Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..ceb59d7
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+# Classify all '.function' files as C for syntax highlighting purposes
+*.function linguist-language=C
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f2741d4..59a960a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -120,38 +120,33 @@
# Create a symbolic link from ${base_name} in the binary directory
# to the corresponding path in the source directory.
+# Note: Copies the file(s) on Windows.
function(link_to_source base_name)
- # Get OS dependent path to use in `execute_process`
- if (CMAKE_HOST_WIN32)
- #mklink is an internal command of cmd.exe it can only work with \
- string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- else()
- set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
- endif()
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
# Linking to non-existent file is not desirable. At best you will have a
# dangling link, but when building in tree, this can create a symbolic link
# to itself.
if (EXISTS ${target} AND NOT EXISTS ${link})
if (CMAKE_HOST_UNIX)
- set(command ln -s ${target} ${link})
+ execute_process(COMMAND ln -s ${target} ${link}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
else()
if (IS_DIRECTORY ${target})
- set(command cmd.exe /c mklink /j ${link} ${target})
+ file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
+ foreach(file IN LISTS files)
+ configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
+ endforeach(file)
else()
- set(command cmd.exe /c mklink /h ${link} ${target})
+ configure_file(${target} ${link} COPYONLY)
endif()
endif()
-
- execute_process(COMMAND ${command}
- RESULT_VARIABLE result
- ERROR_VARIABLE output)
-
- if (NOT ${result} EQUAL 0)
- message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
- endif()
endif()
endfunction(link_to_source)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index cea12f1..319f02d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,8 +19,6 @@
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
-1. All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
-1. Ensure that each commit has at least one `Signed-off-by:` line from the committer. If anyone else contributes to the commit, they should also add their own `Signed-off-by:` line. By adding this line, contributor(s) certify that the contribution is made under the terms of the [Developer Certificate of Origin](dco.txt). The contribution licensing is described in the [License section of the README](README.md#License).
Backwards Compatibility
-----------------------
@@ -79,3 +77,12 @@
1. If needed, a Readme file is advised.
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
+
+License and Copyright
+---------------------
+
+All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. For licensing details, please see the [License section of the README](README.md#License).
+
+The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
+
+When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and be subject to the same Apache 2.0 license. This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
new file mode 100644
index 0000000..2062bcb
--- /dev/null
+++ b/ChangeLog.d/driver-only-hashes.txt
@@ -0,0 +1,20 @@
+Features
+ * Some crypto modules that previously depended on MD or a low-level hash
+ module, either unconditionally (RSA, PK, PKCS5, PKCS12, EC J-PAKE), or
+ for some features (PEM for encrypted files), are now able to use PSA
+ Crypto instead when the legacy API is not available. This means it is
+ now possible to use all features from those modules in configurations
+ where the built-in implementations of hashes are excluded and the hashes
+ are only provided by PSA drivers. In these configurations, you need to
+ call `psa_crypto_init()` before you call any function from those
+ modules; this is not required in configurations where the built-in
+ implementation is still available. Note that some crypto modules and
+ features still depend on the built-in implementation of hashes:
+ MBEDTLS_HKDF_C (but the PSA HKDF function do not depend on it),
+ MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and MBEDTLS_ECDSA_DETERMINISTIC.
+ In particular, for now, compiling without built-in hashes requires use
+ of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no
+ longer depend on MD. This means it is now possible to use them in
+ configurations where the built-in implementations of hashes are excluded
+ and the hashes are only provided by PSA drivers.
diff --git a/ChangeLog.d/ecjpake_to_pms.txt b/ChangeLog.d/ecjpake_to_pms.txt
new file mode 100644
index 0000000..4dd2075
--- /dev/null
+++ b/ChangeLog.d/ecjpake_to_pms.txt
@@ -0,0 +1,5 @@
+API changes
+ * Add an ad-hoc key derivation function handling ECJPAKE to PMS
+ calculation that can be used to derive the session secret in TLS 1.2,
+ as described in draft-cragie-tls-ecjpake-01. This can be achieved by
+ using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm.
diff --git a/ChangeLog.d/fix_hard_link_across_drives b/ChangeLog.d/fix_hard_link_across_drives
new file mode 100644
index 0000000..0c55c30
--- /dev/null
+++ b/ChangeLog.d/fix_hard_link_across_drives
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a build issue on Windows where the source and build directory could not be on
+ different drives (#5751).
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index e2efeb9..e565b28 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -29,11 +29,6 @@
[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
-PSA Crypto has an experimental API for EC J-PAKE, but it's not implemented in
-Mbed TLS yet. See the [EC J-PAKE follow-up EPIC][ecjp] on github.
-
-[ecjp]: https://github.com/orgs/Mbed-TLS/projects/1#column-17950140
-
Arbitrary parameters for FFDH
-----------------------------
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 8d2d59f..0ad5fa0 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -345,19 +345,29 @@
only be included in the build if it is possible to use that hash in some way.
In order to cater to these new needs, new families of macros are introduced in
-`library/legacy_or_psa.h`, see its documentation for details.
+`legacy_or_psa.h`, see its documentation for details.
It should be noted that there are currently:
- too many different ways of computing a hash (low-level, MD, PSA);
- too many different ways to configure the library that influence which of
these ways is available and will be used (`MBEDTLS_USE_PSA_CRYPTO`,
-`MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
+ `MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
As a result, we need more families of dependency macros than we'd like to.
This is a temporary situation until we move to a place where everything is
based on PSA Crypto. In the meantime, long and explicit names where chosen for
the new macros in the hope of avoiding confusion.
+Note: the new macros supplement but do not replace the existing macros:
+- code that always uses PSA Crypto (for example, code specific to TLS 1.3)
+ should use `PSA_WANT_xxx`;
+- code that always uses the legacy API (for example, crypto modules that have
+ not undergone step 1 yet) should use `MBEDTLS_xxx_C`;
+- code that may use one of the two APIs, either based on
+ `MBEDTLS_USE_PSA_CRYPTO` (X.509, TLS 1.2, shared between TLS 1.2 and 1.3),
+ or based on availability (crypto modules after step 1), should use one of
+ the new macros from `legacy_or_psa.h`.
+
Executing step 3 will mostly consist of using the right dependency macros in
the right places (once the previous steps are done).
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fa70058..1038706 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -320,11 +320,20 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
+ ( !defined(MBEDTLS_ECJPAKE_C) || \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
+/* Use of EC J-PAKE in TLS requires SHA-256.
+ * This will be taken from MD if it is present, or from PSA if MD is absent.
+ * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ !( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) && \
+ !( !defined(MBEDTLS_MD_C) && defined(PSA_WANT_ALG_SHA_256) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
( !defined(MBEDTLS_SHA256_C) && \
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 2609787..5b27dda 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -237,6 +237,12 @@
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
+#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
@@ -721,6 +727,11 @@
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif
+
#if defined(MBEDTLS_CHACHA20_C)
#define PSA_WANT_KEY_TYPE_CHACHA20 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
diff --git a/library/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h
similarity index 87%
rename from library/legacy_or_psa.h
rename to include/mbedtls/legacy_or_psa.h
index be0f33f..2156be9 100644
--- a/library/legacy_or_psa.h
+++ b/include/mbedtls/legacy_or_psa.h
@@ -1,6 +1,6 @@
/**
- * Internal macros to express dependencies for code and tests
- * that may use either the legacy API or PSA in various builds.
+ * Macros to express dependencies for code and tests that may use either the
+ * legacy API or PSA in various builds; mostly for internal use.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -19,6 +19,18 @@
*/
/*
+ * Note: applications that are targeting a specific configuration do not need
+ * to use these macros; instead they should directly use the functions they
+ * know are available in their configuration.
+ *
+ * Note: code that is purely based on PSA Crypto (psa_xxx() functions)
+ * does not need to use these macros; instead it should use the relevant
+ * PSA_WANT_xxx macros.
+ *
+ * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx())
+ * does not need to use these macros; instead it should use the relevant
+ * MBEDTLS_xxx macros.
+ *
* These macros are for code that wants to use <crypto feature> and will do so
* using <legacy API> or PSA depending on <condition>, where:
* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
@@ -36,15 +48,10 @@
* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
* MBEDTLS_USE_PSA_CRYPTO is defined;
- * - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
- * using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
- * otherwise;
- * - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
- * hashes using either `mbedtls_md5_xxx()` if it's available, or
- * `psa_hash_xxx()` otherwise.
- * *See docs/architecture/psa-migration/strategy.md, section "Supporting
- * builds with drivers without the software implementation", strategy for step
- * 1 (libmbedcrypto except the RNG subsystem).
+ * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either
+ * `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise;
+ * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either
+ * `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise.
*
* Note: the macros are essential to express test dependencies. Inside code,
* we could instead just use the equivalent pre-processor condition, but
@@ -70,9 +77,9 @@
* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
*
* Note: every time it's possible to use, say SHA-256, via the MD API, then
- * it's also possible to used it via the low-level API. So, code that wants to
+ * it's also possible to use it via the low-level API. So, code that wants to
* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
- * just so happens that all the choosing which API to use based on
+ * just so happens that all the code choosing which API to use based on
* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
* layer (sometimes in addition to the low-level API), so we don't need the
* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
@@ -89,7 +96,7 @@
#ifndef MBEDTLS_OR_PSA_HELPERS_H
#define MBEDTLS_OR_PSA_HELPERS_H
-#include "common.h"
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 990dc58..9e8ae37 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -958,7 +958,7 @@
* might still happen. For this reason, this is disabled by default.
*
* Requires: MBEDTLS_ECJPAKE_C
- * MBEDTLS_SHA256_C
+ * SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites (if other requisites are
@@ -1492,13 +1492,14 @@
*
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
*
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- * (Depends on ciphersuites) when MBEDTLS_USE_PSA_CRYPTO
- * is not defined, PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
- * PSA_WANT_ALG_SHA_512 when MBEDTLS_USE_PSA_CRYPTO is defined.
+ * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
+ * (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ * With MBEDTLS_USE_PSA_CRYPTO:
+ * PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
+ * PSA_WANT_ALG_SHA_512
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any TLS operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any TLS operations.
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
@@ -1517,11 +1518,11 @@
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
* Requires: MBEDTLS_PSA_CRYPTO_C
*
- * Note: even though TLS 1.3 depends on PSA Crypto, if you want it to only use
- * PSA for all crypto operations, you need to also enable
- * MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 operations, and functions that are
- * common with TLS 1.2 (record protection, running handshake hash) will still
- * use non-PSA crypto.
+ * Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditonally
+ * for most operations, if you want it to only use PSA for all crypto
+ * operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
+ * operations, and functions that are common with TLS 1.2 (record protection,
+ * running handshake hash) will still use non-PSA crypto.
*
* Uncomment this macro to enable the support for TLS 1.3.
*/
@@ -1550,6 +1551,26 @@
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum time difference in milliseconds tolerated between the age of a
+ * ticket from the server and client point of view.
+ * From the client point of view, the age of a ticket is the time difference
+ * between the time when the client proposes to the server to use the ticket
+ * (time of writing of the Pre-Shared Key Extension including the ticket) and
+ * the time the client received the ticket from the server.
+ * From the server point of view, the age of a ticket is the time difference
+ * between the time when the server receives a proposition from the client
+ * to use the ticket and the time when the ticket was created by the server.
+ * The server age is expected to be always greater than the client one and
+ * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
+ * maximum difference tolerated for the server to accept the ticket.
+ * This is not used in TLS 1.2.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+
+/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
*
* Size in bytes of a ticket nonce. This is not used in TLS 1.2.
@@ -1559,6 +1580,16 @@
#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
/**
+ * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ *
+ * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
+ * after handshake completion. This is not used in TLS 1.2 and relevant only if
+ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+
+/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
@@ -2337,7 +2368,7 @@
* This module is used by the following key exchanges:
* ECJPAKE
*
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
*
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
* before doing any EC J-PAKE operations.
@@ -2654,7 +2685,10 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS5 operation.
*
* This module adds support for the PKCS#5 functions.
*/
@@ -3136,8 +3170,8 @@
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 operation.
*
* This module is required for the X.509 parsing modules.
*/
@@ -3197,8 +3231,8 @@
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 create operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 create operation.
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1e0220a..eda6bc2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -52,9 +52,7 @@
#include "mbedtls/platform_time.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* SSL Error codes
@@ -629,11 +627,7 @@
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE
-#else
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Length in number of bytes of the TLS sequence number */
@@ -1329,9 +1323,17 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
+ uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */
+#endif
+
#if defined(MBEDTLS_SSL_SRV_C)
uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in
Certificate Request messages? */
@@ -4109,7 +4111,8 @@
void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
#endif /* MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Enable / Disable session tickets (client only).
* (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
@@ -4121,7 +4124,34 @@
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/**
+ * \brief Number of NewSessionTicket messages for the server to send
+ * after handshake completion.
+ *
+ * \note The default value is
+ * \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+ *
+ * \note In case of a session resumption, this setting only partially apply.
