Merge pull request #5701 from hanno-arm/mpi_mul_hlp
Make size of output in mpi_mul_hlp() explicit
diff --git a/ChangeLog.d/alert_reentrant.txt b/ChangeLog.d/alert_reentrant.txt
new file mode 100644
index 0000000..691d64c
--- /dev/null
+++ b/ChangeLog.d/alert_reentrant.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
+ potentially leading to corrupted alert messages being sent in case
+ the function needs to be re-called after initially returning
+ MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
diff --git a/ChangeLog.d/fix-parllel-cmake-build-fail.txt b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
new file mode 100644
index 0000000..4746c7b
--- /dev/null
+++ b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a race condition in out-of-source builds with CMake when generated data
+ files are already present. Fixes #5374
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
new file mode 100644
index 0000000..6878645
--- /dev/null
+++ b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compilation on Windows when building shared library, by setting
+ library search path to CMAKE_CURRENT_BINARY_DIR.
diff --git a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
new file mode 100644
index 0000000..28c3371
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
@@ -0,0 +1,4 @@
+Features
+ * Introduce mbedtls_ssl_hs_cb_t typedef for use with
+ mbedtls_ssl_conf_cert_cb() and perhaps future callbacks
+ during TLS handshake.
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index edba4a0..31fab4e 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -21,7 +21,7 @@
*/
/*
* Minimal configuration of features that do not require an entropy source
- * Distinguishing reatures:
+ * Distinguishing features:
* - no entropy module
* - no TLS protocol implementation available due to absence of an entropy
* source
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e8a2705..72a1e10 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -129,7 +129,12 @@
* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
* MBEDTLS_PLATFORM_STD_TIME.
*
- * Comment if your system does not support time functions
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ * interface - timing.c will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
*/
#define MBEDTLS_HAVE_TIME
@@ -1273,7 +1278,7 @@
* Enable an implementation of SHA-256 that has lower ROM footprint but also
* lower performance.
*
- * The default implementation is meant to be a reasonnable compromise between
+ * The default implementation is meant to be a reasonable compromise between
* performance and size. This version optimizes more aggressively for size at
* the expense of performance. Eg on Cortex-M4 it reduces the size of
* mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
@@ -3013,6 +3018,10 @@
* your own implementation of the whole module by setting
* \c MBEDTLS_TIMING_ALT in the current file.
*
+ * \note The timing module will include time.h on suitable platforms
+ * regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ * MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
* \note See also our Knowledge Base article about porting to a new
* environment:
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 324612a..7e056db 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -330,8 +330,8 @@
* storing and manipulating the key material directly.
*
* \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC key pair
- * (see notes below).
+ * \param key The PSA key to wrap, which must hold an ECC or RSA key
+ * pair (see notes below).
*
* \note The wrapped key must remain valid as long as the
* wrapping PK context is in use, that is at least between
@@ -339,8 +339,8 @@
* mbedtls_pk_free() is called on this context. The wrapped
* key might then be independently used or destroyed.
*
- * \note This function is currently only available for ECC key
- * pairs (that is, ECC keys containing private key material).
+ * \note This function is currently only available for ECC or RSA
+ * key pairs (that is, keys containing private key material).
* Support for other key types may be added later.
*
* \return \c 0 on success.
@@ -923,7 +923,8 @@
* change or be removed at any time without notice.
*
* \note Only ECDSA keys are supported so far. Signing with the
- * specified hash is the only allowed use of that key.
+ * specified hash & ECDH key agreement derivation operation
+ * are the only allowed use of that key.
*
* \param pk Input: the EC key to import to a PSA key.
* Output: a PK context wrapping that PSA key.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9be083a..9b29c85 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1218,6 +1218,25 @@
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief Callback type: generic handshake callback
+ *
+ * \note Callbacks may use user_data funcs to set/get app user data.
+ * See \c mbedtls_ssl_get_user_data_p()
+ * \c mbedtls_ssl_get_user_data_n()
+ * \c mbedtls_ssl_conf_get_user_data_p()
+ * \c mbedtls_ssl_conf_get_user_data_n()
+ *
+ * \param ssl \c mbedtls_ssl_context on which the callback is run
+ *
+ * \return The return value of the callback is 0 if successful,
+ * or a specific MBEDTLS_ERR_XXX code, which will cause
+ * the handshake to be aborted.
+ */
+typedef int (*mbedtls_ssl_hs_cb_t)( mbedtls_ssl_context *ssl );
+#endif
+
/* A type for storing user data in a library structure.
*
* The representation of type may change in future versions of the library.
@@ -1477,7 +1496,7 @@
mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data);
#if defined(MBEDTLS_SSL_SRV_C)
- int (*MBEDTLS_PRIVATE(f_cert_cb))(mbedtls_ssl_context *); /*!< certificate selection callback */
+ mbedtls_ssl_hs_cb_t MBEDTLS_PRIVATE(f_cert_cb); /*!< certificate selection callback */
#endif /* MBEDTLS_SSL_SRV_C */
};
@@ -2278,19 +2297,15 @@
* If set, the callback is always called for each handshake,
* after `ClientHello` processing has finished.
*
- * The callback has the following parameters:
- * - \c mbedtls_ssl_context*: The SSL context to which
- * the operation applies.
- * The return value of the callback is 0 if successful,
- * or a specific MBEDTLS_ERR_XXX code, which will cause
- * the handshake to be aborted.
- *
* \param conf The SSL configuration to register the callback with.
* \param f_cert_cb The callback for selecting server certificate after
* `ClientHello` processing has finished.
*/
-void mbedtls_ssl_conf_cert_cb( mbedtls_ssl_config *conf,
- int (*f_cert_cb)(mbedtls_ssl_context *) );
+static inline void mbedtls_ssl_conf_cert_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_hs_cb_t f_cert_cb )
+{
+ conf->MBEDTLS_PRIVATE(f_cert_cb) = f_cert_cb;
+}
#endif /* MBEDTLS_SSL_SRV_C */
/**
@@ -4812,7 +4827,7 @@
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
/**
- * \brief Load reasonnable default SSL configuration values.
+ * \brief Load reasonable default SSL configuration values.
* (You need to call mbedtls_ssl_config_init() first.)
*
* \param conf SSL configuration context
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index df7f170..6bb2ad3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -260,6 +260,7 @@
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
+ set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.1.0 SOVERSION 11)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
diff --git a/library/pk.c b/library/pk.c
index 7f4d5fe..0f465cd 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -22,6 +22,7 @@
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk.h"
#include "pk_wrap.h"
+#include "pkwrite.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -153,7 +154,7 @@
int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
const mbedtls_svc_key_id_t key )
{
- const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
+ const mbedtls_pk_info_t *info = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t *pk_ctx;
psa_key_type_t type;
@@ -166,9 +167,12 @@
type = psa_get_key_type( &attributes );
psa_reset_key_attributes( &attributes );
- /* Current implementation of can_do() relies on this. */
- if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ info = &mbedtls_pk_ecdsa_opaque_info;
+ else if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ info = &mbedtls_pk_rsa_opaque_info;
+ else
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
@@ -699,55 +703,100 @@
* Load the key to a PSA key slot,
* then turn the PK context into a wrapper for that key slot.
*
- * Currently only works for EC private keys.
+ * Currently only works for EC & RSA private keys.
*/
int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
mbedtls_svc_key_id_t *key,
psa_algorithm_t hash_alg )
{
-#if !defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) hash_alg);
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
#else
- const mbedtls_ecp_keypair *ec;
- unsigned char d[MBEDTLS_ECP_MAX_BYTES];
- size_t d_len;
- psa_ecc_family_t curve_id;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- size_t bits;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
+ {
+ const mbedtls_ecp_keypair *ec;
+ unsigned char d[MBEDTLS_ECP_MAX_BYTES];
+ size_t d_len;
+ psa_ecc_family_t curve_id;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
+ size_t bits;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status;
- /* export the private key material in the format PSA wants */
- if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ /* export the private key material in the format PSA wants */
+ ec = mbedtls_pk_ec( *pk );
+ d_len = PSA_BITS_TO_BYTES( ec->grp.nbits );
+ if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
+ return( ret );
- ec = mbedtls_pk_ec( *pk );
- d_len = ( ec->grp.nbits + 7 ) / 8;
- if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
- return( ret );
+ curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
- curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
+ /* prepare the key attributes */
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, bits );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) );
+ psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH );
- /* prepare the key attributes */
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
+ /* import private key into PSA */
+ status = psa_import_key( &attributes, d, d_len, key );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
- /* import private key into PSA */
- if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ /* make PK context wrap the key slot */
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
- /* make PK context wrap the key slot */
- mbedtls_pk_free( pk );
- mbedtls_pk_init( pk );
-
- return( mbedtls_pk_setup_opaque( pk, *key ) );
+ return( mbedtls_pk_setup_opaque( pk, *key ) );
+ }
+ else
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
+ {
+ unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ int key_len;
+ psa_status_t status;
+
+ /* export the private key material in the format PSA wants */
+ key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* prepare the key attributes */
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+ psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes,
+ PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) );
+
+ /* import private key into PSA */
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len,
+ key_len, key);
+
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
+
+ /* make PK context wrap the key slot */
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
+
+ return( mbedtls_pk_setup_opaque( pk, *key ) );
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_C */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 2668290..a9c3c71 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1493,21 +1493,23 @@
return( bits );
}
-static int pk_opaque_can_do( mbedtls_pk_type_t type )
+static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type )
{
- /* For now opaque PSA keys can only wrap ECC keypairs,
- * as checked by setup_psa().
