psa/crypto.h>
+#include <psa/crypto_builtin_hash.h>
+
+#include <mbedtls/md_internal.h>
+
+/** Get Mbed TLS MD information of a hash algorithm given its PSA identifier
+ *
+ * \param[in] alg PSA hash algorithm identifier
+ *
+ * \return The Mbed TLS MD information of the hash algorithm. \c NULL if the
+ * PSA hash algorithm is not supported.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg );
+
+/** Calculate the hash (digest) of a message using Mbed TLS routines.
+ *
+ * \note The signature of this function is that of a PSA driver hash_compute
+ * entry point. This function behaves as a hash_compute entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ * \param[in] input Buffer containing the message to hash.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] hash Buffer where the hash is to be written.
+ * \param hash_size Size of the \p hash buffer in bytes.
+ * \param[out] hash_length On success, the number of bytes
+ * that make up the hash value. This is always
+ * #PSA_HASH_LENGTH(\p alg).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p hash_size is too small
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length);
+
+/** Set up a multipart hash operation using Mbed TLS routines.
+ *
+ * \note The signature of this function is that of a PSA driver hash_setup
+ * entry point. This function behaves as a hash_setup entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * If an error occurs at any step after a call to mbedtls_psa_hash_setup(), the
+ * operation will need to be reset by a call to mbedtls_psa_hash_abort(). The
+ * core may call mbedtls_psa_hash_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to mbedtls_psa_hash_setup(), the core must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A successful call to mbedtls_psa_hash_finish() or mbedtls_psa_hash_verify().
+ * - A call to mbedtls_psa_hash_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized to all-zero and not yet be in use.
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_hash_setup(
+ mbedtls_psa_hash_operation_t *operation,
+ psa_algorithm_t alg );
+
+/** Clone an Mbed TLS hash operation.
+ *
+ * \note The signature of this function is that of a PSA driver hash_clone
+ * entry point. This function behaves as a hash_clone entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * This function copies the state of an ongoing hash operation to
+ * a new operation object. In other words, this function is equivalent
+ * to calling mbedtls_psa_hash_setup() on \p target_operation with the same
+ * algorithm that \p source_operation was set up for, then
+ * mbedtls_psa_hash_update() on \p target_operation with the same input that
+ * that was passed to \p source_operation. After this function returns, the
+ * two objects are independent, i.e. subsequent calls involving one of
+ * the objects do not affect the other object.
+ *
+ * \param[in] source_operation The active hash operation to clone.
+ * \param[in,out] target_operation The operation object to set up.
+ * It must be initialized but not active.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BAD_STATE
+ * The \p source_operation state is not valid (it must be active).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The \p target_operation state is not valid (it must be inactive).
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_hash_clone(
+ const mbedtls_psa_hash_operation_t *source_operation,
+ mbedtls_psa_hash_operation_t *target_operation );
+
+/** Add a message fragment to a multipart Mbed TLS hash operation.
+ *
+ * \note The signature of this function is that of a PSA driver hash_update
+ * entry point. This function behaves as a hash_update entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * The application must call mbedtls_psa_hash_setup() before calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_hash_abort().
+ *
+ * \param[in,out] operation Active hash operation.
+ * \param[in] input Buffer containing the message fragment to hash.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_hash_update(
+ mbedtls_psa_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+/** Finish the calculation of the Mbed TLS-calculated hash of a message.
+ *
+ * \note The signature of this function is that of a PSA driver hash_finish
+ * entry point. This function behaves as a hash_finish entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * The application must call mbedtls_psa_hash_setup() before calling this function.
+ * This function calculates the hash of the message formed by concatenating
+ * the inputs passed to preceding calls to mbedtls_psa_hash_update().
+ *
+ * When this function returns successfuly, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling mbedtls_psa_hash_abort().
+ *
+ * \param[in,out] operation Active hash operation.
+ * \param[out] hash Buffer where the hash is to be written.
+ * \param hash_size Size of the \p hash buffer in bytes.
+ * \param[out] hash_length On success, the number of bytes
+ * that make up the hash value. This is always
+ * #PSA_HASH_LENGTH(\c alg) where \c alg is the
+ * hash algorithm that is calculated.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p hash buffer is too small. You can determine a
+ * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
+ * where \c alg is the hash algorithm that is calculated.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_hash_finish(
+ mbedtls_psa_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length );
+
+/** Abort an Mbed TLS hash operation.
+ *
+ * \note The signature of this function is that of a PSA driver hash_abort
+ * entry point. This function behaves as a hash_abort entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * mbedtls_psa_hash_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by one of the methods described in #psa_hash_operation_t.
+ *
+ * In particular, calling mbedtls_psa_hash_abort() after the operation has been
+ * terminated by a call to mbedtls_psa_hash_abort(), mbedtls_psa_hash_finish() or
+ * mbedtls_psa_hash_verify() is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized hash operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_hash_abort(
+ mbedtls_psa_hash_operation_t *operation );
+
+/*
+ * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
+ */
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+psa_status_t mbedtls_transparent_test_driver_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length);
+
+psa_status_t mbedtls_transparent_test_driver_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_transparent_test_driver_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation );
+
+psa_status_t mbedtls_transparent_test_driver_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_transparent_test_driver_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length );
+
+psa_status_t mbedtls_transparent_test_driver_hash_abort(
+ mbedtls_transparent_test_driver_hash_operation_t *operation );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* PSA_CRYPTO_HASH_H */
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index fa64001..1ab1e94 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -26,6 +26,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
+#include "psa_crypto_hash.h"
#include <stdlib.h>
#include <string.h>
@@ -52,10 +53,24 @@
#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
#endif
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) )
+#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#endif
+
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) )
+#define BUILTIN_ALG_RSA_PSS 1
+#endif
+
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
+ defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(BUILTIN_ALG_RSA_PSS) || \
defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
@@ -131,9 +146,9 @@
return( status );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
+ * defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(BUILTIN_ALG_RSA_PSS) ||
* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
@@ -319,6 +334,211 @@
}
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+/****************************************************************/
+/* Sign/verify hashes */
+/****************************************************************/
+
+#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS)
+
+/* Decode the hash algorithm from alg and store the mbedtls encoding in
+ * md_alg. Verify that the hash length is acceptable. */
+static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
+ size_t hash_length,
+ mbedtls_md_type_t *md_alg )
+{
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ *md_alg = mbedtls_md_get_type( md_info );
+
+ /* The Mbed TLS RSA module uses an unsigned int for hash length
+ * parameters. Validate that it fits so that we don't risk an
+ * overflow later. */
+#if SIZE_MAX > UINT_MAX
+ if( hash_length > UINT_MAX )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#endif
+
+#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
+ /* For PKCS#1 v1.5 signature, if using a hash, the hash length
+ * must be correct. */
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
+ alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+ {
+ if( md_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( mbedtls_md_get_size( md_info ) != hash_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
+
+#if defined(BUILTIN_ALG_RSA_PSS)
+ /* PSS requires a hash internally. */
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ if( md_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+#endif /* BUILTIN_ALG_RSA_PSS */
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t rsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_rsa_context *rsa = NULL;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_md_type_t md_alg;
+
+ status = mbedtls_psa_rsa_load_representation( attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( signature_size < mbedtls_rsa_get_len( rsa ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_pkcs1_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
+#if defined(BUILTIN_ALG_RSA_PSS)
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ ret = mbedtls_rsa_rsassa_pss_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PRIVATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* BUILTIN_ALG_RSA_PSS */
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if( ret == 0 )
+ *signature_length = mbedtls_rsa_get_len( rsa );
+ status = mbedtls_to_psa_error( ret );
+
+exit:
+ mbedtls_rsa_free( rsa );
+ mbedtls_free( rsa );
+
+ return( status );
+}
+
+static psa_status_t rsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_rsa_context *rsa = NULL;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_md_type_t md_alg;
+
+ status = mbedtls_psa_rsa_load_representation( attributes->core.type,
+ key_buffer,
+ key_buffer_size,
+ &rsa );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( signature_length != mbedtls_rsa_get_len( rsa ) )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+
+#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
+ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
+#if defined(BUILTIN_ALG_RSA_PSS)
+ if( PSA_ALG_IS_RSA_PSS( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ ret = mbedtls_rsa_rsassa_pss_verify( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
+ else
+#endif /* BUILTIN_ALG_RSA_PSS */
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ /* Mbed TLS distinguishes "invalid padding" from "valid padding but
+ * the rest of the signature is invalid". This has little use in
+ * practice and PSA doesn't report this distinction. */
+ status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
+ PSA_ERROR_INVALID_SIGNATURE :
+ mbedtls_to_psa_error( ret );
+
+exit:
+ mbedtls_rsa_free( rsa );
+ mbedtls_free( rsa );
+
+ return( status );
+}
+
+#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(BUILTIN_ALG_RSA_PSS) */
+
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
@@ -355,6 +575,36 @@
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+psa_status_t mbedtls_psa_rsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ return( rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+}
+
+psa_status_t mbedtls_psa_rsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ return( rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -397,6 +647,63 @@
}
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+#if defined(MBEDTLS_RSA_C) && \
+ (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
+ return( rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+
+psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+#if defined(MBEDTLS_RSA_C) && \
+ (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
+ return( rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index 08182a7..41a90f7 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -137,6 +137,81 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+/** Sign an already-calculated hash with an RSA private key.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * sign_hash entry point. This function behaves as a sign_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the RSA key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the RSA key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * an RSA key.
+ * \param[in] hash The hash or message to sign.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits,
+ * \p alg) where \c key_bits is the bit-size of the RSA key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t mbedtls_psa_rsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+/**
+ * \brief Verify the signature a hash or short message using a public RSA key.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * verify_hash entry point. This function behaves as a verify_hash
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the RSA key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the RSA key context.
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * an RSA key.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_rsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -158,6 +233,18 @@
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
+psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_RSA_H */
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 2fbff20..7798da6 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -47,7 +47,7 @@
#define PSA_ITS_STORAGE_PREFIX ""
#endif
-#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
+#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
@@ -87,8 +87,8 @@
mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
"%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
PSA_ITS_STORAGE_PREFIX,
- (unsigned long) ( uid >> 32 ),
- (unsigned long) ( uid & 0xffffffff ),
+ (unsigned) ( uid >> 32 ),
+ (unsigned) ( uid & 0xffffffff ),
PSA_ITS_STORAGE_SUFFIX );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a8331d9..55a8e61 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -685,7 +685,7 @@
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "sending session ticket of length %d", tlen ) );
+ ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
memcpy( p, ssl->session_negotiate->ticket, tlen );
@@ -905,7 +905,8 @@
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+ (long long) t ) );
#else
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
return( ret );
@@ -1114,7 +1115,7 @@
for( i = 0; i < n; i++ )
*p++ = ssl->session_negotiate->id[i];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
/*
@@ -1182,7 +1183,7 @@
continue;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
- ciphersuites[i], ciphersuite_info->name ) );
+ (unsigned int)ciphersuites[i], ciphersuite_info->name ) );
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1197,7 +1198,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+ ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -1420,7 +1421,7 @@
/* olen unused if all extensions are disabled */
((void) olen);
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
ext_len ) );
if( ext_len > 0 )
@@ -2167,10 +2168,10 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
- ( (uint32_t) buf[2] << 24 ) |
- ( (uint32_t) buf[3] << 16 ) |
- ( (uint32_t) buf[4] << 8 ) |
- ( (uint32_t) buf[5] ) ) );
+ ( (unsigned long) buf[2] << 24 ) |
+ ( (unsigned long) buf[3] << 16 ) |
+ ( (unsigned long) buf[4] << 8 ) |
+ ( (unsigned long) buf[5] ) ) );
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
@@ -2253,7 +2254,7 @@
if( ssl->handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "ciphersuite info for %04x not found", i ) );
+ ( "ciphersuite info for %04x not found", (unsigned int)i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -2261,7 +2262,7 @@
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
/*
@@ -2304,7 +2305,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
buf[37 + n] ) );
@@ -2373,7 +2374,7 @@
ext = buf + 40 + n;
MBEDTLS_SSL_DEBUG_MSG( 2,
- ( "server hello, total extension length: %d", ext_len ) );
+ ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
while( ext_len )
{
@@ -2537,7 +2538,7 @@
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown extension found: %d (ignoring)", ext_id ) );
+ ( "unknown extension found: %u (ignoring)", ext_id ) );
}
ext_len -= 4 + ext_size;
@@ -2628,7 +2629,7 @@
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
ssl->handshake->dhm_ctx.len * 8,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@@ -4347,7 +4348,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
/* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 72f09bb..54a7be0 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -283,8 +283,8 @@
}
ssl->handshake->retransmit_timeout = new_timeout;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
- ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout ) );
return( 0 );
}
@@ -292,8 +292,8 @@
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
{
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
- ssl->handshake->retransmit_timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
+ (unsigned long) ssl->handshake->retransmit_timeout ) );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -623,9 +623,10 @@
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
- (unsigned) rec->data_len,
- MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
+ " too large, maximum %" MBEDTLS_PRINTF_SIZET,
+ rec->data_len,
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -764,7 +765,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding",
rec->data_len, 0 ) );
@@ -842,7 +843,7 @@
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including 0 bytes of padding",
rec->data_len ) );
@@ -945,8 +946,9 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of IV and %d bytes of padding",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+ "including %" MBEDTLS_PRINTF_SIZET
+ " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
rec->data_len, transform->ivlen,
padlen + 1 ) );
@@ -1366,7 +1368,8 @@
{
if( rec->data_len < dynamic_iv_len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+ " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
rec->data_len,
dynamic_iv_len ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -1385,7 +1388,8 @@
/* Check that there's space for the authentication tag. */
if( rec->data_len < transform->taglen )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
rec->data_len,
transform->taglen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -1488,7 +1492,9 @@
if( rec->data_len < minlen + transform->ivlen ||
rec->data_len < minlen + transform->maclen + 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
+ "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
"+ 1 ) ( + expl IV )", rec->data_len,
transform->ivlen,
transform->maclen ) );
@@ -1554,7 +1560,8 @@
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
if( rec->data_len % transform->ivlen != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+ ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
rec->data_len, transform->ivlen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
@@ -1624,7 +1631,9 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( rec->data_len < transform->maclen + padlen + 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+ ") < maclen (%" MBEDTLS_PRINTF_SIZET
+ ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
rec->data_len,
transform->maclen,
padlen + 1 ) );
@@ -1653,8 +1662,8 @@
if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
- "should be no more than %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
+ "should be no more than %" MBEDTLS_PRINTF_SIZET,
padlen, transform->ivlen ) );
#endif
correct = 0;
@@ -1890,7 +1899,7 @@
memcpy( msg_pre, ssl->out_msg, len_pre );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
ssl->out_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
@@ -1911,7 +1920,7 @@
ssl->out_msglen = out_buf_len -
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
ssl->out_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
@@ -1942,7 +1951,7 @@
memcpy( msg_pre, ssl->in_msg, len_pre );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
ssl->in_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
@@ -1963,7 +1972,7 @@
ssl->in_msglen = in_buf_len -
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
ssl->in_msglen ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
@@ -2042,7 +2051,8 @@
if( ssl->in_left != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
+ MBEDTLS_PRINTF_SIZET,
ssl->next_record_offset ) );
memmove( ssl->in_hdr,
ssl->in_hdr + ssl->next_record_offset,
@@ -2052,7 +2062,8 @@
ssl->next_record_offset = 0;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
ssl->in_left, nb_want ) );
/*
@@ -2094,7 +2105,7 @@
else
timeout = ssl->conf->read_timeout;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
if( ssl->f_recv_timeout != NULL )
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
@@ -2153,7 +2164,8 @@
else
#endif
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
ssl->in_left, nb_want ) );
while( ssl->in_left < nb_want )
@@ -2177,7 +2189,8 @@
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+ ", nb_want: %" MBEDTLS_PRINTF_SIZET,
ssl->in_left, nb_want ) );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
@@ -2190,8 +2203,8 @@
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_recv returned %d bytes but only %lu were requested",
- ret, (unsigned long)len ) );
+ ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
+ ret, len ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2230,7 +2243,8 @@
while( ssl->out_left > 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
+ ", out_left: %" MBEDTLS_PRINTF_SIZET,
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
@@ -2244,8 +2258,8 @@
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "f_send returned %d bytes but only %lu bytes were sent",
- ret, (unsigned long)ssl->out_left ) );
+ ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
+ ret, ssl->out_left ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2286,14 +2300,15 @@
/* Allocate space for current message */
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
sizeof( mbedtls_ssl_flight_item ) ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+ ssl->out_msglen ) );
mbedtls_free( msg );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
@@ -2699,9 +2714,10 @@
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
- "size %u, maximum %u",
- (unsigned) ssl->out_msglen,
- (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ "size %" MBEDTLS_PRINTF_SIZET
+ ", maximum %" MBEDTLS_PRINTF_SIZET,
+ ssl->out_msglen,
+ (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -2728,9 +2744,9 @@
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
- "size %u, maximum %u",
- (unsigned) ( hs_len ),
- (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
+ "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
+ hs_len,
+ (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2922,8 +2938,8 @@
/* Now write the potentially updated record content type. */
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
+ "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
ssl->out_hdr[0], ssl->out_hdr[1],
ssl->out_hdr[2], len ) );
@@ -3119,7 +3135,7 @@
{
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -3127,7 +3143,7 @@
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
- " %d, type = %d, hslen = %d",
+ " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -3163,7 +3179,7 @@
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
- "message_seq = %d, start_of_flight = %d",
+ "message_seq = %u, start_of_flight = %u",
recv_msg_seq,
ssl->handshake->in_flight_start_seq ) );
@@ -3176,7 +3192,7 @@
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
- "message_seq = %d, expected = %d",
+ "message_seq = %u, expected = %u",
recv_msg_seq,
ssl->handshake->in_msg_seq ) );
}
@@ -3746,8 +3762,8 @@
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
+ "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
rec->type,
major_ver, minor_ver, rec->data_len ) );
@@ -3790,8 +3806,8 @@
if( rec_epoch != ssl->in_epoch )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
- "expected %d, received %d",
- ssl->in_epoch, rec_epoch ) );
+ "expected %u, received %lu",
+ ssl->in_epoch, (unsigned long) rec_epoch ) );
/* Records from the next epoch are considered for buffering
* (concretely: early Finished messages). */
@@ -4325,31 +4341,41 @@
{
/* If we can't buffer a future message because
* of space limitations -- ignore. */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
- (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- ignore\n",
+ msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
goto exit;
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
- (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+ msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
}
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
- (unsigned) msg_len,
- (unsigned) reassembly_buf_sz,
- MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
+ " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
+ " the compile-time limit %" MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- fail\n",
+ msg_len,
+ reassembly_buf_sz,
+ (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
}
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
msg_len ) );
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
@@ -4395,7 +4421,8 @@
frag_off = ssl_get_hs_frag_off( ssl );
frag_len = ssl_get_hs_frag_len( ssl );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
+ ", length = %" MBEDTLS_PRINTF_SIZET,
frag_off, frag_len ) );
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
@@ -4622,15 +4649,18 @@
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
hs->buffering.total_bytes_buffered ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
- (unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
- (unsigned) hs->buffering.total_bytes_buffered ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
+ " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+ " (already %" MBEDTLS_PRINTF_SIZET
+ " bytes buffered) -- ignore\n",
+ rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ hs->buffering.total_bytes_buffered ) );
return( 0 );
}
/* Buffer record */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
- ssl->in_epoch + 1 ) );
+ ssl->in_epoch + 1U ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
/* ssl_parse_record_header() only considers records
@@ -4903,7 +4933,7 @@
{
if( ssl->in_msglen != 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -4939,12 +4969,12 @@
/* Note: Standard allows for more than one 2 byte alert
to be packed in a single message, but Mbed TLS doesn't
currently support this. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
ssl->in_msg[0], ssl->in_msg[1] ) );
/*
@@ -5771,7 +5801,8 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
- "maximum fragment length: %d > %d",
+ "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e33b828..807fb18 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -298,13 +298,13 @@
{
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
- " match sig %d and hash %d",
- sig_cur, md_cur ) );
+ " match sig %u and hash %u",
+ (unsigned) sig_cur, (unsigned) md_cur ) );
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
- "hash alg %d not supported", md_cur ) );
+ "hash alg %u not supported", (unsigned) md_cur ) );
}
}
@@ -633,7 +633,7 @@
/* Remember the client asked us to send a new ticket */
ssl->handshake->new_session_ticket = 1;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );
if( len == 0 )
return( 0 );
@@ -1048,7 +1048,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
- suite_id, suite_info->name ) );
+ (unsigned int) suite_id, suite_info->name ) );
if( suite_info->min_minor_ver > ssl->minor_ver ||
suite_info->max_minor_ver < ssl->minor_ver )
@@ -1116,7 +1116,7 @@
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
- "for signature algorithm %d", sig_type ) );
+ "for signature algorithm %u", (unsigned) sig_type ) );
return( 0 );
}
}
@@ -1247,7 +1247,7 @@
sess_len = ( buf[2] << 8 ) | buf[3];
chal_len = ( buf[4] << 8 ) | buf[5];
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
ciph_len, sess_len, chal_len ) );
/*
@@ -1629,7 +1629,7 @@
if( cli_msg_seq != ssl->handshake->in_msg_seq )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
- "%d (expected %d)", cli_msg_seq,
+ "%u (expected %u)", cli_msg_seq,
ssl->handshake->in_msg_seq ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
@@ -2073,7 +2073,7 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
ext_id ) );
}
@@ -2274,7 +2274,7 @@
else
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
- "%d - should not happen", sig_alg ) );
+ "%u - should not happen", (unsigned) sig_alg ) );
}
}
#endif
@@ -2826,7 +2826,8 @@
*p++ = (unsigned char)( t >> 8 );
*p++ = (unsigned char)( t );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+ (long long) t ) );
#else
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
return( ret );
@@ -2914,7 +2915,7 @@
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
p += ssl->session_negotiate->id_len;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
ssl->handshake->resume ? "a" : "no" ) );
@@ -2926,7 +2927,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
- ssl->session_negotiate->compression ) );
+ (unsigned int) ssl->session_negotiate->compression ) );
/* Do not write the extensions if the protocol is SSLv3 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
@@ -2995,7 +2996,8 @@
ext_len += olen;
#endif
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+ ext_len ) );
if( ext_len > 0 )
{
@@ -3502,7 +3504,7 @@
md_alg = MBEDTLS_MD_NONE;
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
/*
* 2.2: Compute the hash to be signed
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 336cbea..e367fbd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -283,7 +283,8 @@
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
+ in_buf_new_len ) );
modified = 1;
}
}
@@ -304,7 +305,8 @@
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
+ out_buf_new_len ) );
modified = 1;
}
}
@@ -961,7 +963,7 @@
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -969,8 +971,8 @@
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
if( md_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
- ciphersuite_info->mac ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
+ (unsigned) ciphersuite_info->mac ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2215,8 +2217,9 @@
n = crt->raw.len;
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
- i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
}
@@ -2707,8 +2710,8 @@
#if defined(MBEDTLS_DEBUG_C)
if( ssl->session_negotiate->verify_result != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
- ssl->session_negotiate->verify_result ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
+ (unsigned int) ssl->session_negotiate->verify_result ) );
}
else
{
@@ -2831,7 +2834,7 @@
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
if( chain == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
sizeof( mbedtls_x509_crt ) ) );
mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -3858,7 +3861,7 @@
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
if( ssl->in_buf == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
@@ -3869,7 +3872,7 @@
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
if( ssl->out_buf == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto error;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index a623c57..0aa4f4c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1629,6 +1629,8 @@
}
#endif /* MBEDTLS_THREADING_C */
+ memset( &sb, 0, sizeof( sb ) );
+
while( ( entry = readdir( dir ) ) != NULL )
{
snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
diff --git a/programs/Makefile b/programs/Makefile
index e0a324f..9033875 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -3,8 +3,8 @@
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -Wextra
-WARNING_CXXFLAGS ?= -Wall -Wextra
+WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
+WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
MBEDTLS_TEST_PATH:=../tests/src
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 03a06ff..8c302a0 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -191,6 +191,7 @@
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 22e3fc5..5f71ec9 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -87,7 +87,7 @@
#include "mbedtls/ssl_cache.h"
#endif
-#define READ_TIMEOUT_MS 10000 /* 5 seconds */
+#define READ_TIMEOUT_MS 10000 /* 10 seconds */
#define DEBUG_LEVEL 0
@@ -223,6 +223,7 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d0758bc..3937981 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1667,7 +1667,7 @@
PSA_ALG_SHA_256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
}
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index 8f7d1fd..39632aa 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -74,6 +74,9 @@
b'Changes',
)
+# The maximum line length for an entry
+MAX_LINE_LENGTH = 80
+
CategoryContent = namedtuple('CategoryContent', [
'name', 'title_line', # Title text and line number of the title
'body', 'body_line', # Body text and starting line number of the body
@@ -214,6 +217,15 @@
line_offset + category.title_line,
'Unknown category: "{}"',
category.name.decode('utf8'))
+
+ body_split = category.body.splitlines()
+ for line_number, line in enumerate(body_split, 1):
+ if len(line) > MAX_LINE_LENGTH:
+ raise InputFormatError(filename,
+ category.body_line + line_number,
+ 'Line is longer than allowed: Length {} (Max {})',
+ len(line), MAX_LINE_LENGTH)
+
self.categories[category.name] += category.body
def __init__(self, input_stream, changelog_format):
diff --git a/tests/Makefile b/tests/Makefile
index d11d904..d250d71 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -3,7 +3,7 @@
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -Wextra
+WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include public header files from ../include, test-specific header files
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index 8abcb11..e785151 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -40,7 +40,7 @@
unsigned long hits;
} test_driver_signature_hooks_t;
-#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 }
+#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void )
{
const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT;
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 43742fd..00e18dd 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1450,7 +1450,26 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
+ loc_cflags="${loc_cflags} -I../tests/include -O2"
+
+ make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
+ unset loc_cflags
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
make test
@@ -2216,11 +2235,31 @@
component_test_psa_crypto_drivers () {
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
+ scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
+ loc_cflags="${loc_cflags} -I../tests/include -O2"
- msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature"
+ make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
+ unset loc_cflags
+
+ msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
make test
}
diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c
index cea0351..47c6deb 100644
--- a/tests/src/drivers/signature.c
+++ b/tests/src/drivers/signature.c
@@ -28,6 +28,8 @@
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
+#include "psa_crypto_ecp.h"
+#include "psa_crypto_rsa.h"
#include "mbedtls/ecp.h"
#include "test/drivers/signature.h"
@@ -44,7 +46,7 @@
psa_status_t test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
@@ -64,85 +66,58 @@
return( PSA_SUCCESS );
}
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+ if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ {
+ return( mbedtls_transparent_test_driver_rsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C)
- if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
+ {
+ if(
+#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ PSA_ALG_IS_ECDSA( alg )
+#else
+ PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
+#endif
+ )
+ {
+ return( mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+ }
+ else
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
+ {
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
- mbedtls_ecp_group_id grp_id;
- switch( psa_get_key_type( attributes ) )
- {
- case PSA_ECC_CURVE_SECP_R1:
- switch( psa_get_key_bits( attributes ) )
- {
- case 256:
- grp_id = MBEDTLS_ECP_DP_SECP256R1;
- break;
- case 384:
- grp_id = MBEDTLS_ECP_DP_SECP384R1;
- break;
- case 521:
- grp_id = MBEDTLS_ECP_DP_SECP521R1;
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
}
-
- /* Beyond this point, the driver is actually doing the work of
- * calculating the signature. */
-
- status = PSA_ERROR_GENERIC_ERROR;
- int ret = 0;
- mbedtls_mpi r, s;
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
- mbedtls_ecp_keypair ecp;
- mbedtls_ecp_keypair_init( &ecp );
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
- key, key_length ) );
-
- /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
- mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
- if( signature_size < 2 * curve_bytes )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto cleanup;
- }
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
- hash, hash_length, md_alg ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-cleanup:
- status = mbedtls_to_psa_error( ret );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_keypair_free( &ecp );
- if( status == PSA_SUCCESS )
- *signature_length = 2 * curve_bytes;
-#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
-#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
-
- return( status );
}
psa_status_t test_opaque_signature_sign_hash(
@@ -161,12 +136,13 @@
(void) signature;
(void) signature_size;
(void) signature_length;
+
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
@@ -176,98 +152,52 @@
if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
return( test_driver_signature_verify_hooks.forced_status );
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C)
- if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- mbedtls_ecp_group_id grp_id;
- switch( psa_get_key_type( attributes ) )
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+ if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
{
- case PSA_ECC_CURVE_SECP_R1:
- switch( psa_get_key_bits( attributes ) )
- {
- case 256:
- grp_id = MBEDTLS_ECP_DP_SECP256R1;
- break;
- case 384:
- grp_id = MBEDTLS_ECP_DP_SECP384R1;
- break;
- case 521:
- grp_id = MBEDTLS_ECP_DP_SECP521R1;
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( mbedtls_transparent_test_driver_rsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
}
-
- /* Beyond this point, the driver is actually doing the work of
- * calculating the signature. */
-
- status = PSA_ERROR_GENERIC_ERROR;
- int ret = 0;
- mbedtls_mpi r, s;
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
- mbedtls_ecp_keypair ecp;
- mbedtls_ecp_keypair_init( &ecp );
- mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
-
- /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */
- if( signature_length < 2 * curve_bytes )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto cleanup;
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
- key, key_length ) );
else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
+
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) );
- MBEDTLS_MPI_CHK(
- mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) );
+ if( PSA_ALG_IS_ECDSA( alg ) )
+ {
+ return( mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
}
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
+ {
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length,
- &ecp.Q, &r, &s ) );
-cleanup:
- status = mbedtls_to_psa_error( ret );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_keypair_free( &ecp );
-#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
-#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
-
- return( status );
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
}
psa_status_t test_opaque_signature_verify_hash(
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index a4f87eb..e7e6863 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -486,7 +486,7 @@
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits );
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
&public_key_length ) );
@@ -528,7 +528,7 @@
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits );
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
PSA_ASSERT( psa_export_public_key( key,
public_key, public_key_length,
@@ -537,6 +537,15 @@
status = psa_raw_key_agreement( alg, key,
public_key, public_key_length,
output, sizeof( output ), &output_length );
+ if ( status == PSA_SUCCESS )
+ {
+ TEST_ASSERT( output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type,
+ key_bits ) );
+ TEST_ASSERT( output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+ }
+
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
@@ -644,6 +653,8 @@
if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
goto exit;
TEST_EQUAL( p, end );
+
+ TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
}
else
#endif /* MBEDTLS_RSA_C */
@@ -653,6 +664,8 @@
{
/* Just the secret value */
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
+
+ TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
}
else
#endif /* MBEDTLS_ECP_C */
@@ -677,6 +690,12 @@
if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
goto exit;
TEST_EQUAL( p, end );
+
+
+ TEST_ASSERT( exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
+ TEST_ASSERT( exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
}
else
#endif /* MBEDTLS_RSA_C */
@@ -684,6 +703,12 @@
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
{
+
+ TEST_ASSERT( exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
+ TEST_ASSERT( exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
+
if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
{
/* The representation of an ECC Montgomery public key is
@@ -804,8 +829,8 @@
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
psa_get_key_type( &attributes ) );
- exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type,
- psa_get_key_bits( &attributes ) );
+ exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type,
+ psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
PSA_ASSERT( psa_export_public_key( key,
diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data
index da99ffa..3a892f4 100644
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@@ -151,6 +151,20 @@
Base64 encode hex #4
base64_encode_hex:"01020304050607":"AQIDBAUGBw==":13:0
+# Rotate the bytes around so that they end up at each offset modulo 3 in
+# successive test cases.
+Base64 encode hex all valid input bytes #0
+base64_encode_hex:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==":345:0
+
+Base64 encode hex all valid input bytes #1
+base64_encode_hex:"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff00":"AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/AA==":345:0
+
+Base64 encode hex all valid input bytes #2
+base64_encode_hex:"02030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff0001":"AgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AAQ==":345:0
+
+Base64 encode all valid output characters at all offsets
+base64_encode_hex:"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":261:0
+
Base64 decode hex #1
base64_decode_hex:"AQIDBAUGBwgJ":"010203040506070809":9:0
@@ -166,6 +180,9 @@
Base64 decode hex #5 (buffer too small)
base64_decode_hex:"AQIDBAUGBw==":"01020304050607":6:MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
+Base64 decode all valid input characters at all offsets
+base64_decode_hex:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":195:0
+
Base64 Selftest
depends_on:MBEDTLS_SELF_TEST
base64_selftest:
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index dc6ec15..be9b6e8 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/base64.h"
+#include <test/constant_flow.h>
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -13,13 +14,22 @@
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
- size_t len;
+ size_t len, src_len;
memset(src_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 );
- TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, strlen( (char *) src_str ) ) == result );
+ src_len = strlen( (char *) src_str );
+
+ TEST_CF_SECRET( src_str, sizeof( src_str ) );
+ TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
+ TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
+
+ /* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+ CF failures by unmarking it. */
+ TEST_CF_PUBLIC( dst_str, len );
+
if( result == 0 )
{
TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
@@ -57,7 +67,14 @@
res = mbedtls_test_zero_alloc( dst_buf_size );
+ TEST_CF_SECRET( src->x, src->len );
TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
+ TEST_CF_PUBLIC( src->x, src->len );
+
+ /* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+ CF failures by unmarking it. */
+ TEST_CF_PUBLIC( res, len );
+
if( result == 0 )
{
TEST_ASSERT( len == strlen( dst ) );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 3824fa0..5e8b490 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2158,9 +2158,13 @@
sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign: invalid algorithm for ECC key
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+PSA sign: deterministic ECDSA not supported
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED
+
PSA sign/verify: RSA PKCS#1 v1.5, raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 55b9416..628380e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -613,7 +613,10 @@
reexported, reexported_length );
PSA_ASSERT( psa_destroy_key( key2 ) );
}
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
+ TEST_ASSERT( exported_length <=
+ PSA_EXPORT_KEY_OUTPUT_SIZE( type,
+ psa_get_key_bits( &got_attributes ) ) );
+ TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
destroy:
/* Destroy the key */
@@ -674,6 +677,10 @@
bits = psa_get_key_bits( &attributes );
TEST_ASSERT( expected_public_key->len <=
PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
+ TEST_ASSERT( expected_public_key->len <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
+ TEST_ASSERT( expected_public_key->len <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
exported, exported_length );
}
@@ -2403,19 +2410,29 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output_buffer_size <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output, output_buffer_size );
PSA_ASSERT( psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
+
status = psa_cipher_finish( &operation,
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
@@ -2471,8 +2488,9 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output_buffer_size <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output, output_buffer_size );
TEST_ASSERT( first_part_size <= input->len );
@@ -2480,7 +2498,12 @@
output, output_buffer_size,
&function_output_length ) );
TEST_ASSERT( function_output_length == output1_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
total_output_length += function_output_length;
+
PSA_ASSERT( psa_cipher_update( &operation,
input->x + first_part_size,
input->len - first_part_size,
@@ -2488,11 +2511,22 @@
output_buffer_size - total_output_length,
&function_output_length ) );
TEST_ASSERT( function_output_length == output2_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
+
PSA_ASSERT( psa_cipher_finish( &operation,
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2544,8 +2578,9 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output_buffer_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output, output_buffer_size );
TEST_ASSERT( first_part_size <= input->len );
@@ -2554,7 +2589,12 @@
output, output_buffer_size,
&function_output_length ) );
TEST_ASSERT( function_output_length == output1_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
total_output_length += function_output_length;
+
PSA_ASSERT( psa_cipher_update( &operation,
input->x + first_part_size,
input->len - first_part_size,
@@ -2562,11 +2602,22 @@
output_buffer_size - total_output_length,
&function_output_length ) );
TEST_ASSERT( function_output_length == output2_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
+
PSA_ASSERT( psa_cipher_finish( &operation,
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2615,19 +2666,29 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output_buffer_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output, output_buffer_size );
PSA_ASSERT( psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
+
status = psa_cipher_finish( &operation,
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
@@ -2686,23 +2747,37 @@
iv, iv_size,
&iv_length ) );
}
- output1_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output1_size <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output1, output1_size );
PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
output1, output1_size,
&output1_length ) );
+ TEST_ASSERT( output1_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( output1_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+
PSA_ASSERT( psa_cipher_finish( &operation1,
output1 + output1_length,
output1_size - output1_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
output2_size = output1_length;
+ TEST_ASSERT( output2_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ TEST_ASSERT( output2_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_ALLOC( output2, output2_size );
if( iv_length > 0 )
@@ -2714,11 +2789,20 @@
PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
output2, output2_size,
&output2_length ) );
+ TEST_ASSERT( output2_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ TEST_ASSERT( output2_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) );
+
function_output_length = 0;
PSA_ASSERT( psa_cipher_finish( &operation2,
output2 + output2_length,
output2_size - output2_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output2_length += function_output_length;
@@ -2780,8 +2864,9 @@
&iv_length ) );
}
- output1_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ TEST_ASSERT( output1_buffer_size <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output1, output1_buffer_size );
TEST_ASSERT( first_part_size <= input->len );
@@ -2789,6 +2874,10 @@
PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
output1, output1_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_update( &operation1,
@@ -2796,17 +2885,31 @@
input->len - first_part_size,
output1, output1_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation1,
output1 + output1_length,
output1_buffer_size - output1_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
output2_buffer_size = output1_length;
+ TEST_ASSERT( output2_buffer_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ TEST_ASSERT( output2_buffer_size <=
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_ALLOC( output2, output2_buffer_size );
if( iv_length > 0 )
@@ -2818,6 +2921,10 @@
PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
output2, output2_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_update( &operation2,
@@ -2825,12 +2932,22 @@
output1_length - first_part_size,
output2, output2_buffer_size,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ output1_length - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation2,
output2 + output2_length,
output2_buffer_size - output2_length,
&function_output_length ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation2 ) );
@@ -2913,6 +3030,9 @@
TEST_EQUAL( input_data->len,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
+ TEST_ASSERT( input_data->len <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
+
TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
@@ -2957,6 +3077,8 @@
* should be exact. */
TEST_EQUAL( output_size,
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
PSA_ASSERT( psa_crypto_init( ) );
@@ -3016,11 +3138,15 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
output_size = input_data->len - tag_length;
- /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
- * should be exact. */
if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
+ {
+ /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+ * should be exact. */
TEST_EQUAL( output_size,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ }
ASSERT_ALLOC( output_data, output_size );
PSA_ASSERT( psa_crypto_init( ) );
@@ -3389,7 +3515,9 @@
/* Determine the maximum output length */
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
+
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output, output_size );
/* Encrypt the input */
@@ -3461,9 +3589,15 @@
/* Determine the maximum ciphertext length */
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
+
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output, output_size );
+
output2_size = input_data->len;
+ TEST_ASSERT( output2_size <=
+ PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
+ TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output2, output2_size );
/* We test encryption by checking that encrypt-then-decrypt gives back
@@ -3511,14 +3645,12 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output = NULL;
size_t output_size = 0;
size_t output_length = ~0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- output_size = expected_data->len;
- ASSERT_ALLOC( output, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
@@ -3528,6 +3660,14 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ /* Determine the maximum ciphertext length */
+ output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
+ ASSERT_ALLOC( output, output_size );
+
PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
@@ -3925,6 +4065,14 @@
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
&keys[i] ) );
+
+ if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+ {
+ PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
+ TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
+ PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
+ }
+
PSA_ASSERT( psa_key_derivation_input_key(
&operation, steps[i], keys[i] ) );
break;
@@ -4310,6 +4458,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
unsigned char *output = NULL;
size_t output_length = ~0;
+ size_t key_bits;
ASSERT_ALLOC( output, expected_output->len );
PSA_ASSERT( psa_crypto_init( ) );
@@ -4321,12 +4470,19 @@
our_key_data->x, our_key_data->len,
&our_key ) );
+ PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
peer_key_data->x, peer_key_data->len,
output, expected_output->len,
&output_length ) );
ASSERT_COMPARE( output, output_length,
expected_output->x, expected_output->len );
+ TEST_ASSERT( output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
+ TEST_ASSERT( output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
exit:
mbedtls_free( output );
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 14f84c0..8ac27a9 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -2,6 +2,7 @@
ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
sign_hash through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
sign_hash through transparent driver: error
@@ -14,6 +15,7 @@
ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using private key through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using private key through transparent driver: error
@@ -23,6 +25,7 @@
ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using public key through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using public key through transparent driver: error
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 330846a..fb9ce07 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -17,6 +17,7 @@
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
16 + /*UID (64-bit number in hex)*/ \
+ 16 + /*UID (64-bit number in hex)*/ \
sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
1 /*terminating null byte*/ )
#define PSA_ITS_STORAGE_TEMP \
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 2b01227..e4da3d4 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.25.0"
+check_compiletime_version:"2.26.0"
Check runtime library version
-check_runtime_version:"2.25.0"
+check_runtime_version:"2.26.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index c2051e6..7a01344 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -222,9 +222,11 @@
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
<ClInclude Include="..\..\include\psa\crypto.h" />
+ <ClInclude Include="..\..\include\psa\crypto_builtin_hash.h" />
<ClInclude Include="..\..\include\psa\crypto_compat.h" />
<ClInclude Include="..\..\include\psa\crypto_config.h" />
<ClInclude Include="..\..\include\psa\crypto_driver_common.h" />
+ <ClInclude Include="..\..\include\psa\crypto_driver_contexts.h" />
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
<ClInclude Include="..\..\include\psa\crypto_platform.h" />
<ClInclude Include="..\..\include\psa\crypto_se_driver.h" />
@@ -251,6 +253,7 @@
<ClInclude Include="..\..\library\psa_crypto_core.h" />
<ClInclude Include="..\..\library\psa_crypto_driver_wrappers.h" />
<ClInclude Include="..\..\library\psa_crypto_ecp.h" />
+ <ClInclude Include="..\..\library\psa_crypto_hash.h" />
<ClInclude Include="..\..\library\psa_crypto_invasive.h" />
<ClInclude Include="..\..\library\psa_crypto_its.h" />
<ClInclude Include="..\..\library\psa_crypto_random_impl.h" />
@@ -324,6 +327,7 @@
<ClCompile Include="..\..\library\psa_crypto_client.c" />
<ClCompile Include="..\..\library\psa_crypto_driver_wrappers.c" />
<ClCompile Include="..\..\library\psa_crypto_ecp.c" />
+ <ClCompile Include="..\..\library\psa_crypto_hash.c" />
<ClCompile Include="..\..\library\psa_crypto_rsa.c" />
<ClCompile Include="..\..\library\psa_crypto_se.c" />
<ClCompile Include="..\..\library\psa_crypto_slot_management.c" />