Merge pull request #7807 from gilles-peskine-arm/mbedtls_ssl_protocol_version_str-no_array
Fix very high stack usage in SSL debug code
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index ec0dc8a..24c3941 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -129,13 +129,38 @@
#define MBEDTLS_MD_LIGHT
#endif
-/* MBEDTLS_ECP_C now consists of MBEDTLS_ECP_LIGHT plus functions for curve
- * arithmetic. As a consequence if MBEDTLS_ECP_C is required for some reason,
- * then MBEDTLS_ECP_LIGHT should be enabled as well. */
-#if defined(MBEDTLS_ECP_C)
+/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
+ * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
+ * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
+ * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
+ * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
+ * these features are not supported in PSA so the only way to have them is
+ * to enable the built-in solution.
+ * Both of them are temporary dependencies:
+ * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
+ * - support for compressed points should also be added to PSA, but in this
+ * case there is no associated issue to track it yet.
+ * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
+ * still depends on ECP_LIGHT.
+ * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
+ * be fixed by #7453.
+ */
+#if defined(MBEDTLS_ECP_C) || \
+ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
+ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#define MBEDTLS_ECP_LIGHT
#endif
+/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
+ * in previous version compressed points were automatically supported as long
+ * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
+ * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
+ * are met. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
+
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
* is defined as well to include all PSA code.
*/
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index b043983..e151042 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1046,6 +1046,19 @@
#define MBEDTLS_PK_PARSE_EC_EXTENDED
/**
+ * \def MBEDTLS_PK_PARSE_EC_COMPRESSED
+ *
+ * Enable the support for parsing public keys of type Short Weierstrass
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the
+ * compressed point format. This parsing is done through ECP module's functions.
+ *
+ * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h)
+ * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and
+ * MBEDTLS_ECP_DP_SECP224K1.
+ */
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+
+/**
* \def MBEDTLS_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of mbedtls_strerror() in
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index ec36748..e333ba1 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -545,7 +545,7 @@
int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen);
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/**
* \brief Translate NamedCurve OID into an EC group identifier
*
@@ -591,7 +591,7 @@
*/
int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen);
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/**
* \brief Translate SignatureAlgorithm OID into md_type and pk_type
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index cbeaf51..089333d 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -207,7 +207,8 @@
* format. It should be noticed that this only affect how data is stored, not
* which functions are used for various operations. The overall picture looks
* like this:
- * - if ECP_C is defined then use legacy functions
+ * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
+ * and legacy functions
* - if USE_PSA is defined and
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
* format and use PSA functions
@@ -218,11 +219,18 @@
* ecp_keypair structure inside the pk_context so he/she can modify it using
* ECP functions which are not under PK module's control.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \
- defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_USE_PSA_EC_DATA
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
/**
* \brief Types for interfacing with the debug module
*/
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index df6d762..b7da185 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -500,6 +500,23 @@
int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage);
+/**
+ * \brief This function parses a CN string as an IP address.
+ *
+ * \param cn The CN string to parse. CN string MUST be null-terminated.
+ * \param dst The target buffer to populate with the binary IP address.
+ * The buffer MUST be 16 bytes to save IPv6, and should be
+ * 4-byte aligned if the result will be used as struct in_addr.
+ * e.g. uint32_t dst[4]
+ *
+ * \note \p cn is parsed as an IPv6 address if string contains ':',
+ * else \p cn is parsed as an IPv4 address.
+ *
+ * \return Length of binary IP address; num bytes written to target.
+ * \return \c 0 on failure to parse CN string as an IP address.
+ */
+size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
+
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if (ret < 0 || (size_t) ret >= n) \
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index cc70e6f..5529dd1 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -572,8 +572,7 @@
/** \defgroup psa_tls_helpers TLS helper functions
* @{
*/
-
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
@@ -589,54 +588,8 @@
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
-static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
- size_t *bits)
-{
- switch (grpid) {
- case MBEDTLS_ECP_DP_SECP192R1:
- *bits = 192;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP224R1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP256R1:
- *bits = 256;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP384R1:
- *bits = 384;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP521R1:
- *bits = 521;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_BP256R1:
- *bits = 256;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_BP384R1:
- *bits = 384;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_BP512R1:
- *bits = 512;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_CURVE25519:
- *bits = 255;
- return PSA_ECC_FAMILY_MONTGOMERY;
- case MBEDTLS_ECP_DP_SECP192K1:
- *bits = 192;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_SECP256K1:
- *bits = 256;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_CURVE448:
- *bits = 448;
- return PSA_ECC_FAMILY_MONTGOMERY;
- default:
- *bits = 0;
- return 0;
- }
-}
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits);
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
@@ -660,7 +613,7 @@
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy);
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
/**@}*/
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index acf45e9..84f3896 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -88,7 +88,7 @@
N->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
- mbedtls_free(N->rep.ored);
+ N->rep.ored.modp = NULL;
break;
case MBEDTLS_MPI_MOD_REP_INVALID:
break;
@@ -136,33 +136,25 @@
return ret;
}
-int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
- const mbedtls_mpi_uint *p,
- size_t p_limbs,
- mbedtls_mpi_mod_rep_selector int_rep)
+static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs,
+ mbedtls_mpi_mod_rep_selector int_rep)
{
- int ret = 0;
-
N->p = p;
N->limbs = p_limbs;
N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
+ N->int_rep = int_rep;
+}
- switch (int_rep) {
- case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- N->int_rep = int_rep;
- N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
- ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
- break;
- case MBEDTLS_MPI_MOD_REP_OPT_RED:
- N->int_rep = int_rep;
- N->rep.ored = NULL;
- break;
- default:
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- goto exit;
- }
-
-exit:
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs)
+{
+ int ret = 0;
+ standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY);
+ N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
+ ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
if (ret != 0) {
mbedtls_mpi_mod_modulus_free(N);
@@ -171,6 +163,16 @@
return ret;
}
+int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs,
+ mbedtls_mpi_modp_fn modp)
+{
+ standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED);
+ N->rep.ored.modp = modp;
+ return 0;
+}
+
int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
const mbedtls_mpi_mod_residue *A,
const mbedtls_mpi_mod_residue *B,
@@ -235,8 +237,7 @@
mbedtls_mpi_mod_modulus Nmont;
mbedtls_mpi_mod_modulus_init(&Nmont);
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs));
/* We'll use X->p to hold the Montgomery form of the input A->p */
mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs,
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index db177ed..39e8fd2 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -98,10 +98,11 @@
/* Skip 1 as it is slightly easier to accidentally pass to functions. */
/** Montgomery representation. */
MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2,
- /** TODO: document this.
- *
- * Residues are in canonical representation.
- */
+ /* Optimised reduction available. This indicates a coordinate modulus (P)
+ * and one or more of the following have been configured:
+ * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
+ * - A Kobliz Curve.
+ * - A Fast Reduction Curve CURVE25519 or CURVE448. */
MBEDTLS_MPI_MOD_REP_OPT_RED,
} mbedtls_mpi_mod_rep_selector;
@@ -123,7 +124,11 @@
mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
} mbedtls_mpi_mont_struct;
-typedef void *mbedtls_mpi_opt_red_struct;
+typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs);
+
+typedef struct {
+ mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */
+} mbedtls_mpi_opt_red_struct;
typedef struct {
const mbedtls_mpi_uint *p;
@@ -197,16 +202,29 @@
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
- * \param int_rep The internal representation to be used for residues
- * associated with \p N (see #mbedtls_mpi_mod_rep_selector).