- * Also, ECKEY_DH does not really make sense with the current API. */
return( type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECDSA );
}
+static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
+{
+ return( type == MBEDTLS_PK_RSA );
+}
+
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
-#if !defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C)
((void) ctx);
((void) md_alg);
((void) hash);
@@ -1518,31 +1520,92 @@
((void) f_rng);
((void) p_rng);
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#else /* !MBEDTLS_ECDSA_C */
+#else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
- psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ psa_key_type_t type;
psa_status_t status;
/* PSA has its own RNG */
(void) f_rng;
(void) p_rng;
+ status = psa_get_key_attributes( *key, &attributes );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa( status ) );
+
+ type = psa_get_key_type( &attributes );
+ psa_reset_key_attributes( &attributes );
+
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+ else
+#endif /* MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
/* make the signature */
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
- return( mbedtls_pk_error_from_psa_ecdsa( status ) );
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ return( mbedtls_pk_error_from_psa_ecdsa( status ) );
+ else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ else
+#endif /* MBEDTLS_RSA_C */
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
- /* transcode it to ASN.1 sequence */
- return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
-#endif /* !MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+ /* transcode it to ASN.1 sequence */
+ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
+#endif /* MBEDTLS_ECDSA_C */
+
+ return 0;
+#endif /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
}
-const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
+const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
pk_opaque_get_bitlen,
- pk_opaque_can_do,
+ pk_opaque_ecdsa_can_do,
+ NULL, /* verify - will be done later */
+ pk_opaque_sign_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restartable verify - not relevant */
+ NULL, /* restartable sign - not relevant */
+#endif
+ NULL, /* decrypt - not relevant */
+ NULL, /* encrypt - not relevant */
+ NULL, /* check_pair - could be done later or left NULL */
+ pk_opaque_alloc_wrap,
+ pk_opaque_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restart alloc - not relevant */
+ NULL, /* restart free - not relevant */
+#endif
+ NULL, /* debug - could be done later, or even left NULL */
+};
+
+const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
+ MBEDTLS_PK_OPAQUE,
+ "Opaque",
+ pk_opaque_get_bitlen,
+ pk_opaque_rsa_can_do,
NULL, /* verify - will be done later */
pk_opaque_sign_wrap,
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 1b490cc..5e81a65 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -136,7 +136,8 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
+extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
+extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 87285f0..8b99340 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -279,21 +279,35 @@
bits = psa_get_key_bits( &attributes );
psa_reset_key_attributes( &attributes );
- curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
- if( curve == 0 )
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) )
+ {
+ curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits,
+ &oid, &oid_len );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ /* Write EC algorithm parameters; that's akin
+ * to pk_write_ec_param() above. */
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
+ oid,
+ oid_len ) );
+
+ /* The rest of the function works as for legacy EC contexts. */
+ pk_type = MBEDTLS_PK_ECKEY;
+ }
+ else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ {
+ /* The rest of the function works as for legacy RSA contexts. */
+ pk_type = MBEDTLS_PK_RSA;
+ }
+ else
+ {
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
- ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
- if( ret != 0 )
- return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
- /* Write EC algorithm parameters; that's akin
- * to pk_write_ec_param() above. */
- MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
- oid, oid_len ) );
-
- /* The rest of the function works as for legacy EC contexts. */
- pk_type = MBEDTLS_PK_ECKEY;
+ }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 4964787..254627f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -644,8 +644,9 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_key_type_t ecdh_psa_type;
- uint16_t ecdh_bits;
+ size_t ecdh_bits;
mbedtls_svc_key_id_t ecdh_psa_privkey;
+ uint8_t ecdh_psa_privkey_is_external;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2222,6 +2223,8 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
case PSA_ERROR_BAD_STATE:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
default:
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
}
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4eac24b..051e4b0 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4855,6 +4855,9 @@
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( ssl->out_left != 0 )
+ return( mbedtls_ssl_flush_output( ssl ) );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
@@ -5714,9 +5717,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
- if( ssl->out_left != 0 )
- return( mbedtls_ssl_flush_output( ssl ) );
-
if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 94cb776..3fc0701 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1313,14 +1313,6 @@
}
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_cert_cb( mbedtls_ssl_config *conf,
- int (*f_cert_cb)(mbedtls_ssl_context *) )
-{
- conf->f_cert_cb = f_cert_cb;
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
mbedtls_ssl_cache_get_t *f_get_cache,
@@ -3204,7 +3196,8 @@
#if defined(MBEDTLS_ECDH_C) && \
( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
- psa_destroy_key( handshake->ecdh_psa_privkey );
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
+ psa_destroy_key( handshake->ecdh_psa_privkey );
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 734d3a2..8250260 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1813,6 +1813,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
unsigned char **p,
@@ -1861,9 +1862,7 @@
{
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
- if( ecdh_bits > 0xffff )
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- handshake->ecdh_bits = (uint16_t) ecdh_bits;
+ handshake->ecdh_bits = ecdh_bits;
/* Keep a copy of the peer's public key */
ecpoint_len = *(*p)++;
@@ -2348,8 +2347,10 @@
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{
if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
@@ -2365,6 +2366,7 @@
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
@@ -2998,6 +3000,162 @@
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t key_attributes;
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /*
+ * opaque psk_identity<0..2^16-1>;
+ */
+ if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ /* We don't offer PSK suites if we don't have a PSK,
+ * and we check that the server's choice is among the
+ * ciphersuites we offered, so this should never happen. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* Opaque PSKs are currently only supported for PSK-only suites. */
+ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ /* uint16 to store content length */
+ const size_t content_len_size = 2;
+
+ header_len = 4;
+
+ if( header_len + content_len_size + ssl->conf->psk_identity_len
+ > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity too long or SSL buffer too short" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ unsigned char *p = ssl->out_msg + header_len;
+
+ *p++ = MBEDTLS_BYTE_1( ssl->conf->psk_identity_len );
+ *p++ = MBEDTLS_BYTE_0( ssl->conf->psk_identity_len );
+ header_len += content_len_size;
+
+ memcpy( p, ssl->conf->psk_identity,
+ ssl->conf->psk_identity_len );
+ p += ssl->conf->psk_identity_len;
+
+ header_len += ssl->conf->psk_identity_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /*
+ * Generate EC private key for ECDHE exchange.
+ */
+
+ /* The master secret is obtained from the shared ECDH secret by
+ * applying the TLS 1.2 PRF with a specific salt and label. While
+ * the PSA Crypto API encourages combining key agreement schemes
+ * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
+ * yet support the provisioning of salt + label to the KDF.
+ * For the time being, we therefore need to split the computation
+ * of the ECDH secret and the application of the TLS 1.2 PRF. */
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
+ psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( &key_attributes,
+ &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ /* Export the public part of the ECDH private key from PSA.
+ * The export format is an ECPoint structure as expected by TLS,
+ * but we just need to add a length byte before that. */
+ unsigned char *own_pubkey = p + 1;
+ unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+ size_t own_pubkey_max_len = (size_t)( end - own_pubkey );
+ size_t own_pubkey_len = 0;
+
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ own_pubkey, own_pubkey_max_len,
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ *p = (unsigned char) own_pubkey_len;
+ content_len = own_pubkey_len + 1;
+
+ /* As RFC 5489 section 2, the premaster secret is formed as follows:
+ * - a uint16 containing the length (in octets) of the ECDH computation
+ * - the octet string produced by the ECDH computation
+ * - a uint16 containing the length (in octets) of the PSK
+ * - the PSK itself
+ */
+ unsigned char *pms = ssl->handshake->premaster;
+ const unsigned char* const pms_end = pms +
+ sizeof( ssl->handshake->premaster );
+ /* uint16 to store length (in octets) of the ECDH computation */
+ const size_t zlen_size = 2;
+ size_t zlen = 0;
+
+ /* Perform ECDH computation after the uint16 reserved for the length */
+ status = psa_raw_key_agreement( PSA_ALG_ECDH,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ pms + zlen_size,
+ pms_end - ( pms + zlen_size ),
+ &zlen );
+
+ destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+ else if( destruction_status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( destruction_status ) );
+
+ /* Write the ECDH computation length before the ECDH computation */
+ MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
+ pms += zlen_size + zlen;
+
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
+
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* opaque psk<0..2^16-1>; */
+ if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Write the PSK length as uint16 */
+ MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
+ pms += 2;
+
+ /* Write the PSK itself */
+ memcpy( pms, psk, psk_len );
+ pms += psk_len;
+
+ ssl->handshake->pmslen = pms - ssl->handshake->premaster;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
{
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 486632e..93cd0a5 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2848,7 +2848,102 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ unsigned char buf[
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+ psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ size_t ecdh_bits = 0;
+ size_t key_len;
+ mbedtls_pk_context *pk;
+ mbedtls_ecp_keypair *key;
+
+ pk = mbedtls_ssl_own_key( ssl );
+
+ if( pk == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ switch( mbedtls_pk_get_type( pk ) )
+ {
+ case MBEDTLS_PK_OPAQUE:
+ if( ! mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
+ return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+
+ ssl->handshake->ecdh_psa_privkey =
+ *( (mbedtls_svc_key_id_t*) pk->pk_ctx );
+
+ /* Key should not be destroyed in the TLS library */
+ ssl->handshake->ecdh_psa_privkey_is_external = 1;
+
+ status = psa_get_key_attributes( ssl->handshake->ecdh_psa_privkey,
+ &key_attributes );
+ if( status != PSA_SUCCESS)
+ {
+ ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( psa_ssl_status_to_mbedtls( status ) );
+ }
+
+ ssl->handshake->ecdh_psa_type = psa_get_key_type( &key_attributes );
+ ssl->handshake->ecdh_bits = psa_get_key_bits( &key_attributes );
+
+ psa_reset_key_attributes( &key_attributes );
+
+ ret = 0;
+ break;
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ key = mbedtls_pk_ec( *pk );
+ if( key == NULL )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ /* Convert EC group to PSA key type. */
+ if( ( ssl->handshake->ecdh_psa_type =
+ mbedtls_ecc_group_to_psa( key->grp.id,
+ &ecdh_bits ) ) == 0 )
+ {
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ ssl->handshake->ecdh_bits = ecdh_bits;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
+ psa_set_key_type( &key_attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( ssl->handshake->ecdh_psa_type ) );
+ psa_set_key_bits( &key_attributes, ssl->handshake->ecdh_bits );
+
+ key_len = PSA_BITS_TO_BYTES( key->grp.pbits );
+ ret = mbedtls_ecp_write_key( key, buf, key_len );
+ if( ret != 0 )
+ goto cleanup;
+
+ status = psa_import_key( &key_attributes, buf, key_len,
+ &ssl->handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+ break;
+ default:
+ ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
+ }
+
+cleanup:
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+
+ return( ret );
+}
+#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{
@@ -3068,7 +3163,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes;
@@ -3085,12 +3181,12 @@
handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
(*curve)->tls_id, &ecdh_bits );
- if( handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+ if( handshake->ecdh_psa_type == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- handshake->ecdh_bits = (uint16_t) ecdh_bits;
+ handshake->ecdh_bits = ecdh_bits;
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
@@ -3832,9 +3928,13 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
size_t data_len = (size_t)( *p++ );
size_t buf_len = (size_t)( end - p );
@@ -3872,25 +3972,31 @@
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
- (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
+ (void) psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret );
}
- status = psa_destroy_key( handshake->ecdh_psa_privkey );
-
- if( status != PSA_SUCCESS )
+ if( handshake->ecdh_psa_privkey_is_external == 0 )
{
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
- return( ret );
+ status = psa_destroy_key( handshake->ecdh_psa_privkey );
+
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ return( ret );
+ }
}
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -4037,6 +4143,115 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t ecpoint_len;
+
+ /* Opaque PSKs are currently only supported for PSK-only. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( ret );
+ }
+
+ /* Keep a copy of the peer's public key */
+ if( p >= end )
+ {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ ecpoint_len = *(p++);
+ if( (size_t)( end - p ) < ecpoint_len ) {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) ) {
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ memcpy( handshake->ecdh_psa_peerkey, p, ecpoint_len );
+ handshake->ecdh_psa_peerkey_len = ecpoint_len;
+ p += ecpoint_len;
+
+ /* As RFC 5489 section 2, the premaster secret is formed as follows:
+ * - a uint16 containing the length (in octets) of the ECDH computation
+ * - the octet string produced by the ECDH computation
+ * - a uint16 containing the length (in octets) of the PSK
+ * - the PSK itself
+ */
+ unsigned char *psm = ssl->handshake->premaster;
+ const unsigned char* const psm_end =
+ psm + sizeof( ssl->handshake->premaster );
+ /* uint16 to store length (in octets) of the ECDH computation */
+ const size_t zlen_size = 2;
+ size_t zlen = 0;
+
+ /* Compute ECDH shared secret. */
+ status = psa_raw_key_agreement( PSA_ALG_ECDH,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ psm + zlen_size,
+ psm_end - ( psm + zlen_size ),
+ &zlen );
+
+ destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+ else if( destruction_status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( destruction_status ) );
+
+ /* Write the ECDH computation length before the ECDH computation */
+ MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
+ psm += zlen_size + zlen;
+
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
+
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* opaque psk<0..2^16-1>; */
+ if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ /* Write the PSK length as uint16 */
+ MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 );
+ psm += 2;
+
+ /* Write the PSK itself */
+ memcpy( psm, psk, psk_len );
+ psm += psk_len;
+
+ ssl->handshake->pmslen = psm - ssl->handshake->premaster;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 3bb308c..8e1112d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -229,9 +229,7 @@
mbedtls_psa_parse_tls_ecc_group( named_group, &ecdh_bits ) ) == 0 )
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- if( ecdh_bits > 0xffff )
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+ ssl->handshake->ecdh_bits = ecdh_bits;
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
@@ -262,12 +260,6 @@
}
- if( own_pubkey_len > (size_t)( end - buf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No space in the buffer for ECDH public key." ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
-
*out_len = own_pubkey_len;
return( 0 );
diff --git a/library/timing.c b/library/timing.c
index a65bc99..859c1b8 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -46,14 +46,14 @@
#include <unistd.h>
#include <sys/types.h>
#include <signal.h>
-#if defined(MBEDTLS_HAVE_TIME)
+/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the
+ * platform matches the ifdefs above, it will be used. */
#include <time.h>
#include <sys/time.h>
struct _hr_time
{
struct timeval start;
};
-#endif
#endif /* _WIN32 && !EFIX64 && !EFI32 */
/**
@@ -75,7 +75,6 @@
* get_timer(0) }` the value time1+time2 is only approximately
* the delay since the first reset.
*/
-#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
@@ -167,33 +166,5 @@
{
return( data->fin_ms );
}
-#else /* MBEDTLS_HAVE_TIME */
-uint32_t mbedtls_timing_get_final_delay(
- const mbedtls_timing_delay_context *data )
-{
- (void) data;
- return( 0 );
-}
-
-int mbedtls_timing_get_delay( void *data )
-{
- (void) data;
- return( 0 );
-}
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
-{
- (void) data;
- (void) int_ms;
- (void) fin_ms;
-}
-
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
-{
- (void) val;
- (void) reset;
- return( 0 );
-}
-
-#endif /* MBEDTLS_HAVE_TIME */
#endif /* !MBEDTLS_TIMING_ALT */
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index c7bcc53..0c40686 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -49,7 +49,9 @@
#include "mbedtls/ecjpake.h"
#include "mbedtls/timing.h"
#include "mbedtls/nist_kw.h"
+#include "mbedtls/debug.h"
+#include <limits.h>
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
@@ -361,6 +363,78 @@
}
/*
+ * The C standard allows padding bits in the representation
+ * of standard integer types, but our code does currently not
+ * support them.
+ *
+ * Here we check that the underlying C implementation doesn't
+ * use padding bits, and fail cleanly if it does.
+ *
+ * The check works by casting the maximum value representable
+ * by a given integer type into the unpadded integer type of the
+ * same bit-width and checking that it agrees with the maximum value
+ * of that unpadded type. For example, for a 4-byte int,
+ * MAX_INT should be 0x7fffffff in int32_t. This assumes that
+ * CHAR_BIT == 8, which is checked in check_config.h.
+ *
+ * We assume that [u]intxx_t exist and that they don't
+ * have padding bits, as the standard requires.
+ */
+
+#define CHECK_PADDING_SIGNED(TYPE, NAME) \
+ do \
+ { \
+ if( sizeof( TYPE ) == 2 || sizeof( TYPE ) == 4 || \
+ sizeof( TYPE ) == 8 ) { \
+ if( ( sizeof( TYPE ) == 2 && \
+ (int16_t) NAME ## _MAX != 0x7FFF ) || \
+ ( sizeof( TYPE ) == 4 && \
+ (int32_t) NAME ## _MAX != 0x7FFFFFFF ) || \
+ ( sizeof( TYPE ) == 8 && \
+ (int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF ) ) \
+ { \
+ mbedtls_printf( "Type '" #TYPE "' has padding bits\n" );\
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } else { \
+ mbedtls_printf( "Padding checks only implemented for types of size 2, 4 or 8" \
+ " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
+ sizeof( TYPE ) ); \
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } while( 0 )
+
+#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \
+ do \
+ { \
+ if( ( sizeof( TYPE ) == 2 && \
+ (uint16_t) NAME ## _MAX != 0xFFFF ) || \
+ ( sizeof( TYPE ) == 4 && \
+ (uint32_t) NAME ## _MAX != 0xFFFFFFFF ) || \
+ ( sizeof( TYPE ) == 8 && \
+ (uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF ) ) \
+ { \
+ mbedtls_printf( "Type '" #TYPE "' has padding bits\n" ); \
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
+ } \
+ } while( 0 )
+
+ CHECK_PADDING_SIGNED( short, SHRT );
+ CHECK_PADDING_SIGNED( int, INT );
+ CHECK_PADDING_SIGNED( long, LONG );
+ CHECK_PADDING_SIGNED( long long, LLONG );
+ CHECK_PADDING_SIGNED( ptrdiff_t, PTRDIFF );
+
+ CHECK_PADDING_UNSIGNED( unsigned short, USHRT );
+ CHECK_PADDING_UNSIGNED( unsigned, UINT );
+ CHECK_PADDING_UNSIGNED( unsigned long, ULONG );
+ CHECK_PADDING_UNSIGNED( unsigned long long, ULLONG );
+ CHECK_PADDING_UNSIGNED( size_t, SIZE );
+
+#undef CHECK_PADDING_SIGNED
+#undef CHECK_PADDING_UNSIGNED
+
+ /*
* Make sure we have a snprintf that correctly zero-terminates
*/
if( run_test_snprintf() != 0 )
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index bc78fab..41a90a9 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -825,7 +825,6 @@
get_options( argc, argv );
-#if defined(MBEDTLS_HAVE_TIME)
/*
* Decisions to drop/delay/duplicate packets are pseudo-random: dropping
* exactly 1 in N packets would lead to problems when a flight has exactly
@@ -836,12 +835,15 @@
*/
if( opt.seed == 0 )
{
+#if defined(MBEDTLS_HAVE_TIME)
opt.seed = (unsigned int) mbedtls_time( NULL );
+#else
+ opt.seed = 1;
+#endif /* MBEDTLS_HAVE_TIME */
mbedtls_printf( " . Pseudo-random seed: %u\n", opt.seed );
}
srand( opt.seed );
-#endif /* MBEDTLS_HAVE_TIME */
/*
* 0. "Connect" to the server
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 2431e40..c1c9052 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -50,12 +50,18 @@
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
)
+
else()
foreach(file ${base_generated_data_files})
link_to_source(${file})
endforeach()
endif()
-
+# CMake generates sub-makefiles for each target and calls them in subprocesses.
+# Without this command, cmake will generate rules in each sub-makefile. As a result,
+# they can cause race conditions in parallel builds.
+# With this line, only 4 sub-makefiles include the above command, that reduces
+# the risk of a race.
+add_custom_target(test_suite_generated_data DEPENDS ${generated_data_files})
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
@@ -119,6 +125,7 @@
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_dependencies(test_suite_${data_name} test_suite_generated_data)
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
# files (used by some invasive tests) from ../library. Public header
diff --git a/tests/compat.sh b/tests/compat.sh
index c8a883d..d681217 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -67,17 +67,18 @@
fi
# default values for options
+# /!\ keep this synchronised with:
+# - basic-build-test.sh
+# - all.sh (multiple components)
MODES="tls12 dtls12"
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
-# exclude:
-# - NULL: excluded from our default config
-# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
+# By default, exclude:
+# - NULL: excluded from our default config + requires OpenSSL legacy
+# - ARIA: requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
-# - 3DES: not in default config
-EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'
+EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -245,73 +246,50 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-NULL-SHA \
+ "
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-WITH-AES-256-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA \
+ TLS-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-WITH-AES-256-CBC-SHA \
+ TLS-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-RSA-WITH-AES-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-RSA-WITH-3DES-EDE-CBC-SHA \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \
+ TLS-RSA-WITH-NULL-SHA256 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-RSA-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-WITH-NULL-SHA256 \
- "
- fi
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \
"
@@ -347,62 +325,43 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-NULL-SHA \
- TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-NULL-SHA \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
"RSA")
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-DES-CBC-SHA \
- TLS-DHE-RSA-WITH-DES-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
"
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
"PSK")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
esac
@@ -424,115 +383,96 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-AES-128-CCM \
+ TLS-DHE-RSA-WITH-AES-128-CCM-8 \
+ TLS-DHE-RSA-WITH-AES-256-CCM \
+ TLS-DHE-RSA-WITH-AES-256-CCM-8 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-WITH-AES-128-CCM \
+ TLS-RSA-WITH-AES-128-CCM-8 \
+ TLS-RSA-WITH-AES-256-CCM \
+ TLS-RSA-WITH-AES-256-CCM-8 \
+ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"PSK")
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-AES-128-CCM \
+ TLS-DHE-PSK-WITH-AES-128-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-AES-256-CCM \
+ TLS-DHE-PSK-WITH-AES-256-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA256 \
+ TLS-DHE-PSK-WITH-NULL-SHA384 \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA256 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA384 \
+ TLS-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-PSK-WITH-AES-128-CCM \
+ TLS-PSK-WITH-AES-128-CCM-8 \
+ TLS-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-PSK-WITH-AES-256-CCM \
+ TLS-PSK-WITH-AES-256-CCM-8 \
+ TLS-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-NULL-SHA256 \
+ TLS-PSK-WITH-NULL-SHA384 \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-NULL-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA384 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-NULL-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA256 \
- TLS-DHE-PSK-WITH-NULL-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
- "
- fi
;;
esac
@@ -551,71 +491,50 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"PSK")
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
- M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-NULL-SHA \
- TLS-DHE-PSK-WITH-NULL-SHA \
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA \
+ TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA \
+ TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-NULL-SHA \
+ TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-NULL-SHA \
- TLS-RSA-PSK-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
esac
}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 07e708b..55806fd 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1226,7 +1226,7 @@
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
component_test_everest_curve25519_only () {
@@ -1314,8 +1314,8 @@
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
- msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full config)" # ~ 2 min
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1607,8 +1607,8 @@
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
tests/compat.sh
- msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -2600,7 +2600,7 @@
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index cf68b4e..31beb1c 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -121,13 +121,13 @@
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
- sh compat.sh -m 'tls1_2 dtls1_2'
+ sh compat.sh
echo
- echo '#### compat.sh: legacy (null, DES)'
+ echo '#### compat.sh: legacy (null)'
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES'
+ sh compat.sh -e '^$' -f 'NULL'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 71a3904..18fff9d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1164,7 +1164,8 @@
analyze_test_commands "$@"
- TIMES_LEFT=2
+ # One regular run and two retries
+ TIMES_LEFT=3
while [ $TIMES_LEFT -gt 0 ]; do
TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
@@ -1583,6 +1584,24 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "Opaque key for server authentication (ECDH-)" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1\
+ crt_file=data_files/server5.ku-ka.crt\
+ key_file=data_files/server5.key" \
+ "$P_CLI" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-ECDH-" \
+ -s "key types: Opaque, none" \
+ -s "Ciphersuite is TLS-ECDH-" \
+ -S "error" \
+ -C "error"
+
# Test using an opaque private key for client/server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index cf40e55..323efc2 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -41,8 +41,13 @@
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
-PK PSA utilities: setup/free, info functions, unsupported operations
-pk_psa_utils:
+PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_utils:0
+
+PK PSA utilities: RSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_psa_utils:1
RSA verify test vector #1 (good)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
@@ -305,41 +310,45 @@
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
PSA wrapped sign: SECP256R1
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256
PSA wrapped sign: SECP384R1
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384
PSA wrapped sign: SECP521R1
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521
PSA wrapped sign: SECP192K1
-depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192
## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
# PSA wrapped sign: SECP224K1
-# depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
-# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+# depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224
PSA wrapped sign: SECP256K1
-depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256
PSA wrapped sign: BP256R1
-depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
PSA wrapped sign: BP384R1
-depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
PSA wrapped sign: BP512R1
-depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
+
+PSA wrapped sign: RSA PKCS1 v1.5
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
+pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
PK Sign ext:RSA2048,PK_RSA,MD_SHA256
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ccb90e7..6c4f9e4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -88,11 +88,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
- * Generate a key using PSA and return the key identifier of that key,
+ * Generate an ECC key using PSA and return the key identifier of that key,
* or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
-mbedtls_svc_key_id_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey_ecc( void )
{
mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -109,6 +109,27 @@
exit:
return( key );
}
+
+/*
+ * Generate an RSA key using PSA and return the key identifier of that key,
+ * or 0 if the key generation failed.
+ */
+mbedtls_svc_key_id_t pk_psa_genkey_rsa( void )
+{
+ mbedtls_svc_key_id_t key;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+ const size_t bits = 1024;
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW );
+ psa_set_key_type( &attributes, type );
+ psa_set_key_bits( &attributes, bits );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+
+exit:
+ return( key );
+}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* END_HEADER */
@@ -117,15 +138,15 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void pk_psa_utils( )
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_utils( int key_is_rsa )
{
mbedtls_pk_context pk, pk2;
mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const char * const name = "Opaque";
- const size_t bitlen = 256; /* harcoded in genkey() */
+ size_t bitlen;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
unsigned char b1[1], b2[1];
@@ -145,7 +166,16 @@
mbedtls_pk_free( &pk );
mbedtls_pk_init( &pk );
- key = pk_psa_genkey();
+ if( key_is_rsa )
+ {
+ bitlen = 1024; /* harcoded in genkey() */
+ key = pk_psa_genkey_rsa();
+ }
+ else
+ {
+ bitlen = 256; /* harcoded in genkey() */
+ key = pk_psa_genkey_ecc();
+ }
if( mbedtls_svc_key_id_is_null( key ) )
goto exit;
@@ -157,9 +187,18 @@
TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
- TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+ if( key_is_rsa )
+ {
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+ }
/* unsupported operations: verify, decrypt, encrypt */
TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
@@ -175,8 +214,12 @@
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
/* unsupported functions: check_pair, debug */
- TEST_ASSERT( mbedtls_pk_setup( &pk2,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ if( key_is_rsa )
+ TEST_ASSERT( mbedtls_pk_setup( &pk2,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ else
+ TEST_ASSERT( mbedtls_pk_setup( &pk2,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
mbedtls_test_rnd_std_rand, NULL )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
@@ -1006,14 +1049,13 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */
-void pk_psa_sign( int grpid_arg,
- int psa_curve_arg, int expected_bits_arg )
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_sign( int parameter_arg,
+ int psa_type_arg, int expected_bits_arg )
{
- mbedtls_ecp_group_id grpid = grpid_arg;
mbedtls_pk_context pk;
unsigned char hash[32];
- unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char pkey_legacy[200];
unsigned char pkey_psa[200];
unsigned char *pkey_legacy_start, *pkey_psa_start;
@@ -1021,12 +1063,12 @@
int ret;
mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg );
+ psa_key_type_t expected_type = psa_type_arg;
size_t expected_bits = expected_bits_arg;
/*
* This tests making signatures with a wrapped PSA key:
- * - generate a fresh ECP legacy PK context
+ * - generate a fresh ECP/RSA legacy PK context
* - wrap it in a PK context and make a signature this way
* - extract the public key
* - parse it to a PK context and verify the signature this way
@@ -1034,13 +1076,38 @@
PSA_ASSERT( psa_crypto_init( ) );
- /* Create legacy EC public/private key in PK context. */
- mbedtls_pk_init( &pk );
- TEST_ASSERT( mbedtls_pk_setup( &pk,
- mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
- (mbedtls_ecp_keypair*) pk.pk_ctx,
- mbedtls_test_rnd_std_rand, NULL ) == 0 );
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) )
+ {
+ /* Create legacy RSA public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ),
+ mbedtls_test_rnd_std_rand, NULL,
+ parameter_arg, 3 ) == 0 );
+ }
+ else
+#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+#if defined(MBEDTLS_ECDSA_C)
+ if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) )
+ {
+ mbedtls_ecp_group_id grpid = parameter_arg;
+
+ /* Create legacy EC public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
+ (mbedtls_ecp_keypair*) pk.pk_ctx,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
+ }
+ else
+#endif /* MBEDTLS_ECDSA_C */
+ {
+ (void) parameter_arg;
+ TEST_ASSUME( ! "Opaque PK key not supported in this configuration" );
+ }
/* Export underlying public key for re-importing in a legacy context. */
ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
index a45ed0e..de89239 100644
--- a/tests/suites/test_suite_timing.data
+++ b/tests/suites/test_suite_timing.data
@@ -1,11 +1,8 @@
Timing: get timer
-depends_on:MBEDTLS_HAVE_TIME
timing_get_timer:
Timing: delay 0ms
-depends_on:MBEDTLS_HAVE_TIME
timing_delay:0:
Timing: delay 100ms
-depends_on:MBEDTLS_HAVE_TIME
timing_delay:100: