Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
RSA-PSS sign 2: TLS 1.3 integration testing
diff --git a/ChangeLog.d/doc-x509-profile-pk.txt b/ChangeLog.d/doc-x509-profile-pk.txt
new file mode 100644
index 0000000..35625fe
--- /dev/null
+++ b/ChangeLog.d/doc-x509-profile-pk.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
+ documentation stated that the `allowed_pks` field applies to signatures
+ only, but in fact it does apply to the public key type of the end entity
+ certificate, too. Fixes #1992.
diff --git a/ChangeLog.d/psk_to_ms_mixed_psk.txt b/ChangeLog.d/psk_to_ms_mixed_psk.txt
new file mode 100644
index 0000000..b189661
--- /dev/null
+++ b/ChangeLog.d/psk_to_ms_mixed_psk.txt
@@ -0,0 +1,4 @@
+Features
+ * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support
+ mixed-psk. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
+ holding the other secret.
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 857fa5e..0b07974 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -91,6 +91,14 @@
void mbedtls_memory_buffer_alloc_status( void );
/**
+ * \brief Get the number of alloc/free so far.
+ *
+ * \param alloc_count Number of allocations.
+ * \param free_count Number of frees.
+ */
+void mbedtls_memory_buffer_alloc_count_get( size_t *alloc_count, size_t *free_count );
+
+/**
* \brief Get the peak heap usage so far
*
* \param max_used Peak number of bytes in use or committed. This
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d9d3e67..6dac3d1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -488,6 +488,7 @@
#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION 109 /* 0x6d -- new in TLS 1.3 */
#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
@@ -641,6 +642,7 @@
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ MBEDTLS_SSL_HELLO_RETRY_REQUEST,
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY,
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
@@ -1372,7 +1374,6 @@
int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 51883dc..51ce257 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -190,7 +190,9 @@
typedef struct mbedtls_x509_crt_profile
{
uint32_t allowed_mds; /**< MDs for signatures */
- uint32_t allowed_pks; /**< PK algs for signatures */
+ uint32_t allowed_pks; /**< PK algs for public keys;
+ * this applies to all certificates
+ * in the provided chain. */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
}
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 0d5d27d..8c6b442 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -522,6 +522,12 @@
}
}
+void mbedtls_memory_buffer_alloc_count_get( size_t *alloc_count, size_t *free_count )
+{
+ *alloc_count = heap.alloc_count;
+ *free_count = heap.free_count;
+}
+
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
{
*max_used = heap.maximum_used;
diff --git a/library/sha256.c b/library/sha256.c
index bdc396a..ac15ef8 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -357,6 +357,13 @@
return( processed );
}
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * This function is for internal use only if we are building both C and A64
+ * versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process()
+ */
+static
+#endif
int mbedtls_internal_sha256_process_a64_crypto( mbedtls_sha256_context *ctx,
const unsigned char data[SHA256_BLOCK_SIZE] )
{
@@ -402,6 +409,13 @@
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while( 0 )
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * This function is for internal use only if we are building both C and A64
+ * versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process()
+ */
+static
+#endif
int mbedtls_internal_sha256_process_c( mbedtls_sha256_context *ctx,
const unsigned char data[SHA256_BLOCK_SIZE] )
{
diff --git a/library/sha512.c b/library/sha512.c
index 71fbff0..be03ec3 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -527,6 +527,13 @@
return( processed );
}
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * This function is for internal use only if we are building both C and A64
+ * versions, otherwise it is renamed to be the public mbedtls_internal_sha512_process()
+ */
+static
+#endif
int mbedtls_internal_sha512_process_a64_crypto( mbedtls_sha512_context *ctx,
const unsigned char data[SHA512_BLOCK_SIZE] )
{
@@ -545,6 +552,13 @@
#if !defined(MBEDTLS_SHA512_PROCESS_ALT) && !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * This function is for internal use only if we are building both C and A64
+ * versions, otherwise it is renamed to be the public mbedtls_internal_sha512_process()
+ */
+static
+#endif
int mbedtls_internal_sha512_process_c( mbedtls_sha512_context *ctx,
const unsigned char data[SHA512_BLOCK_SIZE] )
{
@@ -676,7 +690,7 @@
#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
-int mbedtls_a64_crypto_sha512_has_support( void )
+static int mbedtls_a64_crypto_sha512_has_support( void )
{
static int done = 0;
static int supported = 0;
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 422c4c1..0c32f07 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -412,45 +412,6 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-int mbedtls_ssl_validate_ciphersuite(
- const mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *suite_info,
- mbedtls_ssl_protocol_version min_tls_version,
- mbedtls_ssl_protocol_version max_tls_version )
-{
- (void) ssl;
-
- if( suite_info == NULL )
- return( -1 );
-
- if( ( suite_info->min_tls_version > max_tls_version ) ||
- ( suite_info->max_tls_version < min_tls_version ) )
- {
- return( -1 );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- {
- return( -1 );
- }
-#endif
-
- /* Don't suggest PSK-based ciphersuite if no PSK is available. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
- {
- return( -1 );
- }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
- return( 0 );
-}
-
static int ssl_write_client_hello_cipher_suites(
mbedtls_ssl_context *ssl,
unsigned char *buf,
diff --git a/library/ssl_client.h b/library/ssl_client.h
index 67fc558..8e0c216 100644
--- a/library/ssl_client.h
+++ b/library/ssl_client.h
@@ -28,22 +28,6 @@
#include <stddef.h>
-/**
- * \brief Validate cipher suite against config in SSL context.
- *
- * \param ssl SSL context
- * \param suite_info Cipher suite to validate
- * \param min_tls_version Minimal TLS version to accept a cipher suite
- * \param max_tls_version Maximal TLS version to accept a cipher suite
- *
- * \return 0 if valid, negative value otherwise.
- */
-int mbedtls_ssl_validate_ciphersuite(
- const mbedtls_ssl_context *ssl,
- const mbedtls_ssl_ciphersuite_t *suite_info,
- mbedtls_ssl_protocol_version min_tls_version,
- mbedtls_ssl_protocol_version max_tls_version );
-
int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_CLIENT_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6562c22..e8acc23 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -173,6 +173,12 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
#endif
+/* This macro determines whether a ciphersuite uses Encrypt-then-MAC with CBC */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+ defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM
+#endif
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
@@ -582,10 +588,15 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_CLI_C)
- /*!< Number of Hello Retry Request messages received from the server. */
+ /** Number of Hello Retry Request messages received from the server. */
int hello_retry_request_count;
#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+ /** selected_group of key_share extension in HelloRetryRequest message. */
+ uint16_t hrr_selected_group;
+#endif /* MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
@@ -611,7 +622,9 @@
* seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_key_type_t ecdh_psa_type;
@@ -1776,6 +1789,16 @@
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
+#if defined(MBEDTLS_ECDH_C)
+int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len );
+#endif /* MBEDTLS_ECDH_C */
+
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1856,6 +1879,39 @@
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
}
+static inline int mbedtls_ssl_named_group_is_offered(
+ const mbedtls_ssl_context *ssl, uint16_t named_group )
+{
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ if( group_list == NULL )
+ return( 0 );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ if( *group_list == named_group )
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group )
+{
+#if defined(MBEDTLS_ECDH_C)
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_tls_id( named_group );
+ if( curve_info != NULL )
+ return( 1 );
+ }
+#else
+ ((void) named_group);
+#endif /* MBEDTLS_ECDH_C */
+ return( 0 );
+}
+
/*
* Return supported signature algorithms.
*
@@ -2172,4 +2228,66 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+/**
+ * \brief TLS record protection modes
+ */
+typedef enum {
+ MBEDTLS_SSL_MODE_STREAM = 0,
+ MBEDTLS_SSL_MODE_CBC,
+ MBEDTLS_SSL_MODE_CBC_ETM,
+ MBEDTLS_SSL_MODE_AEAD
+} mbedtls_ssl_mode_t;
+
+mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
+ const mbedtls_ssl_transform *transform );
+
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
+ int encrypt_then_mac,
+ const mbedtls_ssl_ciphersuite_t *suite );
+#else
+mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
+ const mbedtls_ssl_ciphersuite_t *suite );
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
+
+#if defined(MBEDTLS_ECDH_C)
+
+int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t buf_len );
+
+#endif /* MBEDTLS_ECDH_C */
+
+static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
+ mbedtls_ssl_context *ssl, int cipher_suite )
+{
+ const int *ciphersuite_list = ssl->conf->ciphersuite_list;
+
+ /* Check whether we have offered this ciphersuite */
+ for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
+ {
+ if( ciphersuite_list[i] == cipher_suite )
+ {
+ return( 1 );
+ }
+ }
+ return( 0 );
+}
+
+/**
+ * \brief Validate cipher suite against config in SSL context.
+ *
+ * \param ssl SSL context
+ * \param suite_info Cipher suite to validate
+ * \param min_tls_version Minimal TLS version to accept a cipher suite
+ * \param max_tls_version Maximal TLS version to accept a cipher suite
+ *
+ * \return 0 if valid, negative value otherwise.
+ */
+int mbedtls_ssl_validate_ciphersuite(
+ const mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ mbedtls_ssl_protocol_version min_tls_version,
+ mbedtls_ssl_protocol_version max_tls_version );
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c55c60f..083c8d2 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -523,9 +523,7 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_cipher_mode_t mode;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
@@ -566,15 +564,13 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ ssl_mode = mbedtls_ssl_get_mode_from_transform( transform );
+
data = rec->buf + rec->data_offset;
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
@@ -654,17 +650,8 @@
* Add MAC before if needed
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ||
- ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING
-#else
- if( mode == MBEDTLS_MODE_STREAM ||
- ( mode == MBEDTLS_MODE_CBC
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
-#endif
- ) )
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC )
{
if( post_avail < transform->maclen )
{
@@ -748,11 +735,7 @@
* Encrypt
*/
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
-#else
- if( mode == MBEDTLS_MODE_STREAM )
-#endif
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
"including %d bytes of padding",
@@ -767,13 +750,7 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
-#else
- if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -891,11 +868,8 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
-#else
- if( mode == MBEDTLS_MODE_CBC )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t padlen, i;
@@ -1139,14 +1113,9 @@
mbedtls_record *rec )
{
size_t olen;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_ssl_mode_t ssl_mode;
int ret;
-#else
- mbedtls_cipher_mode_t mode;
- int ret;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
@@ -1171,9 +1140,7 @@
}
data = rec->buf + rec->data_offset;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ssl_mode = mbedtls_ssl_get_mode_from_transform( transform );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
@@ -1187,11 +1154,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
-#else
- if( mode == MBEDTLS_MODE_STREAM )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
{
/* The only supported stream cipher is "NULL",
* so there's nothing to do here.*/
@@ -1201,13 +1164,7 @@
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
-#else
- if( mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -1333,11 +1290,8 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
-#else
- if( mode == MBEDTLS_MODE_CBC )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
size_t minlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1391,7 +1345,7 @@
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 7f65849..1c05001 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -216,19 +216,23 @@
uint32_t lifetime )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_cipher_info_t *cipher_info;
+ size_t key_bits;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg;
psa_key_type_t key_type;
- size_t key_bits;
-#endif
+#else
+ const mbedtls_cipher_info_t *cipher_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
- ctx->f_rng = f_rng;
- ctx->p_rng = p_rng;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( mbedtls_ssl_cipher_to_psa( cipher, TICKET_AUTH_TAG_BYTES,
+ &alg, &key_type, &key_bits ) != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ctx->ticket_lifetime = lifetime;
-
+ if( PSA_ALG_IS_AEAD( alg ) == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+#else
cipher_info = mbedtls_cipher_info_from_type( cipher );
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
@@ -238,14 +242,18 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES )
+ key_bits = mbedtls_cipher_info_get_key_bitlen( cipher_info );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( key_bits > 8 * MAX_KEY_BYTES )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ ctx->f_rng = f_rng;
+ ctx->p_rng = p_rng;
+
+ ctx->ticket_lifetime = lifetime;
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( mbedtls_ssl_cipher_to_psa( cipher_info->type, TICKET_AUTH_TAG_BYTES,
- &alg, &key_type, &key_bits ) != PSA_SUCCESS )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
ctx->keys[0].alg = alg;
ctx->keys[0].key_type = key_type;
ctx->keys[0].key_bits = key_bits;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4f1bac6..1702885 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -383,11 +383,9 @@
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite,
const unsigned char master[48],
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
mbedtls_ssl_protocol_version tls_version,
@@ -626,7 +624,7 @@
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_init( &handshake->dhm_ctx );
#endif
-#if defined(MBEDTLS_ECDH_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
mbedtls_ecdh_init( &handshake->ecdh_ctx );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -918,12 +916,6 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
- if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
return( 0 );
}
@@ -952,6 +944,7 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
+
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
return( 0 );
}
@@ -1721,6 +1714,109 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
+ psa_algorithm_t alg )
+{
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ if( alg == PSA_ALG_CBC_NO_PADDING )
+ return( MBEDTLS_SSL_MODE_CBC );
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+ if( PSA_ALG_IS_AEAD( alg ) )
+ return( MBEDTLS_SSL_MODE_AEAD );
+ return( MBEDTLS_SSL_MODE_STREAM );
+}
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
+ mbedtls_cipher_mode_t mode )
+{
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ if( mode == MBEDTLS_MODE_CBC )
+ return( MBEDTLS_SSL_MODE_CBC );
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
+ if( mode == MBEDTLS_MODE_GCM ||
+ mode == MBEDTLS_MODE_CCM ||
+ mode == MBEDTLS_MODE_CHACHAPOLY )
+ return( MBEDTLS_SSL_MODE_AEAD );
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+
+ return( MBEDTLS_SSL_MODE_STREAM );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
+ mbedtls_ssl_mode_t base_mode,
+ int encrypt_then_mac )
+{
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+ if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+ base_mode == MBEDTLS_SSL_MODE_CBC )
+ {
+ return( MBEDTLS_SSL_MODE_CBC_ETM );
+ }
+#else
+ (void) encrypt_then_mac;
+#endif
+ return( base_mode );
+}
+
+mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
+ const mbedtls_ssl_transform *transform )
+{
+ mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_alg
+#else
+ mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc )
+#endif
+ );
+
+ int encrypt_then_mac = 0;
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+ encrypt_then_mac = transform->encrypt_then_mac;
+#endif
+ return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
+}
+
+mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+ int encrypt_then_mac,
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
+ const mbedtls_ssl_ciphersuite_t *suite )
+{
+ mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+ psa_algorithm_t alg;
+ psa_key_type_t type;
+ size_t size;
+ status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
+ if( status == PSA_SUCCESS )
+ base_mode = mbedtls_ssl_get_base_mode( alg );
+#else
+ const mbedtls_cipher_info_t *cipher =
+ mbedtls_cipher_info_from_type( suite->cipher );
+ if( cipher != NULL )
+ {
+ base_mode =
+ mbedtls_ssl_get_base_mode(
+ mbedtls_cipher_info_get_mode( cipher ) );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+ int encrypt_then_mac = 0;
+#endif
+ return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
psa_algorithm_t *alg,
@@ -3116,7 +3212,7 @@
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_free( &handshake->dhm_ctx );
#endif
-#if defined(MBEDTLS_ECDH_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
mbedtls_ecdh_free( &handshake->ecdh_ctx );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -3620,11 +3716,9 @@
ret = ssl_tls12_populate_transform( ssl->transform,
ssl->session->ciphersuite,
ssl->session->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
ssl->session->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
@@ -4215,8 +4309,7 @@
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
- if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
- ( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
+ if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
@@ -4228,8 +4321,17 @@
else
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
- conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
- conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+ else
+ /* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
+ {
+ conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
@@ -5190,11 +5292,9 @@
ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
ssl->session_negotiate->ciphersuite,
ssl->session_negotiate->master,
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
ssl->session_negotiate->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
ssl->tls_version,
@@ -5342,6 +5442,11 @@
const unsigned char *psk = NULL;
size_t psk_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ (void) key_ex;
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
== MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
{
@@ -5414,7 +5519,8 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -5435,7 +5541,7 @@
MBEDTLS_DEBUG_ECDH_Z );
}
else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -6780,11 +6886,9 @@
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite,
const unsigned char master[48],
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) && \
- defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
- MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
mbedtls_ssl_protocol_version tls_version,
@@ -6801,8 +6905,9 @@
size_t iv_copy_len;
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- const mbedtls_cipher_info_t *cipher_info;
+ mbedtls_ssl_mode_t ssl_mode;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
@@ -6827,10 +6932,9 @@
/*
* Some data just needs copying into the structure
*/
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
transform->encrypt_then_mac = encrypt_then_mac;
-#endif
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
transform->tls_version = tls_version;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -6857,6 +6961,28 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+ ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite(
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+ encrypt_then_mac,
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
+ ciphersuite_info );
+
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
+ transform->taglen =
+ ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher,
+ transform->taglen,
+ &alg,
+ &key_type,
+ &key_bits ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+ goto end;
+ }
+#else
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
@@ -6864,6 +6990,7 @@
ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
@@ -6923,21 +7050,21 @@
* Determine the appropriate key, IV and MAC length.
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ keylen = PSA_BITS_TO_BYTES(key_bits);
+#else
keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
+#endif
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
{
size_t explicit_ivlen;
transform->maclen = 0;
mac_key_len = 0;
- transform->taglen =
- ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
/* All modes haves 96-bit IVs, but the length of the static parts vary
* with mode and version:
@@ -6948,7 +7075,11 @@
* sequence number).
*/
transform->ivlen = 12;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( key_type == PSA_KEY_TYPE_CHACHA20 )
+#else
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
@@ -6960,10 +7091,17 @@
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
- mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+ ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
+#else
+ size_t block_size = cipher_info->block_size;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Get MAC length */
mac_key_len = PSA_HASH_LENGTH(mac_alg);
#else
@@ -6981,10 +7119,14 @@
transform->maclen = mac_key_len;
/* IV length */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg );
+#else
transform->ivlen = cipher_info->iv_size;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Minimum length */
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
+ if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
transform->minlen = transform->maclen;
else
{
@@ -6995,17 +7137,17 @@
* 2. IV
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{
transform->minlen = transform->maclen
- + cipher_info->block_size;
+ + block_size;
}
else
#endif
{
transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
+ + block_size
+ - transform->maclen % block_size;
}
if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
@@ -7087,17 +7229,6 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
- transform->taglen,
- &alg,
- &key_type,
- &key_bits ) ) != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
- goto end;
- }
-
transform->psa_alg = alg;
if ( alg != MBEDTLS_SSL_NULL_CIPHER )
@@ -7776,4 +7907,43 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+int mbedtls_ssl_validate_ciphersuite(
+ const mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ mbedtls_ssl_protocol_version min_tls_version,
+ mbedtls_ssl_protocol_version max_tls_version )
+{
+ (void) ssl;
+
+ if( suite_info == NULL )
+ return( -1 );
+
+ if( ( suite_info->min_tls_version > max_tls_version ) ||
+ ( suite_info->max_tls_version < min_tls_version ) )
+ {
+ return( -1 );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+ mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+ {
+ return( -1 );
+ }
+#endif
+
+ /* Don't suggest PSK-based ciphersuite if no PSK is available. */
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
+ mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ {
+ return( -1 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ return( 0 );
+}
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 0c8c913..dcc7dfb 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -870,9 +870,11 @@
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
{
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
p[0] );
@@ -1764,51 +1766,11 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) )
-static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
-{
- const mbedtls_ecp_curve_info *curve_info;
- mbedtls_ecp_group_id grp_id;
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- grp_id = ssl->handshake->ecdh_ctx.grp.id;
-#else
- grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
-
- curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
- if( curve_info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-
- if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
- return( -1 );
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_QP );
-
- return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- ( !MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
-static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p,
unsigned char *end )
{
@@ -1871,13 +1833,35 @@
return( 0 );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+#else
+static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
+{
+ const mbedtls_ecp_curve_info *curve_info;
+ mbedtls_ecp_group_id grp_id;
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ grp_id = ssl->handshake->ecdh_ctx.grp.id;
+#else
+ grp_id = ssl->handshake->ecdh_ctx.grp_id;
+#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ if( curve_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+
+ if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
+ return( -1 );
+
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP );
+
+ return( 0 );
+}
+
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p,
unsigned char *end )
@@ -1912,6 +1896,7 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -2337,31 +2322,8 @@
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
- {
- if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
@@ -2831,16 +2793,16 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t key_attributes;
@@ -2911,22 +2873,7 @@
if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
+#else
/*
* ECDH key exchange -- send client public value
*/
@@ -2986,6 +2933,7 @@
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3239,15 +3187,10 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* Opaque PSKs are currently only supported for PSK-only suites. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
/*
* ClientECDiffieHellmanPublic public;
*/
@@ -3266,7 +3209,7 @@
MBEDTLS_DEBUG_ECDH_Q );
}
else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 3b2c2f7..8866d4f 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -448,9 +448,11 @@
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
{
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
p[0] );
@@ -1971,20 +1973,13 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
{
unsigned char *p = buf;
const mbedtls_ssl_ciphersuite_t *suite = NULL;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_type_t key_type;
- psa_algorithm_t alg;
- size_t key_bits;
-#else
- const mbedtls_cipher_info_t *cipher = NULL;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* RFC 7366: "If a server receives an encrypt-then-MAC request extension
@@ -1992,18 +1987,19 @@
* with Associated Data (AEAD) ciphersuite, it MUST NOT send an
* encrypt-then-MAC response extension back to the client."
*/
- if( ( suite = mbedtls_ssl_ciphersuite_from_id(
- ssl->session_negotiate->ciphersuite ) ) == NULL ||
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg,
- &key_type, &key_bits ) != PSA_SUCCESS ) ||
- alg != PSA_ALG_CBC_NO_PADDING )
-#else
- ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
- cipher->mode != MBEDTLS_MODE_CBC )
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
+ suite = mbedtls_ssl_ciphersuite_from_id(
+ ssl->session_negotiate->ciphersuite );
+ if( suite == NULL )
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
+ else
+ {
+ mbedtls_ssl_mode_t ssl_mode =
+ mbedtls_ssl_get_mode_from_ciphersuite(
+ ssl->session_negotiate->encrypt_then_mac,
+ suite );
+
+ if( ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM )
+ ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
}
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
@@ -2022,7 +2018,7 @@
*olen = 4;
}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
@@ -2591,7 +2587,7 @@
ext_len += olen;
#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
@@ -3142,123 +3138,116 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_attributes_t key_attributes;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ size_t ecdh_bits = 0;
+ uint8_t *p = ssl->out_msg + ssl->out_msglen;
+ const size_t header_size = 4; // curve_type(1), namedcurve(2),
+ // data length(1)
+ const size_t data_length_size = 1;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /* Convert EC group to PSA key type. */
+ handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
+ (*curve)->tls_id, &ecdh_bits );
+
+ if( handshake->ecdh_psa_type == 0 )
{
- psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- psa_key_attributes_t key_attributes;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- size_t ecdh_bits = 0;
- uint8_t *p = ssl->out_msg + ssl->out_msglen;
- const size_t header_size = 4; // curve_type(1), namedcurve(2),
- // data length(1)
- const size_t data_length_size = 1;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
-
- /* Convert EC group to PSA key type. */
- handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
- (*curve)->tls_id, &ecdh_bits );
-
- if( handshake->ecdh_psa_type == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
- handshake->ecdh_bits = ecdh_bits;
-
- key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
- psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
- psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
-
- /*
- * ECParameters curve_params
- *
- * First byte is curve_type, always named_curve
- */
- *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
-
- /*
- * Next two bytes are the namedcurve value
- */
- MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 );
- p += 2;
-
- /* Generate ECDH private key. */
- status = psa_generate_key( &key_attributes,
- &handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
- return( ret );
- }
-
- /*
- * ECPoint public
- *
- * First byte is data length.
- * It will be filled later. p holds now the data length location.
- */
-
- /* Export the public part of the ECDH private key from PSA.
- * Make one byte space for the length.
- */
- unsigned char *own_pubkey = p + data_length_size;
-
- size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
- - ( own_pubkey - ssl->out_msg ) );
-
- status = psa_export_public_key( handshake->ecdh_psa_privkey,
- own_pubkey, own_pubkey_max_len,
- &len );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
- (void) psa_destroy_key( handshake->ecdh_psa_privkey );
- handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- return( ret );
- }
-
- /* Store the length of the exported public key. */
- *p = (uint8_t) len;
-
- /* Determine full message length. */
- len += header_size;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- else
+ handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /*
+ * ECParameters curve_params
+ *
+ * First byte is curve_type, always named_curve
+ */
+ *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
+
+ /*
+ * Next two bytes are the namedcurve value
+ */
+ MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 );
+ p += 2;
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
+ return( ret );
+ }
+
+ /*
+ * ECPoint public
+ *
+ * First byte is data length.
+ * It will be filled later. p holds now the data length location.
+ */
+
+ /* Export the public part of the ECDH private key from PSA.
+ * Make one byte space for the length.
+ */
+ unsigned char *own_pubkey = p + data_length_size;
+
+ size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
+ - ( own_pubkey - ssl->out_msg ) );
+
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ own_pubkey, own_pubkey_max_len,
+ &len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
+ (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( ret );
+ }
+
+ /* Store the length of the exported public key. */
+ *p = (uint8_t) len;
+
+ /* Determine full message length. */
+ len += header_size;
+#else
+ if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
+ (*curve)->grp_id ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
+ return( ret );
+ }
+
+ if( ( ret = mbedtls_ecdh_make_params(
+ &ssl->handshake->ecdh_ctx, &len,
+ ssl->out_msg + ssl->out_msglen,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
- if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
- (*curve)->grp_id ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
- return( ret );
- }
-
- if( ( ret = mbedtls_ecdh_make_params(
- &ssl->handshake->ecdh_ctx, &len,
- ssl->out_msg + ssl->out_msglen,
- MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
- return( ret );
- }
- }
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
dig_signed = ssl->out_msg + ssl->out_msglen;
#endif
ssl->out_msglen += len;
-
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
@@ -3905,16 +3894,16 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t data_len = (size_t)( *p++ );
size_t buf_len = (size_t)( end - p );
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3969,22 +3958,7 @@
}
}
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
- {
+#else
if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
p, end - p) ) != 0 )
{
@@ -4007,6 +3981,7 @@
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -4122,10 +4097,10 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t ecpoint_len;
@@ -4227,13 +4202,7 @@
psm += psk_len;
ssl->handshake->pmslen = psm - ssl->handshake->premaster;
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
- {
+#else
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
@@ -4247,12 +4216,6 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* Opaque PSKs are currently only supported for PSK-only. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif
-
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP );
@@ -4262,6 +4225,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 05c281a..d024abf 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -204,65 +204,6 @@
/*
* Functions for writing key_share extension.
*/
-#if defined(MBEDTLS_ECDH_C)
-static int ssl_tls13_generate_and_write_ecdh_key_exchange(
- mbedtls_ssl_context *ssl,
- uint16_t named_group,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- psa_key_attributes_t key_attributes;
- size_t own_pubkey_len;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- size_t ecdh_bits = 0;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
-
- /* Convert EC group to PSA key type. */
- if( ( handshake->ecdh_psa_type =
- mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-
- ssl->handshake->ecdh_bits = ecdh_bits;
-
- key_attributes = psa_key_attributes_init();
- psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
- psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
- psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
- psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
-
- /* Generate ECDH private key. */
- status = psa_generate_key( &key_attributes,
- &handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
- return( ret );
-
- }
-
- /* Export the public part of the ECDH private key from PSA. */
- status = psa_export_public_key( handshake->ecdh_psa_privkey,
- buf, (size_t)( end - buf ),
- &own_pubkey_len );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
- return( ret );
-
- }
-
- *out_len = own_pubkey_len;
-
- return( 0 );
-}
-#endif /* MBEDTLS_ECDH_C */
-
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id )
{
@@ -367,8 +308,8 @@
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
p += 4;
- ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id, p, end,
- &key_exchange_len );
+ ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ ssl, group_id, p, end, &key_exchange_len );
p += key_exchange_len;
if( ret != 0 )
return( ret );
@@ -416,30 +357,6 @@
return( ret );
}
-#if defined(MBEDTLS_ECDH_C)
-
-static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t buf_len )
-{
- uint8_t *p = (uint8_t*)buf;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
- /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */
- uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
-
- /* Check if key size is consistent with given buffer length. */
- if ( peerkey_len > ( buf_len - 2 ) )
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-
- /* Store peer's ECDH public key. */
- memcpy( handshake->ecdh_psa_peerkey, p, peerkey_len );
- handshake->ecdh_psa_peerkey_len = peerkey_len;
-
- return( 0 );
-}
-#endif /* MBEDTLS_ECDH_C */
/*
* ssl_tls13_parse_hrr_key_share_ext()
@@ -564,7 +481,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
- ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
+ ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
if( ret != 0 )
return( ret );
}
@@ -1000,22 +917,6 @@
return( 0 );
}
-static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
- int cipher_suite )
-{
- const int *ciphersuite_list = ssl->conf->ciphersuite_list;
-
- /* Check whether we have offered this ciphersuite */
- for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
- {
- if( ciphersuite_list[i] == cipher_suite )
- {
- return( 1 );
- }
- }
- return( 0 );
-}
-
/* Parse ServerHello message and configure context
*
* struct {
@@ -1115,7 +1016,7 @@
if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
ssl->tls_version,
ssl->tls_version ) != 0 ) ||
- !ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
{
fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 6623e7f..f5d791f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -115,8 +115,8 @@
MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x",
sig_alg ) );
- if( ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ||
- ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ||
+ ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) )
continue;
if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
@@ -1511,4 +1511,87 @@
return( ret );
}
+#if defined(MBEDTLS_ECDH_C)
+
+int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t buf_len )
+{
+ uint8_t *p = (uint8_t*)buf;
+ const uint8_t *end = buf + buf_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* Check if key size is consistent with given buffer length. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, peerkey_len );
+
+ /* Store peer's ECDH public key. */
+ memcpy( handshake->ecdh_psa_peerkey, p, peerkey_len );
+ handshake->ecdh_psa_peerkey_len = peerkey_len;
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ psa_key_attributes_t key_attributes;
+ size_t own_pubkey_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ size_t ecdh_bits = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /* Convert EC group to PSA key type. */
+ if( ( handshake->ecdh_psa_type =
+ mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+ ssl->handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
+ return( ret );
+
+ }
+
+ /* Export the public part of the ECDH private key from PSA. */
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ buf, (size_t)( end - buf ),
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
+ return( ret );
+
+ }
+
+ *out_len = own_pubkey_len;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C */
+
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index b5f3ad7..d06b9a8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -24,16 +24,1077 @@
#include "mbedtls/debug.h"
#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif /* MBEDTLS_PLATFORM_C */
+
+/* From RFC 8446:
+ * struct {
+ * ProtocolVersion versions<2..254>;
+ * } SupportedVersions;
+ */
+static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t versions_len;
+ const unsigned char *versions_end;
+ uint16_t tls_version;
+ int tls13_supported = 0;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+ versions_len = p[0];
+ p += 1;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, versions_len );
+ versions_end = p + versions_len;
+ while( p < versions_end )
+ {
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, versions_end, 2 );
+ tls_version = mbedtls_ssl_read_version( p, ssl->conf->transport );
+ p += 2;
+
+ /* In this implementation we only support TLS 1.3 and DTLS 1.3. */
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ tls13_supported = 1;
+ break;
+ }
+ }
+
+ if( !tls13_supported )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 is not supported by the client" ) );
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+ MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Negotiated version. Supported is [%04x]",
+ (unsigned int)tls_version ) );
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_ECDH_C)
+/*
+ *
+ * From RFC 8446:
+ * enum {
+ * ... (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ */
+static int ssl_tls13_parse_supported_groups_ext(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *buf, const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t named_group_list_len;
+ const unsigned char *named_group_list_end;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "supported_groups extension", p, end - buf );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ named_group_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, named_group_list_len );
+ named_group_list_end = p + named_group_list_len;
+ ssl->handshake->hrr_selected_group = 0;
+
+ while( p < named_group_list_end )
+ {
+ uint16_t named_group;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, named_group_list_end, 2 );
+ named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
+
+ if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
+ ! mbedtls_ssl_named_group_is_supported( named_group ) ||
+ ssl->handshake->hrr_selected_group != 0 )
+ {
+ continue;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG(
+ 2, ( "add named group (%04x) into received list.",
+ named_group ) );
+ ssl->handshake->hrr_selected_group = named_group;
+ }
+
+ return( 0 );
+
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
+
+#if defined(MBEDTLS_ECDH_C)
+/*
+ * ssl_tls13_parse_key_shares_ext() verifies whether the information in the
+ * extension is correct and stores the first acceptable key share and its associated group.
+ *
+ * Possible return values are:
+ * - 0: Successful processing of the client provided key share extension.
+ * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by the client
+ * does not match a group supported by the server. A HelloRetryRequest will
+ * be needed.
+ * - A negative value for fatal errors.
+*/
+
+static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char const *p = buf;
+ unsigned char const *client_shares_end;
+ size_t client_shares_len, key_exchange_len;
+ int match_found = 0;
+
+ /* From RFC 8446:
+ *
+ * struct {
+ * KeyShareEntry client_shares<0..2^16-1>;
+ * } KeyShareClientHello;
+ *
+ */
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ client_shares_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, client_shares_len );
+
+ ssl->handshake->offered_group_id = 0;
+ client_shares_end = p + client_shares_len;
+
+ /* We try to find a suitable key share entry and copy it to the
+ * handshake context. Later, we have to find out whether we can do
+ * something with the provided key share or whether we have to
+ * dismiss it and send a HelloRetryRequest message.
+ */
+
+ for( ; p < client_shares_end; p += key_exchange_len )
+ {
+ uint16_t group;
+
+ /*
+ * struct {
+ * NamedGroup group;
+ * opaque key_exchange<1..2^16-1>;
+ * } KeyShareEntry;
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, 4 );
+ group = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, key_exchange_len );
+
+ /* Continue parsing even if we have already found a match,
+ * for input validation purposes.
+ */
+ if( match_found == 1 )
+ continue;
+
+ if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
+ ! mbedtls_ssl_named_group_is_supported( group ) )
+ {
+ continue;
+ }
+
+ /*
+ * For now, we only support ECDHE groups.
+ */
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_tls_id( group );
+ ((void) curve_info);
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+ ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
+ ssl, p - 2, key_exchange_len + 2 );
+ if( ret != 0 )
+ return( ret );
+
+ match_found = 1;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Unrecognized NamedGroup %u",
+ (unsigned) group ) );
+ continue;
+ }
+
+ ssl->handshake->offered_group_id = group;
+ }
+
+ if( match_found == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching key share" ) );
+ return( SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH );
+ }
+ return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
{
((void) ssl);
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Extensions:" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- KEY_SHARE_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_KEY_SHARE ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- PSK_KEY_EXCHANGE_MODES_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- PRE_SHARED_KEY_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SIGNATURE_ALGORITHM_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SIG_ALG ) > 0 ) ? "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SUPPORTED_GROUPS_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ) >0 ) ?
+ "TRUE" : "FALSE" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SUPPORTED_VERSION_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+#if defined ( MBEDTLS_SSL_SERVER_NAME_INDICATION )
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "- SERVERNAME_EXTENSION ( %s )",
+ ( ( ssl->handshake->extensions_present
+ & MBEDTLS_SSL_EXT_SERVERNAME ) > 0 ) ?
+ "TRUE" : "FALSE" ) );
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+}
+#endif /* MBEDTLS_DEBUG_C */
+
+static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
+ int exts_mask )
+{
+ int masked = ssl->handshake->extensions_present & exts_mask;
+ return( masked == exts_mask );
+}
+
+static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
+ mbedtls_ssl_context *ssl )
+{
+ return( ssl_tls13_client_hello_has_exts( ssl,
+ MBEDTLS_SSL_EXT_SUPPORTED_GROUPS |
+ MBEDTLS_SSL_EXT_KEY_SHARE |
+ MBEDTLS_SSL_EXT_SIG_ALG ) );
+}
+
+static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
+{
+ if( !mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
+ return( 0 );
+
+ if( !ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) )
+ return( 0 );
+
+ ssl->handshake->tls13_kex_modes =
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ return( 1 );
+}
+
+/*
+ *
+ * STATE HANDLING: ClientHello
+ *
+ * There are three possible classes of outcomes when parsing the ClientHello:
+ *
+ * 1) The ClientHello was well-formed and matched the server's configuration.
+ *
+ * In this case, the server progresses to sending its ServerHello.
+ *
+ * 2) The ClientHello was well-formed but didn't match the server's
+ * configuration.
+ *
+ * For example, the client might not have offered a key share which
+ * the server supports, or the server might require a cookie.
+ *
+ * In this case, the server sends a HelloRetryRequest.
+ *
+ * 3) The ClientHello was ill-formed
+ *
+ * In this case, we abort the handshake.
+ *
+ */
+
+/*
+ * Structure of this message:
+ *
+ * uint16 ProtocolVersion;
+ * opaque Random[32];
+ * uint8 CipherSuite[2]; // Cryptographic suite selector
+ *
+ * struct {
+ * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
+ * Random random;
+ * opaque legacy_session_id<0..32>;
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * Extension extensions<8..2^16-1>;
+ * } ClientHello;
+ */
+
+#define SSL_CLIENT_HELLO_OK 0
+#define SSL_CLIENT_HELLO_HRR_REQUIRED 1
+
+static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *p = buf;
+ size_t legacy_session_id_len;
+ const unsigned char *cipher_suites;
+ size_t cipher_suites_len;
+ const unsigned char *cipher_suites_end;
+ size_t extensions_len;
+ const unsigned char *extensions_end;
+
+ const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+
+ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+
+ /*
+ * ClientHello layout:
+ * 0 . 1 protocol version
+ * 2 . 33 random bytes
+ * 34 . 34 session id length ( 1 byte )
+ * 35 . 34+x session id
+ * .. . .. ciphersuite list length ( 2 bytes )
+ * .. . .. ciphersuite list
+ * .. . .. compression alg. list length ( 1 byte )
+ * .. . .. compression alg. list
+ * .. . .. extensions length ( 2 bytes, optional )
+ * .. . .. extensions ( optional )
+ */
+
+ /*
+ * Minimal length ( with everything empty and extensions ommitted ) is
+ * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
+ * read at least up to session id length without worrying.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
+
+ /* ...
+ * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
+ * ...
+ * with ProtocolVersion defined as:
+ * uint16 ProtocolVersion;
+ */
+ if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
+ MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+ MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ return ( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+ }
+ p += 2;
+
+ /*
+ * Only support TLS 1.3 currently, temporarily set the version.
+ */
+ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+
+ /* ---
+ * Random random;
+ * ---
+ * with Random defined as:
+ * opaque Random[32];
+ */
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
+ p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+
+ memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
+
+ /* ---
+ * opaque legacy_session_id<0..32>;
+ * ---
+ */
+ legacy_session_id_len = p[0];
+ p++;
+
+ if( legacy_session_id_len > sizeof( ssl->session_negotiate->id ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ ssl->session_negotiate->id_len = legacy_session_id_len;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
+ p, legacy_session_id_len );
+ /*
+ * Check we have enough data for the legacy session identifier
+ * and the ciphersuite list length.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_len + 2 );
+
+ memcpy( &ssl->session_negotiate->id[0], p, legacy_session_id_len );
+ p += legacy_session_id_len;
+
+ cipher_suites_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* Check we have enough data for the ciphersuite list, the legacy
+ * compression methods and the length of the extensions.
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
+
+ /* ---
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * ---
+ * with CipherSuite defined as:
+ * uint8 CipherSuite[2];
+ */
+ cipher_suites = p;
+ cipher_suites_end = p + cipher_suites_len;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+ p, cipher_suites_len );
+ /*
+ * Search for a matching ciphersuite
+ */
+ int ciphersuite_match = 0;
+ for ( ; p < cipher_suites_end; p += 2 )
+ {
+ uint16_t cipher_suite;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
+ cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+ /*
+ * Check whether this ciphersuite is valid and offered.
+ */
+ if( ( mbedtls_ssl_validate_ciphersuite(
+ ssl, ciphersuite_info, ssl->tls_version,
+ ssl->tls_version ) != 0 ) ||
+ !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ continue;
+
+ ssl->session_negotiate->ciphersuite = cipher_suite;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
+ ciphersuite_match = 1;
+
+ break;
+
+ }
+
+ if( !ciphersuite_match )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
+ ciphersuite_info->name ) );
+
+ p = cipher_suites + cipher_suites_len;
+ /* ...
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * ...
+ */
+ if( p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+ p += 2;
+
+ /* ---
+ * Extension extensions<8..2^16-1>;
+ * ---
+ * with Extension defined as:
+ * struct {
+ * ExtensionType extension_type;
+ * opaque extension_data<0..2^16-1>;
+ * } Extension;
+ */
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+ extensions_end = p + extensions_len;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
+
+ while( p < extensions_end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+ const unsigned char *extension_data_end;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+ extension_data_end = p + extension_data_len;
+
+ switch( extension_type )
+ {
+#if defined(MBEDTLS_ECDH_C)
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported group extension" ) );
+
+ /* Supported Groups Extension
+ *
+ * When sent by the client, the "supported_groups" extension
+ * indicates the named groups which the client supports,
+ * ordered from most preferred to least preferred.
+ */
+ ret = ssl_tls13_parse_supported_groups_ext( ssl, p,
+ extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_parse_supported_groups_ext", ret );
+ return( ret );
+ }
+
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+ break;
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDH_C)
+ case MBEDTLS_TLS_EXT_KEY_SHARE:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key share extension" ) );
+
+ /*
+ * Key Share Extension
+ *
+ * When sent by the client, the "key_share" extension
+ * contains the endpoint's cryptographic parameters for
+ * ECDHE/DHE key establishment methods.
+ */
+ ret = ssl_tls13_parse_key_shares_ext( ssl, p, extension_data_end );
+ if( ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "HRR needed " ) );
+ ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ }
+
+ if( ret != 0 )
+ return( ret );
+
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
+ break;
+#endif /* MBEDTLS_ECDH_C */
+
+ case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported versions extension" ) );
+
+ ret = ssl_tls13_parse_supported_versions_ext(
+ ssl, p, extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ ( "ssl_tls13_parse_supported_versions_ext" ), ret );
+ return( ret );
+ }
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
+ break;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ case MBEDTLS_TLS_EXT_SIG_ALG:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+
+ ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p,
+ extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "ssl_parse_supported_signature_algorithms_server_ext ( %d )",
+ ret ) );
+ return( ret );
+ }
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown extension found: %ud ( ignoring )",
+ extension_type ) );
+ }
+
+ p += extension_data_len;
+ }
+
+ /* Update checksum with either
+ * - The entire content of the CH message, if no PSK extension is present
+ * - The content up to but excluding the PSK extension, if present.
+ */
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ buf, p - buf );
+
+ /* List all the extensions we have received */
+#if defined(MBEDTLS_DEBUG_C)
+ ssl_tls13_debug_print_client_hello_exts( ssl );
+#endif /* MBEDTLS_DEBUG_C */
+
+ /*
+ * Here we only support the ephemeral or (EC)DHE key echange mode
+ */
+
+ if( !ssl_tls13_check_ephemeral_key_exchange( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1,
+ ( "ClientHello message misses mandatory extensions." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION ,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ return( 0 );
+}
+
+static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret );
+ return( ret );
+ }
+
+ return( 0 );
+
+}
+
+/*
+ * Main entry point from the state machine; orchestrates the otherfunctions.
+ */
+
+static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl )
+{
+
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char* buf = NULL;
+ size_t buflen = 0;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ &buf, &buflen ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
+ buf + buflen ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+ return( ret );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_SERVER_HELLO
+ */
+static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *server_randbytes =
+ ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
+ if( ssl->conf->f_rng == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+ return( MBEDTLS_ERR_SSL_NO_RNG );
+ }
+
+ if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, server_randbytes,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", server_randbytes,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+
+#if defined(MBEDTLS_HAVE_TIME)
+ ssl->session_negotiate->start = time( NULL );
+#endif /* MBEDTLS_HAVE_TIME */
+
+ return( ret );
+}
+
+/*
+ * ssl_tls13_write_server_hello_supported_versions_ext ():
+ *
+ * struct {
+ * ProtocolVersion selected_version;
+ * } SupportedVersions;
+ */
+static int ssl_tls13_write_server_hello_supported_versions_ext(
+ mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, write selected version" ) );
+
+ /* Check if we have space to write the extension:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - selected_version (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 6 );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0 );
+
+ MBEDTLS_PUT_UINT16_BE( 2, buf, 2 );
+
+ mbedtls_ssl_write_version( buf + 4,
+ ssl->conf->transport,
+ ssl->tls_version );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%04x]",
+ ssl->tls_version ) );
+
+ *out_len = 6;
+
+ return( 0 );
+}
+
+
+
+/* Generate and export a single key share. For hybrid KEMs, this can
+ * be called multiple times with the different components of the hybrid. */
+static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ *out_len = 0;
+
+#if defined(MBEDTLS_ECDH_C)
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
+ {
+ ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
+ ssl, named_group, buf, end, out_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange",
+ ret );
+ return( ret );
+ }
+ }
+ else
+#endif /* MBEDTLS_ECDH_C */
+ if( 0 /* Other kinds of KEMs */ )
+ {
+ }
+ else
+ {
+ ((void) ssl);
+ ((void) named_group);
+ ((void) buf);
+ ((void) end);
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ }
+
+ return( ret );
+}
+
+/*
+ * ssl_tls13_write_key_share_ext
+ *
+ * Structure of key_share extension in ServerHello:
+ *
+ * struct {
+ * NamedGroup group;
+ * opaque key_exchange<1..2^16-1>;
+ * } KeyShareEntry;
+ * struct {
+ * KeyShareEntry server_share;
+ * } KeyShareServerHello;
+ */
+static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ uint16_t group = ssl->handshake->offered_group_id;
+ unsigned char *server_share = buf + 4;
+ size_t key_exchange_length;
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding key share extension" ) );
+
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - group (2 bytes)
+ * - key_exchange_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 8 );
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( group, server_share, 0 );
+ p += 8;
+
+ /* When we introduce PQC-ECDHE hybrids, we'll want to call this
+ * function multiple times. */
+ ret = ssl_tls13_generate_and_write_key_share(
+ ssl, group, server_share + 4, end, &key_exchange_length );
+ if( ret != 0 )
+ return( ret );
+ p += key_exchange_length;
+ MBEDTLS_PUT_UINT16_BE( key_exchange_length, server_share + 2, 0 );
+
+ MBEDTLS_PUT_UINT16_BE( p - server_share, buf, 2 );
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+
+/*
+ * Structure of ServerHello message:
+ *
+ * struct {
+ * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
+ * Random random;
+ * opaque legacy_session_id_echo<0..32>;
+ * CipherSuite cipher_suite;
+ * uint8 legacy_compression_method = 0;
+ * Extension extensions<6..2^16-1>;
+ * } ServerHello;
+ */
+static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ unsigned char *p_extensions_len;
+ size_t output_len; /* Length of buffer used by function */
+
+ *out_len = 0;
+
+ /* ...
+ * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
+ * ...
+ * with ProtocolVersion defined as:
+ * uint16 ProtocolVersion;
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 );
+ p += 2;
+
+ /* ...
+ * Random random;
+ * ...
+ * with Random defined as:
+ * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
+ p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
+
+ /* ...
+ * opaque legacy_session_id_echo<0..32>;
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + ssl->session_negotiate->id_len );
+ *p++ = (unsigned char)ssl->session_negotiate->id_len;
+ if( ssl->session_negotiate->id_len > 0 )
+ {
+ memcpy( p, &ssl->session_negotiate->id[0],
+ ssl->session_negotiate->id_len );
+ p += ssl->session_negotiate->id_len;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
+ ssl->session_negotiate->id_len );
+ }
+
+ /* ...
+ * CipherSuite cipher_suite;
+ * ...
+ * with CipherSuite defined as:
+ * uint8 CipherSuite[2];
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "server hello, chosen ciphersuite: %s ( id=%d )",
+ mbedtls_ssl_get_ciphersuite_name(
+ ssl->session_negotiate->ciphersuite ),
+ ssl->session_negotiate->ciphersuite ) );
+
+ /* ...
+ * uint8 legacy_compression_method = 0;
+ * ...
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+ *p++ = 0x0;
+
+ /* ...
+ * Extension extensions<6..2^16-1>;
+ * ...
+ * struct {
+ * ExtensionType extension_type; (2 bytes)
+ * opaque extension_data<0..2^16-1>;
+ * } Extension;
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ p_extensions_len = p;
+ p += 2;
+
+ if( ( ret = ssl_tls13_write_server_hello_supported_versions_ext(
+ ssl, p, end, &output_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_write_server_hello_supported_versions_ext", ret );
+ return( ret );
+ }
+ p += output_len;
+
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
+
+ MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "server hello extensions",
+ p_extensions_len, p - p_extensions_len );
+
+ *out_len = p - buf;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len );
+
+ return( ret );
+}
+
+static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_server_hello( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
+ buf + buf_len,
+ &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+ return( ret );
+}
+
+/*
+ * TLS 1.3 State Machine -- server side
+ */
+int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %s(%d)",
mbedtls_ssl_states_str( ssl->state ),
ssl->state ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ switch( ssl->state )
+ {
+ /* start state */
+ case MBEDTLS_SSL_HELLO_REQUEST:
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+
+ ret = 0;
+ break;
+
+ case MBEDTLS_SSL_CLIENT_HELLO:
+
+ ret = ssl_tls13_process_client_hello( ssl );
+ if( ret != 0 )
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+
+ break;
+
+ case MBEDTLS_SSL_SERVER_HELLO:
+ ret = ssl_tls13_write_server_hello( ssl );
+ break;
+
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ return( ret );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 66db38b..a91af0e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -65,7 +65,7 @@
#include <windows.h>
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
#endif
@@ -1418,7 +1418,7 @@
int i;
char *p, *q;
const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
#endif
unsigned char eap_tls_keymaterial[16];
@@ -1484,7 +1484,7 @@
mbedtls_ssl_cookie_init( &cookie_ctx );
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if( status != PSA_SUCCESS )
{
@@ -4144,7 +4144,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char* message = mbedtls_test_helper_is_psa_leaking();
if( message )
{
@@ -4156,8 +4156,8 @@
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) \
+ && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free( );
#endif
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 569f147..6ff2eb8 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -175,29 +175,38 @@
* Updated manually as the output of the following command:
*
* sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
- * awk '{print length+2}' | sort -rn | head -n1
+ * awk '{print length+3}' | sort -rn | head -n1
*
- * This computes the maximum length of a title +2 (because we appends "/s").
- * (If the value is too small, the only consequence is poor alignement.) */
-#define TITLE_SPACE 16
+ * This computes the maximum length of a title +3, because we appends "/s" and
+ * want at least one space. (If the value is too small, the only consequence
+ * is poor alignement.) */
+#define TITLE_SPACE 17
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
+ size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
mbedtls_memory_buffer_alloc_max_reset( );
+#define MEMORY_MEASURE_RESET \
+ mbedtls_memory_buffer_alloc_count_get( &prv_alloc, &prv_free );
+
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
+ mbedtls_memory_buffer_alloc_count_get( &alloc_cnt, &free_cnt ); \
ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
while( ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
- mbedtls_printf( "%6u heap bytes", (unsigned) max_bytes );
+ mbedtls_printf( "%6u heap bytes, %6u allocs", \
+ (unsigned) max_bytes, \
+ (unsigned)( alloc_cnt - prv_alloc ) );
#else
#define MEMORY_MEASURE_INIT
+#define MEMORY_MEASURE_RESET
#define MEMORY_MEASURE_PRINT( title_len )
#endif
@@ -214,6 +223,7 @@
ret = 0; \
for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ ) \
{ \
+ MEMORY_MEASURE_RESET; \
CODE; \
} \
\
@@ -489,30 +499,6 @@
} \
}
-/*
- * Clear some memory that was used to prepare the context
- */
-#if defined(MBEDTLS_ECP_C)
-void ecp_clear_precomputed( mbedtls_ecp_group *grp )
-{
- if( grp->T != NULL
-#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
- && grp->T_size != 0
-#endif
- )
- {
- size_t i;
- for( i = 0; i < grp->T_size; i++ )
- mbedtls_ecp_point_free( &grp->T[i] );
- mbedtls_free( grp->T );
- }
- grp->T = NULL;
- grp->T_size = 0;
-}
-#else
-#define ecp_clear_precomputed( g )
-#endif
-
#if defined(MBEDTLS_ECP_C)
static int set_ecp_curve( const char *string, mbedtls_ecp_curve_info *curve )
{
@@ -641,6 +627,10 @@
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
+ /* Avoid "unused static function" warning in configurations without
+ * symmetric crypto. */
+ (void) mbedtls_timing_hardclock;
+
#if defined(MBEDTLS_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) );
@@ -1078,7 +1068,6 @@
if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
mbedtls_exit( 1 );
- ecp_clear_precomputed( &ecdsa.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
curve_info->name );
@@ -1104,7 +1093,6 @@
{
mbedtls_exit( 1 );
}
- ecp_clear_precomputed( &ecdsa.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
curve_info->name );
@@ -1162,7 +1150,6 @@
CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
myrand, NULL ) );
CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
- ecp_clear_precomputed( &ecdh.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s",
curve_info->name );
@@ -1212,7 +1199,6 @@
CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) );
CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
myrand, NULL ) );
- ecp_clear_precomputed( &ecdh.grp );
mbedtls_snprintf( title, sizeof( title ), "ECDH-%s",
curve_info->name );
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index acf51f2..43fc7df 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -57,27 +57,39 @@
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_ECDSA_C
+#define MBEDTLS_SHA256_C // ECDSA benchmark needs it
+#define MBEDTLS_SHA224_C // SHA256 requires this for now
#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+// NIST curves >= 256 bits
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+// SECP "koblitz-like" curve >= 256 bits
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+// Brainpool curves (no specialised "mod p" routine)
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+// Montgomery curves
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-//#define MBEDTLS_ECP_WINDOW_SIZE 6
+#define MBEDTLS_HAVE_ASM // just make things a bit faster
+#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations
+
+//#define MBEDTLS_ECP_WINDOW_SIZE 4
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
EOF
for F in 0 1; do
- for W in 2 3 4 5 6; do
+ for W in 2 3 4; do
scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W
scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F
make benchmark >/dev/null 2>&1
echo "fixed point optim = $F, max window size = $W"
echo "--------------------------------------------"
- programs/test/benchmark
+ programs/test/benchmark ecdh ecdsa
done
done
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index a722c19..42e4fc8 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
-"""Generate library/ssl_debug_helps_generated.c
+"""Generate library/ssl_debug_helpers_generated.c
The code generated by this module includes debug helper functions that can not be
implemented by fixed codes.
@@ -224,7 +224,7 @@
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{{
- return "UNKOWN_VAULE";
+ return "UNKNOWN_VALUE";
}}
return in_to_str[ in ];
}}
@@ -296,9 +296,9 @@
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
/**
- * \file ssl_debug_helpers_generated.c
+ * \\file ssl_debug_helpers_generated.c
*
- * \brief Automatically generated helper functions for debugging
+ * \\brief Automatically generated helper functions for debugging
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8528a4f..f211577 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -866,6 +866,12 @@
fi
tests/scripts/check_test_cases.py $opt
unset opt
+
+ # Check that no tests are explicitely disabled when USE_PSA_CRYPTO is set
+ # as a matter of policy to ensure there is no missed testing
+ msg "Check: explicitely disabled test with USE_PSA_CRYPTO" # < 1s
+ not grep -n 'depends_on:.*!MBEDTLS_USE_PSA_CRYPTO' tests/suites/*.function tests/suites/*.data
+ not grep -n '^ *requires_config_disabled.*MBEDTLS_USE_PSA_CRYPTO' tests/ssl-opt.sh tests/opt-testcases/*.sh
}
component_check_doxygen_warnings () {
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 94cd373..4f28269 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9903,14 +9903,6 @@
-c "Version: TLS1.3"
# TLS1.3 test cases
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-skip_handshake_stage_check
-run_test "TLS 1.3: No server support" \
- "$P_SRV debug_level=2 force_version=tls13" \
- "$P_CLI debug_level=2 force_version=tls13" \
- 1 \
- -s "The requested feature is not available"
-
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -9983,7 +9975,6 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: alpn - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -10019,7 +10010,6 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: alpn - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -10754,6 +10744,53 @@
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_openssl_tls1_3
+run_test "TLS 1.3: Server side check - openssl" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -tls1_3" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3: Server side check - gnutls" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Server side check - mbedtls" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$P_CLI debug_level=4 force_version=tls13" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
for i in opt-testcases/*.sh
do
TEST_SUITE_NAME=${i##*/}
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 4496812..5e4cdaa 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -82,13 +82,14 @@
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
- mbedtls_mpi d, r, s, r_check, s_check;
+ mbedtls_mpi d, r, s, r_check, s_check, zero;
mbedtls_test_rnd_buf_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
+ mbedtls_mpi_init( &zero );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
@@ -117,20 +118,68 @@
if ( result == 0)
{
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
+ /* Check we generated the expected values */
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &r, &r_check ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &s, &s_check ), 0 );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
+ /* Valid signature */
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
+ &Q, &r_check, &s_check ), 0 );
- TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
+ /* Invalid signature: wrong public key (G instead of Q) */
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
+ &grp.G, &r_check, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
- &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
- &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
- &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ /* Invalid signatures: r or s or both one off */
+ TEST_EQUAL( mbedtls_mpi_sub_int( &r, &r_check, 1 ), 0 );
+ TEST_EQUAL( mbedtls_mpi_add_int( &s, &s_check, 1 ), 0 );
+
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
+ /* Invalid signatures: r, s or both (CVE-2022-21449) are zero */
+ TEST_EQUAL( mbedtls_mpi_lset( &zero, 0 ), 0 );
+
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &zero, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r_check, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &zero, &zero ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
+ /* Invalid signatures: r, s or both are == N */
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &grp.N, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r_check, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &grp.N, &grp.N ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
+ /* Invalid signatures: r, s or both are negative */
+ TEST_EQUAL( mbedtls_mpi_sub_mpi( &r, &r_check, &grp.N ), 0 );
+ TEST_EQUAL( mbedtls_mpi_sub_mpi( &s, &s_check, &grp.N ), 0 );
+
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
+ /* Invalid signatures: r or s or both are > N */
+ TEST_EQUAL( mbedtls_mpi_add_mpi( &r, &r_check, &grp.N ), 0 );
+ TEST_EQUAL( mbedtls_mpi_add_mpi( &s, &s_check, &grp.N ), 0 );
+
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s_check ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r_check, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_EQUAL( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q,
+ &r, &s ), MBEDTLS_ERR_ECP_VERIFY_FAILED );
}
exit:
@@ -138,6 +187,7 @@
mbedtls_ecp_point_free( &Q );
mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
mbedtls_mpi_free( &r_check ); mbedtls_mpi_free( &s_check );
+ mbedtls_mpi_free( &zero );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 306cfd7..a0844ea 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -185,12 +185,8 @@
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:128:0
-Verify ext RSA #5 using PSA (PKCS1 v2.1, wrong salt_len)
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO
-pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:MBEDTLS_ERR_RSA_VERIFY_FAILED
-
Verify ext RSA #5 (PKCS1 v2.1, wrong salt_len)
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:!MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:32:128:MBEDTLS_ERR_RSA_INVALID_PADDING
Verify ext RSA #6 (PKCS1 v2.1, MGF1 alg != MSG hash alg)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 8fd5367..4b3af4c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -487,6 +487,7 @@
mbedtls_pk_rsassa_pss_options pss_opts;
void *options;
size_t hash_len;
+ int ret;
USE_PSA_INIT( );
mbedtls_pk_init( &pk );
@@ -526,9 +527,29 @@
pss_opts.expected_salt_len = salt_len;
}
- TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
- digest, hash_result, hash_len,
- result_str->x, sig_len ) == result );
+ ret = mbedtls_pk_verify_ext( pk_type, options, &pk,
+ digest, hash_result, hash_len,
+ result_str->x, sig_len );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( result == MBEDTLS_ERR_RSA_INVALID_PADDING )
+ {
+ /* Mbed TLS distinguishes "invalid padding" from "valid padding but
+ * the rest of the signature is invalid". This has little use in
+ * practice and PSA doesn't report this distinction.
+ * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated
+ * to MBEDTLS_ERR_RSA_VERIFY_FAILED.
+ * However, currently `mbedtls_pk_verify_ext()` may use either the
+ * PSA or the Mbed TLS API, depending on the PSS options used.
+ * So, it may return either INVALID_PADDING or INVALID_SIGNATURE.
+ */
+ TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED );
+ }
+ else
+#endif
+ {
+ TEST_EQUAL( ret, result );
+ }
exit:
mbedtls_pk_free( &pk );
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index bf1e01b..0a8d595 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -781,14 +781,26 @@
depends_on:!MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP
asymmetric_encrypt:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3":"874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
-PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1
+PSA AEAD encrypt setup, AES-GCM, 128 bytes #1
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_SUCCESS:PSA_SUCCESS
-PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback
+PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
-PSA multi-part AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
+PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA AEAD decrypt setup, AES-GCM, 144 bytes #1
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS:PSA_SUCCESS
+
+PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
+aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 9e433bc..a5ea840 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -2432,9 +2432,7 @@
/* Compare output_data and expected_ciphertext */
ASSERT_COMPARE( expected_ciphertext->x, expected_ciphertext->len,
- output_data, output_length );
-
- TEST_EQUAL( output_length + finish_output_length, expected_ciphertext->len );
+ output_data, output_length + finish_output_length );
/* Compare tag and expected_tag */
ASSERT_COMPARE( expected_tag->x, expected_tag->len, tag_buffer, tag_length );
@@ -2448,3 +2446,105 @@
mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_decrypt_setup( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_ciphertext,
+ data_t *input_tag,
+ data_t *expected_result,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ size_t verify_output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+ psa_aead_operation_t operation = psa_aead_operation_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
+
+ PSA_INIT( );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ output_size = input_ciphertext->len;
+
+ ASSERT_ALLOC( output_data, output_size );
+
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
+
+ status = psa_aead_decrypt_setup( &operation, key, alg );
+
+ TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
+ PSA_SUCCESS : forced_status );
+
+ TEST_EQUAL( status, expected_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1 );
+
+ if( status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_set_nonce,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_ciphertext->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_set_lengths,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_update_ad,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ PSA_ASSERT( psa_aead_update( &operation, input_ciphertext->x,
+ input_ciphertext->len, output_data,
+ output_size, &output_length ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_update,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Offset applied to output_data in order to handle cases where verify()
+ * outputs further data */
+ PSA_ASSERT( psa_aead_verify( &operation, output_data + output_length,
+ output_size - output_length,
+ &verify_output_length, input_tag->x,
+ input_tag->len ) );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_verify,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ /* Since this is a decryption operation,
+ * finish should never be hit */
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_finish, 0 );
+
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_abort,
+ forced_status == PSA_SUCCESS ? 1 : 0 );
+
+ ASSERT_COMPARE( expected_result->x, expected_result->len,
+ output_data, output_length + verify_output_length );
+ }
+
+exit:
+ PSA_ASSERT( psa_destroy_key( key ) );
+ mbedtls_free( output_data );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 6d14086..848a497 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3277,9 +3277,9 @@
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-Version config: unsupported server TLS 1.3 only
+Version config: valid server TLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
-conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0
Version config: unsupported server DTLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 0565603..e42f8ba 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4844,7 +4844,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void mbedtls_endpoint_sanity( int endpoint_type )
{
enum { BUFFSIZE = 1024 };
@@ -4867,13 +4867,15 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
mbedtls_endpoint base_ep, second_ep;
int ret = -1;
+ USE_PSA_INIT( );
+
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
@@ -4906,6 +4908,7 @@
exit:
mbedtls_endpoint_free( &base_ep, NULL );
mbedtls_endpoint_free( &second_ep, NULL );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -4980,7 +4983,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -4992,7 +4995,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -5004,7 +5007,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_serialization( )
{
handshake_test_options options;
@@ -5018,7 +5021,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
{
handshake_test_options options;
@@ -5054,7 +5057,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void renegotiation( int legacy_renegotiation )
{
handshake_test_options options;
@@ -5070,7 +5073,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher )
{
@@ -5091,7 +5094,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers_serialize_mfl( int mfl )
{
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -5102,7 +5105,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
char *cipher )
{
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index efc2fc9..888c9ab 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -26,6 +26,10 @@
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
+Certificate Request check opaque Server1 key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_csr_check_opaque:"data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
+
Certificate Request check Server1 key_usage empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
@@ -52,44 +56,71 @@
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, CA
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, CA
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
+Certificate write check Server1 SHA1, Opaque
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, ns_cert_type
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, version 1
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Opaque, CA
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+
+Certificate write check Server5 ECDSA
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
+
+Certificate write check Server5 ECDSA, Opaque
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 947fcc4..485bbe2 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -223,7 +223,8 @@
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int rsa_alt, int is_ca )
+ int ver, char *cert_check_file, int pk_wrap, int is_ca,
+ char *cert_verify_file )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -237,6 +238,10 @@
int der_len = -1;
FILE *f;
mbedtls_test_rnd_pseudo_info rnd_info;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif
+ mbedtls_pk_type_t issuer_key_type;
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
@@ -255,9 +260,11 @@
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ issuer_key_type = mbedtls_pk_get_type( &issuer_key );
+
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
+ if( pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA )
{
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
mbedtls_pk_rsa( issuer_key ),
@@ -267,10 +274,24 @@
key = &issuer_key_alt;
}
-#else
- (void) rsa_alt;
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* For Opaque PK contexts, wrap key as an Opaque RSA context. */
+ if( pk_wrap == 2 )
+ {
+ psa_algorithm_t md_alg_psa =
+ mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+
+ TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id,
+ md_alg_psa ) == 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( pk_wrap == 2 )
+ TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE );
+
TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
@@ -312,14 +333,40 @@
TEST_ASSERT( buf[buf_index] == 0 );
}
- f = fopen( cert_check_file, "r" );
- TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof( check_buf ), f );
- fclose( f );
- TEST_ASSERT( olen < sizeof( check_buf ) );
+ if( issuer_key_type != MBEDTLS_PK_RSA )
+ {
+ mbedtls_x509_crt crt_parse, trusted;
+ uint32_t flags;
- TEST_ASSERT( olen >= pem_len - 1 );
- TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ mbedtls_x509_crt_init( &crt_parse );
+ mbedtls_x509_crt_init( &trusted );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted,
+ cert_verify_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse( &crt_parse,
+ buf, sizeof( buf ) ) == 0 );
+
+ ret = mbedtls_x509_crt_verify( &crt_parse, &trusted, NULL, NULL, &flags,
+ NULL, NULL );
+
+ mbedtls_x509_crt_free( &crt_parse );
+ mbedtls_x509_crt_free( &trusted );
+
+ TEST_EQUAL( flags, 0 );
+ TEST_EQUAL( ret, 0 );
+ }
+ else
+ {
+ f = fopen( cert_check_file, "r" );
+ TEST_ASSERT( f != NULL );
+ olen = fread( check_buf, 1, sizeof( check_buf ), f );
+ fclose( f );
+ TEST_ASSERT( olen < sizeof( check_buf ) );
+
+ TEST_EQUAL( olen, pem_len );
+ TEST_ASSERT( olen >= pem_len - 1 );
+ TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+ }
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
mbedtls_test_rnd_pseudo_rand,
@@ -329,7 +376,17 @@
if( der_len == 0 )
goto exit;
- ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, result length isn't
+ // deterministic over multiple runs, removing a single byte isn't enough to
+ // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
+ if( issuer_key_type != MBEDTLS_PK_RSA )
+ der_len /= 2;
+ else
+#endif
+ der_len -= 1;
+
+ ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len ),
mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -339,6 +396,9 @@
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( key_id );
+#endif
USE_PSA_DONE( );
}
/* END_CASE */