Merge pull request #293 from gilles-peskine-arm/entropy-min
Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
diff --git a/.travis.yml b/.travis.yml
index c8ca79d..6a9b6f6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,12 +5,6 @@
sudo: false
cache: ccache
-# blocklist
-branches:
- except:
- - development-psa
- - coverity_scan
-
script:
- tests/scripts/recursion.pl library/*.c
- tests/scripts/check-generated-files.sh
@@ -27,7 +21,7 @@
env:
global:
- SEED=1
- - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
+ - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
addons:
apt:
@@ -37,7 +31,7 @@
coverity_scan:
project:
name: "ARMmbed/mbedtls"
- notification_email: simon.butcher@arm.com
+ notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
branch_pattern: coverity_scan
diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
index 18c8731..782c0c5 100644
--- a/3rdparty/everest/CMakeLists.txt
+++ b/3rdparty/everest/CMakeLists.txt
@@ -10,7 +10,7 @@
list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
-execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
if(${result} EQUAL 0)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 81fa6cb..6d5332d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,19 +46,19 @@
"${CTR_DRBG_128_BIT_KEY_WARN_L3}"
"${WARNING_BORDER}")
-find_package(PythonInterp)
-find_package(Perl)
-if(PERL_FOUND)
+# Python 3 is only needed here to check for configuration warnings.
+find_package(PythonInterp 3)
+if(PYTHONINTERP_FOUND)
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
endif()
# If NULL Entropy is configured, display an appropriate warning
- execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
+ execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${NULL_ENTROPY_WARNING})
diff --git a/Makefile b/Makefile
index c9eb681..4fd7f8e 100644
--- a/Makefile
+++ b/Makefile
@@ -70,11 +70,11 @@
ifndef WINDOWS
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
+ -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
# If NULL Entropy is configured, display an appropriate warning
- -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
+ -scripts/config.py get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
endif
diff --git a/README.md b/README.md
index 9d34c55..a954a16 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,9 @@
## PSA cryptography API
-Arm's Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
+Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
-The PSA cryptography API provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
+The [PSA cryptography API](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
The design goals of the PSA cryptography API include:
@@ -24,17 +24,17 @@
## Documentation
-The Mbed Crypto library is a reference implementation of the PSA cryptography API. Please refer to the PSA Cryptography API documents for an overview of the library's interfaces and a detailed description of the types, macros and functions that it provides.
+The Mbed Crypto library implements both the legacy Mbed TLS interfaces to cryptographic primitives (`mbedtls_xxx`) and the new PSA Cryptography interfaces (`psa_xxx`).
+
+Documentation for the Mbed TLS interfaces in the default library configuration is available as part of the [Mbed TLS documentation](https://tls.mbed.org/api/).
+
+For the PSA interfaces, please refer to the PSA Cryptography API documents linked from the [PSA cryptography interfaces documentation portal](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) for an overview of the library's interfaces and a detailed description of the types, macros and functions that it provides. The API reference is available in [PDF](https://armmbed.github.io/mbed-crypto/PSA_Cryptography_API_Specification.pdf) and [HTML](https://armmbed.github.io/mbed-crypto/html/index.html) formats.
There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
-### PSA Cryptography API
-
-You can read the [complete PSA cryptography API specification as a PDF document](https://github.com/ARMmbed/mbed-crypto/raw/psa-crypto-api/docs/PSA_Cryptography_API_Specification.pdf). The API reference is also available in [HTML format](https://armmbed.github.io/mbed-crypto/html/index.html).
-
### Browsable library documentation
-To generate a local copy of the library documentation in HTML format:
+To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration:
1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work.
1. Run `make apidoc`.
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
new file mode 100644
index 0000000..94e80ab
--- /dev/null
+++ b/configs/config-symmetric-only.h
@@ -0,0 +1,99 @@
+/**
+ * \file config-symmetric-only.h
+ *
+ * \brief Configuration without any asymmetric cryptography.
+ */
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+//#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_TIME_DATE
+
+/* Mbed Crypto feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_MODE_CFB
+#define MBEDTLS_CIPHER_MODE_CTR
+#define MBEDTLS_CIPHER_MODE_OFB
+#define MBEDTLS_CIPHER_MODE_XTS
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+#define MBEDTLS_FS_IO
+#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_SELF_TEST
+#define MBEDTLS_USE_PSA_CRYPTO
+#define MBEDTLS_VERSION_FEATURES
+
+/* Mbed Crypto modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ARC4_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BLOWFISH_C
+#define MBEDTLS_CAMELLIA_C
+#define MBEDTLS_ARIA_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_CHACHAPOLY_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_DES_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_GCM_C
+//#define MBEDTLS_HAVEGE_C
+#define MBEDTLS_HKDF_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD2_C
+#define MBEDTLS_MD4_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_POLY1305_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+#define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_RIPEMD160_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA512_C
+//#define MBEDTLS_THREADING_C
+#define MBEDTLS_TIMING_C
+#define MBEDTLS_VERSION_C
+#define MBEDTLS_XTEA_C
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile
index 258abcd..ab22fb1 100644
--- a/docs/architecture/Makefile
+++ b/docs/architecture/Makefile
@@ -5,6 +5,7 @@
all_markdown = \
mbed-crypto-storage-specification.md \
testing/driver-interface-test-strategy.md \
+ testing/test-framework.md \
# This line is intentionally left blank
html: $(all_markdown:.md=.html)
diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md
new file mode 100644
index 0000000..e0e960f
--- /dev/null
+++ b/docs/architecture/testing/test-framework.md
@@ -0,0 +1,58 @@
+# Mbed TLS test framework
+
+This document is an overview of the Mbed TLS test framework and test tools.
+
+This document is incomplete. You can help by expanding it.
+
+## Unit tests
+
+See <https://tls.mbed.org/kb/development/test_suites>
+
+### Unit test descriptions
+
+Each test case has a description which succinctly describes for a human audience what the test does. The first non-comment line of each paragraph in a `.data` file is the test description. The following rules and guidelines apply:
+
+* Test descriptions may not contain semicolons, line breaks and other control characters, or non-ASCII characters. <br>
+ Rationale: keep the tools that process test descriptions (`generate_test_code.py`, [outcome file](#outcome-file) tools) simple.
+* Test descriptions must be unique within a `.data` file. If you can't think of a better description, the convention is to append `#1`, `#2`, etc. <br>
+ Rationale: make it easy to relate a failure log to the test data. Avoid confusion between cases in the [outcome file](#outcome-file).
+* Test descriptions should be a maximum of **66 characters**. <br>
+ Rationale: 66 characters is what our various tools assume (leaving room for 14 more characters on an 80-column line). Longer descriptions may be truncated or may break a visual alignment. <br>
+ We have a lot of test cases with longer descriptions, but they should be avoided. At least please make sure that the first 66 characters describe the test uniquely.
+* Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0<x<y, both even” is even better if these inequalities and parities are why this particular test data was chosen.
+* Avoid changing the description of an existing test case without a good reason. This breaks the tracking of failures across CI runs, since this tracking is based on the descriptions.
+
+`tests/scripts/check-test-cases.py` enforces some rules and warns if some guidelines are violated.
+
+## TLS tests
+
+### SSL extension tests
+
+#### SSL test case descriptions
+
+Each test case in `ssl-opt.sh` has a description which succinctly describes for a human audience what the test does. The test description is the first parameter to `run_tests`.
+
+The same rules and guidelines apply as for [unit test descriptions](#unit-test-descriptions). In addition, the description must be written on the same line as `run_test`, in double quotes, for the sake of `check-test-cases.py`.
+
+## Running tests
+
+### Outcome file
+
+#### Generating an outcome file
+
+Unit tests and `ssl-opt.sh` record the outcome of each test case in a **test outcome file**. This feature is enabled if the environment variable `MBEDTLS_TEST_OUTCOME_FILE` is set. Set it to the path of the desired file.
+
+If you run `all.sh --outcome-file test-outcome.csv`, this collects the outcome of all the test cases in `test-outcome.csv`.
+
+#### Outcome file format
+
+The outcome file is in a CSV format using `;` (semicolon) as the delimiter and no quoting. This means that fields may not contain newlines or semicolons. There is no title line.
+
+The outcome file has 6 fields:
+
+* **Platform**: a description of the platform, e.g. `Linux-x86_64` or `Linux-x86_64-gcc7-msan`.
+* **Configuration**: a unique description of the configuration (`config.h`).
+* **Test suite**: `test_suite_xxx` or `ssl-opt`.
+* **Test case**: the description of the test case.
+* **Result**: one of `PASS`, `SKIP` or `FAIL`.
+* **Cause**: more information explaining the result.
diff --git a/docs/getting_started.md b/docs/getting_started.md
index 236c1a2..9938909 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -72,9 +72,10 @@
This example shows how to import a key:
```C
+void import_a_key(const uint8_t *key, size_t key_len)
+{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t data[] = AES_KEY;
psa_key_handle_t handle;
printf("Import an AES key...\t");
@@ -94,7 +95,7 @@
psa_set_key_bits(&attributes, 128);
/* Import the key */
- status = psa_import_key(&attributes, data, sizeof(data), &handle);
+ status = psa_import_key(&attributes, key, key_len, &handle);
if (status != PSA_SUCCESS) {
printf("Failed to import key\n");
return;
@@ -108,6 +109,7 @@
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
+}
```
### Signing a message using RSA
@@ -123,9 +125,10 @@
This example shows how to sign a hash that has already been calculated:
```C
+void sign_a_message_using_rsa(const uint8_t *key, size_t key_len)
+{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t key[] = RSA_KEY;
uint8_t hash[32] = {0x50, 0xd8, 0x58, 0xe0, 0x98, 0x5e, 0xcc, 0x7f,
0x60, 0x41, 0x8a, 0xaf, 0x0c, 0xc5, 0xab, 0x58,
0x7f, 0x42, 0xc2, 0x57, 0x0a, 0x88, 0x40, 0x95,
@@ -151,7 +154,7 @@
psa_set_key_bits(&attributes, 1024);
/* Import the key */
- status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ status = psa_import_key(&attributes, key, key_len, &handle);
if (status != PSA_SUCCESS) {
printf("Failed to import key\n");
return;
@@ -176,6 +179,7 @@
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
+}
```
### Using symmetric ciphers
@@ -196,6 +200,8 @@
This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all prerequisites have been fulfilled):
```c
+void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
+{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
};
@@ -205,7 +211,6 @@
uint8_t plaintext[block_size] = SOME_PLAINTEXT;
uint8_t iv[block_size];
size_t iv_len;
- uint8_t key[] = AES_KEY;
uint8_t output[block_size];
size_t output_len;
psa_key_handle_t handle;
@@ -227,7 +232,7 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ status = psa_import_key(&attributes, key, key_len, &handle);
if (status != PSA_SUCCESS) {
printf("Failed to import a key\n");
return;
@@ -266,6 +271,7 @@
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
+}
```
**To decrypt a message with a symmetric cipher:**
@@ -279,6 +285,8 @@
This example shows how to decrypt encrypted data using an AES key in CBC mode with no padding
(assuming all prerequisites have been fulfilled):
```c
+void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
+{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES),
};
@@ -288,7 +296,6 @@
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
uint8_t ciphertext[block_size] = SOME_CIPHERTEXT;
uint8_t iv[block_size] = ENCRYPTED_WITH_IV;
- uint8_t key[] = AES_KEY;
uint8_t output[block_size];
size_t output_len;
psa_key_handle_t handle;
@@ -309,7 +316,7 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key, sizeof(key), &handle);
+ status = psa_import_key(&attributes, key, key_len, &handle);
if (status != PSA_SUCCESS) {
printf("Failed to import a key\n");
return;
@@ -348,6 +355,7 @@
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
+}
```
#### Handling cipher operation contexts
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 1822369..197941f 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.17.0"
+PROJECT_NAME = "mbed TLS v2.19.1"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 4965e17..6eae6a5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -45,7 +45,7 @@
#endif
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
- * it would confuse config.pl. */
+ * it would confuse config.py. */
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
@@ -134,7 +134,7 @@
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@@ -145,7 +145,9 @@
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
@@ -235,6 +237,14 @@
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index e14fc74..a4db6ba 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -671,6 +671,13 @@
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
+/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ *
+ * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
+ * By default, CTR_DRBG uses a 256-bit key.
+ */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+
/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
@@ -1295,7 +1302,11 @@
*
* Enable the CTR_DRBG AES-based random generator.
* The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
+ * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
+ *
+ * \note To achieve a 256-bit security strength with CTR_DRBG,
+ * you must use AES-256 *and* use sufficient entropy.
+ * See ctr_drbg.h for more details.
*
* Module: library/ctr_drbg.c
* Caller:
@@ -1971,7 +1982,6 @@
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
/* HMAC_DRBG options */
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index ffaf8ad..091f15a 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -1,7 +1,8 @@
/**
* \file ctr_drbg.h
*
- * \brief This file contains CTR_DRBG definitions and functions.
+ * \brief This file contains definitions and functions for the
+ * CTR_DRBG pseudorandom generator.
*
* CTR_DRBG is a standardized way of building a PRNG from a block-cipher
* in counter mode operation, as defined in <em>NIST SP 800-90A:
@@ -9,13 +10,19 @@
* Bit Generators</em>.
*
* The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * as the underlying block cipher.
+ * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
+ * as the underlying block cipher, with a derivation function.
*
- * \warning Using 128-bit keys for CTR_DRBG limits the security of generated
- * keys and operations that use random values generated to 128-bit security.
+ * The security strength as defined in NIST SP 800-90A is
+ * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
+ * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
+ * kept at its default value (and not overridden in config.h) and that the
+ * DRBG instance is set up with default parameters.
+ * See the documentation of mbedtls_ctr_drbg_seed() for more
+ * information.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -56,9 +63,19 @@
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher (compile-time choice: 128 bits). */
+#define MBEDTLS_CTR_DRBG_KEYSIZE 16
+/**< The key size in bytes used by the cipher.
+ *
+ * Compile-time choice: 16 bytes (128 bits)
+ * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
+ */
#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher (compile-time choice: 256 bits). */
+#define MBEDTLS_CTR_DRBG_KEYSIZE 32
+/**< The key size in bytes used by the cipher.
+ *
+ * Compile-time choice: 32 bytes (256 bits)
+ * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
+ */
#endif
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
@@ -73,21 +90,31 @@
* \{
*/
+/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
+ *
+ * \brief The amount of entropy used per seed by default, in bytes.
+ */
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+/** This is 48 bytes because the entropy module uses SHA-512
+ * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
+ */
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
-/**< The amount of entropy used per seed by default:
- * <ul><li>48 with SHA-512.</li>
- * <li>32 with SHA-256.</li></ul>
+
+#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+
+/** This is 32 bytes because the entropy module uses SHA-256
+ * (the SHA512 module is disabled or
+ * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
*/
-#else
+#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+/** \warning To achieve a 256-bit security strength, you must pass a nonce
+ * to mbedtls_ctr_drbg_seed().
+ */
+#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
-/**< Amount of entropy used per seed by default:
- * <ul><li>48 with SHA-512.</li>
- * <li>32 with SHA-256.</li></ul>
- */
-#endif
-#endif
+#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
@@ -106,7 +133,7 @@
#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
-/**< The maximum size of seed or reseed buffer. */
+/**< The maximum size of seed or reseed buffer in bytes. */
#endif
/* \} name SECTION: Module settings */
@@ -120,20 +147,47 @@
extern "C" {
#endif
+#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
+/** The default length of the nonce read from the entropy source.
+ *
+ * This is \c 0 because a single read from the entropy source is sufficient
+ * to include a nonce.
+ * See the documentation of mbedtls_ctr_drbg_seed() for more information.
+ */
+#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
+#else
+/** The default length of the nonce read from the entropy source.
+ *
+ * This is half of the default entropy length because a single read from
+ * the entropy source does not provide enough material to form a nonce.
+ * See the documentation of mbedtls_ctr_drbg_seed() for more information.
+ */
+#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
+#endif
+
/**
* \brief The CTR_DRBG context structure.
*/
typedef struct mbedtls_ctr_drbg_context
{
unsigned char counter[16]; /*!< The counter (V). */
- int reseed_counter; /*!< The reseed counter. */
+ int reseed_counter; /*!< The reseed counter.
+ * This is the number of requests that have
+ * been made since the last (re)seeding,
+ * minus one.
+ * Before the initial seeding, this field
+ * contains the amount of entropy in bytes
+ * to use as a nonce for the initial seeding.
+ */
int prediction_resistance; /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
size_t entropy_len; /*!< The amount of entropy grabbed on each
- seed or reseed operation. */
- int reseed_interval; /*!< The reseed interval. */
+ seed or reseed operation, in bytes. */
+ int reseed_interval; /*!< The reseed interval.
+ * This is the maximum number of requests
+ * that can be made between reseedings. */
mbedtls_aes_context aes_ctx; /*!< The AES context. */
@@ -164,17 +218,86 @@
* \brief This function seeds and sets up the CTR_DRBG
* entropy source for future reseeds.
*
- * \note Personalization data can be provided in addition to the more generic
- * entropy source, to make this instantiation as unique as possible.
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
+ * to use the entropy module:
+ * - \p f_entropy is mbedtls_entropy_func();
+ * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
+ * with mbedtls_entropy_init() (which registers the platform's default
+ * entropy sources).
+ *
+ * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
+ * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
+ *
+ * The entropy nonce length is:
+ * - \c 0 if the entropy length is at least 3/2 times the entropy length,
+ * which guarantees that the security strength is the maximum permitted
+ * by the key size and entropy length according to NIST SP 800-90A §10.2.1;
+ * - Half the entropy length otherwise.
+ * You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
+ * With the default entropy length, the entropy nonce length is
+ * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
+ *
+ * You can provide a nonce and personalization string in addition to the
+ * entropy source, to make this instantiation as unique as possible.
+ * See SP 800-90A §8.6.7 for more details about nonces.
+ *
+ * The _seed_material_ value passed to the derivation function in
+ * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
+ * is the concatenation of the following strings:
+ * - A string obtained by calling \p f_entropy function for the entropy
+ * length.
+ */
+#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
+/**
+ * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
+ * obtained by calling \p f_entropy function for the specified length.
+ */
+#else
+/**
+ * - A string obtained by calling \p f_entropy function for the entropy nonce
+ * length. If the entropy nonce length is \c 0, this function does not
+ * make a second call to \p f_entropy.
+ */
+#endif
+/**
+ * - The \p custom string.
+ *
+ * \note To achieve the nominal security strength permitted
+ * by CTR_DRBG, the entropy length must be:
+ * - at least 16 bytes for a 128-bit strength
+ * (maximum achievable strength when using AES-128);
+ * - at least 32 bytes for a 256-bit strength
+ * (maximum achievable strength when using AES-256).
+ *
+ * In addition, if you do not pass a nonce in \p custom,
+ * the sum of the entropy length
+ * and the entropy nonce length must be:
+ * - at least 24 bytes for a 128-bit strength
+ * (maximum achievable strength when using AES-128);
+ * - at least 48 bytes for a 256-bit strength
+ * (maximum achievable strength when using AES-256).
*
* \param ctx The CTR_DRBG context to seed.
+ * It must have been initialized with
+ * mbedtls_ctr_drbg_init().
+ * After a successful call to mbedtls_ctr_drbg_seed(),
+ * you may not call mbedtls_ctr_drbg_seed() again on
+ * the same context unless you call
+ * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
+ * again first.
* \param f_entropy The entropy callback, taking as arguments the
* \p p_entropy context, the buffer to fill, and the
- length of the buffer.
- * \param p_entropy The entropy context.
- * \param custom Personalization data, that is device-specific
- identifiers. Can be NULL.
- * \param len The length of the personalization data.
+ * length of the buffer.
+ * \p f_entropy is always called with a buffer size
+ * less than or equal to the entropy length.
+ * \param p_entropy The entropy context to pass to \p f_entropy.
+ * \param custom The personalization string.
+ * This can be \c NULL, in which case the personalization
+ * string is empty regardless of the value of \p len.
+ * \param len The length of the personalization string.
+ * This must be at most
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+ * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@@ -197,7 +320,8 @@
* The default value is off.
*
* \note If enabled, entropy is gathered at the beginning of
- * every call to mbedtls_ctr_drbg_random_with_add().
+ * every call to mbedtls_ctr_drbg_random_with_add()
+ * or mbedtls_ctr_drbg_random().
* Only use this if your entropy source has sufficient
* throughput.
*
@@ -209,18 +333,61 @@
/**
* \brief This function sets the amount of entropy grabbed on each
- * seed or reseed. The default value is
- * #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+ * seed or reseed.
+ *
+ * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+ *
+ * \note The security strength of CTR_DRBG is bounded by the
+ * entropy length. Thus:
+ * - When using AES-256
+ * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
+ * which is the default),
+ * \p len must be at least 32 (in bytes)
+ * to achieve a 256-bit strength.
+ * - When using AES-128
+ * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
+ * \p len must be at least 16 (in bytes)
+ * to achieve a 128-bit strength.
*
* \param ctx The CTR_DRBG context.
- * \param len The amount of entropy to grab.
+ * \param len The amount of entropy to grab, in bytes.
+ * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+ * and at most the maximum length accepted by the
+ * entropy function that is set in the context.
*/
void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
size_t len );
/**
+ * \brief This function sets the amount of entropy grabbed
+ * as a nonce for the initial seeding.
+ *
+ * Call this function before calling mbedtls_ctr_drbg_seed() to read
+ * a nonce from the entropy source during the initial seeding.
+ *
+ * \param ctx The CTR_DRBG context.
+ * \param len The amount of entropy to grab for the nonce, in bytes.
+ * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+ * and at most the maximum length accepted by the
+ * entropy function that is set in the context.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
+ * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ * if the initial seeding has already taken place.
+ */
+int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
+ size_t len );
+
+/**
* \brief This function sets the reseed interval.
- * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+ *
+ * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
+ * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
+ * is called again.
+ *
+ * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
*
* \param ctx The CTR_DRBG context.
* \param interval The reseed interval.
@@ -233,8 +400,12 @@
* extracts data from the entropy source.
*
* \param ctx The CTR_DRBG context.
- * \param additional Additional data to add to the state. Can be NULL.
+ * \param additional Additional data to add to the state. Can be \c NULL.
* \param len The length of the additional data.
+ * This must be less than
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+ * where \c entropy_len is the entropy length
+ * configured for the context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@@ -246,7 +417,8 @@
* \brief This function updates the state of the CTR_DRBG context.
*
* \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with.
+ * \param additional The data to update the state with. This must not be
+ * \c NULL unless \p add_len is \c 0.
* \param add_len Length of \p additional in bytes. This must be at
* most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
*
@@ -264,14 +436,23 @@
* \brief This function updates a CTR_DRBG instance with additional
* data and uses it to generate random data.
*
- * \note The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
+ * or prediction resistance is enabled.
*
* \param p_rng The CTR_DRBG context. This must be a pointer to a
* #mbedtls_ctr_drbg_context structure.
* \param output The buffer to fill.
- * \param output_len The length of the buffer.
- * \param additional Additional data to update. Can be NULL.
- * \param add_len The length of the additional data.
+ * \param output_len The length of the buffer in bytes.
+ * \param additional Additional data to update. Can be \c NULL, in which
+ * case the additional data is empty regardless of
+ * the value of \p add_len.
+ * \param add_len The length of the additional data
+ * if \p additional is not \c NULL.
+ * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
+ * and less than
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+ * where \c entropy_len is the entropy length
+ * configured for the context.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
@@ -284,12 +465,14 @@
/**
* \brief This function uses CTR_DRBG to generate random data.
*
- * \note The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
+ * or prediction resistance is enabled.
+ *
*
* \param p_rng The CTR_DRBG context. This must be a pointer to a
* #mbedtls_ctr_drbg_context structure.
* \param output The buffer to fill.
- * \param output_len The length of the buffer.
+ * \param output_len The length of the buffer in bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
@@ -336,7 +519,7 @@
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
* failure.
*/
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@@ -350,8 +533,10 @@
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- * #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
+ * reseed failure.
+ * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
+ * seed file is too large.
*/
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
#endif /* MBEDTLS_FS_IO */
@@ -368,11 +553,6 @@
#endif /* MBEDTLS_SELF_TEST */
-/* Internal functions (do not call directly) */
-int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
- int (*)(void *, unsigned char *, size_t), void *,
- const unsigned char *, size_t, size_t );
-
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 20a245a..06bb1c9 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -100,6 +100,7 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
+ * SSL 5 1 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 46536a1..00be9df 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -1,10 +1,14 @@
/**
* \file hmac_drbg.h
*
- * \brief HMAC_DRBG (NIST SP 800-90A)
+ * \brief The HMAC_DRBG pseudorandom generator.
+ *
+ * This module implements the HMAC_DRBG pseudorandom generator described
+ * in <em>NIST SP 800-90A: Recommendation for Random Number Generation Using
+ * Deterministic Random Bit Generators</em>.
*/
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -104,38 +108,72 @@
} mbedtls_hmac_drbg_context;
/**
- * \brief HMAC_DRBG context initialization
- * Makes the context ready for mbedtls_hmac_drbg_seed(),
- * mbedtls_hmac_drbg_seed_buf() or
- * mbedtls_hmac_drbg_free().
+ * \brief HMAC_DRBG context initialization.
*
- * \param ctx HMAC_DRBG context to be initialized
+ * This function makes the context ready for mbedtls_hmac_drbg_seed(),
+ * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
+ *
+ * \param ctx HMAC_DRBG context to be initialized.
*/
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
/**
- * \brief HMAC_DRBG initial seeding
- * Seed and setup entropy source for future reseeds.
+ * \brief HMAC_DRBG initial seeding.
*
- * \param ctx HMAC_DRBG context to be seeded
- * \param md_info MD algorithm to use for HMAC_DRBG
- * \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
- * length)
- * \param p_entropy Entropy context
- * \param custom Personalization data (Device specific identifiers)
- * (Can be NULL)
- * \param len Length of personalization data
+ * Set the initial seed and set up the entropy source for future reseeds.
*
- * \note The "security strength" as defined by NIST is set to:
- * 128 bits if md_alg is SHA-1,
- * 192 bits if md_alg is SHA-224,
- * 256 bits if md_alg is SHA-256 or higher.
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
+ * to use the entropy module:
+ * - \p f_entropy is mbedtls_entropy_func();
+ * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
+ * with mbedtls_entropy_init() (which registers the platform's default
+ * entropy sources).
+ *
+ * You can provide a personalization string in addition to the
+ * entropy source, to make this instantiation as unique as possible.
+ *
+ * \note By default, the security strength as defined by NIST is:
+ * - 128 bits if \p md_info is SHA-1;
+ * - 192 bits if \p md_info is SHA-224;
+ * - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512.
* Note that SHA-256 is just as efficient as SHA-224.
+ * The security strength can be reduced if a smaller
+ * entropy length is set with
+ * mbedtls_hmac_drbg_set_entropy_len().
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
- * MBEDTLS_ERR_MD_ALLOC_FAILED, or
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ * \note The default entropy length is the security strength
+ * (converted from bits to bytes). You can override
+ * it by calling mbedtls_hmac_drbg_set_entropy_len().
+ *
+ * \note During the initial seeding, this function calls
+ * the entropy source to obtain a nonce
+ * whose length is half the entropy length.
+ *
+ * \param ctx HMAC_DRBG context to be seeded.
+ * \param md_info MD algorithm to use for HMAC_DRBG.
+ * \param f_entropy The entropy callback, taking as arguments the
+ * \p p_entropy context, the buffer to fill, and the
+ * length of the buffer.
+ * \p f_entropy is always called with a length that is
+ * less than or equal to the entropy length.
+ * \param p_entropy The entropy context to pass to \p f_entropy.
+ * \param custom The personalization string.
+ * This can be \c NULL, in which case the personalization
+ * string is empty regardless of the value of \p len.
+ * \param len The length of the personalization string.
+ * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
+ * and also at most
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
+ * where \p entropy_len is the entropy length
+ * described above.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
+ * invalid.
+ * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
+ * memory to allocate context data.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * if the call to \p f_entropy failed.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
@@ -146,98 +184,131 @@
/**
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
- * (For use with deterministic ECDSA.)
*
- * \param ctx HMAC_DRBG context to be initialised
- * \param md_info MD algorithm to use for HMAC_DRBG
- * \param data Concatenation of entropy string and additional data
- * \param data_len Length of data in bytes
+ * This function is meant for use in algorithms that need a pseudorandom
+ * input such as deterministic ECDSA.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
- * MBEDTLS_ERR_MD_ALLOC_FAILED.
+ * \param ctx HMAC_DRBG context to be initialised.
+ * \param md_info MD algorithm to use for HMAC_DRBG.
+ * \param data Concatenation of the initial entropy string and
+ * the additional data.
+ * \param data_len Length of \p data in bytes.
+ *
+ * \return \c 0 if successful. or
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
+ * invalid.
+ * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
+ * memory to allocate context data.
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
const unsigned char *data, size_t data_len );
/**
- * \brief Enable / disable prediction resistance (Default: Off)
+ * \brief This function turns prediction resistance on or off.
+ * The default value is off.
*
- * Note: If enabled, entropy is used for ctx->entropy_len before each call!
- * Only use this if you have ample supply of good entropy!
+ * \note If enabled, entropy is gathered at the beginning of
+ * every call to mbedtls_hmac_drbg_random_with_add()
+ * or mbedtls_hmac_drbg_random().
+ * Only use this if your entropy source has sufficient
+ * throughput.
*
- * \param ctx HMAC_DRBG context
- * \param resistance MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ * \param ctx The HMAC_DRBG context.
+ * \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
*/
void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
int resistance );
/**
- * \brief Set the amount of entropy grabbed on each reseed
- * (Default: given by the security strength, which
- * depends on the hash used, see \c mbedtls_hmac_drbg_init() )
+ * \brief This function sets the amount of entropy grabbed on each
+ * seed or reseed.
*
- * \param ctx HMAC_DRBG context
- * \param len Amount of entropy to grab, in bytes
+ * See the documentation of mbedtls_hmac_drbg_seed() for the default value.
+ *
+ * \param ctx The HMAC_DRBG context.
+ * \param len The amount of entropy to grab, in bytes.
*/
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
size_t len );
/**
- * \brief Set the reseed interval
- * (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ * \brief Set the reseed interval.
*
- * \param ctx HMAC_DRBG context
- * \param interval Reseed interval
+ * The reseed interval is the number of calls to mbedtls_hmac_drbg_random()
+ * or mbedtls_hmac_drbg_random_with_add() after which the entropy function
+ * is called again.
+ *
+ * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL.
+ *
+ * \param ctx The HMAC_DRBG context.
+ * \param interval The reseed interval.
*/
void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
int interval );
/**
- * \brief HMAC_DRBG update state
+ * \brief This function updates the state of the HMAC_DRBG context.
*
- * \param ctx HMAC_DRBG context
- * \param additional Additional data to update state with, or NULL
- * \param add_len Length of additional data, or 0
+ * \param ctx The HMAC_DRBG context.
+ * \param additional The data to update the state with.
+ * If this is \c NULL, there is no additional data.
+ * \param add_len Length of \p additional in bytes.
+ * Unused if \p additional is \c NULL.
*
* \return \c 0 on success, or an error from the underlying
* hash calculation.
- *
- * \note Additional data is optional, pass NULL and 0 as second
- * third argument if no additional data is being used.
*/
int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
/**
- * \brief HMAC_DRBG reseeding (extracts data from entropy source)
+ * \brief This function reseeds the HMAC_DRBG context, that is
+ * extracts data from the entropy source.
*
- * \param ctx HMAC_DRBG context
- * \param additional Additional data to add to state (Can be NULL)
- * \param len Length of additional data
+ * \param ctx The HMAC_DRBG context.
+ * \param additional Additional data to add to the state.
+ * If this is \c NULL, there is no additional data
+ * and \p len should be \c 0.
+ * \param len The length of the additional data.
+ * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
+ * and also at most
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
+ * where \p entropy_len is the entropy length
+ * (see mbedtls_hmac_drbg_set_entropy_len()).
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * if a call to the entropy function failed.
*/
int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t len );
/**
- * \brief HMAC_DRBG generate random with additional update input
+ * \brief This function updates an HMAC_DRBG instance with additional
+ * data and uses it to generate random data.
*
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
+ * or prediction resistance is enabled.
*
- * \param p_rng HMAC_DRBG context
- * \param output Buffer to fill
- * \param output_len Length of the buffer
- * \param additional Additional data to update with (can be NULL)
- * \param add_len Length of additional data (can be 0)
+ * \param p_rng The HMAC_DRBG context. This must be a pointer to a
+ * #mbedtls_hmac_drbg_context structure.
+ * \param output The buffer to fill.
+ * \param output_len The length of the buffer in bytes.
+ * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
+ * \param additional Additional data to update with.
+ * If this is \c NULL, there is no additional data
+ * and \p add_len should be \c 0.
+ * \param add_len The length of the additional data.
+ * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- * MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
- * MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * if a call to the entropy source failed.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
+ * \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
+ * \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
*/
int mbedtls_hmac_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t output_len,
@@ -245,24 +316,29 @@
size_t add_len );
/**
- * \brief HMAC_DRBG generate random
+ * \brief This function uses HMAC_DRBG to generate random data.
*
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
+ * or prediction resistance is enabled.
*
- * \param p_rng HMAC_DRBG context
- * \param output Buffer to fill
- * \param out_len Length of the buffer
+ * \param p_rng The HMAC_DRBG context. This must be a pointer to a
+ * #mbedtls_hmac_drbg_context structure.
+ * \param output The buffer to fill.
+ * \param out_len The length of the buffer in bytes.
+ * This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- * MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * if a call to the entropy source failed.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
+ * \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
*/
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
/**
* \brief Free an HMAC_DRBG context
*
- * \param ctx HMAC_DRBG context to free.
+ * \param ctx The HMAC_DRBG context to free.
*/
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
@@ -273,17 +349,16 @@
#define MBEDTLS_DEPRECATED
#endif
/**
- * \brief HMAC_DRBG update state
+ * \brief This function updates the state of the HMAC_DRBG context.
*
* \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
* in 2.16.0.
*
- * \param ctx HMAC_DRBG context
- * \param additional Additional data to update state with, or NULL
- * \param add_len Length of additional data, or 0
- *
- * \note Additional data is optional, pass NULL and 0 as second
- * third argument if no additional data is being used.
+ * \param ctx The HMAC_DRBG context.
+ * \param additional The data to update the state with.
+ * If this is \c NULL, there is no additional data.
+ * \param add_len Length of \p additional in bytes.
+ * Unused if \p additional is \c NULL.
*/
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
mbedtls_hmac_drbg_context *ctx,
@@ -293,26 +368,31 @@
#if defined(MBEDTLS_FS_IO)
/**
- * \brief Write a seed file
+ * \brief This function writes a seed file.
*
- * \param ctx HMAC_DRBG context
- * \param path Name of the file
+ * \param ctx The HMAC_DRBG context.
+ * \param path The name of the file.
*
- * \return 0 if successful, 1 on file error, or
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
+ * failure.
*/
int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
/**
- * \brief Read and update a seed file. Seed is added to this
- * instance
+ * \brief This function reads and updates a seed file. The seed
+ * is added to this instance.
*
- * \param ctx HMAC_DRBG context
- * \param path Name of the file
+ * \param ctx The HMAC_DRBG context.
+ * \param path The name of the file.
*
- * \return 0 if successful, 1 on file error,
- * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
- * MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on
+ * reseed failure.
+ * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
+ * seed file is too large.
*/
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
#endif /* MBEDTLS_FS_IO */
@@ -320,9 +400,10 @@
#if defined(MBEDTLS_SELF_TEST)
/**
- * \brief Checkup routine
+ * \brief The HMAC_DRBG Checkup routine.
*
- * \return 0 if successful, or 1 if the test failed
+ * \return \c 0 if successful.
+ * \return \c 1 if the test failed.
*/
int mbedtls_hmac_drbg_self_test( int verbose );
#endif
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index d750004..6343563 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -102,6 +102,58 @@
} mbedtls_pk_rsassa_pss_options;
/**
+ * \brief Maximum size of a signature made by mbedtls_pk_sign().
+ */
+/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
+ * size among the supported signature types. Do it by starting at 0,
+ * then incrementally increasing to be large enough for each supported
+ * signature mechanism.
+ *
+ * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
+ * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
+ * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
+ */
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
+
+#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
+ MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+/* For RSA, the signature can be as large as the bignum module allows.
+ * For RSA_ALT, the signature size is not necessarily tied to what the
+ * bignum module can do, but in the absence of any specific setting,
+ * we use that (rsa_alt_sign_wrap in pk_wrap will check). */
+#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) && \
+ MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+/* For ECDSA, the ecdsa module exports a constant for the maximum
+ * signature size. */
+#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+/* PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE is the maximum size of a signature made
+ * through the PSA API in the PSA representation. */
+#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
+#endif
+
+#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+/* The Mbed TLS representation is different for ECDSA signatures:
+ * PSA uses the raw concatenation of r and s,
+ * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
+ * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
+ * types, lengths (represented by up to 2 bytes), and potential leading
+ * zeros of the INTEGERs and the SEQUENCE. */
+#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
+#endif
+#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
+
+/**
* \brief Types for interfacing with the debug module
*/
typedef enum
@@ -442,8 +494,13 @@
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
- * \param sig Place to write the signature
- * \param sig_len Number of bytes written
+ * \param sig Place to write the signature.
+ * It must have enough room for the signature.
+ * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ * You may use a smaller buffer if it is large enough
+ * given the key type.
+ * \param sig_len On successful return,
+ * the number of bytes written to \p sig.
* \param f_rng RNG function
* \param p_rng RNG parameter
*
@@ -474,16 +531,21 @@
*
* \param ctx The PK context to use. It must have been set up
* with a private key.
- * \param md_alg Hash algorithm used (see notes)
+ * \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
- * \param sig Place to write the signature
- * \param sig_len Number of bytes written
+ * \param hash_len Hash length or 0 (see notes for mbedtls_pk_sign())
+ * \param sig Place to write the signature.
+ * It must have enough room for the signature.
+ * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ * You may use a smaller buffer if it is large enough
+ * given the key type.
+ * \param sig_len On successful return,
+ * the number of bytes written to \p sig.
* \param f_rng RNG function
* \param p_rng RNG parameter
* \param rs_ctx Restart context (NULL to disable restart)
*
- * \return See \c mbedtls_pk_sign(), or
+ * \return See \c mbedtls_pk_sign().
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 8d18fcc..a87ca81 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -230,9 +230,11 @@
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
return( 0 );
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+ default:
+ (void) oid;
+ (void) oid_len;
+ return( -1 );
}
-
- return( -1 );
}
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 840540b..ec8d0d8 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -907,7 +907,8 @@
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -954,7 +955,8 @@
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1015,7 +1017,8 @@
* the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- * for an 2048-bit RSA modulus.
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index fd77830..ae694ee 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,17 +39,17 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 17
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_MINOR 19
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02110000
-#define MBEDTLS_VERSION_STRING "2.17.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0"
+#define MBEDTLS_VERSION_NUMBER 0x02130100
+#define MBEDTLS_VERSION_STRING "2.19.1"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.1"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index d3b7522..7291c3e 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -459,9 +459,12 @@
* maintain the key handle until after the multipart operation has finished.
*
* \param handle The key handle to close.
+ * If this is \c 0, do nothing and return \c PSA_SUCCESS.
*
* \retval #PSA_SUCCESS
+ * \p handle was a valid handle or \c 0. It is now closed.
* \retval #PSA_ERROR_INVALID_HANDLE
+ * \p handle is not a valid handle nor \c 0.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BAD_STATE
@@ -579,13 +582,17 @@
* key will cause the multipart operation to fail.
*
* \param handle Handle to the key to erase.
+ * If this is \c 0, do nothing and return \c PSA_SUCCESS.
*
* \retval #PSA_SUCCESS
- * The key material has been erased.
+ * \p handle was a valid handle and the key material that it
+ * referred to has been erased.
+ * Alternatively, \p handle is \c 0.
* \retval #PSA_ERROR_NOT_PERMITTED
* The key cannot be erased because it is
* read-only, either due to a policy or due to physical restrictions.
* \retval #PSA_ERROR_INVALID_HANDLE
+ * \p handle is not a valid handle nor \c 0.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* There was an failure in communication with the cryptoprocessor.
* The key material may still be present in the cryptoprocessor.
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index f0e4782..c5313d6 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -186,6 +186,9 @@
* \retval #PSA_ERROR_ALREADY_EXISTS
* There is already a key with the identifier specified in
* \p attributes.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The secure element driver for the specified lifetime does not
+ * support registering a key.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p attributes specifies a lifetime which is not located
* in a secure element.
@@ -428,8 +431,9 @@
* #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes
* from domain parameters set by psa_set_key_domain_parameters().
*/
-/* This value is reserved for private use in the TLS named group registry. */
-#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0x01fc)
+/* This value is a deprecated value meaning an explicit curve in the IANA
+ * registry. */
+#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0xff01)
/**
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index a43e0db..7ac1ed1 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -927,7 +927,14 @@
* sake of initial device provisioning or onboarding. Such a mechanism may
* be added to a future version of the PSA Cryptography API specification.
*
+ * This function may update the driver's persistent data through
+ * \p persistent_data. The core will save the updated persistent data at the
+ * end of the key creation process. See the description of
+ * ::psa_drv_se_allocate_key_t for more information.
+ *
* \param[in,out] drv_context The driver context structure.
+ * \param[in,out] persistent_data A pointer to the persistent data
+ * that allows writing.
* \param[in] attributes Attributes of the key.
* \param method The way in which the key is being created.
* \param[in] key_slot Slot where the key is to be stored.
@@ -946,6 +953,7 @@
*/
typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(
psa_drv_se_context_t *drv_context,
+ void *persistent_data,
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_key_slot_number_t key_slot);
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index bcca724..3332247 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -247,21 +247,6 @@
*/
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
-/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
- *
- * Maximum size of an asymmetric signature.
- *
- * This macro must expand to a compile-time constant integer. This value
- * should be the maximum size of a MAC supported by the implementation,
- * in bytes, and must be no smaller than this maximum.
- */
-#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
- PSA_BITS_TO_BYTES( \
- PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
- PSA_VENDOR_RSA_MAX_KEY_BITS : \
- PSA_VENDOR_ECC_MAX_CURVE_BITS \
- )
-
/** The maximum size of a block cipher supported by the implementation. */
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
@@ -457,6 +442,22 @@
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0))
+#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
+ PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
+
+/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
+ *
+ * Maximum size of an asymmetric signature.
+ *
+ * This macro must expand to a compile-time constant integer. This value
+ * should be the maximum size of a signature supported by the implementation,
+ * in bytes, and must be no smaller than this maximum.
+ */
+#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
+ PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
+ PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
+
/** Sufficient output buffer size for psa_asymmetric_encrypt().
*
* This macro returns a sufficient buffer size for a ciphertext produced using
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index b6b6198..c4f9acd 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -65,10 +65,82 @@
*/
typedef uint32_t psa_key_type_t;
-/** The type of PSA elliptic curve identifiers. */
+/** The type of PSA elliptic curve identifiers.
+ *
+ * The curve identifier is required to create an ECC key using the
+ * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+ * macros.
+ *
+ * The encoding of curve identifiers is taken from the
+ * TLS Supported Groups Registry (formerly known as the
+ * TLS EC Named Curve Registry)
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ *
+ * This specification defines identifiers for some of the curves in the IANA
+ * registry. Implementations that support other curves that are in the IANA
+ * registry should use the IANA value and a implementation-specific identifier.
+ * Implemenations that support non-IANA curves should use one of the following
+ * approaches for allocating a key type:
+ *
+ * 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to
+ * #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use
+ * range.
+ * 2. Use a ::psa_key_type_t value that is vendor-defined.
+ *
+ * The first option is recommended.
+ */
typedef uint16_t psa_ecc_curve_t;
-/** The type of PSA Diffie-Hellman group identifiers. */
+/** The type of PSA Diffie-Hellman group identifiers.
+ *
+ * The group identifier is required to create an Diffie-Hellman key using the
+ * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
+ * macros.
+ *
+ * The encoding of group identifiers is taken from the
+ * TLS Supported Groups Registry (formerly known as the
+ * TLS EC Named Curve Registry)
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ *
+ * This specification defines identifiers for some of the groups in the IANA
+ * registry. Implementations that support other groups that are in the IANA
+ * registry should use the IANA value and a implementation-specific identifier.
+ * Implemenations that support non-IANA groups should use one of the following
+ * approaches for allocating a key type:
+ *
+ * 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to
+ * #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use
+ * range.
+ * 2. Select a ::psa_dh_group_t value from the named groups allocated for
+ * GREASE in the IETF draft specification. The GREASE specification and
+ * values are listed below.
+ * 3. Use a ::psa_key_type_t value that is vendor-defined.
+ *
+ * Option 1 or 2 are recommended.
+ *
+ * The current draft of the GREASE specification is
+ * https://datatracker.ietf.org/doc/draft-ietf-tls-grease
+ *
+ * The following GREASE values are allocated for named groups:
+ * \code
+ * 0x0A0A
+ * 0x1A1A
+ * 0x2A2A
+ * 0x3A3A
+ * 0x4A4A
+ * 0x5A5A
+ * 0x6A6A
+ * 0x7A7A
+ * 0x8A8A
+ * 0x9A9A
+ * 0xAAAA
+ * 0xBABA
+ * 0xCACA
+ * 0xDADA
+ * 0xEAEA
+ * 0xFAFA
+ * \endcode
+ */
typedef uint16_t psa_dh_group_t;
/** \brief Encoding of a cryptographic algorithm.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 6b6a9f8..1e0c213 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -424,10 +424,18 @@
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x70030000)
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
-/** Elliptic curve key pair. */
+/** Elliptic curve key pair.
+ *
+ * \param curve A value of type ::psa_ecc_curve_t that identifies the
+ * ECC curve to be used.
+ */
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
-/** Elliptic curve public key. */
+/** Elliptic curve public key.
+ *
+ * \param curve A value of type ::psa_ecc_curve_t that identifies the
+ * ECC curve to be used.
+ */
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
@@ -498,13 +506,34 @@
*/
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
+/** Minimum value for a vendor-defined ECC curve identifier
+ *
+ * The range for vendor-defined curve identifiers is a subset of the IANA
+ * registry private use range, `0xfe00` - `0xfeff`.
+ */
+#define PSA_ECC_CURVE_VENDOR_MIN ((psa_ecc_curve_t) 0xfe00)
+/** Maximum value for a vendor-defined ECC curve identifier
+ *
+ * The range for vendor-defined curve identifiers is a subset of the IANA
+ * registry private use range, `0xfe00` - `0xfeff`.
+ */
+#define PSA_ECC_CURVE_VENDOR_MAX ((psa_ecc_curve_t) 0xfe7f)
+
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000)
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x70040000)
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
-/** Diffie-Hellman key pair. */
+/** Diffie-Hellman key pair.
+ *
+ * \param group A value of type ::psa_dh_group_t that identifies the
+ * Diffie-Hellman group to be used.
+ */
#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
(PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
-/** Diffie-Hellman public key. */
+/** Diffie-Hellman public key.
+ *
+ * \param group A value of type ::psa_dh_group_t that identifies the
+ * Diffie-Hellman group to be used.
+ */
#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
(PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
@@ -538,6 +567,19 @@
#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
+/** Minimum value for a vendor-defined Diffie Hellman group identifier
+ *
+ * The range for vendor-defined group identifiers is a subset of the IANA
+ * registry private use range, `0x01fc` - `0x01ff`.
+ */
+#define PSA_DH_GROUP_VENDOR_MIN ((psa_dh_group_t) 0x01fc)
+/** Maximum value for a vendor-defined Diffie Hellman group identifier
+ *
+ * The range for vendor-defined group identifiers is a subset of the IANA
+ * registry private use range, `0x01fc` - `0x01ff`.
+ */
+#define PSA_DH_GROUP_VENDOR_MAX ((psa_dh_group_t) 0x01fd)
+
/** The block size of a block cipher.
*
* \param type A cipher key type (value of type #psa_key_type_t).
@@ -680,11 +722,15 @@
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
-
+/** MD2 */
#define PSA_ALG_MD2 ((psa_algorithm_t)0x01000001)
+/** MD4 */
#define PSA_ALG_MD4 ((psa_algorithm_t)0x01000002)
+/** MD5 */
#define PSA_ALG_MD5 ((psa_algorithm_t)0x01000003)
+/** PSA_ALG_RIPEMD160 */
#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x01000004)
+/** SHA1 */
#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x01000005)
/** SHA2-224 */
#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x01000008)
diff --git a/library/Makefile b/library/Makefile
index d7c1567..6aeb95f 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -146,9 +146,11 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
+libmbedcrypto.$(DLEXT): | libmbedcrypto.a
+
.c.o:
echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
clean:
ifndef WINDOWS
diff --git a/library/asn1parse.c b/library/asn1parse.c
index 4764ca4..412259e 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -149,16 +149,26 @@
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( ret );
- if( len == 0 || ( **p & 0x80 ) != 0 )
+ /* len==0 is malformed (0 must be represented as 020100). */
+ if( len == 0 )
+ return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ /* This is a cryptography library. Reject negative integers. */
+ if( ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ /* Skip leading zeros. */
while( len > 0 && **p == 0 )
{
++( *p );
--len;
}
+
+ /* Reject integers that don't fit in an int. This code assumes that
+ * the int type has no padding bit. */
if( len > sizeof( int ) )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+ if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
+ return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0;
while( len-- > 0 )
diff --git a/library/bignum.c b/library/bignum.c
index d5bde8b..a2f2a9f 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1632,6 +1632,7 @@
int ret;
size_t i, n, t, k;
mbedtls_mpi X, Y, Z, T1, T2;
+ mbedtls_mpi_uint TP2[3];
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@@ -1639,7 +1640,17 @@
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
+ mbedtls_mpi_init( &T1 );
+ /*
+ * Avoid dynamic memory allocations for constant-size T2.
+ *
+ * T2 is used for comparison only and the 3 limbs are assigned explicitly,
+ * so nobody increase the size of the MPI and we're safe to use an on-stack
+ * buffer.
+ */
+ T2.s = 1;
+ T2.n = sizeof( TP2 ) / sizeof( *TP2 );
+ T2.p = TP2;
if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
{
@@ -1655,7 +1666,6 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
k = mbedtls_mpi_bitlen( &Y ) % biL;
if( k < biL - 1 )
@@ -1687,6 +1697,10 @@
Y.p[t], NULL);
}
+ T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
+ T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
+ T2.p[2] = X.p[i];
+
Z.p[i - t - 1]++;
do
{
@@ -1696,11 +1710,6 @@
T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
T1.p[1] = Y.p[t];
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
- T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
- T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
- T2.p[2] = X.p[i];
}
while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
@@ -1736,7 +1745,8 @@
cleanup:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
- mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
+ mbedtls_mpi_free( &T1 );
+ mbedtls_platform_zeroize( TP2, sizeof( TP2 ) );
return( ret );
}
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 0db7beb..047bb2a 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -56,76 +56,15 @@
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
+ /* Indicate that the entropy nonce length is not set explicitly.
+ * See mbedtls_ctr_drbg_set_nonce_len(). */
+ ctx->reseed_counter = -1;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
}
-/*
- * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
- * NIST tests to succeed (which require known length fixed entropy)
- */
-/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
- * mbedtls_ctr_drbg_seed_entropy_len(ctx, f_entropy, p_entropy,
- * custom, len, entropy_len)
- * implements
- * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
- * security_strength) -> initial_working_state
- * with inputs
- * custom[:len] = nonce || personalization_string
- * where entropy_input comes from f_entropy for entropy_len bytes
- * and with outputs
- * ctx = initial_working_state
- */
-int mbedtls_ctr_drbg_seed_entropy_len(
- mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len,
- size_t entropy_len )
-{
- int ret;
- unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
-
- memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
-
- mbedtls_aes_init( &ctx->aes_ctx );
-
- ctx->f_entropy = f_entropy;
- ctx->p_entropy = p_entropy;
-
- ctx->entropy_len = entropy_len;
- ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-
- /*
- * Initialize with an empty key
- */
- if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
- MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
- {
- return( ret );
- }
-
- if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
- {
- return( ret );
- }
- return( 0 );
-}
-
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
- int (*f_entropy)(void *, unsigned char *, size_t),
- void *p_entropy,
- const unsigned char *custom,
- size_t len )
-{
- return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy,
- custom, len,
- MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
-}
-
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
{
if( ctx == NULL )
@@ -150,6 +89,32 @@
ctx->entropy_len = len;
}
+int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
+ size_t len )
+{
+ /* If mbedtls_ctr_drbg_seed() has already been called, it's
+ * too late. Return the error code that's closest to making sense. */
+ if( ctx->f_entropy != NULL )
+ return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+
+ if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+#if SIZE_MAX > INT_MAX
+ /* This shouldn't be an issue because
+ * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
+ * configuration, but make sure anyway. */
+ if( len > INT_MAX )
+ return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+#endif
+
+ /* For backward compatibility with Mbed TLS <= 2.19, store the
+ * entropy nonce length in a field that already exists, but isn't
+ * used until after the initial seeding. */
+ /* Due to the capping of len above, the value fits in an int. */
+ ctx->reseed_counter = (int) len;
+ return( 0 );
+}
+
void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
int interval )
{
@@ -383,7 +348,7 @@
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
- * mbedtls_ctr_drbg_reseed(ctx, additional, len)
+ * mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len)
* implements
* CTR_DRBG_Reseed(working_state, entropy_input, additional_input)
* -> new_working_state
@@ -391,51 +356,57 @@
* ctx contains working_state
* additional[:len] = additional_input
* and entropy_input comes from calling ctx->f_entropy
+ * for (ctx->entropy_len + nonce_len) bytes
* and with output
* ctx contains new_working_state
*/
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t len )
+static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t len,
+ size_t nonce_len )
{
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
size_t seedlen = 0;
int ret;
- if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
- len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
+ if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
+ return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
- /*
- * Gather entropy_len bytes of entropy to seed state
- */
- if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
- ctx->entropy_len ) )
+ /* Gather entropy_len bytes of entropy to seed state. */
+ if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
{
return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
}
-
seedlen += ctx->entropy_len;
- /*
- * Add additional data
- */
- if( additional && len )
+ /* Gather entropy for a nonce if requested. */
+ if( nonce_len != 0 )
+ {
+ if( 0 != ctx->f_entropy( ctx->p_entropy, seed, nonce_len ) )
+ {
+ return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+ }
+ seedlen += nonce_len;
+ }
+
+ /* Add additional data if provided. */
+ if( additional != NULL && len != 0 )
{
memcpy( seed + seedlen, additional, len );
seedlen += len;
}
- /*
- * Reduce to 384 bits
- */
+ /* Reduce to 384 bits. */
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
goto exit;
- /*
- * Update state
- */
+ /* Update state. */
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
goto exit;
ctx->reseed_counter = 1;
@@ -445,6 +416,81 @@
return( ret );
}
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional, size_t len )
+{
+ return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
+}
+
+/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
+ * is sufficient to achieve the maximum security strength given the key
+ * size and entropy length. If there is enough entropy in the initial
+ * call to the entropy function to serve as both the entropy input and
+ * the nonce, don't make a second call to get a nonce. */
+static size_t good_nonce_len( size_t entropy_len )
+{
+ if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
+ return( 0 );
+ else
+ return( ( entropy_len + 1 ) / 2 );
+}
+
+/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
+ * mbedtls_ctr_drbg_seed(ctx, f_entropy, p_entropy, custom, len)
+ * implements
+ * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
+ * security_strength) -> initial_working_state
+ * with inputs
+ * custom[:len] = nonce || personalization_string
+ * where entropy_input comes from f_entropy for ctx->entropy_len bytes
+ * and with outputs
+ * ctx = initial_working_state
+ */
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+ int (*f_entropy)(void *, unsigned char *, size_t),
+ void *p_entropy,
+ const unsigned char *custom,
+ size_t len )
+{
+ int ret;
+ unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
+ size_t nonce_len;
+
+ memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
+
+ mbedtls_aes_init( &ctx->aes_ctx );
+
+ ctx->f_entropy = f_entropy;
+ ctx->p_entropy = p_entropy;
+
+ if( ctx->entropy_len == 0 )
+ ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+ /* ctx->reseed_counter contains the desired amount of entropy to
+ * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
+ * If it's -1, indicating that the entropy nonce length was not set
+ * explicitly, use a sufficiently large nonce for security. */
+ nonce_len = ( ctx->reseed_counter >= 0 ?
+ (size_t) ctx->reseed_counter :
+ good_nonce_len( ctx->entropy_len ) );
+
+ ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
+
+ /* Initialize with an empty key. */
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
+ MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ /* Do the initial seeding. */
+ if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len,
+ nonce_len ) ) != 0 )
+ {
+ return( ret );
+ }
+ return( 0 );
+}
+
/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2)
* mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len)
* implements
@@ -708,8 +754,12 @@
mbedtls_printf( " CTR_DRBG (PR = TRUE) : " );
test_offset = 0;
- CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+ mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
+ mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
+ CHK( mbedtls_ctr_drbg_seed( &ctx,
+ ctr_drbg_self_test_entropy,
+ (void *) entropy_source_pr,
+ nonce_pers_pr, 16 ) );
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
@@ -729,8 +779,12 @@
mbedtls_ctr_drbg_init( &ctx );
test_offset = 0;
- CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+ mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
+ mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
+ CHK( mbedtls_ctr_drbg_seed( &ctx,
+ ctr_drbg_self_test_entropy,
+ (void *) entropy_source_nopr,
+ nonce_pers_nopr, 16 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
diff --git a/library/entropy.c b/library/entropy.c
index 5655253..a40ce80 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -258,7 +258,9 @@
*/
static int entropy_gather_internal( mbedtls_entropy_context *ctx )
{
- int ret, i, have_one_strong = 0;
+ int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ int i;
+ int have_one_strong = 0;
unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
size_t olen;
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 50d88bd..f71c95c 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -74,7 +74,7 @@
unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
unsigned char sep[1];
unsigned char K[MBEDTLS_MD_MAX_SIZE];
- int ret;
+ int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
@@ -273,16 +273,19 @@
ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
- /*
- * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
- * each hash function, then according to SP800-90A rev1 10.1 table 2,
- * min_entropy_len (in bits) is security_strength.
- *
- * (This also matches the sizes used in the NIST test vectors.)
- */
- ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
- md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
- 32; /* better (256+) -> 256 bits */
+ if( ctx->entropy_len == 0 )
+ {
+ /*
+ * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
+ * each hash function, then according to SP800-90A rev1 10.1 table 2,
+ * min_entropy_len (in bits) is security_strength.
+ *
+ * (This also matches the sizes used in the NIST test vectors.)
+ */
+ ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
+ md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
+ 32; /* better (256+) -> 256 bits */
+ }
if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
1 /* add nonce */ ) ) != 0 )
@@ -303,7 +306,7 @@
}
/*
- * Set entropy length grabbed for reseeds
+ * Set entropy length grabbed for seeding
*/
void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
{
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 5a699c0..702c3bb 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -774,6 +774,8 @@
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
+ if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
md_alg, (unsigned int) hash_len, hash, sig ) );
@@ -1017,6 +1019,8 @@
return( mbedtls_psa_err_translate_pk( status ) );
buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
psa_reset_key_attributes( &attributes );
+ if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* make the signature */
status = psa_asymmetric_sign( *key, alg, hash, hash_len,
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 4388160..c2c5623 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -38,7 +38,9 @@
#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
+#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
@@ -154,6 +156,26 @@
return( (int) len );
}
+
+/*
+ * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
+ */
+static int pk_write_ec_private( unsigned char **p, unsigned char *start,
+ mbedtls_ecp_keypair *ec )
+{
+ int ret;
+ size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+ unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+
+ ret = mbedtls_mpi_write_binary( &ec->d, tmp, byte_length );
+ if( ret != 0 )
+ goto exit;
+ ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+
+exit:
+ mbedtls_platform_zeroize( tmp, byte_length );
+ return( ret );
+}
#endif /* MBEDTLS_ECP_C */
int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
@@ -424,9 +446,8 @@
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
len += par_len;
- /* privateKey: write as MPI then fix tag */
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
- *c = MBEDTLS_ASN1_OCTET_STRING;
+ /* privateKey */
+ MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
/* version */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b9ea00f..e4d4924 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1013,6 +1013,9 @@
psa_se_drv_table_entry_t *driver;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ if( handle == 0 )
+ return( PSA_SUCCESS );
+
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
@@ -1579,7 +1582,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things
- * when creating a key (but not when registering an existing key):
+ * when creating or registering a key:
* create the key file in internal storage, create the
* key inside the secure element, and update the driver's
* persistent data. Start a transaction that will encompass these
@@ -1592,7 +1595,7 @@
* secure element driver updates its persistent state, but we do not yet
* save the driver's persistent state, so that if the power fails,
* we can roll back to a state where the key doesn't exist. */
- if( *p_drv != NULL && method != PSA_KEY_CREATION_REGISTER )
+ if( *p_drv != NULL )
{
status = psa_find_se_slot_for_key( attributes, method, *p_drv,
&slot->data.se.slot_number );
@@ -1609,6 +1612,12 @@
return( status );
}
}
+
+ if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
+ {
+ /* Key registration only makes sense with a secure element. */
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
return( status );
@@ -1883,7 +1892,6 @@
psa_status_t status;
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
- const psa_drv_se_t *drv;
psa_key_handle_t handle = 0;
/* Leaving attributes unspecified is not currently supported.
@@ -1900,37 +1908,6 @@
if( status != PSA_SUCCESS )
goto exit;
- if( driver == NULL )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
- drv = psa_get_se_driver_methods( driver );
-
- if ( psa_get_key_slot_number( attributes,
- &slot->data.se.slot_number ) != PSA_SUCCESS )
- {
- /* The application didn't specify a slot number. This doesn't
- * make sense when registering a slot. */
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
- /* If the driver has a slot number validation method, call it.
- * If it doesn't, it means the secure element is unable to validate
- * anything and so we have to trust the application. */
- if( drv->key_management != NULL &&
- drv->key_management->p_validate_slot_number != NULL )
- {
- status = drv->key_management->p_validate_slot_number(
- psa_get_se_driver_context( driver ),
- attributes,
- PSA_KEY_CREATION_REGISTER,
- slot->data.se.slot_number );
- if( status != PSA_SUCCESS )
- goto exit;
- }
-
status = psa_finish_key_creation( slot, driver );
exit:
@@ -2029,6 +2006,7 @@
/* Message digests */
/****************************************************************/
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC)
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
{
switch( alg )
@@ -2069,6 +2047,7 @@
return( NULL );
}
}
+#endif
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
@@ -5713,6 +5692,12 @@
if( status != PSA_SUCCESS )
goto exit;
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ status = psa_init_all_se_drivers( );
+ if( status != PSA_SUCCESS )
+ goto exit;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
status = psa_crypto_load_transaction( );
if( status == PSA_SUCCESS )
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 523c621..b7fa0c5 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -222,9 +222,16 @@
if( p_validate_slot_number == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
status = p_validate_slot_number( &driver->context,
+ driver->internal.persistent_data,
attributes, method,
*slot_number );
}
+ else if( method == PSA_KEY_CREATION_REGISTER )
+ {
+ /* The application didn't specify a slot number. This doesn't
+ * make sense when registering a slot. */
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
else
{
/* The application didn't tell us which slot to use. Let the driver
@@ -265,6 +272,31 @@
return( status == PSA_SUCCESS ? storage_status : status );
}
+psa_status_t psa_init_all_se_drivers( void )
+{
+ size_t i;
+ for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
+ {
+ psa_se_drv_table_entry_t *driver = &driver_table[i];
+ if( driver->lifetime == 0 )
+ continue; /* skipping unused entry */
+ const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
+ if( methods->p_init != NULL )
+ {
+ psa_status_t status = methods->p_init(
+ &driver->context,
+ driver->internal.persistent_data,
+ driver->lifetime );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_save_se_persistent_data( driver );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+ }
+ return( PSA_SUCCESS );
+}
+
/****************************************************************/
@@ -309,6 +341,8 @@
driver_table[i].lifetime = lifetime;
driver_table[i].methods = methods;
+ driver_table[i].internal.persistent_data_size =
+ methods->persistent_data_size;
if( methods->persistent_data_size != 0 )
{
@@ -326,8 +360,6 @@
if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
goto error;
}
- driver_table[i].internal.persistent_data_size =
- methods->persistent_data_size;
return( PSA_SUCCESS );
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 900a72b..86bf7a7 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -66,6 +66,12 @@
*/
void psa_unregister_all_se_drivers( void );
+/** Initialize all secure element drivers.
+ *
+ * Called from psa_crypto_init().
+ */
+psa_status_t psa_init_all_se_drivers( void );
+
/** A structure that describes a registered secure element driver.
*
* A secure element driver table entry contains a pointer to the
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 59be319..6cd6a11 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -255,6 +255,9 @@
psa_status_t status;
psa_key_slot_t *slot;
+ if( handle == 0 )
+ return( PSA_SUCCESS );
+
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index a27442c..1389fd4 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -419,7 +419,7 @@
{
struct psa_storage_info_t p_info;
psa_status_t status;
- status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+ status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
if( status == PSA_SUCCESS )
{
/* This shouldn't happen: we're trying to start a transaction while
diff --git a/library/version_features.c b/library/version_features.c
index 5404d79..a91723f 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -300,6 +300,9 @@
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
"MBEDTLS_CIPHER_PADDING_ZEROS",
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+ "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY",
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
diff --git a/programs/Makefile b/programs/Makefile
index add1a86..f56df5f 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -249,8 +249,8 @@
rm -f $(APPS) $(EXTRA_GENERATED)
-rm -f test/cpp_dummy_build$(EXEXT)
else
- if exist *.o del /S /Q /F *.o
- if exist *.exe del /S /Q /F *.exe
+ if exist *.o del /Q /F *.o
+ if exist *.exe del /Q /F *.exe
if exist $(EXTRA_GENERATED) del /S /Q /F $(EXTRA_GENERATED)
endif
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 47a098a..a354e5b 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -60,7 +60,6 @@
#include <stdio.h>
#include <string.h>
-
int main( int argc, char *argv[] )
{
FILE *f;
@@ -70,7 +69,7 @@
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a6bfe3f..72caf71 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -65,7 +65,7 @@
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
mbedtls_pk_init( &pk );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index b005c20..8f89c70 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -686,12 +686,13 @@
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init( &ctr_drbg );
-
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index da3dfb0..1832b2c 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -828,6 +828,14 @@
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+ if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
{
@@ -1676,14 +1684,6 @@
}
#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
- if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY );
- return( 0 );
- }
-#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
-
#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
if( strcmp( "MBEDTLS_HMAC_DRBG_RESEED_INTERVAL", config ) == 0 )
{
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
index bebab10..dfe1177 100755
--- a/scripts/apidoc_full.sh
+++ b/scripts/apidoc_full.sh
@@ -19,7 +19,7 @@
CONFIG_BAK=${CONFIG_H}.bak
cp -p $CONFIG_H $CONFIG_BAK
-scripts/config.pl realfull
+scripts/config.py realfull
make apidoc
mv $CONFIG_BAK $CONFIG_H
diff --git a/scripts/config.pl b/scripts/config.pl
index ed0967d..95e3191 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -1,295 +1,27 @@
#!/usr/bin/env perl
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Comments and uncomments #define lines in the given header file and optionally
-# sets their value or can get the value. This is to provide scripting control of
-# what preprocessor symbols, and therefore what build time configuration flags
-# are set in the 'config.h' file.
-#
-# Usage: config.pl [-f <file> | --file <file>] [-o | --force]
-# [set <symbol> <value> | unset <symbol> | get <symbol> |
-# full | realfull]
-#
-# Full usage description provided below.
-#
-# The following options are disabled instead of enabled with "full".
-#
-# MBEDTLS_TEST_NULL_ENTROPY
-# MBEDTLS_DEPRECATED_REMOVED
-# MBEDTLS_HAVE_SSE2
-# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-# MBEDTLS_ECP_DP_M221_ENABLED
-# MBEDTLS_ECP_DP_M383_ENABLED
-# MBEDTLS_ECP_DP_M511_ENABLED
-# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-# MBEDTLS_NO_PLATFORM_ENTROPY
-# MBEDTLS_RSA_NO_CRT
-# MBEDTLS_PSA_CRYPTO_SPM
-# MBEDTLS_PSA_INJECT_ENTROPY
-# MBEDTLS_ECP_RESTARTABLE
-# and any symbol beginning _ALT
-#
+# Backward compatibility redirection
-use warnings;
-use strict;
+## Copyright (C) 2019, ARM Limited, All Rights Reserved
+## SPDX-License-Identifier: Apache-2.0
+##
+## Licensed under the Apache License, Version 2.0 (the "License"); you may
+## not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## This file is part of Mbed TLS (https://tls.mbed.org)
-my $config_file = "include/mbedtls/config.h";
-my $usage = <<EOU;
-$0 [-f <file> | --file <file>] [-o | --force]
- [set <symbol> <value> | unset <symbol> | get <symbol> |
- full | realfull | baremetal]
-
-Commands
- set <symbol> [<value>] - Uncomments or adds a #define for the <symbol> to
- the configuration file, and optionally making it
- of <value>.
- If the symbol isn't present in the file an error
- is returned.
- unset <symbol> - Comments out the #define for the given symbol if
- present in the configuration file.
- get <symbol> - Finds the #define for the given symbol, returning
- an exitcode of 0 if the symbol is found, and 1 if
- not. The value of the symbol is output if one is
- specified in the configuration file.
- full - Uncomments all #define's in the configuration file
- excluding some reserved symbols, until the
- 'Module configuration options' section
- realfull - Uncomments all #define's with no exclusions
- baremetal - Sets full configuration suitable for baremetal build.
-
-Options
- -f | --file <filename> - The file or file path for the configuration file
- to edit. When omitted, the following default is
- used:
- $config_file
- -o | --force - If the symbol isn't present in the configuration
- file when setting its value, a #define is
- appended to the end of the file.
-
-EOU
-
-my @excluded = qw(
-MBEDTLS_TEST_NULL_ENTROPY
-MBEDTLS_DEPRECATED_REMOVED
-MBEDTLS_HAVE_SSE2
-MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-MBEDTLS_ECP_DP_M221_ENABLED
-MBEDTLS_ECP_DP_M383_ENABLED
-MBEDTLS_ECP_DP_M511_ENABLED
-MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_RSA_NO_CRT
-MBEDTLS_NO_UDBL_DIVISION
-MBEDTLS_NO_64BIT_MULTIPLICATION
-MBEDTLS_PSA_CRYPTO_SE_C
-MBEDTLS_PSA_CRYPTO_SPM
-MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
-MBEDTLS_PSA_INJECT_ENTROPY
-MBEDTLS_ECP_RESTARTABLE
-MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-_ALT\s*$
-);
-
-# Things that should be disabled in "baremetal"
-my @excluded_baremetal = qw(
-MBEDTLS_TIMING_C
-MBEDTLS_FS_IO
-MBEDTLS_ENTROPY_NV_SEED
-MBEDTLS_HAVE_TIME
-MBEDTLS_HAVE_TIME_DATE
-MBEDTLS_DEPRECATED_WARNING
-MBEDTLS_HAVEGE_C
-MBEDTLS_THREADING_C
-MBEDTLS_THREADING_PTHREAD
-MBEDTLS_MEMORY_BACKTRACE
-MBEDTLS_MEMORY_BUFFER_ALLOC_C
-MBEDTLS_PLATFORM_TIME_ALT
-MBEDTLS_PLATFORM_FPRINTF_ALT
-MBEDTLS_PSA_ITS_FILE_C
-MBEDTLS_PSA_CRYPTO_SE_C
-MBEDTLS_PSA_CRYPTO_STORAGE_C
-);
-
-# Things that should be enabled in "full" even if they match @excluded
-my @non_excluded = qw(
-PLATFORM_[A-Z0-9]+_ALT
-);
-
-# Things that should be enabled in "baremetal"
-my @non_excluded_baremetal = qw(
-MBEDTLS_NO_PLATFORM_ENTROPY
-);
-
-# Process the command line arguments
-
-my $force_option = 0;
-
-my ($arg, $name, $value, $action);
-
-while ($arg = shift) {
-
- # Check if the argument is an option
- if ($arg eq "-f" || $arg eq "--file") {
- $config_file = shift;
-
- -f $config_file or die "No such file: $config_file\n";
-
- }
- elsif ($arg eq "-o" || $arg eq "--force") {
- $force_option = 1;
-
- }
- else
- {
- # ...else assume it's a command
- $action = $arg;
-
- if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) {
- # No additional parameters
- die $usage if @ARGV;
-
- }
- elsif ($action eq "unset" || $action eq "get") {
- die $usage unless @ARGV;
- $name = shift;
-
- }
- elsif ($action eq "set") {
- die $usage unless @ARGV;
- $name = shift;
- $value = shift if @ARGV;
-
- }
- else {
- die "Command '$action' not recognised.\n\n".$usage;
- }
- }
-}
-
-# If no command was specified, exit...
-if ( not defined($action) ){ die $usage; }
-
-# Check the config file is present
-if (! -f $config_file) {
-
- chdir '..' or die;
-
- # Confirm this is the project root directory and try again
- if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) {
- die "If no file specified, must be run from the project root or scripts directory.\n";
- }
-}
-
-
-# Now read the file and process the contents
-
-open my $config_read, '<', $config_file or die "read $config_file: $!\n";
-my @config_lines = <$config_read>;
-close $config_read;
-
-# Add required baremetal symbols to the list that is included.
-if ( $action eq "baremetal" ) {
- @non_excluded = ( @non_excluded, @non_excluded_baremetal );
-}
-
-my ($exclude_re, $no_exclude_re, $exclude_baremetal_re);
-if ($action eq "realfull") {
- $exclude_re = qr/^$/;
- $no_exclude_re = qr/./;
-} else {
- $exclude_re = join '|', @excluded;
- $no_exclude_re = join '|', @non_excluded;
-}
-if ( $action eq "baremetal" ) {
- $exclude_baremetal_re = join '|', @excluded_baremetal;
-}
-
-my $config_write = undef;
-if ($action ne "get") {
- open $config_write, '>', $config_file or die "write $config_file: $!\n";
-}
-
-my $done;
-for my $line (@config_lines) {
- if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) {
- if ($line =~ /name SECTION: Module configuration options/) {
- $done = 1;
- }
-
- if (!$done && $line =~ m!^//\s?#define! &&
- ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) &&
- ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) {
- $line =~ s!^//\s?!!;
- }
- if (!$done && $line =~ m!^\s?#define! &&
- ! ( ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) &&
- ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) ) {
- $line =~ s!^!//!;
- }
- } elsif ($action eq "unset") {
- if (!$done && $line =~ /^\s*#define\s*$name\b/) {
- $line = '//' . $line;
- $done = 1;
- }
- } elsif (!$done && $action eq "set") {
- if ($line =~ m!^(?://)?\s*#define\s*$name\b!) {
- $line = "#define $name";
- $line .= " $value" if defined $value && $value ne "";
- $line .= "\n";
- $done = 1;
- }
- } elsif (!$done && $action eq "get") {
- if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) {
- $value = $1;
- $done = 1;
- }
- }
-
- if (defined $config_write) {
- print $config_write $line or die "write $config_file: $!\n";
- }
-}
-
-# Did the set command work?
-if ($action eq "set" && $force_option && !$done) {
-
- # If the force option was set, append the symbol to the end of the file
- my $line = "#define $name";
- $line .= " $value" if defined $value && $value ne "";
- $line .= "\n";
- $done = 1;
-
- print $config_write $line or die "write $config_file: $!\n";
-}
-
-if (defined $config_write) {
- close $config_write or die "close $config_file: $!\n";
-}
-
-if ($action eq "get") {
- if ($done) {
- if ($value ne '') {
- print "$value\n";
- }
- exit 0;
- } else {
- # If the symbol was not found, return an error
- exit 1;
- }
-}
-
-if ($action eq "full" && !$done) {
- die "Configuration section was not found in $config_file\n";
-
-}
-
-if ($action ne "full" && $action ne "unset" && !$done) {
- die "A #define for the symbol $name was not found in $config_file\n";
-}
-
-__END__
+my $py = $0;
+$py =~ s/\.pl$/.py/;
+exec 'python3', $py, @ARGV;
+print STDERR "$0: python3: $!\n";
+exec 'python', $py, @ARGV;
+print STDERR "$0: python: $!\n";
+exit 127;
diff --git a/scripts/config.py b/scripts/config.py
new file mode 100755
index 0000000..db2661c
--- /dev/null
+++ b/scripts/config.py
@@ -0,0 +1,420 @@
+#!/usr/bin/env python3
+
+"""Mbed TLS configuration file manipulation library and tool
+
+Basic usage, to read the Mbed TLS or Mbed Crypto configuration:
+ config = ConfigFile()
+ if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
+"""
+
+## Copyright (C) 2019, ARM Limited, All Rights Reserved
+## SPDX-License-Identifier: Apache-2.0
+##
+## Licensed under the Apache License, Version 2.0 (the "License"); you may
+## not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## This file is part of Mbed TLS (https://tls.mbed.org)
+
+import os
+import re
+
+class Setting:
+ """Representation of one Mbed TLS config.h setting.
+
+ Fields:
+ * name: the symbol name ('MBEDTLS_xxx').
+ * value: the value of the macro. The empty string for a plain #define
+ with no value.
+ * active: True if name is defined, False if a #define for name is
+ present in config.h but commented out.
+ * section: the name of the section that contains this symbol.
+ """
+ # pylint: disable=too-few-public-methods
+ def __init__(self, active, name, value='', section=None):
+ self.active = active
+ self.name = name
+ self.value = value
+ self.section = section
+
+class Config:
+ """Representation of the Mbed TLS configuration.
+
+ In the documentation of this class, a symbol is said to be *active*
+ if there is a #define for it that is not commented out, and *known*
+ if there is a #define for it whether commented out or not.
+
+ This class supports the following protocols:
+ * `name in config` is `True` if the symbol `name` is active, `False`
+ otherwise (whether `name` is inactive or not known).
+ * `config[name]` is the value of the macro `name`. If `name` is inactive,
+ raise `KeyError` (even if `name` is known).
+ * `config[name] = value` sets the value associated to `name`. `name`
+ must be known, but does not need to be set. This does not cause
+ name to become set.
+ """
+
+ def __init__(self):
+ self.settings = {}
+
+ def __contains__(self, name):
+ """True if the given symbol is active (i.e. set).
+
+ False if the given symbol is not set, even if a definition
+ is present but commented out.
+ """
+ return name in self.settings and self.settings[name].active
+
+ def all(self, *names):
+ """True if all the elements of names are active (i.e. set)."""
+ return all(self.__contains__(name) for name in names)
+
+ def any(self, *names):
+ """True if at least one symbol in names are active (i.e. set)."""
+ return any(self.__contains__(name) for name in names)
+
+ def known(self, name):
+ """True if a #define for name is present, whether it's commented out or not."""
+ return name in self.settings
+
+ def __getitem__(self, name):
+ """Get the value of name, i.e. what the preprocessor symbol expands to.
+
+ If name is not known, raise KeyError. name does not need to be active.
+ """
+ return self.settings[name].value
+
+ def get(self, name, default=None):
+ """Get the value of name. If name is inactive (not set), return default.
+
+ If a #define for name is present and not commented out, return
+ its expansion, even if this is the empty string.
+
+ If a #define for name is present but commented out, return default.
+ """
+ if name in self.settings:
+ return self.settings[name].value
+ else:
+ return default
+
+ def __setitem__(self, name, value):
+ """If name is known, set its value.
+
+ If name is not known, raise KeyError.
+ """
+ self.settings[name].value = value
+
+ def set(self, name, value=None):
+ """Set name to the given value and make it active.
+
+ If value is None and name is already known, don't change its value.
+ If value is None and name is not known, set its value to the empty
+ string.
+ """
+ if name in self.settings:
+ if value is not None:
+ self.settings[name].value = value
+ self.settings[name].active = True
+ else:
+ self.settings[name] = Setting(True, name, value=value)
+
+ def unset(self, name):
+ """Make name unset (inactive).
+
+ name remains known if it was known before.
+ """
+ if name not in self.settings:
+ return
+ self.settings[name].active = False
+
+ def adapt(self, adapter):
+ """Run adapter on each known symbol and (de)activate it accordingly.
+
+ `adapter` must be a function that returns a boolean. It is called as
+ `adapter(name, active, section)` for each setting, where `active` is
+ `True` if `name` is set and `False` if `name` is known but unset,
+ and `section` is the name of the section containing `name`. If
+ `adapter` returns `True`, then set `name` (i.e. make it active),
+ otherwise unset `name` (i.e. make it known but inactive).
+ """
+ for setting in self.settings.values():
+ setting.active = adapter(setting.name, setting.active,
+ setting.section)
+
+def is_full_section(section):
+ """Is this section affected by "config.py full" and friends?"""
+ return section.endswith('support') or section.endswith('modules')
+
+def realfull_adapter(_name, active, section):
+ """Activate all symbols found in the system and feature sections."""
+ if not is_full_section(section):
+ return active
+ return True
+
+def include_in_full(name):
+ """Rules for symbols in the "full" configuration."""
+ if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name):
+ return True
+ if name in [
+ 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY',
+ 'MBEDTLS_DEPRECATED_REMOVED',
+ 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED',
+ 'MBEDTLS_ECP_RESTARTABLE',
+ 'MBEDTLS_HAVE_SSE2',
+ 'MBEDTLS_MEMORY_BACKTRACE',
+ 'MBEDTLS_MEMORY_BUFFER_ALLOC_C',
+ 'MBEDTLS_MEMORY_DEBUG',
+ 'MBEDTLS_NO_64BIT_MULTIPLICATION',
+ 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
+ 'MBEDTLS_NO_PLATFORM_ENTROPY',
+ 'MBEDTLS_NO_UDBL_DIVISION',
+ 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
+ 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER',
+ 'MBEDTLS_PSA_CRYPTO_SE_C',
+ 'MBEDTLS_PSA_CRYPTO_SPM',
+ 'MBEDTLS_PSA_INJECT_ENTROPY',
+ 'MBEDTLS_RSA_NO_CRT',
+ 'MBEDTLS_TEST_NULL_ENTROPY',
+ ]:
+ return False
+ if name.endswith('_ALT'):
+ return False
+ return True
+
+def full_adapter(name, active, section):
+ """Config adapter for "full"."""
+ if not is_full_section(section):
+ return active
+ return include_in_full(name)
+
+def keep_in_baremetal(name):
+ """Rules for symbols in the "baremetal" configuration."""
+ if name in [
+ 'MBEDTLS_DEPRECATED_WARNING',
+ 'MBEDTLS_ENTROPY_NV_SEED',
+ 'MBEDTLS_FS_IO',
+ 'MBEDTLS_HAVEGE_C',
+ 'MBEDTLS_HAVE_TIME',
+ 'MBEDTLS_HAVE_TIME_DATE',
+ 'MBEDTLS_PLATFORM_FPRINTF_ALT',
+ 'MBEDTLS_PLATFORM_TIME_ALT',
+ 'MBEDTLS_PSA_CRYPTO_SE_C',
+ 'MBEDTLS_PSA_CRYPTO_STORAGE_C',
+ 'MBEDTLS_PSA_ITS_FILE_C',
+ 'MBEDTLS_THREADING_C',
+ 'MBEDTLS_THREADING_PTHREAD',
+ 'MBEDTLS_TIMING_C',
+ ]:
+ return False
+ return True
+
+def baremetal_adapter(name, active, section):
+ """Config adapter for "baremetal"."""
+ if not is_full_section(section):
+ return active
+ if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
+ return True
+ return include_in_full(name) and keep_in_baremetal(name)
+
+class ConfigFile(Config):
+ """Representation of the Mbed TLS configuration read for a file.
+
+ See the documentation of the `Config` class for methods to query
+ and modify the configuration.
+ """
+
+ _path_in_tree = 'include/mbedtls/config.h'
+ default_path = [_path_in_tree,
+ os.path.join(os.path.dirname(__file__),
+ os.pardir,
+ _path_in_tree),
+ os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))),
+ _path_in_tree)]
+
+ def __init__(self, filename=None):
+ """Read the Mbed TLS configuration file."""
+ if filename is None:
+ for filename in self.default_path:
+ if os.path.lexists(filename):
+ break
+ super().__init__()
+ self.filename = filename
+ self.current_section = 'header'
+ with open(filename, 'r', encoding='utf-8') as file:
+ self.templates = [self._parse_line(line) for line in file]
+ self.current_section = None
+
+ def set(self, name, value=None):
+ if name not in self.settings:
+ self.templates.append((name, '', '#define ' + name + ' '))
+ super().set(name, value)
+
+ _define_line_regexp = (r'(?P<indentation>\s*)' +
+ r'(?P<commented_out>(//\s*)?)' +
+ r'(?P<define>#\s*define\s+)' +
+ r'(?P<name>\w+)' +
+ r'(?P<arguments>(?:\((?:\w|\s|,)*\))?)' +
+ r'(?P<separator>\s*)' +
+ r'(?P<value>.*)')
+ _section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' +
+ r'(?P<section>.*)[ */]*')
+ _config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
+ _section_line_regexp]))
+ def _parse_line(self, line):
+ """Parse a line in config.h and return the corresponding template."""
+ line = line.rstrip('\r\n')
+ m = re.match(self._config_line_regexp, line)
+ if m is None:
+ return line
+ elif m.group('section'):
+ self.current_section = m.group('section')
+ return line
+ else:
+ active = not m.group('commented_out')
+ name = m.group('name')
+ value = m.group('value')
+ template = (name,
+ m.group('indentation'),
+ m.group('define') + name +
+ m.group('arguments') + m.group('separator'))
+ self.settings[name] = Setting(active, name, value,
+ self.current_section)
+ return template
+
+ def _format_template(self, name, indent, middle):
+ """Build a line for config.h for the given setting.
+
+ The line has the form "<indent>#define <name> <value>"
+ where <middle> is "#define <name> ".
+ """
+ setting = self.settings[name]
+ value = setting.value
+ if value is None:
+ value = ''
+ # Normally the whitespace to separte the symbol name from the
+ # value is part of middle, and there's no whitespace for a symbol
+ # with no value. But if a symbol has been changed from having a
+ # value to not having one, the whitespace is wrong, so fix it.
+ if value:
+ if middle[-1] not in '\t ':
+ middle += ' '
+ else:
+ middle = middle.rstrip()
+ return ''.join([indent,
+ '' if setting.active else '//',
+ middle,
+ value]).rstrip()
+
+ def write_to_stream(self, output):
+ """Write the whole configuration to output."""
+ for template in self.templates:
+ if isinstance(template, str):
+ line = template
+ else:
+ line = self._format_template(*template)
+ output.write(line + '\n')
+
+ def write(self, filename=None):
+ """Write the whole configuration to the file it was read from.
+
+ If filename is specified, write to this file instead.
+ """
+ if filename is None:
+ filename = self.filename
+ with open(filename, 'w', encoding='utf-8') as output:
+ self.write_to_stream(output)
+
+if __name__ == '__main__':
+ def main():
+ """Command line config.h manipulation tool."""
+ parser = argparse.ArgumentParser(description="""
+ Mbed TLS and Mbed Crypto configuration file manipulation tool.
+ """)
+ parser.add_argument('--file', '-f',
+ help="""File to read (and modify if requested).
+ Default: {}.
+ """.format(ConfigFile.default_path))
+ parser.add_argument('--force', '-o',
+ action='store_true',
+ help="""For the set command, if SYMBOL is not
+ present, add a definition for it.""")
+ parser.add_argument('--write', '-w', metavar='FILE',
+ help="""File to write to instead of the input file.""")
+ subparsers = parser.add_subparsers(dest='command',
+ title='Commands')
+ parser_get = subparsers.add_parser('get',
+ help="""Find the value of SYMBOL
+ and print it. Exit with
+ status 0 if a #define for SYMBOL is
+ found, 1 otherwise.
+ """)
+ parser_get.add_argument('symbol', metavar='SYMBOL')
+ parser_set = subparsers.add_parser('set',
+ help="""Set SYMBOL to VALUE.
+ If VALUE is omitted, just uncomment
+ the #define for SYMBOL.
+ Error out of a line defining
+ SYMBOL (commented or not) is not
+ found, unless --force is passed.
+ """)
+ parser_set.add_argument('symbol', metavar='SYMBOL')
+ parser_set.add_argument('value', metavar='VALUE', nargs='?',
+ default='')
+ parser_unset = subparsers.add_parser('unset',
+ help="""Comment out the #define
+ for SYMBOL. Do nothing if none
+ is present.""")
+ parser_unset.add_argument('symbol', metavar='SYMBOL')
+
+ def add_adapter(name, function, description):
+ subparser = subparsers.add_parser(name, help=description)
+ subparser.set_defaults(adapter=function)
+ add_adapter('baremetal', baremetal_adapter,
+ """Like full, but exclude features that require platform
+ features such as file input-output.""")
+ add_adapter('full', full_adapter,
+ """Uncomment most features.
+ Exclude alternative implementations and platform support
+ options, as well as some options that are awkward to test.
+ """)
+ add_adapter('realfull', realfull_adapter,
+ """Uncomment all boolean #defines.
+ Suitable for generating documentation, but not for building.""")
+
+ args = parser.parse_args()
+ config = ConfigFile(args.file)
+ if args.command is None:
+ parser.print_help()
+ return 1
+ elif args.command == 'get':
+ if args.symbol in config:
+ value = config[args.symbol]
+ if value:
+ sys.stdout.write(value + '\n')
+ return args.symbol not in config
+ elif args.command == 'set':
+ if not args.force and args.symbol not in config.settings:
+ sys.stderr.write("A #define for the symbol {} "
+ "was not found in {}\n"
+ .format(args.symbol, config.filename))
+ return 1
+ config.set(args.symbol, value=args.value)
+ elif args.command == 'unset':
+ config.unset(args.symbol)
+ else:
+ config.adapt(args.adapter)
+ config.write(args.write)
+
+ # Import modules only used by main only if main is defined and called.
+ # pylint: disable=wrong-import-position
+ import argparse
+ import sys
+ sys.exit(main())
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 94a04cf..69777a6 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -59,8 +59,8 @@
for F in 0 1; do
for W in 2 3 4 5 6; do
- scripts/config.pl set MBEDTLS_ECP_WINDOW_SIZE $W
- scripts/config.pl set MBEDTLS_ECP_FIXED_POINT_OPTIM $F
+ scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W
+ scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F
make benchmark >/dev/null 2>&1
echo "fixed point optim = $F, max window size = $W"
echo "--------------------------------------------"
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 697972f..6cabcb9 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -62,9 +62,9 @@
fi
{
- scripts/config.pl unset MBEDTLS_TIMING_C || true
- scripts/config.pl unset MBEDTLS_FS_IO || true
- scripts/config.pl --force set MBEDTLS_NO_PLATFORM_ENTROPY || true
+ scripts/config.py unset MBEDTLS_TIMING_C || true
+ scripts/config.py unset MBEDTLS_FS_IO || true
+ scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY || true
} >/dev/null 2>&1
make clean >/dev/null
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index bcf462f..3b923a3 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -9,9 +9,9 @@
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
-find_package(Perl)
-if(NOT PERL_FOUND)
- message(FATAL_ERROR "Cannot build test suites without Perl")
+find_package(PythonInterp)
+if(NOT PYTHONINTERP_FOUND)
+ message(FATAL_ERROR "Cannot build test suites without Python 2 or 3")
endif()
# Enable definition of various functions used throughout the testsuite
diff --git a/tests/data_files/ec_256_long_prv.pem b/tests/data_files/ec_256_long_prv.pem
new file mode 100644
index 0000000..5141e30
--- /dev/null
+++ b/tests/data_files/ec_256_long_prv.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIcex4mqXsQamUKTVf8vXmTAJrQvGjh5mXG8p9+OR4xAoAoGCCqGSM49
+AwEHoUQDQgAEqJ2HQjPpc6fDwE/vSa6U35USXawkTo98y4U6NsAl+rOGuqMPEFXf
+P1Srm/Jrzwa/RuppRL5kgyAsGJTUmwZEzQ==
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_521_short_prv.pem b/tests/data_files/ec_521_short_prv.pem
new file mode 100644
index 0000000..427b7ad
--- /dev/null
+++ b/tests/data_files/ec_521_short_prv.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAOXdk7W+Hf5L7Hc9fKe44wmpaRNs5ERFTkv5CrlXv/Bu3y28M673q
+vBNo7a/UE/6NNQHu2pQODEYFpMg6R34b5SigBwYFK4EEACOhgYkDgYYABAFUMHXV
+KPA4vkMgq+pFgDoH96XoM517gF2GJFV6h2gLhykzIHL/otAyEpAStw7MBvbU0V21
+ixB+hjqzO7Snxaj9mwB8g87OKxm5eGfsqvJNPdJ0RZ/EKy06Ukg6KThlhQeyrtIk
+g5PTCrPnNszlffAy6/jCOe3Moi59g15H13sSzwfX6g==
+-----END EC PRIVATE KEY-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d4cb011..2567cc0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -112,9 +112,15 @@
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
+ append_outcome=0
FORCE=0
KEEP_GOING=0
+ : ${MBEDTLS_TEST_OUTCOME_FILE=}
+ : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+ export MBEDTLS_TEST_OUTCOME_FILE
+ export MBEDTLS_TEST_PLATFORM
+
# Default commands, can be overridden by the environment
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
@@ -128,6 +134,9 @@
# Include more verbose output for failing tests run by CMake
export CTEST_OUTPUT_ON_FAILURE=1
+ # CFLAGS and LDFLAGS for Asan builds that don't use CMake
+ ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
+
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
# Parse the script with sed, because in sh there is no way to list
@@ -180,14 +189,18 @@
-f|--force Force the tests to overwrite any modified files.
-k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests.
+ --append-outcome Append to the outcome file (if used).
--armcc Run ARM Compiler builds (on by default).
--except Exclude the COMPONENTs listed on the command line,
instead of running only those.
+ --no-append-outcome Write a new outcome file and analyze it (default).
--no-armcc Skip ARM Compiler builds.
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
+ --outcome-file=<path> File where test outcomes are written (not done if
+ empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
--random-seed Use a random seed value for randomized tests (default).
-r|--release-test Run this script in release mode. This fixes the seed value to 1.
-s|--seed Integer seed value to use for this test run.
@@ -306,6 +319,7 @@
# all.sh will still run and work properly.
while [ $# -gt 0 ]; do
case "$1" in
+ --append-outcome) append_outcome=1;;
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
@@ -320,6 +334,7 @@
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
--memory|-m) ;;
+ --no-append-outcome) append_outcome=0;;
--no-armcc) no_armcc=1;;
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
@@ -327,6 +342,7 @@
--openssl) shift;;
--openssl-legacy) shift;;
--openssl-next) shift;;
+ --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
--random-seed) ;;
--release-test|-r) ;;
@@ -461,9 +477,19 @@
! "$@"
}
+pre_prepare_outcome_file () {
+ case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
+ esac
+ if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
+ rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
+ fi
+}
+
pre_print_configuration () {
msg "info: $0 configuration"
echo "FORCE: $FORCE"
+ echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
@@ -525,32 +551,37 @@
# Indicative running times are given for reference.
component_check_recursion () {
- msg "test: recursion.pl" # < 1s
+ msg "Check: recursion.pl" # < 1s
record_status tests/scripts/recursion.pl library/*.c
}
component_check_generated_files () {
- msg "test: freshness of generated source files" # < 1s
+ msg "Check: freshness of generated source files" # < 1s
record_status tests/scripts/check-generated-files.sh
}
component_check_doxy_blocks () {
- msg "test: doxygen markup outside doxygen blocks" # < 1s
+ msg "Check: doxygen markup outside doxygen blocks" # < 1s
record_status tests/scripts/check-doxy-blocks.pl
}
component_check_files () {
- msg "test: check-files.py" # < 1s
+ msg "Check: file sanity checks (permissions, encodings)" # < 1s
record_status tests/scripts/check-files.py
}
component_check_names () {
- msg "test/build: declared and exported names" # < 3s
+ msg "Check: declared and exported names (builds the library)" # < 3s
record_status tests/scripts/check-names.sh -v
}
+component_check_test_cases () {
+ msg "Check: test case descriptions" # < 1s
+ record_status tests/scripts/check-test-cases.py
+}
+
component_check_doxygen_warnings () {
- msg "test: doxygen warnings" # ~ 3s
+ msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
record_status tests/scripts/doxygen.sh
}
@@ -562,12 +593,18 @@
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make
+ # Disable fancy stuff
+ SAVE_MBEDTLS_TEST_OUTCOME_FILE="$MBEDTLS_TEST_OUTCOME_FILE"
+ unset MBEDTLS_TEST_OUTCOME_FILE
msg "test: main suites make, default config (out-of-box)" # ~10s
make test
msg "selftest: make, default config (out-of-box)" # ~10s
programs/test/selftest
+
+ export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE"
+ unset SAVE_MBEDTLS_TEST_OUTCOME_FILE
}
component_test_default_cmake_gcc_asan () {
@@ -579,6 +616,16 @@
make test
}
+component_test_full_cmake_gcc_asan () {
+ msg "build: full config, cmake, gcc, ASan"
+ scripts/config.py full
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: main suites (inc. selftests) (full config, ASan build)"
+ make test
+}
+
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -587,10 +634,10 @@
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
- scripts/config.pl unset MBEDTLS_PEM_PARSE_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
+ scripts/config.py unset MBEDTLS_PEM_PARSE_C
+ scripts/config.py unset MBEDTLS_FS_IO
+ scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -600,7 +647,7 @@
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
- scripts/config.pl set MBEDTLS_RSA_NO_CRT
+ scripts/config.py set MBEDTLS_RSA_NO_CRT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -610,7 +657,7 @@
component_test_new_ecdh_context () {
msg "build: new ECDH context (ASan build)" # ~ 6 min
- scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
+ scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -620,8 +667,8 @@
component_test_everest () {
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
- scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
- scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+ scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
+ scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -631,8 +678,7 @@
component_test_psa_collect_statuses () {
msg "build+test: psa_collect_statuses" # ~30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and irrelevant
+ scripts/config.py full
record_status tests/scripts/psa_collect_statuses.py
# Check that psa_crypto_init() succeeded at least once
record_status grep -q '^0:psa_crypto_init:' tests/statuses.log
@@ -641,8 +687,7 @@
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.py full
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
make
@@ -655,8 +700,7 @@
component_test_full_make_gcc_o0 () {
msg "build: make, full config, gcc -O0" # ~ 50s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.py full
make CC=gcc CFLAGS='-O0'
msg "test: main suites (full config, gcc -O0)" # ~ 5s
@@ -665,8 +709,8 @@
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
- scripts/config.pl full
- scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_DEPRECATED_WARNING
# Build with -O -Wextra to catch a maximum of issues.
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
@@ -674,8 +718,8 @@
msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
# No cleanup, just tweak the configuration and rebuild
make clean
- scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
- scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
+ scripts/config.py unset MBEDTLS_DEPRECATED_WARNING
+ scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
# Build with -O -Wextra to catch a maximum of issues.
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
@@ -709,14 +753,13 @@
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
- msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
- scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -726,10 +769,9 @@
component_test_check_params_functionality () {
msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
- scripts/config.pl full # includes CHECK_PARAMS
+ scripts/config.py full # includes CHECK_PARAMS
# Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
- scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT
# Only build and run tests. Do not build sample programs, because
# they don't have a mbedtls_param_failed() function.
make CC=gcc CFLAGS='-Werror -O1' lib test
@@ -737,25 +779,22 @@
component_test_check_params_without_platform () {
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
- scripts/config.pl full # includes CHECK_PARAMS
+ scripts/config.py full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
- scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl unset MBEDTLS_PLATFORM_C
+ scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py unset MBEDTLS_PLATFORM_C
make CC=gcc CFLAGS='-Werror -O1' all test
}
component_test_check_params_silent () {
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
- scripts/config.pl full # includes CHECK_PARAMS
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.py full # includes CHECK_PARAMS
# Set MBEDTLS_PARAM_FAILED to nothing.
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
@@ -766,20 +805,19 @@
# This should catch missing mbedtls_printf definitions, and by disabling file
# IO, it should catch missing '#include <stdio.h>'
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_PLATFORM_C
- scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
- scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
- scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl unset MBEDTLS_FS_IO
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
- scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_PLATFORM_C
+ scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py unset MBEDTLS_FS_IO
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@@ -789,20 +827,20 @@
component_build_no_std_function () {
# catch compile bugs in _uninit functions
msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
- scripts/config.pl full
- scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_test_null_entropy () {
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
- scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
- scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- scripts/config.pl set MBEDTLS_ENTROPY_C
- scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
- scripts/config.pl unset MBEDTLS_HAVEGE_C
+ scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY
+ scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ scripts/config.py set MBEDTLS_ENTROPY_C
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
+ scripts/config.py unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
make
@@ -812,9 +850,9 @@
component_test_platform_calloc_macro () {
msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
- scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
- scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
- scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
+ scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -824,9 +862,8 @@
component_test_malloc_0_null () {
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' -O -Werror -Wall -Wextra -fsanitize=address,undefined" LDFLAGS='-fsanitize=address,undefined'
+ scripts/config.py full
+ make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
make test
@@ -837,9 +874,33 @@
if_build_succeeded programs/test/selftest calloc
}
+component_test_memory_buffer_allocator_backtrace () {
+ msg "build: default config with memory buffer allocator and backtrace enabled"
+ scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
+ scripts/config.py set MBEDTLS_MEMORY_DEBUG
+ CC=gcc cmake .
+ make
+
+ msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
+ make test
+}
+
+component_test_memory_buffer_allocator () {
+ msg "build: default config with memory buffer allocator"
+ scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ CC=gcc cmake .
+ make
+
+ msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
+ make test
+}
+
component_test_aes_fewer_tables () {
msg "build: default config with AES_FEWER_TABLES enabled"
- scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
+ scripts/config.py set MBEDTLS_AES_FEWER_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES"
@@ -848,7 +909,7 @@
component_test_aes_rom_tables () {
msg "build: default config with AES_ROM_TABLES enabled"
- scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+ scripts/config.py set MBEDTLS_AES_ROM_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_ROM_TABLES"
@@ -857,8 +918,8 @@
component_test_aes_fewer_tables_and_rom_tables () {
msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
- scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
- scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+ scripts/config.py set MBEDTLS_AES_FEWER_TABLES
+ scripts/config.py set MBEDTLS_AES_ROM_TABLES
make CC=gcc CFLAGS='-Werror -Wall -Wextra'
msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
@@ -867,8 +928,8 @@
component_test_se_default () {
msg "build: default config + MBEDTLS_PSA_CRYPTO_SE_C"
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
- make CC=clang CFLAGS='-Werror -Wall -Wextra -Wno-unused-function -Os -fsanitize=address' LDFLAGS='-fsanitize=address'
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
+ make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS"
msg "test: default config + MBEDTLS_PSA_CRYPTO_SE_C"
make test
@@ -876,8 +937,9 @@
component_test_se_full () {
msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_SE_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O2 -fsanitize=address' LDFLAGS='-fsanitize=address'
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: full config + MBEDTLS_PSA_CRYPTO_SE_C"
make test
@@ -885,7 +947,7 @@
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
- make SHARED=1 all check -j1
+ make SHARED=1 all check
ldd programs/util/strerror | grep libmbedcrypto
}
@@ -901,7 +963,7 @@
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
# Use the full config so as to catch a maximum of places where
# the check of MBEDTLS_CONFIG_FILE might be missing.
- scripts/config.pl full
+ scripts/config.py full
sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
@@ -911,8 +973,8 @@
component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
- scripts/config.pl full
- make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
+ scripts/config.py full
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, make, gcc -O0 (ASan build)"
make test
@@ -927,11 +989,8 @@
component_test_m32_o1 () {
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
- make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
+ scripts/config.py full
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, make, gcc -O1 (ASan build)"
make test
@@ -942,9 +1001,9 @@
component_test_m32_everest () {
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
- scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
- scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
- make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -m32 -fsanitize=address'
+ scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
+ scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
@@ -955,7 +1014,7 @@
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
- scripts/config.pl full
+ scripts/config.py full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
msg "test: 64-bit ILP32, make, gcc"
@@ -970,7 +1029,7 @@
component_test_min_mpi_window_size () {
msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
- scripts/config.pl set MBEDTLS_MPI_WINDOW_SIZE 1
+ scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -980,9 +1039,9 @@
component_test_have_int32 () {
msg "build: gcc, force 32-bit bignum limbs"
- scripts/config.pl unset MBEDTLS_HAVE_ASM
- scripts/config.pl unset MBEDTLS_AESNI_C
- scripts/config.pl unset MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_HAVE_ASM
+ scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_PADLOCK_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
msg "test: gcc, force 32-bit bignum limbs"
@@ -991,9 +1050,9 @@
component_test_have_int64 () {
msg "build: gcc, force 64-bit bignum limbs"
- scripts/config.pl unset MBEDTLS_HAVE_ASM
- scripts/config.pl unset MBEDTLS_AESNI_C
- scripts/config.pl unset MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_HAVE_ASM
+ scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_PADLOCK_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
msg "test: gcc, force 64-bit bignum limbs"
@@ -1002,9 +1061,8 @@
component_test_no_udbl_division () {
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
make CFLAGS='-Werror -O1'
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
@@ -1013,9 +1071,8 @@
component_test_no_64bit_multiplication () {
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
- scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
- scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
make CFLAGS='-Werror -O1'
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
@@ -1024,13 +1081,13 @@
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
- scripts/config.pl baremetal
+ scripts/config.py baremetal
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
component_build_arm_none_eabi_gcc_arm5vte () {
msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
- scripts/config.pl baremetal
+ scripts/config.py baremetal
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
@@ -1041,8 +1098,8 @@
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
- scripts/config.pl baremetal
- scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+ scripts/config.py baremetal
+ scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
@@ -1050,8 +1107,8 @@
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
- scripts/config.pl baremetal
- scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+ scripts/config.py baremetal
+ scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
@@ -1059,7 +1116,7 @@
component_build_armcc () {
msg "build: ARM Compiler 5, make"
- scripts/config.pl baremetal
+ scripts/config.py baremetal
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
make clean
@@ -1082,15 +1139,15 @@
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
# note Make tests only builds the tests, but doesn't run them
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
@@ -1102,7 +1159,7 @@
component_test_memsan () {
msg "build: MSan (clang)" # ~ 1 min 20s
- scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm
+ scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
@@ -1214,6 +1271,7 @@
# The cleanup function will restore it.
cp -p "$CONFIG_H" "$CONFIG_BAK"
current_component="$1"
+ export MBEDTLS_TEST_CONFIGURATION="$current_component"
"$@"
cleanup
}
@@ -1234,6 +1292,7 @@
"$@"
}
fi
+pre_prepare_outcome_file
pre_print_configuration
pre_check_tools
cleanup
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 54ca934..7ed0372 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -46,8 +46,8 @@
export LDFLAGS=' --coverage'
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+scripts/config.py full
+scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE
make -j
diff --git a/tests/scripts/check-test-cases.py b/tests/scripts/check-test-cases.py
new file mode 100755
index 0000000..87a35e4
--- /dev/null
+++ b/tests/scripts/check-test-cases.py
@@ -0,0 +1,123 @@
+#!/usr/bin/env python3
+
+"""Sanity checks for test data.
+"""
+
+# Copyright (C) 2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+import glob
+import os
+import re
+import sys
+
+class Results:
+ def __init__(self):
+ self.errors = 0
+ self.warnings = 0
+
+ def error(self, file_name, line_number, fmt, *args):
+ sys.stderr.write(('{}:{}:ERROR:' + fmt + '\n').
+ format(file_name, line_number, *args))
+ self.errors += 1
+
+ def warning(self, file_name, line_number, fmt, *args):
+ sys.stderr.write(('{}:{}:Warning:' + fmt + '\n')
+ .format(file_name, line_number, *args))
+ self.warnings += 1
+
+def collect_test_directories():
+ if os.path.isdir('tests'):
+ tests_dir = 'tests'
+ elif os.path.isdir('suites'):
+ tests_dir = '.'
+ elif os.path.isdir('../suites'):
+ tests_dir = '..'
+ directories = [tests_dir]
+ crypto_tests_dir = os.path.normpath(os.path.join(tests_dir,
+ '../crypto/tests'))
+ if os.path.isdir(crypto_tests_dir):
+ directories.append(crypto_tests_dir)
+ return directories
+
+def check_description(results, seen, file_name, line_number, description):
+ if description in seen:
+ results.error(file_name, line_number,
+ 'Duplicate description (also line {})',
+ seen[description])
+ return
+ if re.search(br'[\t;]', description):
+ results.error(file_name, line_number,
+ 'Forbidden character \'{}\' in description',
+ re.search(br'[\t;]', description).group(0).decode('ascii'))
+ if re.search(br'[^ -~]', description):
+ results.error(file_name, line_number,
+ 'Non-ASCII character in description')
+ if len(description) > 66:
+ results.warning(file_name, line_number,
+ 'Test description too long ({} > 66)',
+ len(description))
+ seen[description] = line_number
+
+def check_test_suite(results, data_file_name):
+ in_paragraph = False
+ descriptions = {}
+ with open(data_file_name, 'rb') as data_file:
+ for line_number, line in enumerate(data_file, 1):
+ line = line.rstrip(b'\r\n')
+ if not line:
+ in_paragraph = False
+ continue
+ if line.startswith(b'#'):
+ continue
+ if not in_paragraph:
+ # This is a test case description line.
+ check_description(results, descriptions,
+ data_file_name, line_number, line)
+ in_paragraph = True
+
+def check_ssl_opt_sh(results, file_name):
+ descriptions = {}
+ with open(file_name, 'rb') as file_contents:
+ for line_number, line in enumerate(file_contents, 1):
+ # Assume that all run_test calls have the same simple form
+ # with the test description entirely on the same line as the
+ # function name.
+ m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line)
+ if not m:
+ continue
+ description = m.group(1)
+ check_description(results, descriptions,
+ file_name, line_number, description)
+
+def main():
+ test_directories = collect_test_directories()
+ results = Results()
+ for directory in test_directories:
+ for data_file_name in glob.glob(os.path.join(directory, 'suites',
+ '*.data')):
+ check_test_suite(results, data_file_name)
+ ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh')
+ if os.path.exists(ssl_opt_sh):
+ check_ssl_opt_sh(results, ssl_opt_sh)
+ if results.warnings or results.errors:
+ sys.stderr.write('{}: {} errors, {} warnings\n'
+ .format(sys.argv[0], results.errors, results.warnings))
+ sys.exit(1 if results.errors else 0)
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 4791d55..8119a46 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -46,13 +46,14 @@
system( "make clean" ) and die;
# depends on a specific curve. Also, ignore error if it wasn't enabled
- system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
+ system( "scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
print "\n******************************************\n";
print "* Testing without curve: $curve\n";
print "******************************************\n";
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$curve";
- system( "scripts/config.pl unset $curve" )
+ system( "scripts/config.py unset $curve" )
and abort "Failed to disable $curve\n";
system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index f57e7ed..7cb41b5 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -57,12 +57,13 @@
print "\n******************************************\n";
print "* Testing without hash: $hash\n";
print "******************************************\n";
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$hash";
- system( "scripts/config.pl unset $hash" )
+ system( "scripts/config.py unset $hash" )
and abort "Failed to disable $hash\n";
for my $opt (@ssl) {
- system( "scripts/config.pl unset $opt" )
+ system( "scripts/config.py unset $opt" )
and abort "Failed to disable $opt\n";
}
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 72c7f41..7fbd6d7 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -59,11 +59,12 @@
print "\n******************************************\n";
print "* Testing without alg: $alg\n";
print "******************************************\n";
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$alg";
- system( "scripts/config.pl unset $alg" )
+ system( "scripts/config.py unset $alg" )
and abort "Failed to disable $alg\n";
for my $opt (@$extras) {
- system( "scripts/config.pl unset $opt" )
+ system( "scripts/config.py unset $opt" )
and abort "Failed to disable $opt\n";
}
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index 6ecc199..1c348a7 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -13,7 +13,7 @@
fi
cp include/mbedtls/config.h include/mbedtls/config.h.bak
-scripts/config.pl full
+scripts/config.py full
make clean
make_ret=
CFLAGS=-fno-asynchronous-unwind-tables make lib \
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 1c9dc1d..d06badd 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -93,7 +93,7 @@
$suite_cases_failed = () = $result =~ /.. FAILED/g;
$suite_cases_skipped = () = $result =~ /.. ----/g;
- if( $result =~ /PASSED/ ) {
+ if( $? == 0 ) {
print "PASS\n";
if( $verbose > 2 ) {
pad_print_center( 72, '-', "Begin $suite" );
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 09baebb..b29d0dd 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -17,6 +17,8 @@
use strict;
my %configs = (
+ 'config-symmetric-only.h' => {
+ },
'config-suite-b.h' => {
},
);
@@ -48,6 +50,15 @@
exit 1;
}
+# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
+# For test purposes, this doesn't have to be cryptographically random.
+if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
+ local *SEEDFILE;
+ open SEEDFILE, ">tests/seedfile" or die;
+ print SEEDFILE "*" x 64 or die;
+ close SEEDFILE or die;
+}
+
while( my ($conf, $data) = each %configs ) {
system( "cp $config_h.bak $config_h" ) and die;
system( "make clean" ) and die;
@@ -55,6 +66,7 @@
print "\n******************************************\n";
print "* Testing configuration: $conf\n";
print "******************************************\n";
+ $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf;
system( "cp configs/$conf $config_h" )
and abort "Failed to activate $conf\n";
diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py
new file mode 100755
index 0000000..40ed9fd
--- /dev/null
+++ b/tests/scripts/test_config_script.py
@@ -0,0 +1,187 @@
+#!/usr/bin/env python3
+
+"""Test helper for the Mbed TLS configuration file tool
+
+Run config.py with various parameters and write the results to files.
+
+This is a harness to help regression testing, not a functional tester.
+Sample usage:
+
+ test_config_script.py -d old
+ ## Modify config.py and/or config.h ##
+ test_config_script.py -d new
+ diff -ru old new
+"""
+
+## Copyright (C) 2019, ARM Limited, All Rights Reserved
+## SPDX-License-Identifier: Apache-2.0
+##
+## Licensed under the Apache License, Version 2.0 (the "License"); you may
+## not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## This file is part of Mbed TLS (https://tls.mbed.org)
+
+import argparse
+import glob
+import os
+import re
+import shutil
+import subprocess
+
+OUTPUT_FILE_PREFIX = 'config-'
+
+def output_file_name(directory, stem, extension):
+ return os.path.join(directory,
+ '{}{}.{}'.format(OUTPUT_FILE_PREFIX,
+ stem, extension))
+
+def cleanup_directory(directory):
+ """Remove old output files."""
+ for extension in []:
+ pattern = output_file_name(directory, '*', extension)
+ filenames = glob.glob(pattern)
+ for filename in filenames:
+ os.remove(filename)
+
+def prepare_directory(directory):
+ """Create the output directory if it doesn't exist yet.
+
+ If there are old output files, remove them.
+ """
+ if os.path.exists(directory):
+ cleanup_directory(directory)
+ else:
+ os.makedirs(directory)
+
+def guess_presets_from_help(help_text):
+ """Figure out what presets the script supports.
+
+ help_text should be the output from running the script with --help.
+ """
+ # Try the output format from config.py
+ hits = re.findall(r'\{([-\w,]+)\}', help_text)
+ for hit in hits:
+ words = set(hit.split(','))
+ if 'get' in words and 'set' in words and 'unset' in words:
+ words.remove('get')
+ words.remove('set')
+ words.remove('unset')
+ return words
+ # Try the output format from config.pl
+ hits = re.findall(r'\n +([-\w]+) +- ', help_text)
+ if hits:
+ return hits
+ raise Exception("Unable to figure out supported presets. Pass the '-p' option.")
+
+def list_presets(options):
+ """Return the list of presets to test.
+
+ The list is taken from the command line if present, otherwise it is
+ extracted from running the config script with --help.
+ """
+ if options.presets:
+ return re.split(r'[ ,]+', options.presets)
+ else:
+ help_text = subprocess.run([options.script, '--help'],
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT).stdout
+ return guess_presets_from_help(help_text.decode('ascii'))
+
+def run_one(options, args, stem_prefix='', input_file=None):
+ """Run the config script with the given arguments.
+
+ Take the original content from input_file if specified, defaulting
+ to options.input_file if input_file is None.
+
+ Write the following files, where xxx contains stem_prefix followed by
+ a filename-friendly encoding of args:
+ * config-xxx.h: modified file.
+ * config-xxx.out: standard output.
+ * config-xxx.err: standard output.
+ * config-xxx.status: exit code.
+
+ Return ("xxx+", "path/to/config-xxx.h") which can be used as
+ stem_prefix and input_file to call this function again with new args.
+ """
+ if input_file is None:
+ input_file = options.input_file
+ stem = stem_prefix + '-'.join(args)
+ data_filename = output_file_name(options.output_directory, stem, 'h')
+ stdout_filename = output_file_name(options.output_directory, stem, 'out')
+ stderr_filename = output_file_name(options.output_directory, stem, 'err')
+ status_filename = output_file_name(options.output_directory, stem, 'status')
+ shutil.copy(input_file, data_filename)
+ # Pass only the file basename, not the full path, to avoid getting the
+ # directory name in error messages, which would make comparisons
+ # between output directories more difficult.
+ cmd = [os.path.abspath(options.script),
+ '-f', os.path.basename(data_filename)]
+ with open(stdout_filename, 'wb') as out:
+ with open(stderr_filename, 'wb') as err:
+ status = subprocess.call(cmd + args,
+ cwd=options.output_directory,
+ stdin=subprocess.DEVNULL,
+ stdout=out, stderr=err)
+ with open(status_filename, 'w') as status_file:
+ status_file.write('{}\n'.format(status))
+ return stem + "+", data_filename
+
+### A list of symbols to test with.
+### This script currently tests what happens when you change a symbol from
+### having a value to not having a value or vice versa. This is not
+### necessarily useful behavior, and we may not consider it a bug if
+### config.py stops handling that case correctly.
+TEST_SYMBOLS = [
+ 'CUSTOM_SYMBOL', # does not exist
+ 'MBEDTLS_AES_C', # set, no value
+ 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value
+ 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support"
+ 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options"
+]
+
+def run_all(options):
+ """Run all the command lines to test."""
+ presets = list_presets(options)
+ for preset in presets:
+ run_one(options, [preset])
+ for symbol in TEST_SYMBOLS:
+ run_one(options, ['get', symbol])
+ (stem, filename) = run_one(options, ['set', symbol])
+ run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename)
+ run_one(options, ['--force', 'set', symbol])
+ (stem, filename) = run_one(options, ['set', symbol, 'value'])
+ run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename)
+ run_one(options, ['--force', 'set', symbol, 'value'])
+ run_one(options, ['unset', symbol])
+
+def main():
+ """Command line entry point."""
+ parser = argparse.ArgumentParser(description=__doc__,
+ formatter_class=argparse.RawDescriptionHelpFormatter)
+ parser.add_argument('-d', metavar='DIR',
+ dest='output_directory', required=True,
+ help="""Output directory.""")
+ parser.add_argument('-f', metavar='FILE',
+ dest='input_file', default='include/mbedtls/config.h',
+ help="""Config file (default: %(default)s).""")
+ parser.add_argument('-p', metavar='PRESET,...',
+ dest='presets',
+ help="""Presets to test (default: guessed from --help).""")
+ parser.add_argument('-s', metavar='FILE',
+ dest='script', default='scripts/config.py',
+ help="""Configuration script (default: %(default)s).""")
+ options = parser.parse_args()
+ prepare_directory(options.output_directory)
+ run_all(options)
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 724f8d9..8931987 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -8,6 +8,7 @@
"""
import argparse
+from collections import namedtuple
import itertools
import os
import platform
@@ -60,12 +61,15 @@
from exc_value
class Inputs:
+ # pylint: disable=too-many-instance-attributes
"""Accumulate information about macros to test.
+
This includes macro names as well as information about their arguments
when applicable.
"""
def __init__(self):
+ self.all_declared = set()
# Sets of names per type
self.statuses = set(['PSA_SUCCESS'])
self.algorithms = set(['0xffffffff'])
@@ -86,11 +90,30 @@
self.table_by_prefix = {
'ERROR': self.statuses,
'ALG': self.algorithms,
- 'CURVE': self.ecc_curves,
- 'GROUP': self.dh_groups,
+ 'ECC_CURVE': self.ecc_curves,
+ 'DH_GROUP': self.dh_groups,
'KEY_TYPE': self.key_types,
'KEY_USAGE': self.key_usage_flags,
}
+ # Test functions
+ self.table_by_test_function = {
+ # Any function ending in _algorithm also gets added to
+ # self.algorithms.
+ 'key_type': [self.key_types],
+ 'ecc_key_types': [self.ecc_curves],
+ 'dh_key_types': [self.dh_groups],
+ 'hash_algorithm': [self.hash_algorithms],
+ 'mac_algorithm': [self.mac_algorithms],
+ 'cipher_algorithm': [],
+ 'hmac_algorithm': [self.mac_algorithms],
+ 'aead_algorithm': [self.aead_algorithms],
+ 'key_derivation_algorithm': [self.kdf_algorithms],
+ 'key_agreement_algorithm': [self.ka_algorithms],
+ 'asymmetric_signature_algorithm': [],
+ 'asymmetric_signature_wildcard': [self.algorithms],
+ 'asymmetric_encryption_algorithm': [],
+ 'other_algorithm': [],
+ }
# macro name -> list of argument names
self.argspecs = {}
# argument name -> list of values
@@ -99,8 +122,20 @@
'tag_length': ['1', '63'],
}
+ def get_names(self, type_word):
+ """Return the set of known names of values of the given type."""
+ return {
+ 'status': self.statuses,
+ 'algorithm': self.algorithms,
+ 'ecc_curve': self.ecc_curves,
+ 'dh_group': self.dh_groups,
+ 'key_type': self.key_types,
+ 'key_usage': self.key_usage_flags,
+ }[type_word]
+
def gather_arguments(self):
"""Populate the list of values for macro arguments.
+
Call this after parsing all the inputs.
"""
self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
@@ -118,6 +153,7 @@
def distribute_arguments(self, name):
"""Generate macro calls with each tested argument set.
+
If name is a macro without arguments, just yield "name".
If name is a macro with arguments, yield a series of
"name(arg1,...,argN)" where each argument takes each possible
@@ -145,6 +181,9 @@
except BaseException as e:
raise Exception('distribute_arguments({})'.format(name)) from e
+ def generate_expressions(self, names):
+ return itertools.chain(*map(self.distribute_arguments, names))
+
_argument_split_re = re.compile(r' *, *')
@classmethod
def _argument_split(cls, arguments):
@@ -154,7 +193,7 @@
# Groups: 1=macro name, 2=type, 3=argument list (optional).
_header_line_re = \
re.compile(r'#define +' +
- r'(PSA_((?:KEY_)?[A-Z]+)_\w+)' +
+ r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
r'(?:\(([^\n()]*)\))?')
# Regex of macro names to exclude.
_excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
@@ -167,10 +206,6 @@
# Auxiliary macro whose name doesn't fit the usual patterns for
# auxiliary macros.
'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
- # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
- # currently doesn't support them.
- 'PSA_ALG_ECDH',
- 'PSA_ALG_FFDH',
# Deprecated aliases.
'PSA_ERROR_UNKNOWN_ERROR',
'PSA_ERROR_OCCUPIED_SLOT',
@@ -184,6 +219,7 @@
if not m:
return
name = m.group(1)
+ self.all_declared.add(name)
if re.search(self._excluded_name_re, name) or \
name in self._excluded_names:
return
@@ -200,26 +236,34 @@
for line in lines:
self.parse_header_line(line)
+ _macro_identifier_re = r'[A-Z]\w+'
+ def generate_undeclared_names(self, expr):
+ for name in re.findall(self._macro_identifier_re, expr):
+ if name not in self.all_declared:
+ yield name
+
+ def accept_test_case_line(self, function, argument):
+ #pylint: disable=unused-argument
+ undeclared = list(self.generate_undeclared_names(argument))
+ if undeclared:
+ raise Exception('Undeclared names in test case', undeclared)
+ return True
+
def add_test_case_line(self, function, argument):
"""Parse a test case data line, looking for algorithm metadata tests."""
+ sets = []
if function.endswith('_algorithm'):
- # As above, ECDH and FFDH algorithms are excluded for now.
- # Support for them will be added in the future.
- if 'ECDH' in argument or 'FFDH' in argument:
- return
- self.algorithms.add(argument)
- if function == 'hash_algorithm':
- self.hash_algorithms.add(argument)
- elif function in ['mac_algorithm', 'hmac_algorithm']:
- self.mac_algorithms.add(argument)
- elif function == 'aead_algorithm':
- self.aead_algorithms.add(argument)
- elif function == 'key_type':
- self.key_types.add(argument)
- elif function == 'ecc_key_types':
- self.ecc_curves.add(argument)
- elif function == 'dh_key_types':
- self.dh_groups.add(argument)
+ sets.append(self.algorithms)
+ if function == 'key_agreement_algorithm' and \
+ argument.startswith('PSA_ALG_KEY_AGREEMENT('):
+ # We only want *raw* key agreement algorithms as such, so
+ # exclude ones that are already chained with a KDF.
+ # Keep the expression as one to test as an algorithm.
+ function = 'other_algorithm'
+ sets += self.table_by_test_function[function]
+ if self.accept_test_case_line(function, argument):
+ for s in sets:
+ s.add(argument)
# Regex matching a *.data line containing a test function call and
# its arguments. The actual definition is partly positional, but this
@@ -233,9 +277,9 @@
if m:
self.add_test_case_line(m.group(1), m.group(2))
-def gather_inputs(headers, test_suites):
+def gather_inputs(headers, test_suites, inputs_class=Inputs):
"""Read the list of inputs to test psa_constant_names with."""
- inputs = Inputs()
+ inputs = inputs_class()
for header in headers:
inputs.parse_header(header)
for test_cases in test_suites:
@@ -252,8 +296,10 @@
except OSError:
pass
-def run_c(options, type_word, names):
- """Generate and run a program to print out numerical values for names."""
+def run_c(type_word, expressions, include_path=None, keep_c=False):
+ """Generate and run a program to print out numerical values for expressions."""
+ if include_path is None:
+ include_path = []
if type_word == 'status':
cast_to = 'long'
printf_format = '%ld'
@@ -278,18 +324,18 @@
int main(void)
{
''')
- for name in names:
+ for expr in expressions:
c_file.write(' printf("{}\\n", ({}) {});\n'
- .format(printf_format, cast_to, name))
+ .format(printf_format, cast_to, expr))
c_file.write(''' return 0;
}
''')
c_file.close()
cc = os.getenv('CC', 'cc')
subprocess.check_call([cc] +
- ['-I' + dir for dir in options.include] +
+ ['-I' + dir for dir in include_path] +
['-o', exe_name, c_name])
- if options.keep_c:
+ if keep_c:
sys.stderr.write('List of {} tests kept at {}\n'
.format(type_word, c_name))
else:
@@ -302,76 +348,101 @@
NORMALIZE_STRIP_RE = re.compile(r'\s+')
def normalize(expr):
"""Normalize the C expression so as not to care about trivial differences.
+
Currently "trivial differences" means whitespace.
"""
- expr = re.sub(NORMALIZE_STRIP_RE, '', expr, len(expr))
- return expr.strip().split('\n')
+ return re.sub(NORMALIZE_STRIP_RE, '', expr)
-def do_test(options, inputs, type_word, names):
- """Test psa_constant_names for the specified type.
- Run program on names.
- Use inputs to figure out what arguments to pass to macros that
- take arguments.
+def collect_values(inputs, type_word, include_path=None, keep_c=False):
+ """Generate expressions using known macro names and calculate their values.
+
+ Return a list of pairs of (expr, value) where expr is an expression and
+ value is a string representation of its integer value.
"""
- names = sorted(itertools.chain(*map(inputs.distribute_arguments, names)))
- values = run_c(options, type_word, names)
- output = subprocess.check_output([options.program, type_word] + values)
- outputs = output.decode('ascii').strip().split('\n')
- errors = [(type_word, name, value, output)
- for (name, value, output) in zip(names, values, outputs)
- if normalize(name) != normalize(output)]
- return len(names), errors
+ names = inputs.get_names(type_word)
+ expressions = sorted(inputs.generate_expressions(names))
+ values = run_c(type_word, expressions,
+ include_path=include_path, keep_c=keep_c)
+ return expressions, values
-def report_errors(errors):
- """Describe each case where the output is not as expected."""
- for type_word, name, value, output in errors:
- print('For {} "{}", got "{}" (value: {})'
- .format(type_word, name, output, value))
+class Tests:
+ """An object representing tests and their results."""
-def run_tests(options, inputs):
- """Run psa_constant_names on all the gathered inputs.
- Return a tuple (count, errors) where count is the total number of inputs
- that were tested and errors is the list of cases where the output was
- not as expected.
- """
- count = 0
- errors = []
- for type_word, names in [('status', inputs.statuses),
- ('algorithm', inputs.algorithms),
- ('ecc_curve', inputs.ecc_curves),
- ('dh_group', inputs.dh_groups),
- ('key_type', inputs.key_types),
- ('key_usage', inputs.key_usage_flags)]:
- c, e = do_test(options, inputs, type_word, names)
- count += c
- errors += e
- return count, errors
+ Error = namedtuple('Error',
+ ['type', 'expression', 'value', 'output'])
+
+ def __init__(self, options):
+ self.options = options
+ self.count = 0
+ self.errors = []
+
+ def run_one(self, inputs, type_word):
+ """Test psa_constant_names for the specified type.
+
+ Run the program on the names for this type.
+ Use the inputs to figure out what arguments to pass to macros that
+ take arguments.
+ """
+ expressions, values = collect_values(inputs, type_word,
+ include_path=self.options.include,
+ keep_c=self.options.keep_c)
+ output = subprocess.check_output([self.options.program, type_word] +
+ values)
+ outputs = output.decode('ascii').strip().split('\n')
+ self.count += len(expressions)
+ for expr, value, output in zip(expressions, values, outputs):
+ if normalize(expr) != normalize(output):
+ self.errors.append(self.Error(type=type_word,
+ expression=expr,
+ value=value,
+ output=output))
+
+ def run_all(self, inputs):
+ """Run psa_constant_names on all the gathered inputs."""
+ for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group',
+ 'key_type', 'key_usage']:
+ self.run_one(inputs, type_word)
+
+ def report(self, out):
+ """Describe each case where the output is not as expected.
+
+ Write the errors to ``out``.
+ Also write a total.
+ """
+ for error in self.errors:
+ out.write('For {} "{}", got "{}" (value: {})\n'
+ .format(error.type, error.expression,
+ error.output, error.value))
+ out.write('{} test cases'.format(self.count))
+ if self.errors:
+ out.write(', {} FAIL\n'.format(len(self.errors)))
+ else:
+ out.write(' PASS\n')
+
+HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h']
+TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data']
def main():
parser = argparse.ArgumentParser(description=globals()['__doc__'])
parser.add_argument('--include', '-I',
action='append', default=['include'],
help='Directory for header files')
- parser.add_argument('--program',
- default='programs/psa/psa_constant_names',
- help='Program to test')
parser.add_argument('--keep-c',
action='store_true', dest='keep_c', default=False,
help='Keep the intermediate C file')
parser.add_argument('--no-keep-c',
action='store_false', dest='keep_c',
help='Don\'t keep the intermediate C file (default)')
+ parser.add_argument('--program',
+ default='programs/psa/psa_constant_names',
+ help='Program to test')
options = parser.parse_args()
- headers = [os.path.join(options.include[0], 'psa', h)
- for h in ['crypto.h', 'crypto_extra.h', 'crypto_values.h']]
- test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
- inputs = gather_inputs(headers, test_suites)
- count, errors = run_tests(options, inputs)
- report_errors(errors)
- if errors == []:
- print('{} test cases PASS'.format(count))
- else:
- print('{} test cases, {} FAIL'.format(count, len(errors)))
+ headers = [os.path.join(options.include[0], h) for h in HEADERS]
+ inputs = gather_inputs(headers, TEST_SUITES)
+ tests = Tests(options)
+ tests.run_all(inputs)
+ tests.report(sys.stdout)
+ if tests.errors:
exit(1)
if __name__ == '__main__':
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 00320bc..0cce463 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -406,7 +406,7 @@
TEST_RESULT_SKIPPED
} test_result_t;
-static struct
+typedef struct
{
paramfail_test_state_t paramfail_test_state;
test_result_t result;
@@ -415,7 +415,8 @@
int line_no;
unsigned long step;
}
-test_info;
+test_info_t;
+static test_info_t test_info;
#if defined(MBEDTLS_PLATFORM_C)
mbedtls_platform_context platform_ctx;
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 24d9b97..a87dc13 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -368,6 +368,118 @@
test_snprintf( 5, "123", 3 ) != 0 );
}
+/** \brief Write the description of the test case to the outcome CSV file.
+ *
+ * \param outcome_file The file to write to.
+ * If this is \c NULL, this function does nothing.
+ * \param argv0 The test suite name.
+ * \param test_case The test case description.
+ */
+static void write_outcome_entry( FILE *outcome_file,
+ const char *argv0,
+ const char *test_case )
+{
+ /* The non-varying fields are initialized on first use. */
+ static const char *platform = NULL;
+ static const char *configuration = NULL;
+ static const char *test_suite = NULL;
+
+ if( outcome_file == NULL )
+ return;
+
+ if( platform == NULL )
+ {
+ platform = getenv( "MBEDTLS_TEST_PLATFORM" );
+ if( platform == NULL )
+ platform = "unknown";
+ }
+ if( configuration == NULL )
+ {
+ configuration = getenv( "MBEDTLS_TEST_CONFIGURATION" );
+ if( configuration == NULL )
+ configuration = "unknown";
+ }
+ if( test_suite == NULL )
+ {
+ test_suite = strrchr( argv0, '/' );
+ if( test_suite != NULL )
+ test_suite += 1; // skip the '/'
+ else
+ test_suite = argv0;
+ }
+
+ /* Write the beginning of the outcome line.
+ * Ignore errors: writing the outcome file is on a best-effort basis. */
+ mbedtls_fprintf( outcome_file, "%s;%s;%s;%s;",
+ platform, configuration, test_suite, test_case );
+}
+
+/** \brief Write the result of the test case to the outcome CSV file.
+ *
+ * \param outcome_file The file to write to.
+ * If this is \c NULL, this function does nothing.
+ * \param unmet_dep_count The number of unmet dependencies.
+ * \param unmet_dependencies The array of unmet dependencies.
+ * \param ret The test dispatch status (DISPATCH_xxx).
+ * \param test_info A pointer to the test info structure.
+ */
+static void write_outcome_result( FILE *outcome_file,
+ size_t unmet_dep_count,
+ char *unmet_dependencies[],
+ int ret,
+ const test_info_t *info )
+{
+ if( outcome_file == NULL )
+ return;
+
+ /* Write the end of the outcome line.
+ * Ignore errors: writing the outcome file is on a best-effort basis. */
+ switch( ret )
+ {
+ case DISPATCH_TEST_SUCCESS:
+ if( unmet_dep_count > 0 )
+ {
+ size_t i;
+ mbedtls_fprintf( outcome_file, "SKIP" );
+ for( i = 0; i < unmet_dep_count; i++ )
+ {
+ mbedtls_fprintf( outcome_file, "%c%s",
+ i == 0 ? ';' : ':',
+ unmet_dependencies[i] );
+ }
+ break;
+ }
+ switch( info->result )
+ {
+ case TEST_RESULT_SUCCESS:
+ mbedtls_fprintf( outcome_file, "PASS;" );
+ break;
+ case TEST_RESULT_SKIPPED:
+ mbedtls_fprintf( outcome_file, "SKIP;Runtime skip" );
+ break;
+ default:
+ mbedtls_fprintf( outcome_file, "FAIL;%s:%d:%s",
+ info->filename, info->line_no,
+ info->test );
+ break;
+ }
+ break;
+ case DISPATCH_TEST_FN_NOT_FOUND:
+ mbedtls_fprintf( outcome_file, "FAIL;Test function not found" );
+ break;
+ case DISPATCH_INVALID_TEST_DATA:
+ mbedtls_fprintf( outcome_file, "FAIL;Invalid test data" );
+ break;
+ case DISPATCH_UNSUPPORTED_SUITE:
+ mbedtls_fprintf( outcome_file, "SKIP;Unsupported suite" );
+ break;
+ default:
+ mbedtls_fprintf( outcome_file, "FAIL;Unknown cause" );
+ break;
+ }
+ mbedtls_fprintf( outcome_file, "\n" );
+ fflush( outcome_file );
+}
/**
* \brief Desktop implementation of execute_tests().
@@ -385,15 +497,16 @@
const char *default_filename = "DATA_FILE";
const char *test_filename = NULL;
const char **test_files = NULL;
- int testfile_count = 0;
+ size_t testfile_count = 0;
int option_verbose = 0;
int function_id = 0;
/* Other Local variables */
int arg_index = 1;
const char *next_arg;
- int testfile_index, ret, i, cnt;
- int total_errors = 0, total_tests = 0, total_skipped = 0;
+ size_t testfile_index, i, cnt;
+ int ret;
+ unsigned total_errors = 0, total_tests = 0, total_skipped = 0;
FILE *file;
char buf[5000];
char *params[50];
@@ -403,6 +516,8 @@
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
#endif /* __unix__ || __APPLE__ __MACH__ */
+ const char *outcome_file_name = getenv( "MBEDTLS_TEST_OUTCOME_FILE" );
+ FILE *outcome_file = NULL;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
@@ -410,6 +525,15 @@
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
#endif
+ if( outcome_file_name != NULL )
+ {
+ outcome_file = fopen( outcome_file_name, "a" );
+ if( outcome_file == NULL )
+ {
+ mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" );
+ }
+ }
+
/*
* The C standard doesn't guarantee that all-bits-0 is the representation
* of a NULL pointer. We do however use that in our code for initializing
@@ -473,7 +597,7 @@
testfile_index < testfile_count;
testfile_index++ )
{
- int unmet_dep_count = 0;
+ size_t unmet_dep_count = 0;
char *unmet_dependencies[20];
test_filename = test_files[ testfile_index ];
@@ -505,6 +629,7 @@
mbedtls_fprintf( stdout, "." );
mbedtls_fprintf( stdout, " " );
fflush( stdout );
+ write_outcome_entry( outcome_file, argv[0], buf );
total_tests++;
@@ -585,6 +710,9 @@
}
+ write_outcome_result( outcome_file,
+ unmet_dep_count, unmet_dependencies,
+ ret, &test_info );
if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
{
total_skipped++;
@@ -645,7 +773,7 @@
}
else if( ret == DISPATCH_TEST_FN_NOT_FOUND )
{
- mbedtls_fprintf( stderr, "FAILED: FATAL TEST FUNCTION NOT FUND\n" );
+ mbedtls_fprintf( stderr, "FAILED: FATAL TEST FUNCTION NOT FOUND\n" );
fclose( file );
mbedtls_exit( 2 );
}
@@ -659,14 +787,17 @@
free( unmet_dependencies[i] );
}
+ if( outcome_file != NULL )
+ fclose( outcome_file );
+
mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
if( total_errors == 0 )
mbedtls_fprintf( stdout, "PASSED" );
else
mbedtls_fprintf( stdout, "FAILED" );
- mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
- total_tests - total_errors, total_tests, total_skipped );
+ mbedtls_fprintf( stdout, " (%u / %u tests (%u skipped))\n",
+ total_tests - total_errors, total_tests, total_skipped );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data
index c5d9136..4abae0b 100644
--- a/tests/suites/test_suite_asn1parse.data
+++ b/tests/suites/test_suite_asn1parse.data
@@ -164,8 +164,7 @@
get_boolean:"020101":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
Empty INTEGER
-depends_on:SUPPORT_NEGATIVE_INTEGERS
-get_integer:"0200":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH
+empty_integer:"0200"
INTEGER 0
get_integer:"020100":"0":0
@@ -173,27 +172,15 @@
INTEGER 0, extra leading 0
get_integer:"02020000":"0":0
-INTEGER -0
-depends_on:SUPPORT_NEGATIVE_INTEGERS
-get_integer:"020180":"0":0
-
INTEGER 1
get_integer:"020101":"1":0:
INTEGER 1, extra leading 0
get_integer:"02020001":"1":0:
-INTEGER -1
-depends_on:SUPPORT_NEGATIVE_INTEGERS
-get_integer:"020181":"-1":0
-
INTEGER 0x7f
get_integer:"02017f":"7f":0
-INTEGER -0x7f
-depends_on:SUPPORT_NEGATIVE_INTEGERS
-get_integer:"0201ff":"-7f":0
-
INTEGER 0x80
get_integer:"02020080":"80":0
@@ -212,9 +199,30 @@
INTEGER 0x12345678, extra leading 0
get_integer:"02050012345678":"12345678":0
+INTEGER 0x7fffffff
+get_integer:"02047fffffff":"7fffffff":0
+
+INTEGER 0x7fffffff, extra leading 0
+get_integer:"0205007fffffff":"7fffffff":0
+
+INTEGER 0x80000000
+get_integer:"02050080000000":"80000000":0
+
+INTEGER 0xffffffff
+get_integer:"020500ffffffff":"ffffffff":0
+
+INTEGER 0x100000000
+get_integer:"02050100000000":"0100000000":0
+
INTEGER 0x123456789abcdef0
get_integer:"0208123456789abcdef0":"123456789abcdef0":0
+INTEGER 0xfedcab9876543210
+get_integer:"020900fedcab9876543210":"fedcab9876543210":0
+
+INTEGER 0x1fedcab9876543210
+get_integer:"020901fedcab9876543210":"1fedcab9876543210":0
+
INTEGER with 127 value octets
get_integer:"027f0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd":0
@@ -227,6 +235,51 @@
INTEGER with 128 value octets (leading 0 in length)
get_integer:"028200800123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":0
+INTEGER -1
+get_integer:"0201ff":"-1":0
+
+INTEGER -1, extra leading ff
+get_integer:"0202ffff":"-1":0
+
+INTEGER -0x7f
+get_integer:"020181":"-7f":0
+
+INTEGER -0x80
+get_integer:"020180":"-80":0
+
+INTEGER -0x81
+get_integer:"0202ff7f":"-81":0
+
+INTEGER -0xff
+get_integer:"0202ff01":"-ff":0
+
+INTEGER -0x100
+get_integer:"0202ff00":"-100":0
+
+INTEGER -0x7fffffff
+get_integer:"020480000001":"-7fffffff":0
+
+INTEGER -0x80000000
+get_integer:"020480000000":"-80000000":0
+
+INTEGER -0x80000001
+get_integer:"0205ff7fffffff":"-80000001":0
+
+INTEGER -0xffffffff
+get_integer:"0205ff00000001":"-ffffffff":0
+
+INTEGER -0x100000000
+get_integer:"0205ff00000000":"-100000000":0
+
+INTEGER -0x123456789abcdef0
+get_integer:"0208edcba98765432110":"-123456789abcdef0":0
+
+INTEGER -0xfedcba9876543210
+get_integer:"0209ff0123456789abcdf0":"-fedcba9876543210":0
+
+INTEGER -0x1fedcab9876543210
+get_integer:"0209fe0123546789abcdf0":"-1fedcab9876543210":0
+
Not INTEGER
get_integer:"010101":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 3bfb1c7..defbd01 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -59,6 +59,10 @@
*p = start;
ret = mbedtls_asn1_get_mpi( p, end, &mpi );
mbedtls_mpi_free( &mpi );
+#else
+ *p = start + 1;
+ ret = mbedtls_asn1_get_len( p, end, &len );
+ *p += len;
#endif
/* If we're sure that the number fits in an int, also
* call mbedtls_asn1_get_int(). */
@@ -247,6 +251,41 @@
/* END_CASE */
/* BEGIN_CASE */
+void empty_integer( const data_t *input )
+{
+ unsigned char *p;
+#if defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi actual_mpi;
+#endif
+ int val;
+
+#if defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_init( & actual_mpi );
+#endif
+
+ /* An INTEGER with no content is not valid. */
+ p = input->x;
+ TEST_EQUAL( mbedtls_asn1_get_int( &p, input->x + input->len, &val ),
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+#if defined(MBEDTLS_BIGNUM_C)
+ /* INTEGERs are sometimes abused as bitstrings, so the library accepts
+ * an INTEGER with empty content and gives it the value 0. */
+ p = input->x;
+ TEST_EQUAL( mbedtls_asn1_get_mpi( &p, input->x + input->len, &actual_mpi ),
+ 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_int( &actual_mpi, 0 ), 0 );
+#endif
+
+exit:
+#if defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_free( &actual_mpi );
+#endif
+ /*empty cleanup in some configurations*/ ;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void get_integer( const data_t *input,
const char *expected_hex, int expected_result )
{
@@ -254,16 +293,18 @@
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi expected_mpi;
mbedtls_mpi actual_mpi;
+ mbedtls_mpi complement;
+ int expected_result_for_mpi = expected_result;
#endif
long expected_value;
int expected_result_for_int = expected_result;
- int expected_result_for_mpi = expected_result;
int val;
int ret;
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_init( &expected_mpi );
mbedtls_mpi_init( &actual_mpi );
+ mbedtls_mpi_init( &complement );
#endif
errno = 0;
@@ -275,6 +316,16 @@
#endif
) )
{
+ /* The library returns the dubious error code INVALID_LENGTH
+ * for integers that are out of range. */
+ expected_result_for_int = MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
+ if( expected_result == 0 && expected_value < 0 )
+ {
+ /* The library does not support negative INTEGERs and
+ * returns the dubious error code INVALID_LENGTH.
+ * Test that we preserve the historical behavior. If we
+ * decide to change the behavior, we'll also change this test. */
expected_result_for_int = MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
@@ -300,7 +351,34 @@
TEST_EQUAL( ret, expected_result_for_mpi );
if( ret == 0 )
{
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual_mpi , &expected_mpi ) == 0 );
+ if( expected_value >= 0 )
+ {
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual_mpi,
+ &expected_mpi ) == 0 );
+ }
+ else
+ {
+ /* The library ignores the sign bit in ASN.1 INTEGERs
+ * (which makes sense insofar as INTEGERs are sometimes
+ * abused as bit strings), so the result of parsing them
+ * is a positive integer such that expected_mpi +
+ * actual_mpi = 2^n where n is the length of the content
+ * of the INTEGER. (Leading ff octets don't matter for the
+ * expected value, but they matter for the actual value.)
+ * Test that we don't change from this behavior. If we
+ * decide to fix the library to change the behavior on
+ * negative INTEGERs, we'll fix this test code. */
+ unsigned char *q = input->x + 1;
+ size_t len;
+ TEST_ASSERT( mbedtls_asn1_get_len( &q, input->x + input->len,
+ &len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_lset( &complement, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_shift_l( &complement, len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_add_mpi( &complement, &complement,
+ &expected_mpi ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &complement,
+ &actual_mpi ) == 0 );
+ }
TEST_ASSERT( p == input->x + input->len );
}
#endif
@@ -309,7 +387,9 @@
#if defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_free( &expected_mpi );
mbedtls_mpi_free( &actual_mpi );
+ mbedtls_mpi_free( &complement );
#endif
+ /*empty cleanup in some configurations*/ ;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data
index 312910e..b50df2b 100644
--- a/tests/suites/test_suite_ctr_drbg.data
+++ b/tests/suites/test_suite_ctr_drbg.data
@@ -1070,8 +1070,22 @@
depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"d4f1f4ae08bcb3e1":"5d4041942bcf68864a4997d8171f1f9fef55a769b7eaf03fe082029bb32a2b9d8239e865c0a42e14b964b9c09de85a20":"":"":"4155320287eedcf7d484c2c2a1e2eb64b9c9ce77c87202a1ae1616c7a5cfd1c687c7a0bfcc85bda48fdd4629fd330c22d0a76076f88fc7cd04037ee06b7af602"
-CTR_DRBG entropy usage
-ctr_drbg_entropy_usage:
+CTR_DRBG entropy usage (default entropy_nonce_len)
+ctr_drbg_entropy_usage:-1
+
+CTR_DRBG entropy usage (entropy_nonce_len=0)
+ctr_drbg_entropy_usage:0
+
+CTR_DRBG entropy usage (entropy_nonce_len=7)
+ctr_drbg_entropy_usage:7
+
+CTR_DRBG entropy strength: 128 bits
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_entropy_strength:128
+
+CTR_DRBG entropy strength: 256 bits
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_entropy_strength:256
CTR_DRBG write/update seed file [#1]
ctr_drbg_seed_file:"data_files/ctr_drbg_seed":0
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 4a97826..8317c08 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -44,11 +44,12 @@
/* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
* where nonce||perso = nonce[nonce->len] */
- TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len(
+ mbedtls_ctr_drbg_set_entropy_len( &ctx, entropy_chunk_len );
+ mbedtls_ctr_drbg_set_nonce_len( &ctx, 0 );
+ TEST_ASSERT( mbedtls_ctr_drbg_seed(
&ctx,
mbedtls_test_entropy_func, entropy->x,
- nonce->x, nonce->len,
- entropy_chunk_len ) == 0 );
+ nonce->x, nonce->len ) == 0 );
if( reseed_mode == RESEED_ALWAYS )
mbedtls_ctr_drbg_set_prediction_resistance(
&ctx,
@@ -187,17 +188,47 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void ctr_drbg_entropy_strength( int expected_bit_strength )
+{
+ unsigned char entropy[/*initial entropy*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN +
+ /*nonce*/ MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN +
+ /*reseed*/ MBEDTLS_CTR_DRBG_ENTROPY_LEN];
+ mbedtls_ctr_drbg_context ctx;
+ size_t last_idx;
+ size_t byte_strength = expected_bit_strength / 8;
+ mbedtls_ctr_drbg_init( &ctx );
+ test_offset_idx = 0;
+ test_max_idx = sizeof( entropy );
+ memset( entropy, 0, sizeof( entropy ) );
+
+ /* The initial seeding must grab at least byte_strength bytes of entropy
+ * for the entropy input and byte_strength/2 bytes for a nonce. */
+ TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx,
+ mbedtls_test_entropy_func, entropy,
+ NULL, 0 ) == 0 );
+ TEST_ASSERT( test_offset_idx >= ( byte_strength * 3 + 1 ) / 2 );
+ last_idx = test_offset_idx;
+
+ /* A reseed must grab at least byte_strength bytes of entropy. */
+ TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) == 0 );
+ TEST_ASSERT( test_offset_idx - last_idx >= byte_strength );
+
+exit:
+ mbedtls_ctr_drbg_free( &ctx );
+}
+/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_entropy_usage( )
+void ctr_drbg_entropy_usage( int entropy_nonce_len )
{
unsigned char out[16];
unsigned char add[16];
unsigned char entropy[1024];
mbedtls_ctr_drbg_context ctx;
size_t i, reps = 10;
- size_t last_idx;
+ size_t expected_idx = 0;
mbedtls_ctr_drbg_init( &ctx );
test_offset_idx = 0;
@@ -206,21 +237,27 @@
memset( out, 0, sizeof( out ) );
memset( add, 0, sizeof( add ) );
+ if( entropy_nonce_len >= 0 )
+ TEST_ASSERT( mbedtls_ctr_drbg_set_nonce_len( &ctx, entropy_nonce_len ) == 0 );
+
/* Init must use entropy */
- last_idx = test_offset_idx;
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 );
- TEST_ASSERT( last_idx < test_offset_idx );
+ expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+ if( entropy_nonce_len >= 0 )
+ expected_idx += entropy_nonce_len;
+ else
+ expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN;
+ TEST_EQUAL( test_offset_idx, expected_idx );
/* By default, PR is off and reseed_interval is large,
* so the next few calls should not use entropy */
- last_idx = test_offset_idx;
for( i = 0; i < reps; i++ )
{
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
add, sizeof( add ) ) == 0 );
}
- TEST_ASSERT( last_idx == test_offset_idx );
+ TEST_EQUAL( test_offset_idx, expected_idx );
/* While at it, make sure we didn't write past the requested length */
TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
@@ -232,17 +269,17 @@
* so the next call should reseed */
mbedtls_ctr_drbg_set_reseed_interval( &ctx, 2 * reps );
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( last_idx < test_offset_idx );
+ expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+ TEST_EQUAL( test_offset_idx, expected_idx );
/* The new few calls should not reseed */
- last_idx = test_offset_idx;
for( i = 0; i < reps / 2; i++ )
{
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, out, sizeof( out ) ,
add, sizeof( add ) ) == 0 );
}
- TEST_ASSERT( last_idx == test_offset_idx );
+ TEST_EQUAL( test_offset_idx, expected_idx );
/* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
@@ -253,18 +290,19 @@
/* Now enable PR, so the next few calls should all reseed */
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( last_idx < test_offset_idx );
+ expected_idx += MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+ TEST_EQUAL( test_offset_idx, expected_idx );
/* Finally, check setting entropy_len */
mbedtls_ctr_drbg_set_entropy_len( &ctx, 42 );
- last_idx = test_offset_idx;
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( test_offset_idx - last_idx == 42 );
+ expected_idx += 42;
+ TEST_EQUAL( test_offset_idx, expected_idx );
mbedtls_ctr_drbg_set_entropy_len( &ctx, 13 );
- last_idx = test_offset_idx;
TEST_ASSERT( mbedtls_ctr_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( test_offset_idx - last_idx == 13 );
+ expected_idx += 13;
+ TEST_EQUAL( test_offset_idx, expected_idx );
exit:
mbedtls_ctr_drbg_free( &ctx );
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index 13bc400..b526f43 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -37,7 +37,9 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
entropy_ctx entropy;
- size_t last_len, i, reps = 10;
+ size_t i, reps = 10;
+ size_t default_entropy_len;
+ size_t expected_consumed_entropy = 0;
mbedtls_hmac_drbg_init( &ctx );
memset( buf, 0, sizeof( buf ) );
@@ -48,23 +50,29 @@
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
+ if( mbedtls_md_get_size( md_info ) <= 20 )
+ default_entropy_len = 16;
+ else if( mbedtls_md_get_size( md_info ) <= 28 )
+ default_entropy_len = 24;
+ else
+ default_entropy_len = 32;
/* Init must use entropy */
- last_len = entropy.len;
TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &entropy,
NULL, 0 ) == 0 );
- TEST_ASSERT( entropy.len < last_len );
+ /* default_entropy_len of entropy, plus half as much for the nonce */
+ expected_consumed_entropy += default_entropy_len * 3 / 2;
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
/* By default, PR is off and reseed_interval is large,
* so the next few calls should not use entropy */
- last_len = entropy.len;
for( i = 0; i < reps; i++ )
{
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) - 4 ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, out, sizeof( out ) - 4,
buf, 16 ) == 0 );
}
- TEST_ASSERT( entropy.len == last_len );
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
/* While at it, make sure we didn't write past the requested length */
TEST_ASSERT( out[sizeof( out ) - 4] == 0 );
@@ -76,33 +84,34 @@
* so the next call should reseed */
mbedtls_hmac_drbg_set_reseed_interval( &ctx, 2 * reps );
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( entropy.len < last_len );
+ expected_consumed_entropy += default_entropy_len;
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
/* The new few calls should not reseed */
- last_len = entropy.len;
for( i = 0; i < reps / 2; i++ )
{
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, out, sizeof( out ) ,
buf, 16 ) == 0 );
}
- TEST_ASSERT( entropy.len == last_len );
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
/* Now enable PR, so the next few calls should all reseed */
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( entropy.len < last_len );
+ expected_consumed_entropy += default_entropy_len;
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
/* Finally, check setting entropy_len */
mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 );
- last_len = entropy.len;
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( (int) last_len - entropy.len == 42 );
+ expected_consumed_entropy += 42;
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 );
- last_len = entropy.len;
TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
- TEST_ASSERT( (int) last_len - entropy.len == 13 );
+ expected_consumed_entropy += 13;
+ TEST_EQUAL( sizeof( buf ) - entropy.len, expected_consumed_entropy );
exit:
mbedtls_hmac_drbg_free( &ctx );
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index ea5fc4f..caa4c77 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -8,21 +8,41 @@
depends_on:MBEDTLS_RSA_C
valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
-PK utils: RSA
+PK utils: RSA 512-bit
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:512:64:"RSA"
+pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
-PK utils: ECKEY
+PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_utils:MBEDTLS_PK_ECKEY:192:24:"EC"
+pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
-PK utils: ECKEY_DH
+PK utils: ECKEY_DH SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_utils:MBEDTLS_PK_ECKEY_DH:192:24:"EC_DH"
+pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
-PK utils: ECDSA
+PK utils: ECKEY_DH Curve25519
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
+
+PK utils: ECKEY_DH Curve448
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
+
+PK utils: ECDSA SECP192R1
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_utils:MBEDTLS_PK_ECDSA:192:24:"ECDSA"
+pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA"
+
+PK utils: ECDSA SECP256R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA"
+
+PK utils: ECDSA SECP384R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA"
+
+PK utils: ECDSA SECP521R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
PK PSA utilities: setup/free, info functions, unsupported operations
pk_psa_utils:
@@ -83,21 +103,41 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0
-ECDSA sign-verify
+ECDSA sign-verify: SECP192R1
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_sign_verify:MBEDTLS_PK_ECDSA:0:0
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0
-EC(DSA) sign-verify
+ECDSA sign-verify: SECP256R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0
+
+ECDSA sign-verify: SECP384R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0
+
+ECDSA sign-verify: SECP521R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0
+
+ECDSA sign-verify: BP256R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0
+
+ECDSA sign-verify: BP512R1
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0
+
+EC(DSA) sign-verify: SECP192R1
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_sign_verify:MBEDTLS_PK_ECKEY:0:0
+pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
-EC_DH (no) sign-verify
+EC_DH (no) sign-verify: SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
-pk_sign_verify:MBEDTLS_PK_RSA:0:0
+pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
RSA encrypt test vector
depends_on:MBEDTLS_PKCS1_V15
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index b349075..ccf1736 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -27,13 +27,27 @@
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
-static int pk_genkey( mbedtls_pk_context *pk )
+/** Generate a key of the desired type.
+ *
+ * \param pk The PK object to fill. It must have been initialized
+ * with mbedtls_pk_setup().
+ * \param parameter - For RSA keys, the key size in bits.
+ * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx).
+ *
+ * \return The status from the underlying type-specific key
+ * generation function.
+ * \return -1 if the key type is not recognized.
+ */
+static int pk_genkey( mbedtls_pk_context *pk, int parameter )
{
((void) pk);
+ (void) parameter;
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
- return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
+ return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ),
+ rnd_std_rand, NULL,
+ parameter, 3 );
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
@@ -42,7 +56,7 @@
{
int ret;
if( ( ret = mbedtls_ecp_group_load( &mbedtls_pk_ec( *pk )->grp,
- MBEDTLS_ECP_DP_SECP192R1 ) ) != 0 )
+ parameter ) ) != 0 )
return( ret );
return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
@@ -608,18 +622,18 @@
/* END_CASE */
/* BEGIN_CASE */
-void pk_utils( int type, int size, int len, char * name )
+void pk_utils( int type, int parameter, int bitlen, int len, char * name )
{
mbedtls_pk_context pk;
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
- TEST_ASSERT( pk_genkey( &pk ) == 0 );
+ TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
TEST_ASSERT( (int) mbedtls_pk_get_type( &pk ) == type );
TEST_ASSERT( mbedtls_pk_can_do( &pk, type ) );
- TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) size );
+ TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == (unsigned) bitlen );
TEST_ASSERT( mbedtls_pk_get_len( &pk ) == (unsigned) len );
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
@@ -897,11 +911,12 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void pk_sign_verify( int type, int sign_ret, int verify_ret )
+void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
{
mbedtls_pk_context pk;
- unsigned char hash[50], sig[5000];
size_t sig_len;
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
void *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
mbedtls_pk_restart_ctx ctx;
@@ -921,11 +936,15 @@
memset( sig, 0, sizeof sig );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
- TEST_ASSERT( pk_genkey( &pk ) == 0 );
+ TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, &sig_len,
rnd_std_rand, NULL, rs_ctx ) == sign_ret );
+ if( sign_ret == 0 )
+ TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
+ else
+ sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len ) == verify_ret );
@@ -945,6 +964,10 @@
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
+ if( sign_ret == 0 )
+ TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
+ else
+ sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
@@ -1153,7 +1176,7 @@
/* Initiliaze PK RSA context with random key */
TEST_ASSERT( mbedtls_pk_setup( &rsa,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
- TEST_ASSERT( pk_genkey( &rsa ) == 0 );
+ TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
/* Extract key to the raw rsa context */
TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index c8ff177..e0101cc 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -30,10 +30,18 @@
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.pem"
+Private key write check EC 256 bits (top bit set)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_write_key_check:"data_files/ec_256_long_prv.pem"
+
Private key write check EC 521 bits
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.pem"
+Private key write check EC 521 bits (top byte is 0)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_short_prv.pem"
+
Private key write check EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.pem"
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 6efdc01..3bd3738 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -43,15 +43,6 @@
depends_on:MBEDTLS_AES_C
import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:256:0:PSA_SUCCESS:1
-PSA invalid handle (0)
-invalid_handle:0
-
-PSA invalid handle (smallest plausible handle)
-invalid_handle:1
-
-PSA invalid handle (largest plausible handle)
-invalid_handle:-1
-
PSA import: bad usage flag
import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
@@ -1547,6 +1538,14 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+PSA sign: deterministic ECDSA SECP256R1 SHA-384
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
+sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca"
+
+PSA sign: deterministic ECDSA SECP384R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f"
+
PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
@@ -1621,6 +1620,22 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+PSA sign/verify: randomized ECDSA SECP256R1 SHA-384
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_SHA512_C
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
+
+PSA sign/verify: deterministic ECDSA SECP256R1 SHA-384
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
+
+PSA sign/verify: randomized ECDSA SECP384R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+
+PSA sign/verify: deterministic ECDSA SECP384R1 SHA-256
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+
PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 87529ac..f3f79ab 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -736,6 +736,11 @@
TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_INTEGER ),
0 );
+
+ /* Check if the retrieved length doesn't extend the actual buffer's size.
+ * It is assumed here, that end >= p, which validates casting to size_t. */
+ TEST_ASSERT( len <= (size_t)( end - *p) );
+
/* Tolerate a slight departure from DER encoding:
* - 0 may be represented by an empty string or a 1-byte string.
* - The sign bit may be used as a value bit. */
@@ -894,6 +899,8 @@
"No sanity check for public key type=0x%08lx",
(unsigned long) type );
test_fail( message, __LINE__, __FILE__ );
+ (void) p;
+ (void) end;
return( 0 );
}
}
@@ -1103,9 +1110,6 @@
buffer, sizeof( buffer ), &length ),
PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_destroy_key( handle ), PSA_ERROR_INVALID_HANDLE );
-
ok = 1;
exit:
@@ -1536,17 +1540,6 @@
/* END_CASE */
/* BEGIN_CASE */
-void invalid_handle( int handle )
-{
- PSA_ASSERT( psa_crypto_init( ) );
- test_operations_on_invalid_handle( handle );
-
-exit:
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void import_export_public_key( data_t *data,
int type_arg,
int alg_arg,
diff --git a/tests/suites/test_suite_psa_crypto_init.data b/tests/suites/test_suite_psa_crypto_init.data
index c57a764..9620a64 100644
--- a/tests/suites/test_suite_psa_crypto_init.data
+++ b/tests/suites/test_suite_psa_crypto_init.data
@@ -34,15 +34,25 @@
Fake entropy: less than the block size
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
+Fake entropy: not enough for a nonce
+depends_on:ENTROPY_NONCE_LEN != 0
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:ENTROPY_NONCE_LEN - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
+
Fake entropy: one block eventually
+depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
Fake entropy: one block in two steps
+depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:1:-1:-1:PSA_SUCCESS
Fake entropy: more than one block in two steps
+depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:PSA_SUCCESS
+Fake entropy: two blocks eventually
+fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
+
NV seed only: less than minimum
entropy_from_nv_seed:MBEDTLS_ENTROPY_MIN_PLATFORM - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index 3c4b42e..3283ac9 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -11,6 +11,12 @@
#define ENTROPY_MIN_NV_SEED_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+/* PSA crypto uses the CTR_DRBG module. In some configurations, it needs
+ * to read from the entropy source twice: once for the initial entropy
+ * and once for a nonce. */
+#include "mbedtls/ctr_drbg.h"
+#define ENTROPY_NONCE_LEN MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN
+
typedef struct
{
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index e989895..9cdee03 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -262,6 +262,26 @@
depends_on:MBEDTLS_SHA256_C
key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF
+Key derivation: HKDF using SHA-384
+depends_on:MBEDTLS_SHA512_C
+key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF
+
+Key derivation: TLS 1.2 PRF using SHA-256
+depends_on:MBEDTLS_SHA256_C
+key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF
+
+Key derivation: TLS 1.2 PRF using SHA-384
+depends_on:MBEDTLS_SHA512_C
+key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_384 ):ALG_IS_TLS12_PRF
+
+Key derivation: TLS 1.2 PSK-to-MS using SHA-256
+depends_on:MBEDTLS_SHA256_C
+key_derivation_algorithm:PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PSK_TO_MS
+
+Key derivation: TLS 1.2 PSK-to-MS using SHA-384
+depends_on:MBEDTLS_SHA512_C
+key_derivation_algorithm:PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 ):ALG_IS_TLS12_PSK_TO_MS
+
Key agreement: FFDH, raw output
depends_on:MBEDTLS_DHM_C
key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION
@@ -270,6 +290,10 @@
depends_on:MBEDTLS_DHM_C
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+Key agreement: FFDH, HKDF using SHA-384
+depends_on:MBEDTLS_DHM_C
+key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
+
Key agreement: ECDH, raw output
depends_on:MBEDTLS_ECDH_C
key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION
@@ -278,6 +302,10 @@
depends_on:MBEDTLS_ECDH_C
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+Key agreement: ECDH, HKDF using SHA-384
+depends_on:MBEDTLS_ECDH_C
+key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
+
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index a9f1b39..3a9347e 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -37,6 +37,8 @@
#define ALG_IS_WILDCARD ( 1u << 19 )
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 )
#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 21 )
+#define ALG_IS_TLS12_PRF ( 1u << 22 )
+#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 23 )
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
index 53e3fc5..1b0ef04 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -121,23 +121,23 @@
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
Key registration: smoke test
-register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_SUCCESS
-
-Key registration: invalid lifetime (volatile)
-register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:-1:PSA_ERROR_INVALID_ARGUMENT
-
-Key registration: invalid lifetime (internal storage)
-register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:-1:PSA_ERROR_INVALID_ARGUMENT
-
-Key registration: invalid lifetime (no registered driver)
-register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:-1:PSA_ERROR_INVALID_ARGUMENT
-
-Key registration: with driver validation (accepted)
register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS
-Key registration: with driver validation (rejected)
+Key registration: invalid lifetime (volatile)
+register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: invalid lifetime (internal storage)
+register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: invalid lifetime (no registered driver)
+register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: rejected
register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
+Key registration: not supported
+register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
+
Import-sign-verify: sign in driver, ECDSA
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index fc6f668..e06ef17 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -5,6 +5,13 @@
#include "psa_crypto_se.h"
#include "psa_crypto_storage.h"
+/* Invasive peeking: check the persistent data */
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+#include "psa_crypto_its.h"
+#else /* Native ITS implementation */
+#include "psa/error.h"
+#include "psa/internal_trusted_storage.h"
+#endif
/****************************************************************/
@@ -90,11 +97,13 @@
/* Validate a choice of slot number as directed. */
static psa_status_t validate_slot_number_as_directed(
psa_drv_se_context_t *context,
+ void *persistent_data,
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_key_slot_number_t slot_number )
{
(void) context;
+ (void) persistent_data;
(void) attributes;
DRIVER_ASSERT_RETURN( slot_number ==
validate_slot_number_directions.slot_number );
@@ -104,6 +113,11 @@
}
/* Allocate slot numbers with a monotonic counter. */
+static psa_key_slot_number_t shadow_counter;
+static void counter_reset( void )
+{
+ shadow_counter = 0;
+}
static psa_status_t counter_allocate( psa_drv_se_context_t *context,
void *persistent_data,
const psa_key_attributes_t *attributes,
@@ -118,6 +132,7 @@
++*p_counter;
if( *p_counter == 0 )
return( PSA_ERROR_INSUFFICIENT_STORAGE );
+ shadow_counter = *p_counter;
*slot_number = *p_counter;
return( PSA_SUCCESS );
}
@@ -193,12 +208,15 @@
* bit vector indicating which slots are in use. */
typedef uint16_t ram_slot_usage_t;
+static ram_slot_usage_t ram_shadow_slot_usage;
+
static uint8_t ram_min_slot = 0;
static void ram_slots_reset( void )
{
memset( ram_slots, 0, sizeof( ram_slots ) );
ram_min_slot = 0;
+ ram_shadow_slot_usage = 0;
}
/* Common parts of key creation.
@@ -342,6 +360,7 @@
DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) );
memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
*slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number );
+ ram_shadow_slot_usage = *slot_usage;
return( PSA_SUCCESS );
}
@@ -360,18 +379,23 @@
++( *slot_number ) )
{
if( ! ( *slot_usage & 1 << *slot_number ) )
+ {
+ ram_shadow_slot_usage = *slot_usage;
return( PSA_SUCCESS );
+ }
}
return( PSA_ERROR_INSUFFICIENT_STORAGE );
}
static psa_status_t ram_validate_slot_number(
psa_drv_se_context_t *context,
+ void *persistent_data,
const psa_key_attributes_t *attributes,
psa_key_creation_method_t method,
psa_key_slot_number_t slot_number )
{
(void) context;
+ (void) persistent_data;
(void) attributes;
(void) method;
if( slot_number >= ARRAY_LENGTH( ram_slots ) )
@@ -522,6 +546,38 @@
return( ok );
}
+/* Get the file UID corresponding to the specified lifetime.
+ * If this changes, the storage format version must change.
+ * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
+ */
+psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime )
+{
+ if( lifetime > PSA_MAX_SE_LIFETIME )
+ return( 0 );
+ return( 0xfffffe00 + lifetime );
+}
+
+/* Check that the persistent data of a driver has its expected content. */
+static int check_persistent_data( psa_key_lifetime_t lifetime,
+ const void *expected_data,
+ size_t size )
+{
+ psa_storage_uid_t uid = file_uid_for_lifetime( lifetime );
+ struct psa_storage_info_t info;
+ uint8_t *loaded = NULL;
+ int ok = 0;
+
+ PSA_ASSERT( psa_its_get_info( uid, &info ) );
+ ASSERT_ALLOC( loaded, info.size );
+ PSA_ASSERT( psa_its_get( uid, 0, info.size, loaded, NULL ) );
+ ASSERT_COMPARE( expected_data, size, loaded, info.size );
+ ok = 1;
+
+exit:
+ mbedtls_free( loaded );
+ return( ok );
+}
+
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
@@ -776,6 +832,10 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
/* Maybe restart, to check that the information is saved correctly. */
if( restart )
@@ -783,6 +843,10 @@
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
}
@@ -805,6 +869,10 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
@@ -860,6 +928,10 @@
if( status != PSA_SUCCESS )
goto exit;
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
/* Maybe restart, to check that the information is saved correctly. */
if( restart )
@@ -867,6 +939,10 @@
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
}
@@ -879,6 +955,10 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
+ if( ! check_persistent_data( lifetime,
+ &ram_shadow_slot_usage,
+ sizeof( ram_shadow_slot_usage ) ) )
+ goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
@@ -926,6 +1006,9 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material->x, key_material->len,
&handle ) );
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
/* Do stuff with the key. */
if( ! smoke_test_key( handle ) )
@@ -935,6 +1018,9 @@
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
if( ! smoke_test_key( handle ) )
goto exit;
@@ -942,11 +1028,15 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
+ counter_reset( );
psa_purge_storage( );
}
/* END_CASE */
@@ -983,6 +1073,7 @@
exit:
PSA_DONE( );
+ counter_reset( );
psa_purge_storage( );
}
/* END_CASE */
@@ -1023,6 +1114,9 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
/* Do stuff with the key. */
if( ! smoke_test_key( handle ) )
@@ -1032,6 +1126,9 @@
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
if( ! smoke_test_key( handle ) )
goto exit;
@@ -1039,11 +1136,15 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
+ if( ! check_persistent_data( lifetime,
+ &shadow_counter, sizeof( shadow_counter ) ) )
+ goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
+ counter_reset( );
psa_purge_storage( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
index dba6875..f60bd76 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
@@ -1,3 +1,12 @@
+SE init mock test: success
+mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
+
+SE init mock test: failure
+mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
+
+SE init mock test: invalid lifetime
+mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
+
SE key importing mock test
mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index e6b3f7b..7088a52 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -8,6 +8,13 @@
static struct
{
uint16_t called;
+ psa_key_lifetime_t lifetime;
+ psa_status_t return_value;
+} mock_init_data;
+
+static struct
+{
+ uint16_t called;
psa_key_slot_number_t key_slot;
psa_key_attributes_t attributes;
size_t pubkey_size;
@@ -92,6 +99,7 @@
static void mock_teardown( void )
{
+ memset( &mock_init_data, 0, sizeof( mock_init_data ) );
memset( &mock_import_data, 0, sizeof( mock_import_data ) );
memset( &mock_export_data, 0, sizeof( mock_export_data ) );
memset( &mock_export_public_data, 0, sizeof( mock_export_public_data ) );
@@ -103,6 +111,18 @@
psa_purge_storage( );
}
+static psa_status_t mock_init( psa_drv_se_context_t *drv_context,
+ void *persistent_data,
+ psa_key_lifetime_t lifetime )
+{
+ (void) drv_context;
+ (void) persistent_data;
+
+ mock_init_data.called++;
+ mock_init_data.lifetime = lifetime;
+ return( mock_init_data.return_value );
+}
+
static psa_status_t mock_generate( psa_drv_se_context_t *drv_context,
psa_key_slot_number_t key_slot,
const psa_key_attributes_t *attributes,
@@ -259,6 +279,42 @@
*/
/* BEGIN_CASE */
+void mock_init( int lifetime_arg,
+ int expected_register_status_arg,
+ int driver_status_arg,
+ int expected_psa_status_arg,
+ int expected_called )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_status_t expected_register_status = expected_register_status_arg;
+ psa_status_t driver_status = driver_status_arg;
+ psa_status_t expected_psa_status = expected_psa_status_arg;
+ psa_drv_se_t driver = {
+ .hal_version = PSA_DRV_SE_HAL_VERSION,
+ .p_init = mock_init,
+ };
+ int psa_crypto_init_called = 0;
+
+ mock_init_data.return_value = driver_status;
+
+ TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ expected_register_status );
+
+ psa_crypto_init_called = 1;
+ TEST_EQUAL( psa_crypto_init( ), expected_psa_status );
+
+ TEST_EQUAL( mock_init_data.called, expected_called );
+ if( expected_called )
+ TEST_EQUAL( mock_init_data.lifetime, lifetime );
+
+exit:
+ if( psa_crypto_init_called )
+ PSA_DONE( );
+ mock_teardown( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mock_import( int mock_alloc_return_value,
int mock_import_return_value,
int bits,
@@ -335,6 +391,7 @@
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
driver.key_management = &key_management;
+ driver.p_init = mock_init;
key_management.p_import = mock_import;
key_management.p_export = mock_export;
key_management.p_destroy = mock_destroy;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 6fa8723..803917d 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -148,8 +148,17 @@
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
-Close/destroy invalid handle
-invalid_handle:
+invalid handle: 0
+invalid_handle:INVALID_HANDLE_0:PSA_SUCCESS:PSA_ERROR_INVALID_HANDLE
+
+invalid handle: never opened
+invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
+
+invalid handle: already closed
+invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
+
+invalid handle: huge
+invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
Open many transient handles
many_transient_handles:42
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 3b9eada..4c824f7 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -20,6 +20,14 @@
CLOSE_AFTER,
} reopen_policy_t;
+typedef enum
+{
+ INVALID_HANDLE_0,
+ INVALID_HANDLE_UNOPENED,
+ INVALID_HANDLE_CLOSED,
+ INVALID_HANDLE_HUGE,
+} invalid_handle_construction_t;
+
/* All test functions that create persistent keys must call
* `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this
* identifier, and must call psa_purge_key_storage() in their cleanup
@@ -625,9 +633,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void invalid_handle( )
+void invalid_handle( int handle_construction,
+ int close_status_arg, int usage_status_arg )
{
- psa_key_handle_t handle1 = 0;
+ psa_key_handle_t valid_handle = 0;
+ psa_key_handle_t invalid_handle = 0;
+ psa_status_t close_status = close_status_arg;
+ psa_status_t usage_status = usage_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t material[1] = "a";
@@ -639,23 +651,50 @@
psa_set_key_algorithm( &attributes, 0 );
PSA_ASSERT( psa_import_key( &attributes,
material, sizeof( material ),
- &handle1 ) );
- TEST_ASSERT( handle1 != 0 );
+ &valid_handle ) );
+ TEST_ASSERT( valid_handle != 0 );
- /* Attempt to close and destroy some invalid handles. */
- TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( handle1 - 1 ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_close_key( handle1 + 1 ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_destroy_key( 0 ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_destroy_key( handle1 - 1 ), PSA_ERROR_INVALID_HANDLE );
- TEST_EQUAL( psa_destroy_key( handle1 + 1 ), PSA_ERROR_INVALID_HANDLE );
+ /* Construct an invalid handle as specified in the test case data. */
+ switch( handle_construction )
+ {
+ case INVALID_HANDLE_0:
+ invalid_handle = 0;
+ break;
+ case INVALID_HANDLE_UNOPENED:
+ /* We can't easily construct a handle that's never been opened
+ * without knowing how the implementation constructs handle
+ * values. The current test code assumes that valid handles
+ * are in a range between 1 and some maximum. */
+ if( valid_handle == 1 )
+ invalid_handle = 2;
+ else
+ invalid_handle = valid_handle - 1;
+ break;
+ case INVALID_HANDLE_CLOSED:
+ PSA_ASSERT( psa_import_key( &attributes,
+ material, sizeof( material ),
+ &invalid_handle ) );
+ PSA_ASSERT( psa_destroy_key( invalid_handle ) );
+ break;
+ case INVALID_HANDLE_HUGE:
+ invalid_handle = (psa_key_handle_t) ( -1 );
+ break;
+ default:
+ TEST_ASSERT( ! "unknown handle construction" );
+ }
+
+ /* Attempt to use the invalid handle. */
+ TEST_EQUAL( psa_get_key_attributes( invalid_handle, &attributes ),
+ usage_status );
+ TEST_EQUAL( psa_close_key( invalid_handle ), close_status );
+ TEST_EQUAL( psa_destroy_key( invalid_handle ), close_status );
/* After all this, check that the original handle is intact. */
- PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( valid_handle, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), PSA_KEY_TYPE_RAW_DATA );
TEST_EQUAL( psa_get_key_bits( &attributes ),
PSA_BYTES_TO_BITS( sizeof( material ) ) );
- PSA_ASSERT( psa_close_key( handle1 ) );
+ PSA_ASSERT( psa_close_key( valid_handle ) );
exit:
PSA_DONE( );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index a4575ab..b6dca23 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.17.0"
+check_compiletime_version:"2.19.1"
Check runtime library version
-check_runtime_version:"2.17.0"
+check_runtime_version:"2.19.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0