Merge pull request #8210 from yanrayw/aes_128bit_improvement
AES 128bit only: add guards in cipher_wrap.c
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index 67db68d..14a4674 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -1,5 +1,5 @@
execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result)
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_PSA_P256M_DRIVER_ENABLED RESULT_VARIABLE p256m_result)
if(${everest_result} EQUAL 0)
add_subdirectory(everest)
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
index 693cc6d..3f878f7 100644
--- a/3rdparty/p256-m/p256-m/p256-m.c
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -13,7 +13,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
/*
* Zeroize memory - this should not be optimized away
@@ -1466,4 +1466,49 @@
return P256_INVALID_SIGNATURE;
}
+/**********************************************************************
+ *
+ * Key management utilities
+ *
+ **********************************************************************/
+
+int p256_validate_pubkey(const uint8_t pub[64])
+{
+ uint32_t x[8], y[8];
+ int ret = point_from_bytes(x, y, pub);
+
+ return ret == 0 ? P256_SUCCESS : P256_INVALID_PUBKEY;
+}
+
+int p256_validate_privkey(const uint8_t priv[32])
+{
+ uint32_t s[8];
+ int ret = scalar_from_bytes(s, priv);
+ zeroize(s, sizeof(s));
+
+ return ret == 0 ? P256_SUCCESS : P256_INVALID_PRIVKEY;
+}
+
+int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32])
+{
+ int ret;
+ uint32_t s[8];
+
+ ret = scalar_from_bytes(s, priv);
+ if (ret != 0)
+ return P256_INVALID_PRIVKEY;
+
+ /* compute and ouput the associated public key */
+ uint32_t x[8], y[8];
+ scalar_mult(x, y, p256_gx, p256_gy, s);
+
+ /* the associated public key is not a secret, the scalar was */
+ CT_UNPOISON(x, 32);
+ CT_UNPOISON(y, 32);
+ zeroize(s, sizeof(s));
+
+ point_to_bytes(pub, x, y);
+ return P256_SUCCESS;
+}
+
#endif
diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h
index 398c846..28d319f 100644
--- a/3rdparty/p256-m/p256-m/p256-m.h
+++ b/3rdparty/p256-m/p256-m/p256-m.h
@@ -89,6 +89,45 @@
int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64],
const uint8_t *hash, size_t hlen);
+/*
+ * Public key validation
+ *
+ * Note: you never need to call this function, as all other functions always
+ * validate their input; however it's availabe if you want to validate the key
+ * without performing an operation.
+ *
+ * [in] pub: the public key, as two big-endian integers
+ *
+ * return: P256_SUCCESS if the key is valid
+ * P256_INVALID_PUBKEY if pub is invalid
+ */
+int p256_validate_pubkey(const uint8_t pub[64]);
+
+/*
+ * Private key validation
+ *
+ * Note: you never need to call this function, as all other functions always
+ * validate their input; however it's availabe if you want to validate the key
+ * without performing an operation.
+ *
+ * [in] priv: the private key, as a big-endian integer
+ *
+ * return: P256_SUCCESS if the key is valid
+ * P256_INVALID_PRIVKEY if priv is invalid
+ */
+int p256_validate_privkey(const uint8_t priv[32]);
+
+/*
+ * Compute public key from private key
+ *
+ * [out] pub: the associated public key, as two big-endian integers
+ * [in] priv: the private key, as a big-endian integer
+ *
+ * return: P256_SUCCESS on success
+ * P256_INVALID_PRIVKEY if priv is invalid
+ */
+int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32]);
+
#ifdef __cplusplus
}
#endif
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c
index 8828909..7709301 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.c
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c
@@ -24,8 +24,9 @@
#include "psa/crypto.h"
#include "psa_crypto_driver_wrappers.h"
#include <stddef.h>
+#include <string.h>
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
/* INFORMATION ON PSA KEY EXPORT FORMATS:
*
@@ -37,10 +38,20 @@
* total of 65 bytes.
*
* p256-m's internal format for private keys matches PSA. Its format for public
- * keys is only 64 bytes; the same as PSA but without the leading byte (0x04).
+ * keys is only 64 bytes: the same as PSA but without the leading byte (0x04).
* Hence, when passing public keys from PSA to p256-m, the leading byte is
* removed.
+ *
+ * Shared secret and signature have the same format between PSA and p256-m.
*/
+#define PSA_PUBKEY_SIZE 65
+#define PSA_PUBKEY_HEADER_BYTE 0x04
+#define P256_PUBKEY_SIZE 64
+#define PRIVKEY_SIZE 32
+#define SHARED_SECRET_SIZE 32
+#define SIGNATURE_SIZE 64
+
+#define CURVE_BITS 256
/* Convert between p256-m and PSA error codes */
static psa_status_t p256_to_psa_error(int ret)
@@ -59,6 +70,83 @@
}
}
+psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits)
+{
+ /* Check the key size */
+ if (*bits != 0 && *bits != CURVE_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ /* Validate the key (and its type and size) */
+ psa_key_type_t type = psa_get_key_type(attributes);
+ if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
+ if (data_length != PSA_PUBKEY_SIZE) {
+ return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
+ }
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ if (p256_validate_pubkey(data + 1) != P256_SUCCESS) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ if (data_length != PRIVKEY_SIZE) {
+ return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (p256_validate_privkey(data) != P256_SUCCESS) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ *bits = CURVE_BITS;
+
+ /* We only support the export format for input, so just copy. */
+ if (key_buffer_size < data_length) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(key_buffer, data, data_length);
+ *key_buffer_length = data_length;
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ /* Is this the right curve? */
+ size_t bits = psa_get_key_bits(attributes);
+ psa_key_type_t type = psa_get_key_type(attributes);
+ if (bits != CURVE_BITS || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (data_size < PSA_PUBKEY_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ data[0] = PSA_PUBKEY_HEADER_BYTE;
+ int ret = p256_public_from_private(data + 1, key_buffer);
+ if (ret == P256_SUCCESS) {
+ *data_length = PSA_PUBKEY_SIZE;
+ }
+
+ return p256_to_psa_error(ret);
+}
+
psa_status_t p256_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer,
@@ -69,13 +157,9 @@
* of driver entry-points. (void) used to avoid compiler warning. */
(void) attributes;
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
- /*
- * p256-m generates a 32 byte private key, and expects to write to a buffer
- * that is of that size. */
- if (key_buffer_size != 32) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
/*
@@ -83,15 +167,14 @@
* keys. Allocate a buffer to which the public key will be written. The
* private key will be written to key_buffer, which is passed to this
* function as an argument. */
- uint8_t public_key_buffer[64];
+ uint8_t public_key_buffer[P256_PUBKEY_SIZE];
- status = p256_to_psa_error(
- p256_gen_keypair(key_buffer, public_key_buffer));
- if (status == PSA_SUCCESS) {
- *key_buffer_length = 32;
+ int ret = p256_gen_keypair(key_buffer, public_key_buffer);
+ if (ret == P256_SUCCESS) {
+ *key_buffer_length = PRIVKEY_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_key_agreement(
@@ -111,25 +194,22 @@
(void) attributes;
(void) alg;
- /*
- * Check that private key = 32 bytes, peer public key = 65 bytes,
- * and that the shared secret buffer is big enough. */
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 32 || shared_secret_size < 32 ||
- peer_key_length != 65) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE || peer_key_length != PSA_PUBKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (shared_secret_size < SHARED_SECRET_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
- /* We add 1 to peer_key pointer to omit the leading byte of the public key
- * representation (0x04). See information about PSA key formats at the top
- * of the file. */
- status = p256_to_psa_error(
- p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key+1));
- if (status == PSA_SUCCESS) {
- *shared_secret_length = 32;
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ const uint8_t *peer_key_p256m = peer_key + 1;
+ int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key_p256m);
+ if (ret == P256_SUCCESS) {
+ *shared_secret_length = SHARED_SECRET_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_sign_hash(
@@ -149,21 +229,23 @@
(void) attributes;
(void) alg;
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 32 || signature_size != 64) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (signature_size < SIGNATURE_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
- status = p256_to_psa_error(
- p256_ecdsa_sign(signature, key_buffer, hash, hash_length));
- if (status == PSA_SUCCESS) {
- *signature_length = 64;
+ int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length);
+ if (ret == P256_SUCCESS) {
+ *signature_length = SIGNATURE_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
-/* This function expects the key buffer to contain a 65 byte public key,
+/* This function expects the key buffer to contain a PSA public key,
* as exported by psa_export_public_key() */
static psa_status_t p256_verify_hash_with_public_key(
const uint8_t *key_buffer,
@@ -173,19 +255,19 @@
const uint8_t *signature,
size_t signature_length)
{
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 65 || signature_length != 64 || *key_buffer != 0x04) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (signature_length != SIGNATURE_SIZE) {
+ return PSA_ERROR_INVALID_SIGNATURE;
}
- /* We add 1 to public_key_buffer pointer to omit the leading byte of the
- * public key representation (0x04). See information about PSA key formats
- * at the top of the file. */
- const uint8_t *public_key_buffer = key_buffer + 1;
- status = p256_to_psa_error(
- p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length));
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ const uint8_t *public_key_p256m = key_buffer + 1;
+ int ret = p256_ecdsa_verify(signature, public_key_p256m, hash, hash_length);
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_verify_hash(
@@ -203,10 +285,10 @@
(void) alg;
psa_status_t status;
- uint8_t public_key_buffer[65];
- size_t public_key_buffer_size = 65;
+ uint8_t public_key_buffer[PSA_PUBKEY_SIZE];
+ size_t public_key_buffer_size = PSA_PUBKEY_SIZE;
- size_t public_key_length = 65;
+ size_t public_key_length = PSA_PUBKEY_SIZE;
/* As p256-m doesn't require dynamic allocation, we want to avoid it in
* the entrypoint functions as well. psa_driver_wrapper_export_public_key()
* requires size_t*, so we use a pointer to a stack variable. */
@@ -239,4 +321,4 @@
return status;
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h
index 9522ced..d92a8f0 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.h
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h
@@ -21,14 +21,74 @@
#ifndef P256M_DRIVER_ENTRYPOINTS_H
#define P256M_DRIVER_ENTRYPOINTS_H
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#include "psa/crypto_types.h"
+/** Import SECP256R1 key.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] data The raw key material. For private keys
+ * this must be a big-endian integer of 32
+ * bytes; for public key this must be an
+ * uncompressed ECPoint (65 bytes).
+ * \param[in] data_length The size of the raw key material.
+ * \param[out] key_buffer The buffer to contain the key data in
+ * output format upon successful return.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[out] key_buffer_length The length of the data written in \p
+ * key_buffer in bytes.
+ * \param[out] bits The bitsize of the key.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Keypair generated and stored in buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The input is not supported by this driver (not SECP256R1).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ */
+psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits);
+
+/** Export SECP256R1 public key, from the private key.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The private key in the export format.
+ * \param[in] key_buffer_size The size of the private key in bytes.
+ * \param[out] data The buffer to contain the public key in
+ * the export format upon successful return.
+ * \param[in] data_size The size of the \p data buffer in bytes.
+ * \param[out] data_length The length written to \p data in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Keypair generated and stored in buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The input is not supported by this driver (not SECP256R1).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ */
+psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
/** Generate SECP256R1 ECC Key Pair.
* Interface function which calls the p256-m key generation function and
* places it in the key buffer provided by the caller (Mbed TLS) in the
@@ -44,9 +104,10 @@
*
* \retval #PSA_SUCCESS
* Success. Keypair generated and stored in buffer.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_GENERIC_ERROR
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ * \retval #PSA_ERROR_GENERIC_ERROR
+ * The internal RNG failed.
*/
psa_status_t p256_transparent_generate_key(
const psa_key_attributes_t *attributes,
@@ -72,9 +133,12 @@
* bytes.
* \param[out] shared_secret_length On success, the number of bytes that
* make up the returned shared secret.
- * \retval #PSA_SUCCESS
- * Success. Shared secret successfully calculated.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS
+ * Success. Shared secret successfully calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p shared_secret_size is too small.
*/
psa_status_t p256_transparent_key_agreement(
const psa_key_attributes_t *attributes,
@@ -103,10 +167,14 @@
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS
* Success. Hash was signed successfully.
- * respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p signature_size is too small.
+ * \retval #PSA_ERROR_GENERIC_ERROR
+ * The internal RNG failed.
*/
psa_status_t p256_transparent_sign_hash(
const psa_key_attributes_t *attributes,
@@ -142,12 +210,13 @@
* \param[in] signature Buffer containing the signature to verify.
* \param[in] signature_length Size of the \p signature buffer in bytes.
*
- * \retval #PSA_SUCCESS
- * The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was performed successfully, but the passed
- * signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
*/
psa_status_t p256_transparent_verify_hash(
const psa_key_attributes_t *attributes,
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1216c72..508f524 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -57,7 +57,10 @@
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
if(CMAKE_HOST_WIN32)
- option(GEN_FILES "Generate the auto-generated files as needed" OFF)
+ # N.B. The comment on the next line is significant! If you change it,
+ # edit the sed command in prepare_release.sh that modifies
+ # CMakeLists.txt.
+ option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
else()
option(GEN_FILES "Generate the auto-generated files as needed" ON)
endif()
diff --git a/ChangeLog.d/fix-log-level-msg.txt b/ChangeLog.d/fix-log-level-msg.txt
new file mode 100644
index 0000000..4e82ad1
--- /dev/null
+++ b/ChangeLog.d/fix-log-level-msg.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix log level for the got supported group message. Fixes #6765
diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt
new file mode 100644
index 0000000..e473580
--- /dev/null
+++ b/ChangeLog.d/p256-m.txt
@@ -0,0 +1,5 @@
+Features
+ * Applications using ECC over secp256r1 through the PSA API can use a
+ new implementation with a much smaller footprint, but some minor
+ usage restrictions. See the documentation of the new configuration
+ option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details.
diff --git a/Makefile b/Makefile
index 1f36a06..885948c 100644
--- a/Makefile
+++ b/Makefile
@@ -36,6 +36,29 @@
generated_files: tests/generated_files
generated_files: visualc_files
+# Set GEN_FILES to the empty string to disable dependencies on generated
+# source files. Then `make generated_files` will only build files that
+# are missing, it will not rebuilt files that are present but out of date.
+# This is useful, for example, if you have a source tree where
+# `make generated_files` has already run and file timestamps reflect the
+# time the files were copied or extracted, and you are now in an environment
+# that lacks some of the necessary tools to re-generate the files.
+# If $(GEN_FILES) is non-empty, the generated source files' dependencies
+# are treated ordinarily, based on file timestamps.
+GEN_FILES ?= yes
+
+# In dependencies where the target is a configuration-independent generated
+# file, use `TARGET: $(gen_file_dep) DEPENDENCY1 DEPENDENCY2 ...`
+# rather than directly `TARGET: DEPENDENCY1 DEPENDENCY2 ...`. This
+# enables the re-generation to be turned off when GEN_FILES is disabled.
+ifdef GEN_FILES
+gen_file_dep =
+else
+# Order-only dependency: generate the target if it's absent, but don't
+# re-generate it if it's present but older than its dependencies.
+gen_file_dep = |
+endif
+
.PHONY: visualc_files
VISUALC_FILES = visualc/VS2013/mbedTLS.sln visualc/VS2013/mbedTLS.vcxproj
# TODO: $(app).vcxproj for each $(app) in programs/
@@ -45,10 +68,10 @@
# present before it runs. It doesn't matter if the files aren't up-to-date,
# they just need to be present.
$(VISUALC_FILES): | library/generated_files
-$(VISUALC_FILES): scripts/generate_visualc_files.pl
-$(VISUALC_FILES): scripts/data_files/vs2013-app-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2013-main-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2013-sln-template.sln
+$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-app-template.vcxproj
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-main-template.vcxproj
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-sln-template.sln
# TODO: also the list of .c and .h source files, but not their content
$(VISUALC_FILES):
echo " Gen $@ ..."
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index a55bbc5..4e2d68f 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -76,10 +76,6 @@
Elliptic-curve cryptography (ECC)
---------------------------------
-Note: things are still evolving. This section describes the situation right
-after #7452 has been merged. It will be updated again in #7757 when bignum is
-done.
-
It is possible to have most ECC operations provided only by a driver:
- the ECDH, ECDSA and EC J-PAKE algorithms;
- key import, export, and random generation.
@@ -107,6 +103,11 @@
RSA or FFDH, then you can also disable `MBEDTLS_BIGNUM_C` for further code
size saving.
+[Coming soon] As noted in the "Limitations regarding the selection of curves"
+section below, there is an upcoming requirement for all the required curves to
+also be accelerated in the PSA driver in order to exclude the builtin algs
+support.
+
### Limitations regarding fully removing `ecp.c`
A limited subset of `ecp.c` will still be automatically re-enabled if any of
@@ -144,10 +145,34 @@
### Limitations regarding the selection of curves
-TODO: apparently we don't really support having some curves built-in and
-others driver-only... investigate and describe the situation. See also #7899.
+There is ongoing work which is trying to establish the links and constraints
+between the list of supported curves and supported algorithms both in the
+builtin and PSA sides. In particular:
+
+- #8014 ensures that the curves supported on the PSA side (`PSA_WANT_ECC_xxx`)
+ are always a superset of the builtin ones (`MBEDTLS_ECP_DP_xxx`)
+- #8016 forces builtin alg support as soon as there is at least one builtin
+ curve. In other words, in order to exclue all builtin algs, all the required
+ curves should be supported and accelerated by the PSA driver.
Finite-field Diffie-Hellman
---------------------------
-TODO
+Support is pretty similar to the "Elliptic-curve cryptography (ECC)" section
+above.
+Key management and usage can be enabled by means of the usual `PSA_WANT` +
+`MBEDTLS_PSA_ACCEL` pairs:
+
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_PUBLIC_KEY`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_BASIC`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_IMPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_EXPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`;
+
+The same holds for the associated algorithm:
+`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
+removing builtin support (i.e. `MBEDTLS_DHM_C`).
+
+### Limitations
+Support for deterministic derivation of a DH keypair
+(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index ae3c04c..eb100d7 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -138,20 +138,25 @@
### Example: Manually integrating a software accelerator alongside Mbed TLS
-[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. As such, it serves as a software accelerator. This section demonstrates the integration of `p256-m` as a transparent driver alongside Mbed TLS, serving as a guide for implementation.
-The code for p256-m can be found in `3rdparty/p256-m/p256m`. In this demonstration, p256-m is built from source alongside Mbed TLS.
+[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done.
-The driver prefix for p256-m is `P256`/`p256`. The driver macro is `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. To build with and use p256-m, set the macro using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
+The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
- python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
+ python3 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ python3 scripts/config.py set MBEDTLS_PSA_P256M_DRIVER_ENABLED
make
-p256-m implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. The `sign/verify_hash` entry points are used instead of `sign/verify_message` as messages must be hashed prior to any operation, and p256-m does not implement this. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
+(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` for more information.)
-The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
+The driver prefix for p256-m is `P256`/`p256`.
+The p256-m driver implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`.
+There are no entry points for `sign_message` and `verify_message`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points.
+The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
+
+The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
```
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -170,6 +175,6 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
```
-Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
+Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_PSA_P256M_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index a1f601f..e00e747 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -77,8 +77,6 @@
typedef struct mbedtls_ccm_context {
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */
unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */
- int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
- state. Used for chunked data input */
size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */
size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */
size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */
@@ -95,6 +93,8 @@
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
+ state. Used for chunked data input */
}
mbedtls_ccm_context;
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5ea7b94..17eb034 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -830,10 +830,10 @@
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
- ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
-#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
+ defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
+ ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \
+ (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
+#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2f5c672..e9354da 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -856,20 +856,6 @@
//#define MBEDTLS_ECP_WITH_MPI_UINT
/**
- * Uncomment to enable p256-m, which implements ECC key generation, ECDH,
- * and ECDSA for SECP256R1 curves. This driver is used as an example to
- * document how a third-party driver or software accelerator can be integrated
- * to work alongside Mbed TLS.
- *
- * \warning p256-m has only been included to serve as a sample implementation
- * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not
- * intended for use in production. p256-m files in Mbed TLS are not updated
- * regularly, so they may not contain upstream fixes/improvements.
- * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS!
- */
-//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
-
-/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA (RFC 6979).
@@ -1431,6 +1417,46 @@
//#define MBEDTLS_PSA_CRYPTO_SPM
/**
+ * Uncomment to enable p256-m. This is an alternative implementation of
+ * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
+ * Compared to the default implementation:
+ *
+ * - p256-m has a much smaller code size and RAM footprint.
+ * - p256-m is only available via the PSA API. This includes the pk module
+ * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
+ * over the core arithmetic, or deterministic derivation of keys.
+ *
+ * We recommend enabling this option if your application uses the PSA API
+ * and the only elliptic curve support it needs is ECDH and ECDSA over
+ * SECP256R1.
