Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 63076f4..c1beccd 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -4,5 +4,5 @@
url: mailto:mbed-tls-security@lists.trustedfirmware.org
about: Report a security vulnerability.
- name: Mbed TLS mailing list
- url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+ url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org
about: Mbed TLS community support and general discussion.
diff --git a/BRANCHES.md b/BRANCHES.md
index 60218b0..a6ddfd5 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -1,6 +1,6 @@
# Maintained branches
-At any point in time, we have a number of maintained branches consisting of:
+At any point in time, we have a number of maintained branches, currently consisting of:
- The [`master`](https://github.com/ARMmbed/mbedtls/tree/master) branch:
this always contains the latest release, including all publicly available
@@ -9,11 +9,18 @@
this is where the current major version of Mbed TLS (version 3.x) is being
prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
as well as all the new features and bug fixes and security fixes.
-- The [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x) branch:
- this branch retains the API of Mbed TLS 2.x, and has a subset of the
- features added after Mbed TLS 2.26.0 and bug fixes and security fixes.
-- One or more long-time support (LTS) branches:
- these only get bug fixes and security fixes.
+- One or more long-time support (LTS) branches: these only get bug fixes and
+ security fixes. Currently, the only supported LTS branch is:
+ [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28).
+- For a short time we also have the previous LTS, which has recently ended its
+ support period,
+ [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16).
+ This branch will move into the `archive` namespace around the time of
+ the next release.
+
+We retain a number of historical branches, whose names are prefixed by `archive/`,
+such as [`archive/mbedtls-2.7`](https://github.com/ARMmbed/mbedtls/tree/archive/mbedtls-2.7).
+These branches will not receive any changes or updates.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
API compatibility in the `master` branch across minor version changes (e.g.
@@ -70,9 +77,8 @@
- [master](https://github.com/ARMmbed/mbedtls/tree/master)
- [`development`](https://github.com/ARMmbed/mbedtls/)
-- [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x)
-- [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
- maintained until at least the end of 2021, see
- <https://tls.mbed.org/tech-updates/blog/announcing-lts-branch-mbedtls-2.16>
+- [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28)
+ maintained until at least the end of 2024, see
+ <https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index dcaa360..cd41578 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,7 +14,7 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
diff --git a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
new file mode 100644
index 0000000..a4d9c54
--- /dev/null
+++ b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
@@ -0,0 +1,5 @@
+Changes
+ * The file library/psa_crypto_driver_wrappers.c is now generated
+ from a template. In the future, the generation will support
+ driver descriptions. For the time being, to customize this file,
+ see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
new file mode 100644
index 0000000..d55c016
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt
new file mode 100644
index 0000000..7243874
--- /dev/null
+++ b/ChangeLog.d/psa_aead_singleshot_error.txt
@@ -0,0 +1,4 @@
+Changes
+ * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to singleshot
+ AEAD functions is not an AEAD algorithm. This aligns them with the
+ multipart functions, and the PSA Crypto API 1.1 spec.
diff --git a/SUPPORT.md b/SUPPORT.md
index 1bc0695..dab7ac5 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -7,9 +7,9 @@
- the `docs` directory in the source tree;
- the [Mbed TLS knowledge Base](https://tls.mbed.org/kb);
- the [Mbed TLS mailing-list
- archives](https://lists.trustedfirmware.org/pipermail/mbed-tls/).
+ archives](https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/).
## Asking Questions
If you can't find your answer in the above sources, please use the [Mbed TLS
-mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls).
+mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org).
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
new file mode 100644
index 0000000..4f82bed
--- /dev/null
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -0,0 +1,32 @@
+Migrating to an auto genrated psa_crypto_driver_wrappers.c file
+===============================================================
+
+**This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.**
+
+This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file.
+It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
+
+## Introduction
+
+The design of the Driver Wrappers code generation is based on the design proposal https://github.com/ARMmbed/mbedtls/pull/5067
+During the process of implementation there might be minor variations wrt versioning and broader implementation specific ideas, but the design remains the same.
+
+## Prerequisites
+
+Python3 and Jinja2 rev 2.10.1
+
+## Feature Version
+
+1.0
+
+### What's critical for a migrating user
+
+The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver descrioption JSON file(s).
+
+While that is the larger goal, for version 1.0 here's what's changed
+
+#### What's changed
+
+(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
+(2) The auto generation is based on the template file at scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja.
+(3) So while all driver wrapper templating support is yet to come in, the library user will need to patch into the template file as needed, this could be read as replacing the template file with the current psa_crypto_driver_wrappers.c file maintained by the library user.
diff --git a/library/.gitignore b/library/.gitignore
index cf2ddac..18cd305 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -7,3 +7,4 @@
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
+/psa_crypto_driver_wrappers.c
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1884db9..ddede03 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -157,10 +157,25 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${error_headers}
)
+
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.c
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_BINARY_DIR}
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+ )
+
+
else()
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
+ link_to_source(psa_crypto_driver_wrappers.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
diff --git a/library/Makefile b/library/Makefile
index 0b5a43a..e9c0a11 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -290,7 +290,8 @@
.PHONY: generated_files
GENERATED_FILES = \
error.c version_features.c \
- ssl_debug_helpers_generated.c
+ ssl_debug_helpers_generated.c \
+ psa_crypto_driver_wrappers.c
generated_files: $(GENERATED_FILES)
error.c: ../scripts/generate_errors.pl
@@ -318,6 +319,12 @@
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
+psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
+psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+psa_crypto_driver_wrappers.c:
+ echo " Gen $@"
+ $(PYTHON) ../scripts/generate_driver_wrappers.py
+
clean:
ifndef WINDOWS
rm -f *.o libmbed*
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 829ed45..e021f8a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3719,6 +3719,14 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
+static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
+{
+ if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( PSA_SUCCESS );
+}
+
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
@@ -3736,8 +3744,9 @@
*ciphertext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@@ -3786,8 +3795,9 @@
*plaintext_length = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- return( PSA_ERROR_NOT_SUPPORTED );
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
+ return( status );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@@ -3830,11 +3840,9 @@
psa_key_slot_t *slot = NULL;
psa_key_usage_t key_usage = 0;
- if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
+ status = psa_aead_check_algorithm( alg );
+ if( status != PSA_SUCCESS )
goto exit;
- }
if( operation->id != 0 )
{
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index e09e4ed..b6620a3 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -1,7 +1,6 @@
/*
* Function signatures for functionality that can be provided by
* cryptographic accelerators.
- * Warning: This file will be auto-generated in the future.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 32d4969..888523f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -302,68 +302,6 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
-{
- unsigned char *p = buf;
- unsigned char *elliptic_curve_list = p + 6;
- size_t elliptic_curve_len = 0;
- const mbedtls_ecp_curve_info *info;
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
- *olen = 0;
-
- /* Check there is room for header */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "client hello, adding supported_elliptic_curves extension" ) );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( ; *group_list != 0; group_list++ )
- {
- info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "invalid curve in ssl configuration" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
-
- /* Check there is room for another curve */
- MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
-
- MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
- elliptic_curve_len += 2;
-
- if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "malformed supported_elliptic_curves extension in config" ) );
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
- }
- }
-
- /* Empty elliptic curve list, this is a configuration error. */
- if( elliptic_curve_len == 0 )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
- p += 2;
-
- MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
- p += 2;
-
- *olen = 6 + elliptic_curve_len;
-
- return( 0 );
-}
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -1206,10 +1144,10 @@
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
- if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_supported_groups_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_groups_ext", ret );
return( ret );
}
ext_len += olen;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6aef286..4f84a2b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1489,6 +1489,7 @@
}
return( 0 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1503,8 +1504,43 @@
}
return( 0 );
}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_4 &&
+ conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_4 )
+ {
+ return( 1 );
+ }
+ return( 0 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
+static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( conf->min_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->max_major_ver == MBEDTLS_SSL_MAJOR_VERSION_3 &&
+ conf->min_minor_ver <= MBEDTLS_SSL_MINOR_VERSION_3 &&
+ conf->max_minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ return( 1 );
+ }
+ return( 0 );
+#else
+ ((void) conf);
+ return( 0 );
+#endif
+}
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
{
@@ -1626,23 +1662,6 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
-/*
- * Helper functions for NamedGroup.
- */
-static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
-{
- return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
- named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
-}
-
-static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
-{
- return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
- named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
-}
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
mbedtls_ssl_states state )
@@ -1743,4 +1762,55 @@
#endif
}
+/*
+ * Helper functions for NamedGroup.
+ */
+static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
+{
+ /*
+ * RFC 8422 section 5.1.1
+ */
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
+ /* Below deprected curves should be removed with notice to users */
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
+{
+ return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
+}
+
+static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
+{
+ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+ named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
+ defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
+ MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f34f2de..a8b1e7d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -317,9 +317,48 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- size_t len )
+/*
+ * Function for parsing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
{
size_t list_size, our_size;
const unsigned char *p;
@@ -1646,10 +1685,10 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+ case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
- ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+ ret = ssl_parse_supported_groups_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9dc7b16..1d569e7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3944,6 +3944,9 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+
if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
{
@@ -3959,6 +3962,9 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi_free( &conf->dhm_P );
+ mbedtls_mpi_free( &conf->dhm_G );
+
if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
&conf->dhm_P ) ) != 0 ||
( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
@@ -7189,4 +7195,129 @@
}
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
+ defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * Function for writing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
+ *
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
+ * enum {
+ * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
+ * x25519(0x001D), x448(0x001E),
+ * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
+ * ffdhe6144(0x0103), ffdhe8192(0x0104),
+ * ffdhe_private_use(0x01FC..0x01FF),
+ * ecdhe_private_use(0xFE00..0xFEFF),
+ * (0xFFFF)
+ * } NamedGroup;
+ * struct {
+ * NamedGroup named_group_list<2..2^16-1>;
+ * } NamedGroupList;
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
+ * enum {
+ * deprecated(1..22),
+ * secp256r1 (23), secp384r1 (24), secp521r1 (25),
+ * x25519(29), x448(30),
+ * reserved (0xFE00..0xFEFF),
+ * deprecated(0xFF01..0xFF02),
+ * (0xFFFF)
+ * } NamedCurve;
+ * struct {
+ * NamedCurve named_curve_list<2..2^16-1>
+ * } NamedCurveList;
+ *
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ *
+ * DHE groups are not supported yet.
+ */
+int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf ;
+ unsigned char *named_group_list; /* Start of named_group_list */
+ size_t named_group_list_len; /* Length of named_group_list */
+ const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
+
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - named_group_list_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ named_group_list = p;
+
+ if( group_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *group_list != 0; group_list++ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got supported group(%04x)", *group_list ) );
+
+#if defined(MBEDTLS_ECP_C)
+ if( ( mbedtls_ssl_conf_is_tls13_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) ||
+ ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
+ mbedtls_ssl_tls12_named_group_is_ecdhe( *group_list ) ) )
+ {
+ const mbedtls_ecp_curve_info *curve_info;
+ curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
+ if( curve_info == NULL )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+ curve_info->name, *group_list ) );
+ }
+#endif /* MBEDTLS_ECP_C */
+ /* Add DHE groups here */
+
+ }
+
+ /* Length of named_group_list */
+ named_group_list_len = p - named_group_list;
+ if( named_group_list_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Write extension_type */
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
+ /* Write extension_data_length */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
+ /* Write length of named_group_list */
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension",
+ buf + 4, named_group_list_len + 2 );
+
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ return( 0 );
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
+ MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index dcf1ff8..9f9ab72 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -116,163 +116,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
- * Functions for writing supported_groups extension.
- *
- * Stucture of supported_groups:
- * enum {
- * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
- * x25519(0x001D), x448(0x001E),
- * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
- * ffdhe6144(0x0103), ffdhe8192(0x0104),
- * ffdhe_private_use(0x01FC..0x01FF),
- * ecdhe_private_use(0xFE00..0xFEFF),
- * (0xFFFF)
- * } NamedGroup;
- * struct {
- * NamedGroup named_group_list<2..2^16-1>;
- * } NamedGroupList;
- */
-#if defined(MBEDTLS_ECDH_C)
-/*
- * In versions of TLS prior to TLS 1.3, this extension was named
- * 'elliptic_curves' and only contained elliptic curve groups.
- */
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf;
-
- *out_len = 0;
-
- const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
-
- if( group_list == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for ( ; *group_list != 0; group_list++ )
- {
- const mbedtls_ecp_curve_info *curve_info;
- curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
- if( curve_info == NULL )
- continue;
-
- if( !mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
- continue;
-
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
- MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
- p += 2;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
- curve_info->name, *group_list ) );
- }
-
- *out_len = p - buf;
-
- return( 0 );
-}
-#else
-static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_ECDH_C */
-
-static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- ((void) ssl);
- ((void) buf);
- ((void) end);
- *out_len = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-
-static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *out_len )
-{
- unsigned char *p = buf ;
- unsigned char *named_group_list; /* Start of named_group_list */
- size_t named_group_list_len; /* Length of named_group_list */
- size_t output_len = 0;
- int ret_ecdhe, ret_dhe;
-
- *out_len = 0;
-
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
-
- /* Check if we have space for header and length fields:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - named_group_list_length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
-
- named_group_list = p;
- ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
- if( ret_ecdhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
- }
- p += output_len;
-
- ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
- if( ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
- }
- p += output_len;
-
- /* Both ECDHE and DHE failed. */
- if( ret_ecdhe != 0 && ret_dhe != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Both ECDHE and DHE groups are fail. " ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Length of named_group_list*/
- named_group_list_len = p - named_group_list;
- if( named_group_list_len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
- /* Write length of named_group_list */
- MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
-
- *out_len = p - buf;
-
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
-
- return( 0 );
-}
-
-/*
* Functions for writing key_share extension.
*/
#if defined(MBEDTLS_ECDH_C)
@@ -376,9 +219,6 @@
*out_len = 0;
- if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- return( 0 );
-
/* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
@@ -773,40 +613,28 @@
p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- /* Write supported_groups extension
- *
- * It is REQUIRED for ECDHE cipher_suites.
- */
- ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
- /* Write key_share extension
- *
- * We need to send the key shares under three conditions:
- * 1) A certificate-based ciphersuite is being offered. In this case
- * supported_groups and supported_signature extensions have been
- * successfully added.
- * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
- * psk_key_exchange_modes has been added as the last extension.
- * 3) Or, in case all ciphers are supported ( which includes #1 and #2
- * from above )
+ /*
+ * Add the extensions related to (EC)DHE ephemeral key establishment only if
+ * enabled as per the configuration.
*/
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
- /* Write signature_algorithms extension
- *
- * It is REQUIRED for certificate authenticated cipher_suites.
- */
- ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+ }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1260740..c789ed4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -165,16 +165,6 @@
*out_len = 0;
- /* Skip the extension on the client if all allowed key exchanges
- * are PSK-based. */
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
- {
- return( 0 );
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
/* Check if we have space for header and length field:
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 6a4a69d..f5d7033 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -126,12 +126,12 @@
read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION)
VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )"
cat include/mbedtls/build_info.h | \
- sed -e "s/_VERSION_MAJOR .\{1,\}/_VERSION_MAJOR $MAJOR/" | \
- sed -e "s/_VERSION_MINOR .\{1,\}/_VERSION_MINOR $MINOR/" | \
- sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
- sed -e "s/_VERSION_NUMBER .\{1,\}/_VERSION_NUMBER $VERSION_NR/" | \
- sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MAJOR .\{1,\}/\1_MAJOR $MAJOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_MINOR .\{1,\}/\1_MINOR $MINOR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
diff --git a/library/psa_crypto_driver_wrappers.c b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
similarity index 100%
rename from library/psa_crypto_driver_wrappers.c
rename to scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
new file mode 100755
index 0000000..42331ac
--- /dev/null
+++ b/scripts/generate_driver_wrappers.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""Generate library/psa_crypto_driver_wrappers.c
+
+ This module is invoked by the build sripts to auto generate the
+ psa_crypto_driver_wrappers.c based on template files in
+ script/data_files/driver_templates/.
+"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import os
+import argparse
+import jinja2
+from mbedtls_dev import build_tree
+
+def render(template_path: str) -> str:
+ """
+ Render template from the input file.
+ """
+ environment = jinja2.Environment(
+ loader=jinja2.FileSystemLoader(os.path.dirname(template_path)),
+ keep_trailing_newline=True)
+ template = environment.get_template(os.path.basename(template_path))
+
+ return template.render()
+
+def generate_driver_wrapper_file(mbedtls_root: str, output_dir: str) -> None:
+ """
+ Generate the file psa_crypto_driver_wrapper.c.
+ """
+ driver_wrapper_template_filename = \
+ os.path.join(mbedtls_root, \
+ "scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja")
+
+ result = render(driver_wrapper_template_filename)
+
+ with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file:
+ out_file.write(result)
+
+def main() -> int:
+ """
+ Main with command line arguments.
+ """
+ def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
+ def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library')
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root,
+ help='root directory of mbedtls source code')
+ parser.add_argument('output_directory', nargs='?',
+ default=def_arg_output_dir, help='output file\'s location')
+ args = parser.parse_args()
+
+ mbedtls_root = os.path.abspath(args.mbedtls_root)
+ output_directory = args.output_directory
+
+ generate_driver_wrapper_file(mbedtls_root, output_directory)
+
+ return 0
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index d3a8b36..662da98 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -1,6 +1,9 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
@rem Perl and Python 3 must be on the PATH.
+@rem psa_crypto_driver_wrappers.c needs to be generated prior to
+@rem generate_visualc_files.pl being invoked.
+python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
index 50f5a7f..28d33b7 100644
--- a/tests/docker/bionic/Dockerfile
+++ b/tests/docker/bionic/Dockerfile
@@ -60,6 +60,10 @@
pkg-config \
&& rm -rf /var/lib/apt/lists/*
+# Jinja2 is required for driver dispatch code generation.
+RUN python3 -m pip install \
+ jinja2==2.10.1 types-jinja2
+
# Build a static, legacy openssl from sources with sslv3 enabled
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 994fd24..f42ecd6 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -117,6 +117,7 @@
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
+check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
# generate_visualc_files enumerates source files (library/*.c). It doesn't
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index ea52c93..da5229b 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -33,10 +33,6 @@
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
EXPECTED_FAILURES = {
- # Multipart CCM is not supported.
- # - Tracked in issue #3721
- 252, 253, 254, 255, 256, 257, 258, 259, 261,
-
# psa_hash_suspend() and psa_hash_resume() are not supported.
# - Tracked in issue #3274
262, 263
@@ -51,7 +47,7 @@
#
# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'fixes-for-mbedtls-3'
+PSA_ARCH_TESTS_REF = 'fix-pr-5272'
#pylint: disable=too-many-branches,too-many-statements
def main():
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 691c0e7..b060e7b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6585,7 +6585,7 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
0 \
- -C "client hello, adding supported_elliptic_curves extension" \
+ -C "client hello, adding supported_groups extension" \
-C "client hello, adding supported_point_formats extension" \
-S "found supported elliptic curves extension" \
-S "found supported point formats extension"
@@ -6609,7 +6609,7 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
0 \
- -c "client hello, adding supported_elliptic_curves extension" \
+ -c "client hello, adding supported_groups extension" \
-c "client hello, adding supported_point_formats extension" \
-s "found supported elliptic curves extension" \
-s "found supported point formats extension"
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c45f9f0..90dc08e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -842,7 +842,7 @@
PSA key policy: AEAD, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_SUPPORTED
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: AEAD, tag length > exact-length policy
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -2829,11 +2829,11 @@
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
depends_on:MBEDTLS_CHACHA20_C
-aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
+aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -3619,6 +3619,14 @@
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+PSA Multipart State Checks, AES - CCM
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
+aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B0C":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+
+PSA Multipart State Checks, AES - CHACHAPOLY
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305
+aead_multipart_state_test:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":PSA_ALG_CHACHA20_POLY1305:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E"
+
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 638a85c..cbac109 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4781,6 +4781,93 @@
psa_aead_abort( &operation );
+ /* Test for generating nonce after calling set lengths */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+
+ psa_aead_abort( &operation );
+
+ /* Test for generating nonce after calling set lengths with UINT32_MAX length */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ }
+
+ psa_aead_abort( &operation );
+
+ /* Test for generating nonce after calling set lengths with SIZE_MAX length */
+#if SIZE_MAX > UINT32_MAX
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ if( operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, SIZE_MAX,
+ input_data->len ) );
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ }
+
+ psa_aead_abort( &operation );
+#endif
+
+ /* Test for calling set lengths with a length too long, after generating nonce */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_set_lengths( &operation, UINT32_MAX,
+ input_data->len ) );
+ }
+
+ psa_aead_abort( &operation );
+
+
/* ------------------------------------------------------- */
PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
@@ -4820,19 +4907,28 @@
psa_aead_abort( &operation );
- /* Test for setting lengths after already starting data. */
+ /* Test for setting lengths after setting nonce + already starting data. */
PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
- additional_data->len ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
- TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
- input_data->len ),
- PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* ------------------------------------------------------- */
@@ -4841,14 +4937,133 @@
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update( &operation, input_data->x,
- input_data->len, output_data,
- output_size, &output_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ),
+ PSA_ERROR_BAD_STATE );
- TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
- input_data->len ),
- PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
+
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* Test for setting lengths after generating nonce + already starting data. */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ TEST_EQUAL( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ),
+ PSA_ERROR_BAD_STATE );
+
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
+ psa_aead_abort( &operation );
+
+ /* ------------------------------------------------------- */
+
+ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) );
+
+ PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer,
+ PSA_AEAD_NONCE_MAX_SIZE,
+ &nonce_length ) );
+ if( operation.alg == PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+ }
+ else
+ {
+ PSA_ASSERT( psa_aead_finish( &operation, final_data,
+ finish_output_size,
+ &output_part_length,
+ tag_buffer, tag_length,
+ &tag_size ) );
+
+ TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len,
+ input_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* Test for not sending any additional data or data after setting non zero
@@ -5004,14 +5219,16 @@
PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) );
- PSA_ASSERT( psa_aead_update( &operation, input_data->x,
- input_data->len, output_data,
- output_size, &output_length ) );
+ if( operation.alg != PSA_ALG_CCM )
+ {
+ PSA_ASSERT( psa_aead_update( &operation, input_data->x,
+ input_data->len, output_data,
+ output_size, &output_length ) );
- TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
- additional_data->len ),
- PSA_ERROR_BAD_STATE );
-
+ TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x,
+ additional_data->len ),
+ PSA_ERROR_BAD_STATE );
+ }
psa_aead_abort( &operation );
/* Test calling finish on decryption. */