Merge pull request #3772 from frestr/bugfix/ccm_add_length
Fix additional data length field check for CCM
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index b559e23..d2ea73d 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -3,6 +3,29 @@
This directory contains changelog entries that have not yet been merged
to the changelog file ([`../ChangeLog`](../ChangeLog)).
+## What requires a changelog entry?
+
+Write a changelog entry if there is a user-visible change. This includes:
+
+* Bug fixes in the library or in sample programs: fixing a security hole,
+ fixing broken behavior, fixing the build in some configuration or on some
+ platform, etc.
+* New features in the library, new sample programs, or new platform support.
+* Changes in existing behavior. These should be rare. Changes in features
+ that are documented as experimental may or may not be announced, depending
+ on the extent of the change and how widely we expect the feature to be used.
+
+We generally don't include changelog entries for:
+
+* Documentation improvements.
+* Performance improvements, unless they are particularly significant.
+* Changes to parts of the code base that users don't interact with directly,
+ such as test code and test data.
+
+Until Mbed TLS 2.24.0, we required changelog entries in more cases.
+Looking at older changelog entries is good practice for how to write a
+changelog entry, but not for deciding whether to write one.
+
## Changelog entry file format
A changelog entry file must have the extension `*.txt` and must have the
@@ -33,8 +56,7 @@
Bugfix
Changes
-Use “Changes” for anything that doesn't fit in the other categories, such as
-performance, documentation and test improvements.
+Use “Changes” for anything that doesn't fit in the other categories.
## How to write a changelog entry
@@ -49,8 +71,7 @@
Mbed TLS issue. Add other external references such as CVE numbers where
applicable.
-Credit the author of the contribution if the contribution is not a member of
-the Mbed TLS development team. Also credit bug reporters where applicable.
+Credit bug reporters where applicable.
**Explain why, not how**. Remember that the audience is the users of the
library, not its developers. In particular, for a bug fix, explain the
diff --git a/ChangeLog.d/_GNU_SOURCE-redefined.txt b/ChangeLog.d/_GNU_SOURCE-redefined.txt
new file mode 100644
index 0000000..59c8a15
--- /dev/null
+++ b/ChangeLog.d/_GNU_SOURCE-redefined.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
+ Fix #3432.
diff --git a/ChangeLog.d/android-socklen_t.txt b/ChangeLog.d/android-socklen_t.txt
new file mode 100644
index 0000000..d795a52
--- /dev/null
+++ b/ChangeLog.d/android-socklen_t.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Use socklen_t on Android and other POSIX-compliant system
+
diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt
new file mode 100644
index 0000000..a483ea7
--- /dev/null
+++ b/ChangeLog.d/bugfix_3794.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix handling of EOF against 0xff bytes and on platforms with
+ unsigned chars. Fixes a build failure on platforms where char is
+ unsigned. Fixes #3794.
diff --git a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
deleted file mode 100644
index 2f94c16..0000000
--- a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix comment typo in documentation of mbedtls_ssl_set_bio.
diff --git a/ChangeLog.d/ecp_curve_list.txt b/ChangeLog.d/ecp_curve_list.txt
new file mode 100644
index 0000000..55745d3
--- /dev/null
+++ b/ChangeLog.d/ecp_curve_list.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names
+ "x25519" and "x448". These curves support ECDH but not ECDSA. If you need
+ only the curves that support ECDSA, filter the list with
+ mbedtls_ecdsa_can_do().
diff --git a/ChangeLog.d/fix-rsa-blinding.txt b/ChangeLog.d/fix-rsa-blinding.txt
new file mode 100644
index 0000000..a13572c
--- /dev/null
+++ b/ChangeLog.d/fix-rsa-blinding.txt
@@ -0,0 +1,6 @@
+Bugfix
+ * Fix rsa_prepare_blinding() to retry when the blinding value is not
+ invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
+ addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
+ Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
+ Fixes #3647.
diff --git a/ChangeLog.d/fix-typo.txt b/ChangeLog.d/fix-typo.txt
deleted file mode 100644
index 8e961d2..0000000
--- a/ChangeLog.d/fix-typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Fixes a typo in the example code located in
- program/pkey/ecdh_curve25519.c
diff --git a/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt
new file mode 100644
index 0000000..85c363b
--- /dev/null
+++ b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input
+ sizes (instead of PSA_ERROR_BAD_STATE in some cases) to make the
+ psa_cipher_* functions compliant with the PSA Crypto API specification.
diff --git a/ChangeLog.d/psa_generate_key-curve25519.txt b/ChangeLog.d/psa_generate_key-curve25519.txt
new file mode 100644
index 0000000..24b6fcf
--- /dev/null
+++ b/ChangeLog.d/psa_generate_key-curve25519.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix psa_generate_key() returning an error when asked to generate
+ an ECC key pair on Curve25519 or secp244k1.
diff --git a/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt
new file mode 100644
index 0000000..6660dc3
--- /dev/null
+++ b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt
@@ -0,0 +1,6 @@
+Features
+ * In PSA, allow using a key declared with a base key agreement algorithm
+ in combined key agreement and derivation operations, as long as the key
+ agreement algorithm in use matches the algorithm the key was declared with.
+ This is currently non-standard behaviour, but expected to make it into a
+ future revision of the PSA Crypto standard.
diff --git a/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt
new file mode 100644
index 0000000..3f61481
--- /dev/null
+++ b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix psa_key_derivation_output_key() to allow the output of a combined key
+ agreement and subsequent key derivation operation to be used as a key
+ inside of the PSA Crypto core.
diff --git a/library/ecp.c b/library/ecp.c
index 5d00de5..05a0b01 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -546,9 +546,12 @@
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
{ MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" },
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
{ MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" },
#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" },
+#endif
{ MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 4bf660e..5250a7b 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -17,7 +17,7 @@
* limitations under the License.
*/
-#if defined(__linux__)
+#if defined(__linux__) && !defined(_GNU_SOURCE)
/* Ensure that syscall() is available even when compiling with -std=c99 */
#define _GNU_SOURCE
#endif
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 3f96cab..54c2b47 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -318,7 +318,7 @@
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
- defined(socklen_t)
+ defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)
socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type );
#else
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 931e2e9..62a4d15 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -199,7 +199,7 @@
case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
return( PSA_ERROR_INVALID_PADDING );
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
- return( PSA_ERROR_BAD_STATE );
+ return( PSA_ERROR_INVALID_ARGUMENT );
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
return( PSA_ERROR_INVALID_SIGNATURE );
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
@@ -1084,6 +1084,15 @@
return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
( requested_alg & ~PSA_ALG_HASH_MASK ) );
}
+ /* If policy_alg is a generic key agreement operation, then using it for
+ * a key derivation with that key agreement should also be allowed. This
+ * behaviour is expected to be defined in a future specification version. */
+ if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
+ PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
+ {
+ return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
+ policy_alg );
+ }
/* If it isn't permitted, it's forbidden. */
return( 0 );
}
@@ -4473,8 +4482,7 @@
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
- ( operation->alg == PSA_ALG_CBC_NO_PADDING &&
- operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) )
+ operation->alg == PSA_ALG_CBC_NO_PADDING )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
@@ -5868,7 +5876,6 @@
PSA_KEY_TYPE_DERIVE,
shared_secret,
shared_secret_length );
-
exit:
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
return( status );
@@ -5893,6 +5900,13 @@
peer_key, peer_key_length );
if( status != PSA_SUCCESS )
psa_key_derivation_abort( operation );
+ else
+ {
+ /* If a private key has been added as SECRET, we allow the derived
+ * key material to be used as a key in PSA Crypto. */
+ if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+ operation->can_output_key = 1;
+ }
return( status );
}
@@ -6110,8 +6124,6 @@
return( PSA_ERROR_NOT_SUPPORTED );
if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- if( curve_info->bit_size != bits )
- return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ecp_keypair_init( &ecp );
ret = mbedtls_ecp_gen_key( grp_id, &ecp,
mbedtls_ctr_drbg_random,
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index d41209b..f19f559 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -256,26 +256,60 @@
size_t *expected_size )
{
size_t buffer_size = 0;
- if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE )
- {
- buffer_size = PSA_KEY_EXPORT_MAX_SIZE( attributes->core.type,
- attributes->core.bits );
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ psa_key_type_t key_type = attributes->core.type;
+ size_t key_bits = attributes->core.bits;
- if( buffer_size == 0 )
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits );
+
+ if( buffer_size == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ *expected_size = buffer_size;
+ return( PSA_SUCCESS );
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
+ *expected_size = test_size_function( key_type, key_bits );
+ return( PSA_SUCCESS );
+#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
+ {
+ int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ?
+ PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 );
+ *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
+ + public_key_overhead;
+ }
+ else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) )
+ {
+ *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
+ }
+ else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) )
+ {
+ *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
+ * ( ( key_bits + 7 ) / 8 );
+ }
+ else
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ return( PSA_SUCCESS );
+#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+ default:
return( PSA_ERROR_NOT_SUPPORTED );
-
- *expected_size = buffer_size;
- return( PSA_SUCCESS );
- }
- else
- {
- /* TBD: opaque driver support: need to calculate size through a
- * driver-defined size function, since the size of an opaque (wrapped)
- * key will be different for each implementation. */
- return( PSA_ERROR_NOT_SUPPORTED );
}
}
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot )
diff --git a/library/rsa.c b/library/rsa.c
index 84d87de..d6abd65 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -811,15 +811,14 @@
* which one, we just loop and choose new values for both of them.
* (Each iteration succeeds with overwhelming probability.) */
ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
- if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- continue;
- if( ret != 0 )
+ if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
- /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
- } while( 0 );
+ } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+ /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
/* Blinding value: Vi = Vf^(-e) mod N
* (Vi already contains Vf^-1 at this point) */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2ea3580..981d94e 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1045,21 +1045,86 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
/*
- * Constant-flow conditional memcpy:
- * - if c1 == c2, equivalent to memcpy(dst, src, len),
- * - otherwise, a no-op,
- * but with execution flow independent of the values of c1 and c2.
+ * Turn a bit into a mask:
+ * - if bit == 1, return the all-bits 1 mask, aka (size_t) -1
+ * - if bit == 0, return the all-bits 0 mask, aka 0
*
- * Use only bit operations to avoid branches that could be used by some
- * compilers on some platforms to translate comparison operators.
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
*/
-static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
- const unsigned char *src,
- size_t len,
- size_t c1, size_t c2 )
+static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit )
{
- /* diff = 0 if c1 == c2, non-zero otherwise */
- const size_t diff = c1 ^ c2;
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+ return -bit;
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+}
+
+/*
+ * Constant-flow mask generation for "less than" comparison:
+ * - if x < y, return all bits 1, that is (size_t) -1
+ * - otherwise, return all bits 0, that is 0
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y )
+{
+ /* This has the most significant bit set if and only if x < y */
+ const size_t sub = x - y;
+
+ /* sub1 = (x < y) ? 1 : 0 */
+ const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
+
+ /* mask = (x < y) ? 0xff... : 0x00... */
+ const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 );
+
+ return( mask );
+}
+
+/*
+ * Constant-flow mask generation for "greater or equal" comparison:
+ * - if x >= y, return all bits 1, that is (size_t) -1
+ * - otherwise, return all bits 0, that is 0
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y )
+{
+ return( ~mbedtls_ssl_cf_mask_lt( x, y ) );
+}
+
+/*
+ * Constant-flow boolean "equal" comparison:
+ * return x == y
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations - it can be used in conjunction with
+ * mbedtls_ssl_cf_mask_from_bit().
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y )
+{
+ /* diff = 0 if x == y, non-zero otherwise */
+ const size_t diff = x ^ y;
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
@@ -1068,22 +1133,40 @@
#pragma warning( disable : 4146 )
#endif
- /* diff_msb's most significant bit is equal to c1 != c2 */
+ /* diff_msb's most significant bit is equal to x != y */
const size_t diff_msb = ( diff | -diff );
- /* diff1 = c1 != c2 */
- const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
-
- /* mask = c1 != c2 ? 0xff : 0x00 */
- const unsigned char mask = (unsigned char) -diff1;
-
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
- /* dst[i] = c1 != c2 ? dst[i] : src[i] */
+ /* diff1 = (x != y) ? 1 : 0 */
+ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+
+ return( 1 ^ diff1 );
+}
+
+/*
+ * Constant-flow conditional memcpy:
+ * - if c1 == c2, equivalent to memcpy(dst, src, len),
+ * - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
+ const unsigned char *src,
+ size_t len,
+ size_t c1, size_t c2 )
+{
+ /* mask = c1 == c2 ? 0xff : 0x00 */
+ const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 );
+ const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal );
+
+ /* dst[i] = c1 == c2 ? src[i] : dst[i] */
for( size_t i = 0; i < len; i++ )
- dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask );
+ dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
}
/*
@@ -1528,8 +1611,11 @@
if( auth_done == 1 )
{
- correct *= ( rec->data_len >= padlen + 1 );
- padlen *= ( rec->data_len >= padlen + 1 );
+ const size_t mask = mbedtls_ssl_cf_mask_ge(
+ rec->data_len,
+ padlen + 1 );
+ correct &= mask;
+ padlen &= mask;
}
else
{
@@ -1543,8 +1629,11 @@
}
#endif
- correct *= ( rec->data_len >= transform->maclen + padlen + 1 );
- padlen *= ( rec->data_len >= transform->maclen + padlen + 1 );
+ const size_t mask = mbedtls_ssl_cf_mask_ge(
+ rec->data_len,
+ transform->maclen + padlen + 1 );
+ correct &= mask;
+ padlen &= mask;
}
padlen++;
@@ -1555,6 +1644,10 @@
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
+ /* This is the SSL 3.0 path, we don't have to worry about Lucky
+ * 13, because there's a strictly worse padding attack built in
+ * the protocol (known as part of POODLE), so we don't care if the
+ * code is not constant-time, in particular branches are OK. */
if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
@@ -1578,7 +1671,6 @@
* `min(256,plaintext_len)` reads (but take into account
* only the last `padlen` bytes for the padding check). */
size_t pad_count = 0;
- size_t real_count = 0;
volatile unsigned char* const check = data;
/* Index of first padding byte; it has been ensured above
@@ -1590,16 +1682,21 @@
for( idx = start_idx; idx < rec->data_len; idx++ )
{
- real_count |= ( idx >= padding_idx );
- pad_count += real_count * ( check[idx] == padlen - 1 );
+ /* pad_count += (idx >= padding_idx) &&
+ * (check[idx] == padlen - 1);
+ */
+ const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx );
+ const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx],
+ padlen - 1 );
+ pad_count += mask & equal;
}
- correct &= ( pad_count == padlen );
+ correct &= mbedtls_ssl_cf_bool_eq( pad_count, padlen );
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
#endif
- padlen &= correct * 0x1FF;
+ padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 623a090..15aabf9 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -317,18 +317,6 @@
printf( "\tsuccess!\r\n" );
}
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- exit( EXIT_FAILURE );
-}
-#endif
-
int main( void )
{
ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index ae2442e..a3628f0 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -603,18 +603,6 @@
printf( " and the same sequence of labels.\n" );
}
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- printf( "%s:%i: Input param failed - %s\n",
- file, line, failure_condition );
- exit( EXIT_FAILURE );
-}
-#endif
-
int main( int argc, char *argv[] )
{
const char *key_file_name = "master.key";
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a26dd51..b9047df 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -149,6 +149,7 @@
#define DFL_NSS_KEYLOG 0
#define DFL_NSS_KEYLOG_FILE NULL
#define DFL_SKIP_CLOSE_NOTIFY 0
+#define DFL_QUERY_CONFIG_MODE 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -539,6 +540,7 @@
* after renegotiation */
int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */
+ int query_config_mode; /* whether to read config */
} opt;
int query_config( const char *config );
@@ -1102,6 +1104,7 @@
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
+ int query_config_ret = 0;
mbedtls_net_context server_fd;
io_ctx_t io_ctx;
@@ -1300,6 +1303,7 @@
opt.nss_keylog = DFL_NSS_KEYLOG;
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
+ opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
for( i = 1; i < argc; i++ )
{
@@ -1686,7 +1690,9 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- mbedtls_exit( query_config( q ) );
+ opt.query_config_mode = 1;
+ query_config_ret = query_config( q );
+ goto exit;
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -2685,7 +2691,7 @@
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
ret );
- return( ret );
+ goto exit;
}
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -3348,7 +3354,8 @@
* immediately because of bad cmd line params,
* for example). */
status = psa_destroy_key( slot );
- if( status != PSA_SUCCESS )
+ if( ( status != PSA_SUCCESS ) &&
+ ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
(unsigned) slot, (int) status );
@@ -3367,15 +3374,21 @@
#endif
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
+ {
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+ }
#endif
// Shell can not handle large exit numbers -> 1 for errors
if( ret < 0 )
ret = 1;
- mbedtls_exit( ret );
+ if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
+ mbedtls_exit( ret );
+ else
+ mbedtls_exit( query_config_ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index df8819a..d109c1e 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -377,13 +377,13 @@
int valid_balance = 0; /* balance between valid and invalid characters */
size_t len = 0;
char pad = 0;
- char c = 0;
+ int c = 0;
while( EOF != c )
{
char c_valid = 0;
- c = (char) fgetc( b64_file );
+ c = fgetc( b64_file );
if( pad > 0 )
{
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c445ddb..a98aec1 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -182,6 +182,7 @@
#define DFL_REPRODUCIBLE 0
#define DFL_NSS_KEYLOG 0
#define DFL_NSS_KEYLOG_FILE NULL
+#define DFL_QUERY_CONFIG_MODE 0
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -643,6 +644,7 @@
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
+ int query_config_mode; /* whether to read config */
} opt;
int query_config( const char *config );
@@ -1723,6 +1725,7 @@
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
+ int query_config_ret = 0;
int version_suites[4][2];
io_ctx_t io_ctx;
unsigned char* buf = 0;
@@ -1972,6 +1975,7 @@
opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG;
opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
+ opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
for( i = 1; i < argc; i++ )
{
@@ -2386,7 +2390,9 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- mbedtls_exit( query_config( q ) );
+ opt.query_config_mode = 1;
+ query_config_ret = query_config( q );
+ goto exit;
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -4261,8 +4267,11 @@
}
#endif
- mbedtls_printf( " . Cleaning up..." );
- fflush( stdout );
+ if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
+ {
+ mbedtls_printf( " . Cleaning up..." );
+ fflush( stdout );
+ }
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
@@ -4292,7 +4301,8 @@
sni_free( sni_info );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( ( ret = psk_free( psk_info ) ) != 0 )
+ ret = psk_free( psk_info );
+ if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
@@ -4308,7 +4318,8 @@
* immediately because of bad cmd line params,
* for example). */
status = psa_destroy_key( psk_slot );
- if( status != PSA_SUCCESS )
+ if( ( status != PSA_SUCCESS ) &&
+ ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
{
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
(unsigned) psk_slot, (int) status );
@@ -4347,18 +4358,24 @@
mbedtls_memory_buffer_alloc_free();
#endif
- mbedtls_printf( " done.\n" );
+ if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
+ {
+ mbedtls_printf( " done.\n" );
#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
#endif
+ }
// Shell can not handle large exit numbers -> 1 for errors
if( ret < 0 )
ret = 1;
- mbedtls_exit( ret );
+ if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
+ mbedtls_exit( ret );
+ else
+ mbedtls_exit( query_config_ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index ade67e2..e8241a3 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -100,9 +100,8 @@
" Add NsCertType even if it is empty\n" \
" md=%%s default: SHA256\n" \
" possible values:\n" \
- " MD2, MD4, MD5, SHA1\n" \
- " SHA224, SHA256\n" \
- " SHA384, SHA512\n" \
+ " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
"\n"
@@ -217,58 +216,14 @@
}
else if( strcmp( p, "md" ) == 0 )
{
- if( strcmp( q, "SHA256" ) == 0 )
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string( q );
+ if( md_info == NULL )
{
- opt.md_alg = MBEDTLS_MD_SHA256;
- }
- else if( strcmp( q, "SHA224" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA224;
- }
- else
-#if defined(MBEDTLS_MD5_C)
- if( strcmp( q, "MD5" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD5;
- }
- else
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_MD4_C)
- if( strcmp( q, "MD4" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD4;
- }
- else
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_MD2_C)
- if( strcmp( q, "MD2" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_MD2;
- }
- else
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_SHA1_C)
- if( strcmp( q, "SHA1" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA1;
- }
- else
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA512_C)
- if( strcmp( q, "SHA384" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA384;
- }
- else
- if( strcmp( q, "SHA512" ) == 0 )
- {
- opt.md_alg = MBEDTLS_MD_SHA512;
- }
- else
-#endif /* MBEDTLS_SHA512_C */
- {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
}
+ opt.md_alg = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "key_usage" ) == 0 )
{
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 1eeb861..18174d8 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -118,8 +118,9 @@
" is_ca=%%d default: 0 (disabled)\n" \
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
- " Supported values:\n" \
- " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\
+ " Supported values (if enabled):\n" \
+ " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
" version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\
" subject_identifier=%%s default: 1\n" \
@@ -353,27 +354,14 @@
}
else if( strcmp( p, "md" ) == 0 )
{
- if( strcmp( q, "SHA1" ) == 0 )
- opt.md = MBEDTLS_MD_SHA1;
- else if( strcmp( q, "SHA224" ) == 0 )
- opt.md = MBEDTLS_MD_SHA224;
- else if( strcmp( q, "SHA256" ) == 0 )
- opt.md = MBEDTLS_MD_SHA256;
- else if( strcmp( q, "SHA384" ) == 0 )
- opt.md = MBEDTLS_MD_SHA384;
- else if( strcmp( q, "SHA512" ) == 0 )
- opt.md = MBEDTLS_MD_SHA512;
- else if( strcmp( q, "MD2" ) == 0 )
- opt.md = MBEDTLS_MD_MD2;
- else if( strcmp( q, "MD4" ) == 0 )
- opt.md = MBEDTLS_MD_MD4;
- else if( strcmp( q, "MD5" ) == 0 )
- opt.md = MBEDTLS_MD_MD5;
- else
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string( q );
+ if( md_info == NULL )
{
mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
}
+ opt.md = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "version" ) == 0 )
{
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index cc68663..7d85adb 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -166,6 +166,7 @@
link_to_source(seedfile)
endif()
link_to_source(compat.sh)
+ link_to_source(context-info.sh)
link_to_source(data_files)
link_to_source(scripts)
link_to_source(ssl-opt.sh)
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 150584b..68614ff 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -430,6 +430,11 @@
-u "Too many bad symbols detected. File check aborted" \
-n "Deserializing"
+run_test "Decoder continues past 0xff character" \
+ "def_b64_ff.bin" \
+ -n "No valid base64" \
+ -u "ciphersuite.* TLS-"
+
# End of tests
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 88f265c..bf2f538 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -13,8 +13,10 @@
## Tools
OPENSSL ?= openssl
FAKETIME ?= faketime
-MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
-MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
+
+TOP_DIR = ../..
+MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write
+MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req
## Build the generated test data. Note that since the final outputs
diff --git a/tests/data_files/base64/def_b64_ff.bin b/tests/data_files/base64/def_b64_ff.bin
new file mode 100644
index 0000000..66aa827
--- /dev/null
+++ b/tests/data_files/base64/def_b64_ff.bin
@@ -0,0 +1,5 @@
+// Ensure that the b64 parser continues after encountering a 0xFF
+// character. Note that this byte is invalid UTF-8, making this
+// entire file invalid UTF-8. Use care when editing.
+// -> ÿ <-
+AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr
new file mode 100644
index 0000000..a8c39bd
--- /dev/null
+++ b/tests/data_files/cert_md2.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA
+A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9
+1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb
+q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn
+mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x
+sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV
+oHOmuGG901WMMemzZXjoLi+8ZpVL
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr
new file mode 100644
index 0000000..d8a3dbf
--- /dev/null
+++ b/tests/data_files/cert_md4.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA
+A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh
+oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L
+mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X
+HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9
+dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6
+MkGpWB68T8FRBoVrWLOh+a9yNwyp
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/cert_md5.csr b/tests/data_files/cert_md5.csr
new file mode 100644
index 0000000..dc6792d
--- /dev/null
+++ b/tests/data_files/cert_md5.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV
++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N
+stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR
+iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75
+Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag
+aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBBAUA
+A4IBAQBNEvxgn3Pc62hsMgMz33IdeNpazeK3ae2gwQQFgL7qMp/kskfpIKF4m8eB
+YrmjKn9cqszRD606/ZtWYDwINUUc6O7bQGmpGIFd7bSPm/pbsajc6R7kzA/tD/bk
+G5zqu9Bj0x92hEwdku0zY+Hx9PgT2dK8M72iFylHBwT3X1tNyXhh7xWJ9RlAfSvN
+KdS6s3kRjK4qcir0MnflV5f2HD6r1v9cSVyme6eVLvOmup89z0cihH7NDwDJaYbi
+oqcKXFbro8/2ruEzPUS6U8NA9cjlX9DW8buIu4cQACVx5YevlwKoayYfXcRRvIFo
+OLiPq14TuZj3c0+HFOxWj4UBAjvI
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
new file mode 100644
index 0000000..4bfe986
--- /dev/null
+++ b/tests/include/test/drivers/size.h
@@ -0,0 +1,95 @@
+/*
+ * Test driver for context size functions
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H
+#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+typedef struct {
+ unsigned int context;
+} test_driver_key_context_t;
+
+/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ *
+ * This macro returns the base size for the key context. It is the size of the
+ * driver specific information stored in each key context.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
+
+/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE
+ *
+ * Number of bytes included in every key context for a key pair.
+ *
+ * This pair size is for an ECC 256-bit private/public key pair.
+ * Based on this value, the size of the private key can be derived by
+ * subtracting the public key size below from this one.
+ */
+
+#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65
+
+/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
+ *
+ * Number of bytes included in every key context for a public key.
+ *
+ * For ECC public keys, it needs 257 bits so 33 bytes.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33
+
+/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
+ *
+ * Every key context for a symmetric key includes this many times the key size.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0
+
+/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY
+ *
+ * If this is true for a key pair, the key context includes space for the public key.
+ * If this is false, no additional space is added for the public key.
+ *
+ * For this instance, store the public key with the private one.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1
+
+/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
+ *
+ * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver
+ * provides a size_function entry point, otherwise, it does not.
+ *
+ * Some opaque drivers have the need to support a custom size for the storage
+ * of key and context information. The size_function provides the ability to
+ * provide that customization.
+ */
+//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
+
+#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
+size_t test_size_function(
+ const psa_key_type_t key_type,
+ const size_t key_bits );
+#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 7ee8e5e..ee59742 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -25,5 +25,6 @@
#include "test/drivers/signature.h"
#include "test/drivers/keygen.h"
#include "test/drivers/cipher.h"
+#include "test/drivers/size.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index c4979cc..2c7b179 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -53,10 +53,8 @@
void mbedtls_test_platform_teardown( void );
/**
- * \brief This function translates an ASCII string encoding an
- * hexadecimal number into the encoded hexadecimal number. The
- * hexadecimal number is represented as an array of
- * unsigned char.
+ * \brief This function decodes the hexadecimal representation of
+ * data.
*
* \note The output buffer can be the same as the input buffer. For
* any other overlapping of the input and output buffers, the
@@ -70,7 +68,7 @@
*
* \return \c 0 on success.
* \return \c -1 if the output buffer is too small or the input string
- * is not a valid ASCII encoding of an hexadecimal number.
+ * is not a valid hexadecimal representation.
*/
int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax,
const char *ibuf, size_t *len );
@@ -103,4 +101,93 @@
int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
uint32_t a_len, uint32_t b_len );
+#if defined(MBEDTLS_CHECK_PARAMS)
+
+typedef struct
+{
+ const char *failure_condition;
+ const char *file;
+ int line;
+}
+mbedtls_test_param_failed_location_record_t;
+
+/**
+ * \brief Get the location record of the last call to
+ * mbedtls_test_param_failed().
+ *
+ * \note The call expectation is set up and active until the next call to
+ * mbedtls_test_param_failed_check_expected_call() or
+ * mbedtls_param_failed() that cancels it.
+ */
+void mbedtls_test_param_failed_get_location_record(
+ mbedtls_test_param_failed_location_record_t *location_record );
+
+/**
+ * \brief State that a call to mbedtls_param_failed() is expected.
+ *
+ * \note The call expectation is set up and active until the next call to
+ * mbedtls_test_param_failed_check_expected_call() or
+ * mbedtls_param_failed that cancel it.
+ */
+void mbedtls_test_param_failed_expect_call( void );
+
+/**
+ * \brief Check whether mbedtls_param_failed() has been called as expected.
+ *
+ * \note Check whether mbedtls_param_failed() has been called between the
+ * last call to mbedtls_test_param_failed_expect_call() and the call
+ * to this function.
+ *
+ * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(),
+ * mbedtls_param_failed() has been called.
+ * \c -1 Otherwise.
+ */
+int mbedtls_test_param_failed_check_expected_call( void );
+
+/**
+ * \brief Get the address of the object of type jmp_buf holding the execution
+ * state information used by mbedtls_param_failed() to do a long jump.
+ *
+ * \note If a call to mbedtls_param_failed() is not expected in the sense
+ * that there is no call to mbedtls_test_param_failed_expect_call()
+ * preceding it, then mbedtls_param_failed() will try to restore the
+ * execution to the state stored in the jmp_buf object whose address
+ * is returned by the present function.
+ *
+ * \note This function is intended to provide the parameter of the
+ * setjmp() function to set-up where mbedtls_param_failed() should
+ * long-jump if it has to. It is foreseen to be used as:
+ *
+ * setjmp( mbedtls_test_param_failed_get_state_buf() ).
+ *
+ * \note The type of the returned value is not jmp_buf as jmp_buf is an
+ * an array type (C specification) and a function cannot return an
+ * array type.
+ *
+ * \note The type of the returned value is not jmp_buf* as then the return
+ * value couldn't be used by setjmp(), as its parameter's type is
+ * jmp_buf.
+ *
+ * \return Address of the object of type jmp_buf holding the execution state
+ * information used by mbedtls_param_failed() to do a long jump.
+ */
+void* mbedtls_test_param_failed_get_state_buf( void );
+
+/**
+ * \brief Reset the execution state used by mbedtls_param_failed() to do a
+ * long jump.
+ *
+ * \note If a call to mbedtls_param_failed() is not expected in the sense
+ * that there is no call to mbedtls_test_param_failed_expect_call()
+ * preceding it, then mbedtls_param_failed() will try to restore the
+ * execution state that this function reset.
+ *
+ * \note It is recommended to reset the execution state when the state
+ * is not relevant anymore. That way an unexpected call to
+ * mbedtls_param_failed() will not trigger a long jump with
+ * undefined behavior but rather a long jump that will rather fault.
+ */
+void mbedtls_test_param_failed_reset_state( void );
+#endif /* MBEDTLS_CHECK_PARAMS */
+
#endif /* TEST_HELPERS_H */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 578d03e..0072d34 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1295,9 +1295,7 @@
scripts/config.py full # includes CHECK_PARAMS
# Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT
- # Only build and run tests. Do not build sample programs, because
- # they don't have a mbedtls_param_failed() function.
- make CC=gcc CFLAGS='-Werror -O1' lib test
+ make CC=gcc CFLAGS='-Werror -O1' all test
}
component_test_check_params_without_platform () {
diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c
new file mode 100644
index 0000000..16a8692
--- /dev/null
+++ b/tests/src/drivers/size.c
@@ -0,0 +1,42 @@
+/*
+ * Test driver for retrieving key context size.
+ * Only used by opaque drivers.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+
+#include "test/drivers/size.h"
+
+#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION
+size_t test_size_function(
+ const psa_key_type_t key_type,
+ const size_t key_bits )
+{
+ (void) key_type;
+ (void) key_bits;
+ return 0;
+}
+#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index f385079..a18f1d4 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -19,10 +19,34 @@
#include <test/macros.h>
#include <string.h>
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include <setjmp.h>
+#endif
+
+/*----------------------------------------------------------------------------*/
+/* Static global variables */
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+typedef struct
+{
+ uint8_t expected_call;
+ uint8_t expected_call_happened;
+
+ jmp_buf state;
+
+ mbedtls_test_param_failed_location_record_t location_record;
+}
+param_failed_ctx_t;
+static param_failed_ctx_t param_failed_ctx;
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
static mbedtls_platform_context platform_ctx;
#endif
+/*----------------------------------------------------------------------------*/
+/* Helper Functions */
+
int mbedtls_test_platform_setup( void )
{
int ret = 0;
@@ -159,3 +183,64 @@
}
return ret;
}
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+void mbedtls_test_param_failed_get_location_record(
+ mbedtls_test_param_failed_location_record_t *location_record )
+{
+ *location_record = param_failed_ctx.location_record;
+}
+
+void mbedtls_test_param_failed_expect_call( void )
+{
+ param_failed_ctx.expected_call_happened = 0;
+ param_failed_ctx.expected_call = 1;
+}
+
+int mbedtls_test_param_failed_check_expected_call( void )
+{
+ param_failed_ctx.expected_call = 0;
+
+ if( param_failed_ctx.expected_call_happened != 0 )
+ return( 0 );
+
+ return( -1 );
+}
+
+void* mbedtls_test_param_failed_get_state_buf( void )
+{
+ return ¶m_failed_ctx.state;
+}
+
+void mbedtls_test_param_failed_reset_state( void )
+{
+ memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) );
+}
+
+void mbedtls_param_failed( const char *failure_condition,
+ const char *file,
+ int line )
+{
+ /* Record the location of the failure */
+ param_failed_ctx.location_record.failure_condition = failure_condition;
+ param_failed_ctx.location_record.file = file;
+ param_failed_ctx.location_record.line = line;
+
+ /* If we are testing the callback function... */
+ if( param_failed_ctx.expected_call != 0 )
+ {
+ param_failed_ctx.expected_call = 0;
+ param_failed_ctx.expected_call_happened = 1;
+ }
+ else
+ {
+ /* ...else try a long jump. If the execution state has not been set-up
+ * or reset then the long jump buffer is all zero's and the call will
+ * with high probability fault, emphasizing there is something to look
+ * at.
+ */
+
+ longjmp( param_failed_ctx.state, 1 );
+ }
+}
+#endif /* MBEDTLS_CHECK_PARAMS */
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index ec43d13..aafcf5c 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -74,16 +74,6 @@
#define DISPATCH_UNSUPPORTED_SUITE -5 /* Test suite not supported by the
build */
-typedef enum
-{
- PARAMFAIL_TESTSTATE_IDLE = 0, /* No parameter failure call test */
- PARAMFAIL_TESTSTATE_PENDING, /* Test call to the parameter failure
- * is pending */
- PARAMFAIL_TESTSTATE_CALLED /* The test call to the parameter
- * failure function has been made */
-} paramfail_test_state_t;
-
-
/*----------------------------------------------------------------------------*/
/* Macros */
@@ -131,6 +121,7 @@
TEST_ASSERT( ( expr1 ) == ( expr2 ) )
/** Allocate memory dynamically and fail the test case if this fails.
+ * The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free( pointer )` in the test's cleanup code.
@@ -237,15 +228,16 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
- do { \
- test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \
- if( (TEST) != (PARAM_ERR_VALUE) || \
- test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \
- { \
- test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
+#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
+ do { \
+ mbedtls_test_param_failed_expect_call( ); \
+ if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
+ ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
+ { \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ mbedtls_test_param_failed_check_expected_call( ); \
} while( 0 )
/**
@@ -268,16 +260,17 @@
*
* \param TEST The test expression to be tested.
*/
-#define TEST_INVALID_PARAM( TEST ) \
- do { \
- memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \
- if( setjmp( param_fail_jmp ) == 0 ) \
- { \
- TEST; \
- test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \
+#define TEST_INVALID_PARAM( TEST ) \
+ do { \
+ memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
+ sizeof( jmp_tmp ) ); \
+ if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
+ { \
+ TEST; \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ mbedtls_test_param_failed_reset_state( ); \
} while( 0 )
#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
@@ -359,7 +352,6 @@
typedef struct
{
- paramfail_test_state_t paramfail_test_state;
test_result_t result;
const char *test;
const char *filename;
@@ -370,7 +362,6 @@
static test_info_t test_info;
#if defined(MBEDTLS_CHECK_PARAMS)
-jmp_buf param_fail_jmp;
jmp_buf jmp_tmp;
#endif
@@ -427,30 +418,6 @@
test_info.filename = filename;
}
-#if defined(MBEDTLS_CHECK_PARAMS)
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- /* If we are testing the callback function... */
- if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING )
- {
- test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED;
- }
- else
- {
- /* ...else we treat this as an error */
-
- /* Record the location of the failure, but not as a failure yet, in case
- * it was part of the test */
- test_fail( failure_condition, line, file );
- test_info.result = TEST_RESULT_SUCCESS;
-
- longjmp( param_fail_jmp, 1 );
- }
-}
-#endif
-
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
static int redirect_output( FILE* out_stream, const char* path )
{
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index cce2899..db53e97 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -683,7 +683,6 @@
if( unmet_dep_count == 0 )
{
test_info.result = TEST_RESULT_SUCCESS;
- test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
test_info.step = (unsigned long)( -1 );
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 6901256..256224e 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -165,17 +165,23 @@
void execute_function_ptr(TestWrapper_t fp, void **params)
{
#if defined(MBEDTLS_CHECK_PARAMS)
- if ( setjmp( param_fail_jmp ) == 0 )
+ mbedtls_test_param_failed_location_record_t location_record;
+
+ if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 )
{
fp( params );
}
else
{
/* Unexpected parameter validation error */
+ mbedtls_test_param_failed_get_location_record( &location_record );
+ test_fail( location_record.failure_condition,
+ location_record.line,
+ location_record.file );
test_info.result = TEST_RESULT_FAILED;
}
- memset( param_fail_jmp, 0, sizeof(jmp_buf) );
+ mbedtls_test_param_failed_reset_state( );
#else
fp( params );
#endif
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 1d453db..754a167 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -9,7 +9,7 @@
/* BEGIN_CASE */
void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -23,8 +23,7 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -34,7 +33,7 @@
/* BEGIN_CASE */
void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -48,8 +47,7 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -59,7 +57,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -74,9 +72,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -86,7 +83,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -100,9 +97,8 @@
if( cbc_result == 0)
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -236,7 +232,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -249,8 +245,7 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -259,7 +254,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -272,8 +267,7 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -282,7 +276,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -294,9 +288,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -305,7 +298,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_aes_context ctx;
@@ -317,9 +310,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -329,17 +321,15 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
void aes_encrypt_ofb( int fragment_size, data_t *key_str,
data_t *iv_str, data_t *src_str,
- char *expected_output_string)
+ data_t *expected_output )
{
unsigned char output[32];
- unsigned char output_string[65];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
int in_buffer_len;
unsigned char* src_str_next;
memset( output, 0x00, sizeof( output ) );
- memset( output_string, 0x00, sizeof( output_string ) );
mbedtls_aes_init( &ctx );
TEST_ASSERT( (size_t)fragment_size < sizeof( output ) );
@@ -354,12 +344,10 @@
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
iv_str->x, src_str_next, output ) == 0 );
- mbedtls_test_hexify( output_string, output, fragment_size );
- TEST_ASSERT( strncmp( (char *) output_string, expected_output_string,
- ( 2 * fragment_size ) ) == 0 );
+ TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 );
in_buffer_len -= fragment_size;
- expected_output_string += ( fragment_size * 2 );
+ expected_output->x += fragment_size;
src_str_next += fragment_size;
if( in_buffer_len < fragment_size )
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index 9aa4913..c1e2386 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,8 +8,7 @@
*/
/* BEGIN_CASE */
-void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str,
- data_t * hex_dst_string )
+void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst )
{
unsigned char dst_str[1000];
mbedtls_arc4_context ctx;
@@ -19,11 +18,11 @@
mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
- TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 );
+ TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len,
+ src_str->x, dst_str ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x,
+ src_str->len, dst->len ) == 0 );
exit:
mbedtls_arc4_free( &ctx );
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index d08c39d..6d6a203 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -207,14 +207,12 @@
/* BEGIN_CASE */
void aria_encrypt_ecb( data_t *key_str, data_t *src_str,
- char *hex_dst_string, int setkey_result )
+ data_t *expected_output, int setkey_result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t i;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -227,9 +225,9 @@
TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
output + i ) == 0 );
}
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -239,14 +237,12 @@
/* BEGIN_CASE */
void aria_decrypt_ecb( data_t *key_str, data_t *src_str,
- char *hex_dst_string, int setkey_result )
+ data_t *expected_output, int setkey_result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t i;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -259,9 +255,9 @@
TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i,
output + i ) == 0 );
}
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -271,14 +267,12 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aria_encrypt_cbc( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int cbc_result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -288,9 +282,8 @@
output ) == cbc_result );
if( cbc_result == 0 )
{
- mbedtls_test_hexify( dst_str, output, src_str->len );
-
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -300,14 +293,12 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void aria_decrypt_cbc( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int cbc_result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -317,9 +308,8 @@
output ) == cbc_result );
if( cbc_result == 0 )
{
- mbedtls_test_hexify( dst_str, output, src_str->len );
-
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
}
exit:
@@ -329,15 +319,13 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -346,9 +334,9 @@
src_str->len, &iv_offset,
iv_str->x, src_str->x, output )
== result );
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -357,15 +345,13 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -374,9 +360,9 @@
src_str->len, &iv_offset,
iv_str->x, src_str->x, output )
== result );
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -385,16 +371,14 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void aria_encrypt_ctr( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -402,9 +386,9 @@
TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
iv_str->x, blk, src_str->x, output )
== result );
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
@@ -413,16 +397,14 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void aria_decrypt_ctr( data_t *key_str, data_t *iv_str,
- data_t *src_str, char *hex_dst_string,
+ data_t *src_str, data_t *expected_output,
int result )
{
- unsigned char dst_str[ARIA_MAX_DATA_STR];
unsigned char output[ARIA_MAX_DATASIZE];
unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
size_t iv_offset = 0;
- memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
@@ -430,9 +412,9 @@
TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset,
iv_str->x, blk, src_str->x, output )
== result );
- mbedtls_test_hexify( dst_str, output, src_str->len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output->len,
+ expected_output->x, expected_output->len );
exit:
mbedtls_aria_free( &ctx );
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index eb6891c..f89353c 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -167,7 +167,7 @@
/* BEGIN_CASE */
void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -181,8 +181,7 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
exit:
@@ -192,7 +191,7 @@
/* BEGIN_CASE */
void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -206,8 +205,7 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
exit:
@@ -217,7 +215,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -233,9 +231,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -245,7 +242,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -260,9 +257,8 @@
if( cbc_result == 0)
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -272,8 +268,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string
- )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -286,9 +281,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -297,8 +291,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string
- )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_blowfish_context ctx;
@@ -311,9 +304,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -322,7 +314,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char stream_str[100];
unsigned char output[100];
@@ -337,9 +329,8 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 4949feb..312495c 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -175,7 +175,7 @@
/* BEGIN_CASE */
void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -189,8 +189,7 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -200,7 +199,7 @@
/* BEGIN_CASE */
void camellia_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string, int setkey_result )
+ data_t * dst, int setkey_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -214,8 +213,7 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
}
exit:
@@ -225,8 +223,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
- int cbc_result )
+ data_t * src_str, data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -240,9 +237,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -252,7 +248,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -267,9 +263,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -279,8 +274,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str,
- data_t * src_str,
- data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -293,8 +287,7 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
@@ -304,7 +297,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str,
data_t * src_str,
- data_t * hex_dst_string )
+ data_t * dst )
{
unsigned char output[100];
mbedtls_camellia_context ctx;
@@ -317,8 +310,7 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 9ad3b5d..4f83468 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -51,6 +51,9 @@
CCM lengths #9 tag length 0
ccm_lengths:5:10:5:0:MBEDTLS_ERR_CCM_BAD_INPUT
+CCM lengths #10 Large AD
+ccm_lengths:5:10:32768:8:0
+
CCM* fixed tag lengths #1 all OK
ccm_star_lengths:5:10:5:8:0
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 5724d8b..faa7e13 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -41,17 +41,17 @@
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
- unsigned char add[10];
+ unsigned char *add = NULL;
unsigned char out[10];
unsigned char tag[18];
int decrypt_ret;
mbedtls_ccm_init( &ctx );
+ ASSERT_ALLOC_WEAK( add, add_len );
memset( key, 0, sizeof( key ) );
memset( msg, 0, sizeof( msg ) );
memset( iv, 0, sizeof( iv ) );
- memset( add, 0, sizeof( add ) );
memset( out, 0, sizeof( out ) );
memset( tag, 0, sizeof( tag ) );
@@ -70,6 +70,7 @@
TEST_ASSERT( decrypt_ret == res );
exit:
+ mbedtls_free( add );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
@@ -152,7 +153,7 @@
void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
data_t * msg, data_t * iv,
data_t * add, int tag_len, int result,
- data_t * hex_msg )
+ data_t * expected_msg )
{
unsigned char tag[16];
mbedtls_ccm_context ctx;
@@ -172,7 +173,7 @@
if( result == 0 )
{
- TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 );
+ TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 );
}
else
{
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index afe2418..67c8de2 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -17,13 +17,6 @@
unsigned char output[375];
mbedtls_chacha20_context ctx;
- /*
- * Buffers to store the ASCII string representation of output and
- * expected_output_str.
- */
- unsigned char output_string[751] = { '\0' };
- unsigned char expected_output_string[751] = { '\0' };
-
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( src_str->len == expected_output_str->len );
@@ -35,12 +28,8 @@
*/
TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 );
- mbedtls_test_hexify( expected_output_string,
- expected_output_str->x,
- expected_output_str->len);
- mbedtls_test_hexify( output_string, output, src_str->len );
- TEST_ASSERT( strcmp( (char *)output_string,
- (char *)expected_output_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
/*
* Test the streaming API
@@ -54,9 +43,8 @@
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 );
- mbedtls_test_hexify( output_string, output, src_str->len );
- TEST_ASSERT( strcmp( (char *)output_string,
- (char *)expected_output_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
/*
* Test the streaming API again, piecewise
@@ -71,9 +59,8 @@
TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1,
src_str->x + 1, output + 1 ) == 0 );
- mbedtls_test_hexify( output_string, output, src_str->len );
- TEST_ASSERT( strcmp( (char *)output_string,
- (char *)expected_output_string ) == 0 );
+ ASSERT_COMPARE( output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len );
mbedtls_chacha20_free( &ctx );
}
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 625c87a..5b24935 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -15,8 +15,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -28,8 +27,7 @@
mbedtls_des_setkey_enc( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -37,8 +35,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -50,8 +47,7 @@
mbedtls_des_setkey_dec( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -60,8 +56,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
- int cbc_result )
+ data_t * src_str, data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des_context ctx;
@@ -75,9 +70,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -87,7 +81,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string,
+ data_t * src_str, data_t * dst,
int cbc_result )
{
unsigned char output[100];
@@ -102,9 +96,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
@@ -114,7 +107,7 @@
/* BEGIN_CASE */
void des3_encrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -132,8 +125,7 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -142,7 +134,7 @@
/* BEGIN_CASE */
void des3_decrypt_ecb( int key_count, data_t * key_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -160,8 +152,7 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -171,7 +162,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des3_encrypt_cbc( int key_count, data_t * key_str,
data_t * iv_str, data_t * src_str,
- data_t * hex_dst_string, int cbc_result )
+ data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -192,9 +183,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
exit:
@@ -205,7 +195,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void des3_decrypt_cbc( int key_count, data_t * key_str,
data_t * iv_str, data_t * src_str,
- data_t * hex_dst_string, int cbc_result )
+ data_t * dst, int cbc_result )
{
unsigned char output[100];
mbedtls_des3_context ctx;
@@ -226,9 +216,8 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len,
+ dst->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index b28d918ba..9b7b0ee 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -35,8 +35,8 @@
/* BEGIN_CASE */
void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
data_t * src_str, data_t * iv_str,
- data_t * add_str, data_t * hex_dst_string,
- int tag_len_bits, data_t * hex_tag_string,
+ data_t * add_str, data_t * dst,
+ int tag_len_bits, data_t * tag,
int init_result )
{
unsigned char output[128];
@@ -55,11 +55,10 @@
{
TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x,
- tag_len, hex_tag_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( tag_output, tag->x,
+ tag_len, tag->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 967df36..4c597c3 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -14,13 +14,6 @@
{
int ret;
unsigned char okm[128] = { '\0' };
- /*
- * okm_string and expected_okm_string are the ASCII string representations
- * of km and expected_okm, so their size should be twice the size of
- * okm and expected_okm, and an extra null-termination.
- */
- unsigned char okm_string[257] = { '\0' };
- unsigned char expected_okm_string[257] = { '\0' };
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
@@ -31,14 +24,8 @@
info->x, info->len, okm, expected_okm->len );
TEST_ASSERT( ret == 0 );
- /*
- * Run mbedtls_test_hexify on okm and expected_okm so that it looks nicer
- * if the assertion fails.
- */
- mbedtls_test_hexify( okm_string, okm, expected_okm->len );
- mbedtls_test_hexify( expected_okm_string,
- expected_okm->x, expected_okm->len );
- TEST_ASSERT( !strcmp( (char *)okm_string, (char *)expected_okm_string ) );
+ ASSERT_COMPARE( okm , expected_okm->len,
+ expected_okm->x, expected_okm->len );
}
/* END_CASE */
@@ -62,12 +49,11 @@
ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
- TEST_ASSERT( prk_len == output_prk_len );
ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( !memcmp( output_prk, prk, prk_len ) );
+ ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len );
exit:
mbedtls_free(ikm);
@@ -103,7 +89,7 @@
ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len,
output_okm, OKM_LEN );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( !memcmp( output_okm, okm, okm_len ) );
+ ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
exit:
mbedtls_free(info);
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index be57829..d918ce3 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -127,7 +127,7 @@
/* BEGIN_CASE */
void md_text( char * text_md_name, char * text_src_string,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char src_str[1000];
@@ -145,15 +145,14 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hex( char * text_md_name, data_t * src_str,
- data_t * hex_hash_string )
+void md_hex( char * text_md_name, data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -169,15 +168,15 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void md_text_multi( char * text_md_name, char * text_src_string,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char src_str[1000];
@@ -211,18 +210,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len) == 0 );
+ hash->len) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -231,8 +230,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_hex_multi( char * text_md_name, data_t * src_str,
- data_t * hex_hash_string )
+void md_hex_multi( char * text_md_name, data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -261,18 +259,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -283,7 +281,7 @@
/* BEGIN_CASE */
void mbedtls_md_hmac( char * text_md_name, int trunc_size,
data_t * key_str, data_t * src_str,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -299,14 +297,14 @@
TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str,
- data_t * src_str, data_t * hex_hash_string )
+ data_t * src_str, data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -332,8 +330,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
/* Test again, for reset() */
memset( output, 0x00, 100 );
@@ -343,8 +341,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ trunc_size, hash->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -353,7 +351,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mbedtls_md_file( char * text_md_name, char * filename,
- data_t * hex_hash_string )
+ data_t * hash )
{
char md_name[100];
unsigned char output[100];
@@ -368,8 +366,8 @@
TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
mbedtls_md_get_size( md_info ),
- hex_hash_string->len ) == 0 );
+ hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index ed2ae58..aa35c58 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, data_t * hex_hash_string )
+void md2_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -20,14 +20,13 @@
ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 ) ;
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- sizeof output,
- hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, data_t * hex_hash_string )
+void md4_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -41,14 +40,13 @@
ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- sizeof output,
- hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char * text_src_string, data_t * hex_hash_string )
+void md5_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -62,14 +60,13 @@
ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- sizeof output,
- hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char * text_src_string, data_t * hex_hash_string )
+void ripemd160_text( char * text_src_string, data_t * hash )
{
int ret;
unsigned char src_str[100];
@@ -83,9 +80,8 @@
ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- sizeof output,
- hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
+ sizeof output, hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 8a42180..068027b 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -12,7 +12,7 @@
void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
int radix_E, char * input_E, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[128];
mbedtls_rsa_context ctx;
@@ -42,8 +42,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -56,7 +56,7 @@
void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int hash, data_t * result_hex_str,
+ int hash, data_t * result_str,
char * seed, data_t * message_str,
int result )
{
@@ -84,7 +84,7 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- if( result_hex_str->len == 0 )
+ if( result_str->len == 0 )
{
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
@@ -102,9 +102,9 @@
output, 1000 ) == result );
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
output_len,
- result_hex_str->len) == 0 );
+ result_str->len) == 0 );
}
}
@@ -267,7 +267,7 @@
char * input_Q, int radix_N, char * input_N,
int radix_E, char * input_E, int digest, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[128];
@@ -305,8 +305,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index c9e91c8..c28cf08 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -12,7 +12,7 @@
void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
int radix_E, char * input_E, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -41,8 +41,8 @@
output ) == result );
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -55,7 +55,7 @@
void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int hash, data_t * result_hex_str,
+ int hash, data_t * result_str,
char * seed, data_t * message_str,
int result )
{
@@ -84,7 +84,7 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- if( result_hex_str->len == 0 )
+ if( result_str->len == 0 )
{
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
@@ -104,9 +104,9 @@
sizeof( output ) ) == result );
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
output_len,
- result_hex_str->len ) == 0 );
+ result_str->len ) == 0 );
}
}
@@ -122,7 +122,7 @@
char * input_Q, int radix_N, char * input_N,
int radix_E, char * input_E, int digest, int hash,
data_t * message_str, data_t * rnd_buf,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
@@ -160,8 +160,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 44617d9..4b8995b 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -9,14 +9,12 @@
*/
/* BEGIN_CASE */
-void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str )
+void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str )
{
unsigned char mac[16]; /* size set by the standard */
- unsigned char mac_str[33]; /* hex expansion of the above */
mbedtls_poly1305_context ctx;
- memset( mac_str, 0x00, sizeof( mac_str ) );
- memset( mac, 0x00, sizeof( mac ) );
+ memset( mac, 0x00, sizeof( mac ) );
/*
* Test the integrated API
@@ -24,8 +22,8 @@
TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x,
src_str->len, mac ) == 0 );
- mbedtls_test_hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
/*
* Test the streaming API
@@ -38,8 +36,8 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- mbedtls_test_hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
/*
* Test the streaming API again, piecewise
@@ -56,8 +54,8 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- mbedtls_test_hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
}
/*
@@ -73,8 +71,8 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- mbedtls_test_hexify( mac_str, mac, 16 );
- TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+ ASSERT_COMPARE( mac, expected_mac->len,
+ expected_mac->x, expected_mac->len );
}
mbedtls_poly1305_free( &ctx );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 2c6924a..8ba9ec1 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -563,39 +563,43 @@
PSA key policy: agreement + KDF, permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS
PSA key policy: agreement + KDF, not permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
PSA key policy: agreement + KDF, wrong agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
PSA key policy: agreement + KDF, wrong KDF algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224))
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED
-PSA key policy: agreement + KDF, key only permits raw agreement
+PSA key policy: agreement + KDF, key permits raw agreement
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS
PSA key policy: raw agreement, permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_SUCCESS
PSA key policy: raw agreement, not permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
+raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED
PSA key policy: raw agreement, wrong algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED
-PSA key policy: raw agreement, key only permits a KDF
+PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED
+
+PSA key policy: raw agreement, key specifies KDF
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED
PSA key policy algorithm2: CTR, CBC
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
@@ -1240,7 +1244,7 @@
PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-CTR, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
@@ -1252,7 +1256,7 @@
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -2217,6 +2221,14 @@
depends_on:MBEDTLS_SHA256_C
derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: ECDH on P256 with HKDF-SHA256, key output
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS
+
PSA key derivation: HKDF invalid state (double generate + read past capacity)
depends_on:MBEDTLS_SHA256_C
test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256)
@@ -2499,31 +2511,39 @@
PSA key agreement setup: ECDH + HKDF-SHA-256: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+
+PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader than required
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDH:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
+
+PSA key agreement setup: ECDH + HKDF-SHA-256: key algorithm KDF mismatch
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_512)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_PERMITTED
PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH, unknown KDF
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
PSA key agreement setup: bad key agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: KDF instead of a key agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
-key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
+key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_HKDF(PSA_ALG_SHA_256):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
PSA raw key agreement: ECDH SECP256R1 (RFC 5903)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
@@ -2549,6 +2569,14 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f"
+PSA raw key agreement: X25519 (RFC 7748: Alice)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+PSA raw key agreement: X25519 (RFC 7748: Bob)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C
+raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C
key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160
@@ -2710,6 +2738,10 @@
# doesn't fully relate the curve with its size.
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED
+PSA generate key: ECC, Curve25519, good
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS
+
PSA generate key: RSA, default e
generate_key_rsa:512:"":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 45916b9..fc563cb 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2208,13 +2208,15 @@
int policy_alg,
int key_type_arg,
data_t *key_data,
- int exercise_alg )
+ int exercise_alg,
+ int expected_status_arg )
{
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2228,11 +2230,7 @@
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
status = key_agreement_with_self( &operation, handle );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
@@ -2283,13 +2281,15 @@
int policy_alg,
int key_type_arg,
data_t *key_data,
- int exercise_alg )
+ int exercise_alg,
+ int expected_status_arg )
{
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2302,11 +2302,7 @@
status = raw_key_agreement_with_self( exercise_alg, handle );
- if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
- PSA_ASSERT( status );
- else
- TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
@@ -4733,9 +4729,20 @@
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
&handles[i] ) );
- TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
- handles[i] ),
- expected_statuses[i] );
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
+ steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
+ {
+ // When taking a private key as secret input, use key agreement
+ // to add the shared secret to the derivation
+ TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ),
+ expected_statuses[i] );
+ }
+ else
+ {
+ TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
+ handles[i] ),
+ expected_statuses[i] );
+ }
}
else
{
@@ -5220,12 +5227,13 @@
/* BEGIN_CASE */
void key_agreement_setup( int alg_arg,
- int our_key_type_arg, data_t *our_key_data,
- data_t *peer_key_data,
+ int our_key_type_arg, int our_key_alg_arg,
+ data_t *our_key_data, data_t *peer_key_data,
int expected_status_arg )
{
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t our_key_alg = our_key_alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -5235,7 +5243,7 @@
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_algorithm( &attributes, our_key_alg );
psa_set_key_type( &attributes, our_key_type );
PSA_ASSERT( psa_import_key( &attributes,
our_key_data->x, our_key_data->len,
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 90335db..6c73e39 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -471,7 +471,7 @@
int digest, int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
@@ -507,8 +507,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -557,7 +557,7 @@
int padding_mode, int mod, int radix_P,
char * input_P, int radix_Q, char * input_Q,
int radix_N, char * input_N, int radix_E,
- char * input_E, data_t * result_hex_str )
+ char * input_E, data_t * result_str )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -588,8 +588,8 @@
hash_result->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -612,9 +612,9 @@
if( res == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
ctx.len,
- result_hex_str->len ) == 0 );
+ result_str->len ) == 0 );
}
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -692,7 +692,7 @@
void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
int mod, int radix_N, char * input_N,
int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -722,8 +722,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -736,7 +736,7 @@
void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
int mod, int radix_N, char * input_N,
int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx;
@@ -762,8 +762,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -777,7 +777,7 @@
int mod, int radix_P, char * input_P,
int radix_Q, char * input_Q, int radix_N,
char * input_N, int radix_E, char * input_E,
- int max_output, data_t * result_hex_str,
+ int max_output, data_t * result_str,
int result )
{
unsigned char output[32];
@@ -814,9 +814,9 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
output_len,
- result_hex_str->len ) == 0 );
+ result_str->len ) == 0 );
}
exit:
@@ -829,7 +829,7 @@
/* BEGIN_CASE */
void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
char * input_N, int radix_E, char * input_E,
- data_t * result_hex_str, int result )
+ data_t * result_str, int result )
{
unsigned char output[256];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -853,8 +853,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
/* And now with the copy */
@@ -869,8 +869,8 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ ctx.len, result_str->len ) == 0 );
}
exit:
@@ -884,7 +884,7 @@
void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
char * input_P, int radix_Q, char * input_Q,
int radix_N, char * input_N, int radix_E,
- char * input_E, data_t * result_hex_str,
+ char * input_E, data_t * result_str,
int result )
{
unsigned char output[256];
@@ -921,9 +921,9 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
ctx.len,
- result_hex_str->len ) == 0 );
+ result_str->len ) == 0 );
}
}
@@ -941,9 +941,9 @@
if( result == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
ctx2.len,
- result_hex_str->len ) == 0 );
+ result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 6428009..f3477ec 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -52,7 +52,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha1( data_t * src_str, data_t * hash )
{
unsigned char output[41];
@@ -61,8 +61,7 @@
TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- 20, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 );
}
/* END_CASE */
@@ -123,7 +122,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224( data_t * src_str, data_t * hex_hash_string )
+void sha224( data_t * src_str, data_t * hash )
{
unsigned char output[57];
@@ -132,13 +131,12 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- 28, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha256( data_t * src_str, data_t * hash )
{
unsigned char output[65];
@@ -147,8 +145,7 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- 32, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
}
/* END_CASE */
@@ -209,7 +206,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384( data_t * src_str, data_t * hex_hash_string )
+void sha384( data_t * src_str, data_t * hash )
{
unsigned char output[97];
@@ -218,13 +215,12 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- 48, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string )
+void mbedtls_sha512( data_t * src_str, data_t * hash )
{
unsigned char output[129];
@@ -233,8 +229,7 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
- 64, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 9fcf367..f377ffa 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3824,11 +3824,11 @@
/* BEGIN_CASE */
void ssl_tls_prf( int type, data_t * secret, data_t * random,
- char *label, data_t *result_hex_str, int exp_ret )
+ char *label, data_t *result_str, int exp_ret )
{
unsigned char *output;
- output = mbedtls_calloc( 1, result_hex_str->len );
+ output = mbedtls_calloc( 1, result_str->len );
if( output == NULL )
goto exit;
@@ -3838,12 +3838,12 @@
TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
label, random->x, random->len,
- output, result_hex_str->len ) == exp_ret );
+ output, result_str->len ) == exp_ret );
if( exp_ret == 0 )
{
- TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
- result_hex_str->len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
+ result_str->len, result_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 9cac2ec..2bba4e2 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1220,21 +1220,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( data_t * params, int params_tag,
int ref_msg_md, int ref_mgf_md,
int ref_salt_len, int ref_ret )
{
int my_ret;
- mbedtls_x509_buf params;
+ mbedtls_x509_buf buf;
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
- params.p = hex_params->x;
- params.len = hex_params->len;
- params.tag = params_tag;
+ buf.p = params->x;
+ buf.len = params->len;
+ buf.tag = params_tag;
- my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
- &my_salt_len );
+ my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md,
+ &my_salt_len );
TEST_ASSERT( my_ret == ref_ret );
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index f286e67..1d5b29b 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -9,7 +9,7 @@
/* BEGIN_CASE */
void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+ data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -20,14 +20,12 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void xtea_decrypt_ecb( data_t * key_str, data_t * src_str,
- data_t * hex_dst_string )
+void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -38,14 +36,13 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -57,15 +54,14 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
- data_t * src_str, data_t * hex_dst_string )
+ data_t * src_str, data_t * dst )
{
unsigned char output[100];
mbedtls_xtea_context ctx;
@@ -77,9 +73,8 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
- src_str->len,
- hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
+ src_str->len, dst->len ) == 0 );
}
/* END_CASE */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index b243b73..3e9d14a 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -241,6 +241,7 @@
<ClInclude Include="..\..\tests\include\test\drivers\cipher.h" />
<ClInclude Include="..\..\tests\include\test\drivers\keygen.h" />
<ClInclude Include="..\..\tests\include\test\drivers\signature.h" />
+ <ClInclude Include="..\..\tests\include\test\drivers\size.h" />
<ClInclude Include="..\..\tests\include\test\drivers\test_driver.h" />
<ClInclude Include="..\..\library\common.h" />
<ClInclude Include="..\..\library\psa_crypto_core.h" />