+ *
+ * If you enable this option, you do not need to enable any ECC-related
+ * MBEDTLS_xxx option. You do need to separately request support for the
+ * cryptographic mechanisms through the PSA API:
+ * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
+ * configuration;
+ * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
+ * - #PSA_WANT_ECC_SECP_R1_256;
+ * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
+ * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To genuinely benefit from the smaller code size of p256-m, make
+ * sure that you do not enable any ECC-related option that requires
+ * the built-in implementation of elliptic curve arithmetic. This
+ * means enabling #MBEDTLS_PSA_CRYPTO_C, #MBEDTLS_PSA_CRYPTO_CONFIG,
+ * #PSA_WANT_ECC_SECP_R1_256 and #MBEDTLS_PSA_P256M_DRIVER_ENABLED,
+ * plus any of the `PSA_WANT_ALG_xxx` and `PSA_WANT_KEY_TYPE_xxx`
+ * options listed above, and not enabling other ECC-related options
+ * through `PSA_WANT_xxx` or `MBEDTLS_xxx` (in particular, not
+ * enabling other curves or EC-JPAKE).
+ */
+//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+
+/**
* \def MBEDTLS_PSA_INJECT_ENTROPY
*
* Enable support for entropy injection at first boot. This feature is
@@ -1672,6 +1698,8 @@
* it has been associated with security issues in the past and is easy to
* misuse/misunderstand.
*
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
@@ -1830,27 +1858,13 @@
* This feature is experimental, not completed and thus not ready for
* production.
*
+ * \note The maximum amount of early data can be set with
+ * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
+ *
*/
//#define MBEDTLS_SSL_EARLY_DATA
/**
- * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
- *
- * The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
- *
- * It must be positive and smaller than UINT32_MAX.
- *
- * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
- * have any impact on the build.
- *
- * This feature is experimental, not completed and thus not ready for
- * production.
- *
- */
-#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
-
-/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
@@ -4041,6 +4055,23 @@
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/**
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+
+/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
*
* Maximum time difference in milliseconds tolerated between the age of a
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 41e980d..aea602b 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -173,11 +173,11 @@
/* Internal helper to define which fields in the pk_context structure below
* should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
- * format. It should be noticed that this only affects how data is stored, not
+ * format. It should be noted that this only affects how data is stored, not
* which functions are used for various operations. The overall picture looks
* like this:
- * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
- * and legacy functions
+ * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data
+ * structure and legacy functions
* - if USE_PSA is defined and
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
* format and use PSA functions
@@ -185,13 +185,13 @@
*
* The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
* as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
- * ecp_keypair structure inside the pk_context so he/she can modify it using
+ * ecp_keypair structure inside the pk_context so they can modify it using
* ECP functions which are not under PK module's control.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
!defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_USE_PSA_EC_DATA
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
+#endif
/* Helper symbol to state that the PK module has support for EC keys. This
* can either be provided through the legacy ECP solution or through the
@@ -200,28 +200,6 @@
#define MBEDTLS_PK_HAVE_ECC_KEYS
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
-/* Internal helper to define which fields in the pk_context structure below
- * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
- * format. It should be noted that this only affect how data is stored, not
- * which functions are used for various operations. The overall picture looks
- * like this:
- * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
- * and legacy functions
- * - if USE_PSA is defined and
- * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
- * format and use PSA functions
- * - if !ECP_C then use new raw data and PSA functions directly.
- *
- * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
- * as ECP_C is defined mbedtls_pk_ec() gives the user read/write access to the
- * ecp_keypair structure inside the pk_context so they can modify it using
- * ECP functions which are not under the PK module's control.
- */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
- !defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_USE_PSA_EC_DATA
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
-
/**
* \brief Types for interfacing with the debug module
*/
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a3ecbfb..d6083da 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -405,6 +405,10 @@
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
+#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
+#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+#endif
+
#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
#endif
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index bf0c1a1..07f2fac 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -292,21 +292,49 @@
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
#endif
+/* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA
+ * signature */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
#endif
-/* Key exchanges allowing client certificate requests */
+/* Key exchanges allowing client certificate requests.
+ *
+ * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
+ * above, except RSA-PSK uses a server certificate but no client cert.
+ *
+ * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are
+ * more symmetrical: client certs and server certs are either both allowed
+ * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes).
+ */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
#endif
+/* Helper to state that certificate-based client authentication through ECDSA
+ * is supported in TLS 1.2 */
+#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
+#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED
+#endif
+
+/* ECDSA required for certificates in either TLS 1.2 or 1.3 */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED
+#endif
+
/* Key exchanges involving server signature in ServerKeyExchange */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 4e7a71e..d34cbf3 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -115,6 +115,8 @@
#define PSA_WANT_ECC_SECP_K1_256 1
#define PSA_WANT_ECC_SECP_R1_192 1
#define PSA_WANT_ECC_SECP_R1_224 1
+/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
+ * (see the description in mbedtls/mbedtls_config.h for details). */
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_ECC_SECP_R1_384 1
#define PSA_WANT_ECC_SECP_R1_521 1
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 98ffbce..1d5ed6c 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -49,8 +49,8 @@
*/
#include "psa/build_info.h"
-#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
-#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
+#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
(c) : (b) : (a) <= (c) ? (c) : (a))
@@ -71,20 +71,20 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
+ 0u)
/** The input block size of a hash algorithm, in bytes.
*
@@ -103,20 +103,20 @@
*/
#define PSA_HASH_BLOCK_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
+ 0u)
/** \def PSA_HASH_MAX_SIZE
*
@@ -131,35 +131,35 @@
/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
* see the note on MBEDTLS_MD_MAX_SIZE for details. */
#if defined(PSA_WANT_ALG_SHA3_224)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
#elif defined(PSA_WANT_ALG_SHA3_256)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
#elif defined(PSA_WANT_ALG_SHA_512)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
#elif defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
#elif defined(PSA_WANT_ALG_SHA3_384)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
#elif defined(PSA_WANT_ALG_SHA3_512)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
#elif defined(PSA_WANT_ALG_SHA_256)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#elif defined(PSA_WANT_ALG_SHA_224)
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#else /* SHA-1 or smaller */
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#endif
#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
-#define PSA_HASH_MAX_SIZE 64
+#define PSA_HASH_MAX_SIZE 64u
#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
-#define PSA_HASH_MAX_SIZE 48
+#define PSA_HASH_MAX_SIZE 48u
#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
-#define PSA_HASH_MAX_SIZE 32
+#define PSA_HASH_MAX_SIZE 32u
#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
-#define PSA_HASH_MAX_SIZE 28
+#define PSA_HASH_MAX_SIZE 28u
#else /* SHA-1 or smaller */
-#define PSA_HASH_MAX_SIZE 20
+#define PSA_HASH_MAX_SIZE 20u
#endif
/** \def PSA_MAC_MAX_SIZE
@@ -200,13 +200,13 @@
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- ((void) (key_bits), 0))
+ ((void) (key_bits), 0u))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
* See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
-#define PSA_AEAD_TAG_MAX_SIZE 16
+#define PSA_AEAD_TAG_MAX_SIZE 16u
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -221,7 +221,7 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
/* The minimum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -239,38 +239,38 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#if defined(PSA_WANT_ECC_SECP_R1_521)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
#elif defined(PSA_WANT_ECC_SECP_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_SECP_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_SECP_K1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
#elif defined(PSA_WANT_ECC_SECP_R1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_K1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_R1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#elif defined(PSA_WANT_ECC_SECP_K1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#else
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
#endif
/** This macro returns the maximum supported length of the PSK for the
@@ -288,23 +288,23 @@
* Therefore, no implementation should define a value smaller than 64
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
*/
-#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
* which is expected to work with P-256 curve only. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
+#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
/* The size of a serialized K.X coordinate to be used in
* psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
* curve. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
* This is a vendor-specific macro. This can be configured if necessary */
-#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff
+#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
/** The maximum size of a block cipher. */
-#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
+#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
@@ -331,7 +331,7 @@
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- ((void) (key_type), (void) (key_bits), 0))
+ ((void) (key_type), (void) (key_bits), 0u))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -362,7 +362,7 @@
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -416,7 +416,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
(ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
(ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -466,12 +466,12 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
- 0 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
+ 0u : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
- 0)
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
+ 0u)
/** The maximum default nonce size among all supported pairs of key types and
* AEAD algorithms, in bytes.
@@ -484,7 +484,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 13
+#define PSA_AEAD_NONCE_MAX_SIZE 13u
/** A sufficient output buffer size for psa_aead_update().
*
@@ -521,7 +521,7 @@
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
(input_length) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -561,7 +561,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
@@ -595,7 +595,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
@@ -606,8 +606,8 @@
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
- 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
- 11 /*PKCS#1v1.5*/)
+ 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
+ 11u /*PKCS#1v1.5*/)
/**
* \brief ECDSA signature size for a given curve bit size
@@ -618,7 +618,7 @@
* \note This macro returns a compile-time constant if its argument is one.
*/
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
- (PSA_BITS_TO_BYTES(curve_bits) * 2)
+ (PSA_BITS_TO_BYTES(curve_bits) * 2u)
/** Sufficient signature buffer size for psa_sign_hash().
*
@@ -648,7 +648,7 @@
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
- ((void) alg, 0))
+ ((void) alg, 0u))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
@@ -701,7 +701,7 @@
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
* supported asymmetric encryption.
@@ -740,7 +740,7 @@
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
* supported asymmetric decryption.
@@ -763,7 +763,7 @@
* - 0 to 1 bytes of leading 0 due to the sign bit.
*/
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
- ((bits) / 8 + 5)
+ ((bits) / 8u + 5u)
/* Maximum size of the export encoding of an RSA public key.
* Assumes that the public exponent is less than 2^32.
@@ -777,7 +777,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
/* Maximum size of the export encoding of an RSA key pair.
* Assumes that the public exponent is less than 2^32 and that the size
@@ -802,7 +802,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
+ (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
/* Maximum size of the export encoding of a DSA public key.
*
@@ -821,7 +821,7 @@
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
/* Maximum size of the export encoding of a DSA key pair.
*
@@ -840,7 +840,7 @@
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
/* Maximum size of the export encoding of an ECC public key.
*
@@ -853,7 +853,7 @@
* - 1 byte + 2 * point size.
*/
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
+ (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
/* Maximum size of the export encoding of an ECC key pair.
*
@@ -922,7 +922,7 @@
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ 0u)
/** Sufficient output buffer size for psa_export_public_key().
*
@@ -973,7 +973,7 @@
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
- 0)
+ 0u)
/** Sufficient buffer size for exporting any asymmetric key pair.
*
@@ -1065,7 +1065,7 @@
*/
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
- PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0)
+ PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
/** Maximum size of the output from psa_raw_key_agreement().
*
@@ -1120,15 +1120,15 @@
(alg) == PSA_ALG_CBC_NO_PADDING || \
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
- (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
- 0)
+ (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
+ (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
+ 0u)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
* See also #PSA_CIPHER_IV_LENGTH().
*/
-#define PSA_CIPHER_IV_MAX_SIZE 16
+#define PSA_CIPHER_IV_MAX_SIZE 16u
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
*
@@ -1153,15 +1153,15 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (alg == PSA_ALG_CBC_PKCS7 ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- (input_length) + 1) + \
- PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
- 0))
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1u) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0u))
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1174,9 +1174,9 @@
* \param input_length Size of the input in bytes.
*
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
- (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
- (input_length) + 1) + \
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1u) + \
PSA_CIPHER_IV_MAX_SIZE)
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
@@ -1198,11 +1198,11 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) && \
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
- (input_length) : \
- 0)
+ (input_length) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1235,16 +1235,16 @@
* algorithm. If the key type or cipher algorithm is not
* recognized, or the parameters are incompatible, return 0.
*/
-#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- (((alg) == PSA_ALG_CBC_PKCS7 || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_ECB_NO_PADDING) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- input_length) : \
- (input_length)) : 0) : \
- 0)
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : 0u) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_update(), for any of the
* supported key types and cipher algorithms.
@@ -1280,8 +1280,8 @@
(PSA_ALG_IS_CIPHER(alg) ? \
(alg == PSA_ALG_CBC_PKCS7 ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0) : \
- 0)
+ 0u) : \
+ 0u)
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
* supported key types and cipher algorithms.
diff --git a/library/Makefile b/library/Makefile
index c383c32..69ccbfd 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -167,7 +167,7 @@
x509_crl.o \
x509_crt.o \
x509_csr.o \
- x509write.o \
+ x509write.o \
x509write_crt.o \
x509write_csr.o \
pkcs7.o \
@@ -315,21 +315,29 @@
psa_crypto_driver_wrappers.c
generated_files: $(GENERATED_FILES)
-error.c: ../scripts/generate_errors.pl
-error.c: ../scripts/data_files/error.fmt
-error.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
+error.c: $(gen_file_dep) ../scripts/generate_errors.pl
+error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
+error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
error.c:
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
-ssl_debug_helpers_generated.c: ../scripts/generate_ssl_debug_helpers.py
-ssl_debug_helpers_generated.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
+ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
+ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
-version_features.c: ../scripts/generate_features.pl
-version_features.c: ../scripts/data_files/version_features.fmt
+version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
+version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
@@ -340,8 +348,8 @@
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
-psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
-psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/generate_driver_wrappers.py
+psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
psa_crypto_driver_wrappers.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_driver_wrappers.py
diff --git a/library/asn1parse.c b/library/asn1parse.c
index edc4c69..abdd0b1 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -47,47 +47,18 @@
if ((**p & 0x80) == 0) {
*len = *(*p)++;
} else {
- switch (**p & 0x7F) {
- case 1:
- if ((end - *p) < 2) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = (*p)[1];
- (*p) += 2;
- break;
-
- case 2:
- if ((end - *p) < 3) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 8) | (*p)[2];
- (*p) += 3;
- break;
-
- case 3:
- if ((end - *p) < 4) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 16) |
- ((size_t) (*p)[2] << 8) | (*p)[3];
- (*p) += 4;
- break;
-
- case 4:
- if ((end - *p) < 5) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
- ((size_t) (*p)[3] << 8) | (*p)[4];
- (*p) += 5;
- break;
-
- default:
- return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ int n = (**p) & 0x7F;
+ if (n == 0 || n > 4) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
+ if ((end - *p) <= n) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
+ *len = 0;
+ (*p)++;
+ while (n--) {
+ *len = (*len << 8) | **p;
+ (*p)++;
}
}
diff --git a/library/asn1write.c b/library/asn1write.c
index 4123ac3..2e9b98a 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -28,68 +28,40 @@
#include "mbedtls/platform.h"
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len)
{
- if (len < 0x80) {
- if (*p - start < 1) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = (unsigned char) len;
- return 1;
- }
-
- if (len <= 0xFF) {
- if (*p - start < 2) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = (unsigned char) len;
- *--(*p) = 0x81;
- return 2;
- }
-
- if (len <= 0xFFFF) {
- if (*p - start < 3) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = 0x82;
- return 3;
- }
-
- if (len <= 0xFFFFFF) {
- if (*p - start < 4) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = MBEDTLS_BYTE_2(len);
- *--(*p) = 0x83;
- return 4;
- }
-
- int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
- len_is_valid = (len <= 0xFFFFFFFF);
+ if (len > 0xFFFFFFFF) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
#endif
- if (len_is_valid) {
- if (*p - start < 5) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = MBEDTLS_BYTE_2(len);
- *--(*p) = MBEDTLS_BYTE_3(len);
- *--(*p) = 0x84;
- return 5;
+ int required = 1;
+
+ if (len >= 0x80) {
+ for (size_t l = len; l != 0; l >>= 8) {
+ required++;
+ }
}
- return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ if (required > (*p - start)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ do {
+ *--(*p) = MBEDTLS_BYTE_0(len);
+ len >>= 8;
+ } while (len);
+
+ if (required > 1) {
+ *--(*p) = (unsigned char) (0x80 + required - 1);
+ }
+
+ return required;
}
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag)
@@ -105,6 +77,19 @@
#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
#if defined(MBEDTLS_ASN1_WRITE_C)
+static int mbedtls_asn1_write_len_and_tag(unsigned char **p,
+ const unsigned char *start,
+ size_t len,
+ unsigned char tag)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
+
+ return (int) len;
+}
+
int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size)
{
@@ -156,10 +141,7 @@
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER));
-
- ret = (int) len;
+ ret = mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER);
cleanup:
return ret;
@@ -168,15 +150,9 @@
int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
// Write NULL
//
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL);
}
int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
@@ -187,10 +163,7 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
(const unsigned char *) oid, oid_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID);
}
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start,
@@ -217,17 +190,12 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
}
int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if (*p - start < 1) {
@@ -237,15 +205,11 @@
*--(*p) = (boolean) ? 255 : 0;
len++;
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN);
}
static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do {
@@ -265,10 +229,7 @@
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val)
@@ -291,10 +252,7 @@
(const unsigned char *) text,
text_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
@@ -363,7 +321,6 @@
int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t bits)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
@@ -387,10 +344,7 @@
/* Write unused bits */
*--(*p) = (unsigned char) unused_bits;
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING);
}
int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
@@ -401,13 +355,11 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING);
}
+#if !defined(MBEDTLS_ASN1_PARSE_C)
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
static mbedtls_asn1_named_data *asn1_find_named_data(
@@ -425,6 +377,10 @@
return list;
}
+#else
+#define asn1_find_named_data(list, oid, len) \
+ ((mbedtls_asn1_named_data *) mbedtls_asn1_find_named_data(list, oid, len))
+#endif
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
mbedtls_asn1_named_data **head,
diff --git a/library/pkparse.c b/library/pkparse.c
index fe01a11..83291c4 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -737,7 +737,7 @@
#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
} else {
/* Uncompressed format */
- if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
+ if ((size_t) (end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
}
memcpy(pk->pub_raw, *p, (end - *p));
diff --git a/library/pkwrite.c b/library/pkwrite.c
index eee64ab..6ed98bf 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -688,7 +688,6 @@
int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
unsigned char *c;
- size_t len = 0;
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif /* MBEDTLS_RSA_C */
@@ -733,8 +732,6 @@
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-
- return (int) len;
}
#if defined(MBEDTLS_PEM_WRITE_C)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 15a6984..3126379 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6749,20 +6749,17 @@
const uint8_t *data,
size_t data_length)
{
- if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET &&
- pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
+ if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
+ pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
+ } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
+ /* Appending to existing salt. No state change. */
+ } else {
return PSA_ERROR_BAD_STATE;
}
- if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
- pbkdf2->salt = mbedtls_calloc(1, data_length);
- if (pbkdf2->salt == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- memcpy(pbkdf2->salt, data, data_length);
- pbkdf2->salt_length = data_length;
- } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
+ if (data_length == 0) {
+ /* Appending an empty string, nothing to do. */
+ } else {
uint8_t *next_salt;
next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length);
@@ -6770,15 +6767,14 @@
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
- memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
+ if (pbkdf2->salt_length != 0) {
+ memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
+ }
memcpy(next_salt + pbkdf2->salt_length, data, data_length);
pbkdf2->salt_length += data_length;
mbedtls_free(pbkdf2->salt);
pbkdf2->salt = next_salt;
}
-
- pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
-
return PSA_SUCCESS;
}
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index cf8fe69..0d20eaa 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -24,9 +24,9 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
/*
* Initialization and termination functions
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index d2c050b..736b142 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -2022,7 +2022,7 @@
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
{
@@ -2040,7 +2040,8 @@
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- * MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
+ * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 7114ef0..1a56f1e 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -260,7 +260,7 @@
for (; *group_list != 0; group_list++) {
int propose_group = 0;
- MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) {
@@ -375,7 +375,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
(defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
*tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
#endif
@@ -648,14 +648,16 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
- if (
+ int write_sig_alg_ext = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) ||
+ write_sig_alg_ext = write_sig_alg_ext ||
+ (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl));
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- propose_tls12 ||
+ write_sig_alg_ext = write_sig_alg_ext || propose_tls12;
#endif
- 0) {
+
+ if (write_sig_alg_ext) {
ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
if (ret != 0) {
return ret;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8a709e4..01ab7fb 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -783,7 +783,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
#endif
@@ -2313,7 +2313,7 @@
const uint16_t sig_alg)
{
switch (sig_alg) {
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
break;
@@ -2326,7 +2326,7 @@
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
break;
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_PKCS1_V21)
#if defined(PSA_WANT_ALG_SHA_256)
@@ -2482,7 +2482,7 @@
break;
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
break;
#endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7a1f855..1178056 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1207,7 +1207,7 @@
if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
sig_algs_len += sizeof(uint16_t);
#endif
@@ -1235,7 +1235,7 @@
if (hash == MBEDTLS_SSL_HASH_NONE) {
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
*p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
p++;
#endif
@@ -4156,7 +4156,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free((void *) handshake->curves_tls_id);
@@ -4578,13 +4578,14 @@
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
- if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
- ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
+ if (
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
- 0) {
+ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
+ ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
+ ) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -4972,26 +4973,26 @@
*/
static uint16_t ssl_preset_default_sig_algs[] = {
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA256 &&
- MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
+#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
+#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA512) && \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512)
+#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA512)
@@ -5030,7 +5031,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA512)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5041,7 +5042,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA512*/
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5052,7 +5053,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5068,17 +5069,19 @@
/* NOTICE: see above */
static uint16_t ssl_preset_suiteb_sig_algs[] = {
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA256&&
- MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
+#endif
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA384) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_MD_CAN_SHA384) && \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
+#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA256)
@@ -5097,7 +5100,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5105,7 +5108,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5394,7 +5397,7 @@
}
#if defined(MBEDTLS_PK_C) && \
- (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME))
+ (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
/*
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
*/
@@ -5405,7 +5408,7 @@
return MBEDTLS_SSL_SIG_RSA;
}
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
return MBEDTLS_SSL_SIG_ECDSA;
}
@@ -5433,7 +5436,7 @@
case MBEDTLS_SSL_SIG_RSA:
return MBEDTLS_PK_RSA;
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
return MBEDTLS_PK_ECDSA;
#endif
@@ -5441,7 +5444,8 @@
return MBEDTLS_PK_NONE;
}
}
-#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_PK_CAN_ECDSA_SOME ) */
+#endif /* MBEDTLS_PK_C &&
+ ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 37db413..cc22a3f 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -100,7 +100,7 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -132,7 +132,8 @@
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -549,7 +550,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (uses_ec) {
if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
@@ -818,7 +819,7 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
@@ -863,7 +864,8 @@
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1548,7 +1550,8 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
MBEDTLS_SSL_DEBUG_MSG(3,
("found supported_point_formats extension"));
@@ -1559,7 +1562,8 @@
}
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 34ac091..d2143ac 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -149,7 +149,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* Function for parsing a supported groups (TLS 1.3) or supported elliptic
@@ -294,7 +294,8 @@
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -669,7 +670,7 @@
/*
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_key_curve(mbedtls_pk_context *pk,
uint16_t *curves_tls_id)
@@ -688,7 +689,7 @@
return -1;
}
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */
/*
* Try picking a certificate for this ciphersuite,
@@ -773,7 +774,7 @@
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve(&cur->cert->pk,
ssl->handshake->curves_tls_id) != 0) {
@@ -838,7 +839,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
(ssl->handshake->curves_tls_id == NULL ||
ssl->handshake->curves_tls_id[0] == 0)) {
@@ -1383,7 +1384,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
@@ -1404,7 +1405,8 @@
}
break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \
- MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
@@ -1513,7 +1515,7 @@
if (!sig_hash_alg_ext_present) {
uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
const uint16_t default_sig_algs[] = {
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
MBEDTLS_SSL_HASH_SHA1),
#endif
@@ -1898,7 +1900,8 @@
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen)
@@ -1925,7 +1928,8 @@
*olen = 6;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2356,7 +2360,8 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const mbedtls_ssl_ciphersuite_t *suite =
mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite);
if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) {
@@ -2479,7 +2484,7 @@
#if defined(MBEDTLS_RSA_C)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
#endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
#endif
diff --git a/programs/Makefile b/programs/Makefile
index 3509fc3..5f47e25 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -176,22 +176,30 @@
GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
generated_files: $(GENERATED_FILES)
-psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py
-psa/psa_constant_names_generated.c: ../include/psa/crypto_values.h
-psa/psa_constant_names_generated.c: ../include/psa/crypto_extra.h
-psa/psa_constant_names_generated.c: ../tests/suites/test_suite_psa_crypto_metadata.data
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_psa_constants.py
-test/query_config.c: ../scripts/generate_query_config.pl
+test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
-#test/query_config.c: ../include/mbedtls/mbedtls_config.h
-test/query_config.c: ../scripts/data_files/query_config.fmt
+#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h
+test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt
test/query_config.c:
echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index e47715c..f0abcab 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -294,7 +294,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 1697ff8..b11a4f5 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -331,7 +331,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e3fabec..0efcb7f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3781,7 +3781,6 @@
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/scripts/config.py b/scripts/config.py
index 6e7fc84..17fbe65 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -206,9 +206,8 @@
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
- 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
+ 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
- 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
diff --git a/scripts/data_files/driver_jsons/driverlist.json b/scripts/data_files/driver_jsons/driverlist.json
index 50ad816..42c186a 100644
--- a/scripts/data_files/driver_jsons/driverlist.json
+++ b/scripts/data_files/driver_jsons/driverlist.json
@@ -1 +1 @@
-["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json"]
+["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json","p256_transparent_driver.json"]
diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json
new file mode 100644
index 0000000..7d2aabf
--- /dev/null
+++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json
@@ -0,0 +1,20 @@
+{
+ "prefix": "p256",
+ "type": "transparent",
+ "mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
+ "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"],
+ "capabilities": [
+ {
+ "mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
+ "_comment_entry_points": "This is not the complete list of entry points supported by this driver, only those that are currently supported in JSON. See docs/psa-driver-example-and-guide.md",
+ "entry_points": ["import_key", "export_public_key"],
+ "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"],
+ "key_types": [
+ "PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)",
+ "PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)"
+ ],
+ "key_sizes": [256],
+ "fallback": false
+ }
+ ]
+}
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 1b52066..6354061 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -317,7 +317,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -336,7 +336,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
@@ -421,7 +421,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -439,7 +439,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( psa_verify_hash_builtin( attributes,
@@ -854,7 +854,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
attributes->core.bits == 256 )
@@ -867,7 +867,7 @@
break;
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -2806,7 +2806,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDH(alg) &&
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
@@ -2824,7 +2824,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED)
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software Fallback */
diff --git a/scripts/gitignore_patch.sh b/scripts/gitignore_patch.sh
deleted file mode 100755
index 74ec66c..0000000
--- a/scripts/gitignore_patch.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# For adapting gitignore files for releases so generated files can be included.
-#
-# Usage: gitignore_add_generated_files.sh [ -h | --help ] etc
-#
-
-set -eu
-
-print_usage()
-{
- echo "Usage: $0"
- echo -e " -h|--help\t\tPrint this help."
- echo -e " -i|--ignore\t\tAdd generated files to the gitignores."
- echo -e " -u|--unignore\t\tRemove generated files from the gitignores."
-}
-
-if [[ $# -eq 0 ]]; then
- print_usage
- exit 1
-elif [[ $# -ge 2 ]]; then
- echo "Too many arguments!"
- exit 1
-fi
-
-case "$1" in
- -i | --ignore)
- IGNORE=true
- ;;
- -u | --uignore)
- IGNORE=false
- ;;
- -h | --help | "")
- print_usage
- exit 1
- ;;
- *)
- echo "Unknown argument: $1"
- echo "run '$0 --help' for options"
- exit 1
-esac
-
-GITIGNORES=$(find . -name ".gitignore")
-for GITIGNORE in $GITIGNORES; do
- if $IGNORE; then
- sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE
- sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE
- sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE
- else
- sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE
- sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE
- sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE
- fi
-done
diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh
new file mode 100755
index 0000000..800383d
--- /dev/null
+++ b/scripts/prepare_release.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+
+print_usage()
+{
+ cat <<EOF
+Usage: $0 [OPTION]...
+Prepare the source tree for a release.
+
+Options:
+ -u Prepare for development (undo the release preparation)
+EOF
+}
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eu
+
+if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
+ print_usage
+ exit
+fi
+
+unrelease= # if non-empty, we're in undo-release mode
+while getopts u OPTLET; do
+ case $OPTLET in
+ u) unrelease=1;;
+ \?)
+ echo 1>&2 "$0: unknown option: -$OPTLET"
+ echo 1>&2 "Try '$0 --help' for more information."
+ exit 3;;
+ esac
+done
+
+
+
+#### .gitignore processing ####
+
+GITIGNORES=$(find . -name ".gitignore")
+for GITIGNORE in $GITIGNORES; do
+ if [ -n "$unrelease" ]; then
+ sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE
+ sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE
+ sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE
+ else
+ sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE
+ sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE
+ sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE
+ fi
+done
+
+
+
+#### Build scripts ####
+
+# GEN_FILES defaults on (non-empty) in development, off (empty) in releases
+if [ -n "$unrelease" ]; then
+ r=' yes'
+else
+ r=''
+fi
+sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile
+
+# GEN_FILES defaults on in development, off in releases
+if [ -n "$unrelease" ]; then
+ r='ON'
+else
+ r='OFF'
+fi
+sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt
diff --git a/tests/Makefile b/tests/Makefile
index ec016d8..60ab27e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -65,6 +65,14 @@
PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
.PHONY: generated_files
GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) scripts/generate_bignum_tests.py --list || \
@@ -97,7 +105,7 @@
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
.SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data
-$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data
+$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
generated_bignum_test_data: scripts/generate_bignum_tests.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py
@@ -109,7 +117,7 @@
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) scripts/generate_bignum_tests.py
-$(GENERATED_ECP_DATA_FILES): generated_ecp_test_data
+$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
generated_ecp_test_data: scripts/generate_ecp_tests.py
generated_ecp_test_data: ../scripts/mbedtls_dev/bignum_common.py
generated_ecp_test_data: ../scripts/mbedtls_dev/ecp.py
@@ -119,7 +127,7 @@
echo " Gen $(GENERATED_ECP_DATA_FILES)"
$(PYTHON) scripts/generate_ecp_tests.py
-$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
+$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 8c2680d..9151532 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -23,11 +23,31 @@
*/
#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
+/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
+ * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
+ * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
+ * here we arrange to have both active so that psa_crypto_*.c includes
+ * the built-in implementations and the driver code can call the built-in
+ * implementations.
+ *
+ * The point of this test mode is to verify that the
+ * driver entry points are called when they should be in a lightweight
+ * way, without requiring an actual driver. This is different from builds
+ * with libtestdriver1, where we make a copy of the library source code
+ * and use that as an external driver.
+ */
/* Enable the use of the test driver in the library, and build the generic
* part of the test driver. */
#define PSA_CRYPTO_DRIVER_TEST
+/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
+ * built-in implementations won't be enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#error \
+ "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
+#endif
+
/* Use the accelerator driver for all cryptographic mechanisms for which
* the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h
similarity index 90%
rename from tests/configs/config-wrapper-malloc-0-null.h
rename to tests/configs/user-config-malloc-0-null.h
index fc649bf..226f4d1 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/user-config-malloc-0-null.h
@@ -1,4 +1,4 @@
-/* mbedtls_config.h wrapper that forces calloc(0) to return NULL.
+/* mbedtls_config.h modifier that forces calloc(0) to return NULL.
* Used for testing.
*/
/*
@@ -18,8 +18,6 @@
* limitations under the License.
*/
-#include "mbedtls/mbedtls_config.h"
-
#include <stdlib.h>
#ifndef MBEDTLS_PLATFORM_STD_CALLOC
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index c0f76c8..9ba7dbc 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -241,7 +241,9 @@
int mbedtls_test_inject_entropy_restore(void);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
+/** Parse binary string and convert it to a long integer
+ */
+uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index b5e3d35..46f4d08 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -119,6 +119,7 @@
* The inputs \p input1 and \p input2 are, in order:
* - HKDF: salt, info.
* - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label.
+ * - PBKDF2: input cost, salt.
*
* \param operation The operation object to use.