*
* \return \c 0 if successful.
- * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
- size_t p_limbs,
- mbedtls_mpi_mod_rep_selector int_rep);
+ size_t p_limbs);
+
+/** Setup an optimised-reduction compatible modulus structure.
+ *
+ * \param[out] N The address of the modulus structure to populate.
+ * \param[in] p The address of the limb array storing the value of \p N.
+ * The memory pointed to by \p p will be used by \p N and must
+ * not be modified in any way until after
+ * mbedtls_mpi_mod_modulus_free() is called.
+ * \param p_limbs The number of limbs of \p p.
+ * \param modp A pointer to the optimised reduction function to use. \p p.
+ *
+ * \return \c 0 if successful.
+ */
+int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
+ const mbedtls_mpi_uint *p,
+ size_t p_limbs,
+ mbedtls_mpi_modp_fn modp);
/** Free elements of a modulus structure.
*
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index af649a2..4a8f891 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5577,9 +5577,9 @@
(void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
/* M = B0 */
- if (ciL > 4) {
- M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
- }
+#ifdef MBEDTLS_HAVE_INT64
+ M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
+ #endif
memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL));
/* M = M + Q = B0 + B1 */
@@ -5831,20 +5831,24 @@
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id,
- const mbedtls_ecp_curve_type ctype)
+ const mbedtls_ecp_modulus_type ctype)
{
+ mbedtls_mpi_modp_fn modp = NULL;
mbedtls_mpi_uint *p = NULL;
size_t p_limbs;
- if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \
- ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) {
+ if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \
+ ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ modp = &mbedtls_ecp_mod_p192_raw;
+#endif
p = (mbedtls_mpi_uint *) secp192r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p));
} else {
@@ -5856,7 +5860,10 @@
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ modp = &mbedtls_ecp_mod_p224_raw;
+#endif
p = (mbedtls_mpi_uint *) secp224r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p));
} else {
@@ -5868,7 +5875,10 @@
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ modp = &mbedtls_ecp_mod_p256_raw;
+#endif
p = (mbedtls_mpi_uint *) secp256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p));
} else {
@@ -5880,7 +5890,10 @@
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ modp = &mbedtls_ecp_mod_p384_raw;
+#endif
p = (mbedtls_mpi_uint *) secp384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p));
} else {
@@ -5892,7 +5905,10 @@
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ modp = &mbedtls_ecp_mod_p521_raw;
+#endif
p = (mbedtls_mpi_uint *) secp521r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p));
} else {
@@ -5904,7 +5920,7 @@
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p));
} else {
@@ -5916,7 +5932,7 @@
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p));
} else {
@@ -5928,7 +5944,7 @@
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP512r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p));
} else {
@@ -5940,7 +5956,8 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ modp = &mbedtls_ecp_mod_p255_raw;
p = (mbedtls_mpi_uint *) curve25519_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p));
} else {
@@ -5952,7 +5969,8 @@
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ modp = &mbedtls_ecp_mod_p192_raw;
p = (mbedtls_mpi_uint *) secp192k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p));
} else {
@@ -5964,7 +5982,8 @@
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ modp = &mbedtls_ecp_mod_p224_raw;
p = (mbedtls_mpi_uint *) secp224k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p));
} else {
@@ -5976,7 +5995,8 @@
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ modp = &mbedtls_ecp_mod_p256_raw;
p = (mbedtls_mpi_uint *) secp256k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p));
} else {
@@ -5988,7 +6008,8 @@
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
- if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
+ modp = &mbedtls_ecp_mod_p448_raw;
p = (mbedtls_mpi_uint *) curve448_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
} else {
@@ -6003,9 +6024,14 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY)) {
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (modp != NULL) {
+ if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
+ } else {
+ if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
}
return 0;
}
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 1dc5567..94867b9 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -306,7 +306,7 @@
* \param[in,out] N The address of the modulus structure to populate.
* Must be initialized.
* \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus.
- * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P)
+ * \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P)
* or a scalar modulus (N).
*
* \return \c 0 if successful.
@@ -317,7 +317,7 @@
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id,
- const mbedtls_ecp_curve_type ctype);
+ const mbedtls_ecp_modulus_type ctype);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */
diff --git a/library/oid.c b/library/oid.c
index a580992..47a311b 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -543,7 +543,7 @@
mbedtls_pk_type_t,
pk_alg)
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* For elliptic curves that use namedCurve inside ECParams (RFC 5480)
*/
@@ -674,7 +674,7 @@
oid_ecp_grp_algid,
mbedtls_ecp_group_id,
grp_id)
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_CIPHER_C)
/*
diff --git a/library/pk.c b/library/pk.c
index 91796de..52eb0d5 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -31,7 +31,7 @@
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -125,12 +125,12 @@
case MBEDTLS_PK_RSA:
return &mbedtls_rsa_info;
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
case MBEDTLS_PK_ECKEY:
return &mbedtls_eckey_info;
case MBEDTLS_PK_ECKEY_DH:
return &mbedtls_eckeydh_info;
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
case MBEDTLS_PK_ECDSA:
return &mbedtls_ecdsa_info;
@@ -196,42 +196,6 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
- mbedtls_ecp_keypair *ecp_keypair)
-{
- int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-
- if (pk == NULL) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
- /* The raw public key storing mechanism is only supported for EC keys so
- * we fail silently for other ones. */
- if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) &&
- (pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) &&
- (pk->pk_info->type != MBEDTLS_PK_ECDSA)) {
- return 0;
- }
-
- ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- &pk->pub_raw_len,
- pk->pub_raw,
- MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
- if (ret != 0) {
- return ret;
- }
-
- pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
- &pk->ec_bits);
- if (pk->ec_family == 0) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- return 0;
-}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
* Initialize an RSA-alt context
@@ -903,14 +867,14 @@
psa_key_usage_t usage,
psa_algorithm_t alg2)
{
-#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C)
+#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) alg);
((void) usage);
((void) alg2);
-#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
size_t d_len;
psa_ecc_family_t curve_id;
@@ -965,7 +929,7 @@
return mbedtls_pk_setup_opaque(pk, *key);
} else
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
@@ -1006,7 +970,7 @@
return mbedtls_pk_setup_opaque(pk, *key);
} else
#endif /* MBEDTLS_RSA_C */
-#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
+#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 388f94a..3d05f57 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -25,7 +25,7 @@
#include "mbedtls/pk.h"
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
#endif
@@ -44,7 +44,7 @@
psa_pk_status_to_mbedtls)
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/**
* Public function mbedtls_pk_ec() can be used to get direct access to the
* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
@@ -115,21 +115,7 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-/**
- * \brief Copy the public key content in raw format from "ctx->pk_ctx"
- * (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer.
- *
- * \note This is a temporary function that can be removed as soon as the pk
- * module is free from ECP_C
- *
- * \param pk It is the pk_context which is going to be updated. It acts both
- * as input and output.
- */
-int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
- mbedtls_ecp_keypair *ecp_keypair);
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 0cadab2..54a4d5d 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -634,7 +634,7 @@
};
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* Generic EC key
*/
@@ -1335,7 +1335,7 @@
#endif
eckey_debug, /* Same underlying key structure */
};
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
static int ecdsa_can_do(mbedtls_pk_type_t type)
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index b4b974f..1436d78 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -120,7 +120,7 @@
extern const mbedtls_pk_info_t mbedtls_rsa_info;
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
extern const mbedtls_pk_info_t mbedtls_eckey_info;
extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
#endif
diff --git a/library/pkparse.c b/library/pkparse.c
index 07fce5c..483176a 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -37,7 +37,7 @@
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
#include "pkwrite.h"
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -64,10 +64,10 @@
#include "mbedtls/platform.h"
/* Helper for Montgomery curves */
-#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
-#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */
#if defined(MBEDTLS_FS_IO)
/*
@@ -174,7 +174,7 @@
}
#endif /* MBEDTLS_FS_IO */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
*
* ECParameters ::= CHOICE {
@@ -655,7 +655,6 @@
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
@@ -664,9 +663,6 @@
* which never contain a public key. As such, derive the public key
* unconditionally. */
if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) {
-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- mbedtls_ecp_keypair_free(eck);
-#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return ret;
}
@@ -674,7 +670,6 @@
* into PSA. */
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return ret;
}
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
@@ -683,7 +678,7 @@
}
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) && defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
/*
* Create a temporary ecp_keypair for converting an EC point in compressed
* format to an uncompressed one
@@ -717,7 +712,7 @@
mbedtls_ecp_keypair_free(&ecp_key);
return ret;
}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_PK_PARSE_EC_COMPRESSED */
/*
* EC public key is an EC point
@@ -744,12 +739,16 @@
* consequence ecp functions are used to "convert" the point to
* uncompressed format */
if ((**p == 0x02) || (**p == 0x03)) {
+#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
ret = pk_convert_compressed_ec(pk, *p, len,
&(pk->pub_raw_len), pk->pub_raw,
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
if (ret != 0) {
return ret;
}
+#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
} else {
/* Uncompressed format */
if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
@@ -789,7 +788,7 @@
return ret;
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
/*
@@ -874,7 +873,7 @@
}
ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg);
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id);
if (ret == 0) {
@@ -948,7 +947,7 @@
ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@@ -962,7 +961,7 @@
ret = pk_get_ecpubkey(p, end, pk);
}
} else
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if (ret == 0 && *p != end) {
@@ -1166,7 +1165,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* Parse a SEC1 encoded private EC key
*/
@@ -1182,10 +1181,11 @@
unsigned char *d;
unsigned char *end = p + keylen;
unsigned char *end2;
- mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
@@ -1222,7 +1222,6 @@
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
#endif
@@ -1239,11 +1238,9 @@
0)) == 0) {
if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 ||
(ret = pk_use_ecparams(¶ms, pk)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return ret;
}
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
- mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
@@ -1279,7 +1276,6 @@
}
}
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
- mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
@@ -1307,21 +1303,19 @@
if (!pubkey_done) {
if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return ret;
}
}
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
- mbedtls_ecp_keypair_free(eck);
return ret;
}
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return 0;
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/*
* Parse an unencrypted PKCS#8 encoded private key
@@ -1350,7 +1344,7 @@
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
const mbedtls_pk_info_t *pk_info;
-#if !defined(MBEDTLS_ECP_LIGHT)
+#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
(void) f_rng;
(void) p_rng;
#endif
@@ -1415,7 +1409,7 @@
}
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@@ -1437,7 +1431,7 @@
}
}
} else
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
return 0;
@@ -1604,7 +1598,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
@@ -1633,7 +1627,7 @@
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
@@ -1739,7 +1733,7 @@
mbedtls_pk_init(pk);
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_sec1_der(pk,
@@ -1747,13 +1741,13 @@
return 0;
}
mbedtls_pk_free(pk);
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
- /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't,
+ /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't,
* it is ok to leave the PK context initialized but not
* freed: It is the caller's responsibility to call pk_init()
* before calling this function, and to call pk_free()
- * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C
+ * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C
* isn't, this leads to mbedtls_pk_free() being called
* twice, once here and once by the caller, but this is
* also ok and in line with the mbedtls_pk_free() calls
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 218d0c1..5f801e2 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -38,10 +38,10 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h"
#endif
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pkwrite.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -58,7 +58,7 @@
#include "mbedtls/platform.h"
/* Helper for Montgomery curves */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
{
@@ -76,6 +76,7 @@
#endif
return 0;
}
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */
static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
@@ -93,7 +94,7 @@
}
#endif /* MBETLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */
@@ -158,7 +159,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *pk)
@@ -316,7 +317,7 @@
return ret;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
@@ -353,7 +354,7 @@
MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
} else
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
} else
@@ -375,7 +376,7 @@
int has_par = 1;
size_t len = 0, par_len = 0, oid_len = 0;
mbedtls_pk_type_t pk_type;
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
#endif
const char *oid;
@@ -404,20 +405,20 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
pk_type = mbedtls_pk_get_type(key);
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) {
ec_grp_id = mbedtls_pk_get_group_id(key);
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
pk_type = MBEDTLS_PK_ECKEY;
ec_grp_id = mbedtls_pk_get_group_id(key);
} else
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
/* The rest of the function works as for legacy RSA contexts. */
pk_type = MBEDTLS_PK_RSA;
@@ -429,7 +430,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) {
/* Some groups have their own AlgorithmIdentifier OID, others are handled
* by mbedtls_oid_get_oid_by_pk_alg() below */
@@ -445,7 +446,7 @@
return ret;
}
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (oid_len == 0) {
if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
@@ -464,7 +465,7 @@
return (int) len;
}
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
/*
* RFC8410 section 7
@@ -572,7 +573,7 @@
return (int) len;
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
@@ -691,9 +692,9 @@
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0;
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t opaque_key_type;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -710,9 +711,9 @@
#if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -721,7 +722,7 @@
return pk_write_rsa_der(&c, buf, key);
} else
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410(key)) {
@@ -730,7 +731,7 @@
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
return pk_write_ec_der(&c, buf, key);
} else
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len;
@@ -781,12 +782,12 @@
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
size_t olen = 0;
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0;
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
int is_montgomery_opaque = 0;
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif
@@ -802,14 +803,14 @@
#if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) {
is_montgomery_opaque = 1;
}
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -819,7 +820,7 @@
end = PEM_END_PRIVATE_KEY_RSA;
} else
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (is_montgomery_opaque ||
@@ -828,13 +829,13 @@
begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
end = PEM_END_PRIVATE_KEY_PKCS8;
} else
-#endif
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
{
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
}
} else
-#endif
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
if ((ret = mbedtls_pem_write_buffer(begin, end,
diff --git a/library/pkwrite.h b/library/pkwrite.h
index 8db2333..aa2f17b 100644
--- a/library/pkwrite.h
+++ b/library/pkwrite.h
@@ -73,7 +73,7 @@
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* EC public keys:
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
@@ -98,10 +98,10 @@
*/
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
-#else /* MBEDTLS_ECP_LIGHT */
+#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#endif /* MBEDTLS_PK_WRITE_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5e38c3a..2173483 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -390,7 +390,56 @@
/* Key management */
/****************************************************************/
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits)
+{
+ switch (grpid) {
+ case MBEDTLS_ECP_DP_SECP192R1:
+ *bits = 192;
+ return PSA_ECC_FAMILY_SECP_R1;
+ case MBEDTLS_ECP_DP_SECP224R1:
+ *bits = 224;
+ return PSA_ECC_FAMILY_SECP_R1;
+ case MBEDTLS_ECP_DP_SECP256R1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_SECP_R1;
+ case MBEDTLS_ECP_DP_SECP384R1:
+ *bits = 384;
+ return PSA_ECC_FAMILY_SECP_R1;
+ case MBEDTLS_ECP_DP_SECP521R1:
+ *bits = 521;
+ return PSA_ECC_FAMILY_SECP_R1;
+ case MBEDTLS_ECP_DP_BP256R1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+ case MBEDTLS_ECP_DP_BP384R1:
+ *bits = 384;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+ case MBEDTLS_ECP_DP_BP512R1:
+ *bits = 512;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+ case MBEDTLS_ECP_DP_CURVE25519:
+ *bits = 255;
+ return PSA_ECC_FAMILY_MONTGOMERY;
+ case MBEDTLS_ECP_DP_SECP192K1:
+ *bits = 192;
+ return PSA_ECC_FAMILY_SECP_K1;
+ case MBEDTLS_ECP_DP_SECP224K1:
+ *bits = 224;
+ return PSA_ECC_FAMILY_SECP_K1;
+ case MBEDTLS_ECP_DP_SECP256K1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_SECP_K1;
+ case MBEDTLS_ECP_DP_CURVE448:
+ *bits = 448;
+ return PSA_ECC_FAMILY_MONTGOMERY;
+ default:
+ *bits = 0;
+ return 0;
+ }
+}
+
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy)
@@ -482,7 +531,7 @@
(void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE;
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
size_t bits)
diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h
index 5d7d951..5298f5a 100644
--- a/library/psa_crypto_ffdh.h
+++ b/library/psa_crypto_ffdh.h
@@ -47,8 +47,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key_buffer_size, \p peer_key_length, \p shared_secret_size
* do not match
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_key_agreement_ffdh(
const psa_key_attributes_t *attributes,
@@ -73,9 +73,9 @@
* \retval #PSA_SUCCESS The public key was exported successfully.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_export_ffdh_public_key(
const psa_key_attributes_t *attributes,
@@ -103,8 +103,8 @@
* Key size in bits is invalid.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_ffdh_generate_key(
const psa_key_attributes_t *attributes,
diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h
index 001c987..f21b0e6 100644
--- a/library/psa_crypto_pake.h
+++ b/library/psa_crypto_pake.h
@@ -43,8 +43,8 @@
* compatible with the PAKE algorithm, or the hash algorithm in
* \p cipher_suite is not supported or not compatible with the PAKE
* algorithm and primitive.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs);
@@ -78,10 +78,10 @@
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
@@ -116,10 +116,10 @@
* \retval #PSA_ERROR_NOT_SUPPORTED
* the \p input is not supported for the \p operation's algorithm, cipher
* suite or \p step.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
@@ -143,10 +143,10 @@
* \retval #PSA_ERROR_NOT_SUPPORTED
* Input from a PAKE is not supported by the algorithm in the \p output
* key derivation operation.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_get_implicit_key(
mbedtls_psa_pake_operation_t *operation,
@@ -164,7 +164,7 @@
*
* \retval #PSA_SUCCESS
* Success.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation);
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 30c35f3..26d570a 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2589,14 +2589,17 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- unsigned char buf[
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+ mbedtls_pk_context *pk;
+ mbedtls_pk_type_t pk_type;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
uint16_t tls_id = 0;
psa_ecc_family_t ecc_family;
size_t key_len;
- mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id;
+ unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+ mbedtls_ecp_keypair *key;
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
pk = mbedtls_ssl_own_key(ssl);
@@ -2604,18 +2607,20 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
-#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+ pk_type = mbedtls_pk_get_type(pk);
- switch (mbedtls_pk_get_type(pk)) {
+ switch (pk_type) {
case MBEDTLS_PK_OPAQUE:
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
ssl->handshake->ecdh_psa_privkey = pk->priv_id;
-
/* Key should not be destroyed in the TLS library */
ssl->handshake->ecdh_psa_privkey_is_external = 1;
@@ -2633,9 +2638,11 @@
ret = 0;
break;
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
+ key = mbedtls_pk_ec_rw(*pk);
grp_id = mbedtls_pk_get_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@@ -2660,36 +2667,29 @@
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
- if (status != PSA_SUCCESS) {
- ret = PSA_TO_MBEDTLS_ERR(status);
- goto cleanup;
- }
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len);
if (ret != 0) {
- goto cleanup;
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ break;
}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
status = psa_import_key(&key_attributes, buf, key_len,
&ssl->handshake->ecdh_psa_privkey);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
- goto cleanup;
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+ break;
}
+ mbedtls_platform_zeroize(buf, sizeof(buf));
ret = 0;
break;
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
default:
ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
-cleanup:
- mbedtls_platform_zeroize(buf, sizeof(buf));
-
return ret;
}
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
diff --git a/library/x509.c b/library/x509.c
index 6e16c4c..b600f45 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -53,13 +53,17 @@
#include <time.h>
#endif
-#define CHECK(code) if ((ret = (code)) != 0) { return ret; }
+#define CHECK(code) \
+ do { \
+ if ((ret = (code)) != 0) { \
+ return ret; \
+ } \
+ } while (0)
+
#define CHECK_RANGE(min, max, val) \
- do \
- { \
- if ((val) < (min) || (val) > (max)) \
- { \
- return ret; \
+ do { \
+ if ((val) < (min) || (val) > (max)) { \
+ return ret; \
} \
} while (0)
@@ -1700,16 +1704,19 @@
return 0;
}
-#define PRINT_ITEM(i) \
- { \
- ret = mbedtls_snprintf(p, n, "%s" i, sep); \
- MBEDTLS_X509_SAFE_SNPRINTF; \
- sep = ", "; \
- }
+#define PRINT_ITEM(i) \
+ do { \
+ ret = mbedtls_snprintf(p, n, "%s" i, sep); \
+ MBEDTLS_X509_SAFE_SNPRINTF; \
+ sep = ", "; \
+ } while (0)
-#define CERT_TYPE(type, name) \
- if (ns_cert_type & (type)) \
- PRINT_ITEM(name);
+#define CERT_TYPE(type, name) \
+ do { \
+ if (ns_cert_type & (type)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
int mbedtls_x509_info_cert_type(char **buf, size_t *size,
unsigned char ns_cert_type)
@@ -1734,9 +1741,12 @@
return 0;
}
-#define KEY_USAGE(code, name) \
- if (key_usage & (code)) \
- PRINT_ITEM(name);
+#define KEY_USAGE(code, name) \
+ do { \
+ if ((key_usage) & (code)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage)
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9b3414a..380b1fd 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -49,7 +49,6 @@
#include "mbedtls/psa_util.h"
#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "x509_invasive.h"
#include "pk_internal.h"
#include "mbedtls/platform.h"
@@ -2862,7 +2861,6 @@
#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
-MBEDTLS_STATIC_TESTABLE
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
{
return strchr(cn, ':') == NULL
diff --git a/library/x509_invasive.h b/library/x509_invasive.h
deleted file mode 100644
index d8fd74b..0000000
--- a/library/x509_invasive.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * \file x509_invasive.h
- *
- * \brief x509 module: interfaces for invasive testing only.
- *
- * The interfaces in this file are intended for testing purposes only.
- * They SHOULD NOT be made available in library integrations except when
- * building the library for testing.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_X509_INVASIVE_H
-#define MBEDTLS_X509_INVASIVE_H
-
-#include "common.h"
-
-#if defined(MBEDTLS_TEST_HOOKS)
-
-/**
- * \brief This function parses a CN string as an IP address.
- *
- * \param cn The CN string to parse. CN string MUST be NUL-terminated.
- * \param dst The target buffer to populate with the binary IP address.
- * The buffer MUST be 16 bytes to save IPv6, and should be
- * 4-byte aligned if the result will be used as struct in_addr.
- * e.g. uint32_t dst[4]
- *
- * \note \cn is parsed as an IPv6 address if string contains ':',
- * else \cn is parsed as an IPv4 address.
- *
- * \return Length of binary IP address; num bytes written to target.
- * \return \c 0 on failure to parse CN string as an IP address.
- */
-size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
-
-#endif /* MBEDTLS_TEST_HOOKS */
-
-#endif /* MBEDTLS_X509_INVASIVE_H */
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index fe060f3..23e816b 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -116,18 +116,6 @@
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
-static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
-{
- for (int i = 0; i < maxBytes; i++) {
- bytes[i] = (uint8_t) strtoul(str, NULL, 10);
- str = strchr(str, '.');
- if (str == NULL || *str == '\0') {
- break;
- }
- str++;
- }
-}
-
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@@ -165,13 +153,15 @@
mbedtls_pk_context key;
char buf[1024];
int i;
- char *p, *q, *r, *r2;
+ char *p, *q, *r, *subtype_value;
mbedtls_x509write_csr req;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
-
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ uint8_t ip[4] = { 0 };
+#endif
/*
* Set to sane values
*/
@@ -231,8 +221,6 @@
prev = NULL;
while (q != NULL) {
- uint8_t ip[4] = { 0 };
-
if ((r = strchr(q, ';')) != NULL) {
*r++ = '\0';
}
@@ -245,8 +233,8 @@
cur->next = NULL;
- if ((r2 = strchr(q, ':')) != NULL) {
- *r2++ = '\0';
+ if ((subtype_value = strchr(q, ':')) != NULL) {
+ *subtype_value++ = '\0';
}
if (strcmp(q, "URI") == 0) {
@@ -254,18 +242,31 @@
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
- ip_string_to_bytes(r2, ip, 4);
+ ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_len == 0) {
+ mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
+ subtype_value);
+ goto exit;
+ }
+#else
+ mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined");
+ goto exit;
+#endif
} else {
mbedtls_free(cur);
goto usage;
}
if (strcmp(q, "IP") == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip);
+#endif
} else {
- q = r2;
+ q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q);
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index e4f8886..e58f528 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -216,18 +216,6 @@
int format; /* format */
} opt;
-static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
-{
- for (int i = 0; i < maxBytes; i++) {
- bytes[i] = (uint8_t) strtoul(str, NULL, 10);
- str = strchr(str, '.');
- if (str == NULL || *str == '\0') {
- break;
- }
- str++;
- }
-}
-
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@@ -601,8 +589,14 @@
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
+ size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
- ip_string_to_bytes(subtype_value, ip, 4);
+ ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_len == 0) {
+ mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
+ subtype_value);
+ goto exit;
+ }
cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) {
@@ -625,8 +619,9 @@
if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
- cur->node.san.unstructured_name.p = (unsigned char *) subtype_value;
- cur->node.san.unstructured_name.len = strlen(subtype_value);
+ q = subtype_value;
+ cur->node.san.unstructured_name.p = (unsigned char *) q;
+ cur->node.san.unstructured_name.len = strlen(q);
}
if (prev == NULL) {
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
index e5dd4d9..8a3ab28 100644
--- a/scripts/mbedtls_dev/ecp.py
+++ b/scripts/mbedtls_dev/ecp.py
@@ -34,7 +34,8 @@
test_name = "ecp_mod_p192_raw"
input_style = "fixed"
arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"]
+ dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED",
+ "MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
@@ -110,7 +111,8 @@
test_name = "ecp_mod_p224_raw"
input_style = "arch_split"
arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"]
+ dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED",
+ "MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
@@ -187,7 +189,8 @@
test_name = "ecp_mod_p256_raw"
input_style = "fixed"
arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"]
+ dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED",
+ "MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
@@ -270,7 +273,8 @@
test_name = "ecp_mod_p384_raw"
input_style = "fixed"
arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"]
+ dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED",
+ "MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffeffffffff0000000000000000ffffffff")
@@ -392,7 +396,8 @@
test_name = "ecp_mod_p521_raw"
input_style = "arch_split"
arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"]
+ dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED",
+ "MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8627f33..18c2593 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1431,6 +1431,9 @@
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECJPAKE_C
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ # Disable what auto-enables ECP_LIGHT
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
# Indirect dependencies of ECP
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -2323,10 +2326,10 @@
#
# This is used by the two following components to ensure they always use the
# same config, except for the use of driver or built-in EC algorithms:
-# - component_test_psa_crypto_config_accel_all_ec_algs_use_psa;
-# - component_test_psa_crypto_config_reference_all_ec_algs_use_psa.
+# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
+# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
# This supports comparing their test coverage with analyze_outcomes.py.
-config_psa_crypto_config_all_ec_algs_use_psa () {
+config_psa_crypto_config_ecp_ligh_only () {
DRIVER_ONLY="$1"
# start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
@@ -2344,8 +2347,8 @@
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
}
-# Keep in sync with component_test_psa_crypto_config_reference_all_ec_algs_use_psa
-component_test_psa_crypto_config_accel_all_ec_algs_use_psa () {
+# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
+component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
# Algorithms and key types to accelerate
@@ -2358,11 +2361,7 @@
# ---------
# Use the same config as reference, only without built-in EC algs
- config_psa_crypto_config_all_ec_algs_use_psa 1
-
- # Temporary hack to enable MBEDTLS_ECP_LIGHT
- # (will soon be auto-enabled in build_info.h)
- echo '#define MBEDTLS_ECP_LIGHT' >> include/mbedtls/mbedtls_config.h
+ config_psa_crypto_config_ecp_ligh_only 1
# Build
# -----
@@ -2389,11 +2388,11 @@
tests/ssl-opt.sh
}
-# Keep in sync with component_test_psa_crypto_config_accel_all_ec_algs_use_psa
-component_test_psa_crypto_config_reference_all_ec_algs_use_psa () {
+# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
+component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
- config_psa_crypto_config_all_ec_algs_use_psa 0
+ config_psa_crypto_config_ecp_ligh_only 0
make
@@ -2405,8 +2404,8 @@
}
# This helper function is used by:
-# - component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa()
-# - component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
+# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all()
+# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
# to ensure that both tests use the same underlying configuration when testing
# driver's coverage with analyze_outcomes.py.
#
@@ -2417,7 +2416,7 @@
#
# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
# on the ECP module.
-config_psa_crypto_full_all_ec_algs_no_ecp_use_psa () {
+config_psa_crypto_no_ecp_at_all () {
DRIVER_ONLY="$1"
# start with crypto_full config for maximum coverage (also enables USE_PSA),
# but excluding X509, TLS and key exchanges
@@ -2432,47 +2431,25 @@
scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable ECP module (entirely)
scripts/config.py unset MBEDTLS_ECP_C
- scripts/config.py unset MBEDTLS_ECP_LIGHT
fi
- # Disable PK module since it depends on ECP
- scripts/config.py unset MBEDTLS_PK_C
- scripts/config.py unset MBEDTLS_PK_PARSE_C
- scripts/config.py unset MBEDTLS_PK_WRITE_C
- # Disable also RSA_C that would re-enable PK
- scripts/config.py unset MBEDTLS_RSA_C
- scripts/config.py unset MBEDTLS_PKCS1_V15
- scripts/config.py unset MBEDTLS_PKCS1_V21
- scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- # Disable also key exchanges that depend on RSA for completeness
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# Restartable feature is not yet supported by PSA. Once it will in
# the future, the following line could be removed (see issues
# 6061, 6332 and following ones)
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
-
- # Disable PSA_WANT symbols that would re-enable PK
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- scripts/config.py -f include/psa/crypto_config.h unset $ALG
- done
}
# Build and test a configuration where driver accelerates all EC algs while
# all support and dependencies from ECP and ECP_LIGHT are removed on the library
# side.
#
-# Keep in sync with component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa()
-component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa () {
+# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
+component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP"
# Algorithms and key types to accelerate
@@ -2485,7 +2462,7 @@
# ---------
# Set common configurations between library's and driver's builds
- config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 1
+ config_psa_crypto_no_ecp_at_all 1
# Build
# -----
@@ -2504,7 +2481,6 @@
not grep mbedtls_ecjpake_ library/ecjpake.o
# Also ensure that ECP or RSA modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
- not grep mbedtls_rsa_ library/rsa.o
# Run the tests
# -------------
@@ -2514,18 +2490,15 @@
}
# Reference function used for driver's coverage analysis in analyze_outcomes.py
-# in conjunction with component_test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa().
+# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
# Keep in sync with its accelerated counterpart.
-component_test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa () {
+component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
msg "build: crypto_full + non accelerated EC algs + USE_PSA"
- config_psa_crypto_full_all_ec_algs_no_ecp_use_psa 0
+ config_psa_crypto_no_ecp_at_all 0
make
- # Esure that the RSA module was not re-enabled
- not grep mbedtls_rsa_ library/rsa.o
-
msg "test suites: crypto_full + non accelerated EC algs + USE_PSA"
make test
}
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 0238555..46c21f7 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -196,11 +196,11 @@
}
}
},
- 'analyze_driver_vs_reference_all_ec_algs': {
+ 'analyze_driver_vs_reference_ecp_light_only': {
'test_function': do_analyze_driver_vs_reference,
'args': {
- 'component_ref': 'test_psa_crypto_config_reference_all_ec_algs_use_psa',
- 'component_driver': 'test_psa_crypto_config_accel_all_ec_algs_use_psa',
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
'ignored_suites': [
'ecdsa',
'ecdh',
@@ -265,11 +265,11 @@
}
}
},
- 'analyze_driver_vs_reference_all_ec_algs_no_ecp': {
+ 'analyze_driver_vs_reference_no_ecp_at_all': {
'test_function': do_analyze_driver_vs_reference,
'args': {
- 'component_ref': 'test_psa_crypto_full_reference_all_ec_algs_no_ecp_use_psa',
- 'component_driver': 'test_psa_crypto_full_accel_all_ec_algs_no_ecp_use_psa',
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
'ignored_suites': [
# Ignore test suites for the modules that are disabled in the
# accelerated test case.
@@ -296,7 +296,35 @@
'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ]
+ ],
+ 'test_suite_pkparse': [
+ # See description provided for the analyze_driver_vs_reference_all_ec_algs
+ # case above.
+ ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking '
+ 'requirements, from RFC8410 Appendix A but made into version 0)'),
+ # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
+ # is automatically enabled in build_info.h (backward compatibility)
+ # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
+ # consequence compressed points are supported in the reference
+ # component but not in the accelerated one, so they should be skipped
+ # while checking driver's coverage.
+ 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
+ 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
+ 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
+ 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
+ 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
+ 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
+ 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
+ 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
+ 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
+ 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
+ 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
+ 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
+ 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
+ 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
+ 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
+ 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ ],
}
}
},
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 61908eb..5486a86 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -237,6 +237,8 @@
'MBEDTLS_ECDH_C',
'MBEDTLS_ECJPAKE_C',
'MBEDTLS_ECP_RESTARTABLE',
+ 'MBEDTLS_PK_PARSE_EC_EXTENDED',
+ 'MBEDTLS_PK_PARSE_EC_COMPRESSED',
'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c
index 4dd3791..efb2eca 100644
--- a/tests/src/bignum_helpers.c
+++ b/tests/src/bignum_helpers.c
@@ -99,7 +99,18 @@
if (ret != 0) {
return ret;
}
- ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep);
+
+ switch (int_rep) {
+ case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
+ ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
+ break;
+ case MBEDTLS_MPI_MOD_REP_OPT_RED:
+ ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
+ break;
+ default:
+ ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ break;
+ }
if (ret != 0) {
mbedtls_free(p);
}
diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function
index 233d3a9..4edc0b9 100644
--- a/tests/suites/test_suite_bignum_mod.function
+++ b/tests/suites/test_suite_bignum_mod.function
@@ -10,21 +10,6 @@
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
-static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
- mbedtls_mpi_mod_rep_selector int_rep,
- char *input)
-{
- mbedtls_mpi_uint *p = NULL;
- size_t limbs;
-
- int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
- if (ret != 0) {
- return ret;
- }
-
- return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
-}
-
static int test_read_residue(mbedtls_mpi_mod_residue *r,
const mbedtls_mpi_mod_modulus *m,
char *input,
@@ -65,7 +50,19 @@
memset(mp, 0xFF, sizeof(mp));
mbedtls_mpi_mod_modulus_init(&m);
- ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
+
+ switch (int_rep) {
+ case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
+ ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS);
+ break;
+ case MBEDTLS_MPI_MOD_REP_OPT_RED:
+ ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL);
+ break;
+ default:
+ ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ break;
+ }
+
TEST_EQUAL(ret, iret);
/* Only test if the constants have been set-up */
@@ -112,8 +109,8 @@
mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m);
- TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
- 0);
+ TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
@@ -200,8 +197,8 @@
mbedtls_mpi_mod_modulus fake_m;
mbedtls_mpi_mod_modulus_init(&fake_m);
- TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
- 0);
+ TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
@@ -247,7 +244,8 @@
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0,
- test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
+ mbedtls_test_read_mpi_modulus(&m, input_N,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@@ -348,7 +346,8 @@
mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0,
- test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
+ mbedtls_test_read_mpi_modulus(&N, input_N,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@@ -397,7 +396,8 @@
mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0,
- test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N));
+ mbedtls_test_read_mpi_modulus(&N, input_N,
+ MBEDTLS_MPI_MOD_REP_OPT_RED));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@@ -447,7 +447,8 @@
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0,
- test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
+ mbedtls_test_read_mpi_modulus(&m, input_N,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@@ -550,8 +551,7 @@
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
@@ -592,8 +592,7 @@
mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
/* Set up modulus and test with residue->p == NULL */
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
@@ -666,8 +665,7 @@
TEST_LE_U(a_bytes, n_bytes);
/* Init Structures */
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* Enforcing p_limbs >= m->limbs */
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index bd5eea7..b67ac51 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -54,8 +54,7 @@
mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])];
memset(init, 0xFF, sizeof(init));
- int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY);
+ int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx);
TEST_EQUAL(ret, 0);
if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) {
@@ -137,8 +136,7 @@
ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, buff_m, copy_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, buff_m, copy_limbs), 0);
/* condition is false */
TEST_CF_SECRET(X, bytes);
@@ -208,8 +206,7 @@
ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, buff_m, copy_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, buff_m, copy_limbs), 0);
ASSERT_ALLOC(X, limbs);
memcpy(X, tmp_X, bytes);
@@ -297,8 +294,7 @@
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, N, limbs), 0);
mbedtls_mpi_mod_raw_sub(X, A, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
@@ -368,8 +364,7 @@
TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, N, limbs), 0);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
@@ -419,8 +414,7 @@
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+ &m, N, limbs), 0);
const size_t limbs_T = limbs * 2 + 1;
ASSERT_ALLOC(T, limbs_T);
@@ -580,9 +574,7 @@
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY
- ), 0);
+ &m, N, limbs), 0);
/* A + B => Correct result */
mbedtls_mpi_mod_raw_add(X, A, B, &m);
@@ -720,8 +712,7 @@
size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* 1. Test low-level function first */
@@ -785,8 +776,7 @@
size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* 1. Test low-level function first */
@@ -847,8 +837,7 @@
ASSERT_ALLOC(R, n_limbs);
ASSERT_ALLOC(Z, n_limbs);
- TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY));
+ TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* Neg( A == 0 ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, Z, &m);
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 9ef35d8..55ded45 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1294,35 +1294,35 @@
bytes = limbs_N * sizeof(mbedtls_mpi_uint);
switch (curve_id) {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP192R1:
limbs = 2 * limbs_N;
curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192_raw;
break;
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP224R1:
limbs = 448 / biL;
curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224_raw;
break;
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP256R1:
limbs = 2 * limbs_N;
curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256_raw;
break;
#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP384R1:
limbs = 2 * limbs_N;
curve_bits = 384;
curve_func = &mbedtls_ecp_mod_p384_raw;
break;
#endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1:
limbs = 2 * limbs_N;
curve_bits = 522;
@@ -1373,8 +1373,7 @@
TEST_EQUAL(limbs_res, limbs_N);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
- &m, N, limbs_N,
- MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
+ &m, N, limbs_N), 0);
TEST_EQUAL((*curve_func)(X, limbs_X), 0);
@@ -1407,16 +1406,18 @@
TEST_EQUAL(ret, iret);
if (ret == 0) {
-
+ TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID);
/* Test for limb sizes */
TEST_EQUAL(m.limbs, p_limbs);
bytes = p_limbs * sizeof(mbedtls_mpi_uint);
- /* Test for validity of moduli by the presence of Montgomery consts */
-
- TEST_ASSERT(m.rep.mont.mm != 0);
- TEST_ASSERT(m.rep.mont.rr != NULL);
-
+ if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+ /* Test for validity of moduli by the presence of Montgomery consts */
+ TEST_ASSERT(m.rep.mont.mm != 0);
+ TEST_ASSERT(m.rep.mont.rr != NULL);
+ } else {
+ TEST_ASSERT(m.rep.ored.modp != NULL);
+ }
/* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes);
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 8c3c5e7..e84c288 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -13,19 +13,19 @@
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
PK utils: ECKEY SECP192R1
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
PK utils: ECKEY_DH SECP192R1
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1
@@ -289,11 +289,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
@@ -397,7 +397,7 @@
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
EC_DH (no) sign-verify: SECP192R1
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
@@ -425,11 +425,11 @@
pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
EC nocrypt
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY
EC-DH nocrypt
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH
ECDSA nocrypt
@@ -525,11 +525,11 @@
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
@@ -541,7 +541,7 @@
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 7871140..4074e13 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -94,7 +94,7 @@
parameter, 3);
}
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
@@ -112,25 +112,16 @@
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- mbedtls_ecp_group grp;
- /* Duplicating the mbedtls_ecp_group_load call to make this part
- * more future future proof for when ECP_C will not be defined. */
- mbedtls_ecp_group_init(&grp);
- ret = mbedtls_ecp_group_load(&grp, parameter);
+ ret = pk_genkey_ec(pk, parameter);
if (ret != 0) {
return ret;
}
- ret = pk_genkey_ec(pk, grp.id);
- if (ret != 0) {
- return ret;
- }
- mbedtls_ecp_group_free(&grp);
return 0;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return -1;
}
@@ -737,15 +728,10 @@
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- mbedtls_ecp_keypair ecp;
- mbedtls_ecp_keypair_init(&ecp);
-
- TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0);
- TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q,
- key->x, key->len) == 0);
- TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0);
-
- mbedtls_ecp_keypair_free(&ecp);
+ TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
+ memcpy(pk.pub_raw, key->x, key->len);
+ pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits));
+ pk.pub_raw_len = key->len;
#else
mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk);
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 098fd5a..ed5a576 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -905,213 +905,213 @@
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
Parse Public EC Key #1 (RFC 5480, DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
Parse Public EC Key #2 (RFC 5480, PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
# MBEDTLS_ECP_DP_SECP224K1. Therefore a failure is expected in this case
Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
Parse Public EC Key #4 (RFC 5480, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
Parse Public EC Key #5 (RFC 5480, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
Parse Public EC Key #6 (RFC 5480, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
Parse Public EC Key #10 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
Parse Public EC Key #11 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
Parse Public EC Key #12 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
Parse Public EC Key #13 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
Parse EC Key #3 (SEC1 PEM encrypted)
-depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
+depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
Parse EC Key #4 (PKCS8 DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
Parse EC Key #5a (PKCS8 PEM, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
Parse EC Key #5c (PKCS8 PEM, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
Parse EC Key #9 (SEC1 PEM, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
Parse EC Key #10 (SEC1 PEM, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
Parse EC Key #11 (SEC1 PEM, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.comp.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Parse EC Key #16 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
Parse EC Key #17 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
Parse EC Key #18 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
Parse EC Key #19 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
Key ASN1 (No data)
@@ -1193,7 +1193,7 @@
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (ECPrivateKey, empty parameters)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0)
@@ -1201,24 +1201,24 @@
pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
-depends_on:MBEDTLS_ECP_LIGHT
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 6fa78c1..fd098b0 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -70,7 +70,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_public_keyfile_ec(char *key_file, int result)
{
mbedtls_pk_context ctx;
@@ -102,7 +102,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index 4199ff2..4256a88 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -15,43 +15,43 @@
pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
Public key write check EC 192 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
Public key write check EC 521 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
Public key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA
@@ -71,59 +71,59 @@
pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
Private key write check EC 192 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
Private key write check EC 256 bits (top bit set) (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
Private key write check EC 521 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
Private key write check EC 521 bits (top byte is 0) (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
Private key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER)
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA
@@ -135,21 +135,21 @@
pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
Derive public key EC 192 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
Derive public key EC 521 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
Derive public key EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
Derive public key EC X25519
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
Derive public key EC X448
-depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index c936443..dcd4429 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -11,8 +11,6 @@
#include "mbedtls/pk.h"
#include "string.h"
-#include "x509_invasive.h"
-
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
@@ -433,7 +431,7 @@
crt.ext_types = ext_type;
- TEST_ASSERT(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type) == expected_result);
+ TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result);
exit:
mbedtls_x509_crt_free(&crt);
@@ -491,7 +489,7 @@
}
}
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@@ -510,13 +508,13 @@
USE_PSA_INIT();
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@@ -535,13 +533,13 @@
USE_PSA_INIT();
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crl_free(&crl);
@@ -559,7 +557,7 @@
USE_PSA_INIT();
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result);
exit:
mbedtls_x509_crl_free(&crl);
@@ -578,13 +576,13 @@
USE_PSA_INIT();
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
+ TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0);
res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_csr_free(&csr);
@@ -605,7 +603,7 @@
TEST_ASSERT(res >= 0);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
USE_PSA_DONE();
@@ -637,8 +635,8 @@
mbedtls_x509_crt_init(&ca);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
mbedtls_ecp_set_max_ops(max_ops);
@@ -649,8 +647,8 @@
NULL, NULL, &rs_ctx);
} while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT(ret == result);
- TEST_ASSERT(flags == (uint32_t) flags_result);
+ TEST_EQUAL(ret, result);
+ TEST_EQUAL(flags, (uint32_t) flags_result);
TEST_ASSERT(cnt_restart >= min_restart);
TEST_ASSERT(cnt_restart <= max_restart);
@@ -717,9 +715,9 @@
TEST_ASSERT("No known verify callback selected" == 0);
}
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crt_verify_with_profile(&crt,
&ca,
@@ -748,8 +746,8 @@
f_vrfy,
NULL);
- TEST_ASSERT(res == (result));
- TEST_ASSERT(flags == (uint32_t) (flags_result));
+ TEST_EQUAL(res, result);
+ TEST_EQUAL(flags, (uint32_t) (flags_result));
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit:
@@ -773,8 +771,8 @@
mbedtls_x509_crt_init(&ca);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@@ -784,8 +782,8 @@
&compat_profile, name, &flags,
NULL, NULL);
- TEST_ASSERT(ret == exp_ret);
- TEST_ASSERT(flags == (uint32_t) (-1));
+ TEST_EQUAL(ret, exp_ret);
+ TEST_EQUAL(flags, (uint32_t) (-1));
exit:
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca);
@@ -809,8 +807,8 @@
verify_print_init(&vrfy_ctx);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@@ -821,8 +819,8 @@
name, &flags,
verify_print, &vrfy_ctx);
- TEST_ASSERT(ret == exp_ret);
- TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0);
+ TEST_EQUAL(ret, exp_ret);
+ TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0);
exit:
mbedtls_x509_crt_free(&crt);
@@ -846,18 +844,18 @@
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
crt.subject.next->val.p = (unsigned char *) new_subject_ou;
crt.subject.next->val.len = strlen(new_subject_ou);
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
if (ret != 0) {
- TEST_ASSERT(res == ret);
+ TEST_EQUAL(res, ret);
} else {
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
}
exit:
mbedtls_x509_crt_free(&crt);
@@ -877,7 +875,7 @@
memset(buf, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "subject") == 0) {
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
} else if (strcmp(entity, "issuer") == 0) {
@@ -889,7 +887,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@@ -1001,12 +999,12 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
@@ -1025,12 +1023,12 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
@@ -1049,7 +1047,7 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result);
exit:
mbedtls_x509_crt_free(&crt);
@@ -1071,14 +1069,14 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif
@@ -1086,7 +1084,7 @@
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
memset(output, 0, 2000);
@@ -1096,7 +1094,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@@ -1104,8 +1102,8 @@
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL,
- NULL) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
+ result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1113,7 +1111,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@@ -1121,8 +1119,8 @@
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL,
- NULL) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
+ result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1130,7 +1128,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@@ -1160,8 +1158,8 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
- &oid) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
+ &oid), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1169,7 +1167,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@@ -1177,8 +1175,8 @@
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
- &oid) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
+ &oid), (result));
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1186,7 +1184,7 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@@ -1209,14 +1207,14 @@
memset(output, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result));
if ((result) == 0) {
res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
exit:
@@ -1238,12 +1236,12 @@
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
- TEST_ASSERT(my_ret == ref_ret);
+ TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
- TEST_ASSERT(my_out_len == strlen(ref_out));
- TEST_ASSERT(strcmp(my_out, ref_out) == 0);
+ TEST_EQUAL(my_out_len, strlen(ref_out));
+ TEST_EQUAL(strcmp(my_out, ref_out), 0);
}
exit:
@@ -1265,12 +1263,12 @@
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file);
- TEST_ASSERT(my_ret == ref_ret);
+ TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
- TEST_ASSERT(my_out_len == strlen(ref_out));
- TEST_ASSERT(strcmp(my_out, ref_out) == 0);
+ TEST_EQUAL(my_out_len, strlen(ref_out));
+ TEST_EQUAL(strcmp(my_out, ref_out), 0);
}
exit:
@@ -1288,7 +1286,7 @@
mbedtls_x509_crt_init(&chain);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret);
/* Check how many certs we got */
for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
@@ -1297,7 +1295,7 @@
}
}
- TEST_ASSERT(i == nb_crt);
+ TEST_EQUAL(i, nb_crt);
exit:
mbedtls_x509_crt_free(&chain);
@@ -1323,20 +1321,20 @@
MD_OR_USE_PSA_INIT();
/* Load trusted root */
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0);
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0);
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
NULL, NULL);
- TEST_ASSERT(ret == ret_chk);
- TEST_ASSERT(flags == (uint32_t) flags_chk);
+ TEST_EQUAL(ret, ret_chk);
+ TEST_EQUAL(flags, (uint32_t) flags_chk);
exit:
mbedtls_x509_crt_free(&chain);
@@ -1361,9 +1359,9 @@
MD_OR_USE_PSA_INIT();
while ((act = mystrsep(&chain_paths, " ")) != NULL) {
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0);
}
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0);
if (strcmp(profile_name, "") == 0) {
profile = &mbedtls_x509_crt_profile_default;
@@ -1380,8 +1378,8 @@
res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
- TEST_ASSERT(res == (result));
- TEST_ASSERT(flags == (uint32_t) (flags_result));
+ TEST_EQUAL(res, (result));
+ TEST_EQUAL(flags, (uint32_t) (flags_result));
exit:
mbedtls_x509_crt_free(&trusted);
@@ -1409,9 +1407,9 @@
TEST_ASSERT(ret != 0);
TEST_ASSERT(desc == NULL);
} else {
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(desc != NULL);
- TEST_ASSERT(strcmp(desc, ref_desc) == 0);
+ TEST_EQUAL(strcmp(desc, ref_desc), 0);
}
exit:
@@ -1435,11 +1433,11 @@
TEST_ASSERT((size_t) blen <= sizeof(num_buf));
- TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
+ TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret);
if (ret >= 0) {
- TEST_ASSERT(num_buf[ret] == 0);
- TEST_ASSERT(strcmp(num_buf, numstr) == 0);
+ TEST_EQUAL(num_buf[ret], 0);
+ TEST_EQUAL(strcmp(num_buf, numstr), 0);
}
exit:
@@ -1455,9 +1453,9 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
- TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret);
exit:
mbedtls_x509_crt_free(&crt);
@@ -1474,10 +1472,10 @@
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
- TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x,
- oid->len) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len),
+ ret);
exit:
mbedtls_x509_crt_free(&crt);
@@ -1503,14 +1501,14 @@
memcpy(end, time_str, (size_t) *(end - 1));
end += *(end - 1);
- TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret);
+ TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret);
if (ret == 0) {
- TEST_ASSERT(year == time.year);
- TEST_ASSERT(mon == time.mon);
- TEST_ASSERT(day == time.day);
- TEST_ASSERT(hour == time.hour);
- TEST_ASSERT(min == time.min);
- TEST_ASSERT(sec == time.sec);
+ TEST_EQUAL(year, time.year);
+ TEST_EQUAL(mon, time.mon);
+ TEST_EQUAL(day, time.day);
+ TEST_EQUAL(hour, time.hour);
+ TEST_EQUAL(min, time.min);
+ TEST_EQUAL(sec, time.sec);
}
exit:
USE_PSA_DONE();
@@ -1536,12 +1534,12 @@
my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
&my_salt_len);
- TEST_ASSERT(my_ret == ref_ret);
+ TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
- TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md);
- TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md);
- TEST_ASSERT(my_salt_len == ref_salt_len);
+ TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md);
+ TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md);
+ TEST_EQUAL(my_salt_len, ref_salt_len);
}
exit: