Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header
TLS1.3 :fix memory leak and version header
diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt
new file mode 100644
index 0000000..dbd25d1
--- /dev/null
+++ b/ChangeLog.d/ccm_star_no_tag.txt
@@ -0,0 +1,10 @@
+Changes
+ * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
+ For CCM* encryption/decryption without authentication, input
+ length will be ignored.
+
+Features
+ * Add support for CCM*-no-tag cipher to the PSA.
+ Currently only 13-byte long IV's are supported.
+ For decryption a minimum of 16-byte long input is expected.
+ These restrictions may be subject to change.
diff --git a/ChangeLog.d/fix-needed-shared-libraries-linux.txt b/ChangeLog.d/fix-needed-shared-libraries-linux.txt
new file mode 100644
index 0000000..74ad3bc
--- /dev/null
+++ b/ChangeLog.d/fix-needed-shared-libraries-linux.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
+ not to list other shared libraries they need.
diff --git a/ChangeLog.d/psa_crypto_api_macros.txt b/ChangeLog.d/psa_crypto_api_macros.txt
new file mode 100644
index 0000000..ff53e33
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_api_macros.txt
@@ -0,0 +1,11 @@
+Features
+ * Add missing PSA macros declared by PSA Crypto API 1.0.0:
+ PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
+
+Bugfix
+ * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
+ for algorithm values that fully encode the hashing step, as per the PSA
+ Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
+ PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
+ all algorithms that can be used with psa_{sign,verify}_hash(), including
+ these two.
diff --git a/README.md b/README.md
index e6924cb..c8d9450 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
-The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
+The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`.
### Tool versions
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 6f991fe..1be1689 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -198,6 +198,7 @@
* \param ctx The CCM context to use for encryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
+ * For tag length = 0, input length is ignored.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
@@ -279,6 +280,7 @@
* \param ctx The CCM context to use for decryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
+ * For tag length = 0, input length is ignored.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index b4630f6..892771e 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -140,9 +140,15 @@
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
+ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, /**< AES cipher with 128-bit CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, /**< AES cipher with 192-bit CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, /**< AES cipher with 256-bit CCM_STAR_NO_TAG mode. */
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, /**< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, /**< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, /**< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode. */
MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode. */
MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode. */
@@ -161,6 +167,9 @@
MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode. */
MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode. */
+ MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, /**< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, /**< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode. */
+ MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, /**< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode. */
MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
@@ -187,6 +196,7 @@
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
+ MBEDTLS_MODE_CCM_STAR_NO_TAG, /**< The CCM*-no-tag cipher mode. */
MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index b2a2e32..5b26084 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -130,10 +130,8 @@
/**
* The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- *
- * \note Montgomery curves are currently excluded.
*/
-#define MBEDTLS_ECP_DP_MAX 12
+#define MBEDTLS_ECP_DP_MAX 14
/*
* Curve types
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 36e3718..5d2fefc 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -42,10 +42,6 @@
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
-/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
- * to avoid conflict with other headers which define and use
- * it, too. We might want to move all these definitions here at
- * some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
@@ -53,8 +49,8 @@
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
+#define MBEDTLS_DEPRECATED
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 80bcd72..c54c035 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -51,6 +51,9 @@
case MBEDTLS_CIPHER_AES_128_CCM:
case MBEDTLS_CIPHER_AES_192_CCM:
case MBEDTLS_CIPHER_AES_256_CCM:
+ case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
+ case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
+ case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
case MBEDTLS_CIPHER_AES_128_GCM:
case MBEDTLS_CIPHER_AES_192_GCM:
case MBEDTLS_CIPHER_AES_256_GCM:
@@ -66,6 +69,9 @@
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
case MBEDTLS_CIPHER_ARIA_192_CCM:
case MBEDTLS_CIPHER_ARIA_256_CCM:
+ case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
+ case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
+ case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
case MBEDTLS_CIPHER_ARIA_128_GCM:
case MBEDTLS_CIPHER_ARIA_192_GCM:
case MBEDTLS_CIPHER_ARIA_256_GCM:
@@ -90,6 +96,8 @@
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
case MBEDTLS_MODE_CCM:
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
+ case MBEDTLS_MODE_CCM_STAR_NO_TAG:
+ return PSA_ALG_CCM_STAR_NO_TAG;
case MBEDTLS_MODE_CBC:
if( taglen == 0 )
return( PSA_ALG_CBC_NO_PADDING );
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 288d9b3..45e0544 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/platform_util.h"
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
@@ -187,18 +188,28 @@
* } NamedGroup;
*
*/
+
/* Elliptic Curve Groups (ECDHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 0x0017
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 0x0018
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 0x0019
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 0x001D
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 0x001E
+#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018
+#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B
+#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D
+#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E
/* Finite Field Groups (DHE) */
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 0x0100
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE3072 0x0101
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE4096 0x0102
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE6144 0x0103
-#define MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 0x0104
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103
+#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104
/*
* TLS 1.3 Key Exchange Modes
@@ -594,6 +605,8 @@
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
+#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+
/* Length in number of bytes of the TLS sequence number */
#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
@@ -1039,6 +1052,14 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+typedef struct
+{
+ unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+ unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+ unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+ unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
@@ -1129,6 +1150,10 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+ mbedtls_ssl_tls1_3_application_secrets MBEDTLS_PRIVATE(app_secrets);
+#endif
};
/*
@@ -1283,10 +1308,12 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
+ const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */
+
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
@@ -3143,6 +3170,7 @@
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
*
@@ -3156,6 +3184,8 @@
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
+ * \deprecated Superseeded by mbedtls_ssl_conf_groups().
+ *
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
* for that. For the end-entity certificate however, the key
@@ -3182,10 +3212,51 @@
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
- const mbedtls_ecp_group_id *curves );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
+/**
+ * \brief Set the allowed groups in order of preference.
+ *
+ * On server: This only affects the choice of key agreement mechanism
+ *
+ * On client: this affects the list of groups offered for any
+ * use. The server can override our preference order.
+ *
+ * Both sides: limits the set of groups accepted for use in
+ * key sharing.
+ *
+ * \note This function replaces the deprecated mbedtls_ssl_conf_curves(),
+ * which only allows ECP curves to be configured.
+ *
+ * \note The most recent invocation of either mbedtls_ssl_conf_curves()
+ * or mbedtls_ssl_conf_groups() nullifies all previous invocations
+ * of both.
+ *
+ * \note This list should be ordered by decreasing preference
+ * (preferred group first).
+ *
+ * \note When this function is not called, a default list is used,
+ * consisting of all supported curves at 255 bits and above,
+ * and all supported finite fields at 2048 bits and above.
+ * The order favors groups with the lowest resource usage.
+ *
+ * \note New minor versions of Mbed TLS will not remove items
+ * from the default list unless serious security concerns require it.
+ * New minor versions of Mbed TLS may change the order in
+ * keeping with the general principle of favoring the lowest
+ * resource usage.
+ *
+ * \param conf SSL configuration
+ * \param groups List of allowed groups ordered by preference, terminated by 0.
+ * Must contain valid IANA NamedGroup IDs (provided via either an integer
+ * or using MBEDTLS_TLS13_NAMED_GROUP_XXX macros).
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+ const uint16_t *groups );
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5d9854a..ee4b54c 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2990,7 +2990,9 @@
* \param key Identifier of the key to use for the operation.
* It must be an asymmetric key pair. The key must
* allow the usage #PSA_KEY_USAGE_SIGN_HASH.
- * \param alg A signature algorithm that is compatible with
+ * \param alg A signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
* the type of \p key.
* \param[in] hash The hash or message to sign.
* \param hash_length Size of the \p hash buffer in bytes.
@@ -3043,7 +3045,9 @@
* must be a public key or an asymmetric key pair. The
* key must allow the usage
* #PSA_KEY_USAGE_VERIFY_HASH.
- * \param alg A signature algorithm that is compatible with
+ * \param alg A signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
* the type of \p key.
* \param[in] hash The hash or message whose signature is to be
* verified.
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 4c67f10..af8a4a6 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -79,6 +79,38 @@
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
0)
+/** The input block size of a hash algorithm, in bytes.
+ *
+ * Hash algorithms process their input data in blocks. Hash operations will
+ * retain any partial blocks until they have enough input to fill the block or
+ * until the operation is finished.
+ * This affects the output from psa_hash_suspend().
+ *
+ * \param alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * PSA_ALG_IS_HASH(\p alg) is true).
+ *
+ * \return The block size in bytes for the specified hash algorithm.
+ * If the hash algorithm is not recognized, return 0.
+ * An implementation can return either 0 or the correct size for a
+ * hash algorithm that it recognizes, but does not support.
+ */
+#define PSA_HASH_BLOCK_LENGTH(alg) \
+ ( \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
+ 0)
+
/** \def PSA_HASH_MAX_SIZE
*
* Maximum size of a hash.
@@ -959,7 +991,8 @@
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
- 0)
+ (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
+ 0)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 621b872..5a903f8 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -847,6 +847,9 @@
(PSA_ALG_IS_KEY_DERIVATION(alg) && \
(alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
+/** An invalid algorithm identifier value. */
+#define PSA_ALG_NONE ((psa_algorithm_t)0)
+
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
/** MD5 */
#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
@@ -1199,6 +1202,17 @@
*/
#define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
+/** The CCM* cipher mode without authentication.
+ *
+ * This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0.
+ * For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM.
+ *
+ * The underlying block cipher is determined by the key type.
+ *
+ * Currently only 13-byte long IV's are supported.
+ */
+#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t)0x04c01300)
+
/** The GCM authenticated encryption algorithm.
*
* The underlying block cipher is determined by the key type.
@@ -1589,20 +1603,24 @@
* file. */
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
-/** Whether the specified algorithm is a hash-and-sign algorithm.
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_hash() and psa_verify_hash().
*
- * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
- * structured in two parts: first the calculation of a hash in a way that
- * does not depend on the key, then the calculation of a signature from the
- * hash value and the key.
+ * This encompasses all strict hash-and-sign algorithms categorized by
+ * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
+ * paradigm more loosely:
+ * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
+ * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
*
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ * \param alg An algorithm identifier (value of type psa_algorithm_t).
*
- * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
- * This macro may return either 0 or 1 if \p alg is not a supported
- * algorithm identifier.