* It must be in the initialized state.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ffac222..2208783 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1472,6 +1472,7 @@
component_test_crypto_full_md_light_only () {
msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
# Disable MD
scripts/config.py unset MBEDTLS_MD_C
# Disable direct dependencies of MD_C
@@ -1499,6 +1500,9 @@
msg "build: full minus CIPHER"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
+ # Don't pull in cipher via PSA mechanisms
+ # (currently ignored anyway because we completely disable PSA)
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
# Direct dependencies
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CMAC_C
@@ -1745,6 +1749,9 @@
component_test_tls1_2_ecjpake_compatibility() {
msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ # Explicitly make lib first to avoid a race condition:
+ # https://github.com/Mbed-TLS/mbedtls/issues/8229
+ make lib
make -C programs ssl/ssl_server2 ssl/ssl_client2
cp programs/ssl/ssl_server2 s2_no_use_psa
cp programs/ssl/ssl_client2 c2_no_use_psa
@@ -1752,6 +1759,7 @@
msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
make clean
+ make lib
make -C programs ssl/ssl_server2 ssl/ssl_client2
make -C programs test/udp_proxy test/query_compile_time_config
@@ -2374,7 +2382,7 @@
}
component_test_psa_crypto_config_accel_ffdh () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "build: full with accelerated FFDH"
# Algorithms and key types to accelerate
loc_accel_list="ALG_FFDH \
@@ -2410,15 +2418,15 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "test: full with accelerated FFDH"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH alg"
+ msg "ssl-opt: full with accelerated FFDH alg"
tests/ssl-opt.sh -f "ffdh"
}
component_test_psa_crypto_config_reference_ffdh () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "build: full with non-accelerated FFDH"
# Start with full (USE_PSA and TLS 1.3)
helper_libtestdriver1_adjust_config "full"
@@ -2428,15 +2436,15 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
make
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+ msg "test suites: full with non-accelerated FFDH alg"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+ msg "ssl-opt: full with non-accelerated FFDH alg"
tests/ssl-opt.sh -f "ffdh"
}
component_test_psa_crypto_config_accel_pake() {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "build: full with accelerated PAKE"
loc_accel_list="ALG_JPAKE"
@@ -2462,7 +2470,7 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "test: full with accelerated PAKE"
make test
}
@@ -2477,7 +2485,7 @@
# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
# This supports comparing their test coverage with analyze_outcomes.py.
-config_psa_crypto_config_ecp_ligh_only () {
+config_psa_crypto_config_ecp_light_only () {
DRIVER_ONLY="$1"
# start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
@@ -2497,7 +2505,7 @@
# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
+ msg "build: full with accelerated EC algs"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@@ -2513,7 +2521,7 @@
# ---------
# Use the same config as reference, only without built-in EC algs
- config_psa_crypto_config_ecp_ligh_only 1
+ config_psa_crypto_config_ecp_light_only 1
# Build
# -----
@@ -2533,25 +2541,25 @@
# Run the tests
# -------------
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
+ msg "test suites: full with accelerated EC algs"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full with accelerated EC algs"
tests/ssl-opt.sh
}
# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
- config_psa_crypto_config_ecp_ligh_only 0
+ config_psa_crypto_config_ecp_light_only 0
make
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "test suites: full with non-accelerated EC algs"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full with non-accelerated EC algs"
tests/ssl-opt.sh
}
@@ -2599,7 +2607,7 @@
#
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
- msg "build: full + accelerated EC algs + USE_PSA - ECP"
+ msg "build: full + accelerated EC algs - ECP"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@@ -2638,10 +2646,10 @@
# Run the tests
# -------------
- msg "test: full + accelerated EC algs + USE_PSA - ECP"
+ msg "test: full + accelerated EC algs - ECP"
make test
- msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP"
+ msg "ssl-opt: full + accelerated EC algs - ECP"
tests/ssl-opt.sh
}
@@ -2649,29 +2657,42 @@
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
# Keep in sync with its accelerated counterpart.
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
- msg "build: full + non accelerated EC algs + USE_PSA"
+ msg "build: full + non accelerated EC algs"
config_psa_crypto_no_ecp_at_all 0
make
- msg "test: full + non accelerated EC algs + USE_PSA"
+ msg "test: full + non accelerated EC algs"
make test
- msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full + non accelerated EC algs"
tests/ssl-opt.sh
}
-# This function is really similar to config_psa_crypto_no_ecp_at_all() above so
-# its description is basically the same. The main difference in this case is
-# that when the EC built-in implementation is disabled, then also Bignum module
-# and its dependencies are disabled as well.
-#
-# This is the common helper between:
+# This is a common configuration helper used directly from:
+# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# and indirectly from:
# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - accelerate all EC algs, disable RSA and FFDH
# - component_test_psa_crypto_config_reference_ecc_no_bignum
-config_psa_crypto_config_accel_ecc_no_bignum() {
+# - this is the reference component of the above
+# - it still disables RSA and FFDH, but it uses builtin EC algs
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - accelerate all EC and FFDH algs, disable only RSA
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# - this is the reference component of the above
+# - it still disables RSA, but it uses builtin EC and FFDH algs
+#
+# This function accepts 2 parameters:
+# $1: a boolean value which states if we are testing an accelerated scenario
+# or not.
+# $2: a string value which states which components are tested. Allowed values
+# are "ECC" or "ECC_DH".
+config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
DRIVER_ONLY="$1"
+ TEST_TARGET="$2"
# start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
@@ -2706,13 +2727,23 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- # Disable FFDH because it also depends on BIGNUM.
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
- scripts/config.py unset MBEDTLS_DHM_C
- # Also disable key exchanges that depend on FFDH
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ if [ "$TEST_TARGET" = "ECC" ]; then
+ # When testing ECC only, we disable FFDH support, both from builtin and
+ # PSA sides, and also disable the key exchanges that depend on DHM.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ else
+ # When testing ECC and DH instead, we disable DHM and depending key
+ # exchanges only in the accelerated build
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ fi
+ fi
# Restartable feature is not yet supported by PSA. Once it will in
# the future, the following line could be removed (see issues
@@ -2720,15 +2751,32 @@
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
}
-# Build and test a configuration where driver accelerates all EC algs while
-# all support and dependencies from ECP and ECP_LIGHT are removed on the library
-# side.
+# Common helper used by:
+# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
#
-# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum()
-component_test_psa_crypto_config_accel_ecc_no_bignum () {
- msg "build: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
+# The goal is to build and test accelerating either:
+# - ECC only or
+# - both ECC and FFDH
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
+# coverage analysis in the "analyze_outcomes.py" script.
+common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ TEST_TARGET="$1"
- # Algorithms and key types to accelerate
+ # This is an internal helper to simplify text message handling
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ ACCEL_TEXT="ECC/FFDH"
+ REMOVED_TEXT="ECP - DH"
+ else
+ ACCEL_TEXT="ECC"
+ REMOVED_TEXT="ECP"
+ fi
+
+ msg "build: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM"
+
+ # By default we accelerate all EC keys/algs
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
ALG_ECDH \
ALG_JPAKE \
@@ -2737,12 +2785,22 @@
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
KEY_TYPE_ECC_KEY_PAIR_GENERATE \
KEY_TYPE_ECC_PUBLIC_KEY"
+ # Optionally we can also add DH to the list of accelerated items
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ loc_accel_list="$loc_accel_list \
+ ALG_FFDH \
+ KEY_TYPE_DH_KEY_PAIR_BASIC \
+ KEY_TYPE_DH_KEY_PAIR_IMPORT \
+ KEY_TYPE_DH_KEY_PAIR_EXPORT \
+ KEY_TYPE_DH_KEY_PAIR_GENERATE \
+ KEY_TYPE_DH_PUBLIC_KEY"
+ fi
# Configure
# ---------
# Set common configurations between library's and driver's builds
- config_psa_crypto_config_accel_ecc_no_bignum 1
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET"
# Build
# -----
@@ -2759,6 +2817,148 @@
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
+ # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
+ not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_rsa_ library/rsa.o
+ not grep mbedtls_mpi_ library/bignum.o
+ not grep mbedtls_dhm_ library/dhm.o
+
+ # Run the tests
+ # -------------
+
+ msg "test suites: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - DHM - BIGNUM"
+
+ make test
+
+ msg "ssl-opt: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM"
+ tests/ssl-opt.sh
+}
+
+# Common helper used by:
+# - component_test_psa_crypto_config_reference_ecc_no_bignum
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+#
+# The goal is to build and test a reference scenario (i.e. with builtin
+# components) compared to the ones used in
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
+# coverage analysis in "analyze_outcomes.py" script.
+common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ TEST_TARGET="$1"
+
+ # This is an internal helper to simplify text message handling
+ if [ "$TEST_TARGET" = "ECC_DH" ]; then
+ ACCEL_TEXT="ECC/FFDH"
+ else
+ ACCEL_TEXT="ECC"
+ fi
+
+ msg "build: full + non accelerated $ACCEL_TEXT algs + USE_PSA"
+
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$TEST_TARGET"
+
+ make
+
+ msg "test suites: full + non accelerated EC algs + USE_PSA"
+ make test
+
+ msg "ssl-opt: full + non accelerated $ACCEL_TEXT algs + USE_PSA"
+ tests/ssl-opt.sh
+}
+
+component_test_psa_crypto_config_accel_ecc_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_reference_ecc_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
+}
+
+component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
+}
+
+# Helper for setting common configurations between:
+# - component_test_tfm_config_p256m_driver_accel_ec()
+# - component_test_tfm_config()
+common_tfm_config () {
+ # Enable TF-M config
+ cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
+ cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+
+ # Adjust for the fact that we're building outside the TF-M environment.
+ #
+ # TF-M has separation, our build doesn't
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ # TF-M provdes its own (dummy) implemenation, from their tree
+ scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT
+ scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT
+ # We have an OS that provides entropy, use it
+ scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY
+
+ # Other config adjustments to make the tests pass.
+ # Those should probably be adopted upstream.
+ #
+ # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
+ echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
+ # pkparse.c and pkwrite.c fail to link without this
+ echo "#define MBEDTLS_OID_C" >> "$CONFIG_H"
+ # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite
+ echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H"
+ echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H"
+ # - MD_C for HKDF_C
+ echo "#define MBEDTLS_MD_C" >> "$CONFIG_H"
+
+ # Config adjustments for better test coverage in our environment.
+ # These are not needed just to build and pass tests.
+ #
+ # Enable filesystem I/O for the benefit of PK parse/write tests.
+ echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
+ # Disable this for maximal ASan efficiency
+ scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+ # Config adjustments for features that are not supported
+ # when using only drivers / by p256-m
+ #
+ # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+ # Disable deterministic ECDSA as p256-m only does randomized
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+
+}
+
+# Keep this in sync with component_test_tfm_config() as they are both meant
+# to be used in analyze_outcomes.py for driver's coverage analysis.
+component_test_tfm_config_p256m_driver_accel_ec () {
+ msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
+
+ common_tfm_config
+
+ # Set the list of accelerated components in order to remove them from
+ # builtin support.
+ loc_accel_list="ALG_ECDSA \
+ ALG_ECDH \
+ KEY_TYPE_ECC_KEY_PAIR_BASIC \
+ KEY_TYPE_ECC_KEY_PAIR_IMPORT \
+ KEY_TYPE_ECC_KEY_PAIR_EXPORT \
+ KEY_TYPE_ECC_KEY_PAIR_GENERATE \
+ KEY_TYPE_ECC_PUBLIC_KEY"
+ loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+
+ # Build crypto library specifying we want to use P256M code for EC operations
+ make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_PSA_P256M_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS"
+
+ # Make sure any built-in EC alg was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecjpake_ library/ecjpake.o
# Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
@@ -2766,32 +2966,21 @@
not grep mbedtls_mpi_ library/bignum.o
# Run the tests
- # -------------
-
- msg "test suites: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
+ msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
make test
-
- # The following will be enabled in #7756
- msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP - BIGNUM"
- tests/ssl-opt.sh
}
-# Reference function used for driver's coverage analysis in analyze_outcomes.py
-# in conjunction with component_test_psa_crypto_config_accel_ecc_no_bignum().
-# Keep in sync with its accelerated counterpart.
-component_test_psa_crypto_config_reference_ecc_no_bignum () {
- msg "build: full + non accelerated EC algs + USE_PSA"
+# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
+# they are both meant to be used in analyze_outcomes.py for driver's coverage
+# analysis.
+component_test_tfm_config() {
+ common_tfm_config
- config_psa_crypto_config_accel_ecc_no_bignum 0
+ msg "build: TF-M config"
+ make tests
- make
-
- msg "test suites: full + non accelerated EC algs + USE_PSA"
+ msg "test: TF-M config"
make test
-
- # The following will be enabled in #7756
- msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
- tests/ssl-opt.sh
}
# Helper function used in:
@@ -2801,7 +2990,7 @@
psa_crypto_config_accel_all_curves_except_one () {
BUILTIN_CURVE=$1
- msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
+ msg "build: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
# Accelerate all EC algs (all EC curves are automatically accelerated as
# well in the built-in version due to the "PSA_WANT_xxx" symbols in
@@ -2891,7 +3080,7 @@
# Run the tests
# -------------
- msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
+ msg "test: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
make test
}
@@ -2903,6 +3092,41 @@
psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED
}
+# Common helper for component_full_without_ecdhe_ecdsa() and
+# component_full_without_ecdhe_ecdsa_and_tls13() which:
+# - starts from the "full" configuration minus the list of symbols passed in
+# as 1st parameter
+# - build
+# - test only TLS (i.e. test_suite_tls and ssl-opt)
+build_full_minus_something_and_test_tls () {
+ SYMBOLS_TO_DISABLE="$1"
+
+ msg "build: full minus something, test TLS"
+
+ scripts/config.py full
+ for SYM in $SYMBOLS_TO_DISABLE; do
+ echo "Disabling $SYM"
+ scripts/config.py unset $SYM
+ done
+
+ make
+
+ msg "test: full minus something, test TLS"
+ ( cd tests; ./test_suite_ssl )
+
+ msg "ssl-opt: full minus something, test TLS"
+ tests/ssl-opt.sh
+}
+
+component_full_without_ecdhe_ecdsa () {
+ build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+}
+
+component_full_without_ecdhe_ecdsa_and_tls13 () {
+ build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ MBEDTLS_SSL_PROTO_TLS1_3"
+}
+
# This is an helper used by:
# - component_test_psa_ecc_key_pair_no_derive
# - component_test_psa_ecc_key_pair_no_generate
@@ -2915,9 +3139,8 @@
UNSET_OPTION=$2
DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}"
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
@@ -2927,7 +3150,7 @@
make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
+ msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}"
make test
}
@@ -3147,7 +3370,7 @@
# is related to this component and both components need to be kept in sync.
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
component_test_psa_crypto_config_accel_hash_use_psa () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: full with accelerated hashes"
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
@@ -3174,18 +3397,18 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: full with accelerated hashes"
make test
# This is mostly useful so that we can later compare outcome files with
# the reference config in analyze_outcomes.py, to check that the
# dependency declarations in ssl-opt.sh and in TLS code are correct.
- msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: ssl-opt.sh, full with accelerated hashes"
tests/ssl-opt.sh
# This is to make sure all ciphersuites are exercised, but we don't need
# interop testing (besides, we already got some from ssl-opt.sh).
- msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: compat.sh, full with accelerated hashes"
tests/compat.sh -p mbedTLS -V YES
}
@@ -3194,16 +3417,16 @@
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
# Both components need to be kept in sync.
component_test_psa_crypto_config_reference_hash_use_psa() {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: full without accelerated hashes"
config_psa_crypto_hash_use_psa 0
make
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: full without accelerated hashes"
make test
- msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: ssl-opt.sh, full without accelerated hashes"
tests/ssl-opt.sh
}
@@ -3290,47 +3513,27 @@
make test
}
-component_test_psa_crypto_config_accel_pake() {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
-
- loc_accel_list="ALG_JPAKE"
-
- # Configure
- # ---------
-
- helper_libtestdriver1_adjust_config "full"
-
- # Make build-in fallback not available
- scripts/config.py unset MBEDTLS_ECJPAKE_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
- # Build
- # -----
-
- helper_libtestdriver1_make_drivers "$loc_accel_list"
-
- helper_libtestdriver1_make_main "$loc_accel_list"
-
- # Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ecjpake_init library/ecjpake.o
-
- # Run the tests
- # -------------
-
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
- make test
-}
-
-component_test_psa_crypto_config_chachapoly_disabled() {
- # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
- msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+component_test_aead_chachapoly_disabled() {
+ msg "build: full minus CHACHAPOLY"
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+ msg "test: full minus CHACHAPOLY"
+ make test
+}
+
+component_test_aead_only_ccm() {
+ msg "build: full minus CHACHAPOLY and GCM"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+
+ msg "test: full minus CHACHAPOLY and GCM"
make test
}
@@ -3348,11 +3551,8 @@
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
component_build_psa_accel_alg_ecdh() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
- # without MBEDTLS_ECDH_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDH_C
@@ -3367,10 +3567,8 @@
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
component_build_psa_accel_key_type_ecc_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
@@ -3385,10 +3583,8 @@
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
component_build_psa_accel_key_type_ecc_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
@@ -3403,10 +3599,8 @@
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
component_build_psa_accel_alg_hmac() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@@ -3415,11 +3609,8 @@
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
component_build_psa_accel_alg_hkdf() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
- # without MBEDTLS_HKDF_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_HKDF_C
@@ -3431,10 +3622,8 @@
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
component_build_psa_accel_alg_md5() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
@@ -3452,10 +3641,8 @@
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
component_build_psa_accel_alg_ripemd160() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3473,10 +3660,8 @@
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
component_build_psa_accel_alg_sha1() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3494,10 +3679,8 @@
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
component_build_psa_accel_alg_sha224() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3512,10 +3695,8 @@
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
component_build_psa_accel_alg_sha256() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3530,10 +3711,8 @@
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
component_build_psa_accel_alg_sha384() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3550,10 +3729,8 @@
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
component_build_psa_accel_alg_sha512() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3571,10 +3748,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@@ -3587,10 +3762,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
@@ -3603,10 +3776,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_oaep() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
@@ -3619,10 +3790,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pss() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
@@ -3635,10 +3804,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
@@ -3652,10 +3819,8 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
@@ -3959,7 +4124,7 @@
component_test_malloc_0_null () {
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
scripts/config.py full
- make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
+ make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
make test
@@ -4249,16 +4414,16 @@
}
component_test_psa_crypto_drivers () {
- msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
+ msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
+ msg "test: full + test drivers dispatching to builtins"
make test
}
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 3b91bfb..119dbb5 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -325,7 +325,7 @@
}
}
},
- 'analyze_driver_vs_reference_no_bignum': {
+ 'analyze_driver_vs_reference_ecc_no_bignum': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
@@ -418,6 +418,100 @@
}
}
},
+ 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
+ 'ignored_suites': [
+ # Ignore test suites for the modules that are disabled in the
+ # accelerated test case.
+ 'ecp',
+ 'ecdsa',
+ 'ecdh',
+ 'ecjpake',
+ 'bignum_core',
+ 'bignum_random',
+ 'bignum_mod',
+ 'bignum_mod_raw',
+ 'bignum.generated',
+ 'bignum.misc',
+ 'dhm',
+ ],
+ 'ignored_tests': {
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_psa_crypto': [
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
+ ],
+ 'test_suite_pkparse': [
+ # See the description provided above in the
+ # analyze_driver_vs_reference_no_ecp_at_all component.
+ 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
+ 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
+ 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
+ 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
+ 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
+ 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
+ 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
+ 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
+ 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
+ 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
+ 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
+ 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
+ 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
+ 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
+ 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
+ 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ ],
+ 'test_suite_asn1parse': [
+ # This test depends on BIGNUM_C
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ # Following tests depends on BIGNUM_C
+ 'ASN.1 Write mpi 0 (1 limb)',
+ 'ASN.1 Write mpi 0 (null)',
+ 'ASN.1 Write mpi 0x100',
+ 'ASN.1 Write mpi 0x7f',
+ 'ASN.1 Write mpi 0x7f with leading 0 limb',
+ 'ASN.1 Write mpi 0x80',
+ 'ASN.1 Write mpi 0x80 with leading 0 limb',
+ 'ASN.1 Write mpi 0xff',
+ 'ASN.1 Write mpi 1',
+ 'ASN.1 Write mpi, 127*8 bits',
+ 'ASN.1 Write mpi, 127*8+1 bits',
+ 'ASN.1 Write mpi, 127*8-1 bits',
+ 'ASN.1 Write mpi, 255*8 bits',
+ 'ASN.1 Write mpi, 255*8-1 bits',
+ 'ASN.1 Write mpi, 256*8-1 bits',
+ ],
+ 'test_suite_debug': [
+ # Following tests depends on BIGNUM_C
+ 'Debug print mbedtls_mpi #2: 3 bits',
+ 'Debug print mbedtls_mpi: 0 (empty representation)',
+ 'Debug print mbedtls_mpi: 0 (non-empty representation)',
+ 'Debug print mbedtls_mpi: 49 bits',
+ 'Debug print mbedtls_mpi: 759 bits',
+ 'Debug print mbedtls_mpi: 764 bits #1',
+ 'Debug print mbedtls_mpi: 764 bits #2',
+ ],
+ }
+ }
+ },
'analyze_driver_vs_reference_ffdh_alg': {
'test_function': do_analyze_driver_vs_reference,
'args': {
@@ -427,6 +521,102 @@
'ignored_tests': {}
}
},
+ 'analyze_driver_vs_reference_tfm_config': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_tfm_config',
+ 'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
+ 'ignored_suites': [
+ # Ignore test suites for the modules that are disabled in the
+ # accelerated test case.
+ 'ecp',
+ 'ecdsa',
+ 'ecdh',
+ 'ecjpake',
+ 'bignum_core',
+ 'bignum_random',
+ 'bignum_mod',
+ 'bignum_mod_raw',
+ 'bignum.generated',
+ 'bignum.misc',
+ ],
+ 'ignored_tests': {
+ # Ignore all tests that require DERIVE support which is disabled
+ # in the driver version
+ 'test_suite_psa_crypto': [
+ 'PSA key agreement setup: ECDH + HKDF-SHA-256: good',
+ ('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader '
+ 'than required'),
+ 'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve',
+ 'PSA key agreement setup: KDF instead of a key agreement algorithm',
+ 'PSA key agreement setup: bad key agreement algorithm',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32',
+ 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output',
+ 'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret',
+ 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case',
+ 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label',
+ 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret',
+ 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
+ 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka',
+ 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka',
+ 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
+ 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
+ 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)',
+ ],
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ 'test_suite_psa_crypto_pake': [
+ 'PSA PAKE: ecjpake size macros',
+ ],
+ 'test_suite_asn1parse': [
+ # This test depends on BIGNUM_C
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ # Following tests depends on BIGNUM_C
+ 'ASN.1 Write mpi 0 (1 limb)',
+ 'ASN.1 Write mpi 0 (null)',
+ 'ASN.1 Write mpi 0x100',
+ 'ASN.1 Write mpi 0x7f',
+ 'ASN.1 Write mpi 0x7f with leading 0 limb',
+ 'ASN.1 Write mpi 0x80',
+ 'ASN.1 Write mpi 0x80 with leading 0 limb',
+ 'ASN.1 Write mpi 0xff',
+ 'ASN.1 Write mpi 1',
+ 'ASN.1 Write mpi, 127*8 bits',
+ 'ASN.1 Write mpi, 127*8+1 bits',
+ 'ASN.1 Write mpi, 127*8-1 bits',
+ 'ASN.1 Write mpi, 255*8 bits',
+ 'ASN.1 Write mpi, 255*8-1 bits',
+ 'ASN.1 Write mpi, 256*8-1 bits',
+ ],
+ }
+ }
+ }
}
def main():
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 5486a86..e925641 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -161,6 +161,7 @@
log_command(['config.py', 'full'])
conf.adapt(config.full_adapter)
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
+ set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False)
if options.unset_use_psa:
set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index cab96ab..52ff031 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -149,6 +149,17 @@
}
}
+uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
+{
+ uint64_t result = 0;
+ TEST_LE_U(bin_string->len, 8);
+ for (size_t i = 0; i < bin_string->len; i++) {
+ result = result << 8 | bin_string->x[i];
+ }
+exit:
+ return result; /* returns 0 if len > 8 */
+}
+
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <mbedtls/entropy.h>
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 9ff408c..c4488b5 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -437,6 +437,17 @@
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length));
+ } else if (PSA_ALG_IS_PBKDF2(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_integer(operation,
+ PSA_KEY_DERIVATION_INPUT_COST,
+ 1U));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ input2,
+ input2_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_PASSWORD,
+ key));
} else {
TEST_FAIL("Key derivation algorithm not supported");
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0164b45..d3dd008 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1635,13 +1635,18 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
fi
- # If the client or server requires certain features that can be detected
- # from their command-line arguments, check that they're enabled.
- TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
-
# Check if we are trying to use an external tool wich does not support ECDH
EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
+ # Guess the TLS version which is going to be used
+ if [ "$EXT_WO_ECDH" = "no" ]; then
+ TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
+ else
+ TLS_VERSION="TLS12"
+ fi
+
+ # If the client or server requires certain features that can be detected
+ # from their command-line arguments, check whether they're enabled.
detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 617c875..0e013b7 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -166,11 +166,10 @@
void entropy_seed_file(char *path, int ret)
{
mbedtls_entropy_context ctx;
+ mbedtls_entropy_init(&ctx);
MD_PSA_INIT();
- mbedtls_entropy_init(&ctx);
-
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret);
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path) == ret);
@@ -184,11 +183,10 @@
void entropy_write_base_seed_file(int ret)
{
mbedtls_entropy_context ctx;
+ mbedtls_entropy_init(&ctx);
MD_PSA_INIT();
- mbedtls_entropy_init(&ctx);
-
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
@@ -249,10 +247,10 @@
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 };
size_t i, j;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
+ MD_PSA_INIT();
+
/*
* See comments in mbedtls_entropy_self_test()
*/
@@ -286,10 +284,10 @@
unsigned char buf[16];
entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 };
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
&dummy, 16,
MBEDTLS_ENTROPY_SOURCE_WEAK)
@@ -324,11 +322,11 @@
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
/* Set strong source that reaches its threshold immediately and
* a weak source whose threshold is a test parameter. */
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
@@ -374,11 +372,11 @@
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
&dummy1, threshold,
strength1) == 0);
@@ -473,8 +471,6 @@
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
- MD_PSA_INIT();
-
memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
@@ -488,6 +484,8 @@
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG) == 0);
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 410ae64..beb9a62 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -6377,10 +6377,22 @@
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"56fa6aa75548099dcc37d7f03425e0c3":"":0:1:0
-PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt in two step
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=2+2
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=0+4
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=4+0
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), salt=0+0
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"b03ada2451aa1084ce14cf51c93eeea9d2bd435db3f93a70031b2de39fdef45d2ccb1fe2078e79773c148311d3e6ec5dec9da7f30d78584ec21c94de839671b2":"":0:1:0
+
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as key, derive key
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:1
@@ -6568,6 +6580,55 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+# Input cost is set to 1U for testing purposes.
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES128-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES256-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 2-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 3-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise HMAC-SHA-256
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES128-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES256-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 2-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 3-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise HMAC-SHA-256
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_HMAC
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
@@ -6592,6 +6653,22 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
+PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 16+32
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":16:32
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 1+41
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":1:41
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 16+32
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":16:32
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 1+41
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":1:41
+
PSA key derivation: HKDF-SHA-256 -> AES-128
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:"3cb25f25faacd57a90434f64d0362f2a"
@@ -6684,6 +6761,22 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_448
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"cc9d06c33cec5b3d08221a7228050e6919150a43592ae710162c97c0a2855b25c373305784895a1c48ca511ee42fc50c3f67d419569007ea"
+PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-128
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"55ac046e56e3089fec1691c22544b605"
+
+PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-256
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc"
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-128
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"28e288c6345bb5ecf7ca70274208a3ba"
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52"
+
PSA key derivation: invalid type (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
@@ -6833,7 +6926,6 @@
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_NOT_SUPPORTED:0
-
PSA key derivation: raw data, 8 bits
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
@@ -6842,6 +6934,56 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (0)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (0)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, raw data, 8 bits
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length (9 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (0)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (0)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, raw data, 8 bits
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length (9 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+
# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
@@ -6853,6 +6995,14 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+PSA key derivation: PBKDF2-HMAC-SHA-256, key too large
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, key too large
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+
PSA key agreement setup: ECDH + HKDF-SHA-256: good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256
key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 88bdd6c..2dfc7a4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -296,17 +296,6 @@
#define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */
-uint64_t parse_binary_string(data_t *bin_string)
-{
- uint64_t result = 0;
- TEST_LE_U(bin_string->len, 8);
- for (size_t i = 0; i < bin_string->len; i++) {
- result = result << 8 | bin_string->x[i];
- }
-exit:
- return result; /* returns 0 if len > 8 */
-}
-
/* An overapproximation of the amount of storage needed for a key of the
* given type and with the given content. The API doesn't make it easy
* to find a good value for the size. The current implementation doesn't
@@ -1366,7 +1355,21 @@
psa_set_key_bits(&attributes, attr_bits);
status = psa_import_key(&attributes, data->x, data->len, &key);
- TEST_EQUAL(status, expected_status);
+ /* When expecting INVALID_ARGUMENT, also accept NOT_SUPPORTED.
+ *
+ * This can happen with a type supported only by a driver:
+ * - the driver sees the invalid data (for example wrong size) and thinks
+ * "well perhaps this is a key size I don't support" so it returns
+ * NOT_SUPPORTED which is correct at this point;
+ * - we fallback to built-ins, which don't support this type, so return
+ * NOT_SUPPORTED which again is correct at this point.
+ */
+ if (expected_status == PSA_ERROR_INVALID_ARGUMENT &&
+ status == PSA_ERROR_NOT_SUPPORTED) {
+ ; // OK
+ } else {
+ TEST_EQUAL(status, expected_status);
+ }
if (status != PSA_SUCCESS) {
goto exit;
}
@@ -8474,7 +8477,7 @@
void parse_binary_string_test(data_t *input, int output)
{
uint64_t value;
- value = parse_binary_string(input);
+ value = mbedtls_test_parse_binary_string(input);
TEST_EQUAL(value, output);
}
/* END_CASE */
@@ -8540,7 +8543,7 @@
if (key_types[i] == INPUT_INTEGER) {
TEST_EQUAL(psa_key_derivation_input_integer(
&operation, steps[i],
- parse_binary_string(inputs[i])),
+ mbedtls_test_parse_binary_string(inputs[i])),
expected_statuses[i]);
} else {
TEST_EQUAL(psa_key_derivation_input_bytes(
@@ -8740,7 +8743,7 @@
case PSA_KEY_DERIVATION_INPUT_COST:
TEST_EQUAL(psa_key_derivation_input_integer(
&operation, steps[i],
- parse_binary_string(inputs[i])),
+ mbedtls_test_parse_binary_string(inputs[i])),
statuses[i]);
if (statuses[i] != PSA_SUCCESS) {
goto exit;
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 361c160..8f2252e 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3234,7 +3234,7 @@
# - App data payload: 70696e67
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
@@ -3245,7 +3245,7 @@
# - App data payload: 706f6e67
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
@@ -3264,7 +3264,7 @@
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
@@ -3283,12 +3283,12 @@
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_ALG_SHA_256
ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 915d104..29bc1c4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1403,19 +1403,16 @@
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
mbedtls_test_rnd_std_rand, NULL);
- if ((mode == 1 || mode == 2) && seen_success) {
- TEST_ASSERT(ret == 0);
- } else {
- TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- if (ret == 0) {
- seen_success = 1;
- }
- }
-
- if (ret != 0) {
+ if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ /* It's ok if the output buffer is too small. We do insist
+ * on at least one mode succeeding; this is tracked by
+ * seen_success. */
continue;
}
+ TEST_EQUAL(ret, 0);
+ seen_success = 1;
+
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (rec.cid_len != 0) {
/* DTLS 1.2 + CID hides the real content type and
@@ -2005,7 +2002,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_record_protection(int ciphersuite,
int endpoint,
int ctr,