+ * At most one ticket is sent in that case to just renew the pool of
+ * tickets of the client. The rationale is to avoid the number of
+ * tickets on the server to become rapidly out of control when the
+ * server has the same configuration for all its connection instances.
+ *
+ * \param conf SSL configuration
+ * \param num_tickets Number of NewSessionTicket.
+ *
+ */
+void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
+ uint16_t num_tickets );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS &&
+ MBEDTLS_SSL_SRV_C &&
+ MBEDTLS_SSL_PROTO_TLS1_3*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 1ddc997..add6b03 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
@@ -1108,7 +1109,7 @@
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen );
-#if defined(MBEDTLS_SHA1_C) || ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
/**
* \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1130,7 +1131,7 @@
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C || (MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_1)*/
+#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
/**
* \brief Set the Key Usage Extension flags
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 9011a55..5ab4fde 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -89,6 +89,8 @@
#define PSA_WANT_ALG_STREAM_CIPHER 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+
/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
* Note: when adding support, also adjust include/mbedtls/config_psa.h */
//#define PSA_WANT_ALG_XTS 1
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 1024d6b..231ea62 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -239,6 +239,15 @@
*/
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
+ * which is expected to work with P-256 curve only. */
+#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
+
+/* The size of a serialized K.X coordinate to be used in
+ * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
+ * curve. */
+#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+
/** The maximum size of a block cipher. */
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 957b4c6..afba325 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -202,6 +202,12 @@
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF ||
MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+typedef struct
+{
+ uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE];
+} psa_tls12_ecjpake_to_pms_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
@@ -267,6 +273,9 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms);
+#endif
} MBEDTLS_PRIVATE(ctx);
};
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 5e6e5e3..b465ddb 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2021,6 +2021,20 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+/* The TLS 1.2 ECJPAKE-to-PMS KDF. It takes the shared secret K (an EC point
+ * in case of EC J-PAKE) and calculates SHA256(K.X) that the rest of TLS 1.2
+ * will use to derive the session secret, as defined by step 2 of
+ * https://datatracker.ietf.org/doc/html/draft-cragie-tls-ecjpake-01#section-8.7.
+ * Uses PSA_ALG_SHA_256.
+ * This function takes a single input:
+ * #PSA_KEY_DERIVATION_INPUT_SECRET is the shared secret K from EC J-PAKE.
+ * The only supported curve is secp256r1 (the 256-bit curve in
+ * #PSA_ECC_FAMILY_SECP_R1), so the input must be exactly 65 bytes.
+ * The output has to be read as a single chunk of 32 bytes, defined as
+ * PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE.
+ */
+#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t)0x08000609)
+
/* This flag indicates whether the key derivation algorithm is suitable for
* use on low-entropy secrets such as password - these algorithms are also
* known as key stretching or password hashing schemes. These are also the
diff --git a/library/aes.c b/library/aes.c
index ca94e0a..03eccef 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -51,12 +51,6 @@
#if !defined(MBEDTLS_AES_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1;
@@ -489,8 +483,6 @@
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
@@ -505,8 +497,6 @@
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
@@ -531,9 +521,6 @@
unsigned int i;
uint32_t *RK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
switch( keybits )
{
case 128: ctx->nr = 10; break;
@@ -649,9 +636,6 @@
uint32_t *RK;
uint32_t *SK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
mbedtls_aes_init( &cty );
ctx->rk_offset = 0;
@@ -743,9 +727,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -768,9 +749,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -970,11 +948,8 @@
const unsigned char input[16],
unsigned char output[16] )
{
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -1014,12 +989,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1123,12 +1094,8 @@
unsigned char prev_tweak[16];
unsigned char tmp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( data_unit != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
/* Data units must be at least 16 bytes long. */
if( length < 16 )
@@ -1232,13 +1199,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
n = *iv_off;
@@ -1301,12 +1263,8 @@
unsigned char c;
unsigned char ov[17];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
while( length-- )
{
memcpy( ov, iv, 16 );
@@ -1345,12 +1303,6 @@
int ret = 0;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *iv_off;
if( n > 15 )
@@ -1392,13 +1344,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( nc_off != NULL );
- AES_VALIDATE_RET( nonce_counter != NULL );
- AES_VALIDATE_RET( stream_block != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *nc_off;
if ( n > 0x0F )
diff --git a/library/camellia.c b/library/camellia.c
index 29d730a..c29e6c1 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -43,12 +43,6 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
-/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static const unsigned char SIGMA_CHARS[6][8] =
{
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@@ -298,7 +292,6 @@
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
{
- CAMELLIA_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
}
@@ -325,9 +318,6 @@
uint32_t KC[16];
uint32_t TK[20];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
-
RK = ctx->rk;
memset( t, 0, 64 );
@@ -431,8 +421,6 @@
mbedtls_camellia_context cty;
uint32_t *RK;
uint32_t *SK;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
mbedtls_camellia_init( &cty );
@@ -480,11 +468,8 @@
{
int NR;
uint32_t *RK, X[4];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( input != NULL );
- CAMELLIA_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
( (void) mode );
@@ -550,12 +535,8 @@
{
int i;
unsigned char temp[16];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -611,13 +592,8 @@
{
int c;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( iv_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
n = *iv_off;
if( n >= 16 )
@@ -670,12 +646,6 @@
{
int c, i;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
- CAMELLIA_VALIDATE_RET( stream_block != NULL );
- CAMELLIA_VALIDATE_RET( nc_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
n = *nc_off;
if( n >= 16 )
diff --git a/library/chacha20.c b/library/chacha20.c
index 658f046..f6d6e25 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -48,12 +48,6 @@
#define inline __inline
#endif
-/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#define ROTL32( value, amount ) \
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
@@ -172,8 +166,6 @@
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
- CHACHA20_VALIDATE( ctx != NULL );
-
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
@@ -192,9 +184,6 @@
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( key != NULL );
-
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->state[0] = 0x61707865;
ctx->state[1] = 0x3320646e;
@@ -218,9 +207,6 @@
const unsigned char nonce[12],
uint32_t counter )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
-
/* Counter */
ctx->state[12] = counter;
@@ -245,10 +231,6 @@
size_t offset = 0U;
size_t i;
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
-
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
@@ -312,11 +294,6 @@
mbedtls_chacha20_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHA20_VALIDATE_RET( key != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
-
mbedtls_chacha20_init( &ctx );
ret = mbedtls_chacha20_setkey( &ctx, key );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index dc75b20..1f75528 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -39,12 +39,6 @@
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-/* Parameter validation macros */
-#define CHACHAPOLY_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define CHACHAPOLY_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#define CHACHAPOLY_STATE_INIT ( 0 )
#define CHACHAPOLY_STATE_AAD ( 1 )
#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
@@ -91,8 +85,6 @@
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
{
- CHACHAPOLY_VALIDATE( ctx != NULL );
-
mbedtls_chacha20_init( &ctx->chacha20_ctx );
mbedtls_poly1305_init( &ctx->poly1305_ctx );
ctx->aad_len = 0U;
@@ -118,8 +110,6 @@
const unsigned char key[32] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( key != NULL );
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
@@ -132,8 +122,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char poly1305_key[64];
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
@@ -170,9 +158,6 @@
const unsigned char *aad,
size_t aad_len )
{
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
-
if( ctx->state != CHACHAPOLY_STATE_AAD )
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
@@ -187,9 +172,6 @@
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
@@ -237,8 +219,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char len_block[16];
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( mac != NULL );
if( ctx->state == CHACHAPOLY_STATE_INIT )
{
@@ -314,13 +294,6 @@
unsigned char *output,
unsigned char tag[16] )
{
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
- CHACHAPOLY_VALIDATE_RET( tag != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
-
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
length, nonce, aad, aad_len,
input, output, tag ) );
@@ -339,12 +312,6 @@
unsigned char check_tag[16];
size_t i;
int diff;
- CHACHAPOLY_VALIDATE_RET( ctx != NULL );
- CHACHAPOLY_VALIDATE_RET( nonce != NULL );
- CHACHAPOLY_VALIDATE_RET( tag != NULL );
- CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
- CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
if( ( ret = chachapoly_crypt_and_tag( ctx,
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h
index c74437e..e60e666 100644
--- a/library/check_crypto_config.h
+++ b/library/check_crypto_config.h
@@ -93,4 +93,9 @@
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \
+ !defined(PSA_WANT_ALG_SHA_256)
+#error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites"
+#endif
+
#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */
diff --git a/library/cipher.c b/library/cipher.c
index 0bac4ee..752d1fe 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -70,11 +70,6 @@
#define mbedtls_free free
#endif
-#define CIPHER_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
@@ -143,7 +138,6 @@
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
}
@@ -193,7 +187,6 @@
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -257,10 +250,8 @@
int key_bitlen,
const mbedtls_operation_t operation )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( key != NULL );
- CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
- operation == MBEDTLS_DECRYPT );
+ if( operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT )
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -356,8 +347,6 @@
{
size_t actual_iv_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -453,7 +442,6 @@
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -475,8 +463,6 @@
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -529,10 +515,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -952,9 +934,6 @@
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1054,8 +1033,6 @@
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
-
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1117,8 +1094,6 @@
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1168,8 +1143,6 @@
unsigned char check_tag[16];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1261,12 +1234,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
@@ -1542,13 +1509,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1598,13 +1558,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/library/dhm.c b/library/dhm.c
index 1e95bda..1ba5339 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -55,11 +55,6 @@
#if !defined(MBEDTLS_DHM_ALT)
-#define DHM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
-#define DHM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* helper to validate the mbedtls_mpi size and import it
*/
@@ -120,7 +115,6 @@
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
{
- DHM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
@@ -173,9 +167,6 @@
const unsigned char *end )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( p != NULL && *p != NULL );
- DHM_VALIDATE_RET( end != NULL );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
@@ -252,10 +243,6 @@
int ret;
size_t n1, n2, n3;
unsigned char *p;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
if( ret != 0 )
@@ -300,9 +287,6 @@
const mbedtls_mpi *G )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( P != NULL );
- DHM_VALIDATE_RET( G != NULL );
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
@@ -320,8 +304,6 @@
const unsigned char *input, size_t ilen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( input != NULL );
if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -341,9 +323,6 @@
void *p_rng )
{
int ret;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -440,9 +419,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi GYb;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -518,9 +494,6 @@
mbedtls_pem_context pem;
#endif /* MBEDTLS_PEM_PARSE_C */
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( dhmin != NULL );
-
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
@@ -667,8 +640,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
unsigned char *buf;
- DHM_VALIDATE_RET( dhm != NULL );
- DHM_VALIDATE_RET( path != NULL );
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
diff --git a/library/gcm.c b/library/gcm.c
index 6d07f87..ac329e3 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -52,18 +52,11 @@
#if !defined(MBEDTLS_GCM_ALT)
-/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Initialize a context
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
- GCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
}
@@ -143,9 +136,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( key != NULL );
- GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+ if( keybits != 128 && keybits != 192 && keybits != 256 )
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
MBEDTLS_MODE_ECB );
@@ -256,9 +248,6 @@
size_t use_len, olen = 0;
uint64_t iv_bits;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
@@ -334,8 +323,6 @@
const unsigned char *p;
size_t use_len, i, offset;
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
if( (uint64_t) add_len >> 61 != 0 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -434,7 +421,6 @@
if( output_size < input_length )
return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
- GCM_VALIDATE_RET( output_length != NULL );
*output_length = input_length;
/* Exit early if input_length==0 so that we don't do any pointer arithmetic
@@ -444,10 +430,6 @@
if( input_length == 0 )
return( 0 );
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( input != NULL );
- GCM_VALIDATE_RET( output != NULL );
-
if( output > input && (size_t) ( output - input ) < input_length )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -519,9 +501,6 @@
uint64_t orig_len;
uint64_t orig_add_len;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
/* We never pass any output in finish(). The output parameter exists only
* for the sake of alternative implementations. */
(void) output;
@@ -580,13 +559,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
return( ret );
@@ -619,13 +591,6 @@
size_t i;
int diff;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( tag != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
-
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
diff --git a/library/hash_info.c b/library/hash_info.c
index 366ca3f..cd7d70e 100644
--- a/library/hash_info.c
+++ b/library/hash_info.c
@@ -21,7 +21,7 @@
*/
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/error.h"
typedef struct
diff --git a/library/oid.c b/library/oid.c
index 4ecf621..dcd1815 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -27,7 +27,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <stdio.h>
#include <string.h>
diff --git a/library/pem.c b/library/pem.c
index f2ee5ca..e4101e8 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -45,12 +45,14 @@
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
-#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
#define PEM_RFC1421
-#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CIPHER_MODE_CBC &&
+#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
+ MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#if defined(MBEDTLS_PEM_PARSE_C)
diff --git a/library/pk.c b/library/pk.c
index 5dd0fa8..8dc19ef 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -46,19 +46,11 @@
#include <limits.h>
#include <stdint.h>
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Initialise a mbedtls_pk_context
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx )
{
- PK_VALIDATE( ctx != NULL );
-
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
}
@@ -83,7 +75,6 @@
*/
void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
{
- PK_VALIDATE( ctx != NULL );
ctx->pk_info = NULL;
ctx->rs_ctx = NULL;
}
@@ -137,7 +128,6 @@
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
{
- PK_VALIDATE_RET( ctx != NULL );
if( info == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -200,7 +190,6 @@
mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
- PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -404,10 +393,8 @@
const unsigned char *sig, size_t sig_len,
mbedtls_pk_restart_ctx *rs_ctx )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
if( ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
@@ -462,10 +449,8 @@
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -588,13 +573,10 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_pk_restart_ctx *rs_ctx )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
- hash != NULL );
- PK_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- if( ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -707,11 +689,6 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
-
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -730,11 +707,6 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( input != NULL || ilen == 0 );
- PK_VALIDATE_RET( output != NULL || osize == 0 );
- PK_VALIDATE_RET( olen != NULL );
-
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -753,9 +725,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- PK_VALIDATE_RET( pub != NULL );
- PK_VALIDATE_RET( prv != NULL );
-
if( pub->pk_info == NULL ||
prv->pk_info == NULL )
{
@@ -800,7 +769,6 @@
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
{
- PK_VALIDATE_RET( ctx != NULL );
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
diff --git a/library/pkparse.c b/library/pkparse.c
index 73d59a6..2a9a558 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -56,12 +56,6 @@
#define mbedtls_free free
#endif
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
@@ -75,10 +69,6 @@
FILE *f;
long size;
- PK_VALIDATE_RET( path != NULL );
- PK_VALIDATE_RET( buf != NULL );
- PK_VALIDATE_RET( n != NULL );
-
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@@ -133,9 +123,6 @@
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
-
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -160,9 +147,6 @@
size_t n;
unsigned char *buf;
- PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( path != NULL );
-
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -620,11 +604,6 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( end != NULL );
- PK_VALIDATE_RET( pk != NULL );
-
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
@@ -1217,10 +1196,8 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( pk != NULL );
if( keylen == 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
@@ -1436,10 +1413,8 @@
mbedtls_pem_context pem;
#endif
- PK_VALIDATE_RET( ctx != NULL );
if( keylen == 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
- PK_VALIDATE_RET( key != NULL || keylen == 0 );
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 8b99340..4d87b07 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -59,12 +59,6 @@
#define mbedtls_free free
#endif
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
@@ -182,11 +176,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- PK_VALIDATE_RET( p != NULL );
- PK_VALIDATE_RET( *p != NULL );
- PK_VALIDATE_RET( start != NULL );
- PK_VALIDATE_RET( key != NULL );
-
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
@@ -233,10 +222,8 @@
mbedtls_pk_type_t pk_type;
const char *oid;
- PK_VALIDATE_RET( key != NULL );
if( size == 0 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
c = buf + size;
@@ -333,10 +320,8 @@
unsigned char *c;
size_t len = 0;
- PK_VALIDATE_RET( key != NULL );
if( size == 0 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- PK_VALIDATE_RET( buf != NULL );
c = buf + size;
@@ -500,9 +485,6 @@
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
-
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
@@ -526,9 +508,6 @@
const char *begin, *end;
size_t olen = 0;
- PK_VALIDATE_RET( key != NULL );
- PK_VALIDATE_RET( buf != NULL || size == 0 );
-
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
return( ret );
diff --git a/library/poly1305.c b/library/poly1305.c
index 7375a0c..f0d4cb6 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -44,12 +44,6 @@
#define inline __inline
#endif
-/* Parameter validation macros */
-#define POLY1305_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define POLY1305_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
/*
@@ -258,8 +252,6 @@
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
{
- POLY1305_VALIDATE( ctx != NULL );
-
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
}
@@ -274,9 +266,6 @@
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
const unsigned char key[32] )
{
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( key != NULL );
-
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 ) & 0x0FFFFFFFU;
ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 ) & 0x0FFFFFFCU;
@@ -310,8 +299,6 @@
size_t remaining = ilen;
size_t queue_free_len;
size_t nblocks;
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
{
@@ -369,9 +356,6 @@
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
unsigned char mac[16] )
{
- POLY1305_VALIDATE_RET( ctx != NULL );
- POLY1305_VALIDATE_RET( mac != NULL );
-
/* Process any leftover data */
if( ctx->queue_len > 0U )
{
@@ -400,9 +384,6 @@
{
mbedtls_poly1305_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- POLY1305_VALIDATE_RET( key != NULL );
- POLY1305_VALIDATE_RET( mac != NULL );
- POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
mbedtls_poly1305_init( &ctx );
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4a0bd83..38b49cb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4245,7 +4245,8 @@
#if defined(BUILTIN_ALG_ANY_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
#define AT_LEAST_ONE_BUILTIN_KDF
#endif /* At least one builtin KDF */
@@ -4352,6 +4353,14 @@
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
+ {
+ mbedtls_platform_zeroize( operation->ctx.tls12_ecjpake_to_pms.data,
+ sizeof( operation->ctx.tls12_ecjpake_to_pms.data ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */
{
status = PSA_ERROR_BAD_STATE;
}
@@ -4633,6 +4642,31 @@
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read(
+ psa_tls12_ecjpake_to_pms_t *ecjpake,
+ uint8_t *output,
+ size_t output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t output_size = 0;
+
+ if( output_length != 32 )
+ return ( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_hash_compute( PSA_ALG_SHA_256, ecjpake->data,
+ PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE, output, output_length,
+ &output_size );
+ if( status != PSA_SUCCESS )
+ return ( status );
+
+ if( output_size != output_length )
+ return ( PSA_ERROR_GENERIC_ERROR );
+
+ return ( PSA_SUCCESS );
+}
+#endif
+
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
@@ -4687,6 +4721,15 @@
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
+ {
+ status = psa_key_derivation_tls12_ecjpake_to_pms_read(
+ &operation->ctx.tls12_ecjpake_to_pms, output, output_length );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
+
{
(void) kdf_alg;
return( PSA_ERROR_BAD_STATE );
@@ -5079,6 +5122,10 @@
if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
return( 1 );
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
+ return( 1 );
+#endif
return( 0 );
}
@@ -5102,19 +5149,26 @@
if( ! is_kdf_alg_supported( kdf_alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
- /* All currently supported key derivation algorithms are based on a
- * hash algorithm. */
+ /* All currently supported key derivation algorithms (apart from
+ * ecjpake to pms) are based on a hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- if( hash_size == 0 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ if( kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS )
+ {
+ if( hash_size == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
- /* Make sure that hash_alg is a supported hash algorithm. Otherwise
- * we might fail later, which is somewhat unfriendly and potentially
- * risk-prone. */
- psa_status_t status = psa_hash_try_support( hash_alg );
- if( status != PSA_SUCCESS )
- return( status );
+ /* Make sure that hash_alg is a supported hash algorithm. Otherwise
+ * we might fail later, which is somewhat unfriendly and potentially
+ * risk-prone. */
+ psa_status_t status = psa_hash_try_support( hash_alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+ else
+ {
+ hash_size = PSA_HASH_LENGTH( PSA_ALG_SHA_256 );
+ }
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
@@ -5122,11 +5176,14 @@
{
return( PSA_ERROR_NOT_SUPPORTED );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
- if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ||
+ ( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) )
operation->capacity = hash_size;
else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
+ MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
@@ -5515,6 +5572,29 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+static psa_status_t psa_tls12_ecjpake_to_pms_input(
+ psa_tls12_ecjpake_to_pms_t *ecjpake,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length )
+{
+ if( data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE ||
+ step != PSA_KEY_DERIVATION_INPUT_SECRET )
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ /* Check if the passed point is in an uncompressed form */
+ if( data[0] != 0x04 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Only K.X has to be extracted - bytes 1 to 32 inclusive. */
+ memcpy( ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE );
+
+ return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
/** Check whether the given key type is acceptable for the given
* input step of a key derivation.
*
@@ -5593,6 +5673,14 @@
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
+ {
+ status = psa_tls12_ecjpake_to_pms_input(
+ &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
{
/* This can't happen unless the operation object was not initialized */
(void) data;
diff --git a/library/rsa.c b/library/rsa.c
index e597555..4df240a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -74,19 +74,12 @@
#if !defined(MBEDTLS_RSA_ALT)
-/* Parameter validation macros */
-#define RSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-#define RSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
const mbedtls_mpi *P, const mbedtls_mpi *Q,
const mbedtls_mpi *D, const mbedtls_mpi *E )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( ctx != NULL );
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
@@ -111,7 +104,6 @@
unsigned char const *E, size_t E_len )
{
int ret = 0;
- RSA_VALIDATE_RET( ctx != NULL );
if( N != NULL )
{
@@ -241,8 +233,6 @@
#endif
int n_missing, pq_missing, d_missing, is_pub, is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
-
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
@@ -345,7 +335,6 @@
{
int ret = 0;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -390,7 +379,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -434,7 +422,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int is_priv;
- RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
is_priv =
@@ -471,8 +458,6 @@
*/
void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
ctx->padding = MBEDTLS_RSA_PKCS_V15;
@@ -549,8 +534,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi H, G, L;
int prime_quality = 0;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( f_rng != NULL );
/*
* If the modulus is 1024 bit long or shorter, then the security strength of
@@ -663,8 +646,6 @@
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE_RET( ctx != NULL );
-
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
@@ -688,8 +669,6 @@
*/
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
{
- RSA_VALIDATE_RET( ctx != NULL );
-
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
{
@@ -719,9 +698,6 @@
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv )
{
- RSA_VALIDATE_RET( pub != NULL );
- RSA_VALIDATE_RET( prv != NULL );
-
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
mbedtls_rsa_check_privkey( prv ) != 0 )
{
@@ -747,9 +723,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
mbedtls_mpi T;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -917,10 +890,6 @@
* checked result; should be the same in the end. */
mbedtls_mpi I, C;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( output != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1308,11 +1277,6 @@
unsigned char *p = output;
unsigned int hlen;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1374,10 +1338,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = output;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
olen = ctx->len;
/* first comparison checks for overflow */
@@ -1426,10 +1386,6 @@
const unsigned char *input,
unsigned char *output )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output != NULL );
- RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1469,12 +1425,6 @@
unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
unsigned int hlen;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( label_len == 0 || label != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
/*
* Parameters sanity checks
*/
@@ -1595,11 +1545,6 @@
size_t ilen;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
ilen = ctx->len;
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
@@ -1634,11 +1579,6 @@
unsigned char *output,
size_t output_max_len)
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
- RSA_VALIDATE_RET( input != NULL );
- RSA_VALIDATE_RET( olen != NULL );
-
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1676,11 +1616,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msb;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1952,11 +1889,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *sig_try = NULL, *verif = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2020,11 +1954,8 @@
const unsigned char *hash,
unsigned char *sig )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
- RSA_VALIDATE_RET( sig != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
switch( ctx->padding )
{
@@ -2066,11 +1997,8 @@
size_t observed_salt_len, msb;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0};
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
siglen = ctx->len;
@@ -2165,11 +2093,8 @@
const unsigned char *sig )
{
mbedtls_md_type_t mgf1_hash_id;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
? (mbedtls_md_type_t) ctx->hash_id
@@ -2198,11 +2123,8 @@
size_t sig_len;
unsigned char *encoded = NULL, *encoded_expected = NULL;
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
sig_len = ctx->len;
@@ -2267,11 +2189,8 @@
const unsigned char *hash,
const unsigned char *sig )
{
- RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( sig != NULL );
- RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
- hashlen == 0 ) ||
- hash != NULL );
+ if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
switch( ctx->padding )
{
@@ -2298,8 +2217,6 @@
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- RSA_VALIDATE_RET( dst != NULL );
- RSA_VALIDATE_RET( src != NULL );
dst->len = src->len;
diff --git a/library/sha1.c b/library/sha1.c
index 6fc9371..56532b1 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -41,17 +41,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
-#define SHA1_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
-
-#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA1_ALT)
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
@@ -66,9 +59,6 @@
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
- SHA1_VALIDATE( dst != NULL );
- SHA1_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -77,8 +67,6 @@
*/
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE_RET( ctx != NULL );
-
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -100,9 +88,6 @@
uint32_t temp, W[16], A, B, C, D, E;
} local;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
-
local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
@@ -277,9 +262,6 @@
size_t fill;
uint32_t left;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -329,9 +311,6 @@
uint32_t used;
uint32_t high, low;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -392,9 +371,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha1_context ctx;
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha1_init( &ctx );
if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index ac15ef8..4819ba3 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -149,18 +149,12 @@
#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA256_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
-#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA256_ALT)
#define SHA256_BLOCK_SIZE 64
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
- SHA256_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
@@ -175,9 +169,6 @@
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
- SHA256_VALIDATE( dst != NULL );
- SHA256_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -186,12 +177,12 @@
*/
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
- SHA256_VALIDATE_RET( ctx != NULL );
-
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -427,9 +418,6 @@
unsigned int i;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
-
for( i = 0; i < 8; i++ )
local.A[i] = ctx->state[i];
@@ -579,9 +567,6 @@
size_t fill;
uint32_t left;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -633,9 +618,6 @@
uint32_t used;
uint32_t high, low;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -705,14 +687,13 @@
mbedtls_sha256_context ctx;
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha256_init( &ctx );
if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
diff --git a/library/sha512.c b/library/sha512.c
index be03ec3..f96580d 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -164,10 +164,6 @@
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA512_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
-#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA512_ALT)
#define SHA512_BLOCK_SIZE 128
@@ -183,8 +179,6 @@
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
- SHA512_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
}
@@ -199,9 +193,6 @@
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src )
{
- SHA512_VALIDATE( dst != NULL );
- SHA512_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -210,11 +201,12 @@
*/
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
- SHA512_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -569,9 +561,6 @@
uint64_t A[8];
} local;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
-
#define SHR(x,n) ((x) >> (n))
#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
@@ -735,9 +724,6 @@
size_t fill;
unsigned int left;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -788,9 +774,6 @@
unsigned used;
uint64_t high, low;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
*/
@@ -862,12 +845,12 @@
mbedtls_sha512_context ctx;
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
mbedtls_sha512_init( &ctx );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index dc50449..808aa9e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -33,7 +33,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 8777833..b6a8add 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -38,7 +38,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/constant_time.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a59e672..afacb76 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -32,7 +32,7 @@
#include "mbedtls/psa_util.h"
#include "hash_info.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
@@ -624,6 +624,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ uint16_t new_session_tickets_count; /*!< number of session tickets */
+#endif
#endif /* MBEDTLS_SSL_SRV_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2457,16 +2460,6 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/* Check if we have any PSK to offer, returns 0 if PSK is available.
- * Assign the psk and ticket if pointers are present.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_psk_to_offer(
- const mbedtls_ssl_context *ssl,
- int *psk_type,
- const unsigned char **psk, size_t *psk_len,
- const unsigned char **psk_identity, size_t *psk_identity_len );
-
/**
* \brief Given an SSL context and its associated configuration, write the TLS
* 1.3 specific Pre-Shared key extension.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index af65e6d..f0615ea 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -54,7 +54,7 @@
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
@@ -763,6 +763,13 @@
mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS)
+ ssl->handshake->new_session_tickets_count =
+ ssl->conf->new_session_tickets_count ;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
@@ -2611,6 +2618,15 @@
#endif
#if defined(MBEDTLS_SSL_SRV_C)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
+ uint16_t num_tickets )
+{
+ conf->new_session_tickets_count = num_tickets;
+}
+#endif
+
void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_ticket_write_t *f_ticket_write,
mbedtls_ssl_ticket_parse_t *f_ticket_parse,
@@ -4644,6 +4660,10 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_new_session_tickets(
+ conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
+#endif
/*
* Allow all TLS 1.3 key exchange modes by default.
*/
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 505f8dd..33e8cc6 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -664,10 +664,59 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
return ( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+/* Check if we have any PSK to offer, returns 0 if a PSK is available. */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_get_psk_to_offer(
+ const mbedtls_ssl_context *ssl,
+ int *psk_type,
+ const unsigned char **psk, size_t *psk_len,
+ const unsigned char **psk_identity, size_t *psk_identity_len )
+{
+ *psk = NULL;
+ *psk_len = 0;
+ *psk_identity = NULL;
+ *psk_identity_len = 0;
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ /* Check if a ticket has been configured. */
+ if( ssl->session_negotiate != NULL &&
+ ssl->session_negotiate->ticket != NULL )
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now = mbedtls_time( NULL );
+ if( ssl->session_negotiate->ticket_received <= now &&
+ (uint64_t)( now - ssl->session_negotiate->ticket_received )
+ <= ssl->session_negotiate->ticket_lifetime )
+ {
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+ *psk = ssl->session_negotiate->resumption_key;
+ *psk_len = ssl->session_negotiate->resumption_key_len;
+ *psk_identity = ssl->session_negotiate->ticket;
+ *psk_identity_len = ssl->session_negotiate->ticket_len;
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket expired" ) );
+ }
+#endif
+
+ /* Check if an external PSK has been configured. */
+ if( ssl->conf->psk != NULL )
+ {
+ *psk = ssl->conf->psk;
+ *psk_len = ssl->conf->psk_len;
+ *psk_identity = ssl->conf->psk_identity;
+ *psk_identity_len = ssl->conf->psk_identity_len;
+ return( 0 );
+ }
+
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+}
/*
- * mbedtls_ssl_tls13_write_pre_shared_key_ext() structure:
+ * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure:
*
* struct {
* opaque identity<1..2^16-1>;
@@ -689,9 +738,6 @@
* } PreSharedKeyExtension;
*
*/
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end,
@@ -725,9 +771,8 @@
* configured, offer that.
* - Otherwise, skip the PSK extension.
*/
-
- if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) );
return( 0 );
@@ -757,6 +802,26 @@
break;
}
}
+ else
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now = mbedtls_time( NULL );
+
+ obfuscated_ticket_age =
+ ( (uint32_t)( now - ssl->session_negotiate->ticket_received ) * 1000 )
+ + ssl->session_negotiate->ticket_age_add;
+#endif
+ }
+ else
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "write_identities_of_pre_shared_key_ext: "
+ "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite );
@@ -831,8 +896,8 @@
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len;
- if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -1266,15 +1331,15 @@
size_t psk_len;
const unsigned char *psk_identity;
size_t psk_identity_len;
-
+ int psk_type;
/* Check which PSK we've offered.
*
* NOTE: Ultimately, we want to offer multiple PSKs, and in this
* case, we need to iterate over them here.
*/
- if( mbedtls_ssl_get_psk_to_offer( ssl, NULL, &psk, &psk_len,
- &psk_identity, &psk_identity_len ) != 0 )
+ if( ssl_tls13_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+ &psk_identity, &psk_identity_len ) != 0 )
{
/* If we haven't offered a PSK, the server must not send
* a PSK identity extension. */
@@ -1622,16 +1687,19 @@
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
break;
/* Neither pre_shared_key nor key_share extension was received */
@@ -1819,7 +1887,12 @@
*/
switch( extension_type )
{
+ case MBEDTLS_TLS_EXT_SERVERNAME:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) );
+ /* The server_name extension should be an empty extension */
+
+ break;
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) );
break;
@@ -2237,11 +2310,11 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_generate_resumption_master_secret( ssl );
+ ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls13_generate_resumption_master_secret ", ret );
+ "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret );
return ( ret );
}
@@ -2405,6 +2478,9 @@
return( ret );
}
+ /* session has been updated, allow export */
+ session->exported = 0;
+
return( 0 );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2fe382b..abb7a14 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1485,41 +1485,4 @@
}
#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/* Check if we have any PSK to offer, returns 0 if PSK is available.
- * Assign the psk and ticket if pointers are present.
- */
-int mbedtls_ssl_get_psk_to_offer(
- const mbedtls_ssl_context *ssl,
- int *psk_type,
- const unsigned char **psk, size_t *psk_len,
- const unsigned char **psk_identity, size_t *psk_identity_len )
-{
- int ptrs_present = 0;
-
- if( psk_type != NULL && psk != NULL && psk_len != NULL &&
- psk_identity != NULL && psk_identity_len != NULL )
- {
- ptrs_present = 1;
- }
-
- /* Check if an external PSK has been configured. */
- if( ssl->conf->psk != NULL )
- {
- if( ptrs_present )
- {
- *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
- *psk = ssl->conf->psk;
- *psk_len = ssl->conf->psk_len;
- *psk_identity = ssl->conf->psk_identity;
- *psk_identity_len = ssl->conf->psk_identity_len;
- }
-
- return( 0 );
- }
-
- return( 1 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 32a4f2a..48de3d0 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1504,12 +1504,43 @@
return( ret );
}
-int mbedtls_ssl_tls13_generate_resumption_master_secret(
- mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_md_type_t md_type;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+ size_t transcript_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "=> mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
+
+ md_type = handshake->ciphersuite_info->mac;
+
+ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+ transcript, sizeof( transcript ),
+ &transcript_len );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
+ mbedtls_psa_translate_md( md_type ),
+ handshake->tls13_master_secrets.app,
+ transcript, transcript_len,
+ &ssl->session_negotiate->app_secrets );
+ if( ret != 0 )
+ return( ret );
+
/* Erase master secrets */
- mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
- sizeof( ssl->handshake->tls13_master_secrets ) );
+ mbedtls_platform_zeroize( &handshake->tls13_master_secrets,
+ sizeof( handshake->tls13_master_secrets ) );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
+ ssl->session_negotiate->app_secrets.resumption_master_secret,
+ PSA_HASH_LENGTH( mbedtls_psa_translate_md( md_type ) ) ) ;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "<= mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
return( 0 );
}
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index d82bf7a..f3bdf37 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -636,8 +636,7 @@
* \returns A negative error code on failure.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_generate_resumption_master_secret(
- mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl );
/**
* \brief Calculate the verify_data value for the client or server TLS 1.3
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 78d3449..6591ecb 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -121,14 +121,170 @@
#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_offered_psks_check_identity_match_ticket(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *identity,
+ size_t identity_len,
+ uint32_t obfuscated_ticket_age,
+ mbedtls_ssl_session *session )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *ticket_buffer;
+#if defined(MBEDTLS_HAVE_TIME)
+ mbedtls_time_t now;
+ uint64_t age_in_s;
+ int64_t age_diff_in_ms;
+#endif
+
+ ((void) obfuscated_ticket_age);
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> check_identity_match_ticket" ) );
+
+ /* Ticket parser is not configured, Skip */
+ if( ssl->conf->f_ticket_parse == NULL || identity_len == 0 )
+ return( 0 );
+
+ /* We create a copy of the encrypted ticket since the ticket parsing
+ * function is allowed to use its input buffer as an output buffer
+ * (in-place decryption). We do, however, need the original buffer for
+ * computing the PSK binder value.
+ */
+ ticket_buffer = mbedtls_calloc( 1, identity_len );
+ if( ticket_buffer == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+ memcpy( ticket_buffer, identity, identity_len );
+
+ if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket,
+ session,
+ ticket_buffer, identity_len ) ) != 0 )
+ {
+ if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
+ else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
+ else
+ MBEDTLS_SSL_DEBUG_RET( 1, "ticket_parse", ret );
+ }
+
+ /* We delete the temporary buffer */
+ mbedtls_free( ticket_buffer );
+
+ if( ret != 0 )
+ goto exit;
+
+ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+#if defined(MBEDTLS_HAVE_TIME)
+ now = mbedtls_time( NULL );
+
+ if( now < session->start )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: now=%" MBEDTLS_PRINTF_LONGLONG
+ ", start=%" MBEDTLS_PRINTF_LONGLONG,
+ (long long)now, (long long)session->start ) );
+ goto exit;
+ }
+
+ age_in_s = (uint64_t)( now - session->start );
+
+ /* RFC 8446 section 4.6.1
+ *
+ * Servers MUST NOT use any value greater than 604800 seconds (7 days).
+ *
+ * RFC 8446 section 4.2.11.1
+ *
+ * Clients MUST NOT attempt to use tickets which have ages greater than
+ * the "ticket_lifetime" value which was provided with the ticket.
+ *
+ * For time being, the age MUST be less than 604800 seconds (7 days).
+ */
+ if( age_in_s > 604800 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: Ticket age exceed limitation ticket_age=%lu",
+ (long unsigned int)age_in_s ) );
+ goto exit;
+ }
+
+ /* RFC 8446 section 4.2.10
+ *
+ * For PSKs provisioned via NewSessionTicket, a server MUST validate that
+ * the ticket age for the selected PSK identity (computed by subtracting
+ * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is
+ * within a small tolerance of the time since the ticket was issued.
+ *
+ * NOTE: When `now == session->start`, `age_diff_in_ms` may be negative
+ * as the age units are different on the server (s) and in the
+ * client (ms) side. Add a -1000 ms tolerance window to take this
+ * into account.
+ */
+ age_diff_in_ms = age_in_s * 1000;
+ age_diff_in_ms -= ( obfuscated_ticket_age - session->ticket_age_add );
+ if( age_diff_in_ms <= -1000 ||
+ age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "Ticket expired: Ticket age outside tolerance window "
+ "( diff=%d )", (int)age_diff_in_ms ) );
+ goto exit;
+ }
+
+ ret = 0;
+
+#endif /* MBEDTLS_HAVE_TIME */
+
+exit:
+ if( ret != 0 )
+ mbedtls_ssl_session_free( session );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= check_identity_match_ticket" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match(
mbedtls_ssl_context *ssl,
const unsigned char *identity,
size_t identity_len,
- int *psk_type )
+ uint32_t obfuscated_ticket_age,
+ int *psk_type,
+ mbedtls_ssl_session *session )
{
+ ((void) session);
+ ((void) obfuscated_ticket_age);
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "identity", identity, identity_len );
+ ssl->handshake->resume = 0;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( ssl_tls13_offered_psks_check_identity_match_ticket(
+ ssl, identity, identity_len, obfuscated_ticket_age,
+ session ) == SSL_TLS1_3_OFFERED_PSK_MATCH )
+ {
+ ssl->handshake->resume = 1;
+ *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
+ mbedtls_ssl_set_hs_psk( ssl,
+ session->resumption_key,
+ session->resumption_key_len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "Ticket-resumed PSK:",
+ session->resumption_key,
+ session->resumption_key_len );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "ticket: obfuscated_ticket_age: %u",
+ (unsigned)obfuscated_ticket_age ) );
+ return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
/* Check identity with external configured function */
if( ssl->conf->f_psk != NULL )
{
@@ -256,6 +412,7 @@
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_ciphersuite_for_resumption(
mbedtls_ssl_context *ssl,
@@ -265,15 +422,46 @@
uint16_t *selected_ciphersuite,
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
{
- ((void) ssl);
- ((void) session);
- ((void) cipher_suites);
- ((void) cipher_suites_end);
+
*selected_ciphersuite = 0;
*selected_ciphersuite_info = NULL;
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ for( const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2 )
+ {
+ uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+ if( cipher_suite != session->ciphersuite )
+ continue;
+
+ ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
+ cipher_suite );
+ if( ciphersuite_info == NULL )
+ continue;
+
+ *selected_ciphersuite = cipher_suite;
+ *selected_ciphersuite_info = ciphersuite_info;
+
+ return( 0 );
+ }
+
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_session_copy_ticket( mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src )
+{
+ dst->ticket_age_add = src->ticket_age_add;
+ dst->ticket_flags = src->ticket_flags;
+ dst->resumption_key_len = src->resumption_key_len;
+ if( src->resumption_key_len == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ memcpy( dst->resumption_key, src->resumption_key, src->resumption_key_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
/* Parser for pre_shared_key extension in client hello
* struct {
* opaque identity<1..2^16-1>;
@@ -343,17 +531,23 @@
{
const unsigned char *identity;
size_t identity_len;
+ uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int psk_type;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_session session;
+ mbedtls_ssl_session_init( &session );
+#endif
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 );
identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 );
identity = p_identity_len + 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( identity, identities_end, identity_len + 4 );
+ obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE( identity , identity_len );
p_identity_len += identity_len + 6;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, binders_end, 1 + 32 );
@@ -367,7 +561,8 @@
continue;
ret = ssl_tls13_offered_psks_check_identity_match(
- ssl, identity, identity_len, &psk_type );
+ ssl, identity, identity_len, obfuscated_ticket_age,
+ &psk_type, &session );
if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
continue;
@@ -380,9 +575,15 @@
&cipher_suite, &ciphersuite_info );
break;
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
ret = ssl_tls13_select_ciphersuite_for_resumption(
- ssl, ciphersuites, ciphersuites_end, NULL,
+ ssl, ciphersuites, ciphersuites_end, &session,
&cipher_suite, &ciphersuite_info );
+ if( ret != 0 )
+ mbedtls_ssl_session_free( &session );
+#else
+ ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+#endif
break;
default:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -406,6 +607,9 @@
/* For security reasons, the handshake should be aborted when we
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
* and appendix E.6. */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_session_free( &session );
+#endif
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Invalid binder." ) );
MBEDTLS_SSL_DEBUG_RET( 1,
"ssl_tls13_offered_psks_check_binder_match" , ret );
@@ -418,11 +622,20 @@
matched_identity = identity_id;
/* Update handshake parameters */
- ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
+ ssl->session_negotiate->ciphersuite = cipher_suite;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s",
cipher_suite, ciphersuite_info->name ) );
-
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+ ret = ssl_tls13_session_copy_ticket( ssl->session_negotiate,
+ &session );
+ mbedtls_ssl_session_free( &session );
+ if( ret != 0 )
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
}
if( p_identity_len != identities_end || p_binder_len != binders_end )
@@ -1948,7 +2161,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
+ if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len );
if( ret != 0 )
@@ -2416,11 +2629,11 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls13_generate_resumption_master_secret( ssl );
+ ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls13_generate_resumption_master_secret ", ret );
+ "mbedtls_ssl_tls13_compute_resumption_master_secret", ret );
}
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
@@ -2456,7 +2669,21 @@
/* Check whether the use of session tickets is enabled */
if( ssl->conf->f_ticket_write == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " callback is not set" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+ if( ssl->conf->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
+ " configured count is zero" ) );
+ return( SSL_NEW_SESSION_TICKET_SKIP );
+ }
+
+ if( ssl->handshake->new_session_tickets_count == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
+ "been sent." ) );
return( SSL_NEW_SESSION_TICKET_SKIP );
}
@@ -2689,6 +2916,15 @@
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
+ /* Limit session tickets count to one when resumption connection.
+ *
+ * See document of mbedtls_ssl_conf_new_session_tickets.
+ */
+ if( ssl->handshake->resume == 1 )
+ ssl->handshake->new_session_tickets_count = 0;
+ else
+ ssl->handshake->new_session_tickets_count--;
+
mbedtls_ssl_handshake_set_state( ssl,
MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH );
}
@@ -2839,7 +3075,11 @@
* as part of ssl_prepare_handshake_step.
*/
ret = 0;
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+
+ if( ssl->handshake->new_session_tickets_count == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );
break;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/library/x509.c b/library/x509.c
index aa39517..f1d988a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -62,7 +62,7 @@
#include <time.h>
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) \
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index e51a385..52942a9 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -46,7 +46,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d3141b3..6377162 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -658,6 +658,58 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+static int ssl_save_session_serialize( mbedtls_ssl_context *ssl,
+ unsigned char **session_data,
+ size_t *session_data_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_session exported_session;
+
+ /* free any previously saved data */
+ if( *session_data != NULL )
+ {
+ mbedtls_platform_zeroize( *session_data, *session_data_len );
+ mbedtls_free( *session_data );
+ *session_data = NULL;
+ *session_data_len = 0;
+ }
+
+ mbedtls_ssl_session_init( &exported_session );
+ ret = mbedtls_ssl_get_session( ssl, &exported_session );
+ if( ret != 0 )
+ {
+ mbedtls_printf(
+ "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
+ (unsigned) -ret );
+ goto exit;
+ }
+
+ /* get size of the buffer needed */
+ mbedtls_ssl_session_save( &exported_session, NULL, 0, session_data_len );
+ *session_data = mbedtls_calloc( 1, *session_data_len );
+ if( *session_data == NULL )
+ {
+ mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
+ (unsigned) *session_data_len );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+
+ /* actually save session data */
+ if( ( ret = mbedtls_ssl_session_save( &exported_session,
+ *session_data, *session_data_len,
+ session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+
+exit:
+ mbedtls_ssl_session_free( &exported_session );
+ return( ret );
+}
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@@ -1088,7 +1140,7 @@
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 2 )
+ if( opt.tickets < 0 )
goto usage;
}
else if( strcmp( p, "alpn" ) == 0 )
@@ -1427,11 +1479,11 @@
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -2362,57 +2414,21 @@
}
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
- if( opt.reconnect != 0 )
+ if( opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3 )
{
mbedtls_printf(" . Saving session for reuse..." );
fflush( stdout );
if( opt.reco_mode == 1 )
{
- mbedtls_ssl_session exported_session;
-
- /* free any previously saved data */
- if( session_data != NULL )
+ if( ( ret = ssl_save_session_serialize( &ssl,
+ &session_data, &session_data_len ) ) != 0 )
{
- mbedtls_platform_zeroize( session_data, session_data_len );
- mbedtls_free( session_data );
- session_data = NULL;
- }
-
- mbedtls_ssl_session_init( &exported_session );
- ret = mbedtls_ssl_get_session( &ssl, &exported_session );
- if( ret != 0 )
- {
- mbedtls_printf(
- "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
- (unsigned) -ret );
- goto exit;
- }
-
- /* get size of the buffer needed */
- mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len );
- session_data = mbedtls_calloc( 1, session_data_len );
- if( session_data == NULL )
- {
- mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
- (unsigned) session_data_len );
- mbedtls_ssl_session_free( &exported_session );
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- /* actually save session data */
- if( ( ret = mbedtls_ssl_session_save( &exported_session,
- session_data, session_data_len,
- &session_data_len ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
(unsigned int) -ret );
- mbedtls_ssl_session_free( &exported_session );
goto exit;
}
- mbedtls_ssl_session_free( &exported_session );
}
else
{
@@ -2654,6 +2670,9 @@
*/
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ int ticket_id = 0;
+#endif
do
{
len = sizeof( buf ) - 1;
@@ -2701,7 +2720,41 @@
case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
/* We were waiting for application data but got
* a NewSessionTicket instead. */
- mbedtls_printf( " got new session ticket.\n" );
+ mbedtls_printf( " got new session ticket ( %d ).\n",
+ ticket_id++ );
+ if( opt.reconnect != 0 )
+ {
+ mbedtls_printf(" . Saving session for reuse..." );
+ fflush( stdout );
+
+ if( opt.reco_mode == 1 )
+ {
+ if( ( ret = ssl_save_session_serialize( &ssl,
+ &session_data, &session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ if( opt.reco_mode == 1 )
+ {
+ mbedtls_printf( " [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len );
+ }
+ }
continue;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4021e94..7526bc6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1999,7 +1999,7 @@
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
- if( opt.tickets < 0 || opt.tickets > 1 )
+ if( opt.tickets < 0 )
goto usage;
}
else if( strcmp( p, "ticket_rotate" ) == 0 )
@@ -2263,11 +2263,11 @@
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -2917,7 +2917,7 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
+ if( opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
rng_get, &rng,
@@ -2932,7 +2932,9 @@
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&ticket_ctx );
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_conf_new_session_tickets( &conf, opt.tickets );
+#endif
/* exercise manual ticket rotation (not required for typical use)
* (used for external synchronization of session ticket encryption keys)
*/
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 7ff3345..42d8d11 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -297,49 +297,23 @@
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
-#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
-#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
-#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
-#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
-#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-
uint16_t ssl_sig_algs_for_test[] = {
-#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
-#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
-#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
-#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
-#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 662da98..e9d9275 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -10,4 +10,5 @@
python scripts\generate_ssl_debug_helpers.py || exit /b 1
perl scripts\generate_visualc_files.pl || exit /b 1
python scripts\generate_psa_constants.py || exit /b 1
+python tests\scripts\generate_bignum_tests.py || exit /b 1
python tests\scripts\generate_psa_tests.py || exit /b 1
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 592fc0a..f52ca9a 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -357,6 +357,7 @@
'HKDF': AlgorithmCategory.KEY_DERIVATION,
'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION,
'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION,
+ 'TLS12_ECJPAKE_TO_PMS': AlgorithmCategory.KEY_DERIVATION,
'PBKDF': AlgorithmCategory.KEY_DERIVATION,
'ECDH': AlgorithmCategory.KEY_AGREEMENT,
'FFDH': AlgorithmCategory.KEY_AGREEMENT,
diff --git a/scripts/mbedtls_dev/test_generation.py b/scripts/mbedtls_dev/test_generation.py
new file mode 100644
index 0000000..a88425f
--- /dev/null
+++ b/scripts/mbedtls_dev/test_generation.py
@@ -0,0 +1,219 @@
+"""Common test generation classes and main function.
+
+These are used both by generate_psa_tests.py and generate_bignum_tests.py.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import os
+import posixpath
+import re
+
+from abc import ABCMeta, abstractmethod
+from typing import Callable, Dict, Iterable, Iterator, List, Type, TypeVar
+
+from mbedtls_dev import build_tree
+from mbedtls_dev import test_case
+
+T = TypeVar('T') #pylint: disable=invalid-name
+
+
+class BaseTarget(metaclass=ABCMeta):
+ """Base target for test case generation.
+
+ Child classes of this class represent an output file, and can be referred
+ to as file targets. These indicate where test cases will be written to for
+ all subclasses of the file target, which is set by `target_basename`.
+
+ Attributes:
+ count: Counter for test cases from this class.
+ case_description: Short description of the test case. This may be
+ automatically generated using the class, or manually set.
+ dependencies: A list of dependencies required for the test case.
+ show_test_count: Toggle for inclusion of `count` in the test description.
+ target_basename: Basename of file to write generated tests to. This
+ should be specified in a child class of BaseTarget.
+ test_function: Test function which the class generates cases for.
+ test_name: A common name or description of the test function. This can
+ be `test_function`, a clearer equivalent, or a short summary of the
+ test function's purpose.
+ """
+ count = 0
+ case_description = ""
+ dependencies = [] # type: List[str]
+ show_test_count = True
+ target_basename = ""
+ test_function = ""
+ test_name = ""
+
+ def __new__(cls, *args, **kwargs):
+ # pylint: disable=unused-argument
+ cls.count += 1
+ return super().__new__(cls)
+
+ @abstractmethod
+ def arguments(self) -> List[str]:
+ """Get the list of arguments for the test case.
+
+ Override this method to provide the list of arguments required for
+ the `test_function`.
+
+ Returns:
+ List of arguments required for the test function.
+ """
+ raise NotImplementedError
+
+ def description(self) -> str:
+ """Create a test case description.
+
+ Creates a description of the test case, including a name for the test
+ function, an optional case count, and a description of the specific
+ test case. This should inform a reader what is being tested, and
+ provide context for the test case.
+
+ Returns:
+ Description for the test case.
+ """
+ if self.show_test_count:
+ return "{} #{} {}".format(
+ self.test_name, self.count, self.case_description
+ ).strip()
+ else:
+ return "{} {}".format(self.test_name, self.case_description).strip()
+
+
+ def create_test_case(self) -> test_case.TestCase:
+ """Generate TestCase from the instance."""
+ tc = test_case.TestCase()
+ tc.set_description(self.description())
+ tc.set_function(self.test_function)
+ tc.set_arguments(self.arguments())
+ tc.set_dependencies(self.dependencies)
+
+ return tc
+
+ @classmethod
+ @abstractmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ """Generate test cases for the class test function.
+
+ This will be called in classes where `test_function` is set.
+ Implementations should yield TestCase objects, by creating instances
+ of the class with appropriate input data, and then calling
+ `create_test_case()` on each.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def generate_tests(cls) -> Iterator[test_case.TestCase]:
+ """Generate test cases for the class and its subclasses.
+
+ In classes with `test_function` set, `generate_function_tests()` is
+ called to generate test cases first.
+
+ In all classes, this method will iterate over its subclasses, and
+ yield from `generate_tests()` in each. Calling this method on a class X
+ will yield test cases from all classes derived from X.
+ """
+ if cls.test_function:
+ yield from cls.generate_function_tests()
+ for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__):
+ yield from subclass.generate_tests()
+
+
+class TestGenerator:
+ """Generate test cases and write to data files."""
+ def __init__(self, options) -> None:
+ self.test_suite_directory = self.get_option(options, 'directory',
+ 'tests/suites')
+ # Update `targets` with an entry for each child class of BaseTarget.
+ # Each entry represents a file generated by the BaseTarget framework,
+ # and enables generating the .data files using the CLI.
+ self.targets.update({
+ subclass.target_basename: subclass.generate_tests
+ for subclass in BaseTarget.__subclasses__()
+ })
+
+ @staticmethod
+ def get_option(options, name: str, default: T) -> T:
+ value = getattr(options, name, None)
+ return default if value is None else value
+
+ def filename_for(self, basename: str) -> str:
+ """The location of the data file with the specified base name."""
+ return posixpath.join(self.test_suite_directory, basename + '.data')
+
+ def write_test_data_file(self, basename: str,
+ test_cases: Iterable[test_case.TestCase]) -> None:
+ """Write the test cases to a .data file.
+
+ The output file is ``basename + '.data'`` in the test suite directory.
+ """
+ filename = self.filename_for(basename)
+ test_case.write_data_file(filename, test_cases)
+
+ # Note that targets whose names contain 'test_format' have their content
+ # validated by `abi_check.py`.
+ targets = {} # type: Dict[str, Callable[..., Iterable[test_case.TestCase]]]
+
+ def generate_target(self, name: str, *target_args) -> None:
+ """Generate cases and write to data file for a target.
+
+ For target callables which require arguments, override this function
+ and pass these arguments using super() (see PSATestGenerator).
+ """
+ test_cases = self.targets[name](*target_args)
+ self.write_test_data_file(name, test_cases)
+
+def main(args, description: str, generator_class: Type[TestGenerator] = TestGenerator):
+ """Command line entry point."""
+ parser = argparse.ArgumentParser(description=description)
+ parser.add_argument('--list', action='store_true',
+ help='List available targets and exit')
+ parser.add_argument('--list-for-cmake', action='store_true',
+ help='Print \';\'-separated list of available targets and exit')
+ parser.add_argument('--directory', metavar='DIR',
+ help='Output directory (default: tests/suites)')
+ # The `--directory` option is interpreted relative to the directory from
+ # which the script is invoked, but the default is relative to the root of
+ # the mbedtls tree. The default should not be set above, but instead after
+ # `build_tree.chdir_to_root()` is called.
+ parser.add_argument('targets', nargs='*', metavar='TARGET',
+ help='Target file to generate (default: all; "-": none)')
+ options = parser.parse_args(args)
+ build_tree.chdir_to_root()
+ generator = generator_class(options)
+ if options.list:
+ for name in sorted(generator.targets):
+ print(generator.filename_for(name))
+ return
+ # List in a cmake list format (i.e. ';'-separated)
+ if options.list_for_cmake:
+ print(';'.join(generator.filename_for(name)
+ for name in sorted(generator.targets)), end='')
+ return
+ if options.targets:
+ # Allow "-" as a special case so you can run
+ # ``generate_xxx_tests.py - $targets`` and it works uniformly whether
+ # ``$targets`` is empty or not.
+ options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
+ for target in options.targets
+ if target != '-']
+ else:
+ options.targets = sorted(generator.targets)
+ for target in options.targets:
+ generator.generate_target(target)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 6049b74..57cf977 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -20,24 +20,54 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ --list-for-cmake
+ --directory suites
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ OUTPUT_VARIABLE
+ base_bignum_generated_data_files)
+
+execute_process(
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
--list-for-cmake
--directory suites
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
- base_generated_data_files)
+ base_psa_generated_data_files)
# Derive generated file paths in the build directory
-set(generated_data_files "")
-foreach(file ${base_generated_data_files})
- list(APPEND generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
+set(base_generated_data_files ${base_bignum_generated_data_files} ${base_psa_generated_data_files})
+set(bignum_generated_data_files "")
+set(psa_generated_data_files "")
+foreach(file ${base_bignum_generated_data_files})
+ list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
+endforeach()
+foreach(file ${base_psa_generated_data_files})
+ list(APPEND psa_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
endforeach()
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${generated_data_files}
+ ${bignum_generated_data_files}
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
+ )
+ add_custom_command(
+ OUTPUT
+ ${psa_generated_data_files}
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
@@ -50,6 +80,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
@@ -65,7 +96,8 @@
# they can cause race conditions in parallel builds.
# With this line, only 4 sub-makefiles include the above command, that reduces
# the risk of a race.
-add_custom_target(test_suite_generated_data DEPENDS ${generated_data_files})
+add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files})
+add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files})
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
@@ -82,23 +114,39 @@
# Get the test names of the tests with generated .data files
# from the generated_data_files list in parent scope.
- set(generated_data_names "")
- foreach(generated_data_file ${generated_data_files})
+ set(bignum_generated_data_names "")
+ set(psa_generated_data_names "")
+ foreach(generated_data_file ${bignum_generated_data_files})
# Get the plain filename
get_filename_component(generated_data_name ${generated_data_file} NAME)
# Remove the ".data" extension
get_name_without_last_ext(generated_data_name ${generated_data_name})
# Remove leading "test_suite_"
string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name)
- list(APPEND generated_data_names ${generated_data_name})
+ list(APPEND bignum_generated_data_names ${generated_data_name})
+ endforeach()
+ foreach(generated_data_file ${psa_generated_data_files})
+ # Get the plain filename
+ get_filename_component(generated_data_name ${generated_data_file} NAME)
+ # Remove the ".data" extension
+ get_name_without_last_ext(generated_data_name ${generated_data_name})
+ # Remove leading "test_suite_"
+ string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name)
+ list(APPEND psa_generated_data_names ${generated_data_name})
endforeach()
- if(";${generated_data_names};" MATCHES ";${data_name};")
+ if(";${bignum_generated_data_names};" MATCHES ";${data_name};")
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data)
+ elseif(";${psa_generated_data_names};" MATCHES ";${data_name};")
+ set(data_file
+ ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_psa_generated_data)
else()
set(data_file
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data test_suite_psa_generated_data)
endif()
add_custom_command(
@@ -129,7 +177,7 @@
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
- add_dependencies(test_suite_${data_name} test_suite_generated_data)
+ add_dependencies(test_suite_${data_name} ${dependency})
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
# files (used by some invasive tests) from ../library. Public header
diff --git a/tests/Makefile b/tests/Makefile
index 0d08f84..8777ae9 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -66,28 +66,45 @@
endif
.PHONY: generated_files
-GENERATED_DATA_FILES := $(patsubst tests/%,%,$(shell \
+GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
+ $(PYTHON) scripts/generate_bignum_tests.py --list || \
+ echo FAILED \
+))
+ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
+$(error "$(PYTHON) scripts/generate_bignum_tests.py --list" failed)
+endif
+GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) scripts/generate_psa_tests.py --list || \
echo FAILED \
))
-ifeq ($(GENERATED_DATA_FILES),FAILED)
+ifeq ($(GENERATED_PSA_DATA_FILES),FAILED)
$(error "$(PYTHON) scripts/generate_psa_tests.py --list" failed)
endif
-GENERATED_FILES := $(GENERATED_DATA_FILES)
+GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES)
generated_files: $(GENERATED_FILES)
-# generate_psa_tests.py spends more time analyzing inputs than generating
-# outputs. Its inputs are the same no matter which files are being generated.
+# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
+# inputs than generating outputs. Its inputs are the same no matter which files
+# are being generated.
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
-.SECONDARY: generated_psa_test_data
-$(GENERATED_DATA_FILES): generated_psa_test_data
+.SECONDARY: generated_bignum_test_data generated_psa_test_data
+$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data
+generated_bignum_test_data: scripts/generate_bignum_tests.py
+generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py
+generated_bignum_test_data: ../scripts/mbedtls_dev/test_generation.py
+generated_bignum_test_data:
+ echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
+ $(PYTHON) scripts/generate_bignum_tests.py
+
+$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
+generated_psa_test_data: ../scripts/mbedtls_dev/test_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
@@ -98,7 +115,7 @@
generated_psa_test_data: ../include/psa/crypto_extra.h
generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data
generated_psa_test_data:
- echo " Gen $(GENERATED_DATA_FILES) ..."
+ echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
$(PYTHON) scripts/generate_psa_tests.py
# A test application is built for each suites/test_suite_*.data file.
@@ -107,7 +124,7 @@
DATA_FILES := $(wildcard suites/test_suite_*.data)
# Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed.
-DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES))
+DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_FILES))
APPS = $(basename $(subst suites/,,$(DATA_FILES)))
# Construct executable name by adding OS specific suffix $(EXEXT).
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 9811cb3..eda2de9 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1599,3 +1599,33 @@
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_openssl_tls1_3
+run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 0752f7b..a1b47f4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -120,6 +120,9 @@
# Treat uninitialised variables as errors.
set -e -o pipefail -u
+# Enable ksh/bash extended file matching patterns
+shopt -s extglob
+
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
@@ -295,7 +298,7 @@
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
# Recover files overwritten by in-tree CMake builds
- rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
+ rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@@ -314,7 +317,9 @@
# Restore files that may have been clobbered by the job
for x in $files_to_back_up; do
- cp -p "$x$backup_suffix" "$x"
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
done
}
@@ -1715,7 +1720,7 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_ecdsa_ library/ecdsa.o
@@ -1797,7 +1802,7 @@
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
@@ -1827,7 +1832,7 @@
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_sha512_init library/sha512.o
not grep mbedtls_sha1_init library/sha1.o
@@ -1848,21 +1853,28 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
# Use an external RNG as currently internal RNGs depend on entropy.c
# which in turn hard-depends on SHA256_C (or SHA512_C).
# See component_test_psa_external_rng_no_drbg_use_psa.
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former
# Also unset MD_C and things that depend on it;
# see component_test_crypto_full_no_md.
scripts/config.py unset MBEDTLS_MD_C
@@ -1870,10 +1882,6 @@
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
- # Enable TLS 1.3: use PSA implementation for hashes
- scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
@@ -1925,7 +1933,7 @@
scripts/config.py unset MBEDTLS_DES_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_des* library/des.o
@@ -2074,6 +2082,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -2093,6 +2102,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -2112,6 +2122,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -2130,6 +2141,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -2167,6 +2179,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
@@ -2186,6 +2199,7 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 1736f24..3006ec7 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -126,4 +126,5 @@
# the step that creates or updates these files.
check scripts/generate_visualc_files.pl visualc/VS2010
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
+check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
new file mode 100755
index 0000000..ceafa4a
--- /dev/null
+++ b/tests/scripts/generate_bignum_tests.py
@@ -0,0 +1,238 @@
+#!/usr/bin/env python3
+"""Generate test data for bignum functions.
+
+With no arguments, generate all test data. With non-option arguments,
+generate only the specified files.
+
+Class structure:
+
+Child classes of test_generation.BaseTarget (file targets) represent an output
+file. These indicate where test cases will be written to, for all subclasses of
+this target. Multiple file targets should not reuse a `target_basename`.
+
+Each subclass derived from a file target can either be:
+ - A concrete class, representing a test function, which generates test cases.
+ - An abstract class containing shared methods and attributes, not associated
+ with a test function. An example is BignumOperation, which provides
+ common features used for bignum binary operations.
+
+Both concrete and abstract subclasses can be derived from, to implement
+additional test cases (see BignumCmp and BignumCmpAbs for examples of deriving
+from abstract and concrete classes).
+
+
+Adding test case generation for a function:
+
+A subclass representing the test function should be added, deriving from a
+file target such as BignumTarget. This test class must set/implement the
+following:
+ - test_function: the function name from the associated .function file.
+ - test_name: a descriptive name or brief summary to refer to the test
+ function.
+ - arguments(): a method to generate the list of arguments required for the
+ test_function.
+ - generate_function_test(): a method to generate TestCases for the function.
+ This should create instances of the class with required input data, and
+ call `.create_test_case()` to yield the TestCase.
+
+Additional details and other attributes/methods are given in the documentation
+of BaseTarget in test_generation.py.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import itertools
+import sys
+import typing
+
+from abc import ABCMeta, abstractmethod
+from typing import Iterator, List, Tuple, TypeVar
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import test_case
+from mbedtls_dev import test_generation
+
+T = TypeVar('T') #pylint: disable=invalid-name
+
+def hex_to_int(val: str) -> int:
+ return int(val, 16) if val else 0
+
+def quote_str(val) -> str:
+ return "\"{}\"".format(val)
+
+def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
+ """Return all pair combinations from input values.
+
+ The return value is cast, as older versions of mypy are unable to derive
+ the specific type returned by itertools.combinations_with_replacement.
+ """
+ return typing.cast(
+ List[Tuple[T, T]],
+ list(itertools.combinations_with_replacement(values, 2))
+ )
+
+
+class BignumTarget(test_generation.BaseTarget, metaclass=ABCMeta):
+ #pylint: disable=abstract-method
+ """Target for bignum (mpi) test case generation."""
+ target_basename = 'test_suite_mpi.generated'
+
+
+class BignumOperation(BignumTarget, metaclass=ABCMeta):
+ """Common features for bignum binary operations.
+
+ This adds functionality common in binary operation tests. This includes
+ generation of case descriptions, using descriptions of values and symbols
+ to represent the operation or result.
+
+ Attributes:
+ symbol: Symbol used for the operation in case description.
+ input_values: List of values to use as test case inputs. These are
+ combined to produce pairs of values.
+ input_cases: List of tuples containing pairs of test case inputs. This
+ can be used to implement specific pairs of inputs.
+ """
+ symbol = ""
+ input_values = [
+ "", "0", "7b", "-7b",
+ "0000000000000000123", "-0000000000000000123",
+ "1230000000000000000", "-1230000000000000000"
+ ] # type: List[str]
+ input_cases = [] # type: List[Tuple[str, str]]
+
+ def __init__(self, val_a: str, val_b: str) -> None:
+ self.arg_a = val_a
+ self.arg_b = val_b
+ self.int_a = hex_to_int(val_a)
+ self.int_b = hex_to_int(val_b)
+
+ def arguments(self) -> List[str]:
+ return [quote_str(self.arg_a), quote_str(self.arg_b), self.result()]
+
+ def description(self) -> str:
+ """Generate a description for the test case.
+
+ If not set, case_description uses the form A `symbol` B, where symbol
+ is used to represent the operation. Descriptions of each value are
+ generated to provide some context to the test case.
+ """
+ if not self.case_description:
+ self.case_description = "{} {} {}".format(
+ self.value_description(self.arg_a),
+ self.symbol,
+ self.value_description(self.arg_b)
+ )
+ return super().description()
+
+ @abstractmethod
+ def result(self) -> str:
+ """Get the result of the operation.
+
+ This could be calculated during initialization and stored as `_result`
+ and then returned, or calculated when the method is called.
+ """
+ raise NotImplementedError
+
+ @staticmethod
+ def value_description(val) -> str:
+ """Generate a description of the argument val.
+
+ This produces a simple description of the value, which is used in test
+ case naming to add context.
+ """
+ if val == "":
+ return "0 (null)"
+ if val == "0":
+ return "0 (1 limb)"
+
+ if val[0] == "-":
+ tmp = "negative"
+ val = val[1:]
+ else:
+ tmp = "positive"
+ if val[0] == "0":
+ tmp += " with leading zero limb"
+ elif len(val) > 10:
+ tmp = "large " + tmp
+ return tmp
+
+ @classmethod
+ def get_value_pairs(cls) -> Iterator[Tuple[str, str]]:
+ """Generator to yield pairs of inputs.
+
+ Combinations are first generated from all input values, and then
+ specific cases provided.
+ """
+ yield from combination_pairs(cls.input_values)
+ yield from cls.input_cases
+
+ @classmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ for a_value, b_value in cls.get_value_pairs():
+ cur_op = cls(a_value, b_value)
+ yield cur_op.create_test_case()
+
+
+class BignumCmp(BignumOperation):
+ """Test cases for bignum value comparison."""
+ count = 0
+ test_function = "mbedtls_mpi_cmp_mpi"
+ test_name = "MPI compare"
+ input_cases = [
+ ("-2", "-3"),
+ ("-2", "-2"),
+ ("2b4", "2b5"),
+ ("2b5", "2b6")
+ ]
+
+ def __init__(self, val_a, val_b) -> None:
+ super().__init__(val_a, val_b)
+ self._result = int(self.int_a > self.int_b) - int(self.int_a < self.int_b)
+ self.symbol = ["<", "==", ">"][self._result + 1]
+
+ def result(self) -> str:
+ return str(self._result)
+
+
+class BignumCmpAbs(BignumCmp):
+ """Test cases for absolute bignum value comparison."""
+ count = 0
+ test_function = "mbedtls_mpi_cmp_abs"
+ test_name = "MPI compare (abs)"
+
+ def __init__(self, val_a, val_b) -> None:
+ super().__init__(val_a.strip("-"), val_b.strip("-"))
+
+
+class BignumAdd(BignumOperation):
+ """Test cases for bignum value addition."""
+ count = 0
+ symbol = "+"
+ test_function = "mbedtls_mpi_add_mpi"
+ test_name = "MPI add"
+ input_cases = combination_pairs(
+ [
+ "1c67967269c6", "9cde3",
+ "-1c67967269c6", "-9cde3",
+ ]
+ )
+
+ def result(self) -> str:
+ return quote_str("{:x}".format(self.int_a + self.int_b))
+
+if __name__ == '__main__':
+ # Use the section of the docstring relevant to the CLI as description
+ test_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4]))
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 3d23edd..c788fd7 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -20,22 +20,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-import argparse
import enum
-import os
-import posixpath
import re
import sys
-from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional, TypeVar
+from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import build_tree
from mbedtls_dev import crypto_knowledge
from mbedtls_dev import macro_collector
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
-
-T = TypeVar('T') #pylint: disable=invalid-name
+from mbedtls_dev import test_generation
def psa_want_symbol(name: str) -> str:
@@ -897,35 +892,11 @@
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
-class TestGenerator:
- """Generate test data."""
-
- def __init__(self, options) -> None:
- self.test_suite_directory = self.get_option(options, 'directory',
- 'tests/suites')
- self.info = Information()
-
- @staticmethod
- def get_option(options, name: str, default: T) -> T:
- value = getattr(options, name, None)
- return default if value is None else value
-
- def filename_for(self, basename: str) -> str:
- """The location of the data file with the specified base name."""
- return posixpath.join(self.test_suite_directory, basename + '.data')
-
- def write_test_data_file(self, basename: str,
- test_cases: Iterable[test_case.TestCase]) -> None:
- """Write the test cases to a .data file.
-
- The output file is ``basename + '.data'`` in the test suite directory.
- """
- filename = self.filename_for(basename)
- test_case.write_data_file(filename, test_cases)
-
+class PSATestGenerator(test_generation.TestGenerator):
+ """Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
# validated by `abi_check.py`.
- TARGETS = {
+ targets = {
'test_suite_psa_crypto_generate_key.generated':
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
@@ -938,44 +909,12 @@
lambda info: StorageFormatV0(info).all_test_cases(),
} #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
- def generate_target(self, name: str) -> None:
- test_cases = self.TARGETS[name](self.info)
- self.write_test_data_file(name, test_cases)
+ def __init__(self, options):
+ super().__init__(options)
+ self.info = Information()
-def main(args):
- """Command line entry point."""
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('--list', action='store_true',
- help='List available targets and exit')
- parser.add_argument('--list-for-cmake', action='store_true',
- help='Print \';\'-separated list of available targets and exit')
- parser.add_argument('--directory', metavar='DIR',
- help='Output directory (default: tests/suites)')
- parser.add_argument('targets', nargs='*', metavar='TARGET',
- help='Target file to generate (default: all; "-": none)')
- options = parser.parse_args(args)
- build_tree.chdir_to_root()
- generator = TestGenerator(options)
- if options.list:
- for name in sorted(generator.TARGETS):
- print(generator.filename_for(name))
- return
- # List in a cmake list format (i.e. ';'-separated)
- if options.list_for_cmake:
- print(';'.join(generator.filename_for(name)
- for name in sorted(generator.TARGETS)), end='')
- return
- if options.targets:
- # Allow "-" as a special case so you can run
- # ``generate_psa_tests.py - $targets`` and it works uniformly whether
- # ``$targets`` is empty or not.
- options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
- for target in options.targets
- if target != '-']
- else:
- options.targets = sorted(generator.TARGETS)
- for target in options.targets:
- generator.generate_target(target)
+ def generate_target(self, name: str, *target_args) -> None:
+ super().generate_target(name, self.info)
if __name__ == '__main__':
- main(sys.argv[1:])
+ test_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/src/certs.c b/tests/src/certs.c
index 5516026..ca03b29 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -23,7 +23,7 @@
#include "mbedtls/build_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/*
* Test CA Certificates
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6838024..5e4bd59 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -12149,7 +12149,7 @@
run_test "TLS 1.3, default suite, PSK" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -12164,7 +12164,7 @@
run_test "TLS 1.3, default suite, PSK - openssl" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -12806,13 +12806,13 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
- "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache " \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \
+ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3
@@ -12821,23 +12821,28 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
- "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
- "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
+ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
+ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
-c "got new session ticket." \
-c "Saving session for reuse... ok" \
- -c "HTTP/1.0 200 OK"
+ -c "Reconnecting with saved session" \
+ -c "HTTP/1.0 200 OK" \
+ -s "This is a resumed session"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+# https://github.com/openssl/openssl/issues/10714
+# Until now, OpenSSL client does not support reconnect.
+skip_next_test
run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
- "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
+ "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
0 \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
@@ -12848,14 +12853,19 @@
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
- "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE -V" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
+ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
0 \
+ -c "Connecting again- trying to resume previous session" \
+ -c "NEW SESSION TICKET (4) was received" \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \
- -c "NEW SESSION TICKET (4) was received"
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
@@ -12863,17 +12873,21 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
- -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
- -c "got new session ticket." \
+ -c "got new session ticket ( 3 )" \
-c "Saving session for reuse... ok" \
+ -c "Reconnecting with saved session" \
-c "HTTP/1.0 200 OK" \
-s "=> write NewSessionTicket msg" \
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
- -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"
+ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \
+ -s "key exchange mode: ephemeral" \
+ -s "key exchange mode: psk_ephemeral" \
+ -s "found pre_shared_key extension"
+
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 5ab265a..10e53c2 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -358,7 +358,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index cc18d5b..3d318c8 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -7,7 +7,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void camellia_invalid_param( )
{
mbedtls_camellia_context ctx;
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index dd5226c..37468df 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -304,7 +304,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void cipher_invalid_param_conditional( )
{
mbedtls_cipher_context_t valid_ctx;
@@ -313,8 +313,6 @@
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
- const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *( mbedtls_cipher_list() ) );
TEST_EQUAL(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 7e1daa2..e82f39d 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) )
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 449b368..47c25e3 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/ecjpake.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
static const unsigned char ecjpake_test_x1[] = {
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 5332c07..4c0ed1c 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -309,6 +309,58 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
+Check ECP group metadata #1 secp192k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192K1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffeffffee37":"000000000000000000000000000000000000000000000000":"000000000000000000000000000000000000000000000003":"db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d":"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d":"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":18
+
+Check ECP group metadata #2 secp192r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192R1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffeffffffffffffffff":"":"64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1":"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012":"07192b95ffc8da78631011ed6b24cdd573f977a11e794811":"ffffffffffffffffffffffff99def836146bc9b1b4d22831":19
+
+Check ECP group metadata #3 secp224k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224K1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":"00000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000005":"a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c":"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5":"010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":20
+
+Check ECP group metadata #4 secp224r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224R1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffffffffffffffffffffffffffff000000000000000000000001":"":"b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4":"b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21":"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":21
+
+Check ECP group metadata #5 secp256k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256K1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":"0000000000000000000000000000000000000000000000000000000000000000":"0000000000000000000000000000000000000000000000000000000000000007":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798":"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":22
+
+Check ECP group metadata #6 secp256r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":"":"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b":"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296":"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":23
+
+Check ECP group metadata #7 secp384r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":"":"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef":"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7":"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":24
+
+Check ECP group metadata #8 secp521r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP521R1:521:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":"0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00":"00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66":"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":25
+
+Check ECP group metadata #9 bp256r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":"7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9":"26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6":"8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262":"547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":26
+
+Check ECP group metadata #10 bp384r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":"7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826":"04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11":"1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e":"8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565":27
+
+Check ECP group metadata #11 bp512r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP512R1:512:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":"7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca":"3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723":"81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822":"7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":28
+
+Check ECP group metadata #12 curve25519 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE25519:256:MBEDTLS_ECP_TYPE_MONTGOMERY:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"76d06":"":"9":"":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":29
+
+Check ECP group metadata #13 curve448 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE448:448:MBEDTLS_ECP_TYPE_MONTGOMERY:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"262a6":"":"5":"":"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":30
+
ECP tls read group #1 (record too short)
mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 65c7067..42d69b4 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1,5 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecdh.h"
#include "ecp_invasive.h"
@@ -788,6 +790,124 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
+void mbedtls_ecp_group_metadata( int id, int bit_size, int crv_type,
+ char* P, char* A, char* B,
+ char* G_x, char* G_y, char* N,
+ int tls_id )
+{
+ mbedtls_ecp_group grp, grp_read, grp_cpy;
+ const mbedtls_ecp_group_id *g_id;
+ mbedtls_ecp_group_id read_g_id;
+ const mbedtls_ecp_curve_info *crv, *crv_tls_id, *crv_name;
+
+ mbedtls_mpi exp_P, exp_A, exp_B, exp_G_x, exp_G_y, exp_N;
+
+ unsigned char buf[3], ecparameters[3] = { 3, 0, tls_id };
+ const unsigned char *vbuf = buf;
+ size_t olen;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init( &grp_read );
+ mbedtls_ecp_group_init( &grp_cpy );
+
+ mbedtls_mpi_init( &exp_P );
+ mbedtls_mpi_init( &exp_A );
+ mbedtls_mpi_init( &exp_B );
+ mbedtls_mpi_init( &exp_G_x );
+ mbedtls_mpi_init( &exp_G_y );
+ mbedtls_mpi_init( &exp_N );
+
+ // Read expected parameters
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_P, P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_A, A ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_x, G_x ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_N, N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_B, B ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_y, G_y ), 0 );
+
+ // Convert exp_A to internal representation (A+2)/4
+ if( crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ TEST_EQUAL( mbedtls_mpi_add_int( &exp_A, &exp_A, 2 ), 0 );
+ TEST_EQUAL( mbedtls_mpi_div_int( &exp_A, NULL, &exp_A, 4 ), 0 );
+ }
+
+ // Load group
+ TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+
+ // Compare group with expected parameters
+ // A is NULL for SECPxxxR1 curves
+ // B and G_y are NULL for curve25519 and curve448
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_P, &grp.P ), 0 );
+ if( *A != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_A, &grp.A ), 0 );
+ if( *B != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_B, &grp.B ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_x, &grp.G.X ), 0 );
+ if( *G_y != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_y, &grp.G.Y ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_N, &grp.N ), 0 );
+
+ // Load curve info and compare with known values
+ crv = mbedtls_ecp_curve_info_from_grp_id( id );
+ TEST_EQUAL( crv->grp_id, id );
+ TEST_EQUAL( crv->bit_size, bit_size );
+ TEST_EQUAL( crv->tls_id, tls_id );
+
+ // Load curve from TLS ID and name, and compare IDs
+ crv_tls_id = mbedtls_ecp_curve_info_from_tls_id( crv->tls_id );
+ crv_name = mbedtls_ecp_curve_info_from_name( crv->name );
+ TEST_EQUAL( crv_tls_id->grp_id, id );
+ TEST_EQUAL( crv_name->grp_id, id );
+
+ // Validate write_group against test data
+ TEST_EQUAL( mbedtls_ecp_tls_write_group( &grp, &olen,
+ buf, sizeof( buf ) ),
+ 0 );
+ TEST_EQUAL( mbedtls_test_hexcmp( buf, ecparameters, olen,
+ sizeof( ecparameters ) ),
+ 0 );
+
+ // Read group from buffer and compare with expected ID
+ TEST_EQUAL( mbedtls_ecp_tls_read_group_id( &read_g_id, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( read_g_id, id );
+ vbuf = buf;
+ TEST_EQUAL( mbedtls_ecp_tls_read_group( &grp_read, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( grp_read.id, id );
+
+ // Check curve type, and if it can be used for ECDH/ECDSA
+ TEST_EQUAL( mbedtls_ecp_get_type( &grp ), crv_type );
+ TEST_EQUAL( mbedtls_ecdh_can_do( id ), 1 );
+ TEST_EQUAL( mbedtls_ecdsa_can_do( id ),
+ crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+
+ // Copy group and compare with original
+ TEST_EQUAL( mbedtls_ecp_group_copy( &grp_cpy, &grp ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &grp, &grp_cpy ), 0 );
+
+ // Check curve is in curve list and group ID list
+ for( crv = mbedtls_ecp_curve_list( );
+ crv->grp_id != MBEDTLS_ECP_DP_NONE &&
+ crv->grp_id != (unsigned) id;
+ crv++ );
+ TEST_EQUAL( crv->grp_id, id );
+ for( g_id = mbedtls_ecp_grp_id_list( );
+ *g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
+ g_id++ );
+ TEST_EQUAL( *g_id, (unsigned) id );
+
+exit:
+ mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp_cpy );
+ mbedtls_ecp_group_free( &grp_read );
+ mbedtls_mpi_free( &exp_P ); mbedtls_mpi_free( &exp_A );
+ mbedtls_mpi_free( &exp_B ); mbedtls_mpi_free( &exp_G_x );
+ mbedtls_mpi_free( &exp_G_y ); mbedtls_mpi_free( &exp_N );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
{
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 5696679..ea8d6a0 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -411,7 +411,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void gcm_invalid_param( )
{
mbedtls_gcm_context ctx;
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 33a9131..b06f524 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -3,7 +3,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index f4ac368..6328247 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -3,7 +3,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index e8cc076..3dc2b8b 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,3 +1,6 @@
+PK invalid parameters
+pk_invalid_param:
+
PK valid parameters
valid_parameters:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 9c04560..beb3e7c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -8,7 +8,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <limits.h>
#include <stdint.h>
@@ -300,6 +300,53 @@
/* END_CASE */
/* BEGIN_CASE */
+void pk_invalid_param()
+{
+ mbedtls_pk_context ctx;
+ mbedtls_pk_type_t pk_type = 0;
+ unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ size_t buf_size = sizeof( buf );
+
+ mbedtls_pk_init( &ctx );
+
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( pk_type, NULL,
+ &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( pk_type, NULL,
+ &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size, &buf_size,
+ NULL, NULL,
+ NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size, &buf_size,
+ NULL, NULL,
+ NULL ) );
+exit:
+ mbedtls_pk_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void valid_parameters( )
{
mbedtls_pk_context pk;
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 34ef090..841bd1d 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -2,7 +2,7 @@
#include "mbedtls/pkcs12.h"
#include "common.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
typedef enum
{
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 463e401..0fad7c6 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/md.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index a7e93aa..593c047 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/rsa.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index fcbf9b1..7b7ed3d 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs5.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 8ca3aca..c5e60ee 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -2,7 +2,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c8b229c..f2478be 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -4824,6 +4824,10 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_setup:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_SUCCESS
+PSA key derivation setup: TLS 1.2 ECJPAKE to PMS
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+derive_setup:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_SUCCESS
+
PSA key derivation setup: not a key derivation algorithm (HMAC)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256
derive_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
@@ -5793,6 +5797,47 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865ff":"ff":0:1:0
+PSA key derivation: ECJPAKE to PMS, no input
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: ECJPAKE to PMS, input too short
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"deadbeef":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: ECJPAKE to PMS, input too long
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000de":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: ECJPAKE to PMS, bad input format
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT
+
+#NIST CAVS 11.0 SHA-256 ShortMSG vector for L=256
+PSA key derivation: ECJPAKE to PMS, good case
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS
+
+PSA key derivation: ECJPAKE to PMS, bad derivation step
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SEED:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS
+
+PSA key derivation: ECJPAKE to PMS, capacity 1 byte too big
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:33:PSA_ERROR_INVALID_ARGUMENT:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_SUCCESS
+
+PSA key derivation: ECJPAKE to PMS, capacity 1 byte too small
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:31:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4":PSA_ERROR_INSUFFICIENT_DATA
+
+PSA key derivation: ECJPAKE to PMS, output too short
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f":PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: ECJPAKE to PMS, output too long
+depends_on:PSA_WANT_ALG_SHA_256
+derive_ecjpake_to_pms:"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a400":PSA_ERROR_INSUFFICIENT_DATA
+
PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index c74acf6..fa237d3 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7797,6 +7797,51 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS:MBEDTLS_SHA256_C */
+void derive_ecjpake_to_pms( data_t *input, int expected_input_status_arg,
+ int derivation_step,
+ int capacity, int expected_capacity_status_arg,
+ data_t *expected_output,
+ int expected_output_status_arg )
+{
+ psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_step_t step = (psa_key_derivation_step_t) derivation_step;
+ uint8_t *output_buffer = NULL;
+ psa_status_t status;
+ psa_status_t expected_input_status = (psa_status_t) expected_input_status_arg;
+ psa_status_t expected_capacity_status = (psa_status_t) expected_capacity_status_arg;
+ psa_status_t expected_output_status = (psa_status_t) expected_output_status_arg;
+
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+ PSA_ASSERT( psa_crypto_init() );
+
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
+ expected_capacity_status);
+
+ TEST_EQUAL( psa_key_derivation_input_bytes( &operation,
+ step, input->x, input->len ),
+ expected_input_status );
+
+ if( ( (psa_status_t) expected_input_status ) != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_key_derivation_output_bytes( &operation, output_buffer,
+ expected_output->len );
+
+ TEST_EQUAL( status, expected_output_status );
+ if( expected_output->len != 0 && expected_output_status == PSA_SUCCESS )
+ ASSERT_COMPARE( output_buffer, expected_output->len, expected_output->x,
+ expected_output->len );
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_key_derivation_abort( &operation );
+ PSA_DONE();
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void derive_key_exercise( int alg_arg,
data_t *key_data,
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 0c8887a..65731ed 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "rsa_alt_helpers.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -16,6 +16,8 @@
mbedtls_rsa_context ctx;
const int invalid_padding = 42;
const int invalid_hash_id = 0xff;
+ unsigned char buf[] = {0x00,0x01,0x02,0x03,0x04,0x05};
+ size_t buf_len = sizeof( buf );
mbedtls_rsa_init( &ctx );
@@ -29,6 +31,28 @@
invalid_hash_id ),
MBEDTLS_ERR_RSA_INVALID_PADDING );
+ TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_pkcs1_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
#if !defined(MBEDTLS_PKCS1_V15)
TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
MBEDTLS_RSA_PKCS_V15,
@@ -36,6 +60,32 @@
MBEDTLS_ERR_RSA_INVALID_PADDING );
#endif
+#if defined(MBEDTLS_PKCS1_V15)
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, NULL,
+ NULL, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+
+#endif
+
#if !defined(MBEDTLS_PKCS1_V21)
TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
MBEDTLS_RSA_PKCS_V21,
@@ -43,6 +93,42 @@
MBEDTLS_ERR_RSA_INVALID_PADDING );
#endif
+#if defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ MBEDTLS_MD_NONE, buf_len,
+ NULL, buf_len,
+ buf ),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_sign_ext(&ctx, NULL, NULL,
+ MBEDTLS_MD_SHA256, 0,
+ NULL, buf_len,
+ buf ),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_NONE,
+ buf_len, NULL,
+ MBEDTLS_MD_NONE,
+ buf_len, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify_ext(&ctx, MBEDTLS_MD_SHA256,
+ 0, NULL,
+ MBEDTLS_MD_NONE,
+ buf_len, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_NONE,
+ buf_len,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ TEST_EQUAL( mbedtls_rsa_rsassa_pss_verify(&ctx, MBEDTLS_MD_SHA256,
+ 0,
+ NULL, buf),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+#endif
+
exit:
mbedtls_rsa_free( &ctx );
}
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 95d45ba..aebfd84 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -18,13 +18,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void sha256_invalid_param( )
{
mbedtls_sha256_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
@@ -67,13 +66,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
void sha512_invalid_param( )
{
mbedtls_sha512_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 26855a6..f24d1a4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -11,7 +11,7 @@
#include "mbedtls/ssl_cache.h"
#endif
-#include <legacy_or_psa.h>
+#include <mbedtls/legacy_or_psa.h>
#include "hash_info.h"
#include <constant_time_internal.h>
@@ -5439,7 +5439,7 @@
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+ unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
unsigned char *data = NULL;
unsigned char *out = NULL;
unsigned char rec_num = 0;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b650afd..60e703a 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -10,7 +10,7 @@
#include "mbedtls/error.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 5a97240..1120bee 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,7 +7,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,