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ * hash. 0 if alg is a signature algorithm that can only be used
+ * to sign a message. 0 if alg is not a signature algorithm.
+ * This macro can return either 0 or 1 if alg is not a
+ * supported algorithm identifier.
*/
-#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
+#define PSA_ALG_IS_SIGN_HASH(alg) \
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
@@ -1619,7 +1637,37 @@
* supported algorithm identifier.
*/
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
- (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+ (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+
+/** Whether the specified algorithm is a hash-and-sign algorithm.
+ *
+ * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
+ * structured in two parts: first the calculation of a hash in a way that
+ * does not depend on the key, then the calculation of a signature from the
+ * hash value and the key. Hash-and-sign algorithms encode the hash
+ * used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH
+ * to extract this algorithm.
+ *
+ * Thus, for a hash-and-sign algorithm,
+ * `psa_sign_message(key, alg, input, ...)` is equivalent to
+ * ```
+ * psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...);
+ * psa_sign_hash(key, alg, hash, ..., signature, ...);
+ * ```
+ * Most usefully, separating the hash from the signature allows the hash
+ * to be calculated in multiple steps with psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Likewise psa_verify_message() is equivalent to
+ * calculating the hash and then calling psa_verify_hash().
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
+ (PSA_ALG_IS_SIGN_HASH(alg) && \
+ ((alg) & PSA_ALG_HASH_MASK) != 0)
/** Get the hash used by a hash-and-sign signature algorithm.
*
@@ -1641,7 +1689,6 @@
*/
#define PSA_ALG_SIGN_GET_HASH(alg) \
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
- ((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 : \
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
0)
@@ -2132,6 +2179,9 @@
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+/** The null key identifier.
+ */
+#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
diff --git a/library/Makefile b/library/Makefile
index 13cd7db..15c9a8b 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -186,6 +186,14 @@
shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
+# Windows builds under Mingw can fail if make tries to create archives in the same
+# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002.
+# This forces builds of the .a files to be serialised.
+ifdef WINDOWS
+libmbedtls.a: | libmbedx509.a
+libmbedx509.a: | libmbedcrypto.a
+endif
+
# tls
libmbedtls.a: $(OBJS_TLS)
echo " AR $@"
@@ -199,7 +207,7 @@
libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
+ $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedtls.so: libmbedtls.$(SOEXT_TLS)
echo " LN $@ -> $<"
@@ -207,11 +215,11 @@
libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
echo " LD $@"
- $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
+ $(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -lmbedx509 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
+ $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
# x509
libmbedx509.a: $(OBJS_X509)
@@ -226,7 +234,7 @@
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
+ $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedx509.so: libmbedx509.$(SOEXT_X509)
echo " LN $@ -> $<"
@@ -234,7 +242,7 @@
libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
echo " LD $@"
- $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
+ $(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
echo " LD $@"
@@ -253,7 +261,7 @@
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
+ $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
echo " LN $@ -> $<"
@@ -261,7 +269,7 @@
libmbedcrypto.dylib: $(OBJS_CRYPTO)
echo " LD $@"
- $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
+ $(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " LD $@"
diff --git a/library/base64_invasive.h b/library/base64_invasive.h
index 9e26471..ed5f7cb 100644
--- a/library/base64_invasive.h
+++ b/library/base64_invasive.h
@@ -52,4 +52,4 @@
signed char mbedtls_base64_dec_value( unsigned char c );
#endif /* MBEDTLS_TEST_HOOKS */
-#endif /* MBEDTLS_SSL_INVASIVE_H */
+#endif /* MBEDTLS_BASE64_INVASIVE_H */
diff --git a/library/ccm.c b/library/ccm.c
index 15efff7..e062678 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -150,9 +150,20 @@
if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
return 0;
- if( ctx->tag_len == 0 && \
- ( ctx->mode == MBEDTLS_CCM_ENCRYPT || ctx->mode == MBEDTLS_CCM_DECRYPT ) )
- return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ /* CCM expects non-empty tag.
+ * CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
+ */
+ if( ctx->tag_len == 0 )
+ {
+ if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+ {
+ ctx->plaintext_len = 0;
+ }
+ else
+ {
+ return( MBEDTLS_ERR_CCM_BAD_INPUT );
+ }
+ }
/*
* First block:
@@ -342,7 +353,10 @@
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
- if( ctx->processed + input_len > ctx->plaintext_len )
+ /* Check against plaintext length only if performing operation with
+ * authentication
+ */
+ if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
{
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
diff --git a/library/cipher.c b/library/cipher.c
index dc80189..ff851ec 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -424,6 +424,31 @@
}
#endif
+#if defined(MBEDTLS_CCM_C)
+ if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
+ {
+ int set_lengths_result;
+ int ccm_star_mode;
+
+ set_lengths_result = mbedtls_ccm_set_lengths(
+ (mbedtls_ccm_context *) ctx->cipher_ctx,
+ 0, 0, 0 );
+ if( set_lengths_result != 0 )
+ return set_lengths_result;
+
+ if( ctx->operation == MBEDTLS_DECRYPT )
+ ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
+ else if( ctx->operation == MBEDTLS_ENCRYPT )
+ ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
+ else
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+
+ return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
+ ccm_star_mode,
+ iv, iv_len ) );
+ }
+#endif
+
if ( actual_iv_size != 0 )
{
memcpy( ctx->iv, iv, actual_iv_size );
@@ -560,6 +585,15 @@
}
#endif
+#if defined(MBEDTLS_CCM_C)
+ if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
+ {
+ return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
+ input, ilen,
+ output, ilen, olen ) );
+ }
+#endif
+
#if defined(MBEDTLS_CHACHAPOLY_C)
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
{
@@ -947,6 +981,7 @@
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+ MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
{
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 5776d5e..7da7d9d 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -639,6 +639,39 @@
16,
&ccm_aes_info
};
+
+static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 128,
+ "AES-128-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 192,
+ "AES-192-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 256,
+ "AES-256-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aes_info
+};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -1014,6 +1047,39 @@
16,
&ccm_camellia_info
};
+
+static const mbedtls_cipher_info_t camellia_128_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 128,
+ "CAMELLIA-128-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 192,
+ "CAMELLIA-192-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 256,
+ "CAMELLIA-256-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_camellia_info
+};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1390,6 +1456,39 @@
16,
&ccm_aria_info
};
+
+static const mbedtls_cipher_info_t aria_128_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 128,
+ "ARIA-128-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 192,
+ "ARIA-192-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ccm_star_no_tag_info = {
+ MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,
+ MBEDTLS_MODE_CCM_STAR_NO_TAG,
+ 256,
+ "ARIA-256-CCM*-NO-TAG",
+ 12,
+ MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+ 16,
+ &ccm_aria_info
+};
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_ARIA_C */
@@ -2055,6 +2154,9 @@
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
+ { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info },
#endif
#endif /* MBEDTLS_AES_C */
@@ -2086,6 +2188,9 @@
{ MBEDTLS_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
{ MBEDTLS_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
{ MBEDTLS_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
+ { MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG, &camellia_128_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG, &camellia_192_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG, &camellia_256_ccm_star_no_tag_info },
#endif
#endif /* MBEDTLS_CAMELLIA_C */
@@ -2117,6 +2222,9 @@
{ MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info },
{ MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info },
{ MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info },
+ { MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG, &aria_128_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG, &aria_192_ccm_star_no_tag_info },
+ { MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG, &aria_256_ccm_star_no_tag_info },
#endif
#endif /* MBEDTLS_ARIA_C */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3670071..d713ac8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -623,8 +623,8 @@
return( alg1 );
/* If the policies are from the same hash-and-sign family, check
* if one is a wildcard. If so the other has the specific algorithm. */
- if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) &&
- PSA_ALG_IS_HASH_AND_SIGN( alg2 ) &&
+ if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
+ PSA_ALG_IS_SIGN_HASH( alg2 ) &&
( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
{
if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
@@ -726,7 +726,7 @@
/* If policy_alg is a hash-and-sign with a wildcard for the hash,
* and requested_alg is the same hash-and-sign family with any hash,
* then requested_alg is compliant with policy_alg. */
- if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) &&
+ if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
{
return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
@@ -2644,7 +2644,7 @@
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if ( PSA_ALG_IS_SIGN_HASH( alg ) )
{
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -2652,7 +2652,7 @@
}
else
{
- if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
}
@@ -2802,7 +2802,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if ( PSA_ALG_IS_SIGN_HASH( alg ) )
{
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
@@ -2849,7 +2849,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if ( PSA_ALG_IS_SIGN_HASH( alg ) )
{
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
@@ -3595,7 +3595,12 @@
.core = slot->attr
};
- if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+ if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index ce8ab5c..07c6a00 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -92,6 +92,9 @@
case PSA_ALG_CBC_PKCS7:
mode = MBEDTLS_MODE_CBC;
break;
+ case PSA_ALG_CCM_STAR_NO_TAG:
+ mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
+ break;
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
mode = MBEDTLS_MODE_CCM;
break;
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 2c079d4..7e0a832 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -42,29 +42,6 @@
#endif
#if defined(BUILTIN_ALG_HMAC)
-static size_t psa_get_hash_block_size( psa_algorithm_t alg )
-{
- switch( alg )
- {
- case PSA_ALG_MD5:
- return( 64 );
- case PSA_ALG_RIPEMD160:
- return( 64 );
- case PSA_ALG_SHA_1:
- return( 64 );
- case PSA_ALG_SHA_224:
- return( 64 );
- case PSA_ALG_SHA_256:
- return( 64 );
- case PSA_ALG_SHA_384:
- return( 128 );
- case PSA_ALG_SHA_512:
- return( 128 );
- default:
- return( 0 );
- }
-}
-
static psa_status_t psa_hmac_abort_internal(
mbedtls_psa_hmac_operation_t *hmac )
{
@@ -81,7 +58,7 @@
uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
size_t i;
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- size_t block_size = psa_get_hash_block_size( hash_alg );
+ size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
psa_status_t status;
hmac->alg = hash_alg;
@@ -153,7 +130,7 @@
uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0;
- size_t block_size = psa_get_hash_block_size( hash_alg );
+ size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
psa_status_t status;
status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9120aa2..8c5c024 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -89,10 +89,10 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
size_t hostname_len;
@@ -309,27 +309,32 @@
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
- const mbedtls_ecp_group_id *grp_id;
-
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
*olen = 0;
+ /* Check there is room for header */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding supported_elliptic_curves extension" ) );
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for( grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for( ; *group_list != 0; group_list++ )
{
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "invalid curve in ssl configuration" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
+
+ /* Check there is room for another curve */
+ MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
+
+ MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
elliptic_curve_len += 2;
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
@@ -344,19 +349,6 @@
if( elliptic_curve_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
-
- elliptic_curve_len = 0;
-
- for( grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
- elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
- }
-
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
p += 2;
@@ -1176,10 +1168,10 @@
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret );
return( ret );
}
ext_len += olen;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index dbef6aa..362117f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -307,8 +307,6 @@
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
#endif
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-
#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
@@ -522,14 +520,6 @@
unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
} mbedtls_ssl_tls1_3_handshake_secrets;
-typedef struct
-{
- unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
- unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_application_secrets;
-
/*
* This structure contains the parameters only needed during handshake.
*/
@@ -542,6 +532,11 @@
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ const uint16_t *group_list;
+ unsigned char group_list_heap_allocated;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
@@ -714,6 +709,38 @@
* but can be overwritten by the HRR. */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+ /*
+ * State-local variables used during the processing
+ * of a specific handshake state.
+ */
+ union
+ {
+ /* Outgoing Finished message */
+ struct
+ {
+ uint8_t preparation_done;
+
+ /* Buffer holding digest of the handshake up to
+ * but excluding the outgoing finished message. */
+ unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t digest_len;
+ } finished_out;
+
+ /* Incoming Finished message */
+ struct
+ {
+ uint8_t preparation_done;
+
+ /* Buffer holding digest of the handshake up to but
+ * excluding the peer's incoming finished message. */
+ unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t digest_len;
+ } finished_in;
+
+ } state_local;
+
+ /* End of state-local variables. */
+
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
size_t pmslen; /*!< premaster length */
@@ -1032,6 +1059,13 @@
void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen );
+#endif
+
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
@@ -1150,6 +1184,8 @@
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
+
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
@@ -1593,17 +1629,17 @@
*/
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
{
- return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
}
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
{
- return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
+ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
}
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
@@ -1634,6 +1670,11 @@
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
/*
+ * Generic handler of Certificate Verify
+ */
+int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
+
+/*
* Write TLS 1.3 handshake message tail
*/
int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
@@ -1672,4 +1713,27 @@
size_t dst_len,
size_t *olen );
+/*
+ * Return supported groups.
+ *
+ * In future, invocations can be changed to ssl->conf->group_list
+ * when mbedtls_ssl_conf_curves() is deleted.
+ *
+ * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
+ * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
+ * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
+ *
+ */
+static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
+{
+ #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
+ return( ssl->conf->group_list );
+ #else
+ if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
+ return( ssl->handshake->group_list );
+ else
+ return( ssl->conf->group_list );
+ #endif
+}
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e27fdff..881b1fd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3036,14 +3036,16 @@
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
- const mbedtls_ecp_group_id *gid;
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* Match our preference list against the offered curves */
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ for( ; *group_list != 0; group_list++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
- if( (*curve)->grp_id == *gid )
+ if( (*curve)->tls_id == *group_list )
goto curve_matching_done;
curve_matching_done:
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d91f231..48a6369 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3073,6 +3073,52 @@
}
#endif
+/*
+ * curve_list is translated to IANA TLS group identifiers here because
+ * mbedtls_ssl_conf_curves returns void and so can't return
+ * any error codes.
+ */
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ /* Heap allocate and translate curve_list from internal to IANA group ids */
+ if ( ssl->conf->curve_list != NULL )
+ {
+ size_t length;
+ const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
+
+ for( length = 0; ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
+ ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
+
+ /* Leave room for zero termination */
+ uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
+ if ( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ for( size_t i = 0; i < length; i++ )
+ {
+ const mbedtls_ecp_curve_info *info =
+ mbedtls_ecp_curve_info_from_grp_id( curve_list[i] );
+ if ( info == NULL )
+ {
+ mbedtls_free( group_list );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
+ group_list[i] = info->tls_id;
+ }
+
+ group_list[length] = 0;
+
+ ssl->handshake->group_list = group_list;
+ ssl->handshake->group_list_heap_allocated = 1;
+ }
+ else
+ {
+ ssl->handshake->group_list = ssl->conf->group_list;
+ ssl->handshake->group_list_heap_allocated = 0;
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
return( 0 );
}
@@ -3928,16 +3974,36 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
+ *
+ * mbedtls_ssl_setup() takes the provided list
+ * and translates it to a list of IANA TLS group identifiers,
+ * stored in ssl->handshake->group_list.
+ *
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list )
{
conf->curve_list = curve_list;
+ conf->group_list = NULL;
}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
+/*
+ * Set the allowed groups
+ */
+void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
+ const uint16_t *group_list )
+{
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
+#endif
+ conf->group_list = group_list;
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
{
@@ -5379,6 +5445,14 @@
if( handshake == NULL )
return;
+#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ if ( ssl->handshake->group_list_heap_allocated )
+ mbedtls_free( (void*) handshake->group_list );
+ handshake->group_list = NULL;
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECP_C */
+
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
{
@@ -6235,41 +6309,39 @@
};
#endif
-#if defined(MBEDTLS_ECP_C)
/* The selection should be the same as mbedtls_x509_crt_profile_default in
* x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters:
* curves with a lower resource usage come first.
* See the documentation of mbedtls_ssl_conf_curves() for what we promise
* about this list.
*/
-static mbedtls_ecp_group_id ssl_preset_default_curves[] = {
+static uint16_t ssl_preset_default_groups[] = {
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- MBEDTLS_ECP_DP_CURVE25519,
+ MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_ECP_DP_SECP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
- MBEDTLS_ECP_DP_CURVE448,
+ MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- MBEDTLS_ECP_DP_SECP521R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
- MBEDTLS_ECP_DP_BP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
- MBEDTLS_ECP_DP_BP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
- MBEDTLS_ECP_DP_BP512R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
- MBEDTLS_ECP_DP_NONE
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-#endif
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -6316,17 +6388,15 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
-static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
+static uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_ECP_DP_SECP384R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
- MBEDTLS_ECP_DP_NONE
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-#endif
/*
* Load default in mbedtls_ssl_config
@@ -6440,9 +6510,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif
-#if defined(MBEDTLS_ECP_C)
- conf->curve_list = ssl_preset_suiteb_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
#endif
+ conf->group_list = ssl_preset_suiteb_groups;
break;
/*
@@ -6477,9 +6548,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_ECP_C)
- conf->curve_list = ssl_preset_default_curves;
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+ conf->curve_list = NULL;
#endif
+ conf->group_list = ssl_preset_default_groups;
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
conf->dhm_min_bitlen = 1024;
@@ -6703,14 +6775,17 @@
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
- const mbedtls_ecp_group_id *gid;
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( -1 );
+ uint16_t tls_id = mbedtls_ecp_curve_info_from_grp_id(grp_id)->tls_id;
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- if( *gid == grp_id )
+ for( ; *group_list != 0; group_list++ )
+ {
+ if( *group_list == tls_id )
return( 0 );
+ }
return( -1 );
}
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0fb09c4..6deab2a 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -137,36 +137,35 @@
* 'elliptic_curves' and only contained elliptic curve groups.
*/
static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
*olen = 0;
- if( ssl->conf->curve_list == NULL )
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
continue;
- if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+ if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
continue;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
- MBEDTLS_PUT_UINT16_BE( info->tls_id, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
- mbedtls_ecp_curve_info_from_tls_id( info->tls_id )->name,
- info->tls_id ) );
+ info->name, *group_list ) );
}
*olen = p - buf;
@@ -321,20 +320,19 @@
#if defined(MBEDTLS_ECDH_C)
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
/* Pick first available ECDHE group compatible with TLS 1.3 */
- if( ssl->conf->curve_list == NULL )
+ if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- for ( const mbedtls_ecp_group_id *grp_id = ssl->conf->curve_list;
- *grp_id != MBEDTLS_ECP_DP_NONE;
- grp_id++ )
+ for ( ; *group_list != 0; group_list++ )
{
const mbedtls_ecp_curve_info *info;
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+ info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info != NULL &&
- mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
+ mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
{
- *group_id = info->tls_id;
+ *group_id = *group_list;
return( 0 );
}
}
@@ -800,6 +798,14 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ /* Write server name extension */
+ ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
/* Add more extensions here */
/* Write the length of the list of extensions. */
@@ -1584,7 +1590,12 @@
*/
static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
+ int ret;
+
+ ret = mbedtls_ssl_tls13_process_certificate_verify( ssl );
+ if( ret != 0 )
+ return( ret );
+
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
return( 0 );
}
@@ -1594,27 +1605,12 @@
*/
static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
- return( 0 );
-}
+ int ret;
-/*
- * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
- */
-static int ssl_tls1_3_write_client_certificate( mbedtls_ssl_context *ssl )
-{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
- return( 0 );
-}
+ ret = mbedtls_ssl_tls13_process_finished_message( ssl );
+ if( ret != 0 )
+ return( ret );
-/*
- * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
- */
-static int ssl_tls1_3_write_client_certificate_verify( mbedtls_ssl_context *ssl )
-{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}
@@ -1692,14 +1688,6 @@
ret = ssl_tls1_3_process_server_finished( ssl );
break;
- case MBEDTLS_SSL_CLIENT_CERTIFICATE:
- ret = ssl_tls1_3_write_client_certificate( ssl );
- break;
-
- case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
- ret = ssl_tls1_3_write_client_certificate_verify( ssl );
- break;
-
case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls1_3_write_client_finished( ssl );
break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c8601ce..b2a70f3 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -23,14 +23,15 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#include <string.h>
+
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/platform.h"
#include "ssl_misc.h"
-#include <mbedtls/debug.h>
-#include <mbedtls/oid.h>
-#include <mbedtls/platform.h>
-
+#include "ssl_tls13_keys.h"
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
@@ -217,8 +218,300 @@
return( 0 );
}
+/*
+ * STATE HANDLING: Read CertificateVerify
+ */
+/* Macro to express the maximum length of the verify structure.
+ *
+ * The structure is computed per TLS 1.3 specification as:
+ * - 64 bytes of octet 32,
+ * - 33 bytes for the context string
+ * (which is either "TLS 1.3, client CertificateVerify"
+ * or "TLS 1.3, server CertificateVerify"),
+ * - 1 byte for the octet 0x0, which serves as a separator,
+ * - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate)
+ * (depending on the size of the transcript_hash)
+ *
+ * This results in a total size of
+ * - 130 bytes for a SHA256-based transcript hash, or
+ * (64 + 33 + 1 + 32 bytes)
+ * - 146 bytes for a SHA384-based transcript hash.
+ * (64 + 33 + 1 + 48 bytes)
+ *
+ */
+#define SSL_VERIFY_STRUCT_MAX_SIZE ( 64 + \
+ 33 + \
+ 1 + \
+ MBEDTLS_TLS1_3_MD_MAX_SIZE \
+ )
+
+/*
+ * The ssl_tls13_create_verify_structure() creates the verify structure.
+ * As input, it requires the transcript hash.
+ *
+ * The caller has to ensure that the buffer has size at least
+ * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
+ */
+static void ssl_tls13_create_verify_structure( const unsigned char *transcript_hash,
+ size_t transcript_hash_len,
+ unsigned char *verify_buffer,
+ size_t *verify_buffer_len,
+ int from )
+{
+ size_t idx;
+
+ /* RFC 8446, Section 4.4.3:
+ *
+ * The digital signature [in the CertificateVerify message] is then
+ * computed over the concatenation of:
+ * - A string that consists of octet 32 (0x20) repeated 64 times
+ * - The context string
+ * - A single 0 byte which serves as the separator
+ * - The content to be signed
+ */
+ memset( verify_buffer, 0x20, 64 );
+ idx = 64;
+
+ if( from == MBEDTLS_SSL_IS_CLIENT )
+ {
+ memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
+ idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
+ }
+ else
+ { /* from == MBEDTLS_SSL_IS_SERVER */
+ memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
+ idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
+ }
+
+ verify_buffer[idx++] = 0x0;
+
+ memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
+ idx += transcript_hash_len;
+
+ *verify_buffer_len = idx;
+}
+
+static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
+ uint16_t sig_alg )
+{
+ const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
+
+ for( ; *tls13_sig_alg != MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
+ {
+ if( *tls13_sig_alg == sig_alg )
+ return( 1 );
+ }
+ return( 0 );
+}
+
+static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end,
+ const unsigned char *verify_buffer,
+ size_t verify_buffer_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const unsigned char *p = buf;
+ uint16_t algorithm;
+ size_t signature_len;
+ mbedtls_pk_type_t sig_alg;
+ mbedtls_md_type_t md_alg;
+ unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
+ size_t verify_hash_len;
+
+ /*
+ * struct {
+ * SignatureScheme algorithm;
+ * opaque signature<0..2^16-1>;
+ * } CertificateVerify;
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ algorithm = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ /* RFC 8446 section 4.4.3
+ *
+ * If the CertificateVerify message is sent by a server, the signature algorithm
+ * MUST be one offered in the client's "signature_algorithms" extension unless
+ * no valid certificate chain can be produced without unsupported algorithms
+ *
+ * RFC 8446 section 4.4.2.2
+ *
+ * If the client cannot construct an acceptable chain using the provided
+ * certificates and decides to abort the handshake, then it MUST abort the handshake
+ * with an appropriate certificate-related alert (by default, "unsupported_certificate").
+ *
+ * Check if algorithm is an offered signature algorithm.
+ */
+ if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) )
+ {
+ /* algorithm not in offered signature algorithms list */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
+ "offered.",
+ ( unsigned int ) algorithm ) );
+ goto error;
+ }
+
+ /* We currently only support ECDSA-based signatures */
+ switch( algorithm )
+ {
+ case MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256:
+ md_alg = MBEDTLS_MD_SHA256;
+ sig_alg = MBEDTLS_PK_ECDSA;
+ break;
+ case MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384:
+ md_alg = MBEDTLS_MD_SHA384;
+ sig_alg = MBEDTLS_PK_ECDSA;
+ break;
+ case MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512:
+ md_alg = MBEDTLS_MD_SHA512;
+ sig_alg = MBEDTLS_PK_ECDSA;
+ break;
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
+ goto error;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
+ ( unsigned int ) algorithm ) );
+
+ /*
+ * Check the certificate's key type matches the signature alg
+ */
+ if( !mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, sig_alg ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm doesn't match cert key" ) );
+ goto error;
+ }
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ signature_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, signature_len );
+
+ /* Hash verify buffer with indicated hash function */
+ switch( md_alg )
+ {
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA256:
+ verify_hash_len = 32;
+ ret = mbedtls_sha256( verify_buffer, verify_buffer_len, verify_hash, 0 );
+ break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_MD_SHA384:
+ verify_hash_len = 48;
+ ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 1 );
+ break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA512:
+ verify_hash_len = 64;
+ ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 0 );
+ break;
+#endif /* MBEDTLS_SHA512_C */
+
+ default:
+ ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ break;
+ }
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret );
+ goto error;
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+
+ if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,
+ &ssl->session_negotiate->peer_cert->pk,
+ md_alg, verify_hash, verify_hash_len,
+ p, signature_len ) ) == 0 )
+ {
+ return( 0 );
+ }
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
+
+error:
+ /* RFC 8446 section 4.4.3
+ *
+ * If the verification fails, the receiver MUST terminate the handshake
+ * with a "decrypt_error" alert.
+ */
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+
+}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
+{
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
+ size_t verify_buffer_len;
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t transcript_len;
+ unsigned char *buf;
+ size_t buf_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+ MBEDTLS_SSL_PROC_CHK(
+ mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+
+ /* Need to calculate the hash of the transcript first
+ * before reading the message since otherwise it gets
+ * included in the transcript
+ */
+ ret = mbedtls_ssl_get_handshake_transcript( ssl,
+ ssl->handshake->ciphersuite_info->mac,
+ transcript, sizeof( transcript ),
+ &transcript_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+ MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len );
+
+ /* Create verify structure */
+ ssl_tls13_create_verify_structure( transcript,
+ transcript_len,
+ verify_buffer,
+ &verify_buffer_len,
+ ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ?
+ MBEDTLS_SSL_IS_SERVER :
+ MBEDTLS_SSL_IS_CLIENT );
+
+ /* Process the message contents */
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
+ buf + buf_len, verify_buffer, verify_buffer_len ) );
+
+ mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_process_certificate_verify", ret );
+ return( ret );
+#else
+ ((void) ssl);
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+}
+
/*
*
* STATE HANDLING: Incoming Certificate, client-side only currently.
@@ -552,6 +845,176 @@
return( ret );
}
+/*
+ *
+ * STATE HANDLING: Incoming Finished message.
+ */
+/*
+ * Implementation
+ */
+
+static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
+{
+ int ret;
+
+ ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
+ ssl->handshake->state_local.finished_in.digest,
+ sizeof( ssl->handshake->state_local.finished_in.digest ),
+ &ssl->handshake->state_local.finished_in.digest_len,
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
+ MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret );
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ /*
+ * struct {
+ * opaque verify_data[Hash.length];
+ * } Finished;
+ */
+ const unsigned char *expected_verify_data =
+ ssl->handshake->state_local.finished_in.digest;
+ size_t expected_verify_data_len =
+ ssl->handshake->state_local.finished_in.digest_len;
+ /* Structural validation */
+ if( (size_t)( end - buf ) != expected_verify_data_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):",
+ expected_verify_data,
+ expected_verify_data_len );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf,
+ expected_verify_data_len );
+
+ /* Semantic validation */
+ if( mbedtls_ssl_safer_memcmp( buf,
+ expected_verify_data,
+ expected_verify_data_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_CLI_C)
+static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_key_set traffic_keys;
+ mbedtls_ssl_transform *transform_application = NULL;
+
+ ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls13_key_schedule_stage_application", ret );
+ goto cleanup;
+ }
+
+ ret = mbedtls_ssl_tls13_generate_application_keys( ssl, &traffic_keys );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls13_generate_application_keys", ret );
+ goto cleanup;
+ }
+
+ transform_application =
+ mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
+ if( transform_application == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto cleanup;
+ }
+
+ ret = mbedtls_ssl_tls13_populate_transform(
+ transform_application,
+ ssl->conf->endpoint,
+ ssl->session_negotiate->ciphersuite,
+ &traffic_keys,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+ goto cleanup;
+ }
+
+ ssl->transform_application = transform_application;
+
+cleanup:
+
+ mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
+ if( ret != 0 )
+ {
+ mbedtls_free( transform_application );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+static int ssl_tls13_postprocess_finished_message( mbedtls_ssl_context* ssl )
+{
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ return( ssl_tls13_postprocess_server_finished_message( ssl ) );
+ }
+#else
+ ((void) ssl);
+#endif /* MBEDTLS_SSL_CLI_C */
+
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buflen;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) );
+
+ /* Preprocessing step: Compute handshake digest */
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_FINISHED,
+ &buf, &buflen ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
+ mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished message" ) );
+ return( ret );
+}
+
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 96f5310..3ca28d5 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -564,6 +564,35 @@
return( 0 );
}
+int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+#endif /* MBEDTLS_DEBUG_C */
+
+ /*
+ * Compute MasterSecret
+ */
+ ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+ handshake->tls1_3_master_secrets.handshake,
+ NULL, 0,
+ handshake->tls1_3_master_secrets.app );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
+ handshake->tls1_3_master_secrets.app, md_size );
+
+ return( 0 );
+}
+
static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
unsigned char const *base_key,
unsigned char const *transcript,
@@ -614,6 +643,57 @@
return( ret );
}
+int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
+ unsigned char* dst,
+ size_t dst_len,
+ size_t *actual_len,
+ int from )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t transcript_len;
+
+ unsigned char const *base_key = NULL;
+
+ mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+ const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
+
+ if( dst_len < md_size )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+ transcript, sizeof( transcript ),
+ &transcript_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret );
+ goto exit;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
+
+ if( from == MBEDTLS_SSL_IS_CLIENT )
+ base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
+ else
+ base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
+
+ ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
+ if( ret != 0 )
+ goto exit;
+ *actual_len = md_size;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
+
+exit:
+
+ mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
+ return( ret );
+}
+
int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
@@ -1028,4 +1108,125 @@
return( 0 );
}
+/* Generate application traffic keys since any records following a 1-RTT Finished message
+ * MUST be encrypted under the application traffic key.
+ */
+int mbedtls_ssl_tls13_generate_application_keys(
+ mbedtls_ssl_context *ssl,
+ mbedtls_ssl_key_set *traffic_keys )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /* Address at which to store the application secrets */
+ mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
+ &ssl->session_negotiate->app_secrets;
+
+ /* Holding the transcript up to and including the ServerFinished */
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t transcript_len;
+
+ /* Variables relating to the hash for the chosen ciphersuite. */
+ mbedtls_md_type_t md_type;
+ mbedtls_md_info_t const *md_info;
+ size_t md_size;
+
+ /* Variables relating to the cipher for the chosen ciphersuite. */
+ mbedtls_cipher_info_t const *cipher_info;
+ size_t keylen, ivlen;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
+
+ /* Extract basic information about hash and ciphersuite */
+
+ cipher_info = mbedtls_cipher_info_from_type(
+ handshake->ciphersuite_info->cipher );
+ keylen = cipher_info->key_bitlen / 8;
+ ivlen = cipher_info->iv_size;
+
+ md_type = handshake->ciphersuite_info->mac;
+ md_info = mbedtls_md_info_from_type( md_type );
+ md_size = mbedtls_md_get_size( md_info );
+
+ /* Compute current handshake transcript. It's the caller's responsiblity
+ * to call this at the right time, that is, after the ServerFinished. */
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+ transcript, sizeof( transcript ),
+ &transcript_len );
+ if( ret != 0 )
+ goto cleanup;
+
+ /* Compute application secrets from master secret and transcript hash. */
+
+ ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
+ handshake->tls1_3_master_secrets.app,
+ transcript, transcript_len,
+ app_secrets );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls1_3_derive_application_secrets", ret );
+ goto cleanup;
+ }
+
+ /* Derive first epoch of IV + Key for application traffic. */
+
+ ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+ app_secrets->client_application_traffic_secret_N,
+ app_secrets->server_application_traffic_secret_N,
+ md_size, keylen, ivlen, traffic_keys );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+ goto cleanup;
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
+ app_secrets->client_application_traffic_secret_N,
+ md_size );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret",
+ app_secrets->server_application_traffic_secret_N,
+ md_size );
+
+ /*
+ * Export client/server application traffic secret 0
+ */
+ if( ssl->f_export_keys != NULL )
+ {
+ ssl->f_export_keys( ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+ app_secrets->client_application_traffic_secret_N, md_size,
+ handshake->randbytes + 32,
+ handshake->randbytes,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+ a new constant for TLS 1.3! */ );
+
+ ssl->f_export_keys( ssl->p_export_keys,
+ MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+ app_secrets->server_application_traffic_secret_N, md_size,
+ handshake->randbytes + 32,
+ handshake->randbytes,
+ MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+ a new constant for TLS 1.3! */ );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
+ traffic_keys->client_write_key, keylen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",
+ traffic_keys->server_write_key, keylen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV",
+ traffic_keys->client_write_iv, ivlen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV",
+ traffic_keys->server_write_iv, ivlen );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
+
+ cleanup:
+
+ mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
+ return( ret );
+}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 384f433..d598448 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -22,25 +22,27 @@
/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
* below. */
-#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
- MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" )
+#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
+ MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( client_cv , "TLS 1.3, client CertificateVerify" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( server_cv , "TLS 1.3, server CertificateVerify" )
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
const unsigned char name [ sizeof(string) - 1 ];
@@ -57,9 +59,12 @@
extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
+#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL ) \
+ sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
+
#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \
mbedtls_ssl_tls1_3_labels.LABEL, \
- sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
+ MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
sizeof( union mbedtls_ssl_tls1_3_labels_union )
@@ -565,4 +570,65 @@
int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
mbedtls_ssl_key_set *traffic_keys );
+/**
+ * \brief Transition into application stage of TLS 1.3 key schedule.
+ *
+ * The TLS 1.3 key schedule can be viewed as a simple state machine
+ * with states Initial -> Early -> Handshake -> Application, and
+ * this function represents the Handshake -> Application transition.
+ *
+ * In the handshake stage, mbedtls_ssl_tls13_generate_application_keys()
+ * can be used to derive the handshake traffic keys.
+ *
+ * \param ssl The SSL context to operate on. This must be in key schedule
+ * stage \c Handshake.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Compute TLS 1.3 application traffic keys.
+ *
+ * \param ssl The SSL context to operate on. This must be in
+ * key schedule stage \c Application, see
+ * mbedtls_ssl_tls13_key_schedule_stage_application().
+ * \param traffic_keys The address at which to store the application traffic key
+ * keys. This must be writable but may be uninitialized.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_generate_application_keys(
+ mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
+
+/**
+ * \brief Calculate the verify_data value for the client or server TLS 1.3
+ * Finished message.
+ *
+ * \param ssl The SSL context to operate on. This must be in
+ * key schedule stage \c Handshake, see
+ * mbedtls_ssl_tls13_key_schedule_stage_application().
+ * \param dst The address at which to write the verify_data value.
+ * \param dst_len The size of \p dst in bytes.
+ * \param actual_len The address at which to store the amount of data
+ * actually written to \p dst upon success.
+ * \param which The message to calculate the `verify_data` for:
+ * - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message
+ * - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message
+ *
+ * \note Both client and server call this function twice, once to
+ * generate their own Finished message, and once to verify the
+ * peer's Finished message.
+
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
+ unsigned char *dst,
+ size_t dst_len,
+ size_t *actual_len,
+ int which );
+
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f872e60..29bda7f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -678,7 +678,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
- mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+ uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1452,7 +1452,7 @@
if( strcmp( p, "none" ) == 0 )
{
- curve_list[0] = MBEDTLS_ECP_DP_NONE;
+ group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@@ -1469,7 +1469,7 @@
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
- curve_list[i++] = curve_cur->grp_id;
+ group_list[i++] = curve_cur->tls_id;
}
else
{
@@ -1495,7 +1495,7 @@
goto exit;
}
- curve_list[i] = MBEDTLS_ECP_DP_NONE;
+ group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@@ -1889,7 +1889,7 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c0f3196..4d785d7 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1340,7 +1340,7 @@
sni_entry *sni_info = NULL;
#endif
#if defined(MBEDTLS_ECP_C)
- mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
+ uint16_t group_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info * curve_cur;
#endif
#if defined(MBEDTLS_SSL_ALPN)
@@ -2196,7 +2196,7 @@
if( strcmp( p, "none" ) == 0 )
{
- curve_list[0] = MBEDTLS_ECP_DP_NONE;
+ group_list[0] = 0;
}
else if( strcmp( p, "default" ) != 0 )
{
@@ -2213,7 +2213,7 @@
if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
{
- curve_list[i++] = curve_cur->grp_id;
+ group_list[i++] = curve_cur->tls_id;
}
else
{
@@ -2239,7 +2239,7 @@
goto exit;
}
- curve_list[i] = MBEDTLS_ECP_DP_NONE;
+ group_list[i] = 0;
}
}
#endif /* MBEDTLS_ECP_C */
@@ -2903,7 +2903,7 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_groups( &conf, group_list );
}
#endif
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
new file mode 100755
index 0000000..85393d0
--- /dev/null
+++ b/scripts/code_size_compare.py
@@ -0,0 +1,226 @@
+#!/usr/bin/env python3
+
+"""
+Purpose
+
+This script is for comparing the size of the library files from two
+different Git revisions within an Mbed TLS repository.
+The results of the comparison is formatted as csv and stored at a
+configurable location.
+Note: must be run from Mbed TLS root.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import os
+import subprocess
+import sys
+
+class CodeSizeComparison:
+ """Compare code size between two Git revisions."""
+
+ def __init__(self, old_revision, new_revision, result_dir):
+ """
+ old_revision: revision to compare against
+ new_revision:
+ result_dir: directory for comparision result
+ """
+ self.repo_path = "."
+ self.result_dir = os.path.abspath(result_dir)
+ os.makedirs(self.result_dir, exist_ok=True)
+
+ self.csv_dir = os.path.abspath("code_size_records/")
+ os.makedirs(self.csv_dir, exist_ok=True)
+
+ self.old_rev = old_revision
+ self.new_rev = new_revision
+ self.git_command = "git"
+ self.make_command = "make"
+
+ @staticmethod
+ def check_repo_path():
+ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
+ raise Exception("Must be run from Mbed TLS root")
+
+ @staticmethod
+ def validate_revision(revision):
+ result = subprocess.check_output(["git", "rev-parse", "--verify",
+ revision + "^{commit}"], shell=False)
+ return result
+
+ def _create_git_worktree(self, revision):
+ """Make a separate worktree for revision.
+ Do not modify the current worktree."""
+
+ if revision == "current":
+ print("Using current work directory.")
+ git_worktree_path = self.repo_path
+ else:
+ print("Creating git worktree for", revision)
+ git_worktree_path = os.path.join(self.repo_path, "temp-" + revision)
+ subprocess.check_output(
+ [self.git_command, "worktree", "add", "--detach",
+ git_worktree_path, revision], cwd=self.repo_path,
+ stderr=subprocess.STDOUT
+ )
+ return git_worktree_path
+
+ def _build_libraries(self, git_worktree_path):
+ """Build libraries in the specified worktree."""
+
+ my_environment = os.environ.copy()
+ subprocess.check_output(
+ [self.make_command, "-j", "lib"], env=my_environment,
+ cwd=git_worktree_path, stderr=subprocess.STDOUT,
+ )
+
+ def _gen_code_size_csv(self, revision, git_worktree_path):
+ """Generate code size csv file."""
+
+ csv_fname = revision + ".csv"
+ if revision == "current":
+ print("Measuring code size in current work directory.")
+ else:
+ print("Measuring code size for", revision)
+ result = subprocess.check_output(
+ ["size library/*.o"], cwd=git_worktree_path, shell=True
+ )
+ size_text = result.decode()
+ csv_file = open(os.path.join(self.csv_dir, csv_fname), "w")
+ for line in size_text.splitlines()[1:]:
+ data = line.split()
+ csv_file.write("{}, {}\n".format(data[5], data[3]))
+
+ def _remove_worktree(self, git_worktree_path):
+ """Remove temporary worktree."""
+ if git_worktree_path != self.repo_path:
+ print("Removing temporary worktree", git_worktree_path)
+ subprocess.check_output(
+ [self.git_command, "worktree", "remove", "--force",
+ git_worktree_path], cwd=self.repo_path,
+ stderr=subprocess.STDOUT
+ )
+
+ def _get_code_size_for_rev(self, revision):
+ """Generate code size csv file for the specified git revision."""
+
+ # Check if the corresponding record exists
+ csv_fname = revision + ".csv"
+ if (revision != "current") and \
+ os.path.exists(os.path.join(self.csv_dir, csv_fname)):
+ print("Code size csv file for", revision, "already exists.")
+ else:
+ git_worktree_path = self._create_git_worktree(revision)
+ self._build_libraries(git_worktree_path)
+ self._gen_code_size_csv(revision, git_worktree_path)
+ self._remove_worktree(git_worktree_path)
+
+ def compare_code_size(self):
+ """Generate results of the size changes between two revisions,
+ old and new. Measured code size results of these two revisions
+ must be available."""
+
+ old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r")
+ new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r")
+ res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev
+ + "-" + self.new_rev + ".csv"), "w")
+
+ res_file.write("file_name, this_size, old_size, change, change %\n")
+ print("Generating comparision results.")
+
+ old_ds = {}
+ for line in old_file.readlines()[1:]:
+ cols = line.split(", ")
+ fname = cols[0]
+ size = int(cols[1])
+ if size != 0:
+ old_ds[fname] = size
+
+ new_ds = {}
+ for line in new_file.readlines()[1:]:
+ cols = line.split(", ")
+ fname = cols[0]
+ size = int(cols[1])
+ new_ds[fname] = size
+
+ for fname in new_ds:
+ this_size = new_ds[fname]
+ if fname in old_ds:
+ old_size = old_ds[fname]
+ change = this_size - old_size
+ change_pct = change / old_size
+ res_file.write("{}, {}, {}, {}, {:.2%}\n".format(fname, \
+ this_size, old_size, change, float(change_pct)))
+ else:
+ res_file.write("{}, {}\n".format(fname, this_size))
+ return 0
+
+ def get_comparision_results(self):
+ """Compare size of library/*.o between self.old_rev and self.new_rev,
+ and generate the result file."""
+ self.check_repo_path()
+ self._get_code_size_for_rev(self.old_rev)
+ self._get_code_size_for_rev(self.new_rev)
+ return self.compare_code_size()
+
+def main():
+ parser = argparse.ArgumentParser(
+ description=(
+ """This script is for comparing the size of the library files
+ from two different Git revisions within an Mbed TLS repository.
+ The results of the comparison is formatted as csv, and stored at
+ a configurable location.
+ Note: must be run from Mbed TLS root."""
+ )
+ )
+ parser.add_argument(
+ "-r", "--result-dir", type=str, default="comparison",
+ help="directory where comparison result is stored, \
+ default is comparison",
+ )
+ parser.add_argument(
+ "-o", "--old-rev", type=str, help="old revision for comparison.",
+ required=True,
+ )
+ parser.add_argument(
+ "-n", "--new-rev", type=str, default=None,
+ help="new revision for comparison, default is the current work \
+ directory, including uncommited changes."
+ )
+ comp_args = parser.parse_args()
+
+ if os.path.isfile(comp_args.result_dir):
+ print("Error: {} is not a directory".format(comp_args.result_dir))
+ parser.exit()
+
+ validate_res = CodeSizeComparison.validate_revision(comp_args.old_rev)
+ old_revision = validate_res.decode().replace("\n", "")
+
+ if comp_args.new_rev is not None:
+ validate_res = CodeSizeComparison.validate_revision(comp_args.new_rev)
+ new_revision = validate_res.decode().replace("\n", "")
+ else:
+ new_revision = "current"
+
+ result_dir = comp_args.result_dir
+ size_compare = CodeSizeComparison(old_revision, new_revision, result_dir)
+ return_code = size_compare.get_comparision_results()
+ sys.exit(return_code)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index d01e143..6a46e42 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -83,8 +83,6 @@
out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
-
-
def write_data_file(filename: str,
test_cases: Iterable[TestCase],
caller: Optional[str] = None) -> None:
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 39fb210..0d9cb36 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -96,7 +96,7 @@
if _implemented_dependencies is None:
_implemented_dependencies = \
read_implemented_dependencies('include/psa/crypto_config.h')
- if not all(dep.lstrip('!') in _implemented_dependencies
+ if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep)
for dep in dependencies):
dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
@@ -155,30 +155,8 @@
tc.set_arguments([key_type] + list(args))
return tc
-def test_case_for_key_type_invalid_argument(
- verb: str, key_type: str, bits: int,
- dependencies: List[str],
- *args: str,
- param_descr: str = ''
-) -> test_case.TestCase:
- """Return one test case exercising a key creation method
- for an invalid argument when key is public.
- """
- hack_dependencies_not_implemented(dependencies)
- tc = test_case.TestCase()
- short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
- adverb = 'not' if dependencies else 'never'
- if param_descr:
- adverb = param_descr + ' ' + adverb
- tc.set_description('PSA {} {} {}-bit invalid argument'
- .format(verb, short_key_type, bits))
- tc.set_function(verb + '_invalid_argument')
- tc.set_dependencies(dependencies)
- tc.set_arguments([key_type] + list(args))
- return tc
-
class NotSupported:
- """Generate test cases for when something is not supported or argument is inavlid."""
+ """Generate test cases for when something is not supported."""
def __init__(self, info: Information) -> None:
self.constructors = info.constructors
@@ -193,13 +171,11 @@
param: Optional[int] = None,
param_descr: str = '',
) -> Iterator[test_case.TestCase]:
- """Return test cases exercising key creation when the given type is unsupported
- or argument is invalid.
+ """Return test cases exercising key creation when the given type is unsupported.
If param is present and not None, emit test cases conditioned on this
parameter not being supported. If it is absent or None, emit test cases
- conditioned on the base type not being supported. If key is public emit test
- case for invalid argument.
+ conditioned on the base type not being supported.
"""
if kt.name in self.ALWAYS_SUPPORTED:
# Don't generate test cases for key types that are always supported.
@@ -227,14 +203,9 @@
# supported or not depending on implementation capabilities,
# only generate the test case once.
continue
- if kt.name.endswith('_PUBLIC_KEY'):
- yield test_case_for_key_type_invalid_argument(
- 'generate', kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
- str(bits),
- param_descr=param_descr,
- )
- else:
+ # For public key we expect that key generation fails with
+ # INVALID_ARGUMENT. It is handled by KeyGenerate class.
+ if not kt.name.endswith('_PUBLIC_KEY'):
yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits),
@@ -261,6 +232,79 @@
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='curve')
+def test_case_for_key_generation(
+ key_type: str, bits: int,
+ dependencies: List[str],
+ *args: str,
+ result: str = ''
+) -> test_case.TestCase:
+ """Return one test case exercising a key generation.
+ """
+ hack_dependencies_not_implemented(dependencies)
+ tc = test_case.TestCase()
+ short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
+ tc.set_description('PSA {} {}-bit'
+ .format(short_key_type, bits))
+ tc.set_dependencies(dependencies)
+ tc.set_function('generate_key')
+ tc.set_arguments([key_type] + list(args) + [result])
+
+ return tc
+
+class KeyGenerate:
+ """Generate positive and negative (invalid argument) test cases for key generation."""
+
+ def __init__(self, info: Information) -> None:
+ self.constructors = info.constructors
+
+ ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
+ 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
+
+ @staticmethod
+ def test_cases_for_key_type_key_generation(
+ kt: crypto_knowledge.KeyType
+ ) -> Iterator[test_case.TestCase]:
+ """Return test cases exercising key generation.
+
+ All key types can be generated except for public keys. For public key
+ PSA_ERROR_INVALID_ARGUMENT status is expected.
+ """
+ result = 'PSA_SUCCESS'
+
+ import_dependencies = [psa_want_symbol(kt.name)]
+ if kt.params is not None:
+ import_dependencies += [psa_want_symbol(sym)
+ for i, sym in enumerate(kt.params)]
+ if kt.name.endswith('_PUBLIC_KEY'):
+ # The library checks whether the key type is a public key generically,
+ # before it reaches a point where it needs support for the specific key
+ # type, so it returns INVALID_ARGUMENT for unsupported public key types.
+ generate_dependencies = []
+ result = 'PSA_ERROR_INVALID_ARGUMENT'
+ else:
+ generate_dependencies = import_dependencies
+ if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
+ generate_dependencies.append("MBEDTLS_GENPRIME")
+ for bits in kt.sizes_to_test():
+ yield test_case_for_key_generation(
+ kt.expression, bits,
+ finish_family_dependencies(generate_dependencies, bits),
+ str(bits),
+ result
+ )
+
+ def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
+ """Generate test cases that exercise the generation of keys."""
+ for key_type in sorted(self.constructors.key_types):
+ if key_type in self.ECC_KEY_TYPES:
+ continue
+ kt = crypto_knowledge.KeyType(key_type)
+ yield from self.test_cases_for_key_type_key_generation(kt)
+ for curve_family in sorted(self.constructors.ecc_curves):
+ for constr in self.ECC_KEY_TYPES:
+ kt = crypto_knowledge.KeyType(constr, [curve_family])
+ yield from self.test_cases_for_key_type_key_generation(kt)
+
class StorageKey(psa_storage.Key):
"""Representation of a key for storage format testing."""
@@ -682,6 +726,8 @@
test_case.write_data_file(filename, test_cases)
TARGETS = {
+ 'test_suite_psa_crypto_generate_key.generated':
+ lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: NotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_storage_format.current':
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 923d2c1..91bac67 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -306,7 +306,7 @@
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
/* If the policy allows signing with any hash, just pick one. */
- if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+ if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
{
#if defined(KNOWN_SUPPORTED_HASH_ALG)
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
@@ -925,7 +925,7 @@
{
if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
{
- if( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if( PSA_ALG_IS_SIGN_HASH( alg ) )
{
if( PSA_ALG_SIGN_GET_HASH( alg ) )
return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9930210..43759c5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8822,8 +8822,6 @@
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
- -c "tls1_3 client state: 7" \
- -c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15" \
@@ -8831,8 +8829,12 @@
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \
-c "=> ssl_tls1_3_process_server_hello" \
+ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
- -c "<= parse encrypted extensions"
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "<= parse finished message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -8852,8 +8854,6 @@
-c "tls1_3 client state: 3" \
-c "tls1_3 client state: 9" \
-c "tls1_3 client state: 13" \
- -c "tls1_3 client state: 7" \
- -c "tls1_3 client state: 20" \
-c "tls1_3 client state: 11" \
-c "tls1_3 client state: 14" \
-c "tls1_3 client state: 15" \
@@ -8861,8 +8861,13 @@
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "ECDH curve: x25519" \
-c "=> ssl_tls1_3_process_server_hello" \
+ -c "<= parse encrypted extensions" \
-c "Certificate verification flags clear" \
- -c "<= parse encrypted extensions"
+ -c "=> parse certificate verify" \
+ -c "<= parse certificate verify" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "<= parse finished message"
+
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 591e0d9..61e6e9b 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1744,3 +1744,11 @@
CCM encrypt, unexpected ciphertext/plaintext data, NIST VPT AES-128 #14 (P=13, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
mbedtls_ccm_unexpected_text:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_ENCRYPT:"d32088d50df9aba14d9022c870a0cb85":"4b10788c1a03bca656f04f1f98":"e16c69861efc206e85aab1255e":"0eff7d7bcceb873c3203a8df74f4e91b04bd607ec11202f96cfeb99f5bcdb7aa"
+
+CCM* encrypt, no auth NIST VADT AES-256 #1 (P=24, N=13)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"72a60f345a1978fb40f28a2fa4":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e"
+
+CCM* decrypt, no auth NIST DVPT AES-128 #15 (P=24, N=13)
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_no_tag:MBEDTLS_CIPHER_ID_AES:MBEDTLS_CCM_STAR_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index e48b1f9..a7ba0de 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -232,6 +232,31 @@
/* END_CASE */
/* BEGIN_CASE */
+void mbedtls_ccm_star_no_tag( int cipher_id, int mode, data_t * key,
+ data_t * msg, data_t * iv, data_t * result )
+{
+ mbedtls_ccm_context ctx;
+ uint8_t *output = NULL;
+ size_t olen;
+
+ mbedtls_ccm_init( &ctx );
+ TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
+ TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
+ TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, 0 ) );
+
+ ASSERT_ALLOC( output, msg->len );
+ TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
+ TEST_EQUAL( result->len, olen );
+ ASSERT_COMPARE( output, olen, result->x, result->len );
+
+ TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, NULL, 0 ) );
+exit:
+ mbedtls_free(output);
+ mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
data_t * msg, data_t * iv,
data_t * add, int expected_tag_len, int result,
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index c8fbca2..8c2ba3c 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -790,6 +790,318 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_OFB
enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_OFB:256:16:16:-1:16:16:16:16
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:0:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:1:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:2:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:7:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:8:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:9:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:15:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:16:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:17:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:31:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:32:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:33:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:47:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:48:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:"AES-128-CCM*-NO-TAG":128:49:-1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+AES-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+AES-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:0:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:1:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:2:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:7:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:8:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:9:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:15:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:16:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:17:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:31:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:32:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:33:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:47:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:48:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:"AES-192-CCM*-NO-TAG":192:49:-1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+AES-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:0:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:1:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:2:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:7:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:8:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:9:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:15:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:16:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:17:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:31:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:32:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:33:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:47:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:48:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:"AES-256-CCM*-NO-TAG":256:49:-1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+AES-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
AES-128 XTS - Encrypt and decrypt 16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_XTS:"AES-128-XTS":256:16:-1
@@ -1894,6 +2206,54 @@
depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
+AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:0
+
+AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0
+
+AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:0
+
+AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:0
+
+AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:0
+
+AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:0
+
+AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:1
+
+AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
+
+AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:1
+
+AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
+
+AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:1
+
+AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:1
+
Cipher Corner Case behaviours
depends_on:MBEDTLS_AES_C
cipher_special_behaviours:
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index 2c50a21..c1e1990 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -1,3 +1,339 @@
Aria CBC Decrypt empty buffer
depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:0:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:1:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:2:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:7:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:8:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:9:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:15:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:16:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:17:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:31:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:32:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:33:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:47:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:48:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:"ARIA-128-CCM*-NO-TAG":128:49:-1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+ARIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+ARIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:0:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:1:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:2:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:7:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:8:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:9:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:15:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:16:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:17:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:31:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:32:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:33:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:47:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:48:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:"ARIA-192-CCM*-NO-TAG":192:49:-1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+ARIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:0:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:1:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:2:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:7:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:8:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:9:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:15:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:16:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:17:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:31:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:32:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:33:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:47:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:48:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:"ARIA-256-CCM*-NO-TAG":256:49:-1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+ARIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
+ARIA-128-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0
+
+ARIA-128-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"6781f39fdf8d1c44165fc40ee2fb11f1d6e2ddc8c6512b":0:0
+
+ARIA-192-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0
+
+ARIA-192-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"993df86214d98ae70582c784903702e349dd64ece488c2":0:0
+
+ARIA-256-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0
+
+ARIA-256-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index 3e7bffa..31fe922 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -765,3 +765,339 @@
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:0:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:1:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:2:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:7:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:8:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:9:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:15:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:16:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:17:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:31:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:32:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:33:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:47:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:48:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:"CAMELLIA-128-CCM*-NO-TAG":128:49:-1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:0:-1:0:0:0:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:0:-1:1:0:1:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:1:-1:0:1:0:1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:0:-1:16:0:16:0
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:0:16:-1:0:16:0:16
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:1:15:-1:1:15:1:15
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:1:-1:15:1:15:1
+
+CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:15:7:-1:15:7:15:7
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:6:-1:16:6:16:6
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:17:6:-1:17:6:17:6
+
+CAMELLIA-128-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:128:16:16:-1:16:16:16:16
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:0:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:1:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:2:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:7:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:8:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:9:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:15:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:16:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:17:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:31:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:32:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:33:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:47:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:48:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:"CAMELLIA-192-CCM*-NO-TAG":192:49:-1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:0:-1:0:0:0:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:0:-1:1:0:1:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:1:-1:0:1:0:1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:0:-1:16:0:16:0
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:0:16:-1:0:16:0:16
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:1:15:-1:1:15:1:15
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:1:-1:15:1:15:1
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:15:7:-1:15:7:15:7
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:6:-1:16:6:16:6
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:17:6:-1:17:6:17:6
+
+CAMELLIA-192-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:192:16:16:-1:16:16:16:16
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:0:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 byte
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:1:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:2:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:7:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:8:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:9:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:15:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:16:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:17:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:31:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:32:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:33:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:47:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:48:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:"CAMELLIA-256-CCM*-NO-TAG":256:49:-1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 0 bytes in multiple parts
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:0:-1:0:0:0:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:0:-1:1:0:1:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:1:-1:0:1:0:1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:0:-1:16:0:16:0
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:0:16:-1:0:16:0:16
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:1:15:-1:1:15:1:15
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:1:-1:15:1:15:1
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:15:7:-1:15:7:15:7
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:6:-1:16:6:16:6
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 23 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:17:6:-1:17:6:17:6
+
+CAMELLIA-256-CCM*-NO-TAG - Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:256:16:16:-1:16:16:16:16
+
+CAMELLIA-128-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0
+
+CAMELLIA-128-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":0:0
+
+CAMELLIA-192-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0
+
+CAMELLIA-192-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"c3ceaa2a68fb31d8347a83950f25f3a7956b8a284a5b35":0:0
+
+CAMELLIA-256-CCM*-NO-TAG crypt Encrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0
+
+CAMELLIA-256-CCM*-NO-TAG crypt Decrypt
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
+test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index c809d9a..e496856 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -343,7 +343,7 @@
void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
int length_val, int pad_mode )
{
- size_t length = length_val, outlen, total_len, i, block_size;
+ size_t length = length_val, outlen, total_len, i, block_size, iv_len;
unsigned char key[64];
unsigned char iv[16];
unsigned char ad[13];
@@ -401,8 +401,14 @@
memset( decbuf, 0, sizeof( decbuf ) );
memset( tag, 0, sizeof( tag ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) );
+ if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
+ iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
+ * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+ else
+ iv_len = sizeof(iv);
+
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
@@ -597,6 +603,7 @@
size_t second_length = second_length_val;
size_t length = first_length + second_length;
size_t block_size;
+ size_t iv_len;
unsigned char key[32];
unsigned char iv[16];
@@ -641,8 +648,14 @@
(void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );
+ if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") )
+ iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
+ * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
+ else
+ iv_len = sizeof(iv);
+
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9c20495..6dbf18c 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1911,6 +1911,7 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+PSA symmetric encrypt: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":""
@@ -1962,6 +1963,10 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9"
+PSA symmetric encrypt validation: CCM*-no-tag, 15 bytes, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validation:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"6bc1bee22e409f96e93d7e11739317"
+
PSA symmetric encrypt multipart: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
@@ -2022,6 +2027,10 @@
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS
+PSA symmetric encrypt multipart: CCM*-no-tag, AES, 24 bytes, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"d24a3d3dde8c84830280cb87abad0bb3":"f1100035bb24a8d26004e0e24b":"7c86135ed9c2a515aaae0e9a208133897269220f30870006":10:10:14:"1faeb0ee2ca2cd52f0aa3966578344f24e69b742c4ab37ab":PSA_SUCCESS
+
PSA cipher decrypt: without initialization
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"":"":"":PSA_ERROR_BAD_STATE
@@ -2054,6 +2063,10 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
+depends_on:MBEDTLS_AES_C
+cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
+
PSA symmetric decrypt: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":""
@@ -2102,6 +2115,10 @@
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3"
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+
PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
@@ -2162,6 +2179,10 @@
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":8:8:0:"c78e2b38139610e3":PSA_SUCCESS
+PSA symmetric decrypt multipart: CCM*-no-tag, 24 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS
+
PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
@@ -2182,6 +2203,22 @@
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+PSA symmetric encrypt/decrypt: CCM*-no-tag, AES
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+CCM*-no-tag encrypt, iv_length = 14, bad
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":14:PSA_ERROR_INVALID_ARGUMENT
+
+CCM*-no-tag encrypt, iv_length = 13, good
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":13:PSA_SUCCESS
+
+CCM*-no-tag encrypt, iv_length = 12, bad
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validate_iv_length:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":12:PSA_ERROR_INVALID_ARGUMENT
+
PSA symmetric encryption multipart: AES-ECB, 16+16 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 591c296..1aa9527 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1422,7 +1422,7 @@
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
- if( PSA_ALG_IS_HASH_AND_SIGN( exercise_alg ) &&
+ if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) &&
PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
{
status = psa_sign_message( key, exercise_alg,
@@ -2864,6 +2864,40 @@
/* END_CASE */
/* BEGIN_CASE */
+void cipher_encrypt_validate_iv_length( int alg, int key_type, data_t* key_data,
+ data_t *input, int iv_length,
+ int expected_result )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ size_t output_buffer_size = 0;
+ unsigned char *output = NULL;
+
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( expected_result, psa_cipher_set_iv( &operation, output,
+ iv_length ) );
+
+exit:
+ psa_cipher_abort( &operation );
+ mbedtls_free( output );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void cipher_encrypt_alg_without_iv( int alg_arg,
int key_type_arg,
data_t *key_data,
diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
new file mode 100644
index 0000000..dbe9a0e
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -0,0 +1,49 @@
+/* BEGIN_HEADER */
+
+#include "psa/crypto.h"
+#include "test/psa_crypto_helpers.h"
+
+#define INVALID_KEY_ID mbedtls_svc_key_id_make( 0, 0xfedcba98 )
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void generate_key( int key_type_arg, int bits_arg, int expected_status_arg)
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
+
+ // key lifetiem, usage flags, algorithm are irrelevant for this test
+ psa_key_type_t key_type = key_type_arg;
+ size_t bits = bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, bits );
+ TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
+ expected_status );
+
+ // Verify attributes of the created key on success
+ if ( expected_status == PSA_SUCCESS )
+ {
+ psa_reset_key_attributes(&attributes);
+ PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_VOLATILE );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
+ TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
+ }
+
+exit:
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key( key_id );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index ad806c7..83763c5 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -196,31 +196,31 @@
Asymmetric signature: RSA PKCS#1 v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH
Asymmetric signature: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: RSA PSS SHA-256
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_STANDARD_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: RSA PSS-any-salt SHA-256
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_RSA_PSS_ANY_SALT | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: randomized ECDSA (no hashing)
depends_on:PSA_WANT_ALG_ECDSA
-asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH
Asymmetric signature: SHA-256 + randomized ECDSA
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256
-asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: pure EdDSA
depends_on:PSA_WANT_ALG_EDDSA
@@ -228,11 +228,11 @@
Asymmetric signature: Ed25519ph
depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ED25519PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: Ed448ph
depends_on:PSA_WANT_ALG_EDDSA
-asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_HASH_AND_SIGN
+asymmetric_signature_algorithm:PSA_ALG_ED448PH:ALG_IS_HASH_EDDSA | ALG_IS_SIGN_HASH | ALG_IS_HASH_AND_SIGN
Asymmetric signature: RSA PKCS#1 v1.5 with wildcard hash
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index ab9b2f8..092780c 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -33,16 +33,18 @@
#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 14 )
#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 15 )
#define ALG_IS_HASH_EDDSA ( 1u << 16 )
-#define ALG_IS_HASH_AND_SIGN ( 1u << 17 )
-#define ALG_IS_RSA_OAEP ( 1u << 18 )
-#define ALG_IS_HKDF ( 1u << 19 )
-#define ALG_IS_FFDH ( 1u << 20 )
-#define ALG_IS_ECDH ( 1u << 21 )
-#define ALG_IS_WILDCARD ( 1u << 22 )
-#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 23 )
-#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 24 )
-#define ALG_IS_TLS12_PRF ( 1u << 25 )
-#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 26 )
+#define ALG_IS_SIGN_HASH ( 1u << 17 )
+#define ALG_IS_HASH_AND_SIGN ( 1u << 18 )
+#define ALG_IS_RSA_OAEP ( 1u << 19 )
+#define ALG_IS_HKDF ( 1u << 20 )
+#define ALG_IS_FFDH ( 1u << 21 )
+#define ALG_IS_ECDH ( 1u << 22 )
+#define ALG_IS_WILDCARD ( 1u << 23 )
+#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 )
+#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 )
+#define ALG_IS_TLS12_PRF ( 1u << 26 )
+#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 )
+#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@@ -51,26 +53,43 @@
#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 )
#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 )
#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 )
-#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 )
+#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 )
#define KEY_TYPE_IS_RSA ( 1u << 4 )
#define KEY_TYPE_IS_DSA ( 1u << 5 )
#define KEY_TYPE_IS_ECC ( 1u << 6 )
#define KEY_TYPE_IS_DH ( 1u << 7 )
+#define KEY_TYPE_FLAG_MASK_PLUS_ONE ( 1u << 8 ) /* must be last! */
/* Flags for lifetime classification macros. There is a flag for every
* lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
* flag is the name of the classification macro without the PSA_ prefix. */
#define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 )
#define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 )
+#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */
-#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
- do \
- { \
- if( ( flags ) & ( flag ) ) \
- TEST_ASSERT( PSA_##flag( alg ) ); \
- else \
- TEST_ASSERT( ! PSA_##flag( alg ) ); \
- } \
+/* Check that in the value of flags, the bit flag (which should be a macro
+ * expanding to a number of the form 1 << k) is set if and only if
+ * PSA_##flag(alg) is true.
+ *
+ * Only perform this check if cond is true. Typically cond is 1, but it can
+ * be different if the value of the flag bit is only specified under specific
+ * conditions.
+ *
+ * Unconditionally mask flag into the ambient variable
+ * classification_flags_tested.
+ */
+#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags ) \
+ do \
+ { \
+ if( cond ) \
+ { \
+ if( ( flags ) & ( flag ) ) \
+ TEST_ASSERT( PSA_##flag( alg ) ); \
+ else \
+ TEST_ASSERT( ! PSA_##flag( alg ) ); \
+ } \
+ classification_flags_tested |= ( flag ); \
+ } \
while( 0 )
/* Check the parity of value.
@@ -97,44 +116,55 @@
void algorithm_classification( psa_algorithm_t alg, unsigned flags )
{
- TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags );
- if ( PSA_ALG_IS_DSA( alg ) )
- TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags );
- if ( PSA_ALG_IS_ECDSA( alg ) )
- TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_EDDSA, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_HASH_AND_SIGN, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
- TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
+ unsigned classification_flags_tested = 0;
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ),
+ ALG_DSA_IS_DETERMINISTIC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ),
+ ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags );
+ TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags );
+ TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 );
exit: ;
}
void key_type_classification( psa_key_type_t type, unsigned flags )
{
+ unsigned classification_flags_tested = 0;
+
/* Macros tested based on the test case parameter */
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEY_PAIR, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
- TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags );
+ TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 );
/* Macros with derived semantics */
TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
@@ -353,6 +383,7 @@
TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) );
TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg );
+ TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) );
TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE );
test_mac_algorithm( alg_arg, ALG_IS_HMAC, length,
@@ -489,7 +520,9 @@
/* BEGIN_CASE */
void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
{
- classification_flags |= ALG_IS_HASH_AND_SIGN | ALG_IS_WILDCARD;
+ classification_flags |= ALG_IS_WILDCARD;
+ classification_flags |= ALG_IS_SIGN_HASH;
+ classification_flags |= ALG_IS_HASH_AND_SIGN;
test_asymmetric_signature_algorithm( alg_arg, classification_flags );
/* Any failure of this test function comes from
* asymmetric_signature_algorithm. Pacify -Werror=unused-label. */
@@ -693,9 +726,12 @@
psa_key_persistence_t persistence = persistence_arg;
psa_key_location_t location = location_arg;
unsigned flags = classification_flags;
+ unsigned classification_flags_tested = 0;
- TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
- TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
+ TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+ TEST_EQUAL( classification_flags_tested,
+ KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 );
TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index 0665230..e3253d8 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -50,22 +50,3 @@
PSA_DONE( );
}
/* END_CASE */
-
-/* BEGIN_CASE */
-void generate_invalid_argument( int key_type, int bits )
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
-
- PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, bits );
- TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
- PSA_ERROR_INVALID_ARGUMENT );
- TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
-
-exit:
- psa_destroy_key( key_id );
- PSA_DONE( );
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 25eefb3..9dabb51 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -6229,3 +6229,9 @@
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
+conf_curve:
+
+Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
+conf_group:
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 69d2e00..75eda1d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4881,3 +4881,72 @@
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void conf_curve()
+{
+
+ mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1,
+ MBEDTLS_ECP_DP_SECP224R1,
+ MBEDTLS_ECP_DP_SECP256R1,
+ MBEDTLS_ECP_DP_NONE };
+ mbedtls_ecp_group_id iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_config_init( &conf );
+
+ mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_curves( &conf, curve_list );
+
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_setup( &ssl, &conf );
+
+ TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
+ TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
+
+ TEST_EQUAL( ssl.handshake->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+ for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+ TEST_EQUAL( iana_tls_group_list[i], ssl.handshake->group_list[i] );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */
+void conf_group()
+{
+ uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+ MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
+
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_config_init( &conf );
+
+ mbedtls_ssl_conf_max_version( &conf, 3, 3 );
+ mbedtls_ssl_conf_min_version( &conf, 3, 3 );
+
+ mbedtls_ssl_conf_groups( &conf, iana_tls_group_list );
+
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_setup( &ssl, &conf );
+
+ TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );
+
+ TEST_EQUAL( ssl.conf->group_list[ARRAY_LENGTH( iana_tls_group_list ) - 1], MBEDTLS_SSL_IANA_TLS_GROUP_NONE );
+
+ for( size_t i = 0; i < ARRAY_LENGTH( iana_tls_group_list ); i++ )
+ TEST_EQUAL( iana_tls_group_list[i], ssl.conf->group_list[i] );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */