Merge pull request #7419 from yuhaoth/test/random-time-test-fail
Workaround random `test_suite_platform` fail in time test
diff --git a/BRANCHES.md b/BRANCHES.md
index a2ea074..0aaacb0 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -23,6 +23,11 @@
compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
ABI compatibility within LTS branches; see the next section for details.
+Every major version will become an LTS branch when the next major version is
+released. We may occasionally create LTS branches from other releases at our
+discretion.
+When a new LTS branch is created, it usually remains supported for three years.
+
## Backwards Compatibility for application code
We maintain API compatibility in released versions of Mbed TLS. If you have
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a7bf198..3a8c5c6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -24,7 +24,7 @@
1. [Check for open issues](https://github.com/Mbed-TLS/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
1. Fork the [Mbed TLS repository on GitHub](https://github.com/Mbed-TLS/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/Mbed-TLS/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
-1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
+1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. See our [review process guidelines](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/).
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
Backwards Compatibility
diff --git a/ChangeLog.d/add-missing-md-includes.txt b/ChangeLog.d/add-missing-md-includes.txt
new file mode 100644
index 0000000..408c361
--- /dev/null
+++ b/ChangeLog.d/add-missing-md-includes.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Add missing md.h includes to some of the external programs from
+ the programs directory. Without this, even though the configuration
+ was sufficient for a particular program to work, it would only print
+ a message that one of the required defines is missing.
diff --git a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
new file mode 100644
index 0000000..c30e074
--- /dev/null
+++ b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
+ in the ecdsa.h header file. There was a build warning when the
+ configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
+ Resolves #7407.
diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
new file mode 100644
index 0000000..22e8adb
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
new file mode 100644
index 0000000..fe2099e
--- /dev/null
+++ b/ChangeLog.d/programs_psa_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/verify-ip-sans-properly.txt b/ChangeLog.d/verify-ip-sans-properly.txt
new file mode 100644
index 0000000..00203a8
--- /dev/null
+++ b/ChangeLog.d/verify-ip-sans-properly.txt
@@ -0,0 +1,2 @@
+Features
+ * X.509 hostname verification now supports IPAddress Subject Alternate Names.
diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh
index 5c34b28..1e1ec8c 100755
--- a/docs/architecture/psa-migration/syms.sh
+++ b/docs/architecture/psa-migration/syms.sh
@@ -17,13 +17,20 @@
#
# Purpose
#
-# Show symbols in the X.509 and TLS libraries that are defined in another
-# libmbedtlsXXX.a library. This is usually done to list Crypto dependencies.
+# Show external links in built libraries (X509 or TLS) or modules. This is
+# usually done to list Crypto dependencies or to check modules'
+# interdependencies.
#
# Usage:
# - build the library with debug symbols and the config you're interested in
# (default, full minus MBEDTLS_USE_PSA_CRYPTO, full, etc.)
-# - run this script with the name of your config as the only argument
+# - launch this script with 1 or more arguments depending on the analysis' goal:
+# - if only 1 argument is used (which is the name of the used config,
+# ex: full), then the analysis is done on libmbedx509 and libmbedtls
+# libraries by default
+# - if multiple arguments are provided, then modules' names (ex: pk,
+# pkparse, pkwrite, etc) are expected after the 1st one and the analysis
+# will be done on those modules instead of the libraries.
set -eu
@@ -35,10 +42,21 @@
nm "$FILE" | sed -n "s/[0-9a-f ]*${TYPE} \(mbedtls_.*\)/\1/p" | sort -u
}
+# Check if the provided name refers to a module or library and return the
+# same path with proper extension
+get_file_with_extension() {
+ BASE=$1
+ if [ -f $BASE.o ]; then
+ echo $BASE.o
+ elif [ -f $BASE.a ]; then
+ echo $BASE.a
+ fi
+}
+
# create listings for the given library
list() {
NAME="$1"
- FILE="library/libmbed${NAME}.a"
+ FILE=$(get_file_with_extension "library/${NAME}")
PREF="${CONFIG}-$NAME"
syms '[TRrD]' $FILE > ${PREF}-defined
@@ -54,5 +72,14 @@
CONFIG="${1:-unknown}"
-list x509
-list tls
+# List of modules to check is provided as parameters
+if [ $# -gt 1 ]; then
+ shift 1
+ ITEMS_TO_CHECK="$@"
+else
+ ITEMS_TO_CHECK="libmbedx509 libmbedtls"
+fi
+
+for ITEM in $ITEMS_TO_CHECK; do
+ list $ITEM
+done
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 0027ec7..cd1b9fc 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -474,7 +474,8 @@
* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC` Round 2: input Schnorr NIZKP public key for the X4S key
* `PSA_JPAKE_X4S_STEP_ZK_PROOF` Round 2: input Schnorr NIZKP proof for the X4S key
-The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE.
+The core checks that `input_length` is not greater than `PSA_PAKE_INPUT_SIZE(alg, prim, step)` and
+the driver can rely on that.
### PAKE driver get implicit key
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 12a8544..ba5844f 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -105,6 +105,13 @@
#define MBEDTLS_MD_LIGHT
#endif
+/* MBEDTLS_ECP_C now consists of MBEDTLS_ECP_LIGHT plus functions for curve
+ * arithmetic. As a consequence if MBEDTLS_ECP_C is required for some reason,
+ * then MBEDTLS_ECP_LIGHT should be enabled as well. */
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_ECP_LIGHT
+#endif
+
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
* is defined as well to include all PSA code.
*/
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 8e1accd..c81cd1c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -66,13 +66,6 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
-#if defined(__aarch64__) && defined(__GNUC__)
-/* We don't do anything with MBEDTLS_AESCE_C on systems without ^ these two */
-#if defined(MBEDTLS_AESCE_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESCE_C defined, but not all prerequisites"
-#endif
-#endif
-
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
@@ -284,7 +277,9 @@
/* Helper for ECDSA dependencies, will be undefined at the end of the file */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_HAVE_FULL_ECDSA)
+#if (defined(PSA_WANT_ALG_ECDSA) || \
+ defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
#define MBEDTLS_PK_HAVE_ECDSA
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -295,7 +290,7 @@
/* Helper for JPAKE dependencies, will be undefined at the end of the file */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_HAVE_FULL_JPAKE)
+#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
#define MBEDTLS_PK_HAVE_JPAKE
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -306,7 +301,7 @@
/* Helper for ECDH dependencies, will be undefined at the end of the file */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_HAVE_FULL_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
#define MBEDTLS_PK_HAVE_ECDH
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -454,7 +449,7 @@
#endif
#if defined(MBEDTLS_PK_C) && \
- !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C)
+ !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT)
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 6af9eae..20d4358 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -877,22 +877,6 @@
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
-#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#define PSA_HAVE_FULL_ECDSA 1
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
- defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#define PSA_HAVE_FULL_JPAKE 1
-#endif
-
-/* Having support for ECDH implicitly includes support for private and
- * public keys, so we don't specify that requirement here. */
-#if defined(PSA_WANT_ALG_ECDH)
-#define PSA_HAVE_FULL_ECDH 1
-#endif
-
/* These features are always enabled. */
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_PASSWORD 1
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index c5d9701..e797c1a 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -288,6 +288,8 @@
void *p_rng_blind,
mbedtls_ecdsa_restart_ctx *rs_ctx);
+#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
+
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/**
@@ -321,6 +323,7 @@
* buffer of length \p blen Bytes. It may be \c NULL if
* \p blen is zero.
* \param blen The length of \p buf in Bytes.
+ * \param md_alg The hash algorithm used to hash the original data.
* \param f_rng_blind The RNG function used for blinding. This must not be
* \c NULL.
* \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
@@ -348,8 +351,6 @@
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
-
/**
* \brief This function verifies the ECDSA signature of a
* previously-hashed message.
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index b6144d9..9a6717d 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -312,7 +312,7 @@
/**
* The maximum size of the groups, that is, of \c N and \c P.
*/
-#if !defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_ECP_LIGHT)
/* Dummy definition to help code that has optional ECP support and
* defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
#define MBEDTLS_ECP_MAX_BITS 1
@@ -343,9 +343,9 @@
#define MBEDTLS_ECP_MAX_BITS 192
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define MBEDTLS_ECP_MAX_BITS 192
-#else
+#else /* !MBEDTLS_ECP_LIGHT */
#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
-#endif
+#endif /* !MBEDTLS_ECP_LIGHT */
#define MBEDTLS_ECP_MAX_BYTES ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 89d5659..6158850 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2076,12 +2076,15 @@
* Module: library/aesce.c
* Caller: library/aes.c
*
- * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C
+ * Requires: MBEDTLS_AES_C
*
* \warning Runtime detection only works on Linux. For non-Linux operating
* system, Armv8-A Cryptographic Extensions must be supported by
* the CPU when this option is enabled.
*
+ * \note Minimum compiler versions for this feature are Clang 4.0,
+ * GCC 6.0 or MSVC 2019 version 16.11.2.
+ *
* This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
*/
#define MBEDTLS_AESCE_C
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index a592e63..a72f51c 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -509,7 +509,7 @@
int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen);
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/**
* \brief Translate NamedCurve OID into an EC group identifier
*
@@ -531,7 +531,7 @@
*/
int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen);
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/**
* \brief Translate SignatureAlgorithm OID into md_type and pk_type
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 5d2cf34..c579661 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -771,7 +771,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/**
* Quick access to an EC context inside a PK context.
*
@@ -794,7 +794,7 @@
return NULL;
}
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f8c5948..4b73b41 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -40,6 +40,8 @@
#include "mbedtls/dhm.h"
#endif
+#include "mbedtls/md.h"
+
#if defined(MBEDTLS_ECDH_C)
#include "mbedtls/ecdh.h"
#endif
@@ -106,7 +108,8 @@
/* Error space gap */
/* Error space gap */
/* Error space gap */
-/* Error space gap */
+/** Cache entry not found */
+#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80
/** Memory allocation failed */
#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
/** Hardware acceleration function returned with error */
@@ -1483,7 +1486,7 @@
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
@@ -3618,7 +3621,7 @@
unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
@@ -3664,7 +3667,7 @@
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/**
* \brief Set the allowed groups in order of preference.
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 55dcf77..08f98b5 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -102,6 +102,11 @@
* \param session_id_len The length of \p session_id in bytes.
* \param session The address at which to store the session
* associated with \p session_id, if present.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
+ * no cache entry with specified session ID found, or
+ * any other negative error code for other failures.
*/
int mbedtls_ssl_cache_get(void *data,
unsigned char const *session_id,
@@ -117,6 +122,9 @@
* associated to \p session.
* \param session_id_len The length of \p session_id in bytes.
* \param session The session to store.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_ssl_cache_set(void *data,
unsigned char const *session_id,
@@ -132,9 +140,10 @@
* associated to \p session.
* \param session_id_len The length of \p session_id in bytes.
*
- * \return 0: The cache entry for session with provided ID
- * is removed or does not exist.
- * Otherwise: fail.
+ * \return \c 0 on success. This indicates the cache entry for
+ * the session with provided ID is removed or does not
+ * exist.
+ * \return A negative error code on failure.
*/
int mbedtls_ssl_cache_remove(void *data,
unsigned char const *session_id,
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6c86a66..a795183 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -638,7 +638,7 @@
* \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its
- * Subject name. Currently only DNS names are supported. This
+ * Subject name. DNS names and IP addresses are supported. This
* may be \c NULL if the CN need not be verified.
* \param flags The address at which to store the result of the verification.
* If the verification couldn't be completed, the flag value is
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 7ff90eb..b858180 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -573,7 +573,7 @@
* @{
*/
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
@@ -660,7 +660,7 @@
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy);
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/**@}*/
@@ -1937,6 +1937,9 @@
*
* This macro must expand to a compile-time constant integer.
*
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_OUTPUT_SIZE()
+ *
* See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_OUTPUT_MAX_SIZE 65
@@ -1946,6 +1949,9 @@
*
* This macro must expand to a compile-time constant integer.
*
+ * The value of this macro must be at least as large as the largest value
+ * returned by PSA_PAKE_INPUT_SIZE()
+ *
* See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
*/
#define PSA_PAKE_INPUT_MAX_SIZE 65
@@ -1958,7 +1964,7 @@
/** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t.
*/
-#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \
+#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
{ 0 }, { { 0 } } }
struct psa_pake_cipher_suite_s {
@@ -2104,6 +2110,8 @@
unsigned int MBEDTLS_PRIVATE(id);
/* Algorithm of the PAKE operation */
psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ /* A primitive of type compatible with algorithm */
+ psa_pake_primitive_t MBEDTLS_PRIVATE(primitive);
/* Stage of the PAKE operation: waiting for the setup, collecting inputs
* or computing. */
uint8_t MBEDTLS_PRIVATE(stage);
diff --git a/library/aesce.c b/library/aesce.c
index fe056dc..ff8c2e0 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -48,22 +48,34 @@
#if defined(MBEDTLS_HAVE_ARM64)
+/* Compiler version checks. */
+#if defined(__clang__)
+# if __clang_major__ < 4
+# error "Minimum version of Clang for MBEDTLS_AESCE_C is 4.0."
+# endif
+#elif defined(__GNUC__)
+# if __GNUC__ < 6
+# error "Minimum version of GCC for MBEDTLS_AESCE_C is 6.0."
+# endif
+#elif defined(_MSC_VER)
+/* TODO: We haven't verified MSVC from 1920 to 1928. If someone verified that,
+ * please update this and document of `MBEDTLS_AESCE_C` in
+ * `mbedtls_config.h`. */
+# if _MSC_VER < 1929
+# error "Minimum version of MSVC for MBEDTLS_AESCE_C is 2019 version 16.11.2."
+# endif
+#endif
+
#if !defined(__ARM_FEATURE_AES) || defined(MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG)
# if defined(__clang__)
-# if __clang_major__ < 4
-# error "A more recent Clang is required for MBEDTLS_AESCE_C"
-# endif
# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function)
# define MBEDTLS_POP_TARGET_PRAGMA
# elif defined(__GNUC__)
-# if __GNUC__ < 6
-# error "A more recent GCC is required for MBEDTLS_AESCE_C"
-# endif
# pragma GCC push_options
# pragma GCC target ("arch=armv8-a+crypto")
# define MBEDTLS_POP_TARGET_PRAGMA
-# else
-# error "Only GCC and Clang supported for MBEDTLS_AESCE_C"
+# elif defined(_MSC_VER)
+# error "Required feature(__ARM_FEATURE_AES) is not enabled."
# endif
#endif /* !__ARM_FEATURE_AES || MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG */
@@ -295,12 +307,24 @@
* Older compilers miss some intrinsic functions for `poly*_t`. We use
* uint8x16_t and uint8x16x3_t as input/output parameters.
*/
+#if defined(__GNUC__) && !defined(__clang__)
+/* GCC reports incompatible type error without cast. GCC think poly64_t and
+ * poly64x1_t are different, that is different with MSVC and Clang. */
+#define MBEDTLS_VMULL_P64(a, b) vmull_p64((poly64_t) a, (poly64_t) b)
+#else
+/* MSVC reports `error C2440: 'type cast'` with cast. Clang does not report
+ * error with/without cast. And I think poly64_t and poly64x1_t are same, no
+ * cast for clang also. */
+#define MBEDTLS_VMULL_P64(a, b) vmull_p64(a, b)
+#endif
static inline uint8x16_t pmull_low(uint8x16_t a, uint8x16_t b)
{
+
return vreinterpretq_u8_p128(
- vmull_p64(
- (poly64_t) vget_low_p64(vreinterpretq_p64_u8(a)),
- (poly64_t) vget_low_p64(vreinterpretq_p64_u8(b))));
+ MBEDTLS_VMULL_P64(
+ vget_low_p64(vreinterpretq_p64_u8(a)),
+ vget_low_p64(vreinterpretq_p64_u8(b))
+ ));
}
static inline uint8x16_t pmull_high(uint8x16_t a, uint8x16_t b)
@@ -362,9 +386,14 @@
static inline uint8x16_t poly_mult_reduce(uint8x16x3_t input)
{
uint8x16_t const ZERO = vdupq_n_u8(0);
- /* use 'asm' as an optimisation barrier to prevent loading MODULO from memory */
+
uint64x2_t r = vreinterpretq_u64_u8(vdupq_n_u8(0x87));
+#if defined(__GNUC__)
+ /* use 'asm' as an optimisation barrier to prevent loading MODULO from
+ * memory. It is for GNUC compatible compilers.
+ */
asm ("" : "+w" (r));
+#endif
uint8x16_t const MODULO = vreinterpretq_u8_u64(vshrq_n_u64(r, 64 - 8));
uint8x16_t h, m, l; /* input high/middle/low 128b */
uint8x16_t c, d, e, f, g, n, o;
diff --git a/library/aesce.h b/library/aesce.h
index 12ddc74..7048d77 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -30,11 +30,11 @@
#include "mbedtls/aes.h"
-
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
- defined(__aarch64__) && !defined(MBEDTLS_HAVE_ARM64)
+#if !defined(MBEDTLS_HAVE_ARM64)
+#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)
#define MBEDTLS_HAVE_ARM64
#endif
+#endif
#if defined(MBEDTLS_HAVE_ARM64)
diff --git a/library/bignum_core.c b/library/bignum_core.c
index c6d92fb..b0ffa37 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -35,6 +35,23 @@
size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a)
{
+#if defined(__has_builtin)
+#if __has_builtin(__builtin_clz)
+ if (sizeof(mbedtls_mpi_uint) == sizeof(unsigned int)) {
+ return (size_t) __builtin_clz(a);
+ }
+#endif
+#if __has_builtin(__builtin_clzl)
+ if (sizeof(mbedtls_mpi_uint) == sizeof(unsigned long)) {
+ return (size_t) __builtin_clzl(a);
+ }
+#endif
+#if __has_builtin(__builtin_clzll)
+ if (sizeof(mbedtls_mpi_uint) == sizeof(unsigned long long)) {
+ return (size_t) __builtin_clzll(a);
+ }
+#endif
+#endif
size_t j;
mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
@@ -51,21 +68,17 @@
size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs)
{
- size_t i, j;
+ int i;
+ size_t j;
- if (A_limbs == 0) {
- return 0;
- }
-
- for (i = A_limbs - 1; i > 0; i--) {
+ for (i = ((int) A_limbs) - 1; i >= 0; i--) {
if (A[i] != 0) {
- break;
+ j = biL - mbedtls_mpi_core_clz(A[i]);
+ return (i * biL) + j;
}
}
- j = biL - mbedtls_mpi_core_clz(A[i]);
-
- return (i * biL) + j;
+ return 0;
}
/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
diff --git a/library/bignum_core.h b/library/bignum_core.h
index b3d05a3..158d2b3 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -102,9 +102,12 @@
/** Count leading zero bits in a given integer.
*
+ * \warning The result is undefined if \p a == 0
+ *
* \param a Integer to count leading zero bits.
*
- * \return The number of leading zero bits in \p a.
+ * \return The number of leading zero bits in \p a, if \p a != 0.
+ * If \p a == 0, the result is undefined.
*/
size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a);
diff --git a/library/debug.c b/library/debug.c
index 12559af..3969616 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -172,7 +172,7 @@
}
}
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_ecp_point *X)
@@ -192,7 +192,7 @@
mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y);
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_BIGNUM_C)
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
@@ -273,7 +273,7 @@
if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
} else
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
} else
diff --git a/library/ecdh.c b/library/ecdh.c
index b529af5..58ef881 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -20,7 +20,7 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
* RFC 4492
*/
diff --git a/library/ecdsa.c b/library/ecdsa.c
index eb3c303..1faec16 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -20,7 +20,7 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
*/
#include "common.h"
@@ -234,6 +234,19 @@
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
+{
+ switch (gid) {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+ case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+ default: return 1;
+ }
+}
+
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
@@ -373,19 +386,6 @@
return ret;
}
-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
-{
- switch (gid) {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
- case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
- case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
- default: return 1;
- }
-}
-
/*
* Compute ECDSA signature of a hashed message
*/
diff --git a/library/ecp.c b/library/ecp.c
index 08fbe86..086acb3 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -20,13 +20,15 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
* GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
* RFC 4492 for the related TLS structures and constants
+ * - https://www.rfc-editor.org/rfc/rfc4492
* RFC 7748 for the Curve448 and Curve25519 curve definitions
+ * - https://www.rfc-editor.org/rfc/rfc7748
*
- * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * [Curve25519] https://cr.yp.to/ecdh/curve25519-20060209.pdf
*
* [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
@@ -70,7 +72,7 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#include "mbedtls/ecp.h"
#include "mbedtls/threading.h"
@@ -93,7 +95,10 @@
* Counts of point addition and doubling, and field multiplications.
* Used to test resistance of point multiplication to simple timing attacks.
*/
-static unsigned long add_count, dbl_count, mul_count;
+#if defined(MBEDTLS_ECP_C)
+static unsigned long add_count, dbl_count;
+#endif /* MBEDTLS_ECP_C */
+static unsigned long mul_count;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -320,6 +325,7 @@
#endif /* MBEDTLS_ECP_RESTARTABLE */
+#if defined(MBEDTLS_ECP_C)
static void mpi_init_many(mbedtls_mpi *arr, size_t size)
{
while (size--) {
@@ -333,6 +339,7 @@
mbedtls_mpi_free(arr++);
}
}
+#endif /* MBEDTLS_ECP_C */
/*
* List of supported curves:
@@ -1306,7 +1313,10 @@
mbedtls_mpi_free(&exp);
return ret;
}
+#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
* For curves in short Weierstrass form, we do all the internal operations in
* Jacobian coordinates.
@@ -2723,6 +2733,7 @@
{
return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL);
}
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
@@ -2763,6 +2774,7 @@
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
* R = m * P with shortcuts for m == 0, m == 1 and m == -1
@@ -2914,6 +2926,7 @@
return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL);
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
@@ -3159,6 +3172,7 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
+#if defined(MBEDTLS_ECP_C)
/*
* Generate a keypair with configurable base point
*/
@@ -3200,6 +3214,7 @@
return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
}
+#endif /* MBEDTLS_ECP_C */
#define ECP_CURVE25519_KEY_SIZE 32
#define ECP_CURVE448_KEY_SIZE 56
@@ -3316,7 +3331,7 @@
return ret;
}
-
+#if defined(MBEDTLS_ECP_C)
/*
* Check a public-private key pair
*/
@@ -3357,6 +3372,7 @@
return ret;
}
+#endif /* MBEDTLS_ECP_C */
/*
* Export generic key-pair parameters.
@@ -3383,6 +3399,7 @@
#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_ECP_C)
/*
* PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
*
@@ -3490,12 +3507,14 @@
}
return ret;
}
+#endif /* MBEDTLS_ECP_C */
/*
* Checkup routine
*/
int mbedtls_ecp_self_test(int verbose)
{
+#if defined(MBEDTLS_ECP_C)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
mbedtls_ecp_point R, P;
@@ -3609,10 +3628,14 @@
}
return ret;
+#else /* MBEDTLS_ECP_C */
+ (void) verbose;
+ return 0;
+#endif /* MBEDTLS_ECP_C */
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* !MBEDTLS_ECP_ALT */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 30ae79e..1640107 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
@@ -4608,12 +4608,18 @@
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
static int ecp_mod_p224k1(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *);
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static int ecp_mod_p256k1(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p256k1(mbedtls_mpi *);
#endif
#if defined(ECP_LOAD_GROUP)
@@ -5524,7 +5530,6 @@
size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i;
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
@@ -5541,55 +5546,31 @@
M.s = 1;
M.p = Mp;
- /* M = A1 */
- M.n = N->n - (p_limbs - adjust);
- if (M.n > p_limbs + adjust) {
- M.n = p_limbs + adjust;
- }
- memset(Mp, 0, sizeof(Mp));
- memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
- if (shift != 0) {
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
- }
- M.n += R.n; /* Make room for multiplication by R */
+ for (size_t pass = 0; pass < 2; pass++) {
+ /* M = A1 */
+ M.n = N->n - (p_limbs - adjust);
+ if (M.n > p_limbs + adjust) {
+ M.n = p_limbs + adjust;
+ }
+ memset(Mp, 0, sizeof(Mp));
+ memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+ if (shift != 0) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+ }
+ M.n += R.n; /* Make room for multiplication by R */
- /* N = A0 */
- if (mask != 0) {
- N->p[p_limbs - 1] &= mask;
- }
- for (i = p_limbs; i < N->n; i++) {
- N->p[i] = 0;
- }
+ /* N = A0 */
+ if (mask != 0) {
+ N->p[p_limbs - 1] &= mask;
+ }
+ for (size_t i = p_limbs; i < N->n; i++) {
+ N->p[i] = 0;
+ }
- /* N = A0 + R * A1 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
-
- /* Second pass */
-
- /* M = A1 */
- M.n = N->n - (p_limbs - adjust);
- if (M.n > p_limbs + adjust) {
- M.n = p_limbs + adjust;
+ /* N = A0 + R * A1 */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
}
- memset(Mp, 0, sizeof(Mp));
- memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
- if (shift != 0) {
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
- }
- M.n += R.n; /* Make room for multiplication by R */
-
- /* N = A0 */
- if (mask != 0) {
- N->p[p_limbs - 1] &= mask;
- }
- for (i = p_limbs; i < N->n; i++) {
- N->p[i] = 0;
- }
-
- /* N = A0 + R * A1 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
cleanup:
return ret;
@@ -5605,6 +5586,12 @@
*/
static int ecp_mod_p192k1(mbedtls_mpi *N)
{
+ return mbedtls_ecp_mod_p192k1(N);
+}
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N)
+{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00)
@@ -5616,11 +5603,18 @@
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+
+static int ecp_mod_p224k1(mbedtls_mpi *N)
+{
+ return mbedtls_ecp_mod_p224k1(N);
+}
+
/*
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
-static int ecp_mod_p224k1(mbedtls_mpi *N)
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
@@ -5638,11 +5632,18 @@
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+
+static int ecp_mod_p256k1(mbedtls_mpi *N)
+{
+ return mbedtls_ecp_mod_p256k1(N);
+}
+
/*
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
-static int ecp_mod_p256k1(mbedtls_mpi *N)
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
@@ -5837,4 +5838,4 @@
}
#endif /* MBEDTLS_TEST_HOOKS */
#endif /* !MBEDTLS_ECP_ALT */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 8b8ac8a..0d093f3 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -31,7 +31,7 @@
#include "bignum_mod.h"
#include "mbedtls/ecp.h"
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
/** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
@@ -47,7 +47,7 @@
* This is the bit-size of the key minus 1:
* 254 for Curve25519 or 447 for Curve448.
* \param d The randomly generated key. This is a number of size
- * exactly \p n_bits + 1 bits, with the least significant bits
+ * exactly \p high_bit + 1 bits, with the least significant bits
* masked as specified in [Curve25519] and in [RFC7748] §5.
* \param f_rng The RNG function.
* \param p_rng The RNG context to be passed to \p f_rng.
@@ -55,7 +55,7 @@
* \return \c 0 on success.
* \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
*/
-int mbedtls_ecp_gen_privkey_mx(size_t n_bits,
+int mbedtls_ecp_gen_privkey_mx(size_t high_bit,
mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
@@ -169,6 +169,30 @@
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+
+/*
+ * Fast quasi-reduction modulo p192k1 = 2^192 - R,
+ * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
+ */
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N);
+
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N);
+
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N);
+
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
/** Initialise a modulus with hard-coded const curve data.
*
* \note The caller is responsible for the \p N modulus' memory.
diff --git a/library/oid.c b/library/oid.c
index 622e793..80cadcd 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -531,7 +531,7 @@
mbedtls_pk_type_t,
pk_alg)
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/*
* For namedCurve (RFC 5480)
*/
@@ -621,7 +621,7 @@
oid_ecp_grp,
mbedtls_ecp_group_id,
grp_id)
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_CIPHER_C)
/*
diff --git a/library/pk.c b/library/pk.c
index 5e18ad2..2516eed 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -32,7 +32,7 @@
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -114,17 +114,17 @@
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
return &mbedtls_rsa_info;
-#endif
-#if defined(MBEDTLS_ECP_C)
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_LIGHT)
case MBEDTLS_PK_ECKEY:
return &mbedtls_eckey_info;
case MBEDTLS_PK_ECKEY_DH:
return &mbedtls_eckeydh_info;
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
case MBEDTLS_PK_ECDSA:
return &mbedtls_ecdsa_info;
-#endif
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
default:
return NULL;
@@ -443,7 +443,7 @@
return ret;
}
- ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx,
+ ret = ctx->pk_info->verify_rs_func(ctx,
md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx);
if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
@@ -460,7 +460,7 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
- return ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len,
+ return ctx->pk_info->verify_func(ctx, md_alg, hash, hash_len,
sig, sig_len);
}
@@ -626,7 +626,7 @@
return ret;
}
- ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg,
+ ret = ctx->pk_info->sign_rs_func(ctx, md_alg,
hash, hash_len,
sig, sig_size, sig_len,
f_rng, p_rng, rs_ctx->rs_ctx);
@@ -645,7 +645,7 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
- return ctx->pk_info->sign_func(ctx->pk_ctx, md_alg,
+ return ctx->pk_info->sign_func(ctx, md_alg,
hash, hash_len,
sig, sig_size, sig_len,
f_rng, p_rng);
@@ -736,7 +736,7 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
- return ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen,
+ return ctx->pk_info->decrypt_func(ctx, input, ilen,
output, olen, osize, f_rng, p_rng);
}
@@ -756,7 +756,7 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
- return ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen,
+ return ctx->pk_info->encrypt_func(ctx, input, ilen,
output, olen, osize, f_rng, p_rng);
}
@@ -791,7 +791,9 @@
}
}
- return prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx, f_rng, p_rng);
+ return prv->pk_info->check_pair_func((mbedtls_pk_context *) pub,
+ (mbedtls_pk_context *) prv,
+ f_rng, p_rng);
}
/*
@@ -805,7 +807,7 @@
return 0;
}
- return ctx->pk_info->get_bitlen(ctx->pk_ctx);
+ return ctx->pk_info->get_bitlen((mbedtls_pk_context *) ctx);
}
/*
@@ -821,7 +823,7 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
- ctx->pk_info->debug_func(ctx->pk_ctx, items);
+ ctx->pk_info->debug_func((mbedtls_pk_context *) ctx, items);
return 0;
}
@@ -862,14 +864,14 @@
psa_key_usage_t usage,
psa_algorithm_t alg2)
{
-#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
+#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) alg);
((void) usage);
((void) alg2);
-#else
-#if defined(MBEDTLS_ECP_C)
+#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
const mbedtls_ecp_keypair *ec;
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
@@ -912,7 +914,7 @@
return mbedtls_pk_setup_opaque(pk, *key);
} else
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
@@ -953,7 +955,7 @@
return mbedtls_pk_setup_opaque(pk, *key);
} else
#endif /* MBEDTLS_RSA_C */
-#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */
+#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 45d743f..6c9f97b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -191,18 +191,18 @@
type == MBEDTLS_PK_RSASSA_PSS;
}
-static size_t rsa_get_bitlen(const void *ctx)
+static size_t rsa_get_bitlen(mbedtls_pk_context *pk)
{
- const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
+ const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx;
return 8 * mbedtls_rsa_get_len(rsa);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -225,7 +225,7 @@
/* mbedtls_pk_write_pubkey_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &mbedtls_rsa_info;
- key.pk_ctx = ctx;
+ key.pk_ctx = rsa;
key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
if (key_len <= 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -260,12 +260,12 @@
return ret;
}
#else
-static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
size_t rsa_len = mbedtls_rsa_get_len(rsa);
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
@@ -354,7 +354,7 @@
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
@@ -370,16 +370,16 @@
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN(
psa_md_alg),
- ctx, hash, hash_len,
+ pk->pk_ctx, hash, hash_len,
sig, sig_size, sig_len);
}
#else
-static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -397,12 +397,12 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_decrypt_wrap(void *ctx,
+static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -427,7 +427,7 @@
/* mbedtls_pk_write_key_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &mbedtls_rsa_info;
- key.pk_ctx = ctx;
+ key.pk_ctx = rsa;
key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
if (key_len <= 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -466,12 +466,12 @@
return ret;
}
#else
-static int rsa_decrypt_wrap(void *ctx,
+static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
if (ilen != mbedtls_rsa_get_len(rsa)) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
@@ -483,12 +483,12 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_encrypt_wrap(void *ctx,
+static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -513,7 +513,7 @@
/* mbedtls_pk_write_pubkey_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &mbedtls_rsa_info;
- key.pk_ctx = ctx;
+ key.pk_ctx = rsa;
key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
if (key_len <= 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -551,12 +551,12 @@
return ret;
}
#else
-static int rsa_encrypt_wrap(void *ctx,
+static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
*olen = mbedtls_rsa_get_len(rsa);
if (*olen > osize) {
@@ -568,14 +568,14 @@
}
#endif
-static int rsa_check_pair_wrap(const void *pub, const void *prv,
+static int rsa_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
(void) f_rng;
(void) p_rng;
- return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub,
- (const mbedtls_rsa_context *) prv);
+ return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub->pk_ctx,
+ (const mbedtls_rsa_context *) prv->pk_ctx);
}
static void *rsa_alloc_wrap(void)
@@ -595,22 +595,24 @@
mbedtls_free(ctx);
}
-static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items)
+static void rsa_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
{
#if defined(MBEDTLS_RSA_ALT)
/* Not supported */
- (void) ctx;
+ (void) pk;
(void) items;
#else
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
+
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
- items->value = &(((mbedtls_rsa_context *) ctx)->N);
+ items->value = &(rsa->N);
items++;
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
- items->value = &(((mbedtls_rsa_context *) ctx)->E);
+ items->value = &(rsa->E);
#endif
}
@@ -638,7 +640,7 @@
};
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/*
* Generic EC key
*/
@@ -649,9 +651,10 @@
type == MBEDTLS_PK_ECDSA;
}
-static size_t eckey_get_bitlen(const void *ctx)
+static size_t eckey_get_bitlen(mbedtls_pk_context *pk)
{
- return ((mbedtls_ecp_keypair *) ctx)->grp.pbits;
+ mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ return ecp->grp.pbits;
}
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
@@ -716,11 +719,12 @@
return 0;
}
-static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
+static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
+ mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
- mbedtls_ecp_keypair *ctx = ctx_arg;
+ mbedtls_ecp_keypair *ctx = pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -799,14 +803,14 @@
return ret;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
- ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx,
+ ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) pk->pk_ctx,
hash, hash_len, sig, sig_len);
if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
@@ -904,12 +908,12 @@
return 0;
}
-static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
+static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_ecp_keypair *ctx = ctx_arg;
+ mbedtls_ecp_keypair *ctx = pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -974,12 +978,12 @@
return ret;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx,
+ return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) pk->pk_ctx,
md_alg, hash, hash_len,
sig, sig_size, sig_len,
f_rng, p_rng);
@@ -989,12 +993,12 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/* Forward declarations */
-static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_verify_rs_wrap(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx);
-static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_sign_rs_wrap(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
@@ -1041,7 +1045,7 @@
mbedtls_free(ctx);
}
-static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int eckey_verify_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx)
@@ -1056,10 +1060,10 @@
/* set up our own sub-context if needed (that is, on first run) */
if (rs->ecdsa_ctx.grp.pbits == 0) {
- MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, pk->pk_ctx));
}
- MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx,
+ MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(pk,
md_alg, hash, hash_len,
sig, sig_len, &rs->ecdsa_rs));
@@ -1067,7 +1071,7 @@
return ret;
}
-static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int eckey_sign_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
@@ -1083,10 +1087,10 @@
/* set up our own sub-context if needed (that is, on first run) */
if (rs->ecdsa_ctx.grp.pbits == 0) {
- MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+ MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, pk->pk_ctx));
}
- MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg,
+ MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(pk, md_alg,
hash, hash_len, sig, sig_size, sig_len,
f_rng, p_rng, &rs->ecdsa_rs));
@@ -1104,12 +1108,12 @@
* - write the raw content of public key "pub" to a local buffer
* - compare the two buffers
*/
-static int eckey_check_pair_psa(const void *pub, const void *prv)
+static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
{
- psa_status_t status;
+ psa_status_t status, destruction_status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_ecp_keypair *prv_ctx = (mbedtls_ecp_keypair *) prv;
- mbedtls_ecp_keypair *pub_ctx = (mbedtls_ecp_keypair *) pub;
+ mbedtls_ecp_keypair *prv_ctx = prv->pk_ctx;
+ mbedtls_ecp_keypair *pub_ctx = pub->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this
* buffer because it will be used to hold the private key at first and
@@ -1133,20 +1137,21 @@
}
status = psa_import_key(&key_attr, prv_key_buf, curve_bytes, &key_id);
- if (status != PSA_SUCCESS) {
- ret = PSA_PK_TO_MBEDTLS_ERR(status);
+ ret = PSA_PK_TO_MBEDTLS_ERR(status);
+ if (ret != 0) {
return ret;
}
mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf));
- ret = PSA_PK_TO_MBEDTLS_ERR(psa_export_public_key(key_id,
- prv_key_buf,
- sizeof(prv_key_buf),
- &prv_key_len));
- status = psa_destroy_key(key_id);
- if (ret != 0 || status != PSA_SUCCESS) {
- return (ret != 0) ? ret : PSA_PK_TO_MBEDTLS_ERR(status);
+ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf),
+ &prv_key_len);
+ ret = PSA_PK_TO_MBEDTLS_ERR(status);
+ destruction_status = psa_destroy_key(key_id);
+ if (ret != 0) {
+ return ret;
+ } else if (destruction_status != PSA_SUCCESS) {
+ return PSA_PK_TO_MBEDTLS_ERR(destruction_status);
}
ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q,
@@ -1165,21 +1170,21 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-static int eckey_check_pair(const void *pub, const void *prv,
+static int eckey_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
(void) f_rng;
(void) p_rng;
- return eckey_check_pair_psa((const mbedtls_ecp_keypair *) pub,
- (const mbedtls_ecp_keypair *) prv);
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
- (const mbedtls_ecp_keypair *) prv,
+ return eckey_check_pair_psa(pub, prv);
+#elif defined(MBEDTLS_ECP_C)
+ return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub->pk_ctx,
+ (const mbedtls_ecp_keypair *) prv->pk_ctx,
f_rng, p_rng);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
}
static void *eckey_alloc_wrap(void)
@@ -1199,11 +1204,12 @@
mbedtls_free(ctx);
}
-static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items)
+static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
{
+ mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
items->type = MBEDTLS_PK_DEBUG_ECP;
items->name = "eckey.Q";
- items->value = &(((mbedtls_ecp_keypair *) ctx)->Q);
+ items->value = &(ecp->Q);
}
const mbedtls_pk_info_t mbedtls_eckey_info = {
@@ -1268,7 +1274,7 @@
#endif
eckey_debug, /* Same underlying key structure */
};
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
static int ecdsa_can_do(mbedtls_pk_type_t type)
@@ -1277,7 +1283,7 @@
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_verify_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx)
@@ -1286,7 +1292,7 @@
((void) md_alg);
ret = mbedtls_ecdsa_read_signature_restartable(
- (mbedtls_ecdsa_context *) ctx,
+ (mbedtls_ecdsa_context *) pk->pk_ctx,
hash, hash_len, sig, sig_len,
(mbedtls_ecdsa_restart_ctx *) rs_ctx);
@@ -1297,14 +1303,14 @@
return ret;
}
-static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int ecdsa_sign_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
void *rs_ctx)
{
return mbedtls_ecdsa_write_signature_restartable(
- (mbedtls_ecdsa_context *) ctx,
+ (mbedtls_ecdsa_context *) pk->pk_ctx,
md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng,
(mbedtls_ecdsa_restart_ctx *) rs_ctx);
@@ -1370,19 +1376,19 @@
return type == MBEDTLS_PK_RSA;
}
-static size_t rsa_alt_get_bitlen(const void *ctx)
+static size_t rsa_alt_get_bitlen(mbedtls_pk_context *pk)
{
- const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
+ const mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
return 8 * rsa_alt->key_len_func(rsa_alt->key);
}
-static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int rsa_alt_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+ mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
if (UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -1400,12 +1406,12 @@
md_alg, (unsigned int) hash_len, hash, sig);
}
-static int rsa_alt_decrypt_wrap(void *ctx,
+static int rsa_alt_decrypt_wrap(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+ mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
((void) f_rng);
((void) p_rng);
@@ -1419,7 +1425,7 @@
}
#if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair(const void *pub, const void *prv,
+static int rsa_alt_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
@@ -1434,14 +1440,14 @@
memset(hash, 0x2a, sizeof(hash));
- if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE,
+ if ((ret = rsa_alt_sign_wrap(prv, MBEDTLS_MD_NONE,
hash, sizeof(hash),
sig, sizeof(sig), &sig_len,
f_rng, p_rng)) != 0) {
return ret;
}
- if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE,
+ if (rsa_verify_wrap(pub, MBEDTLS_MD_NONE,
hash, sizeof(hash), sig, sig_len) != 0) {
return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
}
@@ -1513,9 +1519,9 @@
mbedtls_free(ctx);
}
-static size_t pk_opaque_get_bitlen(const void *ctx)
+static size_t pk_opaque_get_bitlen(mbedtls_pk_context *pk)
{
- const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ const mbedtls_svc_key_id_t *key = pk->pk_ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1540,13 +1546,13 @@
type == MBEDTLS_PK_RSASSA_PSS;
}
-static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
#if !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_RSA_C)
- ((void) ctx);
+ ((void) pk);
((void) md_alg);
((void) hash);
((void) hash_len);
@@ -1557,7 +1563,7 @@
((void) p_rng);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#else /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */
- const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ const mbedtls_svc_key_id_t *key = pk->pk_ctx;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
psa_key_type_t type;
@@ -1639,12 +1645,12 @@
};
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-static int pk_opaque_rsa_decrypt(void *ctx,
+static int pk_opaque_rsa_decrypt(mbedtls_pk_context *pk,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ const mbedtls_svc_key_id_t *key = pk->pk_ctx;
psa_status_t status;
/* PSA has its own RNG */
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index c5cd4df..91d240c 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -39,18 +39,18 @@
const char *name;
/** Get key size in bits */
- size_t (*get_bitlen)(const void *);
+ size_t (*get_bitlen)(mbedtls_pk_context *pk);
/** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
int (*can_do)(mbedtls_pk_type_t type);
/** Verify signature */
- int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg,
+ int (*verify_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len);
/** Make signature */
- int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg,
+ int (*sign_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -58,13 +58,13 @@
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/** Verify signature (restartable) */
- int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+ int (*verify_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len,
void *rs_ctx);
/** Make signature (restartable) */
- int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+ int (*sign_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -72,19 +72,19 @@
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/** Decrypt message */
- int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+ int (*decrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** Encrypt message */
- int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+ int (*encrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** Check public-private key pair */
- int (*check_pair_func)(const void *pub, const void *prv,
+ int (*check_pair_func)(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
@@ -103,7 +103,7 @@
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/** Interface with the debug module */
- void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items);
+ void (*debug_func)(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items);
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -120,7 +120,7 @@
extern const mbedtls_pk_info_t mbedtls_rsa_info;
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
extern const mbedtls_pk_info_t mbedtls_eckey_info;
extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
#endif
diff --git a/library/pkparse.c b/library/pkparse.c
index ccca692..800e352 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -48,6 +48,14 @@
#include "mbedtls/pkcs12.h"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include "mbedtls/psa_util.h"
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
#include "mbedtls/platform.h"
#if defined(MBEDTLS_FS_IO)
@@ -155,7 +163,7 @@
}
#endif /* MBEDTLS_FS_IO */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
*
* ECParameters ::= CHOICE {
@@ -511,7 +519,7 @@
return ret;
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_RSA_C)
/*
@@ -657,14 +665,14 @@
ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
if (ret == 0) {
ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
}
} else
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if (ret == 0 && *p != end) {
@@ -868,7 +876,58 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Helper function for deriving a public key from its private counterpart by
+ * using PSA functions.
+ */
+static int pk_derive_public_key(mbedtls_ecp_group *grp, mbedtls_ecp_point *Q,
+ const mbedtls_mpi *d)
+{
+ psa_status_t status, destruction_status;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ size_t curve_bits;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, &curve_bits);
+ /* This buffer is used to store the private key at first and then the
+ * public one (but not at the same time). Therefore we size it for the
+ * latter since it's bigger. */
+ unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ int ret;
+
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+
+ ret = mbedtls_mpi_write_binary(d, key_buf, key_len);
+ if (ret != 0) {
+ return ret;
+ }
+
+ status = psa_import_key(&key_attr, key_buf, key_len, &key_id);
+ ret = psa_pk_status_to_mbedtls(status);
+ if (ret != 0) {
+ return ret;
+ }
+
+ mbedtls_platform_zeroize(key_buf, sizeof(key_buf));
+
+ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len);
+ ret = psa_pk_status_to_mbedtls(status);
+ destruction_status = psa_destroy_key(key_id);
+ if (ret != 0) {
+ return ret;
+ } else if (destruction_status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(destruction_status);
+ }
+
+ ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
+
+ return ret;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* Parse a SEC1 encoded private EC key
*/
@@ -975,11 +1034,21 @@
}
}
- if (!pubkey_done &&
- (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
- f_rng, p_rng)) != 0) {
- mbedtls_ecp_keypair_free(eck);
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ if (!pubkey_done) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ (void) f_rng;
+ (void) p_rng;
+ if ((ret = pk_derive_public_key(&eck->grp, &eck->Q, &eck->d)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return ret;
+ }
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+ if ((ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
+ f_rng, p_rng)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
@@ -989,7 +1058,7 @@
return 0;
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/*
* Parse an unencrypted PKCS#8 encoded private key
@@ -1082,7 +1151,7 @@
}
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
(ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len, f_rng, p_rng)) != 0) {
@@ -1090,7 +1159,7 @@
return ret;
}
} else
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
return 0;
@@ -1257,7 +1326,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
@@ -1286,7 +1355,7 @@
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
@@ -1392,7 +1461,7 @@
mbedtls_pk_init(pk);
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
@@ -1400,7 +1469,7 @@
return 0;
}
mbedtls_pk_free(pk);
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
* it is ok to leave the PK context initialized but not
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 2194c97..3c1a408 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -98,7 +98,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/*
* EC public key is an EC point
*/
@@ -167,7 +167,7 @@
mbedtls_platform_zeroize(tmp, byte_length);
return ret;
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key)
@@ -180,7 +180,7 @@
MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key)));
} else
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
} else
@@ -241,11 +241,11 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
pk_type = mbedtls_pk_get_type(key);
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (pk_type == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
}
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -404,7 +404,7 @@
MBEDTLS_ASN1_SEQUENCE));
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
size_t pub_len = 0, par_len = 0;
@@ -517,7 +517,7 @@
end = PEM_END_PRIVATE_KEY_RSA;
} else
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9cccf53..20918bc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -378,7 +378,7 @@
/* Key management */
/****************************************************************/
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy)
@@ -470,7 +470,7 @@
(void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE;
}
-#endif /* defined(MBEDTLS_ECP_C) */
+#endif /* MBEDTLS_ECP_LIGHT */
psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
size_t bits)
@@ -5552,7 +5552,7 @@
uint8_t **data
)
{
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
unsigned key_out_of_range = 1;
mbedtls_mpi k;
mbedtls_mpi diff_N_2;
@@ -5636,13 +5636,13 @@
mbedtls_mpi_free(&k);
mbedtls_mpi_free(&diff_N_2);
return status;
-#else /* MBEDTLS_ECP_C */
+#else /* MBEDTLS_ECP_LIGHT */
(void) slot;
(void) bits;
(void) operation;
(void) data;
return PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
}
/* ECC keys on a Montgomery elliptic curve draws a byte string whose length
@@ -7316,6 +7316,8 @@
memset(&operation->data.inputs, 0, sizeof(operation->data.inputs));
operation->alg = cipher_suite->algorithm;
+ operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type,
+ cipher_suite->family, cipher_suite->bits);
operation->data.inputs.cipher_suite = *cipher_suite;
#if defined(PSA_WANT_ALG_JPAKE)
@@ -7900,6 +7902,9 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
+ const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg,
+ operation->primitive,
+ step);
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation);
@@ -7913,7 +7918,7 @@
goto exit;
}
- if (input_length == 0 || input_length > PSA_PAKE_INPUT_MAX_SIZE) {
+ if (input_length == 0 || input_length > max_input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 048c21d..e29b0bc 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -29,6 +29,7 @@
#include "mbedtls/ssl_cache.h"
#include "ssl_misc.h"
+#include "mbedtls/error.h"
#include <string.h>
@@ -50,7 +51,7 @@
size_t session_id_len,
mbedtls_ssl_cache_entry **dst)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL);
#endif
@@ -87,7 +88,7 @@
size_t session_id_len,
mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
@@ -197,7 +198,7 @@
/* Create new entry */
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
if (cur == NULL) {
- return 1;
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* Append to the end of the linked list. */
@@ -218,12 +219,13 @@
if (old == NULL) {
/* This should only happen on an ill-configured cache
* with max_entries == 0. */
- return 1;
+ return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
#else /* MBEDTLS_HAVE_TIME */
/* Reuse first entry in chain, but move to last place. */
if (cache->chain == NULL) {
- return 1;
+ /* This should never happen */
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
old = cache->chain;
@@ -259,7 +261,7 @@
size_t session_id_len,
const mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
@@ -283,7 +285,6 @@
* and allocate a sufficiently large buffer. */
ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
- ret = 1;
goto exit;
}
@@ -303,7 +304,7 @@
}
if (session_id_len > sizeof(cur->session_id)) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto exit;
}
cur->session_id_len = session_id_len;
@@ -335,7 +336,7 @@
unsigned char const *session_id,
size_t session_id_len)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *entry;
mbedtls_ssl_cache_entry *prev;
diff --git a/library/ssl_client.c b/library/ssl_client.c
index eb52e70..e84c28a 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -257,7 +257,7 @@
for (; *group_list != 0; group_list++) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
(mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
@@ -273,7 +273,7 @@
mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
*group_list));
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/* Add DHE groups here */
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fccac85..d7c47e6 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1553,10 +1553,10 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
/**
* \brief Return PSA EC info for the specified TLS ID.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5ee8037..331bb79 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1148,7 +1148,7 @@
* mbedtls_ssl_conf_curves returns void and so can't return
* any error codes.
*/
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* Heap allocate and translate curve_list from internal to IANA group ids */
if (ssl->conf->curve_list != NULL) {
@@ -1184,7 +1184,7 @@
ssl->handshake->group_list_heap_allocated = 0;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -2923,7 +2923,7 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
@@ -2940,7 +2940,7 @@
conf->group_list = NULL;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
/*
* Set the allowed groups
@@ -4083,14 +4083,14 @@
return;
}
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ssl->handshake->group_list_heap_allocated) {
mbedtls_free((void *) handshake->group_list);
}
handshake->group_list = NULL;
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -5555,7 +5555,7 @@
return -1;
}
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/*
* Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id.
*/
@@ -5569,7 +5569,7 @@
return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_DEBUG_C)
#define EC_NAME(_name_) _name_
@@ -7377,7 +7377,7 @@
* Secondary checks: always done, but change 'ret' only if it was 0
*/
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
{
const mbedtls_pk_context *pk = &chain->pk;
@@ -7405,7 +7405,7 @@
}
}
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
if (mbedtls_ssl_check_cert_usage(chain,
ciphersuite_info,
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 58d66cd..e1d0c6c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -117,7 +117,8 @@
}
if (&buf[2] != end) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("supported_versions ext data length incorrect"));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("supported_versions ext data length incorrect"));
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
@@ -227,8 +228,8 @@
}
for (; *group_list != 0; group_list++) {
- if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
- NULL, NULL) == PSA_SUCCESS) &&
+ if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(
+ *group_list, NULL, NULL) == PSA_SUCCESS) &&
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) {
*group_id = *group_list;
return 0;
@@ -352,7 +353,8 @@
/* Output the total length of key_share extension. */
*out_len = p - buf;
- MBEDTLS_SSL_DEBUG_BUF(3, "client hello, key_share extension", buf, *out_len);
+ MBEDTLS_SSL_DEBUG_BUF(
+ 3, "client hello, key_share extension", buf, *out_len);
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
@@ -402,8 +404,8 @@
* then the client MUST abort the handshake with an "illegal_parameter" alert.
*/
for (; *group_list != 0; group_list++) {
- if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
- NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
+ if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(
+ *group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
*group_list != selected_group) {
continue;
}
@@ -472,9 +474,9 @@
/* Check that the chosen group matches the one we offered. */
offered_group = ssl->handshake->offered_group_id;
if (offered_group != group) {
- MBEDTLS_SSL_DEBUG_MSG(1,
- ("Invalid server key share, our group %u, their group %u",
- (unsigned) offered_group, (unsigned) group));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Invalid server key share, our group %u, their group %u",
+ (unsigned) offered_group, (unsigned) group));
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@@ -488,8 +490,9 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
- mbedtls_ssl_get_curve_name_from_tls_id(group)));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2,
+ ("ECDH curve: %s", mbedtls_ssl_get_curve_name_from_tls_id(group)));
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
if (ret != 0) {
@@ -1410,8 +1413,8 @@
* } ServerHello;
*
*/
- MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end,
- 2 + sizeof(mbedtls_ssl_tls13_hello_retry_request_magic));
+ MBEDTLS_SSL_CHK_BUF_READ_PTR(
+ buf, end, 2 + sizeof(mbedtls_ssl_tls13_hello_retry_request_magic));
if (memcmp(buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic,
sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)) == 0) {
@@ -1464,9 +1467,9 @@
*/
ssl->keep_current_message = 1;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, (size_t) (end - buf)));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, (size_t) (end - buf)));
if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
ret = ssl_tls13_reset_key_share(ssl);
@@ -1492,15 +1495,16 @@
break;
case SSL_SERVER_HELLO_HRR:
MBEDTLS_SSL_DEBUG_MSG(2, ("received HelloRetryRequest message"));
- /* If a client receives a second
- * HelloRetryRequest in the same connection (i.e., where the ClientHello
- * was itself in response to a HelloRetryRequest), it MUST abort the
- * handshake with an "unexpected_message" alert.
+ /* If a client receives a second HelloRetryRequest in the same
+ * connection (i.e., where the ClientHello was itself in response
+ * to a HelloRetryRequest), it MUST abort the handshake with an
+ * "unexpected_message" alert.
*/
if (handshake->hello_retry_request_count > 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Multiple HRRs received"));
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
- MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+ MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
/*
@@ -1861,20 +1865,25 @@
* exchange mode is EPHEMERAL-only.
*/
switch (handshake->received_extensions &
- (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | MBEDTLS_SSL_EXT_MASK(KEY_SHARE))) {
+ (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) |
+ MBEDTLS_SSL_EXT_MASK(KEY_SHARE))) {
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY):
- handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ handshake->key_exchange_mode =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_MASK(KEY_SHARE):
- handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ handshake->key_exchange_mode =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
break;
/* Both the pre_shared_key and key_share extensions were received */
- case (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | MBEDTLS_SSL_EXT_MASK(KEY_SHARE)):
- handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ case (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) |
+ MBEDTLS_SSL_EXT_MASK(KEY_SHARE)):
+ handshake->key_exchange_mode =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
/* Neither pre_shared_key nor key_share extension was received */
@@ -1917,15 +1926,15 @@
if (!mbedtls_ssl_conf_tls13_check_kex_modes(
ssl, handshake->key_exchange_mode)) {
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- MBEDTLS_SSL_DEBUG_MSG(2,
- ("Key exchange mode(%s) is not supported.",
- ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ("Key exchange mode(%s) is not supported.",
+ ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
goto cleanup;
}
- MBEDTLS_SSL_DEBUG_MSG(3,
- ("Selected key exchange mode: %s",
- ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ("Selected key exchange mode: %s",
+ ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
/* Start the TLS 1.3 key scheduling if not already done.
*
@@ -2009,9 +2018,8 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> %s", __func__));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len));
ret = ssl_tls13_preprocess_server_hello(ssl, buf, buf + buf_len);
if (ret < 0) {
@@ -2032,9 +2040,8 @@
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl));
}
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO, buf,
- buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len));
if (is_hrr) {
MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl));
@@ -2043,8 +2050,8 @@
* immediately before its second flight. This may either be before
* its second ClientHello or before its encrypted handshake flight.
*/
- mbedtls_ssl_handshake_set_state(ssl,
- MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
#else
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
@@ -2124,7 +2131,8 @@
case MBEDTLS_TLS_EXT_ALPN:
MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
- if ((ret = ssl_tls13_parse_alpn_ext(ssl, p, (size_t) extension_data_len)) != 0) {
+ if ((ret = ssl_tls13_parse_alpn_ext(
+ ssl, p, (size_t) extension_data_len)) != 0) {
return ret;
}
@@ -2148,10 +2156,12 @@
case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
- ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, p + extension_data_len);
+ ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
+ ssl, p, p + extension_data_len);
- /* TODO: Return unconditionally here until we handle the record size limit correctly.
- * Once handled correctly, only return in case of errors. */
+ /* TODO: Return unconditionally here until we handle the record
+ * size limit correctly. Once handled correctly, only return in
+ * case of errors. */
return ret;
break;
@@ -2190,9 +2200,9 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ &buf, &buf_len));
/* Process the message contents */
MBEDTLS_SSL_PROC_CHK(
@@ -2205,9 +2215,9 @@
}
#endif
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
- buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ buf, buf_len));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
@@ -2443,16 +2453,16 @@
unsigned char *buf;
size_t buf_len;
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ &buf, &buf_len));
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(ssl,
- buf, buf + buf_len));
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(
+ ssl, buf, buf + buf_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
- buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ buf, buf_len));
} else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
ret = 0;
} else {
@@ -2614,8 +2624,8 @@
ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret);
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret);
return ret;
}
@@ -2995,7 +3005,8 @@
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
if (ret == 0) {
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
}
break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d2082a7..a00785b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -247,15 +247,17 @@
/* RFC 8446 section 4.4.3
*
- * If the CertificateVerify message is sent by a server, the signature algorithm
- * MUST be one offered in the client's "signature_algorithms" extension unless
- * no valid certificate chain can be produced without unsupported algorithms
+ * If the CertificateVerify message is sent by a server, the signature
+ * algorithm MUST be one offered in the client's "signature_algorithms"
+ * extension unless no valid certificate chain can be produced without
+ * unsupported algorithms
*
* RFC 8446 section 4.4.2.2
*
* If the client cannot construct an acceptable chain using the provided
- * certificates and decides to abort the handshake, then it MUST abort the handshake
- * with an appropriate certificate-related alert (by default, "unsupported_certificate").
+ * certificates and decides to abort the handshake, then it MUST abort the
+ * handshake with an appropriate certificate-related alert
+ * (by default, "unsupported_certificate").
*
* Check if algorithm is an offered signature algorithm.
*/
@@ -350,17 +352,18 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
MBEDTLS_SSL_PROC_CHK(
- mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len));
+ mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len));
/* Need to calculate the hash of the transcript first
* before reading the message since otherwise it gets
* included in the transcript
*/
- ret = mbedtls_ssl_get_handshake_transcript(ssl,
- ssl->handshake->ciphersuite_info->mac,
- transcript, sizeof(transcript),
- &transcript_len);
+ ret = mbedtls_ssl_get_handshake_transcript(
+ ssl,
+ ssl->handshake->ciphersuite_info->mac,
+ transcript, sizeof(transcript),
+ &transcript_len);
if (ret != 0) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
@@ -380,13 +383,13 @@
MBEDTLS_SSL_IS_CLIENT);
/* Process the message contents */
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify(ssl, buf,
- buf + buf_len, verify_buffer,
- verify_buffer_len));
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify(
+ ssl, buf, buf + buf_len,
+ verify_buffer, verify_buffer_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
- buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, buf_len));
cleanup:
@@ -600,7 +603,8 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", ssl->session_negotiate->peer_cert);
+ MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate",
+ ssl->session_negotiate->peer_cert);
return ret;
}
@@ -666,8 +670,9 @@
if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
return 0;
} else {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT,
- MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_NO_CERT,
+ MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE);
return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
}
}
@@ -754,7 +759,8 @@
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
if (verify_result & MBEDTLS_X509_BADCERT_OTHER) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret);
} else if (verify_result & (MBEDTLS_X509_BADCERT_KEY_USAGE |
@@ -762,15 +768,19 @@
MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
MBEDTLS_X509_BADCERT_BAD_PK |
MBEDTLS_X509_BADCERT_BAD_KEY)) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret);
} else {
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
}
}
@@ -815,9 +825,8 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, buf,
- buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -923,18 +932,16 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl,
buf,
buf + buf_len,
&msg_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, buf,
- msg_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1017,11 +1024,9 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- ret = mbedtls_ssl_get_handshake_transcript(ssl,
- ssl->handshake->ciphersuite_info->mac,
- handshake_hash,
- sizeof(handshake_hash),
- &handshake_hash_len);
+ ret = mbedtls_ssl_get_handshake_transcript(
+ ssl, ssl->handshake->ciphersuite_info->mac,
+ handshake_hash, sizeof(handshake_hash), &handshake_hash_len);
if (ret != 0) {
return ret;
}
@@ -1128,16 +1133,16 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf,
- msg_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1163,13 +1168,13 @@
{
int ret;
- ret = mbedtls_ssl_tls13_calculate_verify_data(ssl,
- ssl->handshake->state_local.finished_in.digest,
- sizeof(ssl->handshake->state_local.finished_in.
- digest),
- &ssl->handshake->state_local.finished_in.digest_len,
- ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
- MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT);
+ ret = mbedtls_ssl_tls13_calculate_verify_data(
+ ssl,
+ ssl->handshake->state_local.finished_in.digest,
+ sizeof(ssl->handshake->state_local.finished_in.digest),
+ &ssl->handshake->state_local.finished_in.digest_len,
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
+ MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_calculate_verify_data", ret);
return ret;
@@ -1228,17 +1233,17 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished message"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
- MBEDTLS_SSL_HS_FINISHED,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len));
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl));
- MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len));
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(
+ ssl, buf, buf + buf_len));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
- MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
cleanup:
@@ -1526,9 +1531,8 @@
MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
/* Convert EC's TLS ID to PSA key type. */
- if (mbedtls_ssl_get_psa_curve_info_from_tls_id(named_group,
- &ec_psa_family,
- &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
+ if (mbedtls_ssl_get_psa_curve_info_from_tls_id(
+ named_group, &ec_psa_family, &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
@@ -1638,7 +1642,8 @@
uint16_t record_size_limit;
const size_t extension_data_len = end - buf;
- if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
+ if (extension_data_len !=
+ MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
MBEDTLS_SSL_DEBUG_MSG(2,
("record_size_limit extension has invalid length: %"
MBEDTLS_PRINTF_SIZET " Bytes",
@@ -1668,9 +1673,8 @@
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
- MBEDTLS_SSL_DEBUG_MSG(2,
- (
- "record_size_limit extension is still in development. Aborting handshake."));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ("record_size_limit extension is still in development. Aborting handshake."));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8ec3570..46caa45 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -455,25 +455,27 @@
*/
/* Create client_early_traffic_secret */
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- early_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_e_traffic),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->client_early_traffic_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ early_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_e_traffic),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_early_traffic_secret,
+ hash_len);
if (ret != 0) {
return ret;
}
/* Create early exporter */
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- early_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(e_exp_master),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->early_exporter_master_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ early_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(e_exp_master),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->early_exporter_master_secret,
+ hash_len);
if (ret != 0) {
return ret;
}
@@ -515,13 +517,14 @@
* Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- handshake_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_hs_traffic),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->client_handshake_traffic_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ handshake_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_hs_traffic),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_handshake_traffic_secret,
+ hash_len);
if (ret != 0) {
return ret;
}
@@ -531,13 +534,14 @@
* Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- handshake_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_hs_traffic),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->server_handshake_traffic_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ handshake_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_hs_traffic),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_handshake_traffic_secret,
+ hash_len);
if (ret != 0) {
return ret;
}
@@ -578,35 +582,38 @@
*
*/
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- application_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_ap_traffic),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->client_application_traffic_secret_N,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ application_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_ap_traffic),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_application_traffic_secret_N,
+ hash_len);
if (ret != 0) {
return ret;
}
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- application_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_ap_traffic),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->server_application_traffic_secret_N,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ application_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_ap_traffic),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_application_traffic_secret_N,
+ hash_len);
if (ret != 0) {
return ret;
}
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- application_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exp_master),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->exporter_master_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ application_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exp_master),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->exporter_master_secret,
+ hash_len);
if (ret != 0) {
return ret;
}
@@ -633,13 +640,14 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- application_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_master),
- transcript, transcript_len,
- MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
- derived->resumption_master_secret,
- hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ application_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_master),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->resumption_master_secret,
+ hash_len);
if (ret != 0) {
return ret;
@@ -675,17 +683,19 @@
/*
* Compute MasterSecret
*/
- ret = mbedtls_ssl_tls13_evolve_secret(hash_alg,
- handshake->tls13_master_secrets.handshake,
- NULL, 0,
- handshake->tls13_master_secrets.app);
+ ret = mbedtls_ssl_tls13_evolve_secret(
+ hash_alg,
+ handshake->tls13_master_secrets.handshake,
+ NULL, 0,
+ handshake->tls13_master_secrets.app);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
return ret;
}
- MBEDTLS_SSL_DEBUG_BUF(4, "Master secret",
- handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg));
+ MBEDTLS_SSL_DEBUG_BUF(
+ 4, "Master secret",
+ handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg));
return 0;
}
@@ -810,7 +820,8 @@
}
MBEDTLS_SSL_DEBUG_BUF(4, "handshake hash", transcript, transcript_len);
- ret = ssl_tls13_calc_finished_core(hash_alg, base_key, transcript, dst, actual_len);
+ ret = ssl_tls13_calc_finished_core(hash_alg, base_key,
+ transcript, dst, actual_len);
if (ret != 0) {
goto exit;
}
@@ -873,18 +884,20 @@
early_secret, hash_len);
if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- early_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_binder),
- NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
- binder_key, hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ early_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_binder),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, hash_len);
MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'res binder'"));
} else {
- ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
- early_secret, hash_len,
- MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(ext_binder),
- NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
- binder_key, hash_len);
+ ret = mbedtls_ssl_tls13_derive_secret(
+ hash_alg,
+ early_secret, hash_len,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(ext_binder),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, hash_len);
MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'ext binder'"));
}
@@ -913,11 +926,11 @@
return ret;
}
-int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
- int endpoint,
- int ciphersuite,
- mbedtls_ssl_key_set const *traffic_keys,
- mbedtls_ssl_context *ssl /* DEBUG ONLY */)
+int mbedtls_ssl_tls13_populate_transform(
+ mbedtls_ssl_transform *transform,
+ int endpoint, int ciphersuite,
+ mbedtls_ssl_key_set const *traffic_keys,
+ mbedtls_ssl_context *ssl /* DEBUG ONLY */)
{
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
@@ -1044,7 +1057,8 @@
&alg,
&key_type,
&key_bits)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
@@ -1059,7 +1073,8 @@
key_enc,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_enc)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
@@ -1069,7 +1084,8 @@
key_dec,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_dec)) != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
return PSA_TO_MBEDTLS_ERR(status);
}
}
@@ -1134,7 +1150,8 @@
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
@@ -1333,8 +1350,10 @@
size_t iv_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
- mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ handshake->ciphersuite_info;
+ mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
+ &handshake->tls13_hs_secrets;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_handshake_keys"));
@@ -1360,9 +1379,9 @@
return ret;
}
- ret = mbedtls_ssl_tls13_derive_handshake_secrets(hash_alg,
- handshake->tls13_master_secrets.handshake,
- transcript, transcript_len, tls13_hs_secrets);
+ ret = mbedtls_ssl_tls13_derive_handshake_secrets(
+ hash_alg, handshake->tls13_master_secrets.handshake,
+ transcript, transcript_len, tls13_hs_secrets);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_handshake_secrets",
ret);
@@ -1380,27 +1399,30 @@
* Export client handshake traffic secret
*/
if (ssl->f_export_keys != NULL) {
- ssl->f_export_keys(ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
- tls13_hs_secrets->client_handshake_traffic_secret,
- hash_len,
- handshake->randbytes,
- handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
- MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
+ ssl->f_export_keys(
+ ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+ tls13_hs_secrets->client_handshake_traffic_secret,
+ hash_len,
+ handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
- ssl->f_export_keys(ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
- tls13_hs_secrets->server_handshake_traffic_secret,
- hash_len,
- handshake->randbytes,
- handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
- MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
+ ssl->f_export_keys(
+ ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+ tls13_hs_secrets->server_handshake_traffic_secret,
+ hash_len,
+ handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
}
- ret = mbedtls_ssl_tls13_make_traffic_keys(hash_alg,
- tls13_hs_secrets->client_handshake_traffic_secret,
- tls13_hs_secrets->server_handshake_traffic_secret,
- hash_len, key_len, iv_len, traffic_keys);
+ ret = mbedtls_ssl_tls13_make_traffic_keys(
+ hash_alg,
+ tls13_hs_secrets->client_handshake_traffic_secret,
+ tls13_hs_secrets->server_handshake_traffic_secret,
+ hash_len, key_len, iv_len, traffic_keys);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret);
goto exit;
@@ -1510,10 +1532,10 @@
/*
* Compute the Handshake Secret
*/
- ret = mbedtls_ssl_tls13_evolve_secret(hash_alg,
- handshake->tls13_master_secrets.early,
- shared_secret, shared_secret_len,
- handshake->tls13_master_secrets.handshake);
+ ret = mbedtls_ssl_tls13_evolve_secret(
+ hash_alg, handshake->tls13_master_secrets.early,
+ shared_secret, shared_secret_len,
+ handshake->tls13_master_secrets.handshake);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
goto cleanup;
@@ -1601,22 +1623,22 @@
/* Compute application secrets from master secret and transcript hash. */
- ret = mbedtls_ssl_tls13_derive_application_secrets(hash_alg,
- handshake->tls13_master_secrets.app,
- transcript, transcript_len,
- app_secrets);
+ ret = mbedtls_ssl_tls13_derive_application_secrets(
+ hash_alg, handshake->tls13_master_secrets.app,
+ transcript, transcript_len, app_secrets);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ssl_tls13_derive_application_secrets", ret);
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_derive_application_secrets", ret);
goto cleanup;
}
/* Derive first epoch of IV + Key for application traffic. */
- ret = mbedtls_ssl_tls13_make_traffic_keys(hash_alg,
- app_secrets->client_application_traffic_secret_N,
- app_secrets->server_application_traffic_secret_N,
- hash_len, key_len, iv_len, traffic_keys);
+ ret = mbedtls_ssl_tls13_make_traffic_keys(
+ hash_alg,
+ app_secrets->client_application_traffic_secret_N,
+ app_secrets->server_application_traffic_secret_N,
+ hash_len, key_len, iv_len, traffic_keys);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret);
goto cleanup;
@@ -1634,21 +1656,23 @@
* Export client/server application traffic secret 0
*/
if (ssl->f_export_keys != NULL) {
- ssl->f_export_keys(ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
- app_secrets->client_application_traffic_secret_N, hash_len,
- handshake->randbytes,
- handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
- MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
- a new constant for TLS 1.3! */);
+ ssl->f_export_keys(
+ ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
+ app_secrets->client_application_traffic_secret_N, hash_len,
+ handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+ a new constant for TLS 1.3! */);
- ssl->f_export_keys(ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
- app_secrets->server_application_traffic_secret_N, hash_len,
- handshake->randbytes,
- handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
- MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
- a new constant for TLS 1.3! */);
+ ssl->f_export_keys(
+ ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
+ app_secrets->server_application_traffic_secret_N, hash_len,
+ handshake->randbytes,
+ handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+ a new constant for TLS 1.3! */);
}
MBEDTLS_SSL_DEBUG_BUF(4, "client application_write_key:",
@@ -1729,8 +1753,8 @@
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
- MBEDTLS_SSL_DEBUG_MSG(2,
- ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
md_type = handshake->ciphersuite_info->mac;
@@ -1754,12 +1778,13 @@
mbedtls_platform_zeroize(&handshake->tls13_master_secrets,
sizeof(handshake->tls13_master_secrets));
- MBEDTLS_SSL_DEBUG_BUF(4, "Resumption master secret",
- ssl->session_negotiate->app_secrets.resumption_master_secret,
- PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type)));
+ MBEDTLS_SSL_DEBUG_BUF(
+ 4, "Resumption master secret",
+ ssl->session_negotiate->app_secrets.resumption_master_secret,
+ PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type)));
- MBEDTLS_SSL_DEBUG_MSG(2,
- ("<= mbedtls_ssl_tls13_compute_resumption_master_secret"));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret"));
return 0;
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5691835..33121af 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -317,11 +317,10 @@
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_offered_psks_check_binder_match(mbedtls_ssl_context *ssl,
- const unsigned char *binder,
- size_t binder_len,
- int psk_type,
- psa_algorithm_t psk_hash_alg)
+static int ssl_tls13_offered_psks_check_binder_match(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *binder, size_t binder_len,
+ int psk_type, psa_algorithm_t psk_hash_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -490,11 +489,12 @@
* } PreSharedKeyExtension;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
- const unsigned char *pre_shared_key_ext,
- const unsigned char *pre_shared_key_ext_end,
- const unsigned char *ciphersuites,
- const unsigned char *ciphersuites_end)
+static int ssl_tls13_parse_pre_shared_key_ext(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *pre_shared_key_ext,
+ const unsigned char *pre_shared_key_ext_end,
+ const unsigned char *ciphersuites,
+ const unsigned char *ciphersuites_end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext;
@@ -621,8 +621,8 @@
mbedtls_ssl_session_free(&session);
#endif
MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder."));
- MBEDTLS_SSL_DEBUG_RET(1,
- "ssl_tls13_offered_psks_check_binder_match", ret);
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_offered_psks_check_binder_match", ret);
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
@@ -656,9 +656,8 @@
}
/* Update the handshake transcript with the binder list. */
- ret = ssl->handshake->update_checksum(ssl,
- identities_end,
- (size_t) (binders_end - identities_end));
+ ret = ssl->handshake->update_checksum(
+ ssl, identities_end, (size_t) (binders_end - identities_end));
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
@@ -840,13 +839,14 @@
#if defined(PSA_WANT_ALG_ECDH)
/*
* ssl_tls13_parse_key_shares_ext() verifies whether the information in the
- * extension is correct and stores the first acceptable key share and its associated group.
+ * extension is correct and stores the first acceptable key share and its
+ * associated group.
*
* Possible return values are:
* - 0: Successful processing of the client provided key share extension.
- * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by the client
- * does not match a group supported by the server. A HelloRetryRequest will
- * be needed.
+ * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by
+ * the client does not match a group supported by the server. A
+ * HelloRetryRequest will be needed.
* - A negative value for fatal errors.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1042,7 +1042,8 @@
* 3 ) Plain PSK Mode ( psk )
*/
- ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
+ ssl->handshake->key_exchange_mode =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
ssl->handshake->key_exchange_mode =
@@ -1552,8 +1553,8 @@
ret = ssl_tls13_parse_supported_groups_ext(
ssl, p, extension_data_end);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ssl_parse_supported_groups_ext", ret);
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_supported_groups_ext", ret);
return ret;
}
@@ -1593,7 +1594,8 @@
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
- MBEDTLS_SSL_DEBUG_MSG(3, ("found psk key exchange modes extension"));
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ("found psk key exchange modes extension"));
ret = ssl_tls13_parse_key_exchange_modes_ext(
ssl, p, extension_data_end);
@@ -1645,10 +1647,8 @@
ret = mbedtls_ssl_parse_sig_alg_ext(
ssl, p, extension_data_end);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_MSG(1,
- (
- "ssl_parse_supported_signature_algorithms_server_ext ( %d )",
- ret));
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_parse_sig_alg_ext", ret);
return ret;
}
break;
@@ -1658,10 +1658,14 @@
case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
- ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end);
+ ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
+ ssl, p, extension_data_end);
- /* TODO: Return unconditionally here until we handle the record size limit correctly.
- * Once handled correctly, only return in case of errors. */
+ /*
+ * TODO: Return unconditionally here until we handle the record
+ * size limit correctly.
+ * Once handled correctly, only return in case of errors.
+ */
return ret;
break;
@@ -2239,9 +2243,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
buf + buf_len,
@@ -2413,15 +2416,16 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions"));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf,
- &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
ssl, buf, buf + buf_len, &msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len));
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -2546,15 +2550,16 @@
unsigned char *buf;
size_t buf_len, msg_len;
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len));
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -2665,8 +2670,8 @@
ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(1,
- "mbedtls_ssl_tls13_compute_resumption_master_secret", ret);
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_compute_resumption_master_secret", ret);
}
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
@@ -2691,7 +2696,8 @@
*/
/* Sent NewSessionTicket message only when client supports PSK */
if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
} else
#endif
{
@@ -2954,9 +2960,9 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket(
ssl, ticket_nonce, sizeof(ticket_nonce)));
- MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
- MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
- &buf, &buf_len));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+ &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body(
ssl, buf, buf + buf_len, &msg_len,
@@ -3124,7 +3130,8 @@
if (ssl->handshake->new_session_tickets_count == 0) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
} else {
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+ mbedtls_ssl_handshake_set_state(
+ ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
}
break;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index cf62532..874d8f6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -49,6 +49,7 @@
#include "mbedtls/psa_util.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "hash_info.h"
+#include "x509_invasive.h"
#include "mbedtls/platform.h"
@@ -58,6 +59,10 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#define WIN32_LEAN_AND_MEAN
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
#include <windows.h>
#else
#include <time.h>
@@ -101,7 +106,7 @@
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFF, /* Any PK alg */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/* Curves at or above 128-bit security level. Note that this selection
* should be aligned with ssl_preset_default_curves in ssl_tls.c. */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
@@ -111,9 +116,9 @@
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
0,
-#else
+#else /* MBEDTLS_ECP_LIGHT */
0,
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
2048,
};
@@ -152,13 +157,13 @@
/* Only ECDSA */
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/* Only NIST P-256 and P-384 */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
-#else
+#else /* MBEDTLS_ECP_LIGHT */
0,
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
0,
};
@@ -226,9 +231,9 @@
return -1;
}
-#endif
+#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) {
@@ -244,7 +249,7 @@
return -1;
}
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
return -1;
}
@@ -2524,6 +2529,194 @@
}
}
+#ifdef _WIN32
+#ifdef _MSC_VER
+#pragma comment(lib, "ws2_32.lib")
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#elif defined(__sun)
+/* Solaris requires -lsocket -lnsl for inet_pton() */
+#elif defined(__has_include)
+#if __has_include(<sys/socket.h>)
+#include <sys/socket.h>
+#endif
+#if __has_include(<arpa/inet.h>)
+#include <arpa/inet.h>
+#endif
+#endif
+
+/* Use whether or not AF_INET6 is defined to indicate whether or not to use
+ * the platform inet_pton() or a local implementation (below). The local
+ * implementation may be used even in cases where the platform provides
+ * inet_pton(), e.g. when there are different includes required and/or the
+ * platform implementation requires dependencies on additional libraries.
+ * Specifically, Windows requires custom includes and additional link
+ * dependencies, and Solaris requires additional link dependencies.
+ * Also, as a coarse heuristic, use the local implementation if the compiler
+ * does not support __has_include(), or if the definition of AF_INET6 is not
+ * provided by headers included (or not) via __has_include() above.
+ * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names
+ * despite having a platform that has inet_pton. */
+#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names
+/* Definition located further below to possibly reduce compiler inlining */
+static int x509_inet_pton_ipv4(const char *src, void *dst);
+
+#define li_cton(c, n) \
+ (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0))
+
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ const unsigned char *p = (const unsigned char *) src;
+ int nonzero_groups = 0, num_digits, zero_group_start = -1;
+ uint16_t addr[8];
+ do {
+ /* note: allows excess leading 0's, e.g. 1:0002:3:... */
+ uint16_t group = num_digits = 0;
+ for (uint8_t digit; num_digits < 4; num_digits++) {
+ if (li_cton(*p, digit) == 0) {
+ break;
+ }
+ group = (group << 4) | digit;
+ p++;
+ }
+ if (num_digits != 0) {
+ addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group :
+ (group << 8) | (group >> 8);
+ if (*p == '\0') {
+ break;
+ } else if (*p == '.') {
+ /* Don't accept IPv4 too early or late */
+ if ((nonzero_groups == 0 && zero_group_start == -1) ||
+ nonzero_groups >= 7) {
+ break;
+ }
+
+ /* Walk back to prior ':', then parse as IPv4-mapped */
+ int steps = 4;
+ do {
+ p--;
+ steps--;
+ } while (*p != ':' && steps > 0);
+
+ if (*p != ':') {
+ break;
+ }
+ p++;
+ nonzero_groups--;
+ if (x509_inet_pton_ipv4((const char *) p,
+ addr + nonzero_groups) != 0) {
+ break;
+ }
+
+ nonzero_groups += 2;
+ p = (const unsigned char *) "";
+ break;
+ } else if (*p != ':') {
+ return -1;
+ }
+ } else {
+ /* Don't accept a second zero group or an invalid delimiter */
+ if (zero_group_start != -1 || *p != ':') {
+ return -1;
+ }
+ zero_group_start = nonzero_groups;
+
+ /* Accept a zero group at start, but it has to be a double colon */
+ if (zero_group_start == 0 && *++p != ':') {
+ return -1;
+ }
+
+ if (p[1] == '\0') {
+ ++p;
+ break;
+ }
+ }
+ ++p;
+ } while (nonzero_groups < 8);
+
+ if (*p != '\0') {
+ return -1;
+ }
+
+ if (zero_group_start != -1) {
+ if (nonzero_groups > 6) {
+ return -1;
+ }
+ int zero_groups = 8 - nonzero_groups;
+ int groups_after_zero = nonzero_groups - zero_group_start;
+
+ /* Move the non-zero part to after the zeroes */
+ if (groups_after_zero) {
+ memmove(addr + zero_group_start + zero_groups,
+ addr + zero_group_start,
+ groups_after_zero * sizeof(*addr));
+ }
+ memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr));
+ } else {
+ if (nonzero_groups != 8) {
+ return -1;
+ }
+ }
+ memcpy(dst, addr, sizeof(addr));
+ return 0;
+}
+
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ /* note: allows leading 0's, e.g. 000.000.000.000 */
+ const unsigned char *p = (const unsigned char *) src;
+ uint8_t *res = (uint8_t *) dst;
+ uint8_t digit, num_digits = 0;
+ uint8_t num_octets = 0;
+ uint16_t octet;
+
+ do {
+ octet = num_digits = 0;
+ do {
+ digit = *p - '0';
+ if (digit > 9) {
+ break;
+ }
+ octet = octet * 10 + digit;
+ num_digits++;
+ p++;
+ } while (num_digits < 3);
+
+ if (octet >= 256 || num_digits > 3 || num_digits == 0) {
+ break;
+ }
+ *res++ = (uint8_t) octet;
+ num_octets++;
+ } while (num_octets < 4 && *p++ == '.');
+ return num_octets == 4 && *p == '\0' ? 0 : -1;
+}
+
+#else
+
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
+}
+
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
+}
+
+#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
+
+MBEDTLS_STATIC_TESTABLE
+size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
+{
+ return strchr(cn, ':') == NULL
+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
+}
+
/*
* Check for CN match
*/
@@ -2544,24 +2737,51 @@
return -1;
}
+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len)
+{
+ uint32_t ip[4];
+ cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip);
+ if (cn_len == 0) {
+ return -1;
+ }
+
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
-static int x509_crt_check_san(const mbedtls_x509_buf *name,
+static int x509_crt_check_san(const mbedtls_x509_sequence *san,
const char *cn, size_t cn_len)
{
- const unsigned char san_type = (unsigned char) name->tag &
- MBEDTLS_ASN1_TAG_VALUE_MASK;
-
- /* dNSName */
- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
- return x509_crt_check_cn(name, cn, cn_len);
+ int san_ip = 0;
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
+ return 0;
+ }
+ break;
+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ san_ip = 1;
+ break;
+ /* (We may handle other types here later.) */
+ default: /* Unrecognized type */
+ break;
+ }
}
- /* (We may handle other types here later.) */
-
- /* Unrecognized type */
- return -1;
+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
}
/*
@@ -2572,31 +2792,23 @@
uint32_t *flags)
{
const mbedtls_x509_name *name;
- const mbedtls_x509_sequence *cur;
size_t cn_len = strlen(cn);
if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
- break;
- }
- }
-
- if (cur == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
+ return;
}
} else {
for (name = &crt->subject; name != NULL; name = name->next) {
if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
- break;
+ return;
}
}
- if (name == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
}
+
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
/*
diff --git a/library/x509_invasive.h b/library/x509_invasive.h
new file mode 100644
index 0000000..d8fd74b
--- /dev/null
+++ b/library/x509_invasive.h
@@ -0,0 +1,53 @@
+/**
+ * \file x509_invasive.h
+ *
+ * \brief x509 module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_X509_INVASIVE_H
+#define MBEDTLS_X509_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/**
+ * \brief This function parses a CN string as an IP address.
+ *
+ * \param cn The CN string to parse. CN string MUST be NUL-terminated.
+ * \param dst The target buffer to populate with the binary IP address.
+ * The buffer MUST be 16 bytes to save IPv6, and should be
+ * 4-byte aligned if the result will be used as struct in_addr.
+ * e.g. uint32_t dst[4]
+ *
+ * \note \cn is parsed as an IPv6 address if string contains ':',
+ * else \cn is parsed as an IPv4 address.
+ *
+ * \return Length of binary IP address; num bytes written to target.
+ * \return \c 0 on failure to parse CN string as an IP address.
+ */
+size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_X509_INVASIVE_H */
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 56a5efe..d4e1d74 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -78,6 +78,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -175,6 +182,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index a58f6f4..3659026 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -61,6 +61,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
srand(1);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -119,6 +126,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index cdd69c0..1632e9d 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -50,6 +50,20 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -58,8 +72,7 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init(&srvcert);
- mbedtls_pk_init(&pkey);
+
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
@@ -78,9 +91,6 @@
initialized = 1;
}
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_config_init(&conf);
- mbedtls_ssl_cookie_init(&cookie_ctx);
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
@@ -154,9 +164,16 @@
exit:
mbedtls_ssl_cookie_free(&cookie_ctx);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert);
+#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 39c23e2..ce75624 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -30,13 +30,20 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
- return 1;
+ goto exit;
}
- mbedtls_pk_init(&pk);
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
dummy_random, &ctr_drbg);
if (ret == 0) {
@@ -83,7 +90,13 @@
abort();
}
}
+exit:
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 7f5e4aa..9203b4e 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -11,6 +11,12 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
@@ -66,6 +72,10 @@
abort();
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pk);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index cd021e1..e767859 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -58,6 +58,21 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_init(&ticket_ctx);
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -67,8 +82,6 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init(&srvcert);
- mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
@@ -92,11 +105,6 @@
initialized = 1;
}
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_config_init(&conf);
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_init(&ticket_ctx);
-#endif
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
@@ -193,8 +201,14 @@
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+#endif
mbedtls_ssl_free(&ssl);
-
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 6ff0c05..313540d 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crl_free(&crl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index 858c1ff..8442090 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_crt_init(&crt);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crt_free(&crt);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index 39fb4cb..395d3c2 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_csr_free(&csr);
#else
(void) Data;
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 1fbf045..5a2c30f 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -45,13 +47,13 @@
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_MD_CAN_SHA1)
+ !defined(MBEDTLS_SHA1_C)
int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
mbedtls_exit(0);
}
#else
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 66f7d6f..c940be0 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -45,13 +47,13 @@
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_MD_CAN_SHA1)
+ !defined(MBEDTLS_SHA1_C)
int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
mbedtls_exit(0);
}
#else
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 029558d..9bee275 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -200,6 +200,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -407,6 +416,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index c80dcd0..cd16e33 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -99,6 +99,15 @@
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto cleanup;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -305,8 +314,10 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 862c93f..e8f3e85 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -216,6 +216,15 @@
memset(buf, 0, sizeof(buf));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -422,6 +431,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 8862636..f60c946 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -67,6 +67,15 @@
memset(result, 0, sizeof(result));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 2) {
mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
@@ -139,6 +148,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index eab3f08..04e5cc7 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -63,6 +63,15 @@
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
@@ -140,6 +149,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index f3bcdb2..57bd796 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
@@ -38,7 +40,6 @@
#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/md.h"
#include "mbedtls/pk.h"
#include <stdio.h>
@@ -62,6 +63,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
@@ -139,6 +149,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index e24f27f..bca985b 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) || \
@@ -34,7 +36,6 @@
#else
#include "mbedtls/error.h"
-#include "mbedtls/md.h"
#include "mbedtls/pk.h"
#include <stdio.h>
@@ -54,6 +55,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
@@ -113,6 +123,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 051db07..64375e9 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
@@ -34,7 +36,6 @@
#else
#include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
#include <stdio.h>
#include <string.h>
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 4fa3582..999669e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
@@ -37,7 +39,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/md.h"
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
@@ -63,6 +64,15 @@
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
@@ -152,6 +162,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index e17d776..d525010 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
@@ -34,7 +36,6 @@
#else
#include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
#include <stdio.h>
#include <string.h>
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index bbd8c17..8a1fb59 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
@@ -38,7 +40,6 @@
#include "mbedtls/md.h"
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
-#include "mbedtls/md.h"
#include <stdio.h>
#include <string.h>
@@ -57,6 +58,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
@@ -128,6 +138,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 44a135f..e47715c 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -109,11 +109,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -324,12 +334,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 6f8c841..f218130 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -119,6 +119,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -394,6 +404,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 6dbbc6d..e8f4797 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -175,8 +175,16 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init(&ca);
#endif
-
mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
@@ -262,7 +270,6 @@
exit:
mbedtls_net_free(&server_fd);
-
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
@@ -270,6 +277,9 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index ea96a4d..259b8f9 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -91,11 +91,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
+
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -274,12 +284,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 13edf46..12a1068 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -261,7 +261,7 @@
#define USAGE_ALPN ""
#endif /* MBEDTLS_SSL_ALPN */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@@ -760,7 +760,7 @@
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
@@ -1497,7 +1497,7 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (opt.curves != NULL) {
p = (char *) opt.curves;
i = 0;
@@ -1543,7 +1543,7 @@
group_list[i] = 0;
}
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) {
@@ -1946,7 +1946,7 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (opt.curves != NULL &&
strcmp(opt.curves, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list);
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 0ba0d2c..a5f0650 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -21,6 +21,7 @@
#include "mbedtls/build_info.h"
#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
#include <stdio.h>
#include <stdlib.h>
@@ -933,6 +934,15 @@
size_t ssl_max_len = SSL_INIT_LEN;
size_t ssl_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/* The 'b64_file' is opened when parsing arguments to check that the
* file name is correct */
parse_arguments(argc, argv);
@@ -1001,6 +1011,10 @@
printf("Finished. No valid base64 code found\n");
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
return 0;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7ee880d..4777ee0 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -105,6 +105,15 @@
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
signal(SIGCHLD, SIG_IGN);
/*
@@ -366,13 +375,15 @@
exit:
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 3b040aa..fb6f371 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -369,6 +369,16 @@
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -458,7 +468,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -796,6 +805,9 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 2b3baff..9416c3c 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -332,6 +332,16 @@
*/
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* 1a. Seed the random number generator
*/
@@ -473,14 +483,14 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
-
mbedtls_net_free(&listen_fd);
-
mbedtls_mutex_free(&debug_mutex);
-
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7dabda8..bb49155 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -104,6 +104,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -343,7 +353,6 @@
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
@@ -353,6 +362,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b2bd8b8..7cfcc9b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -445,7 +445,7 @@
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@@ -671,7 +671,7 @@
#if defined(MBEDTLS_HAVE_TIME)
int cache_timeout; /* expiration delay of session cache entries*/
#endif
- int cache_remove; /* enable / disable cache removement */
+ int cache_remove; /* enable / disable cache entry removal */
char *sni; /* string describing sni information */
const char *curves; /* list of supported elliptic curves */
const char *sig_algs; /* supported TLS 1.3 signature algorithms */
@@ -1523,7 +1523,7 @@
#if defined(SNI_OPTION)
sni_entry *sni_info = NULL;
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
@@ -2390,7 +2390,7 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (opt.curves != NULL) {
p = (char *) opt.curves;
i = 0;
@@ -2436,7 +2436,7 @@
group_list[i] = 0;
}
}
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (opt.sig_algs != NULL) {
@@ -3138,7 +3138,7 @@
}
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (opt.curves != NULL &&
strcmp(opt.curves, "default") != 0) {
mbedtls_ssl_conf_groups(&conf, group_list);
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a9656c6..51a79ec 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -153,6 +153,7 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
+ mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init(&cacrl);
#else
@@ -161,6 +162,15 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -338,7 +348,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -448,6 +457,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 01d09bc..1772f87 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
@@ -177,6 +179,16 @@
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -386,7 +398,6 @@
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -458,6 +469,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
cur = opt.san_list;
while (cur != NULL) {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 99ede78..51b09f3 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -20,6 +20,8 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
@@ -41,7 +43,6 @@
#include "mbedtls/oid.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/md.h"
#include "mbedtls/error.h"
#include "test/helpers.h"
@@ -329,6 +330,15 @@
memset(buf, 0, sizeof(buf));
memset(serial, 0, sizeof(serial));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -884,6 +894,9 @@
mbedtls_pk_free(&loaded_issuer_key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index d74a488..6c671ff 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -70,6 +70,15 @@
*/
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -125,6 +134,9 @@
exit:
mbedtls_x509_crl_free(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 237bd7c..d024e98 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -123,6 +123,15 @@
struct mbedtls_timing_hr_time timer;
unsigned long ms;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc <= 1) {
mbedtls_printf(USAGE);
goto exit;
@@ -187,6 +196,9 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 83e2546..64b9f0b 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -70,6 +70,15 @@
*/
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -125,6 +134,9 @@
exit:
mbedtls_x509_csr_free(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py
index b942070..d8ef4a8 100644
--- a/scripts/mbedtls_dev/bignum_common.py
+++ b/scripts/mbedtls_dev/bignum_common.py
@@ -17,6 +17,7 @@
from abc import abstractmethod
import enum
from typing import Iterator, List, Tuple, TypeVar, Any
+from copy import deepcopy
from itertools import chain
from . import test_case
@@ -104,6 +105,7 @@
symbol = ""
input_values = INPUTS_DEFAULT # type: List[str]
input_cases = [] # type: List[Any]
+ dependencies = [] # type: List[Any]
unique_combinations_only = False
input_styles = ["variable", "fixed", "arch_split"] # type: List[str]
input_style = "variable" # type: str
@@ -119,10 +121,11 @@
# provides earlier/more robust input validation.
self.int_a = hex_to_int(val_a)
self.int_b = hex_to_int(val_b)
+ self.dependencies = deepcopy(self.dependencies)
if bits_in_limb not in self.limb_sizes:
raise ValueError("Invalid number of bits in limb!")
if self.input_style == "arch_split":
- self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)]
+ self.dependencies.append("MBEDTLS_HAVE_INT{:d}".format(bits_in_limb))
self.bits_in_limb = bits_in_limb
@property
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
index 1c03205..b7b66e4 100644
--- a/scripts/mbedtls_dev/ecp.py
+++ b/scripts/mbedtls_dev/ecp.py
@@ -30,10 +30,11 @@
EcpTarget):
"""Test cases for ECP P192 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p192_raw"
+ test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p192_raw"
input_style = "fixed"
arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"]
moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
@@ -96,15 +97,20 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP192R1"] + args
+
class EcpP224R1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P224 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p224_raw"
+ test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p224_raw"
input_style = "arch_split"
arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"]
moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
@@ -168,15 +174,20 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP224R1"] + args
+
class EcpP256R1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P256 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p256_raw"
+ test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p256_raw"
input_style = "fixed"
arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"]
moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
@@ -247,14 +258,19 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP256R1"] + args
+
class EcpP384R1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P384 fast reduction."""
- test_function = "ecp_mod_p384_raw"
+ test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p384_raw"
input_style = "fixed"
arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"]
moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffeffffffff0000000000000000ffffffff")
@@ -364,13 +380,19 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP384R1"] + args
+
+
class EcpP521R1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P521 fast reduction."""
- test_function = "ecp_mod_p521_raw"
+ test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p521_raw"
input_style = "arch_split"
arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"]
moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
@@ -462,3 +484,201 @@
@property
def is_valid(self) -> bool:
return True
+
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP521R1"] + args
+
+
+class EcpP192K1Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P192K1 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p192k1"
+ test_name = "ecp_mod_p192k1"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"]
+
+ moduli = ["fffffffffffffffffffffffffffffffffffffffeffffee37"] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ "fffffffffffffffffffffffffffffffffffffffeffffee36",
+
+ # Modulus + 1
+ "fffffffffffffffffffffffffffffffffffffffeffffee38",
+
+ # 2^192 - 1
+ "ffffffffffffffffffffffffffffffffffffffffffffffff",
+
+ # Maximum canonical P192K1 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffdffffdc6c"
+ "0000000000000000000000000000000100002394013c7364"),
+
+ # First 8 number generated by random.getrandbits(384) - seed(2,2)
+ ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
+ "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
+ "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"),
+ ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7"
+ "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"),
+ ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"
+ "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"),
+ ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78"
+ "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
+ ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"
+ "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"),
+ ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561"
+ "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"),
+ ("bd143fa9b714210c665d7435c1066932f4767f26294365b2"
+ "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
+
+ # Next 2 number generated by random.getrandbits(192)
+ "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2",
+ "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63"
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+
+class EcpP224K1Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P224 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p224k1"
+ test_name = "ecp_mod_p224k1"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
+
+ moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d"] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c",
+
+ # Modulus + 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56e",
+
+ # 2^224 - 1
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+
+ # Maximum canonical P224 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8"
+ "00000000000000000000000000000000000000010000352802c26590"),
+
+ # First 8 number generated by random.getrandbits(448) - seed(2,2)
+ ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337"
+ "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675"
+ "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"),
+ ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12"
+ "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"),
+ ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6"
+ "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"),
+ ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
+ "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
+ ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
+ "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
+ ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
+ "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
+ ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
+ "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"),
+
+ # Next 2 number generated by random.getrandbits(224)
+ ("eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
+ ("f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"),
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+
+class EcpP256K1Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P256 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p256k1"
+ test_name = "ecp_mod_p256k1"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"]
+
+ moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
+
+ # Modulus + 1
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
+
+ # 2^256 - 1
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+
+ # Maximum canonical P256 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c0"
+ "00000000000000000000000000000000000000000000001000007a4000e9844"),
+
+ # First 8 number generated by random.getrandbits(512) - seed(2,2)
+ ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
+ "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"
+ "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"),
+ ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626"
+ "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"),
+ ("829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"
+ "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
+ ("e89204e2e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"
+ "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"),
+ ("bd143fa9b714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0"
+ "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"),
+ ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9"
+ "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
+ ("d08f1bb2531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"
+ "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
+
+ # Next 2 number generated by random.getrandbits(256)
+ ("c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"),
+ ("d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"),
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 4228f45..47370b4 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1000,6 +1000,57 @@
all_final += ec_bp512_pub.comp.pem
################################################################
+#### Convert PEM keys to DER format
+################################################################
+server1.pubkey.der: server1.pubkey
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += server1.pubkey.der
+
+rsa4096_pub.der: rsa4096_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += rsa4096_pub.der
+
+ec_pub.der: ec_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_pub.der
+
+ec_521_pub.der: ec_521_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_521_pub.der
+
+ec_bp512_pub.der: ec_bp512_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_bp512_pub.der
+
+server1.key.der: server1.key
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += server1.key.der
+
+rsa4096_prv.der: rsa4096_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += rsa4096_prv.der
+
+ec_prv.sec1.der: ec_prv.sec1.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_prv.sec1.der
+
+ec_256_long_prv.der: ec_256_long_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_256_long_prv.der
+
+ec_521_prv.der: ec_521_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_521_prv.der
+
+ec_521_short_prv.der: ec_521_short_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_521_short_prv.der
+
+ec_bp512_prv.der: ec_bp512_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_bp512_prv.der
+
+################################################################
### Generate CSRs for X.509 write test suite
################################################################
diff --git a/tests/data_files/ec_256_long_prv.der b/tests/data_files/ec_256_long_prv.der
new file mode 100644
index 0000000..96e329e
--- /dev/null
+++ b/tests/data_files/ec_256_long_prv.der
Binary files differ
diff --git a/tests/data_files/ec_521_prv.der b/tests/data_files/ec_521_prv.der
new file mode 100644
index 0000000..734714a
--- /dev/null
+++ b/tests/data_files/ec_521_prv.der
Binary files differ
diff --git a/tests/data_files/ec_521_pub.der b/tests/data_files/ec_521_pub.der
new file mode 100644
index 0000000..5b685de
--- /dev/null
+++ b/tests/data_files/ec_521_pub.der
Binary files differ
diff --git a/tests/data_files/ec_521_short_prv.der b/tests/data_files/ec_521_short_prv.der
new file mode 100644
index 0000000..0a1f18c
--- /dev/null
+++ b/tests/data_files/ec_521_short_prv.der
Binary files differ
diff --git a/tests/data_files/ec_bp512_prv.der b/tests/data_files/ec_bp512_prv.der
new file mode 100644
index 0000000..2d9a3de
--- /dev/null
+++ b/tests/data_files/ec_bp512_prv.der
Binary files differ
diff --git a/tests/data_files/ec_bp512_pub.der b/tests/data_files/ec_bp512_pub.der
new file mode 100644
index 0000000..6a8c4c7
--- /dev/null
+++ b/tests/data_files/ec_bp512_pub.der
Binary files differ
diff --git a/tests/data_files/rsa4096_prv.der b/tests/data_files/rsa4096_prv.der
new file mode 100644
index 0000000..86ea818
--- /dev/null
+++ b/tests/data_files/rsa4096_prv.der
Binary files differ
diff --git a/tests/data_files/rsa4096_pub.der b/tests/data_files/rsa4096_pub.der
new file mode 100644
index 0000000..270bf3a
--- /dev/null
+++ b/tests/data_files/rsa4096_pub.der
Binary files differ
diff --git a/tests/data_files/server1.key.der b/tests/data_files/server1.key.der
new file mode 100644
index 0000000..88288d1
--- /dev/null
+++ b/tests/data_files/server1.key.der
Binary files differ
diff --git a/tests/data_files/server1.pubkey.der b/tests/data_files/server1.pubkey.der
new file mode 100644
index 0000000..1a432a4
--- /dev/null
+++ b/tests/data_files/server1.pubkey.der
Binary files differ
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index e7503c7..572b6cb 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -130,6 +130,9 @@
#endif
} mbedtls_test_handshake_test_options;
+/*
+ * Buffer structure for custom I/O callbacks.
+ */
typedef struct mbedtls_test_ssl_buffer {
size_t start;
size_t content_length;
@@ -311,13 +314,13 @@
/*
* Setup and teardown functions for mock sockets.
*/
-void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket);
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket);
/*
* Closes the socket \p socket.
*
* \p socket must have been previously initialized by calling
- * mbedtls_mock_socket_init().
+ * mbedtls_test_mock_socket_init().
*
* This function frees all allocated resources and both sockets are aware of the
* new connection state.
@@ -332,7 +335,7 @@
* Establishes a connection between \p peer1 and \p peer2.
*
* \p peer1 and \p peer2 must have been previously initialized by calling
- * mbedtls_mock_socket_init().
+ * mbedtls_test_mock_socket_init().
*
* The capacities of the internal buffers are set to \p bufsize. Setting this to
* the correct value allows for simulation of MTU, sanity testing the mock
@@ -374,7 +377,8 @@
int mbedtls_test_message_socket_setup(
mbedtls_test_ssl_message_queue *queue_input,
mbedtls_test_ssl_message_queue *queue_output,
- size_t queue_capacity, mbedtls_test_mock_socket *socket,
+ size_t queue_capacity,
+ mbedtls_test_mock_socket *socket,
mbedtls_test_message_socket_context *ctx);
/*
@@ -411,8 +415,7 @@
* mbedtls_test_mock_tcp_recv_b failed.
*
* This function will also return any error other than
- * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from
- * mbedtls_test_message_queue_peek_info.
+ * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info.
*/
int mbedtls_test_mock_tcp_recv_msg(void *ctx,
unsigned char *buf, size_t buf_len);
@@ -488,6 +491,12 @@
} \
} while (0)
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
+#else
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
@@ -544,10 +553,11 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2);
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
void mbedtls_test_ssl_perform_handshake(
@@ -566,7 +576,7 @@
* is expected to fail. All zeroes if no
* MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected.
*/
-int tweak_tls13_certificate_msg_vector_len(
+int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
unsigned char *buf, unsigned char **end, int tweak,
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args);
#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 465f9bb..78666b4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -946,13 +946,13 @@
# TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for
# "full-tls-external" once Issue6839 is completed
- not grep mbedtls_ecp_curve full-tls-external
- not grep mbedtls_ecp full-x509-external
+ not grep mbedtls_ecp_curve full-libmbedtls-external
+ not grep mbedtls_ecp full-libmbedx509-external
- rm full-tls-external \
- full-tls-modules \
- full-x509-external \
- full-x509-modules
+ rm full-libmbedtls-external \
+ full-libmbedtls-modules \
+ full-libmbedx509-external \
+ full-libmbedx509-modules
}
component_test_psa_crypto_key_id_encodes_owner () {
@@ -1219,6 +1219,17 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_sw_inet_pton () {
+ msg "build: default plus MBEDTLS_TEST_SW_INET_PTON"
+
+ # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton
+ scripts/config.py set MBEDTLS_TEST_HOOKS
+ make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON"
+
+ msg "test: default plus MBEDTLS_TEST_SW_INET_PTON"
+ make test
+}
+
component_test_crypto_full_md_light_only () {
msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
@@ -2205,6 +2216,7 @@
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C
scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_ECP_C
fi
# Restartable feature is not yet supported by PSA. Once it will in
@@ -2248,12 +2260,16 @@
# Build the library
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \
+ -DMBEDTLS_TEST_LIBTESTDRIVER1 \
+ -DMBEDTLS_ECP_LIGHT"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
+ not grep mbedtls_ecp_mul library/ecp.o
# Run the tests
# -------------
@@ -2284,6 +2300,140 @@
tests/ssl-opt.sh
}
+# This helper function is used by:
+# - component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa()
+# - component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
+# to ensure that both tests use the same underlying configuration when testing
+# driver's coverage with analyze_outcomes.py.
+#
+# This functions accepts 1 boolean parameter as follows:
+# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore
+# excluding their built-in implementation as well as ECP_C & ECP_LIGHT
+# - 0: include built-in implementation of EC algorithms.
+#
+# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
+# on the ECP module.
+config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () {
+ DRIVER_ONLY="$1"
+ # start with crypto_full config for maximum coverage (also enables USE_PSA),
+ # but excluding X509, TLS and key exchanges
+ scripts/config.py crypto_full
+ # enable support for drivers and configuring PSA-only algorithms
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ # Disable modules that are accelerated
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ # Disable ECP module (entirely)
+ scripts/config.py unset MBEDTLS_ECP_C
+ scripts/config.py unset MBEDTLS_ECP_LIGHT
+ fi
+
+ # Disable PK module since it depends on ECP
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ # Disable also RSA_C that would re-enable PK
+ scripts/config.py unset MBEDTLS_RSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ # Disable also key exchanges that depend on RSA for completeness
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+ # Restartable feature is not yet supported by PSA. Once it will in
+ # the future, the following line could be removed (see issues
+ # 6061, 6332 and following ones)
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ # Disable PSA_WANT symbols that would re-enable PK
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+ for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ scripts/config.py -f include/psa/crypto_config.h unset $ALG
+ done
+}
+
+# Build and test a configuration where driver accelerates all EC algs while
+# all support and dependencies from ECP and ECP_LIGHT are removed on the library
+# side.
+#
+# Keep in sync with component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
+component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () {
+ msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_ECDH \
+ ALG_JPAKE \
+ KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Set common configurations between library's and driver's builds
+ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
+ # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries with drivers enabled
+ # -----------------------------------------------------------
+
+ # Build the library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ loc_symbols="-DPSA_CRYPTO_DRIVER_TEST \
+ -DMBEDTLS_TEST_LIBTESTDRIVER1"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests $loc_symbols $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure any built-in EC alg was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecjpake_ library/ecjpake.o
+ # Also ensure that ECP or RSA modules were not re-enabled
+ not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_rsa_ library/rsa.o
+
+ # Run the tests
+ # -------------
+
+ msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP"
+ make test
+}
+
+# Reference function used for driver's coverage analysis in analyze_outcomes.py
+# in conjunction with component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa().
+# Keep in sync with its accelerated counterpart.
+component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa () {
+ msg "build: crypto_full + non accelerated EC algs + USE_PSA"
+
+ config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 0
+
+ make
+
+ # Esure that the RSA module was not re-enabled
+ not grep mbedtls_rsa_ library/rsa.o
+
+ msg "test suites: crypto_full + non accelerated EC algs + USE_PSA"
+ make test
+}
+
# Helper function used in:
# - component_test_psa_crypto_config_accel_all_curves_except_p192
# - component_test_psa_crypto_config_accel_all_curves_except_x25519
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 60cf654..293459b 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -201,7 +201,6 @@
'args': {
'component_ref': 'test_psa_crypto_config_reference_all_ec_algs_use_psa',
'component_driver': 'test_psa_crypto_config_accel_all_ec_algs_use_psa',
- # ignore the suites of the accelerated components
'ignored_suites': [
'ecdsa',
'ecdh',
@@ -211,6 +210,79 @@
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
+ # In the accelerated test ECP_C is not set (only ECP_LIGHT is)
+ # so we must ignore disparities in the tests for which ECP_C
+ # is required.
+ 'test_suite_ecp': [
+ 'ECP check public-private #1 (OK)',
+ 'ECP check public-private #2 (group none)',
+ 'ECP check public-private #3 (group mismatch)',
+ 'ECP check public-private #4 (Qx mismatch)',
+ 'ECP check public-private #5 (Qy mismatch)',
+ 'ECP check public-private #6 (wrong Qx)',
+ 'ECP check public-private #7 (wrong Qy)',
+ 'ECP gen keypair [#1]',
+ 'ECP gen keypair [#2]',
+ 'ECP gen keypair [#3]',
+ 'ECP gen keypair wrapper',
+ 'ECP point muladd secp256r1 #1',
+ 'ECP point muladd secp256r1 #2',
+ 'ECP point multiplication Curve25519 (element of order 2: origin) #3',
+ 'ECP point multiplication Curve25519 (element of order 4: 1) #4',
+ 'ECP point multiplication Curve25519 (element of order 8) #5',
+ 'ECP point multiplication Curve25519 (normalized) #1',
+ 'ECP point multiplication Curve25519 (not normalized) #2',
+ 'ECP point multiplication rng fail Curve25519',
+ 'ECP point multiplication rng fail secp256r1',
+ 'ECP test vectors Curve25519',
+ 'ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)',
+ 'ECP test vectors brainpoolP256r1 rfc 7027',
+ 'ECP test vectors brainpoolP384r1 rfc 7027',
+ 'ECP test vectors brainpoolP512r1 rfc 7027',
+ 'ECP test vectors secp192k1',
+ 'ECP test vectors secp192r1 rfc 5114',
+ 'ECP test vectors secp224k1',
+ 'ECP test vectors secp224r1 rfc 5114',
+ 'ECP test vectors secp256k1',
+ 'ECP test vectors secp256r1 rfc 5114',
+ 'ECP test vectors secp384r1 rfc 5114',
+ 'ECP test vectors secp521r1 rfc 5114',
+ ]
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_all_ec_algs_no_ecp': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa',
+ 'component_driver': 'test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa',
+ 'ignored_suites': [
+ # Ignore test suites for the modules that are disabled in the
+ # accelerated test case.
+ 'ecp',
+ 'ecdsa',
+ 'ecdh',
+ 'ecjpake',
+ ],
+ 'ignored_tests': {
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_psa_crypto': [
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
+ ]
}
}
},
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 5f9f767..2656deb 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -727,14 +727,12 @@
} else
#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_ECP_C)
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
/* Just the secret value */
TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
} else
-#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
@@ -766,7 +764,6 @@
} else
#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_ECP_C)
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
TEST_ASSERT(exported_length <=
@@ -792,10 +789,7 @@
TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
TEST_EQUAL(exported[0], 4);
}
- } else
-#endif /* MBEDTLS_ECP_C */
-
- {
+ } else {
(void) exported;
TEST_ASSERT(!"Sanity check not implemented for this key type");
}
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 08956e8..e79d152 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -124,10 +124,6 @@
}
#endif /* MBEDTLS_TEST_HOOKS */
-/*
- * Buffer structure for custom I/O callbacks.
- */
-
void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf)
{
memset(buf, 0, sizeof(*buf));
@@ -233,8 +229,8 @@
return (output_len > INT_MAX) ? INT_MAX : (int) output_len;
}
-int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue,
- size_t capacity)
+int mbedtls_test_ssl_message_queue_setup(
+ mbedtls_test_ssl_message_queue *queue, size_t capacity)
{
queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
if (NULL == queue->messages) {
@@ -248,7 +244,8 @@
return 0;
}
-void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue)
+void mbedtls_test_ssl_message_queue_free(
+ mbedtls_test_ssl_message_queue *queue)
{
if (queue == NULL) {
return;
@@ -315,8 +312,9 @@
* set to the full message length so that the
* caller knows what portion of the message can be dropped.
*/
-int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue,
- size_t buf_len, size_t *msg_len)
+static int test_ssl_message_queue_peek_info(
+ mbedtls_test_ssl_message_queue *queue,
+ size_t buf_len, size_t *msg_len)
{
if (queue == NULL || msg_len == NULL) {
return MBEDTLS_TEST_ERROR_ARG_NULL;
@@ -329,7 +327,7 @@
return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
}
-void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket)
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket)
{
memset(socket, 0, sizeof(*socket));
}
@@ -459,7 +457,8 @@
return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
}
-void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx)
+void mbedtls_test_message_socket_init(
+ mbedtls_test_message_socket_context *ctx)
{
ctx->queue_input = NULL;
ctx->queue_output = NULL;
@@ -480,12 +479,13 @@
ctx->queue_input = queue_input;
ctx->queue_output = queue_output;
ctx->socket = socket;
- mbedtls_mock_socket_init(socket);
+ mbedtls_test_mock_socket_init(socket);
return 0;
}
-void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx)
+void mbedtls_test_message_socket_close(
+ mbedtls_test_message_socket_context *ctx)
{
if (ctx == NULL) {
return;
@@ -544,7 +544,7 @@
/* Peek first, so that in case of a socket error the data remains in
* the queue. */
- ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len);
+ ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len);
if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
/* Calculate how much to drop */
drop_len = msg_len - buf_len;
@@ -578,7 +578,7 @@
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
-void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
+static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
{
mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
if (cert != NULL) {
@@ -730,7 +730,7 @@
exit:
if (ret != 0) {
- mbedtls_endpoint_certificate_free(ep);
+ test_ssl_endpoint_certificate_free(ep);
}
return ret;
@@ -781,7 +781,7 @@
100, &(ep->socket),
dtls_context) == 0);
} else {
- mbedtls_mock_socket_init(&(ep->socket));
+ mbedtls_test_mock_socket_init(&(ep->socket));
}
/* Non-blocking callbacks without timeout */
@@ -868,7 +868,7 @@
mbedtls_test_ssl_endpoint *ep,
mbedtls_test_message_socket_context *context)
{
- mbedtls_endpoint_certificate_free(ep);
+ test_ssl_endpoint_certificate_free(ep);
mbedtls_ssl_free(&(ep->ssl));
mbedtls_ssl_config_free(&(ep->conf));
@@ -941,7 +941,7 @@
/* Used for DTLS and the message size larger than MFL. In that case
* the message can not be fragmented and the library should return
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
- * to prevent a dead loop inside mbedtls_exchange_data(). */
+ * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */
return ret;
} else if (expected_fragments == 1) {
/* Used for TLS/DTLS and the message size lower than MFL */
@@ -1004,8 +1004,9 @@
return -1;
}
-void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
- int *forced_ciphersuite)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
+ int *forced_ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
@@ -1030,9 +1031,13 @@
exit:
return;
}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+ defined(MBEDTLS_SSL_SRV_C)
+static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
{
(void) p_info;
(void) ssl;
@@ -1041,12 +1046,9 @@
return 0;
}
-
-#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
-#else
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
-#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
+ MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+ MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
@@ -1600,10 +1602,11 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2)
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2)
{
unsigned char *msg_buf_1 = malloc(msg_len_1);
unsigned char *msg_buf_2 = malloc(msg_len_2);
@@ -1709,12 +1712,18 @@
*
* \retval 0 on success, otherwise error code.
*/
-int exchange_data(mbedtls_ssl_context *ssl_1,
- mbedtls_ssl_context *ssl_2)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
+ (defined(MBEDTLS_SSL_RENEGOTIATION) || \
+ defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH))
+static int exchange_data(mbedtls_ssl_context *ssl_1,
+ mbedtls_ssl_context *ssl_2)
{
- return mbedtls_exchange_data(ssl_1, 256, 1,
- ssl_2, 256, 1);
+ return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1,
+ ssl_2, 256, 1);
}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
+ (MBEDTLS_SSL_RENEGOTIATION ||
+ MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static int check_ssl_version(
@@ -1755,7 +1764,6 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
void mbedtls_test_ssl_perform_handshake(
mbedtls_test_handshake_test_options *options)
@@ -1964,10 +1972,11 @@
if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
/* Start data exchanging test */
- TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments)
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments)
== 0);
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -2024,12 +2033,10 @@
#endif
/* Retest writing/reading */
if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- TEST_ASSERT(mbedtls_exchange_data(
- &(client.ssl),
- options->cli_msg_len,
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
options->expected_cli_fragments,
- &(server.ssl),
- options->srv_msg_len,
+ &(server.ssl), options->srv_msg_len,
options->expected_srv_fragments)
== 0);
}
@@ -2126,7 +2133,7 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_TEST_HOOKS)
-int tweak_tls13_certificate_msg_vector_len(
+int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
unsigned char *buf, unsigned char **end, int tweak,
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args)
{
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index da95814..2bbd34a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5360,7 +5360,6 @@
# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
# different means to have the server ignoring the client's supported curve list.
-requires_config_enabled MBEDTLS_ECP_C
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5370,7 +5369,6 @@
-c "! Certificate verification flags"\
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-requires_config_enabled MBEDTLS_ECP_C
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5748,7 +5746,6 @@
# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
# different means to have the server ignoring the client's supported curve list.
-requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
@@ -5760,7 +5757,6 @@
-c "! Certificate verification flags" \
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function
index f670331..b9ceb59 100644
--- a/tests/suites/test_suite_alignment.function
+++ b/tests/suites/test_suite_alignment.function
@@ -12,18 +12,15 @@
*/
int parse_hex_string(char *hex_string, uint64_t *result)
{
- uint8_t raw[8];
+ uint8_t raw[8] = { 0 };
size_t olen;
if (mbedtls_test_unhexify(raw, sizeof(raw), hex_string, &olen) != 0) {
return 0;
}
+
*result = 0;
for (size_t i = 0; i < olen; i++) {
- if (MBEDTLS_IS_BIG_ENDIAN) {
- *result |= ((uint64_t) raw[i]) << (i * 8);
- } else {
- *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8);
- }
+ *result |= ((uint64_t) raw[i]) << ((olen - i - 1) * 8);
}
return 1;
}
@@ -57,44 +54,29 @@
break;
}
- /* Generate expected result */
+ /* Define expected result by manually aligning the raw bytes, and
+ * reading back with a normal pointer access. */
+ uint64_t raw_aligned_64;
+ uint16_t *raw_aligned_16 = (uint16_t *) &raw_aligned_64;
+ uint32_t *raw_aligned_32 = (uint32_t *) &raw_aligned_64;
+ memcpy(&raw_aligned_64, ((uint8_t *) &raw) + offset, size / 8);
+ /* Make a 16/32/64 byte read from the aligned location, and copy to expected */
uint64_t expected = 0;
- for (uint8_t i = 0; i < 8; i++) {
- uint8_t shift;
- if (MBEDTLS_IS_BIG_ENDIAN) {
- /*
- * Similar to little-endian case described below, but the shift needs
- * to be inverted
- */
- shift = 7 - (i * 8);
- } else {
- /* example for offset == 1:
- * expected = (( 1 + 0 ) << (0 * 8)) | (( 1 + 1 ) << (1 * 8)) | (( 1 + 2 ) << (2 * 8)))
- * = (1 << 0) | (2 << 8) | (3 << 16) ...
- * = 0x0807060504030201
- * x = { 0, 1, 2, 3, ... }
- * ie expected is the value that would be read from x on a LE system, when
- * byte swapping is not performed
- */
- shift = i * 8;
- }
- uint64_t b = offset + i;
- expected |= b << shift;
- }
-
- /* Mask out excess bits from expected result */
switch (size) {
case 16:
- expected &= 0xffff;
+ expected = *raw_aligned_16;
break;
case 32:
- expected &= 0xffffffff;
+ expected = *raw_aligned_32;
+ break;
+ case 64:
+ expected = raw_aligned_64;
break;
}
TEST_EQUAL(r, expected);
- /* Write sentinel to the part of the array we will testing writing to */
+ /* Write sentinel to the part of the array we will test writing to */
for (size_t i = 0; i < (size_t) (size / 8); i++) {
x[i + offset] = 0xff;
}
@@ -122,7 +104,7 @@
/* BEGIN_CASE */
void mbedtls_byteswap(char *input_str, int size, char *expected_str)
{
- uint64_t input, expected;
+ uint64_t input = 0, expected = 0;
TEST_ASSERT(parse_hex_string(input_str, &input));
TEST_ASSERT(parse_hex_string(expected_str, &expected));
@@ -315,7 +297,7 @@
/* Verify read */
TEST_EQUAL(read, expected);
- /* Test writing back to memory. First write sentiel */
+ /* Test writing back to memory. First write sentinel */
for (size_t i = 0; i < (size_t) (size / 8); i++) {
x[i + offset] = 0xff;
}
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index e084b83..53aa002 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -309,6 +309,36 @@
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_clz(int leading_zeros, int trailing_zeros)
+{
+ if ((size_t) (leading_zeros + trailing_zeros) >= (sizeof(mbedtls_mpi_uint) * 8)) {
+ // can't fit required number of leading and trailing zeros - skip test
+ goto exit;
+ }
+
+ // Construct a test input value where the count of leading zeros and
+ // trailing zeros is given in the test case, and we add ones to fill
+ // the gap.
+ mbedtls_mpi_uint x;
+ if ((leading_zeros + trailing_zeros) > 0) {
+ // some zero bits
+ uint32_t s = (sizeof(mbedtls_mpi_uint) * 8 - leading_zeros - trailing_zeros);
+ x = ((((mbedtls_mpi_uint) 1) << s) - 1) << trailing_zeros;
+ } else {
+ // all bits set
+ x = ~((mbedtls_mpi_uint) 0);
+ }
+
+ size_t n = mbedtls_mpi_core_clz(x);
+ TEST_EQUAL(n, leading_zeros);
+exit:
+ ;
+}
+/* END_CASE */
+
+
/* BEGIN_CASE */
void mpi_core_lt_ct(char *input_X, char *input_Y, int exp_ret)
{
diff --git a/tests/suites/test_suite_bignum_core.misc.data b/tests/suites/test_suite_bignum_core.misc.data
index b61d708..ba86029 100644
--- a/tests/suites/test_suite_bignum_core.misc.data
+++ b/tests/suites/test_suite_bignum_core.misc.data
@@ -491,3 +491,35 @@
Fill random core: 42 bytes, 5 missing limbs
mpi_core_fill_random:42:0:-5:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+CLZ: 0 0: all ones
+mpi_core_clz:0:0
+
+CLZ: 1 0
+mpi_core_clz:1:0
+
+CLZ: 1 1
+mpi_core_clz:1:1
+
+CLZ: 4 5
+mpi_core_clz:4:5
+
+CLZ: 8 16
+mpi_core_clz:8:16
+
+CLZ: 31 0
+mpi_core_clz:31:0
+
+CLZ: 32 0
+mpi_core_clz:32:0
+
+CLZ: 33 0
+mpi_core_clz:33:0
+
+CLZ: 63 0
+mpi_core_clz:63:0
+
+CLZ: 64 0
+mpi_core_clz:64:0
+
+CLZ: 100000 0: skip overly long input
+mpi_core_clz:100000:0
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 945f5cb..8c079c5 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -63,5 +63,5 @@
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 4b51a9f..6d5ce9c 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -70,7 +70,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ECP_C
+ * depends_on:MBEDTLS_ECP_LIGHT
* END_DEPENDENCIES
*/
@@ -318,7 +318,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void ecp_test_vect(int id, char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xB_str, char *yB_str,
char *xZ_str, char *yZ_str)
@@ -375,7 +375,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void ecp_test_vec_x(int id, char *dA_hex, char *xA_hex, char *dB_hex,
char *xB_hex, char *xS_hex)
{
@@ -428,7 +428,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void ecp_test_mul(int id, data_t *n_hex,
data_t *Px_hex, data_t *Py_hex, data_t *Pz_hex,
data_t *nPx_hex, data_t *nPy_hex, data_t *nPz_hex,
@@ -477,7 +477,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void ecp_test_mul_rng(int id, data_t *d_hex)
{
mbedtls_ecp_group grp;
@@ -503,7 +503,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_C */
void ecp_muladd(int id,
data_t *u1_bin, data_t *P1_bin,
data_t *u2_bin, data_t *P2_bin,
@@ -955,7 +955,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void mbedtls_ecp_check_pub_priv(int id_pub, char *Qx_pub, char *Qy_pub,
int id, char *d, char *Qx, char *Qy,
int ret)
@@ -987,7 +987,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void mbedtls_ecp_gen_keypair(int id)
{
mbedtls_ecp_group grp;
@@ -1016,7 +1016,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void mbedtls_ecp_gen_key(int id)
{
mbedtls_ecp_keypair key;
@@ -1086,7 +1086,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBBEDTLS_ECP_C */
void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
{
mbedtls_test_rnd_buf_info rnd_info;
@@ -1266,10 +1266,11 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-void ecp_mod_p192_raw(char *input_N,
- char *input_X,
- char *result)
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void ecp_mod_p_generic_raw(int curve_id,
+ char *input_N,
+ char *input_X,
+ char *result)
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *N = NULL;
@@ -1278,25 +1279,70 @@
size_t limbs_N;
size_t limbs_res;
+ size_t bytes;
+ size_t limbs;
+ size_t curve_bits;
+ int (*curve_func)(mbedtls_mpi_uint *X, size_t X_limbs);
+
mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
+ bytes = limbs_N * sizeof(mbedtls_mpi_uint);
- size_t limbs = limbs_N;
- size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
+ switch (curve_id) {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192R1:
+ limbs = 2 * limbs_N;
+ curve_bits = 192;
+ curve_func = &mbedtls_ecp_mod_p192_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224R1:
+ limbs = 448 / biL;
+ curve_bits = 224;
+ curve_func = &mbedtls_ecp_mod_p224_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256R1:
+ limbs = 2 * limbs_N;
+ curve_bits = 256;
+ curve_func = &mbedtls_ecp_mod_p256_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP384R1:
+ limbs = 2 * limbs_N;
+ curve_bits = 384;
+ curve_func = &mbedtls_ecp_mod_p384_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP521R1:
+ limbs = 2 * limbs_N;
+ curve_bits = 522;
+ curve_func = &mbedtls_ecp_mod_p521_raw;
+ break;
+#endif
+ default:
+ mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__);
+ goto exit;
+ }
- TEST_EQUAL(limbs_X, 2 * limbs);
- TEST_EQUAL(limbs_res, limbs);
+ TEST_EQUAL(limbs_X, limbs);
+ TEST_EQUAL(limbs_res, limbs_N);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, N, limbs_N,
+ MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
- TEST_EQUAL(mbedtls_ecp_mod_p192_raw(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 192);
+ TEST_EQUAL((*curve_func)(X, limbs_X), 0);
+
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
@@ -1309,175 +1355,120 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-void ecp_mod_p224_raw(char *input_N,
- char *input_X,
- char *result)
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+void ecp_mod_p192k1(char *input_N,
+ char *input_X,
+ char *result)
{
- mbedtls_mpi_uint *X = NULL;
- mbedtls_mpi_uint *N = NULL;
- mbedtls_mpi_uint *res = NULL;
- size_t limbs_X;
- size_t limbs_N;
- size_t limbs_res;
+ mbedtls_mpi X;
+ mbedtls_mpi N;
+ mbedtls_mpi res;
- mbedtls_mpi_mod_modulus m;
- mbedtls_mpi_mod_modulus_init(&m);
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&res);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
- size_t limbs = limbs_N;
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
+
+ size_t limbs = N.n;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
- TEST_EQUAL(limbs_X, 448 / biL);
- TEST_EQUAL(limbs_res, limbs);
+ TEST_EQUAL(X.n, 2 * limbs);
+ TEST_EQUAL(res.n, limbs);
- TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
-
- TEST_EQUAL(mbedtls_ecp_mod_p224_raw(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 224);
- mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
- ASSERT_COMPARE(X, bytes, res, bytes);
+ TEST_EQUAL(mbedtls_ecp_mod_p192k1(&X), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 192);
+ ASSERT_COMPARE(X.p, bytes, res.p, bytes);
exit:
- mbedtls_free(X);
- mbedtls_free(res);
-
- mbedtls_mpi_mod_modulus_free(&m);
- mbedtls_free(N);
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&res);
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void ecp_mod_p256_raw(char *input_N,
- char *input_X,
- char *result)
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+void ecp_mod_p224k1(char *input_N,
+ char *input_X,
+ char *result)
{
- mbedtls_mpi_uint *X = NULL;
- mbedtls_mpi_uint *N = NULL;
- mbedtls_mpi_uint *res = NULL;
- size_t limbs_X;
- size_t limbs_N;
- size_t limbs_res;
+ mbedtls_mpi X;
+ mbedtls_mpi N;
+ mbedtls_mpi res;
- mbedtls_mpi_mod_modulus m;
- mbedtls_mpi_mod_modulus_init(&m);
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&res);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
- size_t limbs = limbs_N;
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
+
+ size_t limbs = N.n;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
- TEST_EQUAL(limbs_X, 2 * limbs);
- TEST_EQUAL(limbs_res, limbs);
+ TEST_LE_U(X.n, 448 / biL);
+ TEST_EQUAL(res.n, limbs);
- TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
-
- TEST_EQUAL(mbedtls_ecp_mod_p256_raw(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 256);
- mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
- ASSERT_COMPARE(X, bytes, res, bytes);
+ TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224);
+ ASSERT_COMPARE(X.p, bytes, res.p, bytes);
exit:
- mbedtls_free(X);
- mbedtls_free(res);
-
- mbedtls_mpi_mod_modulus_free(&m);
- mbedtls_free(N);
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&res);
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-void ecp_mod_p384_raw(char *input_N,
- char *input_X,
- char *result)
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+void ecp_mod_p256k1(char *input_N,
+ char *input_X,
+ char *result)
{
- mbedtls_mpi_uint *X = NULL;
- mbedtls_mpi_uint *N = NULL;
- mbedtls_mpi_uint *res = NULL;
- size_t limbs_X;
- size_t limbs_N;
- size_t limbs_res;
+ mbedtls_mpi X;
+ mbedtls_mpi N;
+ mbedtls_mpi res;
- mbedtls_mpi_mod_modulus m;
- mbedtls_mpi_mod_modulus_init(&m);
+ mbedtls_mpi_init(&X);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&res);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
- size_t limbs = limbs_N;
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
+ TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
+
+ size_t limbs = N.n;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
- TEST_EQUAL(limbs_X, 2 * limbs);
- TEST_EQUAL(limbs_res, limbs);
+ TEST_LE_U(X.n, 2 * limbs);
+ TEST_EQUAL(res.n, limbs);
- TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
-
- TEST_EQUAL(mbedtls_ecp_mod_p384_raw(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 384);
- mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
- ASSERT_COMPARE(X, bytes, res, bytes);
+ TEST_EQUAL(mbedtls_ecp_mod_p256k1(&X), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 256);
+ ASSERT_COMPARE(X.p, bytes, res.p, bytes);
exit:
- mbedtls_free(X);
- mbedtls_free(res);
-
- mbedtls_mpi_mod_modulus_free(&m);
- mbedtls_free(N);
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-void ecp_mod_p521_raw(char *input_N,
- char *input_X,
- char *result)
-{
- mbedtls_mpi_uint *X = NULL;
- mbedtls_mpi_uint *N = NULL;
- mbedtls_mpi_uint *res = NULL;
- size_t limbs_X;
- size_t limbs_N;
- size_t limbs_res;
-
- mbedtls_mpi_mod_modulus m;
- mbedtls_mpi_mod_modulus_init(&m);
-
- TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
-
- size_t limbs = limbs_N;
- size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
-
- TEST_EQUAL(limbs_X, 2 * limbs);
- TEST_EQUAL(limbs_res, limbs);
-
- TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
-
- TEST_EQUAL(mbedtls_ecp_mod_p521_raw(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 522);
- mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
- ASSERT_COMPARE(X, bytes, res, bytes);
-
-exit:
- mbedtls_free(X);
- mbedtls_free(res);
-
- mbedtls_mpi_mod_modulus_free(&m);
- mbedtls_free(N);
+ mbedtls_mpi_free(&X);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&res);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index ff1558d..8c3c5e7 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -13,19 +13,19 @@
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
PK utils: ECKEY SECP192R1
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
PK utils: ECKEY_DH SECP192R1
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1
@@ -289,11 +289,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
@@ -397,7 +397,7 @@
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
EC_DH (no) sign-verify: SECP192R1
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
@@ -425,11 +425,11 @@
pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
EC nocrypt
-depends_on:MBEDTLS_ECP_C
+depends_on:MBEDTLS_ECP_LIGHT
pk_ec_nocrypt:MBEDTLS_PK_ECKEY
EC-DH nocrypt
-depends_on:MBEDTLS_ECP_C
+depends_on:MBEDTLS_ECP_LIGHT
pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH
ECDSA nocrypt
@@ -525,11 +525,11 @@
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
@@ -541,7 +541,7 @@
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index de531d3..5a4e77f 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -17,9 +17,62 @@
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
+/* Used for properly sizing the key buffer in pk_genkey_ec() */
+#include "mbedtls/psa_util.h"
+
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_LIGHT)
+static int pk_genkey_ec(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q)
+{
+ psa_status_t status;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ size_t curve_bits;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
+ &curve_bits);
+ unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t key_len;
+ int ret;
+
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+ psa_set_key_bits(&key_attr, curve_bits);
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+
+ status = psa_generate_key(&key_attr, &key_id);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
+
+ status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_read_binary(d, key_buf, key_len);
+ if (ret != 0) {
+ goto exit;
+ }
+
+ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf),
+ &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto exit;
+ }
+
+ ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
+
+exit:
+ psa_destroy_key(key_id);
+
+ return ret;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECP_LIGHT */
+
/** Generate a key of the desired type.
*
* \param pk The PK object to fill. It must have been initialized
@@ -43,7 +96,7 @@
parameter, 3);
}
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
@@ -53,12 +106,19 @@
return ret;
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp,
+ &mbedtls_pk_ec(*pk)->d,
+ &mbedtls_pk_ec(*pk)->Q);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECP_C)
return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
+#endif /* MBEDTLS_ECP_C */
}
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
return -1;
}
@@ -462,6 +522,7 @@
{
mbedtls_pk_context pk;
+ USE_PSA_INIT();
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
@@ -475,6 +536,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1234,9 +1296,8 @@
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
- TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
- (mbedtls_ecp_keypair *) pk.pk_ctx,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
+
alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 4ea75a1..3a53dc0 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -905,181 +905,181 @@
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
Parse Public EC Key #1 (RFC 5480, DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
Parse Public EC Key #2 (RFC 5480, PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
# MBEDTLS_ECP_DP_SECP224K1. Therefore a failure is expected in this case
Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
Parse Public EC Key #4 (RFC 5480, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
Parse Public EC Key #5 (RFC 5480, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
Parse Public EC Key #6 (RFC 5480, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
Parse EC Key #3 (SEC1 PEM encrypted)
-depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
+depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
Parse EC Key #4 (PKCS8 DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
Parse EC Key #5a (PKCS8 PEM, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
Parse EC Key #5c (PKCS8 PEM, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
Parse EC Key #9 (SEC1 PEM, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
Parse EC Key #10 (SEC1 PEM, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
Parse EC Key #11 (SEC1 PEM, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.comp.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (No data)
@@ -1161,5 +1161,5 @@
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (ECPrivateKey, empty parameters)
-depends_on:MBEDTLS_ECP_C
+depends_on:MBEDTLS_ECP_LIGHT
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 1a6858f..751482a 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -71,7 +71,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
void pk_parse_public_keyfile_ec(char *key_file, int result)
{
mbedtls_pk_context ctx;
@@ -95,12 +95,13 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
int res;
+ USE_PSA_INIT();
mbedtls_pk_init(&ctx);
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
@@ -117,6 +118,7 @@
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index e0101cc..a339cdb 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -1,47 +1,95 @@
Public key write check RSA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_pubkey_check:"data_files/server1.pubkey"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_pubkey_check:"data_files/server1.pubkey":TEST_PEM
+
+Public key write check RSA (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_pubkey_check:"data_files/server1.pubkey.der":TEST_DER
Public key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_pubkey_check:"data_files/rsa4096_pub.pem"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_pubkey_check:"data_files/rsa4096_pub.pem":TEST_PEM
+
+Public key write check RSA 4096 (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_pub.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
+
+Public key write check EC 192 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_521_pub.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
+
+Public key write check EC 521 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_bp512_pub.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
+
+Public key write check EC Brainpool 512 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Private key write check RSA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_key_check:"data_files/server1.key"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_key_check:"data_files/server1.key":TEST_PEM
+
+Private key write check RSA (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_key_check:"data_files/server1.key.der":TEST_DER
Private key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_key_check:"data_files/rsa4096_prv.pem"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_key_check:"data_files/rsa4096_prv.pem":TEST_PEM
+
+Private key write check RSA 4096 (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_write_key_check:"data_files/ec_prv.sec1.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
+
+Private key write check EC 192 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-pk_write_key_check:"data_files/ec_256_long_prv.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
+
+Private key write check EC 256 bits (top bit set) (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_key_check:"data_files/ec_521_prv.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
+
+Private key write check EC 521 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_key_check:"data_files/ec_521_short_prv.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
+
+Private key write check EC 521 bits (top byte is 0) (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_write_key_check:"data_files/ec_bp512_prv.pem"
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
+
+Private key write check EC Brainpool 512 bits (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 7e8a32d..c0c5ad0 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,103 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+
+typedef enum {
+ TEST_PEM,
+ TEST_DER
+} pkwrite_file_format_t;
+
+/* Helper function for removing "\r" chars from a buffer. */
+static void fix_new_lines(unsigned char *in_str, size_t *len)
+{
+ size_t chars_left;
+ unsigned int i;
+
+ for (i = 0; (i < *len) && (*len > 0); i++) {
+ if (in_str[i] == '\r') {
+ if (i < (*len - 1)) {
+ chars_left = *len - i - 1;
+ memmove(&in_str[i], &in_str[i+1], chars_left);
+ } else {
+ in_str[i] = '\0';
+ }
+ *len = *len - 1;
+ }
+ }
+}
+
+static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
+{
+ mbedtls_pk_context key;
+ unsigned char *buf = NULL;
+ unsigned char *check_buf = NULL;
+ unsigned char *start_buf;
+ size_t buf_len, check_buf_len;
+ int ret;
+
+ /* Note: if mbedtls_pk_load_file() successfully reads the file, then
+ it also allocates check_buf, which should be freed on exit */
+ TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
+ TEST_ASSERT(check_buf_len > 0);
+
+ /* Windows' line ending is different from the Linux's one ("\r\n" vs "\n").
+ * Git treats PEM files as text, so when on Windows, it replaces new lines
+ * with "\r\n" on checkout.
+ * Unfortunately mbedtls_pk_load_file() loads files in binary format,
+ * while mbedtls_pk_write_pubkey_pem() goes through the I/O layer which
+ * uses "\n" for newlines in both Windows and Linux.
+ * Here we remove the extra "\r" so that "buf" and "check_buf" can be
+ * easily compared later. */
+ if (!is_der) {
+ fix_new_lines(check_buf, &check_buf_len);
+ }
+ TEST_ASSERT(check_buf_len > 0);
+
+ ASSERT_ALLOC(buf, check_buf_len);
+
+ mbedtls_pk_init(&key);
+ if (is_public_key) {
+ TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0);
+ if (is_der) {
+ ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len);
+ } else {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len);
+#else
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
+ }
+ } else {
+ TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL), 0);
+ if (is_der) {
+ ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len);
+ } else {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len);
+#else
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
+ }
+ }
+
+ if (is_der) {
+ TEST_LE_U(1, ret);
+ buf_len = ret;
+ start_buf = buf + check_buf_len - buf_len;
+ } else {
+ TEST_EQUAL(ret, 0);
+ buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */
+ start_buf = buf;
+ }
+
+ ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
+
+exit:
+ mbedtls_free(buf);
+ mbedtls_free(check_buf);
+ mbedtls_pk_free(&key);
+}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -9,81 +106,18 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_pubkey_check(char *key_file)
+/* BEGIN_CASE */
+void pk_write_pubkey_check(char *key_file, int is_der)
{
- mbedtls_pk_context key;
- unsigned char buf[5000];
- unsigned char check_buf[5000];
- int ret;
- FILE *f;
- size_t ilen, pem_len, buf_index;
-
- memset(buf, 0, sizeof(buf));
- memset(check_buf, 0, sizeof(check_buf));
-
- mbedtls_pk_init(&key);
- TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0);
-
- ret = mbedtls_pk_write_pubkey_pem(&key, buf, sizeof(buf));
- TEST_ASSERT(ret == 0);
-
- pem_len = strlen((char *) buf);
-
- // check that the rest of the buffer remains clear
- for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
- TEST_ASSERT(buf[buf_index] == 0);
- }
-
- f = fopen(key_file, "r");
- TEST_ASSERT(f != NULL);
- ilen = fread(check_buf, 1, sizeof(check_buf), f);
- fclose(f);
-
- TEST_ASSERT(ilen == pem_len);
- TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
-
-exit:
- mbedtls_pk_free(&key);
+ pk_write_check_common(key_file, 1, is_der);
+ goto exit; /* make the compiler happy */
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_key_check(char *key_file)
+/* BEGIN_CASE */
+void pk_write_key_check(char *key_file, int is_der)
{
- mbedtls_pk_context key;
- unsigned char buf[5000];
- unsigned char check_buf[5000];
- int ret;
- FILE *f;
- size_t ilen, pem_len, buf_index;
-
- memset(buf, 0, sizeof(buf));
- memset(check_buf, 0, sizeof(check_buf));
-
- mbedtls_pk_init(&key);
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL) == 0);
-
- ret = mbedtls_pk_write_key_pem(&key, buf, sizeof(buf));
- TEST_ASSERT(ret == 0);
-
- pem_len = strlen((char *) buf);
-
- // check that the rest of the buffer remains clear
- for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
- TEST_ASSERT(buf[buf_index] == 0);
- }
-
- f = fopen(key_file, "r");
- TEST_ASSERT(f != NULL);
- ilen = fread(check_buf, 1, sizeof(check_buf), f);
- fclose(f);
-
- TEST_ASSERT(ilen == strlen((char *) buf));
- TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
-
-exit:
- mbedtls_pk_free(&key);
+ pk_write_check_common(key_file, 0, is_der);
+ goto exit; /* make the compiler happy */
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 3fab500..f0b3574 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3045,7 +3045,7 @@
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
-depends_on:MBEDTLS_CHACHA20_C
+depends_on:PSA_WANT_KEY_TYPE_CHACHA20
aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
@@ -6114,7 +6114,7 @@
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
PSA key derivation: HKDF-SHA-256 -> ECC curve25519, exercise ECDH
@@ -6146,11 +6146,11 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5c0"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"46a5850b60ba10b0fd8e0feb8790e2819d46ea26fede564ff6dea94ef1945660"
PSA key derivation: HKDF-SHA-256 -> raw (same input as secp256r1+redraw)
@@ -6158,17 +6158,17 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_RAW_DATA:256:"ffffffff55f60cea989fe02543c81b28aff09b5b51fdc43f91fe5c2511b0b9d9"
PSA key derivation: HKDF-SHA-256 -> ECC secp384r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384:MBEDTLS_ECP_LIGHT
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993c"
# For secp521r1, the leading byte of the representation of the private key can
# be either 0 or 1. Have one test case where it's 0 and one where it's 1.
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"00b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f0106d28fff039d0b6f3409"
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"01122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d706582f723a2f76a32260da"
# For Curve25519, test a few different outputs to exercise masking (last byte of input_2 variation).
@@ -6264,7 +6264,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6279,7 +6279,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6294,7 +6294,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6309,7 +6309,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6324,7 +6324,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6339,7 +6339,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6354,7 +6354,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_LIGHT
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data
index 6215703..c467d01 100644
--- a/tests/suites/test_suite_psa_crypto_pake.data
+++ b/tests/suites/test_suite_psa_crypto_pake.data
@@ -82,10 +82,14 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE
-PSA PAKE: input buffer too large
+PSA PAKE: input buffer too large #1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT
+PSA PAKE: input buffer too large #2
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE_2:PSA_ERROR_INVALID_ARGUMENT
+
PSA PAKE: invalid output
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function
index 88f24dd..ecbd363 100644
--- a/tests/suites/test_suite_psa_crypto_pake.function
+++ b/tests/suites/test_suite_psa_crypto_pake.function
@@ -17,6 +17,7 @@
ERR_INJECT_UNKNOWN_STEP,
ERR_INJECT_INVALID_FIRST_STEP,
ERR_INJECT_WRONG_BUFFER_SIZE,
+ ERR_INJECT_WRONG_BUFFER_SIZE_2,
ERR_INJECT_VALID_OPERATION_AFTER_FAILURE,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1,
ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2,
@@ -670,6 +671,11 @@
output_buffer, size_zk_public + 1),
ERR_INJECT_WRONG_BUFFER_SIZE);
+ SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation,
+ PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, size_zk_proof + 1),
+ ERR_INJECT_WRONG_BUFFER_SIZE_2);
+
SETUP_CONDITIONAL_CHECK_STEP(
(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC,
output_buffer, size_zk_public + 1),
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index ec780c4..a4e618b 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -437,87 +437,87 @@
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 68c5878..6bda6ca 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -209,17 +209,17 @@
unsigned char received[MSGLEN] = { 0 };
mbedtls_test_mock_socket socket;
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
@@ -257,8 +257,8 @@
recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
@@ -355,8 +355,8 @@
recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
/* Fill up the buffers with structured data so that unwanted changes
* can be detected */
@@ -2519,7 +2519,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT */
void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -2592,7 +2592,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -2716,7 +2716,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -3018,7 +3018,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_LIGHT:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
void conf_curve()
{
@@ -3153,10 +3153,11 @@
server.ssl.session_negotiate->id_len = 33;
if (options.cli_msg_len != 0 || options.srv_msg_len != 0) {
/* Start data exchanging test */
- TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options.cli_msg_len,
- options.expected_cli_fragments,
- &(server.ssl), options.srv_msg_len,
- options.expected_srv_fragments)
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options.cli_msg_len,
+ options.expected_cli_fragments,
+ &(server.ssl), options.srv_msg_len,
+ options.expected_srv_fragments)
== 0);
}
@@ -3431,7 +3432,7 @@
* Tweak server Certificate message and parse it.
*/
- ret = tweak_tls13_certificate_msg_vector_len(
+ ret = mbedtls_test_tweak_tls13_certificate_msg_vector_len(
buf, &end, step, &expected_result, &expected_chk_buf_ptr_args);
if (ret != 0) {
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 685b859..a6b001f 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -988,7 +988,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
@@ -1023,6 +1023,119 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+X509 CRT verification: matching IPv4 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL"
+
+X509 CRT verification: mismatching IPv4 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: IPv4 with trailing data in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: matching IPv6 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL"
+
+X509 CRT verification: mismatching IPv6 in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT parse CN: IPv4 valid address
+x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4
+
+X509 CRT parse CN: IPv4 excess 0s
+x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0
+
+X509 CRT parse CN: IPv4 short address
+x509_crt_parse_cn_inet_pton:"10.10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid ? char
+x509_crt_parse_cn_inet_pton:"10.10?10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid - char
+x509_crt_parse_cn_inet_pton:"10.-10.10.10":"":0
+
+X509 CRT parse CN: IPv4 invalid + char
+x509_crt_parse_cn_inet_pton:"10.+10.10.10":"":0
+
+X509 CRT parse CN: IPv4 begin dot
+x509_crt_parse_cn_inet_pton:".10.10.10.10":"":0
+
+X509 CRT parse CN: IPv4 end dot
+x509_crt_parse_cn_inet_pton:"10.10.10.10.":"":0
+
+X509 CRT parse CN: IPv4 consecutive dots
+x509_crt_parse_cn_inet_pton:"10.10..10.10.":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 256
+x509_crt_parse_cn_inet_pton:"10.256.10.10":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 999
+x509_crt_parse_cn_inet_pton:"10.10.10.999":"":0
+
+X509 CRT parse CN: IPv4 overlarge octet 1000
+x509_crt_parse_cn_inet_pton:"10.1000.10.10":"":0
+
+X509 CRT parse CN: IPv4 additional octet
+x509_crt_parse_cn_inet_pton:"10.10.10.10.10":"":0
+
+X509 CRT parse CN: IPv6 valid address
+x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8":"00010002000300040005000600070008":16
+
+X509 CRT parse CN: IPv6 valid address shorthand
+x509_crt_parse_cn_inet_pton:"6263\:\:1":"62630000000000000000000000000001":16
+
+X509 CRT parse CN: IPv6 valid address shorthand start
+x509_crt_parse_cn_inet_pton:"\:\:1":"00000000000000000000000000000001":16
+
+X509 CRT parse CN: IPv6 valid address extra 0s
+x509_crt_parse_cn_inet_pton:"0001\:\:0001\:0001":"00010000000000000000000000010001":16
+
+X509 CRT parse CN: IPv6 invalid address excess 0s
+x509_crt_parse_cn_inet_pton:"1\:00000\:1\:0":"":0
+
+X509 CRT parse CN: IPv6 invalid address - start single colon
+x509_crt_parse_cn_inet_pton:"\:6263\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid address - end single colon
+x509_crt_parse_cn_inet_pton:"6263\:\:1\:":"":0
+
+X509 CRT parse CN: IPv6 short address
+x509_crt_parse_cn_inet_pton:"1\:1\:1":"":0
+
+X509 CRT parse CN: IPv6 wildcard address
+x509_crt_parse_cn_inet_pton:"\:\:":"00000000000000000000000000000000":16
+
+X509 CRT parse CN: IPv6 address too long
+x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8\:9":"":0
+
+X509 CRT parse CN: IPv6 long hextet
+x509_crt_parse_cn_inet_pton:"12345\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid char
+x509_crt_parse_cn_inet_pton:"\:\:\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid - char
+x509_crt_parse_cn_inet_pton:"\:\:-1\:1":"":0
+
+X509 CRT parse CN: IPv6 invalid + char
+x509_crt_parse_cn_inet_pton:"\:\:+1\:1":"":0
+
+X509 CRT parse CN: IPv6 valid address IPv4-mapped
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:1.2.3.4":"00000000000000000000ffff01020304":16
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #1
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:999.2.3.4":"":0
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #2
+x509_crt_parse_cn_inet_pton:"\:\:ffff\:1111.2.3.4":"":0
+
+X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3
+x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0
+
X509 CRT verification with ca callback: failure
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 177bc97..905d62f 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -11,6 +11,8 @@
#include "mbedtls/pk.h"
#include "string.h"
+#include "x509_invasive.h"
+
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
@@ -436,6 +438,19 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */
+void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret)
+{
+ uint32_t addr[4];
+ size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr);
+ TEST_EQUAL(addrlen, (size_t) ref_ret);
+
+ if (addrlen) {
+ ASSERT_COMPARE(exp->x, exp->len, addr, addrlen);
+ }
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san(char *crt_file, char *result_str, int parse_result